The FBI appears to have adopted an invasive Internet surveillance technique that collects far more data on innocent Americans than previously has been disclosed.
Instead of recording only what a particular suspect is doing, agents conducting investigations appear to be assembling the activities of thousands of Internet users at a time into massive databases, according to current and former officials. That database can subsequently be queried for names, e-mail addresses or keywords.
Such a technique is broader and potentially more intrusive than the FBI's Carnivore surveillance system, later renamed DCS1000. It raises concerns similar to those stirred by widespread Internet monitoring that the National Security Agency is said to have done, according to documents that have surfaced in one federal lawsuit, and may stretch the bounds of what's legally permissible.
Call it the vacuum-cleaner approach. It's employed when police have obtained a court order and an Internet service provider can't "isolate the particular person or IP address" because of technical constraints, says Paul Ohm, a former trial attorney at the Justice Department's Computer Crime and Intellectual Property Section. (An Internet Protocol address is a series of digits that can identify an individual computer.)
That kind of full-pipe surveillance can record all Internet traffic, including Web browsing--or, optionally, only certain subsets such as all e-mail messages flowing through the network. Interception typically takes place inside an Internet provider's network at the junction point of a router or network switch.
The technique came to light at the Search & Seizure in the Digital Age symposium held at Stanford University's law school on Friday. Ohm, who is now a law professor at the University of Colorado at Boulder, and Richard Downing, a CCIPS assistant deputy chief, discussed it during the symposium.
In a telephone conversation afterward, Ohm said that full-pipe recording has become federal agents' default method for Internet surveillance. "You collect wherever you can on the (network) segment," he said. "If it happens to be the segment that has a lot of IP addresses, you don't throw away the other IP addresses. You do that after the fact."
"You intercept first and you use whatever filtering, data mining to get at the information about the person you're trying to monitor," he added.
On Monday, a Justice Department representative would not immediately answer questions about this kind of surveillance technique.
"What they're doing is even worse than Carnivore," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation who attended the Stanford event. "What they're doing is intercepting everyone and then choosing their targets."
When the FBI announced two years ago it had abandoned Carnivore, news reports said that the bureau would increasingly rely on Internet providers to conduct the surveillance and reimburse them for costs. While Carnivore was the subject of congressional scrutiny and outside audits, the FBI's current Internet eavesdropping techniques have received little attention.
Carnivore apparently did not perform full-pipe recording. A technical report (PDF: "Independent Technical Review of the Carnivore System") from December 2000 prepared for the Justice Department said that Carnivore "accumulates no data other than that which passes its filters" and that it saves packets "for later analysis only after they are positively linked by the filter settings to a target."
One reason why the full-pipe technique raises novel legal questions is that under federal law, the FBI must perform what's called "minimization."
Federal law says that agents must "minimize the interception of communications not otherwise subject to interception" and keep the supervising judge informed of what's happening. Minimization is designed to provide at least a modicum of privacy by limiting police eavesdropping on innocuous conversations.
Prosecutors routinely hold presurveillance "minimization meetings" with investigators to discuss ground rules. Common investigatory rules permit agents to listen in on a phone call for two minutes at a time, with at least one minute elapsing between the spot-monitoring sessions.
That section of federal law mentions only real-time interception--and does not explicitly authorize the creation of a database with information on thousands of innocent targets.
But a nearby sentence adds: "In the event the intercepted communication is in a code or foreign language, and an expert in that foreign language or code is not reasonably available during the interception period, minimization may be accomplished as soon as practicable after such interception."
Downing, the assistant deputy chief at the Justice Department's computer crime section, pointed to that language on Friday. Because digital communications amount to a foreign language or code, he said, federal agents are legally permitted to record everything and sort through it later. (Downing stressed that he was not speaking on behalf of the Justice Department.)
"Take a look at the legislative history from the mid '90s," Downing said. "It's pretty clear from that that Congress very much intended it to apply to electronic types of wiretapping."
EFF's Bankston disagrees. He said that the FBI is "collecting and apparently storing indefinitely the communications of thousands--if not hundreds of thousands--of innocent Americans in violation of the Wiretap Act and the 4th Amendment to the Constitution."
Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, D.C., said a reasonable approach would be to require that federal agents only receive information that's explicitly permitted by the court order. "The obligation should be on both the (Internet provider) and the government to make sure that only the information responsive to the warrant is disclosed to the government," he said.
Courts have been wrestling with minimization requirements for over a generation. In a 1978 Supreme Court decision, Scott v. United States, the justices upheld police wiretaps of people suspected of selling illegal drugs.
But in his majority opinion, Justice William Rehnquist said that broad monitoring to nab one suspect might go too far. "If the agents are permitted to tap a public telephone because one individual is thought to be placing bets over the phone, substantial doubts as to minimization may arise if the agents listen to every call which goes out over that phone regardless of who places the call," he wrote.
Another unanswered question is whether a database of recorded Internet communications can legally be mined for information about unrelated criminal offenses such as drug use, copyright infringement or tax crimes. One 1978 case, U.S. v. Pine, said that investigators could continue to listen in on a telephone line when other illegal activities--not specified in the original wiretap order--were being discussed. Those discussions could then be used against a defendant in a criminal prosecution.
Ohm, the former Justice Department attorney who presented a paper on the Fourth Amendment, said he has doubts about the constitutionality of full-pipe recording. "The question that's interesting, although I don't know whether it's so clear, is whether this is illegal, whether it's constitutional," he said. "Is Congress even aware they're doing this? I don't know the answers."