With What Databases Has NCTC Cross-Referenced with FBI’s 12 Million iDevice User IDs?
Update, 6/13/13: For those coming to this via my Twitter link, subverzo reminded me that this turned out to be a false claim. The data came from an Apple developer, not from FBI.
Sorry for the confusion.
As you may have heard, Anonymous and AntiSec hacked into a database of 12 million Apple Universal Device IDs that were in an FBI officer’s laptop and released 1 million of them, ostensibly so some people could identify if their device was one of those FBI was tracking.
They claimed to have tapped into a Dell laptop owned by Special Agent Christopher K. Stangl, an FBI cyber security expert. They downloaded several files, including one that contained “12,367,232 Apple iOS devices including Unique Device Identifiers (UDID)” and other personal information, they wrote in a text file published online. “[The] personal details fields referring to people appears many times empty leaving the whole list incompleted [sic] on many parts. no other file on the same folder makes mention about this list or its purpose.”
While it’s not immediately clear what the FBI is doing with the Apple UDIDs and detailed information on device owners, Gizmodo pointed out that the acronym “NCFTA” could stand for the National Cyber-Forensics & Training Alliance, a nonprofit that acts as an information-sharing gateway between private industry and law enforcement.
These are unique identifiers for things like iPhones and iPads that have long presented the risk of tying someone’s identity to an individual device.
There are multiple ways FBI could have collected this information–either using an NSL or Section 215 request or an insecure transmissions to an ad or game server. And no one knows how the FBI was using it. Whatever you think about Anonymous, we may finally learn more about how the government is tracking geolocation.
But here’s one other concern. Assuming that’s an official FBI database, not only the FBI has it, but also the National Counterterrorism Center. And they’ve got access to whatever federal databases they want to cross-check with existing counterterrorism databases. And one of the few checks we have on the use of our data in this way is a Privacy Act SCOTUS just watered down.
This is a massive amount of data the government likely has no good excuse for having collected, much less used. But it’s likely just one tip of a very big iceberg.
Never heard of this before. Is this yet another way to subvert our laws and Constitution?
Wonder if they wear superhero leotards, public sector and their patriotic private sector partners teaming up to save the world (and help spy on their fellow citizens).
Don’t they ever worry about the fact that their own (and that of their kids, their friends and their mistresses) private information is being Hoovered up too?
Well anyway, it’s another way of avoiding the courts. Subpoenaing Twitter or ISPs or telecoms for identities will be a thing of the past eventually, I guess.
Man. The guy had this stuff in a desktop folder too. In a .csv file probably so it could easily be popped into a spreadsheet, maybe. What was he doing with this and if it was in a desktop folder was that because he used it so frequently that he wanted to have it really handy there?
Weren’t we just told that the govt. is not creating files on millions of Americans… in that response about how at least once, communications were collected inadvertently in violation of the 4th Amendment? Not that I believed the answer but weren’t we officially told that files are not being made on millions of Americans as suspected (and asserted by at least one whistleblower)?
WHY?
You know, in all these things there are many questions unanswered, but the biggest one is why. Why would the FBI need to scoop up all those telecommunication ID’s and locations on citizens? Has our President ordered it done? If so, why? Why would the FBI treat the population at whole as suspects of terror?
The only reason I could possibly come up with is that the Government intends to remake itself from within and yes, the populace would then become the enemy.
Just following orders is no longer a valid excuse for the FBI.
And then, there’s that huge new total info. awareness style complex nearing completion, out in . . . Utah!
Peasantparty wrote: “Why would the FBI need to scoop up all those telecommunication ID’s and locations on citizens?”
FBI bureaucrats need unconstitutional, warrantless access into everyone’s private information and communications so they can keep track of who is criticizing the government (such as Brandon Raub) and who is trying to expose government crimes (such as Bradley Manning) so they can then arrest and detain them indefinitely.
Government bureaucrats don’t like their imbecility and criminality to be exposed or criticized. Government bureaucracies are monopolies, and monopolists are not accountable. They know this, and so it is far easier for them to commit crimes against the people’s persons, property and privacy, and get away with it with impunity. The more powerful the central government in DC is and the bigger it is, the more the government criminals and nudniks need to keep track of everyone.
It will all eventually collapse on its own weight, and we won’t have to worry about our privacy being invaded by these paranoid jerks anymore.
Interesting (off topic) story from Haaretz.
I noticed on my Mac laptop that after I clear out the Safari internet cookies/cache and refuse all cookies such actions do not prevent the cache from filling up again with third party website data.
This happens even if I merely close Safari and reopen it. About 50 website names have repopulated the Safari cookies/cache.
Not sure they are actually cookies. Sometimes the Mac indicates the sites are stored in ‘cache’ and sometimes as ‘database.’
I cannot tell if my computer is reinstalling this data, if the companies are doing so, or whether that is effectively the same thing.
This on top of news reports this weekend that Angry Birds is collecting data (including geolocation and websurfing activity) on iPad and iPhone users. However, even that is old news. See this article from 2010.
http://observer.com/2010/12/angry-birds-and-other-musthave-apps-collect-more-personal-data-than-you-think/
Is Angry Birds in contact with NCFT?
@pdaly: That surprises you? Google and FB have dealings with the CIA. Didn’t the CIA’s hedge fund invest with FB?
@Phil Perspective:
“That surprises you?” –> which part? That I cannot clear out cache or that Angry Birds collects and other iphone apps collect data?
I don’t use apps, but I would have assumed (wrongly, of course) that the game app, once on your personal device, was akin to playing an off-line computer game, in the pre-internet days. Any data transfer would have been (I again would have wrongly assumed) at the point of downloading the game.
“Didn’t the CIA’s hedge fund invest with FB?”
By hedge fund, do you mean IntelQ? And by FB you mean FaceBook?
I don’t know the answer to your question. But I doubt that the CIA would need to hide its tracks anymore, given the erosion of privacy and the continual erosion of the expection of privacy that we are witnessing.
FWIW, the FBI says this isn’t their data.
Ah for the days when the FBI had credibility on such issues. Wait–I guess it never really has.
@emptywheel: That may even be technically true. Third-party public (or private) companies collect oodles of this data and sell it to almost anyone anywhere.
The laws that purportedly restrict the US government from collecting this data are nowhere to be seen with third-party providers.
@emptywheel: Wow for a second I thought you had crossed over to the darkness, thanks for the disclaimer;)
Angry birds, check,
Bit Torrent, check,
http://www.bbc.com/news/technology-19474829
cell phone ping, check,
Pacific interconnect fiber, check
Intel web connect with device off, check
cvs file used for data mining, check
personal voice monitoring devices, check
third party providers using off shore server loops to collect data, check…
OT – Updates via the AP on a couple stories that have headlined Rancho Emptywheel recently:
Is the next AP piece related or not? Did the CIA provide assistance? You be the judge. And you might ask yourself why it is that the Mexican Navy seems to be the lead Mexican agency nabbing drug kingpins…on land!
And finally:
I suppose that a lot of this burgeoning surveillance could be an attempt by one side of the political divide trying to catch up and close a gap with the other side’s surveillance advantage.
“You’ve got your files, and now we have our own. So let’s move on to other business.”
Wired’s Kim Zetter has an update on this FBI Apple database story:
@MadDog: In unrelated news, the FBI has announced a plan to quietly replace any personal iPhones agents or their families might own. (Not really, but it could happen, couldn’t it?)
@MadDog: And more OT this time via Reuters:
@Jim White: Heh! I can hear the rest of the US government whining: “What about us?”
@MadDog: There appears to be an ongoing Twitter war between Anonymous and the FBI. One example of where the story is going:
@pdaly:
1) Switch over to using Safari’s private browsing feature. Note this tends to really really annoy some sites, you may have to open a temporary new window for that site and dispose of the leftovers after visiting it. Cookies set to only if necessary (ie.’ only from visited site’, and remember to clean them out at least once a week. Setting cookies to ‘none’ may prevent your browser from chatting with your bank site. You will have to remember passwords though.
2) The database thing is indeed different from a cookie, it was initially designed to be an aid to commerce sites (or similiar) that had catalogs, it saved you the hassle of repeated downloads. It does get misused. It is easily wiped by the user.
3) Some sites are thumbing their noses at secure browsing ideas put out there by Apple and Microsoft, so be warned!!! These include folks like Google, the issues are not as clear as any one would like.
4) If possible do not allow Flash do-hickeys to run — they still have those ‘flash cookies’ which are different than reegular cookies. You can find Flash blocking plug-ins such as Click-To-Flash to install for your browser for those just gotta times.
The private browsing idea I mentioned at the top of this comment is not perfect, but it makes your browsing easier in terms of limiting data exposure. It limits the data sites can put on your computer. Limits, but does not absolutely stop.
Yep, most of that data privacy intruding iceberg is hidden under water, and it calved from a much bigger surveillance glacier.
Even more OT – Continuing with my ongoing focus on the US drone strike in Yemen that massacred 13 civilians (and the mostly crickets heard in the US media), this is the latest news from the Shanghai Daily:
The AP still has not corrected their story where they continue to state:
(My Bold)
Nor has Reuters:
(My Bold again)
What does it take for the supposed “journalists” in the US media before they bother to report on a US drone strike massacre of civilians?
@joanneleon:
It’s probably the usual line: ‘If you aren’t doing anything illegal, don’t worry about it’.
In which case, WTF are they collecting data on people who aren’t criminals?
@MadDog: Somehow I doubt the Pentagon would let Wikileaks get onto the bookshelves of military exchanges. If this was something that embarrassed the President, all the books would be shredded, anyone who posted an online version of it would get DDoSed and the guy would be tortured in solitary confinement.
@MadDog: “No Evidence” is a classic Obama administration line when they want to bury something.
@MadDog:
The apparent PsyOps or turf-warring or whatever about Bissonette is pretty weird.
They’re pissed at him for breaking the code of silence. So they tell the story about the time they ostracized him and sent him packing with a plane ticket?
Your twitter war between FBI and Anonymous is pretty weird too.
This little set-to between Anon and FBI reminds me of the scene in Goodfellas, where DeNiro, Pesci and Liotta hijack a truck then take the driver’s license. Waving the license at him they tell him: “you might know who we are, but we know who you are [and where you live].”
Remember, given the level of FBI infiltration of Anon (and creating snitches in it) we’ve seen in the last year Anon really can no longer be trusted to be independent from FBI. This very well could be a sham fight, an argment between puppeteer and puppet, intended more to tell everyone who uses a computer “we have the information on you”.
Now, who thinks those nice Bible-bangers who run psychological profiles on places like e-Harmony haven’t long since created a direct pipeline from their servers to the FBI’s? It’s just like looking for the guy who dodges process servers by searching the database of hunting and fishing licenses, save people lie less about hunting and fishing than they do about looking for love.
@MadDog: Even with their news today of another US drone strike in Yemen (the 5th in a week?), Reuters still maintains that Sunday’s massacre of 13 Yemeni civilians was done by “a Yemeni government airstrike”:
@MadDog: The Yemen Post still maintains that it was a US drone strike that massacred 13 Yemeni civilians this past Sunday: