Carnivore: Just the facts or a whole lot more?

Carnivore: Draft Independent Technical Review of Carnivore System

The FBI's e-mail surveillance system known as Carnivore does just what the

FBI has claimed — and more, according to a research institute's review of

the system.

Not surprisingly, the FBI heralded the report, which the Justice Department

released through its Web site Nov. 21, while Carnivore critics said some

report findings validate their concerns about privacy issues. The report

by IIT Research Institute concluded that while Carnivore can perform "fine-tuned

searches" for just the specific data authorized by a court order, "it is

also capable of broad sweeps.

"Incorrectly configured, Carnivore can record any traffic it monitors,"

according to the report.

David Sobel, an attorney for a Washington, D.C., public interest research

organization, said that presents a problem.

"If it's that easy for the FBI to accidentally collect too much data,

imagine how simple it would be for agents to do so intentionally," said

Sobel, general counsel for the Electronic Privacy Information Center (EPIC).

One IITRI recommendation calls for the FBI to use different versions

of Carnivore — one strictly for intercepting and recording the "to" and

"from" data of e-mails and another for capturing the entire content of correspondence

when authorized by a court order.

But Wayne Madsen, a senior fellow at EPIC whose background includes

computer security at several federal agencies, said the institute's researchers

and his organization might be on the same page in some instances.

"I think they made some [positive] recommendations on the weak accountability

that the FBI has on Carnivore," Madsen said.

IITRI's recommendations to the FBI on the e-bugging system include:

* Tighten accountability for users of Carnivore.

* Enhance physical control of the system when deployed.

* Improve future versions of Carnivore so that the possibility of error

during use is reduced.

* Provide checks in the user interface to ensure settings are reasonable

and consistent.

The institute turned over its report to the Justice Department more

than a week ago for editing by the Justice Department. An IITRI official

familiar with the report said he had no problem with the editing.

"I did a page-by-page comparison of the two, side-by-side," said the

official, who spoke on condition of anonymity. "Except for a difference

in the size of the figures — the result of [Adobe Systems Inc.] Acrobat

versus [Microsoft Corp.] Word, which is what it was written in — and specific

redactions that they mention on the Web site, I can't see any changes."

The Justice Department awarded the research contract to IITRI after

a number of other institutions that were approached about running the tests

backed out, citing FBI restrictions that they believed would compromise

their integrity.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.