Who's reading your e-mail?

carnivore.spy@FBI.gov

Revolutionary Worker #1070, September 17, 2000

Imagine someone attaching a device to your Internet connection that can read every e-mail you send and receive. Imagine a device that records every website you go to, every chat room you visit, every online click you make. Imagine a police surveillance system so powerful that it could potentially intercept anyone’s e-mail within the U.S. or around the world. Imagine that all of this has been developed by one of the most notorious intelligence agencies in the world—with a sinister record of persecuting and disrupting political movements that challenge the system. You have just imagined the Carnivore program developed by the U.S. government’s Federal Bureau of Investigation.

Many details of the FBI’s Carnivore system remain closely guarded government secrets. The existence of this system has only leaked into public view in the last few months.

This much is now known: the FBI has been secretly installing "Black Boxes" of the Carnivore system on the computers of Internet Service Providers. ISPs are institutions that provide Internet access to users—including private Internet companies like AOL or MCI, universities, corporate employers, and government agencies. These Black Boxes give government agents the ability to copy all the e-mail traffic that goes through an ISP’s server-computer. The Carnivore program contains computer software that then allows FBI agents to sift out the e-mail messages they are looking for—going to or from a particular e-mail account—and to track the Internet activity of anyone using specific Internet accounts.

This is a spy system for wiretapping the Internet. It has the potential to invade the privacy of millions of people. And it is a new weapon the FBI may already be using to spy on and disrupt radical political activities.

From Wiretapping Phone Calls to Scanning E-mail

The Clinton administration has pressed hard for laws extending federal ability to wiretap—signing the Communications Assistance for Law Enforcement Act (CALEA) which required telephone companies to design their equipment by 1998 to allow federal wiretaps of phone calls and certain "call-identifying information."

In 1999 the Federal Communications Commission (FCC) approved technical requirements proposed by the Clinton administration that would enable the police to locate individuals using cell phones.

It has already been revealed in articles in the mainstream press that the U.S. government is involved in extensive international spying on the Internet using a highly secret spying program called Echelon. The U.S. government’s National Security Agency (NSA) operates Echelon jointly with the spying agencies of allied governments. It uses a network of listening posts around the world to scan a large portion of the world’s e-mail, fax and telephone traffic. It uses keywords to pluck messages off the airwaves for government agents to read. Because Echelon is international, U.S. spy agencies receive information on U.S. citizens that they could not legally obtain inside U.S. borders. In a Congressional hearing FBI spokesman Kerr acknowledged that his agency receives information "from time to time" in this way.

Now the exposure of Carnivore reveals a new side of the U.S. government’s press for police spying. What is unique about Carnivore is that it monitors private Internet e-mail communications—something the government has apparently had difficulty doing before.

More than 1.4 billion e-mail messages are sent every day around the world—most of them in the U.S. People increasingly use Internet discussion groups and e-mail for correspondence of all kinds —including political planning and debate. The media has reported that police forces have repeatedly been surprised recently by the size of political demonstrations and actions—which were planned and publicized using e-mail and various forms of Internet discussion. Philadelphia police spied on IRC chat groups to learn about the plans of protesters during the recent Republican convention.

How It Works

The FBI political police clearly want the ability to routinely spy on the massive flow of Internet e-mail—and Carnivore deals with three built-in technical challenges of Internet wiretaps: First, people can get their e-mail from different locations, so that wiretapping their home phone is no guarantee of reading their e-mail messages. Second, Internet connections, by their nature, travel over different, rapidly changing routes every time users log on to the Internet. And third, there is an explosively growing volume of e-mail traffic, making it hard to scan the tremendous flow of Internet traffic.

The Carnivore solution is to wiretap the communication at that one point where targeted e-mail must go: through the computers of an Internet Service Provider (ISP). Everyone with an e-mail account has an ISP—a company or institution whose computers connect the user to the larger Internet. The FBI’s Black Boxes (containing both hardware and software) are installed on the ISP’s equipment—on the ISP’s "server," the computer that processes and stores e-mail from the Internet.

It remains impossible for the FBI to wiretap just one e-mail account—so these Black Boxes seize, copy, store and scan all the traffic going through an ISP’s server—which can involve the e-mail of hundreds or thousands of people. It has recently been confirmed by leading architects of the Internet, in Senate testimony, that once a Black Box is installed at a server, the FBI can wiretap anyone whose traffic runs through that server. There is every reason to suspect that the FBI intends to have Black Boxes semi-permanently installed on the servers of major ISPs, so that they can spy on traffic at will.

The Carnivore system would enable the FBI to install a Black Box in the guise of, say, investigating a case of interstate fraud—but then also intercept the e-mail traffic of political activists and organizations who use that same server. The police agents could save and store large amounts of e-mail for later analysis. The ISPs have no way of knowing what the FBI is doing with the e-mail traffic or how many people they are spying on.

The Carnivore e-mail spy system is capable of two modes: It can download entire e-mail messages going to and from a targeted e-mail account—so the contents of the messages can be read by agents. Or it can record just the e-mail addresses (the so-called "header information" not the mail content) of the e-mail traffic. Widely available encryption software can prevent government agents from reading the content of encoded e-mail messages—and the use of such encryption is spreading. But Carnivore would still enable federal agents to do a surveillance of the header information of even such encrypted messages, and develop a detailed record of the networks of people communicating together on a project.

We’re Here to Install
Your Black Box!

The FBI has refused to disclose the extent of their existing Carnivore program. They will not say where they have installed Black Boxes, how long those boxes have been in place, how many people have been targeted or how many e-mails and users have been scanned. FBI spokesman Donald M. Kerr told the Senate Judiciary Committee on September 6 that the FBI had already installed Black Boxes at least 25 times—including 16 times this year. This means that this system has already been secretly in use for over a year .

There is not yet a list of which ISPs are guilty of collaborating with FBI spying. However there have been very few court cases of ISPs resisting these Black Boxes, and it is quite possible that numerous ISPs have collaborated with the political police, accepted the Black Boxes, kept the spying secret, and handed over access to the e-mail of their subscribers.

Only one ISP is known to have resisted this police-state activity. Ehud Favron, chief technology officer of the Denver-based RMI.NET, told the Montreal Gazette that their policy was to refuse Black Box access, "I would have to say we would fight such a court order. We wouldn’t want the privacy of all users to be compromised on the basis of witch hunts for one user."

A much larger and better-known ISP, EarthLink, offered to collaborate with the FBI—but balked at installing the FBI’s Black Boxes. EarthLink offered to screen the e-mail traffic themselves—and hand over to the FBI the messages for specific targeted users. The federal agents are determined to put their full Carnivore program in place—they want the e-mail traffic to run directly through their hands. The Justice department took EarthLink to court and the ruling demanded that EarthLink install Black Boxes. All of this was done secretly. EarthLink—which has 3.5 million users—wasn’t even identified until a Wall Street Journal article made Carnivore public.

EarthLink’s approach has been supported by some liberal think tanks, like the Center for Democracy and Technology, as a solution to the problem of blanket FBI spying. However, the proposal to have ISPs do free-lance spying on behalf of the political police is no better for political activists and Internet users. It would be a terrible development if ISPs collaborated directly in this spy mania—and handed the results over to the feds.

Trust the Political Police?

"The FBI cannot and does not snoop."

Donald M. Kerr, assistant director of the FBI

"They have the ability to intercept all
e-mail moving through the ISP. That arrangement is subject to abuse, and it’s very difficult to oversee the FBI’s appropriate use of that kind of system."

David Sobel, counsel for the
Electronic Privacy Information Center

The exposure of Carnivore’s existence has caused widespread shock and outrage. The system has been denounced by many different forces interested in Internet privacy, civil liberties and radical politics. The Electronic Privacy Information Center (EPIC) has called for a suspension of the system, pending a detailed public accounting, and filed a Freedom of Information court suit demanding that the FBI release information on Carnivore. In the court hearings the FBI acknowledged that they already had 3,000 pages of documents dealing with this spying operation.

Not surprisingly, the FBI claims that its Carnivore program is restrained, necessary, highly regulated and narrowly targeted. They insist that all their e-mail wiretaps have been done with court orders. But given the nature and past practices of the FBI, there is no reason to believe any of this.

The Washington Post wrote (Sept. 7), "At a hearing on Capitol Hill yesterday, weeks of technical and philosophical debate over ‘Carnivore,’ the FBI’s controversial e-mail-sniffing tool, came down to one basic issue: trust. Can the public trust the government to limit its use of the system."

The history of the FBI over the whole last century has been a history of secret police spying and shameless bypassing of supposed legal restriction. Clearly, the FBI can only be trusted to use this system as a weapon against the people and their struggle. In addition, FBI activities have never been limited to just spying—their political police agents have engaged in all kinds of covert operations—designed to disrupt, isolate, discredit and even assassinate revolutionary political forces. Carnivore is a system that would easily lend itself to the Cointelpro-style manufacturing of false e-mails.

After the Carnivore program was exposed to the public last April, the Clinton administration announced they would set up new guidelines for the Carnivore program. In other words, they are unwilling to publicize the guidelines that Carnivore has been operating on for the last two years. The existing laws covering police spying on the Internet are vague—and the federal agents have clearly been using these loopholes to secretly extend their spying on e-mail and Internet traffic.

In a second public relations maneuver, the U.S. Attorney General Janet Reno announced that she would seek a panel of academic experts to review Carnivore (in secret) and put a rubber stamp on the program. This plan immediately ran into problems as universities contacted by the Justice Department said that intolerable restrictions were being imposed on them. The FBI refused to disclose publicly what those restrictions were.

A series of laws are being introduced and debated in Congress which would give the FBI the right to wiretap Internet e-mail by establishing a legal framework similar to the wiretapping of telephones.

Clinton’s Chief of Staff John Podesta has argued that it is time to "harmonize our existing laws" so that the FBI has the same wiretap rights in all the different communications media, that they now have with telephone conversations. One of the "discrepancies" that has been pointed out is that the Cable Act of 1984 makes much it harder for government agents to get legal wiretaps for the cable-based Internet connection—than it is for the telephone-based modem connections.

Kevin DiGregory, U.S. Deputy Assistant Attorney General, suggested in Senate testimony that the public, the Congress and the media should now focus less on Carnivore and more on issues like Internet fraud and child pornography—which is not surprising because fear over issues of child safety and fraud have been manipulated to increase public support for more police powers on the Internet.

The Clinton administration is pressing hard to expand the police ability to spy on people and political movements. They have developed and deployed this new Carnivore program—and are scrambling to defend and legalize it now that it has been exposed.

People active in defending online privacy are calling on people everywhere to demand that their ISPs publicly take a stand and disclose what their policy and history is in regard to Carnivore. The people need to know who has collaborated and find the ways to help Internet Service Providers to take a firm stand when the FBI agents come knocking. And people need to know who has dared resist—and find the ways to give them support.

The enemy is listening when you go online—and everyone determined to oppose and defeat this system should take that seriously.


This article is posted in English and Spanish on Revolutionary Worker Online
rwor.org
Write: Box 3486, Merchandise Mart, Chicago, IL 60654
Phone: 773-227-4066 Fax: 773-227-4497
(The RW Online does not currently communicate via email.)