IP: House hearing on FBI's "Carnivore" : Risks Digest 20.97

[Dave Farber <farber@cis.upenn.edu>]

>Date: Wed, 26 Jul 2000 23:04:40 -0400
>From: Alan Davidson <abd@cdt.org>
>Subject: House hearing on FBI's "Carnivore"
>
>   [Written by Lina Tilman <ltilman@cdtmail.org>]
>
>Oversight Hearing on Fourth Amendment Issues
>Raised by FBI's "Carnivore" Program
>Subcommittee on the Constitution, House Committee on the Judiciary
>Monday, July 24, 2000, 1:00 p.m.
>
>Chairman Canady opened the hearing by introducing the Carnivore system as
>one that "isolates, intercepts and collects" information that passes through
>an ISP. Canady expressed hope that evaluations of the system would be based
>on facts instead of "irrational fears and suspicions". Canady concluded by
>acknowledging the potential for abuse of the system as a significant
>concern.
>
>Rep. Watt briefly addressed his concern regarding Big Brother in general and
>the government's ability to invade citizens' privacy in particular. Watt
>acknowledged that such ability has been enhanced by advancements in
>information and communication technologies.
>
>Rep. Hyde first noted the legitimate need of the law enforcement to access
>information required for criminal investigations. Hyde then described the
>tension between such necessary access and the citizens' right to the
>"valuable commodity" of privacy.
>
>Rep. Conyers introduced a number of questions as part of his inquiry into
>Carnivore's ability to "bite more than it can chew". Conyers first noted his
>concern regarding the applicability of the pen register authority, under
>which Carnivore collects transactional electronic data, to the online
>environment. Conyers' other concerns included the FBI's refusal to allow
>ISPs themselves to deliver the necessary information once a lawful order is
>obtained.
>
>Rep. Hutchinson stated that while Carnivore appeared to be a minimization
>tool, there exist legitimate questions regarding its application. Concerns
>include proper monitoring of Carnivore's collection and filtering of e-mail
>communication. Hutchinson mentioned the Privacy Commission bill, which he
>co-sponsors with Rep.  Moran, as an attempt to establish a body of experts
>who would, among other things, examine the data collection practices of law
>enforcement to determine whether they violate the privacy rights of the
>U.S. citizens.
>
>Rep. Bachus stated that in Carnivore's case, technology appears to have
>"outrun the law". Bachus expressed his suspicion that criminals would easily
>evade the system and it would exclusively monitor the communications of law
>abiding citizens. Bachus further expressed his concern regarding
>illegitimate access to confidential files within agencies such as the FBI.
>
>The  first panel  consisted  of Dr.  Donald  Kerr, FBI  lab director,  Larry
>Parkinson, FBI General Counsel, Kevin DiGregory, DOJ and David Green, DOJ.
>
>Dr. Kerr introduced FBI's Carnivore as a tool, analogous to a "packet
>sniffer", of lawful interception of criminal communication. After being
>installed on a network pursuant to a court order, Carnivore collects the
>transactional information of its targets' e-mails; its configuration and
>filter settings depend on the specifics of the court order. Carnivore
>conducts neither broad searches nor long-term surveillance; instead, it
>filters out all content information and stores only the non-content "to" and
>"from" lines of targeted communication. Carnivore is passive on the network
>and is used only by a technical team of the law enforcement; in its two
>years of existence, it has been used very infrequently and
>narrowly. Dr. Kerr concluded by stating that the FBI presently plans an
>independent review of the system by industry and academic experts.
>
>Mr. Parkinson testified that Carnivore is a minimization tool that operates
>under substantial oversight. Mr. DiGregory, in turn, argued that Carnivore
>is equivalent to other simple investigative tools that law enforcement uses
>offline.
>
>Chairman Canady asked whether Carnivore captures the URLs of communications
>with Web sites. The panelists answered that it does not, unless a URL is
>included in the transactional information of an e-mail. Rep. Watt appeared
>upset that independent review was scheduled after Carnivore has been in use
>for two years. A number of Members expressed distrust regarding the law
>enforcement's use of Carnivore under described limitations. Rep. Hutchinson
>asked whether the FBI has ever captured content that it then had to filter
>out. The panelists answered that it has not. Panelists noted that in
>addition to restrictions and specifications that limit data collection prior
>to Carnivore's activation, there exist safeguards on law enforcement's use
>of collected data when it is first examined and, later, at trial.
>
>The second panel consisted of Barry Steinhardt, ACLU, Alan Davidson, CDT,
>Tom Perrine, Pacific Institute for Computer Security, Robert Corn-Revere,
>Hogan & Hartson, Matt Blaze, AT&T Labs, Stewart Baker, Steptoe & Johnson,
>and William Sachs, ICONN.
>
>Mr. Steinhardt stated that Carnivore is an unprecedented maximization tool
>that has the potential to access all communications that pass through an
>ISP. Mr. Steinhardt analogized Carnivore to a digital wiretap, expressing
>concern that its broad access is inconsistent with restrictions set by the
>Fourth Amendment and the ECPA. Mr.  Steinhardt noted that the FBI has a
>"checkered past" with regards to First and Fourth Amendment violations.
>
>Mr. Davidson addressed the differences between transactional data in the on-
>and off-line environments, noting that off-line Fourth Amendment protections
>do not neatly translate into online communications. Davidson showed a series
>of slides that displayed sample packets that Carnivore could obtain; he
>argued that "non-content" data that Carnivore currently accesses under a pen
>register or trap and trace authorization reveal a great amount the actual
>content of a target's communication. Davidson argued that Congress must
>increase statutory protections for electronic communications, raising the
>Carnivore authorization standard from relevant to probable cause.
>
>Mr. Perrine noted that Carnivore is technically capable of monitoring all
>traffic that passes through the network. Mr. Perrine spoke about the
>inapplicability of telephony concepts to the online environment.  He stated
>that the FBI's use of Carnivore lacks accountability, noting that it is
>impossible to monitor the system or keep track of its configurations or
>filters without the knowledge of its source code. Mr. Perrine argued that
>Carnivore represents a threat to privacy that is protected under original
>wiretap legislation.
>
>Mr. Corn-Revere argued against a number of points brought up by government
>witnesses on the first panel. Mr. Corn-Revere appeared skeptical that the
>FBI would use Carnivore's capabilities in limited ways that protect
>individuals' privacy. He noted disconcerting implications inherent in the
>system's ability to switch its level of surveillance. In conclusion,
>Mr. Corn-Revere stated that there presently exists no way to ensure
>accountability of FBI's use of Carnivore.
>
>Mr. Blaze argued that while the FBI operates with good intentions, it is
>difficult to ensure that Carnivore operates as intended. The system may
>inadequately filter, target the wrong individual or extract pieces of
>communication out of context. Mr. Blaze noted that large-scale systems such
>as Carnivore are problematic and tend to fail silently -- without operators'
>knowledge -- due to bugs, vulnerabilities and mistakes. Mr. Blaze argued
>that widespread publication of Carnivore's source code and architecture is
>the best way to ensure its soundness.  [See
>   http://www.crypto.com/papers/openwiretap.html; PGN]
>
>Mr. Baker stated that communication concepts from the telephony world do not
>apply to electronic communication. Mr. Baker argued that it is "crazy" and
>"bizarre" not to acknowledge that there exists a reasonable expectation of
>privacy in the content-revealing "to" and "from" lines of an e-mail. He
>urged the Members to institute a notice requirement when a system such as
>Carnivore monitors e-mail communications.
>
>Mr. Sachs testified that ISPs are capable of providing the FBI with
>requested communications when a lawful order exists. He noted that Carnivore
>represents the most intrusive method of obtaining transactional data of
>e-mail messages. Mr. Sachs acknowledged that albeit technically feasible,
>such monitoring by an ISP discourages free online communication, protected
>by the First Amendment, and slows down network traffic.
>
>During the Q&A period, Davidson noted that little is known about Carnivore's
>precise capabilities and functions. Rep. Watt expressed concern that
>currently available Carnivore-like electronic surveillance systems allow
>anyone to monitor online traffic.  Panelists noted that there exists an
>a-priori legal issue with the FBI's installation of Carnivore -- in the
>telephony world, the FBI would not be able to install, on a telephone
>service provider's network, a device that would monitor all passing
>communications.  Panelists and Members appeared to agree that there must
>exist a notice requirement; presently, notice depends on the individual
>ISPs' policies. Davidson argued that two things must occur: (1) the standard
>for access to transactional data on the Internet must be raised, and (2)
>"trap and trace" must be re-defined for the online environment. Mr. Perrine
>noted that according to the Supreme Court, transactional data may not
>disclose the target's identity. Mr.  Steinhardt observed that the FBI
>witnesses addressed the use of Carnivore in the e-mail context only; it
>remains unclear how the system monitors files transferred using other
>protocols. Furthermore, it is unclear what statutory protections govern such
>file transfers.  Mr. Steinhardt argued that the notion and significance of
>non-content data has changed since CALEA was adopted, and urged the Members
>to consider two changes to existing surveillance guidelines: (1) judges
>should be given discretion in matters of online pen register and trap and
>trace orders, and (2) the standard for obtaining a pen register and trap and
>trace must be raised for both the online and the telephony environments.
>
>Lina Tilman, Center for Democracy and Technology
>1634 Eye St. NW Suite 1100, Washington, DC 20006
>202 637 9800  fax 202 637 0968
>ltilman@cdtmail.org  http://www.cdt.org/
>
>   [From EPIC Alert 7.14, 27 Jul 2000, http://www.epic.org, I find
>Testimony presented at the House Judiciary Committee hearing:
>       http://www.house.gov/judiciary/2.htm
>The hearing can be viewed in its entirety over the web at:
>       http://www.cspan.org/technology_science/
>More on the history of FBI monitoring of Internet communications and the
>"digital telephony" law (or CALEA) is available at the EPIC Wiretap Page:
>       http://www.epic.org/privacy/wiretap/
>   PGN]