Feeds

Judge yanks a few of Carnivore's teeth

Will the annoying little beast be muzzled?

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

US District Judge James Robertson has responded to a suit brought by American watchdog outfit the Electronic Privacy Information Centre (EPIC) regarding the FBI's e-mail snoop apparatus Carnivore, by giving the Bureau ten working days to set a schedule for delivering records under expedited Freedom of Information Act (FOIA) handling.

In its application for a temporary restraining order against Carnivore, EPIC charged that the FBI and the US Department of Justice (DoJ) have violated the law by failing to act on its request for fast-track processing of its FOIA inquiry.

But just as the hearing commenced, EPIC General Counsel David Sobel announced that he had received a fax in which the FBI and DoJ had granted expedited treatment. Assistant US Attorney Lisa Barsoomian later told the court that the FBI intends to make the documents available "as soon as practicable."

Judge Robertson noted that ten days struck him as a reasonable interpretation of what should be 'practicable', and ordered the FBI to submit to him its timetable for meeting the FOIA request by then.

The Carnivore system has become controversial since its existence was revealed in the mainstream press last month. In late July, the FBI assured a Congressional Committee that it is designed to intercept only the e-mail of a particular criminal suspect, following the issue of a proper search warrant.

EPIC, the American Civil Liberties Union (ACLU), and numerous other watchdog groups have expressed concern that the system could violate citizens' Fourth Amendment guarantees against unreasonable search and seizure, because all e-mail traffic of an ISP into which it is plugged will flow through it.

The Fourth Amendment states plainly that "No warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized."

Thus the Carnivore system occupies a Constitutional grey area, because while the FBI claims it can be configured to trap and record only the e-mail traffic of a particular suspect named in a warrant, its potential for abuse is enormous as an entire ISP's traffic ultimately gets sifted. It's not terribly hard to imagine a few overzealous agents sneaking a peek at the e-mail correspondence of some secondary or tertiary 'person of interest', whether a warrant exists or not.

EPIC filed its initial FOIA request on 12 July. A week later it asked the DoJ to expedite the request on grounds that Carnivore had become a media hobby horse which raised questions about "the government's integrity, which affects public confidence," a standard which qualifies for fast-track FIOA handling.

Carnivore has lately drawn fire from Members of Congress, several of whom believe it should be mothballed until the courts have had a chance to review and rule on its Fourth Amendment implications. Representative Robert Barr (Republican, Georgia) is among those devising legislation which would prevent the FBI from using it and other potentially indiscriminate snooping devices like it.

Last week, twenty-seven House Republicans and one uncommonly courageous Democrat delivered a letter to US Attorney General Janet Reno, urging her to scrap Carnivore until the Constitutional issues attaching to it have been resolved in the courts.

"[Innocent] people should feel secure that the federal government is not reading their e-mail, no matter how worthy the objective," the Members wrote.

Reno lamely replied that she will reveal the system's capabilities and technical standards to "a group of experts" of her choosing, a far cry from the public review requested by Congress and grassroots organisations like EPIC and the ACLU.

So the Carnivore hunt is set to continue on Capitol Hill, as Congress reminds itself that anything which Reno's hand-picked techno-lackeys are likely to reveal will hardly be worth knowing. ®

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.