The Federal Bureau of Investigation (FBI) has been attempting to strongarm internet service providers into installing “eavesdropping technology” within their own internal networks to harvest user data. The FBI-developed software, known as “port-reader” software, intercepts and analyzes whole streams of communication in an ISP network.
Up until a few weeks ago, the “port-reader” software remained under wraps until former government officials came foward and spoke about the FBI’s efforts to CNET. In pressuring ISPs to implant the information-harvesting software inside of networks, the FBI has resorted to some very forceful tactics to enlist compliance, such as “threats of contempt of court.”
Carriers are remaining resistant to the FBI’s advances, however, “because of the privacy and security risks of unknown surveillance technology operating on a sensitive internal network.”
The process through which the FBI wants to collect users’ metadata (phone numbers, email addresses, logins, etc.), is that by having the ISPs route communications through the port reader software, while using their CALEA compliance hardware, the software strips content data and “extracts the metadata.” The providers would then give the metadata to the feds.
An FBI spokesperson claims the FBI has “legal authority to use alternate methods to collect Internet metadata.” Generally, law enforcement requires a judge order to wiretap real-time communication streams, and the same applies for intelligence gathering under the Foreign Intelligence Surveillance Act (FISA). But by using a “pen register and trap and trace order,” government agencies are able to skirt past judicial review and oversight.
However, there are many who have acknowledge that the speed at which technology evolves vastly outgrows legislation. “The statute [concerning pen registers] hasn’t caught up with the realities of electronic communication,” said Colleen Boothby, a Washington, D.C. attorney. “Judges are not always in a position to understand how technology has outpaced the law.”
Government agencies can still insert port reader software with a pen register order under the Patriot Act, yet the difference between legally and illegally-collected metadata is still murky.
Joshua de Leon is a writer and researcher with Ring of Fire.