FBI's Carnivore hunts in a pack

Summary:Declassified documents reveal details about the e-mail snoop program.

WASHINGTON -- Carnivore, the FBI's controversial e-mail snooping program, is part of covert surveillance triad known inside the bureau as the "DragonWare Suite," according to recently declassified documents. The documents also outline how the DragonWare Suite is more than simply an e-mail snooping program: It's capable of reconstructing the Web surfing trail of someone under investigation.

According to an analysis of the declassified documents by SecurityFocus, a California-based computer security firm, the DragonWare Suite can "reconstruct Web pages exactly as a surveillance target saw them while surfing the Web."

Besides Carnivore, the DragonWare Suite includes programs called "Packeteer" and "Coolminer," the documents reveal. These latter programs are used to reconstruct the raw data scooped up in the initial phase by Carnivore.

The FBI was forced to release documents relating to Carnivore as the result of a lawsuit brought by the Electronic Privacy Information Center (EPIC). The suit was filed to force the bureau to comply with a Freedom of Information Act request the Washington-based privacy watchdog organization filed earlier this year.

The FBI released about 600 pages from its Carnivore files, with most of the information hidden from view by huge blocks of blacked-out paragraphs. But by combing through the information left in view, the details of Carnivore's evolution begin to emerge.

Two other e-mail monitoring programs preceded Carnivore, dating back to at least January 1996. Omnivore was Carnivore's immediate predecessor, developed to run on a Sun Solaris system at a cost of $900,000. But an earlier program that still remains classified "secret" preceded Omnivore.

Omnivore was pushed into service because the older system was deemed to have "deficiencies that rendered the design solution unacceptable," a product review document says.

Omnivore was designed to "sniff" an e-mail stream and print out targeted e-mails in real time, while storing other data on an 8mm tape drive, the documents say. The project was conceived in February 1997 and deployed in October of that year. It was officially retired in June 1999.

The system was apparently pressed into service earlier than planned. While still in its beta phase, the FBI deployed Omnivore during an investigation, but technical problems arose that required the program's commercial developers to support the installation of the program. That situation made its full development schedule "difficult to maintain," the documents show.

But the Solaris operating system proved unwieldy in the field, and in September 1998 the bureau devised project "Phiple Troenix" -- a bastardization of the phrase "Triple Phoenix" -- as the upgrade path that would eventually become Carnivore.

The main objective of Phiple Troenix was to rewrite the Omnivore software to make it work on a Windows NT platform, according the declassified documents.

"This will facilitate the miniaturization of the system and support a wider range of personal computer equipment," the documents say.

This $800,000 project also included funding to train FBI agents and employees of the National Infrastructure Protection Center.

Carnivore 1.2 was officially unleashed on the world in September 1999. But that version of the beast apparently scooped up data it wasn't supposed to, botching an investigation due to digital indigestion, or what the FBI documents say were "bugs found during a deployment."

Problems with the early version of Carnivore spawned a project called "Enhanced Carnivore" in November 1999. Meanwhile, a patched version of the first Carnivore was launched in March of this year.

The FBI has budgeted some $650,000 for Enhanced Carnivore. The current version of Carnivore is due to be retired in January of next year, the documents say.

The commercial firm developing Enhanced Carnivore is redacted in the documents. Scant clues are given as to Carnivore's creators.

"The development contractor ... performed the initial Carnivore development work," the documents say. "This contractor was selected again based on a solid track record in this technology area."

Meanwhile, the documents also show that Carnivore 2.0 and 3.0 are already in the design phase. The documents also underscore an earlier MSNBC.com report that the FBI is already developing Carnivore-like tools capable of wiretapping Net-based telephone calls. The FBI calls this technology "Dragon Net: Voice over IP."

"DragonWare suite? What were they thinking?" House Majority Leader Richard Armey, R-Texas, asked incredulously. Armey is an outspoken critic of the Carnivore program and has called on the Justice Department to halt the program until a full investigation is finished to determine if the program is open to privacy abuse.

"Until the constitutional questions have been adequately addressed, the Justice Department should not only stop developing new versions of cybersnooping software, they should stop using the existing programs," Armey said.

The Justice Department recently contracted with an independent research firm to evaluate the underlying code that makes Carnivore tick in hopes of once and for all stemming criticisms that the program is a wholesale risk to privacy.

Topics: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.