FBI Appears To Have Collected Tormail's Entire Email Database… And It's Using It
from the collect-it-all dept
We’ve mentioned in the past that, for all the focus on the NSA lately, the FBI may be equally, if not more, worrisome for its willingness to collect tons of data on everyone and use it. Back in August, it became pretty clear that the FBI had compromised the Tor Browser Bundle, and had effectively taken over Freedom Hosting — a popular hosting provider for dark web tor sites — in order to push out malware that identified Tor users. A month later, it was confirmed that it was the FBI behind the effort, which led to the closing of Freedom Hosting.
Now there are new reports, suggesting that along with Freedom Hosting, the FBI was able to get the full database of emails on TorMail, a popular tor-based email service that used Freedom Hosting and was shut down at the same time Freedom Hosting went down. The reports point to a new lawsuit, in which the FBI was able to get a search warrant to search TorMail using its own copy of the database — which it clearly had obtained at an earlier date. This basically means that the FBI has a pretty easy time searching all those emails if it needs to:
The tactic suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later. There’s no indication that the FBI searched the trove for incriminating evidence before getting a warrant. But now that it has a copy of TorMail’s servers, the bureau can execute endless search warrants on a mail service that once boasted of being immune to spying.
This again highlights one of the problems of the “collect it all” approach. Rather than merely targeting a specific individual or group, the FBI now has all of those emails sitting in a database. Even if it’s getting a warrant to search, it’s now searching its own database, rather than having to go out to get the information from others who might challenge the requests.
Filed Under: email, fbi, nsa, searches, surveillance, tor, tormail, warrants
Comments on “FBI Appears To Have Collected Tormail's Entire Email Database… And It's Using It”
That must have been an interesting court session…
FBI: Your Honor, we’d like to apply for a search warrant to search through X, Y, and Z email addresses.
Judge: What cause and evidence do you have to believe that the listed email addresses contain incriminating evidence?
FBI: Oh we already have, and have looked through, the email addresses, now we just need an after-the-fact warrant so we can legally search through and use the emails as evidence in court.
Judge: That seems off for some reason, but my favorite show is on in half an hour, and it’s getting close to lunch, so warrant granted.
Wouldn’t copying the whole database “in secret” compromise it’s value as evidence? After all, if they could download it, they could have modified it too just as easily.
Re: Re: Re:
You’d think so, but the courts these days are a complete and utter joke when it comes to that whole ‘justice’ thing, letting government agencies do pretty much whatever they want.
Re: Re: Re: Re:
yes, damn courts, why don’t they just let the criminals do what they want!!!
Re: Re: Re:2 Re:
That’s right! They should arrest the criminal cops asap!
Re: Re: Re:2 Re:
That is the issue, the courts are letting the criminals do what they want.
The sad part is that it is the government that are the criminals in this instance
Re: Re: Re: Re:
You forget though. The courts seem to buy the Feinstein’s arguments that these agencies are “professional” though which of course would preclude them from modifying them though. Wait until some Mafia guy is on trial for some crime and the government wants to claim that they tampered with evidence.
Defense lawyer: “Your honor, my client couldn’t have tampered with that evidence because he after all is a professional at this sort of thing.”
Judge: “Seems reasonable to me.”
Re: Re: Re:
Silly rabbit. They would never do that because they are professionals
Re: Re: "copying the whole database "in secret" compromise it's value as evidence?..."
The Value of the Evidence Against You would only be compromised If you were not guilty! GUILTY! GUILTY!
from the grave…
Re: Re: Re:
Yeah, but bear in mind those are the same courts who have no problems with the FBI refusing to use audio recorders, and have a person taking hand-written notes during interviews and interrogations.
If those hand-written notes disagree with what a suspect claims he said, the most common result is perjury or lying to a federal agent charges for the suspect.
I think that’s exactly what they’re doing, too. They look first, then ask for the warrant because they have “probable cause”, since they already know what’s in there.
Please correct me if I’m wrong but if the servers weren’t in the US this could have been avoided? Or was it a blunder from the services that allowed the FBI to download the entirety of the database? Or is it the same issue Lavabit faced but they closed way too late?
As far as I know the servers were in France, so how the database ended up in US hands is an interesting question.
So it’s only bad when other people do it?
and criminals are only ‘sorry’ when they are caught.
They stored the emails and account data as plain text in the server?
“They stored the emails and account data as plain text in the server?”
probably, criminals are not the smartest group around!
Re: Re: Re:
Except providing secure email wasn’t a crime last i checked…
We need a revolution.
So, It Doesn't Count Until...
So, it doesn’t count until you look at it? Just downloading it doesn’t count? Like downloading a copyrighted movie doesn’t count until you watch it?
Re: So, It Doesn't Count Until...
Actually, downloading copyrighted material doesn’t count until you upload it.
Re: Re: So, It Doesn't Count Until...
BTW, IANAL and, more specifically, IANYL.
Re: Re: Re: So, It Doesn't Count Until...
Well, as a PRMan that skill could probably come in handy, but that is not what we are here to discuss.
Punishment by association
The FBI employs punishment by association. They have previously shut down and copied for evidence entire ISP data centers because one domain was suspected of doing something illegal. (FBI shuts down entire ISP to investigate one customer (2004), FBI Raids Dallas Internet Service Provider Core IP (2009))
It’s the equivalent of razing an entire village because one enemy soldier is suspected to be living within it.
The federal government has forgotten one very important thing in their quest to protect America from the perceived threats of the world, the Bill of Rights is the foundation which this country is built upon. It’s creation is what persuaded the states to ratify the constitution. Ignoring it is like voiding a contract, in essence, voiding America. If our elected officials do not reign in these out of control rogue federal agencies, it may be time to take this to the state level and begin looking a succession as an option.
GOVERNMENT: Bill Rights? Who’s he?
JUDGE: Um, that guy? Y’know, the one you’re supposed to uphold?
GOVERNMENT: Oh, sorry, we killed him in a lobbied “accident”.
JUDGE: Very well, carry on.
PUBLIC: OBJECTION! This isn’t right! This is Tyranny!
JUDGE: But they have the paperwork and the finances. So there’s nothing I can do.
GOVERNMENT hands JUDGE a set of Photoshopped pictures
GOVERNMENT: There you go, as agreed.
Sounds like Tormail service was either using server-side encryption, or no encryption at all. If Tormail would have used client-side encryption and those emails were uploaded to the Tormail database, then all the FBI would be looking at is a bunch of encrypted data which they’d have no keys to.
Up your encryption game, people!
Except that the encryption standards have been compromised by the US govenment.
Re: Re: Re:
I wonder if the FBI will focus on the undoubtedly massive trove of Goldman Sachs (and the rest of Wall Street)emails containing descriptions of all their scams? Seriously, Wall Street thugs definitely used TorMail and the like to cover up their shenanigans.
or was setup by the Feds. It was a honey trap from the beginning.
If the FBI was distributing malware, can’t we charge them under the CFAA?
darryl just hates it when due process is enforced.
But how do Larry and the other Darryl feel about it?