The Federal Bureau of Investigations latest controversial snoopware is a high-tech wiretap that ISPs might want to challenge.
But dont bet the business on winning anytime soon.
The FBI insists the system, commonly known as Carnivore, is used for surgically precise scanning of Internet packets to monitor transmissions from criminal suspects under investigation.
Still, an independent technical review found that the FBI software can easily conduct "broad sweep" scans of ISP traffic, according to a report by the Electronic Privacy Information Center (EPIC).
Following a spate of negative publicity, Carnivore recently was renamed DCS-1000, but it still does the same job.
For ISPs, the first three letters of the newly renamed system might just as well mean "dont contact subscribers." ISPs could face prosecution under a statute that forbids communication providers to "disclose the existence" of any surveillance equipment, says Mark Rasch, VP of cyberlaw at Predictive Systems Inc., an infrastructure integrator that works with telcos.
ISPs dont really have much leeway, notes David Sobel, general counsel at EPIC. "Theyre looking at a court order to cooperate with law enforcement, but in such a way that really compromises the privacy of their subscribers," says Sobel.
EPIC is involved in a lawsuit against the U.S. Justice Department and the FBI. The organization wants more details released about the inner workings of the system.
Experts say the DCS 1000/Carnivore system is a Windows NT powered box installed at an ISP site by FBI technicians.
While ISP operators are concerned about privacy matters, they also are worried that if it slows or stops Internet traffic, Carnivore could cost an ISP its customers.
But the first thing an ISP owner should do when presented with a Carnivore order is call a lawyer. If the order simply authorizes the government to gain access to certain customers data, an ISP can offer to comply on its own.
ISPs easily can isolate and save e-mail messages and other information to avoid the installation of a Carnivore box. America Online used that argument successfully to spare itself Carnivore installations, experts say.
In general, ISP operators need to learn the laws that relate to telecommunications and privacy. And, before embarking on a legal challenge, they should consider whether they can afford the legal fight and whether theyre likely to win.
"I would resist installing a Carnivore box if you have the independent capability of complying with the … order," says Rasch. "And, if you want to be seen as an ISP in favor of freedom and liberty and all that stuff, you may want to fight it."