CFP2001: Concerns remain about Carnivore
CAMBRIDGE, MASSACHUSETTS -- There are still plenty of legal, technical and philosophical concerns to explore with the U.S Federal Bureau of Investigation's controversial Carnivore Internet surveillance tool, according to panelists who spoke about the sniffer technology during the Computers, Freedom and Privacy conference here Thursday.
Some of the technical and legal points hinge on what data Carnivore is capable of capturing when it is implemented, panelists said. Carnivore, which is now referred to by the FBI as DCS1000, is a software program that monitors packets of data passing through an ISP's (Internet service provider's) network.
"The problem from legal angles is that it captures all sorts of IP (Internet Protocol) information," said panelist Mark Rasch, vice president for cyberlaw at Predictive Systems Inc. in Reston, Virginia, and the former head of the Computer Crime Unit at the U.S. Department of Justice. It can offer information such as what Web sites a user has visited, cookies, time of searches and log on/log off information, he said.
With any wiretap technology, the goal is to minimize or get as specific as possible on what is being looked for, he said. Carnivore has automated the process of looking for specific information and that opens up possibilities for greater use. It is relatively quick to set up and comes at minimal cost, Rasch said.
That is why it is crucial that federal hurdles already in place that limit utilization of Carnivore remain, said panelist Harold Krent, a law professor and associate dean for faculty and interprofessional activities at Chicago-Kent College of Law, Illinois Institute of Technology. Without requirements for law enforcement, there is potential for rogue or negligent applications of the sniffing technology, said Krent, who helped review Carnivore last year.
According to Krent, the FBI used Carnivore between 25 and 30 times last year. Approximately 25 percent of the time, it was used in situations where it was approved by individuals for their own protection, such as in stalking cases.
Two types of searches can be done, he said. One type is a "pen register," which provides addressing information, and the other type is the full-content search, he said. Most of the searches last year were pen register searches because law enforcement officials do not have to show probable cause to get a court order to look for the information, Krent said. A full-content search requires a judge's approval.
The FBI and U.S Department of Justice also have internal reviews that often can require law enforcement to wait up to six months before the sniffer technology can be used for investigatory reasons. Federal officials must prove that less invasive search methods could not be used instead, Krent said.
On the technology side, there is the question of whether Carnivore can determine the target it is looking for from a non-target, said panelist Matt Blaze, who is with the secure systems research department at AT&T Corp. Labs and has testified before Congress on Carnivore. It could be a technological pitfall for evidence gathering by law enforcement, he said.
One example is if dynamic IP addresses are being used, he said. If Carnivore is supposed to look at a specific IP address for an individual and it actually has been assigned to someone else, it could pose a serious problem, he said.
Another potential technological concern is creating fraudulent packets for Carnivore, he said. There is a question of whether Carnivore could distinguish real network traffic versus traffic generated to trick the technology, he said.
As far as philosophical questions go, there is the point of trusting the FBI with the technology, said panelist David Sobel, general counsel for the Electronic Privacy Information Center (EPIC), which has sued the FBI for access to information on the Carnivore program.
The sniffer technology provides the FBI with access to all traffic on an ISP. The public has to trust that federal law enforcement will only look at data necessary for its investigation, Sobel said.
A greater check on the government would be to give the ISPs the Carnivore program and let them run it for federal law enforcement when necessary, he said.
It is unclear what the future holds for Carnivore, as Sobel shared a quote from newly appointed U.S. Attorney General John Ashcroft that suggests he believes that federal law enforcement agencies already impose too much on the lives of private citizens.
The Computers, Freedom and Privacy conference in Cambridge, Massachusetts continues through Friday. More information on the conference can be seen at http://www.cfp2001.org/.
» posted by ITworld staff
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
