Study says Carnivore functions as intended

Study says Carnivore functions as intended

By Tony Lee Orr

GCN Staff

An independent study of the FBI's Carnivore Internet wiretapping system maintains the software-based tool doesn't overreach its intended use.

The report by the Illinois Institute of Technology's Research Institute at Chicago-Kent College of Law states that Carnivore examines IP packets on an Ethernet data stream and records only those that meet specific preset parameters.

FBI agents must prove the need to use Carnivore when standard surveillance methods have proved ineffective, the report notes. Search warrants are required prior to its use.

Questions concerning the constitutionality of Carnivore remain unanswered because those issues were not addressed in the study. Privacy advocates have expressed concerns about the software's potential for intrusiveness and have criticized the institute's study as being too narrow (see Internaut, page 31).

Carnivore is made up of a one-way tap, two computers'one to filter and collect data, and one to control the collection and examine the data'and a telephone link to the collection computer, according to the report. The collection computer is installed without a keyboard or monitor. PCAnywhere from Symantec Corp. of Cupertino, Calif., is used to control the collection computer via the phone link.

How it works

The Carnivore software is loaded onto the collection computer, while Packeteer and CoolMiner'components of the DragonWare Suite developed by the bureau's Internet technology team at the FBI Academy in Quantico, Va.'are loaded onto the control computer. All computers are equipped with Iomega Jaz drives from Iomega Corp. of Roy, Utah, for removable data storage.

The collection computer collects IP packets based on preset criteria, the report said. Packeteer and CoolMiner are used to reconstruct the online actions of the investigation's quarry.

Carnivore software is made up of four components, the report says:

• A driver derived from C source code provided with WinDis 32 from Printing Communications Associates of Smyrna, Ga., that starts preliminary filtering

• An application program interface

• A down-line load written in C++ that offers additional filtering and data management

• An executable program written in Visual Basic that provides a graphical user interface.

During the institute's tests, Carnivore recorded only target packets, according to the report.

Researchers did not verify that all code segments are executed and that no hidden code exists, the report states. But investigators did verify that the driver and other entry points have only the functionality required for Carnivore's stated purpose.

While Carnivore only accepts packets not rejected by the filter, its proper use relies on the operator's ability to configure the filter correctly and fully, the study said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.