FOR IMMEDIATE RELEASE
Tuesday, May 28, 2002
FBI's CARNIVORE SYSTEM DISRUPTED ANTI-TERROR INVESTIGATION INTERNAL MEMO CALLS OVER-COLLECTION OF DATA PART OF "PATTERN" SHOWING "INABILITY OF THE FBI TO MANAGE" FOREIGN INTELLIGENCE WIRETAPS
WASHINGTON, DC -- An FBI anti-terrorism investigation possibly involving Usama bin Laden was hampered by technical flaws in the Bureau's controversial Carnivore Internet surveillance system. The incident, which occurred in March 2000, is described in newly-released FBI documents obtained under court order by the Electronic Privacy Information Center (EPIC). A written report describes the incident as part of a "pattern" indicating "an inability on the part of the FBI to manage" its foreign intelligence surveillance activities.
An internal FBI e-mail message dated April 5, 2000, and sent to M. E. (Spike) Bowman, Associate General Counsel for National Security Affairs, recounts how the Carnivore "software was turned on and did not work correctly." The surveillance system captured not only the electronic communications of the court-authorized target, "but also picked up E-Mails on non-covered" individuals, a violation of federal wiretap law. According to the Bureau document, the "FBI technical person was apparently so upset that he destroyed all the E-Mail take, including the take on [the authorized target]."
The botched surveillance was performed by the FBI's International Terrorism Operations Section (ITOS) and its "UBL Unit," which refers to the government's official designation of bin Laden. The Bureau document indicates that an official at the Justice Department's Office of Intelligence Policy and Review (whose name has been deleted) became aware of the problem, and "To state that she is unhappy with ITOS and the UBL Unit would be an understatement of incredible proportions."
The reported problem apparently was not the first to arise during the course of FBI implementation of the Foreign Intelligence Surveillance Act (FISA). The internal document concludes its report of the "UBL Unit" incident by noting, "When you add this story to the FISA mistakes covered in [another, unreleased document], you have a pattern of occurrences which indicate to OIPR an inability on the part of the FBI to manage its FISAs."
Two Bureau documents written one week later discuss Carnivore's tendency to cause "the improper capture of data," and note that "[s]uch unauthorized interceptions not only can violate a citizen's privacy but also can seriously 'contaminate' onging investigations" and that such interceptions are "unlawful." An FBI lawyer (whose name has been deleted) writes that the Bureau must "go out of our way to avoid tripping over innocent third party communications." The lawyer concludes, "I am not sure how we can proceed to test [Carnivore] without inadvertently intercepting the communications of others, but we really need to try."
The Bureau lawyer notes that "missteps under FISA lead to mandatory reporting to the President's Foreign Intelligence Advisory Board, and such errancies must be reported/explained/justified to Congress." The documents do not indicate whether the "UBL Unit" incident was reported to either body.
Since its existence became public in 2000, the Carnivore system has been criticized by EPIC and other privacy groups, as well as members of Congress, because it gives the FBI unprecedented, direct access to the data networks of Internet service providers. The FBI has publicly downplayed the system's potential for over-collection of private communications, although internal documents released earlier to EPIC confirmed such a risk. An independent review of Carnivore commissioned by the Justice Department also found that the system is capable of "broad sweeps" and recommended technical changes to address the problem. Neither DOJ nor the FBI has indicated publicly whether those recommendations were ever implemented.
The newly-released FBI documents were provided to EPIC on Friday, May 24, in response to a court order issued by U.S. District Judge James Robertson in the privacy group's ongoing Freedom of Information Act lawsuit seeking the disclosure of material concerning Carnivore. The order directed the Bureau to conduct a second search for relevant documents after EPIC successfully argued (over the Bureau's objections) that an initial FBI search was inadequate and likely overlooked responsive records.
The case is being litigated by EPIC's General Counsel, David Sobel, who said, "These documents confirm what many of us have believed for two years -- Carnivore is a powerful but clumsy tool that endangers the privacy of innocent American citizens. We have now learned that its imprecision can also jeopardize important investigations, including those involving terrorism." Sobel added, "As we suggested when it first became public, Carnivore's use should be suspended until the questions surrounding it finally can be resolved. Our FOIA lawsuit shows that there's a great deal about Carnivore that we still don't know."
The newly-released FBI documents are available at:
http://www.epic.org/privacy/carnivore/