AOH :: FBI1.TXT
FBI refuses to release info on BBS surveillance
|
Date: Sun, 8 Apr 90 12:13:27 -0700
From: <mrotenberg@cdp.uucp>
To: TK0JUT2
Subject: FBI BBS Surveillance (CPSR FOIA Request)
On August 18, 1989 CPSR submitted a Freedom of Information Act request
to the FBI asking for information about BBS surveillance. ˙After four
follow-up ˙letters, ˙˙a ˙˙series of phone ˙calls, ˙˙and ˙Congressional
testimony ˙that ˙discussed the CPSR request, ˙the FBI ˙has ˙failed ˙to
respond to our request. (The statutory time limit for the FOIA is ten
days).
If any one has information about possible FBI surveillance of bulletin
boards or networks, ˙please send it to me. Specific dates, ˙locations,
BBSs ˙are important. ˙(You can send information to me anonymously ˙by
land mail, if you need to protect your identity).
Thanks for your assistance,
Marc Rotenberg, Director
CPSR Washington Office
8
1025 Connecticut Ave., NW, Suite 1015
Washington, DC 20036
202/775-1588 (voice)
202/775-1941 (Data)
rotenberg@csli.stanford.edu or
cdp!mrotenberg@arisia.xerox.com
Contents:
1. CPSR FOIA Request to the FBI Regarding BBS Surveillance
2. CPSR letter to Congressman Don Edwards regarding FOIA request
3. Chronology of events
[CPSR FOIA Request to the FBI Regarding BBS Surveillance]
CPSR Washington Office
1025 Connecticut Avenue, NW
Suite 1015
Washington, DC 20036
202 775-1588
202 775-1941 (fax)
Director
Marc Rotenberg
August 18, 1989
FOIA Officer
FBI
9th St. & Penn. Ave., NW
Washington, DC 20535
Dear FOIA Officer,
This is a request under the Freedom of Information Act, 5 U.S.C. 552.
Part I:
I ˙write to request a copy of all materials relating to ˙the ˙FBI's
collection ˙of information from computer networks and bulletin boards,
such as PeaceNet (San Francisco CA) ˙or The Well (Berkeley CA), ˙˙that
are used frequently by political or advocacy organizations.
In particular, ˙I ˙would like any records which would indicate whether
the Bureau is intercepting, ˙collecting, ˙reviewing, ˙or "downloading"
computer ˙transmissions ˙from ˙any ˙of ˙the ˙following ˙networks ˙˙and
conferences: ˙˙Action Southern Africa, ˙AIDS Coalition ˙Network, ˙˙The
American ˙˙Peace ˙˙Test, ˙˙Amnesty ˙International, ˙˙Association ˙˙for
Progressive Communications, Beyond Containment, ˙Center for Innovative
Diplomacy, ˙Central America Resource Center, ˙Central America Resource
Network (CARNet), The Christic Institute, Citizen Diplomacy, Community
Data Processing, ˙EcoNet, ˙Friends of the Earth, ˙Friends Committee on
National Legislation, ˙HandsNet, Institute for Peace and International
Security, ˙˙Media ˙Alliance, ˙Meiklejohn ˙Civil ˙Liberties ˙Institute,
National Execution Alert Network, ˙Palo Alto Friends Peace and ˙Social
Action Committee, PeaceNet. Quaker Electronic Project, Web, The Well.
This request includes public communications that take place through
a ˙computer ˙bulletin board. ˙For example, ˙this would ˙include ˙both
transmissions that are available for public perusal, a "conference" or
"posting," ˙as well as transmissions that are directed from one ˙party
to ˙one ˙or ˙more ˙other specific parties ˙and ˙intended ˙as ˙private,
"electronic mail."
9
Part II:
I also request any records that would indicate whether
anyone acting at the behest or direction of the FBI, ˙has any computer
accounts ˙on ˙any computer bulletin boards operated by an advocacy ˙or
political organization, and, if so, ˙the names of the bulletin boards,
and ˙whether ˙the ˙Bureau ˙has ˙indicated ˙the ˙actual ˙organizational
affiliation of the account holders to the system operators.
Part III:
I ˙also request any records that would indicate whether the ˙Bureau
has ˙ever ˙operated, ˙˙is ˙currently operating, ˙is ˙involved ˙in ˙the
operation ˙of, ˙or is planning to operate, ˙a ˙computer bulletin board
that is intended for public use.
Part IV:
I ˙˙would ˙˙also ˙like ˙any ˙records ˙which ˙would ˙˙indicate ˙˙the
circumstances ˙under ˙which ˙it would be appropriate for an ˙agent ˙or
authorized representative, ˙asset, informant, ˙or source of the Bureau
to intercept, collect, review, or "download" ˙the contents of computer
bulletin boards.
Part V:
I ˙would ˙like ˙any ˙records relating ˙to ˙the ˙FBI's ˙development,
research, ˙˙or assessment of computer systems for automated review ˙of
information ˙stored in an electronic format, ˙obtained from a computer
bulletin board or network.
Part VI:
Finally, I ˙request any records that would indicate whether the FBI
has ˙developed, ˙˙or ˙is planning to develop, ˙a ˙˙system ˙that ˙could
automatically ˙review the contents of a computer file, ˙scan the ˙file
for ˙key ˙terms or phrases, ˙and then recommend the initiation ˙of ˙an
investigation based upon this review.
I ˙ask that you check with your regional offices in San ˙Francisco,
San Jose, ˙Austin, Phoenix, Los Angeles, and New York, ˙in addition to
the files that are available in Washington, ˙DC. I ˙also ask that you
consult ˙with those agents involved in the investigation ˙of ˙computer
crime ˙to ˙determine whether they might be aware of the ˙existence ˙of
such ˙records. ˙You should also check any documents relating to ˙John
Maxfield, ˙˙who ˙was ˙employed by the Bureau to ˙investigate ˙computer
bulletin boards.
Under the Freedom of Information Act, you may withhold all properly
exempted ˙materials. ˙˙However, ˙˙you must ˙disclose ˙all ˙non-exempt
portions ˙that ˙are reasonably segregable. ˙I ˙reserve the ˙right ˙to
appeal the withholding or deletion of any information.
Under the Freedom of Information Act, ˙CPSR is entitled to a waiver
of ˙all ˙fees ˙for ˙this ˙request ˙because ˙the ˙"disclosure ˙of ˙this
information ˙is ˙likely ˙to contribute ˙significantly ˙to ˙the ˙public
understanding of the operations or activities of the government and is
not primarily in the commercial interest of the requester." CPSR is a
non-profit, ˙educational organization of computer scientists. Our work
has ˙been cited in scholarly journals, ˙trade publications, ˙˙and ˙the
national media. ˙CPSR has particular expertise on the use of ˙computer
technology ˙by ˙the FBI, ˙having prepared an extensive report ˙on ˙the
proposed ˙expansion ˙of ˙the NCIC at the request ˙of ˙Congressman ˙Don
Edwards. For these reasons, CPSR is entitled to a waiver of all fees.
10
If you have any questions regarding this request, ˙please telephone
me at the above number. ˙I ˙will make all reasonable efforts to narrow
the request if you determine that it has been too broadly framed.
As ˙provided in the Freedom of Information Act, ˙I ˙will expect ˙to
receive a response within ten working days.
Sincerely yours,
Marc Rotenberg, Director
Washington Office,
Computer Professionals
for Social Responsibility
[CPSR letter to Congressman Don Edwards regarding FOIA request]
1
February 27, 1990
Representative Don Edwards
Subcommittee on Civil and
Constitutional Rights
House Judiciary Committee
806 House Annex 1
Washington, DC 20515
Dear Chairman Edwards:
I ˙am writing to you about a particular FOIA request that CPSR ˙has
pursued since August of last year. ˙We asked the FBI for ˙information
about ˙the monitoring of computer networks and bulletin ˙boards. ˙˙We
initiated ˙˙this ˙request ˙because ˙of ˙the ˙obvious ˙civil ˙liberties
interests ˙-- ˙speech, ˙associational, ˙and privacy -- ˙that would ˙be
endangered ˙if ˙the ˙FBI's examination of ˙the ˙contents ˙of ˙computer
systems failed to satisfy appropriate procedural safeguards.
After six months of delay, ˙five certified letters to the ˙Bureau's
FOIA/Privacy ˙Act ˙office, ˙and many phone calls with the ˙FBI's ˙FOIA
officers, we have not received even a partial response to our request.
On September 20, ˙1989 ˙a ˙FOIA officer at the FBI assured us ˙that
information ˙would be forthcoming "in a couple of weeks." ˙A ˙˙letter
from the FBI FOIA/PA office on December 22 ˙indicated that information
responsive ˙to our request "has been located and will be assigned ˙for
processing ˙soon." ˙˙But ˙when ˙I spoke with a FBI ˙FOIA ˙Officer ˙on
February 15, ˙less than two weeks ago, ˙I ˙was told that they "haven't
even ˙started" ˙to process the request and that the FBI ˙couldn't ˙say
when we would receive a response. (Please see enclosed chronology and
attachments).
The need for this information is truly urgent. ˙Further delay will
constitute ˙a denial. ˙Congress is now considering ˙several ˙computer
crime bills, ˙such as H.R. ˙55 ˙and H.R. ˙287, ˙that could broaden the
authority ˙of ˙federal ˙agents to examine ˙the ˙contents ˙of ˙computer
systems across the country. ˙There is a good chance that a bill ˙will
pass before the end of this session.
11
Before
Congress ˙and ˙the public should have a complete picture of the ˙FBI's
current ˙˙practices. ˙˙˙Computer ˙communications ˙˙are ˙˙particularly
vulnerable ˙to ˙surveillance ˙and routine monitoring. ˙˙Computer ˙mail
unrelated ˙to a particularized investigation could be swept up in ˙the
government's ˙electronic dragnet if the law is not carefully ˙tailored
to a well defined purpose. Without a clear understanding of the civil
liberties ˙problems ˙associated ˙with the ˙investigation ˙of ˙computer
crime, ˙˙Congress may be exacerbating a problem it does not yet ˙fully
know about.
CPSR's Freedom of Information Act request could provide answers ˙to
these ˙questions. ˙˙The ˙FOIA ˙establishes ˙a ˙presumption ˙that ˙the
activities ˙of ˙government should be open to public ˙review ˙and ˙that
agency ˙records ˙should be disclosed upon request. ˙˙But ˙the ˙Bureau
failed ˙to ˙comply ˙with the statutory requirements of ˙the ˙FOIA ˙and
frustrated ˙our effort to obtain information that should be disclosed.
Without this information computer users, the public, and the Congress,
may ˙be ˙unable ˙to ˙assess whether the ˙Bureau's ˙current ˙activities
conform to appropriate procedural safeguards.
Computer ˙crime ˙is a serious problem in the United ˙States. ˙˙One
auditing ˙firm ˙places ˙the annual loss between ˙$3 ˙˙billion ˙and ˙$5
billion. Nonetheless, it is necessary to ensure that new criminal law
does ˙not undermine the civil liberties of computer users ˙across ˙the
country. We requested information from the FBI under the FOIA to help
assess ˙the ˙adequacy ˙of current safeguards. ˙The Bureau ˙failed ˙to
respond. ˙The result is that the public is left in the dark at a time
when significant legislation is pending.
We would appreciate whatever assistance with this request you might
be able to provide.
Sincerely yours,
Marc Rotenberg, Director
CPSR Washington Office
Enclosure
Chronology of CPSR's FOIA Request regarding
FBI Monitoring of Computer Networks with attachments
cc: Representative Charles Schumer
Representative Wally Herger
FBI FOIA/PA Office
[Chronology of events]
Chronology of events
1
CPSR FOIA Request
FBI Monitoring of Computer Networks
12
CHRONOLOGY
Aug. 18, 1989
CPSR ˙sends FOIA request to FBI seeking agency records ˙regarding ˙the
FBI's ˙monitoring ˙of computer networks and computer ˙bulletin ˙boards
used by political and advocacy organizations. ˙The FOIA request seeks
information about:
% ˙˙the ˙FBI's surveillance of computer bulletin boards and ˙networks
used by political organizations;
% ˙˙the ˙FBI's creation of clandestine accounts on computer ˙bulletin
boards and networks operated by political organizations;
% the FBI's creation of secret accounts on public bulletin boards;
% ˙˙the ˙FBI's ˙procedures regarding the downloading ˙of ˙information
contained on a computer bulletin board;
% ˙˙the ˙FBI's research on the automated review of ˙the ˙contents ˙of
information contained on computer bulletin board and networks; and
% the FBI's research on the automation of the decision to initiate a
criminal ˙˙investigation, ˙˙based ˙on ˙the ˙contents ˙of ˙a ˙˙computer
communication.
The ˙letter requests a fee waiver based on the ˙public ˙interest
standard. The letter indicates that CPSR has particular expertise in
the evaluation of the civil liberties implications of law ˙enforcement
computer ˙systems, ˙having completed an extensive report for the House
Judiciary ˙Committee on the proposed expansion of the ˙FBI's ˙computer
system, the NCIC. The letter further states that CPSR would work with
the FOIA/PA office to facilitate the processing of the request.
Aug. 31, 1989
FBI response #1. ˙FBI sends a letter to CPSR ackn
the ˙FOIA request and designating the request "FBI's Computer Networks
and Bulletin Board Collection," request no. 319512.
Sept. 20, 1989
CPSR speaks with FOIA Officer Keith Gehle regarding status of request.
Mr. ˙˙Gehle states that he can not send a response "until he ˙receives
responses from various agencies." It is "difficult to go to computing
indices." He says that he expects to have information "in a couple of
weeks,"and will have a response "by October 5, at the latest."
Oct. 16, 1990
CPSR Follow-up letter #1. ˙CPSR confirms conversation with Mr. ˙Gehle
regarding ˙Oct. ˙˙5 ˙˙target date and asks FOIA Officer ˙to ˙call ˙to
indicate the status of the FBI's response to the request.
Oct. 26, 1989
CPSR ˙speaks ˙with ˙Mr. ˙Gehle. ˙He says, ˙"we are ˙working ˙on ˙your
request." ˙˙"We should have something soon. ˙Hate to give a specific
13
date, but should have a letter for you within two weeks."
Nov. 22, 1989
CPSR follow-up letter #2. ˙CPSR writes to Mr. ˙Gehle, ˙notes that Mr.
Gehle said he was working on the request, and the that response should
have been sent by Nov. ˙9. ˙CPSR requests that FOIA officer call CPSR
by Dec. 1 to indicate the status of the request.
Dec. 22, 1989
FBI response #2. ˙FBI sends letter, acknowledging receipt of Oct. ˙16
and Nov. 22 ˙letters. The letter states that "[i]nformation which may
be ˙responsive to your request has been located and will ˙be ˙assigned
for ˙processing soon." ˙The letter indicates that the ˙FOIA/PA ˙office
receives a large number of requests and that delays are likely.
Jan. 9 , 1990
CPSR follow-up letter #3. CPSR writes to Mr. Moschella, ˙chief of the
FOIA/PA office at the FBI, acknowledges Dec. 22 letter and location of
responsive ˙information. ˙˙Requests that records be sent by ˙Feb ˙18,
1990.
Jan. 19, 1990
FBI ˙response ˙#3. ˙˙FBI ˙sends letter stating that ˙the ˙Bureau ˙has
allocated ˙many ˙agents ˙to FOIA processing, ˙that a large ˙number ˙of
requests ˙are ˙received. ˙The letter further states that "a delay ˙of
several ˙months ˙or ˙more may be anticipated before ˙your ˙request ˙is
handled in turn."
Feb. 2, 1990
CPSR follow-up letter #4. ˙CPSR writes to Mr. Moschella, acknowledges
Jan. ˙19, ˙expresses concern about delay. ˙Letter notes that CPSR was
assured by a FOIA officer in the fall that "request would be ˙answered
within 'a couple of weeks.'"
Feb. 15, 1990
CPSR receives call from Mr. ˙Boutwell. According to Mr. Boutwell, FBI
can't ˙say ˙when ˙request will be processed. ˙"Haven't ˙even ˙started.
Backlogs ˙and lay-offs during past year . . ." ˙CPSR: ˙˙FOIA ˙Officer
indicated information had been located. FBI: Too optimistic. ˙"Request
not yet assigned to an analyst . . . working now on 1988 ˙requests .
. ˙. ˙Litigation is taking up time . . . analyst is taking time ˙away
from document review for litigation . . . increased requests, ˙fewer
personnel, lots of other factors. Would expedite for life and death or
due process, ˙˙pursuant ˙to agency regulations." ˙CPSR: ˙so when do we
receive a response? FBI: "Can't say."
The United States Government is monitoring the message activity on several
bulletin boards across the country. This is the claim put forth by Glen L.
Roberts, author of "The FBI and Your BBS." The manuscript, published by The
FBI Project, covers a wide ground of FBI/BBS related topics, but unfortunately
it discusses none of them in depth.
It begins with a general history of the information gathering activities of the
FBI. It seems that that the FBI began collecting massive amounts of
information on citizens that were involved with "radical political" movements.
This not begin during the 1960's as one might expect, but rather during the
1920's! Since then the FBI has amassed a HUGE amount of information on
everyday citizens... citizens convicted of no crime other than being active in
some regard that the FBI considers potentially dangerous.
After discussing the activities of the FBI Roberts jumps into a discussion of
why FBI snooping on BBS systems is illegal. He indicates that such snooping
violates the First, Fourth, and Fifth amendments to the Constitution. But he
makes his strongest case when discussing the Electronic Communications Privacy
Act of 1987. This act was amended to the Federal Wiretapping Law of 1968 and
But as with all good laws, it was written in such broad language that it can,
and does, apply to privately owned systems such as Bulletin Boards. Roberts
(briefly) discusses how this act can be applied in protecting *your* bulletin
board from snooping by the Feds.
How to protect your BBS: Do NOT keep messages for more than 180 days. Becaus
the way the law is written, messages less then 180 days old are afforded more
protection then older messages. Therefore, to best protect your system purge,
archive, or reload your message base about every 150 days or so. This seems
silly but will make it harder (more red tape) for the government to issue a
search warrant and inform the operator/subscriber of the service that a search
will take place. Roberts is not clear on this issue, but his message is state
emphatically... you will be better protected if you roll over your message bas
sooner.
Perhaps the best way to protect your BBS is to make it a private system. This
means that you can not give "instant access" to callers (I know of very few
underground boards that do this anyway) and you can not allow just anyone to b
a member of your system. In other words, even if you make callers wait 24
hours to be validated before having access you need to make some distinctions
about who you validate and who you do not. Your BBS needs to be a PRIVATE
system and you need to take steps to enforce and proclaim this EXPECTED
PRIVACY. One of the ways Roberts suggests doing so is placing a message like
this in your welcome screen:
"This BBS is a private system. Only private citizens who are not
involved in government or law enforcement activities are authorized
gained from this system to any government agency or employee."
Using this message, or one like it, will make it a criminal offense (under the
ECPA) for an FBI Agent or other government snoop to use your BBS.
The manuscript concludes with a discussion of how to verify users and what to
do when you find an FBI agent using your board. Overall, I found Roberts book
to be moderately useful. It really just whetted my appetite for more
information instead of answering all my questions. If you would like a copy o
the book it sells for $5.00 (including postage etc). Contact;
THE FBI PROJECT
Box 8275
Ann Arbor, MI 48107
Visa/MC orders at (313) 747-7027. Personally I would use a pseudonym when
dealing with this organization. Ask for a catalog with your order and you wil
the FBI would be interested in knowing who is doing business with this place.
The manuscript, by the way, is about 20 pages long and offers references to
other FBI expose' information. The full citation of the EPCA, if you want to
look it up, is 18 USC 2701.
Additional Comments: The biggest weakness, and it's very apparent, is that
Roberts offers no evidence of the FBI monitoring BBS systems. He claims that
they do, but he does not give any known examples. His claims do make sense
however. As he states, BBS's offer a type of "publication" that is not read b
any editors before it is "published." It offers an instant form of news and
one that may make the FBI very nervous. Roberts would do well to include some
supportive evidence in his book. To help him out, I will offer some here.
* One of the Ten Commandments of Phreaking (as published in the
famous TAP Magazine) is that every third phreaker is an FBI agent.
This type of folklore knowledge does not arise without some kind of
justification. The FBI is interested in the activities of phreakers
and is going to be looking for the BBS systems that cater to them. I
your system does not, but it looks like it may, the FBI may monitor i
just to be sure.
* On April 26, 1988 the United States Attorney's Office arrested 19
people for using MCI and Sprint credit card numbers illegally. These
numbers were, of course, "stolen" by phreakers using computers to hac
them out. The Secret Service was able to arrest this people by posin
as phone phreaks! In this case the government has admitted to placin
there, the success of theis "sting" will only mean that they will try
it again. Be wary of people offering you codes.
* In the famous bust of the Inner Circle and the 414s, the FBI monitore
electronic mail for several months before moving in for the kill.
While it is true that the owners of the systems being hacked (Western
Union for one) invited the FBI to snoop through their files, it does
establish that the FBI is no stranger to the use of electronic
snooping in investigating crimes.
Conclusion: There is no reason to believe that the government is *not*
monitoring your bulletin board system. There are many good reasons to believe
that they are! Learn how to protect yourself. There are laws and regulations
in place that can protect your freedom of speech if you use them. You should
take every step to protect your rights whether or not you run an underground
system or not. There is no justification for the government to violate your
rights, and you should take every step you can to protect yourself.
I have no connections with Roberts, his book, or The FBI Project other then
being a mostly-satisfied customer. I'm not a lawyer and neither is Roberts.
No warranty is offered with this text file. Read and use it for what you thin
it is worth. You suffer the consequences or reap the benefits. The choice is
yours, but above all stay free.
.
Make REAL money with your website!
The entire AOH site is optimized to look best in Firefox® 2.0 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2008 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.