Anti-terrorism laws may give FBI unprecedented power to use its controversial email surveillance system.

Just hours after the towers of the World Trade Center collapsed in lower Manhattan, FBI agents were already visiting the offices of ISPs, network providers, and email vendors around the country in a search for those who perpetrated the attacks. Convinced that at least some of the hijackers may have used the Internet and email to arrange the hijackings, agents began combing these companies' networks looking for clues. The tool they used to conduct that investigation is the controversial email surveillance system, Carnivore.

Carnivore has been at the center of a controversy over civil liberties since its existence first became public last year. Recently, concerns over the system's potential to erode Americans' privacy have taken a backseat to our fear of another terrorist attack. Several media reports claim the FBI began installing Carnivore systems on some computer networks almost immediately following the September 11 attacks. Furthermore, the recently passed Patriot Act gave the FBI greater authority to use the system in the future.

In a victory for privacy groups, however, a federal court determined in March that the public is entitled to know more about how Carnivore works and when it's being used, leading to the release of these documents by the Electronic Privacy Information Center (EPIC). Still, this hasn't alleviated the concerns that many people have about Carnivore. What exactly is Carnivore? How does it work? What does it do? How do current laws apply to its use? How will the new laws affect it? These are all important questions that should be asked. Here are some brief answers.


  • What is Carnivore?

    Carnivore is software running on a specially configured Windows computer designed to capture email communications to and from a criminal suspect. The computer is installed on an ISP's server and sorts the suspect's email from the total flow of emails coming in.

  • How does Carnivore work?

    According to the FBI, Carnivore is designed to work "much like commercial 'sniffers' and other network diagnostic tools used by ISPs every day, except that it provides the FBI with a unique ability to distinguish between communications which may be lawfully intercepted and those which may not."

    Basically, all Internet traffic is broken down into bundles of information called "packets." Carnivore works as the equivalent of a telephone wiretap for the Internet, looking at each of these packets and recording the ones that relate to the matter or suspect under investigation. From the FBI's Carnivore overview.


  • What exactly can Carnivore do?

    Carnivore can be configured to do one of several things, depending on the nature of the court order issued. It can record all of the email messages sent to and from a specific email account. It can record all of the network traffic to and from a specific IP address. It can record all of the email headers (i.e. TO and FROM addresses) sent to and from a specific email account. It can record all of the servers, webpages, or FTP files visited by a particular IP address. And it can track everyone who accesses a particular webpage or FTP file. From the Carnivore FAQ.


  • When can the FBI use Carnivore?

    "Carnivore is only employed when the FBI has a court order (or lawful consent) authorizing a particular type of interception or acquisition regarding a particular criminal subject user, user address, or account number," according to Donald M. Kerr, assistant director of the FBI's Laboratory Division.

    In order for the FBI to use Carnivore, a judge must issue a court order specifying the suspect under investigation, the exact email address or IP address to be tapped, the crime being investigated, and the exact equipment to be tapped. Court orders regarding email wiretaps usually come in two parts -- one authorizing the FBI to conduct the tap and one obligating the ISP to help. From the FBI.


  • What are the two types of information Carnivore is allowed to capture?

    Most court orders will only allow the FBI to record what is called "trap and trace" and "pen register" information. Trap-and-trace information is similar to caller ID, where the phone numbers of all calls coming into a particular phone are recorded. Pen-register taps record all the phone numbers dialed out by a particular phone. Carnivore captures the same information for the Internet, allowing agents to record information about email addresses, servers, and files without recording actual content. For instance, an agent could find out who a suspect is emailing and who is emailing a suspect, but that agent could not find out what those emails are about. This type of tap is usually used in background investigations and is less invasive than a content tap, thus the legal standards necessary to receive a court order for this type of tap are reduced.

    Content wiretaps, on the other hand, are taps in which the FBI records the actual content of the emails and webpages written, received, and visited by a suspect. These taps are usually used to gather hard evidence for prosecutions. Content wiretaps can only be used when investigating certain felonies, including terrorism, drug trafficking, and kidnapping. Court orders for content wiretaps can only be issued by a federal district judge and can only be issued to FBI agents. From the Carnivore FAQ.


  • Does Carnivore conduct content searching of Internet communications?

    According to the FBI, Carnivore does not search through the content of emails for specific words or phrases, like "terrorism." It only looks at email addresses within the TO and FROM fields in an email.

    Further, Carnivore is described by the FBI as a "surgical" wiretap, designed to be installed on a specific network to collect the email and Web traffic of a specific subject. It is not designed to look through all Web traffic.


  • What laws govern the FBI's use of Carnivore?

    The Omnibus Crime Control and Safe Streets Act of 1968 makes wiretapping legal. The Electronic Communications Privacy Act of 1986 spells out how existing wiretap laws apply to the Internet. The Computer Fraud and Abuse Act of 1986 makes breaking into federal computers and trafficking in stolen passwords felonies. And the Communications Assistance for Law Enforcement Act of 1994 requires telephone carriers, including ISPs, to help with investigations. From the Carnivore FAQ.


    • For more information about Carnivore and its implications for privacy and civil liberties, visit the FBI's Carnivore overview, the Carnivore FAQ, the Electronic Privacy and Information Center's Carnivore overview, HowStuffWorks.com's explanation of how Carnivore works, and stopcarnivore.org.