1. Notwithstanding dire predictions, the year 2000 brought few disasters directly caused by technology.[1] The year 2000 did bring from the U. S. Federal Bureau of Investigation official disclosure of a technology project called Carnivore,[2] which enables properly authorized agents to utilize technology to intercept, filter, seize, and decipher digital communications on the information autostrada known as the Internet. Depending upon the precise manner in which this new technology is implemented, Carnivore may entail the compelled disclosure of encryption keys that could not be independently recovered. In any event, Carnivore will certainly intercept many millions of private communications among individuals who have violated no laws, and in many cases will obtain information about such individuals with neither their knowledge nor their consent. Since the Internet is global, many of these individuals will be citizens of other nations who have no physical presence in the United States.

2. In this paper, I will describe the technology of interception, filtering, and seizure, as implemented in Carnivore, in order to develop an appreciation of what is possible. Next, I will examine the pertinent legal principles from the United States, which require an analysis of existing legislation, regulations, and guidelines, as well as of judicial decisions interpreting the Constitution’s Bill of Rights. Finally, I will hazard some conjectures about the dangers and benefits that Carnivore presents for both individuals and for governments.

2 Carnivore Overview

3. Carnivore is a computer surveillance device system developed within the FBI that is installed and used together with a tap on the facilities of an Internet Service Provider.[3] The software program copies all data traffic on a particular internet server, and collects information about – and/or the content of – electronic mail or other digital communications to or from the specific users targeted in an investigation.[4] American courts have recognized that the government may, with proper authorization, seize documents, intercept mail,[5] and electronically intercept and record voice communications.[6] The United States Department of Justice has also issued guidelines for the search and seizure of computer evidence.[7]

4. From a theoretical standpoint, Carnivore represents only a small advance in this type of surveillance, in that it extends these techniques to the Internet by enabling authorized investigators to intercept and copy electronic data communications. The apparent similarity between Carnivore and its forebears is, however, superficial. When mail is intercepted, agents must physically separate envelopes or packages with addresses that meet the seizure criteria, and they generally do so at the appropriate local post office.[8] Wiretaps[9] are among the most expensive and labor intensive operations in all of law enforcement; the government must carefully evaluate wiretap projects from the fiscal, tactical and the legal standpoints.[10] Moreover, wiretap agents must, under American law’s minimization requirement, monitor all wiretaps in real time and must immediately terminate surveillance of any intercepted communication that does not involve the authorized target.[11]

5. The Carnivore process, unlike its ancestors, is highly automated in several important ways. First, Carnivore necessarily intercepts huge amounts of information from myriad sources unconnected to any investigation: Carnivore monitors and copies virtually all of the data flowing through the channel during the period of surveillance.[12] While the Carnivore software will filter out the vast majority of this information immediately because it fails to meet the surveillance criteria, this filtering is merely optional from a technology standpoint. Moreover, when intercepted information does match the filtering criteria, it is then automatically captured and stored on the Carnivore system, even though the filtering criteria may have been entered in error. Any further removal of irrelevant or improperly seized information depends upon review and decisions by a human agent.[13]

6. Carnivore is an existing system based upon technology – described below – which is not terribly sophisticated.[14] According to a prominent member of the computer security industry, the FBI claims to have used Carnivore in approximately twenty-five investigations prior to August, 2000; the majority of the cases are said to have involved counter terrorism, although drug trafficking and computer hacking were also mentioned.[15] The potential efficacy and pervasiveness of this surveillance technology raises fundamental social concerns, chief among them is whether Carnivore is effective in accurately capturing authorized information while at the same time containing safeguards against the inadvertent collection of unauthorized information, abuse by government agents or private interests, and compromise by detection or manipulation by the targets of the investigation or third party hackers. After the Electronic Privacy Information Center (EPIC) filed suit in July, 2000, under the Freedom of Information Act seeking all government documents discussing Carnivore and its use by the FBI, the agency agreed in August, 2000, that it would provide more information about its existing use of Carnivore, including the data obtained and the details of the investigations. However, this process failed when EPIC objected to the proposed FBI timetable, and the agency sought to have the action dismissed.[16]

7. At the same time, in order to allay, or perhaps deflect, growing public concern, the FBI commissioned a private sector study of Carnivore, which was completed in December, 2000, by the IIT Research Institute and the Illinois Institute of Technology Chicago Kent College of Law [IITRI]. In order to understand why the Carnivore system necessarily entails the elements outlined above, I will examine the Carnivore technology as described in the FBI’s solicitation and the IITRI report. This examination will first address only technology issues, and will assume that appropriate legal authorization has been obtained for the operation in question. In subsequent sections, the legal principles affecting the propriety of Carnivore surveillance will be described and analyzed.

2.1 Carnivore Description

8. The efficiency of any complex network is based on topology: there are many routes by which data can travel from one point to another. The flow of traffic improves when data is sent over routes which are the shortest and most lightly traveled, and when retransmission of data due to errors is minimized. The superior efficiency of digital networks like the Internet is in large measure based upon the discovery that network traffic flows much better if each transmission is divided into many small packets, which can follow different routes and be reassembled at the destination.[17] A single communication is broken into many smaller packets, each of which bears a “header,” i.e., the information required to properly route, validate, and prioritize that packet.[18]

9. Thus, the Internet is literally built upon computers programmed to read and interpret packet headers. Carnivore is fundamentally based upon a “packet sniffer,” which is a computer placed near a switching point on the network and programmed to intercept and examine all of the packets that go by. In order to reduce the potential for delay or disruption of network traffic inherent in this process, Carnivore creates a copy of all of the data that flows through the system at the intercept point, and processes the copy rather than the original.[19] The FBI has taken pains to emphasize the passive and non-intrusive structure of Carnivore.[20] However, as the FBI itself has stated, “Carnivore chews all the data on the network, but it only actually eats the information authorized by the court order.”[21] The FBI contends that Carnivore should be viewed as analogous to a passive wiretap that does not interfere with communications.[22] But a mail seizure or a wiretap touches only upon communications directly involving the target of the investigation,[23] while Carnivore starts by copying everything in the pipe, in much the same fashion as the Echelon program by which the NSA and MI6 monitor all wireless communications. The American Civil Liberties Union has categorized Carnivore as a general search that clearly violates the Fourth Amendment.[24]

10. The Carnivore architecture has been portrayed by the FBI in the following diagram:

[25]

11. As Carnivore creates a full copy of the data stream, the next step in the process is to filter the data so that only packets that are identified as being part of a transmission involving the target are actually copied for review by the investigators. This is accomplished by instructing the computer to examine the information contained in each packet’s header to ascertain from whom the packet originated and to whom it is addressed.[26] This function is specified by the FBI solicitation for the external Carnivore review in the form of the following algorithm:[27]

For all Packets sent to port 25
	If Data starts with “MAIL FROM” or “RCPT TO”[28]
		Compare the e-mail address against the court-authorized e-mail address
			If the e-mail addresses match
				Start collecting this session (IP to/from, port to/from)
				Save the raw packets
Next Packet

12. The algorithm is simple and straightforward; its power derives from its ability to be executed at great speed for long periods of time without human intervention. The working Carnivore model which the FBI provided to IITRI for evaluation requires only standard, readily available “commercial off the shelf [COTS]” equipment:

§ The computer is a PC with a Pentium III processor, 128 megabytes RAM and a 4-18 gigabyte fixed disk drive.[29]

§ The Operating System (OS) is Windows NT, which is the standard Microsoft product for network servers and workstations.[30]

§ The filtering application software was written in C++, a common and widely used programming language that produces efficient code.[31]

§ The filtered data is written to a Zip drive, which employs removable disks that hold approximately 250 megabytes of data.[32] The FBI anticipates having its agents manually retrieve and replace the removable disks on a daily basis. Captured data can be saved to any valid drive path, so that the use of the Zip drive instead of a much larger fixed disk drive is purely optional.[33]

13. A Carnivore installation, then, consists of a single PC (which may be a laptop). The network cable that links an ISP’s hub or switch to another component is unplugged and plugged into a tap hub which routes data to the Carnivore computer.[34] Both the FBI and the IITRI evaluators take pains to emphasize that data is not actually routed away from the ISP’s normal pipeline, but is merely copied as it passes the tap point. This emphasis may have either a technical or a legal genesis.

14. From a technical standpoint, the contention is that Carnivore will not disrupt Internet traffic because it never diverts that traffic, but only copies it. At least one large ISP begs to differ; Earthlink reportedly has issued this official stance on Carnivore:

15. We do not allow the installation of Carnivore on our network because it has the potential to compromise the privacy of our legitimate users and the performance of our network. We have an internal solution which allows us to comply with court orders without the presence of government personnel or equipment in our buildings. The government accepts this solution since they still receive the requested information about the criminal suspect, and we sleep well knowing that our customers are safe from unauthorized surveillance.[35]

16. From a legal standpoint, the FBI may be preparing to argue that Carnivore taps are “passive wiretaps” which do not entail actual interceptions, but merely retrieve electronic data.[36] The significance of that claim, which potentially vitiates the exclusionary rule in Carnivore situations, is discussed below. In any event, the Carnivore system consists entirely of cables, the tap and its hub, and the Carnivore PC with a fixed disk hard drive and a removable disk Zip drive.

17. Carnivore can be used as either a content wiretap[37] or as a pen trap.[38] The traditional wiretap typically has an actual eavesdrop van parked in the street, and the recorder must be turned off if the call involves someone other than the target. The Carnivore equivalent is the content of all e-mails sent to or received from the authorized target address, or all electronic data flows involving that address, which may consist of data files, program files, messages, or even keystrokes being entered by a hacker.[39] The traditional pen/trap records telephone numbers calling or being called by the target. The Carnivore equivalent records everyone who FTP’s a certain file, accesses a certain web page, reads a certain newsgroup, connects to a certain chat room, or transmits keystrokes.[40]

2.2 Technical Issues Unresolved by the Carnivore RFP

18. The purpose of the FBI in issuing the RFP was not to solicit technical information or advice regarding how to build or improve the Carnivore device, but rather to allay concerns about the scope of Carnivore surveillance, the potential for abuse, breaches of security, and interference by hackers. Although the entire project was explicitly given the label “technical review,” the IITRI report devotes considerable space to analyzing the practices, policies and controls on FBI personnel,[41] as well as to a discussion of the legal context in which Carnivore operates.[42]

2.2.1 Scope of Surveillance

19. The greatest concern is the scope of a Carnivore operation. Since the initial input to the system is a full copy of all of the data that is flowing past the tap point on the ISP’s services, Carnivore is in principle capable of searching through that data in order to find particular names, or key phrases such as “nuclear bomb.” The FBI has strenuously rejected this characterization of Carnivore, and maintains that the technology is carefully designed to preclude such a general search. The agency acknowledges that “packet sniffers” which can perform that function are already on the market, but insists that Carnivore has been designed to automatically prevent this from happening by structuring the software in a particular way. As the agency states:

20. [Carnivore] does NOT search through the contents of every message and collect those that contain certain key words like “bomb” or “drugs.” It selects messages based on criteria expressly set out in the court order, for example, messages transmitted to or from a particular account or to or from a particular user.[43]

21. IITRI, however, reports that although the Carnivore software is normally configured to retain initially only packets which come from or are addressed to a target address before any content based criteria are added, [44] this is not a required parameter: [45]

22. If IP filtering is not turned on, all packets that pass the other filters are collected regardless of what IP address those packets may have.[46]

23. In fact, Carnivore appears to have an inherent design defect that will be very difficult to overcome, and which if uncorrected will lead to broader seizures. As IITRI reports, Carnivore can be configured to filter for IP packets that involve a particular IP or Mail address and which also contain specified text strings. However, because the address filter is applied at the application level, while the text search is applied at the driver level, a search keyed to a particular email address ignores the text filter. IITRI concludes:

24. If a court order were to specify that the FBI could only collect e-mail messages of a particular subject [target] that contained a particular text string, the FBI would not be able to use Carnivore to obtain that data.[47]

25. If content intercepts must obey the minimization rule, then Carnivore appears incapable of functioning within the bounds of the law.[48]

2.2.2 Security

26. A Carnivore intercept poses two important security risks. The first, of course, is the security of the Carnivore device itself, since clearly both random hackers and investigative targets would have great incentive to monitor and/or sabotage the operation. The second security threat is to the ISP where the system is mounted.

27. Carnivore contains numerous security features, including NIC hardware authentication, and a network isolation device, which together preclude the ISP or a hacker from accessing the device without leaving obvious signs of damage, and which prevent the Carnivore box from transmitting if a hacker compromises the security.[49]

28. Although the system is protected by physical locks, it has a wide open back door. As IITRI reports:

29. The collection computer is installed without a keyboard or monitor and, in operational use, Carnivore might not be physically accessible to case agents. However, each Carnivore computer is equipped with an off-the-shelf 56-kbps modem allowing it to communicate via a standard analog link.

30. Once Carnivore has been installed at the ISP, it is normally controlled remotely.[50]

31. Dial-up access poses a major security threat. In fact, Intel announced on January 4, 2001, that it was forthwith withdrawing all of its dialup VPN products.[51] One important security function of Carnivore is to maintain a clear separation between the case agent, who manages the overall investigation, and the Technically Trained Agent [TTA], who installs and programs Carnivore. However, IITRI also reports that although the Carnivore user screens employ additional password protection for changing the filter criteria, this password is embedded in the system and can thus be easily hacked.[52]

32. Another security concern is the Carnivore source code. The FBI has refused to release the source code, and in fact did not include it in the IITRI evaluation package. The FBI’s reasons for not releasing the source code include concern about hackers, contract restrictions from software vendors, and 18 USC § 2512, which prohibits distribution of devices designed to do communications eavesdropping.[53] Industry spokespersons have rejected these contentions, stating that hackers will face no greater challenge from Carnivore than they have from such other security issues as PGP, anonymous remailers, and anonymizing services.[54]

2.2.3 Scalability of Carnivore

33. Carnivore is routinely characterized as a small part of the FBI surveillance system. The FBI states that as of August, 2000, it had only about two dozen units, stored securely in Quantico, Virginia, except when actually being used for an intercept. One FBI agent has told Congress:

34. Now . . . it is important that you understand how Carnivore is used in practice. First, there is the issue of scale. Carnivore is a small-scale device intended for use only when and where it is needed. In fact, each Carnivore device is maintained at the FBI Laboratory in Quantico until it is actually needed in an active case. It is then deployed to satisfy the needs of a single case or court order, and afterwards, upon expiration of the order, the device is removed and returned to Quantico.[55]

35. Carnivore is rarely placed on ISP backbones; instead it is placed close to the servers they monitor.[56] Carnivore is designed only for “surgical” taps, not widespread monitoring.[57] Moreover, the system is too small to engage in broad intercepts. However, as with any computer system, this initial prototype could easily be expanded to provide enormous additional capacity without the addition of extensive or expensive resources, and Congress has a responsibility to monitor and potentially audit the Carnivore operation.

2.2.4 Evidentiary Issues With Carnivore

36. The FBI has also reported to Congress that Carnivore is needed to satisfy evidentiary concerns:

37. Rule 901 of the Federal Rules of Evidence requires that authentication of evidence as a precondition for its admissibility. The use of the Carnivore system by the FBI to intercept and store communications provides for an undisturbed chain of custody by providing a witness who can testify to the retrieval of the evidence and the process by which it was recorded. Performance is another key reason for preferring this system to commercial sniffers. Unlike commercial software sniffers, Carnivore is designed to intercept and record the selected communications comprehensively, without “dropped packets.”[58]

38. While Carnivore may satisfy evidentiary requirements regarding the accuracy and integrity of its operation, it cannot address the broader problems inherent in the somewhat uncivilized and uncontrolled community of the Internet. As a practical matter, e-mail can easily be forged, and fraudulent e-mails of this sort are common. Indeed, with a modicum of effort, anyone can originate email from another person. There are Trojan Horse applications, which not only forge e-mail, but make that e-mail “come from” the victim’s IP address.[59]

2.3 FBI Solicitation of External Review of Carnivore[60]

39. The FBI’s solicitation document, which was released in the summer of 2000, focused on four major areas of concern:

1. Does the Carnivore system currently used by the agency collect all of the proper data specified in the legal authorization for the interception, while excluding all unauthorized data? [Efficacy 1]

2. Does Carnivore compromise the operation of the ISP whose facilities host the system? [Disruption]

3. Does Carnivore reduce the risk that unauthorized data will be collected by FBI personnel? [Efficacy 2]

4. Is Carnivore sufficiently secure against both improper collection of data by third parties and efforts to interfere with the operation of the system by third parties? [Security][61]

40. The solicitation was ostensibly confined to technical issues. Thus, implicit in the first efficacy issue[62] is the assumption that the interception has been properly authorized, and its precise scope properly defined, in the legal authorization for the operation. Also the first efficacy issue assumes that Carnivore has been fully and properly programmed by the technical personnel responsible for the interception. The nature of this latter assumption flows from a consideration of the second efficacy issue, whether Carnivore reduces the risk of unauthorized collection. This issue clearly recognizes that the system is subject to human as well as machine error, and presents two types of questions. First, does Carnivore contain sufficient checks and audits of the technicians’ actions to lower the chance that their inadvertent errors will cause unlawful interceptions? Second, given that Carnivore has some serious flaws, is it an improvement over commercially available packet sniffers that indiscriminately intercept and record internet transmissions?

41. The question of disruption had already surfaced when the Carnivore study was commissioned. At least one ISP had reported that a Carnivore installation had compromised its operations,[63] and the FBI was clearly sensitive to the potentially devastating adverse publicity that would result if one of its operatives completely brought down a network segment. Indeed, the FBI has procedures that grant ISPs the option of furnishing the required information in some other way in order to avoid a Carnivore tap. However, as discussed below, that alternative depends both upon the resources of the ISP and the willingness of the investigators to reveal the precise parameters of the intercept authorization.

42. The final issue, security, voices the hope that law enforcement can somehow stay one step ahead of the hacker community in this area. Given the primitive nature of the tested prototypes and the very limited use of Carnivore up to this point, it seems that the inclusion of the security issue was more an acknowledgment of vulnerability than an expression of confidence. The IITRI report bears out this interpretation.

2.4 Outside Review of Carnivore by IITRI

43. In several press releases the FBI specified that the technical review was to be conducted by a “major university.”[64] However, the FBI solicitation included several important restrictions on the information it would make available, the furnishing of full source code, the issues that could be raised in the study, and the right to release the report to the public. These restrictions led several respected institutions to decline to submit proposals, which further inflamed public opinion regarding the integrity and credibility of the project. On September 26, 2000, the FBI announced that it had awarded the technical review project to the Illinois Institute of Technology Research Institute [ITTRI], one of eleven groups that had made submissions.[65] The reaction to the selection by the information technology community was immediate and vociferous. The FBI released the proposal submitted by the IITRI group together with the announcement of their selection, but initially redacted the names of the principal investigators. In only 24 hours, a full version of the report was made public after the FBI’s insecure method of censoring PDF files had been breached and the missing names recovered from the published document.[66] There were claims that the principal investigators had close ties with the federal law enforcement and surveillance communities.[67] In addition, Network Ice used the FBI solicitation document together with other information to create Altivore, which it claimed performed all of the functions of Carnivore, and which was published in the public domain.[68]

2.4.1 IITRI Carnivore Study

44. The study was completed on December 8, 2000, and immediately published, with some redaction, on the FBI web site. The scope of the report was carefully circumscribed at the outset:

In conducting the evaluation of Carnivore, IITRI considered concerns voiced by many parties. However, there are two fundamental concerns IITRI felt it could not address:

(1) the constitutionality of collection performed by Carnivore and

(2) whether or not agents of the government can be trusted to follow established procedures.

The evaluation reveals how Carnivore performs a court-authorized search; it cannot address whether such an authorization should be made. The evaluation also addresses whether weaknesses in the technology, implementation, and procedures associated with Carnivore might facilitate agent error or misbehavior.[69]

45. The reporters also stated that they had minimized their interpretive evaluations, concentrating instead on providing objective data to be reviewed and interpreted by others:

46. Motivated by a broad concern for privacy, the purpose of this report is to provide the information needed for any individual or organization to make an independent judgment about Carnivore. To this end, IITRI set two objectives: (1) answering the four specific questions posed by the DOJ in its Statement of Work and (2) conveying an understanding of the system and its use.[70]

47. The IITRI conclusions were mixed. On two issues, the report was positive: the evaluators concluded that “the current system of external and internal controls makes it unlikely that either FBI or ISP personnel will use Carnivore carelessly or for improper purposes,”[71] and that “Carnivore cannot place an additional load on the ISP network, nor can it alter or otherwise compromise operations.”[72] However, these conclusions must be understood in the context of the testing methods employed. The study did not take place at an actual Internet Service Provider facility, did not utilize an actual electronic surveillance authorization, and did not process actual communications. Rather, the evaluators set up a test bed facility at IIT, which was isolated from the normal network, contained a very small number of PC workstations together with a mail server and hubs, and processed dummy messages generated by a simple script written for the experiment.[73]

48. Although the FBI solicitation had disclosed some basic information about Carnivore, the IITRI report provides the first clear look at the system. Both the FBI and the study team emphasize that Carnivore is built largely with COTS components: Pentium PC,[74] Windows NT,[75] Jaz Zip Drive,[76] and a generic NIC, an application written in C++.[77] Moreover, the full package, which the agency calls “DragonWare suite,” is comprised of the Carnivore components, supplemented by two other COTS products: Packeteer, which reassembles individual packets into full messages or files; and CoolMiner, a browser which makes the reassembled files readable.[78]

49. The first impression created by this technical description is that Carnivore is a fairly modest bit of technology, which can perform its functions only if it is strategically placed at specific locations on the Internet, is innocuous and not invasive, and comes away with only small bits of information, enough to fit on a removable disk. However, upon reflection, it becomes apparent that Carnivore is a mere prototype, and could very easily evolve with great speed into a system with enormous capacities for data monitoring. It is disturbing that the IITRI study, with its focus on technical issues, did not consider the strong likelihood that it was looking at the cub rather than the fully mature creature.

50.