- Feb 23, 2005
- 22,914
- 2,359
- 126
Every month theres a story that makes the news about the farming of personal internet activities. Fucking unPatriot Act. and my friends call me paranoid for taking steps to make sure this never happens to me. I understand the article is claiming its the ISP's fault, and I agree...EXCEPT for this little doosey in the article: "But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: ?It?s inevitable that these things will happen. It?s not weekly, but it?s common.?
Once is an accident. Twice makes you wonder. "Common"? Fucking intentional. Its a NY Times article which wont link properly, but you can link to it from the referring page.
F.B.I. Gained Unauthorized Access to E-Mail
WASHINGTON ? A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network ? perhaps hundreds of accounts or more ? instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.
Times Topics: FISAF.B.I. officials blamed an ?apparent miscommunication? with the unnamed Internet provider, which mistakenly turned over all the e-mail from a small e-mail domain for which it served as host. The records were ultimately destroyed, officials said.
Bureau officials noticed a ?surge? in the e-mail activity they were monitoring and realized that the provider had mistakenly set its filtering equipment to trap far more data than a judge had actually authorized.
The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.
The problem has received no discussion as part of the fierce debate in Congress about whether to expand the government?s wiretapping authorities and give legal immunity to private telecommunications companies that have helped in those operations.
But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: ?It?s inevitable that these things will happen. It?s not weekly, but it?s common.?
A report in 2006 by the Justice Department inspector general found more than 100 violations of federal wiretap law in the two prior years by the Federal Bureau of Investigation, many of them considered technical and inadvertent.
Bureau officials said they did not have updated public figures but were preparing them as part of a wider-ranging review by the inspector general into misuses of the bureau?s authority to use so-called national security letters in gathering phone records and financial documents in intelligence investigations.
In the warrantless wiretapping program approved by President Bush after the Sept. 11 terrorist attacks, technical errors led officials at the National Security Agency on some occasions to monitor communications entirely within the United States ? in apparent violation of the program?s protocols ? because communications problems made it difficult to tell initially whether the targets were in the country or not.
Past violations by the government have also included continuing a wiretap for days or weeks beyond what was authorized by a court, or seeking records beyond what were authorized. The 2006 case appears to be a particularly egregious example of what intelligence officials refer to as ?overproduction? ? in which a telecommunications provider gives the government more data than it was ordered to provide.
The problem of overproduction is particularly common, F.B.I. officials said. In testimony before Congress in March 2007 regarding abuses of national security letters, Valerie E. Caproni, the bureau?s general counsel, said that in one small sample, 10 out of 20 violations were a result of ?third-party error,? in which a private company ?provided the F.B.I. information we did not seek.?
The 2006 episode was disclosed as part of a new batch of internal documents that the F.B.I. turned over to the Electronic Frontier Foundation, a nonprofit group in San Francisco that advocates for greater digital privacy protections, as part of a Freedom of Information Act lawsuit the group has brought. The group provided the documents on the 2006 episode to The New York Times.
Marcia Hofmann, a lawyer for the privacy foundation, said the episode raised troubling questions about the technical and policy controls that the F.B.I. had in place to guard against civil liberties abuses.
?How do we know what the F.B.I. does with all these documents when a problem like this comes up?? Ms. Hofmann asked.
In the cyber era, the incident is the equivalent of law enforcement officials getting a subpoena to search a single apartment, but instead having the landlord give them the keys to every apartment in the building. In February 2006, an F.B.I. technical unit noticed ?a surge in data being collected? as part of a national security investigation, according to an internal bureau report. An Internet provider was supposed to be providing access to the e-mail of a single target of that investigation, but the F.B.I. soon realized that the filtering controls used by the company ?were improperly set and appeared to be collecting data on the entire e-mail domain? used by the individual, according to the report.
The bureau had first gotten authorization from the Foreign Intelligence Surveillance Court to monitor the e-mail of the individual target 10 months earlier, in April 2005, according to the internal F.B.I. document. But Michael Kortan, an F.B.I. spokesman, said in an interview that the problem with the unfiltered e-mail went on for just a few days before it was discovered and fixed. ?It was unintentional on their part,? he said.
Mr. Kortan would not disclose the name of the Internet provider or the network domain because the national security investigation, which is classified, is continuing. The improperly collected e-mail was first segregated from the court-authorized data and later was destroyed through unspecified means. The individuals whose e-mail was collected apparently were never informed of the problem. Mr. Kortan said he could not say how much e-mail was mistakenly collected as a result of the error, but he said the volume ?was enough to get our attention.? Peter Eckersley, a staff technologist for the Electronic Frontier Foundation who reviewed the documents, said it would most likely have taken hundreds or perhaps thousands of extra messages to produce the type of ?surge? described in the F.B.I.?s internal reports.
Mr. Kortan said that once the problem was detected the foreign intelligence court was notified, along with the Intelligence Oversight Board, which receives reports of possible wiretapping violations.
?This was a technical glitch in an area of evolving tools and technology and fast-paced investigations,? Mr. Kortan said. ?We moved quickly to resolve it and stop it. The system worked exactly the way it?s designed.?
----------------------------------------------------------------------------------------------------
also in the same vein and as to not make two semi-related threads is this.
sure, it may SOUND innocent enough, but anytime private shit is tracked, its an invasion. Of course, there are steps to bypass this also, which of course I do:
ISPs Make a Tidy Profit Selling Your Browsing History
Would you trust an ex-spyware firm with data privacy and PC security?
03:15PM Monday Feb 18 2008 by Karl
tags: business · privacy · world · networking
Last week we spoke to the CEO of NebuAD, a behavioral advertising company that uses deep packet inspection hardware on the ISP network to track your browsing activity, and provide ads more tailored to your interests. Techdirt directs our attention to a similar outfit over in the UK named Phorm which, like NebuAD, is insisting that their system maintains user privacy by converting user data into randomized numbers.
Phorm has struck a deal with BT, Carphone Warehouse and Virgin Media -- who collectively comprise more than two-thirds of all broadband access in the UK. The International Herald Tribune guesstimates that British Telecom alone could stand to make $167 million in annual revenue from the new system in 2009. As Techdirt notes this, combined with traffic shaping, will likely result in a drastic increase in encrypted traffic (though users can opt-out of both NebuAD & Phrom's systems).
Phorm makes additional promises about privacy and outlines the way their technology works here. Unlike NebuAD, Phorm is trying to take the creepiness out of their technology by also marketing it as a anti-phishing solution. This is also an effort to try and keep users from opting out of the service, though from first glance it offers no protection users can't get elsewhere:
Webwise helps protect consumers from online "phishing" fraud by showing users a strong warning page in real time, before they reach the potentially dangerous site. . .Despite firewalls, antivirus and anti-spam programs, fraudulent emails continue to get through and create a threat to consumer security. With Webwise, the ISP adds a key layer of safety by warning users before they reach those sites.
Interestingly it looks like Phorm used to be named 121Media. 121Media used to be in the Spyware business, with some loose evidence suggesting a possible former involvement in rootkits.
Once is an accident. Twice makes you wonder. "Common"? Fucking intentional. Its a NY Times article which wont link properly, but you can link to it from the referring page.
F.B.I. Gained Unauthorized Access to E-Mail
WASHINGTON ? A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network ? perhaps hundreds of accounts or more ? instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.
Times Topics: FISAF.B.I. officials blamed an ?apparent miscommunication? with the unnamed Internet provider, which mistakenly turned over all the e-mail from a small e-mail domain for which it served as host. The records were ultimately destroyed, officials said.
Bureau officials noticed a ?surge? in the e-mail activity they were monitoring and realized that the provider had mistakenly set its filtering equipment to trap far more data than a judge had actually authorized.
The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.
The problem has received no discussion as part of the fierce debate in Congress about whether to expand the government?s wiretapping authorities and give legal immunity to private telecommunications companies that have helped in those operations.
But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: ?It?s inevitable that these things will happen. It?s not weekly, but it?s common.?
A report in 2006 by the Justice Department inspector general found more than 100 violations of federal wiretap law in the two prior years by the Federal Bureau of Investigation, many of them considered technical and inadvertent.
Bureau officials said they did not have updated public figures but were preparing them as part of a wider-ranging review by the inspector general into misuses of the bureau?s authority to use so-called national security letters in gathering phone records and financial documents in intelligence investigations.
In the warrantless wiretapping program approved by President Bush after the Sept. 11 terrorist attacks, technical errors led officials at the National Security Agency on some occasions to monitor communications entirely within the United States ? in apparent violation of the program?s protocols ? because communications problems made it difficult to tell initially whether the targets were in the country or not.
Past violations by the government have also included continuing a wiretap for days or weeks beyond what was authorized by a court, or seeking records beyond what were authorized. The 2006 case appears to be a particularly egregious example of what intelligence officials refer to as ?overproduction? ? in which a telecommunications provider gives the government more data than it was ordered to provide.
The problem of overproduction is particularly common, F.B.I. officials said. In testimony before Congress in March 2007 regarding abuses of national security letters, Valerie E. Caproni, the bureau?s general counsel, said that in one small sample, 10 out of 20 violations were a result of ?third-party error,? in which a private company ?provided the F.B.I. information we did not seek.?
The 2006 episode was disclosed as part of a new batch of internal documents that the F.B.I. turned over to the Electronic Frontier Foundation, a nonprofit group in San Francisco that advocates for greater digital privacy protections, as part of a Freedom of Information Act lawsuit the group has brought. The group provided the documents on the 2006 episode to The New York Times.
Marcia Hofmann, a lawyer for the privacy foundation, said the episode raised troubling questions about the technical and policy controls that the F.B.I. had in place to guard against civil liberties abuses.
?How do we know what the F.B.I. does with all these documents when a problem like this comes up?? Ms. Hofmann asked.
In the cyber era, the incident is the equivalent of law enforcement officials getting a subpoena to search a single apartment, but instead having the landlord give them the keys to every apartment in the building. In February 2006, an F.B.I. technical unit noticed ?a surge in data being collected? as part of a national security investigation, according to an internal bureau report. An Internet provider was supposed to be providing access to the e-mail of a single target of that investigation, but the F.B.I. soon realized that the filtering controls used by the company ?were improperly set and appeared to be collecting data on the entire e-mail domain? used by the individual, according to the report.
The bureau had first gotten authorization from the Foreign Intelligence Surveillance Court to monitor the e-mail of the individual target 10 months earlier, in April 2005, according to the internal F.B.I. document. But Michael Kortan, an F.B.I. spokesman, said in an interview that the problem with the unfiltered e-mail went on for just a few days before it was discovered and fixed. ?It was unintentional on their part,? he said.
Mr. Kortan would not disclose the name of the Internet provider or the network domain because the national security investigation, which is classified, is continuing. The improperly collected e-mail was first segregated from the court-authorized data and later was destroyed through unspecified means. The individuals whose e-mail was collected apparently were never informed of the problem. Mr. Kortan said he could not say how much e-mail was mistakenly collected as a result of the error, but he said the volume ?was enough to get our attention.? Peter Eckersley, a staff technologist for the Electronic Frontier Foundation who reviewed the documents, said it would most likely have taken hundreds or perhaps thousands of extra messages to produce the type of ?surge? described in the F.B.I.?s internal reports.
Mr. Kortan said that once the problem was detected the foreign intelligence court was notified, along with the Intelligence Oversight Board, which receives reports of possible wiretapping violations.
?This was a technical glitch in an area of evolving tools and technology and fast-paced investigations,? Mr. Kortan said. ?We moved quickly to resolve it and stop it. The system worked exactly the way it?s designed.?
----------------------------------------------------------------------------------------------------
also in the same vein and as to not make two semi-related threads is this.
sure, it may SOUND innocent enough, but anytime private shit is tracked, its an invasion. Of course, there are steps to bypass this also, which of course I do:
ISPs Make a Tidy Profit Selling Your Browsing History
Would you trust an ex-spyware firm with data privacy and PC security?
03:15PM Monday Feb 18 2008 by Karl
tags: business · privacy · world · networking
Last week we spoke to the CEO of NebuAD, a behavioral advertising company that uses deep packet inspection hardware on the ISP network to track your browsing activity, and provide ads more tailored to your interests. Techdirt directs our attention to a similar outfit over in the UK named Phorm which, like NebuAD, is insisting that their system maintains user privacy by converting user data into randomized numbers.
Phorm has struck a deal with BT, Carphone Warehouse and Virgin Media -- who collectively comprise more than two-thirds of all broadband access in the UK. The International Herald Tribune guesstimates that British Telecom alone could stand to make $167 million in annual revenue from the new system in 2009. As Techdirt notes this, combined with traffic shaping, will likely result in a drastic increase in encrypted traffic (though users can opt-out of both NebuAD & Phrom's systems).
Phorm makes additional promises about privacy and outlines the way their technology works here. Unlike NebuAD, Phorm is trying to take the creepiness out of their technology by also marketing it as a anti-phishing solution. This is also an effort to try and keep users from opting out of the service, though from first glance it offers no protection users can't get elsewhere:
Webwise helps protect consumers from online "phishing" fraud by showing users a strong warning page in real time, before they reach the potentially dangerous site. . .Despite firewalls, antivirus and anti-spam programs, fraudulent emails continue to get through and create a threat to consumer security. With Webwise, the ISP adds a key layer of safety by warning users before they reach those sites.
Interestingly it looks like Phorm used to be named 121Media. 121Media used to be in the Spyware business, with some loose evidence suggesting a possible former involvement in rootkits.