The FBI has denied a claim by AntiSec that a list of Apple IOS UDIDs (unique device identifiers) the hacker group published came from one of its computers. The U.S.'s top law enforcement agency said there was no evidence indicating the FBI had either sought or obtained such information, let alone that one of its computers had been compromised.
Over the holiday weekend (in the U.S.), AntiSec published a list of more than one million UDIDs that it said came from, "a Dell Vostro notebook used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team."
The list contained, "Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc."
AntiSec said that it was publishing the data in part to raise awareness that the FBI was collecting the data in the first place, a practice that could well violate the Constitutional right to privacy in the U.S. if it was being done without due process.
Indeed, as part of the discussion about the situation, it had been suggested that the data was more likely to be from an app developer's database. The FBI erroneously seized an Instapaper server in 2011, for instance, and the data could have come from that event.
The FBI is denying the whole thing, however, and in a statement issued to AllThingsD, said:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
There is no doubt more to come on this subject.
7 Comments Leave Your Own
As you say gathering such information is more a function of the NSA than the FBI. However, the NSA just gathers information, they don’t make arrests. They could have turned the database over to the FBI who is a law enforcement agency.
Do we have a list of apps that were collecting UDIDs?
http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy
Started under Bush, continued under Obama. This position is highly naive these days.
Mr. KitsuneStudios. Long time. It’s nice to see you around.
Please note that in the article itself I specified that domestic data collections (and surveillance) were the domain of the NSA, which is in keeping with the Wikipedia entry you linked to.
Not sure if you missed that.
Actually Byran, I’m pretty sure that NSA is primarily responsible for OVERSEAS collections (mostly telephone calls), but can tap a domestic phone if it’s receiving suspect calls originating overseas, or otherwise with a warrant. Theoretically at least, they only work DOMESTICALLY to protect US Government data.
I copied this Wikipedia entry first:
“The National Security Agency (NSA) is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S. government communications and information systems,[1] which involves information security and cryptanalysis/cryptography.”
But if you go to the NSA site, it says essentially the same thing.
http://www.nsa.gov/
Of course we all know the stories about entire “private” switch rooms being installed in central offices, but how NSA is actually using them is anyone’s guess, and mine is that they’ll do what the damned well like, because they know that nothing more than the mildest rebuke is forthcoming when they exceed their charter.
[quoteThe reality is that is rather doubtful that the FBI would collect that kind of data on purpose without due process.
I’m afraid I have to agree with KitsuneStudios on this one. The FBI has a history of making appearances to follow the law while doing whatever it feels needs to be done. This goes back to the Hoover days. It’s in their DNA to collect first, to spy first, to act without due process first, then if they find something to try to build a case out of clean evidence that would stand up in court. That they even HAD this data shows that they were doing something they shouldn’t, whether they got it by illegal spying or illegal copying of data from Instapaper’s server that they should not have seized.
[quote Th]e FBI’s denial said there was no evidence indicating that it sought or obtained this data, and didn’t actually deny that it had done so
This says it all.
Ah, found the login button. Like the new page.
Bryan: Yes, I noticed. The problem is that this really isn’t a clear-cut distinction. There is nothing in the law that exempts the NSA from complying with the 4th amendment, yet their actions were barely covered by the media, the few challenges which reached the courts were dismissed, congress acted to bring the program into a more legal position, the program was defended by both Republican and Democratic presidents, and corporations protected for their role in providing the information.
Now, with all of that, if the FBI were to have access to this information, what incentive would they have not to use it?
Simply put, organizations are only as trustworthy as the level of accountability they face, and organizational accountability has gone completely out of fashion in the US.
Hi Bryan,
Even this artist knows that the FBI has at least two ways to collect personal data without court order. One is via NSL (National Security Letter). These are secret demand letters issued without court approval or independent oversight used to gather any data the FBI thinks is important to its investigation. It can issue this to anything from libraries to credit agencies. All it has to do is justify that the info. sought is relevant to some ongoing investigation.
The other way is for it to purchase the data, when otherwise prohibited, from any of the several domestic spy agencies such as Choicepoint, Equifax, etc. By at lest these two methods, the FBI can gather a sweeping amt. of mass data on unsuspecting, non-criminal citizens.
Oh, and another way is for it to get data from other countries, thereby sidestepping any domestic restrictions. In this scheme, countries signed on to an agreement to share data in this international spy network. I think this includes five countries (US, GB, Australia, NZ, and another one, perhaps Canada).
For all we know, and given the FBI’s bureaucratic reply, AntiSec’s revelation could have belonged to any of the above gov. and private spy agencies which does not exclude the FBI.
But this spy overlay is made more egregious by provisions in the US Patriot Act and the Congress’s demand that the various police agencies share data.
From what and others reveal, you can see that you may need to reexamine your loose generosity to the National Security State Apparatus.
Log-in to comment