FBI retires Carnivore

By Kevin Poulsen, SecurityFocus
Published Saturday 15th January 2005 10:41 GMT

FBI surveillance experts have put their once-controversial Carnivore
Internet surveillance tool out to pasture, preferring instead to use
commercial products to eavesdrop on network traffic, according to
documents released Friday.

Two reports <http://www.epic.org> to Congress obtained by the
Washington-based Electronic Privacy Information Center under the Freedom
of Information Act reveal that the FBI didn't use Carnivore, or its
rebranded version "DCS-1000," at all during the 2002 and 2003 fiscal
years. Instead, the bureau turned to unnamed commercially-available
products to conduct Internet surveillance thirteen times in criminal
investigations in that period.

Carnivore became a hot topic http://www.securityfocus.com/news/97
among civil liberations, some network operators and many lawmakers in
2000, when an ISP's legal challenge brought the surveillance tool's
existence to light. One controversy revolved around the FBI's
legally-murky use of the device to obtain e-mail headers and other
information without a wiretap warrant -- an issue Congress resolved by
explicitly legalizing the practice in the 2001 USA PATRIOT Act.

Under section 216 of the act, the FBI can conduct a limited form of
Internet surveillance without first visiting a judge and establishing
probable cause that the target has committed a crime. In such cases the
FBI is authorized to capture routing information like e-mail addresses
or IP addresses, but not the contents of the communications.

According to the released reports, the bureau used that power three
times in 2002 and six times in 2003 in cases in which it brought its own
Internet surveillance gear to the job. Each of those surveillance
operations lasted sixty days or less, except for one investigation into
alleged extortion, arson and "teaching of others how to make and use
destructive devices" that ran over eight months from January 10th to
August 26th, 2002.

Other cases investigated under section 216 involved alleged mail fraud,
controlled substance sales, providing material support to terrorism, and
making obscene or harassing telephone calls within the District of
Columbia. The surveillance targets' names are not listed in the reports.

In four additional cases, twice each in 2002 and 2003, the FBI obtained
a full-blown Internet wiretap warrant from a judge, permitting them to
capture the contents of a target's Internet communications in real time.
No more information on those cases is provided in the reports because
they involved "sensitive investigations," according to the bureau.

The new documents only enumerate criminal investigations in which the
FBI deployed a government-owned surveillance tool, not those in which an
ISP used its own equipment to facilitate the spying. Cases involving
foreign espionage or international terrorism are also omitted.

Developed by a contractor, Carnivore was a customizable packet sniffer
that, in conjunction with other FBI tools, could capture email messages,
and reconstruct web pages exactly as a surveillance target saw them
while surfing the web. FBI agents lugged it with them to ISPs that
lacked their own spying capability.