Feeds

Wiretapping, FISA, and the NSA

I always feel like somebody's watching me..

SANS - Survey on application security programs

In the December 2000 criminal prosecution of Osama Bin Laden for the first World Trade Center attack, the Court found that the Fourth Amendment warrant requirement did not apply to searches conducted on foreign nationals overseas - indeed, there was no mechanism for a judge in Manhattan to order a search or interception in Nairobi. But that is overseas. So if the wiretaps were done by the US government against foreign targets overseas, everything would have been ok. But the revelations were that the government was targeting US ersons for intercepts based upon some "connection" to some overseas person.

The first assumption under federal law is that all wiretapping done in this country or wiretapping directed against US citizens or permanent residents is illegal. Three separate laws make it a crime to engage in electronic surveillance unless specifically authorized by statute. 50 USC 1809(a); 47 USC 605 and 18 USC 2511. There are several exceptions to this presumption, including consent of one or all of the parties to the communication, interception by the provider of telecommunications services in the ordinary course of business for certain purposes. These are interceptions that do not implicate a reasonable expectation of privacy, and finally, interceptions done pursuant to court orders. That is, orders by the judicial branch.

For interception of the contents of communications within the United States (whether among citizens or not) the government (typically the FBI) can get a warrant under the federal wiretap statute (called Title III) or the Electronic Communications Privacy Act. Such warrants are difficult to obtain, must be supported by a finding of probable cause to believe that a crime has been or will be committed and that the tap will uncover evidence of that crime, and that reasonable steps have been taken to minimize the possibility that non-criminal conversations (or emails) will be intercepted and examined. As part of the USA-PATRIOT Act, Congress authorized so-called "roving" wiretaps, which allow the FBI and not the Court to decide that a target was now using a different telephone, and to transfer the wiretap authority from one phone to another. This resulted in reports of hundreds of erroneous wiretaps for the wrong telephone number, address, or email address.

But Title III wiretap orders apply only to findings of criminal activity. Now it is difficult for me to imagine a circumstance where someone could be part of a terrorist organization, planning or discussing terrorist activities and not be suspected of a crime. Terrorism is a crime. Murder is a crime. Destruction of property is a crime. Conspiracy is a crime. Money laundering, fraud, immigration fraud, false statements, counterfeiting - all of these are crimes. In the recent Spielberg movie Munich, Mossad agents assigned to assassinate those responsible for planning the abduction and murder of Israeli Olympic athletes agonize over the legality of their actions, but ultimately focus on its necessity. Niceties of the law are rarely debated on the battlefield, and according to the current administration, the battlefield is everywhere and forever.

Top three mobile application threats

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.