'Full-Pipe' FBI Internet Monitoring Questionably Legal

CNet is running a piece looking at what they refer to as a 'questionably legal' internet surveillance technique being employed by the FBI. In situations where isolating a specific IP address for a suspect is not possible, the FBI has taken to 'full-pipe' surveillance: all activity for a bank of IPs is recorded, and then data mining is used to attempt to isolate their target. The questionable legality of this situation results from a requirement that, under federal law, the FBI is required to use 'minimization'. The article describes it this way: "Federal law says that agents must 'minimize the interception of communications not otherwise subject to interception' and keep the supervising judge informed of what's happening. Minimization is designed to provide at least a modicum of privacy by limiting police eavesdropping on innocuous conversations." Full-pipe surveillance would seem to abandon that principle in favor of getting to the target faster.

depends....

[Scudsucker]

If they only keep evidence found on the target (providing of course that they have a warrant of course) it might not be so bad. But somehow I doubt that will be the case though...say you and your neighbor both use municipal wireless, and your neighbor is into kiddie porn. The FBI collects all the traffic from your access point, and busts your neighbor for the kiddie porn - but also nails you for copyright infringment for downloading music or movies.

Re:Fair enough -- as long as they follow the rules

[phantomcircuit]

I cannot in vision any scenario in which an ISP is incapable of isolating a single customers traffic.

At the most basic level the physical connection could be intercepted.

Thus they are not making a reasonable effort to minimize the scope of the tapping and are breaking the law.

Someone help me understand

[arkham6]

I am trying to think of a technical limitation where they could not be able to isolate an IP, or more specificaly, a MAC address. Can someone point out some? Maybe between two border routers or something?

What if "full pipe" was instead "apartment complex

[monkeyboythom]

Cops suspect illegal activity, say drug ring, but they do not know which apartment it is. Do the police have the right to search every apartment in the complex to find illegal activity? And what if they come to my apartment and find that I have a computer. Can they seize that to see if I am doing anything illegal in their search for the drug ring? No. Laws and the Constitution are two separate entities. Congress and states cannot make laws that abridge the freedoms set forth in the Constitution.

Re:Fair enough -- as long as they follow the rules

[Thansal]

See, the problem is that you could easily interpert that (with out stretchign it much) to fit full pipe:

particularly describing the place to be searched
They have done that. They know the problem is with in this range of IPs, however they can not narow it down because the ISP can not help them with it.

and the persons or things to be seized
This is where it is sorta tricky. This part has been interpereted to say that anytihng found durign a reasonable execution (aka, no searchign in pill bottles for stollen TVs) of a warrent is admissable.
So if they only need to be checking web pages visited, and they start sniffing P2P traffic, that should be inadmissable, however if they fidn something durring a reasonable execution of the warrent, then it would be.

Note, I am not sayign I am for or against this as I honestly don't have enoguh information on it. I lean away from it as it DOES look like it is way to much of an invassion of privacy, but I can't say 100%.

The big deal for me is how the heck could an ISP NOT be able to tell you what IP you need to look at?
If you have the name/house/whatever the ISP should easily be able to pull up what IP(s) that person/place currently has assigned to them.
If you are working back from an IP you found doing something illegal, then the ISP should know who that IP was assigned to at the given time, and give you the current IP (assuming non-static).
I don't really like the ISPs trackign what we are doing and when, but I know they are, so why would this 'full pipe' warrent ever show up?

Distinguishing public vs private

[Sloppy]

Just for reference:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The value behind the words is pretty clear, or at least it is when you look at the words in terms of 18th century technology. In the big room, things are public. You can't assert privacy in the town square. But separate from that, are our personal domains that no one else should be able to enter without our permission; a man is king of his castle. If you're there without permission, you're trespassing. And the 4th Amendment says that government is a special case, that it can enter your space without your consent without it being trespassing, but this requires court oversight. Without that check in place, it is trespassing.

In 1789, it was really easy to tell the difference between public and private, only requiring basic common sense.

You don't even have to be an intelligent human to understand this. Even some really dumb animals know how to enforce ownership of their turf. It's that basic and easy.

When phone networks came, it got kind of blurry. I guess Congress and the Courts have made up their mind about that, generally taking our side (i.e. requiring warrants for wiretapping) but the reality isn't all that clear. No matter how you look at it, those phone wires are not just in your house and the house of the person you're talking to. The wires are in public. When we demand privacy on wires that pass through public, radio signals that go everywhere, etc, we're doing something very artificial. That doesn't mean it's wrong or an unreasonable demand; really, it's ok to assert our will over nature. But going beyond Natural Law isn't as easy as it looks, and the issues can explode with complexity.

When you get to the Internet, it's even harder. Anyone who knows anything about the Internet, knows that you really don't have a reasonable expectation of privacy. We desire privacy? Well, of course! But having an "expectation" is foolishly unrealistic. There are too many people who have access to your plaintext. You don't even know who they are! How can you expect respect and accountability from someone you can't even identify, doesn't have any sort of business relationship with you, etc? It's naive.

Contrast that to the situation of someone looking at papers on your desk at home. Nobody gets into your home without your knowledge or permission, so if someone even has the ability to violate the security of your effects and papers, it's because either you granted permission for them to be there, or because they're trespassing. Well, when you send a packet of plaintext out onto the Internet with blind faith that the routing protocols will somehow get the packet to its destination, you're granting permission for someone (you don't even know who) to at least have enough access to the packet to be able to get the job done. You might say you didn't grant permission for them to read your love letter, but you sure as hell did grant them just about everything short of that -- you very explicitly give them the opportunity. This is very unlike the situation with a love letter sitting on your desk at home.

Everyone knows this, and they've known this for a very long time (thus anyone who uses the words "Bush Administration" in this discussion shouldn't be taken seriously). Tech-heads made up their minds decades ago: you can't expect privacy, unless you take matters into your own hands, by encrypting. If you don't listen to tech-heads on this, you're a fool.

We don't have a reaso

Re:Let's check the Documentation... (4th Amendment

[AK Marc]

Well, since sniffing the whole pipe on it's face violates:
"Particularly describing the place to be searched, and the persons or things to be seized".

How does it violate it?
What to be searched is described: All of the class C that the suspect can get a DHCP address from.
The person is explicitly identified, even though often John-Doe'd because the identity isn't yet known.
The things to be siezed are explicitly listed: All packets from John Doe.

It fits the definition under the Constitution as you listed. What the issues are are irrelevant to that part. The FBI is required to not get more than they must. If there is a practical way to get just the person they are looking for's packets, then they are breaking the law. If there isn't a technically available solution, then they are within the law.

Of course, you can also debate whether John Doe warrants/subpoenas are legal, but that too seems to be a separate issue from what you brought up.

Re:Fair enough -- as long as they follow the rules

[fourchannel]

Enough with the theatrics. No one gives two nuts about your ridiculously unattainable principles. Your participation in our society has nullified your statements. Get with the program; compromises between your freedom and security define the life you live every day.

You are mistaken. I give two nuts about what the GP is saying. I think the GP has something of value to say. Maybe not put in the absolute best way possible, but the message is more important that it's envelope.

Your participation in our society has nullified your statements.

Can you clarify what this means. Do you mean than anyone who lives in the US can't say anything about liberty?