Feeds

How Carnivore works

Not nice....not at all nice

  • alert
  • submit to reddit

Build a business case: developing custom apps

The FBI's notorious Internet traffic sniffer Carnivore includes a handy, idiot-proof GUI interface enabling nosey Feds to capture and examine a broad range of what passes through, from headers alone to full-bore content retrieval, which is pictured in the Justice Department's final assessment from the IIT Research Institute and the Illinois Institute of Technology Chicago-Kent College of Law (IITRI).

The 'IP addresses' field conveniently accepts settings for particular IPs or IP ranges; and the 'protocols' field accepts settings enabling Feds to choose among TCP (transmission control protocol), UDP (user datagram protocol) and ICMP (Internet control message protocol) retrieval, each one separately configurable for 'full retrieval', 'pen mode' (headers only) and 'off'.

Another option enables Fed-defined text-string inputs to be searched (e.g., say an e-mail contains the string, "blow up the President's motorcade". It is not clear whether there is a lockout to prevent text-string scanning when the device is running in pen mode.

Particular ports for SMTP (simple mail transfer protocol), POP (post office protocol), HTTP (hyper-text transfer protocol) and FTP (file transfer protocol), can also be chosen freely with the interface, as can port ranges.

The machine accommodates both DHCP (dynamic host configuration protocol) and RADIUS (remote authentication dial-in user service) connections, though one assumes from the layout that the Feds need to know which they're dealing with ahead of time.

The actual Carnivore box as installed at an ISP lacks a monitor and a keyboard, which one hopes might discourage bored administrators from mucking about with it. The data it captures, and its configuration, are dealt with off-site by an FBI geek operating a control machine linked to the bare-bones box via a (hopefully secure) telephone link.

Privacy questions remain

As for the chief privacy concern, that Carnivore can easily be misused by overzealous Feds examining more data than their court orders permit, the IITRI report offers little in the way of reassurance. Basically, we have to trust the Feds not to abuse it.

With that sticky issue in mind, the report goes to pains to emphasize the way responsibility is divided among 'case agents' who try to get the thing installed, and the geeks who actually operate it.

"Case agents establish the need and justification for the surveillance. A separate team of technically trained agents installs the equipment and configures it to restrict collection to that allowed by the court order," the report notes.

"In the case of Carnivore, all installations have been performed by the same small team. Case agents are motivated to solve or prevent crimes, but technically trained agents are motivated by FBI policy and procedures to ensure that collection adheres strictly to court orders and will be admissible in court as evidence."

In other words, the Bureau's geeks are going to provide the primary fail-safe against abuse, motivated by their natural civic piety and concerns that the collection of excess information would jeopardise a prosecution.

"Potential criminal prosecution of agents involved in over-collection provide further....controls protecting against misusing Carnivore," the report states, but notes that "the statutory suppression remedy available for illegal interception of other communications in Title III is not expended to electronic communications."

So if the Feds were to over-collect using Carnivore, and use what they learned in the course of a prosecution, the data gathered would not automatically be thrown out as tainted evidence.

Another serious deficiency in Carnivore's privacy protection is the lack of any auditing mechanism for supervisors to check up on the actions of field agents.

"Carnivore operators are anonymous to the system," the report says. "All users are logged in as 'administrator' and no audit trail of actions is maintained."

So this gives the Feds total deniability in cases where over-collection might be proven. Not only is the over-collected data useful as evidence against the victim, there is no way to determine who in the FBI is guilty of violating his rights. Where no one can be identified as the culprit, the so-called remedies of civil or criminal action are pure window-dressing and entirely moot.

Very slick, and not at all nice. A true Janet Reno production in all aspects. ®

Related Stories

Congress peers deeper into Carnivore
FBI's Carnivore review is mixed
Researchers question Carnivore review

A new approach to endpoint data protection

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?