EFF Asks How Big Brother Is Watching The Internet 354
MacDork writes "The EFF filed a FOIA request yesterday with the FBI and other offices of the US DOJ regarding expanded powers granted by the USA PATRIOT Act. The EFF is making the request in an attempt to find out whether or not Section 216 is being used to monitor web browsing without a warrant. The DOJ has already stated they can collect email and IP addresses, but has not been forthcoming on the subject of URL addresses. It seems the EFF is seeking any documentation to confirm such activity is taking place. One can only hope the automated FOIA search doesn't produce any false negatives or cost the EFF $372,999."
Always assume (Score:2, Informative)
Creepy stuff (Score:5, Insightful)
Re:Creepy stuff (Score:3, Interesting)
I truly do not like the idea of me being put on a terrorist watch list for reading liberal publications, but I choose to read them anyways.
Alas, I am less of a coder and more of marketer.
Re:Creepy stuff (Score:3, Interesting)
I would check myself, but I hesitate to do so from work. I guess that in itself says something about being one of the few people to use encryption or proxying.
Re:Creepy stuff (Score:4, Funny)
Re:Creepy stuff (Score:5, Insightful)
Re:Creepy stuff (Score:4, Insightful)
While I agree with that stance on web browsing...
Requiring a Warrant to monitor URL's and Content would basically put Google and Netcraft out of existence.
Let's step back and think before we get carried away here.
Personally, I think all "in the clear" Internet activity should be considered public. Why should the FBI be required to get a Warrant to do what any 13yr old with a network sniffer be able to do with dubious legality?
Personally, I think a warrant should be required only to intrude upon private networks and encrypted communication protocols.
So, in my mind, the FBI should be able to snoop on my iChat activity, but required to get a a warrant to snoop my local network activity/Hard Drives/Content if it is behind a secured firewall.
It boils down to precident in the physical world. When you walk around in public, do you bring out your kiddie porn collection, break into shops, try to abduct little girls/boys, expose yourself to random men/women, talk about crimes you're about to or have commited in broad daylight while dozens of bystanders mill about? Then why the hell should you think that the magical interweb somehow makes that OK?
Re:Creepy stuff (Score:5, Insightful)
In the same realm, just because they can sniff the network traffic doesn't mean that they should. They have to get a warrant to tap your phone, and they should have to do the same to tap your IM conversations, e-mail correspondence, and web history.
Just because they can do something doesn't mean they should be able to without restrictions.
Re:No expectation of privacy (Score:4, Insightful)
I never said the government should be able to take traffic willy nilly from servers owned by non-government entities.
My point is, YOUR INTERNET TRAFFIC IS NOT PRIVATE.
I expect a warrant before they go prying into my mail, too, even though it goes through several government offices prior to reaching my home.
Then I've got a ballbuster for you -- if your illegal activity is printed on a postcard, or is noticeable from outside the sealed letter (say, a computer has detected anthrax in your envelope), they don't need a warrant to come and get you. In many cases, you've also committed a FEDERAL crime because you used the USPS to send that illegal material.
You can't expect privacy in a public arena. Internet traffic is public. If you want privacy, use your own network or encrypt your traffic.
Encryption is like putting on clothes rather than walking around with your naughty bits in plain site.
Re:Creepy stuff (Score:2)
Re:Creepy stuff (Score:2, Troll)
So, then, by your logic, that means they should be allowed to put microphones and cameras everywhere,
Re:Creepy stuff (Score:2)
What?! How? Google and Netcraft are *privately-run* entities. They do not need warrants to monitor URLs, because unlike the FBI, they are not part of the government.
I think a warrant should be required only to intrude upon private networks and encrypted communication protocols.
So, in my mind, the FBI should be able to snoop on my iChat activity
For encrypted communications, do you think the FBI
A Family Affair. (Score:3, Funny)
By getting his little sister to do it.
Wouldn't it be something... (Score:5, Interesting)
Re:Wouldn't it be something... (Score:3, Insightful)
Pretty damn sure.
Re:Wouldn't it be something... (Score:2)
Link. [constitution.org]
Re:Wouldn't it be something... (Score:3, Insightful)
The ideas in '1984' always seemed a little simplistic and naive to me. In a society that values fame and media exposure so highly, wouldn't it be easier to get us all to spy on each other? Informant meets reality TV, all in the name of state security and voyeurism.
Re:Wouldn't it be something... (Score:3, Interesting)
Re:Wouldn't it be something... (Score:2)
Re:Wouldn't it be something... (Score:2)
That was definitely an element in 1984. People were encouraged to turn in anyone they caught committing a crime. I recall a child turning in his own father for Thoughtcrime.
It was a complete atmosphere of paranoia and mistrust. Not just the eye of Big Brother, but your fellows as well.
Re:Wouldn't it be something... (Score:3, Funny)
80% redaction (Score:5, Interesting)
NPR's On The Media program (aired yesterday in these parts), talked about ACLU requests in 2003 regarding Iraqi prisoner abuse (well before Abu Graib broke), and the docs they did receive -- after lengthy expensive lawsuits -- was mostly (80%) blacked out.
Re:80% redaction (Score:3, Informative)
Well, if they did the redaction digitally in a PDF, the information could be pretty damned useful after all [securityfocus.com], as long as you render the PDF on a sufficiently slow PC.
Re:80% redaction (Score:2)
Re:80% redaction (Score:2)
Never underestimate the collective stupidity of a large bureaucracy.
-nB
Re:80% redaction (Score:2)
I am confident that our government would not make the same mistake tw... (sigh, nevermind)
Re:80% redaction (Score:2)
Funny, the EFF got the reply already! (Score:5, Funny)
Dear EFF,
With regard to your surv^H^H^H^Hcustomer service (ref: EFF-KEYLGGR-SECRTRY), we're happy to preempt your request.
The automated reply to your inquiry is:
NO MATCH FOUND
We sincerely hope your request has been fulfilled. We stay at your disposition for further inquiry.
Regards,
Joe Snoop, Dept. of Homeland Security.
Considerations (Score:5, Informative)
The story is that an individual made an FOIA request to the FBI for some specific information.
The FBI claimed that no such information was available.
The claimant found out in the meantime that such information WAS available and had been previously provided by the FBI as the result of another FOIA request, and, as such, requested a court order the FBI to provide it again.
The FBI is arguing that its search was reasonable within department regulations and guidelines, and that it cannot and should not be expected to always undercover every single possible document in response to every request. And documents being indexed electronically doesn't make it as easy as one might think: it's precisely because documents are indexed electronically that is creating the difficulty: the FBI is claiming, essentially, that it can't predict every possibly keyword it should associate with a document for search purposes, and therefore shouldn't be held accountable if it misses documents during a good-faith search.
Whether or not the FBI was intentionally hiding OKBOMB memos, etc., is another story altogether.
Additionally, the article summary is awfully pessimistic: we don't yet know how DOJ will respond to this request. Perhaps it itself hasn't determined whether or not it considers "URLs" to be subject to pen-trap regulations. Additionally, for those who didn't RTFA:
At issue is PATRIOT Section 216, which expanded the government's authority to conduct surveillance in criminal investigations using pen registers or trap and trace devices ( "pen-traps" ). Pen-traps collect information about the numbers dialed on a telephone but do not record the actual content of phone conversations. Because of this limitation, court orders authorizing pen-trap surveillance are easy to get -- instead of having to show probable cause, the government need only certify relevance to its investigation. Also, the government never has to inform people that they are or were the subjects of pen-trap surveillance.
Remember, pen-traps were already allowed before PATRIOT. At issue is what exactly PATRIOT's expansion to these provisions further allows. It clearly has been determined to allow email addresses and IP addresses. However, whose IP addresses? The suspect, or a host the suspect is visiting? It would seem clear to me that, virtual hosting aside, if the a target host's IP may be logged, and since DNS names, embodied here as "URLs" and IP are very obviously interrelated, again, virtual hosts aside, it seems this argument is somewhat of a smokescreen to force debate on whether or not pen-traps in general should be allowed.
And since they were allowed before PATRIOT, the answer seems clear: if PATRIOT's expansions to the existing statues to accommodate new communications technologies were appropriate, all that's left is determining what exactly is included. And if "IP addresses" are included, which would logically include target hosts, it would seem that DNS names used to arrive at said IP addresses are intrinsic to the nature of their usage. So disagree with pen-traps if you want, but don't rant and rave about PATRIOT, because it's not about that (though many would desperately want you to think so).
Re:Considerations (Score:5, Interesting)
The issue is that people think that because they pay taxes, they should be able to get any document they want without paying anything extra. They'll call asking for "All documents related to X, Y, and Z.". Ignoring for the moment that FOI requests have to be in writing, that could amount to stacks of boxes worth of documents. They look at a potential bill of hundreds or thousands of dollars, and wonder how it could possibly cost so much.
There are a few things that cost money here:
1) Copying fees
Somebody's got to copy all those documents. Whether we have them onsite and one of our folks has to do it or we have to pay for outside counsel to do it (We pay attorneys' rates to our counsel, and you will reimburse us for that
2) Transport fees
If the documents you want are offsite, you're going to have to pay for a truck to fetch them. If we've got a truck coming from offsite storage anyhow, your documents can generally ride for no extra charge.
3) Time to find what you want
We don't have every document magically indexed so a minimum wage intern can find anything you can possibly want. Your request will have to go to our human SQL engines. These people are amazing, know a ton, and cost money. They've been working for us for a long time, and are very busy. If they can fit your request into their normal workflow, great, but if not, you're going to have to pay extra for their time.
We don't price-gouge folks on these things. It's important for people to realise that FOI requests cost agencies money, and we will pass on whatever charges we incur to the requester. Many people decide that they really don't want as many documents as they thought--or any at all--once they realise it'll cost them money.
I'm not trying to discourage people from making FOI requests. I think it's important for people to know what their government is doing on their behalf. What I'm trying to say is that if you ask for all documents related to X, Y, and Z, and that comes to a few million pages, be prepared to get precisely what you asked for--and to pay for it.
Also, as much as we'd like for our human SQL engines to be infallible and be able to recall every document related to anything you could possibly want, it is possible we'll miss something. We don't intentionally withhold stuff you've requested. In fact, we will give you -precisely- what you've requested, so it's a very good idea to phrase your request carefully, so as to avoid a huge bill and a mountain of paper you don't want. We generally warn you if you request a mountain of data and sound like you're expecting 20 pages, but if you insist you want everything, you will get it. I don't know whether the FBI or the DOJ withholds data, but I'm pretty sure it's against policy and anybody caught doing so will be suitably reamed.
It's easy to get pissed off at a huge faceless agency and assume they're holding out on you because they're The Man and you're onto them. It may just be that the person who was tasked with your FOI request really truly couldn't find anything. Government agencies are staffed by humans, too.
Re:Considerations (Score:4, Insightful)
Re:Considerations (Score:3, Interesting)
We hire outside counsel as needed because it's cheaper than keeping our own host of specialised counsel on staff. I'm not aware of any instance where attorney/client privilege has been used to withhold files
Re:Considerations (Score:3, Insightful)
Your elected representatives were. They probably considered a host of reasons for opting to charge extra for FOI requests, including the following:
1) Somebody's got to pay for it, and raising taxes isn't generally a popular idea.
2) Many people and businesses use material obtained through FOI requests for financial gain. These folks have financial incentive to request everything they can get, and paying for these request
Google? (Score:2)
So, basicaly they are claiming that they can't give Google a call and buy one of those "Google for
Re:Considerations (Score:3, Insightful)
The whole concept of an index revolves around most-common keywords. You index what is most likely to be searched for -- that's why indexes enhance performance. Indexes are about speeding up queries -- they're not about filtering queries.
Surely the FBI employs someone that knows about "grep".
Heh (Score:3, Funny)
"The first rule about USA PATRIOT ACT is you do not talk about USA PATRIOT ACT," if you will.
Why does the title... (Score:5, Insightful)
Re:Why does the title... (Score:2)
Whether it's fair to call the government "Big Brother" is another argument altogether, but if they are snooping on us in the way EFF is asking about, it sounds fair to me.
Re:Why does the title... (Score:2)
The government has shown its desire and willingness to do this, so we have concrete evidence we should be worried about it.
Re:Why does the title... (Score:2, Interesting)
There potentially plenty of little brothers out there too, and best practices are to encrypt.
Remember to play them against each other too: if Big Brother ever asks why you encrypt everything, you can truthfully tell him you're protecting yourself from organized crime, nosey snoopers, terrorists, direct marketers, etc.
"Computer, I encrypt so that COMMIES(!) can't spy on us. Thanks to your teaching, I know they're everywhere! Oh, how I love the computer."
Re:Why does the title... (Score:2)
.
Encrypt what? (Score:3, Insightful)
I can run a 6400000-bit encrypted stream between site A and site B, but if I am financially attached to one of the nodes they will get the information they are looking for. This isn't about reading text as it flows through a router, it is about noting where a suspect communicates, how often, at what times, etc. Perhaps then expanding the search to other users of that location, as warrants are not needed for execution.
Not to nitpick (Score:2, Informative)
Dear Diary (Score:3, Funny)
(Attention Carnivore, this post is intended as a joke, for the recipient only.)
Re:stationary v. stationery (Score:3, Funny)
I didn't see anything in his post about not liking gay people; are you sure?
Re:homoPHONIA. from homophone. look it up. (Score:3, Funny)
While I'm at it, shall I look up pedantic, obtuse, and naive for you?
See, there's this thing called humor, and it isn't always accompanied by the use of numbers as letters... I'm sorry that you didn't get it, but if I'd just said "LOLOLO!!!11!!! homophonia 50u|\|d5 1ik3 |-|0m0p|-|0bi4 !!!11!!!" it just wouldn't have been funny AT ALL.
But I appreciate the effort. It's nice to see the new folks chiming in around here.
Good! (Score:4, Insightful)
What you don't realize (Score:5, Funny)
Re:What you don't realize (Score:2, Funny)
signed,
the Ministry of Information, c.o. the CIA
It seems odd to want privacy on the 'net. (Score:4, Insightful)
Re:It seems odd to want privacy on the 'net. (Score:4, Informative)
The Metropipe Tunneler [metropipe.net] is pretty cool. Cross platform client software to encrypt all of your Internet traffic out to a server that keeps no logs. Kind of steep at $99 a year
Also cool is the free Metropipe VPM [metropipe.net] which is a complete linux system that fits on a USB drive, and somehow includes their tunneling service for free...
How's this for evidence (Score:5, Funny)
You self gratify in front of your computer at least 3 times per week.
And now you are looking at the back of your monitor to see how we did it....
Re:How's this for evidence (Score:5, Funny)
Ah-ha! Proof that you are only watching 10% of the time! You were a fool to give that away...
Re:How's this for evidence (Score:2)
FBI watching (Score:4, Funny)
Joe#23153445 : URL http://www.*censored*.com
FBI guy : Great p0rn!
Joe#23153445 : URL http://www.*censored*.com
FBI guy : Damn, that user got tastes!
Joe#23153445 : URL http://www.*censored*.com
FBI guy to others FBI agents : I will keep watching user Joe#23153445 for a while, his activities seem suspecious. I will need extreme concentration, you can dismiss now.
Set up a "Honey pot"? (Score:3, Interesting)
Re:Set up a "Honey pot"? (Score:2)
Enjoy the weather in Cuba.
Re:Set up a "Honey pot"? (Score:3, Informative)
Most of you have it... (Score:2, Insightful)
There are millions of "transactions" going on every second
If someone wants to listen to YOU specifically, they need to know you exist...
Carnivore is dead, but what good was it anyway? With anon servers, and other tricks, like encryption, and attachments, how could they even know what is going on?
So, if the FBI or anyone takes an interest in YOU it is because you came to be on their radar in some way...either by visiting a suspected web site, or sending e-mail to a sus
Re:Most of you have it... (Score:3, Insightful)
Is it monitoring "terrorist" websites? Maybe. What about child porn websites. Possibly. Those are all concidered "legitimate" targets, right?
Who decided?
What if they decide to monitor pro-marijuana sites? Well, people shouldn't be smoking that stuff anyways. Hmm. Okay, then what about sites with the word "gay" or "lesbian". We can weed out those underisables. They can tag any "abortion" sites too.
Did someon
Reflection on Intelligence - Embarrassing. (Score:3, Insightful)
Apparently the FBI don't index things very well (Score:2)
There are databases out there which index every single word in a document. I think one of them is called "Google". You might have heard of it. The idea that the electronic records cannot be indexed or searched by Glimpse, Harvest or some other search engine is stupid. We may be uncouth, unwashed and undesira
statistically speaking... (Score:3, Interesting)
Chances of a child dying in a third world country before you finish reading this post: 100%
Chances of corporations being allowed to pump shit into the atmosphere until everyone with beach front property ends up having a really bad century: 100%
Chance of a really imporant species becoming extinct for no other reason than to increase shareholder value before the end of today: 100%
Chance that Monsanto is not telling us the 'whole truth' when it comes to genetically modified food (they've done it before guys): very freakin high
etc etc
Not trying to knock peoples beliefs here, but seriously...for sheer return on investment, isn't there a bunch more useful things to get angry about?
There are some real threats to this world, generally, your government is too stupid/apathetic/disorganized to be one of them.
'False Negative' seems more than likely (Score:3, Informative)
Never mind the Internet .. (Score:2, Insightful)
the internet was -never- free, nor -ever- safe from big brother. its pretty ludicrous that we're 'fighting for the Net', when in fact it was the 'net info apparat which gave Big Brother the leg-up it needed in the first place
the big question is this
every computer in existence is prime tar
what about submit method = GET? (Score:3, Insightful)
Death To FOIA? (Score:3, Interesting)
Can anyone substantiate this argument? If so, how can an act that is used at least two million times a year [gao.gov] be killed without any outcry from the public?
a thought on the current state of the US gov't (Score:3, Insightful)
there are quite a few threads under this story about civil rights in the usa and their abridgement since 9/11.
remember when it happened? the immediate consensus afterward was that we needed to carry on with our lives as before, or else "the terrorists would have won." we couldn't allow them to cow us, by god!
but, after all, we did change the way we live, with all this "homeland security" and "USA-PATRIOT" and guantanamo and abu ghraib and all the other abridgements of civil and human rights... the sad truth is that, thanks to the current administration, "the terrorists" did win...
i leave you with this quote from louis brandeis:
"experience teaches us to be most on our guard to protect liberty when the government's purpose is beneficent. men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. the greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding."
Re:Which is more important? (Score:4, Funny)
Re:Which is more important? (Score:5, Insightful)
It's the whole "those who are willingly to sacrifice freedom for security deserve niether" bit.
Re:Which is more important? (Score:4, Funny)
Don't worry about that last question, we know the answer. We'll be at your house about 10 minutes after you get home from work.
And seriously, you should be getting back to work. You owe it to your employer, and to help the economy, which prevents terrorism!
See you soon flewp.
--The Man
Re:Which is more important? (Score:3, Informative)
link [nytimes.com], second source [missouri.edu]
From the NYT article:
Federal authorities made a total of 1,727 applications last year before the Foreign Intelligence Surveillance Court, the secret panel that oversees the country's most delicate terrorism and espionage inves
Re:Which is more important? (Score:2)
Re:Which is more important? (Score:2)
Re:Which is more important? (Score:2, Interesting)
Re:Which is more important? (Score:2, Funny)
Hilarious! (Score:2)
That was a good one!
Re:Which is more important? (Score:5, Insightful)
Re:Which is more important? (Score:3, Insightful)
Re:Which is more important? (Score:3, Insightful)
Re:Which is more important? (Score:5, Insightful)
Re:Which is more important? --VALID QUESTION (Score:2)
False dichotomy (Score:5, Funny)
Which is more important:
Not being raped by a herd of goats
or
The lives of thousands or even millions of Americans that could be slaughtered in a terrorist attack?
Obviously the later is more important. So down on all fours, bucko. No, no, too late to protest now. We have to Fight Terror!
Re:Which is more important? (Score:5, Insightful)
If a terrorist attack occurs killing millions of people, the people would have been wise to reflect upon their actions. What suffering they must have caused to fuel such an attack.
Facing the idea that Terrorism is just an artifact of the way global politics are handled will be tough for America. Given a seat at the negotiating table, and an honest ear to hear their side, who would choose terror ?
Taking away my freedom will not change global politics, and will not reduce the root causes of terrorism.
Re:49% (Score:2)
Not everyone votes remember!
Re:49% (Score:4, Insightful)
As has been pointed out multiple times, in the grand scheme of things the difference between R's and D's is miniscule in this country. BOTH parties believe in bigger government, BOTH parties believe in more control over the lives of citizens, BOTH parties are willing to sell you down the river in a heartbeat.
If 49% had tried to make a difference, they would have brought in new voices to the political scene.
Yer talkin revolution. (Score:2)
Re:Quibble... (Score:5, Insightful)
Re:Quibble... (Score:4, Informative)
And a single IP address can resolve to tens of thousands of hostnames/urls by using virtual hosts.
Re:Quibble... (Score:3, Informative)
Let's not forget dynamic DNS entries. One website, many IPs.
Are the waters muddy enough yet?
Re:Quibble... (Score:3, Insightful)
Re:Quibble... (Score:5, Informative)
1. The protocol.
2. The domain name.
3. Port numbers.
4. Page addresses.
5. Data, such as login names, page parameters, and so on.
The last item, in particular, has far greater scope than an IP address. It's much more like content; it can contain data that you provide for, say, addressing an email, or adjusting an account balance. (Just extemporising here. The actual usage varies enormously.)
So no, URLs are very different to IP numbers.
Oddly enough, EFF wants to monitor traffic (Score:3, Informative)
Re:Oddly enough, EFF wants to monitor traffic (Score:2)
While we don't know exactly what method would be used to measure what songs were the most popular, there are several that have been proposed, including traditional sampling. The statement you misread was probably the one about measuring what people are sharing on filesharing networks. On must such networks, you publicly advertise what you are sharing. (That's how the RIAA is finding the people to sue today without breaking any
Re:Oddly enough, EFF wants to monitor traffic (Score:2)
Well, quoting from your/EFF's document [eff.org], it says: "Figuring out what is popular can be accomplished through a mix of anonymously monitoring what people are sharing"
That sounds like monitoring to me.
To follow one typical line, how can you "anonymously monitor what people are sharing" but also detect attempts to "game" the system?
btw, I'm not sure if you've
Be alert (Score:5, Interesting)
Evidently months ago he bought the same kind of lighter fluid that was used to light his own house on fire with his wife and kids inside. He was pretty much going to 'pound me in the ass prison' until someone else 'fessed up to lighting the fire (the family didn't get hurt in the fire, IIRC.)
If you think for 60 seconds you aren't being watched - ask that guy.
Re:Be alert (Score:2)
Re:Be alert (Score:3, Informative)
Doesn't Matter (Score:5, Insightful)
You still stand a greater chance of dieing in a car crash or being shot by someone you know than getting killed in a terrorist attack.
Terrorism does *NOT* justify the abridgement of civil rights. *NOTHING* justifies the abridgement of civil rights.
Re:Doesn't Matter (Score:5, Informative)
Man, that's HARDLY putting it into perspective.
Death Stats [the-eggman.com]
An American is about FIFTEEN TIMES more likely to die of renal failure than terrorism. TEN TIMES more likely to be killed by a gun than die of terrorism. About four times more likely to die from falling (ahem, presumably this doesn't count falling off the WTC). An American is statistically more likely to drownd than die of terrorism, and yes that includes people living in the desert.
If you're going to put it into perspective, use some hard evidence. ;)