Good afternoon, Mr. Chairman,
and Members of the Subcommittee. I am grateful for this opportunity
to discuss the Internet and data interception capabilities developed
by the Federal Bureau of Investigation. The use of computers
and the Internet is growing rapidly, paralleled by exploitation
of computers, networks, and data bases to commit crimes and to
harm the safety, security, and privacy of others. Criminals use
computers to send child pornography to each other using anonymous,
encrypted communications; hackers break into financial service
companies systems and steal customer home addresses and credit
card information; criminals use the Internet's inexpensive and
easy communications to commit large scale fraud on victims all
over the world; and terrorist bombers plan their strikes using
the Internet. Investigating and deterring such wrongdoing requires
tools and techniques designed to work with new evolving computers
and network technologies. The systems employed must strike a
reasonable balance between competing interests- the privacy interests
of telecommunications users, the business interest of service
providers, and the duty of government investigators to protect
public safety. I would like to discuss how the FBI is meeting
this challenge in the area of electronic mail interception.
Two weeks ago, the Wall Street
Journal published an article entitled "FBI's system to covertly
search E-mail raises privacy, legal issues." This story
was immediately followed by a number of similar reports in the
press and other media depicting our Carnivore system as something
ominous and raising concerns about the possibility of its potential
to snoop, without a court order, into the private E-mails of
American citizens. I think that it is important that this topic
be discussed openly--and in fact this was the reason we choose
to share information about this capability with industry experts
several weeks ago. It is critically important as technology,
and particularly communications technology, a continues to evolve
rapidly, that the public be guaranteed that their government
is observing the statutory and constitutional protections which
they demand. It is also very important that these discussions
be placed into their proper context and that the relevant facts
concerning this issue are made clear. I welcome this opportunity
to stress that our intercept capabilities are used only after
court approval and that they are directed at the most egregious
violations of national security and public safety.
The FBI performs interceptions
of criminal wire and electronic communications, including Internet
communications, under authorities derived from Title III of the
Omnibus Crime Control and Safe Streets Act of 1968 (as amended),
commonly referred to as "Title III", and portions of
the Electronic Communications Privacy Act of 1986 (as amended),
or "ECPA". Such federal government interceptions, with
the exception of a rarely used "emergency" authority
or in cases involving the consent of a participant in the communication,
are conducted pursuant to court orders. Under emergency provisions,
the Attorney General, the Deputy or the Associate Attorney General
may, if authorized, initiate electronic surveillance of wire
or electronic communications without a court order, but only
if an application for such order is made within 48 hours after
the surveillance is initiated.
Federal surveillance laws apply
the Fourth Amendment's dictates concerning reasonable searches
and seizures , and include a number of additional provisions
which ensure that this investigative technique is used judiciously,
with deference to the privacy of intercepted subjects and with
deference to the privacy of those who are not the subject of
the court order.
For example, unlike search warrants
for physically searching a house, under Title III, applications
for interception of wire and electronic communications require
the authorization of a high-level Department of Justice (DOJ)
official before the local United State Attorneys offices can
make an application to a federal court. Unlike typical search
warrants, federal magistrates are not authorized to approve such
applications and orders, instead, the applications are viewed
by federal district court judges. Further, interception of communications
is limited to certain specified federal felony offenses.
Applications for electronic surveillance
must demonstrate probable cause and state with particularity
and specificity: the offenses being committed, the telecommunications
facility or place from which the subject's communications are
to be intercepted, a description of the type of conversations
to be intercepted, and the identities of the persons committing
the offenses and anticipated to be intercepted. Thus, criminal
electronic surveillance laws focus on gathering hard evidencenot
intelligence.
Applications must indicate that
other normal investigative techniques have been tried and failed
to gather evidence of crime, or will not work, or are too dangerous,
and must include information concerning any prior electronic
surveillance regarding the subject or facility in question. Court
orders are initially limited to 30 days, with extensions possible,
and must terminate sooner if the objectives are met. Judges may,
and usually do, require periodic reports to the court, typically
every 7 to 10 days, advising it of the progress of the interception
effort. This assures close and on-going oversight of the electronic
surveillance by the United States Attorney's office handling
the case and frequently by the court as well. Interceptions are
required to be conducted in such a way as to "minimize the
interception of communications not otherwise subject to interception"
under the law, such as unrelated, irrelevant, and non-criminal
communications of the subjects or others not named in the application.
To ensure the evidentiary integrity
of intercepted communications they must be recorded, if possible,
on magnetic tape or other devices, so as to protect the recording
from editing or other alterations. Immediately upon the expiration
of the interception period, these recordings must be presented
to the federal district court judge and sealed under his or her
directions. The presence of the seal is a prerequisite for their
use or disclosure, or for the introduction of evidence derived
from the tapes. Applications and orders signed by the judge are
also to be sealed by the judge.
Within a reasonable period of
time after the termination of the intercept order, including
extension, the judge is obligated by law to ensure that the subject
of the interception order, and other parties as are deemed appropriate,
are furnished an inventory, that includes notice of the order
the dates during which the interceptions were carried out, and
whether or not the communication were intercepted. Upon motion,
the judge may also direct that portion of the contents of the
intercepted communication be made available to affected person
for their inspection.
Under Title III, any person who
was a part to an intercepted communication or was a party against
whom an interception was directed may in any trial, hearing,
or other proceeding move to suppress the contents of any intercepted
communication or any evidence derived therefrom if there are
grounds demonstrating that the communication was not lawfully
intercepted, the order authorizing or approving the interception
was insufficient on its face or the interception was not in conformance
with the order.
The illegal, unauthorized conduct
of electronic surveillance is a federal criminal offense punishable
by imprisonment for up to five years, a fine, or both. In addition,
any person whose communications are unlawfully intercepted, disclosed,
or used, may recover in a civil action damages, including punitive
damages, as well as attorney's fees and other costs against the
person or entity engaged in the violation.
The technical assistance of service providers in helping a law
enforcement agency execute an electronic surveillance order is
always important, and in many cases it is absolutely essential.
This is increasingly the case with the advent of advanced communication
services and networks such as the Internet. Title III mandates
service provider assistance incidental to law enforcement's execution
of electronic surveillance orders by specifying that a court
order authorizing the interception of communication shall upon
the request of the applicant, direct that a telecommunications
"service provider, landlord, custodian, or other person
shall furnish the applicant forthwith all information, facilities,
and technical assistance necessary to accomplish the interception
unobtrusively and with a minimum of interference with the services
that such service provider, landlord, custodian, or person is
according the person whose communications are to be intercepted.
In practice, judges may sign two orders: one order authorizing
the law enforcement agency to conduct the electronic surveillance,
and a second, abbreviated, assistance order directed to the service
provider, specifying, for example, in the case of E-mail, the
E-mail account name of the subject that is the object of the
order and directing the provision of necessary assistance.
Service providers and their personnel
are also subject to the electronic surveillance laws, meaning
that unauthorized electronic surveillance of their customers
(or anyone else) is forbidden, and criminal and civil liability
may be assessed for violations. Not only are unauthorized interceptions
proscribed, but so also is the use or disclosure of the contents
of communications that have been illegally intercepted. It is
for this reason, among others, that service providers typically
take great care in providing assistance to law enforcement in
carrying out electronic surveillance pursuant to court order.
In some instances, service providers opt to provide "full"
service, essentially carrying out the interception for law enforcement
and providing the final interception product, but, in many cases,
service providers are inclined only to provide the level of assistance
necessary to allow the law enforcement agency to conduct the
interception.
In recent years, it has become
increasingly common for the FBI to seek, and for judges to issue,
orders for Title III interceptions which are much more detailed
than older orders which were directed against "plain old
telephone services." These detailed order, in order to be
successfully implemented, require more sophisticated techniques
to ensure that only messages for which there is court authorization
to intercept are, in fact, intercepted. The increased detail
in court orders responds to two facts.
First, the complexity of modern
communications networks, like the Internet, and the complexity
of modern users' communications demand better discrimination
than older analog communications. For example, Internet users
frequently use electronic messaging services, like E-mail, to
communicate with other individuals in a manner reminiscent of
a telephone call, only with text instead of voice. Such messages
are often the targets of court ordered interception. Users also
use services, like the world wide web, which looks more like
print media than a phone call. Similarly, some Internet services,
like streaming video, have more in common with broadcast media
like television, than with telephone calls. These types of communications
are less commonly the targets of an interception order.
Second, for many Internet services,
users share communications channels, addresses, etc. These factors
make the interception of messages for which law enforcement has
court authorization, to the exclusion of all others, very difficult.
Court orders, therefore, increasingly include detailed instructions
to preclude the interception of communications that lie outside
the scope of the order.
In response to a critical need
for tools to implement complex court orders, the FBI developed
a number of capabilities including the software program called
"Carnivore." Carnivore is a very specialized network
analyzer or "sniffer" which runs as an application
program on a normal personal computer under the Microsoft Windows
operating system. It works by "sniffing" the proper
portions of network packets and copying and storing only those
packets which match a finely defined filter set programmed in
conformity with the court order. This filter set can be extremely
complex, and this provides the FBI with an ability to collect
transmissions which comply with pen register court orders, trap
& trace court orders, Title III interception orders, etc.
It is important to distinguish
now what is meant by "sniffing." The problem of discriminating
between users' messages on the Internet is a complex one. However,
this is exactly what Carnivore does. It does NOT search through
the contents of every message and collect those that contain
certain key words like "bomb" or "drugs."
It selects messages based on criteria expressly set out in the
court order, for example, messages transmitted to or from a particular
account or to or from a particular user. If the device is placed
at some point on the network where it cannot discriminate messages
as set out in the court order, it simply lets all such messages
pass by unrecorded.
One might ask, "why use
Carnivore at all?" In many instances, ISPs, particularly
the larger ones, maintain capabilities which allow them to comply,
or partially comply with lawful orders. For example, many ISPs
have the capability to "clone" or intercept, when lawfully
ordered to do so, E-mail to and from specified user accounts.
In such cases, these abilities are satisfactory and allow full
compliance with a court order. However, in most cases, ISPs do
not have such capabilities or cannot employ them in a secure
manner. Also, most systems devised by service providers or purchased
"off the shelf" lack the ability to properly discriminate
between messages in a fashion that complies with the court order.
Also, many court orders go beyond E-mail, specifying other protocols
to be intercepted such as instant messaging. In these cases,
a cloned mailbox is not sufficient to comply with the order of
the court.
Now, I think it is important
that you understand how Carnivore is used in practice. First,
there is the issue of scale. Carnivore is a small-scale device
intended for use only when and where it is needed. In fact, each
Carnivore device is maintained at the FBI Laboratory in Quantico
until it is actually needed in an active case. It is then deployed
to satisfy the needs of a single case or court order, and afterwards,
upon expiration of the order, the device is removed and returned
to Quantico.
The second issue is one of network
interference. Carnivore is safe to operate on IP networks. It
is connected as a passive collection device and does not have
any ability to transmit anything onto the network. In fact, we
go to great lengths to ensure that our system is satisfactorily
isolated from the network to which it is attached. Also, Carnivore
is only attached to the network after consultation with, and
with the agreement of, technical personnel from the ISP.
This, in fact, raises the third
issue - that of ISP cooperation. To date, Carnivore has, to my
knowledge, never been installed onto an ISP's network without
assistance from the ISP's technical personnel. The Internet is
a highly complex and heterogeneous environment in which to conduct
such operations, and I can assure you that without the technical
knowledge of the ISP's personnel, it would be very difficult,
and in some instances impossible, for law enforcement agencies
to successfully implement, and comply with the strict language,
of an interception order. The FBI also depends upon the ISP personnel
to understand the protocols and architecture of their particular
networks.
Another primary consideration
for using the Carnivore system is data integrity. As you know,
Rule 901 of the Federal Rules of Evidence requires that authentication
of evidence as a precondition for its admissibility. The use
of the Carnivore system by the FBI to intercept and store communications
provides for an undisturbed chain of custody by providing a witness
who can testify to the retrieval of the evidence and the process
by which it was recorded. Performance is another key reason for
preferring this system to commercial sniffers. Unlike commercial
software sniffers, Carnivore is designed to intercept and record
the selected communications comprehensively, without "dropped
packets."
In conclusion, I would like to
say that over the last five years or more, we have witnessed
a continuing steady growth in instances of computer-related crimes,
including traditional crimes and terrorist activities which have
been planned or carried out, in part, using the Internet. The
ability of the law enforcement community to effectively investigate
and prevent these crimes is, in part, dependent upon our ability
to lawfully collect vital evidence of wrongdoing. As the Internet
becomes more complex, so do the challenges placed on us to keep
pace. We could not do so without the continued cooperation of
our industry partners and innovations such as the Carnivore software.
I want to stress that the FBI does not conduct interceptions,
install and operate pen registers, or use trap & trace devices,
without lawful authorization from a court.
I look forward to working with
the Subcommittee staff to provide more information and welcome
your suggestions on this important issue. I will be happy to
answer any questions that you may have. Thank you.
This document was originally found at http://www.fbi.gov/pressrm/congress/congress00/kerr072400.htm