De-toothing 'Carnivore'

In the 1970s, the Senate's "Church Committee" investigations found that the FBI had conducted politically motivated wiretaps of dissident groups, journalists and political figures such as Martin Luther King Jr. The committee noted in its report that technological changes had rendered Americans' private conversations "vulnerable to interception and monitoring by government agents." Unfortunately, the committee was unable to foresee what wonders technology would bring over the next 25 years. A new FBI-developed system with the unfriendly name of "Carnivore" now represents a greater threat to individual privacy than simple wiretapping has ever posed.

Carnivore is not designed to monitor everything you do--and that's why it's so dangerous. In addition to full wiretaps, which require a court finding of probable cause that a serious felony has been committed, U.S. law allows for a limited wiretap in which the phone company provides the government with the target's phone records. This limited tap must be granted whenever it would be "relevant to an ongoing criminal investigation"--essentially, whenever the government wants.

Carnivore, a system that has already been used in more than 20 cases, is designed for such limited taps. Run on a standard PC installed on the network of an Internet service provider (ISP), Carnivore receives a copy of every data packet and picks out, in real time, incoming and outgoing e-mail addresses or Web requests for a given user. As a result, the government has argued that the system poses no threat to civil liberties--its strength is not in widespread surveillance, but in recording addressing information equivalent to the numbers dialed on a telephone.

The problem is that the concept of "numbers dialed" doesn't really mean much on the Internet. The FBI and privacy advocates have been frantically searching for the best analogy: Are telephone numbers like IP addresses, such as 140.247.30.106, that are used only by computers and reveal relatively little? How about e-mail addresses, or URLs that describe what Web pages you frequent? Unfortunately, e-mail addresses and message content are stored in the same packets of data on the Net; access to one requires access to the other, and it should come as no surprise that the FBI is calling for as much access as it can grab.

The exact analogy is crucial because the 1979 Supreme Court decision finding "numbers dialed" to be unprotected by the Fourth Amendment relied heavily on the technical details of the existing telephone network. The Court noted that the numbers dialed did not reveal the purpose of the call, the identities of either caller or recipient, or even whether the call was completed and a communication took place. Yet none of these qualities are shared by e-mail addresses or Web links, both of which the FBI would like to include under Carnivore's surveillance. A phone number might tell me who called you, but not what they said; on the other hand, if I know the websites you visit, I can visit them myself and find out what you've been reading.

If the FBI does get the ability to search e-mail addresses under the lesser standard of protection, the consequences could be severe. By claiming that certain information is relevant to an investigation, the government could get a court order to install a box on a network with access to every packet that passes through. The American Civil Liberties Union and other privacy advocates have called for the FBI to open the Carnivore source code to the public, and the FBI has recruited a university to investigate the program, but neither plan represents a real solution: Seeing the source code to one version of Carnivore doesn't tell you anything about what's running on the next box the FBI installs.

Worse, the government has no legal obligation to inform targets of a limited tap that they were watched until a case is brought to trial. Because the Carnivore system doesn't receive an IP address, Internet users can't detect if it were installed or whether they were targets. There are no checks or balances here: If the Carnivore system were violating legal limits and monitoring our activities, no one outside the FBI would know.

How can such abuse be prevented? One promising bill introduced in Congress would give individuals greater protection from "numbers dialed" searches, taking away the FBI's green light to search our e-mail. Second, the Carnivore software should be provided to ISPs so that they may collect the information themselves, just as phone companies compile dialing records before turning them over to the government. The only reason Carnivore was developed was that ISPs were supposedly unable to collect the information; providing them with the software would eliminate that problem and keep sensitive information out of the government's hands.

What the public needs to recognize is that the barriers to abuse are now only legal, not technical. With Carnivore installed, FBI agents have the technical capability to obtain a copy of every e-mail you send and every Web page you visit--and no one has the technical ability to find out if they are abusing it. No matter how much one respects law enforcement or expects the FBI to act within the law, this power is too great. The Fourth Amendment cannot have been intended to allow a situation in which our only security is the FBI's goodwill.

Stephen E. Sachs '02 is a history concentrator in Quincy House. His column appears on alternate Tuesdays.