PRESENTED BY
Introduction
Needs of the Law enforcement agencies Individual's privacy concerns Emerging technology
Goals
To inform about the current technical, government, and public opinion state of U.S. Internet wiretapping policy through a case study of the FBIs Carnivore system To discuss concerns about the current state of U.S. Internet wiretapping policy To propose changes to improve the U.S. system of Internet wiretapping
Executive Background
When does the FBI use Carnivore? The ISP cannot narrow sufficiently the information retrieved to comply with the court order The ISP cannot receive sufficient information The FBI does not want to disclose information to the ISP, as in a sensitive national security investigation.
Executive Background
Full mode wiretap
Case agent consults with the Chief Division Counsel, and a Technically Trained Agent.
Executive Background
FBI shows a judge the relevance of the information FBI shows a judge why traditional enforcement methods are insufficient FBI submits a request with information such as target ISP, e-mail address, etc. FBI waits 4-6 months
Hardware Architecture
A one-way tap into an Ethernet data stream A general purpose computer to filter and collect data One or more additional general purpose computers to control the collection and examine the data A locked telephone link to connect the computers
Hardware Architecture
The Internet
Hub
Carnivore
Hub
Target Bystander
Remote
Software Architecture
Functionality Filtering Filter Precedence Output Analysis
Software Architecture
Software Architecture
Filtering
Fixed IP
Can choose a range of IP addresses.
If not in fixed IP mode, one can choose to include packets from in either Radius or DHCP mode. One can choose to include packets from TCP, UDP, and/or ICMP in either Full mode, Pen mode, or none. One can include packets that contain arbitrary text.
One can select particular ports to include (i.e 25 (SMTP), 80 (HTTP), 110 (POP3)). One can select to include packets that contain a particular e-mail address in the to or from fields of an e-mail.
Software Architecture
Filter Precedence Output
.vor .output .error
Analysis
Packeteer CoolMiner
Software Architecture
TapNDIS (written in C) is a kernal-mode driver which captures Ethernet packets as they are received, and applies some filtering. TapAPI.dll (written in C++) provides the API for accessing the TapNDIS driver functionality from other applications. Carnivore.dll (written in C++) provides functionality for controlling the intercept of raw data. Carnivore.exe (written in Visual Basic) is the GUI for Carnivore.
CONTROVERSIES
Pen mode collection
Not strictly defined. Low standard for obtaining a court order for the interception of this information. Reporting of pen mode interceptions is minimal.
CONTROVERSIES
Minimization of interception:
No formal definition of minimization of search requirements. The minimization process only has optional judicial review. No requirements on who conducts the minimization.
CONTROVERSIES
FISA interceptions:
No notification requirement, unless information from the intercept will be used in a criminal trial. Completely confidential, the only information reported annually is the number of applications and the number of orders granted.
DISADVANTAGES
Trust Ease of access Loss of ISP control Procedural
ANTIVORE
Antidote to Carnivore. Developed by Chain Mail Inc.software firm, Virginia,US. To secure corporate data. Used to encrypt users e-mail messages.
Technical Concerns
Problems
Wrong goals Bad implementation
Hidden functionality
Hidden Functionality
TapAPI provides 45 entry points callable from Carnivore.dll, only 22 are used. Commented out code: more sophisticated filters, real-time viewer, case tracking
Technical Proposals
Get goals right Open source code Tamper-proof the local data Provide secure remote configuration Auto-post logs to website
Conclusion
If youre talking to someone in the next bathroom stall, the government shouldnt have to be able to listen in.
Robert Ellis Smith Publisher, Privacy Journal
THANK YOU!!