Some Feds Wanted To Find A Loophole To Avoid Warrants When Using FBI's Homemade Spyware
from the slippery-slope dept
While it's been widely reported for a few years now that the FBI has some spyware, called the "computer and internet protocol address verifier," or CIPAV, for tracking down certain computer users. However, some new Freedom of Information Act-released documents provide some more details, including that other government agencies have requested to use the tool, and that there's been some serious disagreement among the feds about how it can and should be used legally (and if it's always used in legal ways).[EFF] officials have raised concerns about documents showing that FBI agents at times employed inconsistent methods for gaining authorization to install the tracer. Their email messages talk about using a "trespasser exception" to avoid obtaining a warrant. One message recommends citing the "All Writs Act, 28 U.S.C. § 1651(a)." The group noted that one September 2007 message indicates some agents felt spyware searches do not require any legal process.The thing is, it seems like this kind of thing would likely easily get a warrant approval in most cases where it was really necessary. Why is it that our federal government so often seems to hate having to go through such basic oversight efforts? After all, the news just came out that the FISA court approved all 1,506 requests from the government to electronically monitor suspects. It's not as if FISA is a difficult process to go through...
"There seems like there was a lot of back-and-forth," Lynch said.
The 2007 email stated, "I still think that use of [redacted] is consensual monitoring without need for process; In my mind, no different than sitting in a chat room and tracking participants; on/off times or for that matter sitting on P2P networks and find out who is offering KP" -- in a likely reference to law enforcement's practice of searching through file-sharing networks for sex offenders exchanging child pornography.
Thank you for reading this Techdirt post. With so many things competing for everyoneβs attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Oh yeah...
I'd say the agent who sent that ridiculous email should be put through a re-education course, but his bosses are probably still trying to figure out how P2P works 4 years later.
[ link to this | view in chronology ]
Re: Oh yeah...
"Huh. I would have thought Kazaa would be busier at this time of day."
[ link to this | view in chronology ]
Same ol' argument
[ link to this | view in chronology ]
Re: Same ol' argument
[ link to this | view in chronology ]
Once the foot is wedged in the door all other things come right behind it.
[ link to this | view in chronology ]
This "slippery slope" is damn near vertical
The "security" of America is in the hands of people who seem to think they run fully autonomous entities free from oversight, regulation or common sense. I assume they've decided that the Constitution and the Bill of Rights are "very cute ideas" but not really applicable in this new millennium.
[ link to this | view in chronology ]
Re: This "slippery slope" is damn near vertical
I would guess that this sort of thing went on prior to the dawn of the internet and seemingly was much more covert. I wonder what has changed, is there now a push for legitimacy or has it become more difficult to hide the spy vs spy activities.
[ link to this | view in chronology ]
Sure they are, the government uses copies of them for toilet paper.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I believe this happens all the time and sometimes its very obvious, from just reading a news article, that law enforcement involves some fishy tactics. I recently read about an officer that discovered an illegal activity when he just so happened to glance into a window of a home as he was "chasing a juvenile suspect" through a neighborhood. And of course the article states that "the juvenile got away". The fact is there was no juvenile suspect, the police already had some form of evidence and needed a so called legitimate reason to access the property.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Ron Paul for President
Frankly, I think it really doesn't matter who wins. Under all administrations since Nixon our rights have been gradually eroded away. The roots of this mess go back even further into the security state that was set up during the cold war.
Seems we really have only one party in the U.S. and it has two wings, one less right-wing than the other. Our votes, for either party, are mostly to continue the fiction that we have representation.
One way to address this problem would be to set up some sort of general strike, on a national level, that would force the government and it's corporate sponsors to listen. But this is probably not likely to happen either. Hard to imagine at this point our people actually putting themselves on the line that way.
So another way would to resist in other, more subtle ways. Make it as hard as possible for them, meaning government and corporations, to proceed in this effort. Constant noncooperation could have a powerful and corrosive effect on agencies that mean us harm. We must stand up for our rights at all times.
On a technological level it might mean using noncommercial operating systems, like Linux, using strong encryption, and avoiding devices and services that make life easier at the cost of our rights and/or privacy.
[ link to this | view in chronology ]
wiretap?
(from Wired, 2007)
IP address
MAC address of ethernet cards
A list of open TCP and UDP ports
A list of running programs
The operating system type, version and serial number
The default internet browser and version
The registered user of the operating system, and registered company name, if any
The current logged-in user name
The last visited URL
I'll take these one at a time:
IP address: The IP address of your computer, or the IP address of your router (when using NAT) is what is seen in every packet sent and received by your computer. This is clearly not private information.
MAC address of ethernet cards: The MAC address is sent only to other devices on a LAN. Depending on the type of connection to your ISP, a MAC address may or may not be used. If you have a router, your computer's MAC address is not sent on the interface that is the router's connection to the internet. Generally, your computer's MAC address is not sent to the internet. However, it is still just addressing information.
A list of open TCP and UDP ports: It is not clear how this information is acquired. One could scan your computer or router remotely which would give a list of ports that allow reception of requests. However, firewalls usually prevents unsolicited requests, so a true list of active ports requires collecting data internal to the computer. Alternatively, one could deduce the active ports by monitoring traffic from your computer to the internet. Ultimately, such information is just addressing information at the transport protocol level.
A list of running programs: I am assuming this is a list of the user applications and not the processes and threads underlying a program. I am also assuming this list just reflects the programs running from the active user account (the one with the spyware), as one can be logged into multiple accounts simultaneously. Not all programs use the internet. The collection of this information, although still just a high level overview, clearly oversteps the bounds of privacy in my mind.
The operating system type, version and serial number: The operating system type and version is put into every user agent header on every HTTP packet sent. What is not sent is the serial number of the operating system software installed. This is gotten from the Windows Registry (I do believe this tool is specific to MS Windows). This is simply identifying information, but it is not sent out on the internet unless your are doing a Windows update.
The default internet browser and version: This information is in the user agent header used in HTTP. Not private.
The registered user of the operating system, and registered company name, if any: I believe this information is also in the Registry and not generally sent out in any packet to the internet. I think that this information is sent during an MS Windows update but I have not looked this information up or monitored the packets sent during such an update. (Now I'm interested in doing this though). I would consider this private even though it is just identifying information.
The current logged-in user name: This is your account name under Windows. I don't think it is ever sent out in packets though I could be wrong. It is also a Registry item and just identifying information.
The last visited URL: It is interesting that all the rest of the browser history isn't accessed. I suspect they are getting this tidbit also from the Registry. What should be pointed out though is that a URL can contain more information than just a web address and pathname. It can contain private information passed in the "query" field. Also, the fragment identifier (the part after "#") is being used for new things and might contain private information. I would say there is the possibility that a URL can be considered, in part, "contents of a message". Just because it's main use is addressing doesn't eliminate this additional use and doesn't supply an excuse to collect it without a warrant.
I suspect the courts are not looking closely or are not understanding these technical details. This is a slippery slope of expanding identifying and addressing information to actually include content that should be considered private enough to require a warrant or wiretap order. You can learn a hell of a lot about someone if you can monitor all the metadata in their communications. On the opposite end of the stick, the government would like to restrict all sensitive information (SSI) even though any particular piece is not considered classified. This shows me that they recognize the potential danger of metadata when it is accumulated. The restriction of government information is a whole other issue though. I am just pointing out hypocrisy.
[ link to this | view in chronology ]
How is CIPAV installed?
1). The FBI or some other TLA agency (NSA?) is constantly researching to find new vulnerabilities and updating the CIPAV.
2) The FBI purchases 0-day vulnerabilities on the black market. (Isn't that a fun conspiracy theory?)
3). The FBI has arranged with Microsoft to allow a backdoor for CIPAV to use that is close in functionality to the MS Windows update mechanism.
The following is from the FBI's 2007 Timberlinebombinfo affidavit:
http://www.wired.com/images_blogs/threatlevel/files/timberline_affidavit.pdf
"Registr y information can be provided by a computer connected to the Internet, for example, when that computer connect to the Internet to request a software upgrade from it's software vendor."
Let the conspiracy theories begin!
[ link to this | view in chronology ]