LE SECTICIDE
L'ANTI - SCIENTOLOGIE antisectes.net

Lawmakers Find Carnivore Unappetizing
A House subcommittee challenges FBI officials on the privacy implications of the e-mail surveillance system.
By Margret Johnston

USA - espionnage - voir aussi : echelon

http://www.thestandard.com/article/display/0,1151,17093,00.html



Surveillance Proposal: Half Empty or Half Full?
ACLU Investigating 'Carnivore's' Diet

Media Feasts on Carnivore








WASHINGTON Democrat and Republican members of a U.S. House of Representatives subcommittee launched a barrage of questions at U.S. Federal Bureau of Investigation officials on Monday about a system known as Carnivore that federal law enforcement officials are using to track and read e-mail messages in criminal and national security investigations.


In a contentious hearing, many members of the House Judiciary Committee's Subcommittee on the Constitution expressed grave concerns about the potential for privacy violations, and skepticism that Carnivore's operations are as confined as the FBI says they are. At least one member, J.C. Watts, a Republican from Oklahoma, called on the FBI to suspend the use of the system.


Some subcommittee members also suggested the FBI has not been as forthcoming about Carnivore as it should have been. The system was brought to light only after Internet service provider Earthlink complained about it.


Under the onslaught of questions, FBI officials and representatives from the Department of Justice remained firm in their defense of Carnivore. They called it a "minimalization tool" needed to catch drug dealers, child pornographers and terrorists who have begun using e-mail in illegal endeavors in the same way they have used the telephone and other technologies.


"We think it's a well-focused capability," said Donald Kerr, director of the FBI's lab division. "It uses some of the very attributes of the Internet, in particular the Internet protocol addressing capability the to and from lines of the e-mail in order to restrict our collection to just those who are the targets of the court order. In a sense, it's automatic minimization up front."


The FBI has worked on the development of Carnivore over the past three years, Kerr said. The system has been installed at ISPs 25 times, including in 16 cases this year six involving criminal investigations and 10 involving national security investigations. The law enforcement officials declined to provide specific details about the cases because none has been fully prosecuted.


Most of the ISPs that have installed Carnivore have been small companies that don't have the equipment and technical expertise to give investigators the information outlined in court orders. Larger ISPs, with the exception of Earthlink, haven't been affected by Carnivore, which Kerr said is passive on the network and doesn't interfere with the delivery of e-mail, because they have the ability to give the FBI what it needs.


In every case but the one involving Earthlink, the ISPs cooperated with the court order, Kerr said. Earthlink tried to develop software "in real time," he said, and could not provide all the information the FBI sought. Consequently, the agents returned to the judge and Earthlink was "compelled to move ahead," Kerr said.


Kerr described Carnivore as a desktop-like Windows-based PC and software, a package that is partly available off the shelf. It is attached to an ISP's network either to provide investigators with either the names of people with whom a suspect is communicating or the ability to read the full content of a suspect's e-mail. If investigators want to read e-mail content, they must meet the higher legal standard of "probable cause," which means they must have a strong reason to believe criminal activity is ongoing.


However, if investigators only want to know with whom a suspect is communicating, they have to meet a lower standard. Those orders are called "trap and trace," which provide the names of the senders, and "pen register," which provide the names of the people to whom the suspect sends e-mail.


The name Carnivore is something the FBI now regrets, agency officials have said, because it implies that the system devours large quantities of information the way a lion consumes fresh meat. Kerr explained that the system is actually a packet sniffer similar to the types of technology used by network administrators to diagnose problems on their networks. Carnivore can pick up only the packets that use the Internet protocol address to which the FBI has been granted access by court order, Kerr said.


The system does not monitor all traffic moving across an ISP's servers but rather sees a subset of that data, which the ISP provides, depending on the specifications of the court order, and only data permitted by the court order is filtered out, Kerr said.


"In every case, we require a court order; that court order is specific to the [IP addresses] we can target," Kerr said, reiterating details that the FBI released in a press briefing on Friday. In the case of trap and trace and pen register uses, law enforcement agents are not permitted to read the subject line of an e-mail and do not capture that information, Kerr said.


However, there was a high degree of skepticism among members of the subcommittee on that point, because Carnivore must gather volumes of information and analyze it to return the desired information.


Representative Spencer Bachus, a Republican from Alabama, said the FBI's explanation raised concern that some people in the FBI or close to it could have free rein to check up on what their ex-spouses or political enemies were doing.


"You can't go to AT&T today and say, 'we are going to analyze all the phone calls that go through your system,' but you can do that with Carnivore?" Bachus asked.


Kerr first said the FBI has neither "the right nor the ability to just go fishing," but when Bachus persisted, saying technology would enable law enforcement officers to monitor here and there, Kerr said, "In principle we could do that." But he said it would be extremely unlikely because an agent who did that would face a fine and up to five years in jail.

Representative Bob Barr, a Republican from Georgia, complained that law enforcement officials are mistreating ISPs by telling them they will not be able to monitor the system.

"There's new legal ground that you all are trying to break here where you are saying you have the authority to harvest large quantities of information, then you will filter out what you want ... those are two very, very large steps we are taking here," Barr said. "I don't think this has been well thought out."

Democrats were equally outraged over Carnivore and its application under wiretap laws that were written for intercepting telephone conversations.

Rep. Jerrold Nadler, a Democrat from New York, said a person's privacy is violated if investigators find out he has been communicating with a suspect or anyone else on the Internet using trap and trace or pen register, and he complained that the person would find out only if there is a court case.


"As a practical matter, most people would be somewhat upset if they thought that [an investigator] was following exactly who they were talking to on the telephone or who they were sending e-mails to," Nadler said. "The guy should know about that, and maybe [he] should be able to say to the government, 'On what basis did you do this?' Right now, there's no provision for that."


Rep. John Conyers, a Democrat from Michigan, said Congress might need to consult a technology expert to verify that Carnivore in fact works the way the FBI says it does.


Kerr said the FBI was seeking an independent laboratory to carry out a verification and validation process and has contacted the San Diego Supercomputer Center in California to ask whether it would conduct the tests. The FBI intends to have the verification and validation within the next few months, Kerr said.


Margret Johnston writes for the IDG News Service.

back

Retour index général

retour index apologistes