Carnivore: Just the facts or a whole lot more?

Carnivore: Draft Independent Technical Review of Carnivore System

The FBI's e-mail surveillance system known as Carnivore does just what the

FBI has claimed — and more, according to a research institute's review of

the system.

Not surprisingly, the FBI heralded the report, which the Justice Department

released through its Web site Nov. 21, while Carnivore critics said some

report findings validate their concerns about privacy issues. The report

by IIT Research Institute concluded that while Carnivore can perform "fine-tuned

searches" for just the specific data authorized by a court order, "it is

also capable of broad sweeps.

"Incorrectly configured, Carnivore can record any traffic it monitors,"

according to the report.

David Sobel, an attorney for a Washington, D.C., public interest research

organization, said that presents a problem.

"If it's that easy for the FBI to accidentally collect too much data,

imagine how simple it would be for agents to do so intentionally," said

Sobel, general counsel for the Electronic Privacy Information Center (EPIC).

One IITRI recommendation calls for the FBI to use different versions

of Carnivore — one strictly for intercepting and recording the "to" and

"from" data of e-mails and another for capturing the entire content of correspondence

when authorized by a court order.

But Wayne Madsen, a senior fellow at EPIC whose background includes

computer security at several federal agencies, said the institute's researchers

and his organization might be on the same page in some instances.

"I think they made some [positive] recommendations on the weak accountability

that the FBI has on Carnivore," Madsen said.

IITRI's recommendations to the FBI on the e-bugging system include:

* Tighten accountability for users of Carnivore.

* Enhance physical control of the system when deployed.

* Improve future versions of Carnivore so that the possibility of error

during use is reduced.

* Provide checks in the user interface to ensure settings are reasonable

and consistent.

The institute turned over its report to the Justice Department more

than a week ago for editing by the Justice Department. An IITRI official

familiar with the report said he had no problem with the editing.

"I did a page-by-page comparison of the two, side-by-side," said the

official, who spoke on condition of anonymity. "Except for a difference

in the size of the figures — the result of [Adobe Systems Inc.] Acrobat

versus [Microsoft Corp.] Word, which is what it was written in — and specific

redactions that they mention on the Web site, I can't see any changes."

The Justice Department awarded the research contract to IITRI after

a number of other institutions that were approached about running the tests

backed out, citing FBI restrictions that they believed would compromise

their integrity.


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.