FBI: We need wiretap-ready Web sites - now
The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.
In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.
The FBI general counsel’s office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.
“If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding,” an industry representative who has reviewed the FBI’s draft legislation told CNET. The requirements apply only if a threshold of a certain number of users is exceeded, according to a second industry representative briefed on it.
The FBI’s proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. The Federal Communications Commission extended CALEA in 2004 to apply to broadband networks.
“Going Dark” timeline
June 2008: FBI Director Robert Mueller and his aides brief Sens. Barbara Mikulski, Richard Shelby, and Ted Stevens on “Going Dark.”
June 2008: FBI Assistant Director Kerry Haynes holds “Going Dark” briefing for Senate appropriations subcommittee and offers a “classified version of this briefing” at Quantico.
August 2008: Mueller briefed on Going Dark at strategy meeting.
September 2008: FBI completes a “high-level explanation” of CALEA amendment package.
May 2009: FBI Assistant Director Rich Haley briefs Senate Intelligence committee and Mikulsi staffers on how bureau is “dealing with the ‘Going Dark’ issue.’” Mikulski plans to bring up “Going Dark” at a closed-door hearing the following week.
May 2009: Haley briefs Rep. Dutch Ruppersberger, currently the top Democrat on House Intelligence, who would later co-author CISPA.
September 2008: FBI staff briefed by RAND, which was commissioned to “look at” Going Dark.
November 2008: FBI Assistant Director Marcus Thomas, who oversees the Quantico-based Operational Technology Division, prepares briefing for President-Elect Obama’s transition team.
December 2008: FBI intelligence analyst in Communications Analysis Unit begins analysis of VoIP surveillance.
February 2009: FBI memo to all field offices asks for anecdotal information about cases where “investigations have been negatively impacted” by lack of data retention or Internet interception.
March 2009: Mueller’s advisory board meets for a full-day briefing on Going Dark.
April 2009: FBI distributes presentation for White House meeting on Going Dark.
April 2009: FBI warns that the Going Dark project is “yellow,” meaning limited progress, because of “new administration personnel not being in place for briefings.”
April 2009: FBI general counsel’s office reports that the bureau’s Data Interception Technology Unit has “compiled a list of FISA dockets… that the FBI has been unable to fully implement.” That’s a reference to telecom companies that are already covered by the FCC’s expansion of CALEA.
May 2009: FBI’s internal Wikipedia-knockoff Bureaupedia entry for “National Lawful Intercept Strategy” includes section on “modernize lawful intercept laws.”
May 2009: FBI e-mail boasts that the bureau’s plan has “gotten attention” from industry, but “we need to strengthen the business case on this.”
June 2009: FBI’s Office of Congressional Affairs prepares Going Dark briefing for closed-door session of Senate Appropriations subcommittee.
July 2010: FBI e-mail says the “Going Dark Working Group (GDWG) continues to ask for examples from Cvber investigations where investigators have had problems” because of new technologies.
September 2010: FBI staff operations specialist in its Counterterrorism Division sends e-mail on difficulties in “obtaining information from Internet Service Providers and social-networking sites.”
FBI Director Robert Mueller is not asking companies to support the bureau’s CALEA expansion, but instead is “asking what can go in it to minimize impacts,” one participant in the discussions says. That included a scheduled trip this month to the West Coast — which was subsequently postponed — to meet with Internet companies’ CEOs and top lawyers.
A further expansion of CALEA is unlikely to be applauded by tech companies, their customers, or privacy groups. Apple (which distributes iChat and FaceTime) is currently lobbying on the topic, according to disclosure documents filed with Congress two weeks ago. Microsoft (which owns Skype and Hotmail) says its lobbyists are following the topic because it’s “an area of ongoing interest to us.” Google, Yahoo, and Facebook declined to comment.
In February 2011, CNET was the first to report that then-FBI general counsel Valerie Caproni was planning to warn Congress of what the bureau calls its “Going Dark” problem, meaning that its surveillance capabilities may diminish as technology advances. Caproni singled out “Web-based e-mail, social-networking sites, and peer-to-peer communications” as problems that have left the FBI “increasingly unable” to conduct the same kind of wiretapping it could in the past.
In addition to the FBI’s legislative proposal, there are indications that the Federal Communications Commission is considering reinterpreting CALEA to demand that products that allow video or voice chat over the Internet — from Skype to Google Hangouts to Xbox Live — include surveillance backdoors to help the FBI with its “Going Dark” program. CALEA applies to technologies that are a “substantial replacement” for the telephone system.
“We have noticed a massive uptick in the amount of FCC CALEA inquiries and enforcement proceedings within the last year, most of which are intended to address ‘Going Dark’ issues,” says Christopher Canter, lead compliance counsel at the Marashlian and Donahue law firm, which specializes in CALEA. “This generally means that the FCC is laying the groundwork for regulatory action.”
Subsentio, a Colorado-based company that sells CALEA compliance products and worked with the Justice Department when it asked the FCC to extend CALEA seven years ago, says the FBI’s draft legislation was prepared with the compliance costs of Internet companies in mind.
In a statement to CNET, Subsentio President Steve Bock said that the measure provides a “safe harbor” for Internet companies as long as the interception techniques are “‘good enough’ solutions approved by the attorney general.”
Another option that would be permitted, Bock said, is if companies “supply the government with proprietary information to decode information” obtained through a wiretap or other type of lawful interception, rather than “provide a complex system for converting the information into an industry standard format.”
A representative for the FBI told CNET today that: “(There are) significant challenges posed to the FBI in the accomplishment of our diverse mission. These include those that result from the advent of rapidly changing technology. A growing gap exists between the statutory authority of law enforcement to intercept electronic communications pursuant to court order and our practical ability to intercept those communications. The FBI believes that if this gap continues to grow, there is a very real risk of the government ‘going dark,’ resulting in an increased risk to national security and public safety.”
11:15 pm • 24 January 2013
Public Buses Across Country Quietly Adding Microphones to Record Passenger Conversations
Kim Zetter, wired.com
Transit authorities in cities across the country are quietly installing microphone-enabled surveillance systems on public buses that would give them the ability to record and store private conversations. The systems are raising a number of privacy…
Another step towards increased governmental control…
11:31 am • 31 December 2012 • 731 notes
Editorial: the one thing Congress can agree on is violating your privacy
This week, as Congressional incompetence threatens to plunge the US into another recession, it’s comforting to know that Democrats and Republicans can still agree on at least one thing: that the US government should have the unquestionable authority to spy on its own citizens — in secret, without a warrant, and absent of any semblance of transparency.
That’s the bipartisan message Congress is sending with the Foreign Intelligence Surveillance Act (FISA) Reauthorization Act of 2012, a bill which passed through the Senate yesterday unscathed by any of the four amendments which sought to strike a balance between civil rights, transparency, and national security. Being as how President Obama has already expressed his support, the bill’s passage all but guarantees the preservation of expansive government spying powers that were set to expire by the end of the year, allowing US intelligence agencies to continue their warrantless wiretapping programs for the next five years.
You’d think that in a world where a good portion of us carry tiny computers that leave trails of sensitive information everywhere we go, it might be reasonable for law-abiding citizens to ask that their private communications and data receive the same rigorous protections as, say, a briefcase left in our home — or that we should at very least have a right to know to what extent our data is being searched. But to each of these requests, members of Congress on both sides of the aisle have repeatedly answered “no.”
1:19 pm • 29 December 2012
Revealed: how the FBI coordinated the crackdown on Occupy
It was more sophisticated than we had imagined: new documents show that the violent crackdown on Occupy last fall – so mystifying at the time – was not just coordinated at the level of the FBI, the Department of Homeland Security, and local police. The crackdown, which involved, as you may recall, violent arrests, group disruption, canister missiles to the skulls of protesters, people held in handcuffs so tight they were injured, people held in bondage till they were forced to wet or soil themselves –was coordinated with the big banks themselves.
The Partnership for Civil Justice Fund, in a groundbreaking scoop that should once more shame major US media outlets (why are nonprofits now some of the only entities in America left breaking major civil liberties news?), filed this request. The document –reproduced here in an easily searchable format – shows a terrifying network of coordinated DHS, FBI, police, regional fusion center, and private-sector activity so completely merged into one another that the monstrous whole is, in fact, one entity: in some cases, bearing a single name, the Domestic Security Alliance Council. And it reveals this merged entity to have one centrally planned, locally executed mission. The documents, in short, show the cops and DHS working for and with banks to target, arrest, and politically disable peaceful American citizens.
12:54 pm • 29 December 2012
FOREIGN RELATIONS OF THE UNITED STATES, 1958–1960 VOLUME XII, NEAR EAST REGION; IRAQ; IRAN; ARABIAN PENINSULA, DOCUMENT 5
“Our economic and cultural interests in the area have led not unnaturally to close U.S. relations with elements in the Arab world whose primary interest lies in the maintenance of relations with the West and the status quo in their countries—Chamoun of Lebanon, King Saud, Nuri of Iraq, KingHussein. These relations have contributed to a widespread belief in the area that the United States desires to keep the Arab world disunited and is committed to work with “reactionary” elements to that end. The USSR, on the other hand, is not inhibited in proclaiming all-out support for Arab unity and for the most extreme Arabnationalist aspirations, because it has no stake in the economic, or political status quo in the area.”
11:30 am • 9 December 2012 • 1 note
Europeans outraged over the US using Patriot Act for worldwide spying
Researchers from the University of Amsterdam in the Netherlands have condemned the United States for allowing the controversial Patriot Act to bypass foreign laws and let Americans intercept data from persons internationally.
In a just published study, Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act, researchers from the school’s Institute for Information Law say that legislation enacted to allegedly protect the security of US citizens has in the process eroded privacy protections on a global scale.
As more and more companies and individuals across the world begin relying on cloud computing to store information digitally on remote servers, the Dutch researchers warn that the Patriot Act and the Foreign Intelligence Surveillance Act (FISA) allow for those files to be fed into the US intelligence community, disregarding privacy safeguards in place for others around the globe.
“Most cloud providers, and certainly the market leaders, fall within the US jurisdiction either because they are US companies or conduct systematic business in the US,” Axel Arnbak, one of the authors of the research paper, tells CBS News. “In particular, the Foreign Intelligence Surveillance Amendments Act (FAA) makes it easy for US authorities to circumvent local government institutions and mandate direct and easy access to cloud data belonging to non-Americans living outside the US, with little or no transparency obligations for such practices – not even the number of actual requests.”
Indeed, the number of requests for wiretaps on email and phone accounts under the FAA remains something that even members of the US Congress’ intelligence committee are privy to, and that’s just in regards to Americans surveilled. Arnbak and his colleagues say they are concerned by what this legislation and measures included in and after the Patriot Act can have on an international audience.
In the abstract for their study, the researchers write that the Patriot Act “has started to play a symbolic role in the public debate” because “It is one important element in a larger, complex and dynamic legal framework for access to data for law enforcement and national security purposes.” Coupled with the FAA, US laws don’t limit only Americans to invasion of privacy.
Taking into account the Patriot Act, FISA and the 2008 amendments to the act, the researchers say their report describes vast “legal powers for the US government to obtain data of non-US persons located outside of the US from cloud providers that fall under its jurisdiction.”
“Such jurisdiction applies widely, namely to cloud services that conduct systematic business in the United States and is not dependent on the location where the data are stored, as is often assumed. For non-US persons located outside of the US, constitutional protection is not applicable and the statutory safeguards are minimal,” they warn.
To CBS, Arnbak says his fellow residents of the European Union could easily be in trouble, despite local efforts to limit outside interference.
“In the US legal framework, there is a legal doctrine called ‘extra-territorial jurisdiction’. This implies that cloud providers operating anywhere in the EU, or anywhere in the world for that matter, have to comply with data requests from US authorities as soon as they fall under US laws,” he says.
Given that more and more members of the international community are relating on cloud computing, the researchers warn that things could only get worse for Europeans interested in avoiding Uncle Sam.
“If US government agencies have no jurisdiction over an entity operating in the Netherlands, they may submit a request for mutual assistance under such agreements,” one part of their paper reads. “But in the borderless cloud, in which activities are in the U.S., there is ‘no clear obligation under US law for the US government to rely on such agreements when seeking access to data on non-US persons.’”
Last year, Microsoft UK’s managing director Gordon Frazer was asked, “Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances – even under a request by the Patriot Act?”
“Microsoft cannot provide those guarantees,” he responded. “Neither can any other company.”
7:19 pm • 6 December 2012
Why the WikiLeaks Grand Jury is So Dangerous: Members of Congress Now Want to Prosecute New York Times Journalists Too
For more than a year now, EFF has encouraged mainstream press publications like the New York Times to aggressively defend WikiLeaks’ First Amendment right to publish classified information in the public interest and denounce the ongoing grand jury investigating WikiLeaks as a threat to press freedom.
Well, we are now seeing why that is so important: at a House Judiciary subcommittee hearing on July 11th, some members of Congress made it clear they also want New York Timesjournalists charged under the Espionage Act for their recent stories on President Obama’s ‘Kill List’ and secret US cyberattacks against Iran. During the hearing, House Republicans “pressed legal experts Wednesday on whether it was possible to prosecute reporters for publishing classified information,” according to the Los Angeles Times.
In addition, the Washingtonian’s Shane Harris reported a month ago that a “senior” Justice Department official “made it clear that reporters who talked to sources about classified information were putting themselves at risk of prosecution.”
Leaks big and small have been happening for decades—even centuries—and the most recent are comparable to several others. No journalist has ever been prosecuted under the Espionage Act and it has generally been accepted, even by Congress’s own research arm, that the publication of government secrets by the press is protected speech under the First Amendment. Yet the government is actively investigating WikiLeaks and now threatening others for just that.
The mainstream media may see little in common with Assange’s digital publication methods or his general demeanor, but what he is accused of is virtually indistinguishable from what other reporters and newspapers do every day: poke, prod, and cajole sources within the government to give up classified information that newspapers then publish to inform the public of the government’s activities.
It’s clear the WikiLeaks and major newspapers can’t be distinguished in their critics’ own statements. House committee witness Army Col. Ken Allard, echoing the claims by multiple members of Congress during the WikiLeaks controversy, called the ‘kill list’ and cyberattack leaks “unprecedented” in American history. And much like previous comments about Julian Assange, Allard likened New York Times reporter David Sanger to a spy, saying he was “systematically penetrating the Obama White House as effectively as any foreign agent.”
Similarly, Senator Dianne Feinstein’s recent comments advocating the prosecution of WikiLeaks under the Espionage Act in no sense apply to one media organization but not the other.Salon’s Glenn Greenwald demonstrated this by replacing phrase “Mr. Assange” with “New York Times” in Sen. Feinstein’s statement to the Australian paper The Sydney Morning Herald:
The head of the US Senate’s powerful intelligence oversight committee has renewed calls for [The New York Times] to be prosecuted for espionage… .
”I believe [The New York Times] has knowingly obtained and disseminated classified information which could cause injury to the United States,” the chairwoman of the Senate Select Committee on Intelligence, Dianne Feinstein, said in a written statement provided to the Herald. ”[It] has caused serious harm to US national security, and  should be prosecuted accordingly.”
In this case, like many others, Congress has invoked the vague, catchall phrase “national security” in an attempt to curtail rights that have existed for decades. As we’ve previously pointed out, “national security” has been used as an excuse to weaken constitutional protections in laws such as the Patriot Act and CISPA, but it’s also been used in attempts to threaten press freedom.
In 2006, shortly after the New York Times first exposed the NSA’s illegal warrantless wiretapping program, Attorney General Alberto Gonzales told ABC News he was contemplating charging Times reporters under the Espionage Act because of the perceived harm to “national security.” Of course, the investigation didn’t hurt national security, but it did inform the American people of an unconstitutional program that later sparked Congressional hearings, and many ongoing lawsuits (including EFF’s). It also won the New York Times the Pulitzer Prize.
The same exaggerated “national security” arguments were made during the Pentagon Papers case and many other instances as well. Yet as New York Times editor-in-chief Jill Abramson remarked in the wake of these new leaks, “No story about details of government secrets has come near to demonstrably hurting the national security in decades and decades.”
Congress, for its part, is taking the exact opposite approach it should take. Instead of doubling down on secrecy, it should be working to fix our broken classification system and should be calling for fewer secrets. And instead of clamoring for more prosecutions, it should call for a halt to current prosecutions of whistleblowers under the Obama administration—already twice the amount than all other administrations combined.
Still, the nation’s largest editorial boards—the New York Times, Washington Post, and Wall Street Journal—have been silent on the dangers of the WikiLeaks grand jury. If the mainstream media thought they were protected by the 1st Amendment while WikiLeaks could be prosecuted, they should now be on clear notice that the government makes no such distinction.
If the mainstream media leaves Wikileaks to hang, their own necks are at risk too.
11:55 pm • 2 December 2012