Published: Wed, 18 Jan 2017 00:00:00 -0500
Last Build Date: Wed, 18 Jan 2017 08:35:56 -0500
Tue, 17 Jan 2017 14:10:00 -0500Well, the good news is that authoritarian former New York City Mayor Rudy Giuliani will only be serving President-Elect Donald Trump's administration as an advisor on cybersecurity issues. But it's still bad news that Giuliani is going to be connected at all. Though Giuliani has been working as a security consultant in the private sector, tech experts blasted the cybersecurity vulnerabilities of his company site, which is now no longer even accessible online. Prior to the election, I wrote extensively about how neither Trump nor Hillary Clinton had even the slightest grasp of cybersecurity. At the time I noted that it's probably too much to expect politicians of their age to know all that much. What mattered, then, is who they would be letting advise them on cybersecurity matters and what their attitudes looked like. On the positive side, Giuliani at least gives good lip service to focusing on defensive cybersecurity, as we see in this recent interview from Las Vegas. On the negative side, he sounds in this interview like somebody trying to give a lecture on a subject that he knows only through Wikipedia articles. I can't imagine anybody working within the field of tech security feeling confident in what Giuliani has to offer based on that video. The best case scenario here is Giuliani taking back ideas from the private tech sector to the federal government in terms of improving defensive protections from hacking. That would include a healthy respect for encryption and an understanding why it's exceedingly dangerous to demand that companies provide "back doors" that allow law enforcement officials to bypass security. If the government is truly devoted to protecting itself from foreign hackers it has to be willing to accept that there's no such thing as a back door only the American government can unlock. On the bad side, as data privacy advocate and contributor to The Guardian Trevor Timm notes, Trump selecting Giuliani is part of a widespread trend of government officials exhibiting the typical behavior of rewarding their connected buddies with work over better choices. Given what happened with the Demoratic National Committee, it's not even clear Clinton would be doing any better if she were in Trump's shoes: While it's amusing to make fun of Giuliani, hiring people with little or no bona fide security experience to head up cybersecurity practices in government is sadly a tried and true pastime in Washington. Instead of tapping actual computer security experts, politicians in many cases continue to put their friends or people they know in charge of a monumental problem that requires expertise beyond having many political connections or relationships with donors. The DNC's response to the hack of their emails is the perfect example. The Democrats and Republicans should have been well aware their information could be hacked by a foreign government since it happened to both Obama and John McCain in 2008. But it was only after the DNC's leaked emails started being published in the summer that the committee announced it would create a Cybersecurity Advisory Board to "ensure that the DNC's cybersecurity capabilities are best-in-class". As technologist Chris Soghoian asked at the time, "Will the DNC cyber board have experienced cybersecurity pros or just ex senior intelligence officials & politicians?" Sure enough, a day later when the lineup was announced, every person on it was either a lawyer or ex-government official – not an engineer or computer scientist among them. Then the other issue is that everybody Trump has been selecting for his administration has been emphasizing government access to data over privacy, which is a dangerous attitude when it comes to protecting cybersecurity. Former Rep. Mike Pompeo, Trump's choice to head the CIA, is a supporter of expanded government surveillance powers, as is Sen. Dan Coats, Trump's choice to serves as Director of National Intelligence. When the government prioritizes access over data security, it helps create the environment Giuliani warns about in his interview, one wher[...]
Fri, 13 Jan 2017 12:10:00 -0500President Barack Obama's administration ending its eight-year rule by expanding the sharing of intercepted communications and data between federal agencies may feel a little bit like a final giant middle finger to the many critics of the massive, secretive surveillance state. Attorney General Loretta Lynch just signed off on changes that will increase the ability of the National Security Agency (NSA) to share some raw intercepted data with other agencies before the process of filtering out private information from people unconnected to actual targets. The snooping itself is not changing, but more people will have access earlier in the process. Specifically this is surveillance authorized by Executive Order 12333, the provisions that outline the conduct of intelligence agencies. These are rules separate from the Foreign Intelligence Surveillance Act (FISA), the PATRIOT Act, and the new USA Freedom Act. The 12333 rules are specifically intended to oversee surveillance of foreign targets and foreign countries. It has very little oversight outside of the executive branch. Because of the intelligence community's attitude of "collect everything and sort it out later," the surveillance taking place through 12333 also ends up gathering all sorts of communications and data from domestic sources. What had been happening is that the NSA would filter out anything other agencies shouldn't be getting access to and then pass the info along. Under the new rules, these other agencies will be able to search through the raw information itself but would still be required to purge unrelated communications. So the end result is not more surveillance, but more federal staffers will have greater access to the surveillance that's already happening. According to The New York Times, the NSA is aware of the increased risk of private data getting out and will grant requests that are partly based on how potentially damaging it could be if people's private data were "improperly used and disclosed." The stated purpose for this shift, which has been in the works for years and is not some abrupt final act from Obama, is to help reduce the problem of potentially important intelligence not being adequately passed between agencies in the effort to track down possible terror plots. But it clearly, obviously also could potentially lead to abuse. Patrick Toomey of the American Civil Liberties Union (a critic of the broadness of the 12333 data collection) tells The New York Times: "Rather than dramatically expanding government access to so much personal data, we need much stronger rules to protect the privacy of Americans," Mr. Toomey said. "Seventeen different government agencies shouldn't be rooting through Americans' emails with family members, friends and colleagues, all without ever obtaining a warrant." As the Times notes, though the rules severely restrict how the agencies may search data about Americans (only for the purposes of foreign intelligence investigations), it does allow the NSA to tip off the Justice Department if it stumbles across evidence of crimes. The number of people who will potentially have access to this evidence collected without a warrant will increase, and as Wired explains, there will be increased opportunities for law enforcement agencies to use the concept of "parallel construction" to attempt to secretly collected information without having to reveal it to defendants. Under "parallel construction," law enforcement agencies act upon the information they've gotten without warrants but then look for additional evidence they wouldn't have known about without the surveillance information. The "additional" evidence is what gets submitted to the courts, and they keep their mouths shut about the existence of the data or communications they've accessed without court approval. The judge and the defense don't even know about the secret sources, and therefore cannot challenge the constitutionality of the data collection. The Electronic Frontier Foundation has been ringing the alarm about the potential misuses [...]
Fri, 30 Dec 2016 12:17:00 -0500A lot of folks are understandably ready to pull the plug on 2016. But before you pop the champagne, here are five things libertarians should be nervous about in the new year. A new war on drugs. At a time when most Americans support legalization, 2017 could be bad news for those in favor of legal weed. Donald Trump has commented that legalization should be up to the states, but he's been appointing anti-marijuana lawmakers to key positions in his cabinet. The most notable of these is Senator Jeff Sessions of Alabama, who's been tapped as Attorney General. Sessions has long opposed legalization and has criticized both the Obama administration and the Department of Justice for not enforcing federal marijuana laws. The national debt. When Donald Trump is sworn into office, he'll be inheriting a debt that has nearly doubled under President Obama. In early 2017, the national debt is set to hit a staggering $20 trillion. And estimates from the Committee for a Responsible Budget say Trump's policy proposals will add another $5.3 trillion over the next four years. Attacks on Free Trade. Globalisation and free trade have lifted millions out of poverty and has raised living standards across the United States. Yet we enter 2017 with both Democrats and Republicans questioning the fundamental value of free markets, a new administration promising to inject itself into the affairs of private companies, and a president openly threatening a costly trade war with China. Fake news and free speech. Hillary Clinton called fake news an "epidemic" at a recent public event and said that the trend "can have real world consequences." Those consequences now include Facebook testing new plug-ins to limit misinformation and partnering with fact-checking groups to root out any false news items—causing fears of censorship on the popular social media platform. Expanded surveillance powers. The FBI, NSA, and CIA are most likely going to get expanded surveillance powers under a Trump administration. Some of these changes are already happening. A new rule approved this fall allows federal agents with a single search warrant to hack millions of Americans' computers or smartphones at once. And the United Kingdom just approved the Investigatory Powers bill which gives the UK's global surveillance program authorities power to create a new government database that will store the web history of every citizen in the country. Produced and written by Alexis Garcia. Music by Letter Box. Subscribe to our YouTube channel. Like us on Facebook. Follow us on Twitter.Subscribe to our podcast at iTunes.[...]
Wed, 28 Dec 2016 15:30:00 -0500
(image) New York City is getting rid of its toll booths, but it will be replacing them with more state troopers, more surveillance, and more government enforcement, and it's probably going to end up hurting the people who can afford it the least.
The state of New York and Gov. Andrew Cuomo are promoting a shift to a cashless toll road system for convenience, but seem to be downplaying some of the potential bad consequences (perhaps because it will serve the state).
While there's nothing inherently bad about an E-Z Pass system reducing the friction of drivers getting from place to place, Cuomo and New York are taking it up a notch. They're going to capture the license plates of everybody passing through crossings. One purpose is to send monthly bills to those who don't participate in the pass system. That still doesn't seem to be a problem, but then there's this: The license scanning isn't just for billing. It will check drivers' records, and New York will assign 150 state troopers to chase down those who have a history of not paying right then and there.
And they're jacking up penalties to get more money. Here's where it gets nasty, via the New York Daily News:
Also next month, new laws to crack down on toll violators will go into effect. One suspends the vehicle registration of drivers who beats tolls three times in five years. Another law hikes toll violation penalties to $100 from $50. There will be an increased State Police presence at the crossings, with the agency adding 150 troopers to the force in January.
So people who don't pay the toll risk losing the ability to drive their cars, a terrible, terrible way of policing this problem. Who is going to be more likely to be repeat offenders for not paying tolls and who is going to be more likely to be hurt by having their registration suspended? C.J. Ciaramella noted earlier in December how suspending driver's licenses in states places a very serious burden on low-income people.
It's very easy to imagine such a side effect here as well. And given that police will be monitoring all cars passing in real time, imagine the consequence of attempting to continue driving on these toll roads with a suspended registration. They'll be caught immediately. More fines! And possibly imprisonment. This may cost people their jobs, and therefore their incomes, and leave them trapped in a bad situation.
And there's no reason to believe that these spot checks are going to remain confined to toll checking, because they're also planning to implement facial recognition software for "tighter security." You'd have to be naïve to think that those 150 troopers are just going to be pulling drivers over for non-payment.
Read more here.
Wed, 28 Dec 2016 12:00:00 -0500If you are walking down a public street, should you expect people not to see you? Of course not. But suppose someone decides to follow you—and to make records noting the time and place of your movements. Is that the same thing as simply noticing you happen to be out and about? No. Most people would agree the second case differs from the first. Yet a Fairfax judge unfortunately failed to pick up on that distinction recently when he ruled in favor of the county's use of license plate readers. Fairfax's police department uses automated license plate readers that can scan 3,600 plates per minute. The county compares the plates to a hot list of stolen cars and other vehicles that might have been involved in a crime. It also stores the image of every plate, along with the date, time and location of each plate recording, for 364 days. Three years ago Virginia Attorney General Ken Cuccinelli (R) issued an opinion informing law enforcement agencies around the state that such activity is impermissible. It's one thing to use the cameras to hunt down a specific vehicle. It's another thing entirely to hoover up data about countless ordinary citizens going about their daily business, and then keep it indefinitely. The use of license-plate readers during an immediate threat to public safety is acceptable, Cuccinelli said, but their passive use during routine patrols is not, and neither is the practice of storing data from them. The need for collecting the information should be established before they are used, he wrote. Some police departments took heed of Cuccinelli's opinion. Others ignored the AG's advice completely. Fairfax was one of them. Harrison Neal, a resident whose license plate showed up in the county's database, challenged the county's policy on privacy grounds. Last month Fairfax Circuit Court judge Robert Smith issued a summary judgment in the county's favor. The Virginia Supreme Court will soon decide whether to review the matter. It certainly should. Smith's reasoning is straightforward: License plates are not personal information. Plate numbers are not listed among other forms of personal data in the state's Government Data Collection and Dissemination Act. What's more, while other forms of information listed in the act—such as Social Security numbers—refer back to an individual, "a license plate number leads directly to a motor vehicle and nothing more." Other government data can tell you who owns the vehicle, but "a license plate does not tell the researcher where the person is, what the person is doing, or anything else about the person." Well now. If that is true, then it negates the whole point of using license-plate readers. Such readers apparently would be worthless, except for once in a long while when they note the recent location of a stolen car. In cost-benefit terms, they would seem like a colossal waste, because LPRs cost around $20,000—each. The police seem to agree that license-plate readers collect personal information, too. As Arlington Police Chief Douglas Scott said in response to Cuccinelli's advisory, "if we were limited by the Attorney General's opinion, (LPRs) wouldn't be worth the investment. To simply use (them) only for a stolen-auto hit ... kind of defeats the investigative purpose and the opportunity to have something like that." Indeed. License plate readers have an "investigative purpose" precisely because they do not simply note license plates and nothing more. They also record location in time and space. And since most people usually drive their own cars, that means LPRs enable the government to track and record a person's movements. The vast majority of the time, agencies do so without any apparent justification. In one comparable case in California, more than 99 percent of the plates recorded in a database belonged to vehicles unconnected to any crime. License plate readers that provided the authorities with no personal information would be pointless, because cars don'[...]
Tue, 27 Dec 2016 09:45:00 -0500Last week a federal appeals court ruled that requiring incoming students at a state college to surrender their urine for drug testing violates the Fourth Amendment's ban on unreasonable searches. The decision is a welcome departure from a body of case law that usually defers to the government's perception of "special needs" that supposedly justify analyzing people's bodily fluids without a warrant or any evidence that they pose a threat to public safety. Linn State Technical College, now known as the State Technical College of Missouri, started demanding incoming students' urine in 2011 because members of its advisory council thought it was a good idea, not because there was any reason to believe the school had any special drug-related safety problems. "Accidents are not common at Linn State, and the college has not attributed any accidents to student drug use," the U.S. Court of Appeals for the 8th Circuit notes in its decision upholding a federal judge's injunction against the college's drug testing program. "Linn State had no reason to believe that it had a student drug-use problem greater than any other college's." But better safe than sorry, right? Although that sort of reasoning seems to prevail more often than not in drug testing cases, the 8th Circuit ruled that a general interest in discouraging drug use does not justify suspicionless urinalysis by government agencies. The majority opinion, written by Roger Wollman and joined by eight other judges, emphasizes that Linn State's drug testing requirement applied to all students, whether or not they were enrolled in "safety-sensitive" programs such as aviation maintenance or industrial electricity. Why should a student learning design drafting have to pass a drug test, Wollman wonders, when "the district court found that, based on Linn State's evidence, the greatest danger the program presented was 'that a student might accidentally trip and fall while navigating uneven ground during a site visit'"? The 8th Circuit says the lack of category-specific safety concerns distinguishes this case from Supreme Court decisions upholding drug testing of railway workers after accidents and people seeking U.S. Customs positions that involve carrying guns or interdicting drugs. The appeals court adds that adults attending a college with no special history of drug problems are constitutionally distinct from minors attending high schools facing a real or perceived substance abuse "crisis," a context in which the Supreme Court has approved testing of all students participating in sports or other competitive extracurricular programs. "Linn State's drug testing policy was not developed in response to any crisis," the court notes. "Most significantly, Linn State's students are not children committed to the temporary custody of the state." The two judges who dissented from the decision, by contrast, argue that a drug problem confronting society in general is enough to justify an indiscriminate drug testing program like Linn State's. C. Arlen Beam, joined by James Loken, describes the Supreme Court's rulings in this area as "generally validating the suspicionless drug testing and screening being carried on by America's government, business, service and educational institutions, saying there is no dispute, 'nor can there be doubt, that [illicit] drug abuse is one of the most serious problems confronting our society today.'" Beam cites the recent surgeon general's report on drug addiction, the Comprehensive Addiction and Recovery Act of 2016, and the large share of criminal cases in the 8th Circuit that involve drug offenses (34 percent) as evidence that Linn State faces "substantial health, safety and security problems, all of which are specifically ameliorated by the College's well-conceived drug-testing and screening program." Beam seems almost outraged by the American Civil Liberties Union's involvement in challenging Linn State's policy. He complains[...]
Wed, 21 Dec 2016 15:15:00 -0500Bipartisan members of an Encryption Working Group connected to the House's Judiciary and Energy and Commerce committees have put out a year-end report pushing for American policies that support and defend strong data encryption. Sure it's just a report and not an indicator of where policy might end up, but it's important in the wake of the United Kingdom passing a new surveillance bill that gives its government the authority to order tech and communication companies to provide back doors or bypasses in order to access encrypted data. The report was signed by ten members of the House, five from each party. After meeting and discussing issues and concerns with various parties over the past six months, they concluded the year with four observations. This first observation is exactly what's up in the headline: Weakening encryption harms our national interest. Even government officials within the national security community agreed: [S]takeholders from all perspectives acknowledged the importance of encryption to our personal, economic, and national security. Representatives of the national security community told the EWG [Encryption Working Group] that strong encryption is vital to the national defense and to securing vital assets, such as critical infrastructure. Civil society organizations highlighted the importance of encryption for individual privacy, freedom of speech, human rights, and protection against government intrusion at home and abroad. Private sector stakeholders—in particular, their information security officers—and members of the academic community approached the question from an engineering perspective—against a wide array of threats, foreign and domestic, encryption is one of the strongest cybersecurity tools available. The second observation was simply a reminder that encryption tools are developed internationally and that the government probably can't actually control access to it anyway. The end result could actually make the law enforcement "going dark" problem even worse: Encryption technology is free, widely available, and often open source.5 Law enforcement stakeholders acknowledged to the EWG that a Congressional mandate with respect to encryption—requiring companies to maintain exceptional access to data for law enforcement agencies, for example—would apply only to companies within the United States. The consequences for such a policy may be profound, but they are not likely to prevent bad actors from using encryption. The group's third observation is to warn that there's no "one-size fits all" solution to dealing with encryption to the extent that it presents a challenge to law enforcement and anti-terror information gathering. Without directly saying so, it's a crack at the absurdly vague legislation crafted by Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) that simply ordered tech companies to assist law enforcement in bypassing and compromising their own security whenever a judge told them to. The final observation is a bland call for cooperation between tech companies and law enforcement. They do notice that part of the problem involves communication. They seem to kind of be diplomatically suggesting that law enforcement agencies think they can just demand tech companies give them information and don't understand why that doesn't work: Stakeholders from all sides were nearly unanimous in describing a significant gap in the technical knowledge and capabilities of the law enforcement community, particularly at the state and local levels. This results in a range of negative consequences that not only hinder law enforcement's ability to pursue investigations but also contribute to its tension with the technology community. For example, from the perspective of law enforcement, routine requests for data are often challenged by the companies, unnecessarily delayed, or simply go unanswered. From the perspective o[...]
Tue, 20 Dec 2016 08:30:00 -0500The Russians have hacked our democracy! At least, that's been the chorus from much of the American media following anonymous reports on a secretive CIA assessment of the 2016 presidential election. Even President Obama has started to beat the drums of "cyberwar," announcing last Friday that the U.S. must "take action" against the Russian government for "impacting the integrity of our elections." This is some tough talk given the very tenuous evidence offered so far about Russia's alleged influence. Obviously, it is crucial that America maintain a fair electoral process—flawed though "democracy" may be—and the prospect of a foreign power deliberately sabotaging this can strike a primal fear in Americans' hearts. Yet this kind of mass anxiety can also be opportunistically stoked by government operatives to further their own agendas, as history has demonstrated time and again. Responsible Americans must therefore approach claims made by unnamed intelligence officials—and the muddying media spin on them—with clear eyes and cool heads. And we must demand that these extraordinary claims be backed by appropriate evidence, lest we allow ourselves to be lead into another CIA-driven foreign fiasco. So, let's start by separating reporting from spin. What, exactly, is being claimed here? Back in October, the Obama administration publicly accused the Russian government of hacking into American political organizations in order to influence the presidential election. In early December, The Washington Post went a step further, reporting on a secret CIA assessment that Russia intervened specifically to help Donald Trump win. Citing only anonymous "officials briefed on the matter," the Post wrote that "individuals with connections to the Russian government" provided Wikileaks with the Democratic National Committee (DNC) and John Podesta emails, exposing the party's sordid underbelly to the world. The next week, another gaggle of unnamed intelligence officials would tell NBC News that the rascally Vladimir Putin personally directed the hacks. Later reports scaled back some of these claims. Reuters, for instance, cited more unnamed intelligence officials who claimed that other intelligence bodies dispute the CIA's conclusions. Russia might have hacked us, they think, but we can't know that it was specifically to help Donald Trump. Then The Washington Post rustled up yet another batch of unnamed officials, who cited an internal memo from CIA Director John Brennan claiming that FBI Director James Comey is on the same page. Neither the FBI nor the CIA has publicly commented upon such stories, and they refuse to brief congressional intelligence panels on the hacks. Meanwhile, Wikileaks Editor-in-Chief Julian Assange broke the site's longstanding prohibition against discussing sources to deny that Wikileaks received the explosive leaks from the Russian government. There are quite a few problems with the claims made by this veritable army of unnamed intelligence agents, as we'll soon discuss. And media commentators often confused the situation further with muddying rhetoric and bombastic leaps of logic. Somewhere along the way, earlier campaign paranoia that Russia could hack into voting machines morphed into the rhetorically useful but epistemologically questionable soundbite that "Russia hacked our election." Consider the Clinton supporters. Rather than doing some soul-searching about their candidate's revealed corruption and amazing tone-deafness to the concerns of the American working class, these petty partisans prefer to just blame Putin instead. Indeed, Clinton herself took to the podium to declare that the Russian president "has a personal beef" with her. The vague assertions of the secret CIA memorandum have been repeated so assuredly and emphatically as to sometimes echo the jingoistic lead-up to the disastrous Iraq War. Keith Olbermann pro[...]
Fri, 16 Dec 2016 16:45:00 -0500
(image) Intelligence officials are preparing a report at the request of members of the U.S. House Judiciary Committee to provide an estimate of how many Americans have had their personal data snapped up by federal surveillance.
Can anybody imagine this happening before Edward Snowden revealed the evidence that our own national intelligence apparatus was collecting huge amounts of our own communications data while trying to track down suspected terrorists? And yet he's probably not going to be coming home soon, despite his role in helping correct bad privacy-destroying government policies.
How much will be released isn't quite clear based on Reuters' reporting. It's nevertheless a promising development not just for government transparency but for Congress playing its role in serving as oversight over exactly how much authority these agencies should have. And the timing matters, as some of the National Security Agency's surveillance authorities (under Section 702 of the Foreign Intelligence Surveillance Act) are up for review next year and Congress will have to act. Dustin Volz at Reuters notes:
Intelligence officials have said that data about Americans is "incidentally" collected under Section 702, due to a range of technical and practical reasons. Critics have assailed such collection as back-door surveillance of Americans without a warrant.
[Director of National Intelligence James] Clapper, who is stepping down next month, suggested in April that providing an estimate of Americans surveilled under Section 702, a figure some have said could tally in the millions, might be possible, while defending the law as "a prolific producer of critical intelligence."
Clapper, we may recall, became well-known (seriously, would anybody be able to identify him prior to Snowden's leaks?) for getting caught lying to the Senate about the extent that personal data from Americans' communications was getting swept up in terrorism surveillance.
Several of the House members who signed on to this request directed to the Office of the Director of National Intelligence are also members of the relatively new Fourth Amendment Caucus, including caucus co-founders Rep. Ted Poe (R-Texas) and Rep. Zoe Lofgren (D-California). Keep an eye on them next year as they push for reforms to Section 702 to better protect Americans from secret government surveillance.
Thu, 15 Dec 2016 17:15:00 -0500
(image) There's a newish fake tradition that the parents these days are into: Elf on the Shelf. Based on a 2004 book, many kids now believe that Santa sends "scout elves" to monitor naughty and nice behavior in the days leading up to Christmas. This belief is reinforced by parents moving a stuffed elf toy around the house at night to give the impression that the shelf narc is eyes-on at all times.
In case you were wondering whether this fairy tale is preparing the next generation for life in a surveillance state, we have our answer: Meet Statie the Elf. He's a cherub-faced doll dressed up in a Massachusetts State Police uniform, the brainchild of Massachusetts State Trooper Dustin Fitch. He goes on adventures around the city, as chronicled on Facebook and Twitter.
And his name is Statie. Statie!
"I just wanted to add a little holiday humor," Fitch told the Boston Globe. "I wanted to use an elf to humanize us....It shows how we are all just people, too, looking to enjoy the holidays with family and friends, like everyone else."
Because nothing is more humanizing than the notion of a stranger in a weird outfit who monitors your behavior from afar. I am not able to determine whether Statie is armed, but I personally would be terrified if this little dude stormed into my place during a no-knock raid, smiling like a mythological maniac. While I don't think he'd pose much of a threat to the family dog, kids with pet mice should certainly be concerned.
Apparently staties is an affectionate (?) term used by the locals for state police officers, but that doesn't make the elf's moniker any less horrifyingly on-the-nose.
This also raises a few vital, perhaps even more terrifying questions:
Sounds like Stasi :-) https://t.co/VsaDhTyor0— Salil Tripathi (@saliltripathi) December 15, 2016
Via former Reasoner Lucy Steigerwald
Tue, 13 Dec 2016 16:45:00 -0500
(image) For the first time in 2015, Americans were able to see the contents of one of the extremely secretive federal National Security Letters (NSLs). These letters from the Department of Justice have been used to obligate tech and telecom companies to provide some metadata (name, address and other info) about specific users or customers to the government.
The NSLs became a point of contention during the surveillance debate during the war on terror because of how secretive they were. Companies like Google or email providers could not reveal the existence of the letters at all. The secrecy was much broader than just concealing the information from the targets. Companies weren't even able to adequately disclose how many NSLs they'd receive. And there wasn't any timeline to indicate how long they'd have to keep the letters a secret.
Some tech companies have challenged the secrecy of the system in courts, and with the passage of the USA Freedom Act, the Department of Justice is now obligated to review the gag orders periodically and lift gags that are no longer necessary.
Today Google released the content of eight NSLs the DOJ had sent them demanding info about Gmail users. The dates of the NSLs range from 2010 to just last year. Google has redacted the actual email addresses and any information identifying specific people, but has served up the letters mostly intact. Google notes:
Our goal in doing so is to shed more light on the nature and scope of NSLs. We minimized redactions to protect privacy interests, but the content of the NSLs remain as they were when served. We are also publishing the correspondence reflecting the lifting of the nondisclosure restrictions. … In the near future, we will establish a more permanent home for these and additional materials from our Transparency Report.
Of potential interest, a single NSL may contain several user accounts the government is investigating, so even if we knew how many NSLs the government sent out, that's not the same as knowing how many different people's data they asked for.
Google's report and the letters may be viewed here. It's a small but important win for government transparency and evidence that at least some good came out of the USA Freedom Act, even if it didn't really rein in mass surveillance the many wanted it to.
Tue, 06 Dec 2016 13:50:00 -0500
(image) Las Vegas-based startup Biometrica Systems describes its business as "creating software and systems that link the physical to the digital" and vice versa, "with the intention of minimizing criminality" and "events that could lead to crime."
The company's encrypted Security & Surveillance Information Network (SSIN) is already used by law-enforcement and gaming, retail, and hospitality businesses to share real-time information about suspicious incidents and individuals. Now, the network's newest iteration will give clients "the ability to run facial recognition scans of any individual or group on their properties and match them against a law enforcement verified database of criminals numbering in the millions, including more than one million registered sex offenders"—all using a convenient mobile app. What could go wrong?
Initially focused on the casino and gaming sector, Biometrica has since expanded SSIN to serve "shopping centers, stores, malls, and movie theaters." In an explanation of Biometrica products, the company website notes that federal and state governments have been "seeing the upside of sharing data with private partners" and that has allowed Biometrica to "collect and amalgamate several different law enforcement watch-lists—local, federal, state, and international."
And this, in turn, has allowed Biometrica "to create a composite set of images of an individual and their known associates, and build a set of dynamic attributes to attach to the individual and/or group" to provide businesses with a more "holistic" way of conducting "threat identification and crime prevention."
In a show of spectacularly creepy bravado, Biometrica CEO Wyly Wade called the new SSIN "revolutionary," and not only for security and surveillance companies. "This might be the first time a private company has taken Department of Defense-developed Facial Recognition software… and attached that to mobile devices for private customer use," he said.
The facial-recognition app can also benefit "non-bank financial institutions," said Biometrica Chief Financial Officer Nigel White in a statement. "They have an imperative to fulfill Know Your Customer requirements on an everyday basis. Helping them have access to faces and backgrounders of known white-collar felons in the system, will support their KYC and Anti-Money Laundering obligations."
Wed, 30 Nov 2016 13:45:00 -0500Queen Elizabeth gave her assent to the British Investigatory Powers Bill on Tuesday, the last step needed before the massive surveillance authorization bill becomes law in 2017. A new, deeper analysis of the final law by tech experts suggests there's more to fear than simply government access to citizens' browser history. This law may ultimately put everybody's data privacy and security at risk. To refresh everybody's memory, the Investigatory Powers Bill—nicknamed by critics the "Snooper's Charter"—formally legally increases the power of the British government to engage in online surveillance, provides rules to allow for the bulk collection of citizen metadata, and the authority to hack into devices remotely. The law requires Internet Service Providers to store information about users' browser history for a year and hand over this information to government officials when provided a warrant. Essentially the law formalizes some secretive surveillance methods already being used by government that were exposed by Edward Snowden, but it also provides for some judicial oversight. While the law is being sold as a way to keep the United Kingdom "safe" and to fight terrorism, the reality is that a whole host of government agencies who have nothing to do with national defense will also have access to this information. These are agencies that investigate fraud and deal with taxation and licensing issues. It is abundantly clear to anybody familiar with the law that it is designed and intended to be used to investigate domestic crime, not just terrorism. But there's more. Privacy advocates and tech companies had been fighting with the British government over the crafting of the law, particularly about the inclusion of mandates for encryption "back doors" so that government officials would not be stymied in their surveillance efforts. While the new law doesn't officially mandate encryption back doors, U.K.-based tech media site The Register scoured the 300-page law and discovered buried deep within something just as bad. Government leaders will be able to give a company what they're calling a "technical capability notice" that can impose obligations and changes upon the products (software, apps, whatever) that may demand "removal by a relevant operator of electronic protection applied by or on behalf of that operator to any communications or data." That is to say: The law doesn't mandate encryption back doors outright, but it gives the government the authority to demand that specific companies remove the encryption protecting data. That means the British government expects that all of these companies will have the capacity to break their own encryption on the demand. So in reality, the law does mandate encryption bypasses and back doors for communication tools, but it's allowing the companies to maintain control over the "keys." If this sounds familiar to Americans, this line of the law has the same impact as the widely mocked terrible legislation proposed by Sens. Diane Feinstein (D-Calif.) and Richard Burr (R-N.C.) in the spring. In response to Apple's refusal to help the FBI decrypt the iPhone that was in the possession of one of the San Bernardino terrorists, the senators crafted the technologically illiterate "Compliance with Court Orders Act of 2016." Like the text of the British law, it doesn't order tech companies to create back doors for the government to bypass encryption, but it does require that the tech companies themselves bypass their own encryption when given a court order to do so. What's the big deal? There is a simple truth that everybody who works within the tech industry or writes about technology understands that many government officials are either choosing to ignore or unwilling to a[...]
Mon, 28 Nov 2016 12:45:00 -0500The United Kingdom's Gangmasters and Labour Abuse Authority is not part of an agency tasked with fighting terrorism. They are a licensing body monitoring labor rules in the U.K.'s agriculture industries. Nevertheless, under a new mass surveillance law, high-ranking officials of this agency will have as much access to the private Internet information of British citizens as agencies that actually are tasked with fighting terrorism. This will be the outcome of the passage of the Investigatory Powers Act, also known as the Snooper's Charter. It has passed both houses of the British Parliament and will become law in 2017 if approved by the queen. The Investigatory Powers Act makes the surveillance authorized by America's PATRIOT Act look remarkably tame in comparison. The law requires Internet Service Providers to keep all metadata and web browsing history of users for 12 months. And it allows top officials of dozens of government agencies to demand access to this information, not to fight terrorism, but any sort of crime. The list of agencies granted access included in Schedule 4 of the 300+-page law includes several government bodies whose job it is to fight various forms of fraud or general crimes. It contains rules on how to get warrants to access confidential information stored by journalists and to try to track down a journalist's sources. It, of course, creates special protections for members of Parliament to provide extra requirements before snooping on them. This is not a law about fighting terrorism. This is a law that completely destroys citizens' online privacy for the benefit of any sort of governmental investigation to solve domestic crimes. Edward Snowden called it "the most extreme surveillance in the history of Western democracy." This was a pet project of new Prime Minister Theresa May, and I've previously noted that she is absolutely awful on surveillance and privacy, going so far as to think that snooping on private communications is an acceptable way to fight "cyberbullying." People are now petitioning to try to force the House of Commons to reconsider the legislation. At the same time this domestic surveillance law is being passed, the U.K. is also considering a bill adding additional restrictions to the availability of online pornography. The law's stated purpose is to demand age checks to access porn sites, but a clause would potentially ban portrayal of certain types of "non-traditional" sex acts, meaning the kinky stuff, like spanking, female ejaculation, and anything that looks non-consensual (even though it's just role-playing). It doesn't take a brain surgeon to see the very, very bad ways that these two laws could intersect. Ron Bailey previously noted how Russia is using surveillance laws like those in the U.K. and the United States as models for their own. The Investigatory Powers Act is an autocrat's wet dream. Laws exactly like this one will be used in other countries to snoop and crack down on dissenters and protesters, and the United Kingdom will hardly be in a position to criticize. And if President-Elect Donald Trump's choice to head the CIA—Rep. Mike Pompeo—is an indicator, America may be following in England's footsteps.[...]
Wed, 23 Nov 2016 13:20:00 -0500
(image) A natural consequence of most Thanksgiving feasts is an incredible amount of leftover food, some of which—from congealed gravy to godawful ambrosia—is promptly tossed in the trash.
Usually, this throwing away of leftover holiday vittles warrants little attention from anyone. Not so in King County, Washington, however, where government officials have been found rummaging through residents' garbage in search of food waste.
On Monday, Q13—the local Fox affiliate—reported that a King County woman named Sandi England had come across men in an unmarked rental Penske truck digging through her garbage cans at 5:30 a.m. Suspecting identity thieves, she confronted the men only to be told they were working for the county on a study of residents' composting habits.
A local radio program called the Dori Monson Show reported that another woman had caught men with flashlights cataloging her household's refuse in the middle of the night as well.
This state-sanctioned dumpster diving is apparently all part of an 18-month-long Residential Cart Tagging Project. Started in November of last year, the study aims to get a more accurate picture of how much food waste is going into people's trash cans.
The idea is to encourage more of that waste to go into "yard waste" carts instead, says Jeff Gaisford, a recycling and environmental services manager with King County Solid Waste. According to Gaisford, his department has been leaving informational tags on the trash cans of its involuntary study participants reminding them of proper food waste disposal practices. The follow-up "surveys" are intended to measure whether these tags are working to encourage people to put said waste in the right bins.
People weren't informed about the unsolicited site visits, he added, because King County does not want them to change their behavior in response to being part of the study.
As weird, creepy, and likely pointless as all this is, it's actually not the first time the area has experienced curb-side privacy violations.
The city of Seattle—which sits in King County—was rebuked earlier this year when a judge found that a similar program to measure how much recyclable material was being thrown in the trash was unconstitutional. That ruling rested on the fact that Seattle was looking to level fines on those who failed to properly sort their recyclable high-density polyethylene from their non-recyclable polypropylene. As the county is not looking to hand out fines to callous food wasters, its program probably won't suffer a similar fate.
Fines or no, though, the Residential Cart Tagging Project has rankled more than a few people. Drew Barth of the Dori Monson Show voiced some rather libertarian sentiments, for example, when he called the whole thing "idiotic" and a waste of taxpayer money. "I should have the freedom to throw away whatever I want," he said.