• PC World
• » Security

CAMBRIDGE, MASSACHUSETTS--There are still plenty of legal, technical, and philosophical concerns to explore with the U.S Federal Bureau of Investigation's controversial Carnivore Internet surveillance tool, according to panelists who spoke about the sniffer technology during the Eleventh Conference on Computers, Freedom and Privacy here Thursday.

Some of the technical and legal points hinge on what data Carnivore is capable of capturing when it is implemented, say panelists. Carnivore, which is now referred to by the FBI as DCS1000, is a software program that monitors packets of data passing through an Internet service provider's network.

"The problem from legal angles is that it captures all sorts of Internet protocol information," says panelist Mark Rasch, vice president for cyberlaw at Predictive Systems, and the former head of the Computer Crime Unit at the U.S. Department of Justice. It can offer information such as what Web sites a user has visited, cookies, time of searches, and log-on/log-off information, he says.

With any wiretap technology, the goal is to minimize or get as specific as possible on what is being looked for, he says. Carnivore has automated the process of looking for specific information, and that opens up possibilities for greater use. It is relatively quick to set up and comes at minimal cost, Rasch says.

Restrictions Urged

That is why it is crucial that federal hurdles already in place that limit utilization of Carnivore remain, says panelist Harold Krent, a law professor and associate dean for faculty and interprofessional activities at Chicago-Kent College of Law, Illinois Institute of Technology. Without requirements for law enforcement, there is potential for rogue or negligent applications of the sniffing technology, says Krent, who helped review Carnivore last year.

According to Krent, the FBI used Carnivore between 25 and 30 times last year. Approximately 25 percent of the time it was approved by individuals for their own protection, such as in stalking cases.

Two types of searches can be done, he says: a "pen register," which provides addressing information, and the full-content search. Most of the searches last year were pen register searches, for which law enforcement officials do not have to show probable cause in order to get the necessary court order, Krent says. A full-content search requires a judge's approval.

The FBI and U.S Department of Justice also have internal reviews that often can require law enforcement to wait up to six months before the sniffer technology can be used for investigatory reasons. Federal officials must prove that less invasive search methods could not be used instead, Krent says.

How Smart Is Carnivore?

On the technology side, there is the question of whether Carnivore can distinguish the target it is looking for from a nontarget, says panelist Matt Blaze, who is with the secure systems research department at AT&T Labs and has testified before Congress on Carnivore. It could be a technological pitfall for evidence gathering by law enforcement, he says.

One example is if dynamic IP addresses are being used, he says. If Carnivore is supposed to look at a specific IP address for an individual and it actually has been assigned to someone else, it could pose a serious problem, he says.

Another potential technological concern is creating fraudulent packets for Carnivore. There is a question of whether Carnivore could distinguish real network traffic from traffic generated to trick the technology, he says.

Who Will Watch the FBI?

As far as philosophical questions go, there is the point of trusting the FBI with the technology, says panelist David Sobel, general counsel for the Electronic Privacy Information Center, which has taken the FBI to court to gain access to information on the Carnivore program.

The sniffer technology provides the FBI with access to all traffic on an ISP. The public has to trust that federal law enforcement will look only at data necessary for its investigation, Sobel says.

A greater check on the government would be to give the ISPs the Carnivore program and let them run it for federal law enforcement when necessary, he says.

It is unclear what the future holds for Carnivore, as Sobel shared a quote from newly appointed U.S. Attorney General John Ashcroft that suggests he believes that federal law enforcement agencies already impose too much on the lives of private citizens.

The Computers, Freedom and Privacy conference in Cambridge, Massachusetts, continues through Friday.

• See more like this:
• Carnivore,
• DCS1000,
• Federal Bureau of Investigation,
• Eleventh Conference on Computers,
• Freedom and Privacy,
• pen register,
• Electronic Privacy Information Center,
• EPIC,
• sniffer technology