The U.S. Federal Bureau of Investigation provided details on Friday about a controversial technology that law enforcement officials began using recently to uncover evidence in e-mail.

The officials held a briefing and a demonstration of the program, nicknamed "Carnivore," for reporters at FBI headquarters, and said they were confident the system is entirely legal. FBI officials have used the technology in about 25 cases over the past year to assist them in criminal and national security investigations.

The American Civil Liberties Union and privacy advocates who aren't convinced that Carnivore meets the strict guidelines governing the use of wiretaps have criticized the FBI for using this technology.

Internet service providers (ISPs) also have questioned the use of Carnivore because the FBI requires their assistance in installing the system, which consists of a PC running the Windows operating system and proprietary software, FBI officials said at the briefing.

The FBI began developing Carnivore about three years ago, when law enforcement officers began seeking and obtaining court orders to intercept e-mail as part of their investigations. Some were requests to track only the identity of a person with whom a suspect was communicating, while other requests were to uncover the full content of messages.

The FBI says the result was Carnivore, which they say is designed to operate in strict conformance with federal wiretap law and the Electronic Communications Privacy Act.

In the 25 cases in which the system has been used, all but one of the ISPs which were presented with a court order to install the system cooperated, said the FBI officials, who spoke on background and asked that their names not be used. Generally, Carnivore doesn't have to be installed at large ISPs, such as America Online Inc., because they have the required equipment and staff to obtain the information that FBI investigators seek. But in other cases, particularly those involving small ISPs, the FBI has worked with the companies to help them decide where on the network Carnivore should sit
and to assist with other technical issues.

The technicians who have dealt with law enforcement officials in those cases have had no problem with carrying out the installation, the officials said. Carnivore does not adversely affect the flow of traffic on the network, and it can be installed for only as long as the court order allows.

The system works by intercepting part of the stream of packets that moves across the network. The data goes to an interface, and from there the FBI gets a copy of the data in question. The system then puts the data through a filter that is configured to comply with the court order.

"So, if, for example, we are authorized to collect content of all messages to a particular address, that's what the filter is set up to do," one of the FBI officials said during the briefing. "If we are authorized to collect communications to and from a particular address, the filter is configured to allow for that."

The FBI has not released the source code for the system because investigators fear that would open the door for someone to figure out how it works. The code also is proprietary, and the FBI is using it under license. The officials did not identify the company that provided the code or how much the FBI spent on the development of Carnivore.

An FBI official will testify on Capitol Hill on Monday to provide Congress with more information about the use of Carnivore. In addition, the FBI plans to hire a university with the necessary technical competence to review Carnivore and provide independent verification that the system works the way the FBI claims.

The process is designed "to respond to the court orders and the legal framework within which we operate," the official said.

Copyright 2000 IDG News Service, International Data Group Inc. All rights reserved.

ITworld.com

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine