Documents obtained by the Electronic Frontier Foundation in a Freedom of Information Act request show the FBI has used, since at least 2001, special spyware to track suspects’ actions online.
The documents highlight software called Computer and Internet Protocol Address Verifier (CIPAV) which allows federal authorities to collect details about a user every time they use the Internet. The FBI collected IP addresses, MAC addresses, open communication ports, lists of programs running, URLs visited, and much more.
If remains unclear how the FBI places the spyware onto a suspect’s computer. It is however believed they use computer and Internet vulnerabilities such as viruses to plant the software.
According to the documents the FBI has routinely used the software both in domestic criminal and foreign investigations.
The US Air Force, Naval Criminal Investigative Service, Joint Task Force-Global Network Operations, foreign governments and others are all interested in utilizing the program.
This revelation comes after the FBI recently asked the US Congress to make it easier for them to wiretap and access the personal communications of others. The bureau requested the House Judiciary Subcommittee on Crime, Terrorism and Homeland Security alter the Communications Assistance to Law Enforcement Act in their favor.
The act already requires telecommunications companies to design and build their systems to ensure law enforcement officials can monitor any telephone or communications line whenever they deem necessary.
The FBI wants Congress to require online companies to do the same by forcing them to re-engineer their technology and software to make it easier for the FBI to drop in.
"These documents show the FBI already has numerous tools available to surveil suspects directly, rather than through each of their communications service providers," Jennifer Lynch from the Electronic Frontier Foundation told RawStory. "A device that remains 'persistent' on a 'compromised computer' is certainly concerning. However, if the FBI obtains a probable cause-based court order before installing tools like CIPAV, complies with the minimization requirements in federal wiretapping law by limiting the time and scope of surveillance, and removes the device once surveillance concludes, the use of these types of targeted tools for Internet surveillance would be a much more narrowly tailored solution to the FBI’s purported problems than the proposal to undermine every Internet user's privacy and security by expanding CALEA."