Data Intercept Technology Unit
|Federal Bureau of Investigation|
Badge of the Federal Bureau of Investigation
|Common name||Federal Bureau of Investigation|
|Motto||Fidelity, Bravery, Integrity|
|Formed||July 26, 1908|
|Employees||35,104 (October 31, 2014)|
|Annual budget||US$8.3 billion (FY 2014)|
|Operations jurisdiction||United States|
|Legal jurisdiction||As per operations jurisdiction|
|Governing body||U.S. Department of Justice|
|General nature||• Federal law enforcement|
J. Edgar Hoover Building|
Northwest, Washington, D.C.
|Sworn members||13,260 (October 31, 2014)|
|Unsworn members||18,306 (October 31, 2014)|
|Field offices||56 (List of FBI Field Offices)|
The Data Intercept Technology Unit (DITU, pronounced DEE-too) is a unit of the Federal Bureau of Investigation (FBI) of the United States, which is responsible for intercepting telephone calls and e-mail messages of terrorists and foreign intelligence targets inside the US. It is not known when DITU was established, but the unit already existed in 1997.
DITU is part of the FBI's Operational Technology Division (OTD), which is responsible for all technical intelligence collection, and is located at Marine Corps Base Quantico in Virginia, which is also the home of the FBI's training academy. In 2010, DITU had organized its activities into seven regions.
Interception at Internet service providers
In the late 1990s, DITU managed an FBI program codenamed Omnivore, which was established in 1997. This program was able to capture the e-mail messages of a specific target from the e-mail traffic that travelled through the network of an Internet service provider (ISP). The e-mail that was filtered out could be saved on a tape-backup drive or printed in real-time.
In 1999, Omnivore was replaced by three new tools from the DragonWare Suite: Carnivore, Packeteer and CoolMiner. Carnivore consisted of Microsoft workstations with packet-sniffing software which were physically installed at an Internet service provider (ISP) or other location where it can "sniff" traffic on a LAN segment to look for email messages in transit. Between 1998 and 2000 Carnivore was used about 25 times.
By 2005, Carnivore had been replaced by commercial software such as NarusInsight. A report in 2007 described this successor system as being located "inside an Internet provider's network at the junction point of a router or network switch" and capable of indiscriminately storing data flowing through the provider's network.
The raw data collected by these systems are decoded and put together by a tool called Packeteer and these can be viewed by using a custom made software interface called CoolMiner. FBI field offices have CoolMiner workstations that can access the collected data which are stored at the Storage Area Network (SAN) of one of the seven DITU regions.
In August 2013, CNet reported that DITU helped developing custom "port reader" software that enables the FBI to collect metadata from internet traffic in real time. This software copies the internet communications as they flow through a network and then extracts only the requested metadata. The CNet report says that the FBI is quietly pressing telecom carriers and Internet service providers to install this software onto their networks, so it can be used in cases where the carriers' own lawful interception equipment cannot fully provide the data the Bureau is looking for.
According to the FBI, the Patriot Act from 2001 authorizes the collection of internet metadata without a specific warrant, but it can also be done with a pen register and trap and trace order, for which it is only required that the results will likely be "relevant" to an investigation. A specific warrant is needed though for the interception of the content of internet communications (like e-mail bodies, chat messages and streaming voice and video) both for criminal investigations and for those under the Foreign Intelligence Surveillance Act.
Assisting NSA collection
Since the NSA set up the PRISM program in 2007, it is DITU that actually picks up the data at the various internet companies, like Facebook, Microsoft, Google and Yahoo, before passing them on to the NSA for further processing, analysing and storing.
DITU also works closely with the three biggest American telecommunications providers (AT&T, Verizon, and Sprint) to "ensure its ability to intercept the telephone and Internet communications of its domestic targets, as well as the NSA's ability to intercept electronic communications transiting through the United States on fiber-optic cables".
The latter is probably related to the NSA's collection of domestic telephony metadata, for which the FBI petitioned the Foreign Intelligence Surveillance Court to order the biggest American telecommunication carriers, like for example Verizon Business Network Services, to hand over all the call records of their customers to the NSA.
An NSA document disclosed by the Snowden leaks gives the example of DITU "working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes."
- "Frequently Asked Questions". Federal Bureau of Investigation. Retrieved 2016-09-02.
- Going for the throat: Carnivore in an Echelon World - Part I
- Internet Wiretapping – Government and Law Enforcement Use
- Shane Harris, "Meet the Spies Doing the NSA's Dirty Work", Foreign Policy, November 21, 2013
- "FBI Ditches Carnivore Surveillance System". Foxnews.com. Associated Press. 2005-01-18. Retrieved 2008-10-29.
- "FBI turns to broad new wiretap method". CNET News. January 30, 2007.
- Declan McCullagh, "FBI pressures Internet providers to install surveillance software", CNet, August 2, 2013
- Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman, and Dominic Rushe, "Microsoft handed the NSA access to encrypted messages", The Guardian, July 12, 2013