In another enlightening day for American who fear government surveillance, news reports revealed that the Drug Enforcement Administration has been secretly operating a database to initiate criminal probes and that a major government contractor may be cataloging the identities of people who use a service meant to keep their Internet activities secret.
The DEA database, known as DICE, is operated by its Special Operations Division and contains one billion phone and Internet records, Reuters reported Monday.
Senior DEA officials anonymously confirmed the program to the wire service and said that all records are obtained legally through subpoenas, informants, foreign governments, legally conducted wiretaps, government agencies and other sources.
Unlike the National Security Agency program that collects the phone records of all Americans, this database reportedly does not require a warrant to query, but records passed along by other agencies must involve a non-U.S. citizens.
The DEA officials told Reuters that records are deleted after one year.
What makes the DEA database surprising is the lengths the government reportedly goes to in its effort to conceal the investigative tool. If alleged drug dealers wouldn't accept a plea, charges were sometimes dropped to prevent the program's disclosure at trial, agents told the news service.
The database's role as an investigative tool is concealed by "parallel construction" - and subsequent non-disclosure at trial - of investigations that agents are pursuing.
Defense attorneys expressed outrage about the practice of reverse-engineering cases without disclosing the impetus for investigations and Harvard Law School Professor Nancy Gertner told the news agency, "I have never heard of anything like this at all."
The DEA disclosure comes as users of the Internet anonymity service Tor reel from the massive lapse in security on the service that is popularly considered an impregnable privacy-protector.
Wired reports that on Sunday morning malware popped up on several websites hosted by the company Freedom Hosting, whose founder Eric Eoin Marques was arrested in Ireland last week for allegedly facilitating the distribution of child pornography.
The malware reportedly sends Tor users' actual identifying information to a Virginia IP address that belongs to Science Applications International Corporation. SAIC offered no comment to Wired and did not respond to a U.S. News request for comment.
The technology news publication reported that the malware appears to be "the first sample captured in the wild" of an FBI program known as CIPAV, which Wired reported on in 2007.
Mozilla, whose Firefox browser was affected by the malware, said in a Monday blog post that the vulnerability was specific to Firefox 17 users, and that it can be avoided with the current Firefox 22 browser.
The Guardian reported July 31 that the NSA's previously undisclosed XKeyscore program conveniently compiles Internet user data for warrantless searches. The report was the latest in a series of disclosures on government surveillance made possible by former Booz Allen Hamilton contractor Edward Snowden.