Published: Sat, 25 Feb 2017 00:00:00 -0500
Last Build Date: Sat, 25 Feb 2017 13:18:24 -0500
Tue, 21 Feb 2017 13:15:00 -0500Hey, it's another "This was happening under President Barack Obama, but now everybody's freaking out about it," story. In this case, it's been established for years now by court decisions that American citizens do not have the full protection of the Fourth Amendment within 100 miles of the country's borders. Officials have for a long time, on the basis of border security, been permitted wide latitude to search travelers without warrants, even if they're United States citizens. President Donald Trump's ascendance and a new, stronger push to control border access has increased attention to this gap in our Fourth Amendment protections. A story about an attempt by the Department of Homeland Security to force a Wall Street Journal reporter to hand over her phone when disembarking from a flight got some attention on social media recently. But the story actually dates back to last July under President Barack Obama, and there was a fivefold increase in the number of border searches taking place in the year before Trump took office. But Trump's intentions to scale back immigration into the United States has drawn more attention to this abandonment of our privacy protections. Immigration officials also may be pressing to require visa applicants to hand over passwords to social media accounts so that the content may be examined. While these targets are not American citizens, we should always be concerned and extremely aware that any authorities granted to snoop on foreign targets end up eventually being used on Americans. See also: Stingray devices, fusion centers, and most of what Edward Snowden revealed. Sen. Ron Wyden (D-Ore.) has sent a letter to John Kelly, the secretary of Homeland Security, to express his concerns about Border Patrol officers attempting to get access to citizens' devices without warrants. He says he plans to introduce legislation to add some restraints to what border authorities may do: There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers. The process typically requires that the government obtain a search warrant or other court order, and then ask the service provider to turn over the user's data. If the request is overbroad, the company may seek to have the order narrowed. By requesting a traveler's credentials and then directly accessing their data, CBP would be short-circuiting the vital checks and balances that exist in our current system. In addition to violating the privacy and civil liberties of travelers, these digital dragnet border search practices weaken our national and economic security. Indiscriminate digital searches distract CBP from its core mission and needlessly divert agency resources away from those who truly threaten our nation. Likewise, if businesses fear that their data can be seized when employees cross the border, they may reduce non-essential employee international travel, or deploy technical countermeasures, like "burner" laptops and mobile devices, which some firms already use when employees visit nations like China. I intend to introduce legislation shortly that will guarantee that the Fourth Amendment is respected at the border by requiring law enforcement agencies to obtain a warrant before searching devices, and prohibiting the practice of forcing travelers to reveal their online account passwords. Whether such legislation gets anywhere at all is heavily dependent on whether Senate Republicans are willing to put themselves out there to publicly vote for restraining the executive branch's surveillance authorities. We know that Republicans in the House are willing to do so. Rep. Jason Chaffetz (R-Utah) is introducing legislation to try to restrain the widespread use of cell tower simulators by law enforcement to engage in warrantless phone surveillance. And proposed legislation to force authorities to get warrants to citizens' old private emails has overwhelming bipartisan support in the House. But it hasn't been able to get through the Senate. It's very clear that any new efforts to clo[...]
Sun, 19 Feb 2017 06:00:00 -0500
Big cities are great places if you're looking for work, stimulation, love, or a new life. But the density that fosters excitement and opportunity also erodes security and identity. Amid the crush of strangers, a single person can feel violated or insignificant. So city dwellers are quick to adopt any technology suitable for carving out personal space in public.
Before the smartphone or the hoodie, the iPod or the Walkman—even before the automobile—that technology was the umbrella. It gave its bearer space and a semblance of privacy. Like the smartphone and the music player, it also provided ample material for humorists, social critics, and arbiters of manners.
In 1891, an anonymous Chicago Daily Tribune columnist called the umbrella "worse than a Gatling." Average women, the writer declared, "have not yet learned to carry umbrellas and parasols in a manner satisfactory to the unarmed pedestrian with a selfish interest in the preservation of life and limb." These deadly weapons weren't today's spring-loaded compacts but big models along the lines of golf umbrellas. Carried at an angle under the arm, they jabbed anyone who got too close.
Even while mocking the umbrella's propensity to take out the knees and ribs of innocent pedestrians, the columnist acknowledged the device's important social functions. "Women rely upon it to get them through crowds, to make uncomfortable the possessors of smarter bonnets than their own, to shield themselves from too inquisitive eyes, and to defend themselves from insult if they happen to be belated without other escort," he wrote.
A closed umbrella made a handy walking stick or prop while standing. An open umbrella was a screen against prying eyes. Lovers used them to create intimate spaces as they walked together or reclined in parks or on beaches. When Mississippi banned shades and screens on the windows of saloons, in an effort to shame drinkers, bar patrons began shielding themselves with open umbrellas.
"A man taking a drink at a bar under an umbrella is certainly not an example of conviviality," wrote a New York Times reporter in 1892, "and a row of men at bars retiring with their respective drinks under their several umbrellas, like so many inedible fungi of enormous size, present, one would suppose, a picture of the horrors of intemperance more dismal than was ever drawn by the late and ophidian [temperance crusader] John B. Gough." A judge ruled the subterfuge illegal: An umbrella constituted a screen under the law.
The most telling attack on the umbrella came in Edward Bellamy's utopian novel Looking Backward: 1887–2000, published in 1888. A monster bestseller, it told the story of a man who awakens in the year 2000 to find Boston transformed into a paradise of collectivist planning. When it rains, a continuous waterproof canopy encloses the sidewalk, so no one needs an umbrella. The wise old man representing the author's views opines that "the difference between the age of individualism and that of concert was well characterized by the fact that, in the nineteenth century, when it rained, the people of Boston put up three hundred thousand umbrellas over as many heads, and in the twentieth century they put up one umbrella over all the heads."
Like the automobile later on, the umbrella offended those who imagined a more efficient mass system. They saw it only as a way to keep out the rain. But the umbrella served psychological purposes as well. On the crowded streets of the 19th century, it gave individuals a way to assert autonomy and control—to enjoy the public while preserving the private.
Tue, 07 Feb 2017 14:05:00 -0500Once again, legislation that would give American citizens better privacy protections for their emails has passed the House of Representatives, but we're going to have to see what happens in the Senate. The Email Privacy Act aims to correct a flaw in federal Electronic Communications Privacy Act of 1986. Passed in the relatively early days of home computer use, it established a policy that private electronic communications held by third parties that were more than 180 days old could be accessed by law enforcement and government investigators without the need for a warrant. A subpoena delivered to the communication provider was enough. A law this old obviously preceded the arrival and dominance of private email communications, and tech privacy activists and tech companies have been pushing for reform. The way the system stands now can result in people having their old private communications searched and read by authorities without the citizen's knowledge. The Email Privacy Act fixes some of these problems, though it doesn't fully resolve the controversy Under the act, officials will need to get actual warrants to access emails and online communications, which provides at least a little more judicial oversight. But the warrants are to the providers, not to the actual people who wrote and sent the communications. It will be up to companies to decide whether to pass along the news of the warrant to customers. Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, says that this is a flaw with the legislation. The original version of the bill required that government provide notice. Without that rule, the third-party provider can resist the warrant if they choose to, but the actual customer probably might not even know. "If you don't have notice, you really can't effectively [challenge the warrant]," Singh Guliani said. The bill does permit third-party providers to let customers know about the administration of warrants, but also allows for the government to delay this information for 180 days under a handful of exceptions—if the target is a flight risk or may destroy evidence or otherwise compromise the investigation. And while some major tech and communication companies have fought back against orders to pass along data or to keep searches secret, Singh Guliani says we shouldn't have to be "reliant on the business practices of providers that can change over time to make sure people get the full protection of the Fourth Amendment." Still, the compromise bill is better than the current rules. No representative voted against it last session of Congress, and it passed again yesterday by a voice vote. But while the bill enjoys popular bipartisan support in the House, the last attempt to get it passed hit disaster in the Senate. Senators attempted to meddle with the wording of the bill to weaken it or add other unrelated regulations. Sen. John Cornyn (R-Texas) attempted to add an amendment to expand the surveillance reach of secretive National Security Letters. Sponsoring senators ended up yanking the legislation from consideration. The Senate sponsors last session were Mike Lee (R-Utah) and Patrick Leahy (D-Vermont). A representative from Sen. Lee's office said that he intends to co-sponsor the Senate version of the bill again this year, but it has not yet been introduced. This could be the first legislative test of whether increased privacy protections can make its way to and through a presidential administration openly hostile to limits on any sort of investigative or law enforcement authority (as we saw earlier today). President Donald Trump is hardly alone and he's not responsible for its previous problems, but it's nevertheless legislation that should not be struggling at all. And a little bit of self-promotion: I'll be leading a panel discussion on the Fourth Amendment, tech privacy, and Congressional lawmaking in this March's South by Southwest (SXSW) conference. Singh Guliani will be one of our panelists. Check out the details here if you f[...]
Thu, 26 Jan 2017 04:00:00 -0500
(image) The California Department of Justice gave a Southern California Public Radio reporter the personal information of 3,424 firearms instructors, including their dates of birth and driver's license numbers. The information was supposed to be redacted when the department responded to an open records request from the reporter. The department discovered the error two months later.
Tue, 24 Jan 2017 17:20:00 -0500
(image) Email service provider Lavabit famously (in tech security circles anyway) shut its doors and turned itself off back in 2013. Its owner, Ladar Levison, explained that he was doing so to keep from having to comply with federal government orders to hand over the encryption key that would give the feds access to the contents of emails by domestic surveillance whistleblower Edward Snowden.
Now, as a new administration takes control of the White House, Levison and Lavabit are returning. Lavabit is relaunching its services, now that Levison has worked to make it even harder for the federal government to attempt to gain access to emails sent by its users. On his announcement, timed to launch with Donald Trump's inauguration, Levison explained that he had developed an end-to-end encryption system that would minimize the ability to for outsiders to access users info, once it's all fully implemented.
Kim Zetter over at The Intercept has more details directly from Lavabit:
With the new architecture, Lavabit will no longer be able to hand over its SSL key, because the key is now stored in a hardware security module — a tamper-resistant device that provides a secure enclave for storing keys and performing sensitive functions, like encryption and decryption. Lavabit generates a long passphrase blindly so the company doesn't know what it is; Lavabit then inserts the key into the device and destroys the passphrase.
"Once it's in there we cannot pull that SSL key back out," says Sean, a Lavabit developer who asked to be identified only by his first name. (Many of Lavabit's coders and engineers are volunteers who work for employers who might not like them helping build a system that thwarts government surveillance.)
If anyone does try to extract the key, it will trigger a mechanism that causes the key to self-destruct.
The hardware security module is a temporary solution, however, until end-to-end encryption is available, which will encrypt email on the user's device and make the SSL encryption less critical.
The site is for Lavabit is active, and for those who want to subscribe, the price currently ranges from $15 to $30 annually depending on storage limits. And they accept bitcoins!
Reason TV has previously interviewed Levison about the importance of encryption in protecting liberty and privacy (and warnings about those who simply use vague encryption and security claims for marketing purposes). Watch below:
src="https://www.youtube.com/embed/OhiTL4W5VMg" allowfullscreen="allowfullscreen" width="560" height="340" frameborder="0">
Tue, 24 Jan 2017 08:00:00 -0500Should the Internal Revenue Service (IRS) have authority to make financial-services companies turn over millions of customer records when they suspect a handful of customers could be evading taxes? Most people would respond with an emphatic no, yet this is exactly what the IRS is attempting to do with Coinbase, one of the most popular cryptocurrency service providers. And if the IRS prevails in this privacy-violating crusade against cryptocurrency users, it could have big implications for the future of everyone's digital privacy. In November, the IRS initiated a "John Doe" summons against Coinbase to secure information on suspected tax cheats that use the service. But rather than tailor a subpoena to a narrow group of likely tax-evaders, the IRS instead requested all transaction records between 2013 and 2015—an alarmingly broad net that casts Coinbase customers as possibly guilty until proven innocent. In early December, a federal judge in San Francisco approved federal tax collector's request, which Coinbase is now fighting in court as too broad and unnecessarily punitive. Coinbase is noteworthy both as one of the earliest and most successful cryptocurrency startups, as well as a Bitcoin business that is scrupulously compliant with government regulations (sometimes to the chagrin of the more anarchist-minded Bitcoin community). In a blog post on the matter, Coinbase Chief Executive Officer Brian Armstrong writes that the company was proactive in helping its user base comply with IRS rules by building special tools and monitoring all new tax developments. This apparently was not enough to the IRS, who decided to bring out the big guns and try to scrutinize all Coinbase users as suspected criminals. This action has alarmed people in the cryptocurrency space, many of whom applauded Coinbase's expensive stand against IRS overreach. But the tax agency's mega data-grab is in many ways an inevitable outcome of the IRS's own less-than-ideal tax rules for cryptocurrency. Taxing the Blockchain The IRS was actually one of the earliest agencies to consider cryptocurrency policy, perhaps for obvious reasons. In March of 2014, the agency issued an "IRS Virtual Currency Guidance" detailing the tax requirements for cryptocurrencies. The IRS decided to treat cryptocurrencies as a kind of property, which meant that they enjoyed a lower capital gains tax rate than if they were taxed as a currency. But it also meant that cryptocurrency users would need to keep track of any price movements in between transactions for tax purposes. And what's worse, there would be no "de minimis" tax exemption for very small transactions. So the woman buying her daily cup of coffee with cryptocurrency would have to track price fluctuations as meticulously as the professional financial trader. This created a major reporting burden for casual cryptocurrency users and institutional traders alike. To remain fully compliant with IRS rules, users would need to carefully record price differentials each time that they used cryptocurrency in a transaction. And cryptocurrencies are notoriously volatile, thus adding to the complexity of the tax burden. Service providers like Coinbase and BitPay did their best to provide tools for users that would streamline their tax reporting, and standalone tax tools were developed as well. But cryptocurrency users who did not use such services would need to keep track of this web of information themselves, and even those who did use such tools might inadvertently misreport or forget tiny transactions. Ironically, this cryptocurrency tax arrangement ended up imposing significant costs on the IRS itself (as I pointed out with Coin Center executive director Jerry Brito in our Bitcoin Primer). The agency failed to set up an official enforcement or guidance office to help users navigate this confusing new area of tax law—an oversight that the agency's own inspector general criticized shortly before [...]
Mon, 23 Jan 2017 21:25:00 -0500
(image) By a Senate vote of 66 to 32, Republican Kansas Rep. Mike Pompeo has been confirmed to take over as director of the CIA.
Pompeo represents the pro-surveillance wing of the Republican Party. Though he voted in favor of the USA Freedom Act that restricted some federal intelligence agency access to massive amounts of metadata about Americans' communications, he has openly advocated for unrestricted information access and pushed just last year to open bulk data collection back up. He also, like President Donald Trump, has said that surveillance whistleblower Edward Snowden is a traitor and should be treated as such.
One Republican voted against Pompeo's nomination—Sen. Rand Paul of Kentucky. Several establishment Democrats also voted in favor of Pompeo, such as Dianne Feinstein of California, Chuck Schumer of New York, and Hillary Clinton's vice president choice Tim Kaine of Virginia. It's a useful reminder that there are a significant number of pro-security Democrats who favor federal authority to access data over the privacy of the citizenry.
Paul turned to Rare to explain his "no" vote:
In addition, many in Congress support a comprehensive, searchable database equipped with "public" data like "lifestyle" choices, an incredible invasion of privacy in some ways more intrusive than the English soldiers that invaded American households to search for any untaxed papers.
Advocates of such a database argue that it will only be searched after obtaining some type of court order.
These advocates fail to understand that our privacy and the Fourth Amendment are breached merely in the collection of our personal data. Our privacy is invaded first by the collection of private information and only secondarily by searching that databank.
The existence of the database itself is a violation of our right to privacy.
As the Trump administration takes shape it's going to be important to separate the president's attitude and skepticism toward foreign intervention and war from his attitudes toward surveillance and the methods he wants to pursue to fight the war on terror. They do not appear to be connected in any way. His focus on "law and order" may lead to a push for more domestic surveillance. And certainly there are going to be politicians (on both the left and the right!) who are going to encourage it.
Tue, 17 Jan 2017 14:10:00 -0500Well, the good news is that authoritarian former New York City Mayor Rudy Giuliani will only be serving President-Elect Donald Trump's administration as an advisor on cybersecurity issues. But it's still bad news that Giuliani is going to be connected at all. Though Giuliani has been working as a security consultant in the private sector, tech experts blasted the cybersecurity vulnerabilities of his company site, which is now no longer even accessible online. Prior to the election, I wrote extensively about how neither Trump nor Hillary Clinton had even the slightest grasp of cybersecurity. At the time I noted that it's probably too much to expect politicians of their age to know all that much. What mattered, then, is who they would be letting advise them on cybersecurity matters and what their attitudes looked like. On the positive side, Giuliani at least gives good lip service to focusing on defensive cybersecurity, as we see in this recent interview from Las Vegas. On the negative side, he sounds in this interview like somebody trying to give a lecture on a subject that he knows only through Wikipedia articles. I can't imagine anybody working within the field of tech security feeling confident in what Giuliani has to offer based on that video. The best case scenario here is Giuliani taking back ideas from the private tech sector to the federal government in terms of improving defensive protections from hacking. That would include a healthy respect for encryption and an understanding why it's exceedingly dangerous to demand that companies provide "back doors" that allow law enforcement officials to bypass security. If the government is truly devoted to protecting itself from foreign hackers it has to be willing to accept that there's no such thing as a back door only the American government can unlock. On the bad side, as data privacy advocate and contributor to The Guardian Trevor Timm notes, Trump selecting Giuliani is part of a widespread trend of government officials exhibiting the typical behavior of rewarding their connected buddies with work over better choices. Given what happened with the Demoratic National Committee, it's not even clear Clinton would be doing any better if she were in Trump's shoes: While it's amusing to make fun of Giuliani, hiring people with little or no bona fide security experience to head up cybersecurity practices in government is sadly a tried and true pastime in Washington. Instead of tapping actual computer security experts, politicians in many cases continue to put their friends or people they know in charge of a monumental problem that requires expertise beyond having many political connections or relationships with donors. The DNC's response to the hack of their emails is the perfect example. The Democrats and Republicans should have been well aware their information could be hacked by a foreign government since it happened to both Obama and John McCain in 2008. But it was only after the DNC's leaked emails started being published in the summer that the committee announced it would create a Cybersecurity Advisory Board to "ensure that the DNC's cybersecurity capabilities are best-in-class". As technologist Chris Soghoian asked at the time, "Will the DNC cyber board have experienced cybersecurity pros or just ex senior intelligence officials & politicians?" Sure enough, a day later when the lineup was announced, every person on it was either a lawyer or ex-government official – not an engineer or computer scientist among them. Then the other issue is that everybody Trump has been selecting for his administration has been emphasizing government access to data over privacy, which is a dangerous attitude when it comes to protecting cybersecurity. Former Rep. Mike Pompeo, Trump's choice to head the CIA, is a supporter of expanded government surveillance powers, as is Sen. Dan Coats, Trump's c[...]
Fri, 13 Jan 2017 12:10:00 -0500President Barack Obama's administration ending its eight-year rule by expanding the sharing of intercepted communications and data between federal agencies may feel a little bit like a final giant middle finger to the many critics of the massive, secretive surveillance state. Attorney General Loretta Lynch just signed off on changes that will increase the ability of the National Security Agency (NSA) to share some raw intercepted data with other agencies before the process of filtering out private information from people unconnected to actual targets. The snooping itself is not changing, but more people will have access earlier in the process. Specifically this is surveillance authorized by Executive Order 12333, the provisions that outline the conduct of intelligence agencies. These are rules separate from the Foreign Intelligence Surveillance Act (FISA), the PATRIOT Act, and the new USA Freedom Act. The 12333 rules are specifically intended to oversee surveillance of foreign targets and foreign countries. It has very little oversight outside of the executive branch. Because of the intelligence community's attitude of "collect everything and sort it out later," the surveillance taking place through 12333 also ends up gathering all sorts of communications and data from domestic sources. What had been happening is that the NSA would filter out anything other agencies shouldn't be getting access to and then pass the info along. Under the new rules, these other agencies will be able to search through the raw information itself but would still be required to purge unrelated communications. So the end result is not more surveillance, but more federal staffers will have greater access to the surveillance that's already happening. According to The New York Times, the NSA is aware of the increased risk of private data getting out and will grant requests that are partly based on how potentially damaging it could be if people's private data were "improperly used and disclosed." The stated purpose for this shift, which has been in the works for years and is not some abrupt final act from Obama, is to help reduce the problem of potentially important intelligence not being adequately passed between agencies in the effort to track down possible terror plots. But it clearly, obviously also could potentially lead to abuse. Patrick Toomey of the American Civil Liberties Union (a critic of the broadness of the 12333 data collection) tells The New York Times: "Rather than dramatically expanding government access to so much personal data, we need much stronger rules to protect the privacy of Americans," Mr. Toomey said. "Seventeen different government agencies shouldn't be rooting through Americans' emails with family members, friends and colleagues, all without ever obtaining a warrant." As the Times notes, though the rules severely restrict how the agencies may search data about Americans (only for the purposes of foreign intelligence investigations), it does allow the NSA to tip off the Justice Department if it stumbles across evidence of crimes. The number of people who will potentially have access to this evidence collected without a warrant will increase, and as Wired explains, there will be increased opportunities for law enforcement agencies to use the concept of "parallel construction" to attempt to secretly collected information without having to reveal it to defendants. Under "parallel construction," law enforcement agencies act upon the information they've gotten without warrants but then look for additional evidence they wouldn't have known about without the surveillance information. The "additional" evidence is what gets submitted to the courts, and they keep their mouths shut about the existence of the data or communications they've accessed without court approval. The judge and the defense don't even know ab[...]
Fri, 30 Dec 2016 12:17:00 -0500A lot of folks are understandably ready to pull the plug on 2016. But before you pop the champagne, here are five things libertarians should be nervous about in the new year. A new war on drugs. At a time when most Americans support legalization, 2017 could be bad news for those in favor of legal weed. Donald Trump has commented that legalization should be up to the states, but he's been appointing anti-marijuana lawmakers to key positions in his cabinet. The most notable of these is Senator Jeff Sessions of Alabama, who's been tapped as Attorney General. Sessions has long opposed legalization and has criticized both the Obama administration and the Department of Justice for not enforcing federal marijuana laws. The national debt. When Donald Trump is sworn into office, he'll be inheriting a debt that has nearly doubled under President Obama. In early 2017, the national debt is set to hit a staggering $20 trillion. And estimates from the Committee for a Responsible Budget say Trump's policy proposals will add another $5.3 trillion over the next four years. Attacks on Free Trade. Globalisation and free trade have lifted millions out of poverty and has raised living standards across the United States. Yet we enter 2017 with both Democrats and Republicans questioning the fundamental value of free markets, a new administration promising to inject itself into the affairs of private companies, and a president openly threatening a costly trade war with China. Fake news and free speech. Hillary Clinton called fake news an "epidemic" at a recent public event and said that the trend "can have real world consequences." Those consequences now include Facebook testing new plug-ins to limit misinformation and partnering with fact-checking groups to root out any false news items—causing fears of censorship on the popular social media platform. Expanded surveillance powers. The FBI, NSA, and CIA are most likely going to get expanded surveillance powers under a Trump administration. Some of these changes are already happening. A new rule approved this fall allows federal agents with a single search warrant to hack millions of Americans' computers or smartphones at once. And the United Kingdom just approved the Investigatory Powers bill which gives the UK's global surveillance program authorities power to create a new government database that will store the web history of every citizen in the country. Produced and written by Alexis Garcia. Music by Letter Box. Subscribe to our YouTube channel. Like us on Facebook. Follow us on Twitter.Subscribe to our podcast at iTunes.[...]
Wed, 28 Dec 2016 15:30:00 -0500
(image) New York City is getting rid of its toll booths, but it will be replacing them with more state troopers, more surveillance, and more government enforcement, and it's probably going to end up hurting the people who can afford it the least.
The state of New York and Gov. Andrew Cuomo are promoting a shift to a cashless toll road system for convenience, but seem to be downplaying some of the potential bad consequences (perhaps because it will serve the state).
While there's nothing inherently bad about an E-Z Pass system reducing the friction of drivers getting from place to place, Cuomo and New York are taking it up a notch. They're going to capture the license plates of everybody passing through crossings. One purpose is to send monthly bills to those who don't participate in the pass system. That still doesn't seem to be a problem, but then there's this: The license scanning isn't just for billing. It will check drivers' records, and New York will assign 150 state troopers to chase down those who have a history of not paying right then and there.
And they're jacking up penalties to get more money. Here's where it gets nasty, via the New York Daily News:
Also next month, new laws to crack down on toll violators will go into effect. One suspends the vehicle registration of drivers who beats tolls three times in five years. Another law hikes toll violation penalties to $100 from $50. There will be an increased State Police presence at the crossings, with the agency adding 150 troopers to the force in January.
So people who don't pay the toll risk losing the ability to drive their cars, a terrible, terrible way of policing this problem. Who is going to be more likely to be repeat offenders for not paying tolls and who is going to be more likely to be hurt by having their registration suspended? C.J. Ciaramella noted earlier in December how suspending driver's licenses in states places a very serious burden on low-income people.
It's very easy to imagine such a side effect here as well. And given that police will be monitoring all cars passing in real time, imagine the consequence of attempting to continue driving on these toll roads with a suspended registration. They'll be caught immediately. More fines! And possibly imprisonment. This may cost people their jobs, and therefore their incomes, and leave them trapped in a bad situation.
And there's no reason to believe that these spot checks are going to remain confined to toll checking, because they're also planning to implement facial recognition software for "tighter security." You'd have to be naïve to think that those 150 troopers are just going to be pulling drivers over for non-payment.
Read more here.
Wed, 28 Dec 2016 12:00:00 -0500If you are walking down a public street, should you expect people not to see you? Of course not. But suppose someone decides to follow you—and to make records noting the time and place of your movements. Is that the same thing as simply noticing you happen to be out and about? No. Most people would agree the second case differs from the first. Yet a Fairfax judge unfortunately failed to pick up on that distinction recently when he ruled in favor of the county's use of license plate readers. Fairfax's police department uses automated license plate readers that can scan 3,600 plates per minute. The county compares the plates to a hot list of stolen cars and other vehicles that might have been involved in a crime. It also stores the image of every plate, along with the date, time and location of each plate recording, for 364 days. Three years ago Virginia Attorney General Ken Cuccinelli (R) issued an opinion informing law enforcement agencies around the state that such activity is impermissible. It's one thing to use the cameras to hunt down a specific vehicle. It's another thing entirely to hoover up data about countless ordinary citizens going about their daily business, and then keep it indefinitely. The use of license-plate readers during an immediate threat to public safety is acceptable, Cuccinelli said, but their passive use during routine patrols is not, and neither is the practice of storing data from them. The need for collecting the information should be established before they are used, he wrote. Some police departments took heed of Cuccinelli's opinion. Others ignored the AG's advice completely. Fairfax was one of them. Harrison Neal, a resident whose license plate showed up in the county's database, challenged the county's policy on privacy grounds. Last month Fairfax Circuit Court judge Robert Smith issued a summary judgment in the county's favor. The Virginia Supreme Court will soon decide whether to review the matter. It certainly should. Smith's reasoning is straightforward: License plates are not personal information. Plate numbers are not listed among other forms of personal data in the state's Government Data Collection and Dissemination Act. What's more, while other forms of information listed in the act—such as Social Security numbers—refer back to an individual, "a license plate number leads directly to a motor vehicle and nothing more." Other government data can tell you who owns the vehicle, but "a license plate does not tell the researcher where the person is, what the person is doing, or anything else about the person." Well now. If that is true, then it negates the whole point of using license-plate readers. Such readers apparently would be worthless, except for once in a long while when they note the recent location of a stolen car. In cost-benefit terms, they would seem like a colossal waste, because LPRs cost around $20,000—each. The police seem to agree that license-plate readers collect personal information, too. As Arlington Police Chief Douglas Scott said in response to Cuccinelli's advisory, "if we were limited by the Attorney General's opinion, (LPRs) wouldn't be worth the investment. To simply use (them) only for a stolen-auto hit ... kind of defeats the investigative purpose and the opportunity to have something like that." Indeed. License plate readers have an "investigative purpose" precisely because they do not simply note license plates and nothing more. They also record location in time and space. And since most people usually drive their own cars, that means LPRs enable the government to track and record a person's movements. The vast majority of the time, agencies do so without any apparent justification. In one comparable case in California, more than 99 percent of the plat[...]
Tue, 27 Dec 2016 09:45:00 -0500Last week a federal appeals court ruled that requiring incoming students at a state college to surrender their urine for drug testing violates the Fourth Amendment's ban on unreasonable searches. The decision is a welcome departure from a body of case law that usually defers to the government's perception of "special needs" that supposedly justify analyzing people's bodily fluids without a warrant or any evidence that they pose a threat to public safety. Linn State Technical College, now known as the State Technical College of Missouri, started demanding incoming students' urine in 2011 because members of its advisory council thought it was a good idea, not because there was any reason to believe the school had any special drug-related safety problems. "Accidents are not common at Linn State, and the college has not attributed any accidents to student drug use," the U.S. Court of Appeals for the 8th Circuit notes in its decision upholding a federal judge's injunction against the college's drug testing program. "Linn State had no reason to believe that it had a student drug-use problem greater than any other college's." But better safe than sorry, right? Although that sort of reasoning seems to prevail more often than not in drug testing cases, the 8th Circuit ruled that a general interest in discouraging drug use does not justify suspicionless urinalysis by government agencies. The majority opinion, written by Roger Wollman and joined by eight other judges, emphasizes that Linn State's drug testing requirement applied to all students, whether or not they were enrolled in "safety-sensitive" programs such as aviation maintenance or industrial electricity. Why should a student learning design drafting have to pass a drug test, Wollman wonders, when "the district court found that, based on Linn State's evidence, the greatest danger the program presented was 'that a student might accidentally trip and fall while navigating uneven ground during a site visit'"? The 8th Circuit says the lack of category-specific safety concerns distinguishes this case from Supreme Court decisions upholding drug testing of railway workers after accidents and people seeking U.S. Customs positions that involve carrying guns or interdicting drugs. The appeals court adds that adults attending a college with no special history of drug problems are constitutionally distinct from minors attending high schools facing a real or perceived substance abuse "crisis," a context in which the Supreme Court has approved testing of all students participating in sports or other competitive extracurricular programs. "Linn State's drug testing policy was not developed in response to any crisis," the court notes. "Most significantly, Linn State's students are not children committed to the temporary custody of the state." The two judges who dissented from the decision, by contrast, argue that a drug problem confronting society in general is enough to justify an indiscriminate drug testing program like Linn State's. C. Arlen Beam, joined by James Loken, describes the Supreme Court's rulings in this area as "generally validating the suspicionless drug testing and screening being carried on by America's government, business, service and educational institutions, saying there is no dispute, 'nor can there be doubt, that [illicit] drug abuse is one of the most serious problems confronting our society today.'" Beam cites the recent surgeon general's report on drug addiction, the Comprehensive Addiction and Recovery Act of 2016, and the large share of criminal cases in the 8th Circuit that involve drug offenses (34 percent) as evidence that Linn State faces "substantial health, safety and security problems, all of which are specifically ameliorated by th[...]
Wed, 21 Dec 2016 15:15:00 -0500Bipartisan members of an Encryption Working Group connected to the House's Judiciary and Energy and Commerce committees have put out a year-end report pushing for American policies that support and defend strong data encryption. Sure it's just a report and not an indicator of where policy might end up, but it's important in the wake of the United Kingdom passing a new surveillance bill that gives its government the authority to order tech and communication companies to provide back doors or bypasses in order to access encrypted data. The report was signed by ten members of the House, five from each party. After meeting and discussing issues and concerns with various parties over the past six months, they concluded the year with four observations. This first observation is exactly what's up in the headline: Weakening encryption harms our national interest. Even government officials within the national security community agreed: [S]takeholders from all perspectives acknowledged the importance of encryption to our personal, economic, and national security. Representatives of the national security community told the EWG [Encryption Working Group] that strong encryption is vital to the national defense and to securing vital assets, such as critical infrastructure. Civil society organizations highlighted the importance of encryption for individual privacy, freedom of speech, human rights, and protection against government intrusion at home and abroad. Private sector stakeholders—in particular, their information security officers—and members of the academic community approached the question from an engineering perspective—against a wide array of threats, foreign and domestic, encryption is one of the strongest cybersecurity tools available. The second observation was simply a reminder that encryption tools are developed internationally and that the government probably can't actually control access to it anyway. The end result could actually make the law enforcement "going dark" problem even worse: Encryption technology is free, widely available, and often open source.5 Law enforcement stakeholders acknowledged to the EWG that a Congressional mandate with respect to encryption—requiring companies to maintain exceptional access to data for law enforcement agencies, for example—would apply only to companies within the United States. The consequences for such a policy may be profound, but they are not likely to prevent bad actors from using encryption. The group's third observation is to warn that there's no "one-size fits all" solution to dealing with encryption to the extent that it presents a challenge to law enforcement and anti-terror information gathering. Without directly saying so, it's a crack at the absurdly vague legislation crafted by Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) that simply ordered tech companies to assist law enforcement in bypassing and compromising their own security whenever a judge told them to. The final observation is a bland call for cooperation between tech companies and law enforcement. They do notice that part of the problem involves communication. They seem to kind of be diplomatically suggesting that law enforcement agencies think they can just demand tech companies give them information and don't understand why that doesn't work: Stakeholders from all sides were nearly unanimous in describing a significant gap in the technical knowledge and capabilities of the law enforcement community, particularly at the state and local levels. This results in a range of negative consequences that not only hinder law enforcement's ability to pursue investigations but also contribute to its tension with the technology community[...]
Tue, 20 Dec 2016 08:30:00 -0500The Russians have hacked our democracy! At least, that's been the chorus from much of the American media following anonymous reports on a secretive CIA assessment of the 2016 presidential election. Even President Obama has started to beat the drums of "cyberwar," announcing last Friday that the U.S. must "take action" against the Russian government for "impacting the integrity of our elections." This is some tough talk given the very tenuous evidence offered so far about Russia's alleged influence. Obviously, it is crucial that America maintain a fair electoral process—flawed though "democracy" may be—and the prospect of a foreign power deliberately sabotaging this can strike a primal fear in Americans' hearts. Yet this kind of mass anxiety can also be opportunistically stoked by government operatives to further their own agendas, as history has demonstrated time and again. Responsible Americans must therefore approach claims made by unnamed intelligence officials—and the muddying media spin on them—with clear eyes and cool heads. And we must demand that these extraordinary claims be backed by appropriate evidence, lest we allow ourselves to be lead into another CIA-driven foreign fiasco. So, let's start by separating reporting from spin. What, exactly, is being claimed here? Back in October, the Obama administration publicly accused the Russian government of hacking into American political organizations in order to influence the presidential election. In early December, The Washington Post went a step further, reporting on a secret CIA assessment that Russia intervened specifically to help Donald Trump win. Citing only anonymous "officials briefed on the matter," the Post wrote that "individuals with connections to the Russian government" provided Wikileaks with the Democratic National Committee (DNC) and John Podesta emails, exposing the party's sordid underbelly to the world. The next week, another gaggle of unnamed intelligence officials would tell NBC News that the rascally Vladimir Putin personally directed the hacks. Later reports scaled back some of these claims. Reuters, for instance, cited more unnamed intelligence officials who claimed that other intelligence bodies dispute the CIA's conclusions. Russia might have hacked us, they think, but we can't know that it was specifically to help Donald Trump. Then The Washington Post rustled up yet another batch of unnamed officials, who cited an internal memo from CIA Director John Brennan claiming that FBI Director James Comey is on the same page. Neither the FBI nor the CIA has publicly commented upon such stories, and they refuse to brief congressional intelligence panels on the hacks. Meanwhile, Wikileaks Editor-in-Chief Julian Assange broke the site's longstanding prohibition against discussing sources to deny that Wikileaks received the explosive leaks from the Russian government. There are quite a few problems with the claims made by this veritable army of unnamed intelligence agents, as we'll soon discuss. And media commentators often confused the situation further with muddying rhetoric and bombastic leaps of logic. Somewhere along the way, earlier campaign paranoia that Russia could hack into voting machines morphed into the rhetorically useful but epistemologically questionable soundbite that "Russia hacked our election." Consider the Clinton supporters. Rather than doing some soul-searching about their candidate's revealed corruption and amazing tone-deafness to the concerns of the American working class, these petty partisans prefer to just blame Putin instead. Indeed, Clinton herself took to the podium to declare that the Russian president "has a personal beef" with her.[...]