by Mike Masnick
Mon, Jul 25th 2011 6:42am
by Mike Masnick
Tue, Jun 14th 2011 2:38pm
from the no,-that-won't-be-abused-at-all dept
Under current rules, agents must open such an inquiry before they can search for information about a person in a commercial or law enforcement database. Under the new rules, agents will be allowed to search such databases without making a record about their decision.We've seen over and over and over again, when people have access to giant databases of info (especially in the government) without clear tracking or oversight, that data gets abused. Allowing FBI agents to search willy nilly is a recipe for widespread abuse.
by Mike Masnick
Thu, May 26th 2011 8:20am
from the this-is-a-problem dept
In an interview with Wired, Wyden makes the point clear:
“We’re getting to a gap between what the public thinks the law says and what the American government secretly thinks the law says."He notes that he has no problem with keeping the techniques the feds use secret, but the interpretation should be public, and that's what their amendment is about.
And it's not just the public that's having the wool pulled over their eyes. Wyden and Udall are pointing out that the very members of Congress, who are voting to extend these provisions, do not know how the feds are interpreting them:
As members of the Senate Intelligence Committee we have been provided with the executive branch's classified interpretation of those provisions and can tell you that we believe there is a significant discrepancy between what most people - including many Members of Congress - think the Patriot Act allows the government to do and what government officials secretly believe the Patriot Act allows them to do.In the understatement of the year, Wyden and Udall state "this is not acceptable." I think it goes beyond unacceptable. It's downright scary. That Congress is about to rubberstamp the extension of the law when they think it says one thing, while the feds pretend it says something entirely different, is a travesty.
Legal scholars, law professors, advocacy groups, and the Congressional Research Service have all written interpretations of the Patriot Act and Americans can read any of these interpretations and decide whether they support or agree with them. But by far the most important interpretation of what the law means is the official interpretation used by the U.S. government and this interpretation is - stunningly -classified.
What does this mean? It means that Congress and the public are prevented from having an informed, open debate on the Patriot Act because the official meaning of the law itself is secret. Most members of Congress have not even seen the secret legal interpretations that the executive branch is currently relying on and do not have any staff who are cleared to read them. Even if these members come down to the Intelligence Committee and read these interpretations themselves, they cannot openly debate them on the floor without violating classification rules.
by Mike Masnick
Thu, May 19th 2011 2:25pm
Congress Just Sold You Out: Leadership Plans To Extend Patriot Act For Four Years With NO Concessions
from the oh-come-on dept
The deal between Senate Majority Leader Harry Reid and House Speaker John Boehner calls for a vote before May 27, when parts of the current act expire, according to officials in both parties who spoke on condition of anonymity. The idea is to pass the extension with as little debate as possible to avoid a protracted and familiar argument over the expanded power the law gives to the government.So, let's see. The government grants itself the power to abuse the 4th Amendment and spy on people with little oversight, and it would prefer that there not be any debate over this, because pesky people might raise the fact that this is wide open for abuse, and the senators don't want to have to talk about that.
by Mike Masnick
Mon, Feb 14th 2011 6:35pm
from the civil-liberties? dept
But, really, we should be asking why these provisions are being extended at all. The reason for allowing them in the original Patriot Act was that they were "needed" in the immediate aftermath of terrorist attacks. But they were put forth with clear sunset provisions, recognizing that those three provisions should not be the norm. Over the years, there has been tremendous evidence of abuse of the Patriot Act, well beyond its intended purposes, so at the very least, there should be much greater oversight. But, even worse, when these provisions were extended last year, the excuse for extending them was that there wasn't enough time to debate the provisions. So the one year extension was supposed to be for the purpose of debate. Yet no debate happened. Hell, no discussion happened. Instead, everyone waited, and when the deadline came, they just agreed to push the deadline out further (and Grassley's plan is to push it out forever).
Shouldn't we be asking why there's been no public discussion or debate on the need for these provisions? To date, the extent of the "discussion" has been to have various thinktanks make statements in support of these provisions that are either misleading or flat-out false. Don't the American people deserve better?
In the meantime, if you'd like to see if your elected representative voted in favor of the extension, you can see the roll call tally of all the votes. I'm happy to see my Rep. voted against it (after abstaining last round).
by Mike Masnick
Fri, Dec 3rd 2010 3:15pm
from the feeling-safer? dept
Separately, a Freedom of Information request by Chris Soghoian has turned up how the feds now regularly are tracking real-time info such as credit card transactions (as you make them) without first getting a court order. Apparently, the Justice Department is allowing agents to write their own subpoenas, and the only role a judge plays is in ordering that the surveillance not be disclosed. Once that happens, credit card companies, mobile operators, rental car companies and even retail stores with loyalty cards end up giving the government a direct, real-time feed. So, yes, the government may know about that giant bag of nacho chips you bought at Costco before you even make it home. Obviously, there may be good reasons for the government to want real-time info on certain people that they're watching but doesn't it seem a bit strange to avoid having to go to a judge and proving probable cause before being allowed to get that kind of info?
by Mike Masnick
Wed, Sep 22nd 2010 1:30pm
from the accuse-away! dept
"Rights holders have been authorized in June to collect IP addresses on P2P networks, by recruiting the services of the French company TMG. It will monitor P2P networks, store the IP addresses it believes illegally shares copyrighted works, and their rights holder customers will forward the ones they want to the French HADOPI.Read that bold part carefully. What this is saying is that despite the fact that you can be kicked off the internet based solely on accusations, not convictions, and despite all of the problems with false accusations and the fact that an IP address alone does not accurately identify an individual, and despite the fact that the massive number of notices being sent out mean that there will surely be false positives, the only people reviewing these notices to make sure they're accurate will be employed by the agent hired by the copyright holders themselves. Due process? It's dead.
Early this week, an internal report by the CNIL was leaked. The CNIL is the Privacy Commissioner in France. It is the Commission which has allowed rights holders to use the TMG services and collect IP addresses.
The report says that "due to the high number of expected cases (25 000 a day at first, then 150 000 a day), it is impossible for the [right holders' agents] to check the [infringement] reports one by one. Nonetheless, the system does not have particular control procedures, for instance by sampling, which would allow an agent to detect anomalies in a collection session".
It says that "the actions of the Hadopi will be limited to accepting or denying the transmitted findings, without the ability to check them. The first steps of the "three strikes" process will therefore lay only upon the collection operated by the TMG system".
Despite these concerns, the CNIL did authorize the right holders to collect the IP addresses, and did not oppose the 3 strikes process by the Hadopi.
by Mike Masnick
Thu, Jul 29th 2010 2:31pm
White House Seeks Easier FBI Access To Internet Records, Blocks Oversight Attempt... Just As FBI Caught Cheating On Exam To Stop Abuse
from the feel-safer? dept
And, it appears that since there was no outrage over all of this, the White House keeps pushing further. Three new articles highlight what a travesty this has become. First, the White House wants to quietly make it easier for the FBI to demand internet log file information without a judge's approval." Just as I finished reading that, I saw Julian Sanchez's new writeup about how the White House blocked and killed a proposal to give the GAO power to review US intelligence agencies. The GAO is the one government operation that seems to actually focus on doing what's right, rather than what's politically expedient. Sanchez notes that, beyond the sterling reputation of the GAO, it's also ready, willing and able to handle this kind of oversight:
The GAO has the capacity Congress lacks: as of last year, the office had 199 staffers cleared at the top-secret level, with 96 holding still more rarefied "sensitive compartmented information" clearances. And those cleared staff have a proven record of working to oversee highly classified Defense Department programs without generating leaks. Gen. Clapper, the prospective DNI, has testified that the GAO "held our feet to the fire" at the Pentagon with thorough analysis and constructive criticism.Oh, and just to make this all more comically depressing, just as I finished reading both of these stories, I saw a story about a new investigation into reports that FBI agents were caught cheating on an exam, which was designed to get them to stop abusing surveillance tools. Yes, you read that right. After all the reports of abuse of surveillance tools, the FBI set up a series of tests to train FBI agents how to properly go about surveillance without breaking the law... and a bunch of FBI agents allegedly cheated on the test that's supposed to stop them from "cheating" on the law. And, not just a few. From the quotes, it sounds like this cheating was "widespread." But, of course, it might not matter, since the requirements for surveillance are being lowered, oversight is being blocked, and apparently the White House is willing to retroactively "legalize" any illegal surveillance anyway.
Unlike the inspectors general at the various agencies--which also do vital oversight work--the GAO is directly answerable to Congress, not to the executive branch. And while it's in a position to take a broad, pangovernmental view, the GAO also hosts analysts with highly specialized economic and management expertise the IG offices lack. Unleashing GAO would be the first step in discovering what the Post couldn't: whether the billions we're pouring into building a surveillance and national security state are really making us safer.
by Mike Masnick
Mon, Jul 19th 2010 11:48am
from the working-harder,-not-smarter dept
In all, at least 263 organizations have been created or reorganized as a response to 9/11. Each has required more people, and those people have required more administrative and logistic support: phone operators, secretaries, librarians, architects, carpenters, construction workers, air-conditioning mechanics and, because of where they work, even janitors with top-secret clearances.The article then notes that, despite the fact that ODNI is supposed to be coordinating everything "today, many officials who work in the intelligence agencies say they remain unclear about what the ODNI is in charge of."
With so many more employees, units and organizations, the lines of responsibility began to blur. To remedy this, at the recommendation of the bipartisan 9/11 Commission, the George W. Bush administration and Congress decided to create an agency in 2004 with overarching responsibilities called the Office of the Director of National Intelligence (ODNI) to bring the colossal effort under control.
While that was the idea, Washington has its own ways.
The first problem was that the law passed by Congress did not give the director clear legal or budgetary authority over intelligence matters, which meant he wouldn't have power over the individual agencies he was supposed to control.
The second problem: Even before the first director, Ambassador John D. Negroponte, was on the job, the turf battles began. The Defense Department shifted billions of dollars out of one budget and into another so that the ODNI could not touch it, according to two senior officials who watched the process. The CIA reclassified some of its most sensitive information at a higher level so the National Counterterrorism Center staff, part of the ODNI, would not be allowed to see it, said former intelligence officers involved.
So, there are turf battles with little oversight and lots of focus on status symbols, rather than actually getting stuff done:
It's not only the number of buildings that suggests the size and cost of this expansion, it's also what is inside: banks of television monitors. "Escort-required" badges. X-ray machines and lockers to store cellphones and pagers. Keypad door locks that open special rooms encased in metal or permanent dry wall, impenetrable to eavesdropping tools and protected by alarms and a security force capable of responding within 15 minutes. Every one of these buildings has at least one of these rooms, known as a SCIF, for sensitive compartmented information facility. Some are as small as a closet; others are four times the size of a football field.But is this working? Well, it doesn't sound like it. Rather than finding the ever important terrorist needles in the haystack, it sounds like they're just creating more and more haystacks:
SCIF size has become a measure of status in Top Secret America, or at least in the Washington region of it. "In D.C., everyone talks SCIF, SCIF, SCIF," said Bruce Paquin, who moved to Florida from the Washington region several years ago to start a SCIF construction business. "They've got the penis envy thing going. You can't be a big boy unless you're a three-letter agency and you have a big SCIF."
SCIFs are not the only must-have items people pay attention to. Command centers, internal television networks, video walls, armored SUVs and personal security guards have also become the bling of national security.
"You can't find a four-star general without a security detail," said one three-star general now posted in Washington after years abroad. "Fear has caused everyone to have stuff. Then comes, 'If he has one, then I have to have one.' It's become a status symbol."
In Yemen, the commandos set up a joint operations center packed with hard drives, forensic kits and communications gear. They exchanged thousands of intercepts, agent reports, photographic evidence and real-time video surveillance with dozens of top-secret organizations in the United States.As we noted earlier this year, this is why the government missed the guy who tried to blow up a plane on Christmas day. They had all the data. But there was such a backlog, they couldn't actually piece it all together.
That was the system as it was intended. But when the information reached the National Counterterrorism Center in Washington for analysis, it arrived buried within the 5,000 pieces of general terrorist-related data that are reviewed each day. Analysts had to switch from database to database, from hard drive to hard drive, from screen to screen, just to locate what might be interesting to study further.
As military operations in Yemen intensified and the chatter about a possible terrorist strike increased, the intelligence agencies ramped up their effort. The flood of information into the NCTC became a torrent.
Oh, and beyond the fact that that this "Secret America" has hired hundreds of thousands of people doing overlapping work that just makes everything more confusing, the focus on status symbols and things like SCIFs might make you wonder who's doing the actual work. You probably don't want to know:
Among the most important people inside the SCIFs are the low-paid employees carrying their lunches to work to save money. They are the analysts, the 20- and 30-year-olds making $41,000 to $65,000 a year, whose job is at the core of everything Top Secret America tries to do....So you have four star generals fighting over who has a bigger security detail, while a bunch of recent college grads with little experience produce the "analysis." Fantastic.
When hired, a typical analyst knows very little about the priority countries - Iraq, Iran, Afghanistan and Pakistan - and is not fluent in their languages. Still, the number of intelligence reports they produce on these key countries is overwhelming, say current and former intelligence officials who try to cull them every day. The ODNI doesn't know exactly how many reports are issued each year, but in the process of trying to find out, the chief of analysis discovered 60 classified analytic Web sites still in operation that were supposed to have been closed down for lack of usefulness. "Like a zombie, it keeps on living" is how one official describes the sites.
And given our recent stories about cyberwar hype, this story provides a bit more background. Cyberwar is, of course, the hot thing, so all of these different groups are all shoving each other aside to pitch themselves as cyberwar experts to get more money to garner more status symbols.
In the meantime, it's not at all clear that this deluge of information is actually making anyone safer. We've already discussed how adding more haystacks doesn't make it any easier to find the terrorist needle, but it doesn't even appear that all this "top secret" security is all that secure. In a separate story, Jim Harper points out the news of a security researcher who created a fictitious, but cute, information security woman, who used social engineering and social networking tricks to build up all sorts of connections within the security world, including top security experts, military personnel and staff at intelligence agencies and defense contractors.
Ms. Sage's connections invited her to speak at a private-sector security conference in Miami, and to review an important technical paper by a NASA researcher. Several invited her to dinner. And there were many invitations to apply for jobs.So for all this massive new security infrastructure, totally hidden from public view, it's easy to infiltrate parts of it with some cute photos of a non-existent woman. Fantastic.
"If I can ever be of assistance with job opportunities here at Lockheed Martin, don't hesitate to contact me, as I'm at your service," one executive at the company told her.
One soldier uploaded a picture of himself taken on patrol in Afghanistan containing embedded data revealing his exact location. A contractor with the NRO who connected with her had misconfigured his profile so that it revealed the answers to the security questions on his personal e-mail account.
"This person had a critical role in the intelligence community," Mr. Ryan said. "He was connected to key people in other agencies."
by Mike Masnick
Fri, Jul 16th 2010 7:30am
from the bizarro-world dept
But, it appears the editorial folks over at the NY Times have gotten confused by all of this, and are saying that the government should step in and ensure that Google's algorithm is "fair":
Still, the potential impact of Google's algorithm on the Internet economy is such that it is worth exploring ways to ensure that the editorial policy guiding Google's tweaks is solely intended to improve the quality of the results and not to help Google's other businesses.It's difficult to think of anything more ridiculous than a news publication calling for the government to step in and review the editorial guidelines of another company. So, just as the the telcos did with Google, why not flip this around, and make the same point about the NY Times. Here's my attempt:
Some early suggestions for how to accomplish this include having Google explain with some specified level of detail the editorial policy that guides its tweaks. Another would be to give some government commission the power to look at those tweaks.
The potential impact of the NY Times' coverage on the world/economy/war/etc. is such that it is worth exploring ways to ensure that the editorial policy guiding the NY Times' coverage choices is solely intended to improve the quality of the world, and not to help the NY Times' or other businesses.How would the NY Times (or pretty much any journalist) react to that? My guess is not too kindly.
Some early suggestions for how to accomplish this include having the NY Times explain with some specified level of detail the editorial policy that guides its front page choices. Another would be to give some government commission the power to look at those guidelines.
Danny Sullivan, it appears, had a similar idea and rewrote the entire NY Times article as if it were talking about the NY Times (rather than just the two paragraphs I did here). He then goes into detail on why the whole thing is bunk.
Search engines are very similar to newspapers. They have unpaid "organic" listings, where usually (though not always), a computer algorithm decides which pages should rank tops. The exact method isn't important. What's important is that those unpaid listed are the search engines' editorial content, content it has solely decided should appear based on its editorial judgment.He also points out why Google is significantly more transparent than the NY Times about its own editorial policy:
Search engine also have paid listings, advertisements, which aren't supposed to influence what happens on the editorial side of the house. We even have FTC guidelines ensuring proper labeling of ads and intended to protect against "advertorials" in search results.
It's a church-and-state divide with good search engines, just as it is with good newspapers.
What the New York Times has suggested is that the government should oversee the editorial judgment of a search engine. Suffice to say, the editorial staff of the New York Times would scream bloody murder if anyone suggested government oversight of its own editorial process. First it would yell that it has no bias, so oversight is unnecessary. Next it would yell even more loudly that the First Amendment of the US Constitution protects it from such US government interference.
Still, shouldn't Google share more about how it creates its algorithm? Compared to the New York Times, Google's a model of transparency. Consider:There's a lot more in Sullivan's piece that basically debunks pretty much every myth that people (beyond just the NY Times) are making out to be an issue about Google's "neutrality" in search. Hopefully this silly concept goes away, but I fear there are too many lobbying dollars invested in it, that folks like Sullivan are going to have plenty of opportunities to re-debunk this concept in the future.
- Google will list EVERY site that applies for "coverage" unlike the New York Times, which regularly ignores potential stories
- If Google blocks a site for violating its guidelines, it alerts many of them. The New York Times alerts no one
- Google provides an entire Google Webmaster Central area with tools and tips to encourage people to show up better in Google; the New York Times offers nothing even remotely similar
- Google constantly speaks at search marketing and other events to answer questions about how they list sites and how to improve coverage; I'm pretty sure the New York Times devotes far less effort in this area
- Google is constantly giving interviews about its algorithm, such as this one in February, along with providing regular videos about its process (here's one from April) or blogging about important changes, such as when site speed was introduced as a factor earlier this year.