Slashdot Mirror
Tech Firms Say FBI Wants Browsing History Without Warrant (engadget.com)
Aaron Souppouris, reporting for Engadget: Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases. ECTRs include high-level information on what sites a person visited, the time spent on those sites, email metadata, location information and IP addresses. To gain access to this data, a special agent in charge of a bureau field office need only write a "national security letter" (NSL) that doesn't require a judge's approval. It's worth noting that ECTRs don't amount to a full browsing history. If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links. Additionally, the ECTRs won't include the content of emails, search queries, or form content, but will feature metadata, so the FBI would know who someone is messaging and when.
Thanks to everyone who submitted similar stories.
Tech firms say FBI always wants EVERYTHING THEY CAN GET without warrent.
If they walk up to my house and look in a window from the street and see something fine. If the blinds are drawn and they want to see what is behind that window, they need to convince a judge (either before the fact via a warrant, or after the fact with probably cause). Why is it that so many people, especially in government, lose their minds when computers are involved? If I can visit engadget.com and see who is on the site and from where, then fine. If I want them to open up their access logs, I ought to need a judge's approval. Seriously, in this day and age a Judge's approval is never more than 15 or 20 minutes away. It's not like two centuries ago where judges rode circuit and you might have to wait a month until the next time you saw one. Aside from that, if the matters are sensitive, there is an entire court of judges (FISA) with top secret clearances and plenty of federal and even state court judges who have litigated or presided over sensitive cases and also have security clearances. If law enforcement complains that "it's hard" then that is how it should be. Infringing on someone's rights (and that's exactly what a search by the government is) shouldn't be easy.
Seeing the article with a facebook logo, I wonder if FBI stands for "FaceBook International".
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
FBI are getting too big for their britches, between lobbying efforts for more power, and pressure tactics on both commercial and other government agencies.
Table-ized A.I.
in every household. Put one in every store and put one in every corporate office. Put one in every school and every city bus. In fact just make every US citizen an FBI agent then you can keep tabs on EVERYTHING.
May be because they think that this is gonna help to fight crime. But also this will let them see the personal life of common people.
I can see where this is going.
You might hate terrorism and be looking at isis.com or whataver for legitmate academinc or other reasons, yet the FBI will now just put you on the no fly list anyway.
It's apparently not difficult to get an essentially rubber stamp warrant from a judge. At least that has a modicum of accountability in the process. Why the hell don't they simply get a warrant?!?!
And I want a solid rhodium toilet. In a sane world I would be more likely to get that toilet than the FBI would bet to get warrantless searches but alas we seem to have gone insane.
Time to offend someone
ECTR's arent a formal technical definition, its a smoke-and-mirrors piece of jargon invented by the FBI to conceal the meaning and definition of what it really wants and to prevent overstepping the "metadata" line.
ECTRs are apache, postfix, nginx, and php logs from transactions. they are asking for your system logs.
Good people go to bed earlier.
NO NO NO
The FBI, CIA, NSA, etc should get NOTHING, not even their paychecks, without a warrant.
Enough already, this is way out of hand.
It's enough to make you start rooting for the "bad guys" almost
Any suspected terrorist stupid enough to be caught browsing HTTP (or even HTTPS) sites to co-ordinate their activities really ARE NOT the people we need to worry about.
And any "activity report" that just looks at DNS lookups for websites is really useless against the rest.
Honestly, even an SSH to a foreign remote server that does the actual lookup stuff for you would make it much harder to detect what you were looking up, and that's not even counting looking for it on a proper "darkweb" rather than just anything you could find in a normal web browser with no special software.
"I just came from a meeting, today, in the situation room, in which I’ve got people who we know have been on ISIL websites living here in the United States — US citizens. And we’re allowed to put them on the no fly list when it comes to airlines, ..."
Based on browser history - pardon? What the president just confirmed is that someone from the government is noting everyone's browsing history, determining which websites are not to be visited, and furthermore, if someone does visit the website for whatever reason they get put on a no fly list.
Agreed. There is no information available to tell how long someone spent browsing a page. Sure, if there is a record of a page retrieved, and then a record of another page retrieved that was linked on the initial page, and the time between those two retrievals was relatively short you can probably infer that the time on the first page was probably the time spent looking at the page. But in general people have a variety of browsing methods, may have taken a break to do something else (or their web browsing is the "break" while do some other task), etc. Any long time between page retrievals does not allow a conclusion that the time between those two retrievals indicates that the entire time was spent on that page.
This will be a great troll tactic. Way better than rick rolling.
Trick people into visiting terrorist websites and they'll be on the no fly list forever.
trolololo
If they're routing any of the traffic, they can see US-based IP addresses going to those sites.
Anyone routing any of your traffic can see that, actually, and IP has never been an anonymizing technology by itself.
If the US government isn't routing anything itself, it can easily traceroute to ISIL servers and ask the last-hop provider(s) on US soil to log the source of all connections to those servers.
This simple and legal method might not be how they're doing it---but the fact is that a simple and legal method exists by which the government can know that US citizens (and roughly how many) are accessing ISIL web sites.
Now, unmasking those people and identifying them individually would (or should) take a bit more legal work. But the framework is there to start an investigation based on that initial, reasonable observation.
I wonder if this is how they actually go about it because I wonder what monitoring capabilities they actually have. Still, this much can quite conceivably be done (a) legally and (b) without logging any other internet usage.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Why do they think that they can tell the time I spent on a site from those logs? They only have the times that I requested the pages. There's no mechanism to say when you are finished reading a page. I can get distracted by a phone call, mail, or someone else. Or maybe I open a link from one article in another tab to read later.
Why the fuck does the FBI have a problem with getting a warrant? This isn't Apple's ridiculous refusal to decrypt data when the owner of the phone had consented. This is actually private data and should be protected accordingly. If there's a legitimate reason to access the data, then there shouldn't be any difficulty in obtaining a warrant to obtain access.
They don't have a problem getting warrants.
They want to not be observed to, or have any trace of, who and what they watch.
The goal is "Watching with NO RECORDS OF IT."
If I had to guess, it's a case of "user X accessed pages found on slashdot.org between 16:35:22 and 17:05:22" = 30 minutes "duration tracking"
I do not see in Obama's words where it says the information based on browser history.
I am sure there are other ways to monitor who is visiting a site besides browser history.
You should not be recording the browsing history of your users. Don't log the shit out of everything. Carry the data, don't keep it. WHY IS THAT SO HARD TO UNDERSTAND?
FBI are getting too big for their britches
Who's going to rein them in? Donald? Hillary? I don't think so. The only candidates that want to fix this are Gary Johnson and Jill Stein. Combined, they are polling at about 1%. Americans don't care about privacy, at least not when it matters.
Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases.
For the article to have been accurate I'm pretty sure the words "in spy and terrorism cases" should have been omitted. Who added those words? Is it an un-attributed quote, or was it put there by some overly zealous and/or boot-licking reporter or editor? Does anybody really believe that the scope of such investigations will be limited to those that can legitimately be called "spy and terrorism cases"?
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links.
Does anyone even believe that after all the times they have lied?
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
We as a society want crime off our streets. So, we want officers to do their job as effectively and efficiently as possible. If someone's in the process of committing a crime, we want it stopped. Waiting for a warrant to get processed is time the perps have to get away and for the crime to go unpunished, and nobody wants that except the criminal.
As I've said repeatedly before, Law Comic is your friend. Borrowing from this page: "Rules are respectable. They're how things are supposed to work. But police officers sometimes see the rules as obstacles that get in the way of justice. And some criminals see the rules as handicaps they can take advantage of, to get away with it. And so, in real life, the rules are often ignored in favor of a kind of rough "street justice"." Besides, as this comic notes in a later section, most arrests get plea bargained anyways, making illegally obtained evidence a moot point.
To put it another way, ask yourself this question: What would upset you more, allowing a criminal to go free because evidence cannot be obtained legally, or arresting a criminal using evidence that was obtained illegally? (For the purpose of the question, assume the person has indeed committed a crime.)
Current text of 18 U.S. Code 2709 - Counterintelligence access to telephone toll and transactional records https://www.law.cornell.edu/uscode/text/18/2709?qt-us_code_temp_noupdates=0#qt-us_code_temp_noupdates
Cornwyn amended text [pdf]
https://www.judiciary.senate.gov/download/s356-cornyn1_-oll16601
Purpose: To amend section 2709 of title 18, United States
Code, to clarify that the Government may obtain a speci-
fied set of electronic communication transactional
records under that section.
pertinent section:
(b)
(2) OBTAINABLE TYPES OF INFORMATION AND RECORDS.—The information and records described
in this paragraph are the following:
(A) Name, physical address, e-mail address, telephone number, instrument number,
and other similar account identifying information.
(B) Account number, login history, length of service (including start date), types of service, and means and sources of payment for service (including any card or bank account information).
(C) Local and long distance toll billing records.
(D) Internet Protocol (commonly known as ‘IP’) address or other network address, including any temporarily assigned IP or network address, communication addressing, routing, or
transmission information, including any network address translation information (but excluding cell tower information), and session times and durations for an electronic communication.’’.
Um, not seeing anything about browsing history. Frankly, it seems a reasonable update to that section which had changed very little since 2001. Before 2001, subsection (A) read, "the information sought is relevant to an authorized foreign counterintelligence investigation;" which is very open ended and obviously vulnerable to overreach by the state. That latest amendment doesn't expand the FBI powers since they were already requesting that information, but it actually clarifies in law what exactly what the FBI can request. For instance, previously the FBI was requesting cell tower info and location data under 2709, but now they can't because it would explicitly excluded. The FBI would have to get that information under another law. This amendment is not that bad.
The characters you highlight were investigating a crime.
The characters in the FBI are trying to find a crime to investigate.
Dragnets aren't allowed Sherlock.
This isn't Apple's ridiculous refusal to decrypt data when the owner of the phone had consented.
Wait, I thought it wasn't an outright refusal, but an appeal (not the same thing), and that they had been willing to cooperate until a certain point, namely the way the FBI wanted to handle the decryption...? I'm so lost now.
If you believe in privacy, and believe you have "nothing to hide" at the same time, you're a goddammed idiot
I only search for old Dragnet scripts.
if this is supposed to be a new economy, how come they still want my old fashioned money?
This is based on a ridiculous ruling that phone numbers dialed are not private information because they're voluntarily shared with a third party (the phone company) and therefore don't have am expectation of privacy. The case is Smith v. Maryland (1979). Basically they ruled that because phone companies keep records of the numbers dialed that users shouldn't expect any privacy and therefore no warrant is required. This ruling could easily be extended to content with that same logic. For example, Facebook has to keep a record of the messages you send in Messenger because they show your conversation history. You've voluntarily shared that content with them. Phone companies now back up SMS messages in the cloud that can be restored to a new phone or after a factory data reset. In either case, you've voluntarily shared the content with a third party and therefore the same logic could be used to argue no expectation of privacy exists there, either. It is, of course, an awful ruling with ludicrous logic applied. It is one of the most shameful rulings ever issued by SCOTUS.
The first question when analyzing a search issue is whether a person has an expectation of privacy in the information. When Smith v. Maryland was decided, the judges on SCOTUS had grown up in an era when "party line" telephone lines were used. On a "party line," you share the telephone line with your neighbor or neighbors and your neighbor can listen to your call by picking up their phone. While you are right that they used the sharing-numbers-dialed-with-the-phone-company as the formal reason for a lack of an expectation of privacy, the judges on the Court who decided that case were also just raised in an era when a phone *was* a much less private thing.
Real lawyers write in C++
In case you didn't get the memo, we're the bad guys. All of us.
You can't enforce a law that no-one is allowed to know about - that's batshit bonkers.
If there's a secret list somewhere noting all the things I'm not allowed to know "but I can't know about it" then how can I be expected to follow the law? How can I know I'm following the law? The no-fly list is punitive in different ways to a prison cell, you're telling me I'm too dangerous to fly because I might know something they don't like. In the modern business world that's basically a death sentence.
On the other hand they really want to know absolutely *everything* about you - heck, they'll even violate law and constitution to get it.
Which is maybe a little ironic. I can't know the law and they do, but they just don't give two shits about it.
OK, then, the "worse guys" ;)
When "terrorists" score higher public opinion than Law Enforcement, you know something is wrong....
Anti-Democrat ads for the 2014 election often emphasized the "over-snooping" of the executive branch, per Snowden revelations.
Snooping generally polled a fairly-close 2nd behind ACA as reasons for the high Republican turnout that gave GOP such big gains in Congress.
Voters cared then. Maybe the "trick" is to associate it with a personality while demonizing that personality. It's psychologically easier for humans to hate a face than a policy.
Table-ized A.I.
Just how is this different — in principle — from the normal and old-fashioned investigation, where the investigator would talk to the suspect's friends, business-partners, grocery-suppliers, neighbors, and landlords? And, if the folks had any relevant records, ask to see them?
Sherlock Holmes would do that, Perry Mason would do that, Hercule Poirot would do that, Miss Marple would do that. Why can't the FBI — which law are they violating by the mere asking? There is no allegation in TFA of any illegal threats the agents have made against the companies for non-compliance or for demanding a warrant or some other approval from the Judiciary... What is the there there?
I'll bite - because this is compelled, not asked. An NSL *compels* information, and it also comes with a gag order. Neither of that is true of a cop asking. Now, in the case of a standard investigation, if they wanted to compel testimony or info they could get a warrant or a subpoena, as they can now for these records, but that requires a judge, not just a senior FBI agent, and typically never came with gag orders.
"goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
Is it? How are they different? In both cases the policeman/detective can make threats — explicit or veiled — which their target may choose to ignore if he believes, the demand is not legal.
Not any more than a cop saying: "If you don't help, I may suspect you of being in cahoots with him", and adding: "Oh, and please, do not tell him about this conversation, alright?"
Now, this all assumes, the FBI does not have any actual legal power to substantiate such threats — and this is something, the Legal departments of the "Tech Firms" involved should know better than you and me.
If the FBI are bluffing, the firms could send them back a kite-assembly kit. If they are not — or if a particular case does seem like cooperation with the investigation would be ethical — then they should cooperate.
Either way, making amorphous press-releases seems more like FUD-spreading...
In Soviet Washington the swamp drains you.
about terrorism?
Really?
Wasn't it ALWAYS about keeping tabs on dissenters who might have actual plans to win elections and coordinate?
Go ahead, let yourself dream of the ultimate 1984 scenario, then tell me what is missing
Dicknose would have LOVED Gitmo
You can't enforce a law that no-one is allowed to know about - that's batshit bonkers.
If there's a secret list somewhere noting all the things I'm not allowed to know "but I can't know about it" then how can I be expected to follow the law?
"Did you really think we want those laws observed?" said Dr. Ferris. "We want them to be broken. You'd better get it straight that it's not a bunch of boy scouts you're up against... We're after power and we mean it... There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced or objectively interpreted - and you create a nation of law-breakers - and then you cash in on guilt. Now that's the system, Mr. Reardon, that's the game, and once you understand it, you'll be much easier to deal with." -Atlas Shrugged, Ayn Rand
Boy, for all the Slashdotters that froth at the mouth whenever Atlas Shrugged is even mentioned, it sure seems to be prophetic regarding what is occurring in the US. At this rate I wonder how long it will be before a "Directive 10-289" is enacted? My guess is it will be right after the start of the impending collapse of the US economy and currency that is, at this point, pretty much inevitable.
I'd also be willing to bet that even after it all plays out pretty much as AS predicts, the same people will still froth at the mouth and maintain that the principles illustrated in AS are tinfoil-hat fantasies and lies despite any and all proof to the contrary.
I'm sure this will be met with attacks on the messenger, both myself and Ayn Rand. Good old "kill the messenger" which is ridiculed when politicians/government or corporations do it will be accepted without the batting of an eyelash.
Or a single critical thought.
Which is a large part of the reasons why the US and the citizens are in the position they're in.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Tagged. Now you're it.
My ism, it's full of beliefs.
For a textbook world. But in the world we live in, things are never so clear cut. Ask a small business owner whose store was broken into whether they received justice when the perpetrator was allowed to walk after the evidence used to convict him was illegally obtained (pg. 3). Ask a woman if she receives justice when the man who rapes her is allowed to walk because illegally obtained evidence is suppressed from trial. As the previously quoted article from "The Atlantic" says, "It is highly important that we protect the constitutional rights of criminals. But it appears that we sometimes forget that the Constitution was meant to protect the rights of law-abiding citizens as well."
Re "The goal is "Watching with NO RECORDS OF IT."" is one of the real fears of the US government. Too many people have been tipped off and have escaped just after complex phone database requests get entered.
Too many foreign brands, multinationals, dual citizens, cults, faiths, criminals now have generational contacts within the fancy cleared bureaucratic/private sector. Access to requests for devices or accounts of interest to police or who is under investigation is not just the phone company anymore.
Shared faith, any faith or cult from the original homeland generations later, cash, compromising information, ideology all create the perfect very human way into vast private sector databases that have to be altered to allow for what was a log, tap, trace, or just show the official start of any state investigation with federal support or funding.
The US has no way to clear, pass or confirm its trusted support staff at any level anymore as gov workers or contractors. The only solution is to allow roving groups of officials to start any investigation and then add in paperwork during a public trail.
The lack of much needed public comment by lawyers looking back to the origins of any case work is also interesting. Is funding lacking to understand the origins of a case? Are lawyers and their experts been told they cannot comment on the start of any investigation methods in public court?
Domestic spying is now "Benign Information Gathering"
If true, that's truly ironically funny. Democrats only used the system created and handed to them by Republicans. If people weren't idiots, they would have voted for anyone that wasn't a Democrat OR Republican.
The cesspool just got a check and balance.
Apple did decrypt the data it could, and the only reason it wasn't everything was that the FBI screwed up big-time. Apple cooperated fully in the investigation.
What Apple was not going to do was what the FBI wanted them to do, which was overly specific, required a fair amount of work, and was likely to hurt Apple's business. It was a power grab on the part of the FBI, and the FBI caved once Apple appealed against the order, showing that the FBI thought Apple had a good case.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Sherlock Holmes would reason backwards, eliminate the impossible, and find the truth in what's left. The Baker Street Irregulars would do some canvassing for him, which is the closest you're going to find here. Perry Mason was an attorney, and did not do his own investigations. Hercule Poirot would use his little gray cells. Miss Marple would use her insight into people's personalities developed in St. Mary's Mead. You're not only idiotically trying to make a real point using highly fictionalized characters, you're getting it wrong.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Please, don't hate, asshole.
In Soviet Washington the swamp drains you.
Can you imagine walking into a mall and seeing nothing but an empty hall. In order to see what they are selling or even the name of the stores in the mall, I would have to show government ID to someone... then I could see the store name. If I want to go inside and look at the products... well I cant see them until again I show ID and then products appear.
I should not have to show ID to browse. It is ridiculous and everyone should be using Tor or similar identity protecting technologies. Because I am not represented by the things that other people show me. And I should not be profiled according to what others display to me.
Perhaps I should have made it more clear that the argument was idiotic, not necessarily you personally. I wasn't trying to insult you, and apologize if I was sufficiently unclear on that.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes