EFFector Vol. 13, No. 6 Aug. 4, 2000 editor@eff.org

EFFector Vol. 13, No. 6 Aug. 4, 2000 [email protected]

A Publication of the Electronic Frontier Foundation ISSN 1062-9424

IN THE 154th ISSUE OF EFFECTOR (now with over 24,600 subscribers!):

* EFF Position on FBI "Carnivore" Snooping System
+ EFF's House Judiciary Committee Testimony on Carnivore
+ Carnivore FAQ
* EFF Welcomes New Board and Staff Members:
+ Prof. Pamela Samuelson, Boardmember
+ Cindy Cohen, Legal Director
+ Lee Tien, Senior Staff Attorney
+ John Marttila, Administrative Assistant
* EFF Now Accepts PayPal Transactions for Memberships
* DVD Update Bulletins Available on CAFE-News
* Administrivia

For more information on EFF activities & alerts: http://www.eff.org
_________________________________________________________________

EFF Position on FBI "Carnivore" Snooping System

Carnivore is an electronic communications surveillance system created
by the FBI. It is essentially a PC that runs specialized surveillance
software, attached to your Internet service provider's network -
something like an e-mail and Web traffic wiretap. But, due to
differences between Internet and telephone technologies, Carnivore
exceeds FBI legal wiretapping authority.

EFF's House Judiciary Committee Testimony on Carnivore

Statement of
The Electronic Frontier Foundation

before the
Subcommittee on the Constitution
of the
Committee on the Judiciary,
United States House of Representatives:

The Fourth Amendment and Carnivore

July 28, 2000

The Electronic Frontier Foundation (EFF) would like to submit comments
to be included for the record regarding the Fourth Amendment* and the
issues raised by the FBI's Carnivore system.

EFF is a leading global nonprofit organization linking technical
architectures with legal frameworks to support the rights of
individuals in an open society. Founded in 1990, EFF actively
encourages and challenges industry and government to support free
expression, privacy, and openness in the information society. EFF is a
member-supported organization and maintains one of the most-linked-to
Web sites in the world.

We wish to focus our comments on two specific issues. First, the use
of pen registers as applied to traditional land-line telephone systems
are not analogous to packet analyzers, such as Carnivore, that are
used on the Internet. Second, we will touch on some of the harmful
societal effects that will most certainly be wrought should the
Carnivore system be implemented in the manner that the FBI wishes.

The use of packet analyzers on the Internet captures much more information
from an individual than does the use of pen registers and trap and trace
devices used on traditional land-line telephone systems.

Pen registers are devices used to record telephone numbers that are
dialed from a telephone, whereas trap and trace devices are used to
determine where a telephone call originated. Information gathered in
this manner is strictly limited to only those phone numbers that are
made either to or from the target's telephone number. No other
personal information is harvested from the target of the
investigation. The contents of the message and the routing or
addressing information are independent of each other. Law enforcement
cannot rely on pen registers or trap and trace warrants to get at the
content of the calls.

In reality, pen registers or trap and trace devices do not exist where
the Internet is concerned, because the contents of the messages and
the sender/receiver information are not kept separate. Because of
this, the potential for law enforcement to over-collect information
exists, and it is almost a certainty that law enforcement will receive
more information from individuals than is authorized by a traditional
pen register or trap and trace warrant. There are several ways that
this can happen.

When a person makes a telephone call on a traditional telephone
system, a discrete and continuous segment of the telephone system is
dedicated to that call, which is handled sequentially. The system
first accepts the call routing information (dialed number, number and
accounting information of the phone used to make the call, etc.),
secondly establishes a connection, and only then opens the line to the
content side of the call. The routing information remains wholly
separate and severable from the call content, allowing law enforcement
easy access to the one but not to the other. The Internet, however is
a packet-switched network, meaning that when information is sent over
the Net, it is broken into small packets, routed piecemeal over the
Net and then reassembled at its final destination. Routing
information, as well as content, are both contained in each individual
packet, potentially giving law enforcement access to content as well
as location routing information.

The Carnivore system appears to exacerbate the over collection of personal
information by collecting more information than it is legally entitled to
collect under traditional pen register and trap and trace laws.

The Carnivore system has received a lot of press recently, but the FBI
has not been forthcoming about how the Carnivore system actually
works. Civil liberties groups have often been quoted as noting that
Carnivore is a "black box" leaving us to guess at its inner workings.

We have been able to discover that Carnivore is a packet-sniffer, able
to gather pen register and trap and trace information by sniffing each
packet as it is routed along. It then filters out unwanted e-mail and
other communications information from those of the target. This
process is problematic for two very important reasons.

First, traditional wiretaps, pen registers and trap and trace devices,
are attached to specific telephone lines; law enforcement will only
obtain the telephone numbers associated with the target's phone. With
Carnivore in place, law enforcement has the potential ability to sift
through all of the traffic going through a particular Internet Service
Provider's (ISP) network. This far exceeds the scope of any wiretap
laws we currently have in place.

Second, analogizing pen register information from a traditional
land-line phone system to the Internet is incorrect. The Carnivore
system likely can capture content as well as numbers. E-mail addresses
for example are personal to an individual rather than to a particular
household. We don't know for sure, but it is possible that Carnivore
has access to the subject line information of e-mail messages. Subject
lines are content. For example, "leaving work at 5pm today - meet me
at the bus stop", contains a lot of information about travel plans of
a target on a particular day. Carnivore can also track other content
information such as the URLs of web sites visited. Seeing the URLs not
only give routing information but content as well. For example,
someone visiting www.eff.org could presumably be interested in civil
liberties issues online.

Systems like Carnivore have the potential to turn into mass surveillance
systems that will harm our free and open society.

Currently, there is little if any public oversight over the FBI's use
of its Carnivore system. The FBI has not allowed the ISP to inspect
the device, nor have any of the advocacy groups been allowed to
examine it. In fact, the ACLU has had to resort to filing a FOIA
request to try to get at the source code. Allowing the FBI to install
and use a device such as this unchecked by any public oversight,
threatens the openness we enjoy and expect in our society. Robert
Corn-Revere, in his testimony, noted that his case is sealed. We can't
even look to that for guidance.

Surveilling the Internet in this way leaves law enforcement with the
potential to lower an individual's expectation of privacy as they use
the Internet, particularly if we use the majority rule in Smith v.
Maryland, that an individual has no legitimate expectation of privacy
in the numbers that they dial on their telephones. This is so because
law enforcement has so far successfully argued that pen registers on
the Internet are analogous to those used on land-line telephone
systems. Since routing information on the Net contains content, an
expectation of privacy could end up being lowered for an individual's
reading habits on the Net. Once individuals realize that they have a
lowered expectation of privacy on the Net, they may not visit
particular web sites that they may otherwise have visited.

The Court in Smith v. Maryland noted law enforcement's penchant for
trying to lower the bar on what is a legitimate expectation of
privacy. The majority held that:

situations can be imagined, of course, in which Katz' two-pronged
inquiry would provide an inadequate index of Fourth Amendment
protection. For example, if the Government were suddenly to
announce on nationwide television that all homes henceforth would
be subject to warrantless entry, individuals thereafter might not
in fact entertain any actual expectation of privacy regarding their
homes, papers, and effects. ...In such circumstances, where an
individual's subjective expectations had been "conditioned" by
influences alien to well-recognized Fourth Amendment freedoms,
those subjective expectations obviously could play no meaningful
role in ascertaining what the scope of Fourth Amendment protection
was. In determining whether a "legitimate expectation of privacy"
existed in such cases, a normative inquiry would be proper.

In other words, law enforcement cannot "dumb down" society's
subjective notions of what constitutes a legitimate expectation of
privacy.

Conclusion

The use of pen registers as applied to traditional land-line telephone
systems is fundamentally different than information that is collected
using pen registers on the Internet. Allowing a system such as
Carnivore to be used unchecked by law enforcement exacerbates the
problem of over collection of data and has the potential to harm our
open society.

Respectfully,

Deborah S. Pierce
Staff Attorney
Electronic Frontier Foundation
___________________________________

Carnivore FAQ

Frequently Asked Questions (FAQ) and Answers about Carnivore

What is Carnivore?

Carnivore is an electronic communications surveillance system created
by the FBI. It is essentially a personal computer that runs
specialized surveillance software, attached to your ISP network.

Who can be a target?

Anyone suspected of a host of crimes, and anyone whose communications
are suspected to be able to provide information that would aid an FBI
investigation.

What can Carnivore do?

There are two kinds of warrant under which the FBI can monitor
communications. The more wide-ranging is the Title III warrant, which
enables the FBI to intercept the actual texts of e-mails. However,
this kind of warrant is more difficult to obtain.

Carnivore uses the weaker "trap and trace" and "pen register"
warrants, but in a new and wider way. These warrants were designed for
the phone system; to trace the number of origin of a phone call or a
list of the numbers called from a phone. Carnivore uses these warrants
to intercept the headers of all e-mails on the system, and then
filters out those not "to" or "from" the surveillance target.

Besides e-mails, Carnivore can also intercept instant-messaging
systems, visits to Web sites and Internet relay chat sessions.

Is Carnivore legal?

Opinions differ. A recent Order involving Earthlink described by
Robert Corn-Revere (although he does not reference Earthlink by name)
in congressional testimony ruled that government agents could compel
an ISP to install Carnivore; to date this is the only decision on
public record, and no higher court has yet reviewed the decision.

According to the Electronic Communications Privacy Act, electronic
surveillance must be conducted in relation to a single person who is
the target of a surveillance warrant. The problem with Carnivore is
that it intercepts all messages on the ISP's network before filtering
out those not from or to the surveillance target.

What's the difference between pen registers and packet analyzers?

Pen registers are devices used to record telephone numbers that are
dialed from a telephone, whereas trap and trace devices are used to
determine where a telephone call originated. Information gathered in
this manner is strictly limited to only those phone numbers that are
made either to or from the target's telephone number. No other
personal information is harvested from the target of the
investigation. The contents of the message and the routing or
addressing information are independent of each other. Law enforcement
cannot rely on pen registers or trap and trace warrants to get at the
content of the calls.

In reality, pen registers or trap and trace devices do not exist where
the Internet is concerned, because the contents of the messages and
the sender/receiver information are not kept separate. Because of
this, the potential for law enforcement to over-collect information
exists, and it is almost a certainty that law enforcement will receive
more information from individuals than is authorized by a traditional
pen register or trap and trace warrant. There are several ways that
this can happen.

When a person makes a telephone call on a traditional telephone
system, a discrete and continuous segment of the telephone system is
dedicated to that call, which is handled sequentially. The system
first accepts the call routing information (dialed number, number and
accounting information of the phone used to make the call, etc.),
secondly establishes a connection, and only then opens the line to the
content side of the call. The routing information remains wholly
separate and severable from the call content, allowing law enforcement
easy access to the one but not to the other. The Internet, however is
a packet-switched network, meaning that when information is sent over
the Net, it is broken into small packets, routed piecemeal over the
Net and then reassembled at its final destination. Routing
information, as well as content, are both contained in each individual
packet, potentially giving law enforcement access to content as well
as location routing information.

So Carnivore is exacerbating the problem of over-collection of personal
information by law enforcement on the Net, right?

Yes. Because Carnivore is a packet-sniffer, it is able to gather pen
register and trap and trace information by sniffing each packet as it
is routed along. It then filters out unwanted e-mail and other
communications information from those of the target. This process is
problematic for two very important reasons.

First, traditional wiretaps, pen registers and trap and trace devices,
are attached to specific telephone lines; law enforcement will only
obtain the telephone numbers associated with the target's phone. With
Carnivore in place, law enforcement has the potential ability to sift
through all of the traffic going through a particular Internet Service
Provider's (ISP) network. This far exceeds the scope of any wiretap
laws we currently have in place.

Second, analogizing pen register information from a traditional
land-line phone system to the Internet is incorrect. The Carnivore
system likely can capture content as well as numbers. E-mail addresses
for example are personal to an individual rather than to a particular
household. We don't know for sure, but it is possible that Carnivore
has access to the subject line information of e-mail messages. Subject
lines are content. For example, "leaving work at 5pm today - meet me
at the bus stop", contains a lot of information about travel plans of
a target on a particular day. Carnivore can also track other content
information such as the URLs of web sites visited. Seeing the URLs not
only give routing information but content as well. For example,
someone visiting www.eff.org could presumably be interested in civil
liberties issues online.

What are some of the larger societal effects of allowing a system like
Carnivore to be put into place unchecked?

Systems like Carnivore have the potential to turn into mass
surveillance systems that will harm our free and open society.

In addition to the Fourth Amendment and ECPA problems we have
discussed, there are also potential First Amendment problems. Once
people begin to realize the scope of the Carnivore system, they may
begin to self-sensor their own speech so as not to bring their
communications to the attention of law enforcement.

How does the FBI defend their actions?

The FBI believes that e-mail filtering before interception is not
technically feasible, and that therefore intercepting unfiltered
communications is justified. But there is no judicial, press or ISP
oversight to make sure that the FBI will follow the law. In effect,
they're simply asking us to trust them: an attitude which, according
to the ACLU, violates federal wiretapping laws:

"Currently, law enforcement is required to "minimize" its
interception of non-incriminating communications of a target of a
wiretap order. Carnivore is not a minimization tool. Instead,
Carnivore maximizes law enforcement access to the communications of
non-targets."

The FBI also argues that as they don't see the contents of the e-mails
they intercept, they are not violating innocent people's privacy. They
argue that the software only intercepts the "To" and "From" lines of a
header, never the subject line; but as they refuse publicly to release
their source code, or to allow ISP oversight of their system, there is
no way to verify that this is so. They describe Carnivore as a
"diagnostic tool" with a "surgical" ability which provides "enhanced
privacy protection", and which can automatically distinguish between
those materials which are the subject of a lawful order and which are
not. They also say that internal oversight, coupled with Department of
Justice and Court jurisdiction, constitutes sufficient oversight to
prevent not only abuse but also even the possibility of abuse.

EFF's views on Carnivore

Whether filtering before interception is feasible or not, Carnivore
violates the ECPA; it also appears to violate the Fourth Amendment,
and is believed by many to be manifestly illegal. It is a dangerous
and intrusive tool, the responsible use of which depends solely on the
good will of the FBI. Consequently, EFF supports the proposal to open
the source code of Carnivore to public scrutiny, so that it is
possible to understand more clearly what Carnivore can do, and what
flaws it has, and EFF in general opposes the continued use of
Carnivore.

* Footnote: "The right of the people to be secure in their persons,
houses, papers, and effects, against unreasonable searches and
seizures, shall not be violated, and no Warrants shall issue, but
upon probable cause, supported by Oath or affirmation, and
particularly describing the place to be searched, and the persons
or things to be seized."
_________________________________________________________________

EFF Welcomes New Board and Staff Members

Civil Liberties Group Creates All Star Team

The Electronic Frontier Foundation (EFF) is pleased to announce the
recent addition of a new board member, Professor Pamela Samuelson, and
three new members of the staff, Legal Director Cindy Cohn, Senior
Staff Attorney Lee Tien, and Administrative Assistant John Marttila.
The expertise of all three prominent attorneys will be an asset to the
civil liberties group in its continuing fight to protect every
netizen's online rights, and the addition of John to an increasingly
busy staff and growing organization will greatly help keep the
organization running smoothly.

"What an all-star team we've assembled," commented EFF Executive
Director Shari Steele. "Cindy and Lee were instrumental to our success
in the Bernstein v. State litigation, which declared source code as
speech and freed up the U.S. export controls on encryption. And Pam is
one of the most distinguished intellectual property attorneys in the
country. EFF is so happy to have these great legal minds join us."

Pamela Samuelson is a Professor of Law and of Information Management
at the University of California at Berkeley and a world-renowned
expert on cyberlaw and intellectual property. She is also a Director
of the Berkeley Center for Law & Technology and provided the endowment
for the Samuelson Law, Technology and Public Policy Clinic at Boalt
Hall. She has written and spoken extensively on the challenges that
digital technologies pose for existing legal regimes, particularly
intellectual property law, and more recently has become interested in
legal regulation of digital networked environments. Samuelson was
named a MacArthur Fellow by the John D. and Catherine T. MacArthur
Foundation in 1997.

Cindy A. Cohn specializes in Internet-related civil litigation,
including cases involving free speech, encryption, SPAM, domain names,
privacy, unfair competition and defamation. In 1997 she was named one
of California Lawyers of the Year by California Lawyer magazine for
her work on Internet issues. She is a member of the San Mateo County
Bar Association and of its legal technology section. Ms. Cohn
graduated with honors from the University of Iowa and received her law
degree from the University of Michigan Law School in 1989. Before
entering private practice, she clerked for the United Nations Centre
for Human Rights in Geneva, Switzerland.

Lee Tien has practiced law for nine years, specializing in First
Amendment cases. He was co-counsel to Cindy Cohn on the Bernstein case
and worked in private practice on cases involving the First Amendment
and cyberlaw. He has published such articles as "Who's Afraid of
Anonymous Speech? Mcintyre and the Internet," which appeared in the
Oregon Law Review (1996), and "Children's Sexuality and the New
Information Technologies," which appeared in Social and Legal Studies
(1994). Mr. Tien is a longtime user of technology, and is currently
co-host of the Legal Conference on the online community at the WELL."
He received his law degree from University of California at Berkeley
in 1987 and his undergraduate degree from Stanford University in 1979.

"I was astounded at the dedication Cindy and Lee showed in pursuing a
difficult case over so many years and against such a powerful
opponent. They showed they are a force to be reckoned with and our
legal opponents had better watch out," said Brad Templeton, EFF's
Board Chairman. "And Pam Samuelson is way ahead of the curve when it
comes to cyberspace issues and the law. She'll keep EFF on that
forefront with her."

John Marttila, a long-time associate of EFF staffmembers Robin Gross
and Patrick Norager, is (when wearing other "hats") a musician,
conductor, and teacher. His and Patrick's musical projects, including
UKUSA, may be heard in streaming MP3 format at Radio EFF:
http://www.eff.org/radioeff

EFF continues to pursue its long-term mission of educating the public,
policymakers, and courts about the issues that arise when traditional
expectations conflict with the new worlds created by computers and the
Internet. The organization remains focused on civil liberties and
civil responsibilities in cyberspace and continues to offer legal
advice, referrals, and a large archive of current and historical
online civil liberties information.

Founded in 1990, the Electronic Frontier Foundation (www.eff.org) is a
nonprofit organization that actively encourages and challenges
industry and government to support free expression, privacy, and
openness in the information society. EFF is a member-supported
organization and maintains one of the most-linked-to Web sites in the
world.

For more information on the Electronic Frontier Foundation see:
http://www.eff.org

For information about joining us in our fight to protect your rights,
see:
http://www.eff.org/support
_________________________________________________________________

EFF Now Accepts PayPal Transactions for Memberships

See:
http://www.eff.org/support/joineff-paypal.html
to join EFF via PayPal.

PayPal is a free online payment system through which one can
effectively e-mail someone else money, in a secure fashion. It is very
easy to use, and works either through credit cards or bank withdrawals
on the back end (or via "stored" money in PayPal; e.g. if you sold
something on an online auction house and were payed via PayPal, you
could donate some of those funds to EFF without any interaction
between PayPal and your bank account or credit card, since the money
is already in the PayPal system).

PayPal's privacy policy is better than most, and they do not appear to
have any designs on spamming their users or selling their information
to anyone else. Even so, EFF does not endorse PayPal over any other
online transaction service. We support PayPal because an increasing
number of members have requested it, though we plan to add additional
membership/donation transactions options soon.

If you would like to use PayPal but do not already have an account
with them, you can sign up at this URL:
https://secure.paypal.x.com/affil/pal=accounting%40eff.org
By doing so, rather than by signing up through the PayPal front page,
you can effectively add $5 to your donation, free (PayPal, for the
time being, is giving $5 "referral bonuses" automatically; you don't
have to add the $5 your total manually).

If you are planning to make a large donation, you may wish to send a
check, as PayPal and any credit card-based system incur 2-5% fees to
EFF, effectively reducing the amount of your member donation to us.

Thank you for your support! Without it, our work on the DVD cases,
stopping Internet censorship legislation, and protecting online
privacy could not continue!
_________________________________________________________________

DVD Update Bulletins Available on CAFE-News

EFF's Campaign for Audiovisual Free Expression project is defending
fair use, free speech and open software development from attacks by
the entertainment industry's intellectual property trade associations
in a number of precendent-setting legal cases. For those who would
like more detailed and more frequent information about the progress of
EFF-CAFE's DVD cases, we have set up a CAFE-News mailing list.
Subscribers will get several DVD Update bulletins every week (except
during major lulls in the litigation), as well as other CAFE-related
materials from time to time.

Here's full information on the list:

EFF'S CAMPAIGN FOR AUDIOVISUAL FREE EXPRESSION (CAFE) ANNOUNCEMENTS LIST

[email protected]

News and announcements regarding CAFE and it's activities, including
the DVD/DeCSS cases. Messages will be no more frequent than one per
day, usually a short summary of any changes or happenings,
occasionally including press releases or other documents.

This is a semi-closed list (only the EFF staff can post to it, anyone
may subscribe)

To subscribe to the list, submit to [email protected] a message body
(not subject line) of

subscribe cafe-news

NOTE: If you wish to be removed from this mailing list, please send to
[email protected] a message body (not subject line) of:
unsubscribe cafe-news

If you receive an error, try:

unsubscribe cafe-news [email protected]

where "[email protected]" is your e-mail address. If this still does
not work, you can try sending additional unsubscribe commands for
alternate e-mail addresses you may have, in case it is not your main
one that is on the list. You can put more than one such command per
message; each must be on a separate line. If all else fails, write to
[email protected] and ask to be removed manually.

EFF does NOT condone, much less engage in, spamming. We respect your
privacy and have made it virtually impossible for you to be added to
this mailing list against your will, since the listserver (Majordomo)
will send you a confirmation command you must send back to in order to
be added to the list.

If you need to change your address, follow the above instructions to
remove your old address, and then submit to [email protected] this:

subscribe cafe-news [email protected]

where "[email protected]" is the address you want to subscribe to the
list in place of the old one.

If you would like to have your friends subscribe, please tell them
about the list and how to subscribe, rather than attempting to
subscribe them yourself (it won't work.)

If you find this list important and informative, please consider
becoming an EFF member and supporting us with a donation. See:
http://www.eff.org/support for more information. Thank you.
_________________________________________________________________

Administrivia

EFFector is published by:

The Electronic Frontier Foundation
1550 Bryant St., Suite 725
San Francisco CA 94103-4832 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax) http://www.eff.org

Editor: Stanton McCandlish, Online Communications Director/Webmaster
([email protected])

Membership & donations: [email protected]
General EFF, legal, policy or online resources queries: [email protected]

Reproduction of this publication in electronic media is encouraged.
Signed articles do not necessarily represent the views of EFF. To
reproduce signed articles individually, please contact the authors for
their express permission. Press releases and EFF announcements &
articles may be reproduced individually at will.

To subscribe to EFFector via e-mail, send message BODY (not subject)
of:

subscribe effector

to [email protected], which will send you a confirmation code and then
add you to a subscription list for EFFector (after you return the
confirmation code; instructions will be in the e-mail).

To unsubscribe, send a similar message body to the same address, like
so:

unsubscribe effector

Please ask [email protected]">[email protected] to manually add you
to or remove you from the list if this does not work for you for some
reason.

Back issues are available at:
http://www.eff.org/effector

To get the latest issue, send any message to
[email protected] (or [email protected]), and it will be mailed to
you automagically. You can also get:
http://www.eff.org/pub/EFF/Newsletters/EFFector/current.html via the
Web.
_________________________________________________________________