This year, privacy is a key issue for Congress. But while most legislators focus on thwarting over-eager marketers in private firms, only a few will look at the most serious threat to our privacy—Carnivore, the FBI’s high-tech spy system.

Carnivore has the ability to intercept and access e-mail and other electronic communications. Through a box the FBI installs on the network operation centers of Internet service providers, Carnivore can chew through any message in the ISP’s network, but the FBI claims to look only at messages sent or received from criminal suspects after obtaining a warrant.

Past government abuses of data have led activists and politicians to call for an examination of Carnivore’s abilities. Last summer, the Electronic Privacy Information Center (EPIC) filed Freedom of Information Act (FOIA) requests and, after much evasive maneuvering, then-Attorney General Janet Reno hired researchers at the Illinois Institute of Technology to review the system.

The FOIA requests revealed that the government had been scanning e-mail and tracing people’s Web browsing habits. And a document obtained by EPIC in November proves that contrary to previous FBI assertions, Carnivore can “reliably capture and archive all unfiltered traffic to the internal hard drive.”

History demonstrates continual privacy violations by government for political gain. It’s hard to forget the intrusive campaigns of J. Edgar Hoover’s FBI, and how law enforcement abused its authority by wiretapping Martin Luther King and Vietnam war protesters. This is why Americans should demand a complete disclosure of the Carnivore program.

If citizens cannot stop the government’s affinity toward unsavory spy behavior, at least they can attempt to protect themselves with competing technologies. In this spirit, the Carnivore source code should be made public.

Making matters worse, the FBI appears to have problems protecting its own data. Just hours after the Department of Justice posted details of the Carnivore review process on its Web site, computer users were able to uncover secret information about the reviewers, including their ranks and security clearances.

In a letter to Janet Reno, House Majority Leader Dick Armey noted that because of government’s security flaws, a newspaper “was able to discover and report that one of the lawyers on the team had donated the maximum amount to the vice president’s presidential campaign.”

And the General Accounting Office issued a report in September warning that federal agencies such as the Social Security Administration and the Department of the Treasury are “fraught with weaknesses,” putting the nation’s assets and operations “at risk.”

All of this shows that even when government does its best to protect our data, it often fails. A government that cannot secure its own data is not in a position to tell businesses how to protect consumer privacy.

In October, the “White House for Kids” Web site violated its own privacy policy by collecting data from children without parental consent while numerous federal government Web sites continued to track users with cookies—small computer files implanted by the Web site—even after the White House ordered them to stop.

If the White House can’t enforce policies on its own agencies, it will have a rather difficult time doing it in the private sector, where individuals can chose many ways to protect their privacy.

To avoid the prying eyes of businesses, individuals can use technologies such as Anonymizer.com or Zero Knowledge’s Freedom Software. But when it comes to avoiding the government’s gaze, there is no choice. If the government wants your data, you must comply. That makes government collection and security practices the most important privacy issues facing America.

New Attorney General John Ashcroft has pledged a “thorough review” of Carnivore and supports the availability of strong encryption technologies to protect privacy. These are encouraging moves.

Rather than contemplate new privacy laws for the private sector, government should fix its own privacy violations.

Sonia Arrison is director of the Center for Freedom and Technology at the California-based Pacific Research Institute. She can be reached via email at sarrison@pacificresearch.org.