FBI BBS Surveillance
by Marc Rotenberg
FBI BBS Surveillance (CPSR FOIA Request)
On August 18, 1989 CPSR submitted a Freedom of Information Act request
to the FBI asking for information about BBS surveillance. After four
follow-up letters, a series of phone calls, and Congressional
testimony that discussed the CPSR request, the FBI has failed to
respond to our request. (The statutory time limit for the FOIA is ten
days).
If any one has information about possible FBI surveillance of bulletin
boards or networks, please send it to me. Specific dates, locations,
BBSs are important. (You can send information to me anonymously by
land mail, if you need to protect your identity).
Thanks for your assistance,
Marc Rotenberg, Director
CPSR Washington Office
1025 Connecticut Ave., NW, Suite 1015
Washington, DC 20036
202/775-1588 (voice)
202/775-1941 (Data)
[email protected] or
[email protected]
Contents:
1. CPSR FOIA Request to the FBI Regarding BBS Surveillance
2. CPSR letter to Congressman Don Edwards regarding FOIA request
3. Chronology of events
[CPSR FOIA Request to the FBI Regarding BBS Surveillance]
CPSR Washington Office
1025 Connecticut Avenue, NW
Suite 1015
Washington, DC 20036
202 775-1588
202 775-1941 (fax)
Director
Marc Rotenberg
August 18, 1989
FOIA Officer
FBI
9th St. & Penn. Ave., NW
Washington, DC 20535
Dear FOIA Officer,
This is a request under the Freedom of Information Act, 5 U.S.C. 552.
Part I:
I write to request a copy of all materials relating to the FBI's
collection of information from computer networks and bulletin boards,
such as PeaceNet (San Francisco CA) or The Well (Berkeley CA), that
are used frequently by political or advocacy organizations.
In particular, I would like any records which would indicate whether
the Bureau is intercepting, collecting, reviewing, or "downloading"
computer transmissions from any of the following networks and
conferences: Action Southern Africa, AIDS Coalition Network, The
American Peace Test, Amnesty International, Association for
Progressive Communications, Beyond Containment, Center for Innovative
Diplomacy, Central America Resource Center, Central America Resource
Network (CARNet), The Christic Institute, Citizen Diplomacy, Community
Data Processing, EcoNet, Friends of the Earth, Friends Committee on
National Legislation, HandsNet, Institute for Peace and International
Security, Media Alliance, Meiklejohn Civil Liberties Institute,
National Execution Alert Network, Palo Alto Friends Peace and Social
Action Committee, PeaceNet. Quaker Electronic Project, Web, The Well.
This request includes public communications that take place through
a computer bulletin board. For example, this would include both
transmissions that are available for public perusal, a "conference" or
"posting," as well as transmissions that are directed from one party
to one or more other specific parties and intended as private,
"electronic mail."
Part II:
I also request any records that would indicate whether
anyone acting at the behest or direction of the FBI, has any computer
accounts on any computer bulletin boards operated by an advocacy or
political organization, and, if so, the names of the bulletin boards,
and whether the Bureau has indicated the actual organizational
affiliation of the account holders to the system operators.
Part III:
I also request any records that would indicate whether the Bureau
has ever operated, is currently operating, is involved in the
operation of, or is planning to operate, a computer bulletin board
that is intended for public use.
Part IV:
I would also like any records which would indicate the
circumstances under which it would be appropriate for an agent or
authorized representative, asset, informant, or source of the Bureau
to intercept, collect, review, or "download" the contents of computer
bulletin boards.
Part V:
I would like any records relating to the FBI's development,
research, or assessment of computer systems for automated review of
information stored in an electronic format, obtained from a computer
bulletin board or network.
Part VI:
Finally, I request any records that would indicate whether the FBI
has developed, or is planning to develop, a system that could
automatically review the contents of a computer file, scan the file
for key terms or phrases, and then recommend the initiation of an
investigation based upon this review.
I ask that you check with your regional offices in San Francisco,
San Jose, Austin, Phoenix, Los Angeles, and New York, in addition to
the files that are available in Washington, DC. I also ask that you
consult with those agents involved in the investigation of computer
crime to determine whether they might be aware of the existence of
such records. You should also check any documents relating to John
Maxfield, who was employed by the Bureau to investigate computer
bulletin boards.
Under the Freedom of Information Act, you may withhold all properly
exempted materials. However, you must disclose all non-exempt
portions that are reasonably segregable. I reserve the right to
appeal the withholding or deletion of any information.
Under the Freedom of Information Act, CPSR is entitled to a waiver
of all fees for this request because the "disclosure of this
information is likely to contribute significantly to the public
understanding of the operations or activities of the government and is
not primarily in the commercial interest of the requester." CPSR is a
non-profit, educational organization of computer scientists. Our work
has been cited in scholarly journals, trade publications, and the
national media. CPSR has particular expertise on the use of computer
technology by the FBI, having prepared an extensive report on the
proposed expansion of the NCIC at the request of Congressman Don
Edwards. For these reasons, CPSR is entitled to a waiver of all fees.
If you have any questions regarding this request, please telephone
me at the above number. I will make all reasonable efforts to narrow
the request if you determine that it has been too broadly framed.
As provided in the Freedom of Information Act, I will expect to
receive a response within ten working days.
Sincerely yours,
Marc Rotenberg, Director
Washington Office, Computer Professionals for Social Responsibility
[CPSR letter to Congressman Don Edwards regarding FOIA request]
February 27, 1990
Representative Don Edwards
Subcommittee on Civil and
Constitutional Rights
House Judiciary Committee
806 House Annex 1
Washington, DC 20515
Dear Chairman Edwards:
I am writing to you about a particular FOIA request that CPSR has
pursued since August of last year. We asked the FBI for information
about the monitoring of computer networks and bulletin boards. We
initiated this request because of the obvious civil liberties
interests -- speech, associational, and privacy -- that would be
endangered if the FBI's examination of the contents of computer
systems failed to satisfy appropriate procedural safeguards.
After six months of delay, five certified letters to the Bureau's
FOIA/Privacy Act office, and many phone calls with the FBI's FOIA
officers, we have not received even a partial response to our request.
On September 20, 1989 a FOIA officer at the FBI assured us that
information would be forthcoming "in a couple of weeks." A letter
from the FBI FOIA/PA office on December 22 indicated that information
responsive to our request "has been located and will be assigned for
processing soon." But when I spoke with a FBI FOIA Officer on
February 15, less than two weeks ago, I was told that they "haven't
even started" to process the request and that the FBI couldn't say
when we would receive a response. (Please see enclosed chronology and
attachments).
The need for this information is truly urgent. Further delay will
constitute a denial. Congress is now considering several computer
crime bills, such as H.R. 55 and H.R. 287, that could broaden the
authority of federal agents to examine the contents of computer
systems across the country. There is a good chance that a bill will
pass before the end of this session.
Before Congress and the public should have a complete picture of the FBI's
current practices. Computer communications are particularly
vulnerable to surveillance and routine monitoring. Computer mail
unrelated to a particularized investigation could be swept up in the
government's electronic dragnet if the law is not carefully tailored
to a well defined purpose. Without a clear understanding of the civil
liberties problems associated with the investigation of computer
crime, Congress may be exacerbating a problem it does not yet fully
know about.
CPSR's Freedom of Information Act request could provide answers to
these questions. The FOIA establishes a presumption that the
activities of government should be open to public review and that
agency records should be disclosed upon request. But the Bureau
failed to comply with the statutory requirements of the FOIA and
frustrated our effort to obtain information that should be disclosed.
Without this information computer users, the public, and the Congress,
may be unable to assess whether the Bureau's current activities
conform to appropriate procedural safeguards.
Computer crime is a serious problem in the United States. One
auditing firm places the annual loss between $3 billion and $5
billion. Nonetheless, it is necessary to ensure that new criminal law
does not undermine the civil liberties of computer users across the
country. We requested information from the FBI under the FOIA to help
assess the adequacy of current safeguards. The Bureau failed to
respond. The result is that the public is left in the dark at a time
when significant legislation is pending.
We would appreciate whatever assistance with this request you might
be able to provide.
Sincerely yours,
Marc Rotenberg, Director
CPSR Washington Office
Enclosure
Chronology of CPSR's FOIA Request regarding
FBI Monitoring of Computer Networks with attachments
cc: Representative Charles Schumer
Representative Wally Herger
FBI FOIA/PA Office
Chronology of events
CPSR FOIA Request
FBI Monitoring of Computer Networks
CHRONOLOGY
Aug. 18, 1989
CPSR sends FOIA request to FBI seeking agency records regarding the
FBI's monitoring of computer networks and computer bulletin boards
used by political and advocacy organizations. The FOIA request seeks
information about:
a) the FBI's surveillance of computer bulletin boards and networks
used by political organizations;
b) the FBI's creation of clandestine accounts on computer bulletin
boards and networks operated by political organizations;
c) the FBI's creation of secret accounts on public bulletin boards;
d) the FBI's procedures regarding the downloading of information
contained on a computer bulletin board;
e) the FBI's research on the automated review of the contents of
information contained on computer bulletin board and networks; and
f) the FBI's research on the automation of the decision to initiate a
criminal investigation, based on the contents of a computer
communication.
The letter requests a fee waiver based on the public interest
standard. The letter indicates that CPSR has particular expertise in
the evaluation of the civil liberties implications of law enforcement
computer systems, having completed an extensive report for the House
Judiciary Committee on the proposed expansion of the FBI's computer
system, the NCIC. The letter further states that CPSR would work with
the FOIA/PA office to facilitate the processing of the request.
Aug. 31, 1989
FBI response #1. FBI sends a letter to CPSR ackn
the FOIA request and designating the request "FBI's Computer Networks
and Bulletin Board Collection," request no. 319512.
Sept. 20, 1989
CPSR speaks with FOIA Officer Keith Gehle regarding status of request.
Mr. Gehle states that he can not send a response "until he receives
responses from various agencies." It is "difficult to go to computing
indices." He says that he expects to have information "in a couple of
weeks,"and will have a response "by October 5, at the latest."
Oct. 16, 1990
CPSR Follow-up letter #1. CPSR confirms conversation with Mr. Gehle
regarding Oct. 5 target date and asks FOIA Officer to call to
indicate the status of the FBI's response to the request.
Oct. 26, 1989
CPSR speaks with Mr. Gehle. He says, "we are working on your
request." "We should have something soon. Hate to give a specific
date, but should have a letter for you within two weeks."
Nov. 22, 1989
CPSR follow-up letter #2. CPSR writes to Mr. Gehle, notes that Mr.
Gehle said he was working on the request, and the that response should
have been sent by Nov. 9. CPSR requests that FOIA officer call CPSR
by Dec. 1 to indicate the status of the request.
Dec. 22, 1989
FBI response #2. FBI sends letter, acknowledging receipt of Oct. 16
and Nov. 22 letters. The letter states that "[i]nformation which may
be responsive to your request has been located and will be assigned
for processing soon." The letter indicates that the FOIA/PA office
receives a large number of requests and that delays are likely.
Jan. 9 , 1990
CPSR follow-up letter #3. CPSR writes to Mr. Moschella, chief of the
FOIA/PA office at the FBI, acknowledges Dec. 22 letter and location of
responsive information. Requests that records be sent by Feb 18, 1990.
Jan. 19, 1990
FBI response #3. FBI sends letter stating that the Bureau has
allocated many agents to FOIA processing, that a large number of
requests are received. The letter further states that "a delay of
several months or more may be anticipated before your request is
handled in turn."
Feb. 2, 1990
CPSR follow-up letter #4. CPSR writes to Mr. Moschella, acknowledges
Jan. 19, expresses concern about delay. Letter notes that CPSR was
assured by a FOIA officer in the fall that "request would be answered
within 'a couple of weeks.'"
Feb. 15, 1990
CPSR receives call from Mr. Boutwell. According to Mr. Boutwell, FBI
can't say when request will be processed. "Haven't even started.
Backlogs and lay-offs during past year . . ." CPSR: FOIA Officer
indicated information had been located. FBI: Too optimistic. "Request
not yet assigned to an analyst . . . working now on 1988 requests .
. . Litigation is taking up time . . . analyst is taking time away
from document review for litigation . . . increased requests, fewer
personnel, lots of other factors. Would expedite for life and death or
due process, pursuant to agency regulations." CPSR: so when do we
receive a response? FBI: "Can't say."
The United States Government is monitoring the message activity on several
bulletin boards across the country. This is the claim put forth by Glen L.
Roberts, author of "The FBI and Your BBS." The manuscript, published by The
FBI Project, covers a wide ground of FBI/BBS related topics, but unfortunately
it discusses none of them in depth.
It begins with a general history of the information gathering activities of the
FBI. It seems that that the FBI began collecting massive amounts of
information on citizens that were involved with "radical political" movements.
This not begin during the 1960's as one might expect, but rather during the
1920's! Since then the FBI has amassed a HUGE amount of information on
everyday citizens... citizens convicted of no crime other than being active in
some regard that the FBI considers potentially dangerous.
After discussing the activities of the FBI Roberts jumps into a discussion of
why FBI snooping on BBS systems is illegal. He indicates that such snooping
violates the First, Fourth, and Fifth amendments to the Constitution. But he
makes his strongest case when discussing the Electronic Communications Privacy
Act of 1987. This act was amended to the Federal Wiretapping Law of 1968 and
But as with all good laws, it was written in such broad language that it can,
and does, apply to privately owned systems such as Bulletin Boards. Roberts
(briefly) discusses how this act can be applied in protecting *your* bulletin
board from snooping by the Feds.
How to protect your BBS: Do NOT keep messages for more than 180 days. Becaus
the way the law is written, messages less then 180 days old are afforded more
protection then older messages. Therefore, to best protect your system purge,
archive, or reload your message base about every 150 days or so. This seems
silly but will make it harder (more red tape) for the government to issue a
search warrant and inform the operator/subscriber of the service that a search
will take place. Roberts is not clear on this issue, but his message is state
emphatically... you will be better protected if you roll over your message bas
sooner.
Perhaps the best way to protect your BBS is to make it a private system. This
means that you can not give "instant access" to callers (I know of very few
underground boards that do this anyway) and you can not allow just anyone to b
a member of your system. In other words, even if you make callers wait 24
hours to be validated before having access you need to make some distinctions
about who you validate and who you do not. Your BBS needs to be a PRIVATE
system and you need to take steps to enforce and proclaim this EXPECTED
PRIVACY. One of the ways Roberts suggests doing so is placing a message like
this in your welcome screen:
"This BBS is a private system. Only private citizens who are not
involved in government or law enforcement activities are authorized
gained from this system to any government agency or employee."
Using this message, or one like it, will make it a criminal offense (under the
ECPA) for an FBI Agent or other government snoop to use your BBS.
The manuscript concludes with a discussion of how to verify users and what to
do when you find an FBI agent using your board. Overall, I found Roberts book
to be moderately useful. It really just whetted my appetite for more
information instead of answering all my questions. If you would like a copy o
the book it sells for $5.00 (including postage etc). Contact:
THE FBI PROJECT
Box 8275
Ann Arbor, MI 48107
Visa/MC orders at (313) 747-7027. Personally I would use a pseudonym when
dealing with this organization. Ask for a catalog with your order and you will be sure the FBI would be interested in knowing who is doing business with this place. The manuscript, by the way, is about 20 pages long and offers references to other FBI expose' information. The full citation of the EPCA, if you want to look it up, is 18 USC 2701.
Additional Comments: The biggest weakness, and it's very apparent, is that
Roberts offers no evidence of the FBI monitoring BBS systems. He claims that
they do, but he does not give any known examples. His claims do make sense
however. As he states, BBS's offer a type of "publication" that is not read b
any editors before it is "published." It offers an instant form of news and
one that may make the FBI very nervous. Roberts would do well to include some
supportive evidence in his book. To help him out, I will offer some here.
* One of the Ten Commandments of Phreaking (as published in the
famous TAP Magazine) is that every third phreaker is an FBI agent.
This type of folklore knowledge does not arise without some kind of
justification. The FBI is interested in the activities of phreakers
and is going to be looking for the BBS systems that cater to them. I
your system does not, but it looks like it may, the FBI may monitor it
just to be sure.
* On April 26, 1988 the United States Attorney's Office arrested 19
people for using MCI and Sprint credit card numbers illegally. These
numbers were, of course, "stolen" by phreakers using computers to hack
them out. The Secret Service was able to arrest this people by posing
as phone phreaks! In this case the government has admitted to placing
there, the success of theis "sting" will only mean that they will try
it again. Be wary of people offering you codes.
* In the famous bust of the Inner Circle and the 414s, the FBI monitore
electronic mail for several months before moving in for the kill.
While it is true that the owners of the systems being hacked (Western
Union for one) invited the FBI to snoop through their files, it does
establish that the FBI is no stranger to the use of electronic
snooping in investigating crimes.
Conclusion: There is no reason to believe that the government is *not*
monitoring your bulletin board system. There are many good reasons to believe
that they are! Learn how to protect yourself. There are laws and regulations
in place that can protect your freedom of speech if you use them. You should
take every step to protect your rights whether or not you run an underground
system or not. There is no justification for the government to violate your
rights, and you should take every step you can to protect yourself.
I have no connections with Roberts, his book, or The FBI Project other then
being a mostly-satisfied customer. I'm not a lawyer and neither is Roberts.
No warranty is offered with this text file. Read and use it for what you thin
it is worth. You suffer the consequences or reap the benefits. The choice is
yours, but above all stay free.
|