HOW DID WE GET TO THIS SPYING-ON-EVERYONE FIASCO?

Howdy, folks.  I put this history lesson on telecom and how we got to this No Such Agency spying-on-everyone mess on the Forum, and both Jack and Skye bugged me to put it into a TTP article series because they said it was so good.  So here we go with Part One.

It’s long so grab a drink.

Edward "Snowjob" Snowden didn’t really do anything other than give NSA’s program a name: "PRISM".  There are many such programs throughout the government.

There are various telecom laws that have been enacted since the 1934 Communications Act that enabled the government to do just what they have been revealed to be doing.  Which created the FCC, who could over see and regulate telecom and broadcasting.

This had the effect of creating monopolies by government fiat, as the FCC was to make broadcast and telecom regular throughout the states. It also granted the government, for the 1st time, a lawful means of wiretapping:

"No person not being authorized by the sender shall intercept any communication and divulge or publish the existence, contents, substance, purport, effect, or meaning of such intercepted communications to any person." ^{Section 605 of the Federal Communications Act FCC 1934}

The transmission of ten digits constitutes communication in that you authorize a private carrier to originate a call from a phone number, which you own and they manage, to a number which someone else owns and is managed by the terminating and carrier another private entity.

The terminating end receives your call and sees your ANI (automatic number identification) displayed.  This gives the party called information about who may be calling and You Transmitted That Message, from a number and device you own.  That is the 1st time you communicate with a person before a word is uttered.

Keep this in mind later as you read so you understand the fullness of how government bureaucrats justify infringing on your 4th amendment and 1st.

Now, in 1934 wire tapping wasn’t against the law per se but, rather, the information gathered could not be divulged from a wiretap.  So government went on doing it anyway, much the way the are doing it today.  I believe the possession of a private transmission by anyone, in particular, a government without a lawful and sworn warrant is an abridgement of the 1st and 4th amendment.

Over the years the public became increasing aware of this and demanded more regulation over wiretapping and eavesdropping of their conversation.  They weren’t specific enough about what they would not allow and government wanted to continue wiretapping and eavesdropping and they looked for ways to pass one thing that really was another. 

So in 1968 Omnibus Crime Control and Safe Streets Act of 1968 (OCCSSA) was passed and you ended up with a further piercing of your 1st and 4th amendment rights, as pertains to transmission via wire or broadcasting:

To safeguard the privacy of innocent persons, the interception of wire or oral communications where none of the parties to the communication has consented to the interception should be allowed only when authorized by a court of competent jurisdiction and should remain under the control and supervision of the authorizing court.

So problem solved right?  Need to have proper jurisdiction and control by warrant to wiretap by Law Enforcement?

Maybe.  But at least with 1968 OCCSSA the wiretapping came under control and was now limited to a specific individual, for a specific time period (30 days) and for a specific number.  It basically got specific and limited how LEO’s could obtain information.

Now here is the fun part of 1968:

Nothing contained in this chapter or Section 605 of the Communications Act of 1934 shall limit the constitutional power of the President to take such measures as he deems necessary to protect the Nation against actual or potential attack or other hostile acts of a foreign power, to obtain foreign intelligence information deemed essential to the security of the United States, or to protect national security information against foreign intelligence activities.  Nor shall anything contained in this chapter be deemed to limit the constitutional power of the President to take such measures as he deems necessary to protect the United States against the overthrow of the Government by force or other unlawful means, or against any other clear and present danger to the structure or existence of the Government. 

Sweet!  The Federal Government and the President alone can abrogate your rights but, local LEO!  Heavens to Betsy!  Our rights have been restored…NOT!

Let’s skip a few other acts and go to 1978.

Here we get FISA aka The Foreign Intelligence Surveillance Act.  This granted the Feds a new and farther reaching power than 1934 and 1968.  Now they can get faster responses on warrants to sweep communications made to or received by US citizens or organizations who happen to be in this country and suspected of crimes or organizing crimes against the state and they can go to a special court that deals specifically with FISA and FISA alone.

Kind of like fastracking and the probable cause requirement was weakened to further expedite a warrant.  Ever hear of "Reasonable Cause"?  We’ll deal with that later.

Fast forward again to the 1986 Electronic Communications Privacy Act or (ECPA).  Right around this time, because of competition in telecom, all kinds of communications mediums are expanding to the consumer and businesses alike.  That is, they are becoming more affordable and common in the marketplace and these new services or technologies make communication faster and easier.

The government needs to get a handle on this and quick before they lose the lawful ability to monitor things like Cellular Phones (in your car), Faxing (no more suitcase), Paging (some quick messaging with limited characters displayed), email is now coming into use and other services that were made unlawfully using things like DISA off a PBX or hybrid phone system. 

Direct Inward Service Access allows you to call back into a switch or PBX and transfer to anywhere in the corporation and reach an intended party faster or simply get to voice mail which was now finally starting to work, thanks largely to the smart guys at a PBX company called ROLM, who were the 1st to make it work correctly.

DISA also enabled criminals, terrorists and other miscreants to exploit this new feature. While DISA allowed you to call anyone or device within a company’s network, it also allowed you to transfer out of the PBX and make calls to anywhere.  Heck, if you didn’t know DISA was enabled on your PBX you would figure it when the phone bill came in for $thousands of dollars to countries like Pakistan, Afghanistan, India, Mumbai, Mexico and countries all over South America. 

It was pretty rampant for a while and there was always a list of countries being floated around, between carriers, that countries were barred from being called on the network.  Let ATT eat the cost, we can’t afford it.

So 1986 ECPA now allowed the Federal government, which I believe at this time consisted of largely the FBI and Secret Service to do really neat things like trap and trace or use pen registers to obtain numbers dialed and numbers dialed from.

The Secret Service had a trap and trace on our switch, at the long distance company I was working for at the time.  My recollection is that is wasn’t in use all the time but, only for lawful and specific investigations.

This was made possible by:

Upon an application made under section 3122 of this title, the court shall enter an ex parte order authorizing the installation and use of a pen register or a trap and trace device within the jurisdiction of the court if the court finds that the attorney for the Government or the State law enforcement or investigative officer has certified to the court that the information likely to be obtained by such installation and use is relevant to an ongoing criminal investigation.

So it kinda-sorta came with some new limitations or did it?

Well, actually the law established a mechanism by which the government could now do what it called "Roving Wiretaps".  This enabled the government to tap "A Person" and the communications devices they use, anywhere, anytime.  How did criminals get around this?

Well, calling cards, call back services and cell phones.   Calling cards could be used from say a payphone that one doesn’t frequent.  You would dial a toll free number, then a PIN authorizing you to make a call and then you would make a call.  Afterward you would toss the card and go get some more.  NOT TRACEABLE at all at that time.  We can trace better today but, switching and routing technologies as well as advanced heuristics give us a better capability.

Call back services enabled you to essentially do the same thing.  You call a toll free number and they complete your call.  Here however you use a credit card and you could get those anywhere, anytime back then.

Cell phones.  So at that time Cell Phones are either firmly in your car or carried as a bag phone.  Two Kewel things here.  They didn’t transmit the calling ANI to the PSTN as they are switched within the cell service providers network.  All the PSTN sees is the switch number and a Feature Group A or B origination code and they bill the service provider and the service provider bills you off the connection between them and the distant end. 

The other kewel thing is how cell phones work.  As you move your phone would jump from tower to tower to tower.  No way to trace back then.

Sucks for Feds but, there are some work-arounds which is why they came up with Communications Assistance for Law Enforcement Act (CALEA) in 1994.  Now you are screwed because all service providers must provide and pass not only ANI of transmission and receive to each other but, also how the call was routed. The whole routing.

This gives the Feds more power to not only scrutinize your calling patterns and who you’ve called but, additional powers to Rove Tap and still that wasn’t enough for an ever voracious Fed looking for new tools that ensnare criminals.

More directly communications were required by law to develop methods so as to make surveillance easier and not impeded that process.  It doesn’t say it exactly like that but, that is how it is interpreted and here’s why:

A telecommunications carrier shall ensure that its equipment, facilities, or services…are capable of expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept, to the exclusion of other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment [and] to access call-identifying information.

Now, you would think the phone companies would be pissed about the government telling them how to make their equipment, at their cost, which provided no value to the end user or their customers.  Just another cost and appendix to a system that no one asked for but, was imposed by law.

They were P.O.’d all right.  But, it wasn’t just the phone companies.  See, just because you see a good part of the transmission there were still ways to "Spoof" an identity, so the equipment and software developers were included in this mandate.

So Congress graciously handed over $500 million dollars of your tax money to pay for this.  Well, at least initially.  The cost ended up being way more than that, as most government programs aren’t properly calculated using so much as an abacus.  Just a plan on the back of a used napkin.

Actually, billions of your tax dollars were spent to modify communications companies’ equipment and networks to give the Feds even greater, more intrusive and faster access to almost anything they wanted.

Cute huh?

Not as cute as the government finally thinking "Hey, we forked over all this money for this equipment.  We actually own it or parts of it and now we demand access to our stuff".  Like what your money bought?  The communications companies and the Feds were now partners by law.  Anyone think that is funny?

RSA

So, recently many of you were made aware of a company called RSA.  They provide what are called "Security Tokens".  These tokens are used to identify, authenticate and authorize users in or on a network.  Their claim to fame is that these "Token" or really "Fobs" constantly generate authorization codes, which a holder must enter upon demand by a network Gatekeeper in order to gain access to the parts of the network they are cleared for.  A quick way of thinking about how they work is:

You, the user, carry what a network considers a gateway device.  That is your laptop, with a modem or wireless ability to access a company’s private network directly or through the internet.  Once you reach the company network there is a gatekeeper.  Think Middle Ages with Knights carrying messages to some part of a kingdom controlled by a castle:

The knight carrying a message rides up to the castle in tow with a lowly helper who carriers things for the knight.  You yell to the castle "I Sir WannaPass wish to enter and pass through your area of responsibility!"

"Okay mate!  I recognize you and you’re a nice and all but, you may only pass if you possess the keys/password.  I’m not going to make my neck ready for the kings henchman.

So the knight turns to his lowly helper who gives him the password for this castle.  The knight communicates the password, the Gatekeeper confirms the pass is right and the knight rides through the kingdom unmolested.  That’s how networks work, except it’s electronic now.

Back to RSA.  I’ve heard from many who believe the government "Bribed" RSA with $10 million dollars to entice RSA into giving the government back door access to their network and service.

The government didn’t bribe anyone.  Recall above that CALEA was passed and the government decided and then demanded they be partners with anyone they deemed covered.  They’re not complete tools or Facists.  Partners have investors and investors have real and tangible interests, as well access to view and use the product they invested in.

So the law (CALEA) says RSA:shall ensure that its equipment, facilities, or services…are capable of expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization, to intercept, to the exclusion of other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment [and] to access call-identifying information.

And you all are worried about the Chinese placing backdoors embedded in the chips of your computers???

It’s a con, put forward by the government to make you look somewhere else.  Who’s the magician in the room?

Sheah!!!  Right!  LOL.  To be continued…..

Vendome is well known to denizens of the the TTP Forum.