<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns:news><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.5730.11" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>From <EM>ZDNet:</EM></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>
<DIV id=content>
<H1>FBI turns to broad new wiretap method</H1>
<P class=details>01 / 30 / 07 </P><!-- MAC ad --><!-- NO AD TEXT: _QUERY_STRING="POSTHTML=%3C%2Fdiv%3E&POS=100&SP=24&PREHTML=%3Cdiv%20style%3D%3E" _REQ_NUM="0" --><!-- MAC-AD STATUS: COULD NOT MAP ( _MAPPINGS='ZDNN' BRAND='2' SITE='22' SP='24' CNET-PTYPE='00' POS='100' NCAT='9595:' CNET-PARTNER-ID='1' ) TO _RGROUP; found neither ad file nor cdata --><!-- MAC [r20060725-jakeh-v1-13-2-bufferHandler-trigger:1.13.2] c18-btg-xw1.cnet.com::950330 2007.02.09.15.16.11 --><!-- MAC T 130.130.132 --><IMG
height=66 alt="FBI turns to broad new wiretap method" hspace=10
src="http://news.com.com/i/ne/pg/fd_2007/070129_fbi_internet_88x66.jpg" width=88
align=left vspace=10 border=0> <B>The FBI appears to have adopted an invasive
Internet surveillance technique that collects far more data on innocent
Americans than previously has been disclosed.</B>
<P>Instead of recording only what a particular suspect is doing, agents
conducting investigations appear to be assembling the activities of thousands of
Internet users at a time into massive databases, according to current and former
officials. That database can subsequently be queried for names, e-mail addresses
or keywords. </P>
<P>Such a technique is broader and potentially more intrusive than the FBI's
Carnivore surveillance system, later <news:link id=5555323>renamed
DCS1000</news:link>. It raises concerns similar to those stirred by widespread
Internet monitoring that the National Security Agency is said to have done,
according to documents that have <news:link id=6077353>surfaced in one federal
lawsuit</news:link>, and may stretch the bounds of what's legally permissible.
</P>
<P>Call it the vacuum-cleaner approach. It's employed when police have obtained
a court order and an Internet service provider can't "isolate the particular
person or IP address" because of technical constraints, says <news:link
url="http://lawweb.colorado.edu/profiles/profile.jsp?id=180">Paul
Ohm</news:link>, a former trial attorney at the Justice Department's Computer
Crime and Intellectual Property Section. (An Internet Protocol address is a
series of digits that can identify an individual computer.) </P>
<P>That kind of full-pipe surveillance can record all Internet traffic,
including Web browsing--or, optionally, only certain subsets such as all e-mail
messages flowing through the network. Interception typically takes place inside
an Internet provider's network at the junction point of a router or network
switch. </P>
<P>The technique came to light at the <news:link
url="http://stlr.stanford.edu/symposium.html">Search & Seizure in the
Digital Age</news:link> symposium held at Stanford University's law school on
Friday. Ohm, who is now a law professor at the University of Colorado at
Boulder, and Richard Downing, a CCIPS assistant deputy chief, discussed it
during the symposium. </P>
<P>In a telephone conversation afterward, Ohm said that full-pipe recording has
become federal agents' default method for Internet surveillance. "You collect
wherever you can on the (network) segment," he said. "If it happens to be the
segment that has a lot of IP addresses, you don't throw away the other IP
addresses. You do that after the fact."
</P><!-- REFER CODE --><NEWSELEMENT></NEWSELEMENT>
<DIV
style="PADDING-RIGHT: 5px; BORDER-TOP: rgb(204,204,204) 1px solid; PADDING-LEFT: 5px; FLOAT: right; PADDING-BOTTOM: 5px; MARGIN: 5px 10px 5px 0px; WIDTH: 170px; PADDING-TOP: 5px; BORDER-BOTTOM: rgb(204,204,204) 1px solid"><B
style="COLOR: rgb(153,0,0)">related blog</B> <BR><news:link id=6154934>DOJ takes
issue with wiretapping story</news:link> <IMG height=10
src="http://i.i.com.com/cnwk.1d/i/ne/en/2002/03/java/redarrow.gif" width=8
border=0>
<DIV style="FONT-SIZE: 0.8em">Justice Department <BR>spokesman responds <BR>to
CNET News.com report. </DIV></DIV><!-- ED REFER CODE -->
<P>"You intercept first and you use whatever filtering, data mining to get at
the information about the person you're trying to monitor," he added. </P>
<P>On Monday, a Justice Department representative would not immediately answer
questions about this kind of surveillance technique. (Late Tuesday, the Justice
Department responded <news:link id=6154934>with a statement</news:link> taking
issue with this description of the FBI's surveillance practices.) </P>
<P>"What they're doing is even worse than Carnivore," said Kevin Bankston, a
staff attorney at the <news:link url="http://www.eff.org/">Electronic Frontier
Foundation</news:link> who attended the Stanford event. "What they're doing is
intercepting everyone and then choosing their targets." </P>
<P>When the FBI announced two years ago it had abandoned Carnivore, <news:link
url="http://www.usatoday.com/tech/news/surveillance/2005-01-19-carnivore-obsolete_x.htm">news
reports said</news:link> that the bureau would increasingly rely on Internet
providers to conduct the surveillance and reimburse them for costs. While
Carnivore was the subject of congressional scrutiny and outside audits, the
FBI's current Internet eavesdropping techniques have received little attention.
</P>
<P>Carnivore apparently did not perform full-pipe recording. A technical report
(PDF: "<news:link
url="http://www.epic.org/privacy/carnivore/carniv_final.pdf">Independent
Technical Review of the Carnivore System</news:link>") from December 2000
prepared for the Justice Department said that Carnivore "accumulates no data
other than that which passes its filters" and that it saves packets "for later
analysis only after they are positively linked by the filter settings to a
target." </P></DIV></DIV></BODY></HTML>