Read Surveillance or Security?: The Risks Posed by New Wiretapping Technologies Online
Authors: Susan Landau
52. (p. 106) Because the suspects were speaking Arabic, the FBI was allowed to tape
the conversation and minimize collection afterward. The surveillance tapes captured
the sounds of the young woman being murdered (Tim Bryant, "4 Indicted Here
as Terrorists, FBI: Tina Isa Killing Part of Conspiracy," St. Louis Post-Dispatch, April
2, 1993).
53. (p. 106) The police heard that a murder was being planned, but they could not
figure out against whom because of the jargon (Dam and Lin, Cryptography's Role, 89).
54. (p. 107) A 1999 investigation listed "bombing" as the most serious crime
(Administrative Office of the United States Courts, Wiretap Report (Washington, DC:
Government Printing Office, 1999, 42), but three years later the three convictions
in the case were for narcotics (Administrative Office of the United States Courts,
Leonidas Ralph Mecham, director, 2002 Wiretap Report, 90).
55. (p. 107) This is from Administrative Office of the United States Courts, James
C. Duff, director, 2009 Wiretap Report, 25. The numbers in 2007 and 2008 were
higher, at 1809 and 1764 respectively (Administrative Office of the United States
Courts, James C. Duff, director, 2007 Wiretap Report, 15; Administrative Office of the
United States Courts, James C. Duff, Director, 2008 Wiretap Report, 25).
56. (p. 107) This is required by Pub. L. 106-197.
57. (p. 107) There were twenty-two such cases in 2000, thirty-four in 2001, seventeen in 2002, one in 2003, forty-one state and one federal case in 2004, thirteen in
2005, none in 2006-2008, and one in 2009.
58. (p. 107) Administrative Office of the United States Courts, James C. Duff, director, 2009 Wiretap Report, 8.
59. (p. 107) David Kahn, The Codebreakers: The Comprehensive History of Secret
Communication from Ancient Times to the Internet (revised and updated) (New York,
NY: Scribner, 1996), 594-601.
60. (p. 107) James Bamford, The Shadow Factory: The Ultra-Secret NSA from 9/11 to
the Eavesdropping on America (New York: Doubleday, 2008), 135-136.
61. (p. 108) David Johnston and Paul Zielbauer, "A Nation Challenged: The Investigation; 3 Held in Detroit After Aircraft Diagrams Are Found," New York Tirnes,
September 20, 2001.
62. (p. 108) Eric Lichtblau and William Glaberson, "Threats and Responses: Financing
Terror; Millions Raised for Qaeda in Brooklyn, U.S. Says," New York Times, March 5, 2003.
63. (p. 108) Scott Shane and Andrea Zarate, "FBI Killed Plot in Talking Stage, a Top
Aide Says," New York Times, June 24, 2006.
64. (p. 108) Damien Cave and Carmen Gentile, "Five Convicted in Plot to Blow Up
Sears Tower," New York Times, May 12, 2009.
65. (p. 108) These definitions are all laid out in Transactional Records Access Clearinghouse, "Who Is a Terrorist? Government Failure to Define Terrorism Undermines
Enforcement, Puts Civil Liberties at Risk," September 2009, 3-4.
66. (p. 108) Transactional Records Access Clearinghouse, "Who Is a Terrorist?", 2.
67. (p. 108) Transactional Records Access Clearinghouse, "Who Is a Terrorist?", 6.
68. (p. 109) Saul Horwtiz, "Cigarette Smuggling Tied to Terrorism," Washington Post,
June 8, 2004.
69. (p. 109) If one uses the federal-prosecutor definition of terrorism, then in recent
years the government has prosecuted just over a quarter of the suspects charged
during a terrorism investigation. While in 2002 prosecutors filed in 69 percent of
terrorism investigations, by 2008 that number had dropped to 27 percent (TRAC,
"Who Is a Terrorist?", figure 2).
70. (p. 109) TRAC, "Who Is a Terrorist?", table 7.
71. (p. 109) TRAC, "Who Is a Terrorist?", 6.
72. (p. 109) U.S. Department of Justice, Federal Bureau of Investigation, "Federal
Judge Hands Down Sentences in Holy Land Foundation Case," May 27, 2009, http://
www.justice.gov/opa/pr/2009/May/09-nsd-S 19.html.
73. (p. 109) U.S. Department of Justice, U.S. Attorney, Southern District of New
York, "Naji Antoine Abi Khalil Sentenced to 60 Months' Imprisonment for Attempting to Export Military Night-Vision Equipment to Hezbollah," February 13, 2006,
http://www. justice.gov/usao/nys/pressreleases/February06/khalilsentencingpr.pdf.
74. (p. 109) U.S. Department of Justice, Federal Bureau of Investigation, "Jury Finds
Former Member of U.S. Navy Guilty of Terrorism and Espionage Charges," March
5, 2008, http://www.ice.gov/pi/news/newsreleases/articles/080305newhaven.htm.
75. (p. 109) U.S. Department of Justice, Federal Bureau of Investigation, "Al Qaeda
Supporter and Organizer of Jihad Training Camp in Oregon Sentenced in Manhattan
Federal Court to Life in Prison," September 15, 2009, http://newyork.fbi.gov/
dojpressrel/pressre109/nyfoO9lSO9.htm.
76. (p. 109) U.S. Department of Justice, Federal Bureau of Investigation, "Jury Finds
Former Member of U.S. Navy Guilty."
77. (p. 110) U.S. Department of Justice, Federal Bureau of Investigation, "Illinois
Man Pleads Guilty in Foiled Plan to Set Off Grenades in Shopping Mall," November
28, 2007, http://www.justice.gov/usao/iln/pr/chicago/2007/prll28-Ol.pdf.
78. (p. 110) The Tamil Tigers are extremely violent and pioneered the use of suicide
bombings. In separate incidents, the Tamil Tigers assassinated former Indian Prime
Minister Rajiv Gandhi and Sri Lankin President Ranasinghe Premadasa.
79. (p. 110) TRAC, "Who Is a Terrorist?", table 3.
80. (p. 110) TRAC, "Who Is a Terrorist?", figure 7.
81. (p. 111) A. G. Sulzberger and William K. Rashbaum, "Guilty Plea Made in Plot
to Bomb New York Subway," New York Tirnes, February 22, 2010; Associated Press,
"Najibullah Zazi's Plea in Court to Terror Charges," New York Times, February 22,
2010; U.S. District Court, Eastern District of New York, United States of America v.
Najibullah Zazi, Memorandum of Law in Support of the Government's Motion for a Permanent Order of Detention, Case 1:09-cr-00663-RJD (filed September 24, 2009).
82. (p. 111) United States of America v. Najibullah Zazi, 7.
83. (p. 111) United States of America v. Najibullah Zazi, 6-7.
84. (p. 111) United States of America v. Najibullah Zazi, 8.
85. (p. 111) Associated Press, "Najibullah Zazi's Plea."
86. (p. 111) Although federal agents tracked Zazi as he drove across the country on
September 9-10, when he was stopped on his entrance to Manhattan, his car was
not carrying explosives, and he was not arrested until September 19. Even then
officials found the situation unclear; one was quoted as saying this was a "possible
plot to detonate explosives in the United States" (David Johnston and William
Rashbaum, "Terror Suspect Had Bomb Guide," New York Tirnes, September 20, 2009).
87. (p. 111) U.S. Department of Justice, Federal Bureau of Investigation, "Jury Finds
Former Member of U.S. Navy Guilty."
88. (p. 112) Eric Lichtblau, "Bank Data Sifted by U.S. in Secret to Block Terror," New
York Times, June 23, 2006.
89. (p. 112) In 2010, the European Parliament first rescinded, and then reinstated,
United States access to European Union banking data. James Kanter, "Europe
Resumes Sharing Financial Data with U.S.," New York Times, July 9, 2010.
90. (p. 112) Lichtblau, "Bank Data Sifted by U.S. in Secret."
91. (p. 112) Lichtblau, "Bank Data Sifted by U.S. in Secret."
92. (p. 112) U.S. Department of Justice, Office of the Inspector General, A Review of
the FBI's Use of National Security Letters, 32-33.
93. (p. 112) U.S. Department of Justice, Office of the Inspector General, A Review of
the FBI's Use of National Security Letters, 34-35.
94. (p. 112) U.S. Department of Justice, Office of the Inspector General, A Review of
the FBI's Use of National Security Letters, 36.
95. (p. 114) Whitfield Diffie and Susan Landau, "The Export of Cryptography in the
20th Century and the 21st," in Karl De Leeuw and Jan Bergstra, eds., Handbook of
the History of Information Security (Amsterdam: Elsevier, 2007), 725-736.
96. (p. 114) The government also controlled the sale of products that had a "hole" for
inserting cryptographic functionality once the product had been shipped overseas.
97. (p. 114) U.S. Department of Commerce, "NIST Announces Voluntary Escrowed
Encryption Standard to Promote Secure Telecommunications," NIST 94-8, February
4, 1994.
98. (p. 115) Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt
Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffrey
1. Schiller, and Bruce Schneier, The Risks of Key Recovery, Key Escrow, Trusted Third
Party and Encryption: a Report by an Ad Hoc Group of Cryptographers and Computer
Scientists (1998) http://www.crypto.com/papers/escrowrisks98.pdf.
99. (p. 115) Diffie and Landau, Privacy on the Line, 239.
100. (p. 116) U.S. Bureau of Export Administration, Appl. Ref. No: Z066051/G006298.
101. (p. 116) Philip R. Kam Jr., Plaintiff, v. United States Department of State and
United States Department of Commerce, and William A. Reinsch, Undersecretary of
Commerce for the Bureau of Export Administration, United States District Court of
Appeals, Civ. A. No. 95-1812(LBO).
102. (p. 116) Appl. Ref. No: Z066051/G006298.
103. (p. 116) Lee Tien, letter to William Reinsch in reference to Appl. Ref. No.:
Z066051/G006298.
104. (p. 116) Stephen Levy, Crypto: How the Code Warriors Beat the GovermmnentSaving Privacy in the Digital Age (New York, NY: Viking Press, 2001), 162-163.
105. (p. 117) Levy, Crypto, 162.
106. (p. 117) Ozzie explained that "we asked the government to generate a special
RSA key pair, and to make known their RSA Public Key. We asked them to keep their
private key classified, compartmentalized-as secret as they'd keep the keys to their
own military and diplomatic communication systems-and to never disclose it to
anyone. Then, we changed Notes so that whenever the product generates an
encrypted 64-bit bulk data key, bound to that key is a small package-a `workfactor
reduction field'-containing 24 bits of the bulk data key encrypted with the U.S.
government's public key. So the U.S. government has exclusive access to 24 of the
64 bits. That's 64 bits against the cracker, 40 bits for the government." ("Prepared
Remarks," RSA Data Security Conference, 1996).
107. (p. 117) Frederik Laurin, "Secret Swedish E-Mail Can Be Read by the U.S.A.,"
Calle Froste, November 18, 1997.
108. (p. 117) Sowing fear, uncertainty, and doubt (FUD) is a well-known tactic to
influence public perception without necessarily having a firm basis in facts.
109. (p. 118) Diffie and Landau, "Export of Cryptography," 732-733.
110. (p. 118) Diffie and Landau, "Export of Cryptography," 732.
111. (p. 118) Network exploitation employs a combination of techniques to collect,
monitor, and falsify information on an adversary's networked system. It may include
infiltration of the target system, placing code to be activated at a later date, and
exfiltration of data.
112. (p. 119) GOTS equipment is typically developed by a government agency.
113. (p. 119) Former NSA general counsel Stewart Baker testified in Congress in 2004
on behalf of an industry association and described the situation this way: "While
American innovators are still cooling their heels in Quantico, waiting to explain a
new technology to the FBI Lab, their competitors in Singapore, China, Japan,
and Europe will be manufacturing already. The U.S. market will end up a laggard,
getting technologies after they've been sufficiently proven in the rest of the world to
justify the engineering and lobbying costs needed to get an assurance of CALEA
compliance" (Stewart Baker, written testimony in U.S. Congress, House of Representatives, Committee on Energy and Commerce, Subcommittee on Telecommunications
and the Internet, Law Enforcement Access to Communications Systems in the Digital Age,
One Hundred and Eighth Congress, Second Session, Serial No. 108-115, September
8, 2004).
114. (p. 119) DoJ OIG, "Implementation of CALEA, Audit Report," 16.
115. (p. 119) Landau, "National Security on the Line," Journal of Telecommunications
and High Technology Law 4, no. 2 (Spring 2006): 419.
116. (p. 119) AOL has, for example, made its Instant Messaging product surveillance
compliant.
117. (p. 119) Siobhan Gorman, "NSA to Defend against Hackers: Privacy Fears Raised
as Spy Agency Turns to Systems Protection," Baltimore Sun, September 20, 2007.
118. (p. 120) This was also known as Homeland Security Presidential Directive 23.
119. (p. 120) U.S. Department of Homeland Security, National Cyber Division, U.S.
Computer Emergency Readiness Team, "Privacy Impact Assessment: Einstein
Program. Collecting, Analyzing, and Sharing Computer Security Information across
the Federal Civilian Government," September 2004.
120. (p. 120) U.S. Department of Homeland Security, National Cyber Division, U.S.
Computer Emergency Readiness Team, "Privacy Impact Assessment: Einstein Program."
121. (p. 120) U.S. Department of Homeland Security, National Cyber Division, U.S.
Computer Emergency Readiness Team, "Privacy Impact Assessment: Einstein Program."
122. (p. 121) In Stengart v. Loving Care Agency (A-16-09), the New Jersey Supreme
Court affirmed a lower court decision that an employee using a work-supplied computer to access a private email account has a reasonable expectation of privacy.
Marina Stengart had been communicating with her lawyer through a passwordprotected yahoo account using a laptop supplied by her employer, the Loving Care
Agency. The company had a clear policy that while employees could occasionally
use company equipment for personal purposes, communications (email, Internet,
etc.) transmitted over the machine would not be considered private. The system had
been set up so that every web page Stengart viewed on the laptop was automatically
saved to the computer's hard drive.
Stengart left the company and filed suit over employment discrimination. Loving
Care had the laptop's hard drive searched and found the communications, which
it sought to use in the subsequent court case. Emphasizing the lawyer-client privilege
aspect of the communications between Stengart and her attorneys and the "equivacol" nature of Loving Care's personal use policy, the court found for Stengart; it
ruled that Loving Care and its lawyers had no right to use the communications
between Stengart and her attorneys in preparation of their case.