by Mike Masnick
Thu, Jul 4th 2013 9:00am
by Tim Cushing
Wed, Jul 3rd 2013 3:50pm
Old School Snail Mail 'Metadata' Still Being Harvested By The USPS And Turned Over To Law Enforcement/Security Agencies By Request
from the get-it-all,-just-in-case dept
We live in a wondrous age of technological advancement, where almost any form of communication can be instantly captured by interceding security agencies and stored safely away somewhere in Utah where it can be "questioned" at the agencies' convenience.
But the old school ways still have their charm. Various entities have intercepted snail mail since the days when it was just referred to as "mail." Not so much interception goes on now, partly because there's much less to intercept, but law enforcement agencies are still able to access scans of the envelopes of every piece of mail sent or received in the US, all without a warrant. Not unexpectedly, this "enhancement" to the "mail covers" program emerged post-9/11.
The NY Times has a good piece on the Mail Isolation Control and Tracking program, which was put into place following the post-9/11 anthrax mailings. It quite literally scans every envelope, post card, and piece of junk mail — some 160 billion pieces of mail a year. These scanners probably know more about the mail you receive than you do.The old "mail covers" program was targeted. The new, post-9/11 version isn't. Everything is photographed and anything can be requested by simply filling out a form. The argument is that there's no expectation of privacy seeing as any number of people will be able to view what's written on the outside of the envelope as it's in transit. Of course, people might feel their privacy is being violated if they observed someone going through a stack of their mail and taking photos of every envelope, but that's where the courts stand on this issue currently.
The Mail Isolation program is really just a super-beefed-up version of the USPS "mail covers" program that has been around for about a century, explains the Times. Mail covers are warrantless requests for photos of the outside of specific recipients’ mail.
Basically, a law enforcement agency fills out the request, and for 30 days (extendable to 120 days), it receives scans of all mail related to the subject of the request. Only the outside of the mail is provided, as opening mail would require a warrant. Authorities maintain that no warrant is needed for information on the outside of a piece of mail, as there can be no reasonable expectation of privacy. The USPS can deny a mail covers request, but rarely does.
Unlike other invasive programs officials have defended by claiming they have prevented [insert number here] terrorist attacks, the Mail Isolation Control and Tracking program has at least been instrumental in taking down a purveyor of terrorist-like activity.
In a criminal complaint filed June 7 in Federal District Court in Eastern Texas, the F.B.I. said a postal investigator tracing the ricin letters was able to narrow the search to Shannon Guess Richardson, an actress in New Boston, Tex., by examining information from the front and back images of 60 pieces of mail scanned immediately before and after the tainted letters sent to Mr. Obama and Mr. Bloomberg showing return addresses near her home. Ms. Richardson had originally accused her husband of mailing the letters, but investigators determined that he was at work during the time they were mailed.While that's comforting, the downside is that this system, like any other mass data collection, is prone to abuse. And what's considered not "private enough" to require a warrant can still tell the requesting party quite a bit about you.
"It's a treasure trove of information," said James J. Wedick, a former F.B.I. agent who spent 34 years at the agency and who said he used mail covers in a number of investigations, including one that led to the prosecution of several elected officials in California on corruption charges. "Looking at just the outside of letters and other mail, I can see who you bank with, who you communicate with — all kinds of useful information that gives investigators leads that they can then follow up on with a subpoena."The postal service holds the power to approve or deny these requests, without any outside review, which means every request will sail right through. 15-20,000 requests come through each year related to criminal activity. The number of requests made for national security reasons hasn't been revealed.
But, he said: "It can be easily abused because it's so easy to use and you don't have to go through a judge to get the information. You just fill out a form."
In the post-9/11 security/law enforcement climate, it seems it's better to have everything and not need it than want something and not have it. This is all above-board and perfectly constitutional according to the courts, so if any of these entities want to dig through your mail for any reason, (perhaps as a form of political harassment) all they have to do is fill out the right paperwork.
by Tim Cushing
Tue, Jul 2nd 2013 9:27am
from the older-than-heated-BBS-discussions-even dept
Ed Snowden's story kicked off with the leak of a single, 4-page court order that granted the NSA and FBI access to millions of Verizon phone records. Signed by Roger Vinson of the FISC, it was a broadly written order that contained none of the expected constitutional protections extended to US citizens.
Whistleblowers and government overreach are nothing new in this country. Snowden gave up his job and left the US in order to expose wrongdoing. Before him, other whistleblowers have done the same, either quitting in order to take their findings public or being forced out of a job as a result of their actions.
The ACLU's Free Future blog recently featured a post detailing how far back this sort of thing goes -- all the way back to before the official formation of the United States.
Do you know about James Otis, his struggle against the British Empire, and the making of the Fourth Amendment? A brilliant, young attorney, Otis became practically obsessed with what he viewed as a profound injustice visited upon the American colonists by their British rulers: the writs of assistance.James Otis ditched his job to fight this injustice. Despite being only 31, he held the position as Advocate-General in the commonwealth of Massachusetts. His position meant arguing for these general warrants, something he couldn't do in good conscience. He resigned his post and took up a case representing (pro bono) a group of Boston merchants opposed to the warrants.
Writs of assistance were essentially general warrants. They allowed British soldiers to raid and search homes based on no suspicion whatsoever of criminal activity. Any soldier could violate the sanctity of anyone’s person or home... The writs of assistance were extreme violations of the basic privacy and property rights of Americans, and the American revolutionaries loathed them – no one more eloquently or passionately than Otis.
The young attorney’s five-hour oration railing against the writs of assistance, “in opposition to a kind of power, the exercise of which in former periods of history cost one king of England his head and another his throne,” is now a famous speech...Unfortunately, Otis lost the case. Fortunately for the US, John Adams was sitting in the courtroom. Otis' arguments formed the basis for the Fourteenth Amendment to the Massachusetts Declaration of Rights (written by Adams), which in turn inspired the Fourth Amendment to our Constitution.
Specific warrants describing the people, places or things to be searched, and sworn by an affirmation, are legitimate and legal, Otis said. But general warrants, those that do not require any specific information or targeting – those warrants that enable the government to search at will – are illegal.
This amendment is being abused by the NSA's and FBI's sweeping data requests. It gives them the ability to digitally ransack American citizens, without a warrant or probable cause. It may be legal, thanks to some very dubious secret laws, interpretations and complicit courts, but it's still unconstitutional. Any hopes that the Supreme Court will sort this out have been effectively nullified as the court finds itself bound in the same web of secrecy.
Otis lost his battle but paved the way for our Constitutional rights. Why did he give it all up to take on the system?
“The only principles of public conduct that are worthy of a gentleman or a man are to sacrifice estate, ease, health, and applause, and even life, to the sacred calls of his country,” he told the court.Snowden himself may lose this battle, but hopefully, his actions will help Americans regain the rights they never realized they had given up.
by Tim Cushing
Thu, Jun 27th 2013 10:35am
from the warrants-are-becoming-nothing-more-than-a-fond-memory dept
Government agencies continue to operate under the assumption that warrants, reasonable suspicion and the like are luxuries that our nation can no longer afford, not while we're under constant attack by terrorists and drug smugglers.
The AOPA (Aircraft Owners and Pilots Association) is reporting an increase in DHS/CBP (Border Patrol) searches of small aircraft, including planes that never left the country.
With a growing number of reports from law-abiding pilots stopped by armed federal agents on the ramp, their aircraft searched by federal agents, the U.S. Department of Homeland Security Customs and Border Protection remains silent, and outrage is building.The FOIA requests filed by AOPA date back to February 12th. The CBP told the association not to expect a response until August 12th, at the earliest. The AOPA has given the CBP until July 20th to produce the requested documents or it will be taking its case to court, as well as "advising Congress and congressional committees" about the unexcused delays.
AOPA is questioning CBP’s authority to conduct the searches, and demanding a response from officials at the highest level. There has been no meaningful response to date from CBP to Freedom of Information Act requests filed months ago by AOPA and affected pilots.
One of the FOIA requests seeks information on the warrantless search of pilot Gabriel Silverstein's plane, which occurred on May 5th. Silverstein's plane was actually searched twice by federal agents. The first search was more perfunctory, with DHS agents replacing the normal FAA agents during a routine ramp check. The second, however, was much more intrusive.
[A] fuel stop, one of many made during a business trip from New Jersey to California and back in the Cirrus SR22 that Silverstein shares ownership of, proved much more troubling: Federal agents called out the dog.Although the agents involved identified themselves as only "homeland security," Silverstein recognized their uniforms' insignia to be that of Customs and Border Protection. (He also received a business card from one of them which identified that particular agent as CBP.) So, what are CBP agents doing searching a plane in Iowa City, miles from any international border? Silverstein had a registered IFR flight plan, which had received clearance at every stop, detailing every leg of his flight up to that point -- a flight that saw him travel from New Jersey to California (and part of the way back) with various stops for fuel, all without leaving US airspace.
A search lasting more than two hours produced nothing incriminating. Silverstein was free to go, but he and his husband of nine years, Angel, were on their own to re-pack luggage, the contents of which had been emptied along with the rest of what could be removed from inside the aircraft. Though more needs to be learned to understand the true legality, or constitutionality, of that search, agents told Silverstein he had no choice.
The DHS knows but it's not saying, at least not yet. (Any sobering findings will presumably be heavily redacted.) But judging from the agents' conversations with Silverstein, it would appear they believed he was smuggling drugs.
Silverstein said the agents in Iowa City urged him to confess to possessing a small amount of marijuana, suggesting such a confession could cut the whole process short. (Silverstein told AOPA he is a teetotaler, and never indulges much less possesses marijuana, nor did he have any reason to believe others had put marijuana in the aircraft.) Silverstein said agents told him they believed marijuana should be legal, but they had to enforce federal law.Searching a plane without a warrant and finding nothing is not enforcing federal law, no matter how the agent playing "good cop" attempted to portray it. Encouraging a person to falsely incriminate himself is not enforcing federal law, no matter how much the agents would have preferred to be back by quitting time. But on top of this dubious definition of "enforcement" lies an even more dubious definition of "reasonable suspicion."
He said the agents “clearly suggested” they were interested in his aircraft because he had stopped in Colorado, a state that recently legalized possession of small amounts of marijuana.If you think that logic is weak, there's more. The Atlantic details a couple more episodes of DHS/CBP agents vs. private plane pilots/owners. Larry Gaines, flew out of California, landing at a small, rural airstrip in Oklahoma. He was headed to dinner with a friend when he realized he had left his eyeglass case back at the airport. He returned to retrieve it and was greeted by local law enforcement who prevented him from returning to his plane and informed him the DHS was on the way. From Gaines' account of the event:
2 black Suburbans drove up at some point during this time, plus more Cordell Police and Washita County Sheriffs. All told, there were 3 police cars, 3 sheriff's cars, and 2 Suburbans with black windows from what I was later told was DEA. The officers/agents in the Suburbans were dressed in what appeared to be riot gear - body armor and helmets, I believe. They had shotguns and at least one German Shepherd dog. One of the local sheriffs was definitely in full SWAT regalia. It was over 100 degrees F. I counted 20 officers, deputies, and agents. Seven were dressed & equipped, literally, for armed conflict...That's a lot of "response" for a pilot with a clean criminal record. The agents on the scene were unable to explain their actions with anything more specific than Gaines' flight fit a "suspicious profile." Gaines asked for details about the "profile" and received this in reply: "You started in California and flew west to east."
A large business jet arrived and circled overhead for the next 60-90 minutes. A King Air 200 [a sizable twin-engine turboprop plane] arrived and landed. 2 Border Patrol agents got out.
This almost sounds made up on the spot. After all, flying out of California doesn't present many options for a pilot who wishes to remain in the Continental US, but still leave the state. But if Gaines fits the "profile" by flying west to east, how does Silverstein fit in? Sure, he left California traveling east before his run-in with federal agents, but it was part of a return flight to New Jersey, which started east to west.
The common thread seems to be drugs. An agent pointedly asked Gaines, "There's a lot of drugs in Stockton, isn't there?" (This despite the fact that Gaines' flight originated in Calaveras. His plane is registered in Stockton.) Silverstein flew west to east, returning to New Jersey, with a stop in Marijuana, CO.
Both pilots returned to their planes to find law enforcement waiting for them. Silverstein found the search to be already underway by the time he got to his plane. Gaines was greeted by local cops, which soon swelled into a small army. Gaines, however, refused to let the agents search his plane without a warrant. The agents backed down only when he agreed to allowing a drug-sniffing dog to walk his plane.
Under what authority these combined forces are searching planes without a warrant is unclear. The DEA would seem to be the most interested party if it's indeed drugs these agents are looking for. But these two episodes show the DHS/CBP clearly is taking the lead. The latter two agencies aren't too concerned about warrants or constitutional rights, seeing as the so-called "Constitution-free zone" is still in effect and the DHS has already gone on record as regarding Fourth Amendment rights to be an impediment to innate pureness of an agent's "hunches" or "intuition." But in these cases, along with nearly a dozen others, the pilots involved have never crossed a border, breached restricted airspace or otherwise done anything illegal.
It almost appears as though these agencies would prefer private pilots travel like everyone else: routed through TSA agents and safely aboard FAA-tracked airliners. So much for being able to move freely around the country. Traveling within our borders now seems to be as suspicious as making domestic phone calls.
by Mike Masnick
Thu, Jun 20th 2013 12:58pm
from the wow dept
- Keep data that could potentially contain details of US persons for up to five years;
- Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;
- Preserve "foreign intelligence information" contained within attorney-client communications;
- Access the content of communications gathered from "U.S. based machine[s]" or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.
One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.But since those procedures have now been leaked, we can see that they're not very carefully targeted at all. If the NSA doesn't know where someone is located, it can assume the person is foreign:
In the absence of specific information regarding whether a target is a United States person, a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person.That part about how the NSA can still keep data on US persons if they believe the data contains "evidence of a crime," "technical data base information" or "information pertaining to a threat of serious harm to life or property" obviously give the NSA incredible powers to -- contrary to what they've stated publicly -- retain all sorts of info on Americans.
Once we and others have had a chance to dig deeper through these, I'm sure we'll have more to say, but for now, it appears that, once again, the NSA and its defenders were less than fully forthcoming about how the NSA uses the data it collects and how it makes sure that Americans aren't targeted.
by Mike Masnick
Wed, Jun 12th 2013 11:09am
from the when-you-can't-even-convince-them... dept
Director of National Intelligence James Clapper said investigators "found backpacks with bombs." Really, the bombs hadn't been completed and the backpacks the FBI found were unrelated to the plot.But there's a much bigger point that the AP makes. Even if the claim was somehow true that PRISM was useful, nowhere does that claim show how a standard warrant wouldn't have provided the same information:
Feinstein said the FBI had Zazi under surveillance for six months. Court testimony showed Zazi was watched only for about two weeks before he was arrested.
That's because, even before the surveillance laws of 2007 and 2008, the FBI had the authority to - and did, regularly - monitor email accounts linked to terrorists. The only difference was, before the laws changed, the government needed a warrant.In other words, even if PRISM was used, there's no evidence that it was needed, because the NSA could have easily obtained the same information through traditional means -- getting a warrant -- and without potentially violating the privacy of millions of others.
To get a warrant, the law requires that the government show that the target is a suspected member of a terrorist group or foreign government, something that had been well established at that point in the Zazi case.
by Mike Masnick
Tue, Jun 4th 2013 12:01am
Eric Holder's 'Off-The-Record' Meeting With Journalists Leads To 'On-The-Record' Quotes, But Not Much Else
from the blah-de-blah-blah dept
Not going: New York Times, AP, Huffington Post, McClatchy, CNN, CBS News, Fox News, Reuters, and NBC News.And then, for all the fuss, at the end of the meeting, DOJ officials told the reporters they could discuss "in general some of the ideas that were discussed," though it appears that some points still remained off the record. As for what was publicly disclosed, it sounds like reporters were not impressed.
Going: The Washington Post, Politico, Wall Street Journal, Los Angeles Times/ Chicago Tribune, ABC News, Bloomberg, USA Today.
At the session, Holder and Deputy Attorney General James Cole expressed a willingness to revise the guidelines for such investigations, journalists present at the get-together told POLITICO.Ah, so the hens get to suggest to the fox how they'd like their rights to be violated, and then the fox gets to decide how best to "incorporate those suggestions"? I'm sure that will work out just great. As some who were in attendance noted, nothing in the meeting suggested that the DOJ was actually going to change or adjust its policies.
But Holder stopped short of offering any concrete changes to the guidelines. Instead, the Attorney General sought to assure the journalists that he and the DOJ were trying to seek a balance between the demands of national security and the free flow of information, and sought suggestions from the journalists on how those changes might be achieved.
by Mike Masnick
Thu, May 9th 2013 3:59pm
from the that-4th-amendment-thing... dept
However, a judge has now ruled that none of that really matters, and that the evidence collected by the stingray (or as a result of its use) can be used in the case against Rigmaiden. The reasoning is fairly odd, however. The judge basically said that there's no 4th Amendment issue because Rigmaiden had no reasonable expectation of privacy in either the use of the aircard or in his apartment "because he had obtained the air card and rented the apartment and storage space through fraudulent means — that is, using identifications that he had stolen from other people." That seems like a highly questionable standard on which to base that decision. As the ACLU points out, while Rigmaiden may have been committing fraud elsewhere, and may have used different names in getting the aircard and the space, there is no indication that any fraud was involved in getting those particular things. Under this ruling, you could see that doing something or buying something under an alias could be viewed as giving up one's 4th Amendment protections -- and that seems crazy.
The court also didn't seem to much care about the DOJ hiding its use of the stingray from judges:
The judge also ruled that the government was not in the wrong for failing to disclose to a magistrate judge that it planned to use a stingray to track the defendant, or to explain to the judge how the tracking device it intended to use worked. He characterized this information as a “detail of execution which need not be specified.”That seems fairly troubling, as it would allow the DOJ to hide other surveillance efforts that might be judged to be 4th Amendment violations... As the ACLU notes in response to this ruling:
“When the government is seeking a warrant to use new technology, it has the duty to explain to the court what that technology is and how it works,” she said. “Stingrays are a very potent example of why that is so, because it scoops up innocent information of third parties who are not under probable cause surveillance.”
by Mike Masnick
Thu, Apr 11th 2013 11:40am
from the time-for-an-audit-of-aclu-folks dept
The documents the ACLU obtained make clear that, before Warshak, it was the policy of the IRS to read people’s email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all. A 2009 “Search Warrant Handbook” from the IRS Criminal Tax Division’s Office of Chief Counsel baldly asserts that “the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications.” Again in 2010, a presentation by the IRS Office of Chief Counsel asserts that the “4th Amendment Does Not Protect Emails Stored on Server” and there is “No Privacy Expectation” in those emails.Of course, the IRS is not alone in this. That's the same way other government agencies have treated email thanks to the outdated nature of ECPA, the Electronic Communications Privacy Act, a law written nearly 30 years ago, which assumed that any content left on a server for over 180 days was "abandoned," because the idea of online messaging systems was foreign to folks in Congress at the time.
Other older documents corroborate that the IRS did not get warrants across the board. For example, the 2009 edition of the Internal Revenue Manual (the official compilation of IRS policies and procedures) explains that “the government may obtain the contents of electronic communication that has been in storage for more than 180 days” without a warrant.
The bigger question, though, is whether or not the IRS paid attention to the ruling in Warshak and started getting warrants. As the ACLU notes, while not entirely clear, the answer is likely "no."
Then came Warshak, decided on December 14, 2010. The key question our FOIA request seeks to answer is whether the IRS’s policy changed after Warshak, which should have put the agency on notice that the Fourth Amendment does in fact protect the contents of emails. The first indication of the IRS’s position, from an email exchange in mid-January 2011, does not bode well. In an email titled “US v. Warshak,” an employee of the IRS Criminal Investigation unit asks two lawyers in the IRS Criminal Tax Division whether Warshak will have any effect on the IRS’s work. A Special Counsel in the Criminal Tax Division replies: “I have not heard anything related to this opinion. We have always taken the position that a warrant is necessary when retrieving e-mails that are less than 180 days old.” But that’s just the ECPA standard. The real question is whether the IRS is obtaining warrants for emails more than 180 days old. Shortly after Warshak, apparently it still was notAs the ACLU notes, the IRS owes the American public a clear explanation of its view on warrants... and it should put in place a clear warrant requirement before snooping through emails.
The IRS had an opportunity to officially reconsider its position when it issued edits to the Internal Revenue Manual in March 2011. But its policy stayed the same: the Manual explained that under ECPA, “Investigators can obtain everything in an account except for unopened e-mail or voice mail stored with a provider for 180 days or less using a [relevant-and-material-standard] court order” instead of a warrant. Again, no suggestion that the Fourth Amendment might require more.
by Mike Masnick
Thu, Mar 28th 2013 5:56am
from the well-of-course dept
The technology has been a key component in a case involving Daniel Rigmaiden, which we wrote about last year. Rigmaiden was taken into custody (on a fraud charge) and, representing himself in court, he has sought more info on how he was tracked down -- leading to some reluctant disclosure about law enforcement using Stingray devices on questionable authority to find him. In that case, we noted that law enforcement claimed it had a court order to use the technology, but the judge was confused, asking where were the warrants for the use of the device. The judge asked how it was possible that a court order or warrant was issued without the judge ever being told about the technology used in surveillance and was told, simply, "it was a standard practice."
Indeed, that appears to be the case. The ACLU filed a bunch of FOIA (Freedom of Information Act) requests to dig into this and newly released documents show that, indeed, it was apparently standard practice by the DOJ to be "less than explicit" and less than "forthright" with judges in seeking warrants and court orders to make use of this technology. Here's an email that was revealed:
As some of you may be aware, our office has been working closely with the magistrate judges in an effort to address their collective concerns regarding whether a pen register is sufficient to authorize the use of law enforcement's WIT technology (a box that simulates a cell tower and can be placed inside a van to help pinpoint an individual's location with some specificity) to locate an individual. It has recently come to my attention that many agents are still using WIT technology in the field although the pen register application does not make that explicit.Basically, that's the DOJ admitting that it has not been forthright or explicit in letting judges know that it is going to use this extremely intrusive form of surveillance in seeking approvals. And the courts have been concerned about this. As the ACLU notes, this email was written three years after the Rigmaiden situation happened -- suggesting that the DOJ has been getting away with this sort of thing for many years, without anyone digging in. The ACLU is now arguing that this should be a reason to suppress the evidence obtained via these devices, and will ask the court to "send a clear message" that it cannot hide the truth from federal judges in seeking rubber stamps to violate the privacy of the public.
While we continue work on a long term fix for this problem, it is important that we are consistent and forthright in our pen register requests to the magistrates…