Posted on Techdirt - 18 January 2017 @ 10:53pm
The Philadelphia Police Department is one of many to be on the receiving end of a consent decree with the DOJ. Most PDs finding themselves in this position earn it through years of abusive policing and a consistent disregard for constitutional rights and civil liberties. The Philly PD is no exception.
This department has been trying to make the changes recommended by the Justice Department, but apparently found some of the DOJ's hurdles too high for it to jump… at least willingly. That hasn't stopped police officials from declaring their inability to live up to the DOJ's standards a success, however.
An Officer-Involved Shooting Investigation Unit was established within the Philadelphia Police Department Jan. 1, Commissioner Richard Ross announced Friday.
The creation of the unit was a result of a Department of Justice study that recommended departmental reforms focused on the use of deadly force by police officers.
"The Philadelphia Police Department will now be a model for departments across the country," said COPS director Ronald Davis.
Hold your applause…
However, one of the study's major recommendations - that an outside agency should investigate officer-involved shootings - could not be fulfilled, Davis said.
"Philadelphia tried many alternatives but it could not work," Davis said.
The COPS (Community Oriented Policing Services) has an interesting definition of "could not." It could have worked, but the commissioner was unwilling to go up against the force behind the city's police force to do it. The federal government proclaims something must happen. The commissioner runs up against some resistance and decides it's impossible. Now, the city's residents can look forward to shootings by officers being handled completely internally, which will do little to deter the sort of activity that led to the DOJ's intercession in the first place.
The commissioner did at least obliquely address the obstacle he's unwilling to remove to better implement the DOJ's recommendation.
Finally, Ross said the "elephant in the room" was that the department faced opposition on the proposal from its union, Fraternal Order of Police Lodge 5.
This is why we can't have
nice accountable things. The FOP managed to defang the OIS Board, turning it into an internal, opaque process where officers have a 72-hour "cooling off" period before having to face a series of lobbed softballs by the PD's internal review board.
As an alternative to an outside agency conducting investigations, Ross established the Officer-Involved Shooting Investigation Unit so the process is now bifurcated - the criminal aspect will be handled by the new unit, and the administrative aspect will continue to be handled by the department's Internal Affairs Unit.
And yet, it's being hailed by a federal COPS official as a "model" for the nation's police departments. Yeah, this is a model, alright -- a model for every police union faced with a DOJ consent decree. Flex enough muscle and police officials will blow off federal recommendations to ensure future cooperation in policymaking and labor negotiations.
2 Comments | Leave a Comment..
Posted on Techdirt - 18 January 2017 @ 2:49pm
Chicago attorney Jerry Boyle -- notably not representing himself -- is suing the city of Chicago and a number of police officials for constitutional violations stemming from the PD's Stingray use. It's a potential class action suit, but Boyle -- at least in his own case -- claims to have pinpointed exactly when his phone signal was intercepted by the police. Cyrus Farivar of Ars Technica points out this detail in the lawsuit's claims:
The 32-page lawsuit, which was filed in federal court in Chicago on Thursday, specifically notes where and when the stingray was used, on January 15, 2015, “at approximately 8:00pm at the protest, near the 2200 block of West Ogden Avenue.”
However, the civil complaint does not explain exactly how the plaintiff knows this information.
“The evidence regarding CPD's use at that event is something that will be disclosed during the litigation,” Matt Topic, one of Boyle’s lawyers, e-mailed Ars.
The allegations [PDF] don't contain any clue as to what exactly Boyle used to determine his phone signal was being intercepted, but there are more than few choices available to the privacy-conscious who may want to know if and when their signal is being rerouted. Hackers have put together their own tools to detect fake cell towers and SRLabs has produced an app called SnoopSnitch that puts that power right in your cellphone.
What's undisputed is that the Chicago PD is in possession of regular IMSI catchers, as well as souped-up versions known as DRTboxes. Thanks to crowd-sourced FOIA activity, it's also known this equipment has been purchased with asset forfeiture funds in an effort to keep the PD's surveillance purchases from leaving as wide of a paper trail.
What can also be inferred from the allegations is that the Chicago PD deployed its surveillance equipment on participants in First Amendment-protected activity, which may only add to the Constitutional fallout of this lawsuit. This surveillance also occurred more than a year before state legislation was passed requiring court orders for Stingray deployments.
It will also be interesting to see what Boyle delivers as evidence his phone signal was grabbed by a Chicago PD Stingray. This will be essential to prove standing. Unfortunately, it will also have to be matched up with Stingray records held by the PD, which won't have much interest in turning those over to the court and possibly having them be made public.
There's also a chance the PD won't have any records of this deployment. If the Stingray was searching for a specific number or numbers, it could have been in "catch and release" mode where every nearby number was grabbed by the cell tower spoofer, but only data related to the targeted numbers retained.
Considering the years of opacity surrounding its Stingray use, this isn't going to be a fun legal battle for the Chicago PD. You can pretty much assume the FBI will take the lead in deciding what can or can't be presented in open court, as it has been granted this control with the non-disclosure agreement it makes every Stingray-purchasing law enforcement agency sign before it will allow them to deploy these devices.
Read More | 6 Comments | Leave a Comment..
Posted on Techdirt - 18 January 2017 @ 8:22am
Adam MacLeod, law professor at Faulkner University, was the recipient of a traffic cam speeding ticket. The problem was that he wasn't driving the vehicle when the infraction occurred. So, it was his vehicle being ticketed, but he was being held responsible for someone else's infraction.
He decided to fight it, and that fight uncovered just how crooked the traffic cam system is. Not only are traffic camera manufacturers receiving a cut of every ticket issued, but tapping into this new revenue stream has prompted municipalities to undermine the judicial system.
MacLeod's detailed report of his fight against city hall is well worth reading in its entirety. But one hint of things to come reveals itself in MacLeod's conversation with the city's attorney when attempting to figure out how one goes about actually challenging a traffic cam ticket.
I asked her whether this was a criminal action or a civil action. She replied, “It’s hard to explain it in those terms.” I asked whether she intended to proceed under criminal procedural rules or in civil procedure. We would proceed under the “rules of criminal procedure,” she answered because this is a criminal case. I asked when I could expect to be charged, indicted, or have a probable cause determination. She replied that none of those events would occur because this is “a civil action.” So I could expect to be served with a complaint? No, no. As she had already explained, we would proceed under the criminal rules.
The attorney had no way of answering this question honestly, or even accurately. What MacLeod discovered during his speeding ticket battle is that his local government -- like many other local governments deploying traffic cameras -- had created a legal netherworld between civil and criminal law where tickets issued by software were allowed to operate.
[T]raffic cameras do not always produce probable cause that a particular person has committed a crime. To get around this “problem” (as a certain law-and-order president-elect might call it), several states have created an entirely novel phylum of law: the civil violation of a criminal prohibition. Using this nifty device, a city can charge you of a crime without any witnesses, without any probable cause determination, and without any civil due process.
In short, municipal officials and their private contractors have at their disposal the powers of both criminal and civil law and are excused from the due process duties of both criminal and civil law. It’s a neat trick that would have made King George III blush.
Once a government becomes reliant on a new, legally-questionable revenue stream, the "questionable" part tends to be buried under absurd claims about traffic safety and traffic accident deaths. At this point, the entire system is corrupted. Legislators like the money. Cops like the money. The camera company (in this case, American Traffic Solutions) likes the money. Everything that needs to be done to ensure the cashflow doesn't dry up is done, including engaging in perjury.
MacLeod was finally allowed to address the proxy accusing him of speeding: the local PD. Its testifying officer buried himself (along with the city and ATS) during cross-examination.
On cross-examination, I established that:
- He was not present at the time of the alleged violation.
- He has no photographic evidence of the driver.
- There were no witnesses.
- He does not know where Adam MacLeod was at the time of the alleged violation.
And so on. I then asked the question one is taught never to ask on cross—the last one. “So, you signed an affidavit under the pains and penalties of perjury alleging probable cause to believe that Adam MacLeod committed a violation of traffic laws without any evidence that was so?”
Without hesitating he answered, “Yes.” This surprised both of us. It also surprised the judge, who looked up from his desk for the first time. A police officer had just testified under oath that he perjured himself in service to a city government and a mysterious, far-away corporation whose officers probably earn many times his salary.
Once you're corrupt, it's all over. The officer MacLeod questioned seemingly didn't realize his complicity in this corruption until he was directly questioned. In all fairness, he'd likely been told everything about the ticketing system was above-board, legally and constitutionally.
But once the new system -- one that is neither criminal nor civil -- is challenged, it falls apart. MacLeod reports that Alabama residents fought back against the deployment of traffic cameras, resulting in the repeal of the state's traffic cam law. Not that his mattered to the city of Montgomery's (where MacLeod resides) governance.
[M]ontgomery’s defiant mayor announced that the city would continue to operate the program. Curiously, he asserted that to stop issuing tickets would breach the city’s contract with American Traffic Solutions.
That went on until the state's District Attorney stepped in to shut down the mayor's rogue traffic cam program. Or tried to. A compromise of sorts was reached. Car-mounted cameras were shut down, but stationary cameras already in place were allowed to keep issuing tickets summoning citizens to the city's judicial Kafka-esque criminal/civil intersection.
Unhappy with having to (sort of) comply with state law, the mayor made it clear that cameras may come and go, but newly-found revenue streams are here to stay.
In a fit of petulance, and belying his insistence that the program is motivated by safety concerns rather than revenue, the mayor announced that the amounts of fines for ordinary traffic violations will now be tripled.
That's how the system works. The money must flow from the citizens to their government. And if the pipeline has to run right through their civil rights and liberties, so be it. Traffic camera systems are sold as public safety enhancements, but all they're really doing is transferring more money -- and more power -- to governments willing to let contractual obligations with private companies take precedence over Constitutional amendments.
45 Comments | Leave a Comment..
Posted on Techdirt - 17 January 2017 @ 10:51am
Thomas Fox-Brewster of Forbes is taking a closer look at a decade-plus of in-car surveillance, courtesy of electronics and services manufacturers are installing in as many cars as possible.
Following the news that cops are trying to sweat down an Amazon Echo in hopes of hearing murder-related conversations, it's time to revisit the eavesdropping that's gone on for years prior to today's wealth of in-home recording devices.
One of the more recent examples can be found in a 2014 warrant that allowed New York police to trace a vehicle by demanding the satellite radio and telematics provider SiriusXM provide location information.
In this case, SiriusXM complied by turning on its "stolen vehicle recovery" mode, which allowed law enforcement to track the vehicle for ten days. SiriusXM told Forbes it only does this in response to search warrants and court orders. That may be the case for real-time tracking, but any location information captured and stored by SiriusXM can be had with nothing more than a subpoena, as this info is normally considered a third-party record.
It's not just satellite radio companies allowing cops to engage in surreptitious tracking. OnStar and other in-vehicle services have been used by law enforcement to eavesdrop on personal conversations between drivers and passengers.
In at least two cases, individuals unwittingly had their conversations listened in on by law enforcement. In 2001, OnStar competitor ATX Technologies (which later became part of Agero) was ordered to provide "roving interceptions" of a Mercedes Benz S430V. It initially complied with the order in November of that year to spy on audible communications for 30 days, but when the FBI asked for an extension in December, ATX declined, claiming it was overly burdensome.
In 2007, the OnStar system in a Chevrolet Tahoe belonging to a Gareth Wilson in Ohio contacted OnStar staff when an emergency button was pushed. As noted in a 2008 opinion from the case, Wilson was unaware the button had been hit. Subsequently, an OnStar employee heard the occupants discussing a possible drug deal, and allowed an officer from the Fairfield County Sheriff's Office to listen to the conversation. When the vehicle was located and searched, marijuana was found and an indictment filed days later. Ironically, the suspect hadn't even signed up to the OnStar service, but it hadn't been switched off.
The 2001 case didn't end well for law enforcement. It wasn't that the court had an issue with the eavesdropping, but rather that the act of listening in limited the functionality of the in-car tech, which the court found to be overly-burdensome.
OnStar is also asked to engage in real-time tracking by law enforcement. While OnStar denies it collects location info, it too has a stolen car recovery mode that allows OnStar to track vehicles. OnStar also says it will only do this in response to warrants and court orders -- or unless "exigent circumstances" necessitate the bypassing of these constitutional protections. What OnStar definitely won't do is let the public know how many times law enforcement has asked to track vehicles. The company told Forbes it "doesn't release the number of these requests."
Plenty of vehicles come with built-in GPS-reliant devices, most of which perform some sort of data retention. Anything not considered to be "real-time" can be obtained without a warrant, thanks to the incredibly-outdated Third Party Doctrine. Private conversations can be captured and recorded with warrants, which makes a large number of vehicles on the road confidential informants on standby.
Courts have generally been sympathetic to law enforcement use of in-car technology, finding the use of built-in "tools" to be less intrusive than officers installing their own devices on suspects' vehicles. Certainly law enforcement finds these pre-equipped listening/tracking devices more convenient as well.
The expansion of in-car tech has led to a great many opportunities for law enforcement, at the expense of privacy expectations. While drivers certainly can't "reasonably" expect their travels on public roads to be "private," the collection of location data by third parties basically puts drivers under constant surveillance, relieving law enforcement from the burden of actually having to dedicate personnel, vehicles, and equipment to this task. And if cops can't get this location info from in-dash systems, they can probably grab it from the drivers' cell phone service providers.
Law enforcement may find encryption to be slowing things down in terms of accessing cell phone contents, but everything else -- from in-car electronics to the Internet of Things -- is playing right into their hands.
32 Comments | Leave a Comment..
Posted on Techdirt - 17 January 2017 @ 9:40am
No sooner had Germany announced it was looking to start fining Facebook for the publication of "fake news" than we have a lawsuit being filed to take advantage of this brand new breed of criminal violation.
Syrian migrant Anas Modamani has announced he will sue Facebook over posts by users depicting him as a supposed participant in multiple terrorist attacks.
Modamani hired a lawyer to file an injunction against the Menlo Park-based social network alleging the company failed to remove racist posts, in violation of German hate speech laws. The legal action comes as Facebook faces mounting pressure to do something about the proliferation of fake news on the social network.
Modamani cites the country's hate speech laws, but news coverage seems to feel the disputed postings should be filed under "fake news." And it's not just the press coverage. Modamani's lawyer is using this exact phrase when issuing statements about his client's case.
Chan-jo Jun, a lawyer who in November 2016 prompted an investigation into Mark Zuckerberg and other Facebook executives following a complaint alleging that the company had failed to remove racist posts, in contravention of German laws against hate speech, has taken on the case.
"Facebook is doing a very poor job with fake news," he told the BBC.
"But it is especially doing a poor job with illegal fake news.
"Not all fake news is illegal, but where it amounts to slander, as I believe this does, then it should be taken down."
Jun and Modamani are seeking an injunction blocking posts that associate him with terrorist activity. Considering Angela Merkel herself has announced her support of Facebook-fining litigation, Modamani presents a pretty nifty nexus. One of the photos attached to bogus reports of terrorist activity is a selfie he took with the German leader in 2015.
But "fake news" this is not. This may be the product of racism and/or internet denizens who feel they're called to be vigilantes/detectives. What it definitely isn't is Facebook's fault. Modamani had reported the images to Facebook, and Facebook took them down. What he wants now is for the images -- or any variations -- to stay down forever. But that's an impossibility. Obtaining a court judgment in his favor won't make it any more possible for Facebook to prevent images portraying him as a terrorist from resurfacing.
Because images falsely tying Modamani to terrorism are still available online, he and his lawyer appear to be moving quickly to take advantage of the prevailing anti-"fake news" mood and get this case into a (hopefully) sympathetic court.
In the United States, this would have no shot. Facebook performs all sorts of moderation, but things that slip by are the responsibility of the person posting them, rather than the platform hosting them. In the rest of the world… it's not nearly that simple. And in the case of alleged defamation-meets-hate crime, it's not tough to imagine a German court deciding it's Facebook's fault that idiot users keep posting BS on its site.
28 Comments | Leave a Comment..
Posted on Techdirt - 17 January 2017 @ 8:24am
The Obama administration has responded to calls to declassify the full CIA Torture Report with a "will this do?" promise to lock up one copy in the presidential archives. While this ensures one copy of the full report will survive the next presidency, it doesn't make it any more likely the public will ever see more than the Executive Summary released in 2014.
Other copies may still be scattered around the federal government, many of them in an unread state. The Department of Defense can't even say for sure whether its copy is intact. Meanwhile, an ongoing prosecution in which the defendant is alleging being waterboarded by the CIA has resulted in an order to turn over a copy of the full report to the court.
This order would preserve a second full copy -- with this copy being as close as we've gotten so far to seeing it become part of the public record. Of course, the DOJ is challenging this court order on behalf of the Obama administration, which certainly never intended to participate in this much transparency. Charlie Savage of the New York Times notes (on his personal blog) that a motion has been filed seeking to reverse the court's preservation/deposit order.
[T]oday the Obama Justice Department decided to fight Judge Lamberth’s order rather than comply with it. It filed a motion asking to Judge Lamberth to reconsider his order, arguing that it raised constitutional concerns (interfering with communications between Congress and the executive branch) and was unnecessary anyway given the presidential records thing. And it said that if he didn’t reconsider, the executive branch will appeal.
The judge had ordered a copy to be filed with the Court Information Security Officer (CISO). The DOJ argues [PDF] that this isn't necessary because the CIA has its copy locked up real tight-like.
Reconsideration is appropriate primarily because intervening facts have rendered these provisions unnecessary. As explained below, a copy of the SSCI Report is already being preserved in the Executive Branch under the Presidential Records Act, 44 U.S.C. §§ 2201-2209, and documents underlying the Report have been and continue to be preserved under a 2007 preservation directive issued by the Director of the CIA. Further, no copy of the SSCI Report held by the CIA has been destroyed, nor has any improper destruction of evidence by the CIA occurred since the issuance of the 2007 preservation directive.
True, one copy is being preserved in Obama's presidential archives. But the second assertion is a bit more dubious. While it's technically true the CIA hasn't destroyed any copies of the Torture Report, its oversight has. In May of last year, it was discovered that the CIA's Inspector General had destroyed the copy he'd received, thanks to a string of counterproductive "normal business" decisions.
[L]ast August, a chagrined Christopher R. Sharpley, the CIA’s acting inspector general, alerted the Senate intelligence panel that his office’s copy of the report had vanished. According to sources familiar with Sharpley’s account, he explained it this way: When it received its disk, the inspector general’s office uploaded the contents onto its internal classified computer system and destroyed the disk in what Sharpley described as “the normal course of business.” Meanwhile someone in the IG office interpreted the Justice Department’s instructions not to open the file to mean it should be deleted from the server — so that both the original and the copy were gone.
This prompted Dianne Feinstein to send a letter to someone who should have had an extra copy or three of the Torture Report lying around: CIA Director John Brennan.
As you may be aware. the office of the CIA Inspector General has misplaced and/or accidentally destroyed its electronic copy and disk of the Senate Select Committee on lntelligence's full 6,700-page classified Study of the CIA Detention and Interrogation Program. I write to request that as Director of the CIA, you provide a new copy of the Study to the office of the CIA IG immediately.
Your prompt response will allay my concern that this was more than an "accident." The CIA IG should have a copy of the full Study because the report includes extensive information directly related to the ongoing oversight of the CIA.
The accidental deletion of the IG's copy was possibly in violation of another preservation order stemming from ongoing FOIA litigation. The CIA was under orders to preserve its copy(ies), which means its oversight office should have been doing all it could to ensure its copy didn't disappear. If the CIA somehow managed to destroy its copies of the report, its oversight should have been in position to act as its backup, not to mention come down on it for any acts of impropriety. Instead, it took a copy and immediately -- if possibly inadvertently -- threw it away.
So, while the DOJ may firmly believe in all that is good and right and trustworthy about government officials holding onto damning documents, it can't rule out the possibility of human error. So, to better ensure preservation in accordance with the order, it should be less reluctant to hand over a copy to the court CISO, which would at least shift the culpability should this copy end up missing.
The obvious conclusion is that the outgoing administration (to say nothing of the incoming replacement) is still very interested in keeping the full report from ending up in the public's hands. Delivering a copy to the court makes it a part of the judicial process which, despite its tendency to seal documents and dockets far too frequently, is a much more open process than shuffling copies around from lockbox to lockbox within federal government agencies.
Read More | 25 Comments | Leave a Comment..
Posted on Techdirt - 17 January 2017 @ 3:14am
Because the Disney corporation is so overprotective of its IP and generally willing to pull the trigger on legal threats/lawsuits, it's always a bit entertaining to see lawsuits filed against it for alleged infringement. But the quality of lawsuits brought against the entertainment giant are very much hit-and-miss. And just because it's the courtroom villain being sued, it doesn't automatically make those bringing the suits the heroes.
UK company Alice Looking Ltd. has registered trademarks on the phrase "Alice Through The Looking Glass" covering a wide variety of products, most of them being expensive shirts. What it doesn't have is any claim to "Alice" the character, or anything from the Lewis Carroll original, or really anything else other than those words in that order. (h/t Courthouse News Service)
Disney, on the other hand, recently released a film entitled "Alice Through The Looking Glass" -- a live-action take on the Carroll original and yet another rerub of stuff taken from the public domain by a studio that has done its best for the last 70 years to ensure nothing it owns will ever end up in the public's control. Alice Looking Ltd. feels the release of the Disney movie undercuts the US market for high-end goods with its trademarked phrase on them.
The lawsuit [PDF] makes plenty of trademark infringement allegations but presents almost nothing as evidence of these claims. The only exhibits attached are Alice Looking's US trademark registrations.
The crux of the plaintiff's argument is that Disney could have worked with it in some form of partnership but chose not to. Therefore: infringement.
Defendants were aware of Plaintiff's marks since at least December 2014. In connection with Defendants' announced intention to make and release a film using Plaintiff's trademarks, Defendants were put on notice of Plaintiff's marks. In a December 9, 2014 initial letter from Plaintiff's counsel, Defendants were advised as follows:
"The marketing of the Film under terms identical to the Mark is plainly of concern to Our Client because it is also likely that members of the public will associate Our Client's products under the Mark with products (the Film and associated merchandise) of Disney's. Furthermore given the significant resources that Disney has available (and will no doubt utilize) for marketing, it is likely Our Client's Mark will be swamped by Disney's use of the Mark and that members of [the] public may therefore believe that Our Client is seeking to trade off Disney's film."
More meetings followed, with Disney more interested in showing its film to the UK company than finding some way to work together to keep its trademarks on solid footing. At the end of it all, Disney allegedly hinted it would try to work something out. That never happened.
In one of Plaintiff's last substantive communication with Defendants, Disney misled plaintiff into thinking it would not market infringing products by saying to Plaintiff that, if an agreement could not be reached, Defendants would instead utilize a different merchandising mark.
Defendants have attempted to register one or more marks similar to those of Plaintiff. For example, the US Patent and Trademark Office refused registration of Disney Enterprises, Inc.'s application number 86827745 for "DISNEY ALICE THROUGH THE LOOKING GLASS" on the grounds, inter alia, of likelihood of confusion with Plaintiff's registration.
What Looking Glass is worried about is ongoing infringement based on the movie's existence in Disney's catalog. Disney may suffer through box office busts but it never gets tired of marketing tie-ins. That's where the problem lies in relation to the UK company's trademarks. The company is concerned people will be confused about the origin of its products, perhaps mistaking Alice Looking's goods for being Disney-produced. I think the opposite is far more likely (even if neither scenario is particularly likely): buyers may feel Alice Looking's pop-up shops in the US are an attempt to cash in on Disney's success.
Either way, the only "smoking gun" in the case is Disney's denied attempt to register the same mark. Other than that, this is two companies arguing over their slice of a public domain work. The words are taken directly from the title of Lewis Carroll's 1871 original, and if anyone "owns" them, it's no one, considering the book's current public domain status.
And from there we have at least an 8-month delay between the film's release and this lawsuit. The delay is even longer if the UK company was following Disney's development plans closely after its discussions with it in 2015. One wonders if this gap between claimed "willful infringement" and the lawsuit's filing was the plaintiff allowing Disney's marketing power to rack up some damages it could swoop in and claim. Alice Looking is seeking an injunction prohibiting Disney for further exploiting its under-performing film.
Without further proof of willful infringement, this will be a tough case to win. In some ways it resembles programmer Robin Antonick's lawsuit against EA for allegedly ripping off his source code to create new versions of the Madden football game. His case rested almost entirely on a theory of means and motive, of which EA had both. But what he didn't have was evidence of this infringement, and that's what finally cost him his case.
In this lawsuit, means and motive are asserted, but very little is given to show Disney went out of its way to violate the plaintiff's trademarks. It may have been aware of their existence, but its film title -- and all the marketing/ancillary sales tied to it -- was pulled from Carroll's original.
As for any customer confusion, it's hard to see how many would view the two as being competitive markets. Sure, both sell goods based on Carroll's characters and stories, but they take very different approaches. Disney is mass market. Alice Looking is upmarket. People can almost always tell when they're getting a Disney product because the company never shies away from slapping its logo all over it. The more genteel (and more expensive) products sold by Alice Looking are only going to be associated with Carroll's original work -- something greatly helped by the company's selling of 100+ year-old prints of Carroll's book for hundreds of dollars a piece.
But there's always a chance a court will see some form of customer confusion or dilution considering both sets of products spring from the same 1871 source. The chances of Disney's lawyers allowing an injunction to be leveled against the company without a fight, however, are slim to none.
Read More | 27 Comments | Leave a Comment..
Posted on Techdirt - 13 January 2017 @ 3:07pm
The Evansville (IN) Police Department has seen a drug bust go up in a cloud of flashbang smoke. A search warrant for drugs and weapons, based on an informant's tip, was executed perfectly… if you're the sort of person who believes it takes a dozen heavily-armed officers, a Lenco Bearcat, and two flashbangs to grab a suspect no one felt like arresting when he was outside alone taking out his trash. (via FourthAmendment.com)
The state appeals court decision [PDF] hinges on the deployment of a flashbang grenade into a room containing a toddler. Fortunately, in this case, the toddler was only frightened, rather than severely burned. But it was this tossed flashbang that ultimately undoes the PD's case. The evidence is suppressed and the conviction reversed.
Scattered throughout the opinion are some amazing depictions of the PD's SWAT team at work -- and how those officers seem to believe the violence of their entries during warrant service are somehow just the new normal.
Things like the following paragraph. First: some background. In some cases, it's (theoretically) more difficult for law enforcement to obtain no-knock warrants. Facts need to be asserted that show that warning the occupants of a residence in any way would most likely result in the destruction of evidence and/or an armed response. Some judges are more willing than others to hand these out, but either way, the standard warrant boilerplate can't be used.
So, here's the difference between a "knock and announce" warrant and a no-knock warrant, as deployed by the Evansville PD.
The SWAT team rode in a Lenco Bearcat that followed a patrol vehicle to the residence. At least a dozen officers were involved. Upon arrival and prior to entry, three officers and a police vehicle approached the rear of the residence and at least nine officers, most armed with assault weapons, approached the front of the residence. At 10:30 a.m., the police knocked on the residence and one of the officers announced, “Police - Search Warrant - Police - Search Warrant,” and another officer announced over a loudspeaker “Search Warrant. 314 Illinois.” State’s Exhibit 1 at 3:55-4:00. One second later, the SWAT team knocked down the door with a battering ram.
ONE SECOND. Technically, still a knock-and-announce warrant, even though the residents had been given no chance to respond.
Within the next couple of seconds, a flashbang grenade was tossed into the front room, which contained a playpen and a baby's car seat. The toddler was in the playpen.
After the flash bang grenade was deployed, Detective Gray entered the residence and picked up a nine-month old baby crying on top of blankets in a playpen just inside and “very close to the door.” Id. at 332. The room also contained a baby’s car seat and a toddler’s activity center in the line of sight of the front door. One of the officers moved the car seat with his foot to proceed further into the residence.
The officer who tossed the flashbang said he could see more than what was captured by his helmet cam, but still admitted he could not see everything in the room into which he tossed the grenade. This grenade was thrown within two seconds of the officers' announcement that they had a warrant and roughly one second after the door was breached.
Officer Taylor testified that his perception of things involved a much wider view than what the camera could see. At a time stamp of 4:01 on the video, a member of the SWAT team rammed the door open several inches with a battering ram. From an angle to the right, Officer Taylor tossed the flash bang into the house at 4:02, and it detonated at 4:04. The video at 4:02 shows only a portion of the right rear of the couch and the wood floor on which it sat. The video reveals that about five minutes after the initial entry someone stated: “Make sure you get a picture . . . are you taking a picture of that?” State’s Exhibit 1 at 8:50-8:55. This appears to be a reference to a charred stain on the floor. The person then stated: “Because the baby was in this room, but I put it right there for a reason.” Id. at 8:55-9:00.
The lower court found these tactics unreasonable on the whole and granted suppression of the evidence obtained during the search. The state argued that suppression wasn't the proper remedy and anything resulting from the "unreasonable" use of a flashbang grenade in a toddler's room was something to be addressed in a civil lawsuit.
The appeals court disagrees, finding nothing justifiable about the SWAT team's violent entry into the home.
The video shows almost no time lapse between when the door was battered in and the tossing of the flash bang. The door was barely opened when the flash bang was immediately tossed into the room, and the angle at which Officer Taylor was standing to the door did not allow him an opportunity to see what was inside the room. Indeed, Officer Taylor acknowledged that he could not see portions of the room in which the flash bang was placed. Specifically, he testified that he could see “from the couch over to the left, I can’t see the corner, the left corner inside the room and I can’t see the hallway in front of it, that’s why the flash bang goes in the threshold.”
That's the flashbang, delivered two seconds after the police announced their presence. This is only part of it. The attempt to salvage the fruits of the search with a claim that the house potentially contained dangerous criminals also receives no judicial sympathy. The state makes assertions, but cannot back them up.
The State does not point us to any other evidence indicating the criminal history of Watkins or the other occupants of the house. The record contains no evidence that law enforcement could not have safely presented the person matching Watkins’s description with the search warrant during the time that he was outside the house and before he re-entered it.
While the police may have had a valid reason to enter and search the residence, the way it carried it out destroys anything it gained from serving the warrant.
Comparing the factors, we conclude that while there was a considerable degree of suspicion, the extent of law enforcement needs for a military-style assault was low and the degree of intrusion was unreasonably high. Under these specific circumstances and particularly in light of the use of a flash bang grenade in the same room as a nine-month old baby who was “very close” to where the flash bang was deployed, the State has not demonstrated that the police conduct was reasonable under the totality of the circumstances.
In most courts, uttering the words "drugs" and "guns" is normally enough to excuse a full-on, military-style assault on someone's residence. Here, though, the court finds the officers were aggressive and careless, which is an extremely dangerous combination. Things could have gone so much worse, especially for the toddler caught in the middle of it, making any police assertions about prior due diligence and "cautious" deployment of flashbang grenades almost laughable. A deployment that occurs one second after a door is breached isn't "cautious." It's obscenely negligent.
Read More | 56 Comments | Leave a Comment..
Posted on Techdirt - 13 January 2017 @ 11:53am
So, this is how we're handling the War on Terror here on the homefront: lawsuit after lawsuit after lawsuit against social media platforms because terrorists also like to tweet and post stuff on Facebook.
The same law firm (New York's Berkman Law Office) that brought us last July's lawsuit against Facebook (because terrorist organization Hamas also uses Facebook) is now bringing one against Twitter because ISIS uses Twitter. (h/t Lawfare's Ben Wittes)
Behind the law firm are more families of victims of terrorist attacks -- this time those in Brussels and Paris. Once again, any criticism of this lawsuit (and others of its type) is not an attack on those who have lost loved ones to horrific acts of violence perpetrated by terrorist organizations.
The criticisms here are the same as they have been in any previous case: the lawsuits are useless and potentially dangerous. They attempt to hold social media platforms accountable for the actions of terrorists. At the heart of every sued company's defense is Section 230 of the CDA, which immunizes them against civil lawsuits predicated on the actions and words of the platform's users.
The lawsuits should be doomed to fail, but there's always a chance a judge will construe the plaintiffs' arguments in a way that either circumvents this built-in protection or, worse, issues a precedential ruling carving a hole in these protections.
The arguments here are identical to the other lawsuits: Twitter allegedly hasn't done enough to prevent terrorists from using its platform. Therefore, Twitter (somehow) provides material support to terrorists by not shutting down (one of) their means of communication (fast enough).
The filing [PDF] is long, containing a rather detailed history of the rise of the Islamic State, a full rundown of the attacks in Brussels and Paris, and numerous examples of social media posts by terrorists. It's rather light on legal arguments, but then it has to be, because the lawsuit works better when it tugs at the heartstrings, rather than addressing the legal issues head on.
The lawsuit even takes time to portray Twitter's shutdown of Dataminr's feed to US government surveillance agencies -- as well as its policy of notifying users of government/law enforcement demands for personal information -- as evidence of its negligence, if not outright support, of terrorist groups.
The problem with these lawsuits -- even without the Section 230 hurdle -- is that the only way for Twitter, Facebook, etc. to avoid being accused of "material support" for terrorism is to somehow predetermine what is or isn't terrorist-related before it's posted… or even before accounts are created. To do otherwise is to fail. Any content posted can immediately be reposted by supporters and detractors alike.
And that's another issue that isn't easily sorted out by platforms with hundreds of millions of users. Posts and tweets are just as often passed on by people who don't agree with content, but arguments made in these lawsuits expect social media platforms to determine what intent is… and take action almost immediately. Any post or account that stays "live" for too long becomes a liability, should courts find in favor of these plaintiffs. It's an impossible standard to meet.
These lawsuits ask courts to shoot the medium, rather than the messenger. They make about as much sense as suing cell phone manufacturers because they're not doing enough to prevent terrorists from buying their phones and using them to communicate.
Read More | 26 Comments | Leave a Comment..
Posted on Techdirt - 13 January 2017 @ 10:47am
Another one of the FBI's thousands of National Security Letters has been made public -- along with its recipient. Cloudflare's latest transparency report (its seventh to date) contains a bonus: a 2013 NSL [PDF] the FBI felt no longer needed to kept secret.
This NSL was received in 2013, and was challenged by Cloudflare and the EFF. It's only now being made public, and that's largely due to litigation and the USA Freedom Act's changes to NSL review policies. Rather than review them every three years-to-never, the FBI must now review them more frequently. Better still, recipients are now allowed to challenge NSL gag orders within one year of receiving them. This places the burden back on the government to prove ongoing secrecy is needed.
Shortly before the new year, Cloudflare received a letter from the FBI rescinding the NSL's gag order.
The letter withdrew the nondisclosure provisions (the “gag order”) contained in NSL-12-358696, which had constrained Cloudflare since the NSL was served in February 2013. At that time, Cloudflare objected to the NSL. The Electronic Frontier Foundation agreed to take our case, and with their assistance, we brought a lawsuit under seal to protect its customers' rights.
In this particular case, the NSL itself was pulled by the FBI as a result of the lawsuit.
Early in the litigation, the FBI rescinded the NSL in July 2013 and withdrew the request for information. So no customer information was ever disclosed by Cloudflare pursuant to this NSL.
So much secrecy surrounds NSLs -- by default -- that Ken Carter of Cloudflare wasn't even able to correct a Senate staffer who told him things that were completely untrue.
In early 2014, I met with a key Capitol Hill staffer who worked on issues related to counter-terrorism, homeland security, and the judiciary. I had a conversation where I explained how Cloudflare values transparency, due process of law, and expressed concerns that NSLs are unconstitutional tools of convenience rather than necessity. The staffer dismissed my concerns and expressed that Cloudflare’s position on NSLs was a product of needless worrying, speculation, and misinformation. The staffer noted it would be impossible for an NSL to issue against Cloudflare, since the services our company provides expressly did not fall within the jurisdiction of the NSL statute. The staffer went so far as to open a copy of the U.S. Code and read from the statutory language to make her point.
That's what a gag order does: allows misinformation to go uncorrected. The staffer's interpretation of US Code may have been more to the letter of the law, but Cloudflare's Carter knew -- from personal experience -- that the FBI's interpretation was different.
Because of the gag order, I had to sit in silence, implicitly confirming the point in the mind of the staffer. At the time, I knew for a certainty that the FBI’s interpretation of the statute diverged from hers (and presumably that of her boss).
Not only does the default secrecy allow the FBI to continue to pursue questionable requests with NSLs, but it also allows it to deploy them in apparent violation of US law, right under the nose of its Congressional oversight.
Congratulations to both the EFF and Cloudflare, which worked together to protect a user's privacy against the FBI's self-issued NSL. Apparently the demand for information couldn't hold up when scrutinized by a judge for the first time. The fact that the USA Freedom Act only recently went into effect likely explains the three year-plus gap between the NSL's withdrawal and the lifting of the gag order.
While the USA Freedom Act's NSL-handling changes are an improvement, they're far from perfect. The burden of proof has been shifted to the government, but there's very little compelling it to respond to gag order challenges quickly, as the EFF points out.
Under the USA FREEDOM Act of 2015, the FBI is required to periodically review outstanding NSLs and lift gag orders on its own accord if circumstances no longer support a need for secrecy. As we’ve seen, this periodic review process has recently resulted in some very selective transparency by the FBI, which has nearly complete control over the handful of NSL gags it retracts, not to mention the hundreds of thousands it leaves in place. Make no mistake: this process is irredeemably flawed. It fails to place on the FBI the burden of justifying NSL gag orders in a timely fashion to a neutral third party, namely a federal court.
The EFF's legal battle against NSLs continues. We've seen incremental lifting of secrecy as a result of its multiple NSL challenges, but the EFF is hoping to see a court find the whole NSL scheme -- warrantless demands for user data and identifying information the FBI often uses to route around judicial rejection -- to be unconstitutional.
Read More | 18 Comments | Leave a Comment..
Posted on Techdirt - 13 January 2017 @ 8:32am
Somewhere behind the lurid imagery of the unverified intelligence report BuzzFeed dropped on the web earlier this week is a possible story about the FISA court deciding, for once, that a government agency has gone too far. My apologies to those who've made New Year's resolutions to eat better: everything about this should be taken with several grains of salt.
First, there's the intelligence report itself, which has apparently been circulating for a long time before BuzzFeed stepped up and actually published it. The Guardian reports Mother Jones apparently had seen the document as early as last September. The previously anonymous source of the Trump/Russia intel report has now been outed, but to date, the only thing that has truly been confirmed are biases.
The document, however, was considered legitimate enough by John McCain to pass it on to the FBI. It includes -- along with the famous watersports details -- information on alleged contacts with Russia that Trump used to obtain information on political rivals. According to the document, Trump is both reliant on Russian intelligence services for info and a target for blackmail, should it be "needed," thanks to antics on Russian soil detailed in the report's pages.
The FBI has refused to comment on the document, other than to confirm that it has seen it. But there's another detail buried in the Guardian's report that suggests -- again, via several anonymous sources -- that the supposed intel report propelled the FBI to the FISA court to ask permission to spy on Trump's associates. This detail was pulled out of the densely-packed Guardian report by Jason Koebler of Vice.
Here's the passage from the Guardian article:
The Guardian has learned that the FBI applied for a warrant from the foreign intelligence surveillance (Fisa) court over the summer in order to monitor four members of the Trump team suspected of irregular contacts with Russian officials. The Fisa court turned down the application asking FBI counter-intelligence investigators to narrow its focus. According to one report, the FBI was finally granted a warrant in October, but that has not been confirmed, and it is not clear whether any warrant led to a full investigation.
How the Guardian "learned" this is never explained. The "one report" is an article at Heat Street, which also relies heavily on anonymous sources:
Two separate sources with links to the counter-intelligence community have confirmed to Heat Street that the FBI sought, and was granted, a FISA court warrant in October, giving counter-intelligence permission to examine the activities of ‘U.S. persons’ in Donald Trump’s campaign with ties to Russia.
According to Heat Street, this supposed application came on the heels of reports that Trump's private server was in frequent communication with a Russian bank. That story has been debunked thoroughly, but that doesn't necessarily mean the FBI didn't initiate an investigation on the (temporary) strength of these allegations. For it to have headed to the FISA court with a warrant app before the report was debunked seems unlikely, much less to have this one granted, rather than the one it wanted earlier in the summer.
That being said, if the FISA court did turn down the FBI's summer warrant application, it would be an anomaly. As Koebler points out, the FISA court hates being referred to as a "rubber stamp," but it can't really argue with its own track record.
According to the Department of Justice’s official numbers, of the thousands of applications made by the federal government to FISC, none have been denied since 2009. Rarely, the court has asked the government to modify its case. In 2013, the US made 1,588 applications; 34 were modified. In 2014, it made 1,379 applications; 19 were modified. In 2015, it made 1,457 applications; 80 were modified.
It could be that the Guardian story and the Heat Street story are actually referring to the same warrant applications. The FBI could have been asked to modify the order in the summer and had the fixed version approved in October. A BBC article claims it was the same warrant app -- rejected twice -- seeking info on Trump's ties to Russian banks. (Again, this is a firsthand account backed by anonymous sources.)
Their first application, in June, was rejected outright by the judge. They returned with a more narrowly drawn order in July and were rejected again. Finally, before a new judge, the order was granted, on 15 October, three weeks before election day.
The FISA court could still be pitching an application rejection shutout. We won't know more until the 2016 numbers are released by the DOJ and even then, we won't know much. If there's a denial or two on the record, it won't necessarily confirm these reports. And if it was just a demand for modification, the FBI's Trump-related warrant will just be one of the few dozen the FISA court issues every year.
Heat Street, however, claims there were two FBI FISA warrant applications, with the second directly tied to the Russian bank/Trump server story. Whatever the case is, the leaked intelligence report most likely wasn't the basis for the FBI's summer warrant application, as it may not have even been released yet to those who paid to have it compiled: Trump-opposing Republicans and Democrats. If the patrons truly believed everything in the report, you'd think they would have released it prior to the election. Then again, the document may have been shopped for months to sites far more reluctant than BuzzFeed to publish unsourced allegations.
Among all the unverifiables stands the FISA court, which may have withheld its rubber stamp just this once. As Vice's Koebler points out, even if it did, there's no reason to applaud its singular rejection.
[I]f The Guardian and HeatStreet reports are accurate, when the FBI decided to go after the rich, powerful, and politically well-connected, it was met with pushback. If only the rest of us could be so lucky.
11 Comments | Leave a Comment..
Posted on Techdirt - 13 January 2017 @ 6:31am
Everything is compromised. In the latest case of a hacking company being hacked, Israel's Cellebrite is the latest to have its internal data hauled off by hackers. Joseph Cox of Motherboard was given inside details by the crew that claims to have spirited away login info and other data from the cell phone-cracking company.
Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products.
Included in the data haul are some other nifty surprises: evidence files from forensic searches of cell phones and logs from Cellebrite devices.
Cellebrite is a major supplier to US law enforcement, as well as to government agencies in countries with sketchier human rights records like Turkey, Russia, and the United Arab Emirates. In many ways, the company is similar to Italy's Hacking Team, which found itself hacked and its emailed dirty laundry aired by enterprising hackers unimpressed by the company's malleable morality.
What's truly interesting about this hack (and those similar to it) is that they go right to the heart of what's wrong with the DOJ's insistence that any "one-time" phone crack -- like the one they pursued in the San Bernardino mass shooting case -- would be safe as houses in the government's hands.
Riana Pfefferkorn -- who helped write an amicus brief on Apple's behalf (along with several other security researchers and professors) -- pointed out on Twitter that Cellebrite's hacking is exactly the sort of risk the government refused to seriously contemplate during its pursuit of an All Writs Order forcing Apple to open up the phone for the FBI.
If such a hack were created by Apple in response to a court order, there's no way for the FBI, Apple, or anyone else to plausibly claim it would be kept out of the hands of malicious actors. Companies in the business of breaking into devices aren't impervious to outside attacks. Neither is the US government, which has proven consistently weak when it comes to securing the massive amount of personally-identifiable information it collects from US citizens.
So far, the collected files haven't been shown to anyone but a few journalists, but Cox points out unauthorized access to Cellebrite isn't exactly a new thing.
Access to Cellebrite's systems has been traded among a select few in IRC chat rooms, according to the hacker.
“To be honest, had it not been for the recent stance taken by Western governments no one would have known but us,” the hacker told Motherboard. The hacker expressed disdain for recent changes in surveillance legislation.
Cellebrite's response to the hack is to claim that the only thing affected was a legacy server for end user licenses. Customers are being encouraged to change their passwords, but that comes a little too late to do much good. That license server may be the only thing breached through unauthorized means, but the log files and obtained evidence the hackers appear to have could easily have been taken out of the front end with compromised credentials.
The underlying fact is this: breaking protections like encryption or purchasing exploits to defeat it is something the FBI and other law enforcement entities will continue to advocate for, even while aware that it's impossible to claim definitively that the tools used won't be hijacked by someone else with more malicious motives. The Shadow Brokers' heist of NSA exploits shows that even if the government takes steps to protect what it has stored on its own servers, it can't prevent a disgruntled analyst from leaving a blackhat toolbag behind for others to find once a surveillance job is finished.
24 Comments | Leave a Comment..
Posted on Techdirt - 12 January 2017 @ 3:08pm
There's nothing quite like watching a professional with twenty years of experience burn it all to the ground in the space of a few hours. Officer Daniel Wolff of the Detroit PD -- spending some time at home recovering from a work-related injury -- took issue with Motor City Muckraker's story highlighting the number of police officers who don't live in the communities they serve.
He handled it badly. Here's Muckraker's Steve Neavling's coverage of the Facebook meltdown in which the journalist was personally attacked by the off-duty officer.
A Detroit cop on Tuesday called city residents “garbage” and bragged that he used to “hit them with “handcuffs in the head” and “smack” children in the face.
Officer Daniel Wolff was responding on Facebook to a Motor City Muckraker story about an increasing number of Detroit police choosing to live outside the city.
Wolff, who works in the second precinct and lives in the suburbs, said he would never live in the city he serves because it is “just a nasty place.”
“Getting rid of residency was the best thing that ever happened to the Detroit Police!!!!! We have to police the garbage but you can’t make us live in the garbage.”
Not only did Officer Wolff have a problem with being expected to "live in the garbage," but he felt the last few decades of technological advancement had made it much more difficult to police the streets the way Wolff would prefer to.
Wolff bemoaned cell phone cameras, saying, “You can’t walk up to a kid or asshole and smack him in the face like we did.”
And he had a few words for Neavling as well, when informed the Facebook conversation was being reported to his department. It involved Wolff's apparent desire to commit (career) suicide by cop, with the twist being that he was both ends of the equation.
When I told him that Internal Affairs was investigating, Wolff responded, “Please do. I’ve been trying to get fired for years you cunt. Help me you ass.”
Consider Wolff helped.
The department received Wolff's alleged comments from the Muckraker the day they were posted, according to Director Michael Woody of the public information office.
"We have forwarded them to our internal affairs for a full investigation," Woody said. "This is not representative of the vast majority of our officers in this department, who work hard every day to build relationships with members of our community."
Officer Wolff was apparently very thorough in his Facebook slating of the general public. According to Detroit Police Chief James Craig, there were several other allegedly "sexist" and "racist" comments delivered by the cop before he decided to memory hole his Facebook page.
[W]e’re going to move forward with the investigation and we should be at a finding fairly quickly," [Craig] said. "If this individual feels that strongly about working in the City of Detroit and has that type of attitude, we certainly don’t want him here."
Well, that would appear to align with Wolff's stated desire to be fired. With twenty years on the force, Wolff likely has a pension locked up and would probably be given the option to resign, which means taxpayers will continue paying a former public servant that has zero respect for them for the next several years.
As for the article that started it all, it simply makes the same point that could be made in nearly any major city: it's tougher to build relationships with the communities you serve while living as far away as you can from them. It's a problem everywhere and frankly, there's not much to be done about it. Coaxing, pleading, offering housing, etc. are about the limit of what city governments can do to help close this gap between the police and the policed. Anything else places tremendous restrictions on officers' freedoms. True, communities may be better served by officers with closer ties to the people they police, but mandating this would create larger rifts by adding a whole bunch of resentment and anger to the mix. In other words, the public would get Officer Wolff, who somehow maintains this level of anger and resentment despite living miles away from the neighborhood he works in.
33 Comments | Leave a Comment..
Posted on Techdirt - 12 January 2017 @ 10:43am
The NSA can now be used for second-hand domestic surveillance, thanks to new rules approved by President Obama that went into effect on January 3rd. Those unhappy to see Trump in control of these expanded powers have no one to thank but their outgoing president for this parting gift.
This was first reported early last year, gathered from anonymous intelligence community sources and the now-useless PCLOB's report on the FBI's use of unminimized intelligence passed on to it by the NSA. At that point, it was mostly speculation, with the PCLOB's report being the only thing in the way of factual information. The administration was confirmed to be working towards loosening restrictions on data sharing, even as the FBI was swearing it was tightening up control of its own use of unminimized data.
As the New York Times reports, this change in rules on data-sharing is now in place, as confirmed by a declassified copy of the new procedures [PDF] released to the paper.
The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches.
The perceived benefit of this relaxation of the rules is this: government agencies will no longer have to worry about being siloed off from possibly relevant info by restrictions on unminimized collections. The downside is, well… everything else.
Previously, the N.S.A. filtered information before sharing intercepted communications with another agency, like the C.I.A. or the intelligence branches of the F.B.I. and the Drug Enforcement Administration. The N.S.A.’s analysts passed on only information they deemed pertinent, screening out the identities of innocent people and irrelevant personal information.
Now, other intelligence agencies will be able to search directly through raw repositories of communications intercepted by the N.S.A. and then apply such rules for “minimizing” privacy intrusions.
There are sixteen(!) government agencies being made equal partners in the NSA's full-take surveillance programs. Rather than place the agency that hoovers up the signals intelligence in charge of ensuring the privacy of US citizens is protected, the administration is letting multiple agencies with different agendas and rulesets have access to the data first, with any minimization being left up to each agency's individual policies.
The NSA still retains the option to deny an agency's request to an unminimized "feed" of incoming collections, but it's likely denials will be few and far between -- what with the Wars on Terror/Drugs still ongoing and showing no signs of wrapping up anytime soon. Anything deemed to be tangentially-related to national security will likely receive the NSA's blessing... because doing otherwise would be incredibly hypocritical. The "national security" mantra has been deployed to excuse its worst excesses. Far be it from the NSA to deny the national security "needs" of other agencies similarly situated.
This was pretty much confirmed by ODNI's counsel Bob Litt's attempt to defuse the situation when it first came to light last spring. His painful editorial at Just Security said this was all no big deal. After all, the new rules didn't provide for more domestic surveillance than the government was already performing. It just allowed more agencies to look at what was already being collected and do with it what they wanted. SHRUG.
As for the FBI, which has been a longtime partner in the NSA's surveillance haul, its new internal rules are no longer relevant, seeing as the administration has given its blessing to go ahead and use supposedly foreign-facing intelligence programs for domestic law enforcement activity. While the FBI was supposed to restrict its use of the data haul for counter-terrorist investigations, the FBI was able to turn over anything it found related to normal criminal activity to the DOJ. So, even prior to the official relaxation, the FBI was acting as a conduit between the NSA and other law enforcement agencies.
All of this means the NSA is now officially a domestic surveillance agency, even if a majority of its exploration of Americans' data/communications is being done by proxy.
Read More | 38 Comments | Leave a Comment..
Posted on Techdirt - 12 January 2017 @ 9:32am
Getty Image's long history of copyright thuggery can be found all over Techdirt. This litany of uncivil public discourse finally resulted in it being force-fed its own medicine by a plaintiff who demanded $1 billion from the image licensing service for taking her public domain photos and adding them to the Getty library.
Thanks to some serious misjudgment, and incomplete knowledge of how national laws work, Getty has now (briefly) earned a reputation for another form of thuggery: censorship.
Matthew Chan runs Extortion Letter Info (ELI), a site that specializes in collecting threatening letters for various entities (usually copyright-related) and gives guidance on how to fight back against this form of speculative invoicing.
Chan, along with others, has been loudly critical of Getty's tactics. Getty likes to send out threatening letters and demand licensing fees for images it happens to see in use around the web. Visitors to ELI's forums are no less disdainful of the company than Chan is. And, the internet being the great communicator it is, this sort of criticism isn't limited solely to Chan's site.
Chan's site -- along with a couple of others -- somehow flew onto the radar of Getty's French office, which sent out a completely ridiculous letter demanding not only that Chan's criticism of the company be removed from his site (and others), but EVERY DEROGATORY COMMENT made by site visitors to be taken down as well.
I am the legal adviser of the company GETTY IMAGES.
The company GETTY IMAGES is the biggest global database. Its main activity is the supply, development and worldwide distribution of online images, videos and music under which many communication professionals made use.
Indeed, it enjoys an established reputation both domestically and internationally. However, my client found many comments which seriously jeopardize its practice on your web site www.extortionletterinfo.com …..
Indeed, the combination of the words «GETTY IMAGES» and «extortion» or «arnaque» (fraud) on the search engine Google bring us directly to your web site.
Furthermore, the regularity of the methods and of the proceedings used by our client had also been questioned, which have been described as «legalized extortion» and «Extortion Letter Scheme».
According to the judgment given by the First Civil Division of the French Supreme Court on the 12th of July 2012, this is particularly intolerable and reprehensible.
Those acts of gross disparagement seriously damage GETTY IMAGES’ image.
A similar letter [PDF] was received by The Hacker Factor Blog and Zyra.info. Chan and The Hacker Factor both responded in detailed fashion to the French legal stupidity apparently resulting from Getty Image France's legal rep Vanessa Bouchara's Google search for "reprehensible" terminology. (The third site took down the image/criticism, but left up a notice telling readers about Getty's censorship.)
Both responses to Getty pointed out the obvious: parlez-vous US law, motherfuckers?
From Chan's response:
Regardless of which corporate entity you represent in France, I inform you of the following:
1. I am a U.S. Citizen who lives and work in the U.S.
2. I do not have any business interests in or solicit any business from France.
3. My websites are hosted in the U.S., written in English, and primarily targets American readers.
As such, any content you or your client may object to on my website all firmly within the realm of U.S. laws and the First Amendment. I do not see how you can threaten me with a lawsuit being brought in a country in which I have no contact, connections, or involvement.
French law might have jurisdiction over you, your law firm, and your client operating in France. But I cannot see any way whatsoever how French law applies to me or my websites.
From the very detailed and well worth reading response by The Hacker Factor:
As noted in the 2014 letter from Getty Images, they list their address as "605 5th Ave S, Suite 400, Seattle, WA 98104 USA". Moreover, they sent their letter to my address in Fort Collins, Colorado, United States. Neither of these addresses is in France.
My 2014 blog entry includes my response letter. At the top of the response letter are the addresses of the sender and the recipient. Again, the correspondence was from a US citizen in the United States of America and to a company in the United States of America.
At no time was there any mention of France or Getty Images in France. The country of France has no jurisdiction in a discussion between a US citizen and a US company. Your repeated citations of French laws have no basis since this falls under the jurisdiction of US laws.
Someone at Getty's US HQ is now in a terrible mood. Getty's reputation in the US is far from impeccable, and now they have to deal with a French interloper throwing a one-lawyer Streisanding via international mail. An apology and retraction has already been sent to ELI and a few other sites that were affected.
Whilst operating as Getty Images’ French legal advisor, we sent you a formal letter dated December 23th 2016, asking you to cease and desist perceived libelous activity on your site.
Please disregard our previous letter, it was sent in error and accept our sincerest apologies.
It's hard to say how many people were involved in this debacle as Vanessa Bouchara uses the royal (and somewhat exculpatory) "we" in her communications, but whoever was behind it needs to spend a bit more time getting to know the limits of their local laws.
18 Comments | Leave a Comment..
Posted on Techdirt - 12 January 2017 @ 6:27am
As we covered last week, the FBI has apparently been paying Best Buy Geek Squad members in exchange for tips about illegal material discovered on customers' computers. This is problematic for a couple of reasons.
First, adding a financial incentive could lead to Best Buy employees digging around in users' computers in hopes of finding something to turn in, rather than limiting themselves to the job at hand: repairing the device.
Second, while companies are legally obligated to report the discovery of child porn to law enforcement, this occurs as a "private search." As such, it's perfectly legal and can result in the probable cause needed to perform a forensic search of the computer, as well as (possibly) any other electronic devices the customer owns. But when the FBI turns Best Buy employees into confidential informants -- paid or not --it's no longer a private search. It's a third-party search at the government's request. The government can't task private individuals with performing warrantless searches on its behalf -- at least not if it wants to hold onto the evidence.
The government is arguing that there was nothing wrong with the FBI's relationship with Best Buy. This is being argued despite the growing amount of evidence showing the FBI's role in Best Buy searches of computers is anything but passive.
One former agent confirms [PDF] in her declaration that the employee who alerted the FBI to alleged child pornography found on the computer of the defendant in this case, had been signed up by the agency as a “confidential human source” (CHS) in 2009 — two years before the offending content was discovered in this case — but contends that this worker was “never asked” to “search for child pornography or evidence of any other crime on behalf of the FBI.”
However, in a Dec. 19 order [PDF] in this case, the judge notes that emailed communications may hint at a deeper connection between the agency and the Geek Squadder.
For instance, in Oct. 2009, this agent emailed the Best Buy staffer to set up a meeting “to discuss some other ideas for collaboration.” The since-retired agent now says she has no “independent recollection of what ‘collaboration'” refers to in that email, blaming her memory lapse on brain damage caused by Lyme disease.
Whatever the case may be, the documents do seem to show what Mark Rettenmaier, the defendant at the center of this case, alleges they do: a close partnership between the FBI and Best Buy that has gone on for years.
Judge Cormac Carney's ruling on Rettenmaier's demand for document production from the FBI indicates that what he's seen so far (many of the documents handed over by the FBI to date are under seal) points in this direction.
According to the FBI, [Best Buy employee] Meade was a CHS [confidential human source] for two periods of time—October 2008 to January 2009 and November 2009 to November 2012. During the first CHS period, Meade worked with FBI Agent Richard T. Boswell. (See Bates 1123; Dkt. 152 at 6.) Before the second CHS period, Agent Jennifer Cardwell took over for Agent Boswell (Agent Riley took over for Agent Cardwell in July 2010 (Bates 1028)). (Bates 1122–23.) Meade estimates that he contacted the FBI reporting child pornography approximately six to nine times per year. (Bates 544–45.) Though the FBI has had eight different CHS at Best Buy’s Kentucky facility, at the time when Best Buy had Rettenmaier’s hard drive, only Meade and Ratliff were connected to the FBI. (Dkt. 152 at 6.) Both Ratliff and Meade received payment from the FBI; every CHS prior to February 2012 received payment.
The government is refusing to hand over any more information that may shed more light on this relationship, but Judge Carney isn't going to let it get away with it. The government claims any such evidence, if produced, would only "undermine" Rettenmaier's "unsupported argument" about the FBI/Best Buy BFF situation. Judge Carney basically says we won't know until we see it, will we?
The Court cannot determine whether Rettenmaier’s “unsupported” argument has merit as long as the Government refuses to produce the evidence that may support it; the Government’s hope that the evidence will undermine Rettenmaier’s motion does not exempt its production.
The ruling almost completely denies the government's motion to quash, which means that the documents demanded -- if they exist -- will have to be turned over to the defendant. Most will probably be filed under seal, but some are bound to escape the FBI's desire for complete secrecy. What leaks out around the edges will be interesting, and mostly sussed out through defense motions and judicial orders. If the FBI is treating private companies' employees as confidential informants, then it's basically utilizing the private sector to perform warrantless searches for it.
Read More | 38 Comments | Leave a Comment..
Posted on Techdirt - 11 January 2017 @ 5:00pm
Curtis Waltman, filing his public records request through MuckRock, has obtained several hundred pages of documents related to IMSI catchers/Stingray devices from the Sarasota (FL) Police Department. There are a handful of interesting aspects about this haul, not the least of which is the fact that US Marshals basically raided the Sarasota PD's office in 2014 to remove Stingray-related documents ahead of the ACLU's scheduled examination of the files.
What's been obtained by Waltman is presumably part of the stash the Marshals didn't take. The other interesting fact is that there is no reference whatsoever to Stingray devices or IMSI catchers in the documents, despite that being specifically what was requested.
Here's Waltman's request:
To Whom It May Concern:
Pursuant to Florida's Sunshine Law (Fla. Stat. secs. 119.01 to 119.15 (1995)), I hereby request the following records:
Documents concerning IMSI catchers or any of the following words: "Stingray", "cell site simulator", or "dirtbox". including:
-Contracts with the Harris Corporation regarding the acquisition of their Stingray or KingFish IMSI catchers
-Department policies and procedure regarding the use of IMSI catcher technology
-policies and procedures on the keeping of statistics about the Department's use and acquisition of IMSI catchers
The requested documents will be made available to the general public, and this request is not being made for commercial purposes.
Whatever search the Sarasota PD performed was in response to these search terms. But as Waltman points out in his post about the document haul, none of those terms are found in the hundreds of pages returned.
These documents are the result of Joint Law Enforcement Operations Task Forces (JLEOs) that the SPD participated in from the years 2008 to 2014 with various local departments in their area, and also the DEA and the Marshals. Considering that South Florida has been designated as a High Intensity Drug Trafficking Area, or HIDTA, it’s not surprising that they are engaged in high level operations with federal law enforcement agencies.
What is surprising is how often they resorted to pen register and trap and trace court orders to be officially permitted to use their Stingray. Referring to cell site simulators as “trap and trace devices” is common, even by the DOJ.
Obviously, the Sarasota PD engaged in the same obfuscatory tactics other law enforcement agencies have, urged on by the FBI's omnipresent demands for secrecy. The PD was either using its own devices or those belonging to the US Marshals service, but the outcome was the same: court orders and subpoenas for dialing data covering up the use of cell tower spoofers to obtain this information in real time.
What is left in documents left behind by the Marshals seems to indicate the Sarasota PD has at least one device of its own. A DEA communication with the agency says a task force would be using "SPD's equipment" and a "Pen Order" to cover up this deployment.
Also of note is the fact that the US Marshals service seems to enjoy using the Sarasota PD's personnel and equipment, but is a bit more reluctant to pay its tab.
This is part of an ongoing response to Waltman, so there will be more documents on the way. What's arrived so far shows the PD is actively engaged in hiding its Stingray usage from courts by generating a misleading paper trail filled with redundant pen register orders. What may never arrive, however, is the documents the Marshals removed from the PD's office shortly before ACLU reps were supposed to meet with the PD to discuss the release of this information.
In any event, there's still plenty of secrecy enshrouding law enforcement's use of "secret" technology that honestly isn't that much of a secret anymore.
Read More | 3 Comments | Leave a Comment..
Posted on Techdirt - 11 January 2017 @ 9:33am
A Texas cyberbullying law is running into unexpected opposition. The law [PDF], which would criminalize any "electronic harassment or bullying" of anyone under the age of 18, is intended to give schools more resources to deal with cyberbullying. Of course, the law would also extend schools' reach beyond the confines of the campus, allowing them to take control of off-campus behavior.
It's one thing if this was limited to disciplinary action by the school. It still would be an extension of government power, but at least the damage done would be limited to in-school punishments. (That's still a significant amount of damage, considering school disciplinary actions cover things like extended suspensions and expelling students -- neither of which do much to alter troubled students' futures in any positive way.)
Turning this into a criminal act means schools will become even more instrumental in routing students into juvenile detention centers and local jails. This is what has advocates for the health and safety of children concerned.
Will Francis, the government relations director for Texas’ National Association of Social Workers, doesn’t necessarily think schools should be working so closely with the police. Instead, he said, the bill should focus on improving mental health resources in schools to address bullying before it becomes criminal.
“My concern is that we’ll just be sticking more kids with felonies,” said Francis, who says he's been advising Menendez on the bill’s focus. “I worry we’ll see more schools in poorer, non-white areas using hard and fast punitive criminal justice as a solution.”
As schools have come to rely more and more on SROs (Student/School Resource Officers), the tendency has been to hand over almost every disciplinary matter to campus law enforcement officers. Routine student misconduct is being addressed with arrests, deployments of force, and prosecutors bringing criminal charges against students for behavior that previously would have resulted in detention, suspension, or a long conversation between administrators and the student's parents.
Right now, Texas schools are employing twice as many police officers as counselors, according to numbers obtained by the San Antonio Current. The disciplinary playing field is already slanted towards law enforcement. Turning bullying into criminal activity makes this ratio more harmful. If the state has a desire to produce better students, this law isn't going to help it achieve its goal. If it's more interested in creating a new (and profitable) set of criminals, this expansion of power will definitely help that dream come true.
It's not just the lack of resources for mental health issues that's a problem. It's also the overreach itself. As the EFF points out, giving schools jurisdiction over students' off-campus activities infringes on their Constitutional rights.
“We believe — and most courts agree — that schools are very limited when it comes to punishing off-campus student speech,” [EFF attorney David] Greene said. Student speech is still protected by free speech laws, regardless of how cruel and unusual it is — especially when they’re off-campus.
"There’s no rule in the First Amendment for speech that causes harm for a minor,” he said. “If they want to pass these protections, it will have to fit within current laws.”
While there is definitely much to be done to address student bullying -- and there's no denying this has become easier and more prevalent with the rise of multiple social media platforms -- the solutions lie in better resources for bullied students and those who engage in bullying. While the outcome of sustained bullying sometimes results in truly horrific tragedies (as is the case here), criminalizing this behavior will only result in a greater number of destroyed futures.
The law -- which is still in its proposal stage -- promises to do both: criminalize off-campus behavior and bring in more resources to help schools deal with bullying. But it gives school resource officers subpoena power to unmask anonymous social media users and, due to the criminalization of the act, encourages schools to rely more on law enforcement and less on counseling or diversion programs for perpetrators that may allow them to turn themselves around and contribute positively in their new environments.
18 Comments | Leave a Comment..
Posted on Techdirt - 11 January 2017 @ 3:26am
The joke about asset forfeiture is that it's actually not a joke. Advisors to law enforcement have actually said it's a great way for cops to go shopping for things they want. It's not just cash being taken, although it's primarily that. It's vehicles, too. And when that just doesn't seem to be enough, it's houses. And everything in them.
So, the "going shopping" joke is one very dark punchline. Here's another one: "take everything that isn't nailed down." Except that this actually happens. And it includes things that are nailed down. Reason's C.J. Ciaramella has more details.
In 2012, Rehfeldt says the Hind County Sheriff's Office raided his client's apartment on suspicion her boyfriend was a drug dealer. Anything purchased with drug proceeds is fair game to be seized by police under civil asset forfeiture laws, and they determined the boyfriend had furnished the apartment, so off went her TV, her table and chairs, her couch, her lamps, and even the pictures on the wall.
"Her case is the first in my 38 years of practicing law where they took the furniture," Rehfeldt says.
What's the proper response? Shock that this sort of thing actually happens? Or relief that law enforcement doesn't clean out a person's home every time they have a hunch something may have been purchased with the proceeds of criminal activity?
In this case, most of what was taken by the sheriff's office was eventually returned. Rehfeldt's clients is one of the lucky ones, able to navigate a legal pathway that's a greased downhill slope for law enforcement, but an expensive, uphill battle for those whose property has been seized.
His client got everything back. Well, not everything.
"It is, therefore, ordered and adjudged that one Visio television, one dining room table and chairs, pictures and lamps are to be returned to the plaintiff upon execution of this Order by this Court," the Feb. 10, 2015 order in the Hinds County Court reads. "Additionally, one white couch is hereby forfeited to the Hinds County Sheriff's Office."
For reasons unexplained, the sheriff's office was allowed to keep the couch. Perhaps deputies had grown attached to it after it was placed in the breakroom. Or maybe it was "disposed" prior to the forfeiture being finalized and there was simply no way to retrieve it. Or maybe it was just the state's skim -- the percentage taken off the top of every forfeiture, whether or not the seizure was legally-justified.
The skim is part of the problem. Mississippi's legislature is looking at overhauling the state's forfeiture laws and a Senate committee letter obtained by Reason confirms that law enforcement's tendency to charge fees or withhold some percentage of the property seized gives the program the appearance of impropriety.
Upon a cursory analysis of these orders, PEER staff notes that Agreed Orders tend to have the most potential for indicating possible abuse. This is because most Agreed Orders are entered into upon a settlement agreement in which the arresting authority receives some or all of the forfeited property as a condition subsequent to some sort of agreement made between the arresting party and the defendant.
As the arresting party often seizes a large amount of property or cash and many of these Agreed Orders stipulate that some or most of the said property or cash will be returned while some will be forfeited, a reasonable person might assume that the arresting party is using its authority to gain assets from an arrest by settling with the defendant.
If this is how it's routinely handled, it encourages law enforcement to take everything it can get its hands on, if for no other reason than it increase its chances of being able to retain some of it if the forfeiture is challenged. This settlement system perverts incentives, changing it from serving the general public through the targeted crippling of criminal organizations (however loosely-defined) to serving law enforcement agencies by allowing them to directly profit from the taking of citizens' property.
45 Comments | Leave a Comment..
Posted on Techdirt - 10 January 2017 @ 2:50pm
Twitter has cut off another social media "surveillance" company from using its API. To date, the platform has forced third-party Dataminr to cut off connections to the CIA, DHS/law enforcement "fusion centers," and Geofeedia. All of these denials of service were the result of the company's policy against use of its API for surveillance.
Very little of what was being done could truly be considered "surveillance," since Dataminr's access to basically every tweet produced did nothing but cull data from public accounts. What Twitter seemed to have more of a problem with was the marketing tactics of companies like Geofeedia, which insinuated their products were perfectly suited for keeping tabs on First Amendment-protected activity, like protests.
As for the CIA and DHS, Twitter apparently felt these government agencies were far more involved in surveillance than the FBI, which just signed a contract with Dataminr for access to its every-tweet-ever API.
The latest recipient of a Twitter disconnection is Canada-based Media Sonar. Again, the issue here appears to be the language used by the company to market its social media monitoring service.
Media Sonar touts its social media monitoring software and algorithms as ideal tools for police and corporations to aggregate and filter data to improve safety and protect corporate assets.
But a U.S.-based investigation turned up marketing language that ran afoul of Twitter's policies, which state that posts on the popular social network should not be mined for surveillance purposes.
Media Sonar's emails to past clients explicitly stated that the software, which allows officers to comb through publicly available posts on the likes of Twitter and Instagram, could help police search for "criminal activity" and "avoid the warrant process" when flagging people who have come under scrutiny.
I'm sure Media Sonar never expected the contents of these marketing emails to be made public, but that's a risk you take every time you send something out inviting law enforcement to use your product to avoid complying with Canadians' rights. Of course, most of what's viewed by law enforcement with tools like these wouldn't require a warrant to obtain.
The move by Twitter may be seen as noble, but it does very little to curb government agencies' monitoring of publicly-available posts. If Twitter users want to remain off the government's radar, it's on them to take more control of the visibility of their tweets. For most users, this isn't a concern and while some may express dismay at law enforcement's use of their posts against them, there's nothing about this outcome that isn't preventable, even without Twitter's periodic announcements that it's cutting another third party off.
The problem isn't with the use of the API so much as it is the interpretation of obtained data. While hashtags may make it easy to track protests and other activity deeply tied to social media interaction, more nebulous data may show correlations that aren't actually there. Overreliance on monitoring tools could result in a lot of false positives, as Canadian Internet Policy staff lawyer Tamir Israel points out.
Israel said most social media monitoring companies rely on algorithms to parse the vast amount of data and pull out meaningful information for clients. Those algorithms, he cautioned, can be misleading.
Israel said they often analyze posts out of context and are unable to account for slang, cultural norms or other factors that give a post meaning.
He cited a recent example of a British tourist who tweeted about his intention to "destroy the United States" on an upcoming trip. His post raised alarm bells with U.S. security, but the tourist had been trying to express his plans to party while abroad using common British slang.
In addition to these concerns are privacy protections granted by Canadian law, which actually gives publicly-available social media posts more protection than those made by US citizens.
[Citizen Lab's Chris Parsons] said law enforcement and federal agencies must demonstrate a need for mining online data, adding that they cannot look through material indiscriminately.
"Just because I say something on Twitter doesn't mean the RCMP can hoover it up," he said. "There has to be a reason, and they have to be able to articulate it."
This may be why the company stealthily sold its product on its warrant-dodging merits. Allowing a third-party to sort and shape the data may allow Canadian law enforcement agencies to wash their hands of any "indiscriminate" hoovering/searching accusations. In any event, Media Sonar's product has suddenly become a lot less useful, and that's going to keep it from being a heavy hitter in the social media monitoring field.
5 Comments | Leave a Comment..
More posts from Capitalist Lion Tamer >>