The Patriot Act has given the U.S. government broad-reaching powers to collect data on Americans. But now the author of the Patriot act thinks that the National Security Administration is going too far in its interpretation of the act.

Representative James Sensenbrenner (R-Wis.), the author of the Patriot Act, wrote a letter to U.S. Attorney General Eric Holder today, saying that he is “disturbed” by the how the Act was interpreted, allowing the NSA to collect call data for American citizens without their knowledge or any suspicion of wrongdoing.

The immediate impetus for Sensenbrenner’s letter: A secret court order from the Foreign Intelligence Surveillance Court asking Verizon to supply it with data about calls American citizens made. (Related: What you need to know about the NSA’s secret Verizon surveillance program.) This information includes the originating phone number of a call, the terminating number, the duration of the call, and the time of the call. It could even include information about where the call took place, if Verizon also provided information about what cell towers different cell phones connected to. The court justified the order under a section of the Patriot Act that talks about “business records.”

Sensenbrenner explained in his letter that, while he feel the Patriot Act struck a good balance between “national security interests and constitutional rights,” he also worries about how people might abuse it.

The act itself states that in order to obtain business records from a company under the Patriot Act, you must first meet the criteria. You must show the specific investigation you are conducting, show that you are looking for more than just information protected by the First Amendment (if you’re targeting a U.S. citizen), and prove that the information sought is directly relevant to the investigation.

For its part, the White House stated that the court order was a “critical tool in protecting the nation from terrorist threats to the United States.”

Verizon’s general counsel Randy Milch further added that the company has no comment about the reports themselves, but that “The law authorizes the federal courts to order a company to provide information in certain circumstances, and if Verizon were to receive such an order, we would be required to comply.”

Sensenbrenner is now demanding the order be “sunsetted” and that those involved take a closer look at how they are affecting civil liberties.

He’s not the only one. The New York Times wrote in an editorial today that the Patriot Act “needs to be sharply curtailed if not repealed,” joining a growing chorus of voices expressing dismay over just how broadly the federal government interprets its powers under the act.

hat tip Kim Zetter; Image via Wikipedia

Apple’s iMessage product is stymieing the U.S. Drug Enforcement Administration–  in that the DEA can’t intercept messages sent though the tool.

The government agency released an intelligence note to law enforcement, acquired by CNET today, saying specifically that iMessages cannot be intercepted between two Apple devices. Specifically, the DEA cannot intercept these messages using traditional trap and trace devices, pen register devices, or wiretapping data collection through “Title III interceptions.”

Apple introduced iMessages in 2011 as a way for people with Apple devices — be it iPhones, iPads, or Macs — to message each other without paying for text messages on the person’s carrier plans. The messages are encrypted between the two devices and cannot be traced by the carrier.

FBI director Robert Mueller has spoken about such gaps, which are called “going dark,”  in communications collected from a suspected criminal. As CNET notes, Mueller spoke with the House of Representatives recently to say that these gaps are “growing and dangerous” and that laws need to be put in place that help the FBI get the information it needs while simultaneously protecting individual privacy.

The DEA seemingly first got wind of the issue with iMessage in February of 2013 when the San Jose Resident Office was unable to capture all the messages from a criminal.

“The significance of the iMessage transmission is investigators may erroneously believe they have a complete record of text transmissions if they are unaware that iMessage communications between smartphones are not captured or provided by the cell phone service providers,” the DEA said in its intelligence note.

We have contacted Apple for comment and will update this post upon hearing back.

iMessage image via Robert S. Donovan/Flickr

Rachel Greenberg writes about residential and business VoIP solutions and technology for VoIPReview.org.

In mid-January, VoIP service provider VoIP-Pal successfully tested their new Lawful Intercept Technology. Labeled “LI” for short, VoIP-Pal’s intercept technology allows law enforcement agencies to tap into VoIP calls without either the calling or called party knowing. As VoIP gains more and more customers each year, it has become increasingly necessary for law enforcement officials to have access to the same kinds of security protocols with VoIP as they do with analog service.

After the successful test, VoIP-Pal received a patent from the US Patent Office for their LI Technology. Soon, the company will make their technology available to VoIP service providers, who will face growing insistence from the government to support LI access.

VoIP-Pal CEO Dennis Chang says “it is only a matter of time when it will become mandatory for all VoIP service providers.” However, now that law enforcement agencies have a new way to wiretap VoIP calls just like analog calls, the discussion continues over wiretapping regulations.

Why is VoIP wiretapping important?

Unlike traditional phone service, VoIP is much harder to wiretap because it isn’t directly tied to a physical location. Additionally, the voice data contained within a VoIP call can be encrypted in such a way that it is hard for law enforcement agencies to decipher a call.

VoIP also allows users to be mobile, giving them access to their VoIP service from anywhere in the world. As a result, law enforcement agencies struggle with adequately wiretapping VoIP calls. However, police groups need to be able to wiretap VoIP calls just as they need to wiretap any other call: when there is reasonable evidence of suspicious or unlawful activity, wiretapping can provide invaluable evidence.

How has wiretapping changed?

Wiretapping with traditional phone service dates back to the late 1800s, and the earliest days of the telephone. During the Prohibition Era, law enforcement organizations used wiretapping evidence to convict known bootleggers by recording their phone conversations. Wiretapping became a useful tool against organized crime, as long as it was used within the confines of the law (that is, there was sufficient evidence to necessitate the privacy violation associated with wiretapping).

At times, wiretapping was abused by law enforcement, though, and so laws have been put in place to ensure only legal wiretapping, sometimes called lawful interception, takes place. These laws require law enforcement agencies find just cause before presenting their lawful interception request to a judge. The judge will then issue a court order for lawful interception. Then, and only then, is law enforcement authorized for wiretapping.

Currently, police have to go through this same process before wiretapping a VoIP call, but it could be technologically difficult to tap into the conversation. With VoIP-Pal’s patent, system barriers should no longer prevent police from successfully tapping VoIP calls.

What Does This Mean for VoIP?

With LI services ready to launch, it could soon become equally easy to wiretap a VoIP call as any analog call. However, residential and business VoIP customers should expect no changes in their regular VoIP service. This technology will just prevent criminals from using VoIP services to circumvent the risk of wiretapping.

That said, wiretapping is still in a grey area for law enforcement agencies. Since VoIP sends voice data over the Internet, it’s harder to classify as a traditional phone service, which means laws will need to reflect the technological differences in the system. Although there are strict rules involving wiretapping traditional phone service, regulations surrounding newer communication services (i.e. text messages and emails) are a little less clear.

Many law enforcement agencies can access email and text correspondence without jumping through as many hoops as they do with wiretapping phones. Will VoIP fall under the same jurisdiction as text messages and emails, or will it be treated like traditional phone service? That’s a question the government will need to answer in the next year or so.

Eavesdropping photo via Everett Collection/Shutterstock

Rachel Greenberg writes about residential and business VoIP solutions and technology for VoIPReview.org.

The “warrantless wiretapping” law has new life, as the United States Senate extended the Foreign Intelligence Surveillance Act, or FISA, today by a significant margin.

The law, originally passed in 2008 under the Bush administration, was renewed this morning when the Senate passed the bill 73 to 23. FISA permits the federal government to obtain secret court orders that allow it to listen in on American communications if “foreign intelligence” data could be collected. For example, American communications can be tapped if they’re speaking with someone outside the country. Americans are not alerted to this surveillance, and a warrant is not required to perform it. The government says it is necessary for national security, though the bill can still be challenged in the Supreme Court.

The bill will next expire on Dec. 31, 2017, once the president has signed it into law today.

The Electronic Frontier Foundation, a digital rights group based in San Francisco, tweeted, “After rejecting all privacy fixes, the Senate just reauthorized #FISA warrantless wiretapping. A shame on Congress, a blight on our nation.”

The EFF previously outlined all of the “privacy fixes” that were proposed, including an amendment from Sen. Ron Wyden (D-Ore.) that asked the government to reveal how many Americans were under surveillance by FISA. It was shot down in a move the EFF called “disgraceful.”

Other amendments included one from Sen. Rand Paul (R-Ky.) called the “Fourth Amendment Protection Act,” which would force the government to get warrants for the wiretapping. Sen. Jeff Merkley’s (D-Ore.) amendment would make the government be transparent about how the FISA bill is being used against Americans specifically. And Sen. Patrick Leahy’s (D-Ver.) amendment would have the bill expire within three years, to be reassessed during President Barack Obama’s administration.

None of these passed.

Wired reports that FISA spying can begin at any point, before the secret court orders have been issued and through any resulting appeals process, should a request to use FISA is shot down. Wired further notes that FISA can be used on “any telephone that it believes will yield information from or about al Qaeda.”

We have reached out to the EFF and the Electronic Privacy Information Center and will update this post upon hearing back.

Listening-in image via Shuttestock

Federal law enforcement agencies have had difficulties tracking and recording criminal and terrorist conversations online. Back in September, it was reported that law enforcement officials wanted to expand the government’s powers to wiretap Internet services. Microsoft’s new technology could help make this a reality.

The spying technology, called “Legal Intercept,” would allow currently existing products to be modified to “cause the communication to be established via a path that includes a recording agent,” according to the filing with the U.S. Patent and Trademark Office. Once a connection is established, the agent is able to “silently record” a conversation.

The filing specifically calls out the ability to record any kind of voice-over-Internet-protocol (VoIP) communications. “VoIP may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like,” Microsoft said in the filing.

Microsoft filed for the patent in Dec. 2009, long before it acquired Skype. It’s possible Microsoft simply has this on the books so it could profit from licensing the technology to law enforcement agencies. Alternately, Skype’s purchase could have been a strategic buy to help test and deploy this new technology.

The Federal Trade Commission approved Microsoft’s $8.5 billion Skype purchase earlier this month, which inches it closer to completing the acquisition. Microsoft said it expects to close the deal by the end of the year.

What do you think of this new spying technology? Are you concerned about law enforcement agencies or corporations violating your privacy while you use the web?

Update: The story originally suggested Microsoft had been granted the Legal Intercept patent, but the approval process is still ongoing.

The New York Times reported that law enforcement will seek to get lawmakers to approve a bill that will expand their powers to monitor computer communications that are currently havens for secret communication. Jack Dempsey, vice president of the Center for Democracy and Technology, told the newspaper that the proposal has huge implications for the structure of the internet.

The telephone network was easy to tap because phone companies controlled it through centralized switches. The FBI could place wiretaps on any phone line in the country. But the internet is decentralized. With peer-to-peer technologies, users communicate directly with each other. There is no “central switch” that could be the interception point for a wiretap.

If companies such as Skype and Facebook are forced to design holes in their networks so that FBI officials can listen into conversations, that will re-centralize the networks, raise costs, and possibly introduce vulnerabilities to the software that hackers could exploit.

These problems are so fundamental that law enforcement has been stymied. If they think there is a way around these problems, that would be a new development. But there is no indication that is the case. If a law were to pass without ensuring civil liberty and security, it could erode users’ fundamental freedoms and could hobble the U.S. version of the internet, forcing companies to move overseas. Hopefully the feds will give this bill a lot of though before they move forward.

[Image credit: counter surveillance devices]

July 9-10, 2013
San Francisco, CA

Tickets On Sale Now

Research in Motion avoided a ban today on its BlackBerry services in India by beginning a 60-day security test to see whether Indian officials can tap its BlackBerry Messenger and enterprise email services.

Indian BlackBerry users make up about 2 percent of the company’s 46 million users, according to the Bloomberg report, so a ban in India might not place that large of a monetary dent in the company that raked in $768 million in its last quarter, according to its most recent quarterly statement.

But it might set a precedent if India is the first to pull the trigger. India, as well as a handful of others, threatened to ban the BlackBerry services if RIM did not comply with demands to make enterprise email and messages available for government viewing earlier this month. The United Arab Emirates said it would ban the service beginning October 11 if RIM did not comply with its security demands, while Saudi Arabia let its proposed August 6 ban slide by without incident as negotiations continue.

RIM has said that it can’t access data on BlackBerry devices without a decryption key — even though the U.S. government has stated it can crack the service with proper court orders.

The announcements came on the heels of a shaky launch of its BlackBerry Torch device, pegged as an iPhone competitor. RIM cut the Torch’s price in half after Goldman Sachs said the launch was underwhelming.

Research in Motion’s U.S.-traded shares were up about 1.1 percent to $46.50 after the announcement.