CYBERSPACE — In late January of this year, News.com reported that the Federal Bureau of Investigation (FBI) had adopted a broad new online surveillance technique, effectively collecting information on large numbers of presumably innocent Web users in order to locate suspects for whom the FBI is unable to trace to a specific individual IP address.The technique, which has been referred to as “full pipe” surveillance, involves assembling records of Internet activities of thousands of users into an enormous database, current and former FBI officials told News.com. Once assembled, that database can then be queried for names, email addresses, or keywords to aid investigators in finding a suspect that they have not been able to locate otherwise.

Paul Ohm, a former trial attorney for the US Department of Justice’s Computer Crime and Intellectual Property Section (CCIPS) told News.com in January that the full pipe surveillance approach is employed when investigators have obtained a court order, but the ISP in question is unable to “isolate the particular person or IP address” due to technical barriers.

The full pipe surveillance technique was revealed publicly at a symposium called “Search and Seizure in the Digital Age,” which was held in January at the Stanford University law school. Ohm, now a professor of law at the University of Colorado at Boulder, and Richard Downing, a current assistant deputy chief for CCIPS, both spoke about the FBI’s full pipe surveillance at the symposium.

In an interview following the symposium, Ohm told News.com that the full pipe investigative technique had become a frequently employed tool for internet surveillance

“You collect wherever you can on the [network] segment,” Ohm said. “If it happens to be the segment that has a lot of IP addresses, you don’t throw away the other IP addresses. You do that after the fact.”

Ohm added that “you intercept first and you use whatever filtering, data mining to get at the information about the person you’re trying to monitor.”

Kevin Bankston, a staff attorney for the Electronic Frontier Foundation who also attended the symposium at Stanford, told News.com that the full pipe technique is “even worse than Carnivore,” referring to the FBI digital surveillance program later renamed “DCS1000.”

“What they’re doing is intercepting everyone and then choosing their targets,” Bankston asserted.

Officials from the US DOJ, however, dispute the characterization of their surveillance techniques as described by Ohm and Bankston, telling News.com in an email that their article was “inaccurate.”

Dean Boyd, a spokesman for the DOJ, wrote in his email that “Nothing has changed from our long-standing practice in implementing court-authorized law enforcement interception orders. The FBI records and retains only that data which it is authorized under law to record and retain – namely, the communications associated with court-approved targets.”

“For your information, what law enforcement does is isolate the communications associated with the target facility and record only those communications,” Boyd continued. “After law enforcement collects the targeted communications, as specified in the court order, we ‘minimize’ the captured information by sorting it into relevant and non-relevant material (i.e., depending on whether the contents relate to the criminal activity specified in the court’s order).”

In his email, Boyd conceded that on “rare occasions involving technical obstacles,” agents do “perform real-time filtering on large data connections carrying the traffic of multiple unrelated facilities, but only using automated filters that isolate and retain only the communications associated with the facility identified in the order.”

“All data not relating to the targeted facility is instantly and irreversibly deleted,” Boyd asserted. “This data is therefore never read or comprehended by anyone in law enforcement.”

Boyd concluded his email by stating “The bottom line: Nothing has changed. We believe that Professor Ohm, quoted in the article, either was misquoted or misspoke.”

Boyd’s reference in the email to “minimization” pertains to the statutory language that sets the parameters for legal interception of communications on the part of government law enforcement agents.

USC 18 §2518, the section of US code that defines the “Procedure for interception of wire, oral, or electronic communications,” states in part: “No order entered under this section may authorize or approve the interception of any wire, oral, or electronic communication for any period longer than is necessary to achieve the objective of the authorization, nor in any event longer than thirty days…. (E)very order and extension thereof shall contain a provision that the authorization to intercept shall be executed as soon as practicable, shall be conducted in such a way as to minimize the interception of communications not otherwise subject to interception under this chapter, and must terminate upon attainment of the authorized objective, or in any event in thirty days.”

The same paragraph, however, holds that “In the event the intercepted communication is in a code or foreign language, and an expert in that foreign language or code is not reasonably available during the interception period, minimization may be accomplished as soon as practicable after such interception.”

Downing cited the same statutory language in arguing that the DOJ’s full pipe surveillance does not violate the law, as digital communications are a form of “foreign language or code,” and therefore agents are allowed to archive raw data to be analyzed in detail later.

According to News.com, Downing also stressed that he wasn’t speaking on behalf of the DOJ in making that argument.

Bankston disagreed strongly with Downing’s interpretation of the federal wiretap statute, telling News.com that the FBI is “collecting and apparently storing indefinitely the communications of thousands – if not hundreds of thousands – of innocent Americans in violation of the Wiretap Act and the 4th Amendment to the Constitution.”

Professor Ohm, the former DOJ attorney, echoed Bankston’s concerns, if somewhat less emphatically.

“The question that’s interesting, although I don’t know whether it’s so clear, is whether this is illegal, whether it’s constitutional,” Ohm said.

Downing said indicated that those doubting the legality and constitutionality should consider the intent of Congress by looking at the legislative history of the Wiretap Act.

“Take a look at the legislative history from the mid ‘90s,” Downing said. “It’s pretty clear from that that Congress very much intended it to apply to electronic types of wiretapping.”

Ohm isn’t so sure about that, either.

“Is Congress even aware they’re doing this?” Ohm asked. “I don’t know the answers.”