1 / 45

Carnivore: The Limits of Intrusion

Carnivore: The Limits of Intrusion. By Wael Eldashan Tony Provencio CSE 190 Swati Saparia Professor Karin Karen Yang 6.4.02. What Carnivore Is. Carnivore is an FBI assistance program that helps ISP overcome technical difficulties when complying with court orders.

bernie
Download Presentation

Carnivore: The Limits of Intrusion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Carnivore: The Limits of Intrusion By Wael Eldashan Tony Provencio CSE 190 Swati Saparia Professor Karin Karen Yang 6.4.02

  2. What Carnivore Is • Carnivore is an FBI assistance program that helps ISP overcome technical difficulties when complying with court orders. • It is a packet sniffer that eavesdrops on packets and watches them go by, then saves a copy of the packets it is interested in. • It works as a passive monitoring system that does not corrupt the emails that it monitors. • The FBI is not allowed to put Carnivore on the network unless the ISP claims it cannot (or will not) comply with the court order.

  3. What Packet Sniffers Observe • Which Web sites you visit • What you look at on the site • Whom you send e-mail to • What's in the e-mail you send • What you download from a site • What streaming events you use, such as audio, video and Internet telephony • Who visits your site (if you have a Web site)

  4. The Process

  5. Content-Wiretap A telephone "content wiretap" is where law enforcement eavesdrops on the suspect's telephone calls, recording the oral communications on tape. Carnivore can do similar things for Internet communication: • capture all e-mail messages to and from a specific user's account • capture all the network traffic to and from a specific user or IP address

  6. Trap and Trace/Pen-Register • capture all the e-mail headers (including e-mail addresses) going to and from an e-mail account, but not the actual contents (or Subject: line) • list all the servers (web servers, FTP servers) that the suspect accesses, but don't capture the content of this communication • track everyone who accesses a specific web page or FTP file • track all web pages or FTP files that a suspect accesses

  7. Implementation: 1. The FBI has a reasonable suspicion that someone is engaged in criminal activities and requests a court order to view the suspect's online activity 2. A court grants the request for a full content-wiretap of e-mail traffic only and issues an order 3. The FBI sets up a Carnivore computer at the ISP to monitor the suspect's activity.

  8. Implementation: 4. The FBI configures the Carnivore software with the IP address of the suspect to capture packets only from this particular location ignoring all other packets. Carnivore copies all of the packets from the suspect's system without impeding the flow of the network traffic. 5. Once the copies are made, they go through a filter that only keeps the e-mail packets and determines what the packets contain based on the packet’s protocol. The e-mail packets are saved to the Jaz cartridge.

  9. Implementation: 6. Once every day or two, an FBI agent visits the ISP and swaps out the Jaz cartridge. The surveillance cannot continue for more than a month without an extension from the court. 7. The captured data is processed using Packeteer and Coolminer. If the results provide enough evidence, the FBI can use them as part of a case against the suspect.

  10. Main Concerns: • How (exactly) Carnivore works, and whether there are bugs that lead to privacy violations. • How Carnivore can be misused by law enforcement. • The privacy debate of wiretaps in general, and the changing rules of the Internet in particular.

  11. StakeHolders: • FBI • Civil Liberties Groups • Software Developers • ISPs • Academic/Research Community • Public • Hackers

  12. FBI: Carnivore Monitors… • Organized crime groups • Drug trafficking organizations • Illegal hackers • Terrorists • Child pornography/exploitation • Espionage • Information warfare • Fraud

  13. FBI:Checks On Implementation • Interception limited to certain felony offenses • Applications must indicate that normal investigative techniques have been tried and failed/will not work/too dangerous • Must demonstrate probable cause with particularity and specificity (i.e. offenses committed, place of interception, description of interceptions, persons committing offences)

  14. FBI:Checks On Implementation • Subject to internal government controls ( i.e. FBI, DOJ) • Penalties for misuse • Exclusion of evidence and criminal and civil penalties

  15. FBI:The Fourth Amendment The Fourth Amendment States: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

  16. FBI:Addressing these Concerns • The system must strike a reasonable balance between competing interests- the privacy interests of telecommunications users, the business interest of service providers, and the duty of government investigators to protect public safety. • Requires warrant specifying who suspect is, what lines will be tapped, type of information to be seized • Seizure of email is held to higher standard than normal search warrants (requires Federal District judge or higher)

  17. Civil Liberties Groups • ACLU • The Cato Institute • Electronic Frontier Foundation • Muslim Groups • EPIC

  18. ACLU • Carnivore is unnecessary • The Fourth Amendment is founded on the premise of distrust of law enforcement • Allows for too much government intrusion in everyday lives

  19. The Cato Institute • What limits are we willing to accept on intrusion of our everyday lives? • Some point to Israel’s so-called war on terror as an example of where the line could be drawn • “They have decided to have armed soldiers on every other block, excruciatingly tight security at airports and in government buildings, racial profiling, tortures and lax standards for obtaining and using evidence against defendant. We ought to be aware of what the Israelis are doing and whether that’s the sort of thing we would do.” • William A. Niskanen of the Cato Institute

  20. EFF • The use of packet analyzers on the Internet captures much more information from an individual than does the use of pen registers and trap and trace devices used on traditional land-line telephone systems • The Carnivore system appears to exacerbate the over collection of personal information by collecting more information than it is legally entitled to collect under traditional pen register and trap and trace laws • Systems like Carnivore have the potential to turn into mass surveillance systems that will harm our free and open society.

  21. MUSLIM GROUPS • Ibrahim Hooper, communications director of the Council on American-Islamic Relations, said he feared that with anti-Muslim feelings running high in the country due to September 11, Congress might respond with action that would diminish the rights of Muslim Americans. • Secret evidence. • “We’re getting reports every day of beatings, harassments, shots fired at mosques. We know people’s emotions run high but our rights are not subject to circumstances, but are inalienable.”

  22. EPIC • Carnivore disrupted anti-terror investigation • Internal memo calls over collection of data part of pattern showing inability of FBI to manage foreign intelligence wiretaps

  23. SOFTWARE DEVELOPERS • Stephen Mencik • Technical lead for Independent Review of Carnivore • Robert Graham • CEO, hacker, worked on destroying Morris Worm

  24. CARNIVORE’S PREDECESSORS 1) They must obtain a warrant , that is limited • "Pen Register" or "Trap and Trace" warrant. 2) Foreign Intelligence Surveillance Act (FISA). • Circuit switching V. packet switching

  25. Under the Patriot Act, the FBI’s Powers Have Been Expanded • First, warrants can be obtained under FISA if intelligence gathering is only a "significant purpose," rather than the "primary purpose." Because of this change, as long as intelligence gathering is a "significant purpose" of the warrant, evidence gathered by what could otherwise be unconstitutional methods might be used for a criminal investigation. • Second, the Patriot Act specifically lowers the threshold for obtaining a full collection warrant for Internet traffic. Instead of needing probable cause as required by Title III, the FBI now only needs to show that the information to be gathered is "relevant to an ongoing criminal investigation." That is a much lower standard than showing probable cause that a crime has been committed. • The third major change is that when a wiretap warrant is issued, the person whose communications are being captured is notified, though sometimes this notification is allowed to be after the fact. The Patriot Act now allows nearly any search to be made in secret. Finally, these changes made by the Patriot Act are not limited to surveillance of suspected terrorists, but apply to all surveillance cases.

  26. DoJ Investigation • During the fall of 2000, the Department of Justice contracted for an independent review of Carnivore to determine if it worked as described above. That review showed that • some debate over what was allowed in Pen-mode and what was not. Where the review was critical of Carnivore was in the area of accountability. • There was no audit capability for Carnivore. • There was also no way to prove "chain of custody" for the evidence gathered. It also would prevent identifying which agent was at fault should Carnivore be used for illegal wiretaps. The review team made a number of recommendations for improving Carnivore, mainly in this area of accountability. • It is not known if the FBI has implemented any of the recommendations.

  27. ROBERT GRAHAM • Encryption • Altivore

  28. ISPs:the Market Carnivore has the potential to slow down ISP performance and create a bottleneck at the point of interception: • Customer dissatisfaction • Law does not allow ISPs to disclose the reason for bottleneck

  29. ISPs:Exposure to Liability The Electronic Communications Privacy Act (ECPA) forbids an ISP from revealing certain information to the government in the absence of a valid court order. However, even when presented with a valid court order, an ISP may still be found liable if it believed the government's actions exceeded its authority and it did nothing to prevent it.

  30. ISPs:The Hacker Problem Attaching Carnivore to the system provides hackers with a new point of entry over which the ISP has no control • Such an intrusion would violate their customer’s privacy

  31. Public:The Rogue Agent Problem • Since there is no monitoring system for usage, it is easier to misuse the system and/or information. • If one bad agent misuses Carnivore, it may endanger innocent people and the whole benefit for using it in the first place will be defeated

  32. Public:Potential Mishaps • ISPs install Carnivore at a central location on their network and if installation or accessibility were compromised, it could interfere with a large portion of the Internet. • Many feel that Carnivore puts the Internet in control of those who are concerned with surveillance and investigation rather than connectivity.

  33. Public: Constitutional Violations Fourth Amendment Concerns: “…no Warrants shall issue, but upon probably cause…and particularly describing the place to be searched, and the persons or things to be seized.” --Not enough specificity in request for warrant First Amendment Concerns: “Congress shall make no law abridging the freedom of speech…” --Potentially Limits Freedom of Speech

  34. Public:Criminal Investigations Give up some privacy in exchange for reducing criminal behavior • Terrorism • Child Pornography • Organized crime groups • Drug trafficking organizations • Espionage

  35. Hackers:The Backdoor • Carnivore provides access to the pipeline it is monitoring making the system accessible through a username and password. • It is impossible to trace the actions back to the individual who is responsible. • In the past, hackers have penetrated the Air Force, the Pentagon, and many other high-profile government web servers. Carnivore provides Hackers with a new point of entry.

  36. Hackers: Threats to Accessibility and Security • Spying • Accessing people’s computers • Slowing down websites and company servers • Pass on a computer virus to thousands of people • Stop e-mail access for thousands of people • Access identity information, bank information, credit card information

  37. Academic Community:Perceived Concerns • Compromised Privacy • Law is slower than technology • Leaves open interpretation of usage • The information captured may not be comparable.

  38. Academic Community : • Interview:Tom Perrine • Currently: Computer Security at SDSC • Background: • Turned down FBI to do Independent Study of Carnivore • Congressional Statement (Jul. 2000), regarding Carnivore • Previous Work: • Designed and developed systems to protect classified government information, deployed nation-wide security systems to protect privacy and intellectual property

  39. Academic Community: Internet Is Different • The Internet Is Different From the Telephone: • Title III allows for monitoring of telephones • Carnivore settings can be changed easily and remotely • Allows for broader scope than telephone

  40. Academic Community: Our Individual Rights • Our Individual Rights: • “I have always been an advocate of personal privacy, unrestricted access to strong encryption, and less government oversight and intervention in the lives of law-abiding citizens.” • Tom Perrine • Understands and supports legitimate law enforcement monitoring of suspected criminals

  41. Academic Community: Concerns • Carnivore is under constant development • Impossible to know what current functions are built in • Need better filtering capabilities • No Auditing System for Agents Using Carnivore • Insufficient logging of activities • Review of the Source Code would not indicate filters applied at any given time

  42. Legal Issues • Carnivore has not been tested in court yet • Scope of Digital Evidence • might be considered “hearsay” but falls under business record exception • War • Government in the past has put national interests ahead of individual rights

  43. The Ethics Is it ethical to have citizens’ internet communications monitored for suspected criminal activity? • Should international groups be subjected to US Law?

  44. The Utilitarian Test Does Carnivore do the most good for the most people? • If used properly, then yes. It is able to detect, and possibly prevent, crimes.

  45. Additional Sources http://www.howstuffworks.com/carnivore.htm http://www.robertgraham.com/pubs/carnivore-faq.html http://zdnet.com.com/2100-11-522208.html http://zdnet.com.com/2100-11-522107.html http://www.fbi.gov/hq/lab/carnivore/carnivore.htm http://www.stopcarnivore.org/whyitsbad/reason1.htm http://www.cnn.com/2002/US/05/29/carnivore.binladen/inde.html http://www.stopcarnivore.org/whyitsbad/reason4.htmhttp://www.stopcarnivore.org/whyitsbad/reason4.htm http://www.law.duke.edu/journals/dltr/articles/2001dltr0028.html http://stopcarnivore.org/threeproblems.htm

More Related