Slashdot Mirror
EFF Asks How Big Brother Is Watching The Internet
MacDork writes "The EFF filed a FOIA request yesterday with the FBI and other offices of the US DOJ regarding expanded powers granted by the USA PATRIOT Act. The EFF is making the request in an attempt to find out whether or not Section 216 is being used to monitor web browsing without a warrant. The DOJ has already stated they can collect email and IP addresses, but has not been forthcoming on the subject of URL addresses. It seems the EFF is seeking any documentation to confirm such activity is taking place. One can only hope the automated FOIA search doesn't produce any false negatives or cost the EFF $372,999."
Always assume that they ARE.
-- I could tell right away that she was impressed with my HUGE Slashdot Karma.
I don't like the idea of them monitoring web browsing, URLs, content, etc, without essentially a "warrant". I also think ISPs should not store any sort of historical browsing information. The fact there is no response as to whether or not this occurs is also disconcerting, because not only are they probably doing it, but they don't even care if we know or not.
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
"EFF Asks How Big Brother is Watching the Internet"
By getting his little sister to do it.
...if all our monitors turned out to be "telescreens"?
The coolest voice ever.
Porn browsing.
My right to privacy. Seriousely. If the FBI suspects someone of terrorist activity, it shouldn't be hard to get a warrant to monitor their internet traffic.
It's the whole "those who are willingly to sacrifice freedom for security deserve niether" bit.
WWJD.... for a Klondike bar?
Whatever they get will likely be 80% redacted. How is that useful? How is that freedom of information? You ask for info and they black out much of the useful stuff.
NPR's On The Media program (aired yesterday in these parts), talked about ACLU requests in 2003 regarding Iraqi prisoner abuse (well before Abu Graib broke), and the docs they did receive -- after lengthy expensive lawsuits -- was mostly (80%) blacked out.
The EFF filed a FOIA request yesterday with the FBI and other offices of the US DOJ regarding expanded powers granted by the USA PATRIOT Act.
Dear EFF,
With regard to your surv^H^H^H^Hcustomer service (ref: EFF-KEYLGGR-SECRTRY), we're happy to preempt your request.
The automated reply to your inquiry is:
NO MATCH FOUND
We sincerely hope your request has been fulfilled. We stay at your disposition for further inquiry.
Regards,
Joe Snoop, Dept. of Homeland Security.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Regarding the "false negatives" bit in the summary:
The story is that an individual made an FOIA request to the FBI for some specific information.
The FBI claimed that no such information was available.
The claimant found out in the meantime that such information WAS available and had been previously provided by the FBI as the result of another FOIA request, and, as such, requested a court order the FBI to provide it again.
The FBI is arguing that its search was reasonable within department regulations and guidelines, and that it cannot and should not be expected to always undercover every single possible document in response to every request. And documents being indexed electronically doesn't make it as easy as one might think: it's precisely because documents are indexed electronically that is creating the difficulty: the FBI is claiming, essentially, that it can't predict every possibly keyword it should associate with a document for search purposes, and therefore shouldn't be held accountable if it misses documents during a good-faith search.
Whether or not the FBI was intentionally hiding OKBOMB memos, etc., is another story altogether.
Additionally, the article summary is awfully pessimistic: we don't yet know how DOJ will respond to this request. Perhaps it itself hasn't determined whether or not it considers "URLs" to be subject to pen-trap regulations. Additionally, for those who didn't RTFA:
At issue is PATRIOT Section 216, which expanded the government's authority to conduct surveillance in criminal investigations using pen registers or trap and trace devices ( "pen-traps" ). Pen-traps collect information about the numbers dialed on a telephone but do not record the actual content of phone conversations. Because of this limitation, court orders authorizing pen-trap surveillance are easy to get -- instead of having to show probable cause, the government need only certify relevance to its investigation. Also, the government never has to inform people that they are or were the subjects of pen-trap surveillance.
Remember, pen-traps were already allowed before PATRIOT. At issue is what exactly PATRIOT's expansion to these provisions further allows. It clearly has been determined to allow email addresses and IP addresses. However, whose IP addresses? The suspect, or a host the suspect is visiting? It would seem clear to me that, virtual hosting aside, if the a target host's IP may be logged, and since DNS names, embodied here as "URLs" and IP are very obviously interrelated, again, virtual hosts aside, it seems this argument is somewhat of a smokescreen to force debate on whether or not pen-traps in general should be allowed.
And since they were allowed before PATRIOT, the answer seems clear: if PATRIOT's expansions to the existing statues to accommodate new communications technologies were appropriate, all that's left is determining what exactly is included. And if "IP addresses" are included, which would logically include target hosts, it would seem that DNS names used to arrive at said IP addresses are intrinsic to the nature of their usage. So disagree with pen-traps if you want, but don't rant and rave about PATRIOT, because it's not about that (though many would desperately want you to think so).
If folks like you get killed then I'll take the porn.
"The first rule about USA PATRIOT ACT is you do not talk about USA PATRIOT ACT," if you will.
Not quite. IP addresses will only give you slashdot.org. URL's can tell which stories you went to/posted to.
Laws are horrible moral guides, moral guides make even worse laws.
... Have to say "Big Brother"? That just sounds like typical /. paranoia. Before you mod me, consider this: By its very nature the internet is insecure. Any email you send passes through and is temporarily stored on at least several computers before reaching its destination. It's not just "Big Brother" who's watching, it could be anyone with an interest in you, really. I'd say it's more likely that a corrupt server admin, or a large corporation is more likely to read your email than the goverment. In the end the answer is simple: Use any of the myriads of free encryption programs!
But that wasn't exactly filed yesterday. According to the EFF website it was filed on Jan. 14th
The difference between freedom and opression are the rights of privacy afforded to us as citizens. The idea that monitering could POTENTIALLY come up with valuable information in fighting terror is outweighed by the individual's right to maintain one's items private. I mean, if you can't even come close to a hit, is the cost of jeopardizing our freedoms worth it? Remember, under our government, even criminals have rights afforded to them that can not be revoked without due process.
If only preventing terrorism is all homeland security was about. The concern is not for the intended use, but the guaranteed misuse of power.
I wrote my uncle a letter yesterday. I used some nice stationary and envelopes from a shop in Bismarck. I asked him what he thought about the current administration, and if he could lend me his copy of a certain antisocial treatise. Unfortunately, the envelope did not have enough space for me to write a return address on the outside.
(Attention Carnivore, this post is intended as a joke, for the recipient only.)
Trying to use sarcasm in text-based forums does not work.
I think this is excellent. Even if they get nothing, I still think it's a step in the right direction. Let the people be aware of what's going on.
# fuser -v
#
Is that nearly every single packet that flows on the internet is routed through a facility in Virginia. At that facility, the print out each packet and examine it for illegal activity. They then copy the packet in triplicate, fax one copy to a vault in Colorado, and file the rest in the file of whoever originated the packet. Interesting or suspicious packets are emailed to the CIA and occasionally to the Mosad for further examination.
Its servers and clients are connected to others around the world. How people decided to do credit-card commerce there is still beyond me, however revolutionary or secure it is now. While there are fair uses of information and rights to privacy, "Internet privacy" still feels like an oxymoron, and technology like quantum computers may soon crack encryption like SSL, so I'm doubting we can stay private for very long. (Please correct me if SSL/other forms of "https" can never be cracked.)
You can hold down the "B" button for continuous firing.
Terrorist Attack? Put this in perspective. As a symbol and a demonstration of the relative laxity of certain aspects of the American security net 9/11 was devastating. But statistically 2,000 people is fewer than we lose on a monthly basis to car accidents. If there's one thing that past governments have demonstrated (not to invoke Godwin or anything) it's that if you give them the power, they will take it, and hang responsible use *cough*McCarthy*cough*. The more America lets itself quietly give up civil liberties--particularly on the domain of the internet, where the only parties with a vested interest in covering their activites for the sake of a conspiracy will find relatively easy ways around surveillance, the more this country ceases to be worth living in. Who wants absolute security at the expense of being arrested and helf without charges indefinitely? (which is now legally feasible at the government's discretion. Taking reasonable precautions in the name of security is common sense, but with the best military in the world and more security legislation than is healthy already passed, this is nothing we need, not now, not ever. I'd rather sacrifice the perceived security bonus and instead continue to live in a country worth ilving in with unrestriced access to a venue whose primary purpose is free discourse--exactly what the First Amendment is meant to protect.
Oddly enough, EFF wants a govenment/entertainment industry agency to monitor network traffic when it comes to compensating authors for filesharing.
Here's what I do: Bitty Browser & Andromeda
Not quite. IP addresses will only give you slashdot.org. URL's can tell which stories you went to/posted to.
And a single IP address can resolve to tens of thousands of hostnames/urls by using virtual hosts.
I go to the terrorist/arabic sites then use Ajeeb (http://english.ajeeb.com/) to learn what they are saying about us. I don't want the government talking this in the wrong light. I should not have to worry at all.
URLs contain several things.
1. The protocol.
2. The domain name.
3. Port numbers.
4. Page addresses.
5. Data, such as login names, page parameters, and so on.
The last item, in particular, has far greater scope than an IP address. It's much more like content; it can contain data that you provide for, say, addressing an email, or adjusting an account balance. (Just extemporising here. The actual usage varies enormously.)
So no, URLs are very different to IP numbers.
For those of you that missed it the other day, some guy was arrested because of his buying habits at the grocery store - tracked by his frequent flyer card (or whatever they call them - I don't use em) from the same store.
Evidently months ago he bought the same kind of lighter fluid that was used to light his own house on fire with his wife and kids inside. He was pretty much going to 'pound me in the ass prison' until someone else 'fessed up to lighting the fire (the family didn't get hurt in the fire, IIRC.)
If you think for 60 seconds you aren't being watched - ask that guy.
Glonoinha the MebiByte Slayer
Don't you love your country son? Do you want our brave soldiers to die? What religon are you?
Don't worry about that last question, we know the answer. We'll be at your house about 10 minutes after you get home from work.
And seriously, you should be getting back to work. You owe it to your employer, and to help the economy, which prevents terrorism!
See you soon flewp.
--The Man
What are we going to do tonight Brain?
We can see you through your monitors. You have mussed up hair, thick glasses, and no girlfriend. You are currently picking your nose thinking that nobody can see you.
You self gratify in front of your computer at least 3 times per week.
And now you are looking at the back of your monitor to see how we did it....
>> And a single IP address can resolve to tens of thousands of hostnames/urls by using virtual hosts.
Let's not forget dynamic DNS entries. One website, many IPs.
Are the waters muddy enough yet?
http://request-header.info
"i wasn't the intended recipient, but i was still amused by your homophonia."
I didn't see anything in his post about not liking gay people; are you sure?
Ce n'est pas un vrai mouvement de robot!
If 49% had tried to make a difference, who did they vote for?
/frank
As has been pointed out multiple times, in the grand scheme of things the difference between R's and D's is miniscule in this country. BOTH parties believe in bigger government, BOTH parties believe in more control over the lives of citizens, BOTH parties are willing to sell you down the river in a heartbeat.
If 49% had tried to make a difference, they would have brought in new voices to the political scene.
And the worms ate into his brain.
Someone at FBI watching ...
Joe#23153445 : URL http://www.*censored*.com
FBI guy : Great p0rn!
Joe#23153445 : URL http://www.*censored*.com
FBI guy : Damn, that user got tastes!
Joe#23153445 : URL http://www.*censored*.com
FBI guy to others FBI agents : I will keep watching user Joe#23153445 for a while, his activities seem suspecious. I will need extreme concentration, you can dismiss now.
Terrorism is a real threat.
You still stand a greater chance of dieing in a car crash or being shot by someone you know than getting killed in a terrorist attack.
Terrorism does *NOT* justify the abridgement of civil rights. *NOTHING* justifies the abridgement of civil rights.
Microsoft is to software what Budweiser is to beer.
Why doesn't someone set up a "honey pot" that automatically trolled through the nastiest of the nasty of the various "terrorist" web sites, and see what happens?
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
The internet is a very big space...
There are millions of "transactions" going on every second
If someone wants to listen to YOU specifically, they need to know you exist...
Carnivore is dead, but what good was it anyway? With anon servers, and other tricks, like encryption, and attachments, how could they even know what is going on?
So, if the FBI or anyone takes an interest in YOU it is because you came to be on their radar in some way...either by visiting a suspected web site, or sending e-mail to a suspect...then, you are in their scope...
What is the moral of the story?
Stay out of their radar...
--E--
I found the CBS link, where the FBI was unable to find documents that were previously released under FOIA, particularly troubling. Either there is a direct effort to render FOIA useless, or, perhaps more likely, that the FBI's computer systems are just incapable of managing even the most basic intelligence queries.
link, second source
From the NYT article:
Federal authorities made a total of 1,727 applications last year before the Foreign Intelligence Surveillance Court, the secret panel that oversees the country's most delicate terrorism and espionage investigations, according to the new data.
The total represents an increase of about 500 warrant applications over 2002 and a doubling of the applications since 2001, the Justice Department said in its report, which was submitted to the federal courts and to Vice President Dick Cheney as required by law.
All but three of applications for electronic surveillance and physical searches of suspects were approved in whole or part by the court....
The F.B.I. told the commission that "there is now less hesitancy" in seeking the intelligence warrants, the report said. Nonetheless, it added, "requests for such approvals are overwhelming the ability of the system to process them and to conduct the surveillance."
I don't remember exactly what the number of warrants requested were before sept 11th, but I know it was very few. 1,727 is a lot of warrants - more than the number killed in Iraq. To put that in perspective, if you know of somebody killed in Iraq, you are more likely to know somebody whom the FBI is watching.
Yes, because only by monitoring everyone's porn browsing can we stop terrorists. But you raise a good point! So along the same lines, I have a question of my own.
Which is more important:
Not being raped by a herd of goats
or
The lives of thousands or even millions of Americans that could be slaughtered in a terrorist attack?
Obviously the later is more important. So down on all fours, bucko. No, no, too late to protest now. We have to Fight Terror!
The enemies of Democracy are
Something else to keep in mind, most people don't have "Leave It To Beaver" perfect lives. Blackmail is particularly powerful weapon used to silence people; Ad Hominem attacks are excellent protection from scrutiny when framed as "credibility" or "character" issues. It is a supremely valueable political weapon to know all of your opponent's weaknesses without having to expose any of your own.
If a terrorist attack occurs killing millions of people, the people would have been wise to reflect upon their actions. What suffering they must have caused to fuel such an attack.
Facing the idea that Terrorism is just an artifact of the way global politics are handled will be tough for America. Given a seat at the negotiating table, and an honest ear to hear their side, who would choose terror ?
Taking away my freedom will not change global politics, and will not reduce the root causes of terrorism.
{sigh} yes, but government has a way of ... simplifying things. They're not always rational, not always well-informed, and the resulting torrent of illogic usually gets someone screwed over bigtime. Trust me, when the goverment gets through with it the waters will be very clear. Not accurate, by any means ... but clear. If you know what I mean.
The higher the technology, the sharper that two-edged sword.
...what are your chances of being threatened, blackmailed or falsly accused of a crime based on evidence gathered from your web browsing...I would guess pretty low. Now, lets have a look at some other statistics:
Chances of a child dying in a third world country before you finish reading this post: 100%
Chances of corporations being allowed to pump shit into the atmosphere until everyone with beach front property ends up having a really bad century: 100%
Chance of a really imporant species becoming extinct for no other reason than to increase shareholder value before the end of today: 100%
Chance that Monsanto is not telling us the 'whole truth' when it comes to genetically modified food (they've done it before guys): very freakin high
etc etc
Not trying to knock peoples beliefs here, but seriously...for sheer return on investment, isn't there a bunch more useful things to get angry about?
There are some real threats to this world, generally, your government is too stupid/apathetic/disorganized to be one of them.
Think about the massive amount of data that would be (or is being for the paranoid) collected if everyone, everywhere's internet activity is monitored. How would this be stored, and more to the point, searched through in a statistically useful way? Far more effective is the threat of constant surveilance. People keep themselves in line when there's a possibility they're being watched, but they don't know if they are or not. In general, obviously. This is known as Panopticism [geneseo.edu].
the internet was -never- free, nor -ever- safe from big brother. its pretty ludicrous that we're 'fighting for the Net', when in fact it was the 'net info apparat which gave Big Brother the leg-up it needed in the first place
the big question is this
every computer in existence is prime target for a 'highly sensitive orbiting equipment platform' or two (interferometry) thats been launched 'in the name of NSA^H^H^Hnational security' in the last 15 years or so
now *that* is some tin-foil the EFF should be un-rolling, yo. seriously. its legit.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
[sigh] Yes.
While I'm at it, shall I look up pedantic, obtuse, and naive for you?
See, there's this thing called humor, and it isn't always accompanied by the use of numbers as letters... I'm sorry that you didn't get it, but if I'd just said "LOLOLO!!!11!!! homophonia 50u|\|d5 1ik3 |-|0m0p|-|0bi4 !!!11!!!" it just wouldn't have been funny AT ALL.
But I appreciate the effort. It's nice to see the new folks chiming in around here.
Ce n'est pas un vrai mouvement de robot!
Does this mean they can also read any information we post on forms that use the GET method instead of POST? Since GET encodes the form information in the URL, by recording these URL's that would be the same as tapping a phone conversation.
A while ago, I saw a TV show which suggested that George W. Bush has ...eviscerated the Presidential Records Act and FOIA... for "national security" reasons?
Can anyone substantiate this argument? If so, how can an act that is used at least two million times a year be killed without any outcry from the public?
Where I live, there has been much debate about using (any) software product or service offered by a U.S. company, for fear that (without notice) the company would turn over confidential information about private citizens to the US government. The Patriot Act insists that they not divulge that they have done this, even though what they are doing is clearly illegal (here). As a result, all American software and services are now being put under scrutiny. Vendor access to private data has become restricted. If support without access is not possible, then the software (and vendor) are no longer required.
The Bush junta has recently replaced the head of NARA (National Archives and Records Administration). The new director will be in office at a time when the records from Bush's father are scheduled to be subject to the Presidential Records Act (PRA) and could be opened. Other areas which can be affected are, obviously, the 2000 election scandal, the events (misdeeds) permitting the Sept 11 2001 attack, the controversy about the decision to attack Iraq and, last but not least, irregularities regarding the 2004 election.
The new director will also oversee the Electronic Records Management e-government and the Electronic Records Archives projects. Note that electronic records, unlike paper, go away by default unless timely, correct, and proactive action is planned and taken.
Now there are many different views on those controversial topics, but getting the relevant government records into the light of day is about the only democratic way to resolve those questions.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
And yes, I do expect a warrant before they go prying into my traffic if it never touches government servers.
I never said the government should be able to take traffic willy nilly from servers owned by non-government entities.
My point is, YOUR INTERNET TRAFFIC IS NOT PRIVATE.
I expect a warrant before they go prying into my mail, too, even though it goes through several government offices prior to reaching my home.
Then I've got a ballbuster for you -- if your illegal activity is printed on a postcard, or is noticeable from outside the sealed letter (say, a computer has detected anthrax in your envelope), they don't need a warrant to come and get you. In many cases, you've also committed a FEDERAL crime because you used the USPS to send that illegal material.
You can't expect privacy in a public arena. Internet traffic is public. If you want privacy, use your own network or encrypt your traffic.
Encryption is like putting on clothes rather than walking around with your naughty bits in plain site.
Ironically, the word ironically is often used incorrectly.
I can run a 6400000-bit encrypted stream between site A and site B, but if I am financially attached to one of the nodes they will get the information they are looking for. This isn't about reading text as it flows through a router, it is about noting where a suspect communicates, how often, at what times, etc. Perhaps then expanding the search to other users of that location, as warrants are not needed for execution.
This does an end-run around encryption. Hence the "Big Brother" aspect.
Together, we will drive the rats from the tundra.
The technology is already there. It is still experimental or beta, but the more people support it, the faster it will grow mature.
Tor: An anonymous Internet communication system
-silence
Dyslectics of the world, untie!
there are quite a few threads under this story about civil rights in the usa and their abridgement since 9/11.
remember when it happened? the immediate consensus afterward was that we needed to carry on with our lives as before, or else "the terrorists would have won." we couldn't allow them to cow us, by god!
but, after all, we did change the way we live, with all this "homeland security" and "USA-PATRIOT" and guantanamo and abu ghraib and all the other abridgements of civil and human rights... the sad truth is that, thanks to the current administration, "the terrorists" did win...
i leave you with this quote from louis brandeis:
"experience teaches us to be most on our guard to protect liberty when the government's purpose is beneficent. men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. the greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding."
if i'm a grammar nazi, you're an illiteracy nazi.
Always Encrypt, shred, proxy, etc.
If you do it always , then all activity seems to have the same sensitivity.
If you do it sometimes , then those few times stand out sorely.
That's one of the biggest reasons why you should show your parents, siblings, aunts, uncles, grandparents, neighbors, etc., how to use PGP or x509. That way all traffic looks the same.
But is it really possible to surf anonymously?
You have to trust the proxy you're using, and nowadays a Fed could just as easily subpoena the proxy logs (or maybe get that without a Judge's involvement as the article suggests). About the only thing you could really do would be to proxy-hop from one proxy to the next, routing all traffic through umpteen (yes umpteen) proxies-- thereby making it difficult to track down the traffic. But who really has the time and bandwidth for that?