Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Asks How Big Brother Is Watching The Internet

Posted by timothy on from the hey-little-brother-what's-that-in-your-mind? dept.

MacDork writes "The EFF filed a FOIA request yesterday with the FBI and other offices of the US DOJ regarding expanded powers granted by the USA PATRIOT Act. The EFF is making the request in an attempt to find out whether or not Section 216 is being used to monitor web browsing without a warrant. The DOJ has already stated they can collect email and IP addresses, but has not been forthcoming on the subject of URL addresses. It seems the EFF is seeking any documentation to confirm such activity is taking place. One can only hope the automated FOIA search doesn't produce any false negatives or cost the EFF $372,999."

4 of 354 comments (clear)

  1. Considerations by daveschroeder · · Score: 5, Informative

    Regarding the "false negatives" bit in the summary:

    The story is that an individual made an FOIA request to the FBI for some specific information.

    The FBI claimed that no such information was available.

    The claimant found out in the meantime that such information WAS available and had been previously provided by the FBI as the result of another FOIA request, and, as such, requested a court order the FBI to provide it again.

    The FBI is arguing that its search was reasonable within department regulations and guidelines, and that it cannot and should not be expected to always undercover every single possible document in response to every request. And documents being indexed electronically doesn't make it as easy as one might think: it's precisely because documents are indexed electronically that is creating the difficulty: the FBI is claiming, essentially, that it can't predict every possibly keyword it should associate with a document for search purposes, and therefore shouldn't be held accountable if it misses documents during a good-faith search.

    Whether or not the FBI was intentionally hiding OKBOMB memos, etc., is another story altogether.

    Additionally, the article summary is awfully pessimistic: we don't yet know how DOJ will respond to this request. Perhaps it itself hasn't determined whether or not it considers "URLs" to be subject to pen-trap regulations. Additionally, for those who didn't RTFA:

    At issue is PATRIOT Section 216, which expanded the government's authority to conduct surveillance in criminal investigations using pen registers or trap and trace devices ( "pen-traps" ). Pen-traps collect information about the numbers dialed on a telephone but do not record the actual content of phone conversations. Because of this limitation, court orders authorizing pen-trap surveillance are easy to get -- instead of having to show probable cause, the government need only certify relevance to its investigation. Also, the government never has to inform people that they are or were the subjects of pen-trap surveillance.

    Remember, pen-traps were already allowed before PATRIOT. At issue is what exactly PATRIOT's expansion to these provisions further allows. It clearly has been determined to allow email addresses and IP addresses. However, whose IP addresses? The suspect, or a host the suspect is visiting? It would seem clear to me that, virtual hosting aside, if the a target host's IP may be logged, and since DNS names, embodied here as "URLs" and IP are very obviously interrelated, again, virtual hosts aside, it seems this argument is somewhat of a smokescreen to force debate on whether or not pen-traps in general should be allowed.

    And since they were allowed before PATRIOT, the answer seems clear: if PATRIOT's expansions to the existing statues to accommodate new communications technologies were appropriate, all that's left is determining what exactly is included. And if "IP addresses" are included, which would logically include target hosts, it would seem that DNS names used to arrive at said IP addresses are intrinsic to the nature of their usage. So disagree with pen-traps if you want, but don't rant and rave about PATRIOT, because it's not about that (though many would desperately want you to think so).

  2. Re:Quibble... by Neil+Blender · · Score: 4, Informative

    Not quite. IP addresses will only give you slashdot.org. URL's can tell which stories you went to/posted to.

    And a single IP address can resolve to tens of thousands of hostnames/urls by using virtual hosts.

  3. Re:Quibble... by TheOriginalRevdoc · · Score: 5, Informative

    URLs contain several things.

    1. The protocol.
    2. The domain name.
    3. Port numbers.
    4. Page addresses.
    5. Data, such as login names, page parameters, and so on.

    The last item, in particular, has far greater scope than an IP address. It's much more like content; it can contain data that you provide for, say, addressing an email, or adjusting an account balance. (Just extemporising here. The actual usage varies enormously.)

    So no, URLs are very different to IP numbers.

  4. Re:Doesn't Matter by back_pages · · Score: 5, Informative
    You still stand a greater chance of dieing in a car crash or being shot by someone you know than getting killed in a terrorist attack.

    Man, that's HARDLY putting it into perspective.

    Death Stats

    An American is about FIFTEEN TIMES more likely to die of renal failure than terrorism. TEN TIMES more likely to be killed by a gun than die of terrorism. About four times more likely to die from falling (ahem, presumably this doesn't count falling off the WTC). An American is statistically more likely to drownd than die of terrorism, and yes that includes people living in the desert.

    If you're going to put it into perspective, use some hard evidence. ;)