Techdirt. Stories filed under "wiretap"

DOJ Wants To Be Able To Fine Tech Companies Who Don't Let It Wiretap Your Communications

Mike Masnick — Mon, 29 Apr 2013 14:19:00 PDT

We've talked a lot about how the Justice Department (DOJ), mainly via the FBI, has been pushing for years to change the laws in order to require tech companies to build wiretapping backdoors into any and every form of communication online. As we've explained over and over again, this is a really silly proposal, that won't make us any safer. Instead, it's likely to make us a lot less secure, because those backdoors will be abused, not just by law enforcement, but by those with malicious intent who will work hard to find the backdoors and make use of them.

The latest proposal on this front is equally ridiculous. While it wouldn't dictate specific wiretapping/backdoor standards, it would require that companies make some sort of backdoor available or face rapidly escalating fines.

Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. A company that does not comply with an order within a certain period would face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.

This would be a disaster for innovative companies and for public security and privacy as well. The DOJ really needs to learn that not everything must be tappable. As it stands now, if I just sit on a park bench talking to someone, the DOJ can't tap it. Sometimes law enforcement doesn't get the right to hear everything I have to say. That's the nature of freedom and privacy protection that we're supposed to believe in. I'm sure with the news that chat apps are now more popular than SMS worldwide, law enforcement folks think that they need to "do something" to make sure they can spy on those conversations, but that's not true. Yes, it may make their job harder at times, but in a free country, the focus should be on protecting the freedom of the people, not decimating it to make the job of law enforcement easier. Those who commit crimes leave other clues beyond their communications online. Tapping such communications will lead to a massive security risk and huge expense for many innovative companies (likely slowing down the pace of innovation in that space). Is that worth it just so the DOJ can spy on what you have to say? That seems doubtful.

Permalink | Comments | Email This Story

DOJ Helped AT&T, Others Avoid Wiretap Act, Promised Not To Charge Them If They Helped Spy On People

Mike Masnick — Thu, 25 Apr 2013 03:12:00 PDT

Want to know one reason why the feds are so interested in giving blanket immunity to anyone who helps them spy on people? Perhaps because they're already telling companies that they have immunity if they help them spy on people. Specifically, they've issued special letters of immunity, more or less helping companies like AT&T ignore the Wiretap Act.

Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws.

The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors' Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12.

Basically, the Justice Department, at the urging of the NSA, went to various telcos and ISPs and issued secret letters which told them that if they violated the Wiretap Act, the DOJ promised them it would not prosecute. Not surprisingly, this kind of thing is not what you would generally consider legal. However, after CISPA... it would likely be more protected:

A report (PDF) published last month by the Congressional Research Service, a non-partisan arm of Congress, says the executive branch likely does not have the legal authority to authorize more widespread monitoring of communications unless Congress rewrites the law. "Such an executive action would contravene current federal laws protecting electronic communications," the report says.

Because it overrides all federal and state privacy laws, including the Wiretap Act, legislation called CISPA would formally authorize the program without the government resorting to 2511 letters. In other words, if CISPA, which the U.S. House of Representatives approved last week, becomes law, any data-sharing program would be placed on a solid legal footing. AT&T, Verizon, and wireless and cable providers have all written letters endorsing CISPA.

Apparently, the DOJ knew how problematic this was, and the CEOs of the various ISPs had indicated how worried they were about this program, but it still went forward. In secret, of course. Until now.

Suddenly the emphasis on getting CISPA approved, and the attempts to frighten everyone with scare stories of what will happen without it, make a bit more sense...

Permalink | Comments | Email This Story

Gov't Says They Requested 24,270 Wiretaps In Total; Sprint Alone Says They Received Over 50k Requests

Mike Masnick — Tue, 10 Jul 2012 07:19:00 PDT

We already wrote about how Ed Markey found out that law enforcement had made more than 1.3 million requests for subscriber info last year, and he's now published the detailed responses, which is turning up some scary information. First off, the numbers are clearly low, because (at the very least) T-Mobile refused to provide any numbers, stating:

While T‐Mobile does not disclose the number of requests we receive from law enforcement annually, the number of requests has risen dramatically in the last decade...

Perhaps more troubling may be the tidbit that Julian Sanchez noticed in Sprint's response (pdf), in which they admit to 52,029 court orders for wiretaps:

Over the past five years, Sprint has received approximately 52,029 court orders for wiretaps; 77,519 court orders for the installation of a pen register/trap and trace device; and 196,434 court orders for location information. [...] Over the same time frame Sprint received subpoenas from law enforcement agencies requesting basic subscriber information. Each subpoena typically requested subscriber information on multiple subscribers and last year alone we estimate that Sprint received approximately 500,000 subpoenas from law enforcement.

As Sanchez notes, this is problematic, because Sprint -- which is just the third largest mobile operator -- appears to be claiming more court orders for wiretaps than various officials reports to Congress of how many wiretaps had been sought in total. In other words, either Sprint's definition of "wirtetaps" is different than everyone else's, it's number is wrong... or... someone's been lying to Congress.

Certainly a report of 52,029 wiretaps over five years--and that just from the third largest carrier in the country--is remarkable in and of itself. But it’s also more than double the number of all wiretaps counted in annual reports required by federal law. The Administrative Office of the U.S. Courts keeps track of the number of wiretaps authorized each year for criminal investigations. The Justice Department files an annual report to Congress on individual warrants issued by the Foreign Intelligence Surveillance Court for intelligence investigations. (If you don’t feel like wading through, The Electronic Privacy Information Center has charts and graphs that should make it clear.) The total number of all wiretaps counted in the official reports over the five year period 2007–2011 comes to 24,270. I’ve made a table breaking it down year by year:

YEAR TITLE III (Criminal) Wiretap Orders FISA (Intelligence) Wiretap Orders

2011 2,732 1,745

2010 3,795 1,579

2009 3,043 1,320

2008 2,631 2,083

2007 2,927 2,370

TOTAL 15,173 9,097

The obvious question: How is one cell phone carrier—and not the largest by a longshot—reporting 27,759 more wiretap orders than the official numbers acknowledge for all carriers?

YEAR	TITLE III (Criminal) Wiretap Orders	FISA (Intelligence) Wiretap Orders
2011	2,732	1,745
2010	3,795	1,579
2009	3,043	1,320
2008	2,631	2,083
2007	2,927	2,370
TOTAL	15,173	9,097

That seems like a pretty big miss by someone...

Permalink | Comments | Email This Story

Google Wants Another Court To Determine If Accessing Open WiFi Is Wiretapping

Mike Masnick — Mon, 11 Jul 2011 16:13:25 PDT

After an apparently, technically clueless judge ruled last week that WiFi is not a radio communication, and thus suggested Google's collection of open WiFi data represents illegal wiretapping, Google has asked for an immediate appeal on that point, noting that "reasonable judges could disagree," and that fighting a whole trial on other points wouldn't make sense if another court says WiFi is, in fact, a radio communication and, thus, an open WiFi network is not subject to wiretap laws.

Permalink | Comments | Email This Story

Judge In Google WiFiSpy Case Trying To Determine If Packet Sniffing Open Networks Is An Illegal Wiretap

Mike Masnick — Tue, 19 Apr 2011 06:36:24 PDT

In the consolidated cases against Google for intercepting some unencrypted data passing over open WiFi networks as part of its Street View operation, the judge is now looking to determine if basic packet sniffing is the equivalent of an illegal wiretap. Google, and one would imagine, most people who understand the technology, are arguing that's silly. The nature of WiFi is that it takes the unencrypted bits and makes them wide open to anyone on that network. That's how the technology is designed. If you don't like it, you encrypt. Arguing, retroactively, that seeing the data that is put in the open on purpose is somehow an illegal wiretap seems silly, but that's what the case hinges on. Hopefully, the judge is either technologically savvy enough to understand this, or can be well educated in the nature of how an open WiFi network works... Otherwise, a lot of people may be facing wiretapping charges for activity that many people consider perfectly normal on a network.

Permalink | Comments | Email This Story

Feds Pushing For New Legally Required Wiretap Backdoor To All Internet Communications

Mike Masnick — Mon, 27 Sep 2010 12:25:40 PDT

The unfortunate, if not surprising, news story making the rounds today is that the feds in the US are looking to pass new laws to legally require a wiretap backdoor in every kind of internet communication offering. Yes, you read that right. If there's any way to communicate online, the US government is demanding the right to be able to wiretap it. Any company that doesn't comply will face fines. This despite the long history of the US government massively abusing its wiretapping privileges repeatedly throughout history.

And, yes, this would supposedly apply to non-US communications services as well:

Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.

Yeah, that'll go over well. It's difficult to see how this is any different than foreign governments demanding access to others' communications as well. It's pretty ridiculous for President Obama to talk about open internet principles to the UN, while cooking this up at the same time. Pushing for this also means that the US will have no excuse when the governments of Iran, China and elsewhere also demand backdoors into all US-based communications.

And, really, that's the biggest problem with this law. Beyond the inevitable privacy violations by the feds, putting backdoors into communications technologies guarantees that those backdoors will be used by others (outside of the federal government) to snoop on communications. The FBI and the NSA (who are pushing for this) are being totally and completely naive if they think that they're the only ones who will use this. We've pointed out in the past how large scale surveillance systems mean large scale security risks, and this is no different. We showed how a similar surveillance system in Greece was hacked into to spy on government officials. US officials should be aware that they're opening themselves up to these same potential risks.

And, the simple fact is: this won't help and it won't matter. The people who really want to communicate secretly will still use tools to communicate secretly. The feds are (once again) being naive to think that such tools won't exist and won't be widely known and widely utilized. Instead, all this will do is open up everyone else to abuse of the system by other governments, organized crime, people with malicious intent and (of course) the US government.

Permalink | Comments | Email This Story

Court Says It's Okay To Secretly Record Conversation If Done For Legitimate Reasons

Mike Masnick — Thu, 19 Aug 2010 17:44:25 PDT

While there have been a lot of concerns lately about efforts to misuse "wiretapping" laws that forbid any recordings of people without their knowledge, it appears at least a few courts are recognizing how silly that is. Yet another court has now said that secretly recording a conversation -- in this case with an iPhone -- is okay, assuming there was no crime committed with the recording, and the recording was for a legitimate purpose. As the court noted:

"The defendant must have the intent to use the illicit recording to commit a tort of crime beyond the act of recording itself."

That makes sense. The act of recording alone, shouldn't be a criminal act, as it really depends on what is being done with the recording. And, in an age where not only is recording everything easier, but for some becoming standard, requiring permission to record all audio seems like an outdated concept.

Permalink | Comments | Email This Story

Congressman Puts Forth Resolution To Protect People Who Videotape Police

Mike Masnick — Tue, 20 Jul 2010 16:03:21 PDT

We've noted recently that police and the courts have been regularly abusing wiretap laws to arrest people who are videotaping or recording police, claiming that they're violating two-party consent laws. The most famous case, of course, is the motorcycle rider with a helmet cam, who is facing jailtime for recording an off-duty, ununiformed police officer who jumped out of his car with his gun drawn. These situations are clearly not what such laws are designed to protect. Instead, it appears that the police are using them to intimidate and block people from legally recording police activity in public places.

Apparently all that press attention is starting to get noticed. Michael Scott points us to the news that Rep. Edolphus Towns has introduced a Congressional resolution protecting those who film or photograph police in public. It's just a resolution, rather than an actual law, but if it passes, hopefully, it will give the courts the ammo they need to toss out these ridiculous lawsuits.

Permalink | Comments | Email This Story

Proof Of Concept Skype Wiretapping Malware Released

Mike Masnick — Mon, 31 Aug 2009 01:25:38 PDT

One of the benefits of Skype was that, due to the way it works (P2P, encrypted communications), it made it much more difficult to do any sort of wiretap. This has upset various governments who are used to having the ability to wiretap any voice communications. However, it's never impossible. The most obvious way is to simply create some sort of trojan that gets installed on one user's computer that has audio recording abilities -- and Symantec is going around hyping up the fact that source code for just such a trojan has been released. Of course, even Symantec admits that there's no evidence of the code actually being used in the wild -- it seems more like a proof-of-concept. On top of that, it's hardly a new idea. Nearly a year ago, we talked about how German authorities were accused of using something that sounded quite similar. Still, it is a good reminder that even if you're using an encrypted Skype call, at either end of that call, the audio is decrypted, and a well-placed recording system can capture it.

Permalink | Comments | Email This Story

Court Says Feds Need A Warrant To Listen To Touchtone Beeps Too

Mike Masnick — Mon, 12 Jan 2009 05:54:35 PST

While there are still arguments over the legality of the government's warrantless wiretap program, apparently there's been a separate court case looking at whether or not a warrant is needed if the authorities are just listening to your touchtone dialing, rather than the contents of the call itself. The feds felt that if it was just the touchtone beeps, then they didn't need any warrant at all -- but a court has now shot that theory down. The feds tried to claim that such data was not "content" which would trigger the need for a warrant -- but considering that with today's touchtone IVR systems, such data could include passwords, PINs, social security numbers and other private data, it seems perfectly reasonable to suggest a warrant is necessary.

Permalink | Comments | Email This Story

UK Court Dismisses Lawsuit Against Journalist Police Wiretapped

Mike Masnick — Tue, 2 Dec 2008 03:45:45 PST

An interesting and important ruling came out of the UK last week, as a journalist had a lawsuit against her thrown out by a judge, because it appears that much of the evidence came from police wiretapping her phone conversations with a source in the police department. The judge ruled that journalists have a right to protect their sources, and the police wiretaps were illegal. I'm not familiar enough with UK wiretapping laws to know if they needed a court's approval for the wiretap in the first place -- but on the whole this seems like a reasonable decision, as the case itself was quite troublesome. Basically, it sounded like the police wanted to plug leaks from within the department, and then bugged the journalist to find out who the leaker was, and with that info charged both the source and the journalist. That certainly seems like an abuse of police power to try to prevent future leaks, so it's good to see the court dismiss the whole thing.

Permalink | Comments | Email This Story

FBI Wants More Power To Monitor Internet Activity

Mike Masnick — Wed, 23 Apr 2008 20:19:02 PDT

The FBI, which still can't even get its own computer network working properly, would rather just have more widespread access to spy on the computer network everyone else uses: the internet. Talking to Congress today, the FBI proposed a few different things, including the right to more widely spy on internet activity as well as legislation to force ISPs to retain log file data for an extended period of time. While the Congressional reps in attendance seemed to respond by saying "sure, sounds great" to both of these suggestion, both should actually be looked at much more closely.

More freedom to spy on internet usage potentially violates the 4th Amendment as well as federal wiretap laws. Given the evidence that the FBI has widely abused its ability to wiretap, this should be a major concern. As for data retention, problems with such an idea have been chronicled for years. It tends to put a tremendous expense on ISPs for no real reason -- and it tends to make it even harder to find the type of data authorities actually need to deal with criminal activities. If you're in the FBI, it's no surprise that you'd want both things in place, but that hardly means Congress should roll over and give them to the FBI.

Permalink | Comments | Email This Story

Turns Out The MPAA Did Get Access To TorrentSpy Execs' Email

Mike Masnick — Thu, 30 Aug 2007 20:27:25 PDT

The MPAA has been pushing the courts to force TorrentSpy to spy on its users -- something TorrentSpy refuses to do, noting that it would break their own privacy policy and is simply ethically questionable. It should come as no surprise, of course, that the MPAA has no such qualms. In fact, it came out today that the MPAA had, in fact, been snooping through TorrentSpy's executives' emails. So, which organization looks more ethically challenged? This stems from a case TorrentSpy filed last year, after finding out that a former co-worker gave the MPAA access to TorrentSpy emails. While a court has found that the MPAA's actions did not violate wiretap laws, it's still pretty questionable. What appears to have happened, is that a former TorrentSpy employee who had access to the company's email system set it up so all executives' emails also forwarded to a gmail account he owned. He then sold access to that gmail account to people at the MPAA. Clearly, the MPAA knew that the TorrentSpy execs thought these emails were private, and yet they still eagerly paid up for access to them, which is really sleazy. TorrentSpy is appealing the case, but they'd probably have a much stronger case against the former employee who set up the email forwarding system in the first place.

Permalink | Comments | Email This Story