US: "Carnivore" surveillance system challenged
The US group EPIC (Electronic Privacy Information Center) has lodged a lawsuit to get the FBI to reveal details of its new "Carnivore" telecommunications monitoring system - to be used by "black boxes" placed in service providers. "Carnivore", developed in the FBI laboratories at its HQ in Quantico, Virginia, is apparently named thus because it finds the "meat" in vast quantities of data. It is apparently capable of scanning millions of e-mails each second and able to give the "law enforcement agencies" access to all of an ISP's customers' digital communications. Marc Rotenberg, of EPIC, said: "It goes to the heart of the Fourth Amendment and the federal wiretap statute that are going to be applied in the Internet age".
"Carnivore" consists of a laptop computer, communications interface cards and software. It uses the fact that virtually all internet communications are broken up into "packets" or uniform chunks of data and FBI programmers devised a "packet sniffer". The system is able either to download whole sets of traffic or what is called in the US a "pen register" - a list of people/sites contacted or from whom information is received (an early version, called in the UK "telemetering", was used by BT from the 1970s onwards).
It is interesting to note that the total telecommunications interception warrants issued in the US in 1998 was only 1,329 whereas in the UK it was 1,903 (excluding Northern Ireland).
Sources: EPIC Alert, 3.8.00; International Herald Tribune, 13 & 17.7.00; see also Statewatch News online for UK telephone tapping figures, on http://www. statewatch.org/news
EU: What happened to the ENFOPOL decision?
After the debate surrounding an EU document called "ENFOPOL 98" it was expected that the Justice and Home Affairs Council would adopt the streamlined version, ENFOPOL 19, dated 15.3.99 (see Statewatch, vol 7 no I & 4/5, vol 8 nos 5 & 6, vol 9 nos 2 & 6, vol 10 no 2). This would have extended the EU-FBI Requirements to cover the interception of the internet, e-mails and satellite phones. Instead, as reported in the last Statewatch, the "negative press" over interception meant there was little political will to adopt this update.
In the spring the EU's Working Party on Police Cooperation has decided that the issues previously discussed under "interception of communications" will now come under "advanced technologies". One of the first document to surface with the title: "Advanced technologies: relations between the first and third pillars" came out on 12 July. This seemingly innocuous report is concerned with "the single market and the EU's entry into the global Information Society". It then says that experts in the first (economic) pillar and third (police cooperation) need to work together on criminal use of new technologies and the "emergence of cybercrime". While the first pillar takes decisions on "technical and commercial" matters, the Working Party on Police Cooperation has:
"therefore defined the technical specifications intended to safeguard the possibility of lawful interception of such services "
The report suggests "an inter-pillar dialogue" now be established. This is all a polite way of saying that the EU-FBI "Requirements" have to be built into trade and commerce in the EU.
One of the issues which has apparently already been discussed is "the definition of the length of time data may be stored in the telecommunications sector". This is a reference to the on-going debate between Data Protection authorities in the EU and the "law enforcement agencies". Elizabeth France, the UK Data Protection Commissioner, said in her latest annual report that:
"The routine long-term preservation of data by ISPs [internet service providers] for law enforcement purposes would be disproportionate general surveillance of communications."
The Spring 2000 Conference of European Data Protection Commissioners, 6-7 April, Stockholm, issued a declaration on the "Retention of Traffic Data by Internet Service Providers (ISPs)". It noted with concern:
"proposals that ISPs should routinely retain traffic data beyond the requirements of billing purposes in order to permit possible access by law enforcement bodies.
The Conference emphasised that such retention would be an improper invasion of the fundamental rights guaranteed to individuals by Article 8 of the European Convention on Human Rights. Where traffic data are to be retained in specific cases, there must be a demonstrable need, the period of retention must be as short as possible and the practice must be clearly regulated by law."
There is an on-going "debate" over the length of time ISPs should be required to keep data, the "law enforcement agencies" variously argue for 30 days, 90 days and some for much, much longer.
Sources: ENFOPOL 19, 6715/00, 15.3.99; ENFOPOL 150, 10571/1/94, REV I +REV 2 +REV 3 +REV 4, 17.1.95.
European Parliament: Inquiry into Echelon launched
The European Parliament has agreed to set up a temporary committee to investigate Echelon, a world-wide electronic surveillance network headed by GCHQ (UK) and the National Security Agency in the US. The Committee will meet over a year and has 36 members. The setting up of the Committee follows an initiative by the Green group of MEPs who obtained 172 MEP's signatures to get a vote on the issue at the parliament's plenary session (when 210 MEPs voted in favour). The signatories wanted a full committee of inquiry with the power to calls witnesses to testify and to get documents. The details of the committees work are on the following web pages:
Members of the committee: http://europarl.eu.int/tempcom/echelon/en/members.htm
The mandate for the committee: http://europarl. eu. int/tempcomechelon/en/mandate. htm Meetings of the committee:
http://europarl. eu. int/tempcom/echelon/en/agenda.htm
STOA study on the development of surveillance technology http://www. europarl. eu. int/dg4/stoa/en/public/pop-up.htm
Extensive background information on Echelon is on:
Germany: demand for agreement on Echelon
The spokesman for the EU Committee of the lower house of the German parliament, Christian Sterzig (Die Grunen), supported by the coalition spokeswoman on human rights, Claudia Roth (Die Grunen), have called for a swift and consistent mutual agreement between the US and EU member states on the Echelon system. At a hearing of the EU Committee in the beginning of July, ministers concluded that the system is threatening civil liberties in Germany. In a report by Duncan Campbell for the European Parliament it became evident that Echelon, a world-wide interception system run by the US, the UK, Australia, New Zealand and Canada under the auspices of the US National Security Agency (NSA), not only intercepted firms' business communications but also those of human rights organisations such as Amnesty International.
The Committee expressed concern that the NSA is running a station connected to the Echelon system in the Bavarian town of Bad Aiblingen. The German government has accepted reassurances by the US that their status as NATO partners would not allow them to carry out economic espionage against Germany. However, the data protection officer for the Land Brandenburg, Dr Alexander Dix, informed the parliamentary EU Committee that the status of NATO as a military force did not provide an adequate legal basis regulating surveillance via the Bad Aiblingen station. Echelon, he concluded, did not only violate German, but European community law as well. Currently, a German governmental supervisory committee meeting in secret gets information on Echelon. Data protection officers and MP's concerned with civil liberties however, are demanding an open parliamentary- debate as well as a binding agreement prohibiting the interception of telecommunications through Echelon in EU member states.
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.