[Infowarrior] - Secret Data in FBI Wiretapping Audit Revealed with Ctrl-C

[Richard Forno]

Secret Data in FBI Wiretapping Audit Revealed with Ctrl-C
By Ryan Singel EmailMay 16, 2008 | 7:51:59 PMCategories: Glitches and  
Bugs, Surveillance
http://blog.wired.com/27bstroke6/2008/05/secret-data-in.html

Once again, supposedly sensitive information blacked out from a  
government report turns out to be visible by computer experts armed  
with the Ctrl-C keys -- and that information turns out to be not very  
sensitive after all.

This time around, Princeton professor Matt Blaze discovered that the  
Justice Department's Inspector General's office had failed to  
adequately obfuscate data in a March report (.pdf) about FBI payments  
to telecoms to make their legacy phone switches comply with 1995  
wiretapping rules. That report detailed how the FBI had finished  
spending its allotted $500 million to help telephone companies  
retrofit their old switches to make them compliant with the  
Communications Assistance to LAw Enforcement Act or CALEA-- even as  
federal wiretaps target cell phones more than 90 percent of the time.

< - >

Some of the tidbits considered to sensitive to be aired publicly?

The FBI paid Verizon $2500 a piece to upgrade 1,140 old telephone  
switches. Oddly the report didn't redact the total amount paid to the  
telecom -- slightly more than $2.9 million dollars -- but somehow the  
bad guys will win if they knew the number of switches and the cost paid.

FBI survey results  about wiretaps could also be found hidden under  
the redaction layer.

For the record, in 2005 and 2005, from talking to federal, state and  
local law enforcement agencies believed that the top emerging  
technologies causing surveillance concerns were VOIP, broadband and  
prepaid cell phones. While cops have long fretted about encryption and  
one might expect it to be in this list, it seems to have never been a  
problem for wiretapping.

In 2005, only 8% had tried tapping internet phone calls, but that  
number rose to 34% in 2006. In 2006, 35 percent of agencies had tried  
some sort of surveillance on broadband, but the question wasn't asked  
in 2005.

The price of wiretaps and pen traps still limits surveillance,  
according to 68% of agencies in 2005 and 65% in '06. Meanwhile,  
telecoms seem to be getting better at providing data in standard  
formats to cops, whose complaints about data format fell dramatically  
from 60% in 2005 to 12% in in 2006.

But, oddly, 41% of agencies in 2006 say investigations have been  
hampered by companies not complying with CALEA's mandates, while in  
2005, that number was only 22%,

Other nuggets? Hidden info in a blacked out screenshot of the FBI's  
wiretapping help line complaint management software reveals that even  
wiretappers have IT problems.

Cops in Montgomery County, Maryland had trouble right after Christmas  
in 2007 getting wiretap info delivered. Not far away in Baltimore (the  
honorary wiretap capital of the U.S.), cops had problems just before  
Christmas using the FBI's database of cell towers, which help cops  
figure out target's location and movements. Kenner, Louisiana cops  
just wanted a user name and password to chat in the Law Enforcement  
forum on ASKCalea.

Now that the cat is out of the bag, one is sure to see a crime wave  
across the country.

Professor Matt Blaze suggests following NSA's technical  
recommendations (.pdf) on how to redact documents. THREAT LEVEL merely  
suggests that report writers start telling the classifiers to stop  
acting like censors from WWII carrier groups.