FBI Appears To Have Collected Tormail's Entire Email Database... And It's Using It

from the collect-it-all dept

Tue, Jan 28th 2014 5:41am — Mike Masnick

We've mentioned in the past that, for all the focus on the NSA lately, the FBI may be equally, if not more, worrisome for its willingness to collect tons of data on everyone and use it. Back in August, it became pretty clear that the FBI had compromised the Tor Browser Bundle, and had effectively taken over Freedom Hosting -- a popular hosting provider for dark web tor sites -- in order to push out malware that identified Tor users. A month later, it was confirmed that it was the FBI behind the effort, which led to the closing of Freedom Hosting.

Now there are new reports, suggesting that along with Freedom Hosting, the FBI was able to get the full database of emails on TorMail, a popular tor-based email service that used Freedom Hosting and was shut down at the same time Freedom Hosting went down. The reports point to a new lawsuit, in which the FBI was able to get a search warrant to search TorMail using its own copy of the database -- which it clearly had obtained at an earlier date. This basically means that the FBI has a pretty easy time searching all those emails if it needs to:

The tactic suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later. There’s no indication that the FBI searched the trove for incriminating evidence before getting a warrant. But now that it has a copy of TorMail’s servers, the bureau can execute endless search warrants on a mail service that once boasted of being immune to spying.

This again highlights one of the problems of the "collect it all" approach. Rather than merely targeting a specific individual or group, the FBI now has all of those emails sitting in a database. Even if it's getting a warrant to search, it's now searching its own database, rather than having to go out to get the information from others who might challenge the requests.

Roberson, Sean Complaint (PDF)Roberson, Sean Complaint (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: email, fbi, nsa, searches, surveillance, tor, tormail, warrants

34 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

That One Guy (profile), 28 Jan 2014 @ 4:20am

That must have been an interesting court session...

FBI: Your Honor, we'd like to apply for a search warrant to search through X, Y, and Z email addresses.

Judge: What cause and evidence do you have to believe that the listed email addresses contain incriminating evidence?

FBI: Oh we already have, and have looked through, the email addresses, now we just need an after-the-fact warrant so we can legally search through and use the emails as evidence in court.

Judge: That seems off for some reason, but my favorite show is on in half an hour, and it's getting close to lunch, so warrant granted.
[ link to this | view in chronology ]
- Anonymous Howard (profile), 28 Jan 2014 @ 6:21am
  
  Re:
  Wouldn't copying the whole database "in secret" compromise it's value as evidence? After all, if they could download it, they could have modified it too just as easily.
  [ link to this | view in chronology ]
  - That One Guy (profile), 28 Jan 2014 @ 6:49am
    
    Re: Re:
    You'd think so, but the courts these days are a complete and utter joke when it comes to that whole 'justice' thing, letting government agencies do pretty much whatever they want.
    [ link to this | view in chronology ]
    - Anonymous Coward, 28 Jan 2014 @ 8:42am
      
      Re: Re: Re:
      yes, damn courts, why don't they just let the criminals do what they want!!!
      [ link to this | view in chronology ]
      - Baron von Robber, 28 Jan 2014 @ 9:08am
        
        Re: Re: Re: Re:
        That's right! They should arrest the criminal cops asap!
        [ link to this | view in chronology ]
      - Anonymous Coward, 28 Jan 2014 @ 2:52pm
        
        Re: Re: Re: Re:
        That is the issue, the courts are letting the criminals do what they want.
        
        The sad part is that it is the government that are the criminals in this instance
        [ link to this | view in chronology ]
    - Anonymous Coward, 28 Jan 2014 @ 1:56pm
      
      Re: Re: Re:
      You forget though. The courts seem to buy the Feinstein's arguments that these agencies are "professional" though which of course would preclude them from modifying them though. Wait until some Mafia guy is on trial for some crime and the government wants to claim that they tampered with evidence.
      
      Defense lawyer: "Your honor, my client couldn't have tampered with that evidence because he after all is a professional at this sort of thing."
      
      Judge: "Seems reasonable to me."
      [ link to this | view in chronology ]
  - ottermaton (profile), 28 Jan 2014 @ 9:22am
    
    Re: Re:
    Silly rabbit. They would never do that because they are professionals
    [ link to this | view in chronology ]
  - J. Edgar Hoover (profile), 28 Jan 2014 @ 9:33am
    
    Re: Re: "copying the whole database "in secret" compromise it's value as evidence?..."
    Plebians, pleaseeee!
    
    The Value of the Evidence Against You would only be compromised If you were not guilty! GUILTY! GUILTY!
    
    from the grave...
    [ link to this | view in chronology ]
  - Bergman (profile), 28 Jan 2014 @ 9:55am
    
    Re: Re:
    Yeah, but bear in mind those are the same courts who have no problems with the FBI refusing to use audio recorders, and have a person taking hand-written notes during interviews and interrogations.
    
    If those hand-written notes disagree with what a suspect claims he said, the most common result is perjury or lying to a federal agent charges for the suspect.
    [ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2014 @ 6:24am
  
  Re:
  I think that's exactly what they're doing, too. They look first, then ask for the warrant because they have "probable cause", since they already know what's in there.
  [ link to this | view in chronology ]
Ninja (profile), 28 Jan 2014 @ 5:42am

Please correct me if I'm wrong but if the servers weren't in the US this could have been avoided? Or was it a blunder from the services that allowed the FBI to download the entirety of the database? Or is it the same issue Lavabit faced but they closed way too late?
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2014 @ 5:52am
  
  Re:
  As far as I know the servers were in France, so how the database ended up in US hands is an interesting question.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 5:44am

So it's only bad when other people do it?

Hypocritial villains.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2014 @ 8:48am
  
  Re:
  and criminals are only 'sorry' when they are caught.
  [ link to this | view in chronology ]
TiagoTiago (profile), 28 Jan 2014 @ 6:02am

They stored the emails and account data as plain text in the server?
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2014 @ 8:47am
  
  Re:
  "They stored the emails and account data as plain text in the server?"
  
  probably, criminals are not the smartest group around!
  [ link to this | view in chronology ]
  - TiagoTiago (profile), 28 Jan 2014 @ 9:06am
    
    Re: Re:
    Except providing secure email wasn't a crime last i checked...
    [ link to this | view in chronology ]
krolork (profile), 28 Jan 2014 @ 6:15am

We need a revolution.
[ link to this | view in chronology ]
- btrussell (profile), 29 Jan 2014 @ 3:05am
  
  Re:
  http://www.youtube.com/watch?v=Bg-zN6oNA4U
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 6:37am

So, It Doesn't Count Until...
So, it doesn't count until you look at it? Just downloading it doesn't count? Like downloading a copyrighted movie doesn't count until you watch it?
[ link to this | view in chronology ]
- PRMan, 28 Jan 2014 @ 8:53am
  
  Re: So, It Doesn't Count Until...
  Actually, downloading copyrighted material doesn't count until you upload it.
  [ link to this | view in chronology ]
  - PRMan, 28 Jan 2014 @ 8:54am
    
    Re: Re: So, It Doesn't Count Until...
    BTW, IANAL and, more specifically, IANYL.
    [ link to this | view in chronology ]
    - Killer_Tofu (profile), 28 Jan 2014 @ 9:07am
      
      Re: Re: Re: So, It Doesn't Count Until...
      BTW, IANAL
      
      Well, as a PRMan that skill could probably come in handy, but that is not what we are here to discuss.
      [ link to this | view in chronology ]
Coyne Tibbets (profile), 28 Jan 2014 @ 7:02am

Punishment by association
The FBI employs punishment by association. They have previously shut down and copied for evidence entire ISP data centers because one domain was suspected of doing something illegal. (FBI shuts down entire ISP to investigate one customer (2004), FBI Raids Dallas Internet Service Provider Core IP (2009))

It's the equivalent of razing an entire village because one enemy soldier is suspected to be living within it.
[ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 7:17am

The federal government has forgotten one very important thing in their quest to protect America from the perceived threats of the world, the Bill of Rights is the foundation which this country is built upon. It's creation is what persuaded the states to ratify the constitution. Ignoring it is like voiding a contract, in essence, voiding America. If our elected officials do not reign in these out of control rogue federal agencies, it may be time to take this to the state level and begin looking a succession as an option.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2014 @ 7:34am
  
  Re:
  GOVERNMENT: Bill Rights? Who's he?
  
  JUDGE: Um, that guy? Y'know, the one you're supposed to uphold?
  
  GOVERNMENT: Oh, sorry, we killed him in a lobbied "accident".
  
  JUDGE: Very well, carry on.
  
  PUBLIC: OBJECTION! This isn't right! This is Tyranny!
  
  JUDGE: But they have the paperwork and the finances. So there's nothing I can do.
  
  *GOVERNMENT hands JUDGE a set of Photoshopped pictures*
  GOVERNMENT: There you go, as agreed.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 7:21am

Sounds like Tormail service was either using server-side encryption, or no encryption at all. If Tormail would have used client-side encryption and those emails were uploaded to the Tormail database, then all the FBI would be looking at is a bunch of encrypted data which they'd have no keys to.

Up your encryption game, people!
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2014 @ 3:44pm
  
  Re:
  Except that the encryption standards have been compromised by the US govenment.
  [ link to this | view in chronology ]
  - SumYungGuu, 28 Jan 2014 @ 6:41pm
    
    Re: Re:
    I wonder if the FBI will focus on the undoubtedly massive trove of Goldman Sachs (and the rest of Wall Street)emails containing descriptions of all their scams? Seriously, Wall Street thugs definitely used TorMail and the like to cover up their shenanigans.
    [ link to this | view in chronology ]
- Jones, 2 Feb 2014 @ 7:15am
  
  Re: Tor
  or was setup by the Feds. It was a honey trap from the beginning.
  [ link to this | view in chronology ]
Rekrul, 28 Jan 2014 @ 2:52pm

If the FBI was distributing malware, can't we charge them under the CFAA?
[ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2014 @ 4:54pm

darryl just hates it when due process is enforced.
[ link to this | view in chronology ]
- Rekrul, 29 Jan 2014 @ 12:06pm
  
  Re:
  But how do Larry and the other Darryl feel about it?
  [ link to this | view in chronology ]