Known as full-pipe surveillance, FBI officials confirmed that they employ the tactic that allows them to gather massive amounts of data flowing through an ISP’s servers. The information is then entered into an FBI database and later queried for relevant names, email addresses or other keywords.
News of the practice came to light at a Stanford Law School symposium entitled “Search & Seizure in the Digital Age,” when former federal prosecutor Paul Ohm discussed the tactic, which he said has become the FBI’s default method for Internet surveillance.
“You collect wherever you can on the network segment,” Ohm said. “If it happens to be the segment that has a lot of IP addresses, you don't throw away the other IP addresses. You do that after the fact. You intercept first and you use whatever filtering, data mining to get at the information about the person you're trying to monitor.”
Electronic Frontier Foundation attorney Kevin Bankston said the practice is worse than Carnivore, the highly controversial Internet surveillance tool used by the FBI up until the law enforcement agency discontinued the program two years ago.
“What they're doing is intercepting everyone and then choosing their targets,” Bankston said.
Carnivore did not perform full-pipe surveillance.
Ohm, who presented a paper at the symposium on the 4th Amendment, said he had doubts about the legality of full-pipe surveillance.
“The question that's interesting, although I don't know whether it's so clear, is whether this is illegal, whether it's constitutional,” he said. “Is Congress even aware they're doing this? I don't know the answers.”
Under federal law, the FBI is required to “minimize the interception of communications not otherwise subject to interception.” However, courts have grappled with the meaning of “minimization” for nearly 30 years.
