Capitalist Lion Tamer’s Techdirt Profile


About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]

[recently retired]

[various side projects]

Posted on Techdirt - 30 August 2016 @ 2:28pm

Inspector General Finds NYPD's Surveillance Of Muslims Routinely Violated Consent Decree Guidelines

from the nypd-blew dept

Following two lawsuits against the NYPD for its pervasive, rights-violating surveillance of the city's Muslims, the department's Inspector General took a look at a sampling of cases from 2010-2015 to see if the Handschu Agreement -- crafted in 1985 and heavily modified in 2002 -- was being followed. The short answer is "No." So is the long answer [PDF].

The guideline was part of a consent decree created in response to pervasive NYPD surveillance of activities protected by the First Amendment, even when no unlawful activity was suspected. The guideline worked for awhile, but the 9/11 attacks changed that. The NYPD brought in two former CIA employees who decided to turn a domestic law enforcement agency into Langley on the Hudson. Former CIA officer David Cohen used terrorism fears to compel a judge to significantly modify the Handschu Agreement.

From that point on, the NYPD steadily abused the revamped agreement. Its "Demographics Unit" designated entire mosques as terrorist entities, placed the city's Muslims under surveillance, and -- best of all -- generated zero leads.

The Inspector General's report points out that the NYPD couldn't even comply with the relaxed, post-9/11 Handschu Agreement. Instead, the Demographics Unit copy-pasted justifications for pervasive surveillance and passed them up the ladder to the rubber stamps handling the approval process.

OIG-NYPD’s investigation found that NYPD, while able to articulate a valid basis for commencing investigations, was often non-compliant with a number of the rules governing the conduct of these investigations. For example, when applying for permission to use an undercover officer or confidential informant, the application must state the particular role of the undercover in that specific investigation, so that the need for this intrusive technique can be evaluated. NYPD almost never included such a fact-specific discussion in its applications, but instead repeatedly used generic, boilerplate text to seek such permission. Tellingly, this boilerplate text was so routine that the same typographical error had been cut and pasted into virtually every application OIG-NYPD reviewed, going back over a decade.

The NYPD's response [PDF] to the report disputes the accusation of using boilerplate permission slips. But that's all it does. It fails to explain how each individual request somehow contained the same typographical error. Repeatedly. For fourteen years.

The NYPD disagrees with the Report’s characterization that the extensions of Preliminary Inquiries contain “boilerplate language.” To the contrary, extension requests include a full and detailed recitation of the key facts justifying investigation, including any new facts/updates learned since the investigation was opened. Often, the added facts learned since the opening of an investigation strengthen the original predicate.

Once an investigation was under way, NYPD supervisors tended to take a very hands-off approach.

Further, among all cases reviewed, NYPD continued its investigations even after legal authorization expired more than half of the time. Often more than a month of unauthorized investigation occurred before NYPD belatedly sought to renew the authorization.

As the IG points out, this is completely unacceptable. The Agreement is there for a reason: to prevent unlawful surveillance. But the NYPD is left alone to ensure its own compliance with the guideline. There's no judicial oversight of these activities -- not like there is with searches, seizures, and stops. Left to police itself, the NYPD proved unworthy of the trust placed in it.

These failures cannot be dismissed or minimized as paperwork or administrative errors. The very reason these rules were established was to mandate rigorous internal controls to ensure that investigations of political activity – which allow NYPD to intrude into the public and private aspects of people’s lives – were limited in time and scope and to ensure that constitutional rights were not threatened.


As a result, until OIG-NYPD conducted this review, there had never been any routine, independent third-party review to ensure compliance with these rules. NYPD's compliance failures demonstrate the need for ongoing oversight, which OIG-NYPD will now provide.

The NYPD's response admits as much, even as it challenges many of the Inspector General's recommendations. Since February 2002, the NYPD's Demographics Unit has been grading its own papers. A law enforcement hot take, written by a CIA officer and pushed past a local judge, has guided the NYPD for almost 15 years. What it's left behind is a long string of First and Fourth Amendment violations. What it hasn't left behind is a string of successful investigations. Or a coherent paper trail.

This is the NYPD in its own words, arguing with IG about the office's findings.

First, the NYPD didn't implement electronic tracking of its Demographics Unit cases until after it was already on the losing end of two civil rights lawsuits.

The Intelligence Bureau began discussing the development of an electronic case tracking system for Handschu investigations in February 2016 to assist in complying with the proposed modifications to the Handschu Guidelines as part of the settlement in the Handschu and Raza litigations.

It will only now begin thinking about keeping all related investigative documents together in one place.

While the prior history of a case and/or its proposed subject(s) is set forth in the Investigative Statement, the Intelligence Bureau will consider if there is a more effective way to trace the full history of an investigation, including other levels of investigation (i.e., checking of leads, Preliminary Inquiries, etc.) which may have occurred related to its underlying facts.

It will also only now start thinking about documenting the written approval process for deploying new informants or extending the use of existing ones.

The Intelligence Bureau will consider the development of best practices for documenting the written approval of the use of human sources in Handschu investigations by the Deputy Commissioner of Intelligence, including name, signature, and date.

Even though the NYPD has been running investigations under the modified Handschu Agreement since 2002, it won't be until later this year that it will finally deliver a comprehensive compilation of baseline policies governing terrorism-focused investigations.

As is evidenced by the Inspector General's findings -- and the NYPD's own admissions -- the department has never been interested in accountability. It's far more interested in pretending it's the DEA, FBI, CIA, and NSA all rolled into one local law enforcement office. And it operates with a level of opacity surpassing the federal agencies it aspires to be. The report finds a pattern of noncompliance and the NYPD defends itself by either pointing out that if there's no requirement to do something, it sure as hell isn't going to do it, or nodding thoughtfully and promising to get right on things it should have addressed more than a decade ago.

Read More | 7 Comments | Leave a Comment..

Posted on Techdirt - 30 August 2016 @ 8:33am

School Creates Own Security Hole; Tries To Have Concerned Parent Arrested For Hacking

from the shut-up,-they-criminally-complained dept

We've seen it so often over the years, it's probably now time to accept the fact that this will never change: when entities are presented evidence of security holes and breaches, far too often the initial reaction is to shoot the messenger.

A school whose online student portal exposed a lot of sensitive data decided the best way to handle a concerned parent's repeated questions about how it was handling the problem was to file a criminal complaint against the parent. (via the Office of Inadequate Security)

The details of the breach (since closed) were reported by independent journalist Sherrie Peif.

The district uses Google Apps for Education (GAFE), a hosting solution by Google that incorporates Google mail, calendar, and chat services. Lewis-Palmer used it for student email accounts, which at that time consisted of the student’s district identification number. [The] system used by the district allowed anyone with email address in the system to download a complete contact list of district students. The list identified students’ names and district email addresses. Because student email accounts were comprised of the student ID, anyone who gained access to this list only needed to know the students’ birthdays to access another program, Infinite Campus, which contains the personal data of possibly thousands of students.

Normally, it might have been difficult to ascertain what students' passwords were. But the school made it easy for anyone to suss out passwords and access the sensitive information stored at the Infinite Campus portal. This message, posted by administrators, sat on the login page for over nearly three years before being removed.

On Aug. 9, 2013 the district posted: “Due to a security enhancement within Infinite Campus, your network and IC passwords have been changed! You must now enter the prefix LP@ before your regular birthday password (i.e. LP@031794).”

What was contained behind the papier-mache security facade was a wealth of sensitive student info.

In Lewis-Palmer, students and parents had access to names, addresses, and phone numbers for students, parents, siblings, and emergency contacts; schedules; attendance records; grades; locker numbers and combinations; transportation details, including where and when bus pickups took place; and health records.

Parent Derek Araje brought this to the attention of Dewayne Mayo, a district technology teacher. Rather than promise to look into it or direct him to someone who might be able to verify his claims, Mayo became irritated and accused Araje of "breaking federal law."

Mayo also emailed other school administrators to complain about Araje, claiming he was "polluting the waters" and making it easier for parents skeptical about "any new technology" used by the district to raise complaints. Others in the email thread treated Araje's claims skeptically, asserting (hilariously) that it would take "advanced cracking skills" to break into a site where visitors were greeted with a message that basically gave away every students' password.

Six months after it was brought to the school's attention, parents are finally notified. Two days later, the school shut down the site and GAFE access. On the same day, the school filed a criminal complaint [PDF] with local police department accusing parent Derek Araje of hacking into the website. Fortunately for Araje, the police cleared him of any wrongdoing a month later.

Not only did the school go after the person who brought the security hole directly to its attention, but it significantly downplayed its own role in making sensitive student info easily-obtainable. Teacher, administrator, and technology director Bill Fitzgerald points out the school's blatant attempt to cover its own ass after ignoring the site's security issues for months, if not years.

It also appears - based on the parent testimony at the board meeting - that these concerns were brought to the district's attention in the fall of 2015, and were dismissed. Based on some of the other descriptions regarding access to health records, it also sounds like there might be some issues related to Infinite Campus and how it was set up, but that's unclear.

What is clear, however, is that the district is not being as forthright as they need to be. The board meeting with parent testimony was May 19th; Complete Colorado article ran on May 24th. The data privacy page on the Lewis Palmer web site was updated on May 25th, with the following statement:

"Yesterday, we discovered a possible security breach through normal monitoring of IP addresses accessing our systems."

Given that the security issue was covered in the local press the day prior, and that the district was publishing their password structure for over three years, I'd recommend they look at their logs going back a while. I'd also recommend that the district own their role exacerbating this issue.

Instead of owning its role, the school chose to try to make someone else -- parent Derek Araje -- pay for its own carelessness and unwillingness to address a security hole until it became impossible to ignore.

Read More | 49 Comments | Leave a Comment..

Posted on Techdirt - 30 August 2016 @ 3:26am

Court Documents Show FBI Had To Bail Out Oakland Police With Its Bigger, Better Stingray

from the stand-back-and-let-the-pros-handle-this,-son dept

Cyrus Farivar of Ars Technica has obtained court documents showing the Oakland Police Department had to call in the feds -- and their IMSI catcher -- to track down a suspect wanted in connection with a shooting of an off-duty police officer.

According to new government affidavits filed earlier this week, the Oakland Police Department (OPD) used its stingray without a warrant in 2013 for several hours overnight as a way to locate a man accused of being involved in shooting a local police officer. The OPD called in the FBI when that effort was unsuccessful. The FBI was somehow able to locate the suspect in under an hour, and he surrendered to OPD officers.

The only reason these affidavits even exist is because the judge presiding over the prosecution of Purvis Ellis ordered the government to submit declarations detailing how the devices were used to locate him. Two declarations -- one from the FBI [PDF] and one from the Oakland PD [PDF] -- shed some additional light on the now-ubiquitous cell phone-tracking technology.

Neither law enforcement agency sought a warrant for their Stingray deployments. Both declarations claim none was needed because of "exigent circumstances." Given that this occurred before the DOJ instituted a warrant requirement for the FBI's Stingray use, it's unlikely any evidence is in danger of being tossed.

The Oakland PD's declaration states the same thing: no warrant was sought because of "exigent circumstances." Similarly, there appears to have been no warrant requirement in place for the Oakland Police Department at that time. That doesn't mean the court won't find that the use of a Stingray device (or, in this case, two of them) requires the use of a warrant, but even if it does, the good faith exception is likely to apply -- especially in the FBI's case, as its warrant requirement was still thee years away. In both deployments, pen register orders were used to obtain subscriber info. Because exigent circumstances dictated the requests, no judicial approval of the orders was needed.

Ellis' lawyers are hoping the judge will find the circumstances surrounding the Stingray deployments to be not nearly as "exigent" as the government claims.

Prosecutors argued that because the three men involved in the altercation were at large, there was a clear exigency. Ellis’ defense, meanwhile, has countered that because the OPD had declared the scene “secure” 14 minutes after Karsseboom was shot, there was no exigency. This issue remains unresolved.

On one hand, securing a crime scene doesn't immediately dispel perceived exigency. As the government points out, the shooting suspects were still free and roaming Oakland. On the other hand, the amount of time that elapsed between the Oakland PD's response to the reported shooting and the eventual location of Ellis by the FBI -- 15 hours -- suggests some of the exigency may have dissipated by the time the FBI fired up its tracking device.

Whatever the case is, the Oakland PD's call for assistance suggests its equipment was already outdated.

“It's unclear from the Oakland declaration how continuous the operation of their equipment was,” Brian Hofer, chair of the City of Oakland Privacy Advisory Commission, told Ars. His newly created commission has been scrutinizing the city’s procurement process for surveillance and has pushed for new policies overseeing its use.

“We believe that Oakland only had an older 2G/3G Stingray, based on public records in our possession,” he continued. “It is possible that the FBI already possessed a Hailstorm or similar 4G capable device at this time, or an older 2G/3G system but with enhanced amplification, or maybe Oakland's equipment was simply malfunctioning."

The shooting occurred roughly two years before the PD attempted to secure a Homeland Security grant to pay for the Hailstorm upgrade, which would have allowed it to track the suspect. The FBI's newer version had no such problems. The Oakland PD spent ten futile hours searching for Ellis. The FBI located him roughly an hour after deploying its Stingray. It also deployed something else along with it. From the FBI's declaration:

At one point, in an effort to reduce the error radius and increase the accuracy of the location of the cellular telephone, a cell site simulator augmentation device was deployed into the interior of the apartment building. This device is used in conjunction with the cell site simulator and has no data storage capability whatsoever.

Farivar spoke to Daniel Rigmaiden -- the person who first uncovered government use of Stingray devices in criminal investigations (prior to that, it had only been deployed in war zones by the military) while serving time for tax fraud -- who suggested the "augmentation device" might be something made by KeyW or one of its competitors. These devices passively collect connection info and are small enough to be carried in an agent's hand.

Rigmaiden also points out something else this incident shows, however inadvertently. All the money being spent by local law enforcement agencies might be better off spent on other things. Not having a Stingray device isn't the end of the world -- especially when the FBI is willing to put its devices and technical expertise to use at a moment's notice.

Read More | 13 Comments | Leave a Comment..

Posted on Techdirt - 29 August 2016 @ 1:06pm

Appeals Court Tosses Search Warrant Used By Louisiana Sheriff In Attempt To Silence Critical Blogger

from the stupid-law-fails-to-help-out-even-stupider-Sheriff dept

The Louisiana First Circuit Court of Appeals has just ended Terrebonne Parish Sheriff Jerry "Censorious Dumbass" Larpenter's attempt to silence a critic through the magic of abusing his power. The sheriff obtained a warrant to raid a blogger's house, using the state's mostly-unconstitutional criminal defamation law to justify the search. The blogger had pointed out that Larpenter's wife works for an insurance agency that provides coverage for the local government -- something that looked just a wee bit corrupt.

Larpenter didn't care for this, so he took his search warrant application -- and a complaint by Tony Alford, who runs the insurance company that Larpenter's wife works for -- to an off-duty judge to get it signed. This same judge later declared the warrant to be perfectly legal when challenged by lawyers representing the blogger. The blogger's lawyers appealed [PDF] this decision, which has resulted in the warrant [PDF] being killed. Naomi Lachance of The Intercept has more details.

An appellate court in Baton Rouge ruled Thursday that a raid on a police officer’s house in search of the blogger who had accused the sheriff of corruption was unconstitutional.

The Louisiana First Circuit Court of Appeals argued that Sheriff Jerry Larpenter’s investigation into the blog ExposeDAT had flawed rationale: the alleged defamation was not actually a crime as applied to a public official.

The unanimous ruling from the three-judge panel comes after police officer Wayne Anderson and his wife Jennifer Anderson were denied assistance in local and federal court.

The one-paragraph decision [PDF] points out that Tony Alford is a public figure and cannot avail himself of the state's criminal defamation law.

Anthony Alford, the supposed victim, is President of the Terrebonne Parish Levee and Conservation Board of Louisiana, and a public official. Consequently, the search warrant lacks probable cause because the conduct complained of is not a criminally actionable offense. The ruling of the district court denying the motion to quash the search warrant is reversed, the motion is granted, and the search warrant is quashed.

So much for Judge Randall Bethancourt's declaration that the warrant he signed was valid. And so much for the Terrebonne Sheriff's Department's "look see" Bethancourt granted earlier. The seized devices -- which included a laptop belonging to the blogger's children -- have been held by the clerk of courts, which hopefully means Sheriff Larpenter didn't sneak some peeks before having his bogus warrant tossed.

The state's top prosecutor won't be humoring Sheriff Larpenter any further.

“We respect the First Circuit decision, we have no plans to appeal, and as far as the attorney general is concerned, the case is closed,” Ruth Wisher, press secretary for the attorney general, told The Intercept.

Sheriff Larpenter still seems willing to abuse his office to shut people up, as evidenced by his inability to do so himself.

Over the month of August, Larpenter had publicly defended his position. “They need to upgrade [criminal defamation] to a felony,” he recently said on local television station HTV10.

“The media come and all the different outlets, even our local media, wrote unsatisfactory accusations about me like, ‘Oh, they got freedom of speech. They can say what they want.’ Well that’s not true,” he said.

Larpenter is wrong on both counts. Defamation shouldn't be a criminal offense. Ever. And his definition of "free speech" doesn't sound very "free." Instead, it sounds like Larpenter would prefer limits to speech he doesn't like, which is a stupid and dangerous ideal to hold while in an elected office holding considerable power. I have my doubts Larpenter thought he'd really end up with a criminal prosecution, but he's probably satisfied that he was allowed to walk into someone's home, take their stuff, and force them to spend money defending themselves from a completely bogus criminal charge.

Of course, intimidation tactics like these can sometimes backfire completely. Larpenter now looks like an easily-bruised bully and his BS attempted prosecution will likely only encourage his critics to speak up more loudly and frequently. In addition, The Intercept reports the blogger's lawyers will be moving forward with a lawsuit against the parish for Sheriff Larpenter's actions, so this may end up costing taxpayers some cash as well. Hopefully, this unneeded spending will be on their minds when Larpenter's up for re-election.

Read More | 16 Comments | Leave a Comment..

Posted on Techdirt - 29 August 2016 @ 9:40am

Leaked NSA Zero Days Already Being Exploited By Whoever Thinks They Can Manipulate Them

from the the-best-offense-is-not-giving-a-fuck-about-playing-defense dept

There are still people out there who think it's a good idea for the government -- whether it's the FBI, NSA, or other agency -- to hoover up exploits and hoard vulnerabilities. This activity is still being defended despite recent events, in which an NSA operative apparently left a hard drive full of exploits in a compromised computer. These exploits are now in the hands of the hacking group that took them… and, consequently, also in the hands of people who aren't nearly as interested in keeping nations secure.

The problem is you can't possibly keep every secret a secret forever. Edward Snowden proved that in 2013. The hacking group known as the Shadow Brokers are proving it again. The secrets are out and those who wish to use exploits the NSA never disclosed to affected developers are free to wreak havoc. Lily Hay Newman of Wired examines the aftermath of the TAO tools hacking.

Whoever they are, the Shadow Brokers say they still have more data to dump. But the preview has already unleashed some notable vulnerabilities, complete with tips for how to use them.

All of which means anyone—curious kids, petty criminals, trolls—can now start hacking like a spy. And it looks like they are.

Curious to learn if anyone was indeed trying to take advantage of the leak, Brendan Dolan-Gavitt—a security researcher at NYU—set up a honeypot. On August 18 he tossed out a digital lure that masqueraded as a system containing one of the vulnerabilities.

Dolan-Gavitt used the Cisco zero-day -- one which the company is still unable to completely thwart -- for his honeypot. This exploit was in the hands of the NSA for at least three years and was never disclosed to Cisco. The security researcher saw one attack in the first 24 hours. Since then, there have been a handful of attacks mounted every day.

This is the end result of someone hacking the hackers. The Shadow Brokers have turned the agency's exploit toolkit into NSA Everywhere!™ -- the NSA's new "Inadvertent Disclosure" project. The hackers have divulged far more exploits than the NSA ever has, even with the (severely loopholed) "presumption of disclosure" mandate handed down by the Obama Administration.

The NSA -- and its defenders -- remain mostly unworried about this collateral damage. Presumably the nation is still secure, even if its companies and their customers aren't. I guess that's supposed to be good enough. Every war inflicts a toll on non-combatants, and the neverending War on Terror will be no different than the neverending War on Drugs in this respect.

But those at the top of the IC heap -- and those who work closely with them, like the FBI -- need to stop pretending the government can be trusted with keeping its most secret secrets secure. And officials need to stop applying pressure on lawmakers to craft encryption backdoor legislation, because this debacle should make it clear -- even to true believers like FBI director James Comey -- that any hole labeled "GOVERNMENT USE ONLY" isn't going to keep bad guys out forever.

24 Comments | Leave a Comment..

Posted on Techdirt - 29 August 2016 @ 8:24am

UK Gov't Report: Facebook, Twitter, And Google Are Pretty Much Unrepentant Terrorist Supporters

from the a-raging-hate-on,-disguised-as-an-official-report dept

The internet is for porn terrorism.

That's according to a report by the UK's Home Ministry, which claims the medium is inseparable from the message, especially if it's a US tech company.

Facebook, Twitter and Google and are deliberately failing to stop terrorists from using their websites to promote terrorism because they believe it will "damage their brands", MPs have warned.

MPs warned that social media websites are becoming the "vehicle of choice" for spreading terrorist propaganda but websites are policing billions of accounts and messages with just a "few hundred" employees.

I'm pretty sure giving terrorists free rein is more "damaging" to "brands" than the current status quo. Sure, chasing terrorists off the internet is just another form of whack-a-mole, but it's not as though these companies aren't trying. Facebook's policing of content tends to lean towards overzealous. Twitter just removed over 200,000 terrorist-related accounts. And as for Google, it's busy bending over backward for everyone, from copyright holders to a few dozen misguided governments. But the internet -- including terrorists -- perceives censorship as damage and quickly routes around it.

The argument can be made (and it's a pretty good argument) that it might be more useful to have terrorists chatting on open platforms where they can easily be monitored, rather than pushing them towards "darker" communications methods. But it's tough to reason with lawmakers who find big corporations to be the easiest targets for their displeasure.

And, really, their complaints are nothing more than a cheap form of class warfare, one that tacitly asks millions of non-terrorist internet users to sympathize with a government seeking to gain more control over the platforms they use.

Keith Vaz, the chairman of the committee, said: "Huge corporations like Google, Facebook and Twitter, with their billion-dollar incomes, are consciously failing to tackle this threat and passing the buck by hiding behind their supranational legal status, despite knowing that their sites are being used by the instigators of terror."

That's what the MPs are really seeking: a way to carve off a slice of these billion-dollar incomes. Vaz fears the "Wild West" internet (one filled with Middle Eastern desperadoes, apparently…) because it's "ungoverned" and "unregulated." If both of those "problems" are fixed, he'll presumably be able to sleep better -- perhaps warmed by the flow of a new revenue stream or soothed by an expansion of his government's powers. Either way, these companies should have to shoulder the blame for terrorism's continued existence.

Some might make the argument that the government isn't doing enough to fight terrorism. After all, "billions" of dollars go towards this battle every year, and every year nothing appears to change.

The report points specifically to the supposedly "low" number of employees policing posted content.

"It is alarming that these companies have teams of only a few hundred employees to monitor networks of billions of accounts..."

Apparently, these billion-dollar companies are expected to move towards a 1:1 ratio of moderators to users. Vaz also claims these companies need to take a "no questions asked" attitude towards law enforcement demands to have content taken down. If so, perhaps the UK government should start hiring more law enforcement officers and move the needle more towards a 1:1 ratio of constables to internetizens… or at least a 1:1 ratio of constables to platform content moderators.

The report also points to various "failures" within the UK government, suggesting anti-terrorism laws just aren't quite strict enough. It notes that police have allowed alleged terrorists to leave the country while on bail because they haven't seized their passports. And an official from Scotland Yard asserts -- with wording that suggests the UK doesn't have quite enough restraints on speech yet -- that existing laws can't shut down the sort of thing the report complains that Google, Facebook, and Twitter aren't shutting down quickly enough: namely, posts by Anjem Choudary, a "hate preacher" who was convicted of supporting the Islamic State.

Richard Walton, the former head of Scotland Yard's counter terrorism command, today warns that existing British laws would not prevent preachers who followed Choudary's example and acting as "radicalisers".

Obviously, the answer is MORE LAWS. That should fix it. That and blaming tech companies for third-party content, something they already police about as well as they can, considering the number of users on their respective platforms. It's always handy to have a scapegoat to beat like the dead horse these arguments are, especially when the scapegoat can mixed-metaphorically be portrayed as fat cats electro-fiddling while social media burns.

25 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2016 @ 11:20pm

Germany Interior Minister Pushing For Deployment Of Facial Recognition Software In Public Areas

from the StasiTV dept

Facial recognition software is the wave of the future present. The FBI -- acting without a required Privacy Impact Assessment -- rolled out its system in 2014, finding that a 20% false hit rate was good enough for government (surveillance) work.

Following in the footsteps of Facebook, governments slanting towards the authoritarian side (that's you, Russia!) have deployed facial recognition software to help ensure its citizens are stripped of their anonymity.

Other governments not so seemingly bent on obedience to the state have done the same. UK law enforcement has quietly built a huge facial recognition database and Brazil experimented with police equipment that would turn officers into Robocops -- providing real-time facial recognition to cops via some sort of Google Glass-ish headgear. If what we know about facial recognition software's accuracy rates holds true, the goggles will, indeed, do nothing.

Germany has maintained an arm's-length relationship with its troublesome past. The Stasi and Gestapo's lingering specters still haunt current legislators, occasionally prompting them to curb domestic surveillance efforts. Concerns for the privacy of its citizens has also sometimes resulted in the government making angry noises at tech companies it feels are overstepping their boundaries.

Four years ago, it demanded Facebook destroy data on German citizens in its facial recognition database. Judging from the current push by German officials, it could just be thata the government didn't want any competition.

Speaking to the Bild am Sonntag newspaper, [Interior Minister] Thomas de Maiziere said internet software was able to determine whether people shown in photographs were celebrities or politicians.

"I would like to use this kind of facial recognition technology in video cameras at airports and train stations. Then, if a suspect appears and is recognised, it will show up in the system," he told the paper.

This move towards a more Stasi-esque surveillance system is, of course, prompted by recent terrorist attacks in Germany. Nothing propels bad legislation and lowers the price on domestic surveillance real estate more efficiently than tragedies -- especially those "claimed" after-the-fact by members of the Islamic State.

For those more concerned with lonely baggage, the government is all over that, too.

He said a similar system was already being tested for unattended luggage, which the camera reports after a certain number of minutes.

The lesson here is never forget where you set down your duffel bag -- unless you like watching it being detonated by security teams from a safe distance.

As for the dystopian future awaiting Germans as their government does all it can to help the terrorists win, the Interior Minister offers this shrug of a statement:

"We will have to get used to increased security measures, such as longer queues, stricter checks or personal entry cards. This is tedious, uncomfortable and costs time but I don't think it's a limitation of personal freedom," he said.

Longer lines and more "papers, please" -- just the sort of thing that will push memories of Nazi Germany and the Berlin Wall into the background.

23 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2016 @ 10:51am

To The NSA, The Word 'Security' Is Synonymous With 'Gaping, Unpatched Holes In US Developers' Software'

from the Vulnerability-EXPLOITATION-Process dept

A former Defense Intelligence Agency officer has taken to LinkedIn to point out to all of us griping about the broken Vulnerability Equities Process -- exposed by hackers holding NSA zero-days -- have it all wrong. Michael Tanji says the NSA isn't here to protect developers from malicious attacks. It never was and it's never going to be.

Intelligence agencies exist to gather information, analyze it, and deliver their findings to policymakers so that they can make decisions about how to deal with threats to the nation. Period. You can, and agencies often do, dress this up and expand on it in order to motivate the workforce, or more likely grab more money and authority, but when it comes down to it, stealing and making sense of other people’s information is the job. Doing code reviews and QA for Cisco is not the mission.

Suck it up, Cisco. That gaping hole uncovered by the Shadow Brokers was discovered at least three years ago by the NSA and if it chose not to tell you about it, it had its reasons. Namely: national security.

The Obama administration made sympathetic noises in the wake of the Snowden leaks, suggesting the NSA err on the side of disclosure. It simultaneously gave the agency no reason to ever do that by appending "unless national security, etc." to the statement.

But part of the phrase "national security" is the word "security." (And the other part -- "national" -- suggests this directive also covers protecting US companies from attacks, not just the more amorphous "American public.") Allowing tech companies who provide network security software and hardware to other prime hacking targets to remain unaware of security holes doesn't exactly serve the nation or its security. So, while Tanji may claim the NSA isn't in the QA business, it sort of is. The thing is the NSA prefers to exploit QA issues, rather than give affected developers a chance to patch them.

And if an NSA operative left behind a bag of tech tools in a compromised server, it really doesn't do much for the argument that the government can be trusted with encryption backdoors -- the sort of thing FBI Director James Comey is still hoping will materialize as a result of his never ending "going dark" sales pitch. Julian Sanchez, writing for Cato, points out the NSA's mistake should lead to some pretty severe trust issues.

This hack also ought to give pause to anyone swayed by the government’s assurances that we can mandate government backdoors in encryption software and services, allowing the “good guys” (law enforcement and intelligence agencies) to access the communications of criminals and terrorists without compromising the security of millions of innocent users. If even the NSA’s most closely guarded hacking tools cannot be secured, why would any reasonable person believe that keys to cryptographic backdoors could be adequately protected by far less sophisticated law enforcement agencies? The Equation Group hack is a disturbingly concrete demonstration of what network security experts have been saying all along: Once you create a backdoor, there is no realistic way to guarantee that only the good guys will be able to walk through it.

So, that's one huge problem with both the hoarding of exploits and the NSA's refusal to actually participate in the Vulnerability Equities Process. The definition the NSA has chosen for "national security" doesn't mesh with statements made by its cybersecurity overseers.

Back in 2014, federal cybersecurity coordinator Michael Daniel insisted in a post on the White House blog that the process is strongly weighted in favor of disclosure. The government, he assured the public, understands that “[b]uilding up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest.”

Maybe things have changed in the past couple of years, but they haven't changed as much as Michael Tanji claims. He states that the NSA is no longer charged with playing cyber-defense.

The one element in the intelligence community that was charged with supporting defense is no more. I didn’t like it then, and it seems pretty damn foolish now, but there you are, all in the name of “agility.” NSA’s IAD had the potential to do the things that all the security and privacy pundits imagine should be done for the private sector, but their job was still keeping Uncle Sam secure, not Wal-Mart.

That's simply not true. The NSA may secretly wish it had been completely rerouted to "attack" mode. That would more easily justify the hoarding of vulnerabilities and its ongoing refusal to hand over info to affected developers. But it's still supposed to be playing defense -- which means it has an obligation to both the American public who use software/hardware the NSA would rather see left unpatched, as well as the developers it's purposefully leaving open to malicious attacks.

The NSA has decided the best way to handle these competing directives is to muddy the waters by making them inseparable.

Because computers are now the easiest way to spy on people, and because everyone — even U.S. adversaries — uses the same Internet, there has long been what officials like to call a "healthy" or "creative" tension between the foreign espionage mission and the information assurance mission of the NSA.

Crudely put, the IA's cyber mission is to find security holes in Internet infrastructure and common software and patch them; the signals intelligence mission is to find the same holes and keep them open as long as possible so they can be used to spy on foreigners.

When the two directorates merge, some fear that the much larger and better funded signals intelligence mission will simply absorb the IA mission.

As it stands now, the offensive side of the NSA's cybersquad is roughly twice the size of its defensive team -- which clearly indicates which end of the equation the NSA believes is more important to its national security mission.

The NSA's actions in regards to the Vulnerability Equities Process shows it believes some forms of national security are more equal than others. It's far more interested in ensuring its collections continue to be fed than it is with patching security holes -- holes it has often created -- that affect millions of US citizens and dozens of hacker-tempting firms.

It also shows the government is not to be trusted when it demands "good guy only" access. It can't protect the backdoors it's already created and it has only the slightest interest in protecting the nation from the bad guys that will inevitably find its secret entrances.

21 Comments | Leave a Comment..

Posted on Techdirt - 25 August 2016 @ 3:33am

Canadian Law Enforcement Want Government To Force People To Turn Over Their Passwords

from the the-legislative-$5-wrench dept

Legislators and law enforcement (for the most part…) have been hesitant to demand companies build backdoors into their encryption schemes. The unwillingness to cross this government overreach line hasn't really tempered cursing of the impending darkness, however. That remains, largely propelled by a few of law enforcement's loudest mouths, who haven't seen a problem nerds can't solve, even after the nerds have told them repeatedly the problem (safely backdoored encryption) is unsolvable.

A lobbying group for Canadian law enforcement thinks it has the answer. Why mandate encryption backdoors when you can just utilize the "backdoor" built into every electronic device?

Canada's police chiefs want a new law that would force people to hand over their electronic passwords with a judge's consent.

The Canadian Association of Chiefs of Police has passed a resolution calling for the legal measure to unlock digital evidence, saying criminals increasingly use encryption to hide illicit activities.

The legislated human backdoor. Obviously, such a demand raises constitutional questions, even on that side of the border.

The chiefs' proposed password scheme is "wildly disproportionate," because in the case of a laptop computer it would mean handing over the "key to your whole personal life," said David Christopher, a spokesman for OpenMedia, a group that works to keep the Internet surveillance-free.

"On the face of it, this seems like it's clearly unconstitutional."

On this side of the border, such a mandate would also seem clearly unconstitutional, even though some courts have ruled that providing a passcode to unlock a device isn't testimonial -- even if what's on the unlocked device may prove to be incriminating.

The head of Royal Canadian Mounted Police echoes FBI Director James Comey's lament about (potential) evidence remaining out of reach of investigators. In fact, he pretty much quotes him directly.

There is nothing currently in Canadian law that would compel someone to provide a password to police during an investigation, RCMP Assistant Commissioner Joe Oliver told a news conference Tuesday.

Oliver said criminals -- from child abusers to mobsters -- are operating online in almost complete anonymity with the help of tools that mask identities and messages, a phenomenon police call "going dark."

Mandating the divulging of passwords relies on some very dubious assumptions. One, it assumes that any information still unseen by prosecutors or investigators is of evidentiary value -- hence the perceived need to force suspects to unlock devices. As was seen in the San Bernardino case, a lengthy court battle and a million-dollar payout to Israeli hackers recovered nothing of interest from the shooter's iPhone.

Second, it assumes law enforcement will use this power wisely and with restraint -- something that has historically been a problem for it. When an agency uses repurposed military technology (Stingrays) to (almost) hunt down fast food thieves, it's safe to assume forcing someone to expose their "whole personal life" by turning over a password is likely to result in the same sort of misuse… and abuse. It won't be reserved for the "worst of the worst" criminal suspects and will likely be legislated into existence without enough statutory restrictions to prevent device seizures incident to even the most innocuous of arrests to be viewed as evidentiary fishing expeditions.

The only standing between this law (if it becomes law) will be Canada's judges. While some judges may be unwilling to expose a person's entire life just because law enforcement swears it's necessary, others will be more amenable. Bring on the forum shopping!

38 Comments | Leave a Comment..

Posted on Techdirt - 24 August 2016 @ 4:07pm

FISA Court: Government Can Collect Content Along With Dialing Data Using Pen Register Orders

from the national-security-says-the-rules-don't-apply dept

The Director of National Intelligence's office has cleared another FISA court opinion [PDF] for release. These are getting far more interesting to read, even if little seems to be changing about the FBI/NSA's collection methods. The process is now a little bit more adversarial, thanks to the USA Freedom Act, which introduced the possibility of someone arguing on behalf of the surveilled and in the interest of privacy and the Fourth Amendment.

Unfortunately, this opinion finds the FISA court mostly unimpressed with the counterarguments. The discussion involved the use of pen register orders to capture "post-cut through" dialing digits -- the sort of thing the court determined to be content, rather than metadata in the past.

This time around, the court seems more amenable to the government's arguments that any digits obtained along with dialed phone numbers is fair game -- whether or not the orders actually allow for the collection of communications content.

The government claimed it had no technical ability to capture only dialing information. Everything entered on a phone keypad would make its way back to government with the pen register. Past the point of interception, the government was supposed to discard the extra digits because they might be considered content. This is what the court determined in 2006:

The court “had made modifications to the government’s proposed pen register orders,” reads the biannual report to Congress obtained by EPIC. “Although the [FISA Court] has authorized the government to record and decode all post-cut-through digits dialed by the targeted telephone, it has struck the language specifically authorizing the government to make affirmative investigative use of possible content” unless permission is specifically granted by the court.

A decade later, the FISA court is seeing things differently.

We have reviewed the record and considered briefs from the government and from amicus curiae appointed by the court under 50 U.S.C. 1803(i) to present argument in this matter. We conclude that section 1842 authorizes, and the Fourth Amendment to the Constitution of the United States does not prohibit, an order of the kind described in the certification. Read fairly and as a whole, the governing statutes evince Congress's understanding that pen registers and trap-and-trace devices will, under some circumstances, inevitably collect content information. Congress has addressed this difficulty by requiring the government to minimize the incidental collection of content through the employment of such technological measures as are reasonably available -- not by barring entirely, as a form of prophylaxis, the use of pen registers and trap-and~trace devices simply because they might gather content incidentally.

Nor does an order authorizing such surveillance run afoul of the Fourth Amendment's guarantee against unreasonable searches and seizures. The warrant requirement is generally a tolerable proxy for "reasonableness" when the government is seeking to unearth evidence of criminal wrongdoing, but it fails properly to balance the interests at stake when the government is instead seeking to preserve and protect the nation's security from foreign threat. We therefore hold that surveillance of this type may be constitutionally reasonable even when it is not authorized by a probable-cause warrant. We further hold, on the facts presented here, that the order under review reasonably balances the investigative needs of the government and the privacy interests of the people.

In other words, the Fourth Amendment is perfectly fine for criminal investigations, but doesn't really apply to national security investigations. Not really a comforting place to draw the line, considering the FBI's shift in focus from law enforcement to becoming the NSA's unofficial domestic wing over the past 15 years.

The problem with the removal of restrictions the court had erected earlier is that this decision doesn't just influence the collection of dialed digits through pen register orders. Other metadata collected from other forms of communications are also affected by this ruling, as is pointed out by Marc Zwillinger, the court-appointed amicus acting on behalf of the Fourth Amendment and the general public.

The amicus curiae contends that if the government's argument were applied to Internet pen registers, the government could collect information generated by a wide variety of activities on the Internet, including searching, uploading documents, and drafting emails.

The court leaves it up to Congress to solve the problem -- which to a certain extent it has. The laws surrounding pen register orders have been updated periodically, but the most recent changes are still more than 20 years old: the Communications Assistance for Law Enforcement Act (CALEA) was passed in 1994. At that point, Congress added statutory language that said the FBI, et al, must use "technology reasonably available to it" to restrict the recording/decoding of post-cut-through digits. Twenty years later, the government is still claiming it has no way of limiting this collection. I guess "nerd harder" is only applicable to the private sector.

The point made by Zwillinger isn't some form of privacy advocate paranoia. The Patriot Act allowed pen register orders to be deployed to capture internet metadata. As is pointed out in the opinion, Sen. Patrick Leahy expressed concern over this broadened collection and noted that without additional restrictions, the new law could be read as allowing the interception of a broad range of content, rather than just routing information. The court, however, interprets Congress's minimal actions post-Patriot Act as being indicative of its support for the collection of content (however inadvertently) with pen register orders. In fact, it goes so far as to claim the stipulations Congress did enact did not narrow the breadth of the collections, but rather only prevented the definition from being expanded further than it already had been.

According to the FISA court, the national security ends justify the Fourth Amendment-bruising means.

[T]he relevant statute at issue in this case authorizes the use of a pen register "to protect against… clandestine intelligence activities." 50 U.S.C. 1842(a)(1). Pursuant to that statute, the government seeks to monitor the dealings of a person, currently in the United States, who is suspected of collecting intelligence in the service of a foreign power. The purpose of the proposed monitoring is the preservation of national security. Few government interests are of a higher order. The interest at stake is no less -- and may even be greater -- for the foreign agent's being present in this country. And were we to insist on a showing of probable cause and the issuance of a judicial warrant in this setting, we would impede the Executive's ability to bring to bear against the threat those faculties -- "stealth, speed, and secrecy" -- needed to secure the nation's well-being in this most fundamental and sensitive of government endeavors.

The streak continues. The Fourth Amendment is mostly null and void when it comes to national security, whether it's the FBI using pen register orders to collect communications content or the DHS/CBP pawing through electronics/traveling dozens of miles from the border to hassle inland citizens.

Read More | 17 Comments | Leave a Comment..

Posted on Techdirt - 24 August 2016 @ 2:32pm

Arrest Warrant Issued For District Attorney Involved In DEA's California Wiretap Warrant Mill

from the DEA-DOA dept

Former Riverside District Attorney Paul Zellerbach is in trouble, as Brad Heath and Brett Kelman report for The Desert Sun.

A judge issued an arrest warrant Tuesday for former Riverside County District Attorney Paul Zellerbach after he failed to appear at a court hearing to answer questions about an eavesdropping operation so vast it once accounted for nearly a fifth of all U.S. wiretaps.


"He should have been there," said Jan Ronis, the attorney who subpoenaed Zellerbach. "But he just blew us off. We could have had court today."

It's not uncommon for Zellerbach to go missing when people need him. When Zellerbach ran the DA's office, he was rarely there. The DEA found his office to be just as accommodating, with or without him, though. Although the DEA was supposed to run its wiretap warrant requests through federal judges and have them signed by the district attorney himself, it often found it easier to obtain a signature from whoever happened to be at the office and run them by Riverside County judge Helios Hernandez, who approved five times as many wiretap applications as any other judge in the US.

The wiretap applications' reach frequently exceeded their jurisdictional grasp, traveling far outside of Riverside County, California, to be deployed against suspects as far away as North Carolina. But that was only one issue with the warrants applications approved by Zellerbach's office.

The DOJ's lawyers didn't like the DEA's skirting of federal rules for wiretap applications.

"It was made very clear to the agents that if you're going to go the state route, then best wishes, good luck and all that, but that case isn't coming to federal court," a former Justice Department lawyer said.

"They'd want to bring these cases into the U.S. Attorney's Office, and the feds would tell them no (expletive) way," a former Justice Department official said.

California's wiretap laws weren't being followed either, thanks to Zellerbach holding office in absentia.

Riverside County’s former district attorney, Paul Zellerbach, has acknowledged that he allowed lower-level lawyers to do that job, saying he could not recall ever having reviewed a wiretap application himself. Four of the wiretaps in the Kentucky case were approved by one of Zellerbach’s assistants, and one was approved by an assistant to his successor.

Now, the DEA's toxic and possibly illegal wiretap warrants are being challenged, now that defense lawyers know exactly how much -- and how often -- state and federal requirements were being skirted by the drug warriors. That's what has led to Zellerbach's arrest warrant.

The first challenge, filed in Kentucky, led a federal judge to say that Riverside had issued so many wiretaps “that constitutional requirements cannot have been met.” The second challenge, filed locally, led to the warrant being issued for Zellerbach.

Zellerbach was subpoenaed to appear in the case of Christian Agraz, 33, an accused drug trafficker who was allegedly caught on a wiretap selling bricks of heroin in 2014.

The former DA did not appear at the hearing in the Agraz case on Tuesday morning, so Judge Michele Levine issued a bench warrant and assigned a bail of $1,500.

The constitutional requirements say Zellerbach was supposed to sign each wiretap application personally. Paul Zellerbach can't recall approving a single one of the hundreds that flowed through his office over the years.

The DEA's Riverside County-centric drug war looks like it's going to result in several cases being tossed out. Fortunately, the DEA still can keep everything it's claimed via civil asset forfeiture, which makes good busts out of bad ones and makes obtaining convictions entirely optional.

23 Comments | Leave a Comment..

Posted on Techdirt - 24 August 2016 @ 1:05pm

Baltimore PD Can Keep Tabs On The Entire City, Thanks To Privately-Donated Aerial Surveillance System

from the thanks-for-flying-Air-Baltimore dept

When all you have is repurposed war gear, everything looks like a war zone.

It's not just the Pentagon handing out mine-resistant vehicles and military rifles to any law enforcement agency that can spell "terrorism" correctly on a requisition form. It's also the FBI acting as a gatekeeper (and muzzle) for cell phone-tracking hardware originally developed for use in Iraq and Afghanistan.

The latest addition to the pantheon of "war gear, but for local law enforcement" is aerial surveillance. While this sort of surveillance is nothing new -- police have had helicopters for years -- the tech deployed to capture recordings is.

Bloomberg has a long, in-depth article on aerial surveillance tech deployed by the Baltimore Police Department -- all without ever informing constituents. Baltimore isn't the first city to deploy this repurposed military tech. The Los Angeles Sheriff's Department gave the same gear a test run back in 2014. The LASD also did little to inform the public about its purchase, claiming that people might get paranoid and/or angry if they knew.

Baltimore's acquisition of Persistent Surveillance Systems' 192-million megapixel eye in the sky also occurred under the cover of governmental darkness. The tech was given to the police and paid for by a private donor -- which kept the public out of the loop and any FOIA-able paper trail to a minimum.

Last year the public radio program Radiolab featured Persistent Surveillance in a segment about the tricky balance between security and privacy. Shortly after that, McNutt got an e-mail on behalf of Texas-based philanthropists Laura and John Arnold. John is a former Enron trader whose hedge fund, Centaurus Advisors, made billions before he retired in 2012. Since then, the Arnolds have funded a variety of hot-button causes, including advocating for public pension rollbacks and charter schools. The Arnolds told McNutt that if he could find a city that would allow the company to fly for several months, they would donate the money to keep the plane in the air. McNutt had met the lieutenant in charge of Baltimore’s ground-based camera system on the trade-show circuit, and they’d become friendly. “We settled in on Baltimore because it was ready, it was willing, and it was just post-Freddie Gray,” McNutt says. The Arnolds donated the money to the Baltimore Community Foundation, a nonprofit that administers donations to a wide range of local civic causes.

The cameras are able to capture activity across the city. The resolution may seem high, but the area covered by the cameras still makes individuals nearly unidentifiable. What it does do is provide a wide-angle look at the movements of these humans reduced to pixels by current tech limitations. Rather than just provide a closer inspection of certain areas, the scope of what's captured allows law enforcement to rewind their way through people's lives, seeing where certain pixels go and what pixels they interact with… and where those pixels go. The ability to trace movements backward can provide law enforcement with details on where criminal activities originate and where possible co-conspirators might be located. It also helps officers track down suspects who have fled from crime scenes.

While it's certain to provide some investigative use, it also gives the Baltimore PD an unprecedented overview of entire neighborhoods for it to peruse in hopes of discovering something that justifies its deployment. It expended zero manhours informing the public, however, before putting it to use. The BPD is already facing heat due to the unconstitutional deployments (multiple thousands of them) of its Stingray devices. Now it has another bit of questionable war tech in use and it's still refusing to discuss it.

Where the city stands in this approval process -- if there even was one -- remains a mystery. City officials aren't discussing the surveillance tech either. If there was any oversight of the high-tech donation, no records have surfaced.

The only party that seems comfortable talking about the surveillance tech is the person behind Persistent Surveillance Systems, Ross McNutt.

McNutt often says that when he stares into the computer monitors, the dots moving along the sidewalks and streets are mere pixels to him. Nothing more. If anyone else wants to project identifying features onto them—sex, race, whatever—that’s their doing, not his. Even as the technology advances and the camera lenses continue to get more powerful, he says, his company will choose to widen its viewing area beyond the current 30 square miles rather than sharpen the image resolution. He’s exasperated when his system is criticized not for what it does, but for its potential.

The potential is the problem. Surveillance systems like these are prone to both feature creep and mission creep. If they're already being deployed secretly, the chances for abuse move from merely "probable" to "almost inevitable." McNutt may be extremely open about his tech and its capabilities, every law enforcement agency that has made use of it has been the polar opposite. And when private donors skirt procurement processes and other red tape by purchasing surveillance tech for law enforcement agencies, a certain amount of accountability disappears.

If an agency feels it's counterproductive to gauge public sentiment before deploying more surveillance tech, the least it can do is keep them informed about upcoming changes. But the Baltimore PD did none of that. It simply took its expensive surveillance gift and put it to work.

41 Comments | Leave a Comment..

Posted on Techdirt - 24 August 2016 @ 10:39am

Bogus Defamation Lawsuit With Fake Defendant Results In Negative Reviews Of Dentist Being Taken Down

from the yet-another-abuse-of-the-legal-system dept

Earlier this year, complaint site Pissed Consumer noticed a disturbing new trend in the dark art of reputation management: unnamed rep management firms were using a couple of lawyers to run bogus defamation lawsuits through a local court to obtain court orders demanding the removal of "defamatory" reviews.

What was unusual wasn't the tactic itself. Plenty of bogus defamation lawsuits have been filed over negative reviews. It's that these lawsuits were resolved so quickly. Within a few weeks of the initial filing, the lawsuit would be over. Each lawsuit improbably skipped the discovery process necessary to uncover anonymous reviewers and proceeded straight to judgment with a (bogus) confessional statement from each "reviewer" handed in by the "defamed" entity's lawyer for the judge's approval. Once these were rubber stamped by inattentive judges, the lawyers served Google with court orders to delist the URLs.

To date, no one has uncovered the reputation management firm behind the bogus lawsuits. In each case, the companies purporting to be represented by these lawyers were shells -- some registered as businesses on the same day their lawsuits were filed.

It's one thing to do this sort of thing from behind the veil of quasi-anonymity afforded by the use of shell companies. It's quite another to file a bogus lawsuit with an apparently forged signature (of the supposed defamer) under your own name. But that's exactly what appears to have happened, as detailed in this post by Public Citizen's Paul Alan Levy.

In addition to posting his reviews of Mitul Patel on Yelp, [Matthew] Chan posted on RateMDs, and about his unsatisfactory experiences with Dr. Patel.   Chan’s is but one of a number of negative reviews directed at Patel on these various sites, but Patel apparently took particular umbrage at this one: he filed a pro se libel action claiming, in highly conclusory terms, that the reviews were false and defamatory.

It doesn't get much more conclusory than this filing [PDF], which runs only three pages -- with one page containing nothing more than a date and a signature. The complaint lists the URLs of Chan's reviews, says they're defamatory... and that's basically it. No part of the reviews are quoted as evidence of defamation. The filing simply declares every review defamatory and demands an injunction. But that's the kind of detail you can omit when you know you're never going to have to confront the accused in court.

[I]nstead of suing Chan in Georgia, Patel filed in the circuit court for the city of Baltimore, Maryland, a court that would ordinarily have no personal jurisdiction over a Georgia consumer sued for criticizing a Georgia dentist. Patel justified suing there by identifying “Mathew Chan” as the defendant – note that the spelling of the given name is slightly different – and alleging that this Mathew Chan “maintains a primary residence located in Baltimore, Maryland.”

There's a problem with both the defendant named and the primary address. The name is misspelled, perhaps deliberately so. The address listed in the complaint is completely bogus.

The fact that the both the online docket for the case, and the “consent motion for injunction and final judgment” bearing a signature for “Mathew Chan,” list his address as 400 East Pratt St. in Baltimore implies to me that this is a case of deliberate fraud, because so far as I have been able to determine, 400 East Pratt Street is a downtown building that contains only offices, retail establishments and restaurants, but no residences.   

Despite these deficiencies, the lawsuit made it past a judge because it contained a supposed mea culpa from "Mathew Chan" of "400 East Pratt Street" admitting to the defamatory postings. This motion with the bogus signature and admission was approved by judge Philip S. Jackson, who also instructed "Mathew Chan" to issue notices to search engines to delist the URLs if removing the original reviews proved impossible.

The real Matthew Chan -- who posted the reviews -- had never heard of the lawsuit until after the injunction had already been approved and served. Yelp notified him of the court order it had received. Chan, who still lives in Georgia as far as he can tell, informed Yelp of the situation and the review site decided to reinstate his review. Other sites, however, took the order at face value and removed the reviews. It appears Yelp was the only site to reach out to Chan when presented with the court order -- something that doesn't exactly bode well for users of other review sites. If sites protected by Section 230 are in this much of a hurry to remove content, they're really not the best venues for consumers' complaints.

Somewhat surprisingly, Levy received a response (of sorts) from Mitul Patel's lawyer. They claim this is the first they've heard of the lawsuit filed in Patel's name targeting negative reviews of Patel's dentistry. This wasn't delivered in a comment or statement, but rather in the form of a retraction demand [PDF]. The opening paragraphs are inadvertently hilarious.

This letter is to advise you that I have been retained to represent Mitul Patel, DDS, regarding the contents of your blog, dated Friday, August 19, 2016, entitled "Georgia Dentist Mitul Patel Takes Phony Litigation Scheme to New Extremes Trying to Suppress Criticism".

Based upon a review of your blog, which has unfortunately gone viral, please be advised that the contents of your blog are grossly inaccurate, factually incorrect, and were obviously written for no other purpose but to gain publicity for your blog, and to willfully damage the name and reputation of Dr. Patel.

First, there's the pain of being Streisanded, embodied in the phrase "has unfortunately gone viral." That's the sort of thing that happens when negative reviews are mysteriously injunctioned into the cornfield. Then there's the stupid accusation the Streisanded hurl at those who expose questionable -- and possibly fraudulent -- behavior: that it was motivated by a thirst for internet points. The first statement is merely sad. The second is mostly just tiresome.

The retraction demand goes on to claim that this is the first Mitul Patel has heard of the lawsuit (filed in his name) as well. While this would seem unlikely, Levy points out that a reputation management company could have created plausible deniability by filing a pro se lawsuit under Patel's name (its own kind of fraud) but without notifiying him that this is how it poorly and illegally handles its reputation-scrubbing duties. Unfortunately for Patel, whoever was hired to do this has done further damage to the dentist's reputation while presumably charging him for making things better.

Levy, of course, will not be retracting the post. His response to the demand letter points out that it's rather curious no disavowal was made until after the blog post "unfortunately went viral."

I was not persuaded, however, by your suggestion that I should "retract" the blog post or apologize for it. After all, you acknowledge that much of what I had to say on the blog was true. But I also have qualms about your assertion that, before my blog post was published, Patel had no knowledge of the lawsuit in Baltimore, for two reasons. First, in the course of investigating before I published my article, I obtained from Yelp copies of emails from Mitul Patel to Yelp, attaching the Baltimore court order and asking that Chan's Yelp comments be deleted. I attach the copies of these emails. Yelp has told me that Patel used [email address retracted], the same email address that [rest of sentence retracted]. Unless the email addresses were spoofed, those emails suggest that your client knew about the court order and was trying to take advantage of it.

Moreover, before I posted my article on the blog, I placed two telephone calls to Patel's dental clinic to try to speak with him about the lawsuit; I told his receptionist why I was calling. In addition, on Wednesday, August 17, I sent your client an email message mentioning his lawsuit against Chan and spelling out my concerns. Although he did not call me back and did not reply to the email, I trust he saw the messages before I published my article on Friday.

Levy goes on to point out that it seems strange someone or some company would pay a $165 filing fee to file a bogus defamation lawsuit for Patel without ever informing him it was doing so. The only motivation possible would be a shady reputation management company engaging in shadier tactics because Patel's paying it more than it's shelling out in filing fees. Levy has requested Patel provide him the name of anyone he's hired to do reputation cleanup work or perform SEO optimization on his behalf.

So, it's not just DMCA notices being abused to "protect" dishonest entities' reputations. It's also the legal system, where there's very little compelling lower level judges to spend a few minutes scrutinizing bare bones complaints (and injunction motions) handed to them by shady plaintiffs.

Read More | 37 Comments | Leave a Comment..

Posted on Techdirt - 24 August 2016 @ 3:22am

Russia's Hackathon Continues, Targeting The New York Times And Other News Agencies

from the all-up-in-the...-everything dept

If this keeps up, the list of entities not hacked by Russian intelligence will be shorter than the list of those who have. [Caution: autoplay annoyance ahead.]

Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at the New York Times and other US news organizations, according to US officials briefed on the matter.

The New York Times has brought in investigators to "assess the damage." If anything truly damaging was obtained during the hack, there's a good chance we'll all get a chance to see it. While national security investigators are theorizing that the Russian hackers' targeting of non-government organizations is designed to give them a look at the government's inner workings without actually having to breach a government server, there's also the possibility that this hacking is more aligned with the focus of the Democratic National Committee hack: to find something potentially embarrassing and publish it for the world to see.

According to the CNN article, Clinton's campaign believes the DNC hack was politically-motivated. Hardly unsurprising, considering most Russian hacking attempts are propelled by politics. The claim that Russia wants Trump to win the election isn't an entirely outlandish theory. If so, the hacking of news agencies may be similarly motivated. The press hasn't been shy about pointing out Trump's lies and bad behavior, so it could be hackers are seeking communications pointing to an anti-Trump conspiracy.

It's likely they'll find evidence that fits this description, but it's hardly a conspiracy, no matter how theorists choose to spin it. Donald Trump is an exceptional presidential candidate -- and not in the most favorable definition of that term. While most candidates would at least pay lip service to presenting a unified front, Trump has been intentionally divisive, setting up "us vs. them" narratives that go beyond simple Republican vs. Democrat terms and deep into the party he supposedly represents.

Beyond the alleged backing of Trump, there's more to be gained than simply pointing out the media's transparent disdain for the Republican candidate. There are also leaked -- but unreleased -- documents stored on agencies' servers.

News organizations are considered top targets because they can yield valuable intelligence on reporter contacts in the government, as well as communications and unpublished works with sensitive information, US government officials believe.

It could very well be that the Russian government is seeking to provoke a cyberwar, utilizing hackers to fire its opening salvos. There's also money to be made -- on both sides -- from a variety of cybersecurity firms who will do all they can to turn high-profile hacking into a multi-decade cyber-Cold War that will provide them with plenty of lucrative contracts. So, instead of seeing these attacks as a very normal state of affairs, hyperbolic theorizing will take precedence over more measured responses.

27 Comments | Leave a Comment..

Posted on Techdirt - 23 August 2016 @ 11:45am

FBI Apparently Made Darkweb Child Porn Site Faster During Its Hosting Of Seized Server

from the porn-harder! dept

Another FBI/Playpen/NIT case has moved to the point of a motion to dismiss. The lawyer for defendant Steven Chase is arguing the government should abandon its prosecution because the FBI's activities during its conversion of child porn site Playpen into its own Rule 41-flouting watering hole were "outrageous." What did the FBI do (besides traveling beyond -- far beyond -- the warrant's jurisdiction to strip Tor users of their anonymity) to merit this accusation? It made Playpen a better, faster child porn website. Joseph Cox reports for Motherboard:

Newly filed court exhibits now suggest that the site performed substantially better while under the FBI's control, with users commenting on the improvements. The defense for the man accused of being the original administrator of Playpen claims that these improvements led to the site becoming even more popular.

“The FBI distributed child pornography to viewers and downloaders worldwide for nearly two weeks, until at least March 4, 2015, even working to improve the performance of the website beyond its original capability,” Peter Adolf, an assistant federal defender in the Western District of North Carolina, writes in a motion to have his client’s indictment thrown out.

The government generally isn't known for efficiency or immediate improvements, but the filing [PDF] points out that the gains were exponential.

From there the FBI distributed child pornography to viewers and downloaders worldwide for nearly two weeks, until at least March 4, 2015, even working to improve the performance of the website beyond its original capability. As a result, the number of visitors to Playpen while it was under Government control from an average of 11,000 weekly visitors to approximately 50,000 per week. During those two weeks, the website’s membership grew by over 30%, the number of unique weekly visitors to the site more than quadrupled, and approximately 200 videos, 9,000 images, and 13,000 links to child pornography were posted to the site.

A better child porn site, brought to thousands of criminal suspects all over the world by your tax dollars. What a time to be alive!

The motion to dismiss points out that making it easier and faster to download child porn images runs contrary to assertions the government has made in support of prosecutions and stricter penalties for child porn viewers.

This behavior is all the more shocking because the federal government itself – in sentencing memoranda, online mission statements, reports to congress, press releases, and arguments before this very Court and many others – has repeatedly emphasized that victims of child pornography are revictimized each and every time their images are viewed online. Despite these frequent pronouncements, the government here made no attempt during the two weeks it was running the site to reduce the harm to innocent third party victims by limiting the ability for users to view or access the images. Indeed, government agents worked hard to upgrade the website’s capability to distribute large amounts of child pornography quickly and efficiently, resulting in more users receiving more child pornography faster than they ever did when the website was running “illegally.”

And once the images have been downloaded from a (faster) source, they can be redistributed elsewhere, furthering the damage done to victims of child pornographers. It really can't be argued that the ends justified the means.

Once the government seized the server hosting the Playpen site, it possessed a wealth of information it could use to criminally prosecute users without resorting to operating the site for two weeks. Even if the government wanted to deploy an NIT, it could have done so without also rendering the Playpen site functional. It could have, for example, disabled access to the images of child pornography, turned off the ability to upload pictures or videos, or even just run the site for a much shorter period of time.

Moreover, as noted above, the government has charged less than 1% of Playpen members, the same percentage of users it already had IP addresses for on the day it seized the site. It cannot be that the government may distribute child pornography to a thousand users for each user it catches, particularly when it already has the necessary information to identify the same number of users before it had distributes a single image.

The defense points to a message [PDF] posted to the forums after the site was seized by the FBI as evidence the agency improved the site to better serve users (with its NIT). A Playpen administrator's account stated the following on February 28th, eight days after it took control of the site.

I upgraded the Token Ring to Ethernet about an hour ago and things seem to be working a bit better.

This is what the FBI will do to further its investigations: it will become a better distributor of illegal material than the criminals it's going after. The filing notes that a conservative estimate of the number of images distributed during the FBI's two-week hosting stint sits around one million.

Also of note: throwaway email accounts are to be expected when users create accounts at child porn sites. But I honestly expected more from the President of the United States.

The motion makes good points about the FBI's apparently hypocritical child porn distribution and points out it had many options -- including disabling image downloads -- to pursue that would still have allowed it to serve up its NIT to the site's visitors. Unfortunately, courts have a hard time finding law enforcement activity to be "outrageous" enough to toss cases. And in this particular prosecution, it's the worst of the worst being prosecuted: a child porn viewer.

Read More | 41 Comments | Leave a Comment..

Posted on Techdirt - 22 August 2016 @ 11:27pm

Police Unions To City Officials: If You Want Good, Accountable Cops, You'll Need To Pay Them More

from the 5%-pay-raise-for-'not-making-things-worse' dept

Three police unions in different cities have come forward to insert their feet in their mouths following changes to department policies. The thrust of their terrible arguments? Cops should be paid more for doing their job properly.

In Cincinnati, officers are being outfitted with body cameras. This, of course, has sent the local Fraternal Order of Police into defense mode. The FOP sent a letter to the city stating that officers won't be wearing the cameras until they're given more money. The union apparently believes any increase in officer accountability should be accompanied by an increase in pay.

A lawyer for Fraternal Order of Police Lodge #69, Stephen Lazarus, sent the city a "cease and desist" letter, saying until pay for wearing the equipment has been decided, officers shouldn't wear them. He asked that the city cease the program by Wednesday at the latest, pending the bargaining process.

The city's mayor has already suggested he'd be willing to grant an across-the-board 5% pay increase, but the union wants additional pay on top of that, simply for wearing body cameras. The union insists that cameras will alter many facets of officers' day-to-day duties, which -- judging from other cities' experiences with body cameras -- apparently includes discovering ways of ensuring footage of questionable arrests and uses of force aren't captured by the recording equipment.

Meanwhile, down in San Antonio, policies affecting misconduct punishments are receiving similar demands from that city's police union.

The San Antonio Express-News reports that the San Antonio police union demanded higher pay in exchange for accepting changes to their collective bargaining agreement that would have delivered stricter discipline for officer misconduct.

The Express-News notes that right now “the contract limits how far back a chief can invoke prior misconduct in punishing an officer — no more than two years in most instances — and automatically reduces suspensions of three days or less to a reprimand after two years.”

Once again, a union is fighting officer accountability with increased salary demands. In both cases, neither union seems to understand (or care) how tone deaf these arguments are.

Police reform is needed because officers aren't doing what they're being paid to do, or they're doing it in a way that results in civil rights lawsuits and DOJ interventions. The main obstacle to reform appears to be police unions, which often seem to offer hardline opposition to minor changes that even most of those supposedly represented by the union don't agree with.

It would be one thing if law enforcement was a historically-underpaid profession. But it isn't. These demands are simply a way to make cash-strapped cities rethink plans to introduce more accountability into the process.

But it's not always the unions that are at fault. The rank-and-file has its own issues with increased accountability. The city of Boston is outfitting its officers with body cameras. The pilot program asked for volunteers to wear the recording devices. There were no takers.

When the City of Boston called on 100 volunteers from the police department to help pilot a body camera program, something very expected, predictable, and heard of happened: Nothing.

Even with $500 bonuses as a result of negotiations with their union, not a single police officer in Boston volunteered to wear a camera.

If no one responds when asked nicely, the optional aspect goes away.

Speaking during the monthly “Ask the Commissioner” segment on WGBH-FM’s Boston Public Radio on Tuesday, Boston Police Commissioner William B. Evans said that a consultant has selected officers of all ages and races from five sections of the city and the department’s Youth Violence Strike Force to wear the cameras for a six-month trial. Any officer selected who chooses not to wear the camera would be subject to disciplinary action, Evans said.

It's not as though the police union here decided to sit this one out. When no officers volunteered to wear the cameras, the union claims that randomly selecting officers somehow breaches the department's contract.

Boston Police Patrolman’s Association President Patrick M. Rose told the Herald that goes against the deal the union reached with the department, which he says specifically states participants must be volunteers.

“The selection process must be from volunteers,” Rose wrote in an email to the Herald, adding that the union still supports that agreement.

“To require non-volunteers to participate in the program would clearly violate the agreement,” he said. “The BPPA would hope that the City and the Department would honor its written agreement with the BPPA concerning (body cameras).”

The Boston Police chief saw it differently, however, pointing out that no volunteers stepping forward to take part in a voluntary program also violates the agreement.

Somewhat ironically, civil rights and accountability activists were skeptical of the volunteer pilot program, fearing that the only cops that would volunteer would be exemplary models of the law enforcement profession and unlikely to generate much footage of misconduct or abuse. What a relief it must be to discover the Boston PD has no officers that fit that description.

44 Comments | Leave a Comment..

Posted on Techdirt - 22 August 2016 @ 6:26am

Appeals Court Tosses Lawsuit Against Broadcasters For Violating Publicity Rights During Football Game Broadcasts

from the legal-fantasies-are-the-worst-fantasies dept

Javon Marshall -- a former college athlete spearheading a putative class action against several broadcasters for uncompensated use of his likeness -- has just seen the Sixth Circuit Appeals Court send him (and everyone "similarly situated") back home without a parting gift.

Marshall -- like many others who believe the mere existence of intellectual property protections entitles them to a paycheck -- sued a long list of broadcasters for allegedly violating the Lanham Act and the Tennessee "right of publicity" law by not paying him and other athletes for using his name and "image" in game broadcasts and advertising. Marshall also claimed the NCAA's waiver student-athletes sign is "vague and unenforceable." That may very well be, but that claim was never addressed by the plaintiff and the NCAA was never a defendant. It only served as an introduction to a long list of alleged violations [PDF] that the lower court determined to be baseless accusations.

The Appeals Court makes short work [PDF] of Marshall's attempt to have the lawsuit revived, pointing out in a wonderful opening paragraph just how unrealisitic his claims are. The first sentence alone indicates how far from legal reality Marshall's class action lawsuit strayed.

To state the plaintiffs’ theory in this case is nearly to refute it.

Going on, the court punches a dramatic hole in Marshall's flawed logic.

The theory begins with the assertion that college football and basketball players have a property interest in their names and images as they appear in television broadcasts of games in which the players are participants. Thus, the plaintiffs conclude, those broadcasts are illegal unless licensed by every player on each team. Whether referees, assistant coaches, and perhaps even spectators have the same rights as putative licensors is unclear from the plaintiffs’ briefs (and, by all appearances, to the plaintiffs themselves).

Very briefly addressing the plaintiff's arguments, the court waves them away in two sentences, offering its wholehearted support of the lower court's decision.

In any event, the plaintiffs seek to assert claims under Tennessee law, the Sherman Act, and the Lanham Act on behalf of a putative class of collegiate players nationwide. The defendants—various college athletic conferences and television networks, among others—responded in the district court with a motion to dismiss, which the court granted in a notably sound and thorough opinion.

The court goes on to call the plantiffs' claims under Tennessee law "legal fantasy," pointing out that the state's "right of publicity" specifically exempts sports broadcasts. The plaintiffs' common-law claim asserts a right never granted by the state. The Sherman Act antitrust claim fails because if a right doesn't exist, it can't be licensed in a noncompetitive fashion. The court saves its best comment for Marshall's trademark claim.

That leaves the plaintiffs’ claim under the Lanham Act, whose relevant provision bars the unauthorized use of a person’s name or likeness in commerce when doing so “is likely to cause confusion” as to whether the person endorses a product. 15 U.S.C. § 1125(a)(1)(A). The theory here is that if, say, ESPN shows a banner for “Tostitos” at the bottom of the screen during a football game, then consumers might become confused as to whether all the players on the screen endorse Tostitos. Suffice it to say that ordinary consumers have more sense than the theory itself does.

This futile lawsuit was perhaps encouraged by the relative success of a similar lawsuit against Electronic Arts for using the "likenesses" of players in its sports videogames. However, there's a crucial difference that factored into the Ninth Circuit Appeals Court's decision on behalf of the players: California's oft-abused "right of publicity" law which doesn't contain the same exemptions as Tennessee's. And in that case, there's still hope of a rehearing which might tilt the court towards finding California's law must defer to the First Amendment, rather than the other way around.

Read More | 5 Comments | Leave a Comment..

Posted on Techdirt - 22 August 2016 @ 3:22am

The NYPD's Third 'Forfeiture' Option: Call Seized Items 'Evidence;' Never Give Them Back

from the the-system-works dept

It's not just asset forfeiture being used by law enforcement to take property away from people. With civil asset forfeiture (as opposed to criminal asset forfeiture), property is deemed "guilty," even if its former possessors are not. Kaveh Waddell of The Atlantic is highlighting another way law enforcement agencies are taking possession of property: by calling it "evidence" and playing keep away with former defendants who've had their cases dismissed or have been acquitted.

Last summer, Kenneth Clavasquin was arrested in front of the Bronx apartment he shared with his mother. While the 23-year-old was being processed, the New York Police Department took his possessions, including his iPhone, and gave him a receipt detailing the items in police custody. That receipt would be his ticket to getting back his stuff after his case ended.

But the ticket is worthless. His case was dismissed but no one involved in the seizure of his items showed any interest in returning them. He brought the court's dismissal to the NYPD to retrieve his iPhone but the property desk claimed it was being held as "arrest evidence" -- even though there were no more criminal charges forthcoming. He was sent to the District Attorney's office to ask for permission to obtain the no longer needed "evidence," but the office was less than interested in helping him reclaim his belongings.

Clavasquin needed to get a release from the district attorney’s office stating that his property would no longer be needed for evidence. Over the following three months, he repeatedly called the assistant district attorney assigned to his case, but he neither got a release nor a written explanation of why he was being denied one.

Then, with the help of an attorney at the Bronx Defenders, a public-defender office that had been representing him since the day after his arrest, Clavasquin sent a formal written request for the district attorney’s release. He got no response.

Clavasquin's iPhone was seized in the summer of 2015. His case was dismissed in December. The phone is still in the possession of the NYPD while Clavasquin has continued making monthly service contract payments for a phone he can't use.

The article points out that this noxious blend of asset seizure and bureaucratic malaise affects "hundreds, if not thousands" of New York City arrestees. The city is now facing a class-action lawsuit over this process, filed by Clavasquin and two others with the help of Brooklyn Defenders. In these cases, neither form of asset forfeiture -- civil or criminal -- is being used. Instead, the NYPD is tying up possessions seized during arrests in miles of red tape, subverting what would appear from the outside to be a straightforward, two-step process: case dismissed, items returned.

Even if someone is able to move heaven, earth, and the District Attorney's office, that's not the end of the frustration. One thing most arrestees carry often disappears into the evidence locker as well, greatly increasing the difficulty of retrieving possessions.

The NYPD property clerk, which actually holds on to the items, requires two forms of ID before releasing any property. Drumming up two forms of ID can be difficult on its own, but it’s made harder still if the person’s wallet, which may contain a driver’s license, is in police custody. (The property clerk won’t count a seized license as a valid form of ID.)

Not only is the process labyrinthine, frustrating, and nonsensical, but there's a clock ticking the whole time. A person has 120 days from the point the criminal case has ended to demand return of their items from the NYPD. If their case has been dismissed, they have 270 days to secure the elusive release form from the DA's office -- something that explains the office's disinterest in answering phone calls, emails or letters asking for this piece of paper. Once the clock runs out, the city is free to auction off the seized property.

If the DA's office wants to put seized items into indefinite limbo, all it has to do is classify them as "investigatory evidence," which means they might be used at some point in future to further a criminal investigation. The DA's office has every reason to put seized items out of reach of their owners and very little compelling it to relinquish control of property that can eventually be used to (indirectly) fund its office. In practical terms, being arrested by the NYPD means losing whatever you had on you permanently -- unless you have the funds to pay an aggressive lawyer to navigate the deliberately daunting retrieval process.

Also of note is the fact that the most common item in NYPD evidence lockers are cellphones. Considering how many of these were seized during run-of-the-mill arrests, one has to question assertions made by district attorneys like Cyrus Vance, who claim there are hundreds of phones prosecutors and investigators can't access because of encryption. Sure, the numbers may be correct (Vance claimed his office was dealing with 175 uncrackable phones), but one has to ask how many of these actually may hold evidentiary value, and how many are simply sitting around waiting for the clock to run out so they can be auctioned.

It's just another form of legal robbery, once you strip away the bureaucratic lingo and law enforcement statements that try to give this a veneer of respectability. When criminal cases are dismissed, seized belonging are "evidence" of nothing and should be released to their owners. Instead, law enforcement agencies and district attorneys offices are working together to keep non-criminals from their rightful belongings.

29 Comments | Leave a Comment..

Posted on Techdirt - 19 August 2016 @ 5:59pm

Why The NSA's Vulnerability Equities Process Is A Joke (And Why It's Unlikely To Ever Get Better)

from the 'national'-security-still-the-best-kind-of-security,-apparently dept

Two contributors to Lawfare -- offensive security expert Dave Aitel and former GCHQ information security expert Matt Tait -- take on the government's Vulnerability Equities Process (VEP), which is back in the news thanks to a group of hackers absconding with some NSA zero-days.

The question is whether or not the VEP is being used properly. If the NSA discovered its exploits had been accessed by someone other than its own TAO (Tailored Access Operations) team, why did it choose to keep its exploits secret, rather than inform the developers affected? The vulnerabilities exposed so far seem to date as far back as 2013, but only now, after details have been exposed by the Shadow Brokers are companies like Cisco actually aware of these issues.

According to Lawfare's contributors, there are several reasons why the NSA would have kept quiet, even when confronted with evidence that these tools might be in the hands of criminals or antagonistic foreign powers. They claim the entire process -- which is supposed to push the NSA, FBI, et al towards disclosure -- is broken. But not for the reasons you might think.

The Office of the Director of National Intelligence claimed last year that the NSA divulges 90% of the exploits it discovers. Nowhere in this statement were any details as to what the NSA considered to be an acceptable timeframe for disclosure. It's always been assumed the NSA turns these exploits over to developers after they're no longer useful. The Obama administration may have reiterated the presumption of openness when reacting to yet another Snowden leak, but also made it clear that national security concerns will always trump personal security concerns -- even if the latter has the potential to affect more people.

The main thrust of the Lawfare article is that the "broken" part of the equities process is that there should be a presumption of disclosure at all. The authors point out that it might take years to discover or develop a useful exploit and -- given the nature of the NSA's business -- it should be under no pressure to make timely disclosures to developers whose software/hardware the agency is exploiting.

[F]rom an operational standpoint, it takes about two years to fully utilize and integrate a discovered vulnerability. For the intelligence officer charged with managing the offensive security process, the VEP injects uncertainty by requiring inexpert intergovernmental oversight of the actions of your offensive teams, effectively subjects certain classes of bugs to time limits and eventual public exposure—all without any strategic or tactical thought governing the overall process.


Individual exploitable software vulnerabilities are difficult to find in the first place. But to engineer the discovered vulnerability into an operationally deployable exploit that can bypass modern anti-exploit defenses is far harder. It is a challenge to get policymakers to appreciate how rare the skills are for building operationally reliable exploits. The skillset exists almost exclusively within the IC and in a small set of commercial vendors (many of whom were originally trained in intelligence). This is not an area where capacity can be easily increased by throwing money at it—meaningful development here requires monumental investment of time and resources in training and cultivating a workforce, as well as crafting mechanisms to identify traits of innate talent.

The authors do point out that disclosure can also be useful to intelligence services. If these disclosures result in safer computing for everyone else, then that's apparently an acceptable side effect.

[T]here are three major, non-technical reasons for vulnerability disclosure.

First, disclosure can provide cover in the event that an OPSEC failure leads you to believe a zero-day has been compromised—if there is a heightened risk of malicious use, it allows the vendor time to patch. Second, disclosing to vendors allows the government to out an enemy’s zero-day vulnerability without disclosing how it was found. And third, government disclosure can form the basis of building a better relationship with Silicon Valley.

Saddling intelligence agencies with a presumption of disclosure is possibly a dangerous idea. Less-than-useful exploits that could be divulged to developers might be tied to other exploits still being deployed by intelligence services. Any suggested timeframe for mandatory disclosure would likely cause further harm by forcing the NSA, FBI, etc. to turn over exploits just as they're generating optimal results. On top of that, the authors point out that a push towards disclosure hamstrings US intelligence services as agencies in unfriendly nations will never be constrained by requirements to put the public ahead of their own interests.

But the process is definitely broken, no matter whose side of the argument you take. The NSA says it discloses 90% of the vulnerabilities it discovers, but former personnel involved in these operations note they've never seen a vulnerability disclosed during their years in the agency.

It's unlikely that the process will ever be fixed to everyone's satisfaction. The most likely scenario is that the VEP will continue to trundle along doing absolutely nothing while being ineffectually attacked by those opposing intelligence community secrecy. As it stands now, the presumption of disclosure is completely subject to any national security concerns raised by intelligence and law enforcement agencies. Occasional political climate shifts may provoke transparency pledges from various administrations, but those should be viewed as sympathetic noises -- presidential pats on the head meant to fend off troubling questions and legislative pushes to put weight behind the administration's words.

17 Comments | Leave a Comment..

Posted on Techdirt - 19 August 2016 @ 4:16pm

Woman Sues After Police Destroy Her Home During 10-Hour Standoff With The Family Dog

from the we're-unfamiliar-with-this-home-entry-device-you-call-a-'key' dept

When the only thing standing between law enforcement and a suspect they're seeking is a person's home, well… the home's got to go.

As seen previously here at Techdirt, police officers pretty much razed a residence to the ground searching for a shoplifting suspect. In another case, law enforcement spent nineteen hours engaged in a tense standoff with an empty residence before deciding to send in a battering ram.

Another standoff -- currently the center of a federal lawsuit -- stands somewhere in between these two cases. The house wasn't completely empty or completely destroyed. But that still doesn't make the Caldwell (ID) police look any more heroic… or any less destructive.

The lawsuit's [PDF] opening paragraph lays it all out.

On August 11, 2014, after registering her child for first grade, Ms. West returned to her home to find multiple City of Caldwell police officers in her yard searching for a Fabian Salinas. Wanting to cooperate, and uncertain whether Salinas was in her house, Ms. West gave the police a key to her house and gave them permission to use it to enter her house to arrest him. During a ten hour long standoff, police repeatedly exceeded the authority Ms. West had given them, breaking windows, crashing through ceilings, and riddling the home with holes from shooting canisters of tear gas destroying most of Ms. West and her children’s personal belongings. The only occupant of the house was Ms. West’s dog. Ms. West’s home remained uninhabitable for two months.

Here's one photo of the home, taken by officers and provided to the Idaho Statesman in response to a public records request. (More photos can be found at the link.)

If you'd like to see some pictures of the standoff with the family pet that include the Caldwell Police's impressive armored personnel carrier (presumably able to withstand even the nastiest of dog bites), those can be found here.

According to Courthouse News Service's interview with Shariz West's lawyer, the documentation he's viewed gives no explanation why it took a small army of SWAT officers 10 hours to discover the suspect wasn't in the home.

"I have no idea," he said. "I've read the police reports and debriefing, and it's my recollection that someone heard a deadbolt activate, which was impossible, and saw the curtains move, which is possible because there was a pit bull in the house at the time. Basically, they had a standoff with a dog."

And that some remedial attic-traversing training might be in order.

Fisher said some of the damage to the house was caused when an officer slipped off a truss while crawling in the attic and fell through the ceiling.

So, when given a key and consent from the occupant, officers instead chose to grab an armored vehicle and go through several windows and the attic. Even if they believed the suspect might be dangerous, there has to be some middle ground between full-scale assault and simply unlocking the door and stepping inside.

This happened back in 2014 but there's been no coverage of the Caldwell cops' 10-hour, one-dog standoff until now. Thomas Johnson of Fault Lines suggests that might have something to do with the local paper of record.

If you’re wondering why it took a couple of years for this event to make news outside of Idaho, it’s because the local paper apparently only checks court records or their exclusive police source, resulting in some very incomplete reporting. Why bother getting out there and talking to the homeowner or neighbors when you can sit on your chunk?

The "coverage" Johnson points to opens with some severe law enforcement spin:

A man who escaped a police standoff last August in Caldwell, only to be captured in Meridian about a week later, pleaded guilty in 3rd District Court to felony eluding and felony rioting.

That's a pretty generous depiction of what actually happened. From all appearances, the suspect was never in the home during the 10-hour standoff. And when someone's not actually where you think they are, it's a huge stretch to refer to their non-presence as an "escape." If that's the spin the PD's using, they can just claim any person with an outstanding warrant not found at Shariz West's home on that long day in August 2014 also "escaped" the same standoff.

In any event, the city and PD are now facing a lawsuit. The police did give her a three-week stay in a hotel. Too bad it took more than two months for her to be able to return to her residence. This raid on a house containing nothing more than a dog is the natural side effect of police militarization, which encourages law enforcement to escalate in questionable situations, rather than use more measured tactics to ensure occupants aren't deprived of a place to live simply because a suspect might be hiding somewhere behind closed doors.

Read More | 55 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>