Slashdot Log In
FBI Accidentally Received Unauthorized E-Mail Access
Posted by
Zonk
on Sat Feb 16, 2008 05:22 PM
from the that's-a-big-oops dept.
from the that's-a-big-oops dept.
AmishElvis writes "The New York Times reports that 'glitch' gave the F.B.I. access to the e-mail messages from an entire computer network. A hundred or more accounts may have been accessed, rather than 'the lone e-mail address' that was approved by a secret intelligence court as part of a national security investigation. The episode was disclosed as part of a new batch of internal documents that the F.B.I. turned over to the Electronic Frontier Foundation, as part of a Freedom of Information Act lawsuit the group has brought."
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
FISA court: whatcouldpossiblygowrong (Score:5, Funny)
Better cover it up.
Oops, we botched that too.
Re: (Score:3, Insightful)
A cheap Linux box running Sendmail and an installation of OpenSSL to let Sendmail be able to run SMTPS.
On top of that use a POP3/IMAP server that can do POP3S/IMAPS and you can access your mail without the risk of an accidental peek.
Unauthorized in today's world? (Score:5, Interesting)
Re:Unauthorized in today's world? (Score:4, Insightful)
Sounds fine on Slashdot, alt.politics groups, or black helicopter chat, but in reality you can't even try to go in with that position as a prosecutor. Even a conservative judge will hand you your ass.
Parent
Re:Unauthorized in today's world? (Score:5, Insightful)
I think what the GP meant was that there would be some sort of quasi-official authorization. Along the lines of making all of the evidence classified beyond the judges level to ever see the it, or some kind of DHS gag order + infinite postponement of the trial. Simply a classified letter from an FBI big telling the prosecutor or judge not to pursue the matter any further might work just fine. The is a fair amount of risk in challenging it, a risk many people would not like to take. I'm sure there are ways for the security portions of the government to be technically "cooperating" but never actually have to really answer to a judge. There are parallels to this kind of behavior where the politically powerful simply refuse to comply with the law and seem to be getting away with it. [democrats.com]
Parent
Re: (Score:2)
Trust the FBI? (Score:5, Funny)
Re: (Score:3, Interesting)
Still, it's reassuring to know that cockup still beats conspiracy, given enough time and sufficient monkeys.
Re:Trust the FBI? (Score:4, Insightful)
The FBI will have no fear of any such consequence. Illegally overstepping their bounds and then saying "oops" is about all you'll hear about this ordeal. I'm sure some calls for investigation will be made and someone might have a dispassionate speech on C-SPAN and then it will all be swept under the rug. It might even pave the way for the FBI to request this type of access for the future if they can "prove" that it's in the interest of "national security".
Parent
Re:Trust the FBI? (Score:5, Informative)
This being Slashdot, I can probably assume that you didn't bother to RTFA before posting, but if you had, you'd have kept your foot out of your mouth. The FBI requested that an ISP send them copies of all email sent to one address at a small domain. The ISP screwed the pooch and sent them all email sent to that domain. The FBI noticed that they were getting way too much email, found out what had happened and corrected it. At no time did they overstep their bounds, because they only asked for what a judge said they were entitled to. I hope this makes enough sense to you that you can remove your tinfoil hat, but frankly, I doubt it.
Parent
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
So, the users whose mail was wrongfully given to the FBI could sue the ISP, then. Oh wait, the FBI isn't going to tell them about it. It's not going to tell anyone what the domain is, or who the ISP is, either. State secret.
Re: (Score:2, Insightful)
So, the users whose mail was wrongfully given to the FBI could sue the ISP, then. Oh wait, the FBI isn't going to tell them about it. It's not going to tell anyone what the domain is, or who the ISP is, either. State secret.
That might tip off the person whose e-mail they were reading.
Re: (Score:3, Interesting)
Y
Re: (Score:3, Insightful)
Re: (Score:2)
Something doesn't fit... (Score:5, Funny)
Wait a minute, that's it!
You're a spy! No self-respecting Slashdotter would willingly still have a Hotmail address! You're one of them!
Parent
Re: (Score:2, Funny)
Headline: Sysadmin fouls up filter (Score:5, Insightful)
Seriously. What's the story here? Some sysadmin who apparently didn't know what he was doing put the wrong thing in his e-mail server configuration and inadvertently sent all e-mail for the entire domain instead of e-mail for one address.
Mistakes happen all the time. The appropriate thing to look for is whether the mistake was caught and corrected in a timely fashion. It seems that the mistake was caught and corrected in a timely fashion which basically makes this a story about an everyday occurrence.
This story might make a good one for some sysadmin journal reminding sysadmins to document policies that help ensure mistakes do not happen and if they do are caught by the company itself instead of by the FBI. For example, a simple procedure would be to check the appropriate logs after changing the configuration to make sure the configuration is doing what it was intended to do.
Re:Headline: Sysadmin fouls up filter (Score:4, Insightful)
I think the idea is if this happens once it could happen again without too much effort. There is no real oversight on how the FBI, NSA, DHS, or any other organization acquires information nor a transparent way to gather such data.
Now, I really don't see any malicious intent on the FBI with this since of the old adage "Never attribute to malice that which can be adequately explained by stupidity." but I get the sinking feeling that they would often find themselves in situation in which they are too lazy to follow procedure and due process like maybe a warrant.
Parent
Re:Headline: Sysadmin fouls up filter (Score:5, Informative)
You did read the article right? It wasn't the FBI that screwed up. The FBI caught the mistake that the company's sysadmin made when setting up the eavesdropping.
Yes, it can happen again without too much effort. What are you going to do to fix it? Send the FBI in to set up the eavesdropping themselves so the sysadmin doesn't screw it up? Keep in mind we're talking about a run of the mill court-ordered warrant here. It's a very standard and very legal way to gather evidence. This story has very little if anything at all to do with post-9/11 surveillance or FISA or anything else that might be questionable or debatable. No where in the article does it say that the surveillance was set up as part of a FISA warrant which leads me to believe that the Times reporter is trying to feign a connection for scare value.
I hate to say it but I think the debate is pretty much closed on court-ordered warrants. If the court orders them and you don't have any legal argument to squash the order then you have to comply with it or be found in contempt of court. There's nothing really secretive about the process either, except ideally to the person who's being surveilled.
Parent
Re: (Score:2)
Re: (Score:2)
It's part of the price we're paying, and we need to know that if we're going to make informed decisions about a society as to what is acceptable.
[Of course, the fact is that regardless of this particular side-effect, there's ZERO legitimate democratic process happening around this topic anyway. But he
Re: (Score:3, Informative)
Oh noes, some idiot sysadmin accidently sent my e-mail to the FBI. Someone call a congressional hearing.
If it's that confidential that someone else seeing it would be a serious problem, use encryption. There's no way they accidently get copies of your crypto keys. Better yet, don't send it in an e-mail, don't write it in a letter, and don't say it over the phone. If it really needs to be kept a secret, have a face to face meeting. If it doesn't need to be kept that much of a secret (and 99% of things
Re: (Score:3, Insightful)
Funny. Obviously it's not routine at all so the chances of making a mistake are even greater. You don't need to file it in some secret folder though. It's no secret at all that when the government produces a valid warrant you need to comply with it or be held in contempt of court. And if I were the sysadmin, I'd be looking through the e-mail myself, not just sending it to the government. If the government is that interested in it then something very wrong is most likely to be going on and I'd like to k
Re: (Score:2)
Yes he did. And that was exactly the point of his e-mail. He got paid very well while we were paying him. I don't believe he landed us a single contract! He had the dubious honor of being one of maybe 2 or 3 people to be fired in the past decade.
As for references.. well, what can you do? Quoting that e-mail would potentially open up the company to a defamation suit so that's not an option. Not to mention that you don't really want to make it well-known that you hired a con man. As far as the compan
Whose Glitch? (Score:3, Insightful)
Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the FBI is citing that totally ambiguous blame, but what is the real story?
If the ISP screwed up, then it should get sued by the extra people whose mailboxes it turned over without authorization. If the FBI "screwed up", then it's just another example of why these courts cannot be secret if the government is to do its job protecting our rights - including protecting us from the government.
Re: (Score:2)
According to the article...
A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network -- perhaps hundreds of accounts or more -- instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.
Later, F.B.I. officials blamed an "apparent miscommunication" with the unnamed Internet provider, which mistakenly turned over all the e-mail from a smal
Re: (Score:2, Interesting)
Imagine if a sysadmin "accidently" rerouted the companies email to their competitors (which might even be legal, if stupid)... Would the FBI acc
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Until there's proof whose "glitch" this was, there's absolutely no sense "trusting the FBI" on this. Especially not this FBI, especially not in FISA matters, after their track record.
And especially not in America, which was built on not trusting the government.
Re: (Score:3, Insightful)
Re: (Score:2)
I have an open mind to evidence. My head just doesn't have the kinds of holes that allows it to speculate that the current FBI will tell the truth when it's caught violating people's privacy rights. With the mountain of evidence against that in so many other cases, a mind that open is really just a spy's dream.
Re: (Score:2)
Two important questions here:
Neither question is important (Score:3, Interesting)
Two important questions here:
Actually, neither of them are important.
If the ISP actually misunderstood the surveillance request, why didn't they get confirmation? Asking for one person's email to be sent is one thing, but a request for the entire domain's email to be forwarded sounds too broad to be legitimate.
It sounded to me, from reading TFA, that it was an accident on the part of the ISP. The FBI didn't ask for it.
When the FBI found they were getting email from individuals other than those they wanted. Did they promptly delete the email unread and report to the admin? Or did they think, "Hmmmm. Well, since we're already getting it..."
The truth is that FBI agents are actually very, very busy people. They are often working a bunch of cases at once and they don't have enough time to go on illegal fishing expeditions that wouldn't be admissible in court anyway.
Re: (Score:2)
You can chant "tinfoil hat" all you want. The FBI is the one which the evidence shows actually had a lot of spying that it wasn't entitled to. Let's see its evidence that it was the ISP before giving that agency any benefit of the doubt.
Re: (Score:2)
Some companies (like dyndns.org) allow people to manage their own DNS records for dynamically assigned IP addresses from cable networks. You basically choose a generic domain like
Re: (Score:2)
Re: (Score:2, Interesting)
What I want to know (Score:4, Interesting)
When I read this, I wasn't wondering how that happened, or what the nature of the "glitch" was, or how many accounts were accessed. What I was wondering is WHY THE FUCK DOES THE UNITED STATES HAVE A SECRET COURT OF ANY KIND?!?!. Yeah yeah, to protect the children, save the whales, stop the terrorists, keep you safe, "our intentions are pure and we're really a bunch of big-hearted individuals who care about your well-being" etc... I still don't know what is wrong with the assholes who actually believe this shit.
And hell, I want to believe we have a good, honest government. The fact is, we don't. I don't understand what being in this level of denial is supposed to do to remedy the situation. There is a very good reason why the founding fathers intended for most of our interaction with government to come from the local and state level. The only thing the federal government can do that the state & local governments cannot do is resolve disputes between states, conduct foreign policy, regulate interstate trade, oh and it can slowly become a dictatorship too. Speaking of remedies, I'm betting that nothing will happen either to the FBI as an organization or to the individuals who made this "mistake", that at most they will receive a slap-on-the-wrist.
Re:What I want to know (Score:5, Interesting)
This is not a "secret court" in the sense of a court that sends people to prison (the US has those, too, but they are still limited to the military and Guantanamo). Rather, it's a court that acts as an additional control for police and secret service actions.
Such a "secret court" is a good thing, because it provides judicial review for actions that would otherwise not be subject to judicial review at all.
Parent
Re:What I want to know (Score:5, Insightful)
Fixed that for you.
Check out the denial records of that court since the 70s. That should tell you just how detailed the FISA rubber stamp looks at those warrant petitions.
Parent
stupid (Score:2)
Now, we can have a separate discussion about whether this secret court is working.
Check out the denial records of that court since the 70s. That should tell you just how detailed the FISA rubber stamp looks at those warrant petitions.
OK, well, note that there is a record, and that we can actually see whether the court is worki
Mistakes happen but only continue to happen... (Score:3, Insightful)
"But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: "It's inevitable that these things will happen. It's not weekly, but it's common."
This falls into the area of cheating in a manner that an excuse can be used to "get away with it". This sort of cheating had been labeled "Neo-cheating" and is a form of dishonesty that is easy to apply and safe from proof.. "Oh it was just an honest mistake." Technology should not be an escape goat for such obvious deceptions.
To give a simple example of a verification loop, when you sign up for a mailing list, messages boards, etc., in order to prevent spamming email accounts etc, there is a feedlack verification loop used. The point is, there are ways to prevent such spying "mistakes" from happening. And there should have already been such methods being applied as standard practice.
The "it's not weekly but its common" is nothing but evidence of intent to cheat and to continue it.
This "allowing deception" is similar electronic voting security failure vs. ATM financial security practices.
Computer technology is not an excuse, but a way for dishonest human intent to hide behind technology excuses.
Whose e-mails? (Score:2, Insightful)
(TFAS is ambiguous, and TFA is behind a login screen.)
Thanks,
- RG>
What we DON'T know (Score:4, Interesting)
The writer of this article, Eric Lichtblau, won a shared Pulitzer Prize for his work in exposing the illegal warrantless wiretapping program, authorized by the government and championed by the White House after 9/11. In fact, it was in existence even before 9/11, but that's another story entirely.
This program supposedly expired just yesterday when congress let the clock run out on its dependent legislation. The problem here, clearly, is that it doesn't matter if this program is never renewed; overproduction of data under FISA will still happen all the time. That's the entire point of this article. There are no checks and balances. There is no accountability. There is NOTHING. Total secrecy and legal immunity are all but guaranteed for the perpetrators. Period.
Ok, seriously... (Score:2, Interesting)
I wonder how long before ... (Score:2, Insightful)