Carnivore (DCS-1000)

Overview

Carnivore / DCS-1000 is the substantively documented first-generation US federal-law-enforcement institutional packet-capture system for internet communications. The system's institutional substance — the operational deployment of a federal-law-enforcement-controlled packet-capture computer at an internet service provider's institutional infrastructure under court-ordered ISP cooperation — substantially established the institutional precedent that subsequent post-2005 federal-law-enforcement internet-traffic-interception institutional architecture has substantially built on. The substantive subsequent post-2005 systems (the FBI's Digital Collection System Network, DCSNet; the substantive Communications Assistance for Law Enforcement Act framework under which ISPs and telephone carriers substantially provide direct interception cooperation; the substantive post-2008 FISA Section 702 framework under which substantial portions of post-2008 internet-traffic interception have been conducted) substantially derive institutionally from the operational pattern that Carnivore substantially established.

The substantively documented institutional historical position of Carnivore is substantively the institutional reference case for the substantive question of how US federal-law-enforcement internet-traffic-interception institutional architecture should be structured. The substantively settled subsequent institutional position is that the Carnivore institutional architecture was substantively flawed — the substantive operational concerns about over-collection, the substantive institutional concerns about FBI-controlled capture-equipment located on ISP infrastructure without ISP institutional oversight of the operational scope, and the substantive subsequent shift toward CALEA-mandated provider-controlled capture infrastructure substantially produced the institutional rejection of the Carnivore architectural pattern.

Origins / Development

The Carnivore programme was substantively conceived in the institutional context of the post-1996 expansion of internet-based communication and the substantive institutional FBI recognition that conventional telephone-network electronic-surveillance methodology was substantially inadequate for the substantive interception of email and other internet-based communications. The institutional FBI Engineering Research Facility at Quantico, Virginia substantially developed the system across the 1996–97 period under the codename "Omnivore" — substantially renamed Carnivore in approximately 1998 reflecting the institutional substance that the system substantively focused on the substantive selective extraction of specifically-targeted communications from the broader institutional internet-traffic stream.

The institutional substance of the system across the 1997–2001 period was substantively a Microsoft Windows NT–based packet-capture computer running custom FBI-developed packet-filtering software. The substantive operational deployment was substantially conducted under the institutional Title III interception-order framework (for content-collection deployment) and under the substantively distinct pen-register/trap-and-trace-order framework (for metadata-only collection). The substantive operational deployment pattern across the institutional life of the system was: an FBI agent operating a Carnivore deployment received the court-ordered authority for interception against a specifically-targeted subscriber; the FBI agent coordinated with the substantively-targeted subscriber's ISP to substantively install the Carnivore computer at the appropriate institutional location within the ISP's network; the Carnivore computer was substantively configured to capture only the substantively-targeted subscriber's communications; the captured material was substantively transferred to FBI institutional storage for subsequent operational analysis.

The substantively documented operational deployment count across the Carnivore institutional life was approximately 25 deployments — a substantively limited operational footprint relative to the institutional scale of the surrounding institutional debate. The institutional substance of the limited deployment count was substantially the institutional friction associated with the operational deployment — the substantive coordination required between FBI agents, ISP institutional personnel, and federal court institutional approval — substantially limited the operational scale relative to the substantively easier subsequent post-2005 institutional alternatives.

The substantive 2000 institutional public disclosure of the system — substantially through the substantive 11 July 2000 reporting by Robert O'Harrow Jr. of the Washington Post under the title FBI's E-mail Snooper Tags 'Carnivore' — produced the substantial public-record institutional debate that defined the institutional life of the system across its substantive 2000–05 period. The institutional FBI position across the 2000–05 period was substantively defensive — substantially asserting that the system substantively operated within the institutional Title III framework, that the operational filtering substantively limited collection to substantively-targeted communications, and that the institutional deployment was substantively oversight-compliant. The institutional substance of the public-record debate produced the substantive institutional response: the institutional 2000 commissioning by Attorney General Janet Reno of the Illinois Institute of Technology Research Institute (IITRI) substantive technical review (released December 2000); the substantive 2001 institutional rebranding from Carnivore to DCS-1000; and the substantive 2002–05 institutional shift toward commercial-off-the-shelf packet-capture replacements.

Operational characteristics

The substantively documented operational characteristics of Carnivore / DCS-1000 across the post-2000 published institutional record substantially comprise the following operational pattern.

Two operational modes

The institutional substance of the system was substantively the operation in either of two operational modes. The substantive "pen mode" produced the substantive collection of metadata-only — substantively the email-header information (sender, recipient, subject line, timestamps), the substantive web-browsing metadata (URLs visited but not page content), and the substantive adjacent metadata-category information. The substantive pen mode was substantially deployed under the institutional pen-register/trap-and-trace-order framework, which substantially required only the substantive certification by an FBI agent that the substantive collection would be relevant to an institutional investigation. The substantive "full mode" produced the substantive collection of full content — substantively the email message bodies, the substantive web-page content, the substantive adjacent communications-content categories. The substantive full mode was substantially deployed under the institutional Title III interception-order framework, which substantially required the substantive judicial finding of probable cause that the substantively-targeted subscriber was substantively engaged in particular categories of criminal activity.

Filter specification methodology

The substantive operational filter specification methodology — the substantive institutional question of how the system substantively distinguished the substantively-targeted subscriber's communications from the broader institutional ISP-network traffic — was substantively the institutional question on which the substantively settled public-record debate substantially turned. The substantive institutional FBI position was that the operational filtering substantively distinguished between substantively-targeted-subscriber communications (which were substantively captured) and other-subscriber communications (which were substantively discarded without substantive examination). The substantive institutional civil-liberties position was that the substantive filtering methodology substantively involved the substantive examination of all institutional ISP-network traffic to identify which communications substantively matched the operational target criterion, with the substantive consequence that substantially every subscriber's communications were substantively examined — even if only the substantively-targeted subscriber's communications were substantively retained.

Operational deployment infrastructure

The institutional operational deployment infrastructure substantially required the substantive cooperation of the substantively-targeted subscriber's ISP. The substantive operational pattern substantially involved: a court order issued to the ISP requiring institutional cooperation; the substantive coordination between the FBI agent and the ISP institutional personnel to identify the substantively appropriate institutional installation location; the substantive physical installation of the Carnivore computer at the substantive ISP institutional location; the substantive configuration of the Carnivore computer to access the substantively appropriate institutional network traffic; the substantive operational deployment for the duration of the court-ordered interception period; and the substantive subsequent removal of the Carnivore computer from the institutional ISP location.

Documented deployments

The documented deployments of Carnivore / DCS-1000 across the post-2000 published institutional record substantially comprise:

Confirmed The 25-deployment documented operational footprint. The substantively documented institutional operational deployment count of the Carnivore / DCS-1000 system across its substantive 1997–2005 institutional life was approximately 25 deployments. The substantive institutional documentation of these deployments — substantially produced through the substantive subsequent FOIA litigation by the Electronic Privacy Information Center across the 2000–05 period — substantially documented the substantive operational target categories (substantially organised-crime investigations, substantially terrorism-related investigations across the post-2001 period, substantively narcotics-trafficking investigations, and substantial subsequent operational categories), the substantive operational deployment durations (typically substantially weeks-to-months), and the substantive operational deployment locations (substantively the institutional ISP infrastructure of the substantively-targeted subscribers).

Confirmed The 2000 EarthLink institutional refusal. The substantive 2000 institutional case in which EarthLink substantively refused to permit the operational installation of Carnivore on the institutional EarthLink network — substantively asserting that the operational installation would substantively interfere with the institutional EarthLink network operations and substantively raise institutional concerns about the substantive operational scope of the deployment — substantially produced the institutional precedent that ISPs could substantively refuse Carnivore deployment in favour of substantive ISP-implemented capture alternatives. The institutional substance of the EarthLink position was substantively that EarthLink would substantively itself perform the operational interception under the substantively-applicable court order rather than permit the operational installation of FBI-controlled capture equipment on the EarthLink network.

Legal / Oversight framework

The legal framework within which Carnivore / DCS-1000 substantively operated comprised the substantively-documented combination of the institutional Title III electronic-surveillance framework (substantively applicable to content-collection deployment), the substantive pen-register/trap-and-trace framework (substantively applicable to metadata-only deployment), and the substantive Foreign Intelligence Surveillance Act framework (substantively applicable to foreign-intelligence-collection deployment).

The substantive subsequent institutional reform of the framework across the post-2005 period has substantially produced the substantively distinct institutional architecture for federal-law-enforcement internet-traffic interception. The substantive Communications Assistance for Law Enforcement Act of 1994 — originally enacted for telephone-network institutional interception cooperation but substantially extended across the post-2005 period to internet-service-provider institutional cooperation through the substantive 2005 FCC institutional ruling — substantially established the substantive institutional framework under which ISPs are substantively required to maintain institutional capability to comply with court-ordered interception requests through ISP-controlled capture infrastructure rather than through FBI-controlled capture equipment located on ISP infrastructure. The substantive institutional substance is that the post-2005 institutional architecture substantially shifts the substantive operational interception responsibility from federal-law-enforcement institutional control to ISP institutional control, with the substantive federal-law-enforcement institutional position being the substantive recipient of the operational interception product rather than the substantive operator of the operational interception equipment.

Sources & Further Reading

1. Robert O'Harrow Jr., FBI's E-mail Snooper Tags 'Carnivore', The Washington Post, 11 July 2000 — the principal contemporary disclosure.
2. Stephen P. Smith, et al., Independent Technical Review of the Carnivore System: Final Report, Illinois Institute of Technology Research Institute, 8 December 2000 — the principal institutional technical review commissioned by the Department of Justice.
3. Electronic Privacy Information Center, EPIC v. FBI (Carnivore Litigation), 2000–05 — the principal substantive FOIA litigation that produced the substantial public-record institutional documentation of the system.
4. Office of the Inspector General, US Department of Justice, Implementation of the Communications Assistance for Law Enforcement Act, March 2006 — the principal institutional review of the post-Carnivore CALEA institutional framework.
5. House Judiciary Subcommittee on the Constitution, Fourth Amendment Issues Raised by the FBI's "Carnivore" Program, hearings of 24 July 2000 — the principal Congressional-oversight hearing on the system.
6. Electronic Privacy Information Center Carnivore Archive — the institutional documentary collection.
7. Susan Landau, Listening In: Cybersecurity in an Insecure Age, Yale University Press, 2017 — the principal academic-policy treatment of the broader US-domestic internet-interception institutional landscape including the Carnivore institutional precedent.
8. Federal Bureau of Investigation, Carnivore Diagnostic Tool Information, declassified institutional documentation, available through EPIC FOIA archive.
9. James X. Dempsey, Communications Privacy in the Digital Age: Revitalizing the Federal Wiretap Laws to Enhance Privacy, 8 Albany Law Journal of Science and Technology 65 (1997) — the principal pre-Carnivore institutional academic-legal framework.
10. Tim Lynch, Bloated and Wasteful: A Closer Look at the FBI's Communications Assistance for Law Enforcement Act Costs, Cato Institute, 2007 — substantive subsequent institutional analysis of the post-Carnivore CALEA framework.