Uncle Sam's watching - how much privacy do you have?

LATEST NEWS
F.B.I. Received Unauthorized E-Mail Access
By ERIC LICHTBLAU
Published: February 17, 2008
WASHINGTON - A technical glitch gave the F.B.I. access to the e-mail
messages from an entire computer network - perhaps hundreds of
accounts or more - instead of simply the lone e-mail address that was
approved by a secret intelligence court as part of a national security
investigation, according to an internal report of the 2006 episode.
F.B.I. officials blamed an "apparent miscommunication" with the
unnamed Internet provider, which mistakenly turned over all the e-mail
from a small e-mail domain for which it served as host. The records
were ultimately destroyed, officials said.
Bureau officials noticed a "surge" in the e-mail activity they were
monitoring and realized that the provider had mistakenly set its
filtering equipment to trap far more data than a judge had actually
authorized.
The episode is an unusual example of what has become a regular if
little-noticed occurrence, as American officials have expanded their
technological tools: government officials, or the private companies
they rely on for surveillance operations, sometimes foul up their
instructions about what they can and cannot collect.
The problem has received no discussion as part of the fierce debate in
Congress about whether to expand the government's wiretapping
authorities and give legal immunity to private telecommunications
companies that have helped in those operations.
But an intelligence official, who spoke on condition of anonymity
because surveillance operations are classified, said: "It's inevitable
that these things will happen. It's not weekly, but it's common."
A report in 2006 by the Justice Department inspector general found
more than 100 violations of federal wiretap law in the two prior years
by the Federal Bureau of Investigation, many of them considered
technical and inadvertent.
Bureau officials said they did not have updated public figures but
were preparing them as part of a wider-ranging review by the inspector
general into misuses of the bureau's authority to use so-called
national security letters in gathering phone records and financial
documents in intelligence investigations.
In the warrantless wiretapping program approved by President Bush
after the Sept. 11 terrorist attacks, technical errors led officials
at the National Security Agency on some occasions to monitor
communications entirely within the United States - in apparent
violation of the program's protocols - because communications problems
made it difficult to tell initially whether the targets were in the
country or not.
Past violations by the government have also included continuing a
wiretap for days or weeks beyond what was authorized by a court, or
seeking records beyond what were authorized. The 2006 case appears to
be a particularly egregious example of what intelligence officials
refer to as "overproduction" - in which a telecommunications provider
gives the government more data than it was ordered to provide.
The episode was disclosed as part of a new batch of internal documents
that the F.B.I. turned over to the Electronic Frontier Foundation, a
nonprofit group in San Francisco that advocates for greater digital
privacy protections, as part of a Freedom of Information Act lawsuit
the group has brought. The group provided the documents on the 2006
episode to The New York Times.
Marcia Hofmann, a lawyer for the privacy foundation, said the episode
raised troubling questions about the technical and policy controls
that the F.B.I. had in place to guard against civil liberties abuses.
"How do we know what the F.B.I. does with all these documents when
problem like this comes up?" Ms. Hofmann asked.
In the cyber era, the incident is the equivalent of law enforcement
officials getting a subpoena to search a single apartment, but instead
having the landlord give them the keys to every apartment in the
building. In February 2006, an F.B.I. technical unit noticed "a surge
in data being collected" as part of a national security investigation,
according to an internal bureau report. An Internet provider was
supposed to be providing access to the e-mail of a single target of
that investigation, but the F.B.I. soon realized that the filtering
controls used by the company "were improperly set and appeared to be
collecting data on the entire e-mail domain" used by the individual,
according to the report.
The bureau had first gotten authorization from the Foreign
Intelligence Surveillance Court to monitor the e-mail of the
individual target 10 months earlier, in April 2005, according to the
internal F.B.I. document. But Michael Kortan, an F.B.I. spokesman,
said in an interview that the problem with the unfiltered e-mail went
on for just a few days before it was discovered and fixed. "It was
unintentional on their part," he said.
Mr. Kortan would not disclose the name of the Internet provider or the
network domain because the national security investigation, which is
classified, is continuing. The improperly collected e-mail was first
segregated from the court-authorized data and later was destroyed
through unspecified means. The individuals whose e-mail was collected
apparently were never informed of the problem. Mr. Kortan said he
could not say how much e-mail was mistakenly collected as a result of
the error, but he said the volume "was enough to get our attention."
Peter Eckersley, a staff technologist for the Electronic Frontier
Foundation who reviewed the documents, said it would most likely have
taken hundreds or perhaps thousands of extra messages to produce the
type of "surge" described in the F.B.I.'s internal reports.
Mr. Kortan said that once the problem was detected the foreign
intelligence court was notified, along with the Intelligence Oversight
Board, which receives reports of possible wiretapping violations.
"This was a technical glitch in an area of evolving tools and
technology and fast-paced investigations," Mr. Kortan said. "We moved
quickly to resolve it and stop it. The system worked exactly the way
it's designed."

--
Your own website and private email.
http://order.1and1.com/xml/order/MsHosting?k_id=8292866

$4/month.