Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy The Internet United States Your Rights Online

EFF Asks How Big Brother Is Watching The Internet 354

MacDork writes "The EFF filed a FOIA request yesterday with the FBI and other offices of the US DOJ regarding expanded powers granted by the USA PATRIOT Act. The EFF is making the request in an attempt to find out whether or not Section 216 is being used to monitor web browsing without a warrant. The DOJ has already stated they can collect email and IP addresses, but has not been forthcoming on the subject of URL addresses. It seems the EFF is seeking any documentation to confirm such activity is taking place. One can only hope the automated FOIA search doesn't produce any false negatives or cost the EFF $372,999."
This discussion has been archived. No new comments can be posted.

EFF Asks How Big Brother Is Watching The Internet

Comments Filter:
  • Always assume (Score:2, Informative)

    by WarMonkey ( 721558 ) on Tuesday February 01, 2005 @07:55PM (#11546207)
    Always assume that they ARE.
  • Considerations (Score:5, Informative)

    by daveschroeder ( 516195 ) * on Tuesday February 01, 2005 @07:59PM (#11546250)
    Regarding the "false negatives" bit in the summary:

    The story is that an individual made an FOIA request to the FBI for some specific information.

    The FBI claimed that no such information was available.

    The claimant found out in the meantime that such information WAS available and had been previously provided by the FBI as the result of another FOIA request, and, as such, requested a court order the FBI to provide it again.

    The FBI is arguing that its search was reasonable within department regulations and guidelines, and that it cannot and should not be expected to always undercover every single possible document in response to every request. And documents being indexed electronically doesn't make it as easy as one might think: it's precisely because documents are indexed electronically that is creating the difficulty: the FBI is claiming, essentially, that it can't predict every possibly keyword it should associate with a document for search purposes, and therefore shouldn't be held accountable if it misses documents during a good-faith search.

    Whether or not the FBI was intentionally hiding OKBOMB memos, etc., is another story altogether.

    Additionally, the article summary is awfully pessimistic: we don't yet know how DOJ will respond to this request. Perhaps it itself hasn't determined whether or not it considers "URLs" to be subject to pen-trap regulations. Additionally, for those who didn't RTFA:

    At issue is PATRIOT Section 216, which expanded the government's authority to conduct surveillance in criminal investigations using pen registers or trap and trace devices ( "pen-traps" ). Pen-traps collect information about the numbers dialed on a telephone but do not record the actual content of phone conversations. Because of this limitation, court orders authorizing pen-trap surveillance are easy to get -- instead of having to show probable cause, the government need only certify relevance to its investigation. Also, the government never has to inform people that they are or were the subjects of pen-trap surveillance.

    Remember, pen-traps were already allowed before PATRIOT. At issue is what exactly PATRIOT's expansion to these provisions further allows. It clearly has been determined to allow email addresses and IP addresses. However, whose IP addresses? The suspect, or a host the suspect is visiting? It would seem clear to me that, virtual hosting aside, if the a target host's IP may be logged, and since DNS names, embodied here as "URLs" and IP are very obviously interrelated, again, virtual hosts aside, it seems this argument is somewhat of a smokescreen to force debate on whether or not pen-traps in general should be allowed.

    And since they were allowed before PATRIOT, the answer seems clear: if PATRIOT's expansions to the existing statues to accommodate new communications technologies were appropriate, all that's left is determining what exactly is included. And if "IP addresses" are included, which would logically include target hosts, it would seem that DNS names used to arrive at said IP addresses are intrinsic to the nature of their usage. So disagree with pen-traps if you want, but don't rant and rave about PATRIOT, because it's not about that (though many would desperately want you to think so).
  • Re:80% redaction (Score:3, Informative)

    by Tackhead ( 54550 ) on Tuesday February 01, 2005 @08:00PM (#11546258)
    > Whatever they get will likely be 80% redacted. How is that useful? How is that freedom of information? You ask for info and they black out much of the useful stuff.

    Well, if they did the redaction digitally in a PDF, the information could be pretty damned useful after all [securityfocus.com], as long as you render the PDF on a sufficiently slow PC.

  • Not to nitpick (Score:2, Informative)

    by Arbac ( 775768 ) on Tuesday February 01, 2005 @08:02PM (#11546276)
    But that wasn't exactly filed yesterday. According to the EFF website it was filed on Jan. 14th [eff.org]
  • by turnstyle ( 588788 ) on Tuesday February 01, 2005 @08:08PM (#11546323) Homepage
    Oddly enough, EFF wants a govenment/entertainment industry agency to monitor network traffic [eff.org] when it comes to compensating authors for filesharing.
  • It's not paranoia... (Score:1, Informative)

    by RM6f9 ( 825298 ) <rwmurker@yahoo.com> on Tuesday February 01, 2005 @08:09PM (#11546328) Homepage Journal
    if they truly *are* out to get you.
    Wanna keep a secret? Create a cheesy one-page website and offer something for sale that nobody wants for more than anyone would willingly spend - nobody will read it, and you're safe.
    Seriously, anyone who believes privacy, secrecy or security exist anywhere on a network-connected computer is in for a deep disillusionment.
    But, most people already knew *that*.

  • Re:Quibble... (Score:4, Informative)

    by Neil Blender ( 555885 ) <neilblender@gmail.com> on Tuesday February 01, 2005 @08:09PM (#11546330)
    Not quite. IP addresses will only give you slashdot.org. URL's can tell which stories you went to/posted to.

    And a single IP address can resolve to tens of thousands of hostnames/urls by using virtual hosts.
  • Re:Quibble... (Score:5, Informative)

    by TheOriginalRevdoc ( 765542 ) on Tuesday February 01, 2005 @08:13PM (#11546356) Journal
    URLs contain several things.

    1. The protocol.
    2. The domain name.
    3. Port numbers.
    4. Page addresses.
    5. Data, such as login names, page parameters, and so on.

    The last item, in particular, has far greater scope than an IP address. It's much more like content; it can contain data that you provide for, say, addressing an email, or adjusting an account balance. (Just extemporising here. The actual usage varies enormously.)

    So no, URLs are very different to IP numbers.
  • by kaustik ( 574490 ) on Tuesday February 01, 2005 @08:28PM (#11546467)
    So, this brings up a good question - What (if any) means to you use to protect your web browsing from prying eyes?
    The Metropipe Tunneler [metropipe.net] is pretty cool. Cross platform client software to encrypt all of your Internet traffic out to a server that keeps no logs. Kind of steep at $99 a year
    Also cool is the free Metropipe VPM [metropipe.net] which is a complete linux system that fits on a USB drive, and somehow includes their tunneling service for free...
  • Re:Quibble... (Score:3, Informative)

    by Anonymous Luddite ( 808273 ) on Tuesday February 01, 2005 @08:31PM (#11546489)
    >> And a single IP address can resolve to tens of thousands of hostnames/urls by using virtual hosts.

    Let's not forget dynamic DNS entries. One website, many IPs.

    Are the waters muddy enough yet?

  • by Caseyscrib ( 728790 ) on Tuesday February 01, 2005 @09:07PM (#11546718)
    I don't know if warrants will even protect your privacy anymore. It's turning into another stamp-approved bureaucratic process which only lets politicians play the blame game. The FBI is requesting these warrants like hotcakes and nearly all are being approved.

    link [nytimes.com], second source [missouri.edu]

    From the NYT article:
    Federal authorities made a total of 1,727 applications last year before the Foreign Intelligence Surveillance Court, the secret panel that oversees the country's most delicate terrorism and espionage investigations, according to the new data.

    The total represents an increase of about 500 warrant applications over 2002 and a doubling of the applications since 2001, the Justice Department said in its report, which was submitted to the federal courts and to Vice President Dick Cheney as required by law.

    All but three of applications for electronic surveillance and physical searches of suspects were approved in whole or part by the court....

    The F.B.I. told the commission that "there is now less hesitancy" in seeking the intelligence warrants, the report said. Nonetheless, it added, "requests for such approvals are overwhelming the ability of the system to process them and to conduct the surveillance."

    I don't remember exactly what the number of warrants requested were before sept 11th, but I know it was very few. 1,727 is a lot of warrants - more than the number killed in Iraq. To put that in perspective, if you know of somebody killed in Iraq, you are more likely to know somebody whom the FBI is watching.

  • Re:Doesn't Matter (Score:5, Informative)

    by back_pages ( 600753 ) <<ten.xoc> <ta> <segap_kcab>> on Tuesday February 01, 2005 @09:09PM (#11546732) Journal
    You still stand a greater chance of dieing in a car crash or being shot by someone you know than getting killed in a terrorist attack.

    Man, that's HARDLY putting it into perspective.

    Death Stats [the-eggman.com]

    An American is about FIFTEEN TIMES more likely to die of renal failure than terrorism. TEN TIMES more likely to be killed by a gun than die of terrorism. About four times more likely to die from falling (ahem, presumably this doesn't count falling off the WTC). An American is statistically more likely to drownd than die of terrorism, and yes that includes people living in the desert.

    If you're going to put it into perspective, use some hard evidence. ;)

  • by Saeed al-Sahaf ( 665390 ) on Tuesday February 01, 2005 @09:27PM (#11546841) Homepage
    Been there. The chow hall at Gitmo stinks, but MWR offers some nice fishing trips. The "O" club leaves a lot to be desired.
  • by timcowlishaw ( 855572 ) on Tuesday February 01, 2005 @09:28PM (#11546847) Homepage
    Think about the massive amount of data that would be (or is being for the paranoid) collected if everyone, everywhere's internet activity is monitored. How would this be stored, and more to the point, searched through in a statistically useful way? Far more effective is the threat of constant surveilance. People keep themselves in line when there's a possibility they're being watched, but they don't know if they are or not. In general, obviously. This is known as Panopticism [geneseo.edu] [geneseo.edu].
  • Re:Creepy stuff (Score:2, Informative)

    by ccandreva ( 409807 ) <chris@westnet.com> on Tuesday February 01, 2005 @10:29PM (#11547146) Homepage
    I don't like the idea of them monitoring web browsing, URLs, content, etc, without essentially a "warrant".

    Have you read the Patriot Act ? Actually,the Patriot Act specificly says that you DO need a warrant to view content. In the realm of online security, the Patriot Act does not give the government any new powers. If anything, it further RESTRICTED their powers.

    What it did was extend the differences between envelope/routeing information (IE, a phone number log, aka "Pen register" and content (IE, a wiretap, which you need a warrant for) to the Internet. Previously while the government was essentially useing these guidelines, they were not codeified in any way.

    They started getting pen register orders because it's what they knew how to do. Most judges signed off on them anyway, but at least one did not, reading the pen register law narrowly as applying to phones only. But if you read it that way, then the government doesn't need ANYTHING to get that type of information. So in this case, the Patriot Act's "pen register" provision put into law what the government has to do to get this information.

  • Re:Be alert (Score:3, Informative)

    by Glonoinha ( 587375 ) on Tuesday February 01, 2005 @11:10PM (#11547350) Journal
    Original /. story. [slashdot.org]
  • Support Tor (Score:2, Informative)

    by silence535 ( 101360 ) on Wednesday February 02, 2005 @04:43AM (#11548718) Homepage
    The technology is already there. It is still experimental or beta, but the more people support it, the faster it will grow mature.

    Tor: An anonymous Internet communication system [eff.org]


Veni, Vidi, VISA: I came, I saw, I did a little shopping.