FBI Pushing Real-Time Metadata-Harvesting 'Port Readers' On Service Providers
from the when-will-it-be-'enough'-data? dept
The FBI seems to be of the same mindset as the NSA -- it's better to have it all and not need it than to show any sense of restraint when it comes to harvesting data. Declan McCullagh at CNET has uncovered yet another surveillance program aimed at collecting vast amounts of data simply because the current legal climate allows it.
The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies' internal networks to facilitate surveillance efforts.Isn't that great? Carriers don't know what effects the FBI's new toy will have on their systems and are perhaps even a little concerned that they're violating their customers' last remnants of privacy by allowing this, but turning down this "opportunity" means facing contempt charges. The situation presents only unappealing choices.
FBI officials have been sparring with carriers, a process that has on occasion included threats of contempt of court, in a bid to deploy government-provided software capable of intercepting and analyzing entire communications streams. The FBI's legal position during these discussions is that the software's real-time interception of metadata is authorized under the Patriot Act.
Attempts by the FBI to install what it internally refers to as "port reader" software, which have not been previously disclosed, were described to CNET in interviews over the last few weeks. One former government official said the software used to be known internally as the "harvesting program."
The FBI quickly responded with a statement declaring its actions to be "playing by the rules," as well as expressing its pure desire to help telecoms and service providers become better corporate citizens.
"Pen Register and Trap and Trace orders grant law enforcement the authority to collect dialing, routing, addressing, or signaling information associated with a target's communications. This information includes source and destination IP addresses and port numbers. In circumstances where a provider is unable to comply with a court order utilizing its own technical solution(s), law enforcement may offer to provide technical assistance to meet the obligation of the court order."The FBI statement specifies "pen register" and "trap and trace," but the port readers gather far more information than the limited data available to those processes.
Federal law says law enforcement may acquire only "dialing, routing, addressing, or signaling information" without obtaining a wiretap. That clearly covers, for instance, the Internet Protocol address of a Web site that a targeted user is visiting. The industry-created CALEA standard also permits law enforcement to acquire timestamp information and other data.Knowing that the FBI is harvesting much more than basic metadata calls into question the recent court decision declaring warrantless cell phone location tracking constitutional. According to the majority's argument, metadata created by phone usage is nothing more than a "business record." something that is freely available to law enforcement and intelligence agencies because it carries with it no reasonable expectation of privacy.
But the FBI has configured its port reader to intercept all metadata -- including packet size, port label, and IPv6 flow data -- that exceeds what the law permits, according to one industry source.
At what point is that "expectation" reestablished? If the court's argument holds for location data, it will likely hold for any sort of metadata created, no matter how specific it is. The same warrantless process is being used by the FBI to capture metadata on internet usage, email and phone information -- all without being challenged for privacy violations.
There's every indication that the FBI has had more metadata than pen registers/trap and trace were ever intended to harvest for quite some time now. Late last year, hackers broke into an FBI laptop which contained a .csv file full of iPhone users' data.
[The csv file contained] a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.Why an agent had the data of 12 million iPhone users stored on his laptop is inexplicable. According to the narrative, any "inadvertent" data gets swept into storage where it can only be "asked questions." This file dump shows the FBI isn't necessarily discarding or segregating "irrelevant" information, a problem that is only worsened by each additional form of "metadata" it scoops up.
At a bare minimum, the outdated laws applying to the limits of pen registers and trap and trace need to be updated, as does the general argument that phone users' interaction with their providers (via calls, internet usage, etc.) create nothing more than "business records." Continuing to ignore the fact that these agencies are abusing outdated laws to scoop up massive amounts of metadata on non-targeted users will only ensure this problem will get worse in the future.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: fbi, metadata, port readers, privacy, surveillance, telcos
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
While Techdirt front page has 200K of javascript, you should talk!
Here's part of your oxymoronic "Privacy" page:
When you access Techdirt or open one of our HTML emails, we may automatically record certain information from your system by using different types of tracking technology. This "automatically collected" information may include Internet Protocol address ("IP Address"), a unique device or user ID, version of software installed, system type, the content and pages that you access on Techdirt, and the dates and times that you visit Techdirt.
[ link to this | view in thread ]
Who is paying for this?
I don't understand how some Republicans can be for "smaller government" and still condone these expenditures.
[ link to this | view in thread ]
Contempt of Court
[ link to this | view in thread ]
Re: While Techdirt front page has 200K of javascript, you should talk!
Of course NoScript might be annoying for non-technical users.
As for the rest...well...It's hard to run a server without collecting IP addresses...Also - in particular - it is hard to run a webserver without collecting some "private and unique" information, starting by your user-agent string, which your browser happily sends away with (almost) every request.
That bit in the privacy page is just boiler-plate that any minimally technically knowledgeable user should already be aware of. If it bothers you, use tor.
[ link to this | view in thread ]
Re: While Techdirt front page has 200K of javascript, you should talk!
[ link to this | view in thread ]
Re: Who is paying for this?
[ link to this | view in thread ]
Re: Re: While Techdirt front page has 200K of javascript, you should talk!
Also, be aware of this: http://arstechnica.com/security/2013/08/attackers-wield-firefox-exploit-to-uncloak-anonymous-tor-use rs/.
[ link to this | view in thread ]
Re: While Techdirt front page has 200K of javascript, you should talk!
[ link to this | view in thread ]
Y'know, this isn't all that surprising
It's true that, I am less than thrilled by the NSA's invasive surveillance programs, I'll give them credit for (mostly) keeping all that data to themselves (*see caveat about sharing with the DEA above*).
Problem with that is now it sounds like the FBI wants to get in on the data-mining game because the NSA won't share data (even though they're not supposed to be collecting info on Americans, but that's beside the point right now).
In the end, I find myself trusting the NSA more than I trust the FBI. It's depressing when you find yourself having more faith in the massive spy agency than you do in the FBI.
[ link to this | view in thread ]
Re: While Techdirt front page has 200K of javascript, you should talk!
i also see youre now condoning being a freetard. who ARE you?
[ link to this | view in thread ]
Re: Re: While Techdirt front page has 200K of javascript, you should talk!
And that is why the Calomel SSL validation extension is useful for more than just doing what it name implies: one of the things it lets you do is anonymize your user-agent. Of course, the User Agent Switcher let's you do that too.
Calomel: https://addons.mozilla.org/en-US/firefox/addon/calomel-ssl-validation/
User Agent Switcher: http://chrispederick.com/work/user-agent-switcher/
Incidentally, the maintainers of this site might be curious to know that Calomel's extension is currently flagging it.
[ link to this | view in thread ]
The CNET article mentions IPv6 flow data
Flow data is incredibly rich in the hands of someone who understands it. It's usually not that hard to re-identify it even if the sender/receiver pair is supposed anonymous -- or at least to partially re-identify it.
Moreover, it yields copious clues as to what operating systems are in use, what services/applications are running on them, even what revision level some of these are.
In the wrong hands (are there are any "right" hands for this?) this data would be devastating. Given that the FBI has already lost all kinds of laptops, some of which contained large data collections (see elsewhere in this discussion) we can reasonably expect that they'll start losing this data too. So much for their role in allegedly helping to "defend" us from cyberattack.
[ link to this | view in thread ]
Packet Size is Content of Communication
Thus, packet size is not metadata, it is content.
[ link to this | view in thread ]
So when will Declan be leaving for Russia?
[ link to this | view in thread ]
Police cars recording every license plate and keeping data bases of where we go. We all cringed at 1984 , and we now live with government recording our movements, Internet, probably phones. Is there no limit to abuse of rights, freedom, liberty? Innocent until proven guilty have any meaning? Probable cause is gone out the window. Everyone needs to start using encrypted email so some government pervert isn't ogling pictures of our daughters and wives.
[ link to this | view in thread ]
Re: Re: While Techdirt front page has 200K of javascript, you should talk!
No we don't. I suspect the dumbness he displays is only the tip of the iceberg.
I sense more stupidity in this one.
[ link to this | view in thread ]
Re: Re: Re: While Techdirt front page has 200K of javascript, you should talk!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Hey, you FBI guys...
[ link to this | view in thread ]
lol
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Re: While Techdirt front page has 200K of javascript, you should talk!
[ link to this | view in thread ]
Re: Contempt of Court
[ link to this | view in thread ]
Re: Packet Size is Content of Communication
[ link to this | view in thread ]
Re: Re: Re: Re: Re: While Techdirt front page has 200K of javascript, you should talk!
Also, calling a programming language malware is just plain stupid (but that's what we expect from OOTB, right?).
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Packet Size is Content of Communication
This business of lying through using incomplete definitions has been really irritating me lately. It's an ancient rhetorical technique, but I've been seeing it so much more than usual over the last decade or so.
[ link to this | view in thread ]