FBI's CARNIVORE SYSTEM DISRUPTED ANTI-TERROR INVESTIGATION
INTERNAL MEMO CALLS OVER-COLLECTION OF DATA PART OF "PATTERN" SHOWING
"INABILITY OF THE FBI TO MANAGE" FOREIGN INTELLIGENCE WIRETAPS
Washington, DC -- An FBI anti-terrorism investigation possibly involving
Usama bin Laden was hampered by technical flaws in the Bureau's
controversial Carnivore Internet surveillance system. The incident, which
occurred in March 2000, is described in newly-released FBI documents
obtained under court order by the Electronic Privacy Information Center
(EPIC). A written report describes the incident as part of a "pattern"
indicating "an inability on the part of the FBI to manage" its foreign
intelligence surveillance activities.
An internal FBI e-mail message dated April 5, 2000, and sent to M. E.
(Spike) Bowman, Associate General Counsel for National Security Affairs,
recounts how the Carnivore "software was turned on and did not work
correctly." The surveillance system captured not only the electronic
communications of the court-authorized target, "but also picked up E-Mails
on non-covered" individuals, a violation of federal wiretap law. According
to the Bureau document, the "FBI technical person was apparently so upset
that he destroyed all the E-Mail take, including the take on [the authorized
target]."
The botched surveillance was performed by the FBI's International Terrorism
Operations Section (ITOS) and its "UBL Unit," which refers to the
government's official designation of bin Laden. The Bureau document
indicates that an official at the Justice Department's Office of
Intelligence Policy and Review (whose name has been deleted) became aware of
the problem, and "To state that she is unhappy with ITOS and the UBL Unit
would be an understatement of incredible proportions."
The reported problem apparently was not the first to arise during the course
of FBI implementation of the Foreign Intelligence Surveillance Act (FISA).
The internal document concludes its report of the "UBL Unit" incident by
noting, "When you add this story to the FISA mistakes covered in [another,
unreleased document], you have a pattern of occurrences which indicate to
OIPR an inability on the part of the FBI to manage its FISAs."
Two Bureau documents written one week later discuss Carnivore's tendency to
cause "the improper capture of data," and note that "[s]uch unauthorized
interceptions not only can violate a citizen's privacy but also can
seriously 'contaminate' onoging investigations" and that such interceptions
are "unlawful." An FBI lawyer (whose name has been deleted) writes that the
Bureau must "go out of our way to avoid tripping over innocent third party
communications." The lawyer concludes, "I am not sure how we can proceed to
test [Carnivore] without inadvertently intercepting the communications of
others, but we really need to try."
The Bureau lawyer notes that "missteps under FISA lead to mandatory
reporting to the President's Foreign Intelligence Advisory Board, and such
errancies must be reported/explained/justified to Congress." The documents
do not indicate whether the "UBL Unit" incident was reported to either body.
Since its existence became public in 2000, the Carnivore system has been
criticized by EPIC and other privacy groups, as well as members of Congress,
because it gives the FBI unprecedented, direct access to the data networks
of Internet service providers. The FBI has publicly downplayed the system's
potential for over-collection of private communications, although internal
documents released earlier to EPIC confirmed such a risk. An independent
review of Carnivore commissioned by the Justice Department also found that
the system is capable of "broad sweeps" and recommended technical changes to
address the problem. Neither DOJ nor the FBI has indicated publicly whether
those recommendations were ever implemented.
The newly-released FBI documents were provided to EPIC on 24 May 2002, in
response to a court order issued by U.S. District Judge James Robertson in
the privacy group's ongoing Freedom of Information Act lawsuit seeking the
disclosure of material concerning Carnivore. The order directed the Bureau
to conduct a second search for relevant documents after EPIC successfully
argued (over the Bureau's objections) that an initial FBI search was
inadequate and likely overlooked responsive records.
The case is being litigated by EPIC's General Counsel, David Sobel, who
said, "These documents confirm what many of us have believed for two years
-- Carnivore is a powerful but clumsy tool that endangers the privacy of
innocent American citizens. We have now learned that its imprecision can
also jeopardize important investigations, including those involving
terrorism." Sobel added, "As we suggested when it first became public,
Carnivore's use should be suspended until the questions surrounding it
finally can be resolved. Our FOIA lawsuit shows that there's a great deal
about Carnivore that we still don't know."
The newly-released FBI documents are available at:
http://www.epic.org/privacy/carnivore/
Contacts: DAVID SOBEL 202-483-1140 x105 WAYNE MADSEN x104 [Marc Rotenberg via risks-digest Volume 22, Issue 11]
21:03
#
G!
