FBI Investigation Into Programmer For Freeing The Public Domain

from the an-exploit? dept

A bunch of folks have sent over the incredible story of how the FBI investigated well-known programmer Aaron Swartz, after discovering that he had installed a perl script on a computer at the 7th U.S. Circuit Court of Appeals library in Chicago, to cycle through PACER documents and upload them to an Amazon S3 account. Basically (as we've discussed in the past), court documents -- which are in the public domain -- are mostly locked up in the gov't's PACER system, which costs $0.08/page. However, since the documents are public domain, once you get them, you're free to do what you want with them. The Government Printing Office started an experiment last year, offering free access to PACER in certain libraries. Swartz just went to one and then installed his script to cycle through and upload those documents. The library's IT staff eventually noticed the issue (it took a few weeks) and alerted the FBI who began an investigation of Aaron, after Amazon handed over his info. While you can sorta understand why the FBI might look into why someone had installed a program on a court library computer, once it became clear that it was only accessing public domain documents, it seems pretty silly to have continued onward -- including driving by his home and considering a stakeout.

49 Comments | Leave a Comment..

No, The FBI Isn't Gunning For The Business of Mailboxes Etc.

from the stupidity-reigns dept

A note to all the stupid criminals out there: when making a purchase with a forged check, you're probably better off not using your local FBI office as the delivery point for the goods you're trying to scam. That's what a mastermind in Monroe, La., did recently, giving the feds' address for a shipment of cell phones he wanted to receive. The firm he "bought" the phones from noticed something fishy when the guy paid with a "cahier's check" (as opposed to a cashier's check), and they called the authorities, who later found the guy trying to flag down a delivery driver outside the FBI office. Sometimes, you have to wonder, do these people just want to get caught?

Carlo Longino is an expert at the Insight Community. To get insight and analysis from Carlo Longino and other experts on challenges your company faces, click here.

3 Comments | Leave a Comment..

2009 Budget Includes $9.4 Million For FBI IP Enforcement Agents

from the wanna-bet-who-snuck-those-provisions-in-there? dept

As you probably recall, the Obama Department of Justice includes many of the content industry's favorite lawyers. Now, thanks to the $410 billion omnibus spending bill approved by Congress and Obama, the FBI has nearly $10 million more dollars to spend on intellectual property enforcement. The money will fund 2 field officers at each existing Computer Hacking and Intellectual Property unit as well as the creation of a new unit at FBI headquarters to work specifically on multi-district IP cases. This news comes soon after Obama spoke warmly about innovation and start-ups -- two things which hardly need more IP headaches -- so it will be important to watch carefully who he appoints as the newly created IP Czar (though things hardly look good thus far).

Kevin Donovan is an expert at the Insight Community. To get insight and analysis from Kevin Donovan and other experts on challenges your company faces, click here.

13 Comments | Leave a Comment..

Feds Ask For Jailtime For GNR File Sharer

from the with-fans-like-these... dept

I have to admit that I'm still confused why the FBI was spending time going around arresting the guy who put up Guns 'N Roses' latest album, rather than focusing on issues that really matter these days. The arrest alone actually led to much more downloading than if they had just let it go. Yet, now, following a guilty plea, the feds are demanding a six-month prison term for the guy. For promoting the band. Considering how much downloads picked up after the news of the arrest broke, why isn't anyone demanding that we put the FBI agents who spent taxpayer money on this behind bars for even longer? Sure, unauthorized sharing of files breaks copyright law, but it's difficult to come up with any reasonable explanation for (a) spending taxpayer money on having the FBI track down and arrest the guy and then (b) sending him to jail. Every album that's released gets leaked online -- and plenty of musicians have learned how to use it to their benefit. That should make it clear that getting your music leaked online isn't about any economic loss. It's all about what sort of business model you choose. So, because Axl Rose chooses a bad business model, some guy who was sharing GNR music needs to go to jail and the FBI and the Feds need to be involved? Doesn't something seem wrong with this picture?

81 Comments | Leave a Comment..

Court Limits, But Doesn't Eliminate, Secrecy Of National Security Letters

from the partial-win dept

The Patriot Act, among other things, allows law enforcement to issue "National Security Letters" to ISPs and telcos to obtain certain information about individuals. The letters are, as the name implies, designed for situations where national security is at stake, and a more thorough process of going through legal channels to gain approval would be a serious threat to national security. Except, of course, that's not how things have worked in practice. The FBI was found to have engaged in "serious misuse" of NSLs on a regular basis, issuing tens of thousands of them. Even worse, part of the rules surrounding NSLs are that they must be kept entirely secret. This raises very serious First Amendment questions. While a lower court agreed that the secrecy on NSLs violated the Constitution, an Appeals Court, that had initially seemed skeptical has allowed the secrecy to continue, though with some limitations.

Rather than saying secrecy was okay, if revealing the NSL would create "interference with diplomatic relations, or danger to the life or physical safety of any person" (the old rule), the court has said the rule should be that secrecy is allowed if revealing the NSL "may result in an enumerated harm that is related to an authorized investigation to protect against international terrorism or clandestine intelligence activities." It is certainly more of a limitation, though some may note that it may not make much of a difference in actual application. NSLs are still likely to be abused, and it's unlikely that most ISPs or telcos on the receiving end of such NSLs will feel concerned enough to challenge them.

7 Comments | Leave a Comment..

Another Day, Another Big Data Breach

from the do-people-even-pay-attention? dept

These days, it's probably best to just assume that any private data you've ever provided to a company is public. Given the pace at which the data you've entrusted to companies is leaked, whether via malicious hackers or via company carelessness, it's almost as if the exception to the rule is a company that's actually been able to keep your data safe. So it's hardly surprising that Express Scripts, the massive medical benefits management company, has said that its records appear to have been compromised. Apparently, the company was sent a note, detailing the medical records of about 75 people, with an extortion threat telling the company to pay up or face the exposure of millions of patient records. The FBI is now investigating. Still, we're reminded once again that companies have very little incentive to really keep your records straight. It's almost reached the point where these stories are barely worth commenting on, since they're so common. There's something quite depressing when you realize that these sorts of data breaches are barely even newsworthy any more.

6 Comments | Leave a Comment..

FBI Apparently Has Nothing Better To Do Than Arrest GNR Album Leaker

from the what,-no-more-phones-to-tap? dept

Back in June, we were bothered by the fact that the FBI was wasting its time investigating a blogger who had posted some unreleased Guns N' Roses tracks on his site. Music gets leaked all the time, and it's difficult to see why this is an FBI matter in any form. Turns out that the FBI takes its GNR leaks seriously. They've now arrested the blogger for posting the songs to his website. This seems questionable for a variety of reasons. First, why is the FBI involved at all in what should be a civil matter, not a criminal one? Why is it so important to track down this particular leaker, given how many music leaks happen all the time? And, how, honestly, is this going to hurt the band in any way? The music was going to get leaked sooner or later anyway. It's not going to change who will and who will not buy the CD. And, most importantly, doesn't the FBI have more important things to be working on?

50 Comments | Leave a Comment..

Judges Question Whether National Security Letters Need To Come With Gag Orders

from the where's-that-copy-of-the-constitution? dept

The Patriot Act allows the FBI to issue "National Security Letters" to ISPs and other organizations, seeking information on users of those service providers -- with an automatic gag order forbidding the service provider from telling anyone that they have received an NSL. Not surprisingly, this resulted in the NSLs being widely abused, with the FBI issuing them in many, many cases when they were not appropriate. But, of course, since no one could complain, there was no incentive for the FBI to actually follow the rules. A panel of judges is now reviewing the overall constitutionality of the gag order on NSLs -- and, so far, they seem skeptical. It seems ridiculous that the FBI should be allowed to impart an automatic gag order without any sort of judicial overview -- especially when it's already been shown that the FBI can and does abuse this power quite often.

49 Comments | Leave a Comment..

Doesn't The FBI Have More Important Things To Do Than Chase Down The Guy Who Leaked The New Guns N' Roses Album?

from the just-wondering dept

There's this whole "war on terror" thing going on out there, and you'd think that folks in the FBI would be pretty busy taking care of their role in that. But, apparently, some agents are busy trying to track down who leaked the latest Guns N' Roses album online. Why? Well, because our various Attorneys General continue to think that music piracy really is funding terrorism while also a threat to our economy. However, it's hard to believe that some random guy leaking an album is either going to have any impact on terrorism or on actual money made by Guns N' Roses. The album was going to get online eventually. The fact that it was leaked isn't going to change a thing about how much money the band makes. Yet, the FBI is apparently spending taxpayer money trying to track down the leaker.

Furthermore, it's pretty obvious that the actual leaker was someone involved in the production of the album (who else would have a copy?). In fact, history has shown that insiders are responsible for plenty of entertainment industry leaks. If so, it would seem that this should be an internal issue, dealt with by the band, its record label and production staff, rather than involving the FBI, who if they must be policing infringement issues could at least go after ones that matter.

58 Comments | Leave a Comment..

FBI Forced To Back Down On Secret Info Request To Internet Archive

from the civil-liberties-matter dept

Congress curtailed the FBI's ability to use National Security Letters (NSLs) a few years ago after it became clear that the FBI was widely abusing the process to request information from organizations with no judicial oversight and with built in gag orders forbidding recipients from talking about receiving the letters. However, the FBI is still using the letters in some cases. Last fall, it sent one to Brewster Kahle and the Internet Archive, demanding info on an Archive user while forbidding Kahle from talking about the letter to anyone but his lawyers. Kahle, the EFF and the ACLU fought back in court and have won, getting the FBI to rescind the demand and also removing part of the gag order, allowing Kahle to say he received the letter (though not discussing what info it demanded). As the EFF points out, this should serve as a blueprint for how others can challenge questionable NSLs as well.

9 Comments | Leave a Comment..

FBI Wants More Power To Monitor Internet Activity

from the because-they're-so-trustworthy dept

The FBI, which still can't even get its own computer network working properly, would rather just have more widespread access to spy on the computer network everyone else uses: the internet. Talking to Congress today, the FBI proposed a few different things, including the right to more widely spy on internet activity as well as legislation to force ISPs to retain log file data for an extended period of time. While the Congressional reps in attendance seemed to respond by saying "sure, sounds great" to both of these suggestion, both should actually be looked at much more closely.

More freedom to spy on internet usage potentially violates the 4th Amendment as well as federal wiretap laws. Given the evidence that the FBI has widely abused its ability to wiretap, this should be a major concern. As for data retention, problems with such an idea have been chronicled for years. It tends to put a tremendous expense on ISPs for no real reason -- and it tends to make it even harder to find the type of data authorities actually need to deal with criminal activities. If you're in the FBI, it's no surprise that you'd want both things in place, but that hardly means Congress should roll over and give them to the FBI.

19 Comments | Leave a Comment..

Lieberman's Misconfigured Server Took It Offline -- Not Opposition DoS Attacks

from the more-fun-to-blame-the-opposition dept

You may recall back in 2006, that every time a politician's web server went down, they used it as an opportunity to blame the opposition for hacking their machine or sending a denial of service attack. Joe Lieberman got the most publicity for such a claim, with his staff very clearly claiming it was an opposition attack, while many others pointed out that it looked like Lieberman's campaign was set up on a cheap hosting platform with very low bandwidth limits. Either way, the Lieberman campaign called in the Feds to see if they could track down the mysterious "attacker." And, now, thanks to the Freedom of Information Act, we know that the FBI quickly concluded there was no attack. It was, as expected, a very poorly configured server. Even better, the same sysadmin who misconfigured the server then couldn't figure out why the server went down, and so it was he who originally blamed a malicious attack as an explanation to cover up his own bad job.

13 Comments | Leave a Comment..

Click This Link, Go To Jail

from the wide-open-to-abuse dept

Declan McCullagh has written up an article about a questionable tactic used by the FBI to go after people looking for child porn. It set up a honeypot server and then posted links to it on a forum frequented by those who are looking for child pornography. It then used the IP address of people who clicked on the link as enough evidence to charge them with a crime. In the specific case McCullagh discusses, the guy was found guilty of simply clicking on that link. Of course, it's always difficult to separate out legal discussions like this from the fact that it involves child pornography -- which immediately sets off an emotional response. The problem here, though, is that the evidence on which the guy was found guilty could be used to find many people guilty of many things. The FBI didn't even track the referrer log -- just who went to the site. In other words, if someone had taken that link out of the forum and posted it on another site, a blog or sent an email around -- and anyone clicked on it without knowing anything about the link, they could have broken the law. This is open to tremendous abuse. If all you need to do to get someone convicted of child porn charges is get them to click a link, that doesn't seem right. Furthermore, in this case, the only other evidence was two small (admittedly questionable) thumbnail images, that there was no evidence that the guy looked at. In other words, to have enough evidence to convict someone and send them to jail for years (and get them listed as a sex offender), you could just send them an email with a link and some thumbnail images attached. If they click on the link (even if they don't ever look at the attached files), that's enough evidence, according to this case. That seems incredibly problematic.

49 Comments | Leave a Comment..

No, The FBI Probably Isn't Looking Into Your March Madness Brackets On Facebook

from the a-little-march-madness-exaggeration dept

Every year around this time, you can be sure of two types of stories: the first will be about how much productivity is lost thanks to March Madness (NCAA basketball tournament, for those who don't know) and the second is about how the customary March Madness pools are probably illegal gambling. This year, it's been turned up a notch, thanks to reports like this one in PC World claiming that the FBI is looking into the brackets available on Facebook thanks to a CBS Sportsline app. From reading the article, you'd think that the FBI is spending valuable resources trying to track down your office pool or the pool among your college buddies. Except... the article doesn't quote anyone at the FBI or even indicate that it tried to get the FBI to comment on the matter. It merely points to a Chicago Tribune article that says Facebook may face "scrutiny," but also provides no proof. That one at least has an FBI quote, but it's clearly in response to a question from the reporter over whether or not such pools violate the law -- not about whether the FBI is actually investigating Facebook.

The PC World report also points to a blog post saying that Facebook is coming under FBI scrutiny, but again provides no proof, other than some unsourced conjecture about the FBI "loitering" around Facebook -- and another link. This one goes to a report at a site called Online Casino Reports, which also gets a quote from the FBI -- but again, it appears to be in response to a question about the legality of betting pools, but not claiming that there's any sort of ongoing investigation. While there's a chance it's happening, there seems to be a bunch of folks reporting on this with no actual evidence that the FBI is looking at this. The only quote from the FBI came from the Chicago Tribune and was clearly in response to a question about the legality of betting on March Madness, not about any investigation into Facebook. So, chances are, the FBI isn't going to burst in on Mark Zuckerberg for putting a couple bucks on North Carolina to win it all -- or on you for picking Cornell (go Big Red) to beat Stanford this Thursday in the opening round, but if you want to be safe, maybe don't bet any money on it in the first place.

7 Comments | Leave a Comment..

FBI Wants To Build Huge Biometric Database

from the you-have-no-privacy dept

We just found out that the White House has chosen not to staff the official "Privacy Board" that is supposed to make sure gov't surveillance doesn't infringe on American citizens' privacy. That came right after National Intelligence Director, Mike McConnell, announced that he's hoping to get the rights to monitor all internet traffic. Since news tends to come in threes (well, so says the urban legend) now comes the news that the FBI is looking to put together a huge biometric database containing info on fingerprints, palm prints, iris recognition mug shots and scars of anyone they can gather this info on. This seems like a typical reaction from a gov't agency, and with the announcement comes all the typical political doubletalk about how this is for safety, claiming that the database is "important to protect the borders to keep the terrorists out, protect our citizens, our neighbors, our children so they can have good jobs, and have a safe country to live in."

However, as has been made clear countless times, these types of databases always get abused. Much more importantly, as Tim pointed out recently, violating peoples' privacy doesn't provide more security. In fact, it often does the opposite. It makes it easier for important data to get lost in the pile, and it also means that that data is now that much less secure. The database itself suddenly becomes a huge target. So, in an effort to make the country "more secure," an effort like this can actually do the opposite.

25 Comments | Leave a Comment..

FBI Not Good At Paying Wiretap Bills

from the a-near-total-mess dept

While the FBI has regularly decided that court orders aren't necessary for wiretaps, it is a bit surprising to find out that it seems to feel the same way about paying the bills for wiretaps. Newly released info show that the FBI often failed to pay its wiretapping bills, leading one telco to cut off the FBI's wiretaps until it finally paid up. Given how screwed up the FBI's computer systems are, perhaps it's not surprising that they don't have an acceptable accounts payable system either.

17 Comments | Leave a Comment..

Crowdsourcing Law Enforcement

from the first-10-callers-to-identify-this-fugitive... dept

In a move that seems calculated to evoke the film adaptation of 1984, the FBI has announced a plan to begin using some 150 Clear Channel digital billboards in major American cities to show national security alerts, information about recent crimes, and photographs of fugitive criminals and missing persons, all with real-time updates.

A pilot billboard in Philadelphia has already helped to capture several wanted criminals, and a spokesman for the outdoor advertising industry suggests that these kinds of publicity tactics can be as useful at demoralizing criminals as they are at generating tips:

"What law enforcement tells us is it contributes to an environment where the criminal feels they have no where to go. A lot of times they end up just giving up."

In a way, the surprising thing is that law enforcement officials hadn't previously taken such visible steps to make use of the distributed eyes and ears of ordinary citizens. The problem, of course, is that publicity can also generate lots of time-consuming false leads. An advertisement currently ubiquitous on New York subways applauds the thousands of New Yorkers who phoned in reports of suspicious packages in the past year. But since we haven't heard reports of thousands of bombs recovered on the A train, it seems safe to surmise that the noise-to-signal ratio on such tips is quite high. As for national security alerts, our experience with color-coded national security warnings, and the attendant spectacle of panicked citizens mobbing Home Depot for plastic sheeting and duct tape, suggest that the Bureau might be well advised to exercise a bit of circumspection about those real-time updates.

Julian Sanchez is an expert at the Insight Community. To get insight and analysis from Julian Sanchez and other experts on challenges your company faces, click here.

24 Comments | Leave a Comment..

FBI Apparently Believes That Court Orders Are For Suckers

from the data-mining-the-FBI dept

Wired's invaluable Ryan Singel has been panning for gold in the muddy stream of FBI e-mails and other documents recently obtained by the Electronic Frontier Foundation under a Freedom of Information Act request, and has already hit a couple of intriguing nuggets, such as overeager agents' willingness to bypass court-order requirements when seeking cell phone records. The documents reveal how this caused tension and dispute even within the Bureau.

One e-mail, from a tech specialist in the FBI's Minneapolis office, complained that other agents would even pose as that specialist when calling telecom carriers, hoping to persuade them to turn over cell records without a judge's order. The cell information would apparently then be used as part of a high-tech tracking program that allowed agents to pinpoint a cell user's location.

Equally intriguing is the report that the Bureau's national-security wiretapping software recorded almost 28 million "session" intercepts in 2006. While it's not clear precisely what counts as a "session," this is obviously vastly more than the 2,176 FISA warrants (pdf) obtained by the government that year, at least some of which only covered physical searches. Unless terror suspects talk on the phone far more than the average teenager, the discrepancy hints that each warrant may have covered a very large number of individuals.

Julian Sanchez is an expert at the Insight Community. To get insight and analysis from Julian Sanchez and other experts on challenges your company faces, click here.

13 Comments | Leave a Comment..

Hushmail Turns Out To Not Be Quite So Hush Hush

from the privacy-is-an-illusion dept

Many people are familiar with the company Hushmail, who provides encrypted web-based email that the company claims is completely private. In fact, the company makes it clear: "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer." It turns out that isn't quite true. Wired reports that Hushmail handed the feds 12 CDs worth of plain text emails from the service following a court order. The Wired piece goes into great detail concerning what happened here -- and the folks at Hushmail were quite honest about how their service works. Hushmail has two different versions, one which requires a java app to be downloaded, which handles all the encryption locally. The other, more popular one, is entirely web-based, meaning that your passphrase is stored on the server ever so briefly -- and that's how Hushmail was able to access the accounts required in the court order. So, while it's true that Hushmail is mostly secure outside of a court order, the marketing material on the site is at least a little misleading, implying that even in such cases, your email will be encrypted.

32 Comments | Leave a Comment..

Spying Goes All 2.0

from the pssst,-slip-me-some-ajax-in-the-dead-drop dept

While the US intelligence community has a long history of expensively botched computer systems, it does seem like they've suddenly became Web 2.0 believers. Last year we wrote about the internal Wikipedia-like offering called Intellipedia, that would let members from different agencies in the intelligence community share information more easily. It appears that things have progressed beyond that as well. They now have a social networking app just for the intelligence community, called A-Space, along with a del.icio.us clone and internal blogs. Of course, it seems like some in the intelligence arena (especially those who happen to be undercover) aren't entirely thrilled with the concept -- but it will be interesting to find out how it develops (as if we'll ever find out). What would be really nice to know is how much these efforts are costing compared to the $600 million that was thrown away on useless computer systems.

9 Comments | Leave a Comment..