Wiretapping

A 91-page document describing the Republican strategy for the 2006 elections has been leaked and is available online (PDF). The document was obtained by The Raw Story website, which has published a summary: The document, signed by Senators Rick Santorum (R-PA) and Kay Bailey Hutchison (R-TX), reveals plans to focus Republican Senatorial campaigns on three themes. Next week, Republicans will tout efforts to “secure America’s prosperity” through a variety of programs. Plans for small business health insurance pooling, spending reductions, increased domestic oil drilling, and “permanent death tax reform” are all to be pushed at the state level. ...

The Information Technology Association of America (ITAA) has issued a report on “Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP” (21-page PDF) by Steven Bellovin, Matt Blaze, Ernest Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau, Jon Peterson, and John Treichler. This report comes at a time when the FCC and courts have already ruled that VoIP and facilities-based broadband providers must provide lawful interception capabilities under CALEA for VoIP services that are “interconnected” with the publicly-switched telephone network (PSTN). ...

Salon.com has a new article on a room in an AT&T facility in Bridgeton, MO (a St. Louis suburb) that may be an NSA interception facility. The room is protected by a man trap and biometric security, and the AT&T employees who are permitted to enter it had to get Top Secret security clearances. The work orders for setting up a similar room in a San Francisco AT&T office, reported by former AT&T worker Mark Klein, came from Bridgeton. The Electronic Frontier Foundation has an ongoing class-action lawsuit against AT&T over its involvement in illegal NSA wiretapping.

The Baltimore Sun has reported on a shelved 1990s NSA program to collect and analyze phone records which had the following features: Used more sophisticated methods of sorting through massive phone and e-mail data to identify suspect communications. Identified U.S. phone numbers and other communications data and encrypted them to ensure caller privacy. * Employed an automated auditing system to monitor how analysts handled the information, in order to prevent misuse and improve efficiency. ...

Details of AT&T’s cooperation with the National Security Agency are beginning to emerge as a result of the Electronic Frontier Foundation’s lawsuit against AT&T, as described by Wired: AT&T provided National Security Agency eavesdroppers with full access to its customers’ phone calls, and shunted its customers’ internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation’s lawsuit against the company. ...

John Markoff has a story in the New York Times about AT&T’s “Daytona” database, which has a record of 1.9 trillion calls from over the last several decades. The Electronic Frontier Foundation, which has filed a lawsuit against AT&T for cooperating with the NSA’s warrantless interception program, asserts that this database has been used by the NSA for data mining. “Checking every phone call ever made is an example of old think,” he said. ...

Bruce Schneier reports on the technical details of how about 100 Greek politicians and offices, including the U.S. Embassy in Athens and the Greek prime minister, were illictly tapped. What was originally referred to as “malicious code” turned out to be eavesdropping code in Vodafone’s mobile phone software that was present for law enforcement interception. The same kind of code is present in U.S. phone switches as required by CALEA. As Schneier points out, “when you build surveillance mechanisms into communication systems, you invite the bad guys to use those mechanisms for their own purposes.”

Via Steve’s No Direction Home Page: Apparently presidential wiretapping is frowned upon–when it’s done by Clinton. Some of the reader comments are hilarious, viz.: “Any chance of Bush rolling some of this back?" “As quietly as possible (although it sometimes breaks out into the open, usually with the sound of gunfire and the death of innocents), a “shadow government” has been set up all around us my friend. It’s foundation is not the constitution, but Executive Orders, Presidential Procalamations, Secret Acts, and Emergency Powers." “This is wherein the danger lies in the precedent set by the Clinton criminal administration. God only knows who will be in power next, but there are no checks and balances anymore. This is exactly the SORT of thing I’ve been protesting all along. Libs just don’t see this!" ...

Security and cryptography expert Bruce Schneier gave a talk yesterday to the ACLU Washington’s membership conference at which he argued that massive automated wiretapping generates too many false alarms to be useful, as described in the Seattle Times. As a commenter on Schneier’s blog notes, mathematician John Allen Paulos (author of Innumeracy and A Mathematician Plays the Stock Market, both of which I highly recommend), writing in a New York Times op-ed titled “Panning for Terrorists,” makes the same point. The problem is essentially the same one that makes it pointless to engage in programs of blanket drug-testing of grade school children or mandatory HIV testing in order to obtain a marriage license–the population being tested contains such a small number of people who meet the criteria being tested for, which means that even a highly accurate test returns vastly more false positives than true positives. Paulos points out that a 99-percent-accurate sorting mechanism for detecting terrorist conversations, on a population of 300 million Americans that includes one-in-a-million with terrorist ties (300) will identify 297 of them, along with 3 million innocent Americans. That’s 297 true positives and 3 million false positives, producing a new sample population that is .009% terrorists and 99.99% innocent Americans who may be wrongly investigated.

The ACLU has filed a lawsuit against the NSA asking for an injunction against warrantless interception of communications to international destinations. The plaintiffs include James Bamford (author of The Puzzle Palace, Body of Secrets, and A Pretext for War), Christopher Hitchens, Greenpeace, Larry Diamond of the Hoover Institution, the Council on American-Islamic Relations, the National Association of Criminal Defense Lawyers, and others.