RateWatch #255 - Carnivore
June 16, 2001
by Dick Lepre


What's Happening

The Treasury markets staged a technical rally giving a little short-term solace from the secular bear market. This represents the last vestiges of the bull market and gives an opportunity for technical traders (like StoMaster) to completely unwind their long positions.

Who's Been Eating Your E-mail?

Some recent attention has been given to the FBI's "Carnivore" e-mail sniffing program. In case you have not heard of this, Carnivore is an FBI system which reads e-mail. This e-mail message from me to you may have been scanned by a Carnivore system. Since we send out 21,000 of these e-mail messages each week it seems a valid topic for discussion here. Besides, I need a break from writing about the mortgage business.

Left and Right

Carnivore has been given the new name - DCS1000 - which is (I guess) a good PR move on the part of the Justice Department. The replacement of the term "carnivore" with DCS1000 must have been done by someone at DOJ with a sense of humor. DCS1000 is a proprietary piece of software owned by a company called Integrated Systems Development and the term stands for "Dining Control System". It's a card encoded system used in place such as college dining halls.

Most of what I have seen about Carnivore is predictably politically polarized.  People see this as either an invasion of privacy and therefore wrong or as a deterrent to crime and therefore right.

What we will try to discuss here is what it is, how it works, how it fits into the justice system and what the motivation for using it seems to be.

Carnivore is a specialized packet sniffing device.  It was developed by the FBI's Engineering Research Facility (ERF) in Quantico, VA. It is a Windows based piece of software installed on a PC which is controlled by the FBI and attached to an ISP's hardware under court order.  It may be on a laptop or rack-mounted.  This is done under what lawyers refer to as a "Title III".  (Title III of the Omnibus Crime Control
and Safe Streets Act of 1968.)  This is, in essence, the same thing as a legal wiretap.  Right here it is imperative to note that this should be something that is much more difficult to get than, say, a search warrant.  A search warrant can be issued by a magistrate.  A Title III can only be requested by a United States Attorney after a Department of Justice authorization.

While the 1968 act was written before e-mail and the Internet the inference that the Department of Justice acts under is that, since the Internet bears some similarity to the phone system, the 1968 act applies and the FBI can get Title III's for Carnivore.

The FBI attaches a commercially available one-way tapping device to the ISP's particular router or pipe.  One copy of the data passes to the ISP in the normal manner.  The other copy is routed to a Carnivore system.  This copy is scanned and compared to a predefined filter that is programmed according to the specifics of the Title III to detect certain characteristics of the e-mail message that meet the characteristics of the filter.  These messages are stored.  The rest of the data coming through the router is "forgotten" by Carnivore.  The presumption is that the filter is the sender's e-mail address, the recipient's e-mail address or both.

The e-mail evidence is maintained on the hard drive of the Carnivore computer.  It is not transmitted to some remote location.  An FBI agent goes to the ISP and retrieves the information by copying it to a diskette or retrieving the entire system.  What is behind this is the "rules of  evidence" that operate in the justice system.  The Feds
do not just want information - US attorneys want convictions and must maintain a chain of custody that is strong enough to not cause it to be disallowed in court.

Indications are that, in the case of certain ISP's that can meet the requirements, Carnivore is not installed but the ISP performs the prescription of the court order and
turns the diskettes over to the US attorney and FBI. 

When the FBI presented Carnivore in late June to a group of Internet heavies they said that it had already been used in about 100 cases and indicated that the principal
purpose of the majority of the cases was to identify and deter hackers and build cases against them. 


ISP's are not exactly thrilled over Carnivore.  They do not like someone else's equipment plugged into their system.  They do not like the idea of being a part of "big brother".  They do not like their customers to know that all of their e-mail may be scanned because one person at that ISP may have committed a crime.

The lousy position that many ISP's are in is a result of the fact that they said that they could not comply with court orders to intercept e-mail.  Carnivore does it for them.  ISP's have no one but themselves to blame for this.  They treated the Internet with an attitude of "this is something new", "it's ours", "Government butt out".  This did not wash in court.

The legal strength of Carnivore is that it distinguishes only the e-mail that meets the prescription of the Title III and saves only it.  One ISP went to court to prevent the
installation of Carnivore on the grounds that it gave the FBI access to all of its e-mail and expressed concern that it might be help liable for invading the privacy of its
customers.  The FBI prevailed.


What Carnivore is Not

One thing that is apparent is that Carnivore is not some system that is connected to the ISP and scans for certain words.  It does not pay attention to a message because it has the word "bomb" or "drugs" in it.  It pays attention to a message because of the identity of the sender, the recipient or, perhaps, both.  Whereas, is may "look" at
many e-mail messages from or to folks not involved in the court order it makes no record of them.  It has no recollection of those messages.

An analogy would be is the Feds got a court order to look at all of the mail that was dropped in a particular mailbox and open anything that was, for example, addressed to John Gotti. They may be looking at and handling your mail and my mail but they are only opening his.  If Carnivore is on solid legal ground it is because it has not made any
record of message that do not fit the conditions of the Title III. 

Carnivore does not decrypt encrypted e-mail.  If a message is marked for intercept because it meets the conditions of the court order, it is stored in its encrypted fashion and must be decrypted at a later time. 

The fact that something such as Carnivore even exists indicates that the courts and perhaps the legislature need to readdress the concepts of privacy.

One organization  - EPIC came into existence in 1994 to focus attention on cyberspace privacy and civil liberties. This organization got a Federal judge this past week to
order the Justice Department to release a timetable for release of information about Carnivore.  This has become a political issue.  Politicians must convince the public that they are vigilantly defending their civil liberties.

I think that the likely outcome of this "review" of Carnivore will not be that its internal workings are "outted". That would render it less valuable.  A more likely outcome is that the judge will appoint an independent party to verify that Carnivore does what DOJ says it does.

I am not trying to imply that Carnivore or the Justice Department are of no concern.  I think that Carnivore, as designed, is not per se a threat to individual freedom any more that a Title III wiretap is.  The problem is when it is misused.  The "evil" of Carnivore will occur from the malfeasance of persons possessed of the information that it produces using it outside the realm of legitimate judicial purposes. That includes politics, bribery and extortion.


Why Wiretaps?

Let's talk for a moment about Title III wiretaps and why they exist.  The representation that the government is making is that wiretaps are allowed only under somewhat
strict circumstances.  To get a Title III wiretap the US attorney must demonstrate:
1) that there is probable cause that a crime is being committed
2) that more traditional law enforcement techniques - surveillance, informants, grand juries have not worked, are unlikely to work or too dangerous to attempt (the, so called, requisite necessity argument)and that
3) the objects of the wiretaps - the persons who's conversations will be intercepted and what it is that they will be talking about.


An experienced criminal attorney whom I spoke with expressed the opinion that Federal judges have, in recent years, gotten much looser in the interpretation of what satisfies these conditions. Criminal defense attorneys might feel that wiretaps have made law enforcement lazy.  The traditional stake-out or informer is a lot more work and involves some implicit danger. It is unlikely that an FBI agent in the Federal Building is going to get shot in the wire room.  I guess that the tech revolution means that gumshoes are being replaced by techies.  If crime can be solved, punished or deterred by technology - so be it.  Maybe that's why the TV program "CSI" is so popular.

One fact about Title III wiretaps is that it is very difficult to have them suppressed.  The rather sanitary nature of a wiretap insures that.  The DOJ may find that, whereas, juries have no trouble understanding the technical aspect of a wiretap they will not be able to understand the arcane lore of TCP/IP, POP3 and SMPT.


The other misuse of Carnivore can come from misrepresentations made to the judge to obtain the court order.

4th Amendment

What's at stake here is the Bill of Rights.  The 4th amendment gives us protection against unreasonable searches and seizures. A wiretap is, essentially, a seizure of a private conversation. Title III attempts to insure that that seizure is reasonable. If the DOJ is given the right to seize private conversations it had better be darn careful.  As citizens we must demand that they stay inside the lines - very strictly inside the lines.


So What?  

I would offer 3 points:

1) We are going to be stuck with Carnivore.  The fact that it may "intercept" the e-mail of innocent parties is mitigated by the fact that the computer has no record of the messages. I presume that the FBI makes damn sure that there are absolutely no "latent images" of these untargeted messages.
2) the legislature and the courts have a daunting task in addressing our 4th amendment rights in the Internet era. Politicians have come out against Carnivore as a "I'm gonna protect you against Big Brother" plank.
3) a lot of e-mail encryption software is going to be sold.


My Opinion

As long a Carnivore is deployed under the same rules as wiretaps I am no more afraid of my e-mail being "carnivored" than I am of my phone conversations being recorded.  There are people whom I know who have been in jail for dealing drugs.  If I were talking to them on the phone I would never assume that the conversation was private.  If I sent them an e-mail message I would never assume that it was private.  Practically speaking, the commission of a crime mitigates one's expectation of privacy.

The recent SCOTUS decision about police not being able to use heat detection equipment without a warrant gives me the feeling that the Bill of Right is still in effect.  I worry more about mortgage disclosures and going to jail for putting the wrong APR on the web site.


An Aside

While doing research on the FBI and computer crime I discovered this statistic:  57% of computer crimes are linked to stolen laptops, which were then used to break into
corporate servers later on.

References:

The "other guys": http://www.carnivorewatch.org/

Since I first wrote this article about Carnivore, I have become acquainted with EPIC - Electronic Privacy Information Center.  This is, in my opinion, an organization genuinely devoted to the protection of the individual from invasion of privacy by government and corporate interests.  It has  the distinct advantage of being free from the political slant that has taken over the ACLU.  See EPIC's Carnivore resources at http://www.epic.org/privacy/carnivore/foia_documents.html

To receive this free RateWatch newsletter each week by e-mail, click here.
To view the archive of RateWatch newsletters, click here.