The Electronic Frontier Foundation
Subcommittee on the Constitution
Committee on the Judiciary
United States House of Representatives
The Fourth Amendment and Carnivore
July 28, 2000
The Electronic Frontier Foundation (EFF) would like to submit comments to
be included for the record regarding the Fourth Amendment and the issues
raised by the FBI's Carnivore system.
EFF is a leading global nonprofit organization linking technical
architectures with legal frameworks to support the rights of individuals in
an open society. Founded in 1990, EFF actively encourages and challenges
industry and government to support free expression, privacy, and openness
in the information society. EFF is a member-supported organization and
maintains one of the most-linked-to Web sites in the world.
We wish to focus our comments on two specific issues. First, the use of pen
registers as applied to traditional land-line telephone systems are not
analogous to packet analyzers, such as Carnivore, that are used on the
Internet. Second, we will touch on some of the harmful societal effects
that will most certainly be wrought should the Carnivore system be
implemented in the manner that the FBI wishes.
The use of packet analyzers on the Internet captures much more information
from an individual than does the use of pen registers and trap and trace
devices used on traditional land-line telephone systems.
Pen registers are devices used to record telephone numbers that are dialed
from a telephone, whereas trap and trace devices are used to determine
where a telephone call originated. Information gathered in this manner is
strictly limited to only those phone numbers that are made either to or
from the target's telephone number. No other personal information is
harvested from the target of the investigation. The contents of the message
and the routing or addressing information are independent of each other.
Law enforcement cannot rely on pen registers or trap and trace warrants to
get at the content of the calls.
In reality, pen registers or trap and trace devices do not exist where the
Internet is concerned, because the contents of the messages and the
sender/receiver information are not kept separate. Because of this, the
potential for law enforcement to over-collect information exists, and it is
almost a certainty that law enforcement will receive more information from
individuals than is authorized by a traditional pen register or trap and
trace warrant. There are several ways that this can happen.
When a person makes a telephone call on a traditional telephone system, a
discrete and continuous segment of the telephone system is dedicated to
that call, which is handled sequentially. The system first accepts the call
routing information (dialed number, number and accounting information of
the phone used to make the call, etc.), secondly establishes a connection,
and only then opens the line to the content side of the call. The routing
information remains wholly separate and severable from the call content,
allowing law enforcement easy access to the one but not to the other. The
Internet, however is a packet-switched network, meaning that when
information is sent over the Net, it is broken into small packets, routed
piecemeal over the Net and then reassembled at its final destination.
Routing information, as well as content, are both contained in each
individual packet, potentially giving law enforcement access to content as
well as location routing information.
The Carnivore system appears to exacerbate the over collection of personal
information by collecting more information than it is legally entitled to
collect under traditional pen register and trap and trace laws.
The Carnivore system has received a lot of press recently, but the FBI has
not been forthcoming about how the Carnivore system actually works. Civil
liberties groups have often been quoted as noting that Carnivore is a
"black box" leaving us to guess at its inner workings.
We have been able to discover that Carnivore is a packet-sniffer, able to
gather pen register and trap and trace information by sniffing each packet
as it is routed along. It then filters out unwanted email and other
communications information from those of the target. This process is
problematic for two very important reasons.
First, traditional wiretaps, pen registers and trap and trace devices, are
attached to specific telephone lines; law enforcement will only obtain the
telephone numbers associated with the target's phone. With Carnivore in
place, law enforcement has the potential ability to sift through all of the
traffic going through a particular Internet Service Provider's (ISP)
network. This far exceeds the scope of any wiretap laws we currently have
Second, analogizing pen register information from a traditional land-line
phone system to the Internet is incorrect. The Carnivore system likely can
capture content as well as numbers. Email addresses for example are
personal to an individual rather than to a particular household. We don't
know for sure, but it is possible that Carnivore has access to the subject
line information of email messages. Subject lines are content. For
example, "leaving work at 5pm today - meet me at the bus stop", contains a
lot of information about travel plans of a target on a particular day.
Carnivore can also track other content information such as the URLs of web
sites visited. Seeing the URLs not only give routing information but
content as well. For example, someone visiting www.eff.org could presumably
be interested in civil liberties issues online.
Systems like Carnivore have the potential to turn into mass surveillance
systems that will harm our free and open society.
Currently, there is little if any public oversight over the FBI's use of
its Carnivore system. The FBI has not allowed the ISP to inspect the
device, nor have any of the advocacy groups been allowed to examine it. In
fact, the ACLU has had to resort to filing a FOIA request to try to get at
the source code. Allowing the FBI to install and use a device such as this
unchecked by any public oversight, threatens the openness we enjoy and
expect in our society. Robert Corn-Revere, in his testimony, noted that his
case is sealed. We can't even look to that for guidance.
Surveilling the Internet in this way leaves law enforcement with the
potential to lower an individual's expectation of privacy as they use the
Internet, particularly if we use the majority rule in Smith v. Maryland,
that an individual has no legitimate expectation of privacy in the numbers
that they dial on their telephones. This is so because law enforcement has
so far successfully argued that pen registers on the Internet are analogous
to those used on land-line telephone systems. Since routing information on
the Net contains content, an expectation of privacy could end up being
lowered for an individual's reading habits on the Net. Once individuals
realize that they have a lowered expectation of privacy on the Net, they
may not visit particular web sites that they may otherwise have visited.
The Court in Smith v. Maryland noted law enforcement's penchant for trying
to lower the bar on what is a legitimate expectation of privacy. The
majority noted that:
"situations can be imagined, of course, in which Katz' two-pronged inquiry
would provide an inadequate index of Fourth Amendment protection. For
example, if the Government were suddenly to announce on nationwide
television that all homes henceforth would be subject to warrantless entry,
individuals thereafter might not in fact entertain any actual expectation
of privacy regarding their homes, papers, and effects. ...In such
circumstances, where an individual's subjective expectations had been
"conditioned" by influences alien to well-recognized Fourth Amendment
freedoms, those subjective expectations obviously could play no meaningful
role in ascertaining what the scope of Fourth Amendment protection was. In
determining whether a "legitimate expectation of privacy" existed in such
cases, a normative inquiry would be proper."
In other words, law enforcement cannot "dumb down" society's subjective
notions of what constitutes a legitimate expectation of privacy.
The use of pen registers as applied to traditional land-line telephone
systems is fundamentally different than information that is collected using
pen registers on the Internet. Allowing a system such as Carnivore to be
used unchecked by law enforcement exacerbates the problem of over
collection of data and has the potential to harm our open society.
Deborah S. Pierce
Electronic Frontier Foundation