Whatever Happened To "Carnivore"?

John blueoval at 1SMARTISP.NET
Mon Jan 24 08:07:05 MST 2005

 From: Anthony Steele <ranthonysteele at gmail.com>
Subject: Fwd: Orin Kerr on why the FBI "retired" Carnivore

Found this article rather interesting...



The Fake Carnivore Debate, RIP:

The Associated Press reports that the FBI has retired its
"Carnivore" Internet surveillance tool. (It actually happened
about two years ago, but no one knew about it until now.) The
Carnivore debate was premised on a profound misunderstanding of
Internet surveillance practices. With the Carnivore era over, it's
a good time to look back at how the press was able to get the
story so wrong.

   The FBI created the Carnivore tool around 1999 to create a more
privacy-protecting way to conduct Internet surveillance. At that
time, commercial surveillance tools were not very protective of
privacy; private sector companies have broader surveillance rights
than the government, which meant that there was no incentive for
private companies to use privacy-sensitive tools when they needed
to moinitor their network. The FBI was finding that in rare cases,
ISPs could not execute court orders on their own and insisted that
the FBI itself had to conduct court-ordered surveillance itself;
when it did, FBI agents found that no commercially-available
real-time surveillance tools (known as "sniffers") were
sufficiently privacy-protective for the FBI to be comfortable
using it given the legal constraints it faced.

   The FBI's response was to order its tech people to try to
improve the filtering technology of commercial tools. The FBI came
up with better filter technologies that could ensure that no
over-collection would occur. The preexisting commercial filter had
been dubbed "Omnivore" within the FBI, and the new filter was much
more precise ⬠ it only took the "meat" that the tool was
designed to capture, and did not collect any evidence beyond that
described in the court order. As a result, the FBI dubbed the new
privacy-enhanced tool "Carnivore."

   Of course, this isn't the story that you heard in the press.
Privacy advocates were quick to capitalize on the precious gift
the FBI handed them: the name itself was an indictment of sorts,
making it easy to create the impression that the FBI had created a
monster. Of course, reporters had no idea that Carnivore was
actually a privacy-protective version of a common computer tool,
and privacy advocates certainly had no incentive to tell them
that. As a result, the MSM made a big ruckus about Carnivore and
scared everybody into thinking that the FBI had created a powerful
surveillance tool.

   I was in government at the time the story broke, and was rather
astonished by the misunderstanding. In a preview of the debate
over the Patriot Act, the MSM got it exactly wrong: it couldn't
tell the difference between an effort to protect privacy and an
effort to invade it. This led, among other things, to a movement
among some civil libertarians urging Congress to impose a
moratorium on Carnivore -- a movement that, if successful, would
have forced the FBI to use more privacy-invasive tools rather than
more privacy-protective ones. (In case you're wondering,
government spokespersons tried to explain this at the time and
since, but reporters simply did not believe it. When they bothered
to report the government's view at all, it was usually at the end
of the article in a single sentence clearly designed to leave the
impression it was not credible.)

   Why did the FBI retire Carnivore? For a reason I explained in
an article published two years ago on the Patriot Act (see
footnote 247 if you're really interested): in the last few years,
the private sector finally caught up with the government.
Commercial surveillance tools now have the same privacy-enhancing
filter technology that the Carnivore tool has, meaning that the
government no longer needs to use Carnivore.

Strange, but true.

More information about the Rushtalk mailing list