DHS: Our Reports To Congress Are Successful Bullshit

from the yeah,-we-already-kinda-figured dept

Okay, it's official. I no longer believe that our Department of Homeland Security is an actual government agency with important work to do. No, I now believe that it is a series of highly subtle performance art pieces designed to make us laugh at the sheer audacity of dumb government. We already know about the agency's boss, who is in charge of cybersecurity, not bothering to use the internet. And then there is the DHS's highly touted fusion centers being both a waste of money and a detriment to the very freedoms they're supposedly protecting.

But Tim K writes in about a rather stunning admission by DHS officials of a bogus DHS report on a water pumping facility. It essentially amounts to: “sure the report is a complete lie, but it was a successful lie.” Don't believe me?

Officials behind the false claims told Senate investigators that such reports weren’t meant to be “finished intelligence” and that despite their report’s inaccuracies and sloppy wording they considered it to be a “success.”

“[It did] exactly what it’s supposed to do – generate interest,” DHS officials told Senate investigators.

Now, let's do some quick background on this report, less because it informs you and more because it's hysterical. About a year ago, a water pump failed in an Illinois water facility. In response, almost immediately, an Illinois fusion center (part DHS, part Illinois State Police) circulated a report blaming a hacking attack from Russia. Not soon after that report was circulated, the greater DHS office rebuffed the fusion center's hacking allegation as absolute nonsense. It pointed out, as does the linked article, that the allegation was pure conjecture based on the fusion center's inability to do even the most basic investigation.

Someone did access the water district’s SCADA system from Russia, but it was a water district contractor who was asked to access the system by water district employees, as Wired first reported. They had called him to seek his opinion on something while he was on vacation in Russia, and he had logged into the system remotely to check on some data for them.

When the pump broke five months later and someone examined the network logs to determine the cause, they found an IP address from Russia listed in the logs next to the username and password of the contractor. No one ever bothered to call the contractor to see if he had logged in from Russia; they just assumed someone in Russia had stolen his credentials.

It's worth noting that the water pump busted 5 months after this Russian IP logged in. In other words, none of this makes a lick of sense, except if it's the case of someone looking for a convenient scapegoat. “Hackers! Russians!” is apparently what these people went with, for reasons unknown to this author.

But the DHS report circulated to Congress, which DHS says is a success even though it's bullshit, was written up after they called out their own fusion center for making stuff up. I think most reasonable people would suspect that such successful excriment is part of the fear mongering around so-called cyberwars and the trumped up need for Congress to pass some kind of cybersecurity bill. But even the least cynical person would at least expect the DHS to correct their report and alert Congress to the pure made-up-iness of it. DHS has thus far declined to do so, because, paraphrasing DHS itself, the lie is more effective than the truth. Yay, government!

Filed Under: congress, cybersecurity, dhs, fear mongering, fud, homeland security

Congressional Investigation Slams DHS Anti-Terror Centers: Wasted Taxpayer Funds, Created No Useful Intelligence & Violated Civil Liberties

from the have-we-done-anything-useful? dept

Since September 11th, the government has often had something of a blank check (and the equivalent lack of oversight) for anything labeled as being part of an anti-terror effort. As such, it should hardly come as a surprise that programs are wasteful, possibly fraudulent, bad for civil liberties and (oh yeah) completely useless (to actively harmful) in fighting terrorism. A Congressional investigation into the Department of Homeland Security’s (DHS) “fusion centers,” which were supposed to be a key force in anti-terrorism efforts, presents an absolutely scathing condemnation of the effort.

The Subcommittee investigation found that DHS-assigned detailees to the fusion centers forwarded “intelligence” of uneven quality – oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections, occasionally taken from already-published public sources, and more often than not unrelated to terrorism. The Subcommittee investigation also found that DHS officials’ public claims about fusion centers were not always accurate. For instance, DHS officials asserted that some fusion centers existed when they did not. At times, DHS officials overstated fusion centers’ “success stories.” At other times, DHS officials failed to disclose or acknowledge non-public evaluations highlighting a host of problems at fusion centers and in DHS’ own operations.

Oh, and did we mention how wasteful they were? Apparently, taxpayer money simply “disappeared” into the program often being spent on totally unrelated things like flat screen TVs:

The Subcommittee investigation also reviewed how the Federal Emergency Management Agency (FEMA), a component of DHS, distributed hundreds of millions of taxpayer dollars to support state and local fusion centers. DHS revealed that it was unable to provide an accurate tally of how much it had granted to states and cities to support fusion centers efforts, instead producing broad estimates of the total amount of federal dollars spent on fusion center activities from 2003 to 2011, estimates which ranged from $289 million to $1.4 billion. The Subcommittee investigation also found that DHS failed to adequately police how states and municipalities used the money intended for fusion centers. The investigation found that DHS did not know with any accuracy how much grant money it has spent on specific fusion centers, nor could it say how most of those grant funds were spent, nor has it examined the effectiveness of those grant dollars. The Subcommittee conducted a more detailed case study review of expenditures of DHS grant funds at five fusion centers, all of which lacked basic, “must-have” intelligence capabilities, according to assessments conducted by and for DHS. The Subcommittee investigation found that the state and local agencies used some of the federal grant money to purchase: dozens of flat-screen TVs; Sport Utility Vehicles they then gave away to other local agencies; and hidden “shirt button” cameras, cell phone tracking devices, and other surveillance equipment unrelated to the analytical mission of a fusion center.

Of course, this kind of thing isn’t all that uncommon. I remember a story from nearly a decade ago about all the money designated for things like E911 services, instead being used to pay for boots and pens. We recently wrote about the failure of a NY City program to spy on Muslims to turn up a single lead, but this takes that kind of failure to a whole new level.

Of course, the scary part in all this isn’t just the misuse of funds or the failure to produce anything relevant. It’s that what was done almost certainly violated the public’s rights. And apparently, such violations of civil liberties were a very common problem.

The inappropriate reporting appears to have been a regular problem. An April 2009 email from an alarmed senior I&A official stated: “[State and Local Fusion Center officials] are collecting open-source intelligence (OSINT) on U.S. persons (USPER), without proper vetting, and improperly reporting this information through homeland information reporting (HIR) channels,” wrote Barbara Alexander, then director of the Collection and Requirements Division, which oversaw HIR reporting. “The improper reporting of this information through HIR channels is likely a result of a lack of training on proper collection and reporting procedures . . . they are inadvertently causing problems.” In an interview with the Subcommittee, Ms. Alexander said she recalled being told the Reporting Branch was “flooded” with inappropriate reporting. “A lot of information was coming in inappropriately,” she remembered. “The information was not reportable.”

[….] Ms. Schlanger’s presentation, a copy of which DHS provided to the Subcommittee, indicated that areas in which DHS intelligence reporters had overstepped legal boundaries included: Reporting on First Amendment-protected activities lacking a nexus to violence or criminality; reporting on or improperly characterizing political, religious or ideological speech that is not explicitly violent or criminal; and attributing to an entire group the violent or criminal acts of one or a limited number of the group’s members.

The investigation goes on to quote numerous examples of “reports” prepared on information that DHS is not allowed to report on as it violates civil liberties.

In the end, as with so many “anti-terror” programs, what we have is a program that took in a ton of taxpayer funds, with almost no oversight as to what happened to those funds (leading to $1.4 billion disappearing), no intelligence of any use but undertook plenty of efforts that were clearly beyond the mandate of Homeland Security. And all of this is supposed to make us feel safer?

Filed Under: abuse, civil liberties, congress, dhs, fusion centers, homeland security, terrorism, waste

DHS Boss, In Charge Of Cybersecurity, Doesn't Use Email Or Any Online Services

from the that-would-be-a-problem dept

We’ve talked in the past about the problematic efforts to push for new cybersecurity regulations, especially when little to nothing has been done to show the actual problem. There has been quite a turf war over who would “own” cybersecurity within the federal government, with some wanting to give it to the Defense Department, where the NSA would control it (along with all your info), and others wanting to give it to the Department of Homeland Security. While neither option is ideal, DHS is clearly the lesser of two evils should it come to pass. It makes much more sense for this issue to be in the hands of a civilian organization rather than a military one — especially a military one with a horrible track record when it comes to privacy. That said, it’s tough to be enthusiastic about DHS either, given the various problems and abuses we’ve seen in that Department as well. Making matters even worse, it appears that the DHS boss, Janet Napolitano, who would effectively be in charge of cybersecurity, doesn’t know much (if anything) about the internet, and seems rather proud of that fact, referring to herself as a Luddite:

Homeland Security Secretary Janet Napolitano, who is a key player in national cybersecurity efforts, said on Friday she doesn’t use e-mail.

“Don’t laugh, but I just don’t use e-mail at all,” she said during a discussion at a Cybersecurity Summit hosted by National Journal and Government Executive. She didn’t explain what communications tools she does use.

President Obama, who appointed Napolitano, broke precedent by carrying his own BlackBerry device. But in response to a question about her personal cybersecurity practices, Napolitano said she avoids many online services. “I don’t have any of my own accounts. Some would call me a Luddite,” she said.

I don’t think anyone should be laughing, but perhaps they should be very, very worried. Or, perhaps they should be asking why she’s in that job when she doesn’t seem to have the necessary experience. If it does come to pass that DHS gets control over new cybersecurity efforts, this seems like a good reason to find someone else who actually has some grasp on what it is that they’re regulating.

Filed Under: cybersecurity, dhs, email, homeland security, janet napolitano, luddite, online services

LEAKED! Here's The White House's Draft Cybersecurity Executive Order

from the vague-enough-for-ya? dept

Earlier this week, we wrote about how the White House was working on an executive order to act as a “stand in” for cybersecurity legislation that has so far failed to pass Congress (CISPA passed in the House, but a different effort, the Cybersecurity Act, failed in the Senate, and it would have been difficult to get the two houses aligned anyway). Last weekend Jason Miller from Federal News Radio wrote about a draft he saw… but failed to share the actual draft. We got our hands on a draft (and confirmed what it was with multiple sources) and wanted to share it, as these kinds of things deserve public scrutiny and discussion. It’s embedded below. As expected, it does have elements of the Lieberman/Collins bill (to the extent that the White House actually can do things without legislation). It’s also incredibly vague. The specific requirements for government agencies are left wide open to interpretation. For example, the State Dept. should engage other governments about protecting infrastructure. Well, duh. As expected, most stuff focuses on Homeland Security and its responsibilities to investigate a variety of different cybersecurity issues — but, again, it’s left pretty vague.

There is, as expected, plans concerning information sharing — but again, they’re left pretty empty on specifics. It talks about an “information exchange framework.” Unfortunately, it does not appear to highlight privacy or civil liberties concerns in discussing the information sharing stuff. That seems like a pretty big problem. Homeland Security is tasked with coming up with a way to share information, pulling on some existing efforts, but nowhere do they call out how to make sure these information exchange programs don’t lead to massive privacy violations, despite the President’s earlier promises that any cybersecurity efforts would take into account privacy and civil liberties.

Separately, it lists out 16 critical infrastructure “sectors,” but those can be interpreted really broadly, which is dangerous. We all understand how things like the electric grid, nuclear power plants, water facilities and such can be seen as critical infrastructure. But does “communications” include things like social networking? It’s important that any plan be very, very specific about what sorts of things are critical infrastructure, so as to avoid sweeping up all sorts of things like internet services and opening them up to information “sharing” abuse efforts by the government. We all know there’s plenty of evidence that when the government is given a loophole to spy on private communications, it figures out ways to drive fleets of trucks through that hole. Unfortunately, there’s little indication that any of that has really been taken into consideration.

All that said, it is important to recognize that this is a draft, and it is not only subject to change, but there are indications that it is likely to change. But, seeing as this could have significant impact, it should be something that the public has a chance to weigh in on.

Honestly, looking this over, you get the sense that it’s really designed to do one thing: scare those who fought against the various bills back to the table to compromise and get a bill out. It’s no secret that the administration’s overall preference is to get a law in place, rather than this executive order. That’s been a failed effort so far, but you have to wonder if this is a ploy to scare those who opposed the Cybersecurity Act into thinking that if they don’t approve some legislation, the exec order might be a bigger problem. There are way too many things left open ended in this draft, and while the administration can’t go as far as Congress on many things, the open-ended nature of this order could certainly lead to problems for the industries who opposed previous efforts.

Either way, we’ll have some more on this next week, but since we just got this and want to get it out there for comment, hopefully folks can spend some time this weekend discussing the (yes, once again, vague) particulars…

Filed Under: cispa, critical infrastructure, cybersecurity, cyberseuciryt act, executive order, homeland security, president obama, white house

Homeland Security Issuing Its Own DMCA Takedowns On YouTube To Stifle Speech

from the seems-questionable... dept

We recently wrote about the fight over copyright/fair use in political videos. In the comments, someone anonymous pointed us to a YouTube page including a typical takedown notice.. Here’s a screenshot.

This is actually the first time I can recall that I’ve seen a takedown that had “multiple” takedown notices. So it’s interesting that YouTube even has such an error message. But what really caught my attention was the second claimant listed. United States Department of Homeland Security. Homeland Security? Issuing copyright takedowns? For what it’s worth, the commenter who submitted this pointed us to another video, which they claim is the same as what was taken down. I have no idea if it’s the same video or not, but it is some idiotic conspiracy mongering, taking one comment from a reporter completely out of context, and pretending President Obama said it, when he did not. I never understand conspiracy theories like that, but that’s really neither here nor there.

The real question is why is Homeland Security issuing takedowns? Works produced by the federal government, of course, can’t have copyright. However, it is possible for the government to hold copyrights — mainly if someone else gets it and assigns it to the government. So it’s possible that happened here, though it still seems like a strange move. If the video is the same as the other one pointed to, it’s just conspiracy theory claptrap, and I don’t see why DHS would even bother issuing a takedown.

But, even if we assume that the copyright itself and the takedown were legit, does this seem reasonable at all? Having a government agency directly using a copyright claim to take down a video? Especially when that group is DHS — in which national internet censor ICE exists. Giving it the power to censor videos too just seems like it’s going way too far. It’s not as if Homeland Security is going to bring the work “to market” to make money, so it’s not like there’s an “impact on the market” for the work. The only reason to issue the takedown — no matter how accurate the claim is — is to silence speech. A government organization using a government-granted monopoly to stifle speech may be all too common, but that doesn’t mean it should pass by unremarked upon.

I reached out to people at YouTube to see if they could explain why DHS appears to be issuing DMCA takedowns, and got back the equivalent of a “no comment.” I also reached out to Homeland Security, who at first seemed interested in looking into the details and then completely stopped responding to emails. Having not received further communication from them in over a week at this point, I’m just going with the post as is, in the hopes that maybe someone out there can explain why the federal government is using copyright to censor speech?

Filed Under: copyright, free speech, homeland security, takedowns, youtube
Companies: google

Senator Leahy Wants To Give At Least $5 Million To State Department To 'Combat Piracy'

from the spread-the-money-around dept

Last week, we wrote about a proposal in Congress to give ICE (part of Homeland Security) at least another $10 million for the next year to continue its program of censoring websites in the name of “stopping piracy.” Of course, when Congress and Hollywood get together, they never put all their eggs in just one basket. So, it should come as no surprise that in another appropriations bill, this time for the State Department, and put forth by Senator Patrick Leahy — who also introduced PIPA — there’s another chunk of “anti-piracy” cash. The bill sets forth $899,600,000 for “civil judicial and security programs.” But, amazingly, the only program that is specifically called out with a specific amount is to “combat piracy.”

CIVILIAN JUDICIAL AND SECURITY PROGRAMS.—$899,600,000 for assistance for rule of law, justice, corrections, anti-crime, cyber crime, civilian police, and security sector reform programs, of which not less than $5,000,000 shall be made available to combat piracy of United States copyright materials, consistent with the requirements of section 688 (a) and (b) of the Department of State, Foreign Operations, and Related Programs Appropriations Act, 2008

If you’re curious about sections 688 (a) and (b) as mentioned in this bill, you can see them here. They just authorize the State Department to “provide training” to foreign judges and prosecutors on intellectual property law. That is, it’s part of the US’s official IP propaganda program to convince foreign judges and prosecutors that strict interpretations of IP laws are the only way to go.

A couple years ago, we wrote in more detail about how the State Department spends these funds, and it’s not pretty. Basically, we send copyright maximalist lawyers to other countries — countries that have their own copyright laws — and tell judges and federal prosecutors there that they need to enforce US-style copyright maximalist laws.

I’m really not sure how that’s an appropriate use of taxpayer money.

Filed Under: homeland security, ice, patrick leahy, pipa, propaganda, state department

Homeland Security Admits That TSA Scanners Have 'Vulnerabilities'

from the shockingly-unshocking dept

A leaked internal report by Homeland Security has revealed what most people already knew: that its new (expensive) nudie scanners have vulnerabilities that could let things through. This is hardly a surprise. We’ve written about previous claims including a pretty detailed research report highlighting the vulnerabilities. In fact, it seems pretty crazy that the TSA is finally starting to take notice now. What’s really the most galling, of course, is that plenty of people have been pointing out these kinds of vulnerabilities for a while and the TSA did nothing. It’s just that now, as the vulnerabilities are finally getting press attention, that the TSA starts to pretend to take these things seriously, rather than admitting the truth: they’re there for show more than anything else.

Filed Under: homeland security, scanners, tsa

Homeland Security Denies Entrance To UK Tourist Because Of Twitter Joke

from the so-sorry,-too-bad dept

I am actually writing this post sitting in a French airport, getting ready to board my flight back to the US… but I think I’ll hang onto it and post once I’m back in town. That’s because it’s about some UK tourists who were taking a little vacation to the US… until Homeland Security refused them entrance, because one of them had joked on Twitter about digging up the grave of Marilyn Monroe and “destroying” America (by which he meant partying). Apparently, DHS has figured out how to monitor Twitter… but hasn’t figured out what a sense of humor is. (And yes, I made it home and through customs without any trouble).

Filed Under: border patrol, customs, homeland security, jokes, tourists

ICE Propaganda Film Pats Itself On The Back For Censoring The Web; Promises Much More To Come

from the walk-and-talk-john dept

Homeland Security’s ICE (Immigration & Customs Enforcement) group has put out a slickly produced video patting itself on the back for all of its work censoring the web in 2011, and promising much more of that kind of thing in the future:

It stars ICE Director John Morton, reprising his usual ridiculous refrain in which he conflates actual counterfeit goods with copyright infringement. But this time, he shows off his ability to stroll quickly through a warehouse while doing a walk-and-talk. I have to admit that it feels like a parody video most of the time. He kicks it off with a claim that he’s explaining how to “steal an American job.” Then he claims, “here’s how to save an American job: IPR enforcement!”

He’s wrong. First of all, the “job loss” from counterfeits is totally and completely exaggerated. As has been shown by multiple studies, most people buying counterfeits (hell, and downloading infringing works) wouldn’t have bought the real thing instead. They know they’re buying a fake good. So no “job” is lost there. And, as the government’s own GAO noted last year, the idea that this all leads to lost jobs simply isn’t supported by the data.

Second, enforcement does not “save jobs.” It does put massive burdens on legitimate sites. Something Morton should know about since he’s been taking down legitimate American sites with no legal basis for quite some time.

But before we get to that, he shows off some counterfeit products. There’s a handbag, some fake drugs (they always have to show the fake drugs, despite it being a tiny issue, but they have to show some sort of “danger”). And then there’s a video game mod chip. He says it “allows you to hack into video games and steal the game for free. That’s illegal. That’s IP theft.” Of course, it’s debatable if mod-chips are really illegal. They have substantial non-infringing purposes other than “hacking into video games to steal them for free” (do people steal stuff not for free?). But, you know, that’s ICE under John Morton: declaring it illegal for you to modify products you legally purchased, like your gaming console. Thanks, US government!

Then we get to website censorship. And boy is he proud of that. You can see him gleaming as he says that ICE has “done a phenomenal job” and “every time they make a bust, every time they make an arrest, an American job is saved.”

So, I wonder, can John Morton explain whose job was saved when his staffers incorrectly seized and censored Dajaz1.com for over a year? I’m curious. Because it sure seems like he actually hurt the ability of the Americans who run that site to make money. I’m curious whose job was saved when his staff deported a missing teen to Colombia (where she was not from). Is that the kind of “phenomenal” work under John Morton we should expect more of?

He then shows off “the news coverage” that ICE has gotten for seizing websites. Notice that he leaves out the stories about the mistaken seizure of multiple websites beyond Dajaz1. Like the seizure of 84,000 legitimate sites that were replaced with a statement claiming that they were all involved in child porn. Somehow those clips just didn’t make the cut. Phenomenal work “saving American jobs!”

Morton goes on to talk up how “proud of the results” he is over the seizing of websites. Once again, no mention of the ones he seized by mistake, causing tremendous harm to those who he falsely declared as criminals. What’s amazing is that he’s never issued an apology over those false seizures. Instead, he’s “proud of the phenomenal job” his team has done? What a joke.

Finally, he highlights the PSA that ICE put on the websites they forfeited. What he leaves out, of course, is that the PSA was both created by and owned by NBC Universal — something ICE has never publicly admitted, but which we found out via FOIA requests. It’s still shocking that a government agency would be using misleading propaganda from a private company and pretending that it’s an official government production. Even worse, despite numerous requests, ICE has failed to show any proof that it properly licensed the video from NBC Universal, leading us to wonder if they “pirated” it.

ICE under John Morton has become a massive joke and a disgrace to American ideals of innocent until proven guilty and important things like free speech and due process. Rather than making this joke of a video (which certainly has Hollywood-style production… I wonder how that happened…), Morton should be issuing apologies for the mistakes that were made under his watch, and tendering his resignation. Instead, he’s celebrating? Sickening.

Filed Under: censorship, counterfeiting, domains, homeland security, ice, john morton, operation in our sites

ICE Mistakenly Deports Missing Teen To Colombia

from the these-people-get-to-censor-the-internet? dept

Wow. We’ve discussed, repeatedly, the ridiculous situation in which the US government via the ICE (Immigration and Customs Enforcement) arm of the Department of Homeland Security has been seizing domains and censoring websites, such as the case of Dajaz1.com. As we’ve noted in the past, the details of that operation showed an organization that didn’t really understand what it was doing, and definitely seemed to believe in “shoot first, ask questions later.”

As many people have pointed out, why is “Immigration and Customs Enforcement” doing anything involving the internet or copyrights/trademarks online? So perhaps you could “excuse” their vast mistakes as them being out of their depth.

But what about the part of their mandate that they’re actually supposed to be experts in? You know, keeping people who don’t belong here out? Yeah, it appears they approach that with about the same level of detail awareness as when they deal with censoring blogs. In 2010, 14-year-old Jakadrien Turner ran away from home, “distraught over the loss of her grandfather and her parents’ divorce.” Her grandmother searched for her with no luck… until now. It seems that at some point in 2010 Jakadrien was arrested for shoplifting. She gave police a fake name… and that name apparently was the same as an illegal immigrant who was wanted in Colombia. And, that was enough to get the girl deported to Colombia last April. She remains there, currently detained by the Colombian government.

Apparently ICE took the girl’s fingerprints “but somehow didn’t confirm her identity and deported her to Colombia, where the Colombian government gave her a work card and released her.” They’ve since taken her back into custody, since it was discovered she wasn’t who they thought she was. ICE now says that they’re “fully and immediately investigating this matter in order to expeditiously determine the facts of this case.” Perhaps — and this is just a suggestion — ICE should start “fully and immediately investigating” stuff before they go around creating new and bigger problems…

Filed Under: colombia, deportation, homeland security, ice