Slashdot Mirror

← Back to Stories (view on slashdot.org)

When the NSA Shows Up At Your Internet Company

Posted by samzenpus on from the when-the-man-comes-around dept.

Frosty Piss writes "When people say the feds are monitoring what people are doing online, what does that mean? How does that work? When, and where, does it start? Pete Ashdown, CEO of XMission, an internet service provider in Utah, knows. He received a Foreign Intelligence Service Act (FISA) warrant in 2010 mandating he let the feds monitor one of his customers, through his facility. He also received a broad gag order. Says Mr. Ashdown, 'I would love to tell you all the details, but I did get the gag order... These programs that violate the Bill of Rights can continue because people can't go out and say, This my experience, this is what happened to me, and I don't think it is right.' In this article, Mr. Ashdown tells us about the equipment the NSA installed on his network, and what he thinks it did."

30 of 309 comments (clear)

  1. Tiny Utah-based ISP makes a name for itself. by auric_dude · · Score: 5, Informative

    The company, a comparative midget with just 30,000 subscribers, cited the Fourth Amendment in rebuffing warrantless requests from local, state and federal authorities, showing it was possible to resist official pressure says it all http://www.guardian.co.uk/world/2013/jul/09/xmission-isp-customers-privacy-nsa

    1. Re: Tiny Utah-based ISP makes a name for itself. by Penguinisto · · Score: 5, Informative

      Something to consider:

      I once worked for a company that used XMission's downtown SLC location as its colo location; excellent guys, and kick-ass service. That said, there's one other bit: a large number of their 30k customers are some rather large(-ish) corporations and companies - a few of whom have the ear of Sen. Orrin Hatch, among others in both state and federal government... not to mention (guessing this part, but given their location and name) they likely have a very strong hook into the LDS hierarchy.

      (By the by, XMission is one of the few (and IMO lucky) ISP's who provide for/with the UTOPIA fiber-to-home networks, and IIRC the only local/SLC-based one. )

      IOW, they're not just some tiny naive dial-up provider. If they didn't have a line to some heavy-hitters, I'd wager that they'd likely buckle to the demands out of sheer survival instinct, if for no other reason.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    2. Re: Tiny Utah-based ISP makes a name for itself. by Garridan · · Score: 5, Informative

      I once worked for a company that used XMission's downtown SLC location as its colo location; excellent guys, and kick-ass service.

      I second this. My boss was a good friend of Pete's, and our site was hosted there. I got to hang out with Pete quite a bit, and he's a superb example of a human being. Moral, upstanding, and fair. XMission isn't just a 'tiny ISP', it's a long-proven company with a history of smashing success; rather than expand to a national then multinational power, it has kept sight of its core, takes care of its people, and focuses on offering the best product for its customers. This is the ISP after which all others should be modeled. Pete Ashdown for president!

  2. Ethics versus Legality by girlintraining · · Score: 5, Insightful

    The NSA's corrupt and unethical activities have shown a bright light on the blackened and burned out husk of our ethics within the justice system. Which is to say, there really aren't any left to speak of.

    The law has absolutely nothing to do with right or wrong anymore. It's just a prescription for what is allowed and isn't, not whether you should or shouldn't. It's not unlike owning a gun; By itself, it's harmless. Put it someone's hands, and what they do with it can be catastrophic. Laws are just tools. It's what is done with them we need to look at.

    So far, I'm not encouraged by what I am seeing those tools used for. Perhaps its time to take them away, until they can learn to handle them responsibly.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Ethics versus Legality by gmuslera · · Score: 5, Insightful

      The problem with that law is it is meant for people, it depend on people to be honest, not wanting extra money, not being able to be blackmailed or social engineered, not falling into common human bias like the ones shown in the Stanford prison experiment. You maybe could manage to find a few people that could cope with that. But if you have up to up to 5 millon people to access that information (including 500k with top secret access that work at for profit contractors), then you are doing the equivalent of giving guns to all prison inmates and setting them free in all the big cities. You know that people will get killed, abused, robbed and so on with that action. So in the actual context, that law is legalized robbery with impunity.

    2. Re:Ethics versus Legality by girlintraining · · Score: 5, Insightful

      The problem with that law is it is meant for people, it depend on people to be honest, not wanting extra money, not being able to be blackmailed or social engineered, not falling into common human bias like the ones shown in the Stanford prison experiment.

      If people were honest, not greedy, and incapable of having any vices, and weren't stupid... there'd be no need for laws! The problem isn't the law, it's the people enforcing it. Think about the legal texts of old -- the Magna Carta. The Constitution. Hell, why not even throw in a few holy texts -- the Bible, Koran, etc. My point is a basic code of conduct took one book or less to draw the boundaries for most situations. Now, I don't want to discuss their relative merits, coz that'll take us to nasty flaming troll of doom land, it's just there to illustrate that the legal process doesn't have to be complex to be fairly complete.

      This extra complexity is meant to blunt the minds of its critics and enable people to operate under color of authority to do things that many of us consider unethical or immoral. And that is the problem. The judicial process no longer has any feedback mechanism -- no way of saying "good" or "bad". Laws are written, but rarely repealed. They have no expiration date. So the system grows more and more complex, and people's ethics and morality slowly erode. Slow enough, anyway, that it's not obvious to anyone what's happening... at least until most of it has been lost.

      --
      #fuckbeta #iamslashdot #dicemustdie
  3. Re:Hack the black box? by Anonymous Coward · · Score: 5, Interesting

    You'd probably be charged with a wide range of crimes, like tampering with evidence, disrupting an investigation, espionage and wiretapping (because the NSA is authorized, but you aren't).

  4. Challenge the Gag Order by TemperedAlchemist · · Score: 5, Interesting

    Most gag order statutes have been voided for being unconstitutional.

    ---

    What the NSA is actually doing is blatantly ignoring our bill of rights. These gag orders are not legal because they are not constitutional, regardless of what the NSA insists.

    I would like them to see them -- and the court officials that go along with their little scheme, pay for their crimes against humanity (and yes, that's what it actually is). Hilarious that this organization has become the very monster it was created to destroy: a terrorist network.

    1. Re:Challenge the Gag Order by Rich0 · · Score: 4, Insightful

      Most gag order statutes have been voided for being unconstitutional.

      Great, so all you have to do is go ahead and violate an order (publishing some single event that on its own is trivial), then watch the powers descend on you, take away all your stuff, and possibly lock you up as well. Then you can begin a 5-10 year court battle to get it all back, facing the risk of a long prison term the entire time. That battle will likely cause you to lose your job and waste away a good portion of your adult life.

      But yes, in the end there is a decent (but far from certain) chance that you will win. If so, you won't even get an apology - they'll just let you return to life with little more than the clothes on your back so that you can start saving what little you can for your retirement.

  5. Terminate contract instead? by Anonymous Coward · · Score: 5, Interesting

    What if the contract had a clause that said services would be terminated with no notice and no explanation if we receive a lawful warrant to participate in monitoring said customer?

    Sort of canary?

    1. Re:Terminate contract instead? by bugnuts · · Score: 4, Interesting

      Contracts can't override a lawful order. My thought is that they might try to charge you with something, such as hindering an investigation.

      Maybe have the contract say something like "You will be charged $0.01/month if we are required to install monitoring gear" and have it show up on their bill. :)

    2. Re:Terminate contract instead? by auric_dude · · Score: 5, Interesting

      Some librarians (Jessamyn West and others) tried this sort of idea in attempts to warn users that FBI were prowling about https://en.wikipedia.org/wiki/Jessamyn_West_(librarian)

    3. Re:Terminate contract instead? by icebike · · Score: 5, Interesting

      How would terminating a customer account violate a lawful order.

      Fisa order for customer Joe arrives.
      Joe's account immediately terminated.
      Fisa replied to with no such account exists.
      Joe calls up pissed. Receives Reply: read clause 24.65 of your contract.

      --
      Sig Battery depleted. Reverting to safe mode.
    4. Re:Terminate contract instead? by silas_moeckel · · Score: 5, Interesting

      Basic boiler plate for legit (actual judge, actual crimes etc) warrants have a clause to keep the service active. They pay all expenses and reasonable fee's with a very loose definition of reasonable (billing out a jr techs $35 a hour time as $400 an hour was considered fairly cheap). It can be rather annoying had a dedicated server under scrutiny they had setup encrypted VPS's on the box with a spammer on one VPS that the client refused to turn off. It got bad enough that our up streams were complaining and had to get a letter and a conf call with the FBI case agent to get things settled (they were exploiting a 3 way session, spoofing the outbound packets and relaying the reply packets over a vpn to bypass our outbound spam filtering effectively just using out clean IP's).

      The specifics to this one look OK they had them host a server with a single connection to a span port for the web site in question. They only had access to what the provider sent them and would still have to break through any encryption. I've done similar for warrants on shared servers hundreds of times. Performing some digging related to servicing these I've found child porn etc hiding behind rather boring looking fronts.

      --
      No sir I dont like it.
    5. Re:Terminate contract instead? by AK+Marc · · Score: 4, Informative

      That would violate the order as well. I've not got the law committed to memory, but "tipping off" the subject is illegal, no matter how you tip them off. So a billing change would be illegal. Terminating the service on receipt of an order to tap wouldn't tip them off of tapping, but prevent it. That may get you an obstruction charge. Or not. I'm not a lawyer, just an expert in designing and implementing lawful intercept.

      --
      Learn to love Alaska
  6. NSA equipment: rent space? charge for electricity? by crow · · Score: 5, Informative

    You may be required to cooperate with their investigation, but space in a data center is not free, and the electricity certainly isn't, either. If they're taking what's yours, they should pay fair market value, and that includes space, power, cooling, and such.

  7. Legitimate order or not . . . ? by PolygamousRanchKid+ · · Score: 4, Interesting

    So, in TFA he said he was not allowed to make a copy of the order, but just take some notes about it. His attorney said it was legitimate . . . how?

    I mean, you can't take a copy yourself to a secret court to ask them if they authorized it. You could call up a number that they give you, but what does that prove? And the whole damn thing is supposed to be secret, so that nobody knows nothing anyway.

    Does anyone know how this works?

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    1. Re:Legitimate order or not . . . ? by mosb1000 · · Score: 4, Informative

      Does anyone know how this works?

      You do what they say, or else they come shoot you and plant drugs on your body.

  8. Harder done than said by bugnuts · · Score: 5, Informative

    National Security Letters, which are similar, result in a lot of difficulty challenging the gag order without violating the gag order.

    At the eff, they talk about national security letters. They have made some progress in challenging the gag orders, but this is years later. The recipient of this gag order would likely not have even been able to get it into court before they had already removed it 9 months later.

    The OP was served with a FISA warrant, which is apparently more rare and somewhat different. I don't know much about these, but the eff has some info here.

    1. Re:Harder done than said by 0111+1110 · · Score: 4, Insightful

      The terrorists won on September 11, 2001, although not in the way they planned.

      More like not in the specific way that they had hoped. IIRC they hoped to get the US military out of Saudi Arabia. But the sort of stuff in the news now is also the kind of thing they were hoping for. A rather nice consolation prize. It is certainly a revenge of sorts. The entire country has been punished. Countless generations of Americans will be forced to live in an Orwellian dystopia. They could not have done it without help from our own politicians, but nevertheless it is undeniably a very real victory for Bin Laden's group. No honest person can continue to call the US free and there is no going back.

      --
      Quite an experience to live in fear, isn't it? That's what it is to be a slave.
  9. Secret laws enforced by secret courts by jbolden · · Score: 4, Insightful

    He is absolutely right that we shouldn't have secret courts issuing secret laws. Temporary gag orders are fine but they should expire rapidly and then what happened be subject to public scrutiny. Faretta v. California talked about how many of our laws for trial procedure and rights in the constitution evolved from a reaction against the Star Chamber. The core idea of the Star Chamber was secrecy to deal with defendants who were too powerful to be tried openly for fear the the realm could not control the impact, and we have decided to replicate this in full.

  10. Re:stand up by jbolden · · Score: 4, Insightful

    That could also be read as a widespread conspiracy involving multiple companies to coordinate to commit felonies. The problem is the American people, have until recently been strongly supportive of this nonsense. The companies can't stand up to it until they know for sure a jury will never convict and they can't know that yet.

  11. Re:Xmission? by ObsessiveMathsFreak · · Score: 4, Interesting

    Or they could say they were monitoring Maddox, when in reality, they were snooping on someone else, or just mooching server space to use in a distributed network they were running. You have no idea, and neither do most people working at the NSA, or the FISA court, etc, etc.

    For all anyone knows, this "monitoring equipment" could have been hosting (and let me just go for the Godwin Gold here) a child porn darknet for a ring of senior paedophiles operating inside the NSA. And if anything went wrong, or was discovered, the NSA could ahve just pinned it all on XMission, Mr. Ashdown, and his attorneys. After all, there's no official record, all are gagged from revealing what they know, and the NSA would just lie about it.

    And in case this seems hyperbolic: If the NSAs programs continue for long enough, this will happen. History is the definitive proof.

    --
    May the Maths Be with you!
  12. Re:NSA equipment: rent space? charge for electrici by sirsnork · · Score: 4, Informative

    As is described in the article, they will happily pay that. However this particular ISP was against profiting in any way from monitoring their customer

    --

    Normal people worry me!
  13. Where exactly is 'outside US jurisdiction' now? by rts008 · · Score: 4, Insightful

    Ask Eric Snowden, I hear he has some experience with this very thing.

    The ONLY reason Snowden is not a resident of GITMO, is the US can't invade Moscow Airport.
    If he was in a less powerful country, like Panama, for example, he would already be in custody.

    ...can't they just go to Mexico and tell people there?

    Times have changed somewhat, Butch Cassidy....Mexico, or Canada, are no longer safe havens to escape the US.

    --
    Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
  14. The first amendment trumps the gag order. by jcr · · Score: 4, Insightful

    Say whatever you want to say, and demand a jury trial if they want to punish you for it. The great lesson of the fall of the Soviet Empire is that the people outnumber the thugs, and the thugs' power depends entirely on the people's obedience.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  15. They are the best by AndreyFilippov · · Score: 5, Informative

    I'm Xmission customer for 18 years and they are the best. They always notified subscribers of any interruptions of the service even if it happened for 5 minutes in the middle of the night, decribing what went wrong and what have they done to prevent similar problems in the future.
    And I still drive with Pete Ashdown sticker on the back of my car since he ran for the US Senate - but it is not easy do win for a Democrat in one of the most Republican states.

  16. Re:No Surprises Here by tftp · · Score: 5, Insightful

    How does one authenticate their authenticity?

    When men with guns say it's authentic, it is.

  17. What's in the box? by PPH · · Score: 5, Funny

    Hello, NSA?

    Remember that box we put in our server room for you a couple of weeks back? Well last night, four heavily armed masked men broke into our facility and held our techs at gunpoint while they removed your box. When they left, all we heard was the sound of their helicopter. It was night, so we didn't see anything. I think they had Russian accents.

    We would have filed a police report, except we are not supposed to discuss the details of you activities with anyone.

    --
    Have gnu, will travel.
  18. Re:Trading Places by PPH · · Score: 4, Funny

    Dear AC.

    You are being recruited by the intelligence services due to your deep insights into the Trayvon Martin case. You will provide us with assistance and your personal insights into the politics and evidence surrounding this incident.

    However, for purposes of national security, we will be placing a gag order on all of your communications regarding this case. You will not be allowed to divulge the scope of your knowledge, or the content of our communications in any matter regarding Trayvon Martin or Barak Obama.

    Thank you for your support in making this country a safer place.

    --
    Have gnu, will travel.