CNET reports on an Internet surveillance technique adopted by the FBI. According to CNET,

Instead of recording only what a particular suspect is doing, agents conducting investigations appear to be assembling the activities of thousands of Internet users at a time into massive databases, according to current and former officials. That database can subsequently be queried for names, e-mail addresses or keywords.

Essentially, instead of monitoring what a single IP address is doing (the IP address of the target,) the FBI is capturing the traffic for an entire IP block (we are not sure how big this block is, and presumably this depends on the circumstances of a particular case) and then using data-mining techniques to try to filter and analyze the traffic of their initial target.

According to Paul Ohm, a former federal prosecutor and now a law professor, this "vacuum cleaner" approach has become federal agents’ favorite method of gathering Internet surveillance data. One reason this may pose a legal issue is the requirement under law that law enforcement perform what is called as "minimization." 18 U.S.C. 2518 (Procedure for interception of wire, oral, or electronic communications) says that law enforcement must minimize the interception of communications not otherwise subject to interception and keep the supervising judge informed of what is happening.

In the voice surveillance context, this is known as the two-minute rule, which allows agents to listen in on a phone call for two minutes at a time, with at least one minute elapsing between the spot-monitoring sessions. Even though the statute does not provide for storage of captured information, it provides for storing the intercepted communication in the event that the communication is in code or foreign language and in such case the minimization should be accomplished as soon as possible after interception. § 2518(5).

How does this play out in the electronic surveillance field? The statute was enacted originally enacted in 1968 and although it was subsequently modified to include electronic surveillance, it leaves unclear the question of whether an electronic communication is "code or foreign language" just because the Internet traffic is a huge amount of information and it is impossible to monitor it in real time. In addition, there are evidentiary issues. For example, if in the process of full-pipe surveillance, the agents discover incriminating information about a user who was not the target of the investigation but whose data was captured in the "full pipe," can the prosecution use this as evidence in prosecution of the user.  In other words, when casting a large "net" for a target, can prosecution keep all it "catches" which is not related to the target?

Courts have wrestled with the minimization requirement for a long period of time, although in a different context. In 1978, the U.S. Supreme Court in Scott v. United States upheld wiretaps of people suspected in selling illegal drugs. The Court said that broad surveillance may be unconstitutional if it goes too far. Writing for the majority, Justice Rehnquist wrote, "if the agents are permitted to tap a public telephone because one individual is thought to be placing bets over the phone, substantial doubts as to minimization may arise if the agents listen to every call which goes out over that phone regardless of who places the call." Similarly, it can be argued that FBI’s full-pipe surveillance may go too far just because they suspect one individual may be using a particular subnet of IP addresses.

It is likely that this debate will continue over the next months and, obviously, it is just a matter of time before the a challenge on such surveillance takes place.

No Responses to “Full Pipe Surveillance”

No comments yet

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>