Carnivore: Carnivore: The Limits of IntrusionThe Limits of Intrusion
By
Wael Eldashan
Tony Provencio CSE 190
Swati Saparia Professor Karin
Karen Yang 6.4.02
What Carnivore IsWhat Carnivore Is
Carnivore is an FBI assistance program that helps ISP overcome technical difficulties when complying with court orders.
It is a packet sniffer that eavesdrops on packets and watches them go by, then saves a copy of the packets it is interested in.
It works as a passive monitoring system that does not corrupt the emails that it monitors.
The FBI is not allowed to put Carnivore on the network unless the ISP claims it cannot (or will not) comply with the court order.
What Packet Sniffers ObserveWhat Packet Sniffers Observe
Which Web sites you visit What you look at on the site Whom you send e-mail to What's in the e-mail you send What you download from a site What streaming events you use, such as audio,
video and Internet telephony Who visits your site (if you have a Web site)
Content-WiretapContent-Wiretap
A telephone "content wiretap" is where law enforcement eavesdrops on the suspect's telephone calls, recording the oral communications on tape. Carnivore can do similar things for Internet communication:
1. capture all e-mail messages to and from a specific user's account
2. capture all the network traffic to and from a specific user or IP address
Trap and Trace/Pen-RegisterTrap and Trace/Pen-Register
capture all the e-mail headers (including e-mail addresses) going to and from an e-mail account, but not the actual contents (or Subject: line)
list all the servers (web servers, FTP servers) that the suspect accesses, but don't capture the content of this communication
track everyone who accesses a specific web page or FTP file
track all web pages or FTP files that a suspect accesses
Implementation:Implementation:
1. The FBI has a reasonable suspicion that someone is engaged in criminal activities and requests a court order to view the suspect's online activity
2. A court grants the request for a full content-wiretap of e-mail traffic only and issues an order
3. The FBI sets up a Carnivore computer at the ISP to monitor the suspect's activity.
Implementation:Implementation:
4. The FBI configures the Carnivore software with the IP address of the suspect to capture packets only from this particular location ignoring all other packets. Carnivore copies all of the packets from the suspect's system without impeding the flow of the network traffic.
5. Once the copies are made, they go through a filter that only keeps the e-mail packets and determines what the packets contain based on the packet’s protocol. The e-mail packets are saved to the Jaz cartridge.
Implementation:Implementation:
6. Once every day or two, an FBI agent visits the ISP and swaps out the Jaz cartridge. The surveillance cannot continue for more than a month without an extension from the court.
7. The captured data is processed using Packeteer and Coolminer. If the results provide enough evidence, the FBI can use them as part of a case against the suspect.
Main Concerns:Main Concerns:
How (exactly) Carnivore works, and whether there are bugs that lead to privacy violations.
How Carnivore can be misused by law enforcement.
The privacy debate of wiretaps in general, and the changing rules of the Internet in particular.
StakeHolders:StakeHolders:
1. FBI
2. Civil Liberties Groups
3. Software Developers
4. ISPs
5. Academic/Research Community
6. Public
7. Hackers
FBI:FBI: Carnivore Monitors… Carnivore Monitors…
Organized crime groups Drug trafficking organizations Illegal hackers Terrorists Child pornography/exploitation Espionage Information warfare Fraud
FBI:FBI:Checks On ImplementationChecks On Implementation
• Interception limited to certain felony offenses
• Applications must indicate that normal investigative techniques have been tried and failed/will not work/too dangerous
• Must demonstrate probable cause with particularity and specificity (i.e. offenses committed, place of interception, description of interceptions, persons committing offences)
FBI:FBI:Checks On ImplementationChecks On Implementation
• Subject to internal government controls ( i.e. FBI, DOJ)
• Penalties for misuse• Exclusion of evidence and criminal and civil penalties
FBI:FBI:The Fourth AmendmentThe Fourth Amendment
The Fourth Amendment States:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
FBI:FBI:Addressing these ConcernsAddressing these Concerns
The system must strike a reasonable balance between competing interests- the privacy interests of telecommunications users, the business interest of service providers, and the duty of government investigators to protect public safety.
– Requires warrant specifying who suspect is, what lines will be tapped, type of information to be seized
– Seizure of email is held to higher standard than normal search warrants (requires Federal District judge or higher)
Civil Liberties GroupsCivil Liberties Groups
1) ACLU
2) The Cato Institute
3) Electronic Frontier Foundation
4) Muslim Groups
5) EPIC
ACLUACLU
Carnivore is unnecessary
The Fourth Amendment is founded on the premise of distrust of law enforcement
Allows for too much government intrusion in everyday lives
The Cato InstituteThe Cato Institute
What limits are we willing to accept on intrusion of our everyday lives?– Some point to Israel’s so-called war on terror as an
example of where the line could be drawn– “They have decided to have armed soldiers on every
other block, excruciatingly tight security at airports and in government buildings, racial profiling, tortures and lax standards for obtaining and using evidence against defendant. We ought to be aware of what the Israelis are doing and whether that’s the sort of thing we would do.”
– William A. Niskanen of the Cato Institute
EFF
The use of packet analyzers on the Internet captures much more information from an individual than does the use of pen registers and trap and trace devices used on traditional land-line telephone systems
The Carnivore system appears to exacerbate the over collection of personal information by collecting more information than it is legally entitled to collect under traditional pen register and trap and trace laws
Systems like Carnivore have the potential to turn into mass surveillance systems that will harm our free and open society.
MUSLIM GROUPS
Ibrahim Hooper, communications director of the Council on American-Islamic Relations, said he feared that with anti-Muslim feelings running high in the country due to September 11, Congress might respond with action that would diminish the rights of Muslim Americans.
Secret evidence.
– “We’re getting reports every day of beatings, harassments, shots fired at mosques. We know people’s emotions run high but our rights are not subject to circumstances, but are inalienable.”
EPICEPIC
Carnivore disrupted anti-terror investigation
Internal memo calls over collection of data part of pattern showing inability of FBI to manage foreign intelligence wiretaps
SOFTWARE DEVELOPERSSOFTWARE DEVELOPERS
1) Stephen Mencik Technical lead for Independent Review of
Carnivore
2) Robert Graham CEO, hacker, worked on destroying Morris Worm
CARNIVORE’S CARNIVORE’S PREDECESSORSPREDECESSORS
1) They must obtain a warrant , that is limited– "Pen Register" or "Trap and Trace" warrant.
2) Foreign Intelligence Surveillance Act (FISA).– Circuit switching V. packet switching
Under the Patriot Act, the FBI’s Powers Have Been Expanded
First, warrants can be obtained under FISA if intelligence gathering is only a "significant purpose," rather than the "primary purpose." Because of this change,
as long as intelligence gathering is a "significant purpose" of the warrant, evidence gathered by what could otherwise be unconstitutional methods might be
used for a criminal investigation.
Second, the Patriot Act specifically lowers the threshold for obtaining a full collection warrant for Internet traffic. Instead of needing probable cause as
required by Title III, the FBI now only needs to show that the information to be gathered is "relevant to an ongoing criminal investigation." That is a much lower
standard than showing probable cause that a crime has been committed.
The third major change is that when a wiretap warrant is issued, the person whose communications are being captured is notified, though sometimes this
notification is allowed to be after the fact. The Patriot Act now allows nearly any search to be made in secret. Finally, these changes made by the Patriot Act are not limited to surveillance of suspected terrorists, but apply to all surveillance
cases.
DoJ Investigation
During the fall of 2000, the Department of Justice contracted for an independent review of Carnivore to determine if it worked as described above. That review showed that
some debate over what was allowed in Pen-mode and what was not. Where the review was critical of Carnivore was in the area of accountability.
There was no audit capability for Carnivore. There was also no way to prove "chain of custody" for the
evidence gathered. It also would prevent identifying which agent was at fault should Carnivore be used for illegal wiretaps. The review team made a number of recommendations for improving Carnivore, mainly in this area of accountability.
It is not known if the FBI has implemented any of the recommendations.
ISPs:ISPs:the Marketthe Market
Carnivore has the potential to slow down ISP performance and create a bottleneck at the point of interception:
Customer dissatisfaction Law does not allow ISPs to disclose the reason for
bottleneck
ISPs:ISPs:Exposure to LiabilityExposure to Liability
The Electronic Communications Privacy Act (ECPA) forbids an ISP from revealing certain information to the government in the absence of a valid court order.
However, even when presented with a valid court order, an ISP may still be found liable if it believed the government's actions exceeded its authority and it did nothing to prevent it.
ISPs:ISPs:The Hacker ProblemThe Hacker Problem
Attaching Carnivore to the system provides hackers with a new point of entry over which the ISP has no control
Such an intrusion would violate their customer’s privacy
Public:Public:The Rogue Agent ProblemThe Rogue Agent Problem
Since there is no monitoring system for usage, it is easier to misuse the system and/or information.
If one bad agent misuses Carnivore, it may endanger innocent people and the whole benefit for using it in the first place will be defeated
Public:Public:Potential MishapsPotential Mishaps
ISPs install Carnivore at a central location on their network and if installation or accessibility were compromised, it could interfere with a large portion of the Internet.
Many feel that Carnivore puts the Internet in control of those who are concerned with surveillance and investigation rather than connectivity.
Public: Public: Constitutional ViolationsConstitutional Violations
Fourth Amendment Concerns:“…no Warrants shall issue, but upon probably
cause…and particularly describing the place to be searched, and the persons or things to be seized.”
--Not enough specificity in request for warrant
First Amendment Concerns:“Congress shall make no law abridging the freedom
of speech…”--Potentially Limits Freedom of Speech
Public:Public:Criminal InvestigationsCriminal Investigations
Give up some privacy in exchange for reducing criminal behavior– Terrorism– Child Pornography– Organized crime groups– Drug trafficking organizations– Espionage
Hackers:Hackers:The BackdoorThe Backdoor
Carnivore provides access to the pipeline it is monitoring making the system accessible through a username and password. – It is impossible to trace the actions back to the
individual who is responsible.– In the past, hackers have penetrated the Air Force, the
Pentagon, and many other high-profile government web servers. Carnivore provides Hackers with a new point of entry.
Hackers:Hackers: Threats to Accessibility and Security Threats to Accessibility and Security
Spying Accessing people’s computers Slowing down websites and company servers Pass on a computer virus to thousands of people Stop e-mail access for thousands of people Access identity information, bank information,
credit card information
Academic Community:Academic Community:Perceived ConcernsPerceived Concerns
Compromised Privacy
Law is slower than technology– Leaves open interpretation of usage
The information captured may not be comparable.
Academic Community : Academic Community :
Interview: Tom Perrine– Currently: Computer Security at SDSC
– Background: Turned down FBI to do Independent Study of Carnivore Congressional Statement (Jul. 2000), regarding Carnivore Previous Work:
– Designed and developed systems to protect classified government information, deployed nation-wide security systems to protect privacy and intellectual property
Academic Community:Academic Community: Internet Is Different Internet Is Different
The Internet Is Different From the Telephone:
– Title III allows for monitoring of telephones– Carnivore settings can be changed easily and
remotely– Allows for broader scope than telephone
Academic Community:Academic Community: Our Individual Rights Our Individual Rights
Our Individual Rights:– “I have always been an advocate of personal
privacy, unrestricted access to strong encryption, and less government oversight and intervention in the lives of law-abiding citizens.”
– Tom Perrine
– Understands and supports legitimate law enforcement monitoring of suspected criminals
Academic Community: Academic Community: ConcernsConcerns
Carnivore is under constant development– Impossible to know what current functions are built in– Need better filtering capabilities
No Auditing System for Agents Using Carnivore – Insufficient logging of activities
Review of the Source Code would not indicate filters applied at any given time
Legal IssuesLegal Issues
Carnivore has not been tested in court yet
Scope of Digital Evidence – might be considered “hearsay” but falls under business
record exception
War– Government in the past has put national interests ahead
of individual rights
The EthicsThe Ethics
Is it ethical to have citizens’ internet communications monitored for suspected criminal activity?
Should international groups be subjected to US Law?
The Utilitarian TestThe Utilitarian Test
Does Carnivore do the most good for the most people?
If used properly, then yes. It is able to detect, and possibly prevent, crimes.
Additional SourcesAdditional Sources
http://www.howstuffworks.com/carnivore.htmhttp://www.robertgraham.com/pubs/carnivore-faq.htmlhttp://zdnet.com.com/2100-11-522208.htmlhttp://zdnet.com.com/2100-11-522107.htmlhttp://www.fbi.gov/hq/lab/carnivore/carnivore.htmhttp://www.stopcarnivore.org/whyitsbad/reason1.htm http://www.cnn.com/2002/US/05/29/carnivore.binladen/inde.htmlhttp://www.stopcarnivore.org/whyitsbad/reason4.htmhttp://
www.stopcarnivore.org/whyitsbad/reason4.htmhttp://www.law.duke.edu/journals/dltr/articles/2001dltr0028.htmlhttp://stopcarnivore.org/threeproblems.htm
Top Related