Techdirt. Stories filed under "wiretaps"

Want To Destroy Any Hope Of Serious Cybersecurity? Give The DOJ Its Desired Backdoor Wiretaps On All Communications

Mike Masnick — Fri, 17 May 2013 14:34:00 PDT

The Obama administration has supposedly been "considering" the latest version of the DOJ's plan to require backdoor wiretapping abilities in any form of digital communication. If you don't recall, the FBI asks for this basically every year. The latest version would lead to fines for any company that doesn't build in a backdoor wiretapping ability. We've been pointing out for quite some time that putting in such backdoors only makes us all less safe, because those with malicious intent will find and use those backdoors.

A new report has been released, put together by some of the best known technologists and security experts out there, saying that the plan, as being considered would effectively undermine any cybersecurity regime. At a time when the administration and Congress keep insisting that we need better cybersecurity, to undermine it all with wiretapping backdoors would be ridiculous. And let's not even begin discussing how this would play out if it passed and number one CISPA backer Mike Rogers then became head of the FBI.

Among the report's authors are names you might recognize, like Ed Felten, Peter Neumann, Bruce Schneier and Phil Zimmerman. You can read the full report (pdf) to see all the details. As Ed Felten told the NY Times:

“It’s a single point in the system through which all of the content can be collected if they can manage to activate it,” said Edward W. Felten, a computer science professor at Princeton and one of the authors of the report... “That’s a security vulnerability waiting to happen, as if we needed more,” he said.

Once again, all of this suggests that the efforts around "cybersecurity" have always been more of a cover story to try to make it easier for law enforcement to access data, rather than any legitimate effort at improving security.

Permalink | Comments | Email This Story

How The FBI's Desire To Wiretap Every New Technology Makes Us Less Safe

Mike Masnick — Tue, 15 Jan 2013 10:22:44 PST

Here they go again. Every year or so we end up writing about the FBI's desire for better wiretapping capabilities for new technologies, such as Skype. Basically, the FBI argues that because "bad guys" might use those tools to communicate in secret, they need backdoors to make sure that they can keep tabs on the bad guys.

But they're forgetting something: the FBI isn't necessarily the only one who will get access to those backdoors. In fact, by requiring backdoors to enable surveillance on all sorts of systems, the FBI is almost guaranteeing that the bad guys will use those backdoors for their own nefarious purposes. It's not security, it's anti-security.

This is why claims by the feds that we need cybersecurity legislation, like CISPA or the Cybersecurity Act, ring hollow. If they really wanted more protected networks, they wouldn't keep asking for specific security holes to be explicitly added to those networks.

Two decades ago, the FBI complained it was having trouble tapping the then-latest cellphones and digital telephone switches. After extensive FBI lobbying, Congress passed the Communications Assistance for Law Enforcement Act (CALEA) in 1994, mandating that all telephone switches include FBI-approved wiretapping capabilities.

CALEA was justifiably controversial, not least because its requirement for “backdoors” across our communications infrastructure seemed like a security nightmare: How could we keep criminals and foreign spies from exploiting weaknesses in the new wiretapping features? Would we even be able to detect them when they did?

Those fears were soon borne out. In 2004, a mysterious someone — the case was never solved — hacked the wiretap backdoors of a Greek cellular switch to listen in on senior government officials … including the prime minister.

Think this could only happen abroad? Some years ago, the U.S. National Security Agency discovered that every telephone switch for sale to the Department of Defense had security vulnerabilities in their mandated wiretap implementations. Every. Single. One.

Somehow, the FBI always thinks that if there are backdoors, only it will use them. That is extreme wishful thinking.

Permalink | Comments | Email This Story

NYTimes Sues The Federal Government For Refusing To Reveal Its Secret Interpretation Of The PATRIOT Act

Mike Masnick — Mon, 10 Oct 2011 11:36:00 PDT

We've been covering for a while now how Senators Ron Wyden and Mark Udall have been very concerned over the secret interpretation the feds have of one piece of the PATRIOT Act. They've been trying to pressure the government into publicly explaining how they interpret the law, because they believe that it directly contrasts how most of the public (and many elected officials) believe the feds are interpreting the law. While the two Senators continue to put pressure on the feds and to hint at the feds' interpretation, just the fact that the government won't even explain its own interpretation of the law seems ridiculous.

Given all of this, reporter Charlie Savage of the NY Times filed a Freedom of Information Act request to find out the federal government's interpretation of its own law... and had it refused. According to the federal government, its own interpretation of the law is classified. What sort of democracy are we living in when the government can refuse to even say how it's interpreting its own law? That's not democracy at all.

Julian Sanchez points us to the news that Savage and the NY Times have now sued the federal government for not revealing its interpretation of the PATRIOT Act, pointing out that if parts of the interpretation contain classified material, the Justice Department should black that out and reveal the rest, but simply refusing to reveal the interpretation entirely is a violation of the Freedom of Information Act. You can bet that the feds will do everything they can to get out of this lawsuit, just as they did with the various lawsuits concerning warrantless wiretapping. Here's hoping the court systems don't let them. No matter what you think of this administration (or the last one) and how it's handling the threat of terrorism, I'm curious how anyone can make the argument that the US government should not reveal how it interprets the very laws under which it's required to operate.

Permalink | Comments | Email This Story

Senators Reveal That Feds Have Secretly Reinterpreted The PATRIOT Act

Mike Masnick — Thu, 26 May 2011 08:20:00 PDT

We had mentioned, briefly, the amendment that Senators Ron Wyden and Mark Udall had tried to push for with relation to the renewal of controversial provisions of the PATRIOT Act, however didn't spend much time discussing it. The details are important -- even if we can't know what most of them are. Basically, what becomes clear is that both Senators -- who are on the Senate Intelligence Committee -- are aware of the fact that the feds have interpreted the PATRIOT Act provisions much more broadly than the wording suggests, but they've kept this interpretation secret. In other words, though the law says one thing, the federal government has announced internally that it's "interpreting it" an entirely different way, but it's kept that interpretation secret. The speculation is that these provisions are being massively abused for widespread warrantless wiretapping.

In an interview with Wired, Wyden makes the point clear:

“We’re getting to a gap between what the public thinks the law says and what the American government secretly thinks the law says."

He notes that he has no problem with keeping the techniques the feds use secret, but the interpretation should be public, and that's what their amendment is about.

And it's not just the public that's having the wool pulled over their eyes. Wyden and Udall are pointing out that the very members of Congress, who are voting to extend these provisions, do not know how the feds are interpreting them:

As members of the Senate Intelligence Committee we have been provided with the executive branch's classified interpretation of those provisions and can tell you that we believe there is a significant discrepancy between what most people - including many Members of Congress - think the Patriot Act allows the government to do and what government officials secretly believe the Patriot Act allows them to do.

Legal scholars, law professors, advocacy groups, and the Congressional Research Service have all written interpretations of the Patriot Act and Americans can read any of these interpretations and decide whether they support or agree with them. But by far the most important interpretation of what the law means is the official interpretation used by the U.S. government and this interpretation is - stunningly -classified.

What does this mean? It means that Congress and the public are prevented from having an informed, open debate on the Patriot Act because the official meaning of the law itself is secret. Most members of Congress have not even seen the secret legal interpretations that the executive branch is currently relying on and do not have any staff who are cleared to read them. Even if these members come down to the Intelligence Committee and read these interpretations themselves, they cannot openly debate them on the floor without violating classification rules.

In the understatement of the year, Wyden and Udall state "this is not acceptable." I think it goes beyond unacceptable. It's downright scary. That Congress is about to rubberstamp the extension of the law when they think it says one thing, while the feds pretend it says something entirely different, is a travesty.

Permalink | Comments | Email This Story

Congress Just Sold You Out: Leadership Plans To Extend Patriot Act For Four Years With NO Concessions

Mike Masnick — Thu, 19 May 2011 14:25:25 PDT

As we've discussed, there were some very questionable provisions in the Patriot Act which were set to expire last year, but got extended, officially to allow time for debate. There was none, and when the extension was set to expire, Congress extended the clauses again for 90 days, supposedly to debate them. There were some superficial discussions, but the end result is what many people knew would happen anyway: the provisions are going to be extended for four years, with no concessions or greater oversight. Not only that, but the leadership from both major parties, who have agreed to this "deal," want to pass it with little or no debate:

The deal between Senate Majority Leader Harry Reid and House Speaker John Boehner calls for a vote before May 27, when parts of the current act expire, according to officials in both parties who spoke on condition of anonymity. The idea is to pass the extension with as little debate as possible to avoid a protracted and familiar argument over the expanded power the law gives to the government.

So, let's see. The government grants itself the power to abuse the 4th Amendment and spy on people with little oversight, and it would prefer that there not be any debate over this, because pesky people might raise the fact that this is wide open for abuse, and the senators don't want to have to talk about that.

Permalink | Comments | Email This Story

FBI: Customers Might Sue If They Knew Companies Were Helping With Wiretaps

Mike Masnick — Wed, 11 May 2011 14:39:03 PDT

It's really quite stunning to see how the government justifies its overreaching efforts into citizens' privacy. The latest example comes from the ACLU, which found a gem in the heavily redacted documents it retrieved via the Freedom of Information Act in seeking info about the warrantless wiretapping program. One bit of information they found has the FBI saying it thinks the public should not know about companies that are helping the feds with warrantless wiretapping because (*gasp*) people might sue about their rights being violated:

"Specifically, these businesses would be substantially harmed if their customers knew that they were furnishing information to the FBI. The stigma of working with the FBI would cause customers to cancel the companies' services and file civil actions to prevent further disclosure of subscriber info."

Yes, that's the FBI saying that it shouldn't be forced to say who's violating their rights, because people might get upset that their rights are being violated and sue. And that's bad for business. This is a justification for secretly spying on people without a warrant? That people would get upset and sue? Once again, the feds seem to be arguing that the law should be whatever is most convenient for them, rather than about what most protects the rights of citizens against over-intrusive behavior by the government.

Permalink | Comments | Email This Story

It's Back: FBI Announcing Desire To Wiretap The Internet

Mike Masnick — Thu, 17 Feb 2011 07:44:13 PST

Last fall it came out that the feds were going to push for a law that would require wiretap backdoors in all forms of internet communications. As many people pointed out at the time, there are all sorts of reasons why this is a very bad idea, starting with the fact that putting such backdoors into all forms of communication will certainly lead to them being abused. And, when we say "abused," we don't just mean by the feds -- who have a long history of illegally abusing surveillance powers -- but by others as well. If the feds really think that only they will have true access to these backdoors, they're a lot more naive than we thought. This is a catastrophe in waiting.

Either way, it appears that the geniuses over at the Justice Department and the FBI don't seem to care. Despite plenty of people raising these concerns, it's still going forward with a push for such laws. The plan that will be pushed would require any technology provider to offer up a way for law enforcement to spy on "Web-based e-mail, social networking sites, and peer-to-peer communications technology." Of course, the feds already have subpoena powers to get email and social networking info, when appropriate. And, as Kevin Bankston points out in the article linked above, the FBI demanded and received wiretapping abilities over such things a few years ago -- but hasn't explained why that wasn't sufficient. Either way, it's the P2P part that's really questionable, because basically they're asking for a way to wiretap encrypted voice systems like Skype.

What's stunning to me is that the feds don't even seem to consider the inevitable unintended consequences of forcing such wiretapping backdoors into these forms of communications. Such backdoors will almost certainly be hacked by those with malicious intent. If the feds thought Wikileaks and groups like Anonymous were troubling now, just wait until they can also record and listen to a growing number of voice calls.

And, for those who support these kinds of wiretaps, claiming that without them the FBI will "have no way to know" what these people are talking about, that's a bogus complaint. There are all sorts of other ways to figure out what people are doing. It's called basic detective work, and it's what our law enforcement folks are supposed to be doing. Just because it sometimes takes work is no reason to throw our basic privacy rights out the window.

Permalink | Comments | Email This Story

Once Again, Feds Found To Be Abusing Surveillance Procedures With Little Oversight

Mike Masnick — Fri, 3 Dec 2010 15:15:00 PST

Every few months it seems that yet another report comes out saying that the various intelligence agencies have abused their powers to spy on people with little (or no) oversight. The latest such report, released thanks to a court battle by the ACLU explains (in heavily redacted terms) that there are still widespread abuses of the process of wiretapping people under the FISA law (though, it may not be quite as bad as in the past). Of course, the specific details are all redacted.

Separately, a Freedom of Information request by Chris Soghoian has turned up how the feds now regularly are tracking real-time info such as credit card transactions (as you make them) without first getting a court order. Apparently, the Justice Department is allowing agents to write their own subpoenas, and the only role a judge plays is in ordering that the surveillance not be disclosed. Once that happens, credit card companies, mobile operators, rental car companies and even retail stores with loyalty cards end up giving the government a direct, real-time feed. So, yes, the government may know about that giant bag of nacho chips you bought at Costco before you even make it home. Obviously, there may be good reasons for the government to want real-time info on certain people that they're watching but doesn't it seem a bit strange to avoid having to go to a judge and proving probable cause before being allowed to get that kind of info?

Permalink | Comments | Email This Story

Why Do We Need Warrantless Wiretapping If Not A Single Wiretap Warrant Request Gets Rejected?

Mike Masnick — Mon, 3 May 2010 16:11:06 PDT

While the government continues to defend its warrantless wiretapping program -- despite it being found illegal and prone to serious privacy violations -- the latest report on official wiretaps that did receive a warrant shows not only that they were way up in 2009, but that not a single request for a warrant to wiretap was turned down. Not a single one. Now, admittedly, these are different types of wiretaps: by the police, mostly for drug cases, rather than the feds for terrorism cases. But it does suggest that the judicial system is pretty open to approving wiretap requests, and still makes us wonder why the government keeps insisting that actually getting a warrant -- as is required by the law -- is too much to ask in many cases.

Permalink | Comments | Email This Story

Sprint Revealed GPS Data To Authorities 8 Million Times In The Last Year [Updated]

Mike Masnick — Tue, 1 Dec 2009 13:39:13 PST

This seems too insane to be true, but the EFF points us to a report, based on a Freedom of Information Act request, that claims Sprint provided law enforcement with GPS location data a staggering 8 million times in the last year. Sprint apparently set up some sort of portal that made such requests easier, and it sounds like law enforcement took advantage of that in a major way. The report also notes that this information should have been disclosed to Congress, under a 1999 law, but the Justice Department has ignored the law for the past five years. The rest of the report also looks at some other concerning factors, such as the fact that the government seems to regularly get all sorts of info from service providers, with little oversight. On top of that, it explains why so many service providers agree to it: they charge the government for such info, and it's quite lucrative. As such, they actually have the incentive to encourage the government to ask for more information and to deliver it to them as quickly and efficiently as possible. However, you have to wonder how so many requests are being made with such little oversight -- and how often this means the process is abused to spy on individuals with no legal basis. Update: Sprint is now trying to explain this by saying that the numbers represent number of "pings" and that can include thousands of pings per a single investigation. In a single investigation, once law enforcement has a court order, it can check someone's location every 3 minutes for up to 60 days -- and that's what made the number so inflated.

Permalink | Comments | Email This Story

NSA Abused Wiretap Rights: Intercepted, Shared Private Calls Of Americans

Mike Masnick — Thu, 9 Oct 2008 13:05:23 PDT

Now that Congress has totally capitulated and allowed the administration's warrantless wiretapping program to go on without question, it should surprise no one that leaks are coming out highlighting how the program is regularly abused to spy on everyday Americans who are calling North America from the Middle East. In fact, two separate "intercept operators" have apparently come forward separately, and talked about listening in on perfectly innocent calls between two Americans -- exactly the scenario that the government insisted never happened. Specifically, General Hayden stated that conversations between Americans were not being intercepted: "It's not for the heck of it. We are narrowly focused and drilled on protecting the nation against al Qaeda and those organizations who are affiliated with it."

However, according to the operators, it appears to be very much for the heck of it. Not only were calls between Americans listened to and recorded on a regular basis, the "good parts" (i.e., phone sex) were sent around to other operators to listen to as well. One of the operators said that on a regular basis messages would be sent around with messages like: "Hey, check this out. There's good phone sex or there's some pillow talk, pull up this call, it's really funny, go check it out." Of course, this shouldn't surprise anyone. When you give someone the power to spy on calls with absolutely no oversight, it's going to get abused. It's just that simple.

Permalink | Comments | Email This Story

How Do You Prove You Were Warrantlessly Wiretapped If It's A Secret?

Mike Masnick — Wed, 9 Jul 2008 10:44:00 PDT

As we continue to debate the question of telco immunity, there's a separate, but related legal issue that's worth paying attention to as well: the question of who can actually sue about having their rights abused by supposedly warrantless wiretaps. Earlier this year, the Supreme Court ruled that various groups such as the ACLU couldn't sue because they had no "standing" (i.e., proof that they were impacted by the warrantless wiretaps). It's a bit convoluted when you think about it: there's no way to determine if illegal spying took place because the only way you could get the evidence would be to first prove you have the evidence that it took place. But if you think that's twisted, it gets even more bizarre.

It turns out that in one related case, the government accidentally sent over proof that it used a warrantless wiretap to monitor a certain group. Thus, that group can actually show it has standing... sorta. One of the lawyers involved in pushing just such a lawsuit forward has a stunning tale explaining the amazing obstacle course he had to traverse to actually have this lawsuit move forward (and it's not over yet). Basically, the government claims the information in the document is still secret, even though it gave it out, and some of the details have been reported on the news (in business contexts once info is out, it's no longer secret -- apparently, not so with the government).

Where things get really bizarre, though, is in how the lawyers on this case can actually deal with this evidence it has. Basically, they had to destroy all copies they had of the evidence in question, and can sort of obliquely refer to it from memory in secret filings that are written under the watchful eye of the Justice Department, officially to make sure that the "classified info" remains classified. Even better, the lawyers had to respond to a secret filing from the Justice Department that the lawyers weren't even allowed to see. The case is far from over -- as the latest ruling basically set up another ridiculous tightrope for the lawyers to walk -- basically saying that they can't use the evidence in the document because it would prove their case. Instead, they first have to prove it without the document, and then if they do that, they can use the document (after it's basically no longer necessary). And there's all sorts of side amusements, such as reading about how the Justice Department tries to destroy the lawyer's computer to make sure there's no secret documents on there (it's like a scene from a bad comedy, where they discover that simply banging a hard drive on a table isn't an effective way to damage it). And, there's also the bit where the Justice Department refuses to let one lawyer take part in the drafting of the secret filing because they just don't like him.

This has gone way beyond protecting state secrets or providing security and protection to American Citizens. As you read the details, it's quite clear this is about doing whatever possible to hide what was almost certainly an illegal move by the administration. If telecom immunity is granted, then this particular case, Al Haramain v. Bush, would basically be the only case left that looks into the legality of warrantless wiretapping. Say what you want about the importance of protecting US citizens, the American Constitution set up a system of checks and balances for a very good reason: so no single group has enough power to make the rules itself. This whole thing shows how the executive branch is trying to guarantee there are no checks or balances on some of its activities. That's a very scary precedent and on that anyone -- no matter what your political persuasion -- should be against.

Permalink | Comments | Email This Story

Domestic Wiretapping Programs Should Not Be Secret

Timothy Lee — Thu, 6 Mar 2008 19:03:41 PST

A whistle-blower reports that an unnamed wireless carrier has provided a government facility in Quantico, VA, with unfiltered access to its core network. The whistle-blower says this gives the government direct access to private information such as text messaging and call records. He doesn't name either the company or the government agency involved. But a 2006 lawsuit featuring similar allegations named Verizon Wireless as the culprit. And Threat Level says that Quantico, VA, just happens to be "the center of the FBI's electronic surveillance operations." When asked about this, a Verizon Wireless spokesman wrote "What you're talking about sounds as if it would be classified and involving national security, so I wouldn't be able to find out the facts."

The idea that ordinary domestic surveillance activities are a matter of national security, and therefore immune from public scrutiny, is both wrong-headed and malicious. I guess the idea is that we don't want to tip off the terrorists about our surveillance programs. And obviously, information about specific targets needs to be kept secret. But the terrorists have to already know that most communications channels can be intercepted. Moreover, it's just not reasonable to expect that the broad details of our government's domestic surveillance activities will remain a secret indefinitely. Despite the secrecy, we're gradually learning about the scope of these programs. If terrorists didn't know their calls were being tapped five years ago, they certainly do now.

The problem is that because details about these programs (and information about abuses) dribble out slowly over several years, Congress never has the opportunity to conduct meaningful oversight of them. For example, this week we also found out that abuse of national security letters, which was previously only reported to have occurred from 2003 to 2005, continued into 2006. Of course, the administration says they've fixed the problem and that no more NSL abuses will occur. But that's what they always say when privacy abuses are uncovered, yet new examples keep popping up. The only way the abuses will stop is if Congress rejects the idea that domestic surveillance is immune from judicial and Congressional surveillance. The Bush administration needs to disclose the exact scope of its domestic surveillance activities so that Congress can have an open, public debate about the proper scope of government spying powers.

Permalink | Comments | Email This Story

Supreme Court Won't Review Case Saying ACLU Has No Right To Sue Over Wiretaps

Mike Masnick — Tue, 19 Feb 2008 17:37:49 PST

In a rather unfortunate ruling, the Supreme Court has decided to let an appeals court ruling stand, saying that the ACLU has no standing to bring a lawsuit over domestic wiretapping activities of the federal government. There's a bit of a catch-22 here. Neither the appeals court nor the Supremes are saying that the wiretapping is illegal. They're just saying that only those actually impacted by the wiretapping can bring suit -- which is tricky since the whole point is that there's no way for those being tapped to actually know they're being tapped. This would appear to be a rather ominous omission in the "checks and balances" our government is supposed to have.

Permalink | Comments | Email This Story

FBI Not Good At Paying Wiretap Bills

Mike Masnick — Thu, 10 Jan 2008 18:37:00 PST

While the FBI has regularly decided that court orders aren't necessary for wiretaps, it is a bit surprising to find out that it seems to feel the same way about paying the bills for wiretaps. Newly released info show that the FBI often failed to pay its wiretapping bills, leading one telco to cut off the FBI's wiretaps until it finally paid up. Given how screwed up the FBI's computer systems are, perhaps it's not surprising that they don't have an acceptable accounts payable system either.

Permalink | Comments | Email This Story