[Excerpt from transcript of Mueller's confirmation hearing before the
Senate Judiciary committee on Tuesday. --Declan]
---
SEN. MARIA CANTWELL (D-WA): Thank you, Mr. Chairman, Mr. Mueller. Thank you
for answering a variety of questions both today and yesterday related to
technology and cybercrime. I'll try to be specific in my questions. And sorry I
was not here yesterday for your statement, but have a copy of that.
The glaring inconsistency with the FBI, in my mind, seems to be this fact
that the internal information systems are not where they need to be. And we've
all heard examples of that this morning, and I'm sure yesterday as well.
And yet
the FBI has continued in its efforts with Carnivore, which has also been
plagued
with a variety of privacy concerns. So I see an inconsistency there. And so I
don't know if you have made statements yet about what kind of review of
resources and allocation of resources to those two tasks, and if you think that
maybe some of the Carnivore activities and resources should actually be
spent on
improving your IT information system, given the concerns that so many privacy
entities have about Carnivore?
MR. MUELLER: I'm sensitive to the concerns relating to privacy, I, as a
citizen, but also having sat down and talked with a number of the privacy
groups here when I was assistant -- when I was acting deputy attorney
general. I
am sensitive to the concerns about what is called DCS1000, previously known as
Carnivore, and other technological advances.
There is, I think -- there are two separate paths, though, that we're
looking
at. On the one hand, the investigative tools and the investigative expertise
developed by the FBI and the new technologies I think is next to none. I think
they have made rapid advances. There are privacy concerns that we have to
address. But nonetheless, I do not think that the FBI is behind in its ability
to investigate attacks on computers, Denial of Service attacks on
computers, and
the like.
On the other hand, the technological infrastructure whereby the ability to
scan and put documents into a database and have them automatically retrievable,
I think, is behind what you would find in a business, in a law firm.
And that's an area that we really need to look at so that you pick up that
side of the technology piece so that we can respond better to our
responsibilities. Likewise, the internal mechanisms and controls that could be
benefited by new technologies, whether it be e-mail or case tracking systems,
have to be modernized so that we can have greater control and understanding of
the caseload that we have.
SEN. CANTWELL: Did you say that you didn't think that we were behind -- the
FBI was behind in investigating cybercrime activities?
MR. MUELLER: I think we are on the cutting edge. We need additional
expertise. We need -- we can always use additional agents, we could always use
additional technology, but I do believe that the FBI, at least in my district,
as I've seen it, does a very capable job given the tools, the limited tools it
has -- and we could always use some more statutes -- does a good job of
investigating those crimes.
SEN. CANTWELL: Well, we in the Northwest have had a series of violent
anti-technological terrorist activities. In fact, one was associated with the
University of Washington and a bombing that took place there. But during that
time period, one of the special agents in charge of the FBI's Seattle office
basically responded to the challenge, saying we don't have an organizational
structure to attack, no finances, no memberships, no meetings. And so part of
the issue was that so much of this is the organizations basically exist online
or you don't have a lot of information about it. So I think at least in that
person's mind, that additional resources or new laws might be considered. So I
don't know if you have a comment on that.
MR. MUELLER: I think it's where the privacy rights of individuals intersect
with the -- perhaps intersect with the desire and the requirements of
appropriate law enforcement. I am not familiar with the specific facts of that
case and I'm not familiar with the specific investigative tools that that
special agent is addressing in saying that we could use more, and I'm not
certain whether what we seek is unavailable under the current statutes.
SEN. CANTWELL: We would be happy to provide you information that we
have, but
it would be submitting a further question on that.
To Carnivore specifically, there's been so much concern about how this
issue
has been approached. And I don't know if you saw yesterday's New York Times
article about the organized crime case and the concerns about privacy
there, but
one of the issues that has been raised is what the new process has been in
which
the FBI undertook the investigation in this case against Mr. Scarfo's
business. And basically the FBI has used a new key logger system that is
calling
into question -- and I guess I would frame this in the perspective of this is
the second time we've seen in a court case the violation of privacy.
In fact, Justice Scalia was quoted in the article basically saying, What
limits are upon this power of technology to shrink the realm of guaranteed
privacy? and that the court has to confront this fundamental issue.
So my question is, are you going to make available the information
about how
this key logger technology worked?
MR. MUELLER: I'm not familiar with that new technology, have not had
occasion
to use it in our district. I read the same article that the senator read, with
interest, because it was the first I'd ever heard if it. Until I know more
about
it, I really don't think I can commit one way or the other.
I do believe when there are advances in technology that it is important to
balance the privacy interests affected with the investigative take that you
might get from that technology. I'm not familiar with the circumstances of this
case and I'm not familiar with the technology.
SEN. CANTWELL: Well, given that there was a lot of concern about the
FBI's --
the fact that what happens in searching for this information using the
Carnivore
system is that so much information is gathered. Now the FBI has switched to
this
key logger system, and the public and the concern of privacy advocates of what
system is being used, and when you say to somebody you're covering every
keystroke that was used by this individual -- and maybe people aren't very
empathetic to Mr. Scarfo's situation, but there might be somebody down the road
that they would be very empathetic that every keystroke was being tracked.
Do you plan to review Carnivore when you take over as FBI director?
MR. MUELLER: I have already had meetings with privacy groups on it; I
have --
and will continue to look at it and evaluate it and hope to, down the road,
that
the technology overtakes the necessity for using it. I would make the point,
however, that --
SEN. CANTWELL: So is that a -- would you have a formal review of it?
MR. MUELLER: There has already been a -- I would look at the formal reviews
that have already been done to determine whether there is a necessity for doing
another formal review. My understanding is that the information that
DCS-1000 is
utilized for is done generally, for the most part; and it may be as much as 75
or 80 percent of the time, if not 90 percent of the time, by the Internet
service provider itself, which has that technology. So the DCS-1000 is for that
particular smaller ISP that does not have the technology, and that every time
that it is used -- and it's been used very seldom -- I understand it is used
pursuant to court order. So there are protections, I believe.
And likewise with the logger system. I'm not certain that it was -- I
am not
certain of the facts of the case, but I am more comfortable and would -- where
there is the court that is directing the use of it and supervising the use of
the new technology, and I'm not certain whether that was the case pursuant to,
say, a search warrant in the case that was reflected in the papers yesterday.
SEN. CANTWELL: Well, just as in wiretapping, I don't know that it
bothers the
general public that the phone company has access to the phone lines or that the
ISP has access to that data. What they're very concerned about is that a law
enforcement agency might have free access to that information, and that it's
being collected in a way might give them more information, or the information
about other individuals that happened to have communicated. So I hope that that
review, whether formal or informal, is something, Mr. Chairman, that this
committee continues to be involved with the FBI director on.
MR. MUELLER: I'm sorry, I was just, if I might, one last -- I was passed a
note indicating that -- and I was unaware of it -- that DOJ is conducting a
review now, and which I certainly would look at, once the Department of Justice
has completed its review.
SEN. CANTWELL: Thank you, Mr. Chairman.
SEN. LEAHY: I think Senator Cantwell raises a very good question. I
mean, in
an era of encryption, we don't want some of these new technologies to be the
back-door clipper chip that we have already said we were opposed to.
This committee was quite concerned when Carnivore first came to our
attention
because we felt that the FBI had gone well beyond what all of us had agreed to
could be done under the law.
So, I understand we're all moving in a new technology, and we're looking at
it. But with some of the Fourth Amendment and other issues that come up here, I
think you should anticipate that there will be increased oversight from the
committee on these aspects and increased concern on -- again, on both sides of
the aisle. And I appreciate your answers here this morning.
Senator Kohl of Wisconsin.
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
Received on Aug 03 2001
Intro
