You may recall that, last fall, a Congressional investigation completely slammed Homeland Security's "Fusion Centers" -- noting that despite DHS insisting that they were critical to "fighting terrorism," the actual evidence showed that they had done nothing helpful in the fight against terrorism, but were instead chock full of wasteful (possibly fraudulent) spending... and with an added dose of civil liberties violations (just for fun).
Apparently, the Fusion Centers are trying to rehabilitate their own image, but they might want to send their officials to press training a bit more before sending them out into the wild. Reason alerts us to an interview that the director of the Arkansas State Fusion Center did with some local TV stations in which he appears to completely contradict himself -- first arguing that the Fusion Centers don't spy on Americans... and then saying they spy on "anti-government" Americans. First, there was this:
"There's misconceptions on what fusion centers are," he says. "The misconceptions are that we are conducting spying operations on US citizens, which is of course not the fact. That is absolutely not what we do."
Okay then. We've established won't you don't do. So, tell us, what do you do?
Davis says Arkansas hasn't collected much information about international plots, but they do focus on groups closer to home.
"We focus a little more on that, domestic terrorism and certain groups that are anti-government," he says. "We want to kind of take a look at that and receive that information."
Okay, hold on a second here. It would seem that his first statement is completely proven untrue by that second statement. Unless he's arguing that if someone classifies you as "anti-government" then you're no longer a US citizen, which would be a rather unique (and wrong) interpretation of the Constitution.
Elsewhere in the article, Davis defends what he does by playing the patriotism card, in which he can't actually explain what good he's doing, but just the fact that he's "doing something" after 9/11 is important.
"I do what I do because of what happened on 9/11," Davis says. "There's this urge and this feeling inside that you want to do something, and this is a perfect opportunity for me."
This line of argument is such ridiculously lazy and dangerous thinking. People who feel they need to "do something!" without caring as to what that something is or (more importantly) if it actually helps (or hurts) are not doing anyone any favors. They're just bound to cause more trouble.
Just recently, we learned that the EFF had been handed what appeared to be several pages of severe formatting errors and faulty Morse code in response to its FOIA request for the secret interpretation of the FISA spying law. There were also the "sobering findings" faux-released by the NSA, which left in only enough unredacted wording to open speculation on these "sobering findings," as well as to publicly lament the surely misguided public debate on the super-secret agency's actions. Now, the news comes to us that the FBI has handed the ACLU a stack of papers that would make any toner supplier very happy.
Two key memos outlining the Justice Department's views about when Americans can be surreptitiously tracked with GPS technology are being kept secret by the department despite a Freedom of Information Act lawsuit filed by the ACLU to force their release. The FBI’s general counsel discussed the existence of the two memos publicly last year, yet the Justice Department is refusing to release them without huge redactions.
The word "see" is obviously some sort of joke because there's absolutely nothing to "see" here, unless you consider To, From and Subject fields to be the "smoking gun." Oh, and this one paragraph that leads into 56 straight pages of black ink.
In United States v. Jones, 132 S. Ct. 945 (2012), the Supreme Court affirmed the suppression of location data generated by a GPS tracking device surreptitiously affixed to a car without court authorization and monitored continuously over a 28-day period.
Yep, that's the power of the FOIA. All the black ink (or blank pages) you could possibly want, delivered months after they're requested. The redactions on these two documents obviously goes far beyond simply protecting sensitive information that might jeopardize ongoing investigations. This is nothing more than the DOJ covering up unconstitutional practices.
The Justice Department's unfortunate decision leaves Americans with no clear understanding of when we will be subjected to tracking — possibly for months at a time — or whether the government will first get a warrant. This is yet another example of secret surveillance policies — like the Justice Department's secret opinions about the Patriot Act's Section 215 — that simply should not exist in a democratic society.
The ACLU is asking the court to order the DOJ to release these memos in full. The Fourth Amendment's reasonable expectation of privacy is undermined by these secret memos, which limit knowledge of law enforcement tracking efforts solely to the executive branch.
The implications of these withheld documents go even further than discussing GPS tracking. FBI General Counsel Andrew Weissman's explanation of the second memo ("Guidance Regarding the Application of United States v. Jones to Additional Investigative Techniques") leaves the door open for tracking via other technology.
[The] second memoranda [sic] is going to be about guidance about what this means for other types of techniques, beyond GPS, because there's no reason to think that this is going to just end with GPS and some of that is going to be very much a judgment call.
It's already common knowledge that law enforcement agencies are using cell phone tracking. As the ACLU points out, wireless carriers already receive 1.5 million requests for data every year, most of which is used for location tracking. Additional technology, such as drones or license plate readers, make endless surveillance a logistic reality, and all without a warrant.
A fully-redacted document doesn't seem to indicate that the FBI is operating within the constraints of United States v. Jones. It signals the very opposite and provides us with another example of how government agencies, when faced with constitutional limitations, are more than happy to simply "interpret" their way around them -- and keep these interpretations out of public view, perhaps indefinitely. It's extremely hypocritical for the FBI and DOJ to sit in a position of law enforcement when they clearly believe abiding by the law is optional.
from the whatever-happened-to-'if-you-have-nothing-to-hide...?' dept
We've written several times before about domestic spying being performed by the government agencies, most of which is performed under the protective guise of "national security" as part of the "War on Terror." The end result tends to be diminished rights rather than something more positive, like "terrorists caught."
Beginning in 2011, a series of investigative articles by the Associated Press ("AP") revealed that the New York Police Department ("NYPD") conducted extensive surveillance of Muslims and persons of Arab descent in New York, New Jersey, and elsewhere. The NYPD’s activities included photographing members of the Muslim community as they entered mosques, infiltrating Muslim student groups, and monitoring Muslim stores and businesses. According to the AP, the “police subjected entire neighborhoods to surveillance and scrutiny, often because of the ethnicity of the residents, not because of any accusations of crimes.” The AP also reported, “many of these operations were built with help from the CIA [Central Intelligence Agency], which is prohibited from spying on Americans but was instrumental in transforming the NYPD's intelligence unit after 9/11.”
This looks like the CIA is at the very least heavily involved with domestic surveillance, if not actually doing the surveillance itself. The "investigations" themselves are questionable enough even without the possibility of a departmental "misstep" by the CIA, generally consisting of paid informants infiltrating the Muslim community and amassing as much information as possible when not attempting to bait community members into saying something inflammatory.
This new "elite" NYPD agency has been given leeway to assemble a massive database on the Muslim community and its activities and, to date, has produced nothing in the way of useful leads. Despite this fact, the operations continue undeterred and everyone from the NYC police commissioner to various CIA spokespersons have acknowledged the CIA's ongoing "collaborative relationship" with the NYPD domestic spying program.
According to the CIA, the agency isn't performing the surveillance itself and is, therefore, staying within its legal boundaries.
In December 2011 the Associated Press described an investigation by the CIA Inspector General regarding the agency’s collaboration with NYPD. CIA spokesman Preston Golson acknowledged the existence of this investigation and stated that the agency's Inspector General concluded that no laws were broken and there was “no evidence that any part of the agency's support to the NYPD constituted 'domestic spying.”
In essence, the CIA aids with the spying, but doesn't actually perform the spying. Golson's statement in reference to the internal investigation is obviously meant to be the final word on the matter, but relies heavily on the public's credulity in regards to secretive agencies conducting in-house investigations whose results remain hidden from view. In that respect, Golson's statement failed miserably.
According to USA Today, “The revelations troubled some members of Congress and even prompted the director of national intelligence, James Clapper, to remark that it did not look good for the CIA to be involved in any city police department. Thirty-four lawmakers have asked for the Justice Department to investigate but so far that request has gone nowhere.” At a March 2012 hearing, Attorney General Holder told Congress “he's disturbed by what he's read about the New York Police Department conducting surveillance of mosques and Islamic student organizations in New Jersey.”
You know something has gone wrong when Eric Holder thinks you've gone too far. Golson's "everything's cool" statement notwithstanding, EPIC decided to look into the CIA's involvement with the NYPD's surveillance programs.
On March 28, 2012, EPIC submitted a FOIA request to CIA asking for:
All documents related to the CIA Inspector General’s investigation regarding the agency’s collaboration with NYPD;
All legal analyses conducted by the CIA Inspector General’s office regarding the CIA’s collaboration with the NYPD;
All final reports issued as a result of the CIA Inspector General’s investigation;
Any communications between the CIA Inspector General’s office and the NYPD regarding the agency’s collaboration with the NYPD.
Unsurprisingly, the CIA has been rather reluctant to hand over any of the requested information. So reluctant, in fact, that it now finds itself on the receiving end of a lawsuit filed by EPIC after "failing to disclose a single record." EPIC's complaint quotes the CIA as stating it was too busy to fulfill the requests because of a "substantial backlog." While that could very well be true, this is also information that the CIA would very likely prefer to not make public. It's also an excuse many other government agencies have used -- a built-in stalling tactic greatly aided by these agencies' preference towards only giving up information when forced to do so.
Obviously, it will be a long time before any information shakes loose from this internal investigation. EPIC still has to win the lawsuit before any "compelled" release of documents begins. There's also bound to be an appeal or two, along with the usual bureaucratic delays built into the process. And there's also the "state secret" wildcard, one that permanently removes documents from the public eye. Still, it's a worthwhile effort EPIC is making, one that will shed light on a very shady collaboration between the CIA and the NYPD, whether or not the results of this internal investigation are ever made public.
Remember all the hubbub (now there's a word I never thought I'd use; thanks a lot, aging process) over Comcast's kind of, maybe plan to spy on subscribers through their cable box as they watch TV, fold their laundry, or engage in coitus? There was quite an outcry at the time, even as Comcast said that the plan was only to have the cameras be able to recognize when different types or numbers of people were watching the tube. People just didn't feel comfortable with corporations being able to spy on them. As a result, Comcast backed away from the plan -- the people had defeated the corporation.
All, apparently, so that hackers could spy on them instead. At least, that's what some reports are saying about Samsung Smart TVs and an exploit that would allow hackers to snatch social media credentials, access any files or devices connected to the smart TV...oh, and to use the built in cameras to spy the hell out of people as they do whatever they do while watching television.
In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown ("zero day") hole affects Samsung Smart TVs running the latest version of the company's Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.
The group that reportedly discovered the vulnerability, ReVuln, proudly stated that they would not publish any information about what they'd uncovered except to paying subscribers because screw everyone else (not an actual quote). They also have a company policy, apparently, that would prevent them from working with Samsung directly on a fix or even to disclose the hole, leading me to reach the logical conclusion that Dr. Evil is apparently running that company.
Even more fun, thanks to how Samsung designed the product, chances are any fix that could be produced would be difficult to implement.
Currently, the Smart TVs offer no native security features, such as a firewall, user authentication or application whitelisting. More critically: there is no independent software update capability, meaning that, barring a firmware update from Samsung, the exploitable hole can't be patched without "voiding the device's warranty and using other exploits," ReVuln said.
The company posted a video of an attack on a Samsung TV LED 3D Smart TV online. It shows an attacker gaining shell access to the TV, copying the contents of its hard drive to an external device and mounting them on a local drive, providing access to photos, documents and other content. ReVuln said an attacker would also be able to lift credentials from any social networks or other online services accessed from the device.
In other words, customers get to wait around until Samsung can figure this thing out on their own, since ReVuln won't help them out by company policy, or risk voiding their warranty on their smart TV that has a complete lack of security features. Nicely done, everyone involved.
from the most-transparent-administration-in-history! dept
A couple of months ago, Julian Sanchez wrote about the ridiculous situation in which he filed a FOIA (Freedom of Information Act) request to reveal the latest semi-annual report from the Justice Department concerning how it was implementing the FISA Amendments Act of 2008. As we've been discussing, for a while, how the FISA Amendments Act broadly expanded the ability of federal law enforcement, in particular the NSA, to spy on everyone. While there is some language that suggests it's only supposed to be used on foreigners, it's been revealed that there is a secret interpretation of the bill, that likely allows them to use a loophole (plus the secret interpretation) to collect and review tons of data on Americans. The FAA is up for renewal, and it's likely that Congress will rush through a five year extension -- despite overwhelming evidence that many in Congress don't know how the NSA is interpreting the bill (and even making statements that directly contradict the evidence of how the bill is being used).
The law does require the "semi-annual" report mentioned above, and thanks to a lawsuit by the ACLU, the courts have said that the government is required to release redacted versions of those documents. Which is why it was crazy when Sanchez initially filed his FOIA request to see the most recent versions, arguing (quite reasonably) that such documents were inherently important in the debate over the FAA's renewal, that the DOJ initially told him that it had to deny his request because it could "neither confirm nor deny the existence of records in these files responsive to your request." That was obviously bullshit. Once again: the report is required by law, and the courts have already said that the content is subject to FOIA requests. Thankfully, after Sanchez went public with the ridiculousness of the situation, the DOJ quickly admitted the original response was a mistake, and promised they'd get right on finding the documents.
By mid-September, just under three months after my initial request went in, I was informed that they’d identified the reports I was looking for and forwarded them to the Office of the Director of National Intelligence (ODNI) for a declassification review, which they expected would be completed by early November. Joy! Would we actually get information about an intelligence program out of the government without a lawsuit? Maybe even in time to have a semi-informed public debate?
Well, no. ODNI informed me earlier this month that they were wrapping up their review and redaction Any Day Now, at which point… their redacted version would be forwarded, one at a time, to every other intelligence agency whose activities were referenced in the report. At each agency, it would go to the back of the line of FOIA requests, exactly as though it had just been submitted for the first time. Estimated time before a heavily censored version of these reports see the light of day: Another six months. At least. By which time, it won’t matter much what these reports say about NSA’s use of its sweeping powers, because Congress will have already given them another five years of spying authority.
Notice what this means in practice: Even though a court has already established, thanks to an ACLU lawsuit, that they are legally required to release redacted versions of these reports to the public on request, a cumbersome bureaucratic process effectively guarantees that it takes a solid year to get this information out, which means at best you’re working with what the assessment found two reports ago, allowing the government to assert that they’ve fixed whatever problems were found. In this case, the timing of the review process conveniently guarantees that whatever we learn will come far too late to influence this year’s vote on FAA powers, but be old news by the time Congress takes up the question again. It’s a little hard to swallow the claim that all this delay is remotely necessary: Are we really supposed to believe that the Office of the Director of National Intelligence will be so slipshod about letting sensitive classified information through that their work has to be independently double checked by every other intelligence agency? And that this process has to take six months or longer, even after ODNI has done their initial review and redaction? Of course it doesn’t: This is a bureaucratic procedure designed, not to protect national security, but to allow stalling on the release of politically inconvenient information that the courts won’t allow to be completely hidden from the public.
Once again, this seems to raise questions about the process here -- and how much of it really has to do with law enforcement officials being careful... and how much of it is purely political, seeking to hide damaging information that might impact the FAA renewal.
Furthermore, as Sanchez notes, the very idea that he had to file a FOIA for this information is troubling by itself:
What we should really be asking is why I had to submit this request at all. In his first days in office, after all, President Obama issued a directive not only urging agencies to err on the side of disclosure, but to adopt a policy of proactive release of documents likely to be of public interest. Surely if there were any doubt about the public interest in the use of sweeping surveillance powers, it should have been put to rest after the ACLU won release of the earliest compliance reports. So why didn’t the Justice Department follow President Obama’s directive and draft these reports with an eye toward preparing a declassified public version, knowing full well that civil liberties groups would come asking? Well, because then they wouldn’t be able to obfuscate and delay for months and months. Because then the public might be able to have an informed discussion about the secret surveillance powers we’ve given our spy agencies before we vote to extend them. Heaven forfend.
The rapid uptake of ebooks by the public shows that there is a widespread recognition of their advantages. This would be good news for the publishing industry as it faces the transition from analog to digital formats, were it not for the fact that some publishers keep finding new ways of making ebooks less attractive than physical versions.
Say a student uses an introductory psychology e-textbook. The book will be integrated into the college’s course-management system. It will track students' behavior: how much time they spend reading, how many pages they view, and how many notes and highlights they make. That data will get crunched into an engagement score for each student.
The idea is that faculty members can reach out to students showing low engagement, says Sean Devine, chief executive of CourseSmart. And colleges can evaluate the return they are getting on investments in digital materials.
Well, the idea might be that it will help students will low engagement, but you can bet that it won't stop there. It will also be used to spy on whether students are cheating, as indicated by an implausibly small number of hours spent reading texts; or it might be used to check on whether books are being lent out to friends who aren't "authorized" to read that copy, as evidenced by unusual reading patterns.
Similarly, it's easy to imagine colleges starting to put pressure on students to read in certain rigidly-defined ways in order to "maximize" the return on that investment in digital materials -- hardly what education and learning to think for yourself are all about. Maximizing return will doubtless also lead to this reporting feature becoming mandatory -- at the moment students can opt out if they wish -- purely in the name of efficiency, you understand.
What's really tragic is that digital textbooks have the potential to be used in all kinds of truly innovative ways -- for example, allowing a class to share annotations in real time, making the whole reading experience more social; or perhaps editing and combining texts to produce exciting re-workings and re-imaginings. Instead, publishers are obsessed with tracking users and controlling how they use ebooks, largely out of an absurd, underlying fear that somewhere along the line somebody might be doing something without paying for it.
By now you've probably seen the paraphrase of a Ben Franklin quote that those who give up liberty for security, deserve neither (he said similar things a few different ways, but the standard actual quote is: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.") Whatever the actual quote is, there is quite a lot of truth to it. Giving up liberty for the sake of security rarely works out as planned. Either way, it appears that the editorial board of the Washington Post is either wholly unfamiliar with the quote, or believes it to be untrue. It has come out with an editorial arguing in favor of extending the FISA Amendments Act (and against an ACLU/EFF challenge to the law, to be heard today at the Supreme Court, even with the crazy weather) saying that it is perfectly fine to "give up liberty" for security:
Discomfort with the government’s capacity, technical or legal, to collect and retain massive amounts of personal information is understandable. But the 2008 FISA amendments sought a compromise between two essential goals: preserving American liberty and robustly defending Americans’ lives and property. We favored the law and believe that it should be extended.
That's somewhat ridiculous. After all, as we've noted over and over again, almost no one seems to understand what's actually in the FISA Amendments Act, in part because there's a secret interpretation of it that only the government knows. This means that many, many people, including those in Congress, are clearly misrepresenting what's in the law. The fact that the NSA refuses to say how often it has used this secret interpretation to spy on Americans should be a pretty big warning sign -- especially as politicians who are either clueless or ignorant claim that it can't be used to spy on Americans.
And really, this is the root of the "don't give up liberty for security" quote. Once you do that, you're cooked, because it's a situation that only expands in one direction. Those who seek to hold back liberty will always make use of scare stories and FUD to seek to be able to spy further. You would think that the editorial board of the Washington Post, which has been covering this kind of mess for quite some time, would actually have some sort of ability to look back at history. Apparently its historical knowledge is close to nil.
Remember that Congressional report from last week that warned everyone to fear Huawei, the Chinese telco equipment maker? Much of the fearmongering was around Huawei's close ties to the Chinese government (and military specifically) with no actual allegations, but plenty of speculation that there could be espionage issues. Of course, now, details of a White House report have leaked, claiming that they found no evidence of Huawei spying. They do point out that there are problems with Huawei equipment that could lead to exploitable security flaws -- which is certainly an issue. Of course, that seems like an issue that security experts to deal with, rather than politicians...
Transparency is worth having for itself, since governments often tend to behave a little better when they know that someone is watching. But occasionally, requests for data turn up something big and totally unexpected because someone failed to notice quite what the information provided implies.
The German ministry for home affairs and thus the German police clearly state that they are monitoring Skype, Google Mail, MSN Hotmail, Yahoo Mail and Facebook chat if deemed necessary. Money is spent on trojan viruses and we can be quite certain which company produces the IMSI catchers [used for "man-in-the-middle" attacks on mobile phones] used by German police.
It's been known for a year that the German police forces have been using malware to spy on citizens via their computers, but the latest revelations about surveillance activity go far beyond that. It confirms that even in countries where people are very sensitive about privacy, Internet snooping by the police is routine. It also emphasizes, once more, the importance of encrypting your communication channels where possible, and avoiding those where it isn't.
While the feds absolutely hate to reveal this kind of info, due to successful legal action by the ACLU, the Justice Department was forced to reveal information on how often they monitor electronic communications of Americans without a warrant -- using what's known as "pen register" and "trap and trace." This kind of surveillance isn't over the actual communications (that's left up to the NSA, apparently), but rather just the info on who contacted whom. For various reasons, such information is considered obtainable without needing a warrant. Not surprisingly, the data shows a rather massive increase in such surveillance by the Justice Department.
The numbers are quite incredible:
In fact, more people were subjected to pen register and trap and trace surveillance in the past two years than in the entire previous decade.
And yet, whenever anyone suggests that maybe, just maybe, there should be a little bit of oversight on these kinds of things to prevent abuse, law enforcement freaks out. Perhaps that's really because they know they're widely abusing the ability to spy on communications, and they don't want to have to admit it. The fact that it took a lawsuit just to get this information (which is required by law) to be released really says something about the state of surveillance by the federal government. And what it says is not good at all.