“Judge prods FBI over future Internet surveillance plans”

November 2, 2012

CNet on November 2, 2012 released the following:

“Federal judge tells FBI to do more to comply with open government laws when disclosing what backdoors it wants Internet companies to create for government surveillance.

by Declan McCullagh

A federal judge has rejected the FBI’s attempts to withhold information about its efforts to require Internet companies to build in backdoors for government surveillance.

CNET has learned that U.S. District Judge Richard Seeborg ruled on Tuesday that the government did not adequately respond to a Freedom of Information Act request from the Electronic Frontier Foundation.

Seeborg, in San Francisco, ordered (PDF) a “further review of the materials previously withheld” in the lawsuit, which seeks details about what the FBI has dubbed “Going Dark” — the bureau’s ongoing effort to force companies including Apple, Microsoft, Facebook, Yahoo, and Google to alter their code to ensure their products are wiretap-friendly.

“We must ensure that our ability to obtain communications pursuant to court order is not eroded,” FBI Director Robert Mueller told a U.S. Senate committee in September. Currently, Mueller said, many companies “are not required to build or maintain intercept capabilities.”

The FBI says lawful investigations are thwarted because Internet companies aren’t required to build in back doors in advance, or because technology doesn’t permit it. In May, CNET reported that the bureau has quietly asked Web companies not to oppose a law that would levy new wiretap requirements on social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail. During an appearance two weeks later at a Senate hearing, Mueller confirmed that the bureau is pushing for “some form of legislation.”

Judge Seeborg’s ruling this week also ordered the FBI to make it more obvious which Going Dark-related documents were being withheld from public view, something the EFF said has been unreasonable and confusing. He gave both sides 15 days to “meet and confer to negotiate a timetable for the FBI to complete” its revisions.

Seeborg did not, however, make a final ruling about what must be turned over. The Justice Department says it has identified 2,662 pages that might be relevant and has turned over 707 pages. For its part, the EFF argues that they’ve been heavily redacted — or had pages completely removed — in violation of open-government laws.

David Hardy, section chief for the FBI’s record management division, had told the court that internal documents about a congressional briefing should not be released in full because:

Publicity (adverse or otherwise) regarding any internal FBI development projects (e.g. National Electronic Surveillance Strategy), and legislative strategy to make amendments to outdated laws, that these congressional staffers, and DOJ representatives, may be requested to provide input on, may seriously prejudice their effectiveness in helping on other developmental projects, and legislative strategies…. These employees may have to give input on the development of strategy plans, like developing ways to enhance ELSUR [electronic surveillance] capabilities through legislative amendments…. The publicity associated with the release of these congressional staffers involved with an FBI developmental project could trigger hostility toward a particular employee….

An FBI representative declined to comment to CNET, citing the ongoing litigation. Jennifer Lynch, an EFF staff attorney, said: “It’s nice to have a court say the government can’t do that.” Lynch said the ruling shows that the government has “to make an effort” to comply with the entirety of FOIA.

The EFF in 2009 requested “all records” about Going Dark. Its second FOIA request, in 2010, asked for examples of surveillance being thwarted on social networks and Skype, as well as documents relating to congressional briefings and meetings with industry representatives.

The FBI’s proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. From the FBI’s perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn’t expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. But privacy groups and civil libertarians — and Internet companies — are hardly likely to embrace the idea.

Representatives of the FBI’s Electronic Surveillance Technology Section in Chantilly, Va., began quietly lobbying the FCC nearly a decade ago to force broadband providers to provide more-efficient, standardized surveillance facilities, which CNET was the first to disclose. The FCC approved that requirement a year later, sweeping in Internet phone companies that tie into the existing telecommunications system. It was upheld in 2006 by a federal appeals court.

But the FCC never granted the FBI’s request to rewrite CALEA to cover instant messaging and VoIP programs that are not “managed” — meaning peer-to-peer programs like Apple’s FaceTime, iChat/AIM, Gmail’s video chat, and Xbox Live’s in-game chat that use the Internet, not the public telephone network.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

————————————————————–

To find additional federal criminal news, please read Federal Criminal Defense Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition Defense, OFAC SDN Sanctions Removal, International Criminal Court Defense, and US Seizure of Non-Resident, Foreign-Owned Assets. Because we have experience dealing with INTERPOL, our firm understands the inter-relationship that INTERPOL’s “Red Notice” brings to this equation.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.


FBI quietly forms secretive Net-surveillance unit

May 23, 2012

CNET on May 22, 2012 released the following:

“CNET has learned that the FBI has formed a Domestic Communications Assistance Center, which is tasked with developing new electronic surveillance technologies, including intercepting Internet, wireless, and VoIP communications.

by Declan McCullagh

The FBI has recently formed a secretive surveillance unit with an ambitious goal: to invent technology that will let police more readily eavesdrop on Internet and wireless communications.

The establishment of the Quantico, Va.-based unit, which is also staffed by agents from the U.S. Marshals Service and the Drug Enforcement Agency, is a response to technological developments that FBI officials believe outpace law enforcement’s ability to listen in on private communications.

While the FBI has been tight-lipped about the creation of its Domestic Communications Assistance Center, or DCAC — it declined to respond to requests made two days ago about who’s running it, for instance — CNET has pieced together information about its operations through interviews and a review of internal government documents.

DCAC’s mandate is broad, covering everything from trying to intercept and decode Skype conversations to building custom wiretap hardware or analyzing the gigabytes of data that a wireless provider or social network might turn over in response to a court order. It’s also designed to serve as a kind of surveillance help desk for state, local, and other federal police.

The center represents the technological component of the bureau’s “Going Dark” Internet wiretapping push, which was allocated $54 million by a Senate committee last month. The legal component is no less important: as CNET reported on May 4, the FBI wants Internet companies not to oppose a proposed law that would require social-networks and providers of VoIP, instant messaging, and Web e-mail to build in backdoors for government surveillance.

During an appearance last year on Capitol Hill, then-FBI general counsel Valerie Caproni referred in passing, without elaboration, to “individually tailored” surveillance solutions and “very sophisticated criminals.” Caproni said that new laws targeting social networks and voice over Internet Protocol conversations were required because “individually tailored solutions have to be the exception and not the rule.”

Caproni was referring to the DCAC’s charge of creating customized surveillance technologies aimed at a specific individual or company, according to a person familiar with the FBI’s efforts in this area.

An FBI job announcement for the DCAC that had an application deadline of May 2 provides additional details. It asks applicants to list their experience with “electronic surveillance standards” including PacketCable (used in cable modems); QChat (used in push-to-talk mobile phones); and T1.678 (VoIP communications). One required skill for the position, which pays up to $136,771 a year, is evaluating “electronic surveillance solutions” for “emerging” technologies.

“We would expect that capabilities like CIPAV would be an example” of what the DCAC will create, says Steve Bock, president of Colorado-based Subsentio, referring to the FBI’s remotely-installed spyware that it has used to identify extortionists, database-deleting hackers, child molesters, and hitmen.

Bock, whose company helps companies comply with the 1994 Communications Assistance for Law Enforcement Act (CALEA) and has consulted for the Justice Department, says he anticipates “that Internet and wireless will be two key focus areas” for the DCAC. VoIP will be a third, he says.

For its part, the FBI responded to queries this week with a statement about the center, which it also refers to as the National Domestic Communications Assistance Center (even Caproni has used both names interchangeably), saying:

      The NDCAC will have the functionality to leverage the research and development efforts of federal, state, and local law enforcement with respect to electronic surveillance capabilities and facilitate the sharing of technology among law enforcement agencies. Technical personnel from other federal, state, and local law enforcement agencies will be able to obtain advice and guidance if they have difficulty in attempting to implement lawful electronic surveillance court orders.

      It is important to point out that the NDCAC will not be responsible for the actual execution of any electronic surveillance court orders and will not have any direct operational or investigative role in investigations. It will provide the technical knowledge and referrals in response to law enforcement’s requests for technical assistance.

Here’s the full text of the FBI’s statement in a Google+ post.

One person familiar with the FBI’s procedures told CNET that the DCAC is in the process of being launched but is not yet operational. A public Justice Department document, however, refers to the DCAC as “recently established.”

“They’re doing the best they can to avoid being transparent”

The FBI has disclosed little information about the DCAC, and what has been previously made public about the center was primarily through budget requests sent to congressional committees. The DCAC doesn’t even have a Web page.

“The big question for me is why there isn’t more transparency about what’s going on?” asks Jennifer Lynch, a staff attorney at the Electronic Frontier Foundation, a civil liberties group in San Francisco. “We should know more about the program and what the FBI is doing. Which carriers they’re working with — which carriers they’re having problems with. They’re doing the best they can to avoid being transparent.”

The DCAC concept dates back at least four years. FBI director Robert Mueller was briefed on it in early 2008, internal FBI documents show. In January 2008, Charles Smith, a supervisory special agent and section chief in the FBI’s Operational Technology Division, sent e-mail to other division officials asking for proposals for the DCAC’s budget.

When it comes to developing new surveillance technologies, Quantico is the U.S. government’s equivalent of a Silicon Valley incubator. In addition to housing the FBI’s Operational Technological Division, which boasts of developing the “latest and greatest investigative technologies to catch terrorists and criminals” and took the lead in creating the DCAC, it’s also home to the FBI’s Engineering Research Facility, the DEA’s Office of Investigative Technology, and the U.S. Marshals’ Technical Operations Group. In 2008, Wired.com reported that the FBI has “direct, high-speed access to a major wireless carrier’s systems” through a high-speed DS-3 link to Quantico.

The Senate appropriations committee said in a report last month that, for electronic surveillance capabilities, it authorizes “$54,178,000, which is equal to both the request and the fiscal year 2012 enacted level. These funds will support the Domestic Communications Assistance Center, providing for increased coordination regarding lawful electronic surveillance amongst the law enforcement community and with the communications industry.” (It’s unclear whether all of those funds will go to the DCAC.)

In trying to convince Congress to spend taxpayers’ dollars on the DCAC, the FBI has received help from local law enforcement agencies that like the idea of electronic surveillance aid. A Justice Department funding request for the 2013 fiscal year predicts DCAC will “facilitate the sharing of solutions and know-how among federal, state, and local law enforcement agencies” and will be welcomed by telecommunications companies who “prefer to standardize and centralize electronic surveillance.”

A 2010 resolution from the International Association of Chiefs of Police — a reliable FBI ally on these topics — requests that “Congress and the White House support the National Domestic Communications Assistance Center Business Plan.”

The FBI has also had help from the Drug Enforcement Administration, which last year requested $1.5 million to fund eight additional DCAC positions. DEA administrator Michele Leonhart has said (PDF) the funds will go to “develop these new electronic surveillance capabilities.” The DEA did not respond to CNET’s request for comment.

An intriguing hint of where the DCAC might collaborate with the National Security Agency appeared in author James Bamford’s article in the April issue of Wired magazine. Bamford said, citing an unidentified senior NSA official, that the agency has “made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems” — an obstacle that law enforcement has encountered in investigations.

Eventually, the FBI may be forced to lift the cloak of secrecy that has surrounded the DCAC’s creation. On May 2, a House of Representatives committee directed the bureau to disclose “participation by other agencies and the accomplishments of the center to date” three months after the legislation is enacted.”

————————————————————–

Douglas McNabb – McNabb Associates, P.C.’s
Federal Criminal Defense Attorneys Videos:

Federal Crimes – Be Careful

Federal Crimes – Be Proactive

Federal Crimes – Federal Indictment

Federal Crimes – Detention Hearing

Federal Mail Fraud Crimes

————————————————————–

To find additional federal criminal news, please read Federal Criminal Defense Daily.

Douglas McNabb and other members of the U.S. law firm practice and write and/or report extensively on matters involving Federal Criminal Defense, INTERPOL Red Notice Removal, International Extradition Defense, OFAC SDN Sanctions Removal, International Criminal Court Defense, and US Seizure of Non-Resident, Foreign-Owned Assets. Because we have experience dealing with INTERPOL, our firm understands the inter-relationship that INTERPOL’s “Red Notice” brings to this equation.

The author of this blog is Douglas C. McNabb. Please feel free to contact him directly at mcnabb@mcnabbassociates.com or at one of the offices listed above.