As the public learns more about the technical workings and policy of government Internet
surveillance, many are concerned that fears of
privacy infringement, data  mismanagement
and government abuse may be all too legitimate.
In a legal battle with the
Federal Bureau of Investigation (FBI) and the
Justice Department, for example, the Electronic Privacy Information Center (EPIC)
uncovered technical information about the e-mail snooping program known as Carnivore, or
DCS1000.
EPIC found that Carnivore was hard to control, and in fact
botched a terrorist investigation because it collected
nontargeted e-mail, according to policy and legal documents EPIC obtained through a
Freedom of Information Act (FOIA) request, its lawsuit and a recent court order.
Security experts say that the level of government Internet monitoring is not likely to
subside, however, particularly in light of new antiterrorism and security legislation
that not only reduces warrant requirements for monitoring but also encourages Internet
service providers (ISPs) to report suspicious activity.
Biting Off Too Much
An internal FBI memo indicated that Carnivore had captured nontargeted e-mail, which
resulted in the system inadvertently discarding e-mail evidence, including messages from
a court-authorized target in a terrorist investigation.
"It shows one of the [e-mail] takes was fouled and it had to be thrown out," EPIC
legislative counsel Chris Hoofnagle told NewsFactor. Hoofnagle also countered government
claims that only subject headers, URLs and IP addresses -- and not content -- are
monitored.
"Traffic data can often indicate content," Hoofnagle said. "A lot of intelligence now is
done through simple traffic analysis."
Spies and ISPs
According to SecurityFocus senior
threat analyst Ryan Russell, while the government is looking to truck drivers and other
members of the public to deliver tips in the name of homeland security, the effort itself
has come under fire after the Web site for tips was hacked, leaving accessible a list of
informants.
Federal authorities are also seeking more leeway in monitoring electronic communications ,
such as those on the Internet. The Cyber Security Enhancement Act, recently passed
overwhelmingly in the House, would broaden an ISP's abilities and responsibilities when it
comes to reporting suspicious activity.
Hoofnagle called the legislation "very risky," adding that "no ISP is going to say no --
they're not going to want to say no."
Hoofnagle added that the act is a "real threat to Internet privacy." (continued...)
|
Five Touch Points With SugarCRM - Extend the Value of Your CRM System
PC Shipments Rose Faster Than Expected
Better Computer Chips Raise Laptops' Abilities
Review: Epson PP-100 Discproducer Does Double Duty