Carnivore bites off too much
- By William Matthews
- May 29, 2002
When the FBI tried to use Carnivore in its investigation of Osama bin Laden's terrorist network two years ago, the Internet spyware intercepted so much unrelated e-mail that the FBI stopped using it and may have destroyed information it collected related to the terrorists.
An internal FBI memo sent in April 2000 complained that when Carnivore was used in March 2000 to intercept e-mail messages possibly sent by bin Laden's terrorist network, the spyware collected more than just the targeted e-mail traffic.
"The software was turned on and did not work correctly," said the memo, which was sent to Marion "Spike" Bowman, the FBI's associate general counsel. "The FBI software not only picked up the e-mails under the electronic surveillance [order]...but also picked up e-mails on non-covered targets."
"The FBI technical person was apparently so upset that he destroyed all the e-mail take," including the e-mail messages the FBI was permitted to intercept, the memo said.
Intercepting messages not covered by court authorization to use Carnivore would have violated federal wiretap laws, according to the Electronic Privacy Information Center, which obtained the memo through a Freedom of Information lawsuit.
EPIC has opposed the use of Carnivore, contending it is a threat to online privacy. The FBI has maintained that the spyware is capable of intercepting precisely the messages it wants and ignoring other e-mail traffic.
David Sobel, general counsel for EPIC, said the memo and other information released by the FBI "confirm what many of us have believed for two years — Carnivore is a powerful but clumsy tool that endangers the privacy of innocent American citizens."
Illegally violating privacy is not the FBI's only concern. FBI documents show that the agency was also concerned that "the improper capture of data" by Carnivore could "seriously 'contaminate' ongoing investigations."
According to FBI documents, Carnivore is a software program that can be installed in the routers of Internet service providers, where it monitors e-mail traffic, searching for messages with a particular e-mailer's log-on name or e-mail account name.
When the "target" name is spotted, Carnivore can capture part or all of the e-mail message.
Carnivore has been controversial since its existence was disclosed in 2000. Civil rights organizations such as EPIC and some members of Congress have opposed its use. According to EPIC, the Justice Department concluded in a review of Carnivore that the spyware was capable of conducting "broad sweeps" of e-mail traffic and advised that modifications be made to prevent them. Neither the Justice Department nor the FBI has disclosed whether the modifications have been made.
News of the Carnivore e-mail feeding frenzy comes as the FBI is under increasing fire for multiple missteps in its counterterrorism operations. Recent disclosures indicate that senior FBI officials disregarded suggestions last July from an FBI agent in Phoenix that terrorists may be infiltrating U.S. flight schools. And an agent in Minneapolis has charged that last August, FBI officials in Washington, D.C., hindered obtaining a search warrant that would have allowed agents to examine the contents of the laptop computer of suspected terrorist Zacarias Moussaoui.