CIAO DATE: 11/01

FBI Press Room: Congressional Statement — Carnivore Diagnostic Tool

Statement for the Record of Donald M. Kerr
Assistant Director, Laboratory Division
Federal Bureau of Investigation

September 6, 2000

Statement for the record of Donald M. Kerr, Assistant Director, Laboratory Division, Federal Bureau of Investigation, on the Carnivore Diagnostic Tool, before the United States Senate Committee on the Judiciary, Washington, D.C.

Good morning, Mr. Chairman and Members of the Committee. I am grateful for this opportunity to discuss with you the FBI's Carnivore system—a system specially designed for effectively enforcing the law while at the same time fully complying with the law. Carnivore is a system which we are counting on to help us in critical ways in combating acts of terrorism, espionage, information warfare, hacking, and other serious and violent crimes occurring over the Internet, acts which threaten the security of our Nation and the safety of our people. In my statement, I will touch upon five points: why we need a system like Carnivore; why the public should have confidence that the FBI is lawfully using Carnivore; how Carnivore, as a special purpose electronic surveillance tool, works; why computer network service providers, with whom the FBI always work closely, should not be fearful about Carnivore's use with their networks; and, as an overarching matter, why the public should have trust in the FBI's conduct of electronic surveillance and in its use of the Carnivore system. In addressing these important points, we hope to set the record straight and allay any legal, privacy, network security, and trustworthiness concerns.

Why does the FBI need a system like Carnivore?

By now, it has become common knowledge that terrorists, spies, hackers, and dangerous criminals are increasingly using computers and computer networks, including the Internet, to carry out their heinous acts. In response to their serious threats to our Nation, to the safety of the American people, to the security of our communications infrastructure, and to the important commercial and private potentialities of a safe, secure, and vibrant Internet, the FBI has responded by concentrating its efforts, including its technological efforts and resources, to fight a broad array of Cyber-crimes.

While the FBI has always, as a first instinct, sought to work cooperatively and closely with computer network service providers, software and equipment manufacturers, and many others to fight these crimes, it also became obvious that the FBI needed its own tools to fight this battle, especially where legal, evidentiary, and investigative imperatives required special purpose tools. One such tool is Carnivore, which I will discuss at length today. However, before discussing Carnivore, it is important to identify and briefly discuss some of the types of Cyber-crime threats which we in law enforcement have been encountering, and will encounter in the future, and concerning which Carnivore, and tools such as Carnivore, are of critical importance to the FBI.


Terrorist groups are increasingly using new information technology (IT) and the Internet to formulate plans, raise funds, spread propaganda, and communicate securely. In his statement on the worldwide threat in the year 2000, Director of Central Intelligence George Tenet testified that terrorist groups, "including Hezbollah, HAMAS, the Abu Nidal organization, and Bin Laden's al Qa'ida organization are using computerized files, E-mail, and encryption to support their operations." As one example, convicted terrorist Ramzi Yousef, the mastermind of the World Trade Center bombing, stored detailed plans to destroy United States airliners on encrypted files on his laptop computer.

Other terrorist groups, such as the Internet Black Tigers (who are reportedly affiliated with the Tamil Tigers), engage in attacks on foreign government websites and E-mail servers. "Cyber terrorism"—the use of Cyber tools to shut down critical national infrastructures (such as energy, telecommunications, transportation, or government operations) for the purpose of coercing or intimidating a government or civilian population—is emerging as a very real threat.

Recently, the FBI uncovered a plot to break into National Guard armories and to steal the armaments and explosives necessary to simultaneously destroy multiple power transmission facilities in the Southern United States. After introducing a cooperating witness into the inner circle of this domestic terrorist group, it became clear that many of the communications of the group were occurring via E-mail. As the investigation closed, computer evidence disclosed that the group was downloading information about Ricin, the third most deadly toxin in the world. Without the fortunate ability to place a person in this group, the need and technological capability to intercept their E-mail communications' content and addressing information would have been imperative, if the FBI were to be able to detect and prevent these acts and successfully prosecute.


Not surprisingly, foreign intelligence services have adapted to using Cyber tools as part of their espionage trade craft. Even as far back as 1986, before the worldwide surge in Internet use, the KGB employed West German hackers to access Department of Defense systems in the well-known "Cuckoo's Egg" case. It should not surprise anyone to hear that foreign intelligence services increasingly view the Internet and computer intrusions as useful tools for acquiring sensitive U. S. government and private sector information.

Information Warfare:

The prospect of "information warfare" by foreign militaries against our Nation's critical infrastructures is perhaps the greatest potential Cyber threat to our national security. We know that several foreign nations are developing information warfare doctrine, programs, and capabilities for use against the United States or other nations. Knowing that they cannot match our military might with conventional weapons, nations see Cyber attacks on our critical infrastructures or military operations as a way to hit what they perceive as America's Achilles heel—our growing dependence on information technology in government and commercial operations. Two Chinese military officers recently published a book that called for the use of unconventional measures, including the propagation of computer viruses, to counterbalance the military power of the United States. And a Russian official has also commented that an attack on a national infrastructure could, "by virtue of its catastrophic consequences, completely overlap with the use of [weapons] of mass destruction."

Child Pornography and Sexual Exploitation of Children:

Through the FBI's "Innocent Images" case, and others, it has become abundantly clear that certain adults are using computers and the Internet widely to disseminate child pornography and to entice young children into illegal and often violent sexual activity. Such sexual predators find the Internet to be a well-suited medium to trap unwary children. Since 1995, the FBI has investigated nearly 800 cases involving adults traveling interstate to meet minors for the purpose of illegal sexual relationships, and more than 1850 cases involving persons trading child pornography—almost all of these involve the exchange of child pornography over the Internet.

Serious Fraud:

One of the most serious criminal threats facing the Nation is the use of the Internet for fraudulent purposes. For example, securities offered over the Internet have added an entirely new dimension to securities fraud investigations. The North American Securities Administrators Association has estimated that Internet-related stock fraud results in a loss to investors of approximately $10 billion per year (or nearly $1 million per hour). In one case, on March 5, 2000, nineteen people were charged in a multimillion-dollar insider trading scheme. At the core of the scheme, the central "insider" figure went online and found others in ISP chat rooms. He soon was passing inside information on clients of several brokerage firms to two other individuals in exchange for a percentage of any profits they earned by acting on it. For 2 ½ years, this person passed inside information, communicating almost solely through online chats and instant messages, with the insider receiving $170,000 in kickbacks while his partners made $500,000.

Why should the public have confidence in the FBI's lawful use of Carnivore?

There are a number of reasons why the public should have confidence in the FBI's lawful use of Carnivore. First of all, since 1986, with the enactment of the Electronic Communications Privacy Act of 1986 (ECPA), which amended Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (Title III), Congress created statutory legal protection for all types of wire and electronic communications' content, including computer and Internet-based communications' content, consistent with the Constitution. The ECPA also created statutory privacy protection for "transactional records" pertaining to an electronic communications provider's provision of services to a customer or subscriber consistent with the Constitution. The term "transactional records," as used here, includes addressing (e.g., in the context of E-mail communications, the "to" and "from "lines—but not the "subject" or "re" lines), routing, billing, or other information maintained or generated by the service provider. "Transactional records" do not include the content (substance, purport or meaning) of E-mails or other communications. Correspondingly, in the ECPA, Congress regulated all governmental electronic surveillance interceptions of communications' content and all acquisitions of communications addressing and transactional record information consistent with the Constitution. Under the ECPA, all such electronic surveillance efforts require some form of court order, either a full Title III (probable cause-based) court order for obtaining communications' content or an ECPA-created court order based upon relevancy for communications' addressing and transactional record information. Of course, there are "emergency" provisions whereby surveillance is permitted to proceed immediately, when high-level Department of Justice authorization is obtained, so long as a court order is filed within 48 hours.

Under Title III, applications for electronic surveillance must demonstrate probable cause and state with particularity and specificity: the offenses being committed, the communications facility regarding which the subject's communications are to be intercepted, a description of the types of conversations to be intercepted, and the identities of the persons committing the offenses and anticipated to be intercepted. Clearly, the criminal electronic surveillance laws focus on gathering hard evidence—not intelligence. Under this law, the FBI cannot, and does not, "snoop."

In obedience of the law, the FBI obtains judicial authorization, in terms of always obtaining the appropriate court order required when intercepting wire and electronic communications' content or when acquiring addressing information and transactional record information, or lawful consent, regardless of whether they are occurring over a computer or telecommunications network. The FBI's use of the Carnivore system—approximately 25 times in the last two years—has in every case and at all times been pursuant to such a judicially-granted court order or lawful consent. In every case, we only deploy Carnivore after serving a court order on an ISP (or after obtaining lawful consent of a party to the communication) and then only after working closely with the ISP technicians or engineers in installing it. Parenthetically, where the ISP is equipped to fully and properly implement the court order or consensual authorization, the FBI leaves the interception to the ISP and does not rely upon Carnivore. Moreover, if an FBI employee were to attempt to acquire such content or information using Carnivore without obtaining a court order or appropriate consent, it would be a serious violation of the law—a federal felony, thereby subjecting the employee to criminal prosecution, civil liability, and termination. Finally, FBI employees fully understand that the unlawful interception of the content of private communications will lead to the suppression of any and all tainted evidence and any evidence or fruits derived therefrom. In short, the penalties for violating the electronic surveillance laws are so severe as to dissuade any such unlawful behavior, even if someone were so inclined.

Those who have raised legal concerns regarding Carnivore have principally asserted that (1) through its use of Carnivore, the FBI is collecting more information than a given pen register or trap and trace court order permits, or (2) while using Carnivore, the FBI is acquiring more information under such order than that order should lawfully permit.

As to the first assertion (as will be explained in detail below), in many investigative situations (principally those involving pen register or trap and trace court orders), Carnivore—far better than any commercially-available sniffer—is configurable so as to filter with precision certain electronic computer traffic (i.e., the binary computer code, the fast-flowing streams of O's and 1's) such that, in each case, FBI personnel only receive and see the specified communications addressing information associated with a particular criminal subject's service, concerning which a particular ECPA court order has been authorized. Further, to our knowledge, there are few, if any, electronic surveillance tools that perform like Carnivore, in terms of its being able to be tailored to comply with different court orders, owing to its ability to filter with precision computer code traffic.

In fact, the genesis for some of the technological functionality of Carnivore was the result of the FBI's decision, made in light of privacy and investigative concerns, that prudent practice, with regard to computer network-based electronic surveillance, dictated that the communications' addressing information gleaned through technical equipment the FBI would be using should, to the fullest extent possible, correspond to that information authorized for acquisition and use under law. In this regard, prior to our development of Carnivore, the FBI, consistent with the Constitution and the legal mandate found in 18 U.S.C. 3121, was using "technology reasonably available to it" which permitted the acquisition of communications' addressing information, but which necessitated minimization. However, while the technology then available (principally commercial sniffers) worked as well as could be expected, as discussed in greater detail below, such equipment had never been designed as a law enforcement electronic surveillance tool, and hence had shortcomings. Not knowing if, or when, market forces would lead to the development of a law enforcement electronic surveillance tool, the FBI took the initiative.

In this context, we want to make sure that both the Congress and the public understand that, in using Carnivore, there is no broad-brush acquisition by either Carnivore or by FBI personnel of the "contents of the wire or electronic communications" of all ISP users—such as to constitute an unauthorized Title III "intercept." Carnivore only intercepts the communications of that particular criminal subject for which a Title III order has been obtained. Similarly, we want everyone to understand that, in using Carnivore, there is no broad brush collection, storage, or review, by either Carnivore or by FBI personnel, of the addressing or transactional information regarding any ISP user beyond that pertaining to the criminal subject's service for which an ECPA court order under 18 U.S.C. 3123 and 18 U.S.C. 2703(c)(d) has been obtained.

As to the second assertion, some have stated that, in their opinion, the FBI is acquiring more information when it uses Carnivore to acquire communications addressing and transactional record information than it should be entitled to under the Constitution or under the ECPA statutory regimes found in Chapters 206 and 121 of Title 18 of the United States Code, and, in particular, under the court order authorities within 18 U.S.C. 3123 and 18 U.S.C. 2703(c)(d). By way of response, and more to the point, it appears that much, if not most, of this contention regarding governmental access to communications addressing and transactional information emanates from concerns about the use of electronic surveillance generally, as opposed to the FBI's use of Carnivore in particular. However, there is little or nothing in law or Federal jurisprudence to support the contention that has been asserted in this regard.

In 1979, the U.S. Supreme Court ruled that, because there was no justifiable or reasonable expectation of privacy in the electronic impulses dialed and transmitted over the telephone lines of a service provider to initiate a telephone call, no Fourth Amendment search or seizure was implicated, and, accordingly, that no legal right or protection regarding governmental acquisition of such information was cognizable or afforded under the Constitution (see, Smith v. Maryland, 442 U.S. 735 (1979). Similarly, the U.S. Supreme Court had earlier found no Constitutional right or protection against the Government's warrantless acquisition of banking information that had been disclosed by a customer to a third party financial institution (see, United States v. Miller, 425 U.S. 435, 442-444 (1976)). Hence, then, at least as a matter of Constitutional law, the Supreme Court has found no Constitutional requirement for a probable cause-based warrant in order to acquire transactional records or information that a customer conveys or transmits to third parties such as banks and telephone service providers.

In 1986, in enacting the ECPA's Title II and Title III provisions, the Congress was aware of the foregoing Supreme Court rulings and sought to "create" new privacy protection in statute to protect a subscriber's communications addressing and transactional record information. Also, just as it intended to afford statutory privacy protection for such information, Congress also created appropriate and commensurate court order authorities for lawful governmental use in acquiring such information. In doing so, Congress made very reasonable, considered, and balanced determinations as to the level of privacy protection that was appropriate for each type of information at issue. Now, although it is true that there have been great changes in computer technology since 1986, the core statutory privacy principles and fault lines applicable to protecting computer-based communications content, on the one hand, and communications addressing information, on the other, as well as to their lawful interception or acquisition, have remained quite stable.

Since 1986, and long before the advent and use of Carnivore, the FBI and many other Federal, State, and local governmental authorities having been lawfully acquiring computer network-based addressing and transactional information from both telecommunications carriers and Internet Service Providers (ISPs) under court order as anticipated by Congress within the ECPA, i.e., the court order authorities set forth within 18 U.S.C. 3123 and 18 U.S.C. 2703(c)(d). Governmental surveillance in this area has proceeded based upon the rightful premise that, with the appropriate ECPA court order(s), each and every type of communications addressing and transactional record information found within telecommunications and computer networks could be lawfully acquired. Since the ECPA was enacted, federal courts throughout the country have consistently authorized ECPA-based court orders applied for by the Department of Justice and the United States Attorneys' Offices, under the authorities set forth within 18 U.S.C. 3123 and 18 U.S.C. 2703(c)(d), with regard to the types of governmental access to and acquisition of computer network addressing information currently being complained of, without finding Constitutional or statutory impediment.

Finally, with specific reference to Carnivore, in the approximately 25 instances wherein its use has occurred, the courts have approved the applications, in terms of what was lawfully obtainable through the federal statutory regime(s) and/or court orders cited above, and in terms of the information which Carnivore, through its filtering, enables FBI personnel to lawfully receive or see under these regimes. In the only case challenging Carnivore's intended use (in a case involving the acquisition of E-mail addressing information under the court order authorities set forth within 18 U.S.C. 2703(c)(d) and 18 U.S.C. 3123), the court sided with the Government, finding that the addressing information to be acquired through the Government's use of Carnivore was no more intrusive than the information acquired through a conventional pen register under 18 U.S.C. 3123.

How does Carnivore work, and why the FBI believes Carnivore is superior from a legal, privacy, investigative, evidentiary and technological perspective to commercial sniffers?

Carnivore is a very effective and discriminating special purpose electronic surveillance system. Carnivore is a filtering tool which the FBI has developed to carefully, precisely, and lawfully conduct electronic surveillance of electronic communications occurring over computer networks. In particular, it enables the FBI, in compliance with the Constitution and the Federal electronic surveillance laws, to properly conduct both full communications' content interceptions and pen register and trap and trace investigations to acquire addressing information.

For many electronic surveillance purposes, Carnivore is superior to any commercially-available "sniffer" tool which ISP network administrators typically might use for network oversight, management, and trouble-shooting. In the ISP world, such sniffers are the closest thing to what would be considered an electronic surveillance interception device. Such sniffers, however, were never designed or intended to be a special purpose electronic surveillance tool, and therefore they are not best suited to protect the privacy rights afforded by the Constitution or by statute.

It's important to describe the context of when and how Carnivore is used and the way Carnivore works. It's most critical to clearly understand what Carnivore discloses and, more importantly, what it does not disclose to the FBI personnel who use it.

First of all, as emphasized above, Carnivore is only employed when the FBI has a court order (or lawful consent) authorizing a particular type of interception or acquisition regarding a particular criminal subject user, user address, or account number. Second, when an ISP can completely, properly, and securely comply with the court order on its own, the FBI does not need to deploy Carnivore. Third, if a decision is made to use Carnivore, the FBI never deploys it without the cooperation and technical assistance of the ISP technicians and/or engineers. Fourth, through working with the ISP, Carnivore is positioned and isolated in the network so as to focus exclusively upon just that small segment of the network traffic where the subject's communications can be funneled. This is roughly analogous to using an electronic surveillance device only within in a single trunk or cable within a telephone network. Stated differently, and contrary to the statements of some critics, Carnivore is not positioned to filter or access 'in a Big Brother mode, all subscriber traffic throughout an ISP network.'

In illustrating its functionality, it is important to understand that Carnivore's filtering operates in stages. Carnivore's first action is to filter a portion of an ISP's high speed network traffic. Specifically, it filters binary code—streams of O's and 1's that flow through an ISP network, for example, at 40 mega-bits per second, and often at much higher speeds. Carnivore operates real time with these speeds. To visualize this, imagine a huge screen containing 40 million O's and 1's flashing by on this screen for one second, and for one second only. Carnivore's first effort—entirely within the Carnivore box—is to identify within those 40 million O's and 1's whether the particular identifying information of the criminal subject (for which a court order has been authorized) is there.

If the subject's identifying information is detected, the packets of the subject's communication associated with the identifying information that was detected, and those alone, are segregated for additional filtering or storage. However, it's critically important to understand that all of those 40 million O's and 1's associated with other communications are instantaneously vaporized after that one second. They are totally destroyed; they are not collected, saved, or stored. Hence, FBI personnel never see any of these 40 million O's and 1's, not even for that one second. Continuing the illustration, if the subject's identifying information is not in that screen, then the next screen of 40 million O's and 1's flashes by at the same rate, and the process described above is repeated in identical fashion until the subject's identifying information is detected.

After exclusively segregating the subject's information for further machine processing, then a second stage of filtering is employed. At this point, and again all within the Carnivore box, Carnivore checks its programming to see what it should filter and collect for processing. In other words, it determines if it's supposed to collect comprehensively—in a full Title III or FISA mode—or, alternatively, whether it's only to collect pen register or trap and trace transactional and addressing information.

Importantly, this is where some of Carnivore's key legal, evidentiary, and privacy-enhancing features really kick in. To address the particular concerns that have been raised regarding what is filtered and processed, and what FBI personnel see and don't see, its useful to illustrate how Carnivore operates, for example, in a pen register or trap and trace transactional and addressing information mode, pursuant to authorities set forth within 18 U.S.C. 3123 and 18 U.S.C. 2703(c)(d). Under these circumstances, Carnivore only collects transactional and addressing information. It is programmed to filter out all content, including subject line and "re" information.

For example, certain pen register or trap and trace orders will authorize collection of simply "source,""destination," date, time, and duration of the message. Others will authorize collection of "source,""destination,""user account address," date, time, and duration. Again, each collection, and the filters being employed, are tailored to a particular court order's authorization.

At this point, an explanation on a more technological and functional level is warranted as to why, with regard to pen register and trap and trace transactional and addressing information usage, Carnivore's use was necessitated by certain privacy, evidentiary, and investigative concerns. Commercially-available sniffers do a very good job in many circumstances of filtering and segregating ISP information, especially in Title III interceptions. However, in other cases, where more stringent legal, evidentiary, and law enforcement investigative requirements exist, many sniffers would collect either too much information, such as collecting all of the information regarding a given criminal subject's account, or, alternatively, fail to collect the authorized information at all.

For example, because of differences and vagaries in network protocols and header addressing information and their implementations by ISPs, collections with these commercial sniffers often do not cut off the header addressing information at the precise point. This can lead to a small amount of a communications' content being included (such as the "subject line") which then must be minimized by human review. Hence, resort to commercial sniffers alone under certain circumstances raises privacy concerns and interferes with the FBI's investigative resources. While such sniffer capabilities might suffice for non-law enforcement network administration purposes, it is less than perfect from a law enforcement point of view. Carnivore's development was driven by a need to address such issues.

In another area with significant legal, evidentiary, and investigative ramifications, Carnivore is superior to commercial sniffers. Commercial sniffers are typically designed to work only with fixed IP addresses. Unfortunately, dynamic addressing within ISPs occurs probably in 98-99% of the cases. Hence, the use of commercial sniffers, without more, would be ineffective in 98-99% of court authorized collections. Carnivore was specifically designed to interface with ISP networks so that when dynamic addressing occurs it can immediately respond to it. Finally, while it is true that other efforts with ISPs can address this problem, this problem is effectively and efficiently resolved technically by Carnivore.

In still another area with significant legal, evidentiary, and investigative ramifications, Carnivore has the ability to filter and collect Simple Mail Transfer Protocol (SMTP) traffic sent to or from a specific user. Most, if not all, commercial sniffers would collect all E-mails and then require a human visual search to find the targeted E-mail. This obviously is wanting from a privacy and operational perspective. Carnivore, on the other hand, has the ability to conduct very surgical acquisitions of only a targeted criminal subject's E-mail.

To repeat, during all the filtering/processing noted above, no FBI personnel are seeing any information—all of the information filtering/processing, and purely in a machine-readable format, is occurring exclusively "within the box."

Now, at the end of all the filtering and processing, there, of course, is information that ultimately is collected and stored for human review. Hence, what finally reaches the hands of FBI personnel in every case is simply and only that particular information lawfully authorized by the court order—and no more.

Finally, Carnivore includes another piece of important functionality. For evidentiary purposes, and as an audit history, Carnivore was also designed to append to an event file for each collection the filter configuration that was used in that collection. This information tells the FBI personnel—and indeed it tells the world, including a court, defense counsel, and a jury—what mode the device was operating in (what it was programmed to collect), so as to allay any suspicion that more information was being passed along to FBI personnel.

As you know, Rule 901 of the Federal Rules of Evidence requires the authentication of evidence as a precondition for its admissibility. The use of the Carnivore system by the FBI to intercept and store communications establishes, with much less human interaction and without the potential for human error, a trustworthy machine-based memorialization of the evidence. It also establishes a reliable first link in an undisturbed chain of custody, and it facilitates the ease and accuracy of a witness' testimony by permitting the witness to testify as to the retrieval of the evidence and as to the purely technological method by which the evidence was acquired and recorded. Finally, Carnivore is being upgraded by adding an integrity feature which will further demonstrate the authenticity of the information, by imprinting on the evidence the collection mode being used. It thus helps prove authenticity, by demonstrating that no alteration has been made to the filter settings employed or to the information obtained. As an evidentiary matter, such features strengthen showings of "chain of custody," authenticity, and non-alteration.

Why computer network service providers should not be fearful about Carnivore's use with their networks

Notwithstanding assertions to the contrary, the Carnivore system is safe to operate with IP networks. As noted above, Carnivore is only installed in that small segment of the computer network through which the criminal subject's communications traffic will pass. The Carnivore system is connected with the network by a bridging device that physically prevents Carnivore from transmitting into the network. Thus, as a technological certainty, there is absolutely no way it could possibly have any ability to transmit any information or thing into the network.

Importantly, Carnivore is only attached to the network after consultation with, and after obtaining the agreement and assistance of, technical personnel from the ISP. It is worth noting that, to date, the FBI has never installed Carnivore with an ISP's network without first obtaining the assistance of the ISP's technical personnel. The Internet is a highly complex and heterogeneous environment in which to conduct electronic surveillance, and I can assure you that without the technical knowledge of the ISP's personnel, it would be very difficult, and in some instances impossible, for law enforcement agencies to act unilaterally and successfully in implementing such a technical effort. Moreover, the FBI particularly depends upon the ISP personnel to understand the protocols and architecture of their particular networks.

Some critics have also asserted that the use of the Carnivore system introduces significant new vulnerabilities for hacking access. But such assertions miss the mark. With regard to hacking, and considering the hacking methodologies most commonly employed, there would be absolutely no greater qualitative value in trying to use the Carnivore system as an access point than any other access point or node in the Internet, concerning which there are literally millions. Indeed, recognizing that Carnivore is a law enforcement surveillance tool, a hacker's attempted use of it as an access path would be particularly foolish inasmuch as access to Carnivore, as noted above, would never create an actual transmission path into the network.

Lastly, there has been the suggestion, in prior Congressional testimony, that the Carnivore system had caused a network crash or other problems in the network of a particular ISP. Let me emphasize that such a suggestion is simply factually incorrect. In the instance cited, the cause of the network problem (there was no crash)—it was in the nature of a network slowdown—was programming steps undertaken exclusively by that ISP's technicians, and entirely on their own.

Why should the public have trust in the FBI's conduct of electronic surveillance, and, in particular, in its use of the Carnivore system

We believe that the American public should have trust in the FBI's conduct of electronic surveillance, principally because it has an outstanding record of lawfully complying with the Federal electronic surveillance laws which the Congress first enacted over thirty years ago, in 1968. Although the assertion of widespread 'illegal FBI wiretapping' is frequently made, and is an article of faith for some, the facts in no way support it. Any careful review of the dockets of the Federal courts offers no support to the assertion of FBI electronic surveillance abuse during these years. Indeed, all FBI electronic surveillance is authorized and carefully supervised by many different "outside" entities.

To begin with, in every FBI investigation involving electronic surveillance, all surveillance efforts are approved, monitored, and overseen at each step of the way by both the local United States Attorneys Office and the appropriate U.S. District Court Judge (for Title IIIs) or Magistrate (for ECPA court orders). In surveillance conducted under the Foreign Intelligence Surveillance Act (FISA), FBI surveillance efforts are approved, monitored, and overseen by the Department of Justice's Office of Intelligence Policy and Review, and by the Foreign Intelligence Surveillance Court, respectively. Moreover, before any full-blown Title III or FISA electronic surveillance involving the interception of communications' content is approved, lengthy, multi-layered, and thorough reviews occur both within the FBI and within the Department of Justice, and, as a statutory mandate, high-level Department of Justice approval is required for all such surveillance.

For more than three decades now, FBI electronic surveillance has been closely supervised and monitored by the Department of Justice. There has been no indication of FBI abuse. Indeed, the Department of Justice typically points to the FBI as an agency model with regard to how to carefully and lawfully conduct electronic surveillance.

Aside from Executive and Judicial Branch review of FBI electronic surveillance efforts, the Congress itself exercises frequent and ongoing oversight over the FBI's conduct of electronic surveillance in a number of ways. Year in and year out, numerous Congressional Committees (and their staff) involved in authorizations and appropriations scrutinize FBI expenditures, programs, and even equipment. Committees on the Judiciary and Intelligence frequently hold hearings, such as this, and submit written questions to be addressed by the FBI. Further, since Title III's enactment in 1968, the Congress has revisited the Federal electronic surveillance laws on a number of occasions: in 1978 (FISA), in 1986 (ECPA), and in 1994 (CALEA). And, as the Committee is well aware, each time the Federal electronic surveillance laws are updated there is a substantial subtext to the legislative initiative wherein the Congress considers and reconsiders whether such laws are working well and whether there is any significant indication of abuse such as to warrant the laws' curtailment or modification. However, with each of these pieces of legislation, the Congress has never found or suggested that the law enforcement community, in general, or the FBI, as an agency, in particular, was abusing the electronic surveillance authorities.

Further, in recent years, it has become somewhat commonplace for members of the Congress to request a visit to the FBI's Engineering Research Facility (ERF) to permit themselves and/or their staff to understand FBI surveillance methodologies, etc., better. Beyond these, every year the Administrative Office of the United States Courts sends to the Congress the yearly "Wiretap Report" which specifies Federal, State, and local law enforcement's Title III electronic surveillance activities. Likewise, and also pursuant to Federal statute, every year the Department of Justice submits to the Congress a report regarding the use of pen register and traps and traces conducted by law enforcement agency components within the Department. Further, several years ago, as a part of the Anti-terrorism and Effective Death Penalty Act of 1996, the Congress requested a Report from the Department of Justice which was to specifically include a review of any abuse in law enforcement's conduct of electronic surveillance. In the Report submitted by the Department of Justice, it was pointed out that law enforcement errancy in this area was rare, and did not suggest any significant problem. In particular, there was no citation as to abuse by the FBI.

At this point, it may be useful to briefly discuss another vital component in the overall electronic surveillance/Carnivore mix: the FBI personnel who use it.

In this regard, the Committee would truly be missing a significant part of the story if we failed to point out the quality of the FBI personnel involved and the ways in which they perform their tasks. To begin with, to become an FBI employee requires a substantial showing of trustworthiness, lawfulness, and personal and professional integrity—all of which must be demonstrated through the conduct of an extensive and very thorough national security-level background investigation. To be sure, the structure of the FBI would quickly collapse if the agency and all of its onboard employees could not trust without reservation its new employees. And the FBI certainly does not recruit honest and law-abiding people only to turn around and employ them in corrupt and dishonest ways. Indeed, in contrast with the requirements placed upon many of the personnel employed by telecommunications and computer network service providers (who may have some role in implementing electronic surveillance orders), all FBI employees are specifically sworn to uphold the Constitution, obey the law, and to faithfully execute the laws of the land.

Of course, and as noted above, it is emphasized to all FBI employees that any type of illegal electronic surveillance would be a serious violation of the law—a federal felony, thereby subjecting the employee to criminal prosecution, civil liability, and termination. Further, FBI employees are made to fully understand that any unlawful surveillance will likely lead to the suppression of any and all tainted evidence and any evidence or fruits derived therefrom. In short, it is made clear that any such unlawful behavior will not be tolerated.

All FBI personnel involved in conducting electronic surveillance are thoroughly and specifically trained about the Federal electronic surveillance laws. This is particularly so for the FBI Technically Trained Agents (TTAs) who receive specialized training in the conduct of electronic surveillance, including legal instruction, at the FBI's Engineering Research Facility (ERF) in Quantico, Virginia. This training weds together the black letter law with the "hands on" technical level implementations of electronic surveillance. Moreover, FBI personnel involved in electronic surveillance are involved in ongoing consultation with attorneys from the FBI's Office of the General Counsel, the FBI Field Office's Chief Division Counsel, the Department of Justice, and the Offices of United States Attorneys.

Access to and the use of FBI electronic surveillance equipment is controlled administratively, and usually requires a trained specialist to operate it. Hence, the large pool of FBI Special Agents and support employees never have access to, or competency in the use of, such highly-specialized pieces of surveillance equipment.

In sum, over the last 32 years, the FBI's record of properly conducting court authorized electronic surveillance is a very good one—one that we believe should command the trust of the public and the Congress.

With regard to Carnivore, it is a relatively new electronic surveillance tool, and has only been used within the last two years. Trust in the FBI's use of Carnivore, we believe, should at least in part rest upon the FBI's openness and willingness to discuss this device. Indeed, perhaps the most telling fact about Carnivore, as an electronic surveillance tool, is that, in an unprecedented fashion, the FBI has shared with numerous entities in the public Carnivore's (and/or some of its technical counterparts') purpose and basic functionality—long before any concerns were raised and before any Congressional hearings were scheduled.

Ironically, the most central fact and aspect of the entire matter has gotten lost: that the FBI has spent a considerable amount of time, money, and energy in developing an electronic surveillance tool with the exclusively laudable purposes of better satisfying the Constitutional standard of particularity, the Title III and ECPA precepts of minimization, as well the legal, privacy-based, and societal concerns associated with careful, precise, and lawful surveillance efforts.

As the Committee may be aware, the FBI has briefed a wide-ranging variety of entities: governmental attorneys, leading ISPs, leading Information Technology (IT) companies, leading telecommunications service providers, academic labs, and software manufacturers as to the functionality of the Carnivore system. Hence, if, for the sake of argument, the FBI had ever possessed any untoward intentions, in terms of using Carnivore in a stealthy, illegal, or abusive way, it certainly went about pursuing them in the wrong way. In fact, the FBI's openness with regard to Carnivore should, in and of itself, properly and reasonably instill public confidence and trust, notwithstanding that some of its detractors may disagree with some aspect of Carnivore.

Of course, with regard to Carnivore, the same strict personnel, legal, training, and security practices apply. Further, given that relatively few of these devices are even available throughout the entire FBI, those in existence are under the custody and control of but a few FBI technically-trained personnel.

Finally, the FBI, in concert with the Department, has welcomed a review of the Carnivore system. The FBI believes that when all is said and done the FBI and the Carnivore device will receive a clean bill of health, and thereby hopefully more fully instill public confidence and trust in this important and critically needed investigative tool.


In conclusion, I would like to say that over the last ten years or more, we have witnessed a continuing, steady growth in computer and Internet-related crimes, including extremely serious acts in furtherance of terrorism, espionage, infrastructure attack, as well as the more conventional serious and violent crimes, to include child pornography and exploitation. These activities which have been planned or carried out, in part, using computers and the Internet pose challenges to the U.S. law enforcement community that we dare not fail to meet. In turn, the ability of the law enforcement community to effectively investigate and prevent these serious crimes is, in part, dependant upon our ability to lawfully and effectively intercept and acquire vital evidence of these crimes, and our ability to promptly respond to these harms that so threaten the American public. As the Internet becomes more complex, so too do the challenges placed upon us to keep pace. Without the continued cooperation of our industry partners and important technological innovations such as the Carnivore system, such a task would be futile.

I look forward to working with the Committee staff to provide more information and welcome your suggestions on this important issue. I will be happy to answer any questions that you may have. Thank You.

ciao responds | video project | documents | from ciao's board