Carnivore (FBI)
Encyclopedia
Carnivore was a system implemented by the Federal Bureau of Investigation
that was designed to monitor email and electronic communications. It used a customizable packet sniffer
that can monitor all of a target user's Internet traffic. Carnivore was implemented in October 1997 and replaced in 2005 with improved commercial software such as NarusInsight.
-based workstation
with packet-sniffing software and a removable disk drive. This computer must be physically installed at an Internet service provider
(ISP) or other location where it can "sniff" traffic on a LAN
segment to look for email messages in transit. The technology itself was not highly advanced — it used a standard packet sniffer and straightforward filtering. The critical components of the operation were the filtering criteria. To accurately match the appropriate subject, an elaborate content model was developed.
submitted a statement to the Subcommittee on the Constitution of the Committee on the Judiciary United States House of Representatives detailing the dangers of such a system. The Electronic Privacy Information Center
also made several releases dealing with it
The FBI countered these concerns with statements highlighting the target-able nature of Carnivore. Assistant FBI Director Donald Kerr
was quoted as saying:
After prolonged negative coverage in the press, the FBI changed the name of its system from "Carnivore" to the more benign-sounding "DCS1000." DCS is reported to stand for "Digital Collection System"; the system has the same functions as before. The Associated Press
reported in mid-January 2005 that the FBI essentially abandoned the use of Carnivore in 2001, in favor of commercially available software, such as NarusInsight (a mass surveillance system).
Federal Bureau of Investigation
The Federal Bureau of Investigation is an agency of the United States Department of Justice that serves as both a federal criminal investigative body and an internal intelligence agency . The FBI has investigative jurisdiction over violations of more than 200 categories of federal crime...
that was designed to monitor email and electronic communications. It used a customizable packet sniffer
Packet sniffer
A packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network...
that can monitor all of a target user's Internet traffic. Carnivore was implemented in October 1997 and replaced in 2005 with improved commercial software such as NarusInsight.
Configuration
The Carnivore system was a Microsoft WindowsMicrosoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
-based workstation
Workstation
A workstation is a high-end microcomputer designed for technical or scientific applications. Intended primarily to be used by one person at a time, they are commonly connected to a local area network and run multi-user operating systems...
with packet-sniffing software and a removable disk drive. This computer must be physically installed at an Internet service provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
(ISP) or other location where it can "sniff" traffic on a LAN
Local area network
A local area network is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building...
segment to look for email messages in transit. The technology itself was not highly advanced — it used a standard packet sniffer and straightforward filtering. The critical components of the operation were the filtering criteria. To accurately match the appropriate subject, an elaborate content model was developed.
Placement
The Carnivore system could be installed on a system either through the cooperation of the system owner, or by use of a court order. Once in place, the system was restricted by U.S. Federal law to only monitor specific persons. Under the current regulations, publicly acknowledged government personnel are required to get a warrant or court order naming specific people or email addresses that may be monitored. When an email passes through that matches the filtering criteria mandated by the warrant, the message is logged along with information on the date, time, origin and destination. This logging was believed to be relayed in real time to the FBI. All other traffic would presumably be dropped without logging or capture....Controversy
Several groups expressed concern regarding the implementation, usage, and possible abuses of Carnivore. In July 2000, the Electronic Frontier FoundationElectronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
submitted a statement to the Subcommittee on the Constitution of the Committee on the Judiciary United States House of Representatives detailing the dangers of such a system. The Electronic Privacy Information Center
Electronic Privacy Information Center
Electronic Privacy Information Center is a public interest research group in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values in the information age...
also made several releases dealing with it
The FBI countered these concerns with statements highlighting the target-able nature of Carnivore. Assistant FBI Director Donald Kerr
Donald Kerr
Donald MacLean Kerr, Jr. is the current Principal Deputy Director of National Intelligence. He was confirmed by the U.S. Senate on Thursday, October 4, 2007. He most recently was the Director of the National Reconnaissance Office. He was sworn into that position July 2005 by Secretary of Defense...
was quoted as saying:
The Carnivore device works much like commercial "sniffers" and other network diagnostic tools used by ISPs every day, except that it provides the FBI with a unique ability to distinguish between communications which may be lawfully intercepted and those which may not. For example, if a court order provides for the lawful interception of one type of communication (e.g., e-mail), but excludes all other communications (e.g., online shopping) the Carnivore tool can be configured to intercept only those e-mails being transmitted either to or from the named subject.
... [it] is a very specialized network analyzer or "sniffer" which runs as an application program on a normal personal computer under the Microsoft Windows operating system. It works by "sniffing" the proper portions of network packets and copying and storing only those packets which match a finely defined filter set programmed in conformity with the court order. This filter set can be extremely complex, and this provides the FBI with an ability to collect transmissions which comply with pen register court orders, trap & trace court orders, Title III interception orders, etc....
...It is important to distinguish now what is meant by "sniffing." The problem of discriminating between users' messages on the Internet is a complex one. However, this is exactly what Carnivore does. It does NOT search through the contents of every message and collect those that contain certain key words like "bomb" or "drugs." It selects messages based on criteria expressly set out in the court order, for example, messages transmitted to or from a particular account or to or from a particular user.
After prolonged negative coverage in the press, the FBI changed the name of its system from "Carnivore" to the more benign-sounding "DCS1000." DCS is reported to stand for "Digital Collection System"; the system has the same functions as before. The Associated Press
Associated Press
The Associated Press is an American news agency. The AP is a cooperative owned by its contributing newspapers, radio and television stations in the United States, which both contribute stories to the AP and use material written by its staff journalists...
reported in mid-January 2005 that the FBI essentially abandoned the use of Carnivore in 2001, in favor of commercially available software, such as NarusInsight (a mass surveillance system).
See also
- Communications Assistance For Law Enforcement ActCommunications Assistance for Law Enforcement ActThe Communications Assistance for Law Enforcement Act is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton...
- Total Information AwarenessInformation Awareness OfficeThe Information Awareness Office was established by the Defense Advanced Research Projects Agency in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to national security,...
- SurveillanceSurveillanceSurveillance is the monitoring of the behavior, activities, or other changing information, usually of people. It is sometimes done in a surreptitious manner...
- COINTELPROCOINTELPROCOINTELPRO was a series of covert, and often illegal, projects conducted by the United States Federal Bureau of Investigation aimed at surveilling, infiltrating, discrediting, and disrupting domestic political organizations.COINTELPRO tactics included discrediting targets through psychological...
- EchelonECHELONECHELON is a name used in global media and in popular culture to describe a signals intelligence collection and analysis network operated on behalf of the five signatory states to the UK–USA Security Agreement...
NSA worldwide digital interception program - Room 641ARoom 641ARoom 641A is an intercept facility operated by AT&T for the U.S. National Security Agency, beginning in 2003. Room 641A is located in the SBC Communications building at 611 Folsom Street, San Francisco, three floors of which were occupied by AT&T before SBC purchased AT&T...
NSA interception program (started circa 2003, but first reported in 2006) - Policeware
External links
- SlashdotSlashdotSlashdot is a technology-related news website owned by Geeknet, Inc. The site, which bills itself as "News for Nerds. Stuff that Matters", features user-submitted and ‑evaluated current affairs news stories about science- and technology-related topics. Each story has a comments section...
: Carnivore No More, Why Did The FBI Retire Carnivore?