Washington, D.C. — Ann Harrison reports that in an attempt to address the privacy concerns surrounding the FBI’s controversial and secretive Carnivore e-mail surveillance system, the U.S. Department of Justice announced that it has chosen a team of researchers affiliated with the Illinois Institute of Technology to carry out a promised technical review of Carnivore.
The DOJ said the team from the IIT Research Institute (IITRI) will be paid an estimated $175,000 to determine if the computer-based investigative tool contains enough safeguards to ensure that it doesn’t invade the privacy of individuals who aren’t being investigated by the FBI.
IITRI, a not-for-profit research and development organization in Chicago, will review Carnivore at a research facility it operates in Lanham, Maryland. The DOJ said the review will begin immediately and is scheduled to be completed in December, after which a report will be made available for public comment. An interim draft report is due to be released in late November.
The DOJ last month issued a request for proposals from universities interested in examining the Carnivore technology after privacy groups charged that the surveillance system could be used to do widespread monitoring of e-mail messages on networks operated by Internet service providers. Government officials are hoping that the independent review will head off calls for the FBI to release Carnivore’s source code, which has been kept secret thus far.
“The [IITRI] review team will have full access to any information they need to perform their review,” said Assistant Attorney General Stephen R. Colgate, who led the DOJ’s selection team and heads up a group at the agency that will review the IITRI report and then advise on any necessary changes to Carnivore.
However, the review is still subject to some restrictions. For example, the DOJ has said Carnivore’s source code won’t be published as part of the report, and the agency will be able to edit the document. Those conditions spurred some universities, including MIT, Purdue University, Dartmouth College, and the Supercomputing Center at the University of California at San Diego, to withdraw from the review application process.
FBI officials have argued that releasing Carnivore’s source code for public review would leave the system vulnerable to attack by suspects who are being targeted in criminal investigations. At present, Carnivore is installed by the FBI as a “black box” system that’s attached to the networks of ISPs, which can’t examine or access the system.