Some Feds Wanted To Find A Loophole To Avoid Warrants When Using FBI's Homemade Spyware

from the slippery-slope dept

While it's been widely reported for a few years now that the FBI has some spyware, called the "computer and internet protocol address verifier," or CIPAV, for tracking down certain computer users. However, some new Freedom of Information Act-released documents provide some more details, including that other government agencies have requested to use the tool, and that there's been some serious disagreement among the feds about how it can and should be used legally (and if it's always used in legal ways).
[EFF] officials have raised concerns about documents showing that FBI agents at times employed inconsistent methods for gaining authorization to install the tracer. Their email messages talk about using a "trespasser exception" to avoid obtaining a warrant. One message recommends citing the "All Writs Act, 28 U.S.C. § 1651(a)." The group noted that one September 2007 message indicates some agents felt spyware searches do not require any legal process.

"There seems like there was a lot of back-and-forth," Lynch said.

The 2007 email stated, "I still think that use of [redacted] is consensual monitoring without need for process; In my mind, no different than sitting in a chat room and tracking participants; on/off times or for that matter sitting on P2P networks and find out who is offering KP" -- in a likely reference to law enforcement's practice of searching through file-sharing networks for sex offenders exchanging child pornography.
The thing is, it seems like this kind of thing would likely easily get a warrant approval in most cases where it was really necessary. Why is it that our federal government so often seems to hate having to go through such basic oversight efforts? After all, the news just came out that the FISA court approved all 1,506 requests from the government to electronically monitor suspects. It's not as if FISA is a difficult process to go through...


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Viln (profile), May 13th, 2011 @ 12:07am

    Oh yeah...

    ... installing software on someone else's computer to track or identify them is exactly the same as lurking in a chat room. Just like planting a bug in someone's house is the same as listening in on them from the next table over at Starbucks.

    I'd say the agent who sent that ridiculous email should be put through a re-education course, but his bosses are probably still trying to figure out how P2P works 4 years later.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Josef Anvil (profile), May 13th, 2011 @ 12:22am

    Same ol' argument

    but..but...the TERRORISTS

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Nicedoggy, May 13th, 2011 @ 12:28am

    The frightening thing is that child pornography is used as a foot in the door to get those things in place, note there how at least one agent reference it specifically to cause others to agree with his view.

    Once the foot is wedged in the door all other things come right behind it.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Capitalist Lion Tamer (profile), May 13th, 2011 @ 2:34am

    This "slippery slope" is damn near vertical

    With each new post on the FBI, DHS, ICE and other overstepping acronyms, the general thought process keeps heading further and further towards "Why should anything be required for anything?"

    The "security" of America is in the hands of people who seem to think they run fully autonomous entities free from oversight, regulation or common sense. I assume they've decided that the Constitution and the Bill of Rights are "very cute ideas" but not really applicable in this new millennium.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      abc gum, May 13th, 2011 @ 4:59am

      Re: This "slippery slope" is damn near vertical

      And they are all engaged in a race to the bottom.

      I would guess that this sort of thing went on prior to the dawn of the internet and seemingly was much more covert. I wonder what has changed, is there now a push for legitimacy or has it become more difficult to hide the spy vs spy activities.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Rekrul, May 13th, 2011 @ 2:50am

    I assume they've decided that the Constitution and the Bill of Rights are "very cute ideas" but not really applicable in this new millennium.

    Sure they are, the government uses copies of them for toilet paper.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 13th, 2011 @ 6:58am

    They believe that the ends justify the means and since they think they have the moral high ground, they feel empowered to step on the rights of anyone they choose. I believe that if they find someone trading child pern, the next step is to begin building a case using legitimate means.

    I believe this happens all the time and sometimes its very obvious, from just reading a news article, that law enforcement involves some fishy tactics. I recently read about an officer that discovered an illegal activity when he just so happened to glance into a window of a home as he was "chasing a juvenile suspect" through a neighborhood. And of course the article states that "the juvenile got away". The fact is there was no juvenile suspect, the police already had some form of evidence and needed a so called legitimate reason to access the property.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, May 13th, 2011 @ 7:49am

    Ron Paul for President in 2012!

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      a7i3n, May 13th, 2011 @ 9:08am

      Re: Ron Paul for President

      Oh good idea... On the plus side he will definitely siphon off votes from the Republicans and, as an added bonus, has no chance of winning.

      Frankly, I think it really doesn't matter who wins. Under all administrations since Nixon our rights have been gradually eroded away. The roots of this mess go back even further into the security state that was set up during the cold war.

      Seems we really have only one party in the U.S. and it has two wings, one less right-wing than the other. Our votes, for either party, are mostly to continue the fiction that we have representation.

      One way to address this problem would be to set up some sort of general strike, on a national level, that would force the government and it's corporate sponsors to listen. But this is probably not likely to happen either. Hard to imagine at this point our people actually putting themselves on the line that way.

      So another way would to resist in other, more subtle ways. Make it as hard as possible for them, meaning government and corporations, to proceed in this effort. Constant noncooperation could have a powerful and corrosive effect on agencies that mean us harm. We must stand up for our rights at all times.

      On a technological level it might mean using noncommercial operating systems, like Linux, using strong encryption, and avoiding devices and services that make life easier at the cost of our rights and/or privacy.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    aldestrawk (profile), May 13th, 2011 @ 10:38am

    wiretap?

    Why is this not a wiretap? The FBI has written code to collect as much information as they can without requiring a wiretap order. So, they are avoiding collecting the contents of messages. Does any of the information they are collecting step over the boundaries of what is considered addressing information available from messages sent through the internet? Information for which the courts have concluded there is no reasonable expectation of privacy.
    (from Wired, 2007)
    IP address
    MAC address of ethernet cards
    A list of open TCP and UDP ports
    A list of running programs
    The operating system type, version and serial number
    The default internet browser and version
    The registered user of the operating system, and registered company name, if any
    The current logged-in user name
    The last visited URL

    I'll take these one at a time:

    IP address: The IP address of your computer, or the IP address of your router (when using NAT) is what is seen in every packet sent and received by your computer. This is clearly not private information.

    MAC address of ethernet cards: The MAC address is sent only to other devices on a LAN. Depending on the type of connection to your ISP, a MAC address may or may not be used. If you have a router, your computer's MAC address is not sent on the interface that is the router's connection to the internet. Generally, your computer's MAC address is not sent to the internet. However, it is still just addressing information.

    A list of open TCP and UDP ports: It is not clear how this information is acquired. One could scan your computer or router remotely which would give a list of ports that allow reception of requests. However, firewalls usually prevents unsolicited requests, so a true list of active ports requires collecting data internal to the computer. Alternatively, one could deduce the active ports by monitoring traffic from your computer to the internet. Ultimately, such information is just addressing information at the transport protocol level.

    A list of running programs: I am assuming this is a list of the user applications and not the processes and threads underlying a program. I am also assuming this list just reflects the programs running from the active user account (the one with the spyware), as one can be logged into multiple accounts simultaneously. Not all programs use the internet. The collection of this information, although still just a high level overview, clearly oversteps the bounds of privacy in my mind.

    The operating system type, version and serial number: The operating system type and version is put into every user agent header on every HTTP packet sent. What is not sent is the serial number of the operating system software installed. This is gotten from the Windows Registry (I do believe this tool is specific to MS Windows). This is simply identifying information, but it is not sent out on the internet unless your are doing a Windows update.

    The default internet browser and version: This information is in the user agent header used in HTTP. Not private.

    The registered user of the operating system, and registered company name, if any: I believe this information is also in the Registry and not generally sent out in any packet to the internet. I think that this information is sent during an MS Windows update but I have not looked this information up or monitored the packets sent during such an update. (Now I'm interested in doing this though). I would consider this private even though it is just identifying information.

    The current logged-in user name: This is your account name under Windows. I don't think it is ever sent out in packets though I could be wrong. It is also a Registry item and just identifying information.

    The last visited URL: It is interesting that all the rest of the browser history isn't accessed. I suspect they are getting this tidbit also from the Registry. What should be pointed out though is that a URL can contain more information than just a web address and pathname. It can contain private information passed in the "query" field. Also, the fragment identifier (the part after "#") is being used for new things and might contain private information. I would say there is the possibility that a URL can be considered, in part, "contents of a message". Just because it's main use is addressing doesn't eliminate this additional use and doesn't supply an excuse to collect it without a warrant.

    I suspect the courts are not looking closely or are not understanding these technical details. This is a slippery slope of expanding identifying and addressing information to actually include content that should be considered private enough to require a warrant or wiretap order. You can learn a hell of a lot about someone if you can monitor all the metadata in their communications. On the opposite end of the stick, the government would like to restrict all sensitive information (SSI) even though any particular piece is not considered classified. This shows me that they recognize the potential danger of metadata when it is accumulated. The restriction of government information is a whole other issue though. I am just pointing out hypocrisy.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    aldestrawk (profile), May 13th, 2011 @ 10:59am

    How is CIPAV installed?

    The affidavits from 2007 indicate that the CIPAV tool is specific to a MS Windows OS. It looks like they are using a security vulnerability to install this tool on a target machine. That vulnerability could be an unpatched but well known vulnerability or it could be a 0-day vulnerability. Either way, the window (pun intended) for using such a vulnerability may be short and not guaranteed. I see three possibilities:

    1). The FBI or some other TLA agency (NSA?) is constantly researching to find new vulnerabilities and updating the CIPAV.

    2) The FBI purchases 0-day vulnerabilities on the black market. (Isn't that a fun conspiracy theory?)

    3). The FBI has arranged with Microsoft to allow a backdoor for CIPAV to use that is close in functionality to the MS Windows update mechanism.

    The following is from the FBI's 2007 Timberlinebombinfo affidavit:
    http://www.wired.com/images_blogs/threatlevel/files/timberline_affidavit.pdf

    "Registr y information can be provided by a computer connected to the Internet, for example, when that computer connect to the Internet to request a software upgrade from it's software vendor."

    Let the conspiracy theories begin!

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This