FBI Accidentally Received Unauthorized E-Mail Access 122
AmishElvis writes "The New York Times reports that 'glitch' gave the F.B.I. access to the e-mail messages from an entire computer network. A hundred or more accounts may have been accessed, rather than 'the lone e-mail address' that was approved by a secret intelligence court as part of a national security investigation. The episode was disclosed as part of a new batch of internal documents that the F.B.I. turned over to the Electronic Frontier Foundation, as part of a Freedom of Information Act lawsuit the group has brought."
FISA court: whatcouldpossiblygowrong (Score:5, Funny)
Better cover it up.
Oops, we botched that too.
Re: (Score:3, Insightful)
A cheap Linux box running Sendmail and an installation of OpenSSL to let Sendmail be able to run SMTPS.
On top of that use a POP3/IMAP server that can do POP3S/IMAPS and you can access your mail without the risk of an accidental peek.
Unauthorized in today's world? (Score:5, Interesting)
Re:Unauthorized in today's world? (Score:4, Insightful)
Sounds fine on Slashdot, alt.politics groups, or black helicopter chat, but in reality you can't even try to go in with that position as a prosecutor. Even a conservative judge will hand you your ass.
Re:Unauthorized in today's world? (Score:5, Insightful)
I think what the GP meant was that there would be some sort of quasi-official authorization. Along the lines of making all of the evidence classified beyond the judges level to ever see the it, or some kind of DHS gag order + infinite postponement of the trial. Simply a classified letter from an FBI big telling the prosecutor or judge not to pursue the matter any further might work just fine. The is a fair amount of risk in challenging it, a risk many people would not like to take. I'm sure there are ways for the security portions of the government to be technically "cooperating" but never actually have to really answer to a judge. There are parallels to this kind of behavior where the politically powerful simply refuse to comply with the law and seem to be getting away with it. [democrats.com]
Re: (Score:1)
Now, normally, Id mod this troll, but there is just so much veniment anger, he might go postal. Better
Re: (Score:2)
No, the stuff that makes up the grim reality of what is going on in what is supposed to be the free'est nation on earth. Slashdot may have a liberal bias, but that doesn't change the fact that these things really do happen. Look back through the past stories on here and check the sources, particularly from the Politics and YRO sections. Links? Find them yourself, it's not my job to educate you.
Re: (Score:2)
Re: (Score:2)
If the intention is actually to take a case to court? If the idea is to get a "plea bargin" or simply harrasment then it dosn't matter what a judge would or not do.
Re: (Score:2)
It's not unheard of the the secret police apparatus to covertly blackmail public figures. The FBI used to do it all the time under J. Edgar Hoover.
The fig leaf of "authorization" might not make much difference to a judge, but it makes all the difference to what people who are normally expected to obey orders from above. In our system they're supposed to obey only lawful orders, but the ordinarily virtuous qualities o
Re: (Score:2)
Re: (Score:1)
Sure. I can say that nobody is authorized to access my computer except myself. Anyone doing so is therefore unauthorized. If you meant, can it be considered illegal? Yes again. The real question: will the government be held to the law? No, because the US government considers itself above the law, and since it enforces it, it won't be held to the law.
Re: (Score:2)
There's always spying on other parts of government together with there no doubt being some "patrician list" on individuals who should not be spied upon.
Especially if there is actually a good reason to be carrying out an investigation on these entities. Given history, just about any govern
Trust the FBI? (Score:5, Funny)
Re: (Score:3, Interesting)
Still, it's reassuring to know that cockup still beats conspiracy, given enough time and sufficient monkeys.
Re: (Score:2)
The problem is that there are too many "monkeys" in the first place. You fix a conspiracy by removing the conspirators, you fix a cockup by removing the incompetent.
Re: (Score:1)
Uh... wait a minute...
Something doesn't fit... (Score:5, Funny)
Wait a minute, that's it!
You're a spy! No self-respecting Slashdotter would willingly still have a Hotmail address! You're one of them!
Re: (Score:2, Funny)
Re: (Score:1)
Re:Trust the FBI? (Score:4, Insightful)
The FBI will have no fear of any such consequence. Illegally overstepping their bounds and then saying "oops" is about all you'll hear about this ordeal. I'm sure some calls for investigation will be made and someone might have a dispassionate speech on C-SPAN and then it will all be swept under the rug. It might even pave the way for the FBI to request this type of access for the future if they can "prove" that it's in the interest of "national security".
Re:Trust the FBI? (Score:5, Informative)
This being Slashdot, I can probably assume that you didn't bother to RTFA before posting, but if you had, you'd have kept your foot out of your mouth. The FBI requested that an ISP send them copies of all email sent to one address at a small domain. The ISP screwed the pooch and sent them all email sent to that domain. The FBI noticed that they were getting way too much email, found out what had happened and corrected it. At no time did they overstep their bounds, because they only asked for what a judge said they were entitled to. I hope this makes enough sense to you that you can remove your tinfoil hat, but frankly, I doubt it.
Re: (Score:1, Flamebait)
Re: (Score:3, Interesting)
Y
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
So, the users whose mail was wrongfully given to the FBI could sue the ISP, then. Oh wait, the FBI isn't going to tell them about it. It's not going to tell anyone what the domain is, or who the ISP is, either. State secret.
Re: (Score:2, Insightful)
So, the users whose mail was wrongfully given to the FBI could sue the ISP, then. Oh wait, the FBI isn't going to tell them about it. It's not going to tell anyone what the domain is, or who the ISP is, either. State secret.
That might tip off the person whose e-mail they were reading.
Re: (Score:2)
So are you saying that when the case is over (they bring charges or decide there wasn't anything there), they'll notify everyone who was inadvertently snooped? That then we'll see it in the news?
Note that the intelligence official quoted in TFA says it's not a rare occurrence, "it's common".
If you think they'll do that, I've got a bridge for sale that you might be interested in buying.
Re: (Score:1)
Re: (Score:2)
You seem to be assuming here that the FBI actually read all that email. I'm not saying that they didn't read any of it, but I see no reason to assume that they kept reading after they'd realized the error. Aside from your (understandable) mistrust of the FBI, do you have reason to think otherwise?
Re: (Score:2)
Not at all. I have no idea what the FBI did with the mail. I have no reason to believe they continued reading after realizing that they weren't supposed to have the mail, and I have no reason to believe that they didn't.
And it is not clear whether it was the FBI
Re: (Score:2)
There, at least, I agree with you. As far as saying that incidents like this are common, I don't know if sysadmins are trying too hard to cooperate, or if the FBI requests aren't specific enough. For that matter, it might be that they're written by non-techs, who aren't sure of the right way to get what they want and only what they want.
As far as not knowing if they read the ema
Re: (Score:1, Flamebait)
It was a mistake by the ISP, not the FBI. The FBI noticed the mistake and told the ISP how they had errored.
I mean if they really want to get upset, get mad at Bill Clinton for approving [wikipedia.org] that Carnivore project [wired.com] instead of vetoing it for the FBI so ISPs can keep track of email and send copies to the FBI in the first plac
Re: (Score:2)
Re: (Score:2, Insightful)
I know of at least one...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Ironically someone like UBL. You might not like his motives or goals, but at least he's honest about them.
Headline: Sysadmin fouls up filter (Score:5, Insightful)
Seriously. What's the story here? Some sysadmin who apparently didn't know what he was doing put the wrong thing in his e-mail server configuration and inadvertently sent all e-mail for the entire domain instead of e-mail for one address.
Mistakes happen all the time. The appropriate thing to look for is whether the mistake was caught and corrected in a timely fashion. It seems that the mistake was caught and corrected in a timely fashion which basically makes this a story about an everyday occurrence.
This story might make a good one for some sysadmin journal reminding sysadmins to document policies that help ensure mistakes do not happen and if they do are caught by the company itself instead of by the FBI. For example, a simple procedure would be to check the appropriate logs after changing the configuration to make sure the configuration is doing what it was intended to do.
Re: (Score:3, Insightful)
Funny. Obviously it's not routine at all so the chances of making a mistake are even greater. You don't need to file it in some secret folder though. It's no secret at all that when the government produces a valid warrant you need to comply with it or be held in contempt of court. And if I were the sysadmin, I'd be looking through the e-mail myself, not just sending it to the government. If the government is that interested in it then something very wrong is most likely to be going on and I'd like to k
Re: (Score:1)
Wow, what a dumb fuck. Except he got paid loads until he was caught.
Hope the email is quoted in references for future potential employers.
Re: (Score:2)
Yes he did. And that was exactly the point of his e-mail. He got paid very well while we were paying him. I don't believe he landed us a single contract! He had the dubious honor of being one of maybe 2 or 3 people to be fired in the past decade.
As for references.. well, what can you do? Quoting that e-mail would potentially open up the company to a defamation suit so that's not an option. Not to mention that you don't really want to make it well-known that you hired a con man. As far as the compan
Re: (Score:1)
Especially if they're a competitor
I guess this is why many "business development" roles have most of the wage in commission.
Re:Headline: Sysadmin fouls up filter (Score:4, Insightful)
I think the idea is if this happens once it could happen again without too much effort. There is no real oversight on how the FBI, NSA, DHS, or any other organization acquires information nor a transparent way to gather such data.
Now, I really don't see any malicious intent on the FBI with this since of the old adage "Never attribute to malice that which can be adequately explained by stupidity." but I get the sinking feeling that they would often find themselves in situation in which they are too lazy to follow procedure and due process like maybe a warrant.
Re:Headline: Sysadmin fouls up filter (Score:5, Informative)
You did read the article right? It wasn't the FBI that screwed up. The FBI caught the mistake that the company's sysadmin made when setting up the eavesdropping.
Yes, it can happen again without too much effort. What are you going to do to fix it? Send the FBI in to set up the eavesdropping themselves so the sysadmin doesn't screw it up? Keep in mind we're talking about a run of the mill court-ordered warrant here. It's a very standard and very legal way to gather evidence. This story has very little if anything at all to do with post-9/11 surveillance or FISA or anything else that might be questionable or debatable. No where in the article does it say that the surveillance was set up as part of a FISA warrant which leads me to believe that the Times reporter is trying to feign a connection for scare value.
I hate to say it but I think the debate is pretty much closed on court-ordered warrants. If the court orders them and you don't have any legal argument to squash the order then you have to comply with it or be found in contempt of court. There's nothing really secretive about the process either, except ideally to the person who's being surveilled.
Re: (Score:2)
Re: (Score:2)
It's part of the price we're paying, and we need to know that if we're going to make informed decisions about a society as to what is acceptable.
[Of course, the fact is that regardless of this particular side-effect, there's ZERO legitimate democratic process happening around this topic anyway. But he
Re: (Score:3, Informative)
Oh noes, some idiot sysadmin accidently sent my e-mail to the FBI. Someone call a congressional hearing.
If it's that confidential that someone else seeing it would be a serious problem, use encryption. There's no way they accidently get copies of your crypto keys. Better yet, don't send it in an e-mail, don't write it in a letter, and don't say it over the phone. If it really needs to be kept a secret, have a face to face meeting. If it doesn't need to be kept that much of a secret (and 99% of things
Justice and Pragmatism (Score:1)
Tag (Score:1)
</conspiracy-theory>
Whose Glitch? (Score:3, Insightful)
Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the FBI is citing that totally ambiguous blame, but what is the real story?
If the ISP screwed up, then it should get sued by the extra people whose mailboxes it turned over without authorization. If the FBI "screwed up", then it's just another example of why these courts cannot be secret if the government is to do its job protecting our rights - including protecting us from the government.
Re: (Score:2)
According to the article...
A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network -- perhaps hundreds of accounts or more -- instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.
Later, F.B.I. officials blamed an "apparent miscommunication" with the unnamed Internet provider, which mistakenly turned over all the e-mail from a smal
Re: (Score:2, Interesting)
Imagine if a sysadmin "accidently" rerouted the companies email to their competitors (which might even be legal, if stupid)... Would the FBI acc
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Until there's proof whose "glitch" this was, there's absolutely no sense "trusting the FBI" on this. Especially not this FBI, especially not in FISA matters, after their track record.
And especially not in America, which was built on not trusting the government.
Re: (Score:3, Insightful)
Re: (Score:2)
I have an open mind to evidence. My head just doesn't have the kinds of holes that allows it to speculate that the current FBI will tell the truth when it's caught violating people's privacy rights. With the mountain of evidence against that in so many other cases, a mind that open is really just a spy's dream.
Re: (Score:2)
And you're trying to replace it with an assertion that they were acting improperly; an assertion, I might add, for which you offer no evidence.
Re: (Score:2)
Like when I said [slashdot.org] "Until there's proof whose "glitch" this was, there's absolutely no sense "trusting the FBI" on this."
Or when I said [slashdot.org]
Re: (Score:2)
Not so. I've just looked at the story as given and see no obvious reason to disbelieve it. You, OTOH, seem to think that you must disbelieve any and everything the FBI says until it's been confirmed by an independent source. Of course, it might have to do with the fact that I've met a few FBI and DEA agents, and found them to be just like everybody else.
Once, years ago, I was working for a company that was doing large-scale reproductions for a big drug bust
Re: (Score:2)
Getting more info than they can use has in no way stopped the FBI from requesting, and just grabbing without request, all kinds of info in the past 6 years.
If you still don't get that, it's obvious that you voted for Bush in 2004, even if you won't admit it.
You people don't even realize that you're completely obvious in what's wrong with the way you worship
Re: (Score:2)
Re: (Score:1, Insightful)
Re: (Score:2)
Two important questions here:
Neither question is important (Score:3, Interesting)
Two important questions here:
Actually, neither of them are important.
If the ISP actually misunderstood the surveillance request, why didn't they get confirmation? Asking for one person's email to be sent is one thing, but a request for the entire domain's email to be forwarded sounds too broad to be legitimate.
It sounded to me, from reading TFA, that it was an accident on the part of the ISP. The FBI didn't ask for it.
When the FBI found they were getting email from individuals other than those they wanted. Did they promptly delete the email unread and report to the admin? Or did they think, "Hmmmm. Well, since we're already getting it..."
The truth is that FBI agents are actually very, very busy people. They are often working a bunch of cases at once and they don't have enough time to go on illegal fishing expeditions that wouldn't be admissible in court anyway.
Re: (Score:2)
You can chant "tinfoil hat" all you want. The FBI is the one which the evidence shows actually had a lot of spying that it wasn't entitled to. Let's see its evidence that it was the ISP before giving that agency any benefit of the doubt.
Re: (Score:2)
You're right - if you just take the FBI at it's word. Why on Earth would you do that?
Because the FBI's story makes sense and yours doesn't. You seem to have forgotten to think it through. How did the EFF know to file a FOIA request for these specific files? (Remember that FOIA requests have to be very specific. If they too broad or fishing expeditions, they are not valid.) Simple, because the FBI reported the incident to the FISA court and the Oversight Committee. In other words, we know this took place because the FBI told us so -- and you seem to be taking the FBI at its word jus
Re: (Score:2)
One oth
Re: (Score:2)
Some companies (like dyndns.org) allow people to manage their own DNS records for dynamically assigned IP addresses from cable networks. You basically choose a generic domain like
Re: (Score:2)
Re: (Score:2, Interesting)
Re: (Score:2)
You're just another coincidence theorist. Haven't you noticed what the FBI has been caught doing in this area already, despite the most secretive presidency in history? Don't you value your rights more than you value reading nerd tech porn?
Re: (Score:1)
Re: (Score:2)
It's not true that "every single little thing the goverment does is some kind of conspiracy or abuse", but it's also true that there have been many abuses and coverups. Very specifically at the FBI while spying on domestic communications. This would be just one more example of something already proven. And the way you know that this is not an example of that is... the NY Times was told by the F
Re: (Score:1)
Re: (Score:2)
What you're calling "tact and class" is just den
What I want to know (Score:4, Interesting)
When I read this, I wasn't wondering how that happened, or what the nature of the "glitch" was, or how many accounts were accessed. What I was wondering is WHY THE FUCK DOES THE UNITED STATES HAVE A SECRET COURT OF ANY KIND?!?!. Yeah yeah, to protect the children, save the whales, stop the terrorists, keep you safe, "our intentions are pure and we're really a bunch of big-hearted individuals who care about your well-being" etc... I still don't know what is wrong with the assholes who actually believe this shit.
And hell, I want to believe we have a good, honest government. The fact is, we don't. I don't understand what being in this level of denial is supposed to do to remedy the situation. There is a very good reason why the founding fathers intended for most of our interaction with government to come from the local and state level. The only thing the federal government can do that the state & local governments cannot do is resolve disputes between states, conduct foreign policy, regulate interstate trade, oh and it can slowly become a dictatorship too. Speaking of remedies, I'm betting that nothing will happen either to the FBI as an organization or to the individuals who made this "mistake", that at most they will receive a slap-on-the-wrist.
Re:What I want to know (Score:5, Interesting)
This is not a "secret court" in the sense of a court that sends people to prison (the US has those, too, but they are still limited to the military and Guantanamo). Rather, it's a court that acts as an additional control for police and secret service actions.
Such a "secret court" is a good thing, because it provides judicial review for actions that would otherwise not be subject to judicial review at all.
Re:What I want to know (Score:5, Insightful)
Fixed that for you.
Check out the denial records of that court since the 70s. That should tell you just how detailed the FISA rubber stamp looks at those warrant petitions.
stupid (Score:2)
Now, we can have a separate discussion about whether this secret court is working.
Check out the denial records of that court since the 70s. That should tell you just how detailed the FISA rubber stamp looks at those warrant petitions.
OK, well, note that there is a record, and that we can actually see whether the court is worki
Mistakes happen but only continue to happen... (Score:3, Insightful)
"But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: "It's inevitable that these things will happen. It's not weekly, but it's common."
This falls into the area of cheating in a manner that an excuse can be used to "get away with it". This sort of cheating had been labeled "Neo-cheating" and is a form of dishonesty that is easy to apply and safe from proof.. "Oh it was just an honest mistake." Technology should not be an escape goat for such obvious deceptions.
To give a simple example of a verification loop, when you sign up for a mailing list, messages boards, etc., in order to prevent spamming email accounts etc, there is a feedlack verification loop used. The point is, there are ways to prevent such spying "mistakes" from happening. And there should have already been such methods being applied as standard practice.
The "it's not weekly but its common" is nothing but evidence of intent to cheat and to continue it.
This "allowing deception" is similar electronic voting security failure vs. ATM financial security practices.
Computer technology is not an excuse, but a way for dishonest human intent to hide behind technology excuses.
Re: (Score:1, Funny)
Re: (Score:2)
Reading the article, we learn that a lot of the mistakes come from third parties. Larger service providers are accustomed to this sort of thing, but smaller entities may never have done this sort of thing before. They have neither the equipment nor the experience. They may be working with new equipment sent to them that they don't really know how to use.
Furthermore, translating the requirements of a warrant into a set of filtering rules is as error prone as writing any code, and diffic
What actually probably happened... (Score:1)
Since the code design is reused for every account it's not like they can ever control such a thing. While technically the internet is simply facilitating communication the run away effect of improvement of software should take place. This is happening but security
Whose e-mails? (Score:2, Insightful)
(TFAS is ambiguous, and TFA is behind a login screen.)
Thanks,
- RG>
Re: (Score:2)
-Mike
What we DON'T know (Score:4, Interesting)
The writer of this article, Eric Lichtblau, won a shared Pulitzer Prize for his work in exposing the illegal warrantless wiretapping program, authorized by the government and championed by the White House after 9/11. In fact, it was in existence even before 9/11, but that's another story entirely.
This program supposedly expired just yesterday when congress let the clock run out on its dependent legislation. The problem here, clearly, is that it doesn't matter if this program is never renewed; overproduction of data under FISA will still happen all the time. That's the entire point of this article. There are no checks and balances. There is no accountability. There is NOTHING. Total secrecy and legal immunity are all but guaranteed for the perpetrators. Period.
Ok, seriously... (Score:2, Interesting)
I wonder how long before ... (Score:2, Insightful)
The lesson (Score:1, Troll)
Re: (Score:1, Insightful)