Capitalist Lion Tamer’s Techdirt Profile

capitalisliontamer

About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]
http://5k500k.wordpress.com

[recently retired]
http://capitalistliontamer.wordpress.com

[various side projects]
http://cliftonltanager.wordpress.com/
http://bl0wbybl0w.wordpress.com/
http://thepenismadeoutofspam.wordpress.com/



Posted on Techdirt - 7 December 2018 @ 1:30pm

Indiana Police Chief Promoting As Many Bad Cops As He Can To Supervisory Positions

from the Welcome-to-Zero-Accountability,-Indiana dept

Why is routine police misconduct a problem police departments can't seem to solve? It's a mystery, says Elkhart, Indiana law enforcement.

Twenty-eight of the Elkhart Police Department’s 34 supervisors, from chief down to sergeant, have disciplinary records. The reasons range from carelessness to incompetence to serious, even criminal, misconduct.

Fifteen of them have served suspensions, including [Police Chief Ed] Windbigler himself, who was once suspended for three days and ordered to pay punitive damages in a federal lawsuit alleging excessive force.

Change starts at the stop... unless it's stagnation you're really looking for. Then all you have to do is put someone as questionable as the officers he oversees in charge of the whole mess.

This report -- put together by ProPublica and the South Bend Tribune -- compiles information from public records and court documents to paint a disturbing picture of the Elkhart police force. Making bad cops supervisors ensures misconduct by officers will never be fully addressed.

One promoted officer fired his weapon in three fatal shootings in the span of four years. Sergeant Dan Jones has been promoted twice, despite being found at fault in at least four accidents. He's also Parent of the Year.

Jones was once disciplined for how he picked his child up from elementary school, according to his personnel file. In his squad car, Jones entered a drive marked “wrong way,” cut into line, failed to properly secure his child and then, at a pedestrian crossing, failed to stop for a student holding up her stop sign.

Despite seven reprimands, a suspension, a demotion, and a finding of neglect of duty, Todd Thayer was promoted from corporal to assistant chief in 2016 by Chief Windbigler shortly after he took over the top spot in the department. His suspension involved officers taking suggestive photos of a woman waiting for a ride at the police station.

Another promoted officer shot and killed an unarmed man while serving a search warrant, and tasered a student at a local high school while acting as a school resource officer. Other members of the PD's supervisory team have used data terminals to "talk about white power," repeatedly switched recording devices off, threw away property seized from people they've stopped, slept on the job, filed incomplete paperwork, and been involved in large number of auto accidents and on-the-job shootings.

With these promotions, Chief Windbigler has made it clear he won't hold his officers accountable for their misdeeds. He's been in office for less than two years, but he's already shown he's not willing to mete out discipline.

This month, the city said two Elkhart police officers would be charged with misdemeanor battery after the Tribune requested video that showed them repeatedly punching a handcuffed man in the face. Windbigler had previously opted to limit the two officers’ discipline to reprimands. He told the oversight board they “just went a little overboard when they took him to the ground,” while making no mention of the punches thrown.

There's another level of oversight that may rein some of the worst cops in, but Chief Windbigler is actively avoiding its scrutiny. The Public Safety Board is supposed to be the disciplinary body handling misconduct cases, but Chief Windbigler isn't giving it anything to work with. As the article notes, previous police chiefs brought 20 cases a year to the PSB. Windbigler brought zero cases to the board during his first full year as chief. Since then, he has only brought eight. For all of this accountability-dodging, his officers voted the chief "Officer of the Year," despite the fact the honor is supposed to go to actual officers, not top PD brass.

The news only gets worse for Elkhart residents, who will be paying bad cops to oversee possibly worse cops. The mayor, Tim Neese, has decided to reform the Public Safety Board. Neese, whose son is an Elkhart police officer, will be dropping his two appointees and replacing them with more cops.

He said the board would be made up of five people — and all five would be police officers, including an assistant chief, a captain and an internal affairs lieutenant.

The mayor and police chief don't appear to care how much long-term damage they're doing to community relations and the police department itself. The Elkhart PD spent much of the early 90s defending itself in a long string of civil rights lawsuits that culminated in a study commissioned by the city that showed the department had a "reputation for brutality" and almost zero internal accountability. With these recent brass installations, it's the 90s all over again.

24 Comments | Leave a Comment..

Posted on Techdirt - 7 December 2018 @ 3:30am

30 Years Ago, Maine Changed Its Law To Curb Forfeiture Abuse. Records Show Nothing Has Changed.

from the hereby-mandates-depositing-of-funds-if-law-enforcement-feels-like-it dept

The thing about asset forfeiture is it's stocked full of perverse incentives. With a minimum of civil paperwork, law enforcement agencies can directly benefit from the property they seize and all without the hassle of having to deal with the uncertainty of criminal proceedings. The property is seized and its former owners are free to go. Minimum expenditure, maximum profit, and it's all totally legal.

The best way to reform civil asset forfeiture is to attack these incentives. Some states, like Maine, have done this by forcing law enforcement agencies to deposit forfeiture proceeds into the general fund. Highway robbery now enriches the entire state, which won't be much comfort to victims of forfeiture programs. But there should be fewer victims of forfeiture now that the seizing agency doesn't have a personal stake in the forfeiture.

Should be. The solution looks good on paper. The execution, however, leaves something to be desired. (via the ACLU)

[D]espite Maine’s forfeiture law’s potential to curb corruption, the state’s Office of Fiscal and Program Review has confirmed that — aside from a single deposit of $4,335 made by the Public Safety Department in 2010 — no recent proceeds from property forfeitures have gone into Maine’s general fund.

The provisions to direct seized cash and property into the state general fund were originally drafted in 1987 and amended in 1999. It is not clear how long this law has not been complied with by state public safety officials.

Well, from the looks of it, the law has not been complied with for most of the last 30 years. Maybe record keeping doesn't extend that far back, but the fiscal office offered up no evidence suggesting it was complied with more frequently a couple of decades ago.

It is clear agencies are still directly benefiting from civil asset forfeiture. To route around state restrictions, local agencies are bringing in the feds to take advantage of a sharing program that's not subject to local laws. Federal records show state agencies have taken home $13 million in funds from federal adoption of forfeitures since 2000.

The lack of contribution to the state's general fund shouldn't be taken to mean state agencies have abandoned non-federal-assisted forfeiture. A public records request by the Institute for Justice obtained data showing state agencies are still racking up about $250,000 a year in cash forfeitures alone. That should have made its way to the state fund, but there's no records showing that ever happened.

Rule changes mean nothing if no one's willing to enforce them. The state legislature made an effort thirty years ago to reform forfeiture, but for the last decade-plus, no one in the state has done anything to ensure agencies are complying with the rules. Law enforcement agencies aren't going to hold themselves accountable and they'd still like to be the largest -- if not the only -- beneficiary of seized property. That's exactly what appears to be happening here. Laws mean nothing if they're not enforced -- a truism law enforcement agencies are keenly aware of.

12 Comments | Leave a Comment..

Posted on Free Speech - 6 December 2018 @ 9:34am

EFF Goes To Bat For Free Speech, Asks Appeals Court To Uphold Injunction Against California's Stupid 'Anti-Ageism' Law

from the can't-fix-stupid.-but-you-can-enjoin-it. dept

Because the state is an idiot, the attorney general of California is appealing the federal court decision permanently preventing the state's government from enforcing its ultra-stupid "anti-ageism" law. The law -- which would do absolutely nothing to prevent movie studios from engaging in biased hiring -- targeted the Internet Movie Database (IMDb), preventing it from publishing facts about actors and actresses. This asinine, First Amendment-trampling law was prompted by failed litigation against IMDb by an actress who felt she was losing roles to younger actresses because the site had published her birthdate.

The federal court needed only six pages to tell the state how terrible its law was and what impact it would have on protected speech. This ridiculous argument -- supported by beneficiaries of the First Amendment (the Screen Actors Guild) -- was quickly dismantled by the presiding judge:

SAG-AFTRA contends that publication of facts about the ages of people in the entertainment industry can be banned because these facts "facilitate" age discrimination – an argument that, if successful, would enable states to forbid publication of virtually any fact. There is no support in controlling case law for the proposition that a state may ban publication of facts to impede a third party’s possible reliance on those facts to engage in discrimination.

The lawsuit persists, thanks to the state's infinite supply of time and other people's money. The obvious First Amendment violations are being pushed again on appeal. The EFF -- joined by The First Amendment Coalition, Wikimedia Foundation, Media Law Resource Center, and The Center for Democracy & Technology -- has filed a brief [PDF] in support of IMDb and Constitutional lawmaking in general.

The brief argues the First Amendment protects IMDb's publication of facts about people listed in its pages. That much should be painfully obvious, but the state can't seem see past its own do-somethingism. But, just as importantly, there's a First Amendment right to access factual information of public interest. And these facts definitely are of public interest -- something inadvertently argued by the law itself. If there's ageism in the movie industry, the more facts everyone has to work with, the more a case can be made the industry is engaging in discriminatory practices. Removing this info from circulation actually enables ageism by making movie studios the sole repository of this data.

The state should be embarrassed it's actually appealing the decision shutting down its obviously unconstitutional law. It's not going to get a win at the appellate level either, not when the best arguments it can offer have holes large enough to drive trucks full of First Amendment precedent through them. But I guess shame isn't part of the equation when all you're doing is flushing other people's money down the toilet.

Read More | 31 Comments | Leave a Comment..

Posted on Techdirt - 6 December 2018 @ 3:15am

Man Shot By Cops Claims Shotspotter Found Phantom 'Gunshot' To Justify Officer's Deadly Force

from the so-are-cops-still-losing-the-tech-race-or-whatever? dept

A lawsuit originally filed early last year makes some very disturbing allegations about police officers and their relationship with their vendors. New York resident Silvon Simmons was shot three times by Rochester Police Officer Joseph Ferrigno. Simmons was unarmed, but was hit with three of the four bullets fired by Ferrigno as he ran way from the officer.

Shortly before being shot. Simmons had been engaged in "Minding Your Own Business," which can apparently be nearly-fatal. Returning from a trip to a convenience store shortly after 9 pm, Officer Ferrigno cut in front of him, hit Simmons with his spotlight, exited his car with his gun drawn, and opened fire when Simmons began running. According to Simmons' amendment complaint [PDF] filed in August, Ferrigno never stated he was police officer before opening fire. Simmons, blinded by the spotlight, was unsure who was shooting at him. Even if he had known it was cop, he still would have had no idea why he was being stopped, much less shot at.

The number of bullets fired matters, as Tracy Rosenburg of Oakland Privacy reports. Something seriously messed up happened after the shooting. A gun was found in the yard several houses away from where Simmons was stopped. Cops tried to tie this weapon to Simmons to justify Ferrigno's deadly force use, despite the gun being located in the opposite direction of Simmons' flight path.

Not that it would have mattered if it had been found in the same yard where Simmons lay "playing dead" in order to not get shot again by his unseen assailant.

A Ruger revolver was said to have been recovered at the site an hour or so later. The Ruger did not belong to Silvon Simmons. His fingerprints and DNA were not on the recovered gun. The only shell casings recovered at the site were the four bullets from the officer’s Glock. The Ruger had an empty magazine and it was not in the lockback position, indicating it had not been recently fired.

Simmons offered to give the officers even more evidence, but since it was exculpatory, they weren't interested.

Simmons requested his hands and clothing be checked for gunpowder residue. The request was denied. Simmons repeated the request in writing while intubated at the hospital and was told to stop writing questions.

Having reverse-engineered a narrative to support the shooting, cops set about charging Simmons with attempted aggravated murder, attempted aggravated assault on a police officer, and criminal weapon possession. Simmons spent more than a year in jail before being acquitted on all charges. The wounds he sustained are permanent.

The dark and disturbing wildcard in this lawsuit is a Shotspotter gunshot detection device. The sensor reported no shots that night. What it detected during the shooting of Simmons was determined by the device to be "helicopter noise." That alone is concerning, considering the main job of the Shotspotter is to spot gunshots.

But that all changed once a police officer got involved. The Shotspotter forensic report says the incident switched from "helicopter noise" to "multiple gunshots" at an officer's request. This officer requested something extra though: an additional gunshot to support the narrative used to charge Simmons with murder/assault and give Officer Ferrigno post-incident permission to shoot the man fleeing from him.

A Rochester police officer acknowledged at the criminal trial of Silvon Simmons that he left the shooting scene after midnight, returned to the fourth floor at the Central Investigations Division of the Rochester Police Department, logged onto a computer and opened a chat session with Shotspotter, where he provided the location, time, the number of possible shots and the caliber of the weapons allegedly fired. Officer Robert Wetzel also testified that Shotspotter responded to him that they found a fifth gunshot at his request.

Shotspotter's forensic analyst certified the report, testifying that five shots were fired. Shotspotter somehow managed to detect another gunshot hours after the incident, using only the guidance of an officer who desperately needed another shot on the record. The company's forensic expert basically admitted this much while testifying.

This conclusion was based solely upon information provided to Shotspotter by the Rochester Police Department.

There may have been a simple way to prove/disprove the existence of another gunshot -- one that can't be traced to the weapon found or have been observed by anyone but the officer who needed a justification for his deadly force deployment. Spotshotter retains recordings… usually. But somehow this essential recording capturing an officer-involved shooting vanished.

[Shotspotter forensic analyst Paul] Greene testified at the criminal trial that there was “no way to go and look at the original file that was recorded and there is no way to listen to all the audio from that day”. The reason there was no way to do this was that both Shotspotter and the Rochester Police Department had lost the audio recording from the night of April 1, 2016.

Whatever doesn't agree with the narrative had to go, and so Shotspotter's recording went. Shotspotter has customers to please and shareholders to earn profits for. If the customer isn't happy with the product, they're unlikely to keep buying more. If keeping a customer happy means deleting recordings and certifying altered forensic reports, so be it. Whatever it takes to ensure the revenue stream keeps flowing -- even if "whatever" means framing a gunshot victim for a crime he didn't commit.

Read More | 68 Comments | Leave a Comment..

Posted on Techdirt - 5 December 2018 @ 3:32pm

New York Court Tells CBP Agent He's Not Allowed To Pretend He's A Traffic Cop

from the 'citizen's-arrest'-is-supposed-to-describe-the-person-making-the-arr dept

In a short decision, the Supreme Court of the State of New York reminds federal agents what they can and can't do while operating under the color of law. In this case (via The Newspaper) a CBP officer, who was supposed to be keeping an eye on the ultra-dangerous Canadians, decided he wanted to be a traffic cop instead.

Spotting a driver "engaging in dangerous maneuvers," the CBP agent (who is unnamed in the decision) decided to pursue the vehicle. He called the Buffalo (New York) Police Department to relay his observations. Deciding it would take too long for Buffalo PD officers to respond -- and supposedly concerned about the danger posed by the driver -- the CBP agent activated the lights on his vehicle and pulled the driver over.

The CBP agent did not approach the driver until a Buffalo police officer arrived -- not out of concern for the Constitution, but rather for his own personal safety. The CBP agent left after more police officers arrived. A gun was discovered during the stop and the driver was charged under New York law with illegal possession of a firearm.

The driver moved to suppress the evidence, arguing the stop itself was unlawful. The court found the CBP agent had the "powers of a peace officer," a fact that's relevant to its final determination. As such, the CBP agent can do certain things related to customs/border protection, but pulling drivers over for traffic violations isn't one of them. From the decision [PDF]:

In concluding that the agent unlawfully stopped the vehicle, the court determined that the agent had the powers of a peace officer, but that the traffic stop could not be justified on that basis because the agent was not acting pursuant to his special duties or within his geographical area of employment.

The state argued the CBP agent was not acting as a peace officer when he performed the stop. It claimed the agent was nothing more than a concerned citizen performing an ultra-rare "citizen's arrest." LOL, says the court. Even if the court had found that a CBP agent is not a peace officer, the agent's actions undercut any arguments construing this as a citizen's arrest.

Even assuming, arguendo, that the agent, as a marine interdiction agent with the U.S. Customs and Border Protection Air and Marine Operations and a deputized task force officer with the Niagara County Sheriff’s Office, is not a peace officer and does not possess the powers thereof [...] we conclude that the court properly determined that the agent did not effect a valid citizen’s arrest.

The agent, while contemporaneously reporting the incident to the police over the telephone and requesting the presence of a police unit, activated red and blue emergency lights in the grille of his truck and a light bar inside the windshield for the purpose of stopping the vehicle. A private person, however, is not authorized to display such emergency lights from his or her private vehicle (see Vehicle and Traffic Law § 375 [41]; People v Hesselink, 76 Misc 2d 418, 418-419 [Town of Brighton Just Ct 1973]). Moreover, a private person may not falsely express by words or actions that he or she is acting with approval or authority of a public agency or department with the intent to induce another to submit to such pretended official authority or to otherwise cause another to act in reliance upon that pretense (see Penal Law § 190.25 [3]; see generally People v LaFontaine, 235 AD2d 93, 106 [1st Dept 1997, Tom, J., dissenting], revd on other grounds 92 NY2d 470 [1998]).

Thus, the agent was not lawfully acting merely as a private person effectuating a citizen’s arrest when he activated emergency lights that were affixed to his truck by virtue of his position in law enforcement. Additionally, the agent was not acting merely as a private person when he approached the seized vehicle as backup in cooperation with the officer for safety purposes.

The state also tried to argue that even if the seizure was not lawful under New York law, it was not unconstitutional. The court says "you had us at 'illegal seizure.'"

Even if a violation of the citizen’s arrest statute is not necessarily a violation of a constitutional right, we conclude that adherence to the requirements of the statute implicates the constitutional right to be free from unreasonable searches and seizures…

And away goes the evidence and the conviction. The lesson is: if you're a federal agent charged with keeping an eye on the border, do that. If you feel the need to act like a concerned citizen, try to do it without turning on your emergency lights and pulling them over. Otherwise, all you've done is waste a bunch of people's time.

Read More | 32 Comments | Leave a Comment..

Posted on Techdirt - 5 December 2018 @ 3:22am

EternalSuffering: NSA Exploits Still Being Successfully Used To Hijack Computers More Than A Year After Patching

from the can't-stop-won't-stop dept

Everything old and awful is new again. And still awful. Zack Whittaker reports for TechCrunch that the NSA's purloined kit of computer nasties is still causing problems more than a year after security patches were issued by affected vendors.

[A]kamai says that attackers are using more powerful exploits to burrow through the router and infect individual computers on the network. That gives the attackers a far greater scope of devices it can target, and makes the malicious network far stronger.

“While it is unfortunate to see UPnProxy being actively leveraged to attack systems previously shielded behind the NAT, it was bound to happen eventually,” said Akamai’s Chad Seaman, who wrote the report.

There are more technical details in Akamai's report, which notes the deployment of EternalRed and EternalBlue, which target Linux and Windows machines respectively. It appears to be a massive crime of opportunity, with attackers possibly scanning the entire internet for vulnerable ports/paths and injecting code to gain control of computers and devices. The "shotgun approach" isn't efficient but it is getting the job done. Akamai refers to this new packaging of NSA exploits as EternalSilence, after the phrase "galleta silenciosa" ("silent cookie/cracker") found in the injected rulesets.

The damage caused by this latest wave of repurposed surveillance code could still be rather severe, even with several rounds of patches immunizing a large number of devices against this attack.

Currently, the 45,113 routers with confirmed injections expose a total of 1.7 million unique machines to the attackers. We've reached this conclusion by logging the number of unique IPs exposed per router, and then added them up. It is difficult to tell if these attempts led to a successful exposure as we don't know if a machine was assigned that IP at the time of the injection. Additionally, there is no way to tell if EternalBlue or EternalRed was used to successfully compromise the exposed machine. However, if only a fraction of the potentially exposed systems were successfully compromised and fell into the hands of the attackers, the situation would quickly turn from bad to worse.

More of the same, then. Perhaps not at the scale seen in the past, but more attacks using the NSA's hoarded exploits. Hoarding exploits is a pretty solid plan, so long as they don't fall into the hands of… well, anyone else really. Failing to plan for this inevitability is just one of the many problems with the NSA's half-assed participation in the Vulnerability Equities Process.

Since the tools began taking their toll on the world's computer systems last year, there's been no sign the NSA is reconsidering its stance on hunting and hoarding exploits. The intelligence gains are potentially too large to be sacrificed for the security of millions of non-target computer users. It may claim these tools are essential to national security, but for which nation? The exploits wreaked havoc all over the world, but it would appear the stash of exploits primarily benefited one nation before they were inadvertently dumped into the public domain. Do the net gains in national security outweigh the losses sustained worldwide? I'd like to see the NSA run the numbers on that.

24 Comments | Leave a Comment..

Posted on Techdirt - 4 December 2018 @ 3:35pm

Tennessee Legislators Can't Stand Up To Cops; Keep Federal Loophole Open For Nashville Law Enforcement

from the asset-forfeiture-gone-mad dept

Earlier this year, the Tennessee legislature passed some very minimal asset forfeiture reforms. The bill, signed into law in May, does nothing more than require periodic reporting on use of forfeiture funds and the occasional audit.

What it doesn't do is require convictions. It also doesn't close the federal loophole, which allows Tennessee law enforcement to bypass state laws if they feel they're too restrictive. Given that state law doesn't really do anything to curb forfeiture abuse, the federal adoption lifeline isn't used quite as often in Tennessee as it is by law enforcement agencies in others states with laws that are actually worth a damn.

But local cops really really really want the federal loophole open. They've been applying pressure to Nashville legislators and it has had the expected effect. (h/t Daniel Horwitz)

Nashville on Tuesday renewed its participation in a controversial 1980s-era federal program that's allowed the police department to keep proceeds from seized assets taken from people suspected of crimes involving drugs.

After spirited debate, the Metro Council voted 25-5 with two abstentions to renew Metro's participation in the "equitable sharing program" with the U.S. Department of Justice and federal Drug Enforcement Administration.

The loophole Nashville law enforcement barely needs will remain open. And it will remain open because… well, budgets are tight and we can't keep asking state taxpayers to make up the difference.

Councilwoman Jacobia Dowell, who also voted for renewing the agreement, said not renewing the program would leave a hole in the city's budget.

"I have zero confidence in this council body to find $150,000," Dowell said, noting the city's budget struggles this past year.

So, instead of all taxpayers, Councilwoman Dowell wants to have just a few taxpayers pitch in to help cops -- taxpayers who happen to have property law enforcement thinks they didn't acquire legally.

Or not even taxpayers! Why even trouble those who reside in the state to give law enforcement some extra cash. Why not just take money from people leaving the state? That's the way Tennessee's "drug interdiction" teams work. According to law enforcement, they want to stop the flow of drugs into the state. That doesn't really explain their actions:

While drugs generally come from Mexico on the eastbound side of Interstate 40 and the drug money goes back on the westbound side, the investigation discovered police making 10 times as many stops on the so-called "money side."

Law enforcement doesn't seem to mind the drugs coming in, but it's certainly not going to let the cash head back out. Councilwoman Dowell thinks if cops can't lift money from drug dealers, they won't be able to buy the stuff they need to continue to allow drugs to flow into the state.

What Dowell absolutely doesn't want to see is her poorest constituents asked to dig even deeper to keep the drug interdiction units in business.

She said [the budget shortfall] would end up coming from Nashville's "most distressed and the impoverished communities."

Bless her heart. Oh wait.

Although civil asset forfeiture affects people of every economic status and race, a growing array of studies indicates that low-income individuals and communities of color are hit hardest. The seizing of cash, vehicles, and homes from low-income individuals and people of color not only calls law enforcement practices into question, but also exacerbates the economic struggles that already plague those communities.

None of the rationale makes sense. The drug teams that don't actually catch drugs need money to keep doing the job they're not doing and they need to take it from someone since the state's not going to help them out. The people who are going to help them out are either people leaving the state or low-income residents.

The problem is that when you say someone's going to have to come up with $150,000, someone will have to come up with it. And when that number increases -- and it will -- the shortfall comes directly from residents and other US citizens who have their belongings taken from them without even being accused of a crime.

$150,000 is only the cut from federal sharing. That's Nashville law enforcement's manageable money habit. There's more to it than the federal slush fund. Nashville law enforcement has created a drug enforcement ecosystem that can't be sustained without the seizure of millions of dollars every year. Even prosecutors recognize the problem.

[Nashville County District Attorney Glenn] Funk stated that on his first day as Nashville’s District Attorney, he was told that $1.7 million to $2 million would be needed to be brought in through seizures in order to keep the drug task force in operation. He also expressed concern that individuals were indicted or subject to forfeiture proceedings who would not otherwise have been if civil asset forfeiture were not a “cash cow.” He stated that officers sometimes target people with high-value cars so they can forfeit them and put the cars into service. General Funk provided these as examples of problems that arise “when we don’t have legislative oversight over the funds and assets . . . that are being seized.”

If you want to start fixing forfeiture abuse, start with the federal loophole. Agencies will realize it's not impossible to live without this money. And from there, you can start cutting them off from the main supply by eliminating civil asset forfeiture altogether by adding a conviction requirement. But if you can't even make this small move, you're not serious about fixing the problem. That's Nashville's problem -- one that harms citizens while keeping law enforcement flush with funds they really didn't earn.

15 Comments | Leave a Comment..

Posted on Techdirt - 4 December 2018 @ 3:23am

Lawsuit: Boston PD's 'Gang Database' Says People Who Wear Nikes And Have Been Beat Up By Gang Members Are 'Gang Associates'

from the guilty-until-negatives-proven dept

The Chinese government uses a number of measures to keep tabs on citizens. One is what's known as a "citizen score" -- a compilation of all the good/bad habits the government can track that determines whether a person should be viewed as a contributor to society or someone the government should take out of circulation.

We do the same thing here in the US. Credit scores determine who gets to live where and what vehicle they can own. It also can affect employment opportunities. This version of a "citizen score" is compiled by private parties who have access to information Americans are given no choice in relinquishing.

But the government also uses point-based systems to determine what kind of citizen you are: one of the good OK guys or possible a menace II to society. The ACLU is currently suing the Boston Police Department over its ad hoc "citizen score." The BPD adds and subtracts points to add and (possibly?) subtract people from its "gang database." Things citizens actively do -- and even things they passively don't -- can put them on this watchlist.

From the ACLU's public records lawsuit [PDF]:

Under the point system, a person is designated as a "Gang Associate" if he is assessed six or more points, and a "Gang Member" if he is assessed ten or more points. See Exhibit A, Boston Police Department Rules and Procedures Rule 335.

The point system makes it possible to designate someone a Gang Associate or Gang Member without any allegation that he engaged in violence or criminal activity.

An individual may be assessed eight points for being the victim of gang-related violence.

Yes, you read that right: Boston residents magically become "Gang Associates" if they're shot at by gang members. Or carjacked. Or mugged. If this happens twice, it appears they'll be upgraded to "Gang Member" thanks to their inability to avoid being victimized by gang members.

There's more to the list -- things that assure plenty of other non-gang members will be treated like gang members by cops relying on this ridiculously-compiled database.

An individual may be assessed two points for each instance in which he is seen with an alleged gang member or associate, even in a photograph, and even if that alleged gang member or associate is a classmate, neighbor, or family member.

An individual may be assessed four points for each instance in which a police report describes him to have been "[w]alking, eating, recreating, communicating, or otherwise associating with" a gang member; for making a hand gesture believed to be a gang sign; and for wearing clothing that police deem to be gang-related.

Going to school that gang members attend: that's going to cost you. Being even distantly related to gang members? That's a few points.

If it wasn't all ridiculous enough already, here's the best part: cops can use calling a person a gang member to rack up points on the gangland score.

Other factors the BPD considers are circular. For example, an individual may be assessed eight points if another law enforcement agency determines he is a gang member, without regard to the evidence or criteria used, or nine points for being in possession of court or "investigative documents" that label him a gang member.

If a Boston resident is served with a summons from another law enforcement agency and it happens to say something about "suspected gang member" on them, that's nine points: "Gang Associate." If the documents say this designation was based on some sort of mystery database, that's 17 points and the full "Gang Member" designation with points to spare.

The ACLU's lawsuit is seeking a decision forcing the BPD to turn over documents on its gang database so the citizens affected by it can see what's being used to treat them as criminals, even when they haven't officially been accused of anything. As the suit notes, these designations -- based on bad/circular reasoning -- routinely ensnare people who've never been arrested, much less suspected of criminal activity. And yet, there they are, listed as associates or gang members in a database police officers have access to when making stops.

Just getting dressed in the morning is enough to turn someone's life upside down. The lawsuit points out the BPD has designated things like Chicago Bulls caps and Nike sneakers to be "gang apparel." Officers routinely surveil youths at parks, schools, and recreation centers -- places they're sure to see people wearing NBA merchandise and Nike shoes. And, because gang members are also human beings, they'll frequent public places to use those facilities, putting everyone else in the same location in danger of being deemed "gang associates."

The problems aren't just local. ICE has access to the BPD's database and makes deportation decisions based on this extremely faulty info.

The lawsuit pits the ACLU against the state with the most public-unfriendly public records laws in the nation. Overcoming the dozens of exemptions the BPD can use isn't going to be easy. Hopefully, though, the court will see the public interest outweighs the built-in excuses provided by the state's terrible laws and force the department to turn over the requested documents.

Read More | 46 Comments | Leave a Comment..

Posted on Techdirt - 3 December 2018 @ 3:47pm

Public Records Law Reforms Still Haven't Made Massachusetts Any Less Of A Hellhole For Records Requesters

from the appears-the-massholishness-goes-all-the-way-to-the-top dept

Nearly a third of the official guide to public records requests published by the state of Massachusetts is given over to exemptions. That should give records requesters some idea of what they're in for when tangling with the state's agencies.

The state has developed a reputation for being a public records black hole that sucks in requests but never spits anything back out. MuckRock has a detailed post about one agency -- the Medford Police Department -- that appears, for the most part, to simply ignore requests it doesn't feel like fulfilling.

MuckRock records show that the agency consistently fails to acknowledge and fulfill requests, sometimes for years and despite appeals to the Massachusetts Supervisor of Public Records. Its failure to comply with even the updated legislation highlights the shortcomings that remain in enforcement mechanisms for citizens entitled to government information.

This means the nonprofit is burning up man hours attempting to communicate with the MPD's brick wall.

The oldest pending request, dating back to April 2013, had 112 email follow-ups that were sent to an officer who, at some point since initial submission, had left the department; these were followed by 14 fax follow-up messages to a currently valid office fax number.

If there's an exemption that can be used, it will be used. Up until recently, the state had the worst public records laws in the nation. And it looks like they're still the worst. This has allowed a state agency to claim a 63-year-old murder case investigation was still ongoing, despite the lead suspect having died years ago. In another case, the State Police took $180 from a requester and then refused to hand over the records requested.

The recently instituted public records law reforms don't seem to be having much of an effect on state agency responsiveness. MuckRock is reporting law enforcement agencies continue to be the main offenders, upholding the proud police tradition of ignoring laws officers and officials don't like.

This leads to insane, if not illegal, responses to records requests. Todd Wallack of the Boston Globe requested a photo of an officer and detective employed by the Boston Police Department. It rejected his request citing public records exemption f, which claimed the staff photos were "investigatory materials." When Wallack challenged this determination, the BPD responded with ¯\_(ツ)_/¯.

BPD couldn’t explain exactly how this exemption applied to the records in question. And so, the Supervisor of Public Records ordered the Department to fulfill the request. But with a lack of enforcement options from the SPR, it is still to be determined if the Department will comply or not.

The Supervisor of Public Records is an especially useless position, but one that meshes well with the state government's antagonistic take on transparency. The SPR makes the initial call on disputed records requests, but cannot, as a matter of law, force an agency to turn over records if the SPR determines the government agency is in the wrong. All the SPR can do is kick it up to the Attorney General for another determination. This escalation is completely at the discretion of the SPR, who is required by law to escalate reports of non-compliance by state agencies.

In essence, state and local agencies are being told "wait til your dad gets home" when they lose appeals, but without any estimate on when dad will be home or if he's even interested in handling these issues whenever the hell he actually gets back.

Here's how the state suggests requesters deal with Massachusett's effed-up public records laws. This comes directly from Secretary of State spokesperson Debra O'Malley.

“Sometimes requesters opt to sue because they might be more successful and it’s faster,” said O’Malley.

I'm sure O'Malley means well and is probably accurately portraying the near-farcical situation. But the government shouldn't be pushing citizens into lawsuits over public records. The presumption is supposed to be openness, not schoolyard taunts of "make me." But that's where the state remains, even after public records reform: a drain on taxpayers both ways, whether screwing them out of records or paying legal fees with taxpayer funds at the end of the apparently inevitable lawsuits.

13 Comments | Leave a Comment..

Posted on Techdirt - 3 December 2018 @ 10:45am

Woman Sues Georgia Deputies After Their Field Drug Test Said Her Cotton Candy Was Meth

from the lazy-people-relying-on-stupid-tools dept

Cops love cheap field drug tests because they're cheap and as likely to generate "probable cause" for an arrest/search as their much more expensive drug dogs. No law enforcement agency has ever expressed concerns about these fields tests returning false positives at an alarming rate. They just book people and send them before a judge based on a $2 test that can find anything from drywall powder to doughnut crumbs to be controlled substances. This void in accountability has occasionally been filled by prosecutors, a few of which will not offer or accept plea deals based on nothing more than a field test.

A faulty drug test is at the center of a recently-filed lawsuit. Georgia resident Dasha Fincher is suing Monroe County and two sheriff's deputies over a field drug test that turned cotton candy into methamphetamines and upended her life. (via the Atlanta Journal-Constitution)

According to Fincher's complaint [PDF], she was stopped for a supposed window tint violation by Monroe County deputies Allen Henderson and Cody Maples. Ultimately, the deputies decided the tint on her windows was lawful. But that obviously wasn't the real reason for the stop. The deputies wanted to search the vehicle. According to their report [PDF] of the incident, consent was given by both the driver and Fincher, who was the passenger in the vehicle. Deputy Williams found a "blue crystal like substance" in a bag on the floor. Both the driver and Fincher told the deputy it was cotton candy. The deputies tested it with a field kit, which conveniently confirmed their suspicions.

Based on the packaging and its crystal like feature, Corporal Williams tested the substance using a field kit for Methamphetamine and MDMA. The field kit gave a positive reading.

Here's a picture of the alleged methamphetamine:

Fincher was charged with drug trafficking, a felony that comes with mandatory minimum sentences and hefty fines. Since the drug hadn't been tested at a lab yet, the deputy's guesswork on its weight put Fincher in line for a minimum ten year prison sentence and a fine of $100,000. Bail was set at $1 million, so Fincher had no choice but to remain in jail until the substance was tested by the state's drug lab.

When those results came back, Fincher was cleared. Not only that, but the amount recorded by the lab (26 grams) fell short of the 28 grams needed to charge Fincher with trafficking. But by the time Fincher's innocence was proven, a tremendous amount of damage had been done. Fincher spent three months in jail, missing the birth of her twin grandsons and being unable to help when her daughter suffered a miscarriage. Her charges were dropped April 18, 2017, 109 days after she was arrested. The felony arrest remains on her record.

The lawsuit argues the deputies operated in bad faith, knowing high bail would be set and Fincher would remain in jail until the substance was tested by a lab. She argues they should have known the field tests routinely generated false positives. And there's evidence to back that claim. This report, broadcast last month by a Fox affiliate in Georgia, shows the Georgia Bureau of Investigation's (GBI) crime lab has reversed dozens of field drug test results.

The FOX 5 I-Team obtained every negative drug test report from the GBI Crime Lab in 2017, then researched to find out how many of those cases began with a positive NIK test. We confirmed 145 false positives, wrongly implicating Georgians of all races in all parts of our state. The field tests got it wrong 11 times for heroin, 24 times for ecstasy, 40 times for cocaine and 64 times for methamphetamines.

In each case, someone's life was upended. Georgia's drug laws are harsh and bail amounts are unaffordable for all but the most wealthy. About the only positive resulting from this examination is the Georgia Tech University's police force deciding they'd no longer use field tests. Across the rest of the state, this option hasn't even been considered by law enforcement agencies utilizing the NIK tests.

It may take a lot of lawsuits like this one to push law enforcement agencies to consider quality over quantity. Judges need to be made aware of these problems as well, since they're the ones who can reduce bail, allow releases pending trial, and shut down guilty pleas predicated on tests that are wrong far too often to be considered reliable.

Read More | 82 Comments | Leave a Comment..

Posted on Techdirt - 3 December 2018 @ 3:22am

GCHQ Propose A 'Going Dark' Workaround That Creates The Same User Trust Problem Encryption Backdoors Do

from the wiretaps-but-for-Whatsapp dept

Are we "going dark?" The FBI certainly seems to believe so, although its estimation of the size of the problem was based on extremely inflated numbers. Other government agencies haven't expressed nearly as much concern, even as default encryption has spread to cover devices and communications platforms.

There are solutions out there, if it is as much of a problem as certain people believe. (It really isn't… at least not yet.) But most of these solutions ignore workarounds like accessing cloud storage or consensual searches in favor of demanding across-the-board weakening/breaking of encryption.

A few more suggestions have surfaced over at Lawfare. The caveat is that both authors, Ian Levy and Crispin Robinson, work for GCHQ. So that should give you some idea of which shareholders are being represented in this addition to the encryption debate.

The idea (there's really only one presented here) isn't as horrible as others suggested by law enforcement and intelligence officials. But that doesn't mean it's a good one. And there's simply no way to plunge into this without addressing an assertion made without supporting evidence towards the beginning of this Lawfare piece.

Any functioning democracy will ensure that its law enforcement and intelligence methods are overseen independently, and that the public can be assured that any intrusions into people’s lives are necessary and proportionate.

By that definition, the authors' home country is excluded from the list of "functioning democracies." Multiple rulings have found GCHQ's surveillance efforts in violation of UK law. And a number of leaks over the past half-decade have shown its oversight is mostly ornamental.

The same can be said for the "functioning democracy" on this side of the pond. Leaked documents and court orders have shown the NSA frequently ignores its oversight when not actively hiding information from Congress, the Inspector General, and the FISA court. Oversight of our nation's law enforcement agencies is a patchwork of dysfunction, starting with friendly magistrates who care little about warrant affidavit contents and ending with various police oversight groups that are either filled with cops or cut out of the process by the agencies they nominally oversee. We can't even get a grip on routine misconduct, much less ensure "necessary and proportionate intrusions into people's lives."

According to the two GCHQ reps, there's a simple solution to eavesdropping on encrypted communications. All tech companies have to do is keep targets from knowing their communications are no longer secure.

In a world of encrypted services, a potential solution could be to go back a few decades. It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved - they’re usually involved in introducing the parties to a chat or call. You end up with everything still being end-to-end encrypted, but there’s an extra ‘end’ on this particular communication. This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorise today in traditional voice intercept solutions and certainly doesn’t give any government power they shouldn’t have.

We’re not talking about weakening encryption or defeating the end-to-end nature of the service. In a solution like this, we’re normally talking about suppressing a notification on a target’s device, and only on the device of the target and possibly those they communicate with. That’s a very different proposition to discuss and you don’t even have to touch the encryption.

Suppressing notifications might be less harmful than key escrow or backdoors. It wouldn't require a restructuring of the underlying platform or its encryption. If everything is in place -- warrants, probable cause, exhaustion of less intrusive methods -- it could give law enforcement a chance to play man-in-the-middle with targeted communications.

But there's a downside -- one that isn't referenced in the Lawfare post. If both ends of a conversation are targeted, this may be workable. But what if one of the participants isn't a target? This leaves them unprotected because the suppressed messages wouldn't inform other non-target parties the conversation isn't protected. Obviously it wouldn't do the let anyone targets converse with know things are no longer normal on the target's end, as it's likely one of those participants will let the target know they've encountered a security warning while talking to them.

In that respect, it is analogous to a wiretap on someone's phones. It will capture innocent conversations irrelevant to the investigation. In those cases, investigators are told to stop eavesdropping. It's unclear how the same practice will work when the communications are being harvested digitally via unseen government additions to private conversations.

This proposal seems at odds with the authors' suggested limitations, especially this one:

Any exceptional access solution should not fundamentally change the trust relationship between a service provider and its users.

When a service provider starts suppressing warning messages, the trust relationship is going to be fundamentally altered. Even if users are made aware this is only happening in rare instances involving targets of investigations, the fact that their platform provider has chosen to mute these messages means they really can't trust a lack of warnings to mean everything is still secure.

On the whole, it's a more restrained solution than others have proposed -- but it still has the built-in exploitation avenue key escrow does. It's better than a backdoor but not by much. And the authors of this proposal shouldn't pretend the solution lives up to the expectations they set for it. Their own proposal falls short of their listed ideals… and the whole thing is delivered under the false pretense law enforcement/intelligence agencies are subject to robust oversight.

48 Comments | Leave a Comment..

Posted on Techdirt - 30 November 2018 @ 3:35pm

Supreme Court Appears Inclined To Apply The Eighth Amendment To Civil Asset Forfeiture

from the on-the-road-to-recovery? dept

The Supreme Court heard oral arguments recently in a case that may result in some involuntary reforms to state civil asset forfeiture laws. The case involves Tyson Timbs, an Indiana resident who had his $42,000 Land Rover seized by law enforcement after selling $260 worth of heroin to undercover cops.

Despite securing a conviction, law enforcement chose to forfeit Timbs' vehicle in civil court. This may have been to keep Timbs from challenging the seizure as excessive, given the crime he was charged with maxxed out at a $10,000 fine. This is how Timbs is challenging this forfeiture, however. That's how this case has ended up in the top court in the land.

A lower court in Indiana found in his favor, finding the seizure to be a violation of Timbs' Eighth Amendment protections against excessive fines. The state's top court overturned this ruling, prompting the appeal to the US Supreme Court. The state argues the Eighth Amendment's protections do not apply to civil asset forfeiture. This is a curious position, because it's basically stating Indiana's government gets to pick and choose what guaranteed rights its residents have access to.

From the oral arguments [PDF], it sounds like the court is going to rule in Timbs' favor and find that these Eighth Amendment protections apply to state-level forfeitures -- civil or criminal. The state's Solicitor General, Thomas Fisher, failed to impress the court at almost every turn.

It all starts with Justice Gorsuch trying to set the ground level for discussion: that it's undisputed fact the Eighth Amendment's excessive fines clause applies in Indiana.

JUSTICE GORSUCH: General, before we get to the in rem argument and its application to this case, can we just get one thing off the table? We all agree that the Excessive Fines Clause is incorporated against the states. Whether this particular fine qualifies because it's an in rem forfeiture, another question.

But can we at least get the -- the theoretical question off the table, whether you want to do it through the Due Process Clause and look at history and tradition, you know, gosh, excessive fines, guarantees against them go back to Magna Carta and 1225, the English Bill of Rights, the Virginia Declaration of Rights, pretty deep history, or whether one wants to look at privileges and immunities you might come to the same conclusion. Can we at least -- can we at least agree on that?

MR. FISHER: I have two responses to that. First -­

JUSTICE GORSUCH: Well, I -- I think -- I think a "yes" or "no" would probably be a good starting place.

As Fisher tried to argue around that by claiming it really should only apply to cases of criminal forfeiture ("in personam" [against a person] rather than "in rem" [against property] forfeitures), Gorsuch again shut him down, showing a bit of exasperation while doing so.

JUSTICE GORSUCH: Well, whatever the Excessive Fine Clause guarantees, we can argue, again, about its scope and in rem and in personam, but whatever it, in fact, is, it applies against the states, right?

MR. FISHER: Well, again, that depends.

JUSTICE GORSUCH: I mean, most -- most of the incorporation cases took place in like the 1940s.

MR. FISHER: Right.

JUSTICE GORSUCH: And here we are in 2018 -­

MR. FISHER: Right.

JUSTICE GORSUCH: -- still litigating incorporation of the Bill of Rights. Really? Come on, General.

This was followed by new installation Brett Kavanaugh trying to get the state's lawyer to admit the state had adopted the Eighth Amendment and its clauses -- which includes protections against excessive fines, no matter what form they take.

The state's lawyer believes the Court should leave the state court ruling alone, and allow Indiana to go on claiming the Eighth Amendment doesn't apply to civil forfeiture. To do so, the state basically argues people have rights but their possessions don't. This led to Justice Ginsburg reminding the government's lawyer that property belongs to people who have rights.

So, whether you label it in rem or in personam, let's remember that it's -- things don't have rights or obligations in and of themselves. It's people that have rights or obligations with respect to things.

The state's insistence that the excessive fines clause does not apply to civil asset forfeiture allows Justice Breyer to strike at the heart of this form of forfeiture and the abuse it encourages because it's so often unchecked by local laws.

JUSTICE BREYER: Well, in your view, an in rem civil forfeiture is not an excessive fine, is that right?

MR. FISHER: Yes, that is -- that is true.

JUSTICE BREYER: So what is to happen if a state needing revenue says anyone who speeds has to forfeit the Bugatti, Mercedes, or a special Ferrari or even jalopy? (Laughter.)

MR. FISHER: There -- no, there is no -- there is no excessive fines issue there. I -- what I will say and what I think is important to -- to remember is that there is a constitutional limit, which is the proof of instrumentality, the need to prove nexus.

JUSTICE BREYER: That isn't a problem because it was the Bugatti in which he was speeding. (Laughter.)

MR. FISHER: Right.

JUSTICE BREYER: So -- so there is all the nexus.

MR. FISHER: Historically -­

JUSTICE BREYER: Now I just wonder, what -- what is it? What is it? Is that just permissible under the Constitution?

MR. FISHER: To forfeit the Bugatti for speeding?

JUSTICE BREYER: Yeah, and, by the way, it was only five miles an hour -­

MR. FISHER: Yeah.

JUSTICE BREYER: -- above the speed limit.

MR. FISHER: Well, you know, the answer is yes. And I would call your attention to the -­

JUSTICE BREYER: Is it yes?

MR. FISHER: Yes, it's forfeitable.

Not a single justice who spoke was on the state's side. If the ruling comes down in favor of Timbs, it still may be a narrow ruling, which will mute its impact. If all SCOTUS wants to do is say the Eighth Amendment excessive fines clause applies in Indiana, but not specifically to civil forfeitures, the state can continue with forfeiture business as usual. But if it applies that clause to civil forfeiture, the state is going to have a hard time justifying taking expensive stuff from people they've charged with minimal violations or haven't charged at all.

The biggest effect will be felt by those who've had their property seized by the government via this process. They'll actually have something far better than the minimal protections afforded them. As it stands now in many states, trying to reclaim property is an expensive, labyrinthine process that heavily favors the government. Being able to challenge a seizure on Constitutional grounds means the government has to prove far more than the property could imaginably be tied to criminal activity. It would also have to demonstrate the punishment doesn't outweigh the crime.

The potential downside is this: prosecutors may stack charges until they roughly equal the value of whatever's been seized. This could result in a lot of defendants having the book thrown at them while the state processes their property through civil proceedings.

Even with this downside, it's heartening to see the nation's highest court recognizes the perverse incentives of civil forfeiture and the damage it does to citizens and their inherent rights. Hopefully, this will make the court more receptive of future forfeiture cases where broader precedent may be set that will stem the flow of abuse resulting from this highly-questionable law enforcement practice.

Read More | 33 Comments | Leave a Comment..

Posted on Techdirt - 30 November 2018 @ 9:31am

Deputy AG Claims There's No Market For Better Security While Complaining About Encryption At A Cybercrime Conference

from the an-actual-thing-that-happened dept

The FBI still hasn't updated its bogus "uncrackable phones" total yet, but that isn't stopping the DOJ from continuing its push for holes in encryption. Deputy AG Rod Rosenstein visited Georgetown University to give a keynote speech at its Cybercrime 2020 Conference. In it, Rosenstein again expressed his belief that tech companies are to blame for the exaggerated woes of law enforcement.

Pedophiles teach each other how to evade detection on darknet message boards. Gangs plan murders using social media apps. And extortionists deliver their demands via email. So, it is important for those of us in law enforcement to raise the alarm and put the public on notice about technological barriers to obtaining electronic evidence.

One example of such a barrier is “warrant-proof” encryption, where tech companies design their products or services in such a way that they claim it is impossible for them to assist in the execution of a court-authorized warrant. These barriers are having a dramatic impact on our cases, to the significant detriment of public safety. Technology makers share a duty to comply with the law and to support public safety, not just user privacy.

Rosenstein says this has resulted in a "significant detriment [to] public safety," but can't point to any data or evidence to back that claim up. The FBI's count of devices it can't access is off by at least a few thousand devices, by most people's estimates. In terms of this number alone, the "public safety" problem is, at best, only half as bad as the DOJ has led us to believe.

Going beyond that, crime rates remain at historic lows in most places in the country, strongly suggesting no crime wave has been touched off by the advent of default encryption. Law enforcement agencies aren't complaining about cases they haven't cleared -- if you exclude encryption alarmist/Manhattan DA Cyrus Vance. (Anyone hoping to have an honest conversation about encryption certainly should.)

Somehow, Rosenstein believes the public would experience a net safety gain by making their devices and personal info more easily accessed by criminals. Holes in encryption can be marked "law enforcement only," much like private property owners can hang "no trespassing" signs. But neither is actually a deterrent to determined criminals.

Rosenstein goes on to tout "responsible encryption" -- a fairy tale he created that revolves around the premise tech companies can break/unbreak encryption at the drop of a warrant. But broken encryption can't be unbroken, not even with some form of key escrow. The attack vector may change, but it still exists.

That Rosenstein is advocating inferior encryption during a cybercrime conference speaks volumes about what the DOJ actually considers to be worth protecting. It's not businesses and their customers. It's law enforcement's access. He spends half the run time talking about security breaches involving tech companies and follows it up by suggesting they take less care securing all this info they collect.

He even goes so far as to claim better security is something customers don't want and is bad for tech companies' bottom lines.

Building secure devices requires additional testing and validation—which slows production times — and costs more money. Moreover, enhanced security can sometimes result in less user-friendly products. It is inconvenient to type your zip code when you use a credit card at the gas station, or type a password into your smartphone.

Creating more secure devices risks building a product that will be later to market, costlier, and harder to use. That is a fundamental misalignment of economic incentives and security.

The implicit statement Rosenstein's making is that ramped-up security -- including default encryption -- is nothing more than companies screwing shareholders just so they can stick it to The Man. Following this bizarre line of thought is to buy into Rosenstein's conspiracy theory: one that views tech companies as a powerful cabal capable of rendering US law enforcement impotent.

And as much as Rosenstein hammers tech companies for security breaches that have exposed the wealth of personal data they collect, he ignores the question his encryption backdoor/side door advocacy raises. This question was posed in an excellent post by Cathy Gellis at the beginning of this year:

"What is a company to do if it suffers a data breach and the only thing compromised is the encryption key it was holding onto?"

We're headed into 2019 and no one in the DOJ or FBI is willing to honestly discuss the side effects of their proposals. Rosenstein clings to his "responsible encryption" myth and the director of the FBI wants to do nothing more than make it the problem of "smart people" at tech companies he's seeking to bend to his will. No one in the government wants to take responsibility for the adverse outcomes of weakened encryption, but they're more than willing to blame everyone else any time their access to evidence seems threatened.

Rosenstein's unwavering stance on the issue makes this statement, made at the closing of his remarks, ring super-hollow.

We should not let ideology or dogma stand in the way of constructive academic engagement.

Fair enough, Rod. You go first.

18 Comments | Leave a Comment..

Posted on Techdirt - 30 November 2018 @ 3:23am

App Developers Suing Facebook Suffer Redaction Failure, Expose Discussions About Pay-For-Play API Access

from the mostly-smoke,-minimal-fire dept

Earlier this week, UK politicians conveniently pounced on a US businessman to force him to turn over documents possibly containing info Parliament members had been unable to extract from Mark Zuckerberg about Facebook's data sharing. An obscure law was used to detain the visiting Six4Three executive, drag him to Parliament, and threaten him with imprisonment unless he handed over the documents MPs requested.

The executive happened to have on him some inside info produced by Facebook in response to discovery requests. Six4Three is currently suing Facebook over unfair business practices in a California court. The documents carried by the executive had been sealed by the court, which means the executive wasn't allowed to share them with anyone… in the United States. But he wasn't in the United States, as gleeful MPs pointed out while forcing him to produce information it wanted from another tech company unwilling to set foot in London.

It was all very strange, more than a little frightening, and completely bizarre. A lot of coincidences lined up very conveniently for UK legislators. The frightening part is it worked. This will only encourage Parliament to pull the same stunt the next time it thinks it can get information others have refused to hand over. Targeting third parties is an ugly way to do government business, especially when the UK government is attempting to obtain information from US companies. All bets are off once they're on UK soil, so traveling execs may want to leave sensitive info on their other laptop before landing at Heathrow.

But there's also a chance Six4Three wanted to put this information in the hands of UK legislators. Call it "plausible deniability" or "parallel construction" (why not both?!), but the ridiculousness of the entire incident lends it an air of theater that probably isn't entirely unearned.

Now there's more fuel for that conspiratorial bonfire. Court documents filed by Six4Three containing sensitive info about Facebook's API terms and the possible sale of user info made their way into the public domain. They were redacted to keep this sensitive information from being made public.

Well, let me rephrase that: they were "redacted" in such a way all sensitive info could easily be read by anyone who opened the PDF. Sure, the black bars are there, but selecting the "redacted" text and pasting it anywhere that can handle text allows this information to be read.

Cyrus Farivar of Ars Technica uploaded the redaction failure [PDF] -- an error first spotted by the Wall Street Journal. The first redaction, which precedes several fully-redacted pages, contain the following info -- stuff Facebook would probably liked to have stayed obscured. (The failed redaction is in bold.)

Facebook filed its removal petition on the eve of its deadline to serve its motions for summary judgment and mere days before the Superior Court’s ruling on Plaintiff’s discovery motions to obtain information from key Facebook executives, including Chief Executive Zuckerberg, regarding the decision to close Graph API that shut down Plaintiff’s business and many others. Plaintiff’s discovery to date provides evidence suggesting that the decision to shut down Graph API was made: (1) for anticompetitive reasons; (2) in concert with other large companies; (3) prior to October 2012 (even though Facebook waited to announce the decision until April 2014); (4) by Mr. Zuckerberg; and (5) with the active participation of at least six other individuals who reported directly to Mr. Zuckerberg. See Godkin Reply Decl. Exhibit 3, at 1-4. Plaintiff has yet to receive information regarding this decision that shut down its business. Rather, Facebook has produced documents only from low-level employees that Facebook unilaterally selected as custodians and who clearly had no involvement in the decision that shut down Plaintiff’s business.

Another fully-redacted paragraph points to a pay-to-play API offering, gleaned from emails obtained through discovery.

On October 30, 2012, Facebook Vice President of Engineering, Michael Vernal, sent a note to certain employees stating that after discussing with Mr. Zuckerberg, Facebook has decided to “limit the ability for competitive networks to use our platform without a formal deal in place” and that Facebook is going to “require that all platform partners agree to data reciprocity.” Mr. Vernal then describes a whitelisting system Facebook will implement, and did in fact implement, to determine data access based on this “reciprocity principle.” See Godkin Reply Decl., Exhibit 5 at FB-00423235-FB-00423236. The reciprocity principle is subsequently defined and discussed among Facebook employees on numerous occasions as shutting down access “in one-go to all apps that don’t spend…at least $250k a year to maintain access to the data.” See Godkin Reply Decl., Exhibit 6 at FB-00061251. Facebook then embarks on a campaign to reach out to large companies and extract significant payments from them with the threat that they will otherwise turn off the company’s data access. However, if a company were to agree to provide significant payments to Facebook, then Facebook would offer it an enormous advantage relative to its competitors. Facebook employees routinely discuss this fact in their email exchanges: “Removing access to all_friends lists seems more like an indirect way to drive NEKO adoption.” See Godkin Reply Decl., Exhibit 7 at FB00061439. In other words, Facebook’s decision to close access to data in its operating system (“removing access to all_friends_lists”), which shut down Plaintiff’s business, was designed to generate increased revenues on Facebook’s advertising platform (“drive NEKO adoption”) by offering an unfair competitive advantage to companies from which Facebook could extract large payments.

Now, the only thing holding this back from being a Six4Three effort to expose Facebook without running afoul of the court is the filing date. This redaction failure was filed nearly 10 months ago -- long before UK politicians talked a Six4Three exec out of potentially-damaging documents.

That being said, the London incident still smells super-fishy. And the information seen here doesn't indicate much more than Facebook considered selling access to Facebook user info. It appears Facebook never followed through with the plan. The lack of pay-for-play doesn't excuse its larger sins, but it does kind of put a dent in Six4Three's claims Facebook unfairly locked it out of API access when it kicked its shady bikini-photo-searching app to the curb.

More intrigue is sure to develop as Facebook attempts to have Six4Three held in contempt of court following its seemingly involuntary production of sealed documents during its exec's recent London trip.

Read More | 16 Comments | Leave a Comment..

Posted on Techdirt - 29 November 2018 @ 3:43pm

Philly Cops Skirting Forfeiture Restrictions By Seizing Cars As 'Evidence'

from the any-port-in-a-shitstorm dept

A couple of months ago, a consent decree drastically restructured Philadelphia's severely-abused asset forfeiture program. It didn't eliminate the program entirely, but it did eliminate the small-ball cash grabs favored by local law enforcement. The median seizure by Philly law enforcement is only $178, but it adds up to millions if you do it all the time. Small seizures like this now need to be tied to arrests or the property needs to be used as evidence in a criminal case.

Other restraints will hopefully eliminate local law enforcement's worst practices -- like seizing someone's house because their kid sold $40 of drugs to a police informant. It also should slow down seizures of whatever's in a person's pockets by forbidding forfeitures of under $250 entirely.

The consent decree obviously won't solve everything, and part of the problem is the consent decree itself. It forbids seizures of less than $1,000 unless the property is evidence in an ongoing case. Guess what local law enforcement is doing.

In November 2017, Iyo Bishop of Philadelphia was arrested on assault charges after a boyfriend, who she said was abusive, accused her of striking him with an SUV. City police picked her up after spotting the vehicle parked on the street weeks later. Bishop maintained her innocence but was cuffed and thrown in a squad car. She then watched in disbelief as an officer hopped in her 2002 Jeep Liberty and drove off.

Although the charges against Bishop were eventually dropped, she never saw her vehicle again. Police sold the Jeep at auction for $1,155 in storage fees they had assessed while the case made its way through the court system.

As this report by Ryan Briggs of The Appeal shows, the consent decree basically codifies this behavior. Cops seize vehicles when making arrests, ticking one of the requirement boxes. Then they claim the vehicle is evidence, ticking the other box.

Older vehicles worth less than $1,000 simply sit in impound lots racking up fees while the accused's case languishes in the court system. The vehicle can't be returned until the criminal case is processed, so it doesn't take long for impound fees to outweigh the vehicle's value. All of this is completely beyond the control of the person's whose car has been seized.

Even if charges are dismissed or the accused is cleared of wrongdoing, the car's owner still owes these fees. Every day they can't pay it, the total increases. Sooner or later, the vehicle will be auctioned. Now the innocent person has no vehicle and is still ultimately liable for uncollected fees.

This allows cops to make money on seized vehicles even if the vehicle isn't seized from someone suspected of criminal activity. It can happen to crime victims as well.

In 2014, Karin Foley and her husband, Willis, were moving from New York State to South Carolina when their vehicle blew a tire in Pennsylvania. When Willis Foley pulled the car over and got out to change the tire, a semi struck and killed him. Pennsylvania State Police later determined that the truck driver had been at the wheel for nearly 30 hours straight.

But the state troopers who responded to the accident impounded the Foleys’ diesel pickup and a horse trailer packed with their possessions as evidence. Like Bishop, Karin Foley never saw the truck, the trailer, or any of her belongings again.

The criminal case against the trucker dragged on for three years but never made it to trial. In May, he pleaded guilty to involuntary manslaughter. State police called Foley a few months later to tell her that she had one week to travel to Pennsylvania—hundreds of miles from her South Carolina home—or they would auction her truck and trailer.

And auction it they did. The seized evidence was never used in court and local law enforcement immediately flipped the seized vehicle for unearned profit. To top it off, the coroner billed the widow $175 for her husband's body bag.

While it's understandable some property will be seized as evidence in criminal cases, fees shouldn't be charged to those found innocent or to victims of criminal activity. This is just another form of forfeiture that provides almost no avenue of recourse to property owners other than paying the government to give them back their stuff.

31 Comments | Leave a Comment..

Posted on Techdirt - 29 November 2018 @ 1:36pm

EFF, ACLU Petition Court To Unseal Documents From DOJ's Latest Anti-Encryption Efforts

from the talk-to-us,-DOJ dept

Back in August, the DOJ headed to court, hoping to obtain some of that sweet sweet anti-encryption precedent. Waving around papers declaring an MS-13 gang conspiracy, the DOJ demanded Facebook break encryption on private Messenger messages and phone calls so the government could eavesdrop. Facebook responded by saying it couldn't do that without altering -- i.e., breaking -- Messenger's underlying structure.

Not that breaking a communications platform would give the FBI any sleepless nights. Worthless encryption is better than good encryption when it comes to demanding the content of communications or, as in this case, operating as the unseen man-in-middle when suspected gang members chatted with each other.

Unfortunately (for the FBI), this ended in a demurral by the federal court. The details of the court's decision are, just as unfortunately, unknown. Reuters was able to obtain comments from "insiders familiar with the case," but the public at large is still in the dark as to how all of this turned out.

The EFF and ACLU are hoping to change that.

In our petition filed today in the United States District Court for the Eastern District of California, EFF, the ACLU, and Riana Pfefferkorn of Stanford Law School’s Center for Internet and Society seek to shed light on this important issue. We’re asking the court to release all court orders and related materials in the sealed Messenger case.

Given the importance of encryption in widely used consumer products, it is a matter of public interest any time law enforcement tries to compel a company to circumvent its own security features.

The petition [PDF] points out the First Amendment guarantees access to courtroom proceedings and the courts are supposed to adhere to this by operating with a presumption of openness. Only in rare, rare cases should they side with the government and allow the public to be cut out of the loop by sealing documents.

This is doubly true in cases of significant public interest. Any time the DOJ is in court agitating for broken encryption, it's safe the say the public will be affected by the case's outcome. At this point, we don't know anything more than the DOJ didn't get what it wanted. What we don't know is why, or what impact the ruling here will have on similar cases in the future. And we should know these details because, if nothing else, the FBI has proven it cannot be trusted to deal with device encryption honestly.

Read More | 6 Comments | Leave a Comment..

Posted on Techdirt - 29 November 2018 @ 7:53am

FBI Faked Up A FedEx Website To Track Down A Scam Artist

from the phishing-for-fraudsters dept

Trust no one. The DEA impersonates medical board investigators. Police pretend to be people's friends. FBI agents pretend to be journalists. And, in this case, federal investigators pretended they could help an alleged scammer trace a FedExed payment. Joseph Cox of Motherboard has more details, taken from recently unsealed FBI warrant applications.

The two 2017 search warrant applications discovered by Motherboard both deal with a scam where cybercriminals trick a victim company into sending a large amount of funds to the scammers, who are pretending to be someone the company can trust. The search warrants show that, in an attempt to catch these cybercriminals, the FBI set up a fake FedEx website in one case and also created rigged Word documents, both of which were designed reveal the IP address of the fraudsters. The cases were unsealed in October.

The warrant application [PDF] in one case seeks permission to use an NIT (Network Investigative Technique) to expose identifying information about a targeted device/computer. This warrant request -- relying on recent changes to jurisdictional limitations -- says the NIT deployment was necessary because the FedEx impersonation failed to obtain usable IP address info thanks to the target's use of a VPN to access the impersonated site.

On July 25, 2017, FBI Buffalo, Rochester Resident Agency purchased the domain www.fedextrackingportal.com and developed the website www.fedextrackingportal.com/apps/us-en/tracking.php?action=track&trackingnumber=731246AF7684. The website was created with the message "Access Denied, This website does not allow proxy connections" error message when accessed. The website was created to capture the basic server communication information, as IP Address date and time stamp, and user string when the website was accessed. No malware or computer exploit was deployed in the development of the website; the only information captured in the webserver logs was unencrypted basic network traffic data identified above.

The IP addresses trapped with this ruse traced back to ExpressVPN, necessitating the technique described in this warrant application: a malicious email attachment.

The deployment of the NIT will occur through email communications with the TARGET USER, with consent from the victim company, Gorbel, and the Accounts Payable manager Belt. The FBI will provide an email attachment to the victim which will be used to pose as a screen shot of the FedEx tracking portal for the sent payment. The FBI anticipates the target user, and only the target user, will receive the email and attachment after logging in and checking emails. The subject will download the attachment which will deploy a technique designed to identify basic information of the TARGET location. [...] For the email attachment approach, the FBI will use a document with an embedded image requiring the computer to navigate outside the proxy service in order to access the embedded item.

A second warrant application dug up by Motherboard details pretty much the same process: an NIT deployed via email attachment to force the target to relinquish identifying info like IP addresses and device information. The twist in the second application is that the malicious embed (an image contained in a Word document) would require the recipient to turn off "Protected Mode" to open the attachment. Simply harvesting info from an end user is one thing. Having them perform an action on their end to give the government access to their computer is another. "In an abundance of caution," the FBI requested a warrant, even though the application makes it clear the FBI believes it shouldn't need a warrant to force targeted devices to give up potentially-identifying info.

The impersonation of FedEx may be novel, but the FBI's use of NITs began well before its extrajurisdictional searches were codified by Rule 41 changes. NITs have been in the FBI's toolkit for most of this decade. Here's a 2012 application and returned warrant showing the FBI using an NIT to obtain IP addresses and device info to locate a wanted felon using an email address the agency believed belonged to the target.

The FBI's impersonation of people, places, and things is likely just as widespread, even if the rules (very loosely) governing this investigative technique suggest it shouldn't be. FedEx may have questions about the FBI's use of its name to obtain IP addresses from criminal suspects, but so far, it hasn't commented on the news. What's seen in these applications suggests some care is being taken to avoid sweeping up innocent internet users, but there's only so much that can be implied from this very small sampling of federal investigative activity.

Read More | 16 Comments | Leave a Comment..

Posted on Free Speech - 28 November 2018 @ 10:43am

Court Tells Former NRA President The First Amendment Protects Far More Than Polite Speech

from the what's-this-about-the-2nd-Amendment-protecting-the-First? dept

Here in America, unpleasant speech is still protected speech, something a federal court recently reminded a plaintiff. (h/t Adam Steinbaugh)

The person bringing the lawsuit is Marion Hammer, the first female president of the National Rifle Association. A frequent target of online criticism, hate mail, and harassment, Hammer decided to sue a handful of her many, many detractors. The lawsuit [PDF] alleges an ongoing campaign of harassment and cyberstalking engaged in by the four defendants.

The suit was filed in July. Three of the four defendants failed to respond. The fourth, Lawrence T. "LOL" Sorensen, responded with a motion to dismiss for failure to state a claim. Sorensen argued his communications with Hammer were protected speech. The judge agrees. In Robert Hinkle's short decision [PDF], the judge reminds Hammer that the First Amendment protects a lot of speech people don't like, even when it's targeting them.

Mr. Sorensen sent Ms. Hammer two emails, each transmitting one or more photographs showing injuries from gunshot wounds. Sending these unsolicited to anyone, even a public figure who advocates gun rights, was inappropriate, indeed disgusting. As Ms. Hammer correctly notes in response to the motion to dismiss, “there are limits on how people can treat those with whom they disagree.” Or at least on how people should treat those with whom they disagree. Emails like these should not be sent in a civilized society.

That does not mean, though, that emails like these can be made criminal or even tortious. Tolerating incivility, at least to some extent, is a price a nation pays for freedom. There is no clear line between incivility, on the one hand, and effective advocacy, on the other. Turning loose a legislature, judge, or jury to ferret out incivility would deter and even sometimes punish the robust public discourse that is essential to freedom—the public discourse whose protection is the main object of the First Amendment.

The judge notes that simply finding someone else's behavior unseemly isn't a federal case, especially not when First Amendment rights are on the line. He notes Sorensen never threatened Marion Hammer "explicitly or implicitly" when he sent her photos of gunshot wounds. All the email said was "Thought you should see a few photos of handiwork of the assault rifles you support." The second was along the same line, noting that the attached photo of a dead John F. Kennedy showed the damage done by an "outdated military rifle" and that today's rifles were far more powerful and "far more destructive."

The court reminds Hammer the First Amendment doesn't work the way she wants it to work. If the First Amendment only protected polite discourse, it would be useless. Not only that, but the sending of gunshot wound photos to an advocate of gun ownership is not harassment or cyberstalking. It's a discussion of a matter of public interest, even if the discussion is largely one-sided.

The photographs were germane to the policy debate that Ms. Hammer regularly participated in and Mr. Sorensen apparently sought to join. Sending these photographs, at least in these circumstances, was not tortious. And treating them as tortious would violate the First Amendment.

As Adam Steinbaugh notes in his follow-up tweet, it would be nice to have a federal anti-SLAPP law in place to deter lawsuits like these. If Hammer felt she may have to pay Sorensen's legal fees for bringing a misguided lawsuit against him, she may have decided to leave him out of it. Now, Sorensen's out time and money for doing nothing more than engaging in protected speech.

Read More | 58 Comments | Leave a Comment..

Posted on Techdirt - 28 November 2018 @ 3:13am

Ignorance Of The Law Is No Excuse, Court Tells Cop

from the one-small-stopgap-in-a-torrent-of-unearned-forgiveness dept

We've grown accustomed to law enforcement being given a pass for not knowing the laws they're enforcing. A 2014 Supreme Court decision made being ignorant precedential, providing cops with an out citizens can't use. Ignorance of the law can be the best excuse when it's a cop trying to keep his evidence from being thrown out of court.

With rare exceptions, courts have said it's okay for officers to predicate stops on perceived traffic violations, rather than actual traffic violations. Officers really have to make an effort to run afoul of the Supreme Court-created Fourth Amendment loophole.

Another rare exception to the Heien rule has surfaced. The Kansas State Court of Appeals has denied an officer's attempt to salvage a stop and the evidence derived from it by asking for an application of the "ignorance of the law is an acceptable excuse" band-aid. The appeals court isn't willing to allow an officer's personal interpretation of motor vehicle laws to stand in for the actual wording of the law used as an excuse to pull a driver over. (via The Newspaper)

In this case, the driver was ultimately charged with DUI and not operating a vehicle with an ignition interlock device. The defendant argued the stop wasn't reasonable under the Fourth Amendment because the violation stated as the reason for the stop wasn't actually a moving violation.

The officer argued it was. At the center of the case were the vehicle's tail lights. The left light was broken. The other two -- right and middle -- were still functional. Highway Patrol Officer Reed Sperry testified that he was mistaken about Kansas' tail light law. From the decision [PDF]:

Sperry admitted that he misunderstood the law about brake lights. He testified that he mistakenly believed that Lees' brake lights needed to be as widely spaced laterally as practicable and mounted at the same height. In other words, he thought that both the left and right brake lights had to be working and that the middle brake light did not count. Sperry testified that he stopped Lees for a brake light violation, and he said nothing about any intent to perform an inspection under K.S.A. 8-1759a.

Despite this, the state argued that the officer's mistake shouldn't result in the suppression of evidence. It pointed to the Supreme Court's Heien decision while arguing the officer's "reasonable" mistake did not make the stop unlawful.

First, the state appeals court goes to the state law to see if it contains any ambiguous language. Nope.

In Kansas, the requirements for stop lamps are set forth in K.S.A. 8-1708(a) which states that "[e]very motor vehicle . . . shall be equipped with two (2) or more stop lamps meeting the requirements of subsection (a) of K.S.A. 8-1721."

K.S.A. 8-1721(a) states: "Any vehicle may be equipped and when required under this act shall be equipped with a stop lamp or lamps on the rear of the vehicle which shall display a red or amber light, or any shade of color between red and amber, visible from a distance of not less than three hundred (300) feet to the rear in normal sunlight, and which shall be actuated upon application of the service or foot brake, and which may, but need not, be incorporated with one (1) or more other rear lamps."

As the court notes, the undisputed evidence shows the driver's car had two (2) working tail lights, even with the left side light burnt out. The US Supreme Court's decision happens to be directly on point, since it also deals with tail lights and state laws. Surprisingly, this doesn't help Officer Sperry. In the Heiein case, the law used to predicate the stop was unclearly-worded. The same can't be said for the Kansas law.

Applying Heien and Pianalto, the State asserts that Sperry's mistake of law about the brake light violation was objectively reasonable, rendering the traffic stop lawful. But as Lees points out in his brief, the statutes at issue in Heien differ from the statutes at issue here. In Heien, it was ambiguous how many functioning brake lights the statute required; but the Kansas statutes are clear that only two functioning brake lights are required.

Again, the definition of "reasonable" must be applied to the officer's misinterpretation of the law. Remarkably, the Kansas appeals court says the standard of reasonableness for officers is higher than the standard for citizens.

Reading K.S.A. 8-1708(a) and K.S.A. 8-1721(a) together, no reasonable officer would think that the law required brake lights to be spaced laterally as far as practicable and mounted at the same height, as Sperry wrongly believed; neither statute suggests such a requirement in any way. Granted it may be reasonable for the average citizen to believe the law likely requires left and right brake lights, but law enforcement officers are not average citizens. They must reasonably study the laws they are duty bound to enforce.

If officers are finding it difficult to stay on top of the laws they're supposed to enforce, maybe they need to have a few chats with lawmakers and remind them that quality is better than quantity. Officers expect citizens to know the details of laws officers themselves are unclear on. Courts seems to expect it, too. That's completely backwards. It's like expecting a client to know the law better than their legal representation.

But that's how law enforcement operates day in and day out. Pretextual stops happen hundreds of times a day based on legal violations officers may only think have occurred. It's not until someone challenges the stop itself in court that the reasonableness of the officer's actions is even questioned. What we see on the surface in the handful of cases that reach this level of review is only a tiny percentage of the legally-unreasonable stops made daily by law enforcement. And it's unlikely to change until more courts hand down decisions like this.

Read More | 31 Comments | Leave a Comment..

Posted on Techdirt - 27 November 2018 @ 3:47pm

School Security Software Decides Innocent Parent Is Actually A Registered Sex Offender

from the you-can't-argue-with-(search)-results dept

An automated system is only as good as its human backstop. If the humans making the final judgment call are incapable of using good judgment, the system is useless.

School personnel allowed a machine to do all of their critical thinking, resulting in this unfortunate turn of events.

Staff in an Aurora school office mistakenly flagged a man as a registered sex offender when he and his family went to his son's middle school for a recent event.

Larry Mitchell said he was humiliated Oct. 27 when Aurora Hills Middle School office staff scanned his driver license into a software system used to screen visitors to Aurora Public Schools district schools.

The system, provided by a private company, flagged Mitchell as a potential match with a registered sex offender in a nation-wide database. Staff compared Mitchell’s information with the potential match and determined that match was correct, even though there are no offenders in the national sex offender registry with his exact name and date of birth.

Not only did these stats not match, but the photos of registered sex offenders with the same name looked nothing like Larry Mitchell. The journalists covering the story ran Mitchell's info through the same databases -- including Mitchell's birth name (he was adopted) -- and found zero matches. What it did find was a 62-year-old white sex offender who also sported the alias "Jesus Christ," and a black man roughly the same age as the Mitchell, who is white.

School administration has little to say about this botched security effort, other than policies and protocols were followed. But if so, school personnel need better training… or maybe at least an eye check. Raptor, which provides the security system used to misidentify Mitchell, says photo-matching is a key step in the vetting process [PDF].

In order to determine a False Positive Match the system operator will:

i. Compare the picture from the identification to the picture from the database.

ii.If the picture is unclear, we will check the date of birth, middle name, and other identifying information such as height and eye color.

iii. The Raptor System has a screen for the operator to view and compare photos.

iv. If the person or identifying characteristics are clearly not from the same person, the person will then be issued a badge and established procedures will be followed.

Even if you move past the glaring mismatch in photos (the photos returned in the Sentinel's search of Raptor's system are embedded in the article), neither the school nor Raptor can explain how Raptor's system returned results that can't be duplicated by journalists.

Mitchell said he was adopted, and his birth name is Lawrence Michael Evans. The Sentinel did not find a match with that or his legal name and date of birth in the national sex offender registry.

Raptor says its system is reliable, stating it only returned one false positive in that county last year. (And now the number has doubled!) That's heartening, but that number will only increase as system deployment expands. Raptor's self-assessment may be accurate, but statements about the certainty of its search results are hardly useful.

The company's sales pitch likely includes its low false positive rate, which, in turn, leads school personnel to believe the system rather than the person standing in front of them -- one who bears no resemblance (physical or otherwise) to the registry search results. Mitchell still isn't allowed into the building without a security escort and is hoping that presenting school admins with his spotless criminal background check will finally jostle their apparently unshakeable belief in Raptor's search results.

This failure is also an indictment of the security-over-sanity thinking. The Sentinel asked government officials if there were any incidents in which sex offenders had gained access to schools, thus necessitating this $100,000+ investment in Raptor's security system. No results were returned.

Neither local school or state public safety or education officials could point to data showing how many registered offenders try to seek access to schools, or if a registered offender visiting a school has ever harmed a student in Aurora or Colorado.

Given this history, Raptor's system is always going to be better known -- at least at this school -- for locking out non-criminals than catching sex offenders trying to be somewhere they shouldn't. If the schools haven't seen activity that necessitates the use of this system, it will always produce more false positives than actual hits. When there's no one to catch, you're only going to end up stigmatizing innocent parents. It's a lot of money to pay for solving a problem that doesn't exist. The school has purchased a tiger-proof rock and somehow managed to hurt someone with it.

57 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>