Feeds

ACLU seeks Congress' help against FBI's ‘Carnivore’

Please de-fang this beast before it devours us

  • alert
  • submit to reddit

The essential guide to IT transformation

A slick new e-mail snooping system developed by the FBI and named 'Carnivore' has so concerned the American Civil Liberties Union (ACLU) that the organisation has petitioned the House Constitution Subcommittee to consider drafting legislation to bring it and similar schemes under control.

"The Carnivore system gives [to] law enforcement e-mail interception capabilities that were never contemplated when Congress passed the Electronic Communications Privacy Act (ECPA). Carnivore raises new legal issues that cry out for Congressional attention if we are to preserve Fourth Amendment rights in the digital age," the ACLU wrote in a letter to Subcommittee members Charles Canady (Republican, Florida) and Melvin Watt (Democrat, North Carolina).

Ideally, the Carnivore spy system would only be invoked by a court order, and could then only be used to monitor the communications of an individual named in it. However, because it is plugged into an ISP's network rather than a target's phone line, it has the capability of monitoring all traffic passing through the ISP, and is therefore ripe for abuse by overzealous or corrupt law enforcement officers.

Furthermore, the Feds are required by law to restrict interception of communications not relevant to the investigation when acting upon a wiretap order. "Carnivore is not a minimisation tool. Instead, Carnivore maximises law enforcement access to the communications of non-targets," the ACLU points out.

The FBI claims that the system is configured to trap only information relevant to a particular tap and trace order. Still, regardless whether that's true, there remain significant privacy implications simply because of Carnivore's potential for misuse, and because of the precedent its use might set in future Fourth Amendment disputes. It could quite easily provide a legal slippery slope for further degeneration of individual rights to privacy when the Feds want access to data.

According to the ACLU, "it is not clear whether law enforcement agents use or should use [their] authority....to access a variety of data, including Internet Protocol addresses, dialup numbers and e-mail logs," as the Carnivore system clearly enables them to do. "We certainly do not believe that it is clear that law enforcement can install a super trap and trace device that access to such information for all of an ISP's subscribers."

However, because the ECPA doesn't specify precisely what can and can't be trapped over the Internet, a judge might be inclined to authorise using Carnivore, since the statute doesn't clearly prohibit it. Interpretations here are a matter of the 'spirit' of the law, which the FBI will undoubtedly say leans towards using any and all means to thwart evildoers, but which privacy advocates will undoubtedly say favours a minimalist approach which Carnivore can't accommodate.

Since a judicial approach is likely to find nothing illegal (if nothing particularly legal) about using a shotgun approach to electronic wiretaps like Carnivore, the ACLU has decided to tackle the problem from a legislative angle.

Thus, "the ACLU urges the [Constitution] Subcommittee to accelerate its consideration of the application of the Fourth Amendment in the digital age. Legislation should make it clear that law enforcement agents may not use devices that allow access to electronic communications involving only persons other than a specified target for which it has a proper order."

"Such legislation should make clear that a trap and trace order served on an ISP does not authorise access to the contents of any communication including the subject line of a communication -- and that the ISP bears the burden of protecting the privacy of communications to which FBI access has not been granted."

Now that last bit, while it makes sense by offering a bit more security than FBI self-monitoring might afford, is sure to raise the hackles of industry lobbyists, who routinely rant about any legislation which might involve their clients in anything vaguely resembling a responsibility, and its associated legal liabilities. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Microsoft exits climate denier lobby group
ALEC will have to do without Redmond, it seems
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?