Surveillance Technology
The FBI's Carnivore Program
Recent articles in the press have referred to the FBI software program called "Carnivore" that the law enforcement agency is using to conduct electronic surveillance of e-mail and Internet communications at Internet service provider (ISP) facilities pursuant to court orders.
Carnivore is a packet "sniffer" diagnostic tool that the FBI's Engineering Research Facility (ERF) in Quantico, Va. developed to covertly search for e-mails and other computer messages from criminal suspects. The program (which could run on a laptop, but is usually installed in a rack-mounted computer) sits in an ISP's facilities, monitoring all packets going through a particular router or pipe. The program essentially is an extremely fast search program that looks for particular snippets of information, such as name@company.com. It was developed by the FBI's ERF in 1999, and in 2000 was reported to have been used in over 50 cases.
The FBI's program is extremely sophisticated. A team of software engineers in Quantico constantly modifies the program in order to make it faster and allow it to recognize new protocols and programs. The Internet, of course, is a very flexible medium - many kinds of computer communications can be sent over it. Thus in order to make sense out of the billions of 1s and 0s passing by it, Carnivore has to be familiar with the most common applications used for Internet communications (e.g., MS Outlook E-mail and Lotus Notes E-mail) and their updates.
The existence of a Carnivore-like program had been known for a while (for example, it was mentioned during a U.S. House of Representatives hearing back in April), but it had never been publicly displayed by the FBI before the FBI technicians unveiled the system during the June 2000 meeting of TIA's packet data JEM.
The TIA-Hosted Packet Data Joint Experts Meeting
In August of 1999, in its Third Report & Order, the Federal Communications Commission (FCC) determined that it did not have sufficient technical expertise with packet protocols to establish final requirements for electronic surveillance standards for monitoring packet technologies (such as Internet protocol). Instead, it asked TIA to prepare a white paper on what technical solutions might be available to monitor packet data technologies. At the same time, however, the FCC ordered the telecommunications industry to develop solutions to the current packet data provisions of TIA's joint Communications Assistance for Law Enforcement Act (CALEA) standard, IS-J-STD-025-A (as an interim set of requirements). TIA began its preparatory work on the study immediately. In order to produce a report with the broadest possible representation of industry, TIA convened a Joint Experts Meeting (JEM) early this year. TIA invited any and all packet data technology-related companies, industry associations and organizations to participate.
The JEM has met twice: May 3-5, 2000, (Las Vegas) and June 27-29, 2000, (Washington, D.C.). The FBI has been a participant throughout the JEM. The FBI offered its presentation on the Carnivore program during the June 2000 meeting in order to demonstrate at least one of the means by which the FBI is conducting electronic surveillance pursuant to court orders.
On September 29, 2000, TIA submitted a cover letter and 89-page report to the FCC based upon the JEM's findings. See the press release (and links) below for more information.
See also TIA's September 29, 2000, press release: "TIA Presents Report to FCC Concerning Calea and Packet-Data Technologies"
See also TIA's CALEA Packet Surveillance Joint Experts Meeting FAQs.
See also TIA's Critical Infrastructure Protection (CIP) and Homeland Security (HS).
See also Carnivore FAQ (external link).
Search Standards
Publications
Standards & Technology Annual Report (STAR)
A summary of the latest actions taken by the respective TIA engineering committees.
TIA Cloud Computing White Paper
This white paper analyzes how TIA's engineering committees could address existing cloud computing standardization gaps.
TIA Engineering Manual
This manual describes the manner in which the standards activities of TIA are organized and the manner in which its activities are conducted.