Group items tagged

The Federal Bureau of Investigation has used a secretive authority to compel Internet and telecommunications firms to hand over customer data including an individual’s complete web browsing history and records of all online purchases, a court filing released Monday shows.The documents are believed to be the first time the government has provided details of its so-called national security letters, which are used by the FBI to conduct electronic surveillance without the need for court approval.The filing made public Monday was the result of an 11-year-old legal battle waged by Nicholas Merrill, founder of Calyx Internet Access, a hosted service provider, who refused to comply with a national security letter (NSL) he received in 2004. Merrill told Reuters the release was significant “because the public deserves to know how the government is gathering information without warrants on Americans who are not even suspected of a crime.”

National security letters have been available as a law enforcement tool since the 1970s, but their frequency and breadth expanded dramatically under the USA Patriot Act, which was passed shortly after the Sept. 11, 2001 attacks. They are almost always accompanied by an open-ended gag order barring companies from disclosing the contents of the demand for customer data.A federal court ruled earlier this year that the gag on Merrill’s NSL should be lifted. Merrill's challenge also disclosed that the FBI may use NSLs to gain IP addresses on everyone a suspect has corresponded with and cell-site location information. The FBI said in the court filings it no longer used NSLs for location information. The secretive orders have long drawn the ire of tech companies and privacy advocates, who argue NSLs allow the government to snoop on user content without appropriate judicial oversight or transparency.

Last year, the Obama administration announced it would permit Internet companies to disclose more about the number of NSLs they receive. But they can still only provide a range such as between 0 and 999 requests, or between 1,000 and 1,999. Twitter (TWTR.N) has sued in federal court seeking the ability to publish more details in its semi-annual transparency reports. Several thousand NSLs are now issued by the FBI every year, though the agency says it is unaware of the precise number. At one point that number eclipsed 50,000 letters annually. The FBI did not respond to a request for comment Monday.

HE INTERCEPT HAS OBTAINED a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

The Intercept obtained the catalogue from a source within the intelligence community concerned about the militarization of domestic law enforcement. (The original is here.) A few of the devices can house a “target list” of as many as 10,000 unique phone identifiers. Most can be used to geolocate people, but the documents indicate that some have more advanced capabilities, like eavesdropping on calls and spying on SMS messages. Two systems, apparently designed for use on captured phones, are touted as having the ability to extract media files, address books, and notes, and one can retrieve deleted text messages. Above all, the catalogue represents a trove of details on surveillance devices developed for military and intelligence purposes but increasingly used by law enforcement agencies to spy on people and convict them of crimes. The mass shooting earlier this month in San Bernardino, California, which President Barack Obama has called “an act of terrorism,” prompted calls for state and local police forces to beef up their counterterrorism capabilities, a process that has historically involved adapting military technologies to civilian use. Meanwhile, civil liberties advocates and others are increasingly alarmed about how cellphone surveillance devices are used domestically and have called for a more open and informed debate about the trade-off between security and privacy — despite a virtual blackout by the federal government on any information about the specific capabilities of the gear.

ANY OF THE DEVICES in the catalogue, including the Stingrays and dirt boxes, are cell-site simulators, which operate by mimicking the towers of major telecom companies like Verizon, AT&T, and T-Mobile. When someone’s phone connects to the spoofed network, it transmits a unique identification code and, through the characteristics of its radio signals when they reach the receiver, information about the phone’s location. There are also indications that cell-site simulators may be able to monitor calls and text messages. In the catalogue, each device is listed with guidelines about how its use must be approved; the answer is usually via the “Ground Force Commander” or under one of two titles in the U.S. code governing military and intelligence operations, including covert action.