FBI cans Carnivore

Critics question oversight of FBI's Internet monitoring practices

Carnivore, the FBI's controversial surveillance program that monitors e-mail and chat rooms, has been swept aside by newer, more effective technology, leaving some privacy experts to question if congressional oversight has kept pace with software advances.

In fiscal 2002 and 2003, bureau officials did not use Carnivore, according to FBI reports submitted to Congress and obtained by the Electronic Privacy Information Center through a Freedom of Information Act request.

The bureau is increasingly going directly to Internet service providers, said Paul Bresson, an FBI spokesman. "Our preference has been for the ISPs to conduct the intercepts," Bresson said.

The FBI reports do not include the number of counterterrorism and counterintelligence wiretaps approved under the Patriot and the Foreign Intelligence Surveillance acts, nor do they tally the number of times an ISP handed data to the bureau.

Privacy advocates first decried the Carnivore system when it was unveiled in 2000. Carnivore identified and copied a targeted person's Internet traffic through real-time monitoring by an FBI computer attached to an ISP's server. Copying data packets moving in real time carries an inherent danger of collecting more information than approved under a court warrant, said Matthew Blaze, an associate professor of computer and information science at the University of Pennsylvania.

"The packets that you're seeing at any given point may not be exactly the same as the targets of a wiretap," he said.

An FBI Internet wiretap searching for counterterrorism information in 2000 did precisely that, and a technical employee had to erase the whole intake as a result.

Some privacy advocates know less about the extent of the FBI's Internet surveillance because bureau officials are not reporting all of the Internet wiretaps they conduct.

"When the FBI uses Carnivore or some sort of similar technology, there are reporting requirements to Congress," said Marcia Hofmann, staff counsel of the Electronic Privacy Information Center. "When the FBI goes to the ISPs for information, we may not know as much about that in the future."

This lack of oversight is harmful to the FBI in the long term, said Ari Schwartz, associate director of the Center for Democracy and Technology. "There are going to be cases where the power is abused, and we'll find out through some back channels," he said. The public's inevitable reaction will result in a severe clampdown on Internet investigation tools, he said.

"We're not opposed to wiretapping," Schwartz added. "We just think it needs to be done with oversight."

About the Author

David Perera is a special contributor to Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group