Carnivore, later renamed DCS1000, was a system implemented by the Federal Bureau of Investigation that was designed to monitor email and electronic communications. It used a customizable packet sniffer that can monitor all of a target user's Internet traffic. Carnivore was implemented in October 1997. By 2005 it had been replaced with improved commercial software such as NarusInsight.
Carnivore grew out of an earlier FBI project called "Omnivore", which itself replaced an older surveillance tool migrated from the US Navy by FBI Director of Integrity and Compliance, Patrick W. Kelley, which had a still undisclosed name. In September 1998, the FBI's Data Intercept Technology Unit (DITU) in Quantico, Virginia, launched a project to migrate Omnivore from Sun's Solaris operating system to a Windows NT platform. This was done to facilitate the miniaturization of the system and support a wider range of personal computer (PC) equipment. The migration project was called "Phiple Troenix" and the resulting system was named "Carnivore."
The Carnivore system was a Microsoft Windows-based workstation with packet-sniffing software and a removable Jaz disk drive. This computer must be physically installed at an Internet service provider (ISP) or other location where it can "sniff" traffic on a LAN segment to look for email messages in transit. The technology itself was not highly advanced — it used a standard packet sniffer and straightforward filtering. The critical components of the operation were the filtering criteria. To accurately match the appropriate subject, an elaborate content model was developed. An independent technical review of Carnivore for the Justice Department was prepared in 2000.
Several groups expressed concern regarding the implementation, usage, and possible abuses of Carnivore. In July 2000, the Electronic Frontier Foundation submitted a statement to the Subcommittee on the Constitution of the Committee on the Judiciary in the United States House of Representatives detailing the dangers of such a system. The Electronic Privacy Information Center also made several releases dealing with it.
The FBI countered these concerns with statements highlighting the target-able nature of Carnivore. Assistant FBI Director Donald Kerr was quoted as saying:
The Carnivore device works much like commercial "sniffers" and other network diagnostic tools used by ISPs every day, except that it provides the FBI with a unique ability to distinguish between communications which may be lawfully intercepted and those which may not. For example, if a court order provides for the lawful interception of one type of communication (e.g., e-mail), but excludes all other communications (e.g., online shopping) the Carnivore tool can be configured to intercept only those e-mails being transmitted either to or from the named subject.
... [it] is a very specialized network analyzer or "sniffer" which runs as an application program on a normal personal computer under the Microsoft Windows operating system. It works by "sniffing" the proper portions of network packets and copying and storing only those packets which match a finely defined filter set programmed in conformity with the court order. This filter set can be extremely complex, and this provides the FBI with an ability to collect transmissions which comply with pen register court orders, trap & trace court orders, Title III interception orders, etc....
...It is important to distinguish now what is meant by "sniffing." The problem of discriminating between users' messages on the Internet is a complex one. However, this is exactly what Carnivore does. It does NOT search through the contents of every message and collect those that contain certain key words like "bomb" or "drugs." It selects messages based on criteria expressly set out in the court order, for example, messages transmitted to or from a particular account or to or from a particular user.
After prolonged negative coverage in the press, the FBI changed the name of its system from "Carnivore" to the more benign-sounding "DCS1000." DCS is reported to stand for "Digital Collection System"; the system has the same functions as before.
The Associated Press reported in mid-January 2005 that the FBI essentially abandoned the use of Carnivore in 2001, in favor of commercially available software, such as NarusInsight, a mass surveillance system. A report in 2007 described the successor system as being located "inside an Internet provider's network at the junction point of a router or network switch" and capable of indiscriminately storing data flowing through the provider's network.
- Communications Assistance For Law Enforcement Act
- Total Information Awareness
- Echelon NSA worldwide digital interception program
- Room 641A NSA interception program (started circa 2003, but first reported in 2006)
- "FBI Ditches Carnivore Surveillance System". Foxnews.com. Associated Press. 2005-01-18. Retrieved 2008-10-29.
- EPIC Obtains First Set of FBI Carnivore Documents, October 12, 2000
- "How Carnivore Email Surveillance Worked". about.com. Retrieved 2008-10-29.
- Kevin Poulsen (October 4, 2000). "Carnivore Details Emerge". SecurityFocus.
- Independent Technical Review of the Carnivore System, 8 December 2000
- http://www.eff.org/Privacy/Surveillance/Carnivore[dead link]
- Electronic Privacy Information Center: Carnivore FOIA Documents
- Richard F. Forno (May 2005). "Who's Afraid of Carnivore? Not Me". cryptome.org.
- "FBI turns to broad new wiretap method". CNET News. January 30, 2007.