Big Brother is watching your every digital move. cover story hed: Prying eyes dek: Big Brother is watching your every digital move. dek: ECHELON seems to embody the spirit of Big Brother.
In “1984,” George Orwell’s futuristic vision of dreary conformity, an oppressive government regulates every aspect of its citizens’ existence–even their private thoughts. One of the state’s primary means of surveillance is the “telescreen,” a device, installed in every home, that watches people as they watch it. The government doesn’t watch all the time; it doesn’t have to. Just knowing that there might be prying eyes behind the screen is sufficient to make people censor themselves and avoid any utterance or behavior that could be construed as seditious. Big Brother is Watching You.
That’s the psychological power of Carnivore and ECHELON, two real-life government surveillance technologies that have received a lot of attention in recent months. How would our communications–with business associates, friends, and loved ones–change if we knew that the government had the means to listen in, even inadvertently?
Government has always practiced covert surveillance, of course. The Confederacy hired tappers to intercept telegraph messages during the Civil War. Police installed the first telephone wiretap in the 1890s. In the Internet age, law enforcement agencies routinely request court orders to spy on e-mails, file transfers, instant messaging, and other types of data communications.
But Carnivore and ECHELON push both technological and legal boundaries in the increasingly explosive privacy arena. The FBI’s Carnivore software (recently renamed DCS1000), while designed to capture e-mails exchanged by criminal suspects, is capable of intercepting a broad spectrum of e-mail traffic flowing through an Internet service provider’s (ISP’s) network.
ECHELON, operated by the National Security Agency (NSA) and intelligence agencies in four other countries, nets virtually every kind of telecommunication–satellite, radio, microwave, telephone, TCP/IP–through an automated global interception and relay system.
The commercial Internet privacy issue is only further inflamed by government surveillance. Credit-card hacks, direct marketing efforts, and cookies have made Americans uncomfortably aware of the limits of privacy on the Internet. Government intrusions into our private affairs online seem the most baneful of all because of the implicit trust we place in public institutions. ECHELON and Carnivore raise the specter of “1984” and its all-seeing telescreens, a Kafka-esque world in which people are rendered powerless and fearful, transfixed by the eye of the state.
The respective agencies behind Carnivore and ECHELON argue that such tools are deployed only for the public good. But how far can the imperatives of law enforcement and national security go without violating privacy? “There has to be a level of trust that what they say they’re monitoring, they are actually monitoring,” says Stephen Keating, executive director of the Privacy Foundation, a privacy education group based in Denver.
Since the existence of Carnivore and ECHELON was revealed in 2000, the two have drawn plenty of flak from privacy-rights groups and lawmakers. Privacy advocates are taking the measure of these technologies. Their efforts are spawning lawsuits under the Freedom of Information Act (FOIA), several Congressional hearings, and a technical review of Carnivore. The result is something short of a concerted effort to protect the rights of Internet citizens, as competing interests spin the information this way and that.
Somewhere between libertarianism and “1984” there must be a middle ground, a way to let the FBI go after bad guys and to enable the NSA look after our national interests without infringing upon the Constitutional rights of individuals and businesses.
ECHELON: chasing shadows
Project ECHELON embodies the spirit of Big Brother, if more than a decade of reports from investigative journalists and whistleblowers can be believed. Officially, there is no such thing as ECHELON; the NSA–a shadowy organization that was itself hidden from public view until the 1970s–invariably refuses to acknowledge its existence. What is known about the technology has emerged from declassified documents and the testimony of intelligence officials in Australia and New Zealand.
ECHELON may intercept as many as 3 billion communications every day, sucking in radio transmissions, phone calls, faxes, e-mails, and file transfers from listening posts around the world. “Sniffer” devices home in on Internet traffic, snaring information from data packets as they traverse the Internet via key routing junctions. Artificial intelligence software running on a network of supercomputers sifts through this huge volume of data, searching for addresses, voice prints, phone numbers, or keywords of interest to NSA analysts.
Reports of ECHELON’s spy activities include tracking “subversive” political organizations such as Amnesty International and routinely passing information about foreign companies bidding on contracts to their American competitors. The most sensational findings include the NSA intercepting the late Princess Diana’s phone conversations and communications surrounding former President Jimmy Carter and Sen. Hillary Rodham Clinton.
The revelations about Carter and Clinton raise the crucial legal question about ECHELON–whether it’s used to spy on Americans. An agency engaged in foreign intelligence communications doesn’t need a warrant from a judge to intercept messages if those messages involve “non-U.S. persons.” Were Carter and Clinton–clearly U.S. persons–targeted by the NSA, or was information about them gathered accidentally, in the course of routine global surveillance? The NSA won’t say. In hearings last year before the House Select Committee on Intelligence, NSA Director Michael Hayden stonewalled about the legal standards under which his agency operates, invoking attorney-client privilege. A subsequent NSA report and documents obtained by the Electronic Privacy Information Center (EPIC) under FOIA gave few details about ECHELON’s operations, but indicated that agency analysts were aware of what they can and cannot do under the U.S. Constitution.
There is one way that the NSA could gather data on U.S. citizens and businesses without violating the letter of the law: It could trade information with its counterparts in Canada, Britain, Australia, and New Zealand. Foreign-intelligence analysts are not constrained by the U.S. Constitution. This allegation has been leveled in media reports, but David Sobel, general counsel for Washington, D.C.-based EPIC, notes that such “foreign government information” is highly classified. “Is there some kind of handoff procedure that allows them to exploit a loophole? I don’t know. Certainly nothing we have seen released touches on that at all, and I wouldn’t expect it to.”
More revelations about ECHELON will have to wait until another round of Congressional hearings, if and when they occur. Bob Barr, the Republican Congressman and former CIA analyst who has pushed for additional hearings before the House Government Reform and Oversight Committee, declined to comment on ECHELON for this story.
Carnivore: hungry for data
ECHELON may quicken the pulses of conspiracy buffs, but Carnivore strikes close to home, peeking at ISPs that tens of millions of Americans log on to every day. Attached to a standard hub on the ISP’s premises, Carnivore is capable of capturing both the context (header information such as the IP address and the “to” and “from” lines) and content of e-mails (both subject and body). According to the FBI, Carnivore has been used about 20 times over the past two years in criminal investigations, in each case to scan for addressing information under court orders permitting what are known as pen-trap searches.
Under the 1986 Electronic Communications Privacy Act, law enforcement officials may engage in two types of telecommunications surveillance–pen-trap and wiretap. Pen-trap surveillance only gathers addressing information. Phone pen-trap searches only capture the phone numbers dialed from the suspected criminals’ lines. Obtaining a court order for pen-trap monitoring is much easier than getting a federal judge to sign off on a full content search–the equivalent of a telephone wiretap. To get a pen-trap order, a government attorney must only prove that the communication is relevant to a criminal investigation. Electronic wiretap orders require a showing of probable cause that the target of the investigation has committed or is about to commit a federal felony.
Privacy advocates have charged that Carnivore “overcollects” under pen-trap orders, capturing clues to the content of the subject’s e-mails or–more germane for fellow ISP subscribers–header, length of field, and other transactional information contained in messages unrelated to a criminal probe. The FBI says that its software precisely filters data traffic, delivering to investigators only those TCP/IP packets that they are lawfully authorized to obtain. Not so, says Keating of the Privacy Foundation: “Carnivore is obviously more intrusive than that; it captures the actual traffic, the actual content of the conversation.”
Keating also points out that it’s up to the FBI to ensure that technicians set Carnivore’s filters correctly, and ignore any information that falls outside the scope of a specific court order. An FOIA lawsuit filed by EPIC last year unearthed an FBI lab report stating that Carnivore “could reliably capture and archive all unfiltered traffic” passing through an ISP’s network.
Pen-trap laws aren’t adequate to cover a technology as potent and flexible as Carnivore, says Philip L. Gordon, a Privacy Foundation fellow who is a partner in the Denver law firm Horowitz & Wake. Instead, he says, Carnivore court orders should be issued under the higher wiretap standard–or an entirely new law. “What we need is a statute which is drafted specifically with this new technological environment in mind. There’s a fundamental technical difference between a telephone call and an e-mail.”
Under pressure from Congress, last year, the Department of Justice (DoJ) directed an inquiry into Carnivore’s technical capabilities. It hired a group of researchers at the Illinois Institute of Technology (IIT) for the study. The group disagreed with privacy advocates in its review of Carnivore. In a report released last December, the IIT review panel said that Carnivore doesn’t violate privacy or civil liberties because it “provides investigators with no more information than is permitted by a given court order.”
However, the panel did recommend changes in the way that Carnivore was administered and deployed, advising the FBI to: thoroughly audit Carnivore activities with a document trail that leads back to the individual operator; develop separate versions of Carnivore for pen-trap and full-content monitoring; enhance physical and data security; and prepare for the eventual public release of Carnivore’s source code by eliminating bugs and vulnerabilities.
The report was sharply criticized by privacy groups and some members of Congress, who pointed out that many of the panel members had close ties to the Clinton administration. “They stacked the deck,” says Richard Diamond, a spokesman for Rep. Dick Armey, the House majority leader who favors shutting Carnivore down until privacy concerns have been adequately addressed. The Privacy Foundation believes that the IIT recommendations don’t go far enough in rectifying Carnivore’s shortcomings in accuracy, individual accountability, and data security.
The FBI sees the IIT report as vindication, a green light to continue using Carnivore under current pen-trap statutes. Applying the wiretap standard to all uses of Carnivore would handcuff the agency, says Thomas Gregory Motta, assistant general counsel to the FBI’s technology law unit. “Virtually all levels of crime today are being facilitated through the use of electronic communications,” he says. “At some point law enforcement, with appropriate review by the judicial branch, has to have the ability to acquire this information to investigate crime.”
Motta adds that Carnivore, an adaptation of commercial e-mail sniffing software, was designed to honor privacy rights, not trample them. Monitoring is conducted at the agency’s engineering research facility in Quantico, Va., by civilian technicians-highly trained IT specialists who have no incentive to push the limits of court orders.
The FBI agrees with some of the IIT panel’s recommendations–tighter auditing and improved data security, for example. But the agency doesn’t see the need for two versions of Carnivore–an upgrade that documents switches between addressing and content modes would suffice, Motta says. And the FBI is against releasing the source code to the public. A general upgrade to Carnivore, announced in February, was supposed to address a number of technical concerns raised by the IIT study. At the review board’s suggestion, it received the less suggestive moniker DCS1000 (DCS stands for digital collection system).
The ultimate role of Carnivore in law enforcement will be determined by Attorney General John Ashcroft. The DoJ oversees the FBI, and is responsible for approving all requests for full-content surveillance, either through telephone wiretaps or electronic tools. As a Missouri senator, Ashcroft criticized Carnivore, pledging during his confirmation hearing to “conduct a thorough review of Carnivore and its technical capabilities.” But the nation’s top prosecutor may come under pressure from law-and-order types in the department and GOP who see Carnivore as an opportunity to expand government surveillance and wiretapping powers. The DoJ was expected to announce this spring what, if any, changes would be made to Carnivore.
Watching the watchers
At the end of the day, people must trust their government, or society degenerates into the dystopia of “1984,” in which everybody looks over their shoulder and order is maintained by brute force. But trust goes only so far in a world increasingly dependent on intranets, e-mail and instant messaging, with Carnivore, ECHELON and other surveillance technologies on the loose. Netizens who value their personal or corporate security must take reasonable steps to protect sensitive communications. And they must keep the pressure on cyber gumshoes and data spooks to respect Constitutional rights to privacy. That means speaking out against governmental intrusion-face-to-face, in e-mails, and in the media-and contributing to privacy organizations with the resources to challenge agencies that may be tempted to overstep their Constitutional bounds.
Martin Goslar is the founder of E-PHD LLC, a security industry research and analysis firm in Phoenix. He notes that the EPIC lawsuit and barrage of questions from lawmakers and other privacy advocates has put the FBI “under the gun,” acutely aware of the scrutiny that will accompany future use of Carnivore. In an era when Orwell’s telescreens seem entirely plausible, Goslar believes that the Constitution remains a staunch guardian of privacy. “The government was formed initially on a system of checks and balances, and that system’s worked reasonably well,” he says. “I’d like to think today there would be checks and balances within the government to accomplish that end.”
Concerned about online privacy? Whether you’re a business or home user, you’re not totally at the mercy of Big Brother. As threats to privacy have increased–from e-merchants and hackers as well as government agencies–organizations dedicated to preserving corporate and individual privacy have marshaled their forces, and an array of tools has been developed to safeguard trade secrets, business interactions, and personal correspondence. Martin Goslar, principal security analyst at E-PHD LLC, a security industry research and analysis firm based in Phoenix, Ariz., offers these privacy pointers:
Encrypt important messages. Encryption is a sure defense against e-mail sniffing, at least at this stage of the arms race between hackers and security experts. “Quite frankly, it’s up to corporations to protect themselves,” Goslar says. “That means they need to encrypt e-mail for particular types of messages from particular types of people.” Senior executives, financial personnel, and account reps privy to sensitive customer information should encrypt their e-mail and eschew instant messaging, which is not secure. Companies and individuals seeking to avoid the expense and hassle of full-blown PKI encryption can deploy simpler solutions from vendors such as InvisiMail and Vanguard Security Technologies.
Privacy-test your ISP. How does your Internet gateway handle requests for electronic surveillance? It’s obliged to comply; Earthlink of Atlanta, the only ISP to challenge the FBI’s right to install Carnivore, lost its case and now has DCS1000 installed on its system. At the very least, ISPs should demand a copy of all warrants, subpoenas, court orders, or other documents authorizing the installation of Carnivore or release of subscriber records. The ISP’s CTO should be well versed in surveillance technologies, capable of verifying personally that the FBI and other law enforcement agencies follow proper procedures in installing and configuring sniffing software. Your ISP should also conduct background checks to guard against unlawful snooping by employees.
Support the efforts of independent privacy watchdogs. Organizations such as the Electronic Privacy Information Center and The Privacy Foundation keep an eye on Carnivore, ECHELON, corporate e-mail wiretaps, Web profiling, and other invasive technologies, disseminating information to the public and lobbying for appropriate controls. Other privacy groups active in the U.S. and abroad include the Center for Democracy and Technology, Privacy International, and the Electronic Frontier Foundation.
Phil Davies is senior contributing editor of ComputerUser.