The Associated Press reports that the FBI has retired its “Carnivore” Internet surveillance tool. (It actually happened about two years ago, but no one knew about it until now.) The Carnivore debate was premised on a profound misunderstanding of Internet surveillance practices. With the Carnivore era over, it’s a good time to look back at how the press was able to get the story so wrong.
The FBI created the Carnivore tool around 1999 to create a more privacy-protecting way to conduct Internet surveillance. At that time, commercial surveillance tools were not very protective of privacy; private sector companies have broader surveillance rights than the government, which meant that there was no incentive for private companies to use privacy-sensitive tools when they needed to moinitor their network. The FBI was finding that in rare cases, ISPs could not execute court orders on their own and insisted that the FBI itself had to conduct court-ordered surveillance itself; when it did, FBI agents found that no commercially-available real-time surveillance tools (known as “sniffers”) were sufficiently privacy-protective for the FBI to be comfortable using it given the legal constraints it faced.
The FBI’s response was to order its tech people to try to improve the filtering technology of commercial tools. The FBI came up with better filter technologies that could ensure that no over-collection would occur. The preexisting commercial filter had been dubbed “Omnivore” within the FBI, and the new filter was much more precise — it only took the “meat” that the tool was designed to capture, and did not collect any evidence beyond that described in the court order. As a result, the FBI dubbed the new privacy-enhanced tool “Carnivore.”
Of course, this isn’t the story that you heard in the press. Privacy advocates were quick to capitalize on the precious gift the FBI handed them: the name itself was an indictment of sorts, making it easy to create the impression that the FBI had created a monster. Of course, reporters had no idea that Carnivore was actually a privacy-protective version of a common computer tool, and privacy advocates certainly had no incentive to tell them that. As a result, the MSM made a big ruckus about Carnivore and scared everybody into thinking that the FBI had created a powerful surveillance tool.
I was in government at the time the story broke, and was rather astonished by the misunderstanding. In a preview of the debate over the Patriot Act, the MSM got it exactly wrong: it couldn’t tell the difference between an effort to protect privacy and an effort to invade it. This led, among other things, to a movement among some civil libertarians urging Congress to impose a moratorium on Carnivore — a movement that, if successful, would have forced the FBI to use more privacy-invasive tools rather than more privacy-protective ones. (In case you’re wondering, government spokespersons tried to explain this at the time and since, but reporters simply did not believe it. When they bothered to report the government’s view at all, it was usually at the end of the article in a single sentence clearly designed to leave the impression it was not credible.)
Why did the FBI retire Carnivore? For a reason I explained in an article published two years ago on the Patriot Act (see footnote 247 if you’re really interested): in the last few years, the private sector finally caught up with the government. Commercial surveillance tools now have the same privacy-enhancing filter technology that the Carnivore tool has, meaning that the government no longer needs to use Carnivore. Strange, but true.
Comments are closed.