EU-US: Telecommunications surveillance
01 June 2000
US: "Carnivore" surveillance system challenged
The US group EPIC (Electronic Privacy Information Center) has lodged a lawsuit to get the FBI to reveal details of its new "Carnivore" telecommunications monitoring system - to be used by "black boxes" placed in service providers. "Carnivore", developed in the FBI laboratories at its HQ in Quantico, Virginia, is apparently named thus because it finds the "meat" in vast quantities of data. It is apparently capable of scanning millions of e-mails each second and able to give the "law enforcement agencies" access to all of an ISP's customers' digital communications. Marc Rotenberg, of EPIC, said: "It goes to the heart of the Fourth Amendment and the federal wiretap statute that are going to be applied in the Internet age".
"Carnivore" consists of a laptop computer, communications interface cards and software. It uses the fact that virtually all internet communications are broken up into "packets" or uniform chunks of data and FBI programmers devised a "packet sniffer". The system is able either to download whole sets of traffic or what is called in the US a "pen register" - a list of
people/sites contacted or from whom information is received (an early version, called in the UK "telemetering", was used by BT from the 1970s onwards).
It is interesting to note that the total telecommunications interception warrants issued in the US in 1998 was only 1,329 whereas in the UK it was 1,903 (excluding Northern Ireland).
Sources: EPIC Alert, 3.8.00; International Herald Tribune, 13 & 17.7.00; see also Statewatch News online for UK telephone tapping figures, here
EU: What happened to the ENFOPOL decision?
After the debate surrounding an EU document called "ENFOPOL 98" it was expected that the Justice and Home Affairs Council would adopt the streamlined version, ENFOPOL 19, dated 15.3.99 (see Statewatch, vol 7 no I & 4/5, vol 8 nos 5 & 6, vol 9 nos 2 & 6, vol 10 no 2). This would have extended the EU-FBI Requirements to cover the interception of the internet, e-mails and satellite phones. Instead, as reported in the last Statewatch, the "negative press" over interception meant there was little political will to adopt this update.
In the spring the EU's Working Party on Police Cooperation has decided that the issues previously discussed under "interception of communications" will now come under "advanced technologies". One of the first document to surface with the title: "Advanced technologies: relations between the first and third pillars" came out on 12 July. This seemingly innocuous report is concerned with "the single market and the EU's entry into the global Information Society". It then says that experts in the first (economic) pillar and third (police cooperation) need to work together on criminal use of new technologies and the "emergence of cybercrime". While the first pillar takes decisions on "technical and commercial" matters, the Working Party on Police Cooperation has:
"therefore defined the technical specifications intended to safeguard the possibility of lawful interception of such services "
The report suggests "an inter-pillar dialogue" now be established. This is all a polite way of saying that the EU-FBI "Requirements" have to be built into trade and commerce in the EU.
One of the issues which has apparently already been discussed is "the definition of the length of time data may be stored in the telecommunications sector". This is a reference to the on-going debate between Data Protection authorities in the EU and the "law enforcement agencies". Elizabeth France, the UK Data Protection Commissioner, said in her latest annual report that:
"The routine long-term preservation of data by ISPs [internet service providers] for law enforcement purposes would be disproportionate general surveillance of communications."
The Spring 2000 Conference of European Data Protection<