The FISA fight is all about the e-mails, according to public comments made on Tuesday by a Department of Justice official.
For months, the debate has centered around immunity for telecom companies including AT&T, Verizon, and Sprint. The primary focus has been on the warrantless wiretapping of the phone calls made by millions of Americans. In comments made at a public meeting on Tuesday, Assistant Attorney General for National Security Kenneth Wainstein made clear that the FISA fight is not about foreign-to-foreign calls, but actually about Internet data. The Washington Post reports:
At the breakfast yesterday, Wainstein highlighted a different problem with the current FISA law than other administration officials have emphasized. Director of National Intelligence Mike McConnell, for example, has repeatedly said FISA should be changed so no warrant is needed to tap a communication that took place entirely outside the United States but happened to pass through the United States.
But in response to a question at the meeting by David Kris, a former federal prosecutor and a FISA expert, Wainstein said FISA's current strictures did not cover strictly foreign wire and radio communications, even if acquired in the United States. The real concern, he said, is primarily e-mail, because "essentially you don't know where the recipient is going to be" and so you would not know in advance whether the communication is entirely outside the United States.
What this means, of course, is that while the public outcry has been focused on AT&T, it should have included a few other firms, including perhaps Microsoft, Yahoo and Google.
If the NSA is interested in getting email messages, it can do so in one of two ways. First, it can tap the Internet backbone, through which almost all communications flow. Second, it can go directly to the major email providers.
The Backbone Providers
According to the relevant Wikipedia page, the Internet backbone (commonly understood to mean the collection of Tier 1 internet Service Providers) is made up of: AOL Transit Data Network, AT&T, Global Crossing, Verizon Business (formerly UUNET), NTT Communications, Qwest, SAVVIS, and Sprint.
From numerous press reports, we already know that AT&T, Verizon, and Sprint are involved in the shady NSA wiretapping program. Furthermore, we also know that Qwest refused to participate as the government would not provide a FISA warrant.
That leaves AOL, Global Crossing, NTT Communications, and SAVVIS as other potential participants in any NSA effort to sniff email communications.
The Email Providers
With www.alqaeda.com, www.alqaeda.net and www.alqaeda.org owned by domain squatters, where should a would-be terrorist go for email? Microsoft's Hotmail of course.
In all seriousness, no terrorist worth his or her salt would advertise themselves by using a domain name related to their cause, and so it is far more likely that they would want to blend into the crowd of the hundreds of millions of other users the major free email providers -- Yahoo, Microsoft Hotmail, and Google Mail.
The Protect America Act of 2007 permitted intelligence agencies to force Google, Yahoo and Microsoft to hand over a copy of every email passing through their systems which lists one non-US recipient. While the law expired in February, any orders initiated under the act can continue until August of this year.
It is unclear what the major email providers could have been forced to do before the Protect America Act. However, if email communications are the most important issue in the telecom immunity debate, we should certainly be looking carefully at these and other email providers. As other bloggers have previously discussed, the proposed legislation would provide immunity for all companies that assisted the administration in its illegal spying, not just AT&T and the other 2 telcos.
Public Comment and Denial
I made an effort to get a comment from a few of the major free email provider. However, I didn't bother with the backbone providers -- as I assumed I'd get the same "we respect privacy and will respond to lawful requests" line that is common in the industry.
Microsoft's PR people were nice enough to let me know that the company has over 300 million active email accounts. When asked how many of those accounts the company had turned over to US intelligence agencies, the company declined to comment.
Google was a bit more verbose. Its spokeperson told me that: "As our privacy policy states, we comply with law enforcement requests made with proper service. We do not discuss specific law enforcement requests and generally do not share aggregate information about them. There are also some legal restrictions on what information we can share about law enforcement requests.
As Wired's Ryan Singel has often noted, Google could easily tell us how many divorce lawyers, copyright holders and law enforcement agencies are probing people's search histories and emails. The company chooses not to, primarily because doing so would shed light on how much information the company has, and how often it is forced to share it with third parties.
One thing is clear: With the proposed immunity bill looking like it will pass this week, members of the media and the privacy community should pay close attention to Google, Microsoft, Yahoo, and the major operators of the Internet backbone. The immunity provisions will just as equally apply to them -- and up until now, they've received almost no scrutiny at all.
Can members of Al Qaeda use voice over Internet technology (VoIP) to avoid wiretaps?
Recent comments by Michael McConnell, Director of National Intelligence, seem to suggest that terrorists could create significant roadblocks for the National Security Agency by simply routing their traffic through the U.S.
Mike McConnell: I'll have some of what he's smoking,
(Credit: Office of the Director of National Intelligence)The incongruously named Protect America Act of 2007 gutted the existing Foreign Intelligence Surveillance Act (FISA), and allowed the National Security Agency to significantly expand its surveillance powers. It's set to expire in February, and the Administration is looking for reasons to justify extending the law. With perfect timing, Michael McConnell, Director of National Intelligence, has come to the rescue.
An interview published in the upcoming edition of The New Yorker quotes him, stating that,
"McConnell said that federal judges had recently decided, in a series of secret rulings, that any telephone transmission or e-mail that incidentally flowed into U.S. computer systems was potentially subject to judicial oversight. According to McConnell, the capacity of the NSA to monitor foreign-based communications had consequently been reduced by 70 percent."
Conveniently enough, if Congress passes legislation to further gut FISA, the NSA will be able to resume its warrantless snooping on the terrorists, the troops will be safe, global warming will cease to be a problem, and no more puppies will have to die.
While the average privacy geek would consider an NSA wiretap of an undersea fiber-optic cable carrying millions of phone calls to be surveillance, it turns out that the law does not agree. As per the existing FISA rules, anything the NSA does outside of the U.S. does not count as electronic surveillance, and thus does not require a warrant. Thus, any wiretapping that happens in Iraq will never require approval of the FISA court, with or without any new legislation being passed.
(I'm not the only one to call bs on McConnell's claims. Wired's Ryan Singel is offering a $1,000 wager that "when and if those rulings are ever released, we'll see they say no such thing." Clearly, the pay over at Wired is far better than CNET. While I can't offer the same level of money as Ryan, if McConnell does turn out to be telling the truth, I'll promise to switch my telephone service to AT&T--thus sending a little bit of money to the NSA's best friend forever.)
However, for the purposes of this blog post, let's assume that McConnell is in fact telling the truth. Let's assume that a phone call between two members of Al Qaeda in the Middle East that happens to flow through a U.S.-based server automatically kicks in a requirement that the NSA get a FISA warrant before it can listen in--even if the tap is conducted in Iraq, or under the Atlantic Ocean.
It's not surprising that this would be alarming to the NSA. In a previous interview, McConnell claimed that each FISA warrant takes more than 200 man hours to process. Were every member of the Iraqi insurgency to route his communications via the U.S., the NSA would presumably become the largest law firm in the world.
Which brings me to the point of today's blog post. If McConnell is to be believed, Al Qaeda merely needs to switch to using U.S.-based voice over IP services, and it can immediately crush the NSA under a pile of FISA paperwork. No matter where the NSA actually tried to intercept the Internet-routed phone call, a FISA warrant would be required. For $24.99 a month per terrorist, Al Qaeda could launch a gigantic legal denial of service against the folks at Fort Meade. Furthermore, now that the iPhone has been hacked to support VoIP software, the VoIP-subscribing terrorists could communicate in style.
Of course, the problem with using most commercial VoIP solutions is that phone calls flow over the wire in the clear, making it trivially easy for our spooks to listen in once they've dealt with that pesky matter of the warrant. Thus, any smart terrorist worth his salt would most likely use encrypted VoIP software, such as the uber-fantastic Zfone project, which can be had for free.
- prev
- 1
- next
