Slashdot Mirror


Passive E-Mail Monitoring Leads To Arrest

www.2advanced.net writes "The world's first arrest resulting from passive monitoring of electronic communications is being reported by Globe Technology. In the article, sources reveal that 'an e-mail message intercepted by NSA spies precipitated a massive investigation by intelligence officials in several countries that culminated in the arrest of nine men in Britain and one in suburban Orleans, Ont. -- 24-year-old software developer Mohammed Momin Khawaja, who has since been charged with facilitating a terrorist act and being part of a terrorist group.'"

3 of 921 comments (clear)

  1. Before putting on your tinfoil hat... by dmoore · · Score: 5, Informative

    I know this story is probably going to get a lot of people riled up. However, it is still my understanding that the NSA goes to great pains to avoid intercepting any communication that comes from a U.S. citizen. They are strictly prohibited from doing so.

    If you are a U.S. citizen, your main privacy concerns should be with the FBI and the DoJ with their powers granted by the Patriot Act.

  2. Re:Sigh by hazem · · Score: 5, Informative

    Actually... it has apparently been declassified:

    From http://www.interesting-people.org/archives/interes ting-people/200110/msg00157.html

    Out of curiosity I went hunting for info on the United States Signals
    Intelligence Directives (USSIDs) I had to be aware of in a former line of work.

    Much to my surprise, USSID 18, which outlines procedures for the NSA's
    collection of data on "U.S. persons" was declassified just over a year ago.

    I thought the document might be of interest to IPers, especially at this time.

    An introduction, and links to the archives can be found at:

    http://cipherwar.com/news/00/nsa_surveillance.htm

    (From the site above:)

    In the aftermath of revelations in the 1970s about NSA interception of the
    communications of anti-war and other political activists new procedures
    were established governing the interception of communications involving
    Americans. The version of USSID 18 currently in force was issued in July
    1993 and "prescribes policies and procedures and assigns responsibilities
    to ensure that the missions and functions of the United States SIGINT
    System (USSS) are conducted in a manner that safeguards the constitutional
    rights of U.S. persons."

    (And a bit from USSID 18, itself - any errors in transcription are my fault:)

    SECTION 1 - PREFACE

    1.1. (U) The Fourth Amendment ot the Unites States Constitution protects
    all U.S. persons anywhere in the world and all persons within the United
    States from unreasonable searches and seizures by any person or agency
    acting on behalf of the U.S. Government. The Supreme Court has ruled that
    the interception of electronic communications is a search and seizure
    within the meaning of the Fourth Amendment. It is therefore mandatory that
    signals intelligence (SIGINT) operations be conducted pursuant to
    procedures which meet the reasonableness requirements of the fourth
    amendment.

    1.2. (U) In determining whether United States SIGING System (USSS)
    operations are "reasonable," it is necessary to balance the U.S.
    Government's need for foreign intelligence information and the privacy
    interests of persons protected by the Fourth Amendment. Striking that
    balance has consumed much time and effort by all branches of the United
    States Government. The results of that effort are reflected in the
    references listed in Section 2 below. Together, these references require
    the minimization of U.S. person information collected, processed, retained
    or disseminated by the USSS. The purpose of this document is to implement
    these minimization requirements.

    1.3. (U) Several themes run throughout this USSID. The most important is
    that intelligence operation and the protection of constitutional rights are
    not incompatible. It is not necessary to deny legitimate foreign
    intelligence collection or suppress legitimate foreign intelligence
    information to protect the Fourth Amendment rights of U.S. Persons.

    1.4. (U) Finally, these minimization procedures implement the
    constitutional principle of "reasonableness" by giving different categories
    of individuals and entities different levels of protection. These levels
    range from the stringent protection accorded U.S. citizens and permanent
    resident aliens in the United States to provisions relating to foreign
    diplomats in the U.S. These differences reflect yet another main theme of
    these procedures, that is, that the focus of all foreign intelligence
    operation is on foreign entities and persons.

  3. Re:Somebody forgot to use encryption! by javatips · · Score: 5, Informative

    With the state of current encryption systems, it is very unlikely... The best approach to break encryption is by breaking the weakest link in the protocol, not the encryption algorithm.

    Once they suspect illegal activities and start an investigation, there is a lot of way to access the plain text without having to break the encryption algorithm. One easy way, is to break into the target computer and install a key logger. This requires a lot less efforts.

    Note that to suspect illegal activities, they can just do some traffic analysis. If they find some pattern (an e-mail is sent from A in CA to B in the UK, then shortly after another e-mail is sent from B in the UK to C in Pakistan, then you have the same path in reverse and the pattern repeat a lot) that trigger their alert, they will monitor A, B and C a little more closely and dig a little deeper to see if it looks suspucious enough for an investigation. Then they start to do active spying and they build their case.

    The passive monitoring in that case does not requires an breaking of encryption... it does not even requires to know the plaintext (if the traffic is encrypted).