Feeds

ACLU seeks Congress' help against FBI's ‘Carnivore’

Please de-fang this beast before it devours us

  • alert
  • submit to reddit

Application security programs and practises

A slick new e-mail snooping system developed by the FBI and named 'Carnivore' has so concerned the American Civil Liberties Union (ACLU) that the organisation has petitioned the House Constitution Subcommittee to consider drafting legislation to bring it and similar schemes under control.

"The Carnivore system gives [to] law enforcement e-mail interception capabilities that were never contemplated when Congress passed the Electronic Communications Privacy Act (ECPA). Carnivore raises new legal issues that cry out for Congressional attention if we are to preserve Fourth Amendment rights in the digital age," the ACLU wrote in a letter to Subcommittee members Charles Canady (Republican, Florida) and Melvin Watt (Democrat, North Carolina).

Ideally, the Carnivore spy system would only be invoked by a court order, and could then only be used to monitor the communications of an individual named in it. However, because it is plugged into an ISP's network rather than a target's phone line, it has the capability of monitoring all traffic passing through the ISP, and is therefore ripe for abuse by overzealous or corrupt law enforcement officers.

Furthermore, the Feds are required by law to restrict interception of communications not relevant to the investigation when acting upon a wiretap order. "Carnivore is not a minimisation tool. Instead, Carnivore maximises law enforcement access to the communications of non-targets," the ACLU points out.

The FBI claims that the system is configured to trap only information relevant to a particular tap and trace order. Still, regardless whether that's true, there remain significant privacy implications simply because of Carnivore's potential for misuse, and because of the precedent its use might set in future Fourth Amendment disputes. It could quite easily provide a legal slippery slope for further degeneration of individual rights to privacy when the Feds want access to data.

According to the ACLU, "it is not clear whether law enforcement agents use or should use [their] authority....to access a variety of data, including Internet Protocol addresses, dialup numbers and e-mail logs," as the Carnivore system clearly enables them to do. "We certainly do not believe that it is clear that law enforcement can install a super trap and trace device that access to such information for all of an ISP's subscribers."

However, because the ECPA doesn't specify precisely what can and can't be trapped over the Internet, a judge might be inclined to authorise using Carnivore, since the statute doesn't clearly prohibit it. Interpretations here are a matter of the 'spirit' of the law, which the FBI will undoubtedly say leans towards using any and all means to thwart evildoers, but which privacy advocates will undoubtedly say favours a minimalist approach which Carnivore can't accommodate.

Since a judicial approach is likely to find nothing illegal (if nothing particularly legal) about using a shotgun approach to electronic wiretaps like Carnivore, the ACLU has decided to tackle the problem from a legislative angle.

Thus, "the ACLU urges the [Constitution] Subcommittee to accelerate its consideration of the application of the Fourth Amendment in the digital age. Legislation should make it clear that law enforcement agents may not use devices that allow access to electronic communications involving only persons other than a specified target for which it has a proper order."

"Such legislation should make clear that a trap and trace order served on an ISP does not authorise access to the contents of any communication including the subject line of a communication -- and that the ISP bears the burden of protecting the privacy of communications to which FBI access has not been granted."

Now that last bit, while it makes sense by offering a bit more security than FBI self-monitoring might afford, is sure to raise the hackles of industry lobbyists, who routinely rant about any legislation which might involve their clients in anything vaguely resembling a responsibility, and its associated legal liabilities. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.