Recently, we've covered a series of stories centered around license plate scanners and the way such information is stored. Despite the protests of the ACLU, local law enforcement agencies have widely deployed the technology and there have also been requests from federal agencies to build a central database of information based on plate scans. If the latest reports are to be believed, however, these would simply be attempts to nationalize an endeavor that has already been undertaken by private industry.
According to the Boston Globe, the helpful groups building this database of license plate scans and providing it to banks, creditors, private investigators and law enforcement agencies are the repo industry and data brokers. And it's far worse than you might think.
While public debate about the license reading technology has centered on how police should use it, business has eagerly adopted the $10,000 to $17,000 scanners with remarkably few limits. At least 10 repossession companies in Massachusetts say they mount the scanners on spotter cars or tow trucks, and Digital Recognition Network of Fort Worth, Texas, claims to collect plate scans of 40 percent of all US vehicles annually.And that's just one company. The article goes on to note that there are other groups in the data brokerage business that otherwise claim to collect a large majority of US vehicles every year. Those groups freely admit to providing those scan databases to a variety of third parties.
The main commercial use of license plate scanners remains the auto finance and auto repossession industries, two professions that work closely together to track down people who default on their loans. Digital Recognition lists Bank of America Corp., JPMorgan Chase & Co., HSBC Holdings, and Citibank among its clients, while MVTRAC boasts that it serves 70 percent of the auto finance industry.Now, in response to the privacy concerns raised by activists, what the data brokers and repo folks will tell you is that these scans typically occur in public places. That's not always true, since the repo trucks often will enter private property, such as the parking lot of an apartment or condo complex, but their point is that there is no expectation of privacy in an area that's in plain sight. They'll also tell you that these are just license plate scans, not detailed personal information about anyone in particular.
Digital Recognition already provides its entire data pool to more than 3,000 law enforcement agencies nationwide, free of charge for most searches. The Massachusetts State Police is a registered subscriber, as are the Boston, Cambridge, Somerville, Brookline, and Quincy police departments. Even Boston College and Brandeis police have access to the firm’s entire scan database.
“Right now, it's the wild West in terms of how companies can collect, process, and sell this kind of data,” says Kade Crockford of the American Civil Liberties Union of Massachusetts. “The best legal minds, best public policy thinkers, and ordinary people whose lives are affected need to sit down and think of meaningful ways we can regulate it.”Which is exactly what some legislators in Massachusetts are attempting to do with legislation, but it isn't the first time crafting this kind of law has been tried. All previous attempts have been torpedoed by the data broker industry, including one case in Utah, where Digital Recognition sued the state for its ban on plate scanners as a first amendment violation. That seems to stretch the definition a bit too far.
"There's an enormous amount of data held in the private sector," Mr. Inglis said, in his first published interview since leaving government. "There might be some concerns not just on the part of the American public, but the international public."Now, first off, he's right. Companies collecting tons of data on their users should absolutely be a hell of a lot more transparent about what they're collecting (and should give more controls allowing people to opt-out of certain collections). However, it seems quite rich to hear that coming from someone at the NSA, perhaps the least transparent organization ever -- and one that worked hard to make sure that the tech industry was completely barred from being transparent about what sorts of data the NSA gets from them.
[....] "These companies at least have a public relations issue, if not a moral obligation, to really make sure you understand that this is to your benefit," Mr. Inglis said. "As an individual, myself, I continue to be surprised by the kinds of insights companies have about me."
"With every new website, device or player we authenticate, we need to work through technical integration and customer service which takes time and resources. Moving forward, we will continue to prioritize as we partner with various players."Which might almost sound like a reasonable explanation -- until you realize that HBO Go on Roku hasn't worked for Comcast users since 2011, despite Roku being one of the most prominent Internet streaming devices available. Apparently, it's a matter of priorities? Comcast's argument for being allowed to acquire companies is always that these acquisitions make them bigger and more efficient. So apparently, getting simple TV authentication to work takes Comcast years longer than every other pay TV operator because Comcast is simply too big, efficient and fantastic?
In his statement on Wednesday Brennan hit back in unusually strong terms. “I am deeply dismayed that some members of the Senate have decided to make spurious allegations about CIA actions that are wholly unsupported by the facts,” Brennan said.A further report detailed what he's talking about. Reporters at McClatchy have revealed that the Senate staffers working on this came across the document, printed it out, and simply walked out of the CIA and over to the Senate with it, and the CIA is furious about that. Then, in a moment of pure stupidity, the CIA appears to have confronted the Senate Intelligence Committee about all of this... directly revealing that they were spying on the Committee staffers.
“I am very confident that the appropriate authorities reviewing this matter will determine where wrongdoing, if any, occurred in either the executive branch or legislative branch,” Brennan continued, raising a suggestion that the Senate committee itself might have acted improperly.
Several months after the CIA submitted its official response to the committee report, aides discovered in the database of top-secret documents at CIA headquarters a draft of an internal review ordered by former CIA Director Leon Panetta of the materials released to the panel, said the knowledgeable person.There are many more details in the McClatchy report, which I highly recommend reading. And, yes, perhaps there's an argument that Senate staffers weren't supposed to take such documents, but the CIA trying to spin this by saying it was those staffers who were engaged in "wrongdoing" is almost certainly going to fall flat with Congress. After all, the intelligence committee is charged with oversight of the CIA, not the other way around. "You stole the documents we were hiding from you which proved we were lying, so we spied on you to find out how you did that" is not, exactly, the kind of argument that too many people are going to find compelling.
They determined that it showed that the CIA leadership disputed report findings that they knew were corroborated by the so-called Panetta review, said the knowledgeable person.
The aides printed the material, walked out of CIA headquarters with it and took it to Capitol Hill, said the knowledgeable person.
“All this goes back to what is the technical structure here,” said the U.S. official who confirmed the unauthorized removal. “If I was a Senate staffer and I was given access to documents on the system, I would have a laptop that’s cleared. I would be allowed to look at these documents. But with these sorts of things, there’s generally an agreement that you can’t download or take them.”
The CIA discovered the security breach and brought it to the committee’s attention in January, leading to a determination that the agency recorded the staffers’ use of the computers in the high-security research room, and then confirmed the breach by reviewing the usage data, said the knowledgeable person.
“I have no comment. You should talk to those folks that are giving away classified information and get their opinion,” Intelligence Committee Vice Chairman Saxby Chambliss (R-Ga.) said when asked about the alleged intrusions.
A few weeks back, we reported that the European Parliament's Civil Liberties, Justice and Home Affairs (LIBE) committee planned to send some questions to Edward Snowden as part of its inquiry on electronic mass surveillance of EU citizens. He's now replied to these, prefacing them with a short statement (pdf -- embedded below.) Although there are no major revelations -- he specifically states that he will not be disclosing anything not already published -- it does contain many important clarifications and interesting comments. For example, he confirms that:
The NSA granted me the authority to monitor communications world-wide using its mass surveillance systems, including within the United States. I have personally targeted individuals using these systems under both the President of the United States' Executive Order 12333 and the US Congress' FAA 702. I know the good and the bad of these systems, and what they can and cannot do, and I am telling you that without getting out of my chair, I could have read the private communications of any member of this [LIBE] committee, as well as any ordinary citizen. I swear under penalty of perjury that this is true
Before moving on to the parliamentarian's questions, he concludes his opening statement as follows:
For the record, I also repeat my willingness to provide testimony to the United States Congress, should they decide to consider the issue of unconstitutional mass surveillance.
The first question from the MEPs on the committee concerns the extent of the cooperation between the NSA and EU member states. Snowden's answer includes some new background information on what's been going on here:
One of the foremost activities of the NSA's FAD, or Foreign Affairs Division, is to pressure or incentivize EU member states to change their laws to enable mass surveillance. Lawyers from the NSA, as well as the UK's GCHQ, work very hard to search for loopholes in laws and constitutional protections that they can use to justify indiscriminate, dragnet surveillance operations that were at best unwittingly authorized by lawmakers. These efforts to interpret new
powers out of vague laws is an intentional strategy to avoid public opposition and lawmakers' insistence that legal limits be respected, effects the GCHQ internally described in its own documents as "damaging public debate."
That makes a mockery of the UK government's insistence that GCHQ's actions were always "within the law": that's only true to the extent that the agency happily exploited to the maximum loopholes its lawyers have spotted in the already weak UK legislation covering this area. In terms of the spying programs, Snowden hints that there's much more to come, and underlines that revealing them is now a matter for journalists, not for him:
There are many other undisclosed programs that would impact EU citizens' rights, but I will leave the public interest determinations as to which of these may be safely disclosed to responsible journalists in coordination with government stakeholders.
Another question probed the options for raising concerns about spying programs, and asked him whether he thought he had exhausted them before deciding to leak the documents himself. He explained that he had reported programs that seemed problematic to "more than ten distinct officials, none of whom took any action to address them." So much for the idea that he didn't try hard enough to use official channels before taking more drastic action.
On the question of what the European Parliament could do to help him, Snowden's answer is characteristically self-effacing:
If you want to help me, help me by helping everyone: declare that the indiscriminate, bulk collection of private data by governments is a violation of our rights and must end. What happens to me as a person is less important than what happens to our common rights.
But he then goes on to say:
As for asylum, I do seek EU asylum, but I have yet to receive a positive response to the requests I sent to various EU member states. Parliamentarians in the national governments have told me that the US, and I quote, "will not allow" EU partners to offer political asylum to me, which is why the previous resolution on asylum ran into such mysterious opposition. I would welcome any offer of safe passage or permanent asylum, but I recognize that would require an act of extraordinary political courage.
Sadly, it seems unlikely that political courage will be forthcoming given the extremely weak responses from European governments to the spying leaks. Snowden was also asked about economic espionage:
global surveillance capabilities are being used on a daily basis for the purpose of economic espionage. That a major goal of the US Intelligence
Community is to produce economic intelligence is the worst kept secret in Washington.
In this context he makes an astute observation:
Recently, governments have shifted their talking points from claiming they only use mass surveillance for "national security" purposes to the more nebulous "valid foreign intelligence purposes." I suggest this committee consider that this rhetorical shift is a tacit acknowledgment by governments that they recognize they have crossed beyond the boundaries of justifiable activities..
He also elaborates on an early comment that encryption, done properly, does offer a measure of protection against the kind of surveillance programs he has revealed:
The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards: pervasive, end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost-effective basis. The result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion.
In other words, encryption brings a double benefit. It helps preserve people's privacy and freedom, and thanks to the high costs of breaking properly-encrypted communications, it encourages governments to move back to the older, more targetted kind of spying that Snowden himself calls "above reproach". Finally, he was asked some more hostile questions from the right-leaning members of the committee, including whether the Russian secret service had approached him:
Of course. Even the secret service of Andorra would have approached me, if they had had the chance: that's their job.
As that hints, it's an eloquent and important document that is worth reading in its entirety. It not only adds useful details to many of the facts that have been published earlier, but also underlines the consistently rigorous and moral approach that Snowden has taken from the beginning.
But I didn't take any documents with me from Hong Kong, and while I'm sure they were disappointed, it doesn't take long for an intelligence service to realize when they're out of luck. I was also accompanied at all times by an utterly fearless journalist [WikiLeaks' Sarah Harrison] with one of the biggest megaphones in the world, which is the equivalent of Kryptonite for spies. As a consequence, we spent the next 40 days trapped in an airport instead of sleeping on piles of money while waiting for the next parade. But we walked out with heads held high.