The National Security Agency routinely listened in on the intimate and innocent phone calls of Americans in Iraq, including government personnel, journalists and aid workers, as they called back into the United States, according to two former NSA operators who spoke to ABC News.

The accusations that the NSA routinely listened in on Americans' phone calls contradicts the Administration's repeated claims that its secret spying did not listen to any Americans other than suspected terrorists.

The conduct also appears to violate the rules that govern when the NSA can listen in to Americans' making calls overseas-- which then required high-level approval for each target.

The two operators, who ABC News say do not know one other, came forward after speaking with the foremost chronicler of the NSA, James Bamford, whose new book the Shadow Factorycomes out on Tuesday.

ABC News reports:

"These were just really everyday, average, ordinary Americans who happened to be in the Middle East, in our area of intercept and happened to be making these phone calls on satellite phones," said Adrienne Kinne, a 31-year old US Army Reserves Arab linguist assigned to a special military program at the NSA's Back Hall at Fort Gordon from November 2001 to 2003.

Kinne described the contents of the calls as "personal, private things with Americans who are not in any way, shape or form associated with anything to do with terrorism."

Another intercept operator, former Navy Arab linguist, David Murfee Faulk, 39, said he and his fellow intercept operators listened into hundreds of Americans picked up using phones in Baghdad's Green Zone from late 2003 to November 2007.

Faulk says he and others in his section of the NSA facility at Fort Gordon routinely shared salacious or tantalizing phone calls that had been intercepted, alerting office mates to certain time codes of "cuts" that were available on each operator's computer.

"Hey, check this out," Faulk says he would be told, "there's good phone sex or there's some pillow talk, pull up this call, it's really funny, go check it out. It would be some colonel making pillow talk and we would say, 'Wow, this was crazy'," Faulk told ABC News.

It's not clear whether the allegations refer to the so-called Terrorist Surveillance Program that the Administration admitted to running after the New York Times revealed its existence in December 2005. The government describes that program as listening into phone calls where one end is outside the United States and where one party is suspected of being a terrorist. That program likely intercepted phone calls with help from American telecom companies.

The program described by the operators in the ABC News story likely collected the intelligence outside the United States.

Kinne's allegations are not new -- she's been making them public for sometime as part of her involvement in the Iraq Veterans Against the War.

If the allegations are true, they show that when the government secretly tossed aside the decades-old credo that the NSA doesn't spy on Americans, it did not simply make one or two exceptions -- it shredded the it.

ABC Newssays the head of the Senate Intelligence committee Jay Rockefeller (D-West Virginia) is disturbed by the news and pledges to look into it.

However, it fails to note that Rockefeller was the key lawmaker in this summer's legislation that largely legalized the government's formerly secret warrantless wiretap program and gave immunity to the companies that helped.

Threat Level will have more next week with the release of Bamford's book and a tag team Danger Room/Threat Level interview with Bamford.

See Also:

• Attorney General Pulls the Immunity Trigger, But Denies 'Dragnet ...
• Rights Group Suing AT&T for Spying Sues NSA and Cheney, Too
• Analysis: NSA Spying Judge Defends Rule of Law, Congress Set to ...
• Feds Use Phone Bills to Get Journo's Sources on NSA Spy Program
• Analysis: NSA Spying Judge Defends Rule of Law, Congress Set to ...
• Bush Signs Spy Bill, ACLU Sues
• Secret Spying Court Stays Secret, Rejects ACLU Plea Again

Photo: JosephTate73/Flickr

My colleague Barbara Esbin, a Senior Fellow and Director of the Center for Communications and Competition Policy at The Progress & Freedom Foundation, was asked to pen a short history of the net neutrality wars in the U.S. for a French publication, La Lettre de l’Autorité.  Her essay provides an excellent, concise overview of where we’ve come from and where we might be heading on this front.  I’ve pasted the entire essay down below, or you can download the PDF here.

________________________

Net Neutrality Regulation in the United States
by Barbara Esbin

PFF Progress Snapshot
Release 4.21 October 2008

The United States moved closer to “Net Neutrality” regulation this year when the Federal Communications Commission found that Comcast, a cable broadband Internet service provider, violated a set of Internet policy principles the FCC adopted in 2005 by limiting peer-to-peer (P2P) traffic. The ruling was the culmination of a ten-year effort that began as a call for wholesale “open access” to the cable platform for third-party Internet service providers. Requests for open access first emerged in 1998 when the FCC considered AT&T’s acquisition of cable operator TCI. The FCC rejected open access, but the issue quickly re-emerged in a subsequent proceeding to determine the appropriate regulatory classification of cable Internet service. Depending on how the FCC categorized cable Internet service, it would either be subject to telecommunications “common carrier” requirements, “cable service” requirements, or treated as a then-unregulated “information service.”

In 2002, the FCC classified cable Internet service as an “information service.” This meant that the telecommunications common carrier requirements — that service be provided upon request, without unreasonable discrimination as to rates, terms and conditions of service — would not apply to cable Internet services. The FCC’s decision was upheld by the U.S. Supreme Court in NCTA v. Brand X. Afterwards, advocates of open access re-directed their efforts away from advocating wholesale access for third-party ISPs, and towards rules aimed at consumer rights to a “neutral network” or “net neutrality.”

In 2005 the FCC extended its deregulatory “information service” approach to wireline broadband Internet services provided, thus freeing telephone companies of traditional common carrier mandates for these services. The FCC’s decisions not to impose cable open access and to relieve telcos of common carrier obligations reflected a policy of fostering infrastructure deployment through market operations. Concurrently, the FCC released a “Policy Statement,” declaring four “entitlements” that Internet service consumers should enjoy: (1) access to lawful content of their choice; (2) ability to run chosen applications and services; (3) ability to connect their choice of legal devices that do not harm the network; and (4) competition among network, application and content providers. The Policy Statement expressly stated that the FCC was not adopting rules and that the principles are subject to reasonable network management. The FCC subsequently stated that it would entertain complaints concerning violations of the principles, and in early 2007, the FCC opened an “Inquiry” into broadband industry practices, seeking information about network management and asking whether it should impose rules.

In late 2007, an advocacy group filed a Complaint alleging that Comcast had violated the FCC’s Policy Statement by “secretly degrading” BitTorrent traffic, thus interfering with the Internet rights of its subscribers, and that its practices did not constitute reasonable network management. Several months later, Comcast and BitTorrent agreed to work together to resolve network congestion issues through the use of protocol-agnostic network management. Yet on Aug. 20, 2008, the FCC released an Order purporting to rule on the Complaint, finding that Comcast had violated the Internet policy principles, and rejecting its defense that its practices were reasonable. The FCC ruled that Comcast’s network management practices: discriminated among Internet applications and protocols rather than treating all equally; effectively blocked Internet traffic; posed significant risks of anti-competitive abuse; were inconsistent with “an open and accessible Internet;” and that Comcast’s failure to disclose its practices compounded the harms. Alternative means of managing network congestion approved by the FCC include metered usage and throttling the connection speeds of excessive users.

This action was said to be an “adjudication,” although traditional agency complaint rules were not followed. Comcast was given 30 days to disclose to the FCC “the precise contours” of its network management practices and describe what it will do instead to address network congestion. The effect of the Order is to establish a fifth “non-discrimination” Internet policy principle, to be implemented by the FCC through case-by-case adjudication of individual complaints rather than ex ante rules. Thus, 10 years later, and without explicit acknowledgment, the FCC has effectively abandoned its “hands off” approach and imposed a form of common carrier regulation on ISPs.

I have written elsewhere on legal and procedural flaws that may doom the Network Management Order. In summary: (1) the FCC has not been granted explicit authority to regulate the provision of broadband “information services;” (2) the “ancillary jurisdiction” on which the FCC relied was not reasonably related to its other statutorily mandated responsibilities; (3) having failed to adopt enforceable rules concerning broadband network management, the FCC could not lawfully subject Comcast to an “adjudication” concerning its practices; and (4) the Complaint filed against Comcast was defective in several respects and should have been dismissed.

The Network Management Order has been appealed by Comcast and several advocacy groups. Comcast challenges the basis on which the FCC found that it had violated federal policy in the absence of pre-existing legally enforceable rules. The advocacy groups appealed the FCC’s failure to order Comcast to immediately cease and desist interfering with P2P traffic. The appeals have been consolidated and will be heard by the D.C. Circuit Court of Appeals, a court that has shown little patience for the FCC’s unusual procedures and the FCC’s use of the doctrine of “ancillary jurisdiction” to expand its reach. Meanwhile, several network operators have announced bandwidth caps or plans to implement them. In addition, there are renewed calls both for the FCC to establish ex ante rules and for legislative action to grant the FCC express regulatory authority over broadband Internet service providers. In short, the legal and policy debate over net neutrality continues.

______________
* Barbara Esbin is a Senior Fellow and Director of the Center for Communications and Competition Policy at The Progress & Freedom Foundation.

If a false entry in a database leads to a unconstitutional police search that reveals illegal drugs, does the government get to hold it against you?

That's the question the Supreme Court will tackle on Tuesday in a case civil liberties groups such as the Electronic Privacy Information Center argue will have broad implications  in a world where we are constantly being evaluated against databases and watch lists that are riddled with frustratingly persistent errors.

"In these interlinked databases, one error can spread like a disease, infecting every system it touches and condemning the individual to whom this error refers to suffer substantial delay, harassment, and improper arrest," EPIC director Marc Rotenberg argued in a friend of the court brief (.pdf).

Not surprisingly, the government disagrees.

"Police officers in the field must be allowed to rely on information they receive from others when it is reasonable to do so," the Justice Department wrote in its brief (.pdf), arguing that throwing out the evidence won't make errors less likely.

At issue is the case of Bennie Herring, an Alabama man who drove to the police station in July 2004 to try to retrieve items from an impounded pickup truck. A Coffee County cop recognized him, asked the clerk to check the database for outstanding warrant.

None was found, so the investigator asked the clerk to call the neighboring Dale county clerk to see if it had a warrant for Herring.

The Dale county clerk found a warrant for Herring in their database, so the Coffee County cops set out after Herring after asking the other county to fax the warrant over. 

Herring was soon pulled over and the police found meth in his pocket and a pistol under the truck's seat.

But in the meantime, the Dale county clerk found that there was no warrant for Herring and the entry should have been removed five months previous.

In court, Herring moved to have the evidence thrown out, but instead was sentenced to 27 months for being a convicted felon in possession of a firearm.

No one – not even the government - disputes that the search was unconstitutional.

But the courts – including the 11th U.S. Circuit Court of Appeals – aren't convinced that throwing out evidence from a tainted-database-initiated search will make the system better.

"Hoping to gain a beneficial deterrent effect on Dale County personnel by excluding evidence in a case brought by Coffee County officers would be like telling a student that if he skips school one of his classmates will be punished," Judge Edward Carnes wrote in a 2007 opinion. 

"The student may not exactly relish the prospect of causing another to suffer, but human nature being what it is, he is unlikely to fear that prospect as much as he would his own suffering. "

Instead Carnes suggests victims of bad government databases should find their justice by filing a civil suit against the responsible parties.

Civil liberties groups say such suits are unlikely to succeed and that the Constitution should protect people from watch lists and databases relied on more and more by the government, even as it  denies responsibility for keeping them accurate.

The case is Herring vs. US 07-513.

Photo: dbking/Flickr

Federal prosecutors are going after a Florida college student who allegedly installed spyware on a woman's laptop to covertly snap nude photos of her through her webcam.

Craig Matthew Feigin

Craig Matthew Feigin, 23, is charged (.pdf) in U.S. District Court in Gainesville with violating the federal Computer Fraud and Abuse Act. Feigin was arrested by local police last July.

The case began when the victim noticed changes in her computer's behavior after giving it to Feigin for overnight repairs, the Gainesville Sun reported at the time. Every time she got near her laptop,  the light on her webcam switched on.

A friend with IT experience examined the system, and found that someone had installed the remote access program Log Me In, and software called Web Cam Spy Hacker, which Feigin himself sold online as a tool for catching cheating spouses. Over three weeks, the software allegedly uploaded some 20,000 images of the woman to an Eastern European web server before it was detected.

Feigin reportedly told police he'd pulled the same scam on eight or nine other women. A federal magistrate issued an arrest warrant for Feigin on September 23.

Two Pennsylvania men are in trouble this week for electronic snooping of a different sort. Artur Grigoryan and Artur Hurutyunyan allegedly persuaded an associate to take a job as a clerk at the local Rite Aid in Wayne, Pennsylvania. Once there, she installed a skimming device inside the debit card pad at the cash register, which began scooping up ATM card numbers and PINs from drug store customers.

A Flying J in Lordsburg, New Mexico
Courtesy Texas Hillsurfer

From January to April of last year, the two men periodically returned to the store and distracted other cashiers while downloading the captured information from the wiretapped PIN pad, according to a five-count federal information (.pdf) filed Tuesday in U.S. District Court in Philadelphia. They allegedly programmed the captured magstripe data onto other cards and used the PINs to withdraw some $351,050 from Rite Aid shoppers with accounts at Citizens Bank, PNC Bank and Wachovia.

A Texas trucker struggling with the high price of diesel fuel is accused in a similar scam, after MasterCard customer Amanda Anderson noticed mysterious charges to her card from the Flying J truck stop chain. The FBI traced the charges (.pdf) to truck driver Armenak Abulyan by way of his "Frequent Fueler" card, which offers discounts and incentives to Flying J customers. Abulyan was apparently a particularly faithful customer, who swiped his loyalty card at Flying J pumps from Knoxville to Nebraska, while using Anderson's credit card number, and at least seven others, to gulp down $20,000 in gas from May to September 2008.

Anderson told the FBI the charges began after she used her card at a convenience store. The clerks there told her that the store's card reader was broken, then briefly took her MasterCard into another room to use "the back unit."

Jay Echouafni

Perhaps bolstered by its success in extradition proceedings against British UFO hacker Gary McKinnon, the feds this week reopened and Europeanized a 2004 case involving a satellite TV entrepreneur who allegedly shelled out cold, hard cash to have three competitors DDoSed off the web.

Jay Echouafni, 41, allegedly paid an employee to organize crippling distributed denial-of-service attacks against competing websites selling satellite TV gear in 2003. The employee, Paul Ashley, pleaded guilty to the attacks and has already served a two-year prison term, while Echouafni skipped out on $750,000 bail and is now believed to be hiding out in Morocco, where he was born.

Alleged botmaster Lee Graham Walker, of the United Kingdom, was charged alongside Echouafni in the original federal complaint in 2004. On Thursday federal prosecutors in Los Angeles turned that into a formal indictment (.pdf), perhaps clearing the way for extradition proceedings.

At the same time, the feds added German hacker Axel Gambe to the case. Gambe last came up as the prime suspect in the Half Life 2 source code theft. He's named in the new indictment as the purported creator of the Agobot malware used in some of the attacks.

Charges filed in 2004 against three other men in the case were later dropped.

Fed Blotter is Threat Level's new weekly roundup of computer crime cases in the federal courts. If you've been indicted, or are about to be, please let us know.

Declaring that 750,000 Americans are out of work because of intellectual property piracy, the U.S. Chamber of Commerce is urging President Bush to sign legislation creating a cabinet-level copyright czar to oversee expanded IP enforcement efforts.

Those are eye-popping numbers, equaling 8 percent of the official number of 9.4 million unemployed Americans.

But the origin of that 750,000 number -- which was included Thursday in a Chamber of Commerce lobbying letter (.pdf) to the president -- is a mystery.

A spokesman for the Chamber of Commerce said Friday that the nation's largest business lobbying group obtained the figure from "several federal government departments and agencies," including the U.S. Department of Commerce. 

In an e-mail, chamber spokesman Alex Burgos provided a link to a Sept. 21, 2005 statement from then-Commerce Secretary Carlos Gutierrez citing the 750,000 figure.

The U.S. Department of Commerce, however, said Friday that it obtained the number from the Chamber of Commerce. "That information was provided by the Chamber of Commerce," Emily Lawrimore, a U.S. Department of Commerce spokeswoman, said in a telephone interview. "That's where we received the information from."

The 750,000 figure is repeated on the Chamber of Commerce's website section on intellectual property, but cites the office of U.S. Customs and Border Protection as the source.

And then there's the same number again appearing on a 2007 joint U.S. Department of Commerce-U.S. Chamber of Commerce press release. A link on the press release goes to the Commerce Department's trademark division dealing with small business. Atop the website is this flash message we captured with a screenshot:

5 of 9 episodes displayed
View All Episodes >
(4 more)