The FBI Might Do More Domestic Surveillance than the NSA
This is a
long article about the FBI's Data Intercept Technology Unit (DITU), which is basically its own internal NSA.
It carries out its own signals intelligence
operations and is trying to collect huge amounts of email and Internet
data from U.S. companies -- an operation that the NSA once conducted,
was reprimanded for, and says it abandoned.
[...]
The unit works closely with the "big three" U.S. telecommunications
companies -- AT&T, Verizon, and Sprint -- to ensure its ability to
intercept the telephone and Internet communications of its domestic
targets, as well as the NSA's ability to intercept electronic
communications transiting through the United States on fiber-optic
cables.
[...]
After Prism was disclosed in the Washington Post and the Guardian,
some technology company executives claimed they knew nothing about a
collection program run by the NSA. And that may have been true. The
companies would likely have interacted only with officials from the DITU
and others in the FBI and the Justice Department, said sources who have
worked with the unit to implement surveillance orders.
[...]
Recently, the DITU has helped construct data-filtering software that
the FBI wants telecom carriers and Internet service providers to install
on their networks so that the government can collect large volumes of
data about emails and Internet traffic.
The software, known as a port reader,
makes copies of emails as they flow through a network. Then, in
practically an instant, the port reader dissects them, removing only the
metadata that has been approved by a court.
The FBI has built metadata collection systems before. In the late
1990s, it deployed the Carnivore system, which the DITU helped manage,
to pull header information out of emails. But the FBI today is after
much more than just traditional metadata -- who sent a message and who
received it. The FBI wants as many as 13 individual fields of
information, according to the industry representative. The data include
the route a message took over a network, Internet protocol addresses,
and port numbers, which are used to handle different kinds of incoming
and outgoing communications. Those last two pieces of information can
reveal where a computer is physically located -- perhaps along with its
user -- as well as what types of applications and operating system it's
running. That information could be useful for government hackers who
want to install spyware on a suspect's computer -- a secret task that
the DITU also helps carry out.
[...]
Some federal prosecutors have gone to court to compel port reader
adoption, the industry representative said. If a company failed to
comply with a court order, it could be held in contempt.
[...]
It's not clear how many companies have installed the port reader, but
at least two firms are pushing back, arguing that because it captures
an entire email, including content, the government needs a warrant to
get the information. The government counters that the emails are only
copied for a fraction of a second and that no content is passed along to
the government, only metadata. The port reader is designed also to
collect information about the size of communications packets and traffic
flows, which can help analysts better understand how communications are
moving on a network. It's unclear whether this data is considered
metadata or content; it appears to fall within a legal gray zone,
experts said.
[...]
The Operational Technology Division also specializes in so-called
black-bag jobs to install surveillance equipment, as well as computer
hacking, referred to on the website as "covert entry/search capability," which is carried out under law enforcement and intelligence warrants.
[...]
But having the DITU act as a conduit provides a useful public
relations benefit: Technology companies can claim -- correctly -- that
they do not provide any information about their customers directly to
the NSA, because they give it to the DITU, which in turn passes it to
the NSA.
There is an enormous amount of information in the article, which
exposes yet another piece of the vast US government surveillance
infrastructure. It's good to read that "at least two" companies are
fighting at least a part of this. Any legislation aimed at restoring
security and trust in US Internet companies needs to address the whole
problem, and not just a piece of it.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.