Tag Archive for: warrant

NSA is buying Americans’ internet browsing records without a warrant

/in


an exterior view of the National Security Agency in Ft Meade, Maryland

Image Credits: Brooks Kraft LLC / Corbis / Getty Images

The U.S. National Security Agency is buying vast amounts of commercially available web browsing data on Americans without a warrant, according to the agency’s outgoing director.

NSA director Gen. Paul Nakasone disclosed the practice in a letter to Sen. Ron Wyden, a privacy hawk and senior Democrat on the Senate Intelligence Committee. Wyden published the letter on Thursday.

Nakasone said the NSA purchases “various types” of information from data brokers “for foreign intelligence, cybersecurity, and authorized mission purposes,” and that some of the data may come from devices “used outside — and in certain cases, inside — the United States.”

“NSA does buy and use commercially available netflow data related to wholly domestic internet communications and internet communications where one side of the communication is a U.S. Internet Protocol address and the other is located abroad,” Nakasone said in the letter.

Netflow records contain non-content information (also known as metadata) about the flow and volume of internet traffic over a network, which can reveal where internet connections came from and which servers passed data to another. Netflow data can be used to track network activity traffic through VPNs and can help identify servers and networks used by malicious hackers.

The NSA did not say from which providers it buys commercially available internet records.

In a responding letter to the Office of the Director of National Intelligence (ODNI), which oversees the U.S. intelligence community, Wyden said that this internet metadata “can be equally sensitive” as location data sold by data brokers for its ability to identify Americans’ private online activity.

“Web browsing records can reveal sensitive, private information about a person based on where they go on the internet, including visiting websites related to mental health resources, resources for survivors of sexual assault or domestic abuse, or visiting a telehealth provider who focuses on birth control or abortion medication,” said Wyden in a statement.

Wyden said he learned of the NSA’s domestic internet records…

Source…

FBI Serves Incredibly Broad Warrant To 8chan, Demanding Info On All Users Who Responded To A Shooter’s Post

/in

Internet hellhole 8chan has been hit with a federal search warrant. The site, created to serve those who felt 4chan’s nearly-nonexistent moderation was too restrictive, has been front and center recently due to its hosting of manifestos by mass shooters who apparently frequented the site.

In this case, an investigation into a shooting at a California mosque has led the FBI to the pages of 8chan. Postings at the site — along with some at Facebook — have linked the shooter to the Christchurch shooting in New Zealand. According to the affidavit [PDF], the FBI believes the California mosque shooter was “inspired and/or educated” by the New Zealand’s shooters manifesto and actions.

The Poway shooter is already in custody, so the value of the information sought here is questionable. While the info may have some value in establishing the shooter’s state of mind, as well as his connection to other crimes, the warrant does bear some resemblance to a fishing expedition.

From the affidavit, it appears the feds have no shortage of evidence to use against the shooter:

Using various search methods, Whitney Buckingham an SDSD system data miner, found a manifesto on Pastebin.com written by a person identifying himself as John Earnest. In the manifesto, which he named “An Open Letter”, Earnest made many anti-Semitic and anti-muslim statements. One such statement which is a direct quote is, “As an individual, I can only kill so many Jews.” He states he is not a terrorist but that he hates anyone who he sees as a threat to his country. Earnest took credit for a fire that had been set at mosque in Escondido a few weeks earlier. His exact statement was “I scorched a mosque in Escondido with gasoline a week after Brenton Tarrant’s sacrifice and they never found shit on me. Additionally, he wrote “I spray-painted on the parking lot. I wrote ‘For Brenton Tarrant -t./pol/.”

Tarrant is the New Zealand shooter Earnest apparently tried to emulate. Obviously, the threat of copycat killers is always a concern following mass shootings, but what the government is demanding here has the potential to sweep up dozens of users who did nothing but reply to threads involving the arrested shooter.

Agents seek IP address and metadata information about Earnest’s original posting and the postings of all of the individuals who responded to the subject posting and/or commented about it. Additionally, agents seek information about any other posting coming from the IP address used by Earnest to post the subject posting.

This seems like a lot of people to be investigating for just being in the wrongest place on the internet at the wrong time. The justification for this is speculation that others who viewed the post will either become shooters themselves or somehow conspired with the shooter to carry out this horrible crime in which Earnest was the only shooter.

As discussed above, Earnest made a posting in which he thought to draw attention to his forthcoming attack on the Chabad of Poway, share his views through his open letter, and offer people the opportunity to observe the attack itself. Several people responded, both individuals who were taken aback about the posting as well as people who were sympathizers. As a result, some of the individuals may be potential witnesses, co-conspirators and/ or individuals who are inspired by the subject posting. Based on agents’ training and experience, following attacks such as those conducted by Earnest, other individuals are inspired by the attacks and may act of their own accord.

By its own admission, the FBI is seeking information about posters “taken aback” by Earnest’s post — users unlikely to be “inspired” by the shooting or his co-conspirators. Apparently, the FBI doesn’t trust 8chan to make that assessment, so it’s asking for everything so it can sort through it and draw its own conclusions, engage in its own “non-custodial” interviews, subpoena a number of other service providers for more info, etc.

In fact, the FBI would prefer Ch.net — the host for 8chan — just hand over everything demanded by the warrant without getting involved at all.

In order to accomplish the objective of the search warrant with a minimum of interference with the business activities of Ch.net, to protect the rights of the subject of the investigation and to effectively pursue this investigation, authority is sought to allow Ch.net to make a digital copy of the entire contents of the accounts subject to seizure.

However you may feel about 8chan and its denizens (and I hope those feelings are mostly negative), this is not a justifiable demand for information. The FBI wants everything on everyone in that thread, even as it states some of the users it’s targeting were appalled by what they were seeing. This makes everyone in the thread a suspect and treats anonymous users of this site as inherently suspicious, no matter what their posts actually say.

Permalink | Comments | Email This Story

Techdirt.

Bill Introduced To Create A Warrant Requirement For Border Device Searches

/in

With a great deal of luck, we may finally get a bit more respect for Constitutional rights at the border. The Supreme Court may have ruled that searches of cellphones require warrants, but that ruling doesn’t apply within 100 miles of any US border (that includes international airports). Warrantless device searches happen regularly and with increasing frequency.

So far, courts have been hesitant to push back against the government’s assertions that border security is more important than the rights guaranteed by the Constitution. And if the courts do feel something should be done to protect US citizens and foreign visitors, they feel it should be done by Congress, not by them.

So, it’s good to see Congress may actually do something about this. Jack Corrigan of Nextgov has the details:

Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., on Wednesday introduced legislation that would increase digital privacy protections for U.S. residents crossing the border and limit the situations in which agents could legally seize their devices. If enacted, the Protecting Data at the Border Act would curb law enforcement’s extensive authority over electronic information at the border.

Rep. Ted Lieu, D-Calif., introduced a companion bill in the House.

The bill [PDF] would institute a warrant requirement for border device searches, which is a really weird sentence to type considering the Supreme Court of the United States of America instituted a warrant requirement for device searches five years ago. But there it is: an attempt to codify a SCOTUS decision so it’s respected by US government agencies.

It also prevents border agents from denying entry to anyone refusing to disclose passwords or unlock devices during screening. It also blocks them from detaining anyone for more than four hours in hopes of turning denials into consensual searches.

Unfortunately, there are some loopholes. And one of those is sizable. “Emergency situations” allow border agents to bypass the Constitutional niceties. One of those is an old — and super-vague — favorite:

[c]onspiratorial activities threatening the national security interest of the United States

That’s the catch-22. The law can’t pass without this exception and it’s this exception that will be abused the most. But the institution of a warrant requirement will force the government to put a little more effort into its “national security” hand-waving if it hopes to use evidence pulled from devices in court.

Also important is the institution of documentation procedures for consent searches. It won’t be enough for officers to claim detainees volunteered passwords or otherwise agreed to have their devices searched. They’ll need to have the whole thing documented and the form signed by the detainee. Every device search must be documented as well, whether or not a forensic search was performed.

It’s a good bill, national security exception notwithstanding. But it’s being lobbed into an unwelcoming political arena. President Trump is still demanding a wall and has declared a national emergency simply because he wants to discourage immigrants from coming to this country. Border security is national security, according to this administration, even when there’s little evidence showing immigrants are more likely to commit acts of terrorism, never mind regular crime. This administration and those backing it (and they are many) are more than happy to suspend the Bill of Rights at the border for as long as they’re in power. That’s the reality of the situation.

While this bill would bring border agencies into alignment with Supreme Court precedent, it’s highly unlikely this won’t be rejected by the President if it even manages to make it that far.

Permalink | Comments | Email This Story

Techdirt.

Justice Department goes nuclear on Google in search warrant fight

/in

Enlarge / Close-up of cables and LED lights in the data center of T-Systems, a subsidiary of Deutsche Telekom AG. (credit: Thomas Trutschel/Getty Images)

The Justice Department is demanding that a federal judge sanction Google for failing to abide by court orders to turn over data tied to 22 e-mail accounts. “Google’s conduct here amounts to a willful and contemptuous disregard of various court orders,” the government wrote (PDF) in a legal filing to US District Judge Richard Seeborg of California.

The government added in its Wednesday brief:

Google is entitled to have its own view of the law and to press that view before a court of competent jurisdiction. However, when faced with a valid court order, Google, like any other person or entity, must either comply with such an order or face consequences severe enough to deter willful noncompliance. The issue before this court is what sanction is sufficient to achieve that goal.

Google said it wasn’t complying with the order because it was on appeal. Google also said it was following precedent from a New York-based federal appellate court that ruled Microsoft doesn’t have to comply with a valid US warrant for data if the information is stored on overseas servers. Google is appealing the California warrant to the San Francisco-based 9th US Circuit Court of Appeals on the same grounds. However, neither Seeborg nor the 9th Circuit is bound by the 2nd Circuit Court of Appeals’ decision— which the government has appealed to the US Supreme Court. (The US circuit courts of appeal are not bound to follow rulings by their sister circuits, but they all must obey precedent from the Supreme Court.)

Read 11 remaining paragraphs | Comments

Biz & IT – Ars Technica