Carnivore Puts Terror Investigation at Risk

The FBI destroyed evidence gathered in an investigation of Usama bin Laden's terrorist network, thanks to a glitch in the controversial Carnivore e-mail surveillance system and the actions of a frustrated agent, an internal memo reveals.

The Denver field office's terrorist electronic surveillance probe of bin Laden's network not only snatched targeted e-mails "but also picked up e-mails on non-covered targets," said a March 2000 memo to agency headquarters in Washington.

"The FBI technical person was apparently so upset that he destroyed all the e-mail take, including the take on" the suspect, the memo said.

The memo was released to the public by the Electronic Privacy Information Center, a Washington advocacy group, which has acquired information on the probe through a Freedom of Information Act request.

Carnivore: A Primer
Carnivore is software designed to get at "the meat" of sought-after information.

FBI agents take an off-the-shelf PC with the software on it directly to the offices of an Internet service provider (ISP). There, they leave it in a locked cage, typically for about 45 days, making daily visits to retrieve captured data — the e-mails sent to or from a suspect.

Like the more common phone tap, such an Internet tap must be authorized by court order. 

However, critics say Carnivore gives the Feds access to private information that exceeds those court order. In theory, it could process all the e-mail that passes through the ISP — not just messages sent to or from the suspect. 

Critics compare the software's activity to snooping on all the phones in a neighborhood to zero in on one phone. Others claim Carnivore goes beyond e-mail surveillance to also monitor overall Internet usage.

This isn't the first time Carnivore has made dubious headlines. For the last two years, the Justice Department has been forced to defend its use of the system, now called DCS1000, which was initiated during the Clinton Administration.

Since 1998, the Federal Bureau of Investigation has been using the e-mail-sensing technique to sift and read through e-mails sent through the servers of Internet service providers such as AOL or Earthlink.

While agents must have a warrant to conduct searches, critics complained they have unlimited access to all Internet users’ personal correspondence, whether it is covered by warrant or not. 

In a story reported by nearly a year ago, the FBI insisted its searches were based on key words and names and only those e-mails covered by a warrant are read by agents. Officials also claimed that such surveillance was necessary to fight terrorism and crime, which invariably includes correspondence between drug dealers, child-porn operators and the like.

They based their statements on a 2000 FBI report that found that there was not a threat of Carnivore capturing and reading untargeted e-mails. However, the memo regarding the bin Laden investigation released Tuesday speaks to the contrary.

"Here's confirmation of the fact that not only did it do that, but it resulted in a loss of legitimately acquired intelligence," said David Sobel, general counsel of EPIC.

Under a Foreign Intelligence Surveillance Act warrant, the Denver FBI unit was attempting to track the correspondent of a suspect, whose name and other information identifying details of the investigation were redacted from the memo.

FBI officials refused on Tuesday to discuss the memo, which surfaced amid concerns that the bureau had bungled aspects of its terrorism investigations prior to the Sept. 11 attacks.

A Justice Department official, speaking on condition of anonymity, said Tuesday night that the e-mails captured in the spoiled Denver Carnivore search were not destroyed as the memo alleged, but would not elaborate on his charge.

The memo indicated FBI agents were worried about the fallout in the Denver case. It also said the Justice Department's Office of Intelligence and Policy Review was furious after learning the evidence was destroyed because of the glitch, the memo states.

"To state that she was unhappy at ITOS (International Terrorism Operations Center) and the UBL (bin Laden) unit is an understatement," the memo stated, quoting a Justice official.

The memo said Justice officials worried the destruction of the evidence would signal an "inability on the part of the FBI to manage" the warrants in electronic wire-tapping investigations. The privacy group also obtained an e-mail from an unnamed author to M.E. "Spike" Bowman, the FBI's associate general counsel for national security, which said that Denver agents installed Carnivore on March 16, 2000, but the system did not work correctly.

Henry Perritt, who led a team authorized by the FBI to review the surveillance system, said he was surprised the technician deleted the e-mails.

"The collection is supposed to be retained for judicial review," Perritt said. "If an agent simply deleted a whole bunch of files without the court instructing, that's not the way it's supposed to work."

Another document released through the privacy group's request says there is a policy for when Carnivore overcollects e-mails under a surveillance warrant. The memo, dated just a week after the Denver e-mail, says all captured e-mails should be kept under seal until senior FBI officials can figure out what went wrong.

However, the memo also suggested that if the FBI captured e-mails from unintended targets, the bureau may be inclined to notify those persons.

The Associated Press contributed to this report.