Carnivore: Carnivore: The Limits of IntrusionThe Limits of Intrusion

By

Wael Eldashan

Tony Provencio CSE 190

Swati Saparia Professor Karin

Karen Yang 6.4.02

What Carnivore IsWhat Carnivore Is

Carnivore is an FBI assistance program that helps ISP overcome technical difficulties when complying with court orders.

It is a packet sniffer that eavesdrops on packets and watches them go by, then saves a copy of the packets it is interested in.

It works as a passive monitoring system that does not corrupt the emails that it monitors.

The FBI is not allowed to put Carnivore on the network unless the ISP claims it cannot (or will not) comply with the court order.

What Packet Sniffers ObserveWhat Packet Sniffers Observe

Which Web sites you visit What you look at on the site Whom you send e-mail to What's in the e-mail you send What you download from a site What streaming events you use, such as audio,

video and Internet telephony Who visits your site (if you have a Web site)

The ProcessThe Process

Content-WiretapContent-Wiretap

A telephone "content wiretap" is where law enforcement eavesdrops on the suspect's telephone calls, recording the oral communications on tape. Carnivore can do similar things for Internet communication:

1. capture all e-mail messages to and from a specific user's account

2. capture all the network traffic to and from a specific user or IP address

Trap and Trace/Pen-RegisterTrap and Trace/Pen-Register

capture all the e-mail headers (including e-mail addresses) going to and from an e-mail account, but not the actual contents (or Subject: line)

list all the servers (web servers, FTP servers) that the suspect accesses, but don't capture the content of this communication

track everyone who accesses a specific web page or FTP file

track all web pages or FTP files that a suspect accesses

Implementation:Implementation:

1. The FBI has a reasonable suspicion that someone is engaged in criminal activities and requests a court order to view the suspect's online activity

2. A court grants the request for a full content-wiretap of e-mail traffic only and issues an order

3. The FBI sets up a Carnivore computer at the ISP to monitor the suspect's activity.

Implementation:Implementation:

4. The FBI configures the Carnivore software with the IP address of the suspect to capture packets only from this particular location ignoring all other packets. Carnivore copies all of the packets from the suspect's system without impeding the flow of the network traffic.

5. Once the copies are made, they go through a filter that only keeps the e-mail packets and determines what the packets contain based on the packet’s protocol. The e-mail packets are saved to the Jaz cartridge.

Implementation:Implementation:

6. Once every day or two, an FBI agent visits the ISP and swaps out the Jaz cartridge. The surveillance cannot continue for more than a month without an extension from the court.

7. The captured data is processed using Packeteer and Coolminer. If the results provide enough evidence, the FBI can use them as part of a case against the suspect.

Main Concerns:Main Concerns:

How (exactly) Carnivore works, and whether there are bugs that lead to privacy violations.

How Carnivore can be misused by law enforcement.

The privacy debate of wiretaps in general, and the changing rules of the Internet in particular.

StakeHolders:StakeHolders:

1. FBI

2. Civil Liberties Groups

3. Software Developers

4. ISPs

5. Academic/Research Community

6. Public

7. Hackers

FBI:FBI: Carnivore Monitors… Carnivore Monitors…

Organized crime groups Drug trafficking organizations Illegal hackers Terrorists Child pornography/exploitation Espionage Information warfare Fraud

FBI:FBI:Checks On ImplementationChecks On Implementation

• Interception limited to certain felony offenses

• Applications must indicate that normal investigative techniques have been tried and failed/will not work/too dangerous

• Must demonstrate probable cause with particularity and specificity (i.e. offenses committed, place of interception, description of interceptions, persons committing offences)

FBI:FBI:Checks On ImplementationChecks On Implementation

• Subject to internal government controls ( i.e. FBI, DOJ)

• Penalties for misuse• Exclusion of evidence and criminal and civil penalties

FBI:FBI:The Fourth AmendmentThe Fourth Amendment

The Fourth Amendment States:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

FBI:FBI:Addressing these ConcernsAddressing these Concerns

The system must strike a reasonable balance between competing interests- the privacy interests of telecommunications users, the business interest of service providers, and the duty of government investigators to protect public safety.

– Requires warrant specifying who suspect is, what lines will be tapped, type of information to be seized

– Seizure of email is held to higher standard than normal search warrants (requires Federal District judge or higher)

Civil Liberties GroupsCivil Liberties Groups

1) ACLU

2) The Cato Institute

3) Electronic Frontier Foundation

4) Muslim Groups

5) EPIC

ACLUACLU

Carnivore is unnecessary

The Fourth Amendment is founded on the premise of distrust of law enforcement

Allows for too much government intrusion in everyday lives

The Cato InstituteThe Cato Institute

What limits are we willing to accept on intrusion of our everyday lives?– Some point to Israel’s so-called war on terror as an

example of where the line could be drawn– “They have decided to have armed soldiers on every

other block, excruciatingly tight security at airports and in government buildings, racial profiling, tortures and lax standards for obtaining and using evidence against defendant. We ought to be aware of what the Israelis are doing and whether that’s the sort of thing we would do.”

– William A. Niskanen of the Cato Institute

EFF

The use of packet analyzers on the Internet captures much more information from an individual than does the use of pen registers and trap and trace devices used on traditional land-line telephone systems

The Carnivore system appears to exacerbate the over collection of personal information by collecting more information than it is legally entitled to collect under traditional pen register and trap and trace laws

Systems like Carnivore have the potential to turn into mass surveillance systems that will harm our free and open society.

MUSLIM GROUPS

Ibrahim Hooper, communications director of the Council on American-Islamic Relations, said he feared that with anti-Muslim feelings running high in the country due to September 11, Congress might respond with action that would diminish the rights of Muslim Americans.

Secret evidence.

– “We’re getting reports every day of beatings, harassments, shots fired at mosques. We know people’s emotions run high but our rights are not subject to circumstances, but are inalienable.”

EPICEPIC

Carnivore disrupted anti-terror investigation

Internal memo calls over collection of data part of pattern showing inability of FBI to manage foreign intelligence wiretaps

SOFTWARE DEVELOPERSSOFTWARE DEVELOPERS

1) Stephen Mencik Technical lead for Independent Review of

Carnivore

2) Robert Graham CEO, hacker, worked on destroying Morris Worm

CARNIVORE’S CARNIVORE’S PREDECESSORSPREDECESSORS

1) They must obtain a warrant , that is limited– "Pen Register" or "Trap and Trace" warrant.

2) Foreign Intelligence Surveillance Act (FISA).– Circuit switching V. packet switching

Under the Patriot Act, the FBI’s Powers Have Been Expanded

First, warrants can be obtained under FISA if intelligence gathering is only a "significant purpose," rather than the "primary purpose." Because of this change,

as long as intelligence gathering is a "significant purpose" of the warrant, evidence gathered by what could otherwise be unconstitutional methods might be

used for a criminal investigation.

Second, the Patriot Act specifically lowers the threshold for obtaining a full collection warrant for Internet traffic. Instead of needing probable cause as

required by Title III, the FBI now only needs to show that the information to be gathered is "relevant to an ongoing criminal investigation." That is a much lower

standard than showing probable cause that a crime has been committed.

The third major change is that when a wiretap warrant is issued, the person whose communications are being captured is notified, though sometimes this

notification is allowed to be after the fact. The Patriot Act now allows nearly any search to be made in secret. Finally, these changes made by the Patriot Act are not limited to surveillance of suspected terrorists, but apply to all surveillance

cases.

DoJ Investigation

During the fall of 2000, the Department of Justice contracted for an independent review of Carnivore to determine if it worked as described above. That review showed that

some debate over what was allowed in Pen-mode and what was not. Where the review was critical of Carnivore was in the area of accountability.

There was no audit capability for Carnivore. There was also no way to prove "chain of custody" for the

evidence gathered. It also would prevent identifying which agent was at fault should Carnivore be used for illegal wiretaps. The review team made a number of recommendations for improving Carnivore, mainly in this area of accountability.

It is not known if the FBI has implemented any of the recommendations.

ROBERT GRAHAMROBERT GRAHAM

Encryption

Altivore

ISPs:ISPs:the Marketthe Market

Carnivore has the potential to slow down ISP performance and create a bottleneck at the point of interception:

Customer dissatisfaction Law does not allow ISPs to disclose the reason for

bottleneck

ISPs:ISPs:Exposure to LiabilityExposure to Liability

The Electronic Communications Privacy Act (ECPA) forbids an ISP from revealing certain information to the government in the absence of a valid court order.

However, even when presented with a valid court order, an ISP may still be found liable if it believed the government's actions exceeded its authority and it did nothing to prevent it.

ISPs:ISPs:The Hacker ProblemThe Hacker Problem

Attaching Carnivore to the system provides hackers with a new point of entry over which the ISP has no control

Such an intrusion would violate their customer’s privacy

Public:Public:The Rogue Agent ProblemThe Rogue Agent Problem

Since there is no monitoring system for usage, it is easier to misuse the system and/or information.

If one bad agent misuses Carnivore, it may endanger innocent people and the whole benefit for using it in the first place will be defeated

Public:Public:Potential MishapsPotential Mishaps

ISPs install Carnivore at a central location on their network and if installation or accessibility were compromised, it could interfere with a large portion of the Internet.

Many feel that Carnivore puts the Internet in control of those who are concerned with surveillance and investigation rather than connectivity.

Public: Public: Constitutional ViolationsConstitutional Violations

Fourth Amendment Concerns:“…no Warrants shall issue, but upon probably

cause…and particularly describing the place to be searched, and the persons or things to be seized.”

--Not enough specificity in request for warrant

First Amendment Concerns:“Congress shall make no law abridging the freedom

of speech…”--Potentially Limits Freedom of Speech

Public:Public:Criminal InvestigationsCriminal Investigations

Give up some privacy in exchange for reducing criminal behavior– Terrorism– Child Pornography– Organized crime groups– Drug trafficking organizations– Espionage

Hackers:Hackers:The BackdoorThe Backdoor

Carnivore provides access to the pipeline it is monitoring making the system accessible through a username and password. – It is impossible to trace the actions back to the

individual who is responsible.– In the past, hackers have penetrated the Air Force, the

Pentagon, and many other high-profile government web servers. Carnivore provides Hackers with a new point of entry.

Hackers:Hackers: Threats to Accessibility and Security Threats to Accessibility and Security

Spying Accessing people’s computers Slowing down websites and company servers Pass on a computer virus to thousands of people Stop e-mail access for thousands of people Access identity information, bank information,

credit card information

Academic Community:Academic Community:Perceived ConcernsPerceived Concerns

Compromised Privacy

Law is slower than technology– Leaves open interpretation of usage

The information captured may not be comparable.

Academic Community : Academic Community :

Interview: Tom Perrine– Currently: Computer Security at SDSC

– Background: Turned down FBI to do Independent Study of Carnivore Congressional Statement (Jul. 2000), regarding Carnivore Previous Work:

– Designed and developed systems to protect classified government information, deployed nation-wide security systems to protect privacy and intellectual property

Academic Community:Academic Community: Internet Is Different Internet Is Different

The Internet Is Different From the Telephone:

– Title III allows for monitoring of telephones– Carnivore settings can be changed easily and

remotely– Allows for broader scope than telephone

Academic Community:Academic Community: Our Individual Rights Our Individual Rights

Our Individual Rights:– “I have always been an advocate of personal

privacy, unrestricted access to strong encryption, and less government oversight and intervention in the lives of law-abiding citizens.”

– Tom Perrine

– Understands and supports legitimate law enforcement monitoring of suspected criminals

Academic Community: Academic Community: ConcernsConcerns

Carnivore is under constant development– Impossible to know what current functions are built in– Need better filtering capabilities

No Auditing System for Agents Using Carnivore – Insufficient logging of activities

Review of the Source Code would not indicate filters applied at any given time

Legal IssuesLegal Issues

Carnivore has not been tested in court yet

Scope of Digital Evidence – might be considered “hearsay” but falls under business

record exception

War– Government in the past has put national interests ahead

of individual rights

The EthicsThe Ethics

Is it ethical to have citizens’ internet communications monitored for suspected criminal activity?

Should international groups be subjected to US Law?

The Utilitarian TestThe Utilitarian Test

Does Carnivore do the most good for the most people?

If used properly, then yes. It is able to detect, and possibly prevent, crimes.

Additional SourcesAdditional Sources

http://www.howstuffworks.com/carnivore.htmhttp://www.robertgraham.com/pubs/carnivore-faq.htmlhttp://zdnet.com.com/2100-11-522208.htmlhttp://zdnet.com.com/2100-11-522107.htmlhttp://www.fbi.gov/hq/lab/carnivore/carnivore.htmhttp://www.stopcarnivore.org/whyitsbad/reason1.htm http://www.cnn.com/2002/US/05/29/carnivore.binladen/inde.htmlhttp://www.stopcarnivore.org/whyitsbad/reason4.htmhttp://

www.stopcarnivore.org/whyitsbad/reason4.htmhttp://www.law.duke.edu/journals/dltr/articles/2001dltr0028.htmlhttp://stopcarnivore.org/threeproblems.htm