FBI Appears To Have Collected Tormail's Entire Email Database... And It's Using It

from the collect-it-all dept

We've mentioned in the past that, for all the focus on the NSA lately, the FBI may be equally, if not more, worrisome for its willingness to collect tons of data on everyone and use it. Back in August, it became pretty clear that the FBI had compromised the Tor Browser Bundle, and had effectively taken over Freedom Hosting -- a popular hosting provider for dark web tor sites -- in order to push out malware that identified Tor users. A month later, it was confirmed that it was the FBI behind the effort, which led to the closing of Freedom Hosting.

Now there are new reports, suggesting that along with Freedom Hosting, the FBI was able to get the full database of emails on TorMail, a popular tor-based email service that used Freedom Hosting and was shut down at the same time Freedom Hosting went down. The reports point to a new lawsuit, in which the FBI was able to get a search warrant to search TorMail using its own copy of the database -- which it clearly had obtained at an earlier date. This basically means that the FBI has a pretty easy time searching all those emails if it needs to:
The tactic suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later. There’s no indication that the FBI searched the trove for incriminating evidence before getting a warrant. But now that it has a copy of TorMail’s servers, the bureau can execute endless search warrants on a mail service that once boasted of being immune to spying.
This again highlights one of the problems of the "collect it all" approach. Rather than merely targeting a specific individual or group, the FBI now has all of those emails sitting in a database. Even if it's getting a warrant to search, it's now searching its own database, rather than having to go out to get the information from others who might challenge the requests.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    That One Guy (profile), Jan 28th, 2014 @ 4:20am

    That must have been an interesting court session...

    FBI: Your Honor, we'd like to apply for a search warrant to search through X, Y, and Z email addresses.

    Judge: What cause and evidence do you have to believe that the listed email addresses contain incriminating evidence?

    FBI: Oh we already have, and have looked through, the email addresses, now we just need an after-the-fact warrant so we can legally search through and use the emails as evidence in court.

    Judge: That seems off for some reason, but my favorite show is on in half an hour, and it's getting close to lunch, so warrant granted.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Ninja (profile), Jan 28th, 2014 @ 5:42am

    Please correct me if I'm wrong but if the servers weren't in the US this could have been avoided? Or was it a blunder from the services that allowed the FBI to download the entirety of the database? Or is it the same issue Lavabit faced but they closed way too late?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 5:44am

    So it's only bad when other people do it?

    Hypocritial villains.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 5:52am

    Re:

    As far as I know the servers were in France, so how the database ended up in US hands is an interesting question.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    TiagoTiago (profile), Jan 28th, 2014 @ 6:02am

    They stored the emails and account data as plain text in the server?

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    krolork (profile), Jan 28th, 2014 @ 6:15am

    We need a revolution.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Anonymous Howard (profile), Jan 28th, 2014 @ 6:21am

    Re:

    Wouldn't copying the whole database "in secret" compromise it's value as evidence? After all, if they could download it, they could have modified it too just as easily.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 6:24am

    Re:

    I think that's exactly what they're doing, too. They look first, then ask for the warrant because they have "probable cause", since they already know what's in there.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 6:37am

    So, It Doesn't Count Until...

    So, it doesn't count until you look at it? Just downloading it doesn't count? Like downloading a copyrighted movie doesn't count until you watch it?

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    That One Guy (profile), Jan 28th, 2014 @ 6:49am

    Re: Re:

    You'd think so, but the courts these days are a complete and utter joke when it comes to that whole 'justice' thing, letting government agencies do pretty much whatever they want.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Coyne Tibbets (profile), Jan 28th, 2014 @ 7:02am

    Punishment by association

    The FBI employs punishment by association. They have previously shut down and copied for evidence entire ISP data centers because one domain was suspected of doing something illegal. (FBI shuts down entire ISP to investigate one customer (2004), FBI Raids Dallas Internet Service Provider Core IP (2009))

    It's the equivalent of razing an entire village because one enemy soldier is suspected to be living within it.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 7:17am

    The federal government has forgotten one very important thing in their quest to protect America from the perceived threats of the world, the Bill of Rights is the foundation which this country is built upon. It's creation is what persuaded the states to ratify the constitution. Ignoring it is like voiding a contract, in essence, voiding America. If our elected officials do not reign in these out of control rogue federal agencies, it may be time to take this to the state level and begin looking a succession as an option.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 7:21am

    Sounds like Tormail service was either using server-side encryption, or no encryption at all. If Tormail would have used client-side encryption and those emails were uploaded to the Tormail database, then all the FBI would be looking at is a bunch of encrypted data which they'd have no keys to.

    Up your encryption game, people!

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 7:34am

    Re:

    GOVERNMENT: Bill Rights? Who's he?

    JUDGE: Um, that guy? Y'know, the one you're supposed to uphold?

    GOVERNMENT: Oh, sorry, we killed him in a lobbied "accident".

    JUDGE: Very well, carry on.

    PUBLIC: OBJECTION! This isn't right! This is Tyranny!

    JUDGE: But they have the paperwork and the finances. So there's nothing I can do.

    *GOVERNMENT hands JUDGE a set of Photoshopped pictures*
    GOVERNMENT: There you go, as agreed.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 8:42am

    Re: Re: Re:

    yes, damn courts, why don't they just let the criminals do what they want!!!

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 8:47am

    Re:

    "They stored the emails and account data as plain text in the server?"

    probably, criminals are not the smartest group around!

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 8:48am

    Re:

    and criminals are only 'sorry' when they are caught.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    PRMan, Jan 28th, 2014 @ 8:53am

    Re: So, It Doesn't Count Until...

    Actually, downloading copyrighted material doesn't count until you upload it.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    PRMan, Jan 28th, 2014 @ 8:54am

    Re: Re: So, It Doesn't Count Until...

    BTW, IANAL and, more specifically, IANYL.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    TiagoTiago (profile), Jan 28th, 2014 @ 9:06am

    Re: Re:

    Except providing secure email wasn't a crime last i checked...

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Killer_Tofu (profile), Jan 28th, 2014 @ 9:07am

    Re: Re: Re: So, It Doesn't Count Until...

    BTW, IANAL

    Well, as a PRMan that skill could probably come in handy, but that is not what we are here to discuss.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Baron von Robber, Jan 28th, 2014 @ 9:08am

    Re: Re: Re: Re:

    That's right! They should arrest the criminal cops asap!

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    ottermaton (profile), Jan 28th, 2014 @ 9:22am

    Re: Re:

    Silly rabbit. They would never do that because they are professionals

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    J. Edgar Hoover (profile), Jan 28th, 2014 @ 9:33am

    Re: Re: "copying the whole database "in secret" compromise it's value as evidence?..."

    Plebians, pleaseeee!

    The Value of the Evidence Against You would only be compromised If you were not guilty! GUILTY! GUILTY!


    from the grave...

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    Bergman (profile), Jan 28th, 2014 @ 9:55am

    Re: Re:

    Yeah, but bear in mind those are the same courts who have no problems with the FBI refusing to use audio recorders, and have a person taking hand-written notes during interviews and interrogations.

    If those hand-written notes disagree with what a suspect claims he said, the most common result is perjury or lying to a federal agent charges for the suspect.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 1:56pm

    Re: Re: Re:

    You forget though. The courts seem to buy the Feinstein's arguments that these agencies are "professional" though which of course would preclude them from modifying them though. Wait until some Mafia guy is on trial for some crime and the government wants to claim that they tampered with evidence.

    Defense lawyer: "Your honor, my client couldn't have tampered with that evidence because he after all is a professional at this sort of thing."

    Judge: "Seems reasonable to me."

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 2:52pm

    Re: Re: Re: Re:

    That is the issue, the courts are letting the criminals do what they want.

    The sad part is that it is the government that are the criminals in this instance

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Rekrul, Jan 28th, 2014 @ 2:52pm

    If the FBI was distributing malware, can't we charge them under the CFAA?

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 3:44pm

    Re:

    Except that the encryption standards have been compromised by the US govenment.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Jan 28th, 2014 @ 4:54pm

    darryl just hates it when due process is enforced.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    SumYungGuu, Jan 28th, 2014 @ 6:41pm

    Re: Re:

    I wonder if the FBI will focus on the undoubtedly massive trove of Goldman Sachs (and the rest of Wall Street)emails containing descriptions of all their scams? Seriously, Wall Street thugs definitely used TorMail and the like to cover up their shenanigans.

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    btrussell (profile), Jan 29th, 2014 @ 3:05am

    Re:

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Rekrul, Jan 29th, 2014 @ 12:06pm

    Re:

    But how do Larry and the other Darryl feel about it?

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Jones, Feb 2nd, 2014 @ 7:15am

    Re: Tor

    or was setup by the Feds. It was a honey trap from the beginning.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This