FBI Sought Approval To Use Spyware Through FISC

An anonymous reader writes "Wired is reporting that the FBI sought approval to use its custom spyware program, CIPAV, from the secretive Foreign Intelligence Surveillance Court in terrorism or spying investigations. Affidavits prepared for the court are among 3,000 pages of documents gathered, but not yet released, in response to a Freedom of Information Act request from Wired. The FBI hasn't answered any questions about its use of the CIPAV since the program's existence became widely known in July. The FISC is generally regarded as a rubber stamp; it approved over 4,000 surveillance requests in 2005 and 2006[PDF], rejecting none."

Not surprising

[insanechemist (323218)]

Reading up a bit: "The FISA Court did not reject a single warrant application from its beginning in 1979 through 2002. In 2003 it rejected four applications. In 2004, the number was again zero."

Re:Not surprising

[garcia (6573)]

Reading up a bit: "The FISA Court did not reject a single warrant application from its beginning in 1979 through 2002. In 2003 it rejected four applications. In 2004, the number was again zero."

Why did it reject four in 2003 is what I want to know. Who was being investigated that it would decide to deny the application after 23 years?

2003?

[ImaLamer (260199)]

I'm betting this is about the same time that people like Ted Kennedy were showing up on the No-Fly list.

They say it was a mistake, but I still doubt it. Might have saved his life though; I once maintained a list, on a now defunct site, that listed Senators killed in plane crashes. Oddest thing, almost all Democrats and the Republicans were pacifists or otherwise "left-leaning" (Paul Wellstone [D] and John Heinz [R] for example).

Sure, all just a coincidence, I'm sure of it. Well, pretty sure. Maybe we should

Re:

[djasbestos (1035410)]

It was back to zero in 2004 because Bush decided that intelligence agencies shouldn't bother submitting requests anymore. If it didn't reject ANY for 23 years, you gotta wonder..hmmm...are they maybe trying to get a frivolous warrant?

Re:Not surprising

[by Anonymous Coward]

Reading up a bit: "The FISA Court did not reject a single warrant application from its beginning in 1979 through 2002. In 2003 it rejected four applications. In 2004, the number was again zero."

That's not necessarily a bad thing. It could be that the government only goes to the FISA court when they have solid evidence that supports a warrant. There isn't enough information available to determine what is going on with FISA.

By comparison, most people who are charged with a crime are actually guilty - that's also a good thing. It means that most of the time, the police charge people with a crime when they actually committed the crime.

Now, that doesn't mean that everyone charged with a crime is guilty; police do make mistakes, and certainly some police are corrupt. But most people charged with a crime are guilty. Would you rather live in a country where most people charged with a crime are innocent?

Re:

[rtb61 (674572)]

Most people charged with a crime are definitely not guilty, they are all innocent until proven guilty in a public court of law.

Some nasty misdirection going on in this anonymous post, yes most people charged with crimes end up admitting their guilt, that is to be expected with the typical traffic offence.

What would be interesting is how many of those invasions of privacy actually led to conviction, 10,000 odd over the last few years and as they are targeted at locations as well as people including all t

Re:

[cp.tar (871488)]

120,000 years? Is Dick Cheney that old? I think you need to dial down the paranoia a bit. Government hasn't been around that long - you're talking about times before metal was known.

So what? They were bashing their heads in with rocks, then.

Not surprising, but not necessarily bad.

[by Anonymous Coward]

Reading up a bit: "The FISA Court did not reject a single warrant application from its beginning in 1979 through 2002. In 2003 it rejected four applications. In 2004, the number was again zero."

What does this tell us? That the applicants are presenting material in manner that presents the court little choice but to approve the applications. The judges have guidelines regarding what they're supposed to do, and you'd expect the intelligence agencies to be able to put together applications that fit those gui

Re:

[afidel (530433)]

The question I have is WTF is the FBI doing talking to the FISC? The FBI is supposed to be tasked with DOMESTIC law enforcement, they are not to be doing international foreign intelligence investigations just as the CIA is not to be doing domestic spying. The only reason I can think of is they had an ongoing criminal investigation going and somehow determined that their target might be linked to terrorism and so they asked for the FISA warrant, but that's an awfully slippery slope if they try to use that wi

Government Spyware

[milsoRgen (1016505)]

I would just like to know, what could the FBI do to make it's spy ware different from anything else out there in the wild? It would seem to me they would limited to the same techniques anyone can use on a computer, so really wouldn't it be just one more obnoxious program out there?

However I am sure there methods of getting it installed are probably a little more sophisticated than most users are used to dealing with...

But I'm sure they should be using this very lightly, as once the right person figured out it was on their computer and released details to the curious masses, how much good would it do then? As most criminals are well aware they are doing something illegal. All it would take is a little extra effort on the part of the person who fears they could be under surveillance to discover it with proper information/tool, etc..

Re:

[by Anonymous Coward]

Everyone should know by now that AMD, Intel, TI, Arm, IBM, Motorola, etc. have all put secret back doors in their CPU's for just such an occaision. Big brother isn't just watching you, he's in your microcode.

This can't be a problem

[Gazzonyx (982402)]

Yeah, but I think in Linux all you have to do is pull the microcode update support from your kernel (during a 'make menuconfig') and Intel can't update your CPU. I don't think AMD even has the ability to update the microcode. That and it'll probably take a reboot to enable the new code (complete assumption on my part), couldn't you do something to the effect of running tripwire on /dev/cpu to be notified of changes?

Surely they have a mechanism to roll back code updates, it would be borderline insane if

FBI Spyware

[gnutoo (1154137)]

I would just like to know, what could the FBI do to make it's spy ware different from anything else out there in the wild?

Features

• Plug in compatible with IRS 2.0
• Hides from CIA version, dumps state, local and foreign clients.
• Still works with punch cards left over from Operation Paperclip.
• Used by more libraries and newspapers than any other client.
• Unique money back promise.
• Will only cost you your liberty.

It's not really funny.

Re:

[kellyb9 (954229)]

Still works with punch cards left over from Operation Paperclip

Based on this comment, I have to assume you have insider knowledge of how our government works. Who are you really gnutoo?

Re:

[gnutoo (1154137)]

If you don't already know who I am, either I know your client better than you think I do or interdepartmental cooperation is as bad as it always was and will be.

Re:

[TheRealMindChild (743925)]

They would be smart to take their cue from WeatherBug. Jesus bloody christ, its the only spyware Ive ever seen where the users fight me to keep it.

Re:

[webmaster404 (1148909)]

Weatherbug? I have had users protest switching from IE because they liked the hijacked browser homepage because it had news and weather on it! However they let me replace it when I showed them customized Google.

Re:

[mjtg (173905)]

I would just like to know, what could the FBI do to make it's spy ware different from anything else out there in the wild? It would seem to me they would limited to the same techniques anyone can use on a computer, so really wouldn't it be just one more obnoxious program out there?

Well, they could "lean on" anti-spyware vendors and "request" that they not publish signatures that identify their CIPAV. Who's to know that they haven't done this ?

Or maybe Microsoft might provide them with some useful inform

Re:

[webmaster404 (1148909)]

Well chances are the US government has the source to Windows so I bet that they know all the back-doors (they would be foolish to use it without full source) and other governments have less copyright laws so with enough resources they can extract the source so I bet every government by now has easy access to Windows source.

Re:

[Ethanol-fueled (1125189)]

> Well chances are the US government has the source to Windows so I bet that they know all the back-doors (they would be foolish to use it without full source)...

Well, chances are that the US government has been very foolish lately ;)

Re:Government Spyware

[BitterOak (537666)]

I would just like to know, what could the FBI do to make it's spy ware different from anything else out there in the wild? It would seem to me they would limited to the same techniques anyone can use on a computer, so really wouldn't it be just one more obnoxious program out there?

The difference is it is not viral and therefore doesn't escape "into the wild" and reproduce to the point where it eventually falls into the hands of the anti-virus software makers. As a result, their software won't detect it. This is a fundamental weakness with signature-based anti-virus systems. They work great on viruses, which spread indiscriminently, but are useless against a targeted attack by an adversary with the resources to create and deploy their own malware.

Re:

[PopeRatzo (965947)]

I would just like to know, what could the FBI do to make it's spy ware different from anything else out there in the wild?

I have several answers:

1. Call it Microsoft Windows Vista SP3

2. Say it's special "protect the children" software.

3. Require hardware manufacturers to include it on motherboards (see "V-chip")

4. Give away ten free downloads from iTunes with it.

5. One word: "Steam".

6. Another word: "Silverlight".

7. Still another word: "World of Warcraft Exxtreme Edition"

8... Give me a little time. I'm

Re:

[MillionthMonkey (240664)]

...what could the FBI do to make it's spy ware different from anything else out there in the wild? It would seem to me they would limited to the same techniques anyone can use on a computer, so really wouldn't it be just one more obnoxious program out there?

If you travel, they are not restricted to attacks over networks- they can legally get physical access to your machine, [msn.com] which is not a technique just anyone can use.

Nabila Mango, a therapist and a U.S. citizen who has lived in the country since 1965, had

Re:

[(H)elix1 (231155)]

I would just like to know, what could the FBI do to make it's spy ware different from anything else out there in the wild?

Were it me... I would have Microsoft sign it and push it to my target IP/MAC as a silent Windows update. Even if you say 'let me manually download them', the updater has an API that will automagically download and install a patch. (noticed that a couple years back when one of the big bugs hit) You would have to have Microsoft's cooperation... but, you know, I'm sure they would be willi

Re:

[mikael (484)]

Mystery of Microsoft's automatic updates [zdnet.co.uk]

Re:

[The Angry Mick (632931)]

I would just like to know, what could the FBI do to make it's spy ware different from anything else out there in the wild?

Make it pass the Windows Genuine Advantage test?

Re:

[poopdeville (841677)]

Destroying a bug is not an admission of guilt.

Meh, IT reporting these days...

[Red Flayer (890720)]

FTA:

An FBI spokeswoman then invited Wired to submit a list of questions about the technology, but hasn't gotten back to us.

Well, what should Wired expect? The FBI invited Wired to submit list of questions. Now wired is compaining that the FBI isn't following up on their request for questions?

Sheesh, I mean, I know IT reporting has gone down teh tubes, but really... maybe if Wired wants to get info from the FBI, they should actually respond to the invite and submit questions -- maybe then they'd hear back.

/Sorry, deliberately obtuse tonight.

Re:

[MulluskO (305219)]

They published a list of the questions they sent.

Oh, you're joking?

Re:

[Red Flayer (890720)]

whoosh

Well, I'm glad I use Linux

[the_humeister (922869)]

And if they target Linux, I'll go to FreeBSD, and so on...

Re:

[sumdumass (711423)]

I'm not sure that there is too many things different to make BSD an alternative to something like linux in the case of spyware.

Your probably better off giving up computing and illegal activities if your that worried about it.

Re:

[eitreach (1211194)]

You ain't paranoid unless you use AmigaOS for safe browsing.

Re:

[Gazzonyx (982402)]

You ain't paranoid unless you use AmigaOS for safe browsing.

...In VMWare on top of Xen...

Re:

[jamstar7 (694492)]

Does it automatically install JihadOffice or is that a seperate download?

And yet...

[Phroggy (441)]

The FISC is generally regarded as a rubber stamp; it approved over 4,000 surveillance requests in 2005 and 2006[PDF], rejecting none.

Bush has been warning Congress that this same rubber stamp will prevent the government from being able to stop potential terrorist attacks, urging them to extend an unconstitutional law that grants the executive branch permission to bypass the rubber stamp.

Shhh! They'll mod you "Troll"...

[Mr. Roadkill (731328)]

...and open your mail, and tap your phone, and monitor your internet traffic, because you have different views and aren't afraid to state them. All quite legally. And in many others, they'd probably do it anyway if they felt it was "right" to do so.

Parent raises a fair and intersting point, that Bush considers the FISC to be an impediment to those who are simply trying to protect the American People. If the FISC was merely rubber-stamping whatever the U.S. Government wanted to do, then how could its oversig

Re:

[Phroggy (441)]

If the FISC was merely rubber-stamping whatever the U.S. Government wanted to do, then how could its oversight prevent government from protecting the American People? How come this deserves the "Troll" mod it got?

Maybe they thought I was spreading FUD, because I was too lazy to provide references. So here we go, from the 2008 State of the Union address [whitehouse.gov]:

On the home front, we will continue to take every lawful and effective measure to protect our country. This is our most solemn duty. We are grateful that there has not been another attack on our soil since 9/11. This is not for the lack of desire or effort on the part of the enemy. In the past six years, we've stopped numerous attacks, including a plot to fly a plane into the tallest building in Los Angeles and another to blow up passenger jets bound for America over the Atlantic. Dedicated men and women in our government toil day and night to stop the terrorists from carrying out their plans. These good citizens are saving American lives, and everyone in this chamber owes them our thanks.

And we owe them something more: We owe them the tools they need to keep our people safe. And one of the most important tools we can give them is the ability to monitor terrorist communications. To protect America, we need to know who the terrorists are talking to, what they are saying, and what they're planning. Last year, Congress passed legislation to help us do that. Unfortunately, Congress set the legislation to expire on February the 1st. That means if you don't act by Friday, our ability to track terrorist threats would be weakened and our citizens will be in greater danger. Congress must ensure the flow of vital intelligence is not disrupted. Congress must pass liability protection for companies believed to have assisted in the efforts to defend America. We've had ample time for debate. The time to act is now.

The legislation Bush alluded to that Congress passed last year was the Protect America Act of 2007 [loc.gov], which was extended by 15 days [networkworld.com] after Bush made his speech. Here is the White House's summary of the Protect America Act [whitehouse.gov] as of August 2007; notice in particular the clause granting immunity to third parties from being sued [eff.org] for giving private data about US citizens to [washingtonpost.com]

CIPAV

[peektwice (726616)]

According to the /. post [slashdot.org] from StonyandCher, CIPAV stands for 'Computer and Internet Protocol Address Verifier'.
Yup...it's a computer....yup it's an IP address. Ok, it'sverified, now what?
What it should be called is CIGS..."Completely Illegal Government Spyware".

None rejected means nothing

[n6kuy (172098)]

> The FISC is generally regarded as a rubber stamp; it approved over 4,000 surveillance requests in
> 2005 and 2006[PDF], rejecting none.

This means nothing interesting, unless you can point to some requests that should have been rejected.

Re:

[vux984 (928602)]

What percentage of regular warrants the FBI asks for get denied?
FISA rates should be about the same I'd think, don't you.

It -might- not be meaningful that so few have been rejected, but it -is- interesting, and it immediately suggests that additional investigation should be done.

SpyWare

[MrCopilot (871878)]

Finally an apt use of the name.

And just in case the FBI is monitoring this thread, I voted for Bush 3 times.

You Think About It

[not_hylas( ) (703994)]

You think about it, I'll wait:

http://www.securityfocus.com/comments/articles/11372/33500#33500 [securityfocus.com]

If you think you have a chance or a clue as to how mature this stuff is, reconsider. Also if they're asking "permission", it's too late.

Hi Mom !

not news

[brass1 (30288)]

This is not news. The US intelligence community, including the fbi, has been a known user of key loggers and spyware for about a decade. My link is from 2001, but I have knowledge of a federal investigation in 1998 that used key loggers to track suspects' use of certain services.

damnit

[brass1 (30288)]

My link

Said link was even in the preview, but didn't make the post. Try this [msnbc.com].

Re:

[instarx (615765)]

This is not news. The US intelligence community, including the fbi, has been a known user of key loggers and spyware for about a decade. My link is from 2001, but I have knowledge of a federal investigation in 1998 that used key loggers to track suspects' use of certain services.

Not only is it not news, it's REALLY not news. In the 70's the Federal government had devices that were able to tell what was being typed on typewriters in real time. These were devices that were attached to the typerwriter power cord (or installed behind the power outlet) that measured current changes. By recording the changes it was possible to re-create the letters typed. This was possible because in Selectric-type typewriters each letter took a slightly different amount of energy to print. Tradition

FBI Sought Approval---WOW!!!

[fred911 (83970)]

I tip my hat at just the look of propriety! Makes me proud!

Oh yeah I can see it now.

[seeker_1us (1203072)]

"Osama, this email attachment says 'see Brittney Spears naked'!"

"What are you waiting for man? Open it!"

Re:

[EaglemanBSA (950534)]

...while they mine data that could be used for anything, if the right people got their hands on it. The minute the FBI breaks into my computer to get information, benign or not, whether or not I'm innocent of any crimes, is the minute I pick up and leave. If they're that hell bent on taking my privacy for your false sense of security, they've got problems bigger than a terrorist detonating a bomb in a crowded room.

Honestly, doesn't it seem like the terrorists got what they wanted? They hate us for our fre

Peering into the void

[The Angry Mick (632931)]

This is part of Bush/Cheney's "Spy on Everyone Except Themselves" Program!

Just looking at Cheney is frightening enough, spying on him would just be futile. I know you can detect a black hole, but can you actually see anything when you look into one?