How Carnivore works
Not nice....not at all nice
The FBI's notorious Internet traffic sniffer Carnivore includes a handy, idiot-proof GUI interface enabling nosey Feds to capture and examine a broad range of what passes through, from headers alone to full-bore content retrieval, which is pictured in the Justice Department's final assessment from the IIT Research Institute and the Illinois Institute of Technology Chicago-Kent College of Law (IITRI).
The 'IP addresses' field conveniently accepts settings for particular IPs or IP ranges; and the 'protocols' field accepts settings enabling Feds to choose among TCP (transmission control protocol), UDP (user datagram protocol) and ICMP (Internet control message protocol) retrieval, each one separately configurable for 'full retrieval', 'pen mode' (headers only) and 'off'.
Another option enables Fed-defined text-string inputs to be searched (e.g., say an e-mail contains the string, "blow up the President's motorcade". It is not clear whether there is a lockout to prevent text-string scanning when the device is running in pen mode.
Particular ports for SMTP (simple mail transfer protocol), POP (post office protocol), HTTP (hyper-text transfer protocol) and FTP (file transfer protocol), can also be chosen freely with the interface, as can port ranges.
The machine accommodates both DHCP (dynamic host configuration protocol) and RADIUS (remote authentication dial-in user service) connections, though one assumes from the layout that the Feds need to know which they're dealing with ahead of time.
The actual Carnivore box as installed at an ISP lacks a monitor and a keyboard, which one hopes might discourage bored administrators from mucking about with it. The data it captures, and its configuration, are dealt with off-site by an FBI geek operating a control machine linked to the bare-bones box via a (hopefully secure) telephone link.
Privacy questions remain
As for the chief privacy concern, that Carnivore can easily be misused by overzealous Feds examining more data than their court orders permit, the IITRI report offers little in the way of reassurance. Basically, we have to trust the Feds not to abuse it.
With that sticky issue in mind, the report goes to pains to emphasize the way responsibility is divided among 'case agents' who try to get the thing installed, and the geeks who actually operate it.
"Case agents establish the need and justification for the surveillance. A separate team of technically trained agents installs the equipment and configures it to restrict collection to that allowed by the court order," the report notes.
"In the case of Carnivore, all installations have been performed by the same small team. Case agents are motivated to solve or prevent crimes, but technically trained agents are motivated by FBI policy and procedures to ensure that collection adheres strictly to court orders and will be admissible in court as evidence."
In other words, the Bureau's geeks are going to provide the primary fail-safe against abuse, motivated by their natural civic piety and concerns that the collection of excess information would jeopardise a prosecution.
"Potential criminal prosecution of agents involved in over-collection provide further....controls protecting against misusing Carnivore," the report states, but notes that "the statutory suppression remedy available for illegal interception of other communications in Title III is not expended to electronic communications."
So if the Feds were to over-collect using Carnivore, and use what they learned in the course of a prosecution, the data gathered would not automatically be thrown out as tainted evidence.
Another serious deficiency in Carnivore's privacy protection is the lack of any auditing mechanism for supervisors to check up on the actions of field agents.
"Carnivore operators are anonymous to the system," the report says. "All users are logged in as 'administrator' and no audit trail of actions is maintained."
So this gives the Feds total deniability in cases where over-collection might be proven. Not only is the over-collected data useful as evidence against the victim, there is no way to determine who in the FBI is guilty of violating his rights. Where no one can be identified as the culprit, the so-called remedies of civil or criminal action are pure window-dressing and entirely moot.
Very slick, and not at all nice. A true Janet Reno production in all aspects. ®