FBI Reports on Use of Carnivore and Similar
Products in FY 2002 and 2003
January 17, 2005. The Electronic Privacy Information Center (EPIC) published in its web site two Federal Bureau of Investigation (FBI) reports to the Congress regarding the FBI's e-mail monitoring program named "Carnivore", and later renamed "DCS 1000". The EPIC obtained these two reports in response to request made pursuant to the Freedom of Information Act (FOIA).
The two reports state that the FBI did not use Carnivore during the relevant time periods, Fiscal Year 2002 and Fiscal Year 2003. However, it did use "commercially available software" that constituted "network collection devices on packet networks" to carry out surveillance authorized by 13 court orders.
The FY 2002 report [5 pages in PDF] is titled "Carnivore/DCS 1000 Report to Congress" and dated February 23, 2003. It states that "The FBI conducted court-ordered surveillance of authorized subject accounts using commercially available software owned by the FBI and deployed on data networks on five occasions during Fiscal Year 2002. Three deployments were made to implement court orders issued under section 3123. The other two deployments were to effect court ordered surveillance under section 2518. Of these occurrences, both involve pending sensitive investigations and are therefore not reported herein. The FBI made no use of DCS 1000, to effect court-ordered surveillance during that time period."
The FY 2003 report [pages in PDF] is titled "Carnivore/DCS 1000 Report to Congress" and dated December 18, 2003. It contains similar information to the FY 2002 report. It too states that the FBI made no use of Carnivore to effect court ordered surveillance during the covered time period. It states that the FBI used commercially available software eight times, six of which were pursuant to Section 3123 orders.
The reports also contain information about the nature of the criminal investigations for which the Section 3123 (regarding pen register and trap and trace device) orders were obtained. Several involved investigations related to terrorism and weapons of mass destruction. Several investigations involved non-terrorism related matters, such as obscene and harassing phone calls, child pornography, and sexual exploitation of children. In some matters in which Section 3123 orders were obtained, such as those related to money laundering, the report does not indicate whether the investigation was terrorism related.
The FY 2002 report was signed by Thomas Richard, Assistant Director of the FBI Investigative Technology Division. The FY 2003 report wais signed by Marcus Thomas, Acting Assistant Director of the FBI Investigative Technology Division. Both reports were submitted to the House Judiciary Committee and Senate Judiciary Committee, pursuant to statutory requirement.
18 U.S.C. § 3123, which is referenced in the reports, pertains to the "Issuance of an order for a pen register or a trap and trace device". 18 U.S.C. § 2518 pertains to the "Procedure for interception of wire, oral, or electronic communications".
Pen registers and trap and trace devices are old telephone industry terms. The statutes for wiretaps and pen register and trap and trace orders were drafted with analog Public Switched Telephone Network (PSTN) voice service in mind. Originally, 18 U.S.C. § 3127 provided that a pen register records the numbers that are dialed or punched into a telephone, while a trap and trace device captures the incoming electronic or other impulses which identify the originating number of an instrument or device from which a wire or electronic communication was transmitted.
The USA PATRIOT Act, at § 216, expanded the scope of surveillance under pen register and trap and trace authority to include internet routing and addressing information. That is, an e-mail address in the "To:" line of an e-mail message is somewhat analogous to the number dialed in a PSTN voice call.
The full title of the USA PATRIOT Act is the "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001". It was passed by the 107th Congress as HR 3162. It became Public Law 107-56 on October 26, 2001.
Several key sections of the PATRIOT, including § 214, pertaining to "Pen register and trap and trace authority under FISA", will sunset on December 31, 2005 unless the Congress extends them.
The pen register and trap and trace provisions in the PATRIOT Act were a matter of some controversy when the PATRIOT was being debated. This language is also the subject of various proposals to revise the PATRIOT Act.
Sen. Larry Craig (R-ID) and Sen. Patrick Leahy (D-VT) both introduced bills in the 108th Congress that contain provisions relating to pen register and trap and trace surveillance. Sen. Craig's bill was S 1709, the "Security and Freedom Ensured Act of 2003", or SAFE Act, introduced on October 2, 2003. See, story titled "Senators Craig and Durbin Introduce Bill to Modify PATRIOT Act" in TLJ Daily E-Mail Alert No. 753, October 6, 2003.
Sen. Leahy's bill was S 1695, the "PATRIOT Oversight Restoration Act", introduced on October 1, 2003. See, story titled "Sen. Leahy Introduces Bill to Expand List of Surveillance Provisions of PATRIOT Act to Be Sunsetted" in TLJ Daily E-Mail Alert 757, October 14, 2003.
See also, stories titled "Sen. Lisa Murkowski Introduces Bill to Roll Back Surveillance Provisions of PATRIOT Act", "Section by Section Summary of S 1552", and "The PATRIOT Act and the Murkowski Bill: An Analysis of Rules for Issuance of Electronic Surveillance Orders" in TLJ Daily E-Mail Alert No. 712, August 6, 2004. And see, "Panel Addresses PATRIOT Act and Civil Liberties" in TLJ Daily E-Mail Alert No. 644, April 15, 2003.
President Bush and Attorney General Ashcroft oppose legislation that would
limit pen register and trap and trace authority.