FBI Accidently Obtains Access to Undisclosed eMail Domain Contents

For years, many have been skeptical over exactly how private e-mail really is. While privacy may be a big concern for major eMail services provided by major companies, a recent Freedom of Information Act request by the EFF uncovered an unlawful access to a large amount of email by the FBI

The recent revelation won’t quiet critics of conventional email, more like give them more ammunition to say that email was never private. According to the report posted by the Electronic Frontier Foundation, the access was not authorized. It led the FBI to subsequently destroy the records they didn’t want, blaming it on an “apparent miscommunication”. The paper can be found on the EFFs website (PDF)

The document itself says the following:

In late February 2006, a surge in data being collected by the FBI’s Engineering Research Faculty (ERF) was identified by ERF personnel. As a result ERF investigated the issue and recognized that the collection tools used to collect email communication from the subject of the investigation were improperly set and appeared to be collecting data on the entire email domain. Due to an apparent miscommunication, the private internet provider accidentally collected mail from the entire domain and susequently conveyed the email to ERF. FBI informed the private internet provider of the error and instructed them to reset their filters to collect only those communications from the subject of the investigation’s e-mail address.

The New York Times covered the story and provided the following:

The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.

The problem has received no discussion as part of the fierce debate in Congress about whether to expand the government’s wiretapping authorities and give legal immunity to private telecommunications companies that have helped in those operations.

But an intelligence official, who spoke on condition of anonymity because surveillance operations are classified, said: “It’s inevitable that these things will happen. It’s not weekly, but it’s common.”

One thing is for sure, even email domains that tout superior privatizing systems might not be so secure in ensuring the privacy of their customers. Late last year, stories surfaced over Hushmail not being that private after all. For email providers selling privacy as a feature for their emails, these revelations strike a blow to their ability to sell privacy in the first place, though could be great news to companies offering a secondary layer of encryption over emails – whether or not they work is another story entirely. This goes over top of the debate on just how much privacy a person is entitled to when online in the first place – at least in the United States.

Related Posts

1. New Email Virus Targets P2P Users
2. Yahoo Increases eMail Capacity
3. Canadian Lawful Access Debate Returns
4. P2P + Email : new generation private filesharing ?
5. Overnet domain disabled