Feeds

FBI retires Carnivore

Looks to commercial surveillance tools

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday.

Two reports to Congress obtained by the Washington-based Electronic Privacy Information Center under the Freedom of Information Act reveal that the FBI didn't use Carnivore, or its rebranded version "DCS-1000," at all during the 2002 and 2003 fiscal years. Instead, the bureau turned to unnamed commercially-available products to conduct Internet surveillance thirteen times in criminal investigations in that period.

Carnivore became a hot topic among civil liberations, some network operators and many lawmakers in 2000, when an ISP's legal challenge brought the surveillance tool's existence to light. One controversy revolved around the FBI's legally-murky use of the device to obtain e-mail headers and other information without a wiretap warrant -- an issue Congress resolved by explicitly legalizing the practice in the 2001 USA PATRIOT Act.

Under section 216 of the act, the FBI can conduct a limited form of Internet surveillance without first visiting a judge and establishing probable cause that the target has committed a crime. In such cases the FBI is authorized to capture routing information like e-mail addresses or IP addresses, but not the contents of the communications.

According to the released reports, the bureau used that power three times in 2002 and six times in 2003 in cases in which it brought its own Internet surveillance gear to the job. Each of those surveillance operations lasted sixty days or less, except for one investigation into alleged extortion, arson and "teaching of others how to make and use destructive devices" that ran over eight months from January 10th to August 26th, 2002.

Other cases investigated under section 216 involved alleged mail fraud, controlled substance sales, providing material support to terrorism, and making obscene or harassing telephone calls within the District of Columbia. The surveillance targets' names are not listed in the reports.

In four additional cases, twice each in 2002 and 2003, the FBI obtained a full-blown Internet wiretap warrant from a judge, permitting them to capture the contents of a target's Internet communications in real time. No more information on those cases is provided in the reports because they involved "sensitive investigations," according to the bureau.

The new documents only enumerate criminal investigations in which the FBI deployed a government-owned surveillance tool, not those in which an ISP used its own equipment to facilitate the spying. Cases involving foreign espionage or international terrorism are also omitted.

Developed by a contractor, Carnivore was a customizable packet sniffer that, in conjunction with other FBI tools, could capture email messages, and reconstruct web pages exactly as a surveillance target saw them while surfing the web. FBI agents lugged it with them to ISPs that lacked their own spying capability.

Related stories

Google exposes web surveillance cams
Groups fight internet wiretap push
Aussie police get spyware powers
The American way of spying gets a makeover
Judge dismisses keylogger case
Selling surveillance - has Blunkett got a deal for you<br

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.