DOJ Blurred Lines Between Terrorism & Crime To Expand NSA & FBI Warrantless Wiretapping Of 'Hackers'
from the whatever,-it's-all-the-same dept
This week, of course, the US government passed the USA Freedom Act, a modest step towards reform. As we've noted, it doesn't even touch on two of the more concerning surveillance authorities: Executive Order 12333 and Section 702 of the FISA Amendments Act, which includes the infamous "warrantless wiretapping" programs that allow the NSA to tap "upstream" fiber optic cables from AT&T and others to sniff all data traveling across those cables.Pro Publica and the NY Times have teamed up to report on how the DOJ expanded the warrantless wiretapping regime to go after hackers. There's a lot to unpack in the story (which is well worth reading), but the short version is that, under pressure from the White House, NSA and others, officials appear to have deliberately blurred the lines between "crime" and "international terrorism" in order to get the DOJ to sign off on secret legal orders allowing the NSA and the FBI to use its "upstream" snooping capabilities to monitor certain "cybersecurity signatures" which include basically anything the feds want, to sniff out a hacker. From the revealed documents (which, yes, come from Ed Snowden's cache):
The Certification will also for the first time spell out the authorization for targeting cyber signatures such as IP addresses, strings of computer code, and similar non-email or phone number-based selectors.In short: the government said, "okay, you can now sniff that upstream firehose for hackers based on whatever "code snippets" or "IP addresses" we give you."
Of course, this raises some questions about the split between domestic law enforcement and international anti-terrorism/foreign intelligence work. Remember, the 702 upstream program is pretty specific in that it's only to be used for non-domestic, non-criminal work. But, according to the White House, those distinctions no longer matter:
“Reliance on legal authorities that make theoretical distinctions between armed attacks, terrorism and criminal activity may prove impractical,” the White House National Security Council wrote in a classified annex to a policy report in May 2009, which was included in the NSA’s internal files.Yes, apparently, it's "impractical" for the surveillance state to actually follow the law.
The documents also reveal that they really wanted access to that sweet, sweet upstream firehose, because much more limited programs like PRISM (which involve court orders to certain internet companies) didn't provide enough coverage:
According to the Pro Publica / NY Times report, the NSA sought more and more permission here, though it's not clear what has actually been granted:
In May and July 2012, according to an internal timeline, the Justice Department granted its secret approval for the searches of cybersignatures and Internet addresses. The Justice Department tied that authority to a pre-existing approval by the secret surveillance court permitting the government to use the program to monitor foreign governments.Remember all of this when you see the government asking for new "cybersecurity" laws -- which all too frequently are ways of granting the NSA and/or FBI greater powers to do surveillance via these upstream collections. As The Intercept points out, during the big debates on cybersecurity over the last few years, the NSA has insisted that it doesn't have access to this kind of information, and almost every debate on the power of upstream collection by the NSA and others has been based on claims by the intelligence community that they only use unique identifiers like email addresses -- and not very, very broad identifiers like an IP address or "computer code."
That limit meant the NSA had to have some evidence for believing that the hackers were working for a specific foreign power. That rule, the NSA soon complained, left a “huge collection gap against cyberthreats to the nation” because it is often hard to know exactly who is behind an intrusion, according to an agency newsletter. Different computer intruders can use the same piece of malware, take steps to hide their location or pretend to be someone else.
So the NSA, in 2012, began pressing to go back to the surveillance court and seek permission to use the program explicitly for cybersecurity purposes. That way, it could monitor international communications for any “malicious cyberactivity,” even if it did not yet know who was behind the attack.
The newsletter described the further expansion as one of “highest priorities” of the NSA director, Gen. Keith B. Alexander.
There's a lot more in the full article and in the released documents which you can see below.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 702, cybersecurity, fbi, fisa, hacking, nsa, surveillance, upstream, upstream collection, warrantless wiretapping
Reader Comments
Subscribe: RSS
View by: Time | Thread
Unique Identifiers, IP addresses
Craigslist won't let me on when I have my VPN turned on, and I have never done anything there except look at ads, so it is my VPN IP address that they look at, and deny me. Therefore, those few times I really want to look at Craigslist ads, I turn my VPN off for a half hour or so.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
So Raise your Hand...
I mean the slippery slope folks fell all over themselves screaming about it.
[ link to this | view in thread ]
[ link to this | view in thread ]
fellow humans of earth....
STOP DOING BUSINESS WITH THE UNITED FACIST STATES OF AMERICA AND DO NOT FORGET COPS KILLED 9 BIKERS IN WACO AND ARE COVERING IT UP THAT THE SHOT HUNDREDS OF ROUNDS AT THEM ALL.
[ link to this | view in thread ]
When you consider DHS and the FBI teaching people that the founding fathers were terrorists that should be hated and reviled instead of respected and revered
[ link to this | view in thread ]
Re: fellow humans of earth....
[ link to this | view in thread ]
Re: Unique Identifiers, IP addresses
Congrats, you just wasted money on a useless VPN ; )
[ link to this | view in thread ]
Re: Re: Unique Identifiers, IP addresses
Oh, and cookies, I wipe all of those out with an irregular regularity.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: fellow humans of earth....
[ link to this | view in thread ]
Re: So Raise your Hand...
[ link to this | view in thread ]
Re: Re: Re: Unique Identifiers, IP addresses
I wouldn't call it failure of such services because the service still works but the site decides to block them. So imho it is a failure of the site. But I guess both points of view have good arguments.
And I guess if you don't use it to mask your IP and only for other stuff like i.e. IP blocks then it's nothing you have to worry about but for people who do it's just a reminder that even a short time of using a real IP can breach security.
[ link to this | view in thread ]
Computer Code
Yeah, I see how that works.
[ link to this | view in thread ]
Re: Unique Identifiers, IP addresses
[ link to this | view in thread ]
Re: Re: Unique Identifiers, IP addresses
My way, open router page, click on Tunneling client, click stop, and when finished click start and then click log out of router.
Both methods would require that I log into my PasswordSafe. The fact that my VPN is on the router rather than desktop software helps a lot, including offloading encrypt/decrypt functions to a different cpu.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Unique Identifiers, IP addresses
[ link to this | view in thread ]
If obliviously glancing over some lines of code can be used in any judicial or executive process, this could be blatantly misused.
"Your honor he haxxored 'printf('Hello World!');' just like the infamous 4chan the he surely must be, so please find him guilty and his possessions too"
Copy&paste should be suspicous, as you could easily frame other people.
[ link to this | view in thread ]