FBI's Wiretapping Demands May Nix Verio Deal

An Anonymous Coward pointed to a story on the AP wire, writing: "Why does the FBI and US government have problems with this merger? Is there some sinister wiretap access deal between the current US ISPs ? [From the article:] 'An NTT spokesman told the Journal a pending U.S. government review of the deal is a response to FBI and Justice Department concerns that law-enforcement agencies maintain access to Verio's Internet structure to obtain wiretaps and serve subpoenas for information. ... In telecommunications deals, the FBI has asked for assurances that only U.S. facilities be used to handle U.S. traffic. The FBI has insisted the companies employ U.S. citizens to handle wiretapping activities.'" A fellow-traveling A.C. points to coverage on CNNfn. Does this bother anyone?

Re:The FBI is just looking out for us

Well, excuse me for pointing this out, but Timothy what's his name who blew up the federal building in Oklahoma wasn't a Muslim, wasn't a foreigner, wasn't a homosexual and wasn't an "enviro-nazi".

He was a blond-haired (blue-eyed?) conservative who "served his country" in the military and probably voted Republican before he was arrested for the deadliest terrorist attack on US soil in recent history. I know of no evidence that he announced his plans to blow up Oklahoma over any phone line that the FBI bothered to tap.

I could further point out that, although Martin Luther King [umd.edu] is now considered a Civil Rights hero, the FBI didn't just wire tap him, they tried to discredit him with their wiretap info. As for the people who shot MLK, the FBI probably considered them good, upstanding members of the KKK.

NOW you can try and justify violations of, and limits on, our civil rights "so the government can protect us".
`ø,,ø`ø,,ø

Anti-paranoia post

I notice a lot of fearmongering in this thread about the CIA and NSA snooping around the affairs of the American public. One of the hats I wore in my last job was as Intelligence Oversight officer for a unit within one of our intel agencies. As such, it was my responsiblity to make sure that my department conducted itself with complete probity under Executive Order 12333 [tscm.com], which absolutely forbids covert intelligence collection activities against "United States persons" (defined in the Order) by any agency except the FBI, and by them only for valid law enforcement reasons, possibly requiring warrants and court orders.

I'm certainly not saying that it never happens, by any agency, at any classification level (no matter how deep you make it into the TS-SCI world, there's always weird stuff going on somewhere above), but it never happened in my department, and never to my knowledge anywhere else.

Chris

Cascading implications and the silly FBI

We all know that the U.S. government wiretaps. This article isn't about whether or not that is right. Wiretapping is normal, and there are, on occassion, real reasons why wiretapping is the best way to go about solving a problem or answering a question. I know-- as part of my job I analyze FBI data. It would be foolish to assume that ALL governments don't have some form of surveilance in place to check up on those aspects of their citizens' lives that warrent it. The Japanese constitution, however, prohibits the Japanese government from any form of wiretapping. (Not to say that all governments always stick to their constitutions -or equivalents-, but...) That the FBI feels compelled to say, "we don't believe you, we don't trust you!" to the Japanese government is perhaps excessive, but well within the realm of normal FBI activity.

In the Techserver article [techserver.com] it is stated that the FBI is asking for assurances (asking for assurances -- they're not allowed to actually interfere with international issues.) that U.S. facilities handle U.S. telcom traffic. Here's the real issue: if this starts becoming a standard, it has cascading implications for the involvement of the U.S. in the global telcom industry. How can we participate in what is by nature a global entity when we're supposed to draw firm and distinct lines between "us" and "them?"

Re:wiretap

they can't catch the evil pron runners that would take recources away from figuring out who is really under 13 on ICQ.

Devil Ducky

There is more to this than meets the eye

From the article:

An NTT spokesman told the Journal a pending U.S. government review of the deal is a response to FBI and Justice Department concerns that law-enforcement agencies maintain access to Verio's Internet structure to obtain wiretaps and serve subpoenas for information.

Note the use of the word "maintain"; they are saying they currently have access to Verio's 'internet structure'.

How would they (the Feds) lose that access due to the NTT purchase? Don't foreign corporations doing business in the US have to abide by US laws?

I think there is something else going on here that has not come out yet. Why is NTT interested in a small-time Colorado ISP, that's operating at a loss? Follow the money.

This is the beginning of the M$ counter-strike against the US govt...

No surprises here.

The FBI (and the NSA, either directly or by proxy) have been in bed with the telecoms industry in the USA since the very beginning. In 1994, Congress passed CALEA [epic.org] (the Communications Assistance to Law Enforcement Act) which explicitly mandated that tap-and-trace functionality be built into digital telecom networks.

Now, this is just my gut feeling, but I think the FBI's concerns over access are just a ruse. The real concern (from a national security standpoint) is more likely that NTT (the buyer, Japan's national telephone monopoly) will use the tapping capabilities built into Verio's networks for gathering of intelligence (economic or otherwise) as an agent of the Japanese gov't or corporations.

-Isaac

Which is worse?

Which is worse....the FBI wiretapping the american
public, or the american public being deluded into
believing that its ok?

wiretap

Well, seeing as the telephone companies have been known to tap for years, why is this such a huge surprise. Not saying that Verio is doing such a thing, but you can even find packet sniffers on the machines they control in their own network. There could be all kinds of stuff someone could run even from a leased box. I'm the government has to take some measures to catch the evil pr0n runners!

Cyber-Newscaster Ana Nova Sold for $144 million [cadfu.com]

Why bother with wire tapping

Echelon has the data stored already. It could pay for itself by selling info to the FBI and others.

Re:Why bother with wire tapping

Lately, I've been noticing a lot of billobards in the Minneapolis/St. Paul area pitching Eschelon Communications [eschelon.com]. I don't care how they spell it -- could you have even the least bit of trust in their PBX and/or Internet services???

--

Re:No surprises here.

Now, this is just my gut feeling, but I think the FBI's concerns over access are just a ruse. The real concern (from a national security standpoint) is more likely that NTT (the buyer, Japan's national telephone monopoly) will use the tapping capabilities built into Verio's networks for gathering of intelligence (economic or otherwise) as an agent of the Japanese gov't or corporations.

Interestingly enough the Japanese constitution, drawn up after its surrender at the end of WWII by the Allies (i.e. the United States) prohibit the Japanese government any form of wiretapping.

Also, the Japanese do not have an army, national defense is provided, at a fee, by the United States.

Obviously the inability of US law enforcement to wire-tap digital communications if and when Verio handles them via NTT is a concern. If NTT were not Japanese, but for instance Dutch (where ISPs will typically go along with any law enforcement request for cooperation or information even though there is no law that says they have to) the intelligence community would be a lot more at ease I suspect..

Ironically, the Japanese government is the one government that will not be wire-tapping US nationals on the behalve of the US, because of their US-drafted constitution..

--

Re:Tapping an OC-192

As shown here [gapcon.com], one of the tools that the NSA uses is the Paracel Textfinder [paracel.com].

From the webpage for the textfinder: A single TextFinder application may involve trillions of bytes of textual archive and thousands of online users, or gigabytes of live data stream per day that are filtered against tens of thousands of complex interest profiles.

German Companies and Holocaust Laws

The problem isn't so much that it's an EU company. Hell, there are US defense contractors owned by EU companies. The problem is that it is a German company. There are laws that arouse from the holocaust and the disclosure of how much spying the DDR (East Germany) did on the public that make it difficult to share information with the gov't.

You have laws against sharing all sorts of information, creating central databases, harvesting infromation. Hell, I'm suprised double click isn't going to sue.

The problem is there could be a time where the Feds requests will put them at odds with German law, and when the cards fall, Germany has greater pull than the US.

Re:The FBI is just looking out for us

People who do not plan illegal activities on the telephone have nothing to fear. It's that simple.

If I'm not doing anything illegal, they have no business monitoring me. It's that simple.

Encrypt Casually and Regularly

If you worry as I do that people snoop on the Internet, then you should use encryption. Don't just use encryption for important secret messages, use it all the time so that the snoopers won't be able to tell when you're up to something they should be paying attention to. Even if you have nothing to hide, generating encrypted traffic on the net improves its overall security because it makes it more difficult for crackers to focus on those who appear to have something going because they use encryption (even encryption is subject to traffic analysis).

Please read my page Why You Should Use Encryption [goingware.com].

If you get your mail from and put web pages on a hosting service, then at a minimum you should use one that provides secure shell (ssh) and secure copy (scp) access. One such hosting service that does is Seagull Networks. [seagull.net] Does anyone know any others?

When you retrieve your email via POP or load a web page via FTP your password is being transmitted in the clear. You have no control over which routers and cables it passes through in the process, so you have no way of knowing if someone's running a sniffer on a compromised host. Usually you have no knowledge even of the route, unless you go to the trouble to run traceroute regularly.

You can download your email via an encrypted channel [betips.net] with ssh port forwarding if your mail host provides ssh. The instructions given are oriented to the BeOS but apply in general to any OS for which an SSH client exists.

If you run a website that uses passwords please consider allowing the users to enter their passwords via SSL (https).

If you use websites that require passwords, please use a different password for each site. At the very least, use a unique password for your important sites, like your email, web pages and financial sites. If you keep the passwords in a file (which you may have to do because there are so many sites that take passwords), encrypt the file.

Be aware that most sites that have passwords do not encrypt them, otherwise they wouldn't be able to send you your password reminder in clear text. I've even used sites that mailed out password reminders in the clear every couple months just to prompt me to use the service. Note that anyone at the site who has root access, anyone who compromises the site or anyone running a sniffer on or near the site will be able to catch your passwords.

Also I think it is very likely that many websites are provided for no other purpose than to collect passwords for later use by crackers - beware of that free trial and use a unique password if you must accept the offer!

Use the anonymizer [anonymizer.com] or, if you have Windows 95 or 98, Freedom [freedom.net] to protect your privacy while you web surf.

Finally, do you use a laptop computer? Do you have files on it that you don't wish to share with the random stranger who might steal it someday? How about your competitors? A thief won't likely be in the direct employ of your competitors but they may recognize the value of the information and sell it to them, or even post it on the net for fun.

And remember in this information age the information on our computers is more valuable than the hardware itself, and unlike car stereos can continue providing value to a thief because, once it is fenced, it is still available to be fenced again.

Depending on your OS, you should use PGPDisk [pgp.com] or the Linux encrypting kernel [kerneli.org] on your laptop.

Consider encrypting important information on your desktop too. A friend of mine who is a software developer lost every machine in his company in a robbery - source code, strategic plans, and the customer database.

I know of two cases where laptops were stolen from intelligence agents, once during the Gulf war, and once from an MI5 agent while he'd set it between his legs at a train station. Good thing they used encryption!

Finally, read the Forum on Risks to the Public in Computers and Related Systems available on the Usenet News as comp.risks [comp.risks] and on the web at http://catless.ncl.ac.uk/Risks [ncl.ac.uk]

Tilting at Windmills for a Better Tomorrow

And this will hurt Sealand Sales How?

Sounds to me like something likely to lead to people having greater interest in using "data havens" like the one at Sealand.

Given the choice of:

• Keeping your business open to FBI wiretapping, and
• Not having your business open to FBI wiretapping,

what would people rather have?

Re:George Washington vs. FBI ding ding ding

Not a single terrorist has been caught by the FBI due to traditional wiretaps. According to the 1999 Wiretap Report from the Adminstrative office of the US Courts, availabe at http://http://www.epic.org/privacy/wiretap/stats/1 999-report/default.html , in 1999 the feds were granted a total of 601 wiretaps. A whopping 504 (83%) of those were for Narcotics, 61 (10%)were for racketeering, 1 was for bribery, 4 were for homicide and assault, 3 for kidnapping, 2 for theft, 2 for exortion, and 24 for other crimes. Geez, terrorism isn't on that list at all!

hrmmm

I see why the FBI would want Only US companies dealing with US traffic. If you had a ligitmate reason to wire-tap say, a kiddie porn dealer, would you as an FBI agent want to have to deal with international law in a matter that would normally be covered under simple interstate issues?

but at the same time, the FBI should make some attempt at modernizing the current wiretapping laws to allow for the "Globalization of the communications industry" (look mommy, a herd of coroprate buzzwords) Working under laws that are as old as the telephone is an absolute joke. But this is all under the impression that they have a ligitmate reason to be wiretapping in the first place

just .02 of devils advocating.

Re:Anti-paranoia post

Don't the get around that by "laundering" the surveillance -- they'll cut a deal with some foreign government to spy on Americans and in return spy on citizens of that country for them, thus circumventing each country's privacy laws?
/.

George Washington vs. FBI ding ding ding

Ok, I might be going out on a limb here, but I'm pretty sure that this is wrong. I can just picture the head of the FBI trying to convey his argument to George Washington... it might go a little something like this: FBI: Yeah, were going to have to nix this deal... it compromises National Security.... Washington: Really, how's that? FBI: Well, ya see, we can't listen in on peoples conversations, and that presents a security risk to the American people.... Washington: So what your basically saying is that innovation , and people's rights to privacy should be waived when face with a possible security risk? FBI: Basically yes... Washington: You don't see any problems with this? FBI: Not really no.... Washinton: So, if I read you right, what your saying is that your right to the ability to listen in on private communication supercedes the right of the American public to engage in private communications.... FBI: Yep. Washinton: Here we go again... Now, I don't think this is in the best interests of the American people... this is in the best interests of law enforcement. Correct me if I'm wrong by shouldn't the FBI exist to serve the best interest of the American public?

Taps != tapes

Everyone knows that the taps are inadmissable in court if you can't tell you are being taped. There is some obscure law that says that you have to have a small alert...like a beep to indicate you are being tapped...

You as a private citizen or a corporation cannot 'tap' someone's line at all. You can 'tape' conversations as long as all parties know that they are being taped. Law enforcement agencies must be granted permission to 'tap' a phone line and the tapes/transcripts are admissible in court and they don't have to have the periodic beep on a 'tap'.

"Say, boss, [beep] I dumped the bodies in the river like you [beep] said."

"What's that beeping sound, Rocco? You developing a speech impediment?"

Nah. I think the bad guys are smarter than that.

Re:The people I know at Verio..

You think any of us working at Verio would even dare answer this on the grounds of it being forwarded to our supervisors? Right. As a disclaimer, I'm speaking personally (off the record, and off the clock). There are no company secrets being released here.

As you may or may not know, approximately a year ago, Verio purchased 56 (or so) companies around the United States and has been trying to "integrate" them into their Borg collective, so-to-speak. No harm intended.

The buy-outs of these companies resulted in Verio handing over (to managers or higher-ups only) very VERY large sums of stock at a very VERY miniscule stock price. Therefore, these managers will be quite pissed if the NTT deal does not go through.

I personally know of a few individuals (again, managers) who are already making plans to buy houses and other expensive investments with their stock money. Hence why the NTT deal is so important to them.

As for employees, well, let's just say that Verio believes strongly in EBITDA (search for the word if you don't know what it is). The concept of EBITDA is "profit before expense," which basically boils down to that full-time employees are "expensive" (and affect profit severely), but that contractors are not. Verio writes off contractors as a business expense (yeah, interesting, isn't it), while full-time employees who are either fired or leaving are not being replaced. I still do not understand how a company can morally (or legally) work like this. As stated by hundreds upon hundreds of economic analysts, EBITDA DOES NOT WORK. Period.

Onto the NTT aspect...

To be entirely honest, I met personally with the two Japanese individuals who originally proposed the NTT-Verio deal be done. I have to say that both of these individuals are EXTREMELY friendly, and they respect their employees greatly. Employees in Japan are NOT expendible, and both of these individuals made it very clear to myself that without employees the company wouldn't be anything at all. Verio, however, takes the entire opposite approach.

So, honestly, as an employee, the NTT deal means nothing. We get nothing out of it; our management doesn't change, we don't get raises, we don't get better benefits (or worse benefits). Nothing changes.

I'd love to work for NTT (in Japan) though. They have a lot of respect, not to mention (something any geek will appreciate) last year they spent over 3 billion (yes, billion) on just R&D. That's pretty damn cool.

But... if you're a manager, you'll be seeing the word "PREMIUMS" all over the inside of your eyelids while sleeping.

So, back to the issue of stock. That's what this whole thing is all about. It seems the Slashdot goons are unable to focus on what the real point of government involvement is about -- it's not about wiretapping, it's simply about penis length.

The US government is "scared" that Japan would be able to invest in American stock (Verio), but that Americans would not be able to invest in Japanese stock (NTT).

Like I said, it's a penis war. Leave it to America to be excessively paranoid.

Leave it to Slashdot to blow it out of preportion and focus on the wrong aspect of the merger.

Just my $0.02.

NTT not part of Japanese Gov't.

Interestingly enough the Japanese constitution, drawn up after its surrender at the end of WWII by the Allies (i.e. the United States) prohibit the Japanese government any form of wiretapping.

Article 21 [ntt.com] of the Japanese Constitution [ntt.com] does seem on its face to prohibit wiretapping, at least by the government. However, NTT is arguably not part of the Japanese gov't and not subject to contitutional restrictions.

Remember that most large-scale Japanese corporations operate in the keiretsu [utoronto.ca] system, where affiliated companies pass information, arrange financing, and generally cut deals with each other.

Also remember that we're speculating about NTT's actions in the USA, outside the real of Japanese constitutional protections. It's well known that the USA taps everyone it can outside its borders, thought this would be illegal at home.

-Isaac

Corporation and State

This tends to support my position that (JonKatz's blather about the "Corporate Republic" notwithstanding), the tension between Megacorp and State is likely to have the same beneficial effect as the medieval tension between Church and Crown. The fact that neither side has a particularly appealing agenda is less important than the existence of two (or more) great powers making life difficult for one another.
/.

Re:Tapping an OC-192

I regularly monitor OC-3,12&48 traffic. Not all of it, but the parts causing trouble. Sometimes the streams are ATM carrying internet traffic, sometimes the streams are DS0s carrying voice. If I were to switch a copy of a DS0 PVC to a voice card, I can listen to someone's conversation. When I copy an ATM stream to a separate port, I can monitor all that data traffic without any interruption.

But this capability exists only at a few critical junctions, where we need to debug our streams. It doesn't exist at all points in the network, that would be too expensive to implement.

The CALEA (US) and RIP (UK) laws are trying to force service providers and telephone companies to install additional switches at key points, which only law enforcement could control. This would allow them to monitor any traffic they wanted to, without having to bother us technical people to take a few minutes to copy a stream to a monitoring port for them. We might ask to see a valid court order or something :-)

The problem from my point of view is that we have a hard enough time keeping the whole system running without having law enforcement controlling one link in the chain. We have problems on a daily basis, and we can do anything necessary to any piece of equipment to restore service. If we had to coordinate with an FBI/MI5 agent before tracing a faulty circuit, outages would go from a few minutes to a few days. Finger pointing would become commonplace.

the AC

Re:No surprises here.

Interestingly enough the Japanese constitution, drawn up after its surrender at the end of WWII by the Allies (i.e. the United States) prohibit the Japanese government any form of wiretapping.

Especially interesting since Japan has not fallen into ruins from not being able to tap communications. Yet we (in the U.S.) are regularly told how critical wiretaps are to law enforcement.

Re:Its CALEA related

From the FBI link:

CALEA . . . is to preserve law enforcement's ability to conduct lawfully-authorized electronic
surveillance . . .

I like how the law authorizes themselves power when they feel the need for it. The quote continued to disclaim thier reach of power with:

the public's right to privacy

How is an individual supposed to have privacy against a resourceful automated electronic self authorizing law body with immense resources including a wide range usage of deadly force and property seizure such as the FBI.

A person's house could be the next Waco if that individual might seem to object thier methods of questioning his existance.

Re:No surprises here.

"Also, the Japanese do not have an army, national defense is provided, at a fee, by the United States."

Semantics aside, the JDF (Japanese Defense Force) is an army/navy/airforce.

One of the spookiest moments in recent history occured when, on the same day, a German Panzer division rolled into Kosovo as Japanese warships chased a North Korean patrol boat out of japanese waters. And by warships I mean full up guided missle frigates not patrol boats. The warmacht and the IJN (although they aren't called that anymore) back in action.

Its CALEA related

The FBI and other LEAs are worried because of the potential of moving the actual servers outside of the US. If the email resides on servers elsewhere, then the US laws don't have much effect.

A LEA could get "taps" on the dial-up or other connection points, but it makes it much tougher to snag that email as the monitored person could dial in from anywhere to any connection point to get their mail. The FBI much rather be able to have the server capture all mail traffic, so they have only one place to go.

This general concern holds for other telecommunications providers. CALEA is the requirements for providing access to telephone, paging, two-way radio, and cell phone systems for "tapping" by law enforcement agencies.

With fines of up to 10K $US per day to service providers who can not provide a CALEA port when served with a tap request, the government is serious about being able to monitor all communications of someone they are investigating. Moving the servers of a US provider outside of the US makes it harder to use that hammer.