In response to the tragic events of Sept. 11th, Congress passed the PATRIOT Act. The intent of this Act is to make it easier for law enforcement to track down and prosecute terrorists, hopefully before something happens. One of the provisions of the act expands the FBI's wiretap powers. This includes the ability to intercept Internet communications using its controversial Carnivore (now known as DCS1000) tool. Is this something that the average American should be concerned about? What follows is a brief summary of the FBI's wiretap authority, how that relates to Internet communications and how Carnivore works. You can then decide for yourself if you are concerned about Carnivore or the FBI's new authority under the PATRIOT Act.
The FBI has the authority under Title III of the United States code to place wiretaps. Prior to doing so, they must obtain a warrant from a Federal judge after showing probable cause that a crime has been committed. The wiretap warrant is time-limited in nature and generally must specify which telephone lines are to be tapped. They also have the ability to get what is known as a "Pen Register" or "Trap and Trace" warrant. This allows them only to record what phone numbers were called from the number under surveillance, or what numbers it received calls from. The standard of evidence to receive a Pen-mode warrant is significantly less than for a full wiretap. The FBI must only show that the data to be gathered is "relevant to an ongoing criminal
investigation." The FBI can also get wiretap warrants under the Foreign Intelligence Surveillance Act (FISA), with significantly less restrictions, but only if gathering foreign intelligence is the "primary purpose" for the warrant. The FISA wiretaps can use methods that would be unconstitutional if the warrant was obtained under Title III.
These laws are also the basis for Internet taps. The legal theory is that a full wiretap order allows the FBI to record all Internet communications for an individual, while a Pen-mode order only allows them to record the From and To portions of e-mail, a list of Web sites visited or other types of "header" information. Debate about whether this legal theory is correct or not is best left to the lawyers and courts to decide. What is important to note, is the difference in the type of communications. Telephone systems use what is known as "circuit-switching," whereas the Internet is built using "packet-switching." The difference is that for a given phone call, the wire (or virtual wire) that is used contains data only for that call, while with packet switching, each wire contains packets that are from many different "calls." Thus, the difficulty with Internet taps is in deciding which packets on that wire can be legally recorded and which cannot.
In order to implement Internet wiretaps, the FBI developed what is known as Carnivore. This device uses a one-way tap to make a copy of everything that passes along the wire that it is connected to. The one-way nature of the tap prevents Carnivore from interfering with the communications that are occurring. The software in Carnivore analyzes the data captured and compares it to collection settings provided by an FBI field agent. These settings are supposed to reflect the collection permitted by the wiretap warrant. If the data matches the settings, the packets are saved to a file on a removable disk. If they do not match, they are thrown away. Carnivore can have many different settings for collection. It can select based upon IP address, e-mail address or even a specific text string. It can do full collection or just Pen-mode collection.
During the fall of 2000, the Department of Justice contracted for an independent review of Carnivore to determine if it worked as described above. That review showed that Carnivore would collect exactly what was asked for by the settings in the user interface, with the exception that there was some debate over what was allowed in Pen-mode and what was not. Where the review was critical of Carnivore was in the area of accountability. All users (FBI field agents) had access to Carnivore as Administrator. There also was no audit capability for Carnivore. Thus, the FBI had no way to show that the user settings for Carnivore corresponded correctly to that which was allowed by the wiretap warrant. There was also no way to prove "chain of custody" for the evidence gathered. It also would prevent identifying which agent was at fault should Carnivore be used for illegal wiretaps. The review team made a number of recommendations for improving Carnivore, mainly in this area of accountability. It is not known if the FBI has implemented any of the recommendations. For further details of the independent review, please read the Final Review report
Under the PATRIOT Act, the FBI's powers have been greatly expanded. First, warrants can be obtained under FISA if intelligence gathering is only a "significant purpose," rather than the "primary purpose." Because of this change, as long as intelligence gathering is a "significant purpose" of the warrant, evidence gathered by what could otherwise be unconstitutional methods might be used for a criminal investigation. Second, the PATRIOT Act specifically lowers the threshold for obtaining a full collection warrant for Internet traffic. Instead of needing probable cause as required by Title III, the FBI now only needs to show that the information to be gathered is "relevant to an ongoing criminal investigation." That is a much lower standard than showing probable cause that a crime has been committed. The third major change is that when a wiretap warrant is issued, the person whose communications are being captured is notified, though sometimes this notification is allowed to be after the fact. The PATRIOT Act now allows nearly any search to be made in secret. Finally, these changes made by the Patriot Act are not limited to surveillance of suspected terrorists, but apply to all surveillance cases.
So, the bottom line is that the FBI can now get a warrant to capture all your Internet communications by showing that your communications might be relevant to their investigation of a case. It does not have to be a case that directly involves you, nor do they need to show probable cause that you have committed any crime. The data would be collected using the Carnivore tool, a tool that has no accountability. Should you be concerned about possible misuse of this technology? That's up to you to decide.
About the author
Stephen Mencik was the technical lead for the independent review of Carnivore. He also helped to evaluate and design the security for many major Defense Department systems including the Defense Data Network, Defense Messaging System and the NSA's Electronic Key Management System. He is searchSecurity's infrastructure and network security expert. You can submit questions to him on those topics or the privacy debate through Ask the Expert
For more information on this topic, visit these resources:
This was first published in December 2001