internet wiretapping and carnivore sarah boucher edward cotler stephen larson may 17, 2001
TRANSCRIPT
![Page 1: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/1.jpg)
Internet Wiretappingand Carnivore
Sarah Boucher
Edward Cotler
Stephen Larson
May 17, 2001
![Page 2: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/2.jpg)
Introduction
• Law enforcement needs
• Individuals’ privacy concerns
• Emerging technology
![Page 3: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/3.jpg)
Goals
• To inform about the current technical, government, and public opinion state of U.S. Internet wiretapping policy through a case study of the FBI’s Carnivore system
• To discuss concerns about the current state of U.S. Internet wiretapping policy
• To propose changes to improve the U.S. system of Internet wiretapping
![Page 4: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/4.jpg)
Timeline
• 1791 – The Fourth Amendment to the Constitution• 1928 – Olmstead v United States• 1934 – Federal Communications Act• 1937 – Nardone v United States• 1939 – Nardone v United States• 1967 – Berger v United States• 1967 – Katz v United States• 1968 – Omnibus Crime Control and Safe Streets Act• 1978 – Foreign Intelligence Surveillance Act
![Page 5: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/5.jpg)
Timeline
• 1979 – Smith v Maryland• 1986 – Electronic Communications Privacy Act• 1994 – Communications Assistance for Law
Enforcement Act• 2000 – US Telecom v FCC• 2000 – Hearings in House and Senate committees• 2000 – Digital Privacy Act, proposed• 2000 – Electronic Communications Privacy Act,
proposed• 2000 – Illinois report released
![Page 6: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/6.jpg)
Key Players
• ACLU: Opposed to wiretaps in general.• CDT: Sees a place for restricted wiretaps.• EPIC: Acquired key information using the FOIA.• DOJ: In charge of the FBI, project in general.• FBI: Conducted at least 25 Internet wiretaps
already.• Congress: Trying to catch the laws up.
![Page 7: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/7.jpg)
Background
![Page 8: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/8.jpg)
Legislative Background
• Fourth Amendment• FCA• Title III• FISA• ECPA• CALEA• Digital Privacy Act of 2000• Electronic Privacy Act of 2000
![Page 9: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/9.jpg)
Legislative Background
• Fourth Amendment– The right of the people to be secure in their
persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
![Page 10: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/10.jpg)
Legislative Background
• Federal Communications Act of 1934– Prohibited the interception and disclosure of
any communication without the consent of at least one of the parties to the communication.
![Page 11: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/11.jpg)
Legislative Background
• Title III of the Omnibus Crime Control and Safe Streets Act of 1968– Electronic surveillance made illegal, except
pursuant to a court order.
![Page 12: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/12.jpg)
Legislative Background
• How to get a court order for electronic surveillance– Prove probable cause that an indictable crime
has been, is being, or is about to be committed.– Specifically describe the communications to be
intercepted.– Other investigative procedures have failed or
are too dangerous.
![Page 13: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/13.jpg)
Legislative Background
• Foreign Intelligence Surveillance Act of 1978– Requires approval from the Foreign
Intelligence Surveillance Court for electronic surveillance in national security cases.
![Page 14: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/14.jpg)
Legislative Background
• Electronic Communications Privacy Act of 1986– Amended Title III protections to cover most
wire and wireless communications.– Requires a court order for the use of pen
register and trap and trace devices.– Delineates regulations for the use of roving
wiretaps.
![Page 15: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/15.jpg)
Legislative Background
• Communication Assistance for Law Enforcement Act of 1994– Requires telecommunications carriers to ensure
the ability of law enforcement agencies to intercept communications.
![Page 16: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/16.jpg)
Legislative Background
• Digital Privacy Act of 2000, proposed in the 106th Congress– Strengthened the requirements for obtaining a
court order for the use of pen register and trap and trace devices.
– Heightened the reporting requirements for electronic surveillance.
![Page 17: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/17.jpg)
Legislative Background
• Electronic Privacy Act of 2000, proposed in the 106th Congress– Strengthened the requirements for obtaining a
court order for the use of pen register and trap and trace devices.
– Other privacy enhancing changes to current federal wiretapping laws.
![Page 18: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/18.jpg)
Judicial Background
• Olmstead v. US
• Nardone v. US
• Berger v. US
• Katz v. US
• Smith v. Maryland
• US Telecomm v. FCC
![Page 19: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/19.jpg)
Judicial Background
• Olmstead vs. US, 1928– Supreme Court held that wiretaps were not a
violation of the Fourth Amendment.– Justice Brandeis wrote a strong dissent
supporting the extension of Fourth Amendment rights to wiretapping.
![Page 20: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/20.jpg)
Judicial Background
• Nardone vs. US, 1937 and again in 1939– Based on FCA of 1934, the Court ruled that
wiretap evidence could not be used in trial.– In the second case, the Court expanded this
ruling to include any evidence derived from a wiretap.
![Page 21: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/21.jpg)
Judicial Background
• Berger vs. US, 1967– Supreme Court found that a New York State
law that had been used to secure a warrant for wiretapping was overbroad in its scope.
![Page 22: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/22.jpg)
Judicial Background
• Katz vs. US, 1967– Supreme Court effectively overturned
Olmstead v US, saying that “the Fourth Amendment protects people, not places.”
![Page 23: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/23.jpg)
Judicial Background
• Smith vs. Maryland, 1979– Supreme Court held that there is a lower
expectation of privacy in pen mode information, therefore no warrant is required to intercept this information.
![Page 24: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/24.jpg)
Judicial Background
• US Telecomm v. FCC, 2000– Challenges to the implementation Order for
CALEA.– Supreme Court held that location information
for wireless communications as well as packet-mode data collection can be required by CALEA.
![Page 25: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/25.jpg)
Executive Background
When does the FBI use Carnivore?• The ISP cannot narrow sufficiently the
information retrieved to comply with the court order
• The ISP cannot receive sufficient information• The FBI does not want to disclose information to
the ISP, as in a sensitive national security investigation.
![Page 26: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/26.jpg)
Executive Background
Full mode wiretap
• Case agent consults with the Chief Division Counsel, and a Technically Trained Agent.
Pen mode wiretap
• Case agent writes up a request with a justification for necessity
![Page 27: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/27.jpg)
Executive Background
• FBI shows a judge the relevance of the information
• FBI shows a judge why traditional enforcement methods are insufficient
• FBI submits a request with information such as target ISP, e-mail address, etc.
• FBI waits 4-6 months
![Page 28: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/28.jpg)
Public Policy Background
Federal Title III Wiretaps
0
100
200
300
400
500
600
700
![Page 29: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/29.jpg)
Public Policy Background
• Wiretaps influenced by administrative policy choice– 10,000 before Safe Streets Act (1968)
– 9,000 after Safe Streets Act
• Could Carnivore have similar usage patterns?– Log secrecy
– 1850% increase from 1997 to 1999
![Page 30: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/30.jpg)
Technical Background
• Hardware
• Software
![Page 31: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/31.jpg)
Hardware Architecture
• A one-way tap into an Ethernet data stream• A general purpose computer to filter and
collect data• One or more additional general purpose
computers to control the collection and examine the data
• A ‘locked’ telephone link to connect the computers
![Page 32: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/32.jpg)
Hardware Architecture
CarnivoreHub
RemoteHub
Tap
Ethernet Switch
Other NetworkSegments
The Internet
Target
Bystander
![Page 33: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/33.jpg)
One Way Tap
• The Century Tap
• Produced by Shomiti Systems (3rd party)
![Page 34: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/34.jpg)
Filtering/Collection Computer
• Pentium-class PC– 2 GB Jaz Drive– Generic 10/100 Mbps Ethernet adapter– A modem– Windows NT– pcAnywere
![Page 35: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/35.jpg)
Control/Examination Computer
• Another regular computer with:– pcAnywhere– Dragonware
• Secure?
![Page 36: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/36.jpg)
Telephone Link
• Electronic device that prevents phone line connection unless you are the key.
![Page 37: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/37.jpg)
Software Architecture
Functionality
• Filtering
• Filter Precedence
• Output
• Analysis
![Page 38: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/38.jpg)
Software Architecture
![Page 39: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/39.jpg)
Software Architecture• Filtering
Fixed IP Can choose a range of IP addresses.
Dynamic IP If not in fixed IP mode, one can choose to include packets from in either Radius or DHCP mode.
Protocol Filtering One can choose to include packets from TCP, UDP, and/or ICMP in either Full mode, Pen mode, or none.
Text Filtering One can include packets that contain arbitrary text.
Port Filtering One can select particular ports to include (i.e 25 (SMTP), 80 (HTTP), 110 (POP3)).
E-mail address Filtering
One can select to include packets that contain a particular e-mail address in the to or from fields of an e-mail.
![Page 40: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/40.jpg)
Software Architecture
• Filter Precedence• Output
– .vor– .output– .error
• Analysis– Packeteer– CoolMiner
![Page 41: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/41.jpg)
Software Architecture• TapNDIS (written in C) is a kernal-mode driver which
captures Ethernet packets as they are received, and applies some filtering.
• TapAPI.dll (written in C++) provides the API for accessing the TapNDIS driver functionality from other applications.
• Carnivore.dll (written in C++) provides functionality for controlling the intercept of raw data.
• Carnivore.exe (written in Visual Basic) is the GUI for Carnivore.
![Page 42: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/42.jpg)
Concerns
![Page 43: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/43.jpg)
Legislative/Judicial Concerns
• Pen mode collection– Not strictly defined.– Low standard for obtaining a court order for the
interception of this information.– Reporting of pen mode interceptions is
minimal.
![Page 44: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/44.jpg)
Legislative/Judicial Concerns
• Minimization of interception:– No formal definition of minimization of search
requirements.– The minimization process only has optional
judicial review.– No requirements on who conducts the
minimization.
![Page 45: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/45.jpg)
Legislative/Judicial Concerns
• FISA interceptions:– No notification requirement, unless information
from the intercept will be used in a criminal trial.
– Completely confidential, the only information reported annually is the number of applications and the number of orders granted.
![Page 46: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/46.jpg)
Public/Executive Concerns
• Trust
• Ease of access
• Loss of ISP control
• Procedural
![Page 47: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/47.jpg)
Trust
“Carnivore is roughly equivalent to a wiretap capable of accessing the contents of the conversations of all of the phone company’s customers, with the ‘assurance’ that the FBI will record only conversations of the specified target.”
– Barry Steinhardt
Associate Director, ACLU
![Page 48: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/48.jpg)
Trust
• Should we trust the government?
• Agents overlook, misplace or otherwise mangle information
• FBI still makes record-keeping mistakes– Blanton– Salvati– McVeigh
![Page 49: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/49.jpg)
Ease of Access
“I would rather have the government crawl under barbed wire with a flashlight to install a listening device in my basement than to have them click a mouse in an office and gain access to my most private conversations.”
Phil Zimmermann
Inventor, PGP
![Page 50: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/50.jpg)
Ease of Access
• Allocation of resources– Self-selects more important wiretaps
• Easier to make mistakes
• No paper trail in digital age
![Page 51: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/51.jpg)
Loss of ISP Control
“The FBI is placing a black box inside the computer network of an ISP… not even the FBI knows what that gizmo is doing.”
– James X. Dempsey
Senior Staff Counsel, CDT
![Page 52: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/52.jpg)
Loss of ISP Control
• Allows access to non-targets– Is such evidence legally obtained?
• Minimization to communications of targets
• Non-issues in traditional telephone wiretap
![Page 53: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/53.jpg)
Procedural
“The statutory suppression remedy available for illegal interception of other communications in Title III is not extended to electronic communications… the data gathered would not automatically be thrown out as evidence.”
– IITRI Review of Carnivore
![Page 54: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/54.jpg)
Procedural
• Supervisor auditing mechanism
• No way to track which agent is responsible for error
![Page 55: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/55.jpg)
Public Concerns
• Survey– 117 responses– Average age: 32– Average time online per week: 13
![Page 56: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/56.jpg)
Survey
Heard of Carnivore?
0 5 10 15 20
Yes
No
Hours online per week
![Page 57: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/57.jpg)
Survey
• 21% heard of Carnivore
• Of those who heard of it, 68% view Carnivore as a threat to their online privacy
![Page 58: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/58.jpg)
Survey
Public Suspicion of FBI
2.50 2.60 2.70 2.80 2.90 3.00 3.10 3.20 3.30
Currently monitorsemail
Currently monitorsInternet activity
Will abuse emailmonitoring rights
Somewhat = 3.0
Didn't hear
Heard
![Page 59: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/59.jpg)
Survey
Should we allow government monitoring?
0.00 0.10 0.20 0.30 0.40 0.50 0.60 0.70 0.80
Phone conversations
Internet activity
Heard Didn't hear
![Page 60: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/60.jpg)
Technical Concerns
• Design Principles
• Problems– Wrong goals– Bad implementation
• Hidden functionality?
![Page 61: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/61.jpg)
Design PrinciplesOops:“No formal development process was followed for the
development of Carnivore through version 1.3.4. The Carnivore program was a quick-reaction capability program developed to meet the needs of the FBI for operational cases. […] This type of development is appropriate as a ‘proof of concept,’ but it is not appropriate for operational systems. Because of this lack of development methodology, important considerations, such as accountability and audit, were missed.”
–Illinois Report
![Page 62: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/62.jpg)
Design Principles
Goals were misplaced because of the perspective on the problem. What truths can we add?
• 1) Internet wiretapping is unlike other kinds of wiretapping
• 2) An Internet wiretapping device is a 'mission critical' device
• 3) Internet wiretapping devices are in a position to bear the brunt of public scrutiny
• 4) Internet wiretaps are not automatically more confidential just because they are automated.
![Page 63: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/63.jpg)
Design Principles
Overarching lesson:
The technical realities of Internet wiretapping strongly suggest that devices used for such purposes be engineered with extreme care, with special attention paid to potential failures.
![Page 64: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/64.jpg)
Technical Problems: Wrong Goals
• No structured development process
• No audit trails
• Limited security of data
![Page 65: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/65.jpg)
Technical Problems: Bad Implementation
• Problems with high throughput
• Standard Ethernet v. Full Duplex
• Security of remote computer
• Thwarted by crypto
• RADIUS (analysis omitted from Illinois Report)
![Page 66: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/66.jpg)
Hidden Functionality?
• TapAPI provides 45 entry points callable from Carnivore.dll, only 22 are used.
• Commented out code: more sophisticated filters, real-time viewer, case tracking
![Page 67: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/67.jpg)
Proposals
![Page 68: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/68.jpg)
Legislative/Judicial Proposals
• Exclusionary rule
• Minimization
• Judicial review
• Pen mode requirements
• FISA amendments
• Stored communications amendment
![Page 69: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/69.jpg)
Legislative/Judicial Proposals
• Exclusionary rule– Amend to include electronic communications.
![Page 70: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/70.jpg)
Legislative/Judicial Proposals
• Minimization– Judicial review of minimization prior to
admittance as evidence.– Minimization conducted by someone not
directly involved in the investigation.– Court orders for electronic surveillance
explicitly specify minimization techniques to be employed.
![Page 71: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/71.jpg)
Legislative/Judicial Proposals
• Judicial Review– Require judicial review to verify that all
electronic surveillance has been conducted in accordance with the applicable laws.
![Page 72: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/72.jpg)
Legislative/Judicial Proposals
• Pen mode requirements– Stricter definition of what pen mode
information may include.– For any technology that pen mode collection
cannot be limited to this definition, no collection authorized.
– Court orders must be based on probable cause.– Reporting requirements must be increased to
the same level as full content intercepts.
![Page 73: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/73.jpg)
Legislative/Judicial Proposals
• FISA amendments– Increase reporting requirements for all FISA
interceptions.– Require notification of all US citizens who are
the subject of a FISA intercept just as for Title III intercepts.
![Page 74: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/74.jpg)
Legislative/Judicial Proposals
• Stored communications amendment– Court order is necessary to access any
electronic communication stored for less than one year at communications provider.
– Court order is necessary to access any electronic communication that has already been accessed by the user but remains in storage at the communications provider.
![Page 75: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/75.jpg)
Public Policy Proposals
• Trust
• Ease of access
• ISP control
• Public awareness
![Page 76: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/76.jpg)
Trust
“Never trust a computer you can’t throw out a window.”
– Steve Wozniak
Inventor, Apple Computer
![Page 77: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/77.jpg)
Trust
• Establish independent review board of actual cases
• Open source Carnivore code
![Page 78: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/78.jpg)
Ease of Access
“ Because of [differences between the Internet and the traditional telephone system], it is appropriate to recognize a reasonable expectation of privacy in [electronic] information and to establish a higher evidentiary threshold to obtain a surveillance order than currently exists.”
– Robert Corn-RevereCounsel, Hogan & Hartson
![Page 79: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/79.jpg)
Ease of Access
• Require warrant even for “pen register” traps
• Require more evidence for Title III warrant– Carnivore should be last resort
![Page 80: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/80.jpg)
ISP Control
“ISPs are in the best position to understand their own networks and the most effective ways of complying with lawful orders.”
– Alan Davidson
Staff Counsel, CDT
![Page 81: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/81.jpg)
ISP Control
• Make Carnivore an available alternative for small ISPs• Let ISP technicians configure system and provide data
to FBI• CALEA
– “A telecommunications carrier shall ensure that its equipment, facilities, or services… are capable of expeditiously isolating and enabling the government… to intercept, to the exclusion of other communicationsto the exclusion of other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment [and] to access call-identifying information.”
![Page 82: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/82.jpg)
Public Awareness
“Public sentiment is everything. With it, nothing can fail. Without it, nothing can succeed.”
– Abraham Lincoln
“Ten people who speak make more noise than ten thousand who are silent.”
– Napoleon Bonaparte
![Page 83: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/83.jpg)
Public Awareness
• Shed aura of secrecy– People less intimidated by what they
understand
• Publicize privacy-related issues
• Write to Congress
• Big scandal– “Carnigate” as Watergate of the 21st Century
![Page 84: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/84.jpg)
Technical Proposals
• Get goals right
• Open source code
• Tamper-proof the local data
• Provide secure remote configuration
• Auto-post logs to website
![Page 85: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/85.jpg)
Get goals right
• To protect citizens, not to make them paranoid
• Treat as a mission critical system
• Solidify parameters for device design in law
![Page 86: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/86.jpg)
Open up the Code
“The technical community has developed a method to improve trust in complex systems: open source review.”
– Alan Davidson
Staff Counsel, CDT
![Page 87: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/87.jpg)
Open up the Code
What?
• Release the source code to the public for review.
• Make updates based on suggestions and bugs discovered.
![Page 88: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/88.jpg)
Open up the Code
• Open systems are based on keys
• Almost all popular crypto algorithms are public knowledge & rely on computational intractability
• Closed systems are based on secret processes
• Closed systems fail: DVD-CSS, SDMI
![Page 89: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/89.jpg)
Open up the Code
Pros:• Accountability: anchor for other protections• More eyes to contribute feedback• Fixing the code instead of the law (Lessig)• Most important if distributed beyond FBI
Cons: • Licensing, security issues require revamp (needed
anyway)
![Page 90: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/90.jpg)
Provide Secure Remote Configuration
What?
• Judicial branch sets the configuration with court order
Why?
• Eliminate ambiguity in court orders
• No need to trust the FBI
• One order = one search
![Page 91: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/91.jpg)
Provide Secure Remote Configuration
FBI HQ
{Kpub-judge[i]}Kpriv-fbihq x n
Keyring
![Page 92: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/92.jpg)
Provide Secure Remote Configuration
FBI HQ
Carnivore Box Carnivore Box
Keyring
![Page 93: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/93.jpg)
Provide Secure Remote Configuration
Keyring
Carnivore BoxRemote User
{Court Order}Kpriv-judge[i]
![Page 94: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/94.jpg)
Provide Secure Remote Configuration
FBI HQKeyring
Carnivore Box
{Court Order}Kpriv-judge[i]
(1) Generate Kpriv-carn[i]
![Page 95: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/95.jpg)
Provide Secure Remote Configuration
FBI HQKeyring
Carnivore Box
{Court Order}Kpriv-judge[i]
(2) Send
Kpub-carn[i] Kpub-carn[i] Saved*
![Page 96: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/96.jpg)
Provide Secure Remote Configuration
FBI HQKeyring
Carnivore Box
{Court Order}Kpriv-judge[i]
(3) Receive Symmetric Key
![Page 97: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/97.jpg)
Provide Secure Remote Configuration
FBI HQKeyring
Carnivore Box
{Court Order}Kpriv-judge[i] (4) Receive Kpub-fbihq
![Page 98: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/98.jpg)
Provide Secure Remote Configuration
Keyring
Carnivore Box
{Court Order}Kpriv-judge[i]
Kpub-fbihq
{Kpub-judge[i]}Kpriv-fbihq
![Page 99: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/99.jpg)
Provide Secure Remote Configuration
Keyring Carnivore Box
{Court Order}Kpriv-judge[i]
Kpub-fbihq{Kpub-judge[i]}Kpriv-fbihq
Verify
Kpub-judge[i]
![Page 100: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/100.jpg)
Provide Secure Remote Configuration
Keyring Carnivore Box
{Court Order}Kpriv-judge[i]Kpub-judge[i]
Verify
Court Order
![Page 101: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/101.jpg)
Tamper-proof the Local Data
FBI HQ
Kpub-carn[i] Saved*
![Page 102: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/102.jpg)
Tamper-proof the Local Data
What?• Private key generated with each order is
used to sign output files.• Public key from remote Carnivore unit can
be used to verify data stored.Why?• Data unprotected on computer, attacker can
alter, delete, etc.
![Page 103: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/103.jpg)
Auto-post Logs to Website
FBI HQ
Web site
Carnivore Box
Carnivore Box
Carnivore Box
![Page 104: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/104.jpg)
Auto-post Logs to Website
Why?• Knowing the source does not tell you how it
is usedMinimization• Time till reporting can be specified in court
order• Central FBI server will be bottleneck for
over-reporting
![Page 105: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/105.jpg)
Conclusions
![Page 106: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/106.jpg)
Legislative/Judicial
• Exclusionary rule
• Minimization
• Judicial review
• Pen mode requirements
• FISA amendments
• Stored communications amendment
![Page 107: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/107.jpg)
Public Policy
• Trust
• Ease of access
• ISP control
• Public awareness
![Page 108: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/108.jpg)
Technical
• Get goals right
• Open source code
• Tamper-proof the local data
• Provide secure remote configuration
• Auto-post logs to website
![Page 109: Internet Wiretapping and Carnivore Sarah Boucher Edward Cotler Stephen Larson May 17, 2001](https://reader033.vdocuments.site/reader033/viewer/2022052510/56649e2e5503460f94b1df54/html5/thumbnails/109.jpg)
Conclusion
“If you’re talking to someone in the next bathroom stall, the government shouldn’t have to be able to listen in.”
– Robert Ellis Smith
Publisher, Privacy Journal