Former FBI Director James Comey made plenty of headlines with his insistence cellphone encryption would be the end of law enforcement as we know it. Comey’s assertions made it seem as though regular police investigative work was no longer of any use and that any and all evidence pertinent to cases resided behind cellphone passcodes.
He insisted the problem would only get worse in the future. If not put to an end by legislated backdoors or smart tech guys coding up “safe” holes in device encryption, we may as well accept the fact that no criminal committing more than a moving violation would ever be brought to justice.
Default encryption does pose a problem for law enforcement, but it’s nowhere near as insurmountable as Comey has portrayed it. Multiple FOIA requests handled through MuckRock have shown law enforcement still has several phone-cracking options at its disposal and doesn’t seem to be having many problems recovering evidence.
This is superbly illustrated in documents obtained from the Tulsa and Tuscon (AZ) Police Departments by Curtis Waltman. Tuscon PD documents [PDF] show law enforcement officers are using tools crafted by the same company that provided the hack to the FBI in the San Bernardino case, among several other options. But the real motherlode is the Tulsa PD’s log of cracked phones.
The kicker really is how often these are being used – it is simply really hard to believe that out of the 783 times Tulsa Police used their extraction devices, all were for crimes in which it was necessary to look at all of the phone’s data… There are some days where the devices were used multiple times – Tulsa used theirs eight times on February 28th of this year, eight again on April 3rd, and a whopping 14 times on May 10th 2016. That is a whole lot of data that Tulsa was able to tap into, and we aren’t even able to understand the why.
The document contains page after page of cracked phones, ranging from Samsungs to HTCs to LGs… even iPhones (5 and 6). “Going dark” remains a Comey fairy tale, for the most part, if these documents are anything to go by.
And there’s apparently very few rules for deployment of cellphone-cracking devices. Only one PD in Arizona returned any guidelines in response to requests and those rules basically state there are no rules. The Mesa PD’s Computer Forensic Unit makes the most of its limited resources by limiting its work to… any crime at all.
This is the list of criminal activity the unit provides forensic work for, listed in order of priority.
Homicide Sexual Assault Child Crimes (which I assume means “crimes against children,” rather than crimes committed BY children) Aggravated Assault/Robbery Property Crimes All other felonies All misdemeanors
Everything. That would explain the number of cellphones accessed by these PDs. Presumably other PDs are also operating under very loose guidance or none at all.
This sort of intrusiveness should be limited to serious felonies and investigations where it’s plainly apparent the best route to evidence runs through the suspect’s cellphone. Otherwise, law enforcement agencies are just using these tools because they have them, not because they necessarily need them.
Soon after the attack in Manchester, the UK government went back to its “encrypted communications are the problem” script, which it has rolled out repeatedly in the past. But it has now emerged that the suicide bomber was not only known to the authorities, but that members of the public had repeatedly warned about his terrorist sympathies, as the Telegraph reports:
Counter Terrorism agencies were facing questions after it emerged Salman Abedi told friends that “being a suicide bomber was okay”, prompting them to call the Government’s anti-terrorism hotline.
Sources suggest that authorities were informed of the danger posed by Abedi on at least five separate occasions in the five years prior to the attack on Monday night.
London attack ringleader Khuram Butt was identified as a major potential threat, leading to an investigation that started in 2015, UK counterterrorism sources tell CNN.
?
Butt was seen as a heavyweight figure in al-Muhajiroun, whose hardline views made him potentially one of the most dangerous extremists in the UK, the sources said Tuesday. The investigation into Butt involved a “full package” of investigatory measures, the sources told CNN.
Butt was filmed in a 2016 documentary with the self-explanatory title “The Jihadis Next Door”, in which a black flag associated with ISIS was publicly unfurled in London’s Regent?s Park. Even though police were present during the filming, they did not follow up that incident, according to the Guardian:
Police did not make a formal request for footage or information from the makers of a Channel 4 documentary that featured Khuram Butt, one of the London Bridge attackers.
The broadcaster of The Jihadis Next Door said no police requests were made for film or programme maker’s notes to be handed over under the Police and Criminal Evidence Act or Terrorism Act.
An Italian prosecutor who led an investigation into the London Bridge attacker Youssef Zaghba has insisted that Italian officials did send their UK counterparts a written warning about the risk he posed last year and monitored him constantly while he was in Italy.
Giuseppe Amato, the chief prosecutor in Bologna, who investigated Zaghba when he tried to travel from Italy to join Islamic State in Syria in March 2016, told the Guardian that information about the risk he posed was shared with officials in the UK.
Amato added that he personally saw a report that had been sent to London by the chief counter-terrorism official in Bologna about the Moroccan-born Italian citizen.
Manchester and London are not the only cases where the authorities were informed in advance about individuals. A 2015 article in The Intercept looked at ten high-profile terrorist attacks around the world, and found that in every single case, at least some of the perpetrators were already known to the authorities. Strong encryption is not the problem: it is the inability of the authorities to act on the information they have that is the problem. That’s not to suggest that the intelligence services and police were incompetent, or that there were serious lapses. It’s more a reflection of the fact that far from lacking vital information because of end-to-end encryption, say, the authorities have so much information that they are forced to prioritize their scarce resources, and sometimes they pursue the wrong leads and miss threats.
We wrote about this problem back in 2014, when an FBI whistleblower confirmed what many have been trying to explain to governments keen to extend their surveillance powers: that when you are looking for a needle, adding more hay to the stack makes things worse, not better. What is needed is less mass surveillance, and a more targeted approach. Until Theresa May and leaders around the world understand and act on that, it is likely that more attacks will occur, carried out by individuals known to the authorities, and irrespective of whether they use strong crypto or not.
It’s no secret that Theresa May is no fan of the internet and will use basically any excuse at all to push for greater censorship on the internet. Going back to the time when she was Home Secretary, she was already slamming the internet as being responsible for ISIS and promising to censor it. Since she’s become Prime Minister it’s only gotten worse. As part of her manifesto for the general election coming up later this week, a key part of her party’s promise was to censor the internet. And May and her friends seem to leave no tragedy unexploited. With the attack in Manchester a couple weeks back, she used it as an excuse to push the plan to kill end-to-end encryption. And with this weekend’s London Bridge attack, she immediately blamed the internet and promised more censorship:
“We cannot allow this ideology the safe space it needs to breed – yet that is precisely what the internet, and the big companies that provide internet-based services provide,? Ms May said.
?We need to work with allies democratic governments to reach international agreements to regulate cyberspace to prevent the spread of extremist and terrorism planning.”
Of course, there’s no indication that the internet had anything to do with the attack at all. Indeed, another news report claimed that one of the suspects had to ask a neighbor where he could rent the van that was later used in the attack, leading some to point out that if someone can’t even Google that kind of info… the internet might not be to blame here:
In response to all of this nonsense, Charles Arthur has an excellent column at the Guardian pointing out that responding to all this by censoring the internet not only won’t help, it will almost certainly make things worse.
The problem is this: things can be done, but they open a Pandora?s box. The British government could insist that the identities of people who search for certain terror-related words on Google or YouTube or Facebook be handed over. But then what?s to stop the Turkish government, or embassy, demanding the same about Kurdish people searching on ?dangerous? topics? The home secretary, Amber Rudd, could insist that WhatsApp hand over the names and details of every communicant with a phone number. But then what happens in Iran or Saudi Arabia? What?s the calculus of our freedom against others??
Similarly, May and Rudd and every home secretary back to Jack Straw keep being told that encryption (as used in WhatsApp particularly) can?t be repealed, because it?s mathematics, not material. People can write apps whose messages can?t be read in transit, only at the ends. Ban WhatsApp, and would-be terrorists will find another app, as will those struggling against dictators.
Blaming the internet for some angry individuals committing violent acts isn’t just dumb and nonsensical, it’s counterproductive and will almost certainly do more harm than good. It’s a way for May and her colleagues to try to pin the blame on “something else” rather than to admit that they don’t appear to have a real strategy or plan for almost anything. Blame goes a long way, but blaming a tool that people use basically everyday for all sorts of useful reasons, seems really short-sighted.
The federal government acts as though it’s receptive to whistleblowing, but then undermines that sentiment with pretty much everything else it does. These insider threat programs have only become more severe after the Snowden leaks, asking federal government employees to treat normal, everyday behavior as inherently suspicious.
The Defense Department’s insider threat program declared such innocuous things as visiting foreign countries and being in debt as warning signs. Worse, anything less than full support for US government policies was considered threatening behavior.
The FBI’s presentation [PDF] isn’t much better. FBI employees are encouraged to say something if they see something… and there are a lot of observable “somethings” on the list.
According to the training material, potential insider threats include federal employees who brag about what they know, work odd hours, travel overseas without a good reason, or ask their co-workers about classified information without a “need to know.” Workers who consume alcohol, use drugs or have “psychological conditions” may also be insider threats, as are those facing disciplinary action or job termination.
[…]
Another slide says leaks occur because leakers are “disgruntled” and are motivated by “ego,” “financial gain,” and “divided loyalty.”
Some of these factors can be indicative of someone considering engaging in espionage. Unfortunately, a lot of these may also apply to whistleblowers. The FBI presentation spends a great deal of time comparing its lists of insider threat traits to those the government has successfully prosecuted but spends zero time discussing whistleblowers and their traits/motivations.
Considering the FBI’s leaky status, especially in recent months, the document feels inconsistent at best. It feels like a good way for FBI employees to get rid of coworkers they don’t like and a great way to foster an atmosphere of corrosive suspicion in FBI offices.
FBI employees will distrust each other, FBI officials will distrust nosy politicians… and, in a surprising revelation by Leopold, politicians will have even less reason to trust the FBI. As was noted earlier in this post, the FBI chose to walk out of a briefing rather than answer Sen. Chuck Grassley’s question about whistleblower protections under the FBI’s “insider threat” program. Thanks to the efforts of a media company (BuzzFeed) and a private citizen (Leopold), Grassley now has a copy of documents the Senator asked for months ago.
Grassley asked the FBI to send him its insider threat training material. He received a couple of videos and a brochure. But a spokesperson for Grassley told BuzzFeed News that the senator did not receive the training slides until BuzzFeed News sent a copy.
The documents released here don’t answer Grassley’s questions either. But recent history shows us the FBI is not a whistleblower-friendly agency. It seems to have no problem with very selective leaking, but isn’t nearly as kind to those who use the official channels to report wrongdoing. An insider threat program like this doesn’t help. Giving agents and employees sketchy reasons to distrust each other will only serve to deter whistleblowers before they even have a chance to experience the agency’s unofficial retaliation program.
It’s not like we didn’t say right away that those rushing to blame Facebook for “fake news” were missing the point and that the problem was always with the nature of confirmation bias, rather than the systems people use to support their own views. But, alas, the roar of “but Facebook must be the problem, because we saw “fake news” on Facebook” along with the related “but, come on, it must ‘take responsibility'” arguments kept getting louder and louder, to the point that Facebook agreed to start trying to warn people of fake news.
And, guess what? Just like basically every attempt to stifle speech without looking at the underlying causes of that speech… it’s backfiring. The new warning labels are not stopping the spread of “fake news” and may, in fact, be helping it.
When Facebook?s new fact-checking system labeled a Newport Buzz article as possible ?fake news?, warning users against sharing it, something unexpected happened. Traffic to the story skyrocketed, according to Christian Winthrop, editor of the local Rhode Island website.
?A bunch of conservative groups grabbed this and said, ?Hey, they are trying to silence this blog ? share, share share,?? said Winthrop, who published the story that falsely claimed hundreds of thousands of Irish people were brought to the US as slaves. ?With Facebook trying to throttle it and say, ?Don?t share it,? it actually had the opposite effect.?
Again, this isn’t a surprise. Fake news was never the issue. People weren’t changing their minds based on fake news. They were using it for confirmation of their views. And when you get contradictory information, cognitive dissonance kicks in, and you rationalize why your beliefs were right. In fact, studies haves shown that when questionable beliefs are attacked with facts, it often makes the believers dig in even stronger. And that seems to be what’s happening here. With efforts made to call out “fake news” the people who believe it just see this as “fake news” itself — and an attack on what they believe is true. It’s easy to chalk up any fake news labels as just part of the grand conspiracy to suppress info “they” don’t want you to see.
The article goes on to talk to a bunch of different people who operate sites that had articles dinged with the “fake news” scarlet letter from Facebook, and most of them (though, not all) say they saw no real impact on traffic.
Of course, because we’ve seen this kind of thing play out before, it’s likely that rather than recognizing Facebook isn’t the issue, people who are angry about what they believe to be the scourge of “fake news” will also double down — just like those who fall for “fake news.” They’ll insist that it’s Facebook’s fault that the fake news issue didn’t just go away when Facebook put warning labels on stories. They’ll ignore the fact that they were the ones demanding such things in the first place, and that they insisted such labels would work. Instead, they’ll argue that Facebook should be doing even more to suppress “fake news” and never consider that maybe they’re targeting the symptoms and not the actual disease.
Facebook has always been an easy target, but Facebook isn’t the problem. People want to share bogus, fake, or misleading news, because it confirms their biases and beliefs and makes them feel good. That’s not Facebook’s fault. It’s a problem in how we educate people and how we teach basic media literacy. That’s not going to be fixed with warning labels.
Last week, there were two widely reported “deaths” on the internet: Pepe The Frog and the MP3 audio codec. Most people seemed to understand what was meant by the former headline — that you cannot in fact kill a meme, no matter how distasteful its use, and the death of Pepe in an official cartoon strip was a symbolic disavowal of the character by its creator. But on the MP3 issue people seem a bit more confused.
Here’s what happened: in late April (not sure why there was such a big delay in the explosion of blog posts) Fraunhofer IIS, the research company that holds the patents on MP3 encoders and decoders, announced that it had terminated the licensing program for those patents, for the stated reason that the format has been surpassed by alternatives like AAC (which is also patented and licensed by Fraunhofer). For some reason, a whole lot of media outlets have accepted this at face value and reported that the format is now officially on its way out. “The MP3 is Dead” headlines abound, with only a small few bothering to add qualifiers like “according to its creators” or the classic rejoinder “long live the MP3”:
Most of the articles buried some attempt to call the move “symbolic” or clarify that the files would still exist towards the end of their coverage, after much eulogizing, but almost none took the time to understand anything about the patent situation, or expose Fraunhofer’s huge lie of omission in its announcement.
Because here’s what really happened: the last of the patents related to the MP3 format expired (or will very soon — more on that later), so Fraunhofer has nothing left to license. The termination of the licensing program was not a choice, nor was it suddenly motivated by the ascendence of another format that has itself been around for 20 years. Most importantly, despite what many people have reported, this does not mean the death of the MP3. Of course, Fraunhofer’s statement didn’t contradict any of these things, it just omitted them all and left people with the implication that this move ensured the decline and eventual death of the format — when in fact it likely means the exact opposite.
Prior to this, developers wishing to include MP3 functionality in their software needed a license to do so. If you use Linux, or open source audio tools like the excellent Audacity, you already know this: open-source software doesn’t ship with MP3 encoding and decoding capabilities built in, but requires you to separately download and install the codec so as not to pollute the FOSS package with proprietary, patented code. That’s no longer the case, and indeed Red Hat has already announced that Fedora will now ship with MP3 capabilities built in (hat tip there to one of the few blogs that is reporting this story properly). Expect Audacity and countless other FOSS apps to follow suit soon. As for non-open-source software, it’s one less patent number on the long lists of licenses that live on loading splash screens and About dialogues, and a little bit of saved cost. All around, it’s the removal of a barrier to building apps and tools that work with this ubiquitous audio format.
Does that sound like death to you?
So does Fraunhofer’s announcement actually mean anything? Well, a little bit: as noted, it actually hasn’t been 100% clear when all the patents would expire, due to the size and complexity of the patent thicket in the overall MPEG ecosystem. It was generally agreed that all patents covering MP3s would expire this year, and many had pegged the date as the end of April, but this was much harder to confirm. Fraunhofer’s announcement does not offer any specific information to make this determination easier (since it doesn’t admit that this has anything to do with patent expiry at all), but developers like Red Hat are taking it as a sign that the patents are officially expired and the format is free to use.
While it’s frustrating that Fraunhofer issued such a misleading statement, it’s even more frustrating that so much of the media uncritically parroted it. Some also decided to throw in some scattershot links to various questionable studies claiming MP3 compression has negative effects like stripping out the “emotion” from music (that particular study was conducted on just 20 college students, and used MP3s encoded at a bit-rate well below the modern norm for music distribution) to bolster the idea that MP3 compression must be replaced by the still-patented AAC codec. I’m sure Fraunhofer was grateful.
So, no: the MP3 is not dead. Its creators have not killed it. Like Pepe the Frog, it’s alive and well and probably isn’t going anywhere for a long time — except in this case we can actually be happy about that fact.
Last week, we noted how the FCC was inundated with a flood of pro-net neutrality comments after HBO’s John Oliver ran another segment on the subject. The FCC will vote to begin dismantling the rules on May 18, so Oliver even went so far as to craft a special URL (www.gofccyourself.com) to make commenting on the FCC proceeding easier. Unsurprisingly, the surge in annoyed consumers wound up temporarily crippling the FCC’s website. And when you look at some of the early analysis of the data, it’s not particularly hard to see why:
Now if you’re a giant telecom mono/duopoly, or any of the thousands of sockpuppets they pay to misleadingly portray net neutrality as an unyielding assault on “freedom,” this flood of pro-net neutrality sentiment is obviously a PR problem.
As a result, net neutrality opponents quickly got to work trying to counter the “John Oliver effect” with alternative facts. One, the FCC tried to claim the FCC website didn’t choke from a flood of pro-net neutrality supporters, but was the victim of a DDoS attack that just happened to occur at exactly the same time Oliver’s segment was airing (a claim security researchers say isn’t supported and for which the FCC has yet to offer a shred of evidence).
Another, as-yet-unidentified player began using a bot and a (likely) hacked database of names to flood the agency’s website with fake comments against net neutrality. One analysis of the comments filed so far found that 40% of the 1.5 million comments made so far were created by this busy little bot.
But the FCC itself also began engaging in a rather obvious and ham-fisted attempt to make net neutrality supporters seem racist, unstable and unreasonable. By Wednesday, as the “net neutrality support was so massive it broke the FCC’s website (again)” narrative was peaking in the press, FCC staffer Matthew Berry began linking on Twitter to news outlets claiming that net neutrality supporters were filling the FCC coffers with racist attacks:
Very sad to see racist, hate-filled attacks against Chairman Pai being submitted to the FCC. https://t.co/sZSJDHKr0F
Berry subsequently highlighted a statement made by the Internet Association (a pro-net neutrality group backed by the likes of Reddit and Netflix) criticizing any racist behavior by commenters:
The news reports being pushed by the FCC (like this one over at the Daily Caller) cling to several misleading narratives. One, that the people watching John Oliver’s program were somehow not airing legitimate complaints with Pai’s plan to gut all oversight of giant broadband monopolies. Two, that most of these people were hateful, racist, or otherwise horrible people that shouldn’t be taken seriously. And three, that the pro side was using misleading “bots” to generate fake support from fake people (despite the fact that only the anti side appears to have used this tactic so far, a story the FCC also appeared eager to bury).
“John Oliver’s “grassroots” activism against Federal Communications Commission chairman Ajit Pai is full of bot accounts, fake comments, and death threats against the chairman…an analysis of comments to Pai’s Restoring Internet Freedom filing, which Oliver has dubbed “Go FCC yourself,” shows thousands of comments using fake names and bots posing as “Jesus Christ,” “Michael Jackson,” “Homer Simpson,” and “Melania Trump.”…Over 500 were submitted using Chairman Pai’s name, as well as 189 from “Donald Trump” and 8 from “Obama.” Eleven submissions used some version of the word “f?k.”
If you think about it, the fact that Pai is trying to dismantle consumer protections for one of the most despised industries in America and only eleven people said fuck is actually pretty impressive. Also, for future reference, you don’t magically delegitimize people with legitimate complaints just by putting words like activist or grassroots in quotes.
That said, if you dig through the now 1.5 million comments so far, you’ll find that the vast, vast majority of the comments from both sides of the debate are entirely civil. Yes, there are the occasional comments from jackasses and racists, but by and large the feedback the FCC is getting sticks to the issues. And again, analysis of the comments so far has found that most of the original comments (comments made not using form letter systems embraced by both sides) are coming from consumers that actively support net neutrality protections.
How hard FCC staffers like Berry pushed these outlets to carry this narrative isn’t clear. But Berry and the FCC’s attempt to counter the Oliver effect also involved highlighting a story run by the Independent Journal Review featuring FCC boss Ajit Pai reading some of the mean comments he’s been receiving on Twitter:
For whatever reason the original story pulled the video, which is embedded below for your enjoyment:
Now these kinds of segments aren’t really new. Countless politicians (including Obama) and celebrities have done similar schticks, where they field unhinged comments from often juvenile and blindly hostile Twitter users. That Pai (who obviously has post-FCC political aspirations) did a similar video isn’t a problem in and of itself.
Pai is disliked right now for entirely legitimate reasons. Yet the mean tweets segment tries very hard to make gutting consumer protections seem “folksy,” and the corresponding backlash seem unreasonable. When a few reporters pointed out Pai’s mean tweets segment was a bit tone deaf to the legitimacy of the public complaints, Pai advisor Nathan Leamer was quick to insist that critics simply couldn’t take a joke:
Again though, the problem isn’t Pai reading mean Tweets. The problem is that the segment doesn’t explain why Pai is incredibly unpopular with consumers and the internet in the first place. The problem is also that this segment was obviously part of a larger, overarching attempt to make people with very legitimate grievances seem wholly unhinged and unreasonable. Oliver even went so far as to highlight how cable news channels were pushing the narrative as well, in an expanded bit the show did solely for online viewers (skip to the 3 minute mark if you don’t want to watch the whole thing):
As an additional layer of irony, this PR effort was occurring during the FCC’s “sunshine” period, an arguably stupid bit of long-standing policy bureaucracy during which the FCC is supposed to pause and “reflect” the will of the public and the facts on the ground.
And the facts on the ground say net neutrality rules protecting consumers from growing monopolies like Comcast have broad, bipartisan public support. It’s also a fact that despite his claim of a “deliberate consideration” of all the facts, Ajit Pai has every intention of completely ignoring public will when the agency votes to begin rolling back the rules this Thursday — after his agency gets done smearing the consumers he’s supposed to be protecting as the very worst sort of villains, of course.
Last week comedian and “The Late Show” host Stephen Colbert found himself in a little hot water after he made an oral sex joke about Donald Trump and Vladimir Putin at the tail end of his opening monologue. If you missed it, here’s the relevant bit (the easily-offended can skip down the page).
Obviously, the monologue wasn’t exactly enjoyed by Trump supporters, who collectively backed a somewhat rudderless and unsuccessful attempt to pressure CBS into firing the comedian (whose ratings have, non-coincidentally, been soaring thanks to his Trump tirades). Colbert ultimately issued a follow up comment in which he stated he probably could have more carefully chosen his words, but quite intentionally fell well short of offering an apology to Donald and Vlad.
Normally this is where the story would have ended. But last Friday afternoon The Hill ran a piece stating that the FCC had received an entirely-ambiguous number of complaints about the monologue, and was going through the process of determining whether or not Colbert’s comments violated FCC broadcast TV indecency guidelines. Under current FCC rules, the agency keeps an eye out for broadcast TV content deemed “indecent” before 10PM, and attempts to police “obscene” content after that point. This is all pretty standard FCC practice, with the end result most frequently either resulting in a modest fine or no action whatsoever.
When asked about Colbert’s comments, FCC boss Ajit Pai made a fairly innocuous comment to a talk radio station stating that the FCC would, in essence, manage the Colbert complaints in much the same way they handle every other obscenity complaint:
“We are going to take the facts that we find and we are going to apply the law as it?s been set out by the Supreme Court and other courts and we?ll take the appropriate action,? he told Talk Radio 1210 WPHT Thursday. ?Traditionally, the agency has to decide, if it does find a violation, what the appropriate remedy should be,? he said. “A fine, of some sort, is typically what we do.”
Again, this is a fairly inane comment by an FCC boss, effectively stating that he was simply going to follow normal FCC process. Yet somehow the narrative quickly shifted in the media, with outlets immediately complaining that Pai’s actions were somehow a frontal assault on free speech, or worse. The Writers Guild of America fanned these flames by issuing a statement claiming it was “appalled” by Pai’s behavior:
“?As presidents of the Writers Guilds of America, East and West, we were appalled to read recent remarks by Federal Communications Commission chair Ajit Pai,? said WGA East boss Michael Winship and WGA West chief Howard Rodman this morning. ?He said the FCC would investigate a joke about Donald Trump by Writers Guild member Stephen Colbert, ?apply the law? and ?take appropriate action? if the joke were found to be ?obscene,’? the duo added of the FCC chair?s May 5 response in a radio interview.
Again though, all Pai really said is that the FCC would do what it has always done when investigating obscenity complaints. In fact, you’ll note he never even uses the word “investigation.” Yet somehow this idea that Pai was engaged in a rogue attack on free speech quickly ballooned to becomce this week’s media narrative du jour.
Make no mistake: Pai wants to replace meaningful oversight of companies like Comcast with the policy equivalent of wet cardboard. All while pretending — with the help of misleading, cherry picked data — that this is all of immeasurable benefit to consumers.
There’s been a torrent of controversial or otherwise abysmal things Pai has been up to that deserve attention. Yet somehow the focus this week has been a hysterical over-reaction to a non-story. Yes, Pai has obvious post-FCC political ambitions and enjoys throwing the occasional red meat to what he hopes will be his future constituents. But his comments on the Colbert indecency complaints are quite arguably the least interesting and most innocuous thing the FCC has been up to.
Not only did the press hysteria over the Colbert non-story take the media’s eye off the ball, it reinforced the narrative that the press is awash in a “fake news” — requiring a litany of hand wringing and soul-searching — despite nobody really knowing what the term even means. And while many were quick to insist this proves “the left” also engages in “fake news,” that tends to obfuscate the fact that the problem with modern news most frequently isn’t that it’s fake (though it sometimes is) — it’s that much of it is just good, old-fashioned shitty reporting.
Want to know how much of a threat terrorism poses to the United States? Just ask an agency whose relevance and budget depends on projecting the appearance of a constant threat. Here’s John Kelly, the new head of the DHS:
The threat to our nation and our American way of life has not diminished. In fact, the threat has metastasized and decentralized, and the risk is as threatening today as it was that September morning almost 16 years ago.
As I speak these words the FBI has open terrorism investigations in all 50 states, and since 2013, there have been 37 ISIS-linked plots to attack our country.
The problem with swearing on a stack of FBI statements is these assertions are completely meaningless. The FBI’s a well-oiled terrorist-crafting machine at this point, so it can come up with whatever number of ISIS-linked plots is needed to further the agenda of multiple government agencies.
As for “open terrorism investigations,” it would be much more helpful if the FBI didn’t term nearly everything it does an “investigation,” even when there’s nothing worth investigating. As we’ve covered here before, there are a few different types of investigations the FBI engages in, starting with something that looks a whole lot like an investigation (in terms of information the FBI can obtain), but really isn’t. These “investigations” are called assessments, and it takes almost nothing at all to get one of these underway. Emily Hockett and Michael German of Just Security explain how the guidelines for assessments changed radically after the passage of the FISA Amendments Act in 2008.
The most drastic change came in 2008 with a set of guidelines issued by then-Attorney General Michael Mukasey, who today is an ally of President Trump. The 2008 Guidelines created a new type of investigation called an “assessment.” Assessments permit physical surveillance, database searches, interviews, racial and ethnic mapping, and the recruitment and tasking of informants without any factual or criminal predicate, that is, without any objective basis to suspect the target of the investigation has violated any law, or is likely to in the future.
Because Kelly’s statement doesn’t clearly define what sort of investigations the FBI is engaged in, it’s quite possible the FBI only has assessments underway in several states. Rather than portray the nation as a hotbed of potential terrorism, the presence of assessments indicates nothing at all. That the FBI can engage in surveillance without “any factual or criminal predicate” is disturbing enough. Misrepresenting the depth of these investigations to further a narrative of fear is carelessness at best. It’s deeply dishonest at worst.
But even if we are to take the DHS head’s word at face value — that the FBI actually has real investigations opened in all 50 states, the word “investigation” still doesn’t mean much. It should never be assumed an investigation is actually an indicator of terrorist activity. There are also “preliminary investigations” — a step above assessments but below the FBI’s standard for an actual investigation. These, too, can be based on almost nothing.
Preliminary investigations require only “information or an allegation,” and contrary to Comey’s testimony, the allegation does not need to be “credible.” A 2010 Inspector General report found the FBI opened preliminary investigations on political advocacy organizations based on mere speculation that the subjects might commit a crime in the future, and the agents themselves often made the required “allegations.”
Comey’s statement — the one cited by John Kelly — claimed all FBI investigations need “a credible allegation of wrongdoing or reasonable basis…” This obviously isn’t true. Using the presence of FBI investigations to support claims of a persistent terrorist threat gives the FBI far too much credit.
The extremely low bar the FBI must avoid tripping over on its way to unwarranted (in both senses of the word) surveillance gives it plenty of busywork to keep agents and analysts busy. It does not, however, make the United States any safer.
From 2009 to 2011, the first two years the Mukasey guidelines were in place, the FBI opened over 82,325 assessments, of which only 3,315 found information that warranted opening preliminary or full investigations.
Given the preliminary investigation hurdle doesn’t rise above shin-high, assessments seem to be a convenient excuse for surveilling Americans and adding this to the FBI’s overstuffed databases. FBI terrorism investigations are a completely useless metric for gauging the domestic terrorism threat. But, hey, whatever sells more government power.
Look, we warned everyone about this. Right after Congress stupidly stripped privacy protections so that ISPs could more actively sell your data (and make it harder for you to realize it or do anything about it), there were a few crowdfunding campaigns that popped up on GoFundMe, claiming that they were raising money to then buy the web browsing data of Congress. We pointed out at the time that this was dumb and dangerous because you can’t just go buy someone’s web surfing data. That’s not how any of this works. But, you know, it was one of those stories that people just really, really wanted to believe, so apparently unaware of it being flat out impossible (more people should read Techdirt…), tons and tons of people donated tons and tons of money, without realizing there was absolutely no way these campaigns could do what they they claimed. The more well-known campaign, by a self-declared “privacy activist” named Adam McElhaney, ended up raising over $200k (despite others claiming that it looked like a pure scam). The slightly lesser well-known one, by actor Misha Collins, took in just under $90k. Between them, they raised about $300k… with promises of obtaining data that anyone with any knowledge of the situation would know they couldn’t obtain.
So, uh, take a wild guess what has happened? If you guess they didn’t get any data with that money, well give yourself a prize, because that’s exactly 100% what happened.
And… some of the folks snookered into handing over the cash for something that was pretty clearly bogus are… not happy. Many have been requesting refunds. McElhaney is now claiming that he was never planning to buy the data from ISPs, but rather get it by FOIA, though he’s now admitting in a GoFundMe update that it’s not working either:
When I started, I said I wanted to get the internet histories of those who voted for this law.
That has not changed.
What I didn’t mention was *WHERE* I planned on getting the data. If I told you that I was going to come after your web habits, your search history, you might – as I imagine many of you did – change what you look up on your home computers. This is what I wanted our legislators to think – their home internet connections where being targeted. When in fact I was coming for their office server data. That data is subject to Freedom of Information Act requests and very obtainable.
Even if they didn’t change their habits the data stored in their work proxy servers would still be a trove of information. Maybe even more telling than home.
The reason I am telling this to you now is, I think the cat is out-of-the-bag. After the first forty paper requests went out, a few days later I was contacted by a friend who happens to work in the offices of a senators. She said that word is getting around that “the GoFundMe guy that has raised all that money for privacy is trying to get our work internet history.”
Now after about 80 paper requests have gone out, I have received responses back from three. They simply stated they do not have the data I requested. Oddly enough they were all requests for the same person, Marsha Blackburn. But, it makes sense. I am in Tennessee and three of her offices are in Tennessee so the mail would have gotten to her offices faster. After that I have received no other responses.
He then notes that anyone who wants a refund should request it and GoFundMe would return the money — but for those who didn’t request a return, he’d hand the money over to EFF. Hopefully that is true — EFF obviously does great work. But, still, this whole episode is an unfortunate one. There remain very real issues around the privacy rules being killed and the way in which ISPs handle our private info. But going nuts and exaggerating the situation helped no one (well, perhaps EFF will benefit in the end… but still not the best way to handle this). Keeping things in perspective and accurate is important. Flying off the handle and assuming you can just go buy everyone’s internet browsing history without actually understanding the legal change that was happening was dumb — and it was dumb that many in the press helped make the story go viral without any explanation that it was bullshit. If you want to donate to organizations for doing good work, donate to them directly — not through some sketchy scheme like these.
