How'd they get the goods?
August 10, 2008 4:21 AM   Subscribe

Librarians! (I know you're out there). While reading this Washpost article, I came across the following quote: "The FBI documents based on surveillance of Ivins said he visited a public library in Frederick that evening, where he searched a Web site dedicated to the anthrax investigation and checked various e-mail accounts." How do they know that?

I remember that at one point, the Patriot Act would've had us give up info on patrons (while forbidding us from revealing that we had been contacted by the feds). I mean, in the library I worked at for 9 years our computers cleaned themselves out pretty well after each use.

So, anybody got the inside track on the Frederick, Maryland?
Is it just that the FBI is so unbelievably tech-savvy... ?
I'm being naive aren't I. I'm wasting my potential to ask a question this whole week on this...

Just curious.
posted by punkbitch to Grab Bag (27 answers total)
they probably subpoenad the server logs for the web and email sites and found that a library machine had contacted those sites at that time (in the case of the email site, probably also that particular known accounts were accessed). so it's not information from the library that is being used (except for the address(es) of their machines), but information from the sites he visited.
posted by not sure this is a good idea at 4:44 AM on August 10, 2008

Let me try and say it this way, without going into details, I work in the intelligence community and if the FBI really really needs to know or do something, let's say its not really the hardest thing to find/figure out.

Suppose the FBI were tracking the Irvins in a car and he eludes them and they can't find him - the FBI, CIA (ODA) NSA, DIA none of these agencies would really beable to track him, you know like you see in enemy of the state or some rubbish like that where they have satellites trailing them. HOWEVER, what CAN be done, is lets say the Irvins are at a KNOWN location, we can use imagery to get as close as seeing the screws on their license plate.

The FBI will handle an array of different methods for gathering intel on people, the level of which might be out side of their realm, there are things that the NSA can do that say the FBI can't or they may have much better leeway to do one thing or another.

I hope this helps, if you want to talk about this further, you can shoot me an email
posted by TeachTheDead at 4:49 AM on August 10, 2008 [4 favorites]

I can't find the link at the moment, but there was a news story a couple of days ago that talked about computers that had been seized at one of the public libraries in the area. It's possible that there was log/history info on the machines.
posted by pupdog at 4:50 AM on August 10, 2008

It's quite possible that computers at that library just aren't set up for privacy. I know it's not a concern at many of the hotels I've been at; anyone can just walk up to one of the public computers and go through the browser history.

While I'm certain that the FBI has all kinds of computer forensics expertise at this point in history, doing something like this probably isn't a demonstration of "unbelievably tech-savvy" skills.
posted by XMLicious at 5:11 AM on August 10, 2008

oh, sorry, it didn't click that this was while he was under surveillance. internet traffic is monitored within the usa. the whole justification for that is the "war on terror", so it's not surprising that the fbi would have access to that data in this case.
posted by not sure this is a good idea at 5:20 AM on August 10, 2008

Maybe this is too low-tech, but if this is based on surveillance, perhaps an FBI agent was simply looking over his shoulder?
posted by bricoleur at 5:21 AM on August 10, 2008

Most likely they did it the old fashioned way--they went to a judge and got a search warrant to review the logs. It has to be remembered that there are exactly zero absolute constitutional rights. Every right may be taken away via due process of law. This is as it should be.
posted by Ironmouth at 7:17 AM on August 10, 2008

they went to a judge and got a search warrant to review the logs

This is exactly what I was thinking. If he a know suspect under surveillance, getting a search warrant to access this information (or install some software that would do such monitoring) seems normal and reasonable to me.
posted by Nelsormensch at 8:01 AM on August 10, 2008

Most libraries use proxy servers -- transparent middlemen that carry the data back and forth between the patron and the sites that they are visiting. They are popular with libraries because you can use them to block access to certain websites and reduce traffic usage by caching. Anyways, even if the workstation is wiped clean periodically, the proxy server keeps meticulous logs of which computer requested what sites, etc.
posted by limon at 8:43 AM on August 10, 2008

i use a proxy server (squid) as a local cache, and it's explicitly configured not to log sites. same for my browser. i would have thought any library in the usa would do the same (as the original poster says).
posted by not sure this is a good idea at 8:52 AM on August 10, 2008

if this is based on surveillance, perhaps an FBI agent was simply looking over his shoulder?

Or (continuing speculation here) looking over a network admin's shoulder in real time to see what websites the suspect was visiting?
posted by gimonca at 10:22 AM on August 10, 2008

Perhaps you could stick to answering the question and not starting a flame war about constitutional rights.

I think Ironmouth was just emphasizing the degree of access that law enforcement has when assisted by court orders.

Also, it sounded to me that the original poster was describing an HD-journaling product like Deep Freeze. (Which wouldn't cause a problem for most of the surveillance methods mentioned here.)
posted by XMLicious at 10:35 AM on August 10, 2008

There's a totally decent chance the libraries aren't set up for privacy. Most libraries in the US use Internet Explorer and my guess based just on knowing a lot of librarians, is that they run on roughly default settings. As people have said above, libraries also often run on proxy servers and in some cases there are non-library entities who are actually providing the internet service and would have this information. In this case the librarian actually gave up the comptuers which is usually libraries' first and most effective defense. It would be nice if more libraries were tech savvy enough to have technlogical solutions for policy issues like this but flat out most of them don't.
posted by jessamyn at 10:39 AM on August 10, 2008 [1 favorite]

What I don't understand, though, is how they linked it to him. What many have said here—that they're "not set up for privacy" in that anyone can walk up and use them—is exactly what I'm wondering about.

There are many ways to link the computer to the website. (Browser history, possible proxy server, and then server logs if it came to it.) But what about the other half: Ivins was the one using the computer at that time?

I suppose it could be something simple, like having everyone sign in. But a lot of the public terminals I've used are freely-accessible: walk up and use 'em.
posted by fogster at 10:45 AM on August 10, 2008

Many larger libraries use some form of reservation software where you have to sign up or in using your library card. Others have sign up lists. Libraries who are concerned about privacy do everything possible to separate these reservation systems from the information that is on any given computer but for libraries that don't, it basically gives a library card number and a computer number and a time and date and it's really stupid-simple from that point.
posted by jessamyn at 11:22 AM on August 10, 2008

It is incredibly trivial to go around this. I would use either tor or, given that it is slow, set up a VPN and a rented server in a country not very friendly with the US. With something like this I have a feeling you'd get a lot of international cooperation. I can't imagine a country in the EU not cooperating in an investigation.

Really, as Internet traffic at some point will always go through a huge entity, you're always exposed to man in the middle attacks and snooping, library or not. In fact, I'm not even convinced that Tor could not be compromised given enough resources.
posted by geoff. at 11:36 AM on August 10, 2008

I would think that it could also simply be conjecture linking Ivins to some particular activity.

There's the login jessamyn mentions but also depending on surveillance measures and the design of the email services he used, a proxy logging the contents of HTTP posts, or some other network snooping program, could possibly get his email username and password. (You can potentially be exposed in the same way, BTW, when you connect your laptop to a hotel's network.)

Or if keycapture malware was installed on the computer ahead of time it would definitely get every single thing he typed. Heck, it's even possible that someone completely unrelated to the investigation could've installed malware like that, a local kid messing around or someone trying to do identity theft, and forensics guys could have found it.

(This is all assuming that the people who've suggested it was simply someone looking over his shoulder aren't correct, of course.)
posted by XMLicious at 11:48 AM on August 10, 2008

It has to be remembered that there are exactly zero absolute constitutional rights. Every right may be taken away via due process of law

Which is limited to the powers granted to our government by the Consitution, "necessary & proper", etc.
posted by yort at 12:45 PM on August 10, 2008

i think it's interesting how many different ways there are to do this:
- someone looking over shoulder
- software or hardware (eg trojan, keylogger) on the computer used
- browser cache (if the browser isn't configured to avoid this)
- proxy and filter logs (if not configured to avoid this; possibly cache contents even if no logging)
- packet monitoring of the local network
- packet monitoring by the isp/nsa
- server logs
and the association between the hardware and the person could be made by
- booking records
- forensics (fingerprints, hair, etc)
- usage patterns (eg a certain account was accessed each time he visited a library)
i think i have everything from above?
i hadn't thought about this in detail before - one thing it makes clear is that the "gloabl" snooping (the isp/nsa stuff) is superfluous for this kind of focussed investigation. it really must be used in "drift net" approach. and googling for "nsa internet" turned up this.
posted by not sure this is a good idea at 1:22 PM on August 10, 2008

Good summary. Another one I'd thought of, though it's really just another version of "looking over the shoulder", is to have a camera on the screen / keyboard. I've also heard of James-Bond-type devices that can electromagnetically sense what's being typed on a keyboard (never substantiated that, though.)

Something I find disturbing is that governments in places like Russia or China are completely unrestrained in developing the "drift net" type systems. There's the "Great Firewall of China" already; I'd like to think that it can always be outsmarted but I wonder how sophisticated it can become.
posted by XMLicious at 2:05 PM on August 10, 2008

Oh, wait! There's the even more obvious one, they simply could have asked Ivins what he did while he was at the library. That's sort of the "social engineering" option, though technically social engineering would involve tricking Ivins into telling you what he'd been doing at the library.
posted by XMLicious at 2:16 PM on August 10, 2008

At our local public library non-catalog terminals have to be logged into with the library card # and regular online records pin. With that & logs it'd be trivial. Sucks, but that's the system we have (and have had since the systems were installed in ~ 2001).
posted by devilsbrigade at 6:07 PM on August 10, 2008

Maybe it has something to do with this?

Looks like Frederick PL doesn't have good policies in place. I'm embarrassed to be a public library computer geek in the same state with them. Shame on them for turning over the PCs!
posted by QIbHom at 10:28 AM on August 11, 2008

What the heck? From QIbHom's link:

Batson said the agents made no mention of Bruce Ivins, anthrax or Fort Detrick.

But without mentioning any of that stuff, they persuaded him to give up the computers without a court order? And overriding the library's usual procedures? I can't imagine what they could have said to him. "Pretty, pretty please with a cherry on top?"
posted by XMLicious at 12:56 PM on August 11, 2008

They said "We are the Feds" and the library rolled over. This happens all the time. I don't see what is so difficult to understand here. This sort of thing is exactly why libraries who are not currently having privacy issues are encouraged to get their ducks in a row ahead of time. It's easy to acquiesce to the feds. It's hard not to. The article specifically says "after the agent described the case and the situation, he was persuaded to give them access, Batson said."
posted by jessamyn at 1:01 PM on August 11, 2008

I've never had the FBI demand computers from me (I am one of two people with access to patron information where I work), but I did have to deal with the Secret Service at my previous job. They tried the forceful thing, hit our policy, then got very polite and understanding. They did get a supoena. We told them we didn't keep that information (we didn't).

The FBI has a long history with libraries and bullying library staff. Unfortunately, we're pretty wimpy as a profession (see also, library salaries).
posted by QIbHom at 2:01 PM on August 11, 2008

I guess the thing that surprised me is that it seems the agent would've had to describe the case without giving almost any details at all - if they didn't mention Ivins, anthrax, etc. - but still have been persuasive enough to get the guy to override the "library's procedure for such requests [which] usually requires a court order" - it sounds like just on his personal cognizance?

But come to think of it, I've seen some of the sales guys I've known being able to sell hundred-thousand-dollar software system without really giving any details, so I guess I can imagine someone who's both persuasive and a Scary Federal Authority Figure getting away with alot.
posted by XMLicious at 2:19 PM on August 11, 2008

« Older You like to what, now?   |   Tell me about current NAS manufacturers and... Newer »
This thread is closed to new comments.