Techdirt is off for Memorial Day. We'll be back with regularly scheduled posting tomorrow!Hide

Capitalist Lion Tamer’s Techdirt Profile


About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]

[recently retired]

[various side projects]

Posted on Techdirt - 22 May 2015 @ 7:39pm

Paper Says Public Doesn't Know How To Keep Score In Privacy Discussion While Glossing Over Government Surveillance

from the noting-the-obvious-while-ignoring-the-elephant-bugging-the-room dept

Lawfare -- a blog primarily devoted defending the practices of spy agencies -- has released a paper authored by Benjamin Wittes and Jodie Liu that theorizes that the public's concern over privacy encroachments are -- if not overblown -- then failing to properly factor in the privacy "gains" they've obtained over the past several years.

The theory is solid, but the paper fails to differentiate between what sort of privacy losses people find acceptable and which ones they don't -- mainly by leaving privacy invasions by government entities almost completely undiscussed. It opens by quoting a scene from an old Woody Allen film in which the protagonist attempts to "hide" his purchase of porn at a magazine stand by purchasing several unrelated (and presumably uninteresting) magazines at the same time. This leads to the conclusion that people's ability to enjoy porn in private has risen with the advent of the internet, while simultaneously opening them up to data harvesters and internet companies less interested in personal privacy than selling users to advertisers.

True enough, but there's a big difference between exposing that information to the Googles of the world, rather than the surveillance agencies of the world. On one hand, Google and its competitors provide something in exchange for the privacy loss -- tailored ads, relevant search results, email, document creation platforms, etc. And there are still those -- a steadily-growing minority -- that realize Google's privacy invasions are often inseparable from the government's privacy invasions (via court orders, subpoenas and NSLs) and work hard to keep their personal information away from both. What the government offers in exchange for access to much of the same info is intangible: "security." While one might recognize the value of the first exchange, it's harder to sell the latter tradeoff, especially since intelligence agencies are much, much better at scooping up information than they are at disseminating it.

A huge amount of technological development follows this basic pattern. Google and Microsoft and Yahoo! enable you to search for information privately—with data collection by the companies and possible retrieval by other actors as a consequence. Amazon lets you buy all sorts of products with nobody the wiser—but with your purchase history stored and mined for patterns.

Your smartphone lets you put all this capability in your pocket and take it with you— and thus also lets you use it more and record your location along the way. That information too is then subject to retrieval. Facebook allows you to identify discrete groups of people with whom you want to share material—yet it stores your actions for processing and retrieval as you go. In our mental tabulation of gain and loss, we tend to count only one side of the ledger, pocketing what we have won as though it were of no privacy value while bemoaning what we have given up.

Even more mischievously, when we do acknowledge the gains, we tend to redefine them as gains in something other than privacy. We define them, most commonly, as mere convenience or efficiency gains—a dismissive description that implies we have won something inconsequential or time-saving while giving up something profound. But the construction leaves us with a distorted and altogether-too-bleak outlook on technology’s impact on our lives. Yes, technology involves gains in convenience and efficiency, but those are not the only gains.

To reiterate, we do not argue here that technology is necessarily privacy-enhancing in the aggregate, or that technology does not erode privacy. Rather, our general point is that the interaction between technology and privacy is less clear-cut than the debate commonly acknowledges, that we don’t keep score well, and that the actual privacy scorecard is a murky one.
The paper does make the solid argument that technology has resulted in greater individual privacy -- provided it's measured on the scale the paper's authors present. In one example, the authors point to a teen's desire to discuss a sexual or health issue as being more "private" because of access to medical websites and forums where information can be obtained with relative anonymity -- something a doctor's office can't completely provide.

But medical records are private information, governed by a specific set of laws. If anything, the online search is less private because these websites are not subject to patient privacy laws. Someone inquiring about a teen's visit to a health clinic would be frozen out, but any number of entities can access web-related information without facing similar statutory roadblocks.

While there are some good points made, the paper is undermined by the authors' insistence that Americans just don't know how to properly balance their privacy concerns. The implication -- given author Benjamin Wittes' frequent defense of government surveillance -- is that if the public can't weigh privacy gains and losses correctly in the context of private corporations, it certainly can't be expected to make informed decisions when it comes to government surveillance. And it's true that most citizens aren't likely to rigorously examine their fears of privacy erosion.

The paper does very little to compare privacy "violations" by internet entities to government surveillance programs, choosing instead to focus almost entirely on the tradeoffs made by people who hand over a certain amount of personal info for the privilege of watching porn or googling STD symptoms without having to involve another living, breathing person. It's presented as being in favor of a "more rigorous balance sheet" when it comes to personal privacy, but then fails to closely examine government surveillance concerns. There's another tradeoff being performed here -- without the input of those surveilled and who receive almost nothing tangible in exchange for the privacy erosion. Because of this, there's little comparison between the Googles and the NSAs of the world.

You don't hand a government the tools of totalitarianism and a long leash and simply assume it will end well. Google, et al may be similarly close-fisted when it comes to producing specifics on the use of personal data, but they also don't bear the same obligation to the American public that the US government does. Even if Google is more intrusive than the NSA, it still is only one of many platform providers and there are options (admittedly not many and not easily achieved) for avoiding its data-gathering efforts. The government provides no such options, other than forgoing the use of phones, the internet, etc.

I think the paper does add to the discussion of privacy gains and losses, but the authors' unwillingness to honestly approach government surveillance efforts in the same context blunts its impact. It quotes privacy advocates like the ACLU and EFF on the subject of data harvesting by private companies, but doesn't address the similar concerns they've raised about the erosion of privacy by government actions.

There's an attempt being made here to paint the government as no worse (and possibly even better) than private companies' data harvesting efforts, albeit by way of omission rather than by comparison. It's disingenuous to depict the public as ignorant of their privacy "gains" against the domestic surveillance backdrop, while omitting any mention of similar privacy erosions at the hand government intelligence agencies. Wittes opens his post on the paper by claiming American and European privacy debates "keep score very badly" and then points to a paper that leaves key parties in the privacy debate almost wholly unmentioned. I'm all for an open discussion about privacy gains and losses, but a paper that focuses solely on interactions with private companies -- while claiming the public can't keep score -- isn't much of an addition to the debate.

Read More | 22 Comments | Leave a Comment..

Posted on Techdirt - 22 May 2015 @ 10:41am

Once Again, Just Because Someone Used For Trafficking, Doesn't Mean Backpage Is Liable

from the the-sort-of-'win'-no-one-feels-great-about dept

The criminal activity alleged may be horrific, but that's a non-factor when it comes to the consideration of protections afforded to website owners who host third-party content. The ongoing lawsuit against, filed by victims of sex trafficking (who were minors at the time), has reached an end. (Until appealed, of course.)

The arguments deployed by the plaintiffs were nothing new. In numerous cases, ranging from defamation claims to alleged prostitution of minors, plaintiffs have made similar arguments. The theory -- unsupported by law or common sense -- that website owners should be held legally responsible for the postings of others isn't novel. But it has yet to find a court willing to advance the theory. Why? Because doing so would result in the following sort of ridiculousness, which, while ridiculous, would chill free speech and cause many website owners to get out of the website-owning business.

In their lawsuit against, the plaintiffs—three women who were forced into selling sex as teenage runaways—argued similarly, saying that because their trafficker found clients on Backpage, the website was responsible for their exploitation. But by this logic, Facebook is guilty whenever anyone posts a threat there, Craigslist is culpable should a landlord want "females only," and Reason is guilty should any of you folks broker a drug deal in the comments. Thankfully, section 230 of the Communications Decency Act, passed in 1996, established that the Internet doesn't work this way.
A federal district court in Massachussetts addresses the multiple allegations by the plaintiffs in their argument seeking to find responsible for the postings of others, and finds that even in the totality, it fails to rise to the level needed to strip the site of its Section 230 protections.
Singly or in the aggregate, the allegedly sordid practices of Backpage identified by amici amount to neither affirmative participation in an illegal venture nor active web content creation. Nothing in the escorts section of Backpage requires users to offer or search for commercial sex with children. The existence of an escorts section in a classified ad service, whatever its social merits, is not illegal. The creation of sponsored ads with excerpts taken from the original posts reflects the illegality (or legality) of the original posts and nothing more. Similarly, the automatic generation of navigational path names that identify the ads as falling within the “escorts” category is not content creation. The stripping of metadata from photographs is a standard practice among Internet service providers. Hosting anonymous users and accepting payments from anonymous sources in Bitcoins, peppercorns, or whatever, might have been made illegal by Congress, but it was not. Backpage’s passivity and imperfect filtering system may be appropriate targets for criticism, but they do not transform Backpage into an information content provider.
Summing it up -- after dismissing all claims -- the court notes that the sexual trafficking of children is abhorrent, but that Section 230 protections aren't a sliding scale to be applied with varying amounts of force depending on the severity of the alleged actions.
To avoid any misunderstanding, let me make it clear that the court is not unsympathetic to the tragic plight described by Jane Doe No. 1, Jane Doe No. 2, and Jane Doe No. 3. Nor does it regard the sexual trafficking of children as anything other than an abhorrent evil. Finally, the court is not naïve – I am fully aware that sex traffickers and other purveyors of illegal wares ranging from drugs to pornography exploit the vulnerabilities of the Internet as a marketing tool. Whether one agrees with its stated policy or not (a policy driven not simply by economic concerns, but also by technological and constitutional considerations), Congress has made the determination that the balance between suppression of trafficking and freedom of expression should be struck in favor of the latter in so far as the Internet is concerned. Putting aside the moral judgment that one might pass on Backpage’s business practices, this court has no choice but to adhere to the law that Congress has seen fit to enact.
This is buttressed by a quote from another decision, quoted earlier in the discussion of the plaintiffs' claims -- one that deals specifically with another abhorrent criminal act.
Child pornography obviously is intolerable, but civil immunity for interactive service providers does not constitute “tolerance” of child pornography any more than civil immunity from the numerous other forms of harmful content that third parties may create constitutes approval of that content. Section 230 does not limit anyone’s ability to bring criminal or civil actions against the actual wrongdoers, the individuals who actually create and consume the child pornography. Here, both the neighbor [who created the child pornography] and the moderator of the Candyman web site have been prosecuted and are serving sentences in federal prison. Further, the section 230(e)(1) exemption permits law enforcement authorities to bring criminal charges against even interactive service providers in the event that they themselves actually violate federal criminal laws.
In essence, just because it's easier to pursue site owners than criminals, and that any recovery of damages may seem more likely, doesn't make it the correct path for retribution. Those who trafficked these plaintiffs are the wrongdoers, not the site that hosted these criminals' ads.

Read More | 11 Comments | Leave a Comment..

Posted on Techdirt - 21 May 2015 @ 3:49pm

Man Who Deactivated Facebook Account To Dodge Discovery Request Smacked Around By Disgruntled Court

from the I-fought-the-law,-but-swung-and-missed-badly,-and-it-was-over-before-it-began dept

Social media. So popular. And so very, very incriminating. The less-than-illustrious history of many a criminal who felt obliged to generate inculpatory evidence via social media postings has been well-detailed here. But what if you want to hide your indiscretions and malfeasance? If you've posted something on any major social network, chances are it will be found and used against you.

On May 19, 2014, Brannon Crowe sued his employer, Marquette Transportation. Crowe claimed that, in April 2014, he had an accident at work that “resulted in serious painful injuries to his knee and other parts of his body.” Crowe sued for pain and suffering, medical expenses, lost wages, past and future disability, and other special damages.

But Crowe may have unwittingly shot himself in the foot (or maybe the knee). The reason? Facebook.
Around the time Crowe suffered his injuries, he sent a Facebook message to a friend saying that he had actually hurt himself while on a fishing trip. How Marquette Transportation got its hands on the message is unclear.

Nonetheless, the message led Marquette Transportation to seek other Facebook information from Crowe in discovery. On October 17, 2014, Marquette Transportation specifically requested “the Facebook history of any account(s) that [Crowe] had or has for the period commencing two (2) weeks prior to the incident in question to the present date.”
Crowe presented a variety of novel defenses in hopes of escaping Marquette Transporation's examination of his Facebook account -- one of which was that he had no Facebook account.
Plaintiff objects to this Request as vague, over broad and unduly burdensome. Plaintiff further objects to the extent this Request seeks information that is irrelevant and not reasonably calculated to lead to the discovery of admissible evidence. Notwithstanding said objections and in the spirit of cooperation, plaintiff does not presently have a Facebook account.
Note the qualifier "presently."
Crowe later testified in his deposition that he stopped having a Facebook account “around October” of 2014.
Oddly coincidental.
Marquette served its written discovery upon Crowe’s counsel on October 17, 2014. (Rec. doc. 16-1 at p. 1). Crowe’s Facebook records from the “Brannon CroWe” account indicate that account was deactivated on October 21, 2014. Counsel for Marquette is entitled to explore the timing of this deactivation.
"Stopped having" actually meant "deactivated his account." Crowe didn't go so far as to delete the account, which might have made the damning post a bit more difficult to recover. But he wanted to keep his account alive for use at a later date. This didn't escape the court's notice.
The same Facebook records indicate that the account was accessed routinely by an iPhone with an IP address of beginning well before the alleged accident up to and including on the date of deactivation. On January 7, 2015, the account was reactivated by the same iPhone with the same IP address. Counsel for Marquette is entitled to explore these matters, particularly given the current dispute over the status of Crowe’s iPhone service and whether he was able to and did send “text messages” to others at points in time when he claimed to be unable to do so.
Crowe's shovel-wielding skills far outpace his ability to hide incriminating information. But as is the case with shovel wielders, even the most efficient can do little more than dig holes of increasing depth. When this foolproof plan to thwart Marquette Transportation's discovery request failed, Crowe deployed Plans B, C and D, with similar results.
Similarly, counsel for Marquette is entitled to analyze the thousands of pages of Facebook messages Crowe exchanged with others, including his co-worker, Robert Falslev, particularly given his testimony that his account: (1) did not use a capital “W” in its name, (2) that it was hacked, and (3) that he did not send one particular Facebook message to Falslev stating he was injured fishing, rather than on the Marquette vessel.
Crowe's counsel, now presumably righteously pissed, produced the records sought by Marquette -- in bulk.
Pursuant to the Court’s Order quoted above, Crowe, through counsel, has now submitted to the Court for in camera review an astonishing 4,000-plus pages of Facebook history from the account “Brannon CroWe.” While the Court has made a preliminary review of certain of these materials, it is not about to waste its time reviewing 4,000 pages of documents in camera when it is patently clear from even a cursory review that this information should have been produced as part of Crowe’s original response. This production makes it plain that Crowe’s testimony, at least in part, was inaccurate. That alone makes this information discoverable.
The court may not be interested in looking through Crowe's obviously very active (before it suddenly, suspiciously wasn't) Facebook account, but I would imagine Marquette's lawyers will find the time to do so. But even in Crowe's self-inflicted dark cloud, there's a silver lining -- albeit one brought about by his desire to save his (supposedly hacked-with-a-capital-W) Facebook account, rather than see it (and the incriminating post) vanish into the ether.
Crowe may have inadvertently saved himself at least some trouble with the Court by deactivating his account rather than deleting it. This duty to preserve evidence in litigation extends to social media information and is triggered when a party reasonably foresees that evidence may be relevant to issues in litigation. As soon as he placed the source of his injuries at issue, Crowe triggered the duty to preserve. Deleting relevant social media data can result in sanctions against the deleting party because the information is not recoverable, which implicates spoliation of evidence issues. In contrast, Crowe’s Facebook data was still accessible upon a simple re-login.
The court won't offer Crowe much sympathy in the future, but it's not likely to pursue sanctions. That's about all there is in terms of good news. The effort made to hide the evidence doesn't make Crowe look any less guilty. Social media platforms are bad places to do bad things. Even swift deletions can be recovered with timely court orders and an internet's worth of cached pages and third-party content aggregators often assures that deleted postings will live on in one form or another.

Read More | 5 Comments | Leave a Comment..

Posted on Techdirt - 21 May 2015 @ 2:51pm

Court Reminds Police That Refusing A Search Isn't Inherently Suspicious Behavior

from the only-criminals-exercise-their-rights? dept

It really shouldn't take a judge's order to make this clear to law enforcement officers: a citizen invoking their rights isn't doing anything illegal, suspicious or otherwise signalling an involvement in criminal activity. These are simply their rights and they can choose to assert (or waive) them as they see fit.

But that's what it takes, because almost anything that isn't an immediate capitulation to a law enforcement officer's demands is often met with dubious actions, arrests and deployment of force.

Deborah Barker was arrested for methamphetamine possession after an Oregon police officer performed a warrantless search of the contents of her purse. Her motion to suppress was denied by a lower court, but the state appeals court found otherwise.

From the ruling:

Defendant was a passenger in a truck driven by her husband, which was stopped by Oregon State Police Trooper Ratliff on suspicion of driving while intoxicated. Ratliff noticed that defendant’s husband was “overly nervous” and that there was a bottle of alcohol on the seat, as well as many knives, lighters, and trash in the truck.
We'll stop right here and discuss a couple of things.

First, officers regularly declare people they stop to be "nervous" and use that as the "reasonable suspicion" they need to prolong the stop and start fishing for criminal charges. This is obviously a very handy "tool," because almost every citizen is more nervous than usual when speaking to people who are not only armed, but possess incredible amounts of power.

Judges, fortunately, are pushing back on this assertion more frequently. Just recently, the Tenth Circuit Court pointed out that "nervousness" does not equal reasonable suspicion, although the totality of other elements (rented car in another's name, inconsistent travel plans) certainly did. Another told the DEA that nervousness -- even when combined with three cellphones and a past criminal history -- did not automatically rise to the level of reasonable suspicion. But it still must work often enough, because "nervousness = reasonable suspicion" doesn't seem to be going away.

Second, the condition of the vehicle's interior is also cited as "reasonable suspicion" -- namely that it had trash and lighters in it. Paradoxically, law enforcement almost simultaneously claims that the absence of drug paraphernalia/trash is inherently suspicious. Here it is arguing that a clean car is a drug trafficker's car in a Seventh Circuit Court decision from earlier this month:
A ten-minute search turned up nothing, save for two cell phones. The interior of the car was “spotless” and had no other personal effects, which the officers believed was suggestive of the car being a “trap car” used for drug trafficking.
You can't win. But you can try to even the odds.
Defendant was wearing a dress, and Ratliff did not believe she had any weapons in her pockets. Ratliff asked defendant if she had any weapons in her purse, and defendant replied, “I don’t want you to search my purse.”
The officer asked her to place the purse on the hood of the vehicle for "safety" reasons. (Not completely unreasonable, considering Barker hadn't answered one way or the other on the question about whether the purse held a weapon.) It fell open a little, exposing a small, gray scale. This led to the assumption of the probable cause needed to effect an arrest of Barker, combined with Barker's appearance ("leathery") and "drug history."

All well and good, but the officer then decided to search the purse without a warrant, ultimately discovering a small amount of meth hidden in a wallet. And that's where it ran into problems. First, Officer Ratliff made this assertion, which basically states that "innocent" people don't force cops to respect their rights.
Ratliff went on to note that the “innocent motoring public doesn’t generally have those indicators. They don’t get out of the vehicle and tuck their purse tightly with them and immediately refuse search.”
The lower court bought Ratliff's arguments and refused to suppress the fruits of the warrantless search. The appeals court, however, looked at each element the state claimed added up to permission to warrantlessly search Barker's purse and found them all wanting -- those being Barker's history of drug use, the vehicle's appearance, Barker's appearance ("leathery," clenched teeth), dilated pupils, in possession of a small scale and refusing to allow an officer to search her purse.
As we have previously held, the mere fact that a defendant has a history of drug use does not provide an officer with reasonable suspicion to stop a defendant, let alone probable cause to search or arrest.


For similar reasons, defendant’s inability to remain still and dilated pupils also contribute little to establishing probable cause.


[T]he record in this case lacks evidence to support an objectively reasonable inference that, even if the scale was used in connection with controlled substances, it was more likely than not that defendant was in current possession of controlled substances, as residue on the scale or otherwise.
Finally, it addresses the claim that Barker's control of her purse was yet another factor contributing to her apparent guilt.
The state argues that “[t]he strongest indicator that defendant was in possession of drugs was her conduct towards her purse.”
But that's completely wrong, according to the court. It's not a "strong indicator." It's an assertion of rights.
When an individual seeks to protect an item and openly asserts his or her privacy rights, that behavior and assertion is neither innately shifty nor sinister—rather, it is constitutionally protected. And, “[a]llowing the police to conduct a search on the basis of the assertion of a privacy right would render the so-called right nugatory.” State v. Brown, 110…
Although furtive behavior may contribute to probable cause, asserting a constitutionally protected privacy right cannot. Defendant’s protective behavior to safeguard the privacy of her purse and her statement that she did not want it searched are not properly considered as part of the totality of the circumstances and may not contribute to probable cause.
In short (and as summed up in a footnote), police cannot use someone's constitutionally-protected right to refuse a search as probable cause to justify a search. The ruling is reversed and remanded and the police are now in the same position they were before they performed the warrantless search: looking at someone they want to arrest but without the probable cause to do so. And now it's so much worse because the officer knows Barker was in possession of a controlled substance but can't do anything about it. With the evidence suppressed, the single possession charge resulting from this arrest no longer exists.

These rights weren't granted to citizens just so the government could use any exercise of them against those availing themselves of these protections. They were supposed to safeguard citizens against governmental overreach and abuse of its powers, but default mode seems to be that only the guilty assert their rights. This mindset is so perverse -- and so pervasive -- that it has to be beaten back one court decision at a time. Law enforcement officers treat assertions of rights as, at best, an annoyance and at worst, tacit admissions of guilt. To operate under such a twisted interpretation displays an almost incomprehensible level of privilege -- where government agents are owed whatever they request and any failure to cooperate is treated with suspicion.

Read More | 44 Comments | Leave a Comment..

Posted on Techdirt - 21 May 2015 @ 1:42pm

Report: FBI's PATRIOT Act Snooping Goes Beyond Business Records, Subject To Few Restrictions

from the 'just-metadata'-means-whatever-the-FBI-can-obtain dept

A report by the FBI's Office of the Inspector General (OIG) on the agency's use of Section 215 collections has just been released in what can only be termed as "fortuitous" (or "suspicious") timing. Section 215 is dying. It was up for reauthorization on June 1st, but the Obama administration suddenly pushed that deadline up to the end of this week. Sen. Mitch McConnell took a stab at a clean reauth, but had his attempt scuttled by a court ruling finding the program unauthorized by existing law and the forward momentum of the revamped USA Freedom Act. And, as Section 215's death clock ticked away, Rand Paul and Ron Wyden engaged in a filibuster to block any last-second attempts to ram a clean reauthorization through Congress.

The report focuses mainly on the FBI's 2007-2009 use of the program in response to previous OIG recommendations and alterations ordered by the FISA court. As is to be expected in anything tangentially-related to the NSA, it's full of redactions, especially in areas where a little transparency would go a long way towards justifying the FBI's belief that the program should continue in a mostly-unaltered state.

Redactions like this do absolutely nothing to assure the public that the program is useful and/or considerate of citzens' rights.

Areas dedicated to discussing controls of the obtained data are similarly obscured. Whatever policies the FBI adopted in terms of minimization, dissemination and oversight at the recommendation of the OIG are covered in black ink.

What information does actually make its way past the redactions shows that what's collected (and turned over to the FBI) goes far beyond the "just" telephone metadata often claimed to be the primary target of the program's collections.

Far from being just business records -- something the public supposedly has no 4th Amendment-related privacy interest in -- the Section 215 program also allows the FBI to obtain "non-public" records and data.
In the 2008 report, we recommended that the Department implement minimization procedures for the handling of nonpublicly available information concerning U.S. persons in response to Section 215 orders…
More sentences scattered throughout the report hint at expansive collections going far beyond the business records covered by the Third Party Doctrine. As noted in the report, reauthorizations of the Patriot Act expanded the program's reach far beyond what was allowed in its earliest iterations -- from business records from certain approved sources to "any tangible thing." This, combined with a continually-lowered threshold for "relevance" has resulted in the following:
We found that [redacted] of [redacted] applications submitted to the FISA Court on behalf of the FBI requested materials related to Internet activity. [p. 7]

Materials produced in response to Section 215 orders now ranges from hard copy reproductions of business ledgers and receipts to gigabytes of metadata and other electronic information. [p. 8]

We reviewed [redacted] related Section 215 applications that requested subscriber and transactional information for [redacted] e-mail accounts from U.S. providers. [p. 40]
The report also notes that minimization procedures do not apply to "publicly-available information," possibly indicating that the FBI's interpretation of the Third Party Doctrine allows it to retain and search non-relevant information on US persons, as well as disseminate it freely without fear of breaching its internal policies. The FBI's "Final Procedures" -- adopted in the wake of the FISA court's smackdown of the NSA, as well as on the recommendation of the OIG -- only applies to "nonpublicly available information."

The OIG also cautions that technological advances have blurred the line between communications and metadata and warns the FBI that vigilance will be needed to keep the two separate. This statement points to the eventual development of further minimization procedures, but if it's anything like the last set of OIG recommendations, it will be years before the FBI gets around to putting anything in motion.
We found the Supplemental Orders significant because the practice began almost 3 years after the Department was required by the Reauthorization Act to adopt specific minimization procedures for material produced in response to Section 215 orders, and over a year after we found that the Interim Procedures implemented by the Department in September 2006 failed to meet the requirements of the Reauthorization Act. The Department and FBI ultimately produced final minimization procedures specifically designed for Section 215 materials in 2013. The Attorney General adopted the FBI Standard Minimization Procedures for Tangible Things Obtained Pursuant to Title of the Foreign Intelligence Surveillance Act on March 7, 2013 (Final Procedures), and in August 2013 the Department began to file Section 215 applications with the FISA Court which stated that the FBI would apply the Final Procedures to the Section 215 productions.

Given the significance of minimization procedures in the Reauthorization Act, we do not believe it should have taken 7 years for the Department to develop minimization procedures or 5 years to address the OIG recommendation that the Department comply with the statutory requirement to develop specific minimization procedures designed for business records
The report also contained details on numerous instances of potential abuse of the Section 215 collections. Most of these discussions are redacted, but one reveals enough information to indicate the FISA Court was used to obtain information pertaining solely to a US person, as well as other intriguing (but mostly censored) incidents where FBI agents apparently felt FISA Court orders were more useful and expeditious than National Security Letters -- something of an anomaly for an agency that has so thoroughly abused its administrative privileges.

What is clear from these heavily-redacted recountings is that the FBI uses court orders designed for foreign intelligence gathering for domestic investigations, as well as to aid the agency in its cyberwar efforts.

The report also takes note of the severe restrictions imposed by the FISA court in 2008 after uncovering widespread abuse of the metadata collections by the NSA. It points out that several of these restrictions were lifted after an end-to-end review showed no instances of abuse by the agency during the period examined. In addition to confirming that the NSA collects from providers (plural) -- despite the government's arguments to the contrary when disputing plaintiffs' standing in Section 215-related lawsuits -- the report also points to the FBI and NSA obtaining records they shouldn't have had access to by an overly-helpful telco.
[N]SD reported to the FISA Court in March 2011 that in December 2010 and January 2011 NSA technical personnel discovered that the telephony metadata produced by a telecommunications provider included [redacted]. NSA contacted the carrier and was informed that a software change made in October 2010 resulted in this occurrence. According to the NSD's compliance notice filed with the Court, beginning on or about January 14, 2011, the telephony metadata did not include [redacted]. The NSA subsequently provide updates to the FISA Court describing the methods taken to purge the [redacted] from its databases.
And, as is the case with nearly every FBI document release, there's some over-redaction that serves no purpose other than to make the agency look foolish.
In June 2013, former NSA contract employee Edward Snowden caused to be publicly released documents relating to the bulk collection of telephony metadata and the Office of the Director of National Intelligence has since declassified aspects of this program. We have included a description of the NSA program, [redacted] in the body of this report.

The Department relied on [redacted] to obtain FISA Court orders [redacted].
So much for the transparency push. Despite leaks and declassification in response, the FBI withholds information already in the public domain.

Additionally, the document could have shed some light on the FBI's current Section 215 activities, but instead the agency has chosen to hide every last bit of discussion on its ongoing efforts. [pp. 68-72]

FBI head James Comey continues to insist there needs to be a discussion about the respective weighting of security and privacy, but heavily-redacted documents like these do not add to that discussion. How is the public supposed to weigh these two factors if it can't access the FBI's arguments in favor of Section 215's continued existence? The only purpose this document serves is to give legislative true believers something to wave around as they defend the Patriot Act's perpetual, unaltered renewal.

Read More | 16 Comments | Leave a Comment..

Posted on Techdirt - 21 May 2015 @ 10:42am

New Leak Shows NSA's Plans To Hijack App Store Traffic To Implant Malware And Spyware

from the a-spy-in-the-house-of-apps dept

Proving there's nowhere spy agencies won't go to achieve their aims, a new Snowden leak published jointly by The Intercept and Canada's CBC News shows the NSA, GCHQ and other Five Eyes allies looking for ways to insert themselves between Google's app store and end users' phones.

The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals…

The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google.

Branded "IRRITANT HORN" by the NSA's all-caps random-name-generator, the pilot program looked to perform man-in-the-middle attacks on app store downloads in order to attach malware/spyware payloads -- the same malicious implants detailed in an earlier Snowden leak.

While the document doesn't go into too much detail about the pilot program's successes, it does highlight several vulnerabilities it uncovered in UC Browser, a popular Android internet browser used across much of Asia. Citizen Lab performed an extensive examination of the browser for CBC News, finding a wealth of exploitable data leaks. [PDF link for full Citizen Lab report]

In addition to discovering that phone ID info, along with geolocation data and search queries, was being sent without encryption, the researchers also found that clearing the app cache failed to remove DNS information -- which could allow others to reconstruct internet activity. Citizen Lab has informed the makers of UC Browser of its many vulnerabilities, something the Five Eyes intelligence agencies obviously had no interest in doing.

But IRRITANT HORN went beyond simply delivering malicious implants to unsuspecting users. The Five Eyes agencies also explored the idea of using compromised communication lines to deliver disinformation and counter-propaganda.
[The agencies] were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations that are used to spread propaganda or confuse adversaries. Moreover, the agencies wanted to gain access to companies’ app store servers so they could secretly use them for “harvesting” information about phone users.
As is the case with each new leak, the involved agencies have either declined to comment or have offered the standard defensive talking points about "legal framework" and "oversight," but it's hard to believe any legal mandate or oversight directly OK'ed plans to hijack private companies' servers for the purpose of spreading malware and disinformation. And, as is the case with many other spy programs, IRRITANT HORN involves a lot of data unrelated to these agencies' directives being captured and sifted through in order to find suitable targets for backdoors and implants.

Read More | 29 Comments | Leave a Comment..

Posted on Techdirt - 21 May 2015 @ 9:39am

Judge Tells FBI It Doesn't Have A 'Two-Minute Rule' That Allows It To Listen In On Personal Phone Calls

from the first-two-minutes-of-privacy-violations-free-w/purchase-of-full-investigation! dept

Something the FBI has long considered to be part of its wiretapping efforts has been rejected by the Second Circuit Court of Appeals. Much like many people believe a 30-second-or-less clip from a movie, TV show or song entitles them to claim fair use, the FBI believes that a two-minute or less phone conversation can be listened to in its entirety even if it has nothing to do with the investigation at hand.

The U.S. Court of Appeals for the Second Circuit declined to adopt a rule that agents get a "two-minute presumption" on the reasonableness of wiretapping calls that are personal in nature.

The circuit did so while dismissing a civil suit brought against FBI agents by a woman who claimed her privacy was violated when agents taped intimate phone calls between herself and her husband during a criminal investigation.

The circuit said the woman, Arlene Villamia Drimal, will be allowed to file a new complaint against the agents.

Drimal is the wife of convicted insider trader Craig Drimal. She sued 16 FBI agents for conversations they overheard in 2007 and 2008 while executing a wiretap secured under Title III of the Omnibus Crime Control and Safe Streets Act of 1968, §§2510-2522.
This doesn't necessarily "put to death" the two-minute window on personal calls FBI agents grant themselves, contrary to Drimal's lawyer's claims. The ruling is very specifically narrowed to cover only the FBI agents' actions in this case. The 16 agents listed in Drimal's lawsuit moved for dismissal, citing qualified immunity and pointing to a previous decision which allowed the FBI approximately two minutes to ascertain a call's purpose and relevance.
They cited the Second Circuit case of United States v. Bynum, 485 F.2d 490 (2d Cir. 1973), where the court held a wiretap that monitored 2,058 in a large narcotics case did not violate Title III minimization requirement.

The Bynum court excluded calls under two minutes from its evaluation of the wiretap because "in a case of such wide-ranging criminal activity as this, it would be too brief a period for an eavesdropper even with experience to identify the caller and characterize the conversations as merely social or possibly tainted."
The FBI has an indeterminate amount of time to discern the intent and content of wiretapped calls, with an obligation to disconnect as soon as it's surmised the phone call has no investigatory relevance. This still remains in force, even with this rejection of its "two minute" argument. Without a doubt, this allowance has been abused to listen in on phone calls of a personal nature, but its intent is to minimize privacy violations while still allowing agents to collect evidence. What distinguishes this case from others is that the FBI agents were caught not "minimizing" wiretapped calls in violation of the court order authorizing the wiretap. This abusive behavior was called out by the presiding judge.
This case does not present the same circumstances as Bynum. Many of the violations here took place in the early stages of the wiretap when defendants were less familiar with the case and with Mrs. Drimal’s lack of involvement in it, but the agents should have realized reasonably early in the wiretap that these husband and wife conversations were not relevant to the investigation. As Judge Sullivan noted in Goffer, Mr. and Mrs. Drimal occasionally discussed “deeply personal and intimate” issues, 756 F. Supp. 2d at 594, and “in each of these calls it should have been apparent within seconds that the conversation was privileged and non‐pertinent,” id. at 595.

As a result, the reasoning from Bynum that it would be too difficult to minimize calls under two minutes is not applicable here where agents could determine in seconds that the calls between husband and wife were entirely personal in nature. The two‐minute presumption we applied in Bynum thus does not automatically shield defendants against the failures to minimize calls under two minutes that the putative amended complaint is likely to allege.
On one hand, the ruling undercuts the FBI's assumption that all calls under two minutes in length can be listened to in their entirety, no matter their relevance to ongoing investigations. On the other hand, the ruling cannot be applied broadly to other FBI wiretapping efforts. Civil suits brought over alleged privacy violations aren't going to be any easier to pursue as the "window" for FBI eavesdropping is still wide open, what with the Bynum ruling only applying to the specific facts of that case, rather than FBI wiretapping in general.

Drimal's case was aided by a couple of unlikely incidents, one of which was two agents' open admissions that they had listened to privileged phone calls. The other factor weighing into this decision was the very specific instructions the agents received, not only from the court issuing the wiretap order, but also from the US State's Attorney. Without these two elements, the FBI would likely have been found to be acting lawfully within the confines of its wiretap policies and applicable court orders.

Read More | 16 Comments | Leave a Comment..

Posted on Techdirt - 21 May 2015 @ 4:02am

Court Follows Shutdown Of Jason Leopold's Torture Report FOIA Request By Denying Same To ACLU

from the (b)5:-for-when-you-absolutely,-positively-have-to-hide-every-motherfuckin'-d dept

The ACLU is suing the CIA over its withholding of CIA Torture Report-related documents, including the so-called Panetta Review. The CIA, so far, has managed to withhold the requested documents in their entirety, citing multiple FOIA exemptions. The ACLU isn't taking no for an answer and has challenged the CIA's refusal to turn over any of the documents the ACLU has requested. But this effort has now been shut down by the DC District Court.

The decision starts by noting that if the SSCI report (Torture Report) had remained solely in the hands of the Senate, it would have been unobtainable via FOIA requests. The ACLU had argued that its transfer to the CIA has released it from this clearly delineated restriction. ("For purposes of FOIA, the definition of an “agency” specifically excludes Congress, legislative agencies, and other entities within the legislative branch.")

The court finds otherwise:

The Court’s inquiry, therefore, is a streamlined one: do there exist “sufficient indicia of congressional intent to control,” id., the Full SSCI Report? [...] Although this case is no slam dunk for the Government, the Court answers that question in the affirmative.
The decision quotes from a SSCI letter from 2009 referring to the still in-the-works Torture Report.
In its June 2009 letter to the CIA, SSCI expressly stated its intent that the documents it generated during its investigation “remain congressional records in their entirety and disposition,” such that “control over these records, even after the completion of the Committee’s review,” would “lie[] exclusively with the Committee.” June 2, 2009, SSCI Letter, ¶ 6. Making its wishes even more explicit, it continued, “As such, these records are not CIA records under the Freedom of Information Act, or any other law.”
The ACLU pointed out that this letter from 2009 was both outdated and irrelevant to the issue at hand, as it only pertained to the use of documents shared with the Senate by the CIA, rather than the resulting report. The court disagrees, stating that the language in the 2009 letter is broad enough to cover the finished product, rather than just the documents contributing to it. But it also points out the CIA's arguments in defense of its secrecy are also inconsistent.
One final point bears mention. Defendants’ own characterizations of the scope of the letter vary somewhat in their submissions. Compare, e.g., Higgins Decl., ¶ 12 (“One key principle necessary to this inter-branch accommodation . . . was that the materials created by SSCI personnel on [the] segregated shared drive would not become ‘agency records’ even if those documents were stored on a CIA computer system or at a CIA facility.”) (emphasis added), with Def. Reply at 5 (explaining that the language of the June 2009 letter “covers the Full Report” as a “final . . . report[] or other material[] generated by Committee staff or members,” even though it did not reside on the network drive).
The ACLU also argued that Dianne Feinstein's letter from 2010 is a better indicator of whether or not the report and its supporting documents are FOIA-able.

As its pièce de résistance, the ACLU seizes on the December 10, 2014, transmittal letter from Senator Feinstein, claiming it represents “direct evidence of the SSCI’s intentions for the Final Full Report.” Id. That letter, to recap, states:

"[T]he full report should be made available within the CIA and other components of the Executive Branch for use as broadly as appropriate to help make sure that this experience is never repeated. To help achieve this result, I hope you will encourage use of the full report in the future development of CIA training programs, as well as future guidelines and procedures for all Executive Branch employees, as you see fit." December 10, 2014, Feinstein Letter.

“By encouraging the use and dissemination of the Final Full Report among the executive branch, and by leaving to the executive branch the decision as to how ‘broadly’ the report should be used within the agencies,” claims Plaintiff, “SSCI relinquished its control over the document.”
The court rebuts this argument as well. Rejecting the ACLU's "refinement" of the entirety of SSCI-related communication between the Senate and the CIA to a single letter, the court declares that Feinstein's instructions must be considered in context.
The Court, therefore, need not confine its consideration to the moment of transmission. On the contrary, SSCI’s 2009 letter sets the appropriate backdrop against which Senator Feinstein’s 2014 letter can be properly understood.

So teed up, her letter does not evince congressional intent to surrender substantial control over the Full SSCI Report. While it does bestow a certain amount of discretion upon the agencies to determine how broadly to circulate the Report, such discretion is not boundless. Most significantly, the dissemination authorized by the letter is limited to the Executive Branch alone. It plainly does not purport to authorize the agencies to dispose of the Report as they wish – e.g., to the public at large.
The court also adds that Feinstein's statement accompanying the public release of the report summary further declares the documents off-limits -- at least until further notice.
SSCI’s deliberate decision not to publicly release the Full Report, combined with its assertion that it would consider that course of action in the future, serve to further undermine Plaintiff’s theory that Congress intended to relinquish control over the document only days later.
It finds similarly for the "Panetta Report" documents, citing its rejection of Jason Leopold's FOIA request. The CIA continues to assert that these documents are "deliberative" in nature and out of the reach of FOIA requests, despite the fact that what's being deliberated has already been made public (in the summary report) and handed over to the executive and legislative branches (via the full report). The court upheld the CIA's exemption (b)5 declaration, stating that it doesn't matter whether or not portions of the sought documents are in the public domain, but rather that the documents are part of an agency's "deliberative process." (This is why exemption (b)5 is the most-abused FOIA exemption.)

As it had already shot down Leopold's request, the court finds no reason to alter its course, despite some "novel" arguments advanced by the ACLU -- including quoting Sen. Udall's assertion that the Panetta Review is a complete work of critical importance (a "smoking gun") that far exceeds the CIA's portrayal of it as an unfinished pile of somewhat related deliberative works-in-progress. The CIA's motion to dismiss is granted.

With this decision (and many preceding it), government agencies are being given even more reason to declare anything they don't want released "deliberative" and trust the courts to uphold their declarations.

Read More | 11 Comments | Leave a Comment..

Posted on Techdirt - 20 May 2015 @ 3:44pm

EFF Asks Court To Reconsider Ruling That Would Make Violating Work Computer Policies A Criminal Act

from the surfing-on-the-clock?-that's-a-jailing dept

The EFF is asking the Oregon Supreme Court to take a look at a disturbing opinion issued by the state's appeals court -- one that could see employees face fines and prison time simply for violating company policies.

The case prompting the filing of an amicus brief on behalf of the defendant does contain an element of criminality, but the court's decision should have been limited to the end result of the defendant's actions, rather than the actions taken to reach that point.

Caryn Nascimento worked as a cashier at the deli counter of a convenience store. As part of her job, she was authorized to access a lottery terminal in the store to sell and validate lottery tickets for paying customers. Store policy prohibited employees from purchasing lottery tickets for themselves or validating their own lottery tickets while on duty. After a store manager noticed a discrepancy in the receipts from the lottery terminal, it was discovered that Nascimento had printed lottery tickets for herself without paying for them. She was ultimately convicted not only of first-degree theft, but also of computer crime on the ground that she accessed the lottery terminal “without authorization.”

Nascimento appealed the computer crime conviction. She argued that because she had permission to access the lottery terminal as part of her work duties, she did not access the terminal without authorization—as required under the Oregon's computer crime statute. Unfortunately, the Oregon Court of Appeals affirmed Nascimento’s conviction, finding she had only “limited authorization” to access the lottery terminal for purposes of printing and validating lottery tickets for paying customers, and acted without authorization when she printed them for herself.
At first glance, it almost seems like a reasonable application of the law simply because the end result was theft. But it's the specifics that make it troublesome. "Without authorization" is far too broad a term to be used in this context. With this reading of Oregon's law, the appeals court has basically criminalized a wide variety of corporate computer-related policy violations. Actions that would normally be met (in a corporate setting) with warnings and reprimands could now be viewed as criminal acts.
[T]he Court of Appeals’ decision transforms millions of unsuspecting individuals into criminals on the basis of innocuous, everyday behavior—such as checking personal email or playing solitaire on a work computer. Such restrictions, frequently included in employers’ computer policies, are no different than the restriction imposed on Nascimento. They're ultimately all computer use, not access, restrictions. Upholding Nascimento’s conviction on the basis of a violation of a computer use restriction expands Oregon’s computer crime statute to criminalize violations of any computer use restriction.
The broad reading of Oregon's criminal statute also poses potential problems outside of the work environment.
The court’s holding that a person acts “without authorization” if she violates a policy regarding the use of a computer that she is otherwise authorized to access could be extended to an Internet user who accesses a website in violation of a written terms of service. For example, Facebook’s terms of use provide that “[y]ou will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission.” But as the Ninth Circuit noted en banc, “[l]ying on social media websites is common: People shave years off their age, add inches to their height and drop pounds from their weight.” Under the Court of Appeals’ expansive reading of ORS 164.377, if a user shaves a few years off her age in her profile information, asserts that she is single when she is in fact married, or seeks to obfuscate her current physical location, hometown or educational history for any number of legitimate reasons, she violates the computer crime law. The court’s decision thus opens the door to turning millions of individual Internet users—not just millions of individual employees—into criminals for typical and routine Internet activity.
The EFF points out that rolling back this "unconstitutionally vague" reading of Oregon's computer crime law doesn't leave the state without options to punish Nascimento for her actions. She still faces one count of aggravated first-degree theft -- a charge the EFF is not disputing. Pointing to previous decisions by the Fourth and Ninth Circuit courts, the EFF states that similarly broad readings of the rightfully-maligned CFAA (Computer Fraud and Abuse Act) have been rejected for potentially criminalizing violations of workplace computer use policies.

The Supreme Court should have no problem rolling back this broad reading and the attendant charge brought against Nascimento. The theft may have been facilitated by improper access that violated company policy, but this access doesn't rise to the level of a criminal act -- even if it ultimately resulted in a criminal action.

Read More | 38 Comments | Leave a Comment..

Posted on Techdirt - 20 May 2015 @ 2:50pm

Prenda Lawyer's ADA Shakedown Efforts Running Into Resistance From Public, Judges

from the hoping-this-ends-up-in-tears-and-sanctions-as-well dept

Paul Hansmeier, having learned all he needs to know about practicing law from his years in the trolling trenches as part of Prenda Law, is now shaking down businesses using ADA (Americans with Disabilities Act) lawsuits. This new (but not really) approach is slightly more palatable to the general public than attempting to fish a few bucks from randy torrenters via infringement lawsuits, but not by much. Those on the receiving end of these shakedown efforts don't see much difference between Hansmeier's new approach and the actions that netted him and Prenda Law sanctions from multiple courts.

Hansmeier still seems enthralled with the possibility of easy money, even if his experience with Prenda Law didn't exactly pan out the way its principals hoped. Most are still in the process of extracting themselves from the flaming wreckage of Prenda, but they're limping away, rather than strutting. Some may even face jail time for contempt.

Hansmeier and his non-profit (Disability Support Alliance) -- which exists nowhere but the Minnesota business registry and as a nominal plaintiff in his 50+ ADA lawsuits -- are running into roadblocks on Easy Buck Ave. One of the businesses he recently sued addressed his allegations by filing a $50,000 counterclaim for abuse of process and civil conspiracy.

Now, there's more trouble on the way.

Cal Brink was tired of the lawsuits that just kept coming. Since the first suit claiming lack of disability access was filed more than a year ago, businesses in this southwest Minnesota town of nearly 14,000 people have been worried that they, too, would be hit.

Nine lawsuits have been filed here so far by the Disability Support Alliance, a nonprofit group formed last summer, including one against the only bowling alley in town. The owner said he will soon close rather than pay the DSA’s $5,500 settlement offer or make the $20,000 of changes needed to comply with the Americans with ­Disabilities Act.

“Nobody fights them, because it’s going to cost you more to fight,” said Brink, executive director of the local Chamber of Commerce.

Now Marshall is fighting back. Working in concert with the Minnesota State Council on Disability, Brink developed an access audit for local businesses, allowing them to develop a plan to fix ADA issues and potentially to ward off litigation.

The plan has won the attention of the state Department of Human Rights, which hopes it could be used in other communities hit by serial litigation.
Since the putative goal is to improve access for the disabled, you'd think something called the "Disability Support Alliance" would be behind it. But the DSA isn't about improving access. It's about making money. Eric Wong, a member of the four-person-strong DSA says companies just need to pay it first and worry about complying with the law later.
His group “is currently in the process of producing a voluntary mass settlement agreement for those businesses in Marshall that are ready to confess to their crime, fully comply … and pay the damages/restitution that they are liable for under the law,” Wong said in an e-mail.

“The lawsuits will stop when there is no more access crime to prosecute,” he said. Many businesses “fail to understand that … we are now a zero tolerance state.”
Roughly translated: the trolling will continue until it's run off the rails by the public or the courts. The lawsuits have already caught the eye of Hennepin County's chief judge, which noted that the flurry of filings "raised the specter of serial litigation" and has ordered all DSA/Hansmeier's lawsuits filed in this county be handled by one judge. This will probably prompt Hansmeier to take his "business" elsewhere, rather than deal with extra scrutiny from a judge who won't have to connect the dots between multiple filings in multiple venues. With any luck, Hansmeier's efforts elsewhere will be greeted with the same local resistance and judicial distrust.

15 Comments | Leave a Comment..

Posted on Techdirt - 20 May 2015 @ 4:10am

Dept. Of Public Works Finds Watching 20 Hours A Week Of Full-Screen Porn On Work Computers To Be A Bit Too Much

from the 'I-find-working-in-public-service-to-be-[self]-gratifying' dept

I'll never understand the mentality of an employee -- government or otherwise -- who watches porn while on the clock and on company computers. I get that the mind wanders when not otherwise occupied, but rather than surf the web for innocuous time-killers, certain people decide to just head off the deep end and view something that's forbidden in every work environment not actively engaged in the production or distribution of porn.

While I may have skirted policies meant to keep time-wasting to a minimum (some days were filled with only wasted time), I have never opted to go the porn route. I have nothing against porn or those who watch it. I would just rather not give my employers (a) the equivalent of the middle finger re: computer use policies and (b) any insight into my personal sexual preferences. (LET YOUR IMAGINATIONS RUN WILD.) Both of these seem like BAD THINGS to do.

(Also, there's that whole thing about it that insinuates some sort of self-pleasure is involved, and in a work environment, that's just… amazingly gross. Even the employees at the porn shop don't relish cleaning up the spank rooms. Imagine being told after a few weeks at work that your predecessor [and previous cubicle occupant] was fired for watching tons of porn during work hours. You'd want to shower in decontaminant and return in a hazmat suit.)

And yet, we have written multiple stories about employees (most of them in the public sector) who not only watch porn at work, but do so with unimaginable gusto for hours at a time. Here's yet another, involving a Baltimore Department of Public Works employee:

Inspector General Rob Pearre Jr. released a report last week revealing the employee, a maintenance supervisor at the facilities division of the Back River Wastewater Treatment Plant, was suspended in September 2014 and fired Jan. 20 at the conclusion of an investigation.

The report said officials received an anonymous complaint about the worker in August of last year and monitoring software installed on the man's work computer found he spent 39 of the 82 hours he spent working in a two-week period watching a pornographic DVD on the computer.
Nothing handles the ridiculousness of a porn-related firing more aptly than an official report so dry it could apply for disaster relief funds.

"HOW MUCH PORN DID HE WATCH?" the studio audience in my mind demands. Here's a per-shift breakdown, listed in this report as "Table 1."

It appears the employee's workload tended to diminish over the course of week, with Mondays and Tuesdays (with one exception -- a seven-of-eight work hours marathon) being relatively light and the ration of porn-to-work increasing as the week wore on. Fridays were half-days and, accordingly, roughly half of that time was given over to porn-watching.

Now, the employee obviously felt accessing porn via the internet might result in a swift dismissal. His workaround -- bringing a DVD from home -- allowed him to bypass web filters. However, the length of time it was watched, combined with how it was watched, gives the impression that no one really checked on this employee's productivity, much less ever stopped by his desk.
The City-owned computer operated by the MSI was connected to a single monitor. OIG personnel noted that when pornographic material was visible, the video was maximized to cover the entire screen.
Full-screen porn during work hours is a strong indicator that the employee was neither valued nor popular. Viewing porn in full screen can only be done by those confident their porn sessions will not be interrupted.

The Inspector's report then goes on to state the (inadvertently hilarious) obvious.
OIG personnel noted that minimal computer activity was performed while pornographic material was visible. Based on these findings, the OIG believes that little to no work was being performed during the time that pornographic material was visible on the screen of the MSI’s City-owned computer.
Doh! If only this employee would have reduced it to the upper-corner of the monitor and run a few work-related applications in the background. He might have been able to hold onto this job until retirement -- at which point his porn-watching could have resumed uninterrupted, barring the occasional trip to the bank to deposit his pension check. (Or not, what with direct deposit…) But he didn't. Instead, he did this.
OIG personnel noted that the MSI would occasionally maximize his email inbox in the Microsoft Outlook program and then minimize it moments later leaving only the pornographic material visible on the screen.
Fortunately for Baltimore taxpayers, there's no pension in the future nor the continued annual funding of Dept. of Public Works porn-watching. $30,000/year for twiddling your thumbs self is damn good money, but there aren't many entities willing to fork that out. (Barring, of course, those involved in the production/distribution of porn…)
At an hourly rate of $29.90, the MSI was paid $1,166 for 39 hours for which no work was performed. By annualizing the data gathered during the two-week monitoring based on a 2000 hour work-year, pornographic material would be visible on the screen of the MSI’s City-owned computer for 951 hours which would cost the City approximately $28,400.
Also noted in the report: the employee appealed his pending termination briefly before being persuaded to take a 10-day payout in exchange for dropping the appeal he had very little chance of winning.

The report wraps up with the DPW and OIG giving each other big, warm hugs for being so competent/cooperative (respectively). And for the moment, all is slightly more right in Baltimore's Dept. of Public Works.

Read More | 43 Comments | Leave a Comment..

Posted on Techdirt - 20 May 2015 @ 1:09am

Transparency Watch Releases Searchable Database Of 27,000 US Intelligence Workers

from the publicly-posted-information,-searchable-by-the-public dept

Intelligence gathering on intelligence gatherers. Watching the watchers. Whatever you want to call it, Transparency Toolkit is doing it. It has gathered 27,000 publicly-posted resumes from members of the "intelligence community" and turned them into a searchable database.

The database -- ICWatch -- was put together using software specifically constructed by Transparency Watch (and posted at Github). Not only can the database be searched through TW's front end, but the data is also available in raw form for data-mining purposes.

Some may find this searchable database to be a form of doxxing, but TW says that isn't the intent. Instead, it's meant to give the public additional insight into the inner workings of the intelligence community, as well as allowing researchers and journalists to sniff out information on still-unrevealed surveillance programs.

"These resumes include many details about the names and functions of secret surveillance programs, including previously unknown secret codewords," Transparency Toolkit said.

"We are releasing these resumes in searchable form with the hopes that people can use them to better understand mass surveillance programs and research trends in the intelligence community."
What Transparency Watch has done is simplified a task anyone could have performed prior to the compilation of the ICWatch database. In fact, nearly two years ago, the ACLU's Chris Soghoian pointed out that public LinkedIn profiles were coughing up classified program names posted by intelligence community members in their listed skills and work history.

This is all Transparency Watch has done -- only in aggregate and accessible to those without a LinkedIn account.
The data was collected from LinkedIn public profiles using search terms like known codewords, intelligence agencies and departments, intelligence contractors, and industry terms, the group said.
What Soghoian noted back in 2013 remains true. Searches for known NSA programs frequently bring up other program names, all posted publicly by employees and contractors with an apparent disregard for the agency's "everything is a secret" policies.

A search for "PINWALE" brings up a profile listing the following:
Cultweave, UIS, Nucleon, CREST, Pinwale, Anchory, Association, Dishfire, SharkFinn, GistQueue, GoldPoint, Mainway
And another listing these terms:
You can also find out who's involved in Predator drone flights. Or who's participated in the NSA's Tailored Access Operations.

Some may argue that this algorithmic collection of resumes and LinkedIn profiles may be dragging some people under the "intelligence community" umbrella that shouldn't really be there. That's likely true, but this is one of those inescapable outcomes of dragnet operations. They may also argue that turning over this information to the public may cause some of those listed to be subjected to harassment or put them in danger. Also, this may unfortunately be true as well.

But there's a simple solution, albeit one that can't be applied retroactively.

As the government so frequently points out to us, publicly-posted information carries no expectation of privacy. The same goes for government employees and government contractors in sensitive positions who choose to disclose information about their skills and employment publicly. If any danger to these people exists, it has always existed. ICWatch may make the job simpler, but it's done nothing any person can't do on their own, using simple search tools.

13 Comments | Leave a Comment..

Posted on Techdirt - 19 May 2015 @ 9:04pm

Congress Continues To Withhold Congressional Research Service Documents From The Public

from the no-un-spun-insight-for-you,-citizens dept

The Congressional Research Service conducts research for Congress on a multitude of topics. This information is (theoretically) used to guide policy decisions. The research itself is (again, theoretically) valuable, considering it's free of partisan rhetoric and biased conclusions. This lack of bias and rhetoric helps explain the following actions:

First, Congress has again -- for the third year straight -- refused to increase the office's budget. Congress chalks this up to its seldom-seen sense of budgetary restraint.

In the new spending bill, the House Committee ominously rejected a CRS request for a $5 million budget increase in 2016, and allocated $107 million, the same as the 2015 level.

"The Legislative Branch must set itself as an example for fiscal restraint while continuing to serve the Nation. This bill will require strict fiscal discipline on the part of all congressional offices and all agency heads in the Legislative Branch," the report said.
Fiscal restraint is great, but it's always a good idea to take a closer look at the areas Congress decides to apply it. (There aren't many, so it shouldn't take long…) Steven Aftergood of the Federation of American Scientists' (FAS) Secrecy News blog notes that Congress doesn't have much use for unbiased research.
[CRS reports are] the kind of in-depth policy analysis that can only be helpful to those whose policy preferences are not predetermined by ideology or affiliation.
Who wants to pay (via taxpayers) for research that doesn't agree with the requester's point of view? Not Congress. So, the CRS will have to make do with the same budget it's had for three years straight. And while it struggles to meet the demands of representatives' requests for research, the CRS will also have to pitch in with the arduous task of answering requests from constituents on behalf of Congress members.
What is often deemed most useful is having CRS analysts assist congressional staff in responding to constituent mail, including eccentric or demented requests for information.
Like this request, which resulted in the CRS losing an analyst.
Why is the US Postal Service "stockpiling ammunition"? That sort of question helped lead CRS analyst Kevin Kosar to leave his job, he explained in an article in the Washington Monthly earlier this year ("Why I Quit the Congressional Research Service," Jan/Feb 2015).
This is where Congress feels CRS's limited resources (that it limited) are best deployed -- not providing clear, factual insight into policy issues.

Now, on to the second point. This research is crafted to guide policymaking -- policies that affect the public. This research, like everything else on Capitol Hill, is paid for with tax dollars. It's essentially public domain material. And yet, Congress continues to instruct the CRS to withhold this research from the public that paid for it.
The Congressional Research Service (CRS) will continue to be barred from releasing its reports to the public, the House Appropriations Committee said yesterday in its report on legislative branch appropriations for the coming year.

"The bill contains language which provides that no funds in the Congressional Research Service can be used to publish or prepare material to be issued by the Library of Congress unless approved by the appropriate committees," the House report said.
And so, the research remains locked up. Constituents can request this information from their representatives, but they are under no obligation to produce the documents. The same public that paid for the research once now spends its own money maintaining archives of any CRS reports they manage to acquire. FAS hosts hundreds of liberated reports. Wikileaks has posted nearly 7,000 CRS reports to its archives as well.

The CRS itself is no transparency angel itself. It, too, has opposed legislation aimed at making the reports directly available to the general public. It's been more than a decade since any effort to free these made it to a vote (a resolution was introduced in 2012 but went nowhere), but in an internal memo obtained by FAS, the CRS claimed (among other things) that this would unduly influence the researchers, if not the research itself.
Over time, CRS products might come to be written with a large public audience in mind and could no longer be focused solely on congressional needs.
However, another listed concern seems to indicate the service is OK with allowing Congress members to "translate" its reporting for American citizens.
The danger of placing CRS, a support agency, in an intermediate position responding directly to constituents instead of preserving the direct relationship between constituents and their elected representatives. This threatens the dialog on policy issues between Members and their constituents that was envisioned by the Constitution.
This seems like a legitimate complaint until you realize exactly what's happening here. CRS provides mostly-unbiased research -- something citizens could use to better inform themselves about legislative/world issues. If it allowed these reports out into the wild, Congress members would be unable to twist the findings to fit their own personal agendas or conform with the party line. This "direct relationship" with constituents means molding the data to match the message -- something that's crucial to winning the support of influential figures and cash-heavy contributors. A CRS report out in the open undercuts spin attempts. By not pushing for the release of unbiased research to the general public, the CRS is complicit in allowing politics -- rather than data -- to guide decision-making, while keeping the electorate from being fully informed.

4 Comments | Leave a Comment..

Posted on Techdirt - 19 May 2015 @ 3:58am

Border Patrol Agents Tase Woman For Refusing To Cooperate With Their Bogus Search

from the the-question-that-has-no-real-answer dept

Jessica Cooke, a New York native who had recently applied for a position with Customs and Border Protection, asked the only question that needed to be asked after being tased by CBP agents for asserting her rights: "What the fuck is wrong with you?!?"

Cooke was driving from Norfolk to her boyfriend's house in Ogdensburg, the northern border of which is the St. Lawrence River. If you cross the river, you are in Canada, but Cooke was not crossing the river. She nevertheless became subject to the arbitrary orders of CBP agents by driving through one of the country's many internal immigration checkpoints, which can be located anywhere within 100 miles of the border (a zone that includes two-thirds of the U.S. population). For some mysterious reason, she was instructed to pull into a secondary inspection area, where she used her cellphone to record a five-minute video of the stop (below). [Language possibly NSFW]

These CBP agents -- like too many other law enforcement officers -- had no idea how to react when their authority was challenged. They only saw one route to take: escalation.

Cooke knew the CBP agents needed something in the way of reasonable suspicion to continue to detain her. But they had nothing. The only thing offered in the way of explanation as they ordered her to return to her detained vehicle was that she appeared "nervous" during her prior interaction with the female CBP agent. This threadbare assertion of "reasonable suspicion" is law enforcement's blank check -- one it writes itself and cashes with impunity.

The CBP supervisor then stated he'd be bringing in a drug dog to search her vehicle -- another violation of Cooke's rights. The Supreme Court very recently ruled that law enforcement cannot unnecessarily prolong routine stops in order to perform additional searches unrelated to the stop's objective.

If the purpose of CBP is to secure borders and regulate immigration, then this stop had very little to do with the agency's objectives. Cooke is an American citizen and had not crossed a border. If the CBP's objective is to do whatever it wants within x number of miles of the border, then it's apparently free to perform suspicionless searches. In this case, the CBP was operating in drug enforcement mode, but even so, it still hadn't offered anything more than Cooke's alleged "nervousness" to justify the search and detainment. Additionally, the CBP's decision to bring in a drug dog raised the bar for justification.
While nervousness alone might be deemed enough for reasonable suspicion, SUNY Buffalo immigration law professor Rick Su told the local NPR station, "it is not sufficient" to justify a vehicle search, which requires probable cause to believe the vehicle contains evidence of a crime.
Things escalated when Cooke refused to return to her vehicle and wait passively for the CBP to perform its questionable search. Cooke told the officers she would leave if the search wasn't performed within 20 minutes. The supervisor told her she could leave, but her car couldn't and if she tried, spike strips would be deployed.

Shortly thereafter, this exchange occurred:
CBP agent: I'm going to tell you one more time, and then I'm going to move you.
Cooke: If you touch me, I will sue your ass. Do you understand me?
CBP agent: Go for it.
Cooke: Touch me then.
CBP agent: Move over there.
Cooke: Go ahead. Touch me.
CBP agent: I'm telling you to move over there.
Cue said "touching," followed almost immediately by screams of pain and swearing as Cooke is tased. Before the recording end, you can hear the CBP agent claiming Cooke "assaulted a federal officer." (As one does…)

And for all the hassle, the CBP came up with nothing.
During an exterior inspection of her vehicle by the unit, nothing was found, Ms. Cooke said. She said agents then opened the car doors, got her keys and opened the trunk.

Again, nothing was found, Ms. Cooke said, adding that agents did a second search of the vehicle with the K-9 unit, but found nothing.
There will always be those who feel citizens who refuse to meet law enforcement instructions with anything but meek obedience deserve whatever happens to them. "It's tough being in law enforcement," they claim. And it is. But considering the job contains the constant threat of injury or death, a little mouthiness or stubbornness shouldn't be met with this level of force.

Things are slowly changing, though. Law enforcement officers can no longer rely on the belief that citizens know less about their rights than they do. They will need to do more to justify searches and seizures in the future, instead of just making vague claims about perceived nervousness. Otherwise, their unconstitutional search attempts are either going to rely heavily on ensuring compliance through inapproriate use of force, or head to the other end of the spectrum, where they won't even get a chance to take a look. [Language possibly NSFW]

133 Comments | Leave a Comment..

Posted on Techdirt - 18 May 2015 @ 12:40pm

FBI Says It Has No Idea Why Law Enforcement Agencies Are Following The Terms Of Its Stingray Non-Disclosure Agreements

from the geez,-all-these-law-enforcers-take-our-agreement-so-LITERALLY dept

The FBI doesn't want to talk about its Stingray devices. It definitely doesn't want local law enforcement agencies talking about them. It forces any agency seeking to acquire one to sign a very restrictive non-disclosure agreement that stipulates -- among other things -- that as little information as possible on IMSI catchers makes its way into the public domain, which includes opposing counsel, prosecutors' offices and judges. The NDAs also instruct agencies to drop prosecutions if disclosure appears unavoidable. We know this because two NDAs have actually been obtained through Freedom of Information requests.

Now that Stingray usage and its attendant secrecy have been questioned by high-ranking DC legislators, the FBI is apparently feeling it should be a bit more proactive on the Stingray info front, presumably in hopes of heading off a more intrusive official inquiry. So, it has offered some "clarification" on its Stingray policies -- including the NDAs it makes local agencies sign.

The "clarification" seems to contradict a great deal of what the FBI's own NDAs require.

In a handful of criminal cases around the country, local police officers have testified in recent months that non-disclosure agreements with the FBI forbid them from acknowledging the use of secret cellphone-tracking devices. In some, prosecutors have settled cases rather than risk revealing, during court proceedings, sensitive details about the use of the devices.

The FBI, however, says such agreements do not prevent police from disclosing that they used such equipment, often called a StingRay. And only as a “last resort” would the FBI require state and local law enforcement agencies to drop criminal cases rather than sharing details of the devices’ use and “compromising the future use of the technique.”

To date, the bureau hasn’t invoked that provision, FBI spokesman Christopher Allen said in a statement to The Washington Post.
Let's compare the official statement with statements found in the agreement signed with a New York sheriff's department. The FBI says it's OK for law enforcement agencies to disclose Stingray usage in this "clarification." Here's the NDA:
The Erie County Sheriff's Office shall not, in any civil or criminal proceeding, use or provide any information concerning the Harris Corporation wireless collection equipment/technology… beyond the evidentiary results obtained through the use of the equipment/technology including, but not limited to, during pre-trial matters, in search warrants and related affidavits, in discovery, in response to court ordered disclosure, in other affidavits, in grand jury hearings, in the State's case-in-chief, rebuttal, or on appeal, or in testimony in any phase of civil or criminal trial, without the prior written approval of the FBI.

The FBI also denies it instructs agencies to toss cases rather than face possible exposure of Stingray usage. The NDA:
In addition, the Erie County Sheriff's Office will, at the request of the FBI, seek dismissal of the case in lieu of using, or providing, or allowing others to use or provide, any information concerning the Harris Corporation wireless collection equipment/technology [...] if using or providing such information would potentially or actually compromise the equipment/technology.
This "clarification" is mostly bullshit, but it's all in the wordcraft. Everything the FBI stated here could be technically factual. It may have never explicitly directed agencies to dump cases or hide Stingray usage. Instead, it has relied on law enforcement agencies to follow the restrictions laid out in the NDAs -- something they've apparently done without ever bothering to approach the FBI for permission to turn over Stingray information during court cases.

To say these NDAs do not prevent law enforcement agencies from acknowledging the use of Stingray devices is only true insofar as the NDAs themselves are apparently just a pile on unenforceable words. The implication, however, is that these agencies will see their Stingray privileges yanked if they cough up information. Or, in the best case scenario, law enforcement officials will be sternly talked to by FBI officials for breaching the agreement.

As for the claim that the FBI has never directly instructed a law enforcement agency to toss a case rather than disclose information? That may be true, as well as being completely unverifiable. Agencies appear to be taking these agreements literally -- which is, of course, the point of ANY WRITTEN AGREEMENT -- and proactively dropping cases rather than risk breaching the terms of the NDA.

The FBI is washing its hands of the Stingray secrecy mess it created. This "clarification" is astoundingly disingenuous. The FBI forces agencies into these agreements and then steps back and says, "Hey. we didn't make them do this. They just interpreted the agreement to mean exactly what it says it means." It passes the buck to local cop shops, blaming them for not seeking the second opinions these agreements clearly discourage.

If this "clarification" is actually going to approach something akin to honesty, the FBI needs to immediately begin rescinding its non-disclosure agreements. It can't force agencies into restrictive agreements and then throw up its hands and claim it has no idea why these agencies might be interpreting these highly-restrictive NDAs so literally. This is a nasty, self-serving cheap shot wrapped in the guise of transparency.

12 Comments | Leave a Comment..

Posted on Techdirt - 18 May 2015 @ 5:43am

South Korea's New Law Mandates Installation Of Government-Approved Spyware On Teens' Smartphones

from the please-spy-on-our-behalf,-thx! dept

Considering the extent of its (most web-related) censorship efforts, South Korea must consider itself fortunate to be next-door neighbors with North Korea. Any time another censorship effort arrives, all the government has to say is, "Hey, at least we're not as bad as…" while pointing its index fingers in an upward/roughly northerly direction.

It blocks sites and web pages with gusto, subverting its own technological superiority by acting as a Puritanical parental figure. Not that it helps. Every time the government ropes off one area, citizens carve out another. Four years ago, it attempted to pass a law making government-approved computer security software installation mandatory, supposedly in hopes of heading up the enlistment of citizens' computers into botnet armies.

Now, it's telling parents they must install government-approved and crafted spyware on the smartphones of any children under the age of 19.

The app, "Smart Sheriff," was funded by the South Korean government primarily to block access to pornography and other offensive content online. But its features go well beyond that.

Smart Sheriff and at least 14 other apps allow parents to monitor how long their kids use their smartphones, how many times they use apps and which websites they visit. Some send a child's location data to parents and issue an alert when a child searches keywords such as "suicide," ''pregnancy" and "bully" or receives messages with those words.

Last month, South Korea's Korea Communications Commission, which has sweeping powers covering the telecommunications industry, required telecoms companies and parents to ensure Smart Sheriff or one of the other monitoring apps is installed when anyone aged 18 years or under gets a new smartphone. The measure doesn't apply to old smartphones but most schools sent out letters to parents encouraging them to install the software anyway.
No one appears to have taken a close look at the inner workings of "Smart Sheriff" at this point, but a similar app known as "Smart Relief" also allows parents to monitor their children's smartphone activities and sends alerts triggered by any of the 1,100+ words on its watchlist.

Some terms it monitors (both in text messages and searches) would obviously raise concerns in parents.
Threat, kill, shut up, violence, destroy, handicap, crazy, prostitute, garbage, thief, porn, suicide, pregnancy, inn, obscene, sex, sexual crime, sexual relationship, prostitution, motel, beer, rape, adultery, run away from home, outcast, invisible person, don't have friends, jealousy, lonely, stress, don't want to live, loser, complaint, help, worry, menstruation, adoption, divorce, rape, homosexual love, single parent, IS, terrorism, poison...
Other trigger terms seem to do nothing more than give parents a reason to lock their kids up until they're old enough to move out:
Girl I like, boy I like, dating, boyfriend, girlfriend, breakup…
This new mandate is obviously creating a chilling effect. Some have noted the Smart Sheriff app may give government agencies access to minors' communications, all under the pretense of helping parents out. Nearly 80% of South Korean schoolchildren (teens and elementary students) own smartphones. That's a whole lot of communications potentially being delivered to law enforcement and intelligence agencies (if not also to schools and service providers).

As a result, smartphones are now no longer viewed as essential equipment by teenagers.
To get around the regulations, some students say they will wait until they turn 19 to get a new phone.

"I'd rather not buy a phone," said Paik Hyunsuk, 17. "It's violation of students' privacy and oppressing freedom."
Open Net Korea, which has tracked South Korean censorship efforts for years, has a translation of the law's stipulations, which not only requires installation of government-approved spyware apps, but also stipulates cell phone providers actively hassle parents who don't seem to be taking the mandated monitoring seriously.
Article 37-8 (Methods and Procedures for Providing Means to Block Media Products Harmful to Juveniles, etc.)

(1) According to Article 32-7(1) of the Act, a telecommunication business operator entering into a contract on telecommunications service with a juvenile under the Juvenile Protection Act must provide means to block the juvenile’s access to the media products harmful to juveniles under the Juvenile Protection Act and the illegal obscene information under Article 44-7(1)1 of the ICNA (“Information harmful to juveniles”) through the telecommunication service on the juvenile’s mobile communications device such as a software blocking information harmful to juveniles.

(2) Procedures prescribed below must be followed when providing the blocking means under (1):

At the point of signing the contract:
a. Notification to the juvenile and his/her legal representative regarding types and features of the blocking means; and
b. Check on the installation of the blocking means.

After closing the contract:

Monthly notification to the legal representative if the blocking means was deleted or had not been operated for more than 15 days.
So, not only is it censorware and spyware, but it's also apparently nagware -- with telecom reps calling or emailing every month to remind parents to perform their duties as proxy surveillance operatives for the South Korean government.

32 Comments | Leave a Comment..

Posted on Techdirt - 18 May 2015 @ 3:45am

DOJ Redefines Separation Of Powers, Tells Court It Has No Power To Order Government To Hand Over Documents

from the stand-by-for-OLC-memo-justifying-destruction-of-First-Amendment... dept

The US government is comprised of three branches: legislative, judicial and executive. The branches are supposed to work to balance the government, with each one acting as a check against excesses by the others. As a theory, it's impeccable. In practice, it's a mess.

At a hearing today on a lawsuit seeking to make videotapes of force-feedings at Guantánamo public, Justice Department attorneys argued that the courts cannot order evidence used in trial to be unsealed if it has been classified by the government. “We don’t think there is a First Amendment right to classified documents,” stated Justice Department lawyer Catherine Dorsey.
The judges, of course, reserve the right to tell the DOJ it's full of crap. It hasn't yet, but that may be coming. It did, however, get off a shot of its own in response.
“Your position is that the court has absolutely no authority (to order disclosure), even if the government is irrational?” [Judge Merrick] Garland asked, pointedly raising a scenario in which the government classifies a copy of the Gettysburg Address.
The information being argued over is recordings of Guantanamo Bay detainees being force-fed. These were ordered to be released last October by District Judge Gladys Kessler, who granted a stay while it was appealed.

In the arguments presented here, the government claims to be the sole arbiter of any information it deems classified -- something that's only going to lead to more classification and more secrecy. Judge Garland pressed the US attorney on this disturbing claim and found the government was saying exactly what he thought it was saying.
Chief Judge Merrick Garland characterized the government’s position as tantamount to claiming the court “has absolutely no authority” to unseal evidence even if it’s clear the government’s bid to keep it secret is based on “irrationality” or that it’s “hiding something.”

“That is our position,” Dorsey agreed.
Dorsey did, however, point out an option that didn't include the judicial system. (Well, at least not immediately…)
She added that a more appropriate tool to compel the release of the videos was through a Freedom of Information Act request.

The government is trying to prevent these videos from being released, citing national security concerns. Does anyone actually feel a FOIA request will result in anything more than a rejection on the same grounds? And when it happens, the FOIA request refusal will eventually end up in court… where the government's "right" to declare information too secret to be released will still keep these recordings out of the public's hands.

The executive branch's position is clear: it feels it should have sole control over the release of classified documents. The courts are welcome to ensure its assertions remain unchallenged, but in no way is it invited to second guess its secrecy efforts, or the motivations behind them.

62 Comments | Leave a Comment..

Posted on Techdirt - 15 May 2015 @ 6:18pm

New York District Court Denies Immunity To NYPD Officers Who Arrested A Citizen For Filming Them

from the no-immunity-for-deliberate-obtuseness dept

Some NYPD officers have continued to cling to the belief that citizens aren't allowed to film them, despite plenty of documentation otherwise. A letter issued to the Baltimore PD, but that CC'd law enforcement in general noted that "the justification for [filming police] is firmly rooted in longstanding First Amendment principles." (The footnote appended to this added: "There is no binding precedence to the contrary.") The NYPD's own Patrol Guide states this:

“[T]aking photographs, videotapes or tape recordings” do not constitute probable cause for arrest or detention so long as the activity does not jeopardize the safety of officers or others.
The NYPD's chief of federal litigation likewise reminded officers that bystanders could film police officers provided they didn't interfere with duties or operations.

It would seem to be clearly established (including decisions to this effect from all but one circuit court in the US) and yet certain officers are still shutting down citizens with cameras and arresting them on clearly bogus charges. The NYPD is currently facing a lawsuit from the ACLU that hopes to obtain a ruling declaring this activity to be covered by the First Amendment. That lawsuit may ultimately prove to be extraneous as the Southern District of New York (which oversees New York City) has now confirmed that citizen recordings are protected First Amendment activity.

The facts behind the suit are this:

Douglas Higginbotham was covering the Occupy Wall Street protests for a New Zealand TV station. While shooting footage from atop a phone booth, he was ordered to get down by NYPD officers. He attempted to climb down but there were too many people crowded around the booth. So, the cops dragged him down by his feet, damaging his camera in the process. He was then cuffed with zip ties for three hours (and sprung from them with a butter knife because the NYPD is apparently more interested in the cuffing process than the releasing process) and charged with disorderly conduct.

Higginbotham claimed the arrest was performed in retaliation for his filming police officers, and as such, was a false arrest. The NYPD countered by claiming Higginbotham's supposed "failure to disperse" justified the charge. The court found otherwise:
The parties dispute whether, as a journalist covering the protest, Higginbotham can properly be said to have been “congregating” with the protesters within the meaning of the statute. The Court need not resolve this question, however, because there is a different reason why the statute does not cover Higginbotham’s conduct: the defendants’ order for Higginbotham to climb down from the telephone booth was not an order to “disperse.” That word, as used in the statute, means “[t]o separate, go different ways.” Oxford English Dictionary (2d ed. online version Mar. 2015). There is no allegation that Higginbotham was ordered to “separate” himself from the rest of the crowd, by leaving the scene of the protest. On the contrary, as alleged, the defendants instructed that he climb down from the phone booth into the crowd. Further, “[a] group can disperse; an individual cannot.” Because the defendants’ order was directed at Higginbotham alone, it could not be an order to disperse.
The NYPD also raised a variety of other justifications for this arrest (including potential damage to the phone booth and creating a "hazard" by his being on top of the phone booth) but these were also dismissed as inapplicable by the judge. The department also claimed that, even if there were no legitimate reason to arrest Higginbotham, the officers were entitled to qualified immunity.
In support of qualified immunity, the defendants merely summarize their version of the facts and assert that “the officers were objectively reasonable and patently not incompetent.” (Defs.’ Br. 12.) At the summary judgment stage, they will have the opportunity to try to demonstrate this by submitting evidence showing that reasonably competent officers in their situation could have at least disagreed on whether probable cause existed. Based solely on the complaint, however, the Court cannot conclude that this must have been the case.
Finally, the court addresses the First Amendment issue, and here the NYPD officers again attempt to claim immunity.
The defendants further assert that they are entitled to qualified immunity because the right to record the police is “insufficiently defined.”
The "no one directly -- at that moment -- told us not to" defense is one that should be undermined considerably by statements and policies issued by the NYPD itself. The court doesn't need a copy of the Patrol Guide to arrive at the same endpoint.
The Court concludes, however, that the right to record police activity in public, at least in the case of a journalist who is otherwise unconnected to the events recorded, was in fact “clearly established” at the time of the events alleged in the complaint. When neither the Supreme Court nor the Second Circuit has decided an issue, a court “may nonetheless treat the law as clearly established if decisions from . . . other circuits ‘clearly foreshadow a particular ruling on the issue.’”
The court then goes on to point out that the First Amendment rights the officers claimed were "insufficiently defined" had been clearly established by years of precedent rulings.
Certainly, the right to record police activity in a public space is not without limits, and some uncertainty may exist on its outer bounds. For instance, it may not apply in particularly dangerous situations, if the recording interferes with the police activity, if it is surreptitious, if it is done by the subject of the police activity, or if the police activity is part of an undercover investigation. As alleged, however, Higginbotham’s conduct falls comfortably within the zone protected by the First Amendment. The complaint alleges that he was a professional journalist present to record a public demonstration for broadcast and not a participant in the events leading up to the arrest he was filming. There is nothing in the complaint suggesting that his filming interfered with the arrest. Accordingly, and in light of the case law consensus described above, a reasonable police officer would have been on notice that retaliating against a non-participant, professional journalist for filming an arrest under the circumstances alleged would violate the First Amendment.
Now, this is still far from the final ruling, so there's no precedent specific to the NYPD's territory set at this point. But the court's denial of qualified immunity in respect to Higginbotham's First Amendment claims serves notice that future assertions of well-meaning, not-patently-incompetent ignorance won't be entertained by this court. The plaintiff's suit will move forward and the officers accused of taking retaliatory action against a photographer will have to move right along with it. I would expect a settlement in the near future if the NYPD wishes to prevent the Second Circuit from joining the rest of the circuit courts in establishing a First Amendment right to record.

Read More | 24 Comments | Leave a Comment..

Posted on Techdirt - 15 May 2015 @ 12:43pm

IRS Drops Forfeiture Case, Returns $107,000 Taken In Bogus 'Structuring' Prosecution

from the teaching-old-thieves-new-tricks dept

The streak continues. A highly-dubious IRS asset forfeiture case receives some media attention, closely followed by the agency dropping the case.

Federal prosecutors have dropped an attempt to seize $107,000 from a North Carolina small business owner using asset forfeiture laws following several weeks of media scrutiny.

According to the Institute for Justice, a public interest law firm, the Internal Revenue Service and Justice Department moved Wednesday to voluntarily dismiss their case against Lyndon McLellan.
McLellan's case was raised (as a "hypothetical") by Rep. George Holding during IRS testimony in front of the House Ways and Means Committee. Holding asked IRS Commissioner John Koskinen why the agency was continuing to pursue a questionable "structuring" case against McLellan, considering both the IRS and the DOJ had issued policy revisions stating the government would not do this unless there was evidence the deposited money originated from criminal activity.

Koskinen agreed that McLellan's case should be dropped and promised to look into it. Meanwhile, the prosecutor overseeing McLellan's case contacted the Institute for Justice, claiming that its release of case details to House members would not only not help McLellan's case but could actually make it worse for him -- citing the vaguely-threatening "ratcheting" of "feelings" within the IRS by this public disclosure. He then offered McLellan a "final offer" of half his money back.

McLellan didn't take the offer. Now, he's getting all of his money back -- which he'll need, considering he's already racked up plenty of expenses fighting the IRS and DOJ.
McLellan still had to pay for a lawyer, not to mention $19,000 to have his business audited. The government also refuses to pay for interest earned on money after it has been seized.
While the IRS may be curbing its dubious forfeitures, there are still problems that need to be addressed within the DOJ itself.
Last week, the Justice Department said it would investigate two other prosecutors after one business owner whose assets were seized said he had been punished more harshly after publicizing his case and another said he had been threatened with a felony charge if he did not agree to give up some of his money.
Kind of dispels the notion that asset forfeiture has anything to do with "justice." As these programs continue to suffer from mainstream exposure, those heading up prosecutions seem unwilling to scale back their efforts accordingly. They can see the revenue stream drying up and they're getting desperate. There will be more than a few forfeiture victims whose cases will stay off the radar. Unfortunately for them, these "zealous" prosecutors appear willing to do whatever they can to ensure funds seized with no evidence of criminal intent or origin remain inaccessible to those who actually earned them.

17 Comments | Leave a Comment..

Posted on Techdirt - 15 May 2015 @ 11:40am

FBI Spied On Activists Because Protecting Corporate Interests Is Roughly Equivalent To Ensuring National Security

from the our-disregarded-internal-policies-trump-your-First-Amendment-rights dept

That whole thing about the FBI not surveilling people based solely on First Amendment activity? The thing that's been in all the (FISA) papers (and agency policies)? Yeah, the FBI hasn't heard of it either.

The FBI breached its own internal rules when it spied on campaigners against the Keystone XL pipeline, failing to get approval before it cultivated informants and opened files on individuals protesting against the construction of the pipeline in Texas, documents reveal.

Internal agency documents show for the first time how FBI agents have been closely monitoring anti-Keystone activists, in violation of guidelines designed to prevent the agency from becoming unduly involved in sensitive political issues.
"Unduly involved" is right. First of all, a majority of what was monitored was First Amendment activity, something no federal intelligence or investigative agency is supposed to be doing. Certainly, there can be law enforcement monitoring of protests as they occur, but there's no provision in the law that allows the FBI to monitor people solely because of their activism.

Unless, of course, these activists are declared "extremists." Then all bets (and Constitutional protections) are off.
“Many of these extremists believe the debates over pollution, protection of wildlife, safety, and property rights have been overshadowed by the promise of jobs and cheaper oil prices,” the FBI document states.
"Extremists" are often mentioned in the same breath as "domestic terrorists," so with a little bit of rebranding, the FBI is now able to surveill people solely for their First Amendment-protected activities. That's handy and not totally unexpected, given the agency's long history of eyeballing activists who run contrary to its view on How Things Should Be. At one point, it was uppity blacks and encroaching homosexuals. Now, it's people who don't want an oil pipeline running through their neighborhoods.

And, even though we know the FBI has clearly taken a stance on controversial issues in the past and shaped its surveillance activities accordingly, it's rather jarring to see an investigative agency decide who's right and wrong by issuing a statement (wrapped in a self-justifying plan of action) on behalf of one side of the issue.
“The Keystone pipeline, as part of the oil and natural gas industry, is vital to the security and economy of the United States.”
Having decided that protecting corporate interests was roughly aligned with its "national security" purview, agents then routed around any internal controls that might have restricted its plans to break FBI policy.
[T]he partially redacted documents reveal the investigation into anti-Keystone activists occurred without prior approval of the top lawyer and senior agent in the Houston field office, a stipulation laid down in rules provided by the attorney general.
But, hey, no problem because the FBI totally fixed things in-house and in post.
Confronted by evidence contained in the cache of documents, the agency admitted that “FBI approval levels required by internal policy were not initially obtained” for the investigation, but said the failure was remedied and later reported internally.
The supposed extremists it monitored the longest were part of an organization known as the Tar Sands Blockade, a group committed to nonviolent protest. While minor crimes such as trespassing were committed by members of the group, nothing rose to the level of what one would normally associate with an FBI investigation. And it went on for 11 months after the "error" that allowed the investigation to exist in the first place was discovered.

Mike German, former FBI agent and fellow at the Brennan Center for Justice lays out the obvious problem with the FBI's behavior:
“It is clearly troubling that these documents suggest the FBI interprets its national security mandate as protecting private industry from political criticism,” he said.
That is troubling. Just as troubling is the agency's determination that the surveillance it never should have initiated resulted in no "adverse effects." But for who? Obviously, the FBI walked away from this with little more than another dent in its now-heavily damaged reputation. But what about those who were surveilled? Or those who might be in the future when they exercise their First Amendment rights? The FBI's self-assessment doesn't factor in these consequences and because it doesn't, it will likely make the same (intentional) "mistakes" in the future.

46 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>