When the NSA Shows Up At Your Internet Company

Frosty Piss writes "When people say the feds are monitoring what people are doing online, what does that mean? How does that work? When, and where, does it start? Pete Ashdown, CEO of XMission, an internet service provider in Utah, knows. He received a Foreign Intelligence Service Act (FISA) warrant in 2010 mandating he let the feds monitor one of his customers, through his facility. He also received a broad gag order. Says Mr. Ashdown, 'I would love to tell you all the details, but I did get the gag order... These programs that violate the Bill of Rights can continue because people can't go out and say, This my experience, this is what happened to me, and I don't think it is right.' In this article, Mr. Ashdown tells us about the equipment the NSA installed on his network, and what he thinks it did."

Re:Hack the black box?

You'd probably be charged with a wide range of crimes, like tampering with evidence, disrupting an investigation, espionage and wiretapping (because the NSA is authorized, but you aren't).

Challenge the Gag Order

[TemperedAlchemist]

Most gag order statutes have been voided for being unconstitutional.

---

What the NSA is actually doing is blatantly ignoring our bill of rights. These gag orders are not legal because they are not constitutional, regardless of what the NSA insists.

I would like them to see them -- and the court officials that go along with their little scheme, pay for their crimes against humanity (and yes, that's what it actually is). Hilarious that this organization has become the very monster it was created to destroy: a terrorist network.

Terminate contract instead?

What if the contract had a clause that said services would be terminated with no notice and no explanation if we receive a lawful warrant to participate in monitoring said customer?

Sort of canary?

Re:Terminate contract instead?

[bugnuts]

Contracts can't override a lawful order. My thought is that they might try to charge you with something, such as hindering an investigation.

Maybe have the contract say something like "You will be charged $0.01/month if we are required to install monitoring gear" and have it show up on their bill. :)

Re:Terminate contract instead?

[auric_dude]

Some librarians (Jessamyn West and others) tried this sort of idea in attempts to warn users that FBI were prowling about https://en.wikipedia.org/wiki/Jessamyn_West_(librarian)

Re:Terminate contract instead?

[icebike]

How would terminating a customer account violate a lawful order.

Fisa order for customer Joe arrives.
Joe's account immediately terminated.
Fisa replied to with no such account exists.
Joe calls up pissed. Receives Reply: read clause 24.65 of your contract.

Re:Terminate contract instead?

[silas_moeckel]

Basic boiler plate for legit (actual judge, actual crimes etc) warrants have a clause to keep the service active. They pay all expenses and reasonable fee's with a very loose definition of reasonable (billing out a jr techs $35 a hour time as $400 an hour was considered fairly cheap). It can be rather annoying had a dedicated server under scrutiny they had setup encrypted VPS's on the box with a spammer on one VPS that the client refused to turn off. It got bad enough that our up streams were complaining and had to get a letter and a conf call with the FBI case agent to get things settled (they were exploiting a 3 way session, spoofing the outbound packets and relaying the reply packets over a vpn to bypass our outbound spam filtering effectively just using out clean IP's).

The specifics to this one look OK they had them host a server with a single connection to a span port for the web site in question. They only had access to what the provider sent them and would still have to break through any encryption. I've done similar for warrants on shared servers hundreds of times. Performing some digging related to servicing these I've found child porn etc hiding behind rather boring looking fronts.

Legitimate order or not . . . ?

[PolygamousRanchKid+]

So, in TFA he said he was not allowed to make a copy of the order, but just take some notes about it. His attorney said it was legitimate . . . how?

I mean, you can't take a copy yourself to a secret court to ask them if they authorized it. You could call up a number that they give you, but what does that prove? And the whole damn thing is supposed to be secret, so that nobody knows nothing anyway.

Does anyone know how this works?

Re:Xmission?

[ObsessiveMathsFreak]

Or they could say they were monitoring Maddox, when in reality, they were snooping on someone else, or just mooching server space to use in a distributed network they were running. You have no idea, and neither do most people working at the NSA, or the FISA court, etc, etc.

For all anyone knows, this "monitoring equipment" could have been hosting (and let me just go for the Godwin Gold here) a child porn darknet for a ring of senior paedophiles operating inside the NSA. And if anything went wrong, or was discovered, the NSA could ahve just pinned it all on XMission, Mr. Ashdown, and his attorneys. After all, there's no official record, all are gagged from revealing what they know, and the NSA would just lie about it.

And in case this seems hyperbolic: If the NSAs programs continue for long enough, this will happen. History is the definitive proof.