EPIC logo
November 16, 2000
David Sobel or Wayne Madsen
WASHINGTON, DC - Newly-released documents concerning the FBI's "Carnivore" Internet monitoring program suggest that the system might capture far more information than the Bureau has claimed publicly. The documents were disclosed to the Electronic Privacy Information Center (EPIC) as part of a Freedom of Information Act lawsuit filed by the privacy rights organization.

One of the documents, dated June 5, 2000, reports the results of tests performed on Carnivore version 1.3.4, which is currently in use. The report indicates that Carnivore, contrary to FBI assertions, is capable of capturing and archiving "unfiltered" Internet traffic. It states:

Carnivore was tested on a real world deployment [deletion] having recently come back from a deployment. The machine had a single 300MHz PII processor running Win NT4 SP6 Workstation. There were 384MB of RAM but the hard disk was relatively small at 1.19GB. This [deletion] has both Zip and Jaz drives.

This PC could reliably capture and archive all unfiltered traffic to the internal hard drive (HD) at [deleted].

The FBI's public defense of Carnivore has centered on the claim that the system only captures traffic that has been isolated by a software filter that "minimizes" collection and limits it to the particular information authorized for seizure in a court order. Thus, in testimony before the Senate Judiciary Committee on September 9, 2000, FBI Assistant Director Donald M. Kerr stated:

If the subject's identifying information is detected [by the filter], the packets of the subject's communication associated with the identifying information that was detected, and those alone, are segregated for additional filtering or storage. However, it s critically important to understand that all . . . other communications are instantaneously vaporized after that one second. They are totally destroyed; they are not collected, saved, or stored.

The new disclosure comes on the eve of an important milestone in the debate over Carnivore. An independent review team from the Illinois Institute of Technology Research Institute (IITRI) is due to file a draft "technical report" on the Carnivore system with the Justice Department tomorrow (November 17). That report will not be made public until it has been reviewed, and possibly edited, for release by Department officials.

According to David Sobel, General Counsel for EPIC, the newly-released information underscores the need for full public disclosure of Carnivore's capabilities. "The little information that has become public raises serious questions about the privacy implications of this technology," he said. "The American public cannot be expected to accept an Internet snooping system that is veiled in secrecy."

EPIC filed the FOIA lawsuit after the FBI revealed that it had developed an Internet monitoring system that would be installed at the facilities of an Internet Service Provider (ISP) and would monitor all traffic moving through that ISP. EPIC's lawsuit seeks the public release of all FBI records concerning Carnivore, including the source code, other technical details, and legal analyses addressing the potential privacy implications of the technology.

EPIC is a public interest research organization in Washington, DC. More information about the case, including a scanned image of the document quoted above, is avilable at the EPIC Carnivore Litigation Page: