STATEMENT
OF
BARRY STEINHARDT
ASSOCIATE DIRECTOR
AMERICAN CIVIL LIBERTIES UNION
ON
THE FOURTH AMENDMENT AND CARNIVORE
BEFORE THE
HOUSE JUDICIARY COMMITTEE
SUBCOMMITTEE ON THE CONSTITUTION
July 24, 2000
Chairman Canady, Ranking Member Watt and members of the Subcommittee:
I am pleased to testify before you today on behalf of the American Civil Liberties Union about the Fourth Amendment to the U.S. Constitution and the FBI's Carnivore System. The ACLU is a nationwide, nonprofit, nonpartisan organization consisting of over 275,000 members dedicated to preserving the principles of freedom set forth in the Bill of Rights. Neither the ACLU nor myself has received any funding from the federal government in the past two years.
On April 6, my colleague, ACLU Legislative Counsel Gregory Nojeim, testified before this Subcommittee on the more general subject of the Internet and the Fourth Amendment. In his testimony, Mr. Nojeim offered a detailed analysis of the myriad ways in which the new technologies threaten to undermine the values of the Fourth Amendment. He emphasized that the existing laws related to the government's interception of our communications need to be updated to reflect the new technological developments and he offered a number of concrete proposals.
My testimony this afternoon will focus more narrowly on the Carnivore system and on the recent proposals made by the Clinton Administration concerning electronic surveillance. I will not repeat our earlier testimony, but I will refer to a number of the relevant points that Mr. Nojeim made in April.
Carnivore Does Damage to the Fourth Amendment and ECPA
Before turning to Carnivore itself, let me try to put the current controversy in some historical context. Wiretapping and electronic surveillance (hereinafter I will generally refer to "wiretapping" to cover both traditional telephone tapping and newer methods of electronic surveillance) are a growing practice in this country and are already at record levels. In 1995 and 1996, for the first time in history, the federal government placed more wiretaps than all of the states combined.
In the last reporting period, the Clinton Administration conducted more wiretaps in one year than ever in history, and the number of "roving wiretaps" (wiretaps of any phone a target might use, without specifying a particular phone) nearly doubled.
Perhaps most ominously, more and more innocent conversations are being intercepted. According to the government's own records, when Title III first went into effect 30 years ago, approximately 50 percent of all of the conversations intercepted contained what law enforcement regarded as "incriminating" information. In the mid to late 1990's, the percentage of "incriminating" conversations plummeted to less than 20 percent. In other words, more than 80 percent of all intercepted communications are, by the government's own standards, innocent. Last year, approximately 2 million innocent conversations were intercepted in law enforcement electronic surveillance.
Both trends -- more and more intercepts and more and more innocent conversations being intercepted -- are likely to accelerate because of the advent of digital communications. The interception of "old fashioned" analog telephone conversations is very labor intensive and consequently costly. A law enforcement agent must actually listen to all or part of the conversation. Digital communications, especially those that are textual such as e-mail, offer law enforcement the opportunity to intercept and process much greater volumes of communications. Much of the initial evaluation and processing of the communication can be done by computers that are relatively cheap and easy to operate.
The consequence is that law enforcement will be sorely tempted to access an ever-increasing number of communications. With increased numbers and less precision in the targeting, the percentage of innocent communications accessed by law enforcement is likely to grow.
Moreover, digital files kept on computers and transferred over the Internet represent a treasure trove of information for law enforcement. The demand to search those files and intercept them in transmission is likely to grow and will further accelerate the trend of increased surveillance.
Carnivore is a dramatic example of this new digital reality and the opportunity for increased surveillance.
The Carnivore system -- essentially a computer running specialized software -- is attached directly to an Internet Service Provider's (ISP) network. Carnivore is attached either when law enforcement has a court order under the Electronic Communications Privacy Act (ECPA) permitting it to intercept in real time the contents of the electronic communications of a specific individual, or a trap and trace or pen register order allowing it to obtain the "numbers" related to communications from or to a specified target.
But unlike the operation of a traditional pen register, trap and trace device, or wiretap of a conventional phone line, Carnivore gives the FBI access to all traffic over the ISP's network, not just the communications to or from a particular target. Carnivore, which is capable of analyzing millions of messages per second, purportedly retains only the messages of the specified target, although this process takes place without scrutiny of either the ISP or a court.
Carnivore permits access to the e-mail of every customer of an ISP and the e-mail of every person who communicates with them. Carnivore is roughly equivalent to a wiretap capable of accessing the contents of the conversations of all of the phone company's customers, with the "assurance" that the FBI will record only conversations of the specified target. This "trust us, we are the Government" approach is the antithesis of the procedures required under our wiretapping laws. Those laws authorize limited electronic surveillance of the communications of specified persons, usually conducted by means of specified communications devices. These laws reflect Fourth Amendment values of limited searches aimed at particular targets when there is good cause to suspect them of criminal activity.
They place on the provider of the communications medium the responsibility to separate the communications of persons authorized to be intercepted from other communications. Law enforcement is required to "minimize" its interception of non-incriminating communications of a target of a wiretap order. Carnivore is not a minimization tool. Instead, Carnivore maximizes law enforcement access to the communications of non-targets.
In essence, Carnivore is a black box into which flows all of the service provider's communications traffic. The service provider knows what goes in, but it has no way of knowing what the FBI takes out.
Indeed it is hard to imagine how the operation of Carnivore can be squared with either the Fourth Amendment or ECPA, which was adopted to implement the Fourth Amendment in the context of electronic surveillance. The very premise of the Fourth Amendment is that searches should be narrow and targeted so as to avoid intrusion into the privacy of persons who are not suspected of engaging in crime. The Fourth Amendment was adopted to protect the "houses, papers and effects" of Americans against the sort of general searches conducted by the British colonial powers that permitted the search of everyone and everything in their path.
In recognition of this, ECPA requires the government to specify the person who is the target of the investigation, the crimes under investigation and the particular system from which the communications are to be accessed. I think it is fair to say that the Congress never contemplated or authorized a wiretapping scheme that accessed everyone's communications; that had the potential to access an unlimited number of communications, only a small fraction of which involved criminal activity, and that targeted an entire communications network, rather than a particular person's communications.
In his prior testimony to your subcommittee, Robert Corn-Revere described the experience of his client, an ISP later publicly identified as EarthLink, that was required to install Carnivore when presented with a trap and trace order. He detailed his client's concerns that a trap and trace order in the context of the Internet revealed information that Congress did not contemplate when it authorized their limited use.
In the traditional telephone context, those orders reveal nothing more than the numbers dialed to or from a single telephone line. In the Internet context, these orders and certainly Carnivore likely involve ascertaining the suspect's e-mail address, as well as header information that may provide information regarding the content of the communication. He described his client's frustration at not knowing what information law enforcement was collecting and whether it was actually limited to that allowed by a trap and trace order.
He also described his client's willingness and ability to cooperate with law enforcement and law enforcement's rejection of an offer to provide them the communications traffic authorized by the order without having to use Carnivore.
In his prior testimony and other testimony you will hear today, it is clear that the ISP community is willing and able to cooperate with law enforcement and to provide it with the targeted communications information to which it is entitled under a court order. You will hear testimony that the ISP's can give the FBI what it is entitled to without resorting to the use of Carnivore. You will also hear testimony that the ISP's fear both for their subscriber's privacy and the security of their networks. Introducing a device like Carnivore into an ISP's network creates both a potential security hole and the possibility of the sort of service degradation and interruption that Mr. Corn-Revere's client experienced.
In recognition of the multiple dangers of Carnivore and how little the public, service providers or even the Congress knows about its capabilities or operations, the ACLU has filed a Freedom of Information Act request with the FBI that asks for all documents describing Carnivore's operation, including the source code for its software. We believe that the only way to understand Carnivore's capabilities is to subject the computer code to examination by experts genuinely independent of the FBI. A carefully controlled and rehearsed demonstration by the FBI is not likely to reveal Carnivore's full capabilities and potential uses.
The FBI insists it will only record the communications to which it is entitled. The FBI asks you to take an enormous leap of faith that it will stay strictly within the confines of the law. It asks you to trust it with unsupervised access to the entire stream of communications over an ISP's network, which can amount to literally millions of innocent communications of non-targets of any interception order.
If you accept this premise, you reject the Fourth Amendment. It is built on the opposite premise: that the Executive cannot be trusted with carte blanche authority when it conducts a search.
Even if we assume that the FBI will not once again engage in spying on the First Amendment activities of Americans or other abuses of the past, recent history tells us that the FBI cannot be expected to keep its promises on communications surveillance issues. Recent history tells us that we can fully expect the FBI to push the envelope of the law and to eventually break out.
In 1994, the Congress passed the Communications Assistance to Law Enforcement Act (CALEA). CALEA was a hotly debated law. It required that the new generation of digital telephone networks be built to be surveillance-ready. At the time, law enforcement and the FBI, in particular, argued that it was necessary to preserve their existing capacity to engage in electronic communication surveillance and assured the Congress that they were only seeking to preserve the status quo and were not seeking any additional power or capacity.
In effect, a bargain was struck. In return for the requirement that the new networks be constructed to preserve then existing capabilities, the FBI and law enforcement agreed not to use the new law to force service providers to provide it with new surveillance capabilities.
The FBI did not keep its end of the bargain. The CALEA implementation process, which was supposed to involve only the setting of technical standards by the industry, has been highly contentious and has been characterized by an FBI power grab. The FBI has consistently sought greater capacity and new surveillance features that did not exist in 1994. In some cases, it has sought capabilities that it specifically promised the Congress it would not seek.
Among these have been:
- Demands that cellular telephone providers build their systems to give law enforcement location tracking abilities -- despite an explicit promise by FBI Director Freeh that the FBI would not use CALEA for that purpose.
- A demand that Internet telephony providers turn over the content of communications, even when law enforcement only has a pen register or trap and trace order.
- An exorbitant wiretapping capacity requirements for new networks.
(Attached to my testimony as Appendix I, you will find a more detailed description of the FBI's broken promises and its elastic concept of the law).
Indeed, the whole history of the CALEA implementation process demonstrates why we should not be so quick to accept the FBI's assurances that it will strictly adhere to the Constitution and the relevant statutes. The FBI has demonstrated that it has very expansive notions of what it is entitled to intercept and when it is entitled to those intercepts. The decisions made by the FBI and its Carnivore box are for all intents and purposes secret and beyond review. Carnivore gives the FBI far too much discretion and creates far too great a risk that it will burst through the envelope of the Fourth Amendment and the congressionally imposed restraints.
The Administration Proposals Made In Response to the Carnivore Controversy
In response to the public controversy over Carnivore, the White House has made a new set of proposals regarding "Cyber Security." The Administration has not yet offered legislative language, so it is difficult to offer a definitive comment, but White House Chief of Staff John Podesta offered the broad outlines in his July 17 remarks at the National Press Club.
While the devil will be in the details that we don't yet have, I will offer some general comments on the proposals. But first let me emphasize that the Podesta proposals are not an adequate response to the issues raised by Carnivore.
Carnivore is an unprecedented system. Never before has law enforcement installed a device, which accesses all the communications of a service provider's customers, rather than only the communications of the target. Never before has a law enforcement agency claimed that it should be granted access to all communications passing through a service provider's network based on an unsupervised promise that it will not stray beyond the confines of its authority.
The Administration's proposals simply do not address those issues. Slightly enhancing the standards for issuing pen register or ECPA orders for content does not address the issue of dragnet searches through an ISP's network. The Administration certainly does not address these problems by proposing to create the authority for nationwide pen register or trap and trace orders.
The problem with Carnivore is not limited to the standard for issuing the orders. It is the operation of a device that can trawl through millions of communications that are wholly unrelated to the target of the order.
Now, let me turn to the proposals, as we understand them. In summary, these proposals offer a few modest steps forward to protect privacy, at least two large steps backward, and miss many opportunities to address the most significant deficiencies in the current law.
Mr. Podesta announced that the Administration would support legislation to require that the same standards that apply to the real time interception of the content of telephone calls ("Title III Standards") also apply to the real time interception of electronic mail.
Mr. Nojeim made a similar proposal in his April testimony to the Subcommittee. He noted that ECPA has a number of shortcomings that need to be addressed and that in general, it is not as protective of e-mail and other electronic communications as Title III is of voice communications. For example, with regard to real time interception, only a high-ranking DOJ official can authorize an application for a wiretap order. "Any attorney for the Government" may authorize an application for an order to intercept e-mail and other electronic communications.
Wiretaps can be issued only upon a showing of probable cause that one of a list of enumerated offenses has been committed; e-mail and other electronic communications can be intercepted with a court order based on probable cause issued in connection with any federal felony. Finally, the statutory exclusionary rule that encourages law enforcement to comply with the proper procedures for electronic surveillance applies only to wiretaps and bugs, not to interception of e-mail and other electronic communications.
But Mr. Podesta's suggestion does not go far enough because it does not address the far more significant differences between the rules for the real time interception and law enforcement access to electronic communications that are in "storage."
Once in storage, law enforcement access is obtained far more easily under federal law. A search warrant based on probable cause issued by a federal magistrate (as opposed to a court order with the protections mentioned above) is all that is required to access e-mail in storage for less than 180 days. 18 U.S.C. 2703(a). In other words, by waiting an instant until the message is delivered and "stored," the requirement of a court order with continuing judicial oversight, the statutory requirement for minimization procedures, the substantial fines and prison time for violating the statute, and the requirement that the communication be eavesdropped upon only as an investigative technique of last resort, are all avoided.
Importantly, once the e-mail has been stored with the provider for over 180 days, it can be made available to law enforcement acting with only an administrative subpoena and delayed notice to the customer, or with a warrant without notice. 18 U.S.C. 2703(b). Most importantly, such e-mail can be obtained by law enforcement acting with a court order issued based upon a showing of only "specific and articulable facts showing that there are reasonable grounds to believe" that the contents of the communication are "relevant" to an ongoing investigation. "Relevance" is a far lower threshold for a search than is "probable cause." In effect, the privacy of the contents of an e-mail message or other electronic communication diminishes just because a service provider retained the message an inordinately long time.
The Administration's proposals would be genuinely meaningful if they applied to stored e-mail the same protections which Title III applies to the interception of telephonic communications. Only by adopting this approach would e-mail truly enjoy the same legal protections as voice communications -- the goal the Administration claims it would like to achieve.
Moreover, this approach makes intuitive sense for two reasons. First, e-mail should be protected like voice communications because it is a spontaneous communication. People write in e-mail messages in the same way they speak: spontaneously. Second, the e-mail that a person receives that the person regards as most important is the e-mail that the person saves for the longest time. Ironically, that is the e-mail entitled to the least protection under the current statutory scheme.
The Administration has made two proposals with regard to pen register and trap and trace orders. First, Mr. Podesta reaffirmed the Administration's long standing proposal for nationwide orders.
The Department of Justice has previously asked that judges be given authority to issue such orders with nationwide coverage. DOJ argues that to track computer intrusions over the Internet, law enforcement officials must often seek multiple orders because electronic communications jump from computer to computer and jurisdiction to jurisdiction. However, the DOJ's request extends not only to electronic communications, but also to any communications transmitted by telephone, which do not jump from computer to computer.
We urge you to reject this request because: (i) the standard for issuing a pen register or trap and trace order must first be strengthened substantially; (ii) steps must be taken to ensure that forum-shopping for a sympathetic judge is precluded; and (iii) it is unclear exactly what information the government is currently obtaining with the low evidentiary standard for pen registers and trap and trace devices.
The trap and trace/pen register law is, at best, a very poor fit for the Internet. The statute currently authorizes the interception of only numbers dialed to and from a telephone. On the Internet, the only times numbers are literally "dialed" by a telephone is when a user connects to an ISP using a dial up modem - a method of connection that is rapidly becoming less common. Plainly, the existing laws were not drafted with the Internet in mind.
At your April hearing, the Chairman asked Mr. Green of the Justice Department whether law enforcement was currently receiving email addresses using a pen register or trap and trace order. He replied that law enforcement regularly obtains e-mail addresses with only such orders by arguing in an ex parte proceeding "by analogy" to the pen register statute. This position -- that "letters" are "numbers" -- cannot be squared with the statute, and raises further questions about just what information can be obtained with a pen register or a trap and trace order.
In the context of the Internet, e-mail addresses can convey far more meaning -- content -- than a telephone number. To begin with, as several of your witnesses in April pointed out, e-mail addresses are personal to an individual while telephone lines may be used by multiple persons. More significantly, depending on the circumstances of their capture, e-mail address can tell law enforcement a good deal about the content of the communication.
For example, forcing a web site to reveal the e-mail addresses of all of its visitors or those who accessed a particular file reveals the nature of those visitors specific interests.
Beyond e-mail addresses, there are unanswered questions about whether pen register and trap and trace orders are being or can be used to obtain other sensitive information. For example, can they be used to collect the URL's (the web addresses) of sites that a target visited, the names of files that are transmitted, subject headers of email, or other transaction logs of Internet activity.
One of the real dangers of Carnivore is that it is perfectly capable of collecting such information in a surreptitious way and there is no practical check on the FBI's discretion.
In its second proposal about pen registers and trap and trace devices, the Administration suggested that judges and magistrates be given greater authority to review requests for pen registers and trap devices. Under current law, the judiciary must simply rubber stamp such requests if law enforcement certifies that they are sought as part of ongoing criminal investigation. This is a potentially useful change, although it will only be meaningful if the standard for issuing an order is itself meaningful. Mr. Podesta did not address the question of what standard should apply.
We would suggest that the judiciary must be given the authority to make an independent judgement that these orders are based on reasonable cause to believe that the target of the order has or is about to commit a crime. Under the Administration's proposal, a judge would issue a pen register or a trap and trace order upon finding that the information to be obtained is likely "relevant" to an ongoing investigation. However, the Attorney General Guidelines on General Crimes, Racketeering Enterprise and Domestic Security/Terrorism Investigations do not permit the FBI to open an investigation in the first place unless there is a reasonable indication of criminality. If the judge is truly to have a meaningful role, the judge should ask not merely whether information is "relevant" to an ongoing investigation, but whether there is a reasonable indication of criminality in the first place.
Of equal importance, in no event should law enforcement be allowed to use trap and trace orders served on ISPs to obtain data which reveals the content of the communication.
In sum, ECPA should be amended to:
- Require that trap and trace/pen register orders should only be issued on the basis of an independent finding by a judicial officer that there is reasonable cause to believe that the target of the order has or is about to commit a crime.
- Provide that consumers receive notice whenever the government obtains information about their Internet transactions.
- Require specific statistical reports for pen register/trap orders for Internet communications, similar to the reports required under Title III.
- Explicitly provide that Internet queries, e-mail subject lines, URL's of sites visited and other information which provides more than the equivalent of a dialed number, such an IP number are content, which cannot be disclosed without a probable cause order.
Congress should not even consider allowing nationwide pen register or trap and trace orders until those reforms are enacted and tested in the real world.
Finally, Mr. Podesta discussed the issue of the interception of electronic communications made using a cable modem. He suggested that such communications be subject to interception under the same circumstances as applies to the wiretapping of telephones or the real time interception of e-mail.
The Cable Act provides that law enforcement may only get access to subscriber records under a process that involves prior notice to the subject. Title III and ECPA do not provide prior notice or an opportunity to contest for the target of the wiretap. In other words, the Cable Act, assuming that it rather than ECPA governs the interception
Related Issues
Stay informed
Sign up to be the first to hear about how to take action.
By completing this form, I agree to receive occasional emails per the terms of the ACLU's privacy statement.
By completing this form, I agree to receive occasional emails per the terms of the ACLU's privacy statement.