Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Communications Government News Your Rights Online

FBI Accidentally Received Unauthorized E-Mail Access 122

AmishElvis writes "The New York Times reports that 'glitch' gave the F.B.I. access to the e-mail messages from an entire computer network. A hundred or more accounts may have been accessed, rather than 'the lone e-mail address' that was approved by a secret intelligence court as part of a national security investigation. The episode was disclosed as part of a new batch of internal documents that the F.B.I. turned over to the Electronic Frontier Foundation, as part of a Freedom of Information Act lawsuit the group has brought."
This discussion has been archived. No new comments can be posted.

FBI Accidentally Received Unauthorized E-Mail Access

Comments Filter:
  • by davidwr ( 791652 ) on Saturday February 16, 2008 @05:27PM (#22448312) Homepage Journal
    Oh wait too late.

    Better cover it up.

    Oops, we botched that too.
    • Re: (Score:3, Insightful)

      by Z00L00K ( 682162 )
      Which leads to the conclusion - run your own mailserver.

      A cheap Linux box running Sendmail and an installation of OpenSSL to let Sendmail be able to run SMTPS.

      On top of that use a POP3/IMAP server that can do POP3S/IMAPS and you can access your mail without the risk of an accidental peek.

  • by russlar ( 1122455 ) on Saturday February 16, 2008 @05:29PM (#22448326)
    Can any kind government access be considered unauthorized anymore? There have been so many executive orders, bending of laws, etc. that just about every form of government access to information is authorized by something.
    • by fishbowl ( 7759 ) on Saturday February 16, 2008 @06:58PM (#22448896)
      "There have been so many executive orders, bending of laws, etc. that just about every form of government access to information is authorized by something."

      Sounds fine on Slashdot, alt.politics groups, or black helicopter chat, but in reality you can't even try to go in with that position as a prosecutor. Even a conservative judge will hand you your ass.
      • by Original Replica ( 908688 ) on Saturday February 16, 2008 @07:37PM (#22449130) Journal
        just about every form of government access to information is authorized by something.

        I think what the GP meant was that there would be some sort of quasi-official authorization. Along the lines of making all of the evidence classified beyond the judges level to ever see the it, or some kind of DHS gag order + infinite postponement of the trial. Simply a classified letter from an FBI big telling the prosecutor or judge not to pursue the matter any further might work just fine. The is a fair amount of risk in challenging it, a risk many people would not like to take. I'm sure there are ways for the security portions of the government to be technically "cooperating" but never actually have to really answer to a judge. There are parallels to this kind of behavior where the politically powerful simply refuse to comply with the law and seem to be getting away with it. [democrats.com]
      • by mpe ( 36238 )
        Sounds fine on Slashdot, alt.politics groups, or black helicopter chat, but in reality you can't even try to go in with that position as a prosecutor. Even a conservative judge will hand you your ass.

        If the intention is actually to take a case to court? If the idea is to get a "plea bargin" or simply harrasment then it dosn't matter what a judge would or not do.
      • by hey! ( 33014 )
        The damage, unfortunately, may be done before the matter ever gets to a judge, if ever.

        It's not unheard of the the secret police apparatus to covertly blackmail public figures. The FBI used to do it all the time under J. Edgar Hoover.

        The fig leaf of "authorization" might not make much difference to a judge, but it makes all the difference to what people who are normally expected to obey orders from above. In our system they're supposed to obey only lawful orders, but the ordinarily virtuous qualities o
    • And if something wasn't authorized then the investigation seems to just disappear and no one is ever punished.
    • Can any kind government access be considered unauthorized anymore?

      Sure. I can say that nobody is authorized to access my computer except myself. Anyone doing so is therefore unauthorized. If you meant, can it be considered illegal? Yes again. The real question: will the government be held to the law? No, because the US government considers itself above the law, and since it enforces it, it won't be held to the law.

    • by mpe ( 36238 )
      Can any kind government access be considered unauthorized anymore? There have been so many executive orders, bending of laws, etc. that just about every form of government access to information is authorized by something.

      There's always spying on other parts of government together with there no doubt being some "patrician list" on individuals who should not be spied upon.
      Especially if there is actually a good reason to be carrying out an investigation on these entities. Given history, just about any govern
  • by Frosty Piss ( 770223 ) on Saturday February 16, 2008 @05:33PM (#22448348)
    So they "accidentally" gained access to more than what they where supposed to? Aren't we supposed to be able to TRUST them to stick to what they where authorized to access even if they "accidentally" gained greater access? If we can't trust the FBI, who can we trust?
    • Re: (Score:3, Interesting)

      by imipak ( 254310 )
      Glitch? Now where have I heard that word before...

      Still, it's reassuring to know that cockup still beats conspiracy, given enough time and sufficient monkeys.

      • by mpe ( 36238 )
        Still, it's reassuring to know that cockup still beats conspiracy, given enough time and sufficient monkeys.

        The problem is that there are too many "monkeys" in the first place. You fix a conspiracy by removing the conspirators, you fix a cockup by removing the incompetent.
    • Could be worst, they could have give access to a non-governmental organization... I wouldn't like a random company like say... Microsoft to have the control of my hotmail address...

      Uh... wait a minute...
    • Re:Trust the FBI? (Score:4, Insightful)

      by LilGuy ( 150110 ) on Saturday February 16, 2008 @06:40PM (#22448794)
      In my previous job I accidentally granted myself access as a domain administrator, not believing it would be so incredibly easy to do. That was grounds for firing, though they hung on to me, after I showed them I could also reset the passwords for anyone in the company using their in-house password utility.

      The FBI will have no fear of any such consequence. Illegally overstepping their bounds and then saying "oops" is about all you'll hear about this ordeal. I'm sure some calls for investigation will be made and someone might have a dispassionate speech on C-SPAN and then it will all be swept under the rug. It might even pave the way for the FBI to request this type of access for the future if they can "prove" that it's in the interest of "national security".
      • Re:Trust the FBI? (Score:5, Informative)

        by techno-vampire ( 666512 ) on Saturday February 16, 2008 @06:58PM (#22448894) Homepage
        The FBI will have no fear of any such consequence. Illegally overstepping their bounds


        This being Slashdot, I can probably assume that you didn't bother to RTFA before posting, but if you had, you'd have kept your foot out of your mouth. The FBI requested that an ISP send them copies of all email sent to one address at a small domain. The ISP screwed the pooch and sent them all email sent to that domain. The FBI noticed that they were getting way too much email, found out what had happened and corrected it. At no time did they overstep their bounds, because they only asked for what a judge said they were entitled to. I hope this makes enough sense to you that you can remove your tinfoil hat, but frankly, I doubt it.

        • Re: (Score:1, Flamebait)

          by Frosty Piss ( 770223 )

          At no time did they overstep their bounds
          You know this to be so? Or you blindly accept the word of the FBI that it is so? Which is it?
          • Re: (Score:3, Interesting)

            by Artifakt ( 700173 )
            It's not blind acceptance if you have evidence. To believe the FBI is lying about this, you have to also believe that they have voluntarily come clean about a situation where they could have just hidden all the facts by merely never bringing them up. They would have to be both honest and exceptionally punctilious, doing their full duty in accordance with the law, when it comes to some points we actually know, and dishonest only on one of the points we can't directly verify.
            Y
          • Re: (Score:3, Insightful)

            I RTFA, and found their claim reasonable under the circumstances. There didn't seem to be any reason for them to be interested in anybody's email other than that one person's, so why go to the extra effort of reading it?
        • by v1 ( 525388 )
          In a just world we'd be able to sue the ISP for breech of privacy.
          • Oh, you could probably sue if your email was involved but I doubt you could win. You'd have to make the jury believe that the ISP probably intended to give the FBI emails it neither had a right to have nor had asked for, and that's going to be a tough job. Juries tend to be understanding when it comes to simple mistakes.
        • Re: (Score:3, Insightful)

          by number11 ( 129686 )
          The ISP screwed the pooch and sent them all email sent to that domain. The FBI noticed that they were getting way too much email, found out what had happened and corrected it.

          So, the users whose mail was wrongfully given to the FBI could sue the ISP, then. Oh wait, the FBI isn't going to tell them about it. It's not going to tell anyone what the domain is, or who the ISP is, either. State secret.
          • Re: (Score:2, Insightful)

            by justinlee37 ( 993373 )

            So, the users whose mail was wrongfully given to the FBI could sue the ISP, then. Oh wait, the FBI isn't going to tell them about it. It's not going to tell anyone what the domain is, or who the ISP is, either. State secret.

            That might tip off the person whose e-mail they were reading.

            • That might tip off the person whose e-mail they were reading.

              So are you saying that when the case is over (they bring charges or decide there wasn't anything there), they'll notify everyone who was inadvertently snooped? That then we'll see it in the news?

              Note that the intelligence official quoted in TFA says it's not a rare occurrence, "it's common".

              If you think they'll do that, I've got a bridge for sale that you might be interested in buying.
              • Good point.
              • they'll notify everyone who was inadvertently snooped?


                You seem to be assuming here that the FBI actually read all that email. I'm not saying that they didn't read any of it, but I see no reason to assume that they kept reading after they'd realized the error. Aside from your (understandable) mistrust of the FBI, do you have reason to think otherwise?

                • You seem to be assuming here that the FBI actually read all that email... I see no reason to assume that they kept reading after they'd realized the error. Aside from your (understandable) mistrust of the FBI, do you have reason to think otherwise?

                  Not at all. I have no idea what the FBI did with the mail. I have no reason to believe they continued reading after realizing that they weren't supposed to have the mail, and I have no reason to believe that they didn't.

                  And it is not clear whether it was the FBI
                  • And it is not clear whether it was the FBI or the ISP who was at fault. Clearly someone was, and should be held responsible.

                    There, at least, I agree with you. As far as saying that incidents like this are common, I don't know if sysadmins are trying too hard to cooperate, or if the FBI requests aren't specific enough. For that matter, it might be that they're written by non-techs, who aren't sure of the right way to get what they want and only what they want.

                    As far as not knowing if they read the ema

        • Re: (Score:1, Flamebait)

          What can you expect from overzealous left-wingers who scream "Impeach Bush" louder than anyone and refuse to read original articles like that one, and just adlib and pretend to have read them?

          It was a mistake by the ISP, not the FBI. The FBI noticed the mistake and told the ISP how they had errored.

          I mean if they really want to get upset, get mad at Bill Clinton for approving [wikipedia.org] that Carnivore project [wired.com] instead of vetoing it for the FBI so ISPs can keep track of email and send copies to the FBI in the first plac
          • But...but...but if they did that, they'd have to admit that Saint Bill Clinton did something they didn't like and that wouldn't fit in with their liberal mindset, now would it? Can't have anything like that happening, can we? After all we all know that the liberals do no wrong and the conservatives do nothing but wrong. Never mind the facts, that's what their liberal dogma says and that's what they have to believe!
            • Re: (Score:2, Insightful)

              by FrkyD ( 545855 )
              Is it so hard to believe that there might be liberals who don't like what Bill Clinton did, don't trust what his wife would do and still manage to find most everything the Bush administration has done to be seriously screwed?

              I know of at least one...
              • Oh, I'm sure there must be a few out there, somewhere. However, all the shrill, hysterical voices abusing Bush seem to think that the Clintons are a pair of saints that can do no wrong.
              • I can think of a lot more than one. The half of the Democratic party that supports Barrack Obama instead of Hillary Clinton as President, for one clue.
        • by LilGuy ( 150110 )
          You're right in the assumption that I did not bother to read the fucking article, but not correct in the assumption of a tin foil hat. I do mistrust any government body that is as large and overpowering as the FBI, which as I always understood it, is a true patriotic pastime.
          • So, what you're saying is, you distrust the FBI not because of what it does but simply because it's big. Do you also distrust the FDA for the same reason, or the VA?
    • by mpe ( 36238 )
      If we can't trust the FBI, who can we trust?

      Ironically someone like UBL. You might not like his motives or goals, but at least he's honest about them.
  • by Jimithing DMB ( 29796 ) <dfe&tgwbd,org> on Saturday February 16, 2008 @05:34PM (#22448352) Homepage

    Seriously. What's the story here? Some sysadmin who apparently didn't know what he was doing put the wrong thing in his e-mail server configuration and inadvertently sent all e-mail for the entire domain instead of e-mail for one address.

    Mistakes happen all the time. The appropriate thing to look for is whether the mistake was caught and corrected in a timely fashion. It seems that the mistake was caught and corrected in a timely fashion which basically makes this a story about an everyday occurrence.

    This story might make a good one for some sysadmin journal reminding sysadmins to document policies that help ensure mistakes do not happen and if they do are caught by the company itself instead of by the FBI. For example, a simple procedure would be to check the appropriate logs after changing the configuration to make sure the configuration is doing what it was intended to do.

    • by vertinox ( 846076 ) on Saturday February 16, 2008 @06:02PM (#22448524)
      Mistakes happen all the time. The appropriate thing to look for is whether the mistake was caught and corrected in a timely fashion. It seems that the mistake was caught and corrected in a timely fashion which basically makes this a story about an everyday occurrence.

      I think the idea is if this happens once it could happen again without too much effort. There is no real oversight on how the FBI, NSA, DHS, or any other organization acquires information nor a transparent way to gather such data.

      Now, I really don't see any malicious intent on the FBI with this since of the old adage "Never attribute to malice that which can be adequately explained by stupidity." but I get the sinking feeling that they would often find themselves in situation in which they are too lazy to follow procedure and due process like maybe a warrant.
      • by Jimithing DMB ( 29796 ) <dfe&tgwbd,org> on Saturday February 16, 2008 @06:24PM (#22448678) Homepage

        You did read the article right? It wasn't the FBI that screwed up. The FBI caught the mistake that the company's sysadmin made when setting up the eavesdropping.

        Yes, it can happen again without too much effort. What are you going to do to fix it? Send the FBI in to set up the eavesdropping themselves so the sysadmin doesn't screw it up? Keep in mind we're talking about a run of the mill court-ordered warrant here. It's a very standard and very legal way to gather evidence. This story has very little if anything at all to do with post-9/11 surveillance or FISA or anything else that might be questionable or debatable. No where in the article does it say that the surveillance was set up as part of a FISA warrant which leads me to believe that the Times reporter is trying to feign a connection for scare value.

        I hate to say it but I think the debate is pretty much closed on court-ordered warrants. If the court orders them and you don't have any legal argument to squash the order then you have to comply with it or be found in contempt of court. There's nothing really secretive about the process either, except ideally to the person who's being surveilled.

        • No point in arguing with a lot of the people around here, they have their tinfoil hats on so tight that it's cutting off circulation to the brain. After reading the article it looks like the FBI did the right thing and let the company know that it made a mistake, sure they had access to a lot more email than they wanted, but what would they do with all of it? The vast majority of email is boring and inane, the guys at the FBI know this and don't really care about all the cruft anyway. All that they want
    • The story is that this kind of thing is inevitable (as an FBI source in the TFA says), yet it hasn't been part of the discussion we're having over the whole issue of wiretaps in the information technology era.

      It's part of the price we're paying, and we need to know that if we're going to make informed decisions about a society as to what is acceptable.

      [Of course, the fact is that regardless of this particular side-effect, there's ZERO legitimate democratic process happening around this topic anyway. But he
      • Re: (Score:3, Informative)

        Oh noes, some idiot sysadmin accidently sent my e-mail to the FBI. Someone call a congressional hearing.

        If it's that confidential that someone else seeing it would be a serious problem, use encryption. There's no way they accidently get copies of your crypto keys. Better yet, don't send it in an e-mail, don't write it in a letter, and don't say it over the phone. If it really needs to be kept a secret, have a face to face meeting. If it doesn't need to be kept that much of a secret (and 99% of things

  • The truth is justice systems everywhere will often employ the corrupt tactics that the criminal mind would expound. The result is a fragmented one, stemming from the inability to deliver justice without the compromise of justice.
  • This ought to be tagged with "!amistake".

    </conspiracy-theory>
  • Whose Glitch? (Score:3, Insightful)

    by Doc Ruby ( 173196 ) on Saturday February 16, 2008 @05:44PM (#22448418) Homepage Journal

    F.B.I. officials blamed an "apparent miscommunication" with the unnamed Internet provider, which mistakenly turned over all the e-mail from a small e-mail domain for which it served as host. The records were ultimately destroyed, officials said.


    Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the FBI is citing that totally ambiguous blame, but what is the real story?

    If the ISP screwed up, then it should get sued by the extra people whose mailboxes it turned over without authorization. If the FBI "screwed up", then it's just another example of why these courts cannot be secret if the government is to do its job protecting our rights - including protecting us from the government.
    • According to the article...

      A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network -- perhaps hundreds of accounts or more -- instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.

      Later, F.B.I. officials blamed an "apparent miscommunication" with the unnamed Internet provider, which mistakenly turned over all the e-mail from a smal

      • Re: (Score:2, Interesting)

        Interesting definitions. To me chatting up a 13 year old who turns out to be an FBI agent is a "apparent miscommunication". Spying on the wrong people in violation of a subpoena (I assume a judge ordered this) is not "miscommunication" if it also "technical glitch". It can be one or the other, but not likely both. Somebody dropped the ball. Yes, it is a big deal.
        Imagine if a sysadmin "accidently" rerouted the companies email to their competitors (which might even be legal, if stupid)... Would the FBI acc
      • Like I quoted myself in my post, the FBI implies it was the ISP, not the FBI. Especially with the current horrendous state of the FBI and the DoJ over it, especially in these domestic spying cases, the burden of proof is on the FBI to prove it was the ISP's mistake, not merely imply it to yet another credulous NY Times reporter.
    • The article clearly states that the FBI noticed that they were getting way too much email from that warrant, found out what was happening and notified the ISP. If they'd intentionally asked for more than they were entitled to, they'd have kept their mouths shut, wouldn't they?
      • No, not if they were afraid they'd get caught some other way. Which they weren't, not publicly, until the EFF filed its lawsuit, which could have found them out anyway. Telling the ISP, then managing the story, is standard CYA.

        Until there's proof whose "glitch" this was, there's absolutely no sense "trusting the FBI" on this. Especially not this FBI, especially not in FISA matters, after their track record.

        And especially not in America, which was built on not trusting the government.
        • Re: (Score:3, Insightful)

          Telling the ISP also what they'd do if they were telling the truth. And, "managing the story," as you call it, is just good public relations. You seem to have decided that no matter what happens, or what is uncovered, the FBI is at fault, and interpret everything from that POV. I, OTOH, see no reason, yet, to disbelieve them, but I'll look at any new evidence with more of an open mind than you appear to have on this subject.
          • No, I'm just being reasonable. I am debunking what was offered as certainty that the FBI was operating clean, which is far from certain, since we have only the FBI's assertion.

            I have an open mind to evidence. My head just doesn't have the kinds of holes that allows it to speculate that the current FBI will tell the truth when it's caught violating people's privacy rights. With the mountain of evidence against that in so many other cases, a mind that open is really just a spy's dream.
            • No, I'm just being reasonable. I am debunking what was offered as certainty that the FBI was operating clean


              And you're trying to replace it with an assertion that they were acting improperly; an assertion, I might add, for which you offer no evidence.

              • No. You are indulging in the false dilemma [wikipedia.org] fallacy. I am saying that the FBI's story cannot be just taken as the facts.

                Like when I said [slashdot.org] "Until there's proof whose "glitch" this was, there's absolutely no sense "trusting the FBI" on this."
                Or when I said [slashdot.org]

                Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the

                • You're clearly biased in favor of the FBI.

                  Not so. I've just looked at the story as given and see no obvious reason to disbelieve it. You, OTOH, seem to think that you must disbelieve any and everything the FBI says until it's been confirmed by an independent source. Of course, it might have to do with the fact that I've met a few FBI and DEA agents, and found them to be just like everybody else.

                  Once, years ago, I was working for a company that was doing large-scale reproductions for a big drug bust

                  • Frankly, I find it hard to imagine people like that asking for excessive information except by accident, because I doubt they'd know what to do with it.

                    Getting more info than they can use has in no way stopped the FBI from requesting, and just grabbing without request, all kinds of info in the past 6 years.

                    If you still don't get that, it's obvious that you voted for Bush in 2004, even if you won't admit it.

                    You people don't even realize that you're completely obvious in what's wrong with the way you worship

                    • Yes, I think this "conversation" has gone about as far as is possible because there can be no meeting of the minds. No matter what I say, you spout left-wing, anti-Bush hatred and I'm trying tot be reasonable.
                    • Re: (Score:1, Insightful)

                      by Anonymous Coward
                      You have learned a valuable lesson in debating DocRuby. He cloaks his logical fallacies by accusing you of using them.
    • by SeaFox ( 739806 )

      Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the FBI is citing that totally ambiguous blame, but what is the real story?

      Two important questions here:

      • If the ISP actually misunderstood the surveillance request, why didn't they get confirmation? Asking for one person's email to be sent is one thing, but
      • Two important questions here:

        Actually, neither of them are important.

        If the ISP actually misunderstood the surveillance request, why didn't they get confirmation? Asking for one person's email to be sent is one thing, but a request for the entire domain's email to be forwarded sounds too broad to be legitimate.

        It sounded to me, from reading TFA, that it was an accident on the part of the ISP. The FBI didn't ask for it.

        When the FBI found they were getting email from individuals other than those they wanted. Did they promptly delete the email unread and report to the admin? Or did they think, "Hmmmm. Well, since we're already getting it..."

        ...and anything they read in there would be inadmissible in court since it wasn't obtained from a proper warrant. So why bother?

        The truth is that FBI agents are actually very, very busy people. They are often working a bunch of cases at once and they don't have enough time to go on illegal fishing expeditions that wouldn't be admissible in court anyway.

        • You're right - if you just take the FBI at it's word. Why on Earth would you do that? As far as I can tell from that article, the reporter didn't even ask the ISP what happened, "because the FBI won't identify it". How convenient.

          You can chant "tinfoil hat" all you want. The FBI is the one which the evidence shows actually had a lot of spying that it wasn't entitled to. Let's see its evidence that it was the ISP before giving that agency any benefit of the doubt.
          • You're right - if you just take the FBI at it's word. Why on Earth would you do that?

            Because the FBI's story makes sense and yours doesn't. You seem to have forgotten to think it through. How did the EFF know to file a FOIA request for these specific files? (Remember that FOIA requests have to be very specific. If they too broad or fishing expeditions, they are not valid.) Simple, because the FBI reported the incident to the FISA court and the Oversight Committee. In other words, we know this took place because the FBI told us so -- and you seem to be taking the FBI at its word jus

            • No. I am not "convinced the FBI is doing nasty things", nor did I say so. What I said is that there's no evidence but what the FBI says happened. In similar recent cases, including abusing "National Security Letters", the FBI lied until it was forced to admit it had violated the law and its own procedures, even though either its victims didn't know they'd been damaged, or the entire operation was secret and punishable for violating secrecy. So there is no longer reason to take the FBI's word for it.

              One oth
    • by mikael ( 484 )
      Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the FBI is citing that totally ambiguous blame, but what is the real story?

      Some companies (like dyndns.org) allow people to manage their own DNS records for dynamically assigned IP addresses from cable networks. You basically choose a generic domain like
      • That is exactly why the 4th Amendment says "and particularly describing the place to be searched, and the persons or things to be seized." If the FBI got the scope wrong, the question is when. If it got it wrong after getting it right in the FISA warrant, then the FBI just violated the warrant, too. If the warrant asked for the larger scope, then the FISA Court that granted it violated the rights of the rest of those people (put up to it by the FBI). Which is why a secret court that's entitled to violate th
    • Re: (Score:2, Interesting)

      by Trick414 ( 1207098 )
      This doesn't appear to be a FISA letter, so the FBI didn't "tell" the ISP to do anything the court hadn't authorized. Ok, sue the ISP. For all the harm it did you. The FBI got some records it didn't request in a lawful court order and it told the organization it requested the records from. The FBI may or may not have read every single one of the emails that it got unlawfully, but until they try to prosecute someone on those records it is a non-event. There is no story here. I have been reading /. for
      • How do you know that the FBI didn't give the ISP a different scope to tap than the FISA Court authorized? There's no evidence of either the court order or the instructions to the ISP.

        You're just another coincidence theorist. Haven't you noticed what the FBI has been caught doing in this area already, despite the most secretive presidency in history? Don't you value your rights more than you value reading nerd tech porn?
        • I'd be willing to be believe that something like that was possible. But, not when the FBI is the one telling the world about it. I do value my rights, and I don't agree with everything this presidency has done. But that doesn't mean that every single little thing the goverment does is some kind of conspiracy or abuse. I don't know, I guess I'm just not seeing it the way you are. The FBI asked for X, they got X+Y, they told the supplier they got too much and gave it back. Big deal.
          • You don't know what the FBI asked for, but you're insisting they asked for less than they got. That's unreasonable.

            It's not true that "every single little thing the goverment does is some kind of conspiracy or abuse", but it's also true that there have been many abuses and coverups. Very specifically at the FBI while spying on domestic communications. This would be just one more example of something already proven. And the way you know that this is not an example of that is... the NY Times was told by the F
            • I also voted for Clinton in the 90's. I didn't agree with everything his administration did, either. But, you have me completely figured out, so I'm going to let this die. I admire your desire to not be politically correct and state your mind. There are such things as tact and class, though.
              • So what if you voted for Clinton? Like I said, you just want to be on the side that's winning. Voting for Bush/04 means you not only voted for Clinton for all the wrong reasons, but that you owe the rest of us who, tried to stop Bush every step of the way, a big apology. But the least you could do would be getting honest with yourself. At least in time for the November elections, because you really owe us not voting for another 4 years of Bush called "McCain".

                What you're calling "tact and class" is just den
  • What I want to know (Score:4, Interesting)

    by causality ( 777677 ) on Saturday February 16, 2008 @06:26PM (#22448692)

    A hundred or more accounts may have been accessed, rather than 'the lone e-mail address' that was approved by a secret intelligence court as part of a national security investigation.

    When I read this, I wasn't wondering how that happened, or what the nature of the "glitch" was, or how many accounts were accessed. What I was wondering is WHY THE FUCK DOES THE UNITED STATES HAVE A SECRET COURT OF ANY KIND?!?!. Yeah yeah, to protect the children, save the whales, stop the terrorists, keep you safe, "our intentions are pure and we're really a bunch of big-hearted individuals who care about your well-being" etc... I still don't know what is wrong with the assholes who actually believe this shit.

    And hell, I want to believe we have a good, honest government. The fact is, we don't. I don't understand what being in this level of denial is supposed to do to remedy the situation. There is a very good reason why the founding fathers intended for most of our interaction with government to come from the local and state level. The only thing the federal government can do that the state & local governments cannot do is resolve disputes between states, conduct foreign policy, regulate interstate trade, oh and it can slowly become a dictatorship too. Speaking of remedies, I'm betting that nothing will happen either to the FBI as an organization or to the individuals who made this "mistake", that at most they will receive a slap-on-the-wrist.
    • by nguy ( 1207026 ) on Saturday February 16, 2008 @06:40PM (#22448788)
      What I was wondering is WHY THE FUCK DOES THE UNITED STATES HAVE A SECRET COURT OF ANY KIND?!?!.

      This is not a "secret court" in the sense of a court that sends people to prison (the US has those, too, but they are still limited to the military and Guantanamo). Rather, it's a court that acts as an additional control for police and secret service actions.

      Such a "secret court" is a good thing, because it provides judicial review for actions that would otherwise not be subject to judicial review at all.
      • by achbed ( 97139 ) * <sd&achbed,org> on Saturday February 16, 2008 @07:03PM (#22448936) Homepage Journal
        Such a "secret court" is a good thing, because it provides the appearance of judicial review for actions that would otherwise not be subject to judicial review at all.

        Fixed that for you.

        Check out the denial records of that court since the 70s. That should tell you just how detailed the FISA rubber stamp looks at those warrant petitions.
        • Your comment is missing the point. I was simply explaining that it's reasonable to have this kind of court be secret because the GP was concerned about the existence of secret courts.

          Now, we can have a separate discussion about whether this secret court is working.

          Check out the denial records of that court since the 70s. That should tell you just how detailed the FISA rubber stamp looks at those warrant petitions.

          OK, well, note that there is a record, and that we can actually see whether the court is worki
  • by 3seas ( 184403 ) on Saturday February 16, 2008 @06:56PM (#22448886) Homepage Journal
    ... when you let it continue to happen.

    "But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: "It's inevitable that these things will happen. It's not weekly, but it's common."

    This falls into the area of cheating in a manner that an excuse can be used to "get away with it". This sort of cheating had been labeled "Neo-cheating" and is a form of dishonesty that is easy to apply and safe from proof.. "Oh it was just an honest mistake." Technology should not be an escape goat for such obvious deceptions.

    To give a simple example of a verification loop, when you sign up for a mailing list, messages boards, etc., in order to prevent spamming email accounts etc, there is a feedlack verification loop used. The point is, there are ways to prevent such spying "mistakes" from happening. And there should have already been such methods being applied as standard practice.

    The "it's not weekly but its common" is nothing but evidence of intent to cheat and to continue it.

    This "allowing deception" is similar electronic voting security failure vs. ATM financial security practices.

    Computer technology is not an excuse, but a way for dishonest human intent to hide behind technology excuses.

       
    • Re: (Score:1, Funny)

      by Anonymous Coward
      Escape goats, the Houdini of the animal kingdom...
    • No, you're very wrong.
      Reading the article, we learn that a lot of the mistakes come from third parties. Larger service providers are accustomed to this sort of thing, but smaller entities may never have done this sort of thing before. They have neither the equipment nor the experience. They may be working with new equipment sent to them that they don't really know how to use.
      Furthermore, translating the requirements of a warrant into a set of filtering rules is as error prone as writing any code, and diffic
  • The FBI hacked into an email service which happened to have the emails of one person they were investigating. Since in this type of attack you would simply hack into a service rather then the one account specifically, it gave access to the network.

    Since the code design is reused for every account it's not like they can ever control such a thing. While technically the internet is simply facilitating communication the run away effect of improvement of software should take place. This is happening but security
  • Whose e-mails? (Score:2, Insightful)

    by RealGrouchy ( 943109 )
    whose e-mail network was it that was revealed? Was it the NYT's network, or simply another one that they are reporting on?

    (TFAS is ambiguous, and TFA is behind a login screen.)

    Thanks,

    - RG>
    • by MLease ( 652529 )
      It was an "unnamed Internet provider" hosting a small email domain (also unnamed).

      -Mike

  • What we DON'T know (Score:4, Interesting)

    by Baraka ( 35968 ) <chrisw@@@iintech...com> on Saturday February 16, 2008 @08:50PM (#22449528) Homepage
    • which ISP was involved
    • how many individuals' accounts had their privacy compromised
    • how many messages were captured by the FBI's data vacuum cleaner
    • whether the messages were really destroyed or not (what does unspecified means mean?)
    • whether the FBI is even telling the truth or not
    • how many other times this kind of overproduction has occurred since 9/11

    The writer of this article, Eric Lichtblau, won a shared Pulitzer Prize for his work in exposing the illegal warrantless wiretapping program, authorized by the government and championed by the White House after 9/11. In fact, it was in existence even before 9/11, but that's another story entirely.

    This program supposedly expired just yesterday when congress let the clock run out on its dependent legislation. The problem here, clearly, is that it doesn't matter if this program is never renewed; overproduction of data under FISA will still happen all the time. That's the entire point of this article. There are no checks and balances. There is no accountability. There is NOTHING. Total secrecy and legal immunity are all but guaranteed for the perpetrators. Period.
  • Ok, seriously... (Score:2, Interesting)

    by cjb658 ( 1235986 )
    ...why do people still send sensitive email unencrypted?
  • I wonder how long before the government will require some sort of security clearance or background check on telecommunications workers and sysadmins on the basis that setting up these taps and email filters makes them privy to at least some of the details of who is being watched and why. What if any steps is the government taking to insure that the lowly sysadmin does not give the target of the investigation a heads up saying that they are being watched?
  • The lesson (Score:1, Troll)

    by jgoemat ( 565882 )
    This just goes to show that the FBI and other law enforcement agencies will do ANYTHING that they are allowed to do. Give them an inch and they'll take a mile. They will abuse the authority and law enforcement tools given to them until they are finally reigned in. Look how they are using tazers to tame nonviolent drunks. They are basically torturing our own citizens into submitting to 'authority' now. That is unacceptable to me. This is why we shouldn't have a national ID card. This is why the mislab
    • Re: (Score:1, Insightful)

      by Anonymous Coward
      WTF are you talking about? They requested email to be forwarded to them from one specific account, and the ISP accidentally forwarded the email to them from all accounts on the domain. This isn't like the ISP gave them access to their server room and the FBI went rummaging through other servers and accounts.

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...