- Officials at two major internet service providers (ISPs) have acknowledged that they are cooperating with the FBI in the search for data that could help lead investigators to individuals who may have assisted the hijackers who attacked the World Trade Center and the Pentagon.
Executives at Dulles, Virginia-based America Online and Atlanta-based EarthLink say they are assisting authorities with information from their user and connection logs.
The FBI wouldn't confirm whether it's looking into any ISP records, nor would the agency say whether its controversial Carnivore email monitoring program was being used. Carnivore, which is now known as DCS1000, has raised fears among privacy advocates who have said the software could lead to random surveillance of email messages unrelated to an FBI investigation.
Sifting through the mountain of data from various ISPs may be difficult, however. AOL membership recently surpassed 31 million accounts, with more than 7 million added during the past year alone. EarthLink has about 5 million subscribers and more than 8800 dial-up points around the nation.
Richard Forno, a security administrator with a major domain-name registration firm in Virginia, says it would be easy for authorities to piece together information from ISP records, but how useful those records would be to the investigation is unclear.
Brian O'Higgins, chief technology officer at Entrust, an internet security firm in Plano, Texas, says the information garnered from ISP logs could help the FBI narrow down where and against whom to conduct future communications-intercept operations.
"Once you have the email, you can look at all the other information in it, including the entire route," says O'Higgins.
Doug Barbin, principal consultant and security architect at Waltham, Massachusetts-based Guardent says any information in ISP logs that might be of use to investigators could have come from a variety of places, including websites, chat rooms and emails that can point law enforcement officials to foreign ISPs.
However, unless authorities already know which users they are looking for they may find it difficult to uncover a lot of data because ISPs regularly delete logs, says Barbin. ISPs don't have the storage space to store logs indefinitely and periodically delete user session information out of concern for privacy, he says. Although ISP practices differ, logs are deleted anywhere from every few days to every month.
What federal authorities are likely doing, says Barbin, is requesting that ISPs don't delete any logs for the foreseeable future so that they can uncover communications that are now taking place.
"Some providers have trace-back ability of phone numbers, but sometimes the trace-back ability can only lead you to a geographic area," says Barbin. But some ISPs have the capability to trace an email back to a specific user and can then obtain the user's account information, including a name, address, phone number and credit card number, he says.
In addition, "there are websites out there that are very secure and that we don't know about," Barbin says. "If a person was at least moderately technically savvy, they would be able to communicate across the internet in a secure manner."