February 18th, 2008

Posted by Richard Koman @ February 18, 2008

WASHINGTON — A technical glitch gave the F.B.I. access to the e-mail buy viagra online without prescription messages from an entire computer network — perhaps hundreds of accounts or more — instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.

F.B.I. officials blamed an “apparent miscommunication” with the unnamed Internet provider, which mistakenly turned over all the e-mail from a small e-mail domain for which it served as host. The records were ultimately destroyed, officials said.

Bureau officials noticed a “surge” in the e-mail activity they were monitoring and realized that the provider had mistakenly set its filtering equipment to trap far more data than a judge had actually authorized.

The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.

The problem has received no discussion as part of the fierce debate in Congress about whether to expand the government’s wiretapping authorities and give legal immunity to private telecommunications companies that have helped in those operations.

But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: “It’s inevitable that these things will happen. It’s not weekly, but it’s common.”

A report in 2006 by the Justice Department inspector general found more than 100 violations of federal wiretap law in the two prior years by the Federal Bureau of Investigation, many of them considered technical and inadvertent.

Bureau officials said they did not have updated public figures but were preparing them as part of a wider-ranging review by the inspector general into misuses of the bureau’s authority to use so-called national security letters in gathering phone records and financial documents in intelligence investigations.

In the warrantless wiretapping program approved by President Bush after the Sept. 11 terrorist attacks, technical errors led officials at the National Security Agency on some occasions to monitor communications entirely within the United States — in apparent violation of the program’s protocols — because communications problems made it difficult to tell initially whether the targets were in the country or not.

Past violations by the government have also included continuing a wiretap for days or weeks beyond what was authorized by a court, or seeking records beyond what were authorized. The 2006 case appears to be a particularly egregious example of what intelligence officials refer to as “overproduction” — in which a telecommunications provider gives the government more data than it was ordered to provide.

The problem of overproduction is particularly common, F.B.I. officials said. In testimony before Congress in March 2007 regarding abuses of national security letters, Valerie E. Caproni, the bureau’s general counsel, said that in one small sample, 10 out of 20 violations were a result of “third-party error,” in which a private company “provided the F.B.I. information we did not seek.”

The 2006 episode was disclosed as part of a new batch of internal documents that the F.B.I. turned over to the Electronic Frontier Foundation, a nonprofit group in San Francisco that advocates for greater digital privacy protections, as part of a Freedom of Information Act lawsuit the group has brought. The group provided the documents on the 2006 episode to The New York Times.

Marcia Hofmann, a lawyer for the privacy foundation, said the episode raised troubling questions about the technical and policy controls that the F.B.I. had in place to guard against civil liberties abuses.

“How do we know what the F.B.I. does with all these documents when a problem like this comes up?” Ms. Hofmann asked.

In the cyber era, the incident is the equivalent of law enforcement officials getting a subpoena to search a single apartment, but instead having the landlord give them the keys to every apartment in the building. In February 2006, an F.B.I. technical unit noticed “a surge in data being collected” as part of a national security investigation, according to an internal bureau report. An Internet provider was supposed to be providing access to the e-mail of a single target of that investigation, but the F.B.I. soon realized that the filtering controls used by the company “were improperly set and appeared to be collecting data on the entire e-mail domain” used by the individual, according to the report.

The bureau had first gotten authorization from the Foreign Intelligence Surveillance Court to monitor the e-mail of the individual target 10 months earlier, in April 2005, according to the internal F.B.I. document. But Michael Kortan, an F.B.I. spokesman, said in an interview that the problem with the unfiltered e-mail went on for just a few days before it was discovered and fixed. “It was unintentional on their part,” he said.

Mr. Kortan would not disclose the name of the Internet provider or the network domain because the national security investigation, which is classified, is continuing. The improperly collected e-mail was first segregated from the court-authorized data and later was destroyed through unspecified means. The individuals whose e-mail was collected apparently were never informed of the problem. Mr. Kortan said he could not say how much e-mail was mistakenly collected as a result of the error, but he said the volume “was enough to get our attention.” Peter Eckersley, a staff technologist for the Electronic Frontier Foundation who reviewed the documents, said it would most likely have taken hundreds or perhaps thousands of extra messages to produce the type of “surge” described in the F.B.I.’s internal reports.

Mr. Kortan said that once the problem was detected the foreign intelligence court was notified, along with the Intelligence Oversight Board, which receives reports of possible wiretapping violations.

“This was a technical glitch in an area of evolving tools and technology and fast-paced investigations,” Mr. Kortan said. “We moved quickly to resolve it and stop it. The system worked exactly the way it’s designed.”

By Annalee Newitz, AlterNet. Posted January 29, 2008.

If only the government would warn you when it was recording your conversations, like Google.

Say what you want about Google being an evil corporate overlord that steals all of your private data, turns it into info-mulch, and then injects it into the technoslaves to keep them drugged and helpless. There are still some good things about the company. For example, Google's IM program, Google Talk, sends you a warning message alerting alternative to viagra you when the person on the other end of your chat is recording your chat session.

Just the other day I was chatting with somebody about something slightly personal and noticed that she'd suddenly turned on Record for our chat. I knew everything I was saying was being logged and filed in her Gmail. In this case I wasn't too concerned. For one thing, I wasn't saying anything I'd regret seeing in print. I'm used to the idea that anything I say on chat might be recorded and logged.

What was different about this experience was that Google warned me first — told me point-blank that I was basically under surveillance from the Google server, which would automatically log and save that conversation. I appreciated that. It meant I could opt out of the conversation and preserve my privacy. It also meant that other people using Gtalk, who might not have had the expectation that all of their chat sessions might be recorded, would be enlightened.

It also reminded me forcefully that Google is a far more polite and privacy-concerned evil overlord than the United States government.

Right now members of Congress are trying to pass a law that would grant immunity to large telcos like AT&T that have been spying on their customers' private phone conversations and passing along what they've learned to the National Security Agency. The law, called the Protect America Act, would allow telephone and Internet providers to hand over all private data on their networks to the government — without notifying their customers and without any court supervision of what amounts to mass wiretapping.

Last year the Electronic Frontier Foundation sued AT&T for violating the Fourth Amendment when a whistle-blower at AT&T revealed that the company was handing over private information to the NSA without warrants. That case has been working its way through the courts, and making some headway; in fact, it was starting to look like AT&T would be forced to pay damages to its customers for violating their rights. But the Protect America Act would stop this court case in its tracks by granting retroactive immunity to AT&T and any other company that spied on people for the NSA without warrants.

The whole situation is insane. First, it's outrageous that telcos would illegally hand over their private customer data to the government. And second, it's even more outrageous that when its scheme was discovered, the government tried to pass a law making it retroactively legal for AT&T to have broken one of the most fundamental of our civil rights: protection of our private data from the government.

Imagine what would happen if the phone and Internet systems in our country had the same warnings on them that Gtalk has. Every time you picked up the phone to make a call or logged on to the Internet, you'd get a helpful little message: "Warning: the government is recording everything that you are saying and doing right now." Holy crap.

The good news is that it's not too late. The Protect America Act must pass both houses of Congress to become law, so you can still alert your local congress critters in the House that you don't want retroactive immunity for telcos that are logging your private conversations for the NSA. Find out more at stopthespying.org.

And remember, everything you say and do is being logged. This polite message has been brought to you by the surveillance state.