Hearing that the alleged Raj Rajaratnam-led insider trading ring was detected using wiretaps and that the U.S. attorney for Manhattan, Preet Bharara, plans to employ the same kind of electronic surveillance for future Wall Street investigations, we were momentarily seized with the geeky desire to know how these wiretaps are performed. Are agents sneaking into offices and homes in the middle of the night to bug phones?
The answer is both more mundane and more alarming. Prosecutors are using the FBI’s massive surveillance system, DCSNet, which stands for Digital Collection System Network. According to Wired magazine, this system connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It can be used to instantly wiretap almost any communications device in the U.S. — wireless or tethered. In other words, you and I have no privacy. The government can listen in on any call made in the continental U.S., although warrants are required.
Another government entity, the NSA, monitors essentially all electronic communications (including telephone and internet) carried on the OC-768 fiber backbone, according to Mark McCutcheon, software security architect at SecurEval Software Security Consulting. “There is zero effective oversight or control over who and what they surveil, least of all by the
judicial system,” McCutcheon says. “It’s orders of magnitude more fearsome than DCSNet.” As the Electronic Frontier Foundation, a civil liberties union for the digital world, puts it, “The U.S. government, with assistance from major telecommunications carriers including AT&T, has engaged in a massive program of illegal dragnet surveillance of domestic communications and communications records of millions of ordinary Americans since at least 2001.” The group has been trying to sue telecommunications providers such as AT&T for their participation in such “illegal surveillance” for several years.
The FBI’s DCSNet is sophisticated and expensive (one client alone is reported to cost $10 million). “It allows instant access to all cellphone, landline, SMS communications anywhere in the U.S. from a point-and-click interface,” Wikipedia says. “It is impervious to external attacks, as it runs on Sprint’s ‘Peerless IP network,’ run on a fiber-optic backbone separate from the internet…
“It is composed of at least three classified software components that run on the Windows operating system — DCS3000, DCS5000, DCS6000. The DCS3000 collects information associated with dialed and incoming numbers like traditional trap-and-trace and pen registers. The DCS5000 is a system used by the FBI unit responsible for counter-intelligence to target spies and terrorists with wiretaps [this is now being used on hedge fund managers and other Wall Street players]. The DCS6000 captures the content of phone calls and text messages for analysis.
“DCSNet has the capability to record, review and playback intercepted material in real-time. This real-time intelligence data intercept can be streamed out to mobile surveillance vans. Furthermore, with this system the FBI can track the rough location of targets in real-time using triangulation techniques and cell site information.”
The system is pervasive and hard to circumvent. Hedge fund managers have been quoted saying they will use less phone and email communication — the case against Bear Stearns hedge fund managers Matthew Tannin and Ralph Cioffi is built on email correspondence obtained through Google — and instead will communicate more over lunch.
In an interesting side note, a federal judge ruled yesterday that jurors in the Bear Stearns case (in which Cioffi and Tannin are accused of making their portfolios sound much healthier than they were) will not be permitted to hear about one email, in which Tannin wrote, “I became very worried very quickly. Credit is only deteriorating. I was worried that this would all end badly and that I would have to look for work.”
Judge Frederic Block ruled that the government’s search warrant filed with Google to obtain access to the e-mail was unconstitutionally broad and “did not comply with the Warrants Clause of the Fourth Amendment.”