Implementations of Carnivore recommendations

I am attempting to do a research paper, and I wanted to know: Given that over two years has passed since the independent technical review of the program formerly known as Carnivore that you helped produce, do you know if the FBI has attempted to implement any of the recommendations in the independent review? If so, where could I find information related to this implementation? Thank you very much!

Requires Free Membership to View

SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

Michael S. Mimoso, Editorial Director

By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

The short answer is I really don't know if they implemented any of the recommendations or not. To fill in some of the details for the longer answer, read on.

As far as I know, neither the Justice Department (which paid for the independent review) nor the FBI ever contacted IITRI again after the Final Report was submitted. Most, if not all, of the IITRI employees that were involved in the review have left the company since then. I have been employed by ACS Defense since December 2001. Some of the members of the Review Team worked for the Illinois Institute of Technology (IIT), which was the parent of IITRI (IIT Research Institute). I do not know if those people are still employed by IIT or not.

IITRI itself no longer exists as a not-for-profit company. In January 2003, it became a for-profit company known as Alion Science and Technology that is totally owned by the employees through an Employee Stock Ownership Plan (ESOP). You can find more about this at http://www.alionscience.com.

The FBI changed the name of Carnivore to DCS1000 in early 2001. What is interesting about that is that DCS1000 is a registered trademark of Integrated Systems Development. See http://www.isdwhq.com/onecard/dcs1000.html. The FBI was informed of this apparent trademark violation, but I don't know if they changed the name again or not. I don't know if anyone ever informed ISD about the violation.

As far as I know, there has been no follow-up effort to review the changes made to Carnivore/DCS1000, even though continued public review was one of the recommendations our review team made. My suggestions for organizations to contact that may have more information would be:
Electronic Privacy Information Center
American Civil Liberties Union
The Privacy Foundation

For more information on this topic, visit these other SearchSecurity.com resources:

Executive Security Briefing: The Patriot Act and Carnivore: Reasons for concern?

Ask the Expert: Organizations fighting for civil liberties

Best Web Links: Law, Public Policy and Standards