Montréal, 6 janvier 2001  /  No 74
 
 
<< page précédente 
 
 
 
 
Ralph Maddocks is a retired textile executive and former management consultant. He lives in Cowansville.
 
MUSINGS BY MADDOCKS
  
THERE WAS I, THINKING IT MEANT
A FLESH-EATING ANIMAL
 
by Ralph Maddocks
  
 
          It is always interesting to read quotations from famous Americans of the past. People like Benjamin Franklin among whose many sayings we find the following about people who « give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. » How often these aphorisms seem to be forgotten, not just by the general population but by those elected officials charged with, among other things, the preservation of that liberty and safety.
 
          Some time ago, I wrote about the British introducing the RIP Bill aimed at giving the police and other agencies the right to read people's e-mails and of the furor it produced (see RIP NO LONGER MEANS REQUIESCAT IN PACE, le QL, no 59). The idea being that various security agencies would have the right to place a black box at an Internet Service Provider and furthermore that it would be an offence to reveal this fact to anyone, especially to the person having his or her communications intercepted and read. 
  
          Around the same time it came to my notice that the FBI was similarly equipped to interfere with people's e-mails. The technology employed being somewhat similar. The system employed by the FBI (known originally as « Omnivore ») is now known as Carnivore, of whose title someone remarked that you just can't make this stuff up. As in Britain, news of this latest piece of technological wizardry brought loud cries of protest from various groups such as the American Civil Liberties Union (ACLU), the Electronic Privacy Information Center and the Privacy Foundation. 
  
Constructing the monster 
 
          The FBI began the Carnivore project some four years ago, in February 1997, in an effort to design a system that could perform the equivalent of a telephone wiretap on Internet communications. Documents released under the Freedom of Information Act referred to a previous system, dating back to early 1996, but this system has remained classified and its existence is only hinted at. In an ACLU request for information mention was made of something called Etherpeek along with Carnivore. Concerns about Carnivore expressed by members of Congress resulted in the Department of Justice (DOJ) funding a study of the system by an independent team of researchers. Several of the better university's computer schools decided not to submit proposals due to the restrictive guidelines, and in mid-September, the DOJ selected the Illinois Institute of Technology Research Institute (IITRI) to analyze the system. 
  
          The institute's seven-person review team issued a report last November which, after sanitizing by the DOJ, confirmed that the FBI's snoopware could eavesdrop on people's e-mails in a manner limited by a court order. However, it expressed concern about the absence of any method of ensuring that the FBI does not abuse the system. They noted, in their conclusion, that the « IITRI did not find adequate provisions – e.g., audit trails – for establishing individual accountability for actions taken during the use of Carnivore. » 
  
          This presumably intentional lack of accountability means that it is possible for FBI agents to pry into the communications of suspected criminals, public figures or even the average unwitting citizen with equal ease – and without a court order – all without leaving any evidence behind that they had done so. An ability which undoubtedly led to cheering in the hallowed halls of the J. Edgar Hoover Building. The report stated that the system does not over-collect but does more or less what it is supposed to do. Replying to criticism that the system can monitor all traffic, the report noted that « Carnivore does not have nearly enough power to spy on almost everyone with an e-mail account. » 
  
          Despite the assurances that Carnivore does not « over-collect » evidence, documents obtained by the ACLU clearly state that Carnivore could « reliably capture and archive all unfiltered traffic to the internal hard drive. » The Associate Director of the ACLU, Barry Steinhardt, noted that the Illinois Institute of Technology review panel apparently was not allowed to look the bulk of the cases where Carnivore was used because of so-called « national security » concerns. Nor, it seems, was the review team asked to look into the assertion by Internet Service Providers that they are capable of providing court-ordered information to the government without using Carnivore. 
  
          As reviewers noted, the system is a tool without safeguards to prevent misuse, and does not keep track of who accessed it or when. All operators have the same username – « administrator » – and there is no feature for confirming that the wiretap has been ordered by a court. Confirming the accusations of many privacy advocates, the report warned that misuse of the system could result in significant privacy violations. « While the system was designed to, and can, perform fine-tuned searches (of personal e-mail), it is also capable of broad sweeps, » said the review team in the report. « Incorrectly configured, Carnivore can record any traffic it monitors. » The IITRI team reported too that it found several bugs which it reported back to the FBI. 
  
          As might be expected, the ACLU reacted instantly to the favourable nature of this analysis and criticized it before the DOJ published it on the Internet, where it may now be found as a 121 page PDF document (see the Independent Technical Review of the Carnivore System – Final Report). 
  
          Soon after its release, the Electronic Privacy Information Center reiterated criticisms of the review saying that the analysis « raises more questions than it answers, » and quoted the review team's own observations regarding the lack of accountability. The Privacy Foundation called for a revamping of surveillance legislation to give citizens the same protections on the Internet that they enjoy on the telephone. « The trend in law enforcement ... is to use technology to the utmost, » said that organization's executive director, Stephen Keating. « Given the rising use of e-mail and the surveillance potential of Carnivore, federal lawmakers should put Carnivore on a very tight leash. »  
 
  
     « It is possible for FBI agents to pry into the communications of suspected criminals, public figures or even the average unwitting citizen with equal ease – and without a court order – all without leaving any evidence behind that they had done so. » 
 
  
          The review report also gave more details of two other components, which – along with Carnivore – form the DragonWare Suite. Packeteer and CoolMiner are the names of the two components that help FBI agents to analyze the raw data collected by Carnivore. « Packeteer processes the raw output of Carnivore to turn Internet data into more meaningful information about the targeted communication. CoolMiner uses statistical analysis to summarize the Internet traffic, displays TO and FROM information, or shows the full content of the message. » 
  
Carnivore: The Next Generation 
  
          In this fast moving snoopware world, predictably, a second version of Carnivore is undergoing preliminary tests. Whether it will incorporate any of the suggestions contained in the review report, such as a request that the FBI create separate versions of the software, one to satisfy court orders to trace where messages are going, and another to actually tap into the message content itself, is not known. Another suggestion made was that new versions of the software should identify operators and provide a log of what each one did, so that agents may be held accountable for their use of the system. The reviewers also recommended that the configuration of the system – including which users are targeted and how much information is collected – be tied indelibly to the actual data. Finally, although the team agreed that Carnivore's current source code ought not to be released for security reasons, it believed that future versions ought to be. 
  
          Those objecting to this initiative of the FBI, base their objections on various grounds, the main one being its unconstitutionality, especially the 4th Amendment which prohibits such extensive invasions of privacy and property as are involved in the use of Carnivore. The relevant passage reads, « The right of people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. » 
  
          Surely Internet communications qualify as « papers and effects » and even in the event that one is an actual suspect, the FBI will have considerable difficulty in « particularly describing the place to be searched, and the persons or things to be seized. » A Carnivore warrant may seek only documents which may or may not exist in the future, documents which may have not been yet written. The matter raises other interesting questions such as: if a suspect is surfing a website hosted in, say Nevada, then Nevada is the « place » of that information (the place where the activity occurred) or where the document is located. If the FBI system is installed at the suspect's ISP in Florida how does the warrant include a search in Nevada, or indeed in any other place where the suspect may be active? How can the FBI describe the « places » to be searched or the things to be seized when it requests a warrant? No doubt some Supreme Court judge will resolve this issue. 
  
          One of the most interesting things about the Internet, which has enabled it to prosper and grow so much, is the lack of central control. While some would use this for criminal purposes the consequences of giving up this freedom would be far worse if we were to abandon this welcome chaos for government control. The advantages of the Internet are available to us because of this lack of central control. The US government restrained Internet for three decades and a return to that state of affairs would be not be greeted by the plaudits of the Internet using multitudes. If Carnivore were to be installed on all US servers, as it undoubtedly will be if the FBI is given a free hand, then much of the world's Internet traffic will be held hostage. 
  
          Remembering Echelon (see BIG BROTHER HAS BEEN AROUND FOR A LONG TIME, le QL, no 20) and the British RIP Bill, it requires little imagination to envisage the ultimate outcome. The FBI could block viewing of any images which it feels are suspicious in origin or content. They could shut down drug legalization advocacy sites or sites with similar educational content. A bill before the US Congress proposes to provide the FBI with the necessary authority to do just that; all they need is a tool such as Carnivore. They could read any and all messages making reference to drugs and even monitor your surfing habits. 
  
          Given the US propensity to see terrorists, where it doesn't see drug dealers, the FBI could seize control of all Internet traffic under the pretext of national security and thus begin a process of blocking « dangerous » or « threatening » ideas and shielding the population from images which might despoil their innocence. Thinking of the extensive files that they have compiled in the past about various celebrities, John Lennon and Martin Luther King spring to mind, and those they consider dissident or communist we should not be surprised by the ardour with which the FBI have espoused Carnivore. 
  
          Imagine what may happen if the FBI wanted to monitor all telephone calls and read everyone's mail to see what information they could gather about suspected criminals. They could claim to be doing this in order to create one of their beloved profiles, say that of an average drug user. Remember too that the British make the Internet user surrender their key so that they can read any coded messages, an act analogous to giving them your house key. Now in the USA there a bill before Congress which would make it a felony to notify you if you are being investigated through a wiretap warrant. 
  
          Electronic communications are slowly superceding the use of the old style letter and postal service. As they do, we may well find that agencies like the FBI or MI5 who use snoopware like Carnivore today, will have become so established tomorrow that all our communications will be subjected to their tender mercies. The future is likely to see an increasing number of mergers all types of communication services, whether they be satellite, television, telephone or Internet.  
  
          Once this happens and a few major communications suppliers are supplying all US services it will become even easier for snooping to occur. Along with increasing use of the Internet to bank, shop and conduct other transactions the time is not far away when Michigan FBI supervising agent, Paul George's prophesy of last April will come true. He said, « If there is going to be a Big Brother in the United States, it is going to be us – the FBI. » 
  
          The tyrannical nature of snoopware like Carnivore will be used more and more by governments to infringe upon our privacy and remove our freedoms. As the use of Carnivore spreads, then inevitably mistakes will be made; innocent people will be investigated and intimidated and, especially for Americans, their cherished freedom of speech will be jeopardized. In the past, we have seen attacks on what some consider to be politically incorrect statements, attacks on pornography and even attacks on books considered by some to be « unsuitable ». It would be naïve in the extreme to think that such activities will ever stop. 
 
 
Articles précédents de Ralph Maddocks
 
 
<< retour au sommaire
 PRÉSENT NUMÉRO