FBI Pushing Real-Time Metadata-Harvesting 'Port Readers' On Service Providers

from the when-will-it-be-'enough'-data? dept

The FBI seems to be of the same mindset as the NSA — it’s better to have it all and not need it than to show any sense of restraint when it comes to harvesting data. Declan McCullagh at CNET has uncovered yet another surveillance program aimed at collecting vast amounts of data simply because the current legal climate allows it.

The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies’ internal networks to facilitate surveillance efforts.

FBI officials have been sparring with carriers, a process that has on occasion included threats of contempt of court, in a bid to deploy government-provided software capable of intercepting and analyzing entire communications streams. The FBI’s legal position during these discussions is that the software’s real-time interception of metadata is authorized under the Patriot Act.

Attempts by the FBI to install what it internally refers to as “port reader” software, which have not been previously disclosed, were described to CNET in interviews over the last few weeks. One former government official said the software used to be known internally as the “harvesting program.”

Isn’t that great? Carriers don’t know what effects the FBI’s new toy will have on their systems and are perhaps even a little concerned that they’re violating their customers’ last remnants of privacy by allowing this, but turning down this “opportunity” means facing contempt charges. The situation presents only unappealing choices.

The FBI quickly responded with a statement declaring its actions to be “playing by the rules,” as well as expressing its pure desire to help telecoms and service providers become better corporate citizens.

“Pen Register and Trap and Trace orders grant law enforcement the authority to collect dialing, routing, addressing, or signaling information associated with a target’s communications. This information includes source and destination IP addresses and port numbers. In circumstances where a provider is unable to comply with a court order utilizing its own technical solution(s), law enforcement may offer to provide technical assistance to meet the obligation of the court order.”

The FBI statement specifies “pen register” and “trap and trace,” but the port readers gather far more information than the limited data available to those processes.

Federal law says law enforcement may acquire only “dialing, routing, addressing, or signaling information” without obtaining a wiretap. That clearly covers, for instance, the Internet Protocol address of a Web site that a targeted user is visiting. The industry-created CALEA standard also permits law enforcement to acquire timestamp information and other data.

But the FBI has configured its port reader to intercept all metadata — including packet size, port label, and IPv6 flow data — that exceeds what the law permits, according to one industry source.

Knowing that the FBI is harvesting much more than basic metadata calls into question the recent court decision declaring warrantless cell phone location tracking constitutional. According to the majority’s argument, metadata created by phone usage is nothing more than a “business record.” something that is freely available to law enforcement and intelligence agencies because it carries with it no reasonable expectation of privacy.

At what point is that “expectation” reestablished? If the court’s argument holds for location data, it will likely hold for any sort of metadata created, no matter how specific it is. The same warrantless process is being used by the FBI to capture metadata on internet usage, email and phone information — all without being challenged for privacy violations.

There’s every indication that the FBI has had more metadata than pen registers/trap and trace were ever intended to harvest for quite some time now. Late last year, hackers broke into an FBI laptop which contained a .csv file full of iPhone users’ data.

[The csv file contained] a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

Why an agent had the data of 12 million iPhone users stored on his laptop is inexplicable. According to the narrative, any “inadvertent” data gets swept into storage where it can only be “asked questions.” This file dump shows the FBI isn’t necessarily discarding or segregating “irrelevant” information, a problem that is only worsened by each additional form of “metadata” it scoops up.

At a bare minimum, the outdated laws applying to the limits of pen registers and trap and trace need to be updated, as does the general argument that phone users’ interaction with their providers (via calls, internet usage, etc.) create nothing more than “business records.” Continuing to ignore the fact that these agencies are abusing outdated laws to scoop up massive amounts of metadata on non-targeted users will only ensure this problem will get worse in the future.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Pushing Real-Time Metadata-Harvesting 'Port Readers' On Service Providers”

Subscribe: RSS Leave a comment
30 Comments
out_of_the_blue says:

While Techdirt front page has 200K of javascript, you should talk!

Most of it from Google, of course. Javascript is spyware plus advertising-ware. You and Google are pushing spyware onto every system that visits Techdirt. — Of course, anyone with the least sense doesn’t let it run: Get the Noscript extension for Firefox (and remove Google from the whitelisting it pays for).

Here’s part of your oxymoronic “Privacy” page:


When you access Techdirt or open one of our HTML emails, we may automatically record certain information from your system by using different types of tracking technology. This “automatically collected” information may include Internet Protocol address (“IP Address”), a unique device or user ID, version of software installed, system type, the content and pages that you access on Techdirt, and the dates and times that you visit Techdirt.

Anonymous Coward says:

Re: While Techdirt front page has 200K of javascript, you should talk!

NoScript, AdBlock, Flashblock, and Ghostery AT LEAST should be part of every Firefox installation. Only whitelist what you need. It makes the web a saner and safer place.

Of course NoScript might be annoying for non-technical users.

As for the rest…well…It’s hard to run a server without collecting IP addresses…Also – in particular – it is hard to run a webserver without collecting some “private and unique” information, starting by your user-agent string, which your browser happily sends away with (almost) every request.

That bit in the privacy page is just boiler-plate that any minimally technically knowledgeable user should already be aware of. If it bothers you, use tor.

Anonymous Coward says:

Re: Re: While Techdirt front page has 200K of javascript, you should talk!

Oh, and if you use tor, don’t be a moron. Disable javascript, cookies and every other fancy shit you may have, or else you’ll still get tracked.

Also, be aware of this: http://arstechnica.com/security/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-users/.

Stubinz says:

Re: Re: Re: While Techdirt front page has 200K of javascript, you should talk!

But guess what? Thanks to FireFox CLEARLY bending over and letting the NSA shove the cock of tyranny up it’s ass, with version 23 – you can no longer turn javascript off in the tools interface, and off course, it’s on by default.

Anonymous Coward says:

Re: Re: While Techdirt front page has 200K of javascript, you should talk!

Also – in particular – it is hard to run a webserver without collecting some “private and unique” information, starting by your user-agent string, which your browser happily sends away with (almost) every request.

And that is why the Calomel SSL validation extension is useful for more than just doing what it name implies: one of the things it lets you do is anonymize your user-agent. Of course, the User Agent Switcher let’s you do that too.

Calomel: https://addons.mozilla.org/en-US/firefox/addon/calomel-ssl-validation/
User Agent Switcher: http://chrispederick.com/work/user-agent-switcher/

Incidentally, the maintainers of this site might be curious to know that Calomel’s extension is currently flagging it.

Internet Zen Master (profile) says:

Y'know, this isn't all that surprising

Considering that the NSA is very reluctant to share any of the data it collects with the other government agencies, the DEA being the sole exception because drugs are generally considered to be imported from other countries, which (according to NSA logic) makes the suspects involved foreigners by default.

It’s true that, I am less than thrilled by the NSA’s invasive surveillance programs, I’ll give them credit for (mostly) keeping all that data to themselves (*see caveat about sharing with the DEA above*).

Problem with that is now it sounds like the FBI wants to get in on the data-mining game because the NSA won’t share data (even though they’re not supposed to be collecting info on Americans, but that’s beside the point right now).

In the end, I find myself trusting the NSA more than I trust the FBI. It’s depressing when you find yourself having more faith in the massive spy agency than you do in the FBI.

Anonymous Coward says:

The CNET article mentions IPv6 flow data

(Curiously, it singles out IPv6 and does not mention IPv4, or just say IP.)

Flow data is incredibly rich in the hands of someone who understands it. It’s usually not that hard to re-identify it even if the sender/receiver pair is supposed anonymous — or at least to partially re-identify it.

Moreover, it yields copious clues as to what operating systems are in use, what services/applications are running on them, even what revision level some of these are.

In the wrong hands (are there are any “right” hands for this?) this data would be devastating. Given that the FBI has already lost all kinds of laptops, some of which contained large data collections (see elsewhere in this discussion) we can reasonably expect that they’ll start losing this data too. So much for their role in allegedly helping to “defend” us from cyberattack.

Kenneth Michaels (profile) says:

Packet Size is Content of Communication

Even when streaming voice is encrypted, it is possible to determine what is said via a side-channel attack by knowing the *packet size* of the VoIP stream. A variable bit-rate for the encoder/decoder leaks information as to what is said, which is revealed by the packet size. See Bruce Schneier: http://www.schneier.com/blog/archives/2008/06/eavesdropping_o_2.html

Thus, packet size is not metadata, it is content.

John Fenderson (profile) says:

Re: Re: Packet Size is Content of Communication

I fear that the less technical here may fail to recognize how true this is on many levels, including literally. “Metadata” is a relative term. Using it without explaining the context it appears in is meaningless.

This business of lying through using incomplete definitions has been really irritating me lately. It’s an ancient rhetorical technique, but I’ve been seeing it so much more than usual over the last decade or so.

Adirondack says:

This extreme violations of rights needs to get to the Supreme Court immediately. The government has no right to track every single person, or record every email, chat, and website a person visits without probable cause, and creating software to violate TOR or any other anon server.
Police cars recording every license plate and keeping data bases of where we go. We all cringed at 1984 , and we now live with government recording our movements, Internet, probably phones. Is there no limit to abuse of rights, freedom, liberty? Innocent until proven guilty have any meaning? Probable cause is gone out the window. Everyone needs to start using encrypted email so some government pervert isn’t ogling pictures of our daughters and wives.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...