DOJ’s Untracked Email Spying
As Wired reports, DOJ blew off the requirement that it tell Congress how many pen registers and trap and trace devices they used for the entire Bush Administration.
[…]the Justice Department was not following the law and had not provided Congress with the material at least for years 2004 to 2008. On the flip side, Congress was not exercising its watchdog role, thus enabling the Justice Department to skirt any oversight whatsoever on an increasingly used surveillance method that does not require court warrants, according to Justice Department documents obtained via the Freedom of Information Act.
But just as interesting as DOJ’s failure to follow the law on disclosing these surveillance tools are two details from the emails Chris Soghoian liberated to make all this clear.
First, note the December 23, 2009 email from Janet Webb (on PDF 4) revealing that DOJ’s agencies weren’t tracking email pen registers (that is, lists of who was emailing each other), and one of them–they speculate DEA–still wasn’t in 2009.
FBI only began keeping computer intercept stats a couple of years ago. The other agency may be DEA.
From which we might assume DEA is engaging in a ton of email tracking they don’t want to tell anyone about?
Wired suggests why they may not be tracking such information.
Another feature of [the Electronic Communication Privacy Act] had once protected Americans’ electronic communications from the government’s prying eyes, but it has become so woefully outdated that it now grants the authorities nearly carte blanche powers to obtain Americans’ e-mail stored in the cloud, such as in Gmail or Hotmail — without a court warrant.
That is, we probably should assume these email numbers are so small–and DEA isn’t tracking them at all–because they’re just taking them, with no court oversight at all.
The other detail to remember about these reports is they include only criminal surveillance, not intelligence surveillance. Russ Feingold staffer Lara Flint makes that clear in her request, and DOJ staffer Mark Agrast makes it clear in his response. They’re getting that information via other means, presumably NSLs or Section 215.
So while they’re hiding a lot of the cloud computer spying they’re doing in the name of criminal investigations, that doesn’t even scratch the surface of the degree to which they’re tracking who emails whom.
Is it mainly hotmail and gmail traffic that gets monitored in this way, or are other kinds of email accounts vulnerable in other ways? I avoid dealing with email directly via the internet as much as possible. I have email accounts with about 5 different ISPs, which obviously use internet channels, but a lot of it gets funneled through Yahoo and downloaded by my email software (Eudora Pro). Not that they would bother to read my mail…
Bob in AZ
Warrantless wiretapping part deux. No other way to describe it. However, this is something the Bushies did with impunity, so we just have to mind what we say. FISA and the FISC are no longer relevant, state secrets [regarding “methods”] will trump any investigation, and we will have to live under police-state rules.
I’ve been assuming for quite a while now that any “opened” email older than 6 months is automatically hoovered up by the US government on a regular persistent basis.
I’ve also been assuming that each interested US government agency (by that I mean all of them) submits a regularly updated “trigger list” to the processing agency (likely the NSA) to be scanned for, again on a regular persistent basis.
And now I guess I should be assuming that an automatically generated NSL or Section 215 order is sent on a regular persistent basis to each and every email provider with systems here in the US.