Wrong Direction on Privacy - using NSLs to obtain communication transactional information

Thu Sep 30 18:30:11 EDT 2010

another facet of The Administration's "We Hear You" efforts..

Wrong Direction on Privacy
Susan Landau
2-Aug-2010

http://www.huffingtonpost.com/susan-landau/wrong-direction-on-privac_b_666915.html

The White House wants to make it easier for the FBI to get at your email and 
web browsing records; the plan is to make transactional information surrounding 
your Internet communications --- the to/from information and the times and 
dates of those communications --- subject to National Security Letters (NSLs), 
meaning the FBI could get these records without going through a judge.

NSLs were created in 1978 to give FBI investigators an easy way to obtain 
various business records, including the transactional information of phone 
records (not the content, which is subject to more stringent protections). The 
"easy" part of NSLs is that no courts are involved in issuing an NSL; the 
bureau does so itself. FBI guidelines require NSLs to be issued only on a 
written request of an FBI Special Agent in Charge (or other specially delegated 
senior FBI official), and there are four approval steps in the process.

Originally NSLs were to be used against foreign powers and people believed to 
be their agents. But proving someone was an agent of a foreign power was not 
all that easy, and NSLs were rarely used. That situation changed with the 
PATRIOT Act, which allowed NSLs to be used to gather information relevant to 
international terrorism cases. In an Orwellian touch, under the PATRIOT Act the 
bureau could require that the recipient of an NSL keep the order secret. NSL 
numbers shot up; between 2003-2006, the FBI issued 192,000 NSLs. Many were to 
phone companies. Why is clear; knowing who the bad guys are communicating with 
leads to untangling plots, often before law enforcement understands exactly 
what the plot might be. Such appears to be what happened, for example, in the 
case of Najibullah Zazi, who recently pled guilty to a plot to bomb the New 
York City subways.

At first in the initial aftermath of September 11th, telephone company workers 
were sharing offices with the FBI Communications Assistance Unit, and many 
times the required procedures went by the wayside. And instead of NSLs, the FBI 
begun using "exigent letters'' requesting immediate access to telephone records 
with claims to the phone companies that the appropriate subpoenas were in 
process. Many times that wasn't true. Sometimes there wasn't even a paper trail 
for the requests; they were just issued verbally. Dates and other specifics 
were often missing from the requests, which meant law enforcement got many more 
months of data than there was need for.

Why does this matter? It turns out that communications transactional 
information is remarkably revelatory. When NSLs were created in 1978, phones 
were fixed devices, and the information of who was calling whom provided a 
useful past history of behavior. The information is much richer with mobile 
devices; knowing who is calling whom, or whose cellphone is repeatedly located 
in the same cellphone sector as whose, provides invaluable information --- 
information that is simultaneously remarkably invasive. Transactional data 
reveals who spends time together, what an organization's structure is, what 
business or political deals might be occurring. ... <snip/>

---
end

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com