Out-Law / Your Daily Need-To-Know

Out-Law News 2 min. read

FBI memo reveals problems with internet surveillance


An FBI anti-terrorism investigation was hampered by technical flaws in the Bureau's controversial Carnivore internet surveillance system, according to an internal FBI memo. It appears that the system also monitors the communications of innocent parties.

Carnivore, now officially called DCS1000, is a system that allows investigators to capture e-mail communications sent to and by suspects. The FBI installs software with an ISP to monitor certain individuals, a type of system sometimes known as a “packet sniffer.” According to the FBI, it can be configured to intercept only certain types of communications, such as e-mail but not web sites visited. The system has long been criticised by the civil liberties group the Electronic Privacy Information Center (EPIC) which fights to restrict its use.

The incident, which occurred in March 2000, is described in newly-released FBI documents obtained under court order by EPIC. A written report describes the incident as part of a "pattern" indicating "an inability on the part of the FBI to manage" its foreign intelligence surveillance activities.

An internal FBI e-mail message dated 5th April, 2000, and sent to M E (Spike) Bowman, Associate General Counsel for National Security Affairs, recounts how the Carnivore "software was turned on and did not work correctly."

The surveillance system captured not only the electronic communications of the court-authorised target, "but also picked up e-mails on non-covered" individuals, a violation of federal wiretap law. According to the Bureau document, the "FBI technical person was apparently so upset that he destroyed all the e-mail take, including the take on [the authorised target]."

The botched surveillance was performed by the FBI's International Terrorism Operations Section (ITOS) and its "UBL Unit," which refers to the government's official designation of Osama bin Laden. The Bureau document indicates that an official at the Justice Department's Office of Intelligence Policy and Review (whose name has been deleted) became aware of the problem, and "To state that she is unhappy with ITOS and the UBL Unit would be an understatement of incredible proportions."

The reported problem apparently was not the first to arise during the course of FBI implementation of the Foreign Intelligence Surveillance Act (FISA). The internal document concludes its report of the "UBL Unit" incident by noting, "When you add this story to the FISA mistakes covered in [another, unreleased document], you have a pattern of occurrences which indicate to OIPR an inability on the part of the FBI to manage its FISAs."

Two Bureau documents written one week later discuss Carnivore's tendency to cause "the improper capture of data," and note that "[s]uch unauthorised interceptions not only can violate a citizen's privacy but also can seriously 'contaminate' ongoing investigations" and that such interceptions are "unlawful."

An FBI lawyer (whose name has been deleted) writes that the Bureau must "go out of our way to avoid tripping over innocent third party communications." The lawyer concludes, "I am not sure how we can proceed to test [Carnivore] without inadvertently intercepting the communications of others, but we really need to try."

Since its existence became public in 2000, the Carnivore system has been criticised by EPIC and other privacy groups, as well as members of Congress, because it gives the FBI unprecedented, direct access to the data networks of ISPs. The FBI has publicly downplayed the system's potential for over-collection of private communications.

An independent review of Carnivore commissioned by the Justice Department found that the system is capable of "broad sweeps" and recommended technical changes to address the problem. Neither the Department of Justice nor the FBI has indicated publicly whether those recommendations were ever implemented.

The newly-released FBI documents were provided to EPIC on Friday, May 24, in response to a court order issued by US District Judge James Robertson in the privacy group's ongoing Freedom of Information Act lawsuit seeking the disclosure of material concerning Carnivore.

The order directed the Bureau to conduct a second search for relevant documents after EPIC successfully argued (over the Bureau's objections) that an initial FBI search was inadequate and likely overlooked responsive records.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.