Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Asks How Big Brother Is Watching The Internet

Posted by timothy on from the hey-little-brother-what's-that-in-your-mind? dept.

MacDork writes "The EFF filed a FOIA request yesterday with the FBI and other offices of the US DOJ regarding expanded powers granted by the USA PATRIOT Act. The EFF is making the request in an attempt to find out whether or not Section 216 is being used to monitor web browsing without a warrant. The DOJ has already stated they can collect email and IP addresses, but has not been forthcoming on the subject of URL addresses. It seems the EFF is seeking any documentation to confirm such activity is taking place. One can only hope the automated FOIA search doesn't produce any false negatives or cost the EFF $372,999."

15 of 354 comments (clear)

  1. Creepy stuff by dj42 · · Score: 5, Insightful

    I don't like the idea of them monitoring web browsing, URLs, content, etc, without essentially a "warrant". I also think ISPs should not store any sort of historical browsing information. The fact there is no response as to whether or not this occurs is also disconcerting, because not only are they probably doing it, but they don't even care if we know or not.

    --
    We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
    1. Re:Creepy stuff by Seigen · · Score: 5, Insightful

      I agree, but unfortunately since 9/11 the american government is growing more and more corrupt. The very fact that our government goes out of its way to find ways around its own rules like imprisoning people in foreign countries to get around any rights they might have adequately demonstrates this. It seems that right or wrong has almost gone out of fashion. If you can spin your arguments such that the public buys them, even if they are lies, then you win. A warrant should be required. FOIA inquires that are won in court shouldn't be returned without the information content redacted. To a very great extent the workings of our government need to become less secretive lest we lose the freedoms we cherish.

    2. Re:Creepy stuff by Martin+Blank · · Score: 5, Insightful

      A 13yr old with a camcorder can also set it up in the bushes to look inside your home and watch what you're doing. This doesn't mean the FBI shouldn't be required to get a warrant to do the same.

      In the same realm, just because they can sniff the network traffic doesn't mean that they should. They have to get a warrant to tap your phone, and they should have to do the same to tap your IM conversations, e-mail correspondence, and web history.

      Just because they can do something doesn't mean they should be able to without restrictions.

      --
      You can never go home again... but I guess you can shop there.
  2. Re:Which is more important? by flewp · · Score: 5, Insightful

    My right to privacy. Seriousely. If the FBI suspects someone of terrorist activity, it shouldn't be hard to get a warrant to monitor their internet traffic.

    It's the whole "those who are willingly to sacrifice freedom for security deserve niether" bit.

    --
    WWJD.... for a Klondike bar?
  3. Funny, the EFF got the reply already! by Rosco+P.+Coltrane · · Score: 5, Funny

    The EFF filed a FOIA request yesterday with the FBI and other offices of the US DOJ regarding expanded powers granted by the USA PATRIOT Act.

    Dear EFF,

    With regard to your surv^H^H^H^Hcustomer service (ref: EFF-KEYLGGR-SECRTRY), we're happy to preempt your request.

    The automated reply to your inquiry is:

    NO MATCH FOUND

    We sincerely hope your request has been fulfilled. We stay at your disposition for further inquiry.

    Regards,

    Joe Snoop, Dept. of Homeland Security.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  4. Considerations by daveschroeder · · Score: 5, Informative

    Regarding the "false negatives" bit in the summary:

    The story is that an individual made an FOIA request to the FBI for some specific information.

    The FBI claimed that no such information was available.

    The claimant found out in the meantime that such information WAS available and had been previously provided by the FBI as the result of another FOIA request, and, as such, requested a court order the FBI to provide it again.

    The FBI is arguing that its search was reasonable within department regulations and guidelines, and that it cannot and should not be expected to always undercover every single possible document in response to every request. And documents being indexed electronically doesn't make it as easy as one might think: it's precisely because documents are indexed electronically that is creating the difficulty: the FBI is claiming, essentially, that it can't predict every possibly keyword it should associate with a document for search purposes, and therefore shouldn't be held accountable if it misses documents during a good-faith search.

    Whether or not the FBI was intentionally hiding OKBOMB memos, etc., is another story altogether.

    Additionally, the article summary is awfully pessimistic: we don't yet know how DOJ will respond to this request. Perhaps it itself hasn't determined whether or not it considers "URLs" to be subject to pen-trap regulations. Additionally, for those who didn't RTFA:

    At issue is PATRIOT Section 216, which expanded the government's authority to conduct surveillance in criminal investigations using pen registers or trap and trace devices ( "pen-traps" ). Pen-traps collect information about the numbers dialed on a telephone but do not record the actual content of phone conversations. Because of this limitation, court orders authorizing pen-trap surveillance are easy to get -- instead of having to show probable cause, the government need only certify relevance to its investigation. Also, the government never has to inform people that they are or were the subjects of pen-trap surveillance.

    Remember, pen-traps were already allowed before PATRIOT. At issue is what exactly PATRIOT's expansion to these provisions further allows. It clearly has been determined to allow email addresses and IP addresses. However, whose IP addresses? The suspect, or a host the suspect is visiting? It would seem clear to me that, virtual hosting aside, if the a target host's IP may be logged, and since DNS names, embodied here as "URLs" and IP are very obviously interrelated, again, virtual hosts aside, it seems this argument is somewhat of a smokescreen to force debate on whether or not pen-traps in general should be allowed.

    And since they were allowed before PATRIOT, the answer seems clear: if PATRIOT's expansions to the existing statues to accommodate new communications technologies were appropriate, all that's left is determining what exactly is included. And if "IP addresses" are included, which would logically include target hosts, it would seem that DNS names used to arrive at said IP addresses are intrinsic to the nature of their usage. So disagree with pen-traps if you want, but don't rant and rave about PATRIOT, because it's not about that (though many would desperately want you to think so).

    1. Re:Considerations by Daniel+Boisvert · · Score: 5, Interesting

      People don't understand how the FOIA works. I work for a quasi-public agency which occasionally receives FOI requests. We respond to FOI requests as fast as we possibly can (we generally turn them around on the order of days, not weeks, from what I hear).

      The issue is that people think that because they pay taxes, they should be able to get any document they want without paying anything extra. They'll call asking for "All documents related to X, Y, and Z.". Ignoring for the moment that FOI requests have to be in writing, that could amount to stacks of boxes worth of documents. They look at a potential bill of hundreds or thousands of dollars, and wonder how it could possibly cost so much.

      There are a few things that cost money here:

      1) Copying fees
      Somebody's got to copy all those documents. Whether we have them onsite and one of our folks has to do it or we have to pay for outside counsel to do it (We pay attorneys' rates to our counsel, and you will reimburse us for that :), somebody's going to spend a bunch of time at the photocopier in order to fulfil your request.

      2) Transport fees
      If the documents you want are offsite, you're going to have to pay for a truck to fetch them. If we've got a truck coming from offsite storage anyhow, your documents can generally ride for no extra charge.

      3) Time to find what you want
      We don't have every document magically indexed so a minimum wage intern can find anything you can possibly want. Your request will have to go to our human SQL engines. These people are amazing, know a ton, and cost money. They've been working for us for a long time, and are very busy. If they can fit your request into their normal workflow, great, but if not, you're going to have to pay extra for their time.

      We don't price-gouge folks on these things. It's important for people to realise that FOI requests cost agencies money, and we will pass on whatever charges we incur to the requester. Many people decide that they really don't want as many documents as they thought--or any at all--once they realise it'll cost them money.

      I'm not trying to discourage people from making FOI requests. I think it's important for people to know what their government is doing on their behalf. What I'm trying to say is that if you ask for all documents related to X, Y, and Z, and that comes to a few million pages, be prepared to get precisely what you asked for--and to pay for it. :)

      Also, as much as we'd like for our human SQL engines to be infallible and be able to recall every document related to anything you could possibly want, it is possible we'll miss something. We don't intentionally withhold stuff you've requested. In fact, we will give you -precisely- what you've requested, so it's a very good idea to phrase your request carefully, so as to avoid a huge bill and a mountain of paper you don't want. We generally warn you if you request a mountain of data and sound like you're expecting 20 pages, but if you insist you want everything, you will get it. I don't know whether the FBI or the DOJ withholds data, but I'm pretty sure it's against policy and anybody caught doing so will be suitably reamed.

      It's easy to get pissed off at a huge faceless agency and assume they're holding out on you because they're The Man and you're onto them. It may just be that the person who was tasked with your FOI request really truly couldn't find anything. Government agencies are staffed by humans, too.

  5. Why does the title... by Anonymous Coward · · Score: 5, Insightful

    ... Have to say "Big Brother"? That just sounds like typical /. paranoia. Before you mod me, consider this: By its very nature the internet is insecure. Any email you send passes through and is temporarily stored on at least several computers before reaching its destination. It's not just "Big Brother" who's watching, it could be anyone with an interest in you, really. I'd say it's more likely that a corrupt server admin, or a large corporation is more likely to read your email than the goverment. In the end the answer is simple: Use any of the myriads of free encryption programs!

  6. Re:Which is more important? by comm3c · · Score: 5, Insightful

    The difference between freedom and opression are the rights of privacy afforded to us as citizens. The idea that monitering could POTENTIALLY come up with valuable information in fighting terror is outweighed by the individual's right to maintain one's items private. I mean, if you can't even come close to a hit, is the cost of jeopardizing our freedoms worth it? Remember, under our government, even criminals have rights afforded to them that can not be revoked without due process.

  7. What you don't realize by Anonymous Coward · · Score: 5, Funny

    Is that nearly every single packet that flows on the internet is routed through a facility in Virginia. At that facility, the print out each packet and examine it for illegal activity. They then copy the packet in triplicate, fax one copy to a vault in Colorado, and file the rest in the file of whoever originated the packet. Interesting or suspicious packets are emailed to the CIA and occasionally to the Mosad for further examination.

  8. Re:Which is more important? by SparksMcGee · · Score: 5, Insightful

    Terrorist Attack? Put this in perspective. As a symbol and a demonstration of the relative laxity of certain aspects of the American security net 9/11 was devastating. But statistically 2,000 people is fewer than we lose on a monthly basis to car accidents. If there's one thing that past governments have demonstrated (not to invoke Godwin or anything) it's that if you give them the power, they will take it, and hang responsible use *cough*McCarthy*cough*. The more America lets itself quietly give up civil liberties--particularly on the domain of the internet, where the only parties with a vested interest in covering their activites for the sake of a conspiracy will find relatively easy ways around surveillance, the more this country ceases to be worth living in. Who wants absolute security at the expense of being arrested and helf without charges indefinitely? (which is now legally feasible at the government's discretion. Taking reasonable precautions in the name of security is common sense, but with the best military in the world and more security legislation than is healthy already passed, this is nothing we need, not now, not ever. I'd rather sacrifice the perceived security bonus and instead continue to live in a country worth ilving in with unrestriced access to a venue whose primary purpose is free discourse--exactly what the First Amendment is meant to protect.

  9. Re:Quibble... by TheOriginalRevdoc · · Score: 5, Informative

    URLs contain several things.

    1. The protocol.
    2. The domain name.
    3. Port numbers.
    4. Page addresses.
    5. Data, such as login names, page parameters, and so on.

    The last item, in particular, has far greater scope than an IP address. It's much more like content; it can contain data that you provide for, say, addressing an email, or adjusting an account balance. (Just extemporising here. The actual usage varies enormously.)

    So no, URLs are very different to IP numbers.

  10. How's this for evidence by Anonymous Coward · · Score: 5, Funny

    We can see you through your monitors. You have mussed up hair, thick glasses, and no girlfriend. You are currently picking your nose thinking that nobody can see you.

    You self gratify in front of your computer at least 3 times per week.

    And now you are looking at the back of your monitor to see how we did it....

  11. Doesn't Matter by Tony · · Score: 5, Insightful

    Terrorism is a real threat.

    You still stand a greater chance of dieing in a car crash or being shot by someone you know than getting killed in a terrorist attack.

    Terrorism does *NOT* justify the abridgement of civil rights. *NOTHING* justifies the abridgement of civil rights.

    --
    Microsoft is to software what Budweiser is to beer.
    1. Re:Doesn't Matter by back_pages · · Score: 5, Informative
      You still stand a greater chance of dieing in a car crash or being shot by someone you know than getting killed in a terrorist attack.

      Man, that's HARDLY putting it into perspective.

      Death Stats

      An American is about FIFTEEN TIMES more likely to die of renal failure than terrorism. TEN TIMES more likely to be killed by a gun than die of terrorism. About four times more likely to die from falling (ahem, presumably this doesn't count falling off the WTC). An American is statistically more likely to drownd than die of terrorism, and yes that includes people living in the desert.

      If you're going to put it into perspective, use some hard evidence. ;)