CDR: More on Carnivore
George at Orwellian.Org
George at Orwellian.Org
Mon Oct 16 07:42:23 PDT 2000
http://foxnews.com/national/101300/carnivoretwo_riley.sml
FBI's Carnivore Just the First Step In Cyber Surveillance
Monday, October 16, 2000
By Patrick Riley
The FBI says its controversial Carnivore system is just "the tip of
the iceberg" when it comes to Internet surveillance because an even
sharper-toothed information chomper is now in development.
Amid all the hubbub over whether the current system violates privacy
rights, the agency has been quietly working on both "Carnivore 2.0"
and "Carnivore 3.0," according to FBI documents released this month
under a Freedom of Information Act claim filed by the Electronic Privacy
Information Center. The current Carnivore is version 1.3.4, according
to the documents.
An "Enhanced Carnivore" program has been under development since last
November - under a $650,000 contract scheduled to end in January 2001.
Most of the details on the souped-up snoopers were blacked out in heavy
black marker before the papers were released.
The Federal Bureau of Investigation makes no bones about its plans
for the system, which sifts an Internet Service Provider's transmissions
to track suspects' online activity.
"As it looks today, it could be completely different a year from now,"
said FBI spokesman Paul Bresson. "Really, we've only seen the tip of
the iceberg in terms of the change in technology."
He said improving Carnivore is vital for keeping pace with criminal
elements.
"This is going to continue to be a cat-and-mouse game," he said.
"There's always going to be software and other encryption technology
that render a system less useful."
He declined to give specific details. But privacy experts say an
evolving Carnivore presents a problem for those trying to keep an eye
on it.
"It's a moving target," said David Banisar, a senior fellow at EPIC.
"It means there needs to be continual oversight, not just onetime
oversight. It means that if we get the source code we'll have to get
the source code as it changes also, and do a re-analysis as the
functions of the software change."
The program's source code, the piece of information most sought after
by activists trying to figure out if Carnivore reads the e-mail of
more than just those targeted by a court order, was omitted from the
600-plus pages given to EPIC in the first of several planned releases.
But the organization has vowed to continue fighting for it.
Despite the incomplete technical blueprint, the newly public papers
do shed some light on what sequels to Carnivore might look like.
Three jargon-heavy lines of text that survived the FBI censor reveal
that Version 2.0 will be capable of "built-in data analysis that
Carnivore doesn't appear to do now," Banisar said.
That means being able to display captured Internet data as soon as
Carnivore intercepts it. The current system merely stores the data
and two other programs - "Packeteer" and "Coolminer" - must be used
to process and display it.
No information was released from the Version 3.0 section but research
mentioned elsewhere in the unclassified papers involves an aspect of
the technology dubbed "Dragon Net" that captures telephone conversations
held via the Web - a process known as "voice over IP" technology.
Banisar suspects the FBI might also want its future sniffers to have
the ability to track multiple targets simultaneously. That wouldn't
bode well, he said. "The more capability it has to intercept more than
one target, the more likely it is to be abused."
While the current Carnivore is purely monogamous, it casts a wider
net than commonly thought, according to an analysis of the FBI documents
by anti-computer crime site SecurityFocus.com.
Carnivore can "be programmed to watch for all the Internet activities
of a particular person," said Kevin Poulson, editorial director at
SecurityFocus and a former hacker. The system can even reconstruct
Web pages viewed by a suspect. "All that's been talked about is its
ability to monitor e-mail."
In light of this, said EPIC's Banisar: "It makes you wonder what else
they could possibly want."
More information about the cypherpunks-legacy
mailing list