Independent Technical Review of the FBI's "Carnivore" Software Completed
In response to concerns expressed by Congress last fall, the FBI hired IIT Research Institute of Lanhan, Maryland, to conduct an "independent review" of the FBI's web-tapping software known as "Carnivore". The reviewers have now issued their report which states that, when used in accordance with U.S. internal laws on electronic surveillance and with the FBI's published policies, "Carnivore" is no greater threat to individual privacy than any commercially available web-sniffing software or other U.S. government wire-tapping activity. (A copy of the full text of the report is available on the U.S. Department of Justice's web site .)
However, there is nothing reassuring in this report for persons living or doing business outside the U.S. The report notes that "[t]he FBI and Department of Justice. . .have stated. . .that Carnivore is necessary to combat terrorism, espionage, information warfare, child pornography, serious fraud and other felonies" and that Carnivore is "capable of broad sweeps, potentially enabl[ing] the FBI to monitor all of [an ISP's] communications."
However, there is nothing reassuring in this report for persons living or doing business outside the U.S. The report notes that "[t]he FBI and Department of Justice. . .have stated. . .that Carnivore is necessary to combat terrorism, espionage, information warfare, child pornography, serious fraud and other felonies" and that Carnivore is "capable of broad sweeps, potentially enabl[ing] the FBI to monitor all of [an ISP's] communications."
Nevertheless, the IIT report fails to consider the potential threat to non-U.S. residents from use of "Carnivore" by the FBI to intercept "foreign intelligence" in the U.S. without a court order; to intercept other web transmissions occurring outside the U.S. with the prior permission of a U.S. judge; or from sharing the "Carnivore" software with other governments for their internal use not limited by U.S. law. And the review does not consider the FBI's policies, if any, for including the activities of non-U.S. citizens in its "Carnivore" surveillance.
These are not theoretical concerns. On September 22, 2000, Reuters reported that Privacy International and the Electronic Privacy Information Center had issued a joint "Privacy and Human Rights 2000" report claiming that the FBI had been working for five years or more with "justice and interior ministers of the European Union toward creating international technical standards for wire-tapping", which had included establishing "wiretap-friendly international communications standards", limiting the "development and sale of hardware and software featuring strong encryption", advising Russia "on implementation of [ISP] network surveillance systems", pressuring other "countries such as Hungary,. . .the Czech Republic [and Japan] to expand wiretapping", and "promoting surveillance through the G-7 group". If these charges are true, it is not unreasonable to conclude that the FBI either has shared or will share "Carnivore" with law enforcement agencies outside the U.S.
Thus, in spite of the FBI's quick public release of a third party report declaring that "Carnivore" does not present a threat to the privacy of U.S. citizens, "Carnivore" remains a threat to the privacy of non-U.S. citizens and companies abroad.
These are not theoretical concerns. On September 22, 2000, Reuters reported that Privacy International and the Electronic Privacy Information Center had issued a joint "Privacy and Human Rights 2000" report claiming that the FBI had been working for five years or more with "justice and interior ministers of the European Union toward creating international technical standards for wire-tapping", which had included establishing "wiretap-friendly international communications standards", limiting the "development and sale of hardware and software featuring strong encryption", advising Russia "on implementation of [ISP] network surveillance systems", pressuring other "countries such as Hungary,. . .the Czech Republic [and Japan] to expand wiretapping", and "promoting surveillance through the G-7 group". If these charges are true, it is not unreasonable to conclude that the FBI either has shared or will share "Carnivore" with law enforcement agencies outside the U.S.
Thus, in spite of the FBI's quick public release of a third party report declaring that "Carnivore" does not present a threat to the privacy of U.S. citizens, "Carnivore" remains a threat to the privacy of non-U.S. citizens and companies abroad.
Richard Wiebusch
[email protected]
This alert is provided with the understanding that it is not intended as legal advice. Readers should not act upon information contained in this publication without professional legal counseling.
This alert is provided with the understanding that it is not intended as legal advice. Readers should not act upon information contained in this publication without professional legal counseling.