FBI Accidentally Received Unauthorized E-Mail Access

AmishElvis writes "The New York Times reports that 'glitch' gave the F.B.I. access to the e-mail messages from an entire computer network. A hundred or more accounts may have been accessed, rather than 'the lone e-mail address' that was approved by a secret intelligence court as part of a national security investigation. The episode was disclosed as part of a new batch of internal documents that the F.B.I. turned over to the Electronic Frontier Foundation, as part of a Freedom of Information Act lawsuit the group has brought."

FISA court: whatcouldpossiblygowrong

[davidwr]

Oh wait too late.

Better cover it up.

Oops, we botched that too.

Unauthorized in today's world?

[russlar]

Can any kind government access be considered unauthorized anymore? There have been so many executive orders, bending of laws, etc. that just about every form of government access to information is authorized by something.

Re:Unauthorized in today's world?

[fishbowl]

"There have been so many executive orders, bending of laws, etc. that just about every form of government access to information is authorized by something."

Sounds fine on Slashdot, alt.politics groups, or black helicopter chat, but in reality you can't even try to go in with that position as a prosecutor. Even a conservative judge will hand you your ass.

Re:Unauthorized in today's world?

[Original+Replica]

just about every form of government access to information is authorized by something.

I think what the GP meant was that there would be some sort of quasi-official authorization. Along the lines of making all of the evidence classified beyond the judges level to ever see the it, or some kind of DHS gag order + infinite postponement of the trial. Simply a classified letter from an FBI big telling the prosecutor or judge not to pursue the matter any further might work just fine. The is a fair amount of risk in challenging it, a risk many people would not like to take. I'm sure there are ways for the security portions of the government to be technically "cooperating" but never actually have to really answer to a judge. There are parallels to this kind of behavior where the politically powerful simply refuse to comply with the law and seem to be getting away with it.

Trust the FBI?

[Frosty+Piss]

So they "accidentally" gained access to more than what they where supposed to? Aren't we supposed to be able to TRUST them to stick to what they where authorized to access even if they "accidentally" gained greater access? If we can't trust the FBI, who can we trust?

Re:Trust the FBI?

[LilGuy]

In my previous job I accidentally granted myself access as a domain administrator, not believing it would be so incredibly easy to do. That was grounds for firing, though they hung on to me, after I showed them I could also reset the passwords for anyone in the company using their in-house password utility.

The FBI will have no fear of any such consequence. Illegally overstepping their bounds and then saying "oops" is about all you'll hear about this ordeal. I'm sure some calls for investigation will be made and someone might have a dispassionate speech on C-SPAN and then it will all be swept under the rug. It might even pave the way for the FBI to request this type of access for the future if they can "prove" that it's in the interest of "national security".

Re:Trust the FBI?

[techno-vampire]

The FBI will have no fear of any such consequence. Illegally overstepping their bounds

This being Slashdot, I can probably assume that you didn't bother to RTFA before posting, but if you had, you'd have kept your foot out of your mouth. The FBI requested that an ISP send them copies of all email sent to one address at a small domain. The ISP screwed the pooch and sent them all email sent to that domain. The FBI noticed that they were getting way too much email, found out what had happened and corrected it. At no time did they overstep their bounds, because they only asked for what a judge said they were entitled to. I hope this makes enough sense to you that you can remove your tinfoil hat, but frankly, I doubt it.

Headline: Sysadmin fouls up filter

[Jimithing+DMB]

Seriously. What's the story here? Some sysadmin who apparently didn't know what he was doing put the wrong thing in his e-mail server configuration and inadvertently sent all e-mail for the entire domain instead of e-mail for one address.

Mistakes happen all the time. The appropriate thing to look for is whether the mistake was caught and corrected in a timely fashion. It seems that the mistake was caught and corrected in a timely fashion which basically makes this a story about an everyday occurrence.

This story might make a good one for some sysadmin journal reminding sysadmins to document policies that help ensure mistakes do not happen and if they do are caught by the company itself instead of by the FBI. For example, a simple procedure would be to check the appropriate logs after changing the configuration to make sure the configuration is doing what it was intended to do.

Re:Headline: Sysadmin fouls up filter

[vertinox]

Mistakes happen all the time. The appropriate thing to look for is whether the mistake was caught and corrected in a timely fashion. It seems that the mistake was caught and corrected in a timely fashion which basically makes this a story about an everyday occurrence.

I think the idea is if this happens once it could happen again without too much effort. There is no real oversight on how the FBI, NSA, DHS, or any other organization acquires information nor a transparent way to gather such data.

Now, I really don't see any malicious intent on the FBI with this since of the old adage "Never attribute to malice that which can be adequately explained by stupidity." but I get the sinking feeling that they would often find themselves in situation in which they are too lazy to follow procedure and due process like maybe a warrant.

Re:Headline: Sysadmin fouls up filter

[Jimithing+DMB]

You did read the article right? It wasn't the FBI that screwed up. The FBI caught the mistake that the company's sysadmin made when setting up the eavesdropping.

Yes, it can happen again without too much effort. What are you going to do to fix it? Send the FBI in to set up the eavesdropping themselves so the sysadmin doesn't screw it up? Keep in mind we're talking about a run of the mill court-ordered warrant here. It's a very standard and very legal way to gather evidence. This story has very little if anything at all to do with post-9/11 surveillance or FISA or anything else that might be questionable or debatable. No where in the article does it say that the surveillance was set up as part of a FISA warrant which leads me to believe that the Times reporter is trying to feign a connection for scare value.

I hate to say it but I think the debate is pretty much closed on court-ordered warrants. If the court orders them and you don't have any legal argument to squash the order then you have to comply with it or be found in contempt of court. There's nothing really secretive about the process either, except ideally to the person who's being surveilled.

What I want to know

[causality]

A hundred or more accounts may have been accessed, rather than 'the lone e-mail address' that was approved by a secret intelligence court as part of a national security investigation.

When I read this, I wasn't wondering how that happened, or what the nature of the "glitch" was, or how many accounts were accessed. What I was wondering is WHY THE FUCK DOES THE UNITED STATES HAVE A SECRET COURT OF ANY KIND?!?!. Yeah yeah, to protect the children, save the whales, stop the terrorists, keep you safe, "our intentions are pure and we're really a bunch of big-hearted individuals who care about your well-being" etc... I still don't know what is wrong with the assholes who actually believe this shit.

And hell, I want to believe we have a good, honest government. The fact is, we don't. I don't understand what being in this level of denial is supposed to do to remedy the situation. There is a very good reason why the founding fathers intended for most of our interaction with government to come from the local and state level. The only thing the federal government can do that the state & local governments cannot do is resolve disputes between states, conduct foreign policy, regulate interstate trade, oh and it can slowly become a dictatorship too. Speaking of remedies, I'm betting that nothing will happen either to the FBI as an organization or to the individuals who made this "mistake", that at most they will receive a slap-on-the-wrist.

Re:What I want to know

[nguy]

What I was wondering is WHY THE FUCK DOES THE UNITED STATES HAVE A SECRET COURT OF ANY KIND?!?!.

This is not a "secret court" in the sense of a court that sends people to prison (the US has those, too, but they are still limited to the military and Guantanamo). Rather, it's a court that acts as an additional control for police and secret service actions.

Such a "secret court" is a good thing, because it provides judicial review for actions that would otherwise not be subject to judicial review at all.

Re:What I want to know

[achbed]

Such a "secret court" is a good thing, because it provides the appearance of judicial review for actions that would otherwise not be subject to judicial review at all.

Fixed that for you.

Check out the denial records of that court since the 70s. That should tell you just how detailed the FISA rubber stamp looks at those warrant petitions.

Something doesn't fit...

[AnotherUsername]

Something is wrong here...I can't quite put my finger on it...

Wait a minute, that's it!

You're a spy! No self-respecting Slashdotter would willingly still have a Hotmail address! You're one of them!

What we DON'T know

[Baraka]

• which ISP was involved
  
• how many individuals' accounts had their privacy compromised
  
• how many messages were captured by the FBI's data vacuum cleaner
  
• whether the messages were really destroyed or not (what does unspecified means mean?)
  
• whether the FBI is even telling the truth or not
  
• how many other times this kind of overproduction has occurred since 9/11
  

The writer of this article, Eric Lichtblau, won a shared Pulitzer Prize for his work in exposing the illegal warrantless wiretapping program, authorized by the government and championed by the White House after 9/11. In fact, it was in existence even before 9/11, but that's another story entirely.

This program supposedly expired just yesterday when congress let the clock run out on its dependent legislation. The problem here, clearly, is that it doesn't matter if this program is never renewed; overproduction of data under FISA will still happen all the time. That's the entire point of this article. There are no checks and balances. There is no accountability. There is NOTHING. Total secrecy and legal immunity are all but guaranteed for the perpetrators. Period.