Slashdot Mirror

← Back to Stories (view on slashdot.org)

When the NSA Shows Up At Your Internet Company

Posted by samzenpus on from the when-the-man-comes-around dept.

Frosty Piss writes "When people say the feds are monitoring what people are doing online, what does that mean? How does that work? When, and where, does it start? Pete Ashdown, CEO of XMission, an internet service provider in Utah, knows. He received a Foreign Intelligence Service Act (FISA) warrant in 2010 mandating he let the feds monitor one of his customers, through his facility. He also received a broad gag order. Says Mr. Ashdown, 'I would love to tell you all the details, but I did get the gag order... These programs that violate the Bill of Rights can continue because people can't go out and say, This my experience, this is what happened to me, and I don't think it is right.' In this article, Mr. Ashdown tells us about the equipment the NSA installed on his network, and what he thinks it did."

17 of 309 comments (clear)

  1. Tiny Utah-based ISP makes a name for itself. by auric_dude · · Score: 5, Informative

    The company, a comparative midget with just 30,000 subscribers, cited the Fourth Amendment in rebuffing warrantless requests from local, state and federal authorities, showing it was possible to resist official pressure says it all http://www.guardian.co.uk/world/2013/jul/09/xmission-isp-customers-privacy-nsa

    1. Re: Tiny Utah-based ISP makes a name for itself. by Penguinisto · · Score: 5, Informative

      Something to consider:

      I once worked for a company that used XMission's downtown SLC location as its colo location; excellent guys, and kick-ass service. That said, there's one other bit: a large number of their 30k customers are some rather large(-ish) corporations and companies - a few of whom have the ear of Sen. Orrin Hatch, among others in both state and federal government... not to mention (guessing this part, but given their location and name) they likely have a very strong hook into the LDS hierarchy.

      (By the by, XMission is one of the few (and IMO lucky) ISP's who provide for/with the UTOPIA fiber-to-home networks, and IIRC the only local/SLC-based one. )

      IOW, they're not just some tiny naive dial-up provider. If they didn't have a line to some heavy-hitters, I'd wager that they'd likely buckle to the demands out of sheer survival instinct, if for no other reason.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    2. Re: Tiny Utah-based ISP makes a name for itself. by Garridan · · Score: 5, Informative

      I once worked for a company that used XMission's downtown SLC location as its colo location; excellent guys, and kick-ass service.

      I second this. My boss was a good friend of Pete's, and our site was hosted there. I got to hang out with Pete quite a bit, and he's a superb example of a human being. Moral, upstanding, and fair. XMission isn't just a 'tiny ISP', it's a long-proven company with a history of smashing success; rather than expand to a national then multinational power, it has kept sight of its core, takes care of its people, and focuses on offering the best product for its customers. This is the ISP after which all others should be modeled. Pete Ashdown for president!

  2. Ethics versus Legality by girlintraining · · Score: 5, Insightful

    The NSA's corrupt and unethical activities have shown a bright light on the blackened and burned out husk of our ethics within the justice system. Which is to say, there really aren't any left to speak of.

    The law has absolutely nothing to do with right or wrong anymore. It's just a prescription for what is allowed and isn't, not whether you should or shouldn't. It's not unlike owning a gun; By itself, it's harmless. Put it someone's hands, and what they do with it can be catastrophic. Laws are just tools. It's what is done with them we need to look at.

    So far, I'm not encouraged by what I am seeing those tools used for. Perhaps its time to take them away, until they can learn to handle them responsibly.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Ethics versus Legality by gmuslera · · Score: 5, Insightful

      The problem with that law is it is meant for people, it depend on people to be honest, not wanting extra money, not being able to be blackmailed or social engineered, not falling into common human bias like the ones shown in the Stanford prison experiment. You maybe could manage to find a few people that could cope with that. But if you have up to up to 5 millon people to access that information (including 500k with top secret access that work at for profit contractors), then you are doing the equivalent of giving guns to all prison inmates and setting them free in all the big cities. You know that people will get killed, abused, robbed and so on with that action. So in the actual context, that law is legalized robbery with impunity.

    2. Re:Ethics versus Legality by girlintraining · · Score: 5, Insightful

      The problem with that law is it is meant for people, it depend on people to be honest, not wanting extra money, not being able to be blackmailed or social engineered, not falling into common human bias like the ones shown in the Stanford prison experiment.

      If people were honest, not greedy, and incapable of having any vices, and weren't stupid... there'd be no need for laws! The problem isn't the law, it's the people enforcing it. Think about the legal texts of old -- the Magna Carta. The Constitution. Hell, why not even throw in a few holy texts -- the Bible, Koran, etc. My point is a basic code of conduct took one book or less to draw the boundaries for most situations. Now, I don't want to discuss their relative merits, coz that'll take us to nasty flaming troll of doom land, it's just there to illustrate that the legal process doesn't have to be complex to be fairly complete.

      This extra complexity is meant to blunt the minds of its critics and enable people to operate under color of authority to do things that many of us consider unethical or immoral. And that is the problem. The judicial process no longer has any feedback mechanism -- no way of saying "good" or "bad". Laws are written, but rarely repealed. They have no expiration date. So the system grows more and more complex, and people's ethics and morality slowly erode. Slow enough, anyway, that it's not obvious to anyone what's happening... at least until most of it has been lost.

      --
      #fuckbeta #iamslashdot #dicemustdie
  3. Re:Hack the black box? by Anonymous Coward · · Score: 5, Interesting

    You'd probably be charged with a wide range of crimes, like tampering with evidence, disrupting an investigation, espionage and wiretapping (because the NSA is authorized, but you aren't).

  4. Challenge the Gag Order by TemperedAlchemist · · Score: 5, Interesting

    Most gag order statutes have been voided for being unconstitutional.

    ---

    What the NSA is actually doing is blatantly ignoring our bill of rights. These gag orders are not legal because they are not constitutional, regardless of what the NSA insists.

    I would like them to see them -- and the court officials that go along with their little scheme, pay for their crimes against humanity (and yes, that's what it actually is). Hilarious that this organization has become the very monster it was created to destroy: a terrorist network.

  5. Terminate contract instead? by Anonymous Coward · · Score: 5, Interesting

    What if the contract had a clause that said services would be terminated with no notice and no explanation if we receive a lawful warrant to participate in monitoring said customer?

    Sort of canary?

    1. Re:Terminate contract instead? by auric_dude · · Score: 5, Interesting

      Some librarians (Jessamyn West and others) tried this sort of idea in attempts to warn users that FBI were prowling about https://en.wikipedia.org/wiki/Jessamyn_West_(librarian)

    2. Re:Terminate contract instead? by icebike · · Score: 5, Interesting

      How would terminating a customer account violate a lawful order.

      Fisa order for customer Joe arrives.
      Joe's account immediately terminated.
      Fisa replied to with no such account exists.
      Joe calls up pissed. Receives Reply: read clause 24.65 of your contract.

      --
      Sig Battery depleted. Reverting to safe mode.
    3. Re:Terminate contract instead? by silas_moeckel · · Score: 5, Interesting

      Basic boiler plate for legit (actual judge, actual crimes etc) warrants have a clause to keep the service active. They pay all expenses and reasonable fee's with a very loose definition of reasonable (billing out a jr techs $35 a hour time as $400 an hour was considered fairly cheap). It can be rather annoying had a dedicated server under scrutiny they had setup encrypted VPS's on the box with a spammer on one VPS that the client refused to turn off. It got bad enough that our up streams were complaining and had to get a letter and a conf call with the FBI case agent to get things settled (they were exploiting a 3 way session, spoofing the outbound packets and relaying the reply packets over a vpn to bypass our outbound spam filtering effectively just using out clean IP's).

      The specifics to this one look OK they had them host a server with a single connection to a span port for the web site in question. They only had access to what the provider sent them and would still have to break through any encryption. I've done similar for warrants on shared servers hundreds of times. Performing some digging related to servicing these I've found child porn etc hiding behind rather boring looking fronts.

      --
      No sir I dont like it.
  6. NSA equipment: rent space? charge for electricity? by crow · · Score: 5, Informative

    You may be required to cooperate with their investigation, but space in a data center is not free, and the electricity certainly isn't, either. If they're taking what's yours, they should pay fair market value, and that includes space, power, cooling, and such.

  7. Harder done than said by bugnuts · · Score: 5, Informative

    National Security Letters, which are similar, result in a lot of difficulty challenging the gag order without violating the gag order.

    At the eff, they talk about national security letters. They have made some progress in challenging the gag orders, but this is years later. The recipient of this gag order would likely not have even been able to get it into court before they had already removed it 9 months later.

    The OP was served with a FISA warrant, which is apparently more rare and somewhat different. I don't know much about these, but the eff has some info here.

  8. They are the best by AndreyFilippov · · Score: 5, Informative

    I'm Xmission customer for 18 years and they are the best. They always notified subscribers of any interruptions of the service even if it happened for 5 minutes in the middle of the night, decribing what went wrong and what have they done to prevent similar problems in the future.
    And I still drive with Pete Ashdown sticker on the back of my car since he ran for the US Senate - but it is not easy do win for a Democrat in one of the most Republican states.

  9. Re:No Surprises Here by tftp · · Score: 5, Insightful

    How does one authenticate their authenticity?

    When men with guns say it's authentic, it is.

  10. What's in the box? by PPH · · Score: 5, Funny

    Hello, NSA?

    Remember that box we put in our server room for you a couple of weeks back? Well last night, four heavily armed masked men broke into our facility and held our techs at gunpoint while they removed your box. When they left, all we heard was the sound of their helicopter. It was night, so we didn't see anything. I think they had Russian accents.

    We would have filed a police report, except we are not supposed to discuss the details of you activities with anyone.

    --
    Have gnu, will travel.