Challenging the Surveillance State
July 1, 2012 2:21 PM   Subscribe

 
FBI Tried to Cover Patriot Act Abuses With Flawed, Retroactive Subpoenas, Audit Finds
FBI headquarters officials sought to cover their informal and possibly illegal acquisition of phone records on thousands of Americans from 2003 to 2005 by issuing 11 improper, retroactive “blanket” administrative subpoenas in 2006 to three phone companies that are under contract to the FBI, according to an audit released Thursday.

Top officials at the FBI’s counter-terrorism division signed the blanket subpoenas “retroactively to justify the FBI’s acquisition of data through the exigent letters or or other informal requests,” the Justice Department’s Inspector General Glenn Fine found.

The revelations come in a follow-up report to Fine’s 2007 finding that the FBI abused a key Patriot Act power, known as a National Security Letter. That first reports showed that FBI agents were routinely sloppy in using the self-issued subpoenas and issued hundreds that claimed fake emergencies...

FBI agents issue tens of thousands of National Security Letters annually to get phone records, portions of credit histories, and track down IP addresses without getting a judge’s approval in cases involving suspected terrorism, computer crimes or espionage.

Additionally, some of those retroactive NSLs sought records that the FBI was not authorized to obtain, and failed to explain — as required by policy — what investigation the records pertained to. Fine found that all were “issued in violation of internal FBI policy.”
posted by Blazecock Pileon at 2:31 PM on July 1, 2012 [5 favorites]


Yep. Kinda the point of Nineteen Eighty-Four, folks.
posted by Sys Rq at 2:34 PM on July 1, 2012 [2 favorites]


From his closing remarks:
"A very important means of subverting this one-way mirror that I've described is forcible, radical transparency, it's one of the reasons I support so enthusiastically and unqualifiably groups like Anonymous and Wikileaks- I want holes to be blown in the wall of secrecy, because the way in which this ends up operating effectively is only because they are able to conceal what they do, and that is why they consider these unauthorized means of transparency so threatening.

There are groups that are pursuing very interesting and effective forms of anonymity on the Internet. There are things like the TOR Project and other groups, which enable people to use the Internet without any detection from government authorities- That has the effect of preventing regimes that actually bar their citizens from using the Internet from doing so... but it also protects people who live in countries like ours, where the government is constantly trying to monitor what we do, by sending our communications through multiple proxies around the world, in a way that can't be invaded.

There's really a war taking place, an arms race, where the government and these groups are attempting to stay one technological step ahead of the other, in terms of technological ability to shield internet communications from the government, and the government's ability to invade them, and participating in this war in ways that are supportive of the good side are really critical, as is availing yourself of the technology that exists to make what you do as private as possible. I really don't think there's many more important fronts of battle, if there are any, than combating the surveillance state".
posted by dunkadunc at 2:46 PM on July 1, 2012 [13 favorites]


As a corollary, our corporatist state yield :
Your FTC Privacy Watchdogs: Low-Tech, Defensive, Toothless (Wired via homunculus)
posted by jeffburdges at 3:00 PM on July 1, 2012 [1 favorite]


Could you explain exactly how Tor works, like I'm five?
Also TorChat is growing more fun, at least for me. Imho, activists probably need TorChat gateways chats for ordinary IM clients, so that n00bs can simply add a personalize crazily named gtalk address, with which they chat via off-the-record messaging (not google's off-the-record messaging, the real one). I'm afraid that'll require software that hasn't yet been written however.

posted by jeffburdges at 3:10 PM on July 1, 2012


It's too late. It's already a done deal.

When 'location' came to mobile phones (at which point the UK already had 2M cams) would have been a good time. When the US, UK & AU had a facility dedicated to sifting telecomms 15 years back, few cared. When Zimmerman made PGP and talk about chipping began (Clinton era), a buzz rose and fell.

The die is cast. What's left are crumbs.
posted by Twang at 3:47 PM on July 1, 2012


The die is cast. What's left are crumbs.

Hardly. The amount of bytes necessary to communicate my thoughts to you, to share secrets, to organize a revolution, are tiny drops in a rapidly expanding sea of information. All we need is super-high speed broadband, heavy duty encryption, trust networks, and widely used tor-style routing. Privacy-friendly ISPs would be a huge help. Anything important can just be munged into an indecipherable flood of HD youtube cat videos passed through enough math formulas to make your brain hemorrhage

It's going to happen, because it can happen and because every day watching the abuses occurring there are more people who are wanting and working for it to happen. The long-term success of government panopticon project is going to be in the ballpark of the long-term success of the RIAA/MPAA war on piracy
posted by crayz at 3:56 PM on July 1, 2012 [1 favorite]


When 'location' came to mobile phones (at which point the UK already had 2M cams) would have been a good time.
This isn't true, and the belief behind it is insidious. There was some very flawed research about ten years ago which claimed a wildly overhigh 4.2 million CCTV cameras in the UK. It became popular to believe from this that the UK was the most watched country on earth, with folk regularly claiming that there was "one camera for every fourteen people". Even though the flaws in that research were pointed out again and again, the idea has stuck. Thus a "better" count of CCTV in the UK at 1.85 million is now repeated to back up the belief. But that number relies on counting all private CCTV, such as those in retail premises, ignoring that many countries (such as the US) may well have as many if not more. There is a real worry that by repeating this falsehood, we both misunderstand what state surveillance is, and misapply our worry about it.
posted by Jehan at 4:12 PM on July 1, 2012 [2 favorites]


Your FTC Privacy Watchdogs: Low-Tech, Defensive, Toothless (Wired via homunculus)

I've been exposed to a number of privacy watchdog agencies in a few different countries. This article rings true for me - most of the staff are lawyers, and none of them have in-house technical specialists. They don't generally detect privacy threats - they react to them once they are made aware of them, by the public sometimes, but mostly by the media.

But without in house technical specialists, it's very difficult to verify whether the claims are true (i.e., "Facebook uses evil tracking cookies that can't be removed") or whether the alleged fixes have actually been done. Further, many such watchdogs lack the investigation or enforcement powers that an effective regulator needs.

Often, watchdogs have to rely solely on assurances from the people that created the privacy breach in the first place, because they have no other way of gathering the information.
posted by His thoughts were red thoughts at 4:12 PM on July 1, 2012




Nineteen Eighty-Four is *so* pre-9/11.
posted by uosuaq at 4:26 PM on July 1, 2012




I've thought about ending all of my e-mails with:

"Allah Akbar, the humus has arrived."
posted by wrapper at 4:45 PM on July 1, 2012 [6 favorites]






homunculus: "House Committee Approves Sweeping, Warrantless Electronic Spy Powers"

FISA Amendments pass Congress; supporters state, "The Terrorists want to destroy this country, and we will stop at nothing to beat them to it."
posted by DoctorFedora at 5:00 PM on July 1, 2012 [2 favorites]


I take this to mean that [the NSA are] wiretapping and storing absolutely everything.
There is a not-quite-a-rumor going around, which could well just be a crank theory or something that's been cooked up for propaganda purposes, that the NSA has made a breakthrough that gives them a reasonable but computationally expensive attack on SSL. There was sort of an offhand mention of this in a recent Wired article; I'll see if I can find it.

Personally I'm skeptical. The NSA was miles ahead of the private sector in cryptography through most of the Cold War, but that was because there wasn't anything much going on in the private sector. If you wanted to do serious crypto, you worked for the NSA. That's not true anymore, and the NSA's researchers have the limitation of not being able to collaborate directly with the rest of the academic world. I'd imagine that's a handicap, but I guess you never know -- they could still be ahead of the rest of the world by virtue of their starting position.
posted by Kadin2048 at 5:01 PM on July 1, 2012 [1 favorite]


There is a not-quite-a-rumor going around, which could well just be a crank theory or something that's been cooked up for propaganda purposes, that the NSA has made a breakthrough that gives them a reasonable but computationally expensive attack on SSL. There was sort of an offhand mention of this in a recent Wired article; I'll see if I can find it.

here you go
i've read elsewhere that the breakthrough was practical quantum computation, but obviously there's no proof

personally, i'm convinced, and pretty terrified
posted by p3on at 5:04 PM on July 1, 2012 [5 favorites]


Even without actually using this type of surveillance -- chilling effects. compliance. intimidation.
Nightmare scenarios have their own independent power and effect.
posted by lslelel at 5:05 PM on July 1, 2012 [1 favorite]


the NSA's researchers have the limitation of not being able to collaborate directly with the rest of the academic world.

The NSA has regular conferences where they talk with academic experts. They kind of go like this " Tell us everything you know and we will tell you nothing". They also contract out work to research centers housed at universities.
posted by Rubbstone at 5:19 PM on July 1, 2012


This is the kind of thing that makes me look at announcements for Google Glass with trepidation. Most of the nominal restrictions on surveillance are based on societal expectations of privacy - expectations likely to go away if half the populace has a live camera on their head.
posted by Wemmick at 5:27 PM on July 1, 2012 [1 favorite]


I take this to mean that they're wiretapping and storing absolutely everything.

Duh.

NSA's researchers have the limitation of not being able to collaborate directly with the rest of the academic world.

Yes, because compartmentalization hasn't been around since the Manhattan project. There's no way the NSA could have academics working one pieces of things which add up to one big thing. That would be ludicrous and anyone who thinks otherwise is a crazy conspiracy theorist.
posted by AElfwine Evenstar at 7:04 PM on July 1, 2012


ignoring that many countries (such as the US) may well have as many if not more.

You mean....a country 40 times the size of the UK may have more CCTVs than the UK has? What a defense.
posted by carping demon at 7:06 PM on July 1, 2012


expectations likely to go away if half the populace has a live camera on their head.

Yes, and where Orwell was wrong was that in 1984 the protagonist is afraid of the cameras and microphones. It turns out that we can't get enough of them and are eating them up like hotcakes.
posted by AElfwine Evenstar at 7:08 PM on July 1, 2012 [5 favorites]


After listening to everything that Greenwald said, it all seems very subjective and speculative. The impact of the Surveillance State, I mean. I'm speaking from personal experience, having daylighted some cases the FBI wanted kept quiet.

I know for a fact that there was direct interest in me because I was interviewed a several times. Two or three times by a State Patrol detective assigned to the FBI's regional intelligence squad and once by the local SAC. It was friendly and they bought me lunch. As with any conversation with cops, you tell them what you want and don't expect them to answer any questions.

And sure enough, when the case went to trial, they had to cough up some information about the scope of their surveillance.

One of the things they disclosed was the FBI intentionally killed a local investigation into a cross-burning at a migrant camp. Once the culprits knew they had a free pass, they went back and shot the place up. No casualties, but no investigation or prosecution either.

Greenwald comes across as somewhat breathless and overexcited. I expected he would have better evidence of abuses, rather than these sweeping claims with very little specificity.

I strongly subscribe to I. F. Stone's dictum that the government is such a large bureaucracy that they can't help but leave a trail that can be picked up by doing the heavy lifting of actually reading lots and lots of documents.

Right now, the best reporter in the US for document digging is Scott Shane at the NYT, formerly with the Baltimore Sun.

Scott is a solid, fact-based reporter. During the Anthrax case, for instance, he went plowing through the Environmental Impact Statements (EIS) at the Dugway Proving Ground. He had a tip the DoD was producing weaponized anthrax for testing the integrity of combat vehicles that were rated for use in CBW environments. The gummint was making statements there was no way in hell that anybody working for them was making hot anthrax. And there it was, smoking gun in the Dugway EIS.

Scott, btw has a walk-on part in The Wire, season 5, as the education reporter. Which I found just all sorts of awesome.

Greenwald is trained as an attorney, not an investigator. So his positions frequently strike me as being too heavy on the rhetoric and too light on the facts. It's impressive handwaving, but handwaving none the less.
posted by warbaby at 7:56 PM on July 1, 2012 [10 favorites]


Personally I'm skeptical. The NSA was miles ahead of the private sector in cryptography through most of the Cold War, but that was because there wasn't anything much going on in the private sector.

The Flame trojan, which is just one of at least a few known cyberwarfare programs developed by the US and Israel targeting the Iranian nuclear program, used a novel MD5 collision attack

As an indication of the level of resources willing and able to be deployed at even a relatively narrow, minor target, that is fairly astonishing. So, yes. Be worried
posted by crayz at 8:30 PM on July 1, 2012 [2 favorites]


I take this to mean that they're wiretapping and storing absolutely everything.

You would be correct. Never underestimate the NSA. They want to know EVERYTHING about EVERYBODY.
posted by mrhappy at 9:13 PM on July 1, 2012


crayz: "The Flame trojan, which is just one of at least a few known cyberwarfare programs developed by the US and Israel targeting the Iranian nuclear program, used a novel MD5 collision attack

As an indication of the level of resources willing and able to be deployed at even a relatively narrow, minor target, that is fairly astonishing. So, yes. Be worried
"

Very interesting link and yes the attack was impressive, but then I'm sure neither the US nor Israel consider the Iranian nuclear program a narrow, minor target.
posted by Bokononist at 9:51 PM on July 1, 2012


I take this to mean that they're wiretapping and storing absolutely everything.


Yes, retroactive wire taps and email dumps. Probably being sifted this moment with some really clever algorithms. I am curious how far up the line it goes before I get watched by a real human.
posted by psycho-alchemy at 12:42 AM on July 2, 2012 [2 favorites]


here you go
i've read elsewhere that the breakthrough was practical quantum computation, but obviously there's no proof
More likely: Figuring out a way around PKI. Iran tried to clone certificates, but got caught. The NSA wouldn't have that problem because they wouldn't need to hack anything, they could just ask for the root certificates, and probably get them. The other option would be installing viruses on people's machines to listen in. Breaking crypto would be like trying to break into a house by busting down a thick steel front door, rather then a window.
posted by delmoi at 1:45 AM on July 2, 2012 [1 favorite]


I don't know if this is the technique the rumor refers to, but there has been a vulnerability in SSL/TLS1.0 for quite some time that allows for decrypting traffic. It was first talked about in the public sector in 2009, wouldn't be surprised if NSA knew about it way before then.
posted by Adamsmasher at 4:28 AM on July 2, 2012


This article states "When an individual uses a webmail service such as Gmail, for example, the entire webpage is encrypted before it is sent. This makes it impossible for ISPs to distinguish the content of the message. Under the Home Office proposals, once the Gmail is sent, the ISPs would have to route the data via a government-approved "black box" which will decrypt the message, separate the content from the "header data", and pass the latter back to the ISP for storage."

This makes it sound like they are talking about decrypting SSL-protected pages and storing message data from them, which I understood to be technically infeasible. However, they also say "once the gmail is sent", which could also refer to intercepting the e-mail once it's been sent out from google's mail server. Anyone have any idea what they're actually talking about?
posted by nTeleKy at 7:53 AM on July 2, 2012


July 1st, the big ISPs became the defacto enforcement goons for the MPAA/RIAA in the War Against Piracy. (The telecoms have been the stooges of the Gubmint since 9/11 gave them the excuse, legal or otherwise.)

All the encryption and TOR routers and trusted networks will be moot when these things are made illegal - all in the name of Protecting Us From Terra-ism. Just remember, if you don't do anything wrong, you have nothing to worry about.
posted by Enron Hubbard at 8:53 AM on July 2, 2012 [1 favorite]


This article states "When an individual uses a webmail service such as Gmail, for example, the entire webpage is encrypted before it is sent. This makes it impossible for ISPs to distinguish the content of the message. Under the Home Office proposals, once the Gmail is sent, the ISPs would have to route the data via a government-approved "black box" which will decrypt the message, separate the content from the "header data", and pass the latter back to the ISP for storage."
Yeah, that is just.... not correct. In theory you can do a "Man in the Middle" attack, where you used forged certificates, but when Iran tried that they got caught due to extra protections in browsers that detected it.

It sounds like something that was written by someone who heard someone describe something technical, didn't understand it, and then tried to write an article by randomly re-using keywords. The pages are "unencrypted" before they are sent, but those unencrypted pages never leave the server. With SSL, the headers are encrypted along with the page and everything else.

If there is a flaw in SSL that can be exploited, it has nothing to do with headers or the existence of plaintext.
posted by delmoi at 9:05 PM on July 2, 2012




















homunculus: "Why the WikiLeaks Grand Jury is So Dangerous: Members of Congress Now Want to Prosecute New York Times Journalists Too"


Aah, that explains the recent NYT op-ed. They only care now they think they could be targeted.
posted by dunkadunc at 10:42 AM on July 29, 2012


Er, you don't mean this op-ed, do you?
posted by homunculus at 12:28 PM on July 29, 2012 [2 favorites]


Eep. I knew there was a fake one going around, but I was under the impression that there was a real one (in which he backed up Wikileaks) and a fake one (in which his opinions were greatly exaggerated.)
posted by dunkadunc at 5:29 PM on July 29, 2012






« Older CALLING ALL THE BASIC BITCHES...   |   Petzl RocTrip China 2011 Newer »


This thread has been archived and is closed to new comments