By John Pescatore, Gartner Analyst
Although the FBI tells the public and Congress
that Carnivore does not violate privacy laws, Gartner believes an open
review of the source code is needed to build public trust and ensure that
the technology is bug-free.
Law enforcers have the right to get a court order to monitor
communications of suspected criminals. Under the laws governing such
wiretaps, however, law enforcers must adhere to the concept of minimization, which requires
that they record only communications directly related to the subject of the
court order. If the suspect is
discussing any other subject or is having a
privileged conversation with a lawyer or cleric, recording must stop.
In the analog days, complying with minimization meant having humans listen
to conversations to ensure extraneous communications were not recorded.
Carnivore, the digital equivalent of this listener, relies on keywords and
algorithms to record email only directly related to the court order.
To ensure that Carnivore upholds the concept of minimization and that its
software has no easily exploited bugs, Gartner believes that the FBI should
offer an open review of Carnivore's source code. Although the FBI has
expressed concern that this would allow criminals to devise ways to escape
detection by Carnivore, we do not believe this to be the case.
Much like the National Institute of Standards and Technology has undertaken
extensive public review of the algorithms for the Advanced Encryption
System, open review of Carnivore would both engender trust in the
government's methods and provide the FBI with detailed notice of possible
ways to trick Carnivore. Limited, closed testing by academics will do
The more open and extensive the review of Carnivore, the more
effective it will be in maintaining the balance between privacy and
(For related commentary on safeguarding email, see TechRepublic.com--free registration required.)
Entire contents, Copyright © 2000 Gartner Group, Inc. All rights reserved. The information contained herein represents
Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to
change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy,
completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information
contained herein or for interpretations thereof.