Carnivore no more
- By David Perera
- Jan 18, 2005
Electronic Privacy Information Center Carnivore page
Carnivore, the controversial FBI e-mail and chat room surveillance program, has been superseded by new technology.
Neither in fiscal years 2002 nor 2003 did agency officials use the custom-built, real-time data-packet monitoring program, according to bureau reports submitted to Congress and obtained by the Electronic Privacy Information Center through a Freedom Of Information Act request. Instead, the agency used commercially available software to substitute for Carnivore and is increasingly serving warrants directly to Internet service providers, said Paul Bresson, an FBI spokesman.
Carnivore was "only developed for those situations where the Internet service provider could not perform the intercepts on their own," Bresson said.
The bureau carried out eight court-approved criminal case Internet wiretaps in fiscal 2003 and five in fiscal 2002, according to the bureau reports. Causes ranged from providing material support to terrorists to child pornography.
The majority were pen register wiretaps, meaning the bureau was authorized to monitor a suspect's Internet activity, but not authorized to examine the content of the suspect's electronic exchanges.
The reports do not include the number of counterterrorism and counterintelligence wiretaps approved under the Patriot and the Foreign Intelligence Surveillance acts. Nor do they tally the number of times an Internet service provider handed data to the bureau.
Service providers "now have the ability to do this on their own, so there is no need for us to employ a Carnivore-like device," Bresson said.
Privacy advocates decried the software when its existence was revealed in 2000, but he said the program suffered mainly from its name. At the time, FBI agents told reporters the program earned its moniker because it could sniff out the meat from a clutter of data.
"It really wasn't this big, bad, ugly Big Brother system," Bresson said.
But monitoring data packets moving in real time carries an inherent danger of collecting more information than approved under a court warrant, said Matthew Blaze, an associate professor of computing at the University of Pennsylvania. "The packets that you're seeing at any given point may not be exactly the same as the targets of a wiretap," he said.
The technological challenge of network wiretapping could also account for the FBI's scant use of Carnivore-like technology, said Steven Bellovin, a computer science adjunct professor at Columbia University. Dynamically changing IP addresses means wiretaps could miss entire Internet sessions.
"I don't think the people that designed Carnivore did a bad job, they understand the issues, but there's only so far that you can go," he said.
Carnivore is separate from the bureau's Trilogy modernization effort that includes Virtual Case File, whose problems have been widely reported.
David Perera is a special contributor to Defense Systems.