[ISN] Whatever Happened to Carnivore?

From: InfoSec News (isnat_private)
Date: Tue Apr 02 2002 - 00:07:56 PST

  • Next message: InfoSec News: "[ISN] Hackers, Viruses Fuel Security Market, Not 9-11"

    Forwarded from: bob <bobat_private>
    Whatever Happened to Carnivore?
    By Jay Lyman
    NewsFactor Network
    April 1, 2002
    Sobel said EPIC and other organizations are keeping pressure on the
    U.S. Department of Justice and FBI to disclose exactly what law
    enforcement officials are doing with Carnivore.
    Its name may have changed from Carnivore to DCS-1000, but the
    controversial cybersnooping software used by the Federal Bureau of
    Investigation is still on the hunt for information, and likely is
    scouring vast amounts of Internet communication.
    In fact, Carnivore probably is chomping on more data than ever as a
    result of the September 11th terrorist attacks in the United States.
    Following those events, it was widely reported that the FBI installed
    its e-mail snooping program on several Internet service provider (ISP)
    networks around the nation.
    But a recent court order may mean that more information will be
    revealed about how Carnivore works and what it is being used for,
    according to privacy advocates.
    After all, while a majority of people may now be more willing to come
    under government scrutiny in the name of security, civil libertarians
    say their concerns that the snooping software threatens privacy have
    actually heightened since September 11th.
    Guarded by Government
    Electronic Privacy Information Center (EPIC) general counsel David
    Sobel told NewsFactor that acquiring information about the e-mail
    sifting software has been a long struggle. On March 25th, Washington
    D.C.-based EPIC won a round in that battle when U.S. District Court
    Judge James Robertson approved a further search of FBI records on
    "It looked like something was imminent, then again nothing happened,"
    Sobel said in reference to last year's review of the snooping software
    by U.S. Attorney General John Ashcroft.
    Sobel added that despite a law passed last year requiring the FBI to
    report on Carnivore's use, Ashcroft's dismissal of disclosures and
    discussions was still another letdown in privacy groups' continuing
    efforts to learn about the software program.
    Digging Deeper
    However, Sobel said, EPIC and other organizations are keeping pressure
    on the U.S. Department of Justice and the FBI to disclose exactly what
    law enforcement officials are doing with Carnivore and how the
    software, which is reportedly capable of "filtering" e-mail, works.
    "We're still criticizing, and we're still pursuing our Freedom of
    Information Act request," Sobel said. "The judge agreed the initial
    search was not complete, and the FBI has been sent back to do more
    searching. Now there's a likelihood that our lawsuit will generate
    more disclosure. I'm hopeful we'll learn more."
    The FBI has until May 24th to conduct deeper information searches on
    Carnivore data, including searches in the bureau's offices of General
    Counsel and Congressional and Public Affairs, Judge Robertson ordered.
    Willing To Be Watched
    Still, SecurityFocus incident analyst Ryan Russell said the events of
    September 11th changed many citizens' minds.
    "I think there is a lot less concern from the majority of people that
    they're going to be monitored," Russell told NewsFactor.
    Sobel argued, conversely, that people know the FBI already had
    significant abilities -- both legal and technical -- to monitor
    communication before the attacks.
    "As time goes on, people are going to realize these agencies had
    significant powers before September 11th, and it didn't prevent what
    happened," he said.
    Let Off Leash?
    Regardless of whether people approved of its decision, the FBI
    deployed Carnivore on ISPs across the country after September 11th,
    according to numerous reports.
    While EarthLink had resisted Carnivore deployment on its network prior
    to the attacks, an EarthLink spokesperson told NewsFactor shortly
    afterward that he assumed every large ISP in the country had been
    contacted by the FBI and that all of them were cooperating.
    More recently, however, EarthLink spokesperson Carla Shaw told
    NewsFactor that the company's cooperation with law enforcement does
    not mean that Carnivore is scanning the EarthLink network.
    "Carnivore is not deployed on our network," Shaw said. "We certainly
    do comply with law enforcement, but we do so in a way that does not
    compromise our users' privacy."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Apr 02 2002 - 03:15:57 PST