HOW NSA USES NETWORK CARRIERS TO SPY ON YOU (Pt. 2)

PART II: The Great Bandwidth Rip-Off

Part I covered the basics of how the NSA scoops up huge amounts of data about U.S. citizens without warrants. That’s a violation of the 1978 FISA Law, but since before 9/11, the Bush Administration has been doing it, anyway. See, http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=389&topic_id=2057343&mesg_id=2057343

This installment goes into more technical and historical detail about how the Bush Administration carries out warrantless spying on U.S. citizens.

The irony of this story is that terrorists and serious criminals know full well how to avoid detection and can work around the elaborate and incredibly expensive technological "fixes" that have been imposed since 2000.

What seems to have actually happened is another grand theft in the name of computer security, a replay of the Y2K "crisis", only with extra terror added.

_____________________________________

PART II: The Great Bandwidth Rip-Off

1) What does your IP address say about you?

Real terrorists do not use their own registered Internet accounts to plot real mass attacks. If they use public network electronic communications at all, they steal identities and use other peoples accounts. That's why most of what the NSA and other federal agencies do to locate and profile "potential terrorists" on the Internet are a waste of large amounts of money, and do nothing to foil serious terrorist threats inside the U.S.

Nonetheless, U.S. intelligence agencies continue to award contracts for billions of dollars to contractors to monitor and analyze U.S. citizens on the Internet.

The truth is, it's awfully easy for experts to operate incognito on the Web. A network administrator tells us that it isn’t difficult for Internet site moderators to learn the identity of someone on-line, and once that's established, it’s utter child’s play to steal an electronic identity. Any network or ISP tracks the surfing habits of its users, and so can any number of parties from remote locations. More sophisticated hackers can remotely read a user’s files and programs or install new ones, and then -- as many of us have observed -- remotely control your computer and use it as a "slave". Most of the time,it happens without your ever knowing about it. http://icrontic.com/forum/showthread.php?t=24793



Having an on-line user’s IP address visible is clearly a useful and necessary tool for Administrators of Internet boards. Without this, all hell would likely break loose as it would be virtually impossible to identify trolls and to effectively ban them, at least those foolish enough to use their own computers and ISP accounts.

However, assigning every machine an address on the Net also makes it very easy for malicious parties, those that are trained and equipped in such black arts, to bug and hijack Internet users.



However, after 9/11, nothing is truly illegal, if it’s being done by Presidential Order.

With this in mind, we now turn to how the Bush-Cheney FCC have forced through legal interpretation that justified $7 billion in unnecessary IT expenses on Internet surveillance system that makes us no safer, and may simply be a giant giveaway to NSA contractors.

2) The FCC’s Expanding View of CALEA, and the Closing of the Electronic Frontier

Aside from FISA, the most important federal statute pertaining to the government's ability to conduct domestic surveillance is the Communications Assistance for Law Enforement Act (CALEA) of 1994.

Until 2002, CALEA wiretap requirements were limited to telcos and did not extend to Internet Service Providers and other web-based carriers. The law originally contained an exemption for all "information services."

The stated rationale offered for the 1994 Act was that the switchover from analog to digital phone service made it necessary for the telephone industry to install new equipment so the FBI and other domestic law enforcement could continue their long-standing ability to tap phones pursuant to lawful court orders. Fair enough.

In 2002, after the Bush Administration took power, FCC interpretation changed and extended the scope of the law by rule-making to include among "common carriers" all forms of electronic communications, including computer information services. The previous exemption was simply dropped.

In recent days, we've learned that 9/11 didn't really change everything. Everything really changed on January 20, 2001. On February 27, a telco executive had a meeting with ranking NSA officers, at which he expressed the view of Qwest’s lawyers and management, that the NSA was already engaged in implementing domestic survellance viewed as "unethical" and "illegal". Please see the links, above.

Within months, the new Administration also started to publicly raise the spectre of "Internet vulnerability" and pushed for legal means to fence off web communications to users except those accessing commercial Internet Service Providers (ISP).

The method used by the Bush Administration to sell the expansion of CALEA was to leverage confusion about the law along with the threat of terrorism. In its August 9, 2004 Notice of Public Rulemaking, the FCC created ambiguity in the language it used to define which entities would be subject to requirements to install or contract out for CALEA compliance as "common carriers" as opposed to those who could claim an exemption as "private networks", as provided in Section 103(b)(2)(B)4, 47 U.S.C. §4 1002(b)(2)."

One paragraph seemed to contradict another. Whether due to sloppy crafting of the rule or something more insidious, this predictably led to a plethora of conflicting legal interpretations by universities and other institutions. See, eg, http://www.cit.cornell.edu/...

(Paragraph 47). . . we tentatively conclude that facilities-based providers of any type of broadband Internet access . . . whether provided on a wholesale or retail basis, are subject to CALEA.

Similarly, at ¶56, the Commission preserved the common carrier notion in the statement of its tentative conclusion: "we tentatively conclude that providers of managed VoIP Services, which are offered to the general public . . . are subject to CALEA" .

That FCC language implies that any institution that provided Internet access to the general public is required to install or contract for CALEA surveillance systems. However, buried deep in that document, footnote 133 seemed to offer exemptions to "schools, libraries, hotels, coffee shops . . . that permit their patrons to access the Internet."

On Aug. 5, 2005, in response to a petition filed by the U.S. Department of Justice and the Federal Bureau of Investigation, the FCC adopted a rule extending the scope of CALEA to include all "facilities-based" Internet service providers and certain Voice-over-IP providers. The U.S. Court of Appeals for the District of Columbia Circuit upheld that rule on appeal in a decision issued June 9, 2006. ACE v. CALEA, No. 05-1404. The result was that most everyone treated CALEA as binding, and most institutions restricted public access to the Internet and severed their own independent links, and decided to pay commercial ISP to access the Web. The estimated cost of compliance -- to higher education, alone -- is some $7 billion, about $450 per student.

The legal interpretation of precisely which institutions offering Internet access meet the exemption offered to "private" network carriers still has not been precisely codified, even after the court decision and the Commission issued its Implementation guidelines on June 6, 2006.

The lasting result was that most institutions took the most restrictive possible interpretation. The universities concluded that a school is subject to CALEA requirements unless it restricts access to Internet systems by password and employee/student ID; and accesses the Internet through a commercial ISP (which would, of course, itself have CALEA Internet surveillance equipment already installed). In practice, that meant limited user access and a big revenue boost to commercial ISPs.

This interpretation also provided a windfall to IT consulting firms. Any university that wants to safely claim an exemption as a private network is required to install an operations center or automated system that restricts access to authorized individual users within the system.

Viewed in more critical terms, the CALEA system operates as follows: http://www.wsws.org/articles/2005/oct2005/calea-o26.shtml

The new legislation requires universities to have every Internet access point send all communications to a network operations center, where the data packets could be put together into a single package for delivery to a law enforcement agency.

If this is done, then the government will no longer require the collaboration of campus officials to monitor the activities of students or staff. The technology will be in place for automatic surveillance from a remote location without the knowledge of either the individuals being monitored or the institution itself.

Beyond the university campus, the order extends the 1994 wiretap provisions to Internet service providers, libraries, airports providing wireless services and municipalities that either provide Internet access to residents or plan to build their own Internet access networks, such as Philadelphia or San Francisco.

3) CALEA: Commercial Motives Hiding Behind the Skirts of Terror and Power

It may turn out that all this fuss about securing the internet may serve no higher purpose than another Y2K scare, an enormous give-away to the IT contractors that makes the public no safer, but pumped more (to quote Carl Sagan ), "billions and billions" into the pockets of a politically well-connected industry. The reason for this is that real terrorists and sophisticated criminals easily get around the technology that CALEA has mandated. A good explanation of how that is done was offered back in late December 2002, when some of the more savvy among us stated to learn about this shakedown: http://www.newsfollowup.com/comm_gen.htm

(T)ake a look at the working draft of President George W. Bush's National Strategy to Secure Cyberspace. Its authors, a collection of consultants from the Critical Infrastructure Protection Board, suggest that WiFi networks can be secured with tools "such as password access requirements, address filtering, encryption, or using a virtual private-network." With the exception of encryption, all of these tools are used in the context of WiFi exclusively to prevent random people from hopping onto a network. None of them is particularly difficult for a skillful hacker to circumvent.

So obviously the threat model the CIPB types are working with is not evil terrorist hackers, who laugh in the face of your address filtering.

What, then, is the government's threat model for WiFi? It's most worried about people whose "hacker" tool kit includes nothing more complicated than Dynamic Host Configuration Protocol, software that is used to grant users open access to a publicly available wireless network. Most free WiFi networks use DHCP to assign visitors a temporary address on the network, giving them access to the Internet or whatever nifty things the network owners have made available. A deliberately open WiFi network is not an insecure network; it's a public works project. It's a resource that some generous geek has made available to anyone who wants to partake - and usually said geek has carefully secured all parts of the network he or she wants to keep private.

Nearly all of CIPB's suggestions for "securing" a wireless network are actually rules for creating a closed WiFi network. Let's go through them one by one. "Password access requirements" are already used by Starbucks in its pay-per-use coffee shop WiFi; "address filtering" allows only certain machines to log on to the network; and a "virtual private-network" allows selected people to log on to an already secured network remotely. None of these so-called security methods will protect the content of a network. As long as you have a password or a machine whose address the network recognizes, you're in.

Only "encryption" will protect sensitive data (precisely what a terrorist hacker would want, right?). So most of the "security" recommended by the government for wireless isn't aimed at stopping bad guys from drinking up our precious data. Nope, it's aimed at preventing people from using and setting up open wireless networks.

In other words, the government is dubbing open WiFi networks a security risk. Just having a network that's open to the public makes you part of the national vulnerability problem. Huh? This only makes sense if you consider that open networks across the globe have given people yet another way to gather in public places to disseminate information. Nobody in the Bush administration likes it when a piece of technology makes information exchange easy, anonymous, and ubiquitous.

SNIP

Somebody doesn't like the idea of unregulated communication. WiFi is scaring the government not because it's a tool of terrorism but because it's a tool of unregulated political dissent.

Perhaps, this thing is an effort to fence off another forum for dissent. But, I would also look to commercial motives, like the mandatory adoption of so-called Hi-Def television (which eliminates broadcast Free TV in the name of freeing bandwidth for First Responders), CALEA is an effort to further privatize bandwidth, fence off the common carrier, making access to the means of communication available by paid subscription only.

A final note: never underderestimate the power of venality with the Bush-Cheney crowd. Lust for power isn't the only thing that motivates them. Even in dictatorships, money is still King.
_______________

This deserves a summary kick to the front page by Skinner.

K&R

I could never understand why the hell he was always going on and on about internet porn but in the context of your most excellent post, I wonder if Gonzales' purported internet porn witch-hunting was to provide another cover for further erosion of our high tech communications "freedom".

I mean it was wierd how he was insistent he had to stay on as AG to go after internet porn. WTF?!

Great post. K & R!

The Government Is Spying on Americans
Home : Safe and Free : Spy Files
http://www.aclu.org/safefree/spyfiles/index.html

Documents obtained by the ACLU under the Freedom of Information Act reveal that the FBI is using its Joint Terrorism Task Forces to gather extensive information about peaceful organizations. Recently, President Bush acknowledged giving explicit and secret authorization for warrantless electronic eavesdropping and physical searches by the NSA. There is proof that the Pentagon, too, is illegally gathering and sharing private and protected information.

The actions of the president, his administration, and these agencies are part of a broad pattern of disregard for the rule of law in the name of national security. The ACLU is calling for investigations and full disclosure of records to determine if oaths of office were broken or federal laws violated.

MUST SEE > PBS Documentary: "Spying on the Home Front" - http://www.pbs.org/wgbh/pages/frontline/homefront/view/

> NYCLU Releases RNC Documents That City Tried to Conceal (3/21/2007) - http://www.aclu.org/freespeech/republicannationalconvention/29249prs20070321.html

> Report Shows Widespread Pentagon Surveillance of Peace Activists (1/17/2007) - http://www.aclu.org/safefree/spyfiles/28024prs20070117.html

More News >> - http://www.aclu.org/safefree/spyfiles/

FROM: DIA SPYING: NGIA collecting data, 133 U.S. cities, ID everyone, nationality, political affiliations
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=389x983282

Thanks Mark! bookmarked.

-Hoot

http://wiretapfacts.notlong.com/

Thank you