Feeds

How Carnivore works

Not nice....not at all nice

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

The FBI's notorious Internet traffic sniffer Carnivore includes a handy, idiot-proof GUI interface enabling nosey Feds to capture and examine a broad range of what passes through, from headers alone to full-bore content retrieval, which is pictured in the Justice Department's final assessment from the IIT Research Institute and the Illinois Institute of Technology Chicago-Kent College of Law (IITRI).

The 'IP addresses' field conveniently accepts settings for particular IPs or IP ranges; and the 'protocols' field accepts settings enabling Feds to choose among TCP (transmission control protocol), UDP (user datagram protocol) and ICMP (Internet control message protocol) retrieval, each one separately configurable for 'full retrieval', 'pen mode' (headers only) and 'off'.

Another option enables Fed-defined text-string inputs to be searched (e.g., say an e-mail contains the string, "blow up the President's motorcade". It is not clear whether there is a lockout to prevent text-string scanning when the device is running in pen mode.

Particular ports for SMTP (simple mail transfer protocol), POP (post office protocol), HTTP (hyper-text transfer protocol) and FTP (file transfer protocol), can also be chosen freely with the interface, as can port ranges.

The machine accommodates both DHCP (dynamic host configuration protocol) and RADIUS (remote authentication dial-in user service) connections, though one assumes from the layout that the Feds need to know which they're dealing with ahead of time.

The actual Carnivore box as installed at an ISP lacks a monitor and a keyboard, which one hopes might discourage bored administrators from mucking about with it. The data it captures, and its configuration, are dealt with off-site by an FBI geek operating a control machine linked to the bare-bones box via a (hopefully secure) telephone link.

Privacy questions remain

As for the chief privacy concern, that Carnivore can easily be misused by overzealous Feds examining more data than their court orders permit, the IITRI report offers little in the way of reassurance. Basically, we have to trust the Feds not to abuse it.

With that sticky issue in mind, the report goes to pains to emphasize the way responsibility is divided among 'case agents' who try to get the thing installed, and the geeks who actually operate it.

"Case agents establish the need and justification for the surveillance. A separate team of technically trained agents installs the equipment and configures it to restrict collection to that allowed by the court order," the report notes.

"In the case of Carnivore, all installations have been performed by the same small team. Case agents are motivated to solve or prevent crimes, but technically trained agents are motivated by FBI policy and procedures to ensure that collection adheres strictly to court orders and will be admissible in court as evidence."

In other words, the Bureau's geeks are going to provide the primary fail-safe against abuse, motivated by their natural civic piety and concerns that the collection of excess information would jeopardise a prosecution.

"Potential criminal prosecution of agents involved in over-collection provide further....controls protecting against misusing Carnivore," the report states, but notes that "the statutory suppression remedy available for illegal interception of other communications in Title III is not expended to electronic communications."

So if the Feds were to over-collect using Carnivore, and use what they learned in the course of a prosecution, the data gathered would not automatically be thrown out as tainted evidence.

Another serious deficiency in Carnivore's privacy protection is the lack of any auditing mechanism for supervisors to check up on the actions of field agents.

"Carnivore operators are anonymous to the system," the report says. "All users are logged in as 'administrator' and no audit trail of actions is maintained."

So this gives the Feds total deniability in cases where over-collection might be proven. Not only is the over-collected data useful as evidence against the victim, there is no way to determine who in the FBI is guilty of violating his rights. Where no one can be identified as the culprit, the so-called remedies of civil or criminal action are pure window-dressing and entirely moot.

Very slick, and not at all nice. A true Janet Reno production in all aspects. ®

Related Stories

Congress peers deeper into Carnivore
FBI's Carnivore review is mixed
Researchers question Carnivore review

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.