No subject

An Metet anmetet at mixmaster.shinn.net
Thu Feb 8 20:08:14 PST 2001


By JOHN SCHWARTZ

QUANTICO, Va. -- AS long as there have been law enforcement agents, they have tried to listen in on what the bad guys are planning. 

In early times, that meant standing next to a window in the evesdrope, the place where water from the eaves drips, to overhear conversations. As communications went electronic, eavesdropping did, too: Gen. Jeb Stuart hired a tapper to intercept telegraph messages in the Civil War. And by the 1890's, two decades after Alexander Graham Bell's first call to Watson, the first known telephone wiretaps by the police were in place. 

The Internet, in turn, has provided new frontiers for law enforcement tappers. At first, surveillance of Internet traffic was useful only in hacking cases Q after all, only geeks were online. But as the world has gone digital, criminals have as well, and Internet taps are requested in a growing number of cases. According to documents obtained by the Electronic Privacy Information Center, an advocacy group based in Washington, requests from field offices for help with "data interception operations" rose more than 18-fold between fiscal years 1997 and 1999. 

In Congressional testimony in July, the assistant director of the Federal Bureau of Investigation's laboratory division, Donald M. Kerr, painted a stark portrait of the dangers of the online world. 

"The use of computers and the Internet is growing rapidly, paralleled by exploitation of computers, networks and databases to commit crimes and to harm the safety, security and privacy of others," he said. All manner of crimes Q child pornography, fraud, identity theft, even terrorism Q are being perpetrated using the Internet as a tool, he said. 

But one device developed by the F.B.I. to deal with this new world of crime has drawn it squarely into a debate over the proper limits of government surveillance: an Internet wiretapping system called Carnivore. The Carnivore effort, which came to light last June, met with resistance from groups as diverse as the American Civil Liberties Union and the Republican leadership of the House of Representatives.

The F.B.I. says it has already used the device in dozens of investigations. But critics are concerned that Carnivore, much more than telephone wiretaps, can cast an investigative net that captures the communications of bystanders along with those of a suspect.

The House majority leader, Dick Armey of Texas, has said the technology raises "strong concerns" that the government "is infringing on Americans' basic constitutional protection against unwarranted search and seizure."

"Until these concerns are addressed," he said, "Carnivore should be shut down."

The name, to be sure, has not helped the F.B.I.'s salesmanship. It was derived from an earlier system, called Omnivore, that captured most of the Internet traffic coursing through a network. "As the tool developed and became more discerning" Q able to get at the meat of an investigation Q "it was named Carnivore," an official said. ("If they called it Device 374," he explained, "nobody could remember what Device 374 is.") 

The F.B.I. says the real value of Carnivore, by any name, is that it can do much less than its predecessors. It says agents can fine-tune the system to yield only the sources and recipients of the suspect's e- mail traffic, providing Internet versions of the phone-tapping tools that record the numbers dialed by a suspect and the numbers of those calling in. 

Those tools, known respectively as pen registers and "trap and trace" devices, are valuable building blocks of any preliminary investigation. "Trap and trace is vital," said Marcus C. Thomas, who heads the bureau's cybertechnology section, "to try to understand criminal organizations, who's communicating with who." 

Moreover, a full federal wiretap Q whether of a suspect's phone or of Internet traffic Q requires extensive evidence of criminal activity and approval from high Justice Department officials and a judge. Court approval to monitor the origins and destinations, not the content, requires only a pledge from the investigators that the information would be relevant. 

Law enforcement officials say the goal of Carnivore is to protect privacy. Under most wiretaps, they reason, investigators have to review all the material that comes in over the wire and discard any material that they are not entitled to review under the terms of the warrant Q say, a conversation with the suspect's grandmother. Because the path of online data is harder to isolate than a telephone line, Carnivore may capture communications unrelated to the suspect. But because it then filters out whatever investigators are not entitled to see, officials say, privacy is enhanced.

To understand why the F.B.I. hungers for Carnivore, behold its ancestor: a hulking stainless steel box the size of an old Kelvinator in the building in Quantico where the bureau designs what it calls interception systems. The $80,000 behemoth can monitor data traffic on three phone lines simultaneously and translate the squeal of modems into the e-mail and Web pages that a criminal suspect sees. 

But it can monitor only a standard modem. If a criminal suspect has, like millions of other Americans, decided to trade up to high-speed Internet access through a cable modem or the telephone service known as D.S.L., "it's worthless," Mr. Thomas said.

In contrast to that middle-tech dinosaur, Carnivore is a sleek and speedy mammal, a black box of a PC built to work with the vast amounts of high-speed data that course through the Internet. The machine can tap communications for almost all of the ways that people get online. It costs a tenth of what the bureau pays for each of the older machines, and it can do far more: it can sift through all the communications of an Internet service provider, perhaps including tens of thousands of users, and pull out the e-mail and Web travels of the suspect. And although doing so would raise deep constitutional issues, the system can even be programmed to monitor the use of particular words and phrases used in messages by anyone on the network.

When law enforcement agents get permission to install Carnivore, they send their own technicians to the office of an Internet service provider. The system itself, once programmed with the details of a search, can easily be installed on the same racks that the company uses for its own network equipment, and is tied in to the flow of data. 

For all its power, however, Carnivore cannot digest all that it eats: if law enforcement officials intercept a message that has been encrypted, they will get a featureless fuzz of ones and zeroes.

The furor over the technology caught the F.B.I. by surprise. "What would you have us do?" Mr. Thomas asked in frustration. "Stop enforcing laws because it's on the Internet?" Paul Bresson, an F.B.I. spokesman, added, "The public should be concerned about the criminals out there abusing this stuff, and not the good guys." 

The two men discussed the system in Mr. Thomas's office at the bureau's research center at Quantico, home of the F.B.I. training academy. From the outside, the center is so unremarkable that it could be a college classroom building in a witness-protection program. But the array of dishes and antennas along the roofline suggest that something more interesting is going on inside. 

This is where three F.B.I. engineers took pieces of commercial software and modified them in an effort to allow the kind of selective data retrieval that the law requires, and where they have worked to upgrade the system in response to the criticism of Carnivore. The engineers have added auditing features, for example, that the bureau says will help insure that investigators will not tamper with the system or try to gather more information than authorized. 

But the F.B.I. is not depending on Carnivore alone for the future of online surveillance. According to budget documents obtained by the Electronic Privacy Information Center under a Freedom of Information Act request, the bureau's plans include developing ways to listen in on the growing medium of voice telephone calls conducted over the Internet and to monitor the live online discussion system known as Internet Relay Chat, as well as other network technologies that were identified in the original document but were blacked out in the copies provided to the group.

Some alternatives are already in use, including one that reportedly figured in an investigation of Nicodemo S. Scarfo Jr., an accused bookmaker whose imprisoned father is the former head of the Philadelphia crime organization. In 1999, The Philadelphia Inquirer reported recently, agents planted a tap in Mr. Scarfo's computer keyboard that stored everything the suspect typed Q including the password for the encryption software used to protect files on his hard drive. 

Mr. Thomas was unwilling to discuss new techology methods in detail, but said he knew of only two cases in which such devices had been used. 

A former federal prosecutor, Mark Rasch, says still more methods of Internet wiretap could be on the way. Mr. Rasch, vice president for cyberlaw at Predictive Systems, an Internet consulting company, noted that hacker groups had developed malicious computer programs with names like Back Orifice 2000 that when planted in a target computer give full remote access of the target machine to the hacker. Mr. Rasch suggested that such remote-control programs could reduce the risk of break-ins for the agency and might already be in use.

"I would be shocked," he said, if such software were not being used in intelligence investigations, which provide government agents with more leeway than in criminal investigations of American citizens.

But Marc J. Zwillinger, a former Justice Department lawyer, said law enforcement agents were unlikely to take such a risky course, because "it would be difficult to control, and if it did get out of control, there would be a backlash against the agency." 

In the meantime, as the Congressional debate over Carnivore continues, the future of the system is uncertain. [The new attorney general, John Ashcroft, has not addressed Carnivore directly, but he has taken a tough stand in the past against what he sees as high-tech government intrusions into privacy.] 

Members of Congress and civil libertarians argue that the analogies to telephone taps are flawed and that the Carnivore technology violates constitutional protections against unreasonable searches.

"The whole controversy is over intercepting thousands of conversations simultaneously," regardless of the filtering then applied, said Richard Diamond, a spokesman for Mr. Armey, the House majority leader. 

Some critics have suggested imposing the same strict authorization rules on Carnivore that prevail for full-scale telephone wiretaps, with stiff penalties for any abuse of the system. 

Still, many of those who oppose Carnivore have concluded that it is here to stay. 

"You can't outlaw this technology," said James X. Dempsey, deputy director of the Center for Democracy and Technology, a high-tech policy group in Washington. "All you can do is set strict legal standards." 







More information about the cypherpunks-legacy mailing list