Commentary: How to tame a Carnivore

An open review of the source code is needed to build public trust in the FBI's Internet wiretap and ensure that the technology is bug-free.

2 min read
By John Pescatore, Gartner Analyst

Although the FBI tells the public and Congress that Carnivore does not violate privacy laws, Gartner believes an open review of the source code is needed to build public trust and ensure that the technology is bug-free.

Law enforcers have the right to get a court order to monitor communications of suspected criminals. Under the laws governing such wiretaps, however, law enforcers must adhere to the concept of minimization, which requires that they record only communications directly related to the subject of the court order. If the suspect is

See news story:
Reno takes control of Carnivore review
discussing any other subject or is having a privileged conversation with a lawyer or cleric, recording must stop.

In the analog days, complying with minimization meant having humans listen to conversations to ensure extraneous communications were not recorded. Carnivore, the digital equivalent of this listener, relies on keywords and algorithms to record email only directly related to the court order.

To ensure that Carnivore upholds the concept of minimization and that its software has no easily exploited bugs, Gartner believes that the FBI should offer an open review of Carnivore's source code. Although the FBI has expressed concern that this would allow criminals to devise ways to escape detection by Carnivore, we do not believe this to be the case.

Much like the National Institute of Standards and Technology has undertaken extensive public review of the algorithms for the Advanced Encryption System, open review of Carnivore would both engender trust in the government's methods and provide the FBI with detailed notice of possible ways to trick Carnivore. Limited, closed testing by academics will do neither.

The more open and extensive the review of Carnivore, the more effective it will be in maintaining the balance between privacy and security.

(For related commentary on safeguarding email, see TechRepublic.com--free registration required.)

Entire contents, Copyright © 2000 Gartner Group, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.