[Infowarrior] - FBI turns to broad new wiretap method

Tue Jan 30 08:58:25 EST 2007

FBI turns to broad new wiretap method

By Declan McCullagh
http://news.com.com/FBI+turns+to+broad+new+wiretap+method/2100-7348_3-615445
7.html

Story last modified Tue Jan 30 04:00:05 PST 2007

The FBI appears to have adopted an invasive Internet surveillance technique
that collects far more data on innocent Americans than previously has been
disclosed.

Instead of recording only what a particular suspect is doing, agents
conducting investigations appear to be assembling the activities of
thousands of Internet users at a time into massive databases, according to
current and former officials. That database can subsequently be queried for
names, e-mail addresses or keywords.

Such a technique is broader and potentially more intrusive than the FBI's
Carnivore surveillance system, later renamed DCS1000. It raises similar
concerns as widespread Internet monitoring that the National Security Agency
is said to have done, according to documents that have surfaced in one
federal lawsuit, and may stretch the bounds of what's legally permissible.

Call it the vacuum-cleaner approach. It's employed when police have obtained
a court order and an Internet service provider can't "isolate the particular
person or IP address" because of technical constraints, says Paul Ohm, a
former trial attorney at the Justice Department's Computer Crime and
Intellectual Property Section. (An Internet protocol address is a series of
digits that can identify an individual computer.)

That kind of full-pipe surveillance can record all Internet traffic,
including Web browsing--or, optionally, only certain subsets such as all
e-mail messages flowing through the network. Interception typically takes
place inside an Internet provider's network at the junction point of a
router or network switch.

The technique came to light at the Search & Seizure in the Digital Age
symposium held at Stanford University's law school on Friday. Ohm, who is
now a law professor at the University of Colorado at Boulder, and Richard
Downing, a CCIPS assistant deputy chief, discussed it during the symposium.

In a telephone conversation afterward, Ohm said that full-pipe recording has
become federal agents' default method for Internet surveillance. "You
collect wherever you can on the (network) segment," he said. "If it happens
to be the segment that has a lot of IP addresses, you don't throw away the
other IP addresses. You do that after the fact."

"You intercept first and you use whatever filtering, data mining to get at
the information about the person you're trying to monitor," he added.

On Monday, a Justice Department representative would not immediately answer
questions about this kind of surveillance technique.

"What they're doing is even worse than Carnivore," said Kevin Bankston, a
staff attorney at the Electronic Frontier Foundation who attended the
Stanford event. "What they're doing is intercepting everyone and then
choosing their targets."

When the FBI announced two years ago it had abandoned Carnivore, news
reports said that the bureau would increasingly rely on Internet providers
to conduct the surveillance and reimburse them for costs. While Carnivore
was the subject of congressional scrutiny and outside audits, the FBI's
current Internet eavesdropping techniques have received little attention.

Carnivore apparently did not perform full-pipe recording. A technical report
(PDF) from December 2000 prepared for the Justice Department said that
Carnivore "accumulates no data other than that which passes its filters" and
that it saves packets "for later analysis only after they are positively
linked by the filter settings to a target."

One reason why the full-pipe technique raises novel legal questions is that
under federal law, the FBI must perform what's called "minimization."

Federal law says that agents must "minimize the interception of
communications not otherwise subject to interception" and keep the
supervising judge informed of what's happening. Minimization is designed to
provide at least a modicum of privacy by limiting police eavesdropping on
innocuous conversations.

Prosecutors routinely hold presurveillance "minimization meetings" with
investigators to discuss ground rules. Common investigatory rules permit
agents to listen in on a phone call for two minutes at a time, with at least
one minute elapsing between the next spot monitoring.

That section of federal law mentions only real-time interception--and does
not explicitly authorize the creation of a database with information on
thousands of innocent targets.

But a nearby sentence adds: "In the event the intercepted communication is
in a code or foreign language, and an expert in that foreign language or
code is not reasonably available during the interception period,
minimization may be accomplished as soon as practicable after such
interception."

Downing, the assistant deputy chief at the Justice Department's computer
crime section, pointed to that language on Friday. Because digital
communications amount to a foreign language or code, he said, federal agents
are legally permitted to record everything and sort through it later.
(Downing stressed that he was not speaking on behalf of the Justice
Department.)

"Take a look at the legislative history from the mid '90s," Downing said.
"It's pretty clear from that that Congress very much intended it to apply to
electronic types of wiretapping."

EFF's Bankston disagrees. He said that the FBI is "collecting and apparently
storing indefinitely the communications of thousands--if not hundreds of
thousands--of innocent Americans in violation of the Wiretap Act and the 4th
Amendment to the Constitution."

Marc Rotenberg, director of the Electronic Privacy Information Center in
Washington, D.C., said a reasonable approach would be to require that
federal agents only receive information that's explicitly permitted by the
court order. "The obligation should be on both the (Internet provider) and
the government to make sure that only the information responsive to the
warrant is disclosed to the government," he said.

Courts have been wrestling with minimization requirements for over a
generation. In a 1978 Supreme Court decision, Scott v. United States, the
justices upheld police wiretaps of people suspected of selling illegal
drugs.

But in his majority opinion, Justice William Rehnquist said that broad
monitoring to nab one suspect might go too far. "If the agents are permitted
to tap a public telephone because one individual is thought to be placing
bets over the phone, substantial doubts as to minimization may arise if the
agents listen to every call which goes out over that phone regardless of who
places the call," he wrote.

Another unanswered question is whether a database of recorded Internet
communications can legally be mined for information about unrelated criminal
offenses such as drug use, copyright infringement or tax crimes. One 1978
case, U.S. v. Pine, said that investigators could continue to listen in on a
telephone line when other illegal activities--not specified in the original
wiretap order--were being discussed. Those discussions could then be used
against a defendant in a criminal prosecution.

Ohm, the former Justice Department attorney who presented a paper on the
Fourth Amendment, said he has doubts about the constitutionality of
full-pipe recording. "The question that's interesting, although I don't know
whether it's so clear, is whether this is illegal, whether it's
constitutional," he said. "Is Congress even aware they're doing this? I
don't know the answers."