Testimony of Donald M. Kerr, Assistant Director, Laboratory
Division, FBI
Before the United
States Senate, The Committee on the Judiciary
September 6, 2000
"Carnivore Diagnostic
Tool"
Good morning, Mr. Chairman and
Members of the Committee. I am grateful for this opportunity
to discuss with you the FBI's Carnivore system -- a system
specially designed for effectively enforcing the law while
at the same time fully complying with the law. Carnivore is
a system which we are counting on to help us in critical ways
in combating acts of terrorism, espionage, information warfare,
hacking, and other serious and violent crimes occurring over
the Internet, acts which threaten the security of our Nation
and the safety of our people. In my statement, I will touch
upon five points: why we need a system like Carnivore; why
the public should have confidence that the FBI is lawfully
using Carnivore; how Carnivore, as a special purpose electronic
surveillance tool, works; why computer network service providers,
with whom the FBI always work closely, should not be fearful
about Carnivore's use with their networks; and, as an overarching
matter, why the public should have trust in the FBI's conduct
of electronic surveillance and in its use of the Carnivore
system. In addressing these important points, we hope to set
the record straight and allay any legal, privacy, network
security, and trustworthiness concerns.
Why does the FBI need a system
like Carnivore?
By now, it has become common
knowledge that terrorists, spies, hackers, and dangerous criminals
are increasingly using computers and computer networks, including
the Internet, to carry out their heinous acts. In response
to their serious threats to our Nation, to the safety of the
American people, to the security of our communications infrastructure,
and to the important commercial and private potentialities
of a safe, secure, and vibrant Internet, the FBI has responded
by concentrating its efforts, including its technological
efforts and resources, to fight a broad array of Cyber-crimes.
While the FBI has always, as
a first instinct, sought to work cooperatively and closely
with computer network service providers, software and equipment
manufacturers, and many others to fight these crimes, it also
became obvious that the FBI needed its own tools to fight
this battle, especially where legal, evidentiary, and investigative
imperatives required special purpose tools. One such tool
is Carnivore, which I will discuss at length today. However,
before discussing Carnivore, it is important to identify and
briefly discuss some of the types of Cyber-crime threats which
we in law enforcement have been encountering, and will encounter
in the future, and concerning which Carnivore, and tools such
as Carnivore, are of critical importance to the FBI.
Terrorism:
Terrorist groups are increasingly
using new information technology (IT) and the Internet to
formulate plans, raise funds, spread propaganda, and communicate
securely. In his statement on the worldwide threat in the
year 2000, Director of Central Intelligence George Tenet testified
that terrorist groups, "including Hezbollah, HAMAS, the
Abu Nidal organization, and Bin Laden's al Qa'ida organization
are using computerized files, E-mail, and encryption to support
their operations." As one example, convicted terrorist
Ramzi Yousef, the mastermind of the World Trade Center bombing,
stored detailed plans to destroy United States airliners on
encrypted files on his laptop computer.
Other terrorist groups, such
as the Internet Black Tigers (who are reportedly affiliated
with the Tamil Tigers), engage in attacks on foreign government
websites and E-mail servers. "Cyber terrorism" --
the use of Cyber tools to shut down critical national infrastructures
(such as energy, telecommunications, transportation, or government
operations) for the purpose of coercing or intimidating a
government or civilian population -- is emerging as a very
real threat.
Recently, the FBI uncovered
a plot to break into National Guard armories and to steal
the armaments and explosives necessary to simultaneously destroy
multiple power transmission facilities in the Southern United
States. After introducing a cooperating witness into the inner
circle of this domestic terrorist group, it became clear that
many of the communications of the group were occurring via
E-mail. As the investigation closed, computer evidence disclosed
that the group was downloading information about Ricin, the
third most deadly toxin in the world. Without the fortunate
ability to place a person in this group, the need and technological
capability to intercept their E-mail communications' content
and addressing information would have been imperative, if
the FBI were to be able to detect and prevent these acts and
successfully prosecute.
Espionage:
Not surprisingly, foreign intelligence
services have adapted to using Cyber tools as part of their
espionage trade craft. Even as far back as 1986, before the
worldwide surge in Internet use, the KGB employed West German
hackers to access Department of Defense systems in the well-known
"Cuckoo's Egg" case. It should not surprise anyone
to hear that foreign intelligence services increasingly view
the Internet and computer intrusions as useful tools for acquiring
sensitive U. S. government and private sector information.
Information Warfare:
The prospect of "information
warfare" by foreign militaries against our Nation's critical
infrastructures is perhaps the greatest potential Cyber threat
to our national security. We know that several foreign nations
are developing information warfare doctrine, programs, and
capabilities for use against the United States or other nations.
Knowing that they cannot match our military might with conventional
weapons, nations see Cyber attacks on our critical infrastructures
or military operations as a way to hit what they perceive
as America's Achilles heel -- our growing dependence on information
technology in government and commercial operations. Two Chinese
military officers recently published a book that called for
the use of unconventional measures, including the propagation
of computer viruses, to counterbalance the military power
of the United States. And a Russian official has also commented
that an attack on a national infrastructure could, "by
virtue of its catastrophic consequences, completely overlap
with the use of [weapons] of mass destruction."
Child Pornography and Sexual
Exploitation of Children:
Through the FBI's "Innocent
Images" case, and others, it has become abundantly clear
that certain adults are using computers and the Internet widely
to disseminate child pornography and to entice young children
into illegal and often violent sexual activity. Such sexual
predators find the Internet to be a well-suited medium to
trap unwary children. Since 1995, the FBI has investigated
nearly 800 cases involving adults traveling interstate to
meet minors for the purpose of illegal sexual relationships,
and more than 1850 cases involving persons trading child pornography
-- almost all of these involve the exchange of child pornography
over the Internet.
Serious Fraud:
One of the most serious criminal
threats facing the Nation is the use of the Internet for fraudulent
purposes. For example, securities offered over the Internet
have added an entirely new dimension to securities fraud investigations.
The North American Securities Administrators Association has
estimated that Internet-related stock fraud results in a loss
to investors of approximately $10 billion per year (or nearly
$1 million per hour). In one case, on March 5, 2000, nineteen
people were charged in a multimillion-dollar insider trading
scheme. At the core of the scheme, the central "insider"
figure went online and found others in ISP chat rooms. He
soon was passing inside information on clients of several
brokerage firms to two other individuals in exchange for a
percentage of any profits they earned by acting on it. For
2 ½ years, this person passed inside information, communicating
almost solely through online chats and instant messages, with
the insider receiving $170,000 in kickbacks while his partners
made $500,000.
Why should the public have
confidence in the FBI's lawful use of Carnivore?
There are a number of reasons
why the public should have confidence in the FBI's lawful
use of Carnivore. First of all, since 1986, with the enactment
of the Electronic Communications Privacy Act of 1986 (ECPA),
which amended Title III of the Omnibus Crime Control and Safe
Streets Act of 1968 (Title III), Congress created statutory
legal protection for all types of wire and electronic communications'
content, including computer and Internet-based communications'
content, consistent with the Constitution. The ECPA also created
statutory privacy protection for "transactional records"
pertaining to an electronic communications provider's provision
of services to a customer or subscriber consistent with the
Constitution. The term "transactional records,"
as used here, includes addressing (e.g., in the context of
E-mail communications, the "to" and "from "lines
-- but not the "subject" or "re" lines),
routing, billing, or other information maintained or generated
by the service provider. "Transactional records"
do not include the content (substance, purport or meaning)
of E-mails or other communications. Correspondingly, in the
ECPA, Congress regulated all governmental electronic surveillance
interceptions of communications' content and all acquisitions
of communications addressing and transactional record information
consistent with the Constitution. Under the ECPA, all such
electronic surveillance efforts require some form of court
order, either a full Title III (probable cause-based) court
order for obtaining communications' content or an ECPA-created
court order based upon relevancy for communications' addressing
and transactional record information. Of course, there are
"emergency" provisions whereby surveillance is permitted
to proceed immediately, when high-level Department of Justice
authorization is obtained, so long as a court order is filed
within 48 hours.
Under Title III, applications
for electronic surveillance must demonstrate probable cause
and state with particularity and specificity: the offenses
being committed, the communications facility regarding which
the subject's communications are to be intercepted, a description
of the types of conversations to be intercepted, and the identities
of the persons committing the offenses and anticipated to
be intercepted. Clearly, the criminal electronic surveillance
laws focus on gathering hard evidence -- not intelligence.
Under this law, the FBI cannot, and does not, "snoop."
In obedience of the law, the
FBI obtains judicial authorization, in terms of always obtaining
the appropriate court order required when intercepting wire
and electronic communications' content or when acquiring addressing
information and transactional record information, or lawful
consent, regardless of whether they are occurring over a computer
or telecommunications network. The FBI's use of the Carnivore
system -- approximately 25 times in the last two years-- has
in every case and at all times been pursuant to such a judicially-granted
court order or lawful consent. In every case, we only deploy
Carnivore after serving a court order on an ISP (or after
obtaining lawful consent of a party to the communication)
and then only after working closely with the ISP technicians
or engineers in installing it. Parenthetically, where the
ISP is equipped to fully and properly implement the court
order or consensual authorization, the FBI leaves the interception
to the ISP and does not rely upon Carnivore. Moreover, if
an FBI employee were to attempt to acquire such content or
information using Carnivore without obtaining a court order
or appropriate consent, it would be a serious violation of
the law -- a federal felony, thereby subjecting the employee
to criminal prosecution, civil liability, and termination.
Finally, FBI employees fully understand that the unlawful
interception of the content of private communications will
lead to the suppression of any and all tainted evidence and
any evidence or fruits derived therefrom. In short, the penalties
for violating the electronic surveillance laws are so severe
as to dissuade any such unlawful behavior, even if someone
were so inclined.
Those who have raised legal
concerns regarding Carnivore have principally asserted that
(1) through its use of Carnivore, the FBI is collecting more
information than a given pen register or trap and trace court
order permits, or (2) while using Carnivore, the FBI is acquiring
more information under such order than that order should
lawfully permit.
As to the first assertion (as
will be explained in detail below), in many investigative
situations (principally those involving pen register or trap
and trace court orders), Carnivore -- far better than any
commercially-available sniffer -- is configurable so as to
filter with precision certain electronic computer traffic
(i.e., the binary computer code, the fast-flowing streams
of O's and 1's) such that, in each case, FBI personnel only
receive and see the specified communications addressing information
associated with a particular criminal subject's service, concerning
which a particular ECPA court order has been authorized. Further,
to our knowledge, there are few, if any, electronic surveillance
tools that perform like Carnivore, in terms of its being able
to be tailored to comply with different court orders, owing
to its ability to filter with precision computer code traffic.
In fact, the genesis for some
of the technological functionality of Carnivore was the result
of the FBI's decision, made in light of privacy and investigative
concerns, that prudent practice, with regard to computer network-based
electronic surveillance, dictated that the communications'
addressing information gleaned through technical equipment
the FBI would be using should, to the fullest extent possible,
correspond to that information authorized for acquisition
and use under law. In this regard, prior to our development
of Carnivore, the FBI, consistent with the Constitution and
the legal mandate found in 18 U.S.C. 3121, was using "technology
reasonably available to it" which permitted the acquisition
of communications' addressing information, but which necessitated
minimization. However, while the technology then available
(principally commercial sniffers) worked as well as could
be expected, as discussed in greater detail below, such equipment
had never been designed as a law enforcement electronic surveillance
tool, and hence had shortcomings. Not knowing if, or when,
market forces would lead to the development of a law enforcement
electronic surveillance tool, the FBI took the initiative.
In this context, we want to
make sure that both the Congress and the public understand
that, in using Carnivore, there is no broad-brush acquisition
by either Carnivore or by FBI personnel of the "contents
of the wire or electronic communications" of all ISP
users -- such as to constitute an unauthorized Title III "intercept."
Carnivore only intercepts the communications of that particular
criminal subject for which a Title III order has been obtained.
Similarly, we want everyone to understand that, in using Carnivore,
there is no broad brush collection, storage, or review, by
either Carnivore or by FBI personnel, of the addressing or
transactional information regarding any ISP user beyond that
pertaining to the criminal subject's service for which an
ECPA court order under 18 U.S.C. 3123 and 18 U.S.C. 2703(c)(d)
has been obtained.
As to the second assertion,
some have stated that, in their opinion, the FBI is acquiring
more information when it uses Carnivore to acquire communications
addressing and transactional record information than it should
be entitled to under the Constitution or under the ECPA statutory
regimes found in Chapters 206 and 121 of Title 18 of the United
States Code, and, in particular, under the court order authorities
within 18 U.S.C. 3123 and 18 U.S.C. 2703(c)(d). By way of
response, and more to the point, it appears that much, if
not most, of this contention regarding governmental access
to communications addressing and transactional information
emanates from concerns about the use of electronic surveillance
generally, as opposed to the FBI's use of Carnivore in particular.
However, there is little or nothing in law or Federal jurisprudence
to support the contention that has been asserted in this regard.
In 1979, the U.S. Supreme Court
ruled that, because there was no justifiable or reasonable
expectation of privacy in the electronic impulses dialed and
transmitted over the telephone lines of a service provider
to initiate a telephone call, no Fourth Amendment search or
seizure was implicated, and, accordingly, that no legal right
or protection regarding governmental acquisition of such information
was cognizable or afforded under the Constitution (see,
Smith v. Maryland, 442 U.S. 735 (1979). Similarly, the
U.S. Supreme Court had earlier found no Constitutional right
or protection against the Government's warrantless acquisition
of banking information that had been disclosed by a customer
to a third party financial institution (see, United States
v. Miller, 425 U.S. 435, 442-444 (1976)). Hence, then,
at least as a matter of Constitutional law, the Supreme Court
has found no Constitutional requirement for a probable cause-based
warrant in order to acquire transactional records or information
that a customer conveys or transmits to third parties such
as banks and telephone service providers.
In 1986, in enacting the ECPA's
Title II and Title III provisions, the Congress was aware
of the foregoing Supreme Court rulings and sought to "create"
new privacy protection in statute to protect a subscriber's
communications addressing and transactional record information.
Also, just as it intended to afford statutory privacy protection
for such information, Congress also created appropriate and
commensurate court order authorities for lawful governmental
use in acquiring such information. In doing so, Congress made
very reasonable, considered, and balanced determinations as
to the level of privacy protection that was appropriate for
each type of information at issue. Now, although it is true
that there have been great changes in computer technology
since 1986, the core statutory privacy principles and fault
lines applicable to protecting computer-based communications
content, on the one hand, and communications addressing information,
on the other, as well as to their lawful interception or acquisition,
have remained quite stable.
Since 1986, and long before
the advent and use of Carnivore, the FBI and many other Federal,
State, and local governmental authorities having been lawfully
acquiring computer network-based addressing and transactional
information from both telecommunications carriers and Internet
Service Providers (ISPs) under court order as anticipated
by Congress within the ECPA, i.e., the court order authorities
set forth within 18 U.S.C. 3123 and 18 U.S.C. 2703(c)(d).
Governmental surveillance in this area has proceeded based
upon the rightful premise that, with the appropriate ECPA
court order(s), each and every type of communications addressing
and transactional record information found within telecommunications
and computer networks could be lawfully acquired. Since the
ECPA was enacted, federal courts throughout the country have
consistently authorized ECPA-based court orders applied for
by the Department of Justice and the United States Attorneys'
Offices, under the authorities set forth within 18 U.S.C.
3123 and 18 U.S.C. 2703(c)(d), with regard to the types of
governmental access to and acquisition of computer network
addressing information currently being complained of, without
finding Constitutional or statutory impediment.
Finally, with specific reference
to Carnivore, in the approximately 25 instances wherein its
use has occurred, the courts have approved the applications,
in terms of what was lawfully obtainable through the federal
statutory regime(s) and/or court orders cited above, and in
terms of the information which Carnivore, through its filtering,
enables FBI personnel to lawfully receive or see under these
regimes. In the only case challenging Carnivore's intended
use (in a case involving the acquisition of E-mail addressing
information under the court order authorities set forth within
18 U.S.C. 2703(c)(d) and 18 U.S.C. 3123), the court sided
with the Government, finding that the addressing information
to be acquired through the Government's use of Carnivore was
no more intrusive than the information acquired through a
conventional pen register under 18 U.S.C. 3123.
How does Carnivore work,
and why the FBI believes Carnivore is superior from a legal,
privacy, investigative, evidentiary and technological perspective
to commercial sniffers?
Carnivore is a very effective
and discriminating special purpose electronic surveillance
system. Carnivore is a filtering tool which the FBI has developed
to carefully, precisely, and lawfully conduct electronic surveillance
of electronic communications occurring over computer networks.
In particular, it enables the FBI, in compliance with the
Constitution and the Federal electronic surveillance laws,
to properly conduct both full communications' content interceptions
and pen register and trap and trace investigations to acquire
addressing information.
For many electronic surveillance
purposes, Carnivore is superior to any commercially-available
"sniffer" tool which ISP network administrators
typically might use for network oversight, management, and
trouble-shooting. In the ISP world, such sniffers are the
closest thing to what would be considered an electronic surveillance
interception device. Such sniffers, however, were never designed
or intended to be a special purpose electronic surveillance
tool, and therefore they are not best suited to protect the
privacy rights afforded by the Constitution or by statute.
It's important to describe the
context of when and how Carnivore is used and the way Carnivore
works. It's most critical to clearly understand what Carnivore
discloses and, more importantly, what it does not disclose
to the FBI personnel who use it.
First of all, as emphasized
above, Carnivore is only employed when the FBI has a court
order (or lawful consent) authorizing a particular type of
interception or acquisition regarding a particular criminal
subject user, user address, or account number. Second, when
an ISP can completely, properly, and securely comply with
the court order on its own, the FBI does not need to deploy
Carnivore. Third, if a decision is made to use Carnivore,
the FBI never deploys it without the cooperation and technical
assistance of the ISP technicians and/or engineers. Fourth,
through working with the ISP, Carnivore is positioned and
isolated in the network so as to focus exclusively upon just
that small segment of the network traffic where the subject's
communications can be funneled. This is roughly analogous
to using an electronic surveillance device only within in
a single trunk or cable within a telephone network. Stated
differently, and contrary to the statements of some critics,
Carnivore is not positioned to filter or access 'in a Big
Brother mode, all subscriber traffic throughout an ISP network.'
In illustrating its functionality,
it is important to understand that Carnivore's filtering operates
in stages. Carnivore's first action is to filter a portion
of an ISP's high speed network traffic. Specifically, it filters
binary code -- streams of O's and 1's that flow through an
ISP network, for example, at 40 mega-bits per second, and
often at much higher speeds. Carnivore operates real time
with these speeds. To visualize this, imagine a huge screen
containing 40 million O's and 1's flashing by on this screen
for one second, and for one second only. Carnivore's first
effort -- entirely within the Carnivore box -- is to identify
within those 40 million O's and 1's whether the particular
identifying information of the criminal subject (for which
a court order has been authorized) is there.
If the subject's identifying
information is detected, the packets of the subject's communication
associated with the identifying information that was detected,
and those alone, are segregated for additional filtering or
storage. However, it's critically important to understand
that all of those 40 million O's and 1's associated with other
communications are instantaneously vaporized after that one
second. They are totally destroyed; they are not collected,
saved, or stored. Hence, FBI personnel never see any of these
40 million O's and 1's, not even for that one second. Continuing
the illustration, if the subject's identifying information
is not in that screen, then the next screen of 40 million
O's and 1's flashes by at the same rate, and the process described
above is repeated in identical fashion until the subject's
identifying information is detected.
After exclusively segregating
the subject's information for further machine processing,
then a second stage of filtering is employed. At this point,
and again all within the Carnivore box, Carnivore checks
its programming to see what it should filter and collect for
processing. In other words, it determines if it's supposed
to collect comprehensively -- in a full Title III or FISA
mode -- or, alternatively, whether it's only to collect pen
register or trap and trace transactional and addressing information.
Importantly, this is where some
of Carnivore's key legal, evidentiary, and privacy-enhancing
features really kick in. To address the particular concerns
that have been raised regarding what is filtered and processed,
and what FBI personnel see and don't see, its useful to illustrate
how Carnivore operates, for example, in a pen register or
trap and trace transactional and addressing information mode,
pursuant to authorities set forth within 18 U.S.C. 3123 and
18 U.S.C. 2703(c)(d). Under these circumstances, Carnivore
only collects transactional and addressing information. It
is programmed to filter out all content, including subject
line and "re" information.
For example, certain pen register
or trap and trace orders will authorize collection of simply
"source,""destination," date, time, and
duration of the message. Others will authorize collection
of "source,""destination,""user account
address," date, time, and duration. Again, each collection,
and the filters being employed, are tailored to a particular
court order's authorization.
At this point, an explanation
on a more technological and functional level is warranted
as to why, with regard to pen register and trap and trace
transactional and addressing information usage, Carnivore's
use was necessitated by certain privacy, evidentiary, and
investigative concerns. Commercially-available sniffers do
a very good job in many circumstances of filtering and segregating
ISP information, especially in Title III interceptions. However,
in other cases, where more stringent legal, evidentiary, and
law enforcement investigative requirements exist, many sniffers
would collect either too much information, such as collecting
all of the information regarding a given criminal subject's
account, or, alternatively, fail to collect the authorized
information at all.
For example, because of differences
and vagaries in network protocols and header addressing information
and their implementations by ISPs, collections with these
commercial sniffers often do not cut off the header addressing
information at the precise point. This can lead to a small
amount of a communications' content being included (such as
the "subject line") which then must be minimized
by human review. Hence, resort to commercial sniffers alone
under certain circumstances raises privacy concerns and interferes
with the FBI's investigative resources. While such sniffer
capabilities might suffice for non-law enforcement network
administration purposes, it is less than perfect from a law
enforcement point of view. Carnivore's development was driven
by a need to address such issues.
In another area with significant
legal, evidentiary, and investigative ramifications, Carnivore
is superior to commercial sniffers. Commercial sniffers are
typically designed to work only with fixed IP addresses. Unfortunately,
dynamic addressing within ISPs occurs probably in 98-99% of
the cases. Hence, the use of commercial sniffers, without
more, would be ineffective in 98-99% of court authorized collections.
Carnivore was specifically designed to interface with ISP
networks so that when dynamic addressing occurs it can immediately
respond to it. Finally, while it is true that other efforts
with ISPs can address this problem, this problem is effectively
and efficiently resolved technically by Carnivore.
In still another area with significant
legal, evidentiary, and investigative ramifications, Carnivore
has the ability to filter and collect Simple Mail Transfer
Protocol (SMTP) traffic sent to or from a specific user. Most,
if not all, commercial sniffers would collect all E-mails
and then require a human visual search to find the targeted
E-mail. This obviously is wanting from a privacy and operational
perspective. Carnivore, on the other hand, has the ability
to conduct very surgical acquisitions of only a targeted criminal
subject's E-mail.
To repeat, during all the
filtering/processing noted above, no FBI personnel are seeing
any information -- all of the information filtering/processing,
and purely in a machine-readable format, is occurring exclusively
"within the box."
Now, at the end of all the filtering
and processing, there, of course, is information that ultimately
is collected and stored for human review. Hence, what finally
reaches the hands of FBI personnel in every case is simply
and only that particular information lawfully authorized by
the court order -- and no more.
Finally, Carnivore includes
another piece of important functionality. For evidentiary
purposes, and as an audit history, Carnivore was also designed
to append to an event file for each collection the filter
configuration that was used in that collection. This information
tells the FBI personnel -- and indeed it tells the world,
including a court, defense counsel, and a jury -- what mode
the device was operating in (what it was programmed to collect),
so as to allay any suspicion that more information was being
passed along to FBI personnel.
As you know, Rule 901 of the
Federal Rules of Evidence requires the authentication of evidence
as a precondition for its admissibility. The use of the Carnivore
system by the FBI to intercept and store communications establishes,
with much less human interaction and without the potential
for human error, a trustworthy machine-based memorialization
of the evidence. It also establishes a reliable first link
in an undisturbed chain of custody, and it facilitates the
ease and accuracy of a witness' testimony by permitting the
witness to testify as to the retrieval of the evidence and
as to the purely technological method by which the evidence
was acquired and recorded. Finally, Carnivore is being upgraded
by adding an integrity feature which will further demonstrate
the authenticity of the information, by imprinting on the
evidence the collection mode being used. It thus helps prove
authenticity, by demonstrating that no alteration has been
made to the filter settings employed or to the information
obtained. As an evidentiary matter, such features strengthen
showings of "chain of custody," authenticity, and
non-alteration.
Why computer network service
providers should not be fearful about Carnivore's use with
their networks
Notwithstanding assertions to
the contrary, the Carnivore system is safe to operate with
IP networks. As noted above, Carnivore is only installed in
that small segment of the computer network through which the
criminal subject's communications traffic will pass. The Carnivore
system is connected with the network by a bridging device
that physically prevents Carnivore from transmitting into
the network. Thus, as a technological certainty, there is
absolutely no way it could possibly have any ability to transmit
any information or thing into the network.
Importantly, Carnivore is only
attached to the network after consultation with, and after
obtaining the agreement and assistance of, technical personnel
from the ISP. It is worth noting that, to date, the FBI has
never installed Carnivore with an ISP's network without first
obtaining the assistance of the ISP's technical personnel.
The Internet is a highly complex and heterogeneous environment
in which to conduct electronic surveillance, and I can assure
you that without the technical knowledge of the ISP's personnel,
it would be very difficult, and in some instances impossible,
for law enforcement agencies to act unilaterally and successfully
in implementing such a technical effort. Moreover, the FBI
particularly depends upon the ISP personnel to understand
the protocols and architecture of their particular networks.
Some critics have also asserted
that the use of the Carnivore system introduces significant
new vulnerabilities for hacking access. But such assertions
miss the mark. With regard to hacking, and considering the
hacking methodologies most commonly employed, there would
be absolutely no greater qualitative value in trying to use
the Carnivore system as an access point than any other access
point or node in the Internet, concerning which there are
literally millions. Indeed, recognizing that Carnivore is
a law enforcement surveillance tool, a hacker's attempted
use of it as an access path would be particularly foolish
inasmuch as access to Carnivore, as noted above, would never
create an actual transmission path into the network.
Lastly, there has been the suggestion,
in prior Congressional testimony, that the Carnivore system
had caused a network crash or other problems in the network
of a particular ISP. Let me emphasize that such a suggestion
is simply factually incorrect. In the instance cited, the
cause of the network problem (there was no crash) -- it was
in the nature of a network slowdown-- was programming steps
undertaken exclusively by that ISP's technicians, and entirely
on their own.
Why should the public have
trust in the FBI's conduct of electronic surveillance, and,
in particular, in its use of the Carnivore system
We believe that the American
public should have trust in the FBI's conduct of electronic
surveillance, principally because it has an outstanding record
of lawfully complying with the Federal electronic surveillance
laws which the Congress first enacted over thirty years ago,
in 1968. Although the assertion of widespread 'illegal FBI
wiretapping' is frequently made, and is an article of faith
for some, the facts in no way support it. Any careful review
of the dockets of the Federal courts offers no support to
the assertion of FBI electronic surveillance abuse during
these years. Indeed, all FBI electronic surveillance is authorized
and carefully supervised by many different "outside"
entities.
To begin with, in every FBI
investigation involving electronic surveillance, all surveillance
efforts are approved, monitored, and overseen at each step
of the way by both the local United States Attorneys Office
and the appropriate U.S. District Court Judge (for Title IIIs)
or Magistrate (for ECPA court orders). In surveillance conducted
under the Foreign Intelligence Surveillance Act (FISA), FBI
surveillance efforts are approved, monitored, and overseen
by the Department of Justice's Office of Intelligence Policy
and Review, and by the Foreign Intelligence Surveillance Court,
respectively. Moreover, before any full-blown Title III or
FISA electronic surveillance involving the interception of
communications' content is approved, lengthy, multi-layered,
and thorough reviews occur both within the FBI and within
the Department of Justice, and, as a statutory mandate, high-level
Department of Justice approval is required for all such surveillance.
For more than three decades
now, FBI electronic surveillance has been closely supervised
and monitored by the Department of Justice. There has been
no indication of FBI abuse. Indeed, the Department of Justice
typically points to the FBI as an agency model with regard
to how to carefully and lawfully conduct electronic surveillance.
Aside from Executive and Judicial
Branch review of FBI electronic surveillance efforts, the
Congress itself exercises frequent and ongoing oversight over
the FBI's conduct of electronic surveillance in a number of
ways. Year in and year out, numerous Congressional Committees
(and their staff) involved in authorizations and appropriations
scrutinize FBI expenditures, programs, and even equipment.
Committees on the Judiciary and Intelligence frequently hold
hearings, such as this, and submit written questions to be
addressed by the FBI. Further, since Title III's enactment
in 1968, the Congress has revisited the Federal electronic
surveillance laws on a number of occasions: in 1978 (FISA),
in 1986 (ECPA), and in 1994 (CALEA). And, as the Committee
is well aware, each time the Federal electronic surveillance
laws are updated there is a substantial subtext to the legislative
initiative wherein the Congress considers and reconsiders
whether such laws are working well and whether there is any
significant indication of abuse such as to warrant the laws'
curtailment or modification. However, with each of these pieces
of legislation, the Congress has never found or suggested
that the law enforcement community, in general, or the FBI,
as an agency, in particular, was abusing the electronic surveillance
authorities.
Further, in recent years, it
has become somewhat commonplace for members of the Congress
to request a visit to the FBI's Engineering Research Facility
(ERF) to permit themselves and/or their staff to understand
FBI surveillance methodologies, etc., better. Beyond these,
every year the Administrative Office of the United States
Courts sends to the Congress the yearly "Wiretap Report"
which specifies Federal, State, and local law enforcement's
Title III electronic surveillance activities. Likewise, and
also pursuant to Federal statute, every year the Department
of Justice submits to the Congress a report regarding the
use of pen register and traps and traces conducted by law
enforcement agency components within the Department. Further,
several years ago, as a part of the Anti-terrorism and Effective
Death Penalty Act of 1996, the Congress requested a Report
from the Department of Justice which was to specifically include
a review of any abuse in law enforcement's conduct of electronic
surveillance. In the Report submitted by the Department of
Justice, it was pointed out that law enforcement errancy in
this area was rare, and did not suggest any significant problem.
In particular, there was no citation as to abuse by the FBI.
At this point, it may be useful
to briefly discuss another vital component in the overall
electronic surveillance/Carnivore mix: the FBI personnel who
use it.
In this regard, the Committee
would truly be missing a significant part of the story if
we failed to point out the quality of the FBI personnel involved
and the ways in which they perform their tasks. To begin with,
to become an FBI employee requires a substantial showing of
trustworthiness, lawfulness, and personal and professional
integrity -- all of which must be demonstrated through the
conduct of an extensive and very thorough national security-level
background investigation. To be sure, the structure of the
FBI would quickly collapse if the agency and all of its onboard
employees could not trust without reservation its new employees.
And the FBI certainly does not recruit honest and law-abiding
people only to turn around and employ them in corrupt and
dishonest ways. Indeed, in contrast with the requirements
placed upon many of the personnel employed by telecommunications
and computer network service providers (who may have some
role in implementing electronic surveillance orders), all
FBI employees are specifically sworn to uphold the Constitution,
obey the law, and to faithfully execute the laws of the land.
Of course, and as noted above,
it is emphasized to all FBI employees that any type of illegal
electronic surveillance would be a serious violation of the
law -- a federal felony, thereby subjecting the employee to
criminal prosecution, civil liability, and termination. Further,
FBI employees are made to fully understand that any unlawful
surveillance will likely lead to the suppression of any and
all tainted evidence and any evidence or fruits derived therefrom.
In short, it is made clear that any such unlawful behavior
will not be tolerated.
All FBI personnel involved in
conducting electronic surveillance are thoroughly and specifically
trained about the Federal electronic surveillance laws. This
is particularly so for the FBI Technically Trained Agents
(TTAs) who receive specialized training in the conduct of
electronic surveillance, including legal instruction, at the
FBI's Engineering Research Facility (ERF) in Quantico, Virginia.
This training weds together the black letter law with the
"hands on" technical level implementations of electronic
surveillance. Moreover, FBI personnel involved in electronic
surveillance are involved in ongoing consultation with attorneys
from the FBI's Office of the General Counsel, the FBI Field
Office's Chief Division Counsel, the Department of Justice,
and the Offices of United States Attorneys.
Access to and the use of FBI
electronic surveillance equipment is controlled administratively,
and usually requires a trained specialist to operate it. Hence,
the large pool of FBI Special Agents and support employees
never have access to, or competency in the use of, such highly-specialized
pieces of surveillance equipment.
In sum, over the last 32 years,
the FBI's record of properly conducting court authorized electronic
surveillance is a very good one -- one that we believe should
command the trust of the public and the Congress.
With regard to Carnivore, it
is a relatively new electronic surveillance tool, and has
only been used within the last two years. Trust in the FBI's
use of Carnivore, we believe, should at least in part rest
upon the FBI's openness and willingness to discuss this device.
Indeed, perhaps the most telling fact about Carnivore, as
an electronic surveillance tool, is that, in an unprecedented
fashion, the FBI has shared with numerous entities in the
public Carnivore's (and/or some of its technical counterparts')
purpose and basic functionality -- long before any concerns
were raised and before any Congressional hearings were scheduled.
Ironically, the most central
fact and aspect of the entire matter has gotten lost: that
the FBI has spent a considerable amount of time, money, and
energy in developing an electronic surveillance tool with
the exclusively laudable purposes of better satisfying the
Constitutional standard of particularity, the Title III and
ECPA precepts of minimization, as well the legal, privacy-based,
and societal concerns associated with careful, precise, and
lawful surveillance efforts.
As the Committee may be aware,
the FBI has briefed a wide-ranging variety of entities: governmental
attorneys, leading ISPs, leading Information Technology (IT)
companies, leading telecommunications service providers, academic
labs, and software manufacturers as to the functionality of
the Carnivore system. Hence, if, for the sake of argument,
the FBI had ever possessed any untoward intentions, in terms
of using Carnivore in a stealthy, illegal, or abusive way,
it certainly went about pursuing them in the wrong way. In
fact, the FBI's openness with regard to Carnivore should,
in and of itself, properly and reasonably instill public confidence
and trust, notwithstanding that some of its detractors may
disagree with some aspect of Carnivore.
Of course, with regard to Carnivore,
the same strict personnel, legal, training, and security practices
apply. Further, given that relatively few of these devices
are even available throughout the entire FBI, those in existence
are under the custody and control of but a few FBI technically-trained
personnel.
Finally, the FBI, in concert
with the Department, has welcomed a review of the Carnivore
system. The FBI believes that when all is said and done the
FBI and the Carnivore device will receive a clean bill of
health, and thereby hopefully more fully instill public confidence
and trust in this important and critically needed investigative
tool.
Conclusion
In conclusion, I would like
to say that over the last ten years or more, we have witnessed
a continuing, steady growth in computer and Internet-related
crimes, including extremely serious acts in furtherance of
terrorism, espionage, infrastructure attack, as well as the
more conventional serious and violent crimes, to include child
pornography and exploitation. These activities which have
been planned or carried out, in part, using computers and
the Internet pose challenges to the U.S. law enforcement community
that we dare not fail to meet. In turn, the ability of the
law enforcement community to effectively investigate and prevent
these serious crimes is, in part, dependant upon our ability
to lawfully and effectively intercept and acquire vital evidence
of these crimes, and our ability to promptly respond to these
harms that so threaten the American public. As the Internet
becomes more complex, so too do the challenges placed upon
us to keep pace. Without the continued cooperation of our
industry partners and important technological innovations
such as the Carnivore system, such a task would be futile.
I look forward to working with
the Committee staff to provide more information and welcome
your suggestions on this important issue. I will be happy
to answer any questions that you may have. Thank You.
|