Computerworld - A group of researchers that helped the U.S. Department of Justice identify technical issues that should be studied during an independent review of the FBI's Carnivore e-mail surveillance system this week said they still have "serious concerns" about the controversial technology, despite a generally favorable draft report by the review team.
In a document released Sunday, the group of five researchers from organizations such as AT&T Laboratories and the University of Pennsylvania said the Carnivore review done by the Chicago-based Illinois Institute of Technology Research Institute (IITRI) "appears to represent a good-faith effort at [an] independent review" of the surveillance system. But, they added, the "limited nature of the analysis described in [IITRI's] draft report simply cannot support a conclusion that Carnivore is correct, safe or always consistent with legal limitations."
The researchers, who met with DOJ officials in early October after being asked by the agency's chief scientist to help in the preparations for the independent review, suggested in the document issued this week that the government release Carnivore's source code for public review in order to create more confidence about the use of the technology.
Carnivore is a software program that monitors packets of data passing through an Internet service provider's network. Officials at the FBI and the DOJ have said the surveillance system can only be legally deployed to monitor alleged criminal activity under a court order, but privacy advocates are worried that the software could lead to widespread and random surveillance of e-mail messages.
The DOJ released a draft version of IITRI's report two weeks ago, and the final report is due this Friday. The draft report raised some questions about Carnivore's ability to monitor more than the e-mail and Internet activities of suspected criminals being investigated by the FBI, but it concluded that the software essentially does what it was designed to do -- track specific digital communications with the permission of a court order (see story).
But the five-man group of researchers said people concerned about potential misuse of Carnivore "should not take much comfort" from the draft report. The group took particular issue with what it believes to be vague and changeable audit trails within the Carnivore system. Without a definitive audit trail, the researchers said, it would be impossible to determine who had been monitoring what.
The researchers also claimed there were problems with the scope of the IITRI review. "While the IITRI report does represent a good starting point for answering these questions, we were disappointed that more attention was not
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
