Posted on Techdirt - 26 September 2016 @ 3:36am
More information is surfacing on the source of the NSA's hacking tools discovered and published by the Shadow Brokers. Just as Ed Snowden pointed out shortly after the tools first appeared online, the problem with sticking a stash of hacking tools on equipment you don't own is that others can access the tools, too… especially if an operative doesn't follow through on the more mundane aspects of good opsec.
Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us -- and occasionally succeed. Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ("binaries") on the server after an op. But people get lazy.
Reuters has exclusive (but anonymous) interviews with personnel involved in the investigation which indicates other, more exculpatory theories are likely wrong.
Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.
But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.
NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.
And what a mistake it was. Tools purchased or developed by the NSA's Tailored Access Operations (TAO) are now -- at least partially -- in the public domain. The other aspect of this unprecedented "mistake" being confirmed is the fact that the NSA couldn't care less about collateral damage.
That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said.
Three years of unpatched holes, one of them a zero day that affects a great deal of Cisco's networking equipment. Not only was TAO's operation security compromised, but so were any number of affected products offered by US tech companies.
However, investigators are still looking into the possibility that the tools were left behind deliberately by a disgruntled TAO operative. This theory looks far better on the NSA than another theory also being examined: that multiple operatives screwed up in small ways, compounding each other's mistakes and (eventually) leading to a publich showing of valuable surveillance tools.
As for the official, on-the-record comment… no comment. The FBI and Director of National Intelligence declined to provide Reuters with a statement.
The NSA has long refused to acknowledge the inherent dangers of hoarding exploits and deploying them with little to no oversight. It's unclear whether this incident will change this behavior or make it a more-forthcoming partner in the Liability Equities Process. What is has proven is that the NSA makes mistakes like any other agency -- whether the tools left behind accidentally or deliberately. It's just that when the NSA screws up, it exposes its willingness to harm American tech companies to further its own intelligence needs.
13 Comments | Leave a Comment..
Posted on Techdirt - 23 September 2016 @ 2:45pm
In which the government argues that avowedly suspicionless behavior is reasonable suspicion.
Carlos Velazquez was pulled over by Officer Ken Scott, a "traffic investigator" patrolling the Ft. Bragg military base in North Carolina. Scott observed Velasquez make a right-hand turn at a stop sign, then reverse course when he encountered a gate preventing traffic from entering the Ft. Bragg Special Operations Compound. The stop resulted in the search of the vehicle and, eventually, the discovery of illegal drugs.
Velazquez moved to suppress the evidence, arguing that the stop was suspicionless. The government disagreed, but Scott's own testimony indicates it was a suspicionless stop. Scott claimed the stop was justified because he believed Velazquez was "intoxicated or lost." That last part Scott himself ignored, even during his testimony as the government's sole witness. The actions Scott viewed as "suspicious" during his justification of the traffic stop were also actions Scott had witnessed numerous times while patrolling the area around the military base.
Lamont Road ends at an intersection with Manchester Road. At the time of this incident, if a driver turned right from Lamont onto Manchester, he would encounter a closed gate with a "Do Not Enter" sign. Id. at 1:09:20-1:09:30. If a driver turned left from Lamont onto Manchester, the road would take him towards various training areas and, ultimately, the town of Southern Pines. Id. at 1:10:20-1:10:29.
Officer Scott described this area as wooded with no lighting with minimal, if any, phone and radio signals. Id. at 1:10:39-1:10:49. Officer Scott also stated that there are no individuals in that area at night. Id. at 1:11:16-1:11:22. Officer Scott also testified that he has often assisted individuals who were lost in the area, including those following GPS. Id. at 1:12:17-1:12:36. Officer Scott stated that he had often received calls of lost individuals utilizing GPS where the GPS would take them off the main road. Id.; id. at 1:17:01-1:17:15. He also stated that there are no phone signals and radios often do not operate in this remote area. Id. at 1:10:50-1:10:55.
Officer Scott did not provide any details on how many suspicionless stops he has performed after viewing behavior he admittedly finds unsuspicious. There's also nothing in the decision that indicates Scott observed anything about Velazquez's behavior during the stop that would have added to his suspicions. Instead, as the court points out, everything Velazquez did was entirely normal, given what Officer Scott had observed during previous patrols.
Here, the evidence demonstrates that Velasquez was driving on a public road shortly after midnight on a Saturday morning. When he reached an intersection, he stopped completely and proceeded to make a right turn. After encountering a fence informing him he was not allowed to proceed further, Velasquez turned his vehicle around and proceeded down a public, albeit remote, road. At no time did Officer Scott observe any erratic driving, traffic violations, or other conduct that indicated Velasquez was intoxicated. There is no indication that there were concerns that Velasquez posed a threat to the physical security of the base or personnel or that he was seeking unauthorized access to the Special Operations Compound. Officer Scott's decision to pull Velasquez over appears to have been based entirely on his presence on a public road at night and his right turn at the intersection of Lamont and Manchester Roads. Given that Officer Scott was aware that individuals frequently became lost in this area and that GPS systems would often cause individuals to make wrong turns, these facts are insufficient to establish that Officer Scott's stop of Velazquez's vehicle was supported by reasonable suspicion of criminal conduct.
No one likes to lose a drug bust, but offering up an argument that basically amounts to "the lack of suspicious behavior made me suspicious" is even worse than the government's routine insistence that driving from state to state on paved highways is suspicious because criminals often travel from state to state on paved highways.
While officers are generally free to make up their own traffic laws to initiate suspicionless stops, the officer here apparently failed to come up with anything better than "possibly [and suspiciously] lost" after interacting with Velazquez. The officer lucked into a drug bust, but "fortuitous discovery" isn't a recognized Fourth Amendment exception (or, at least, it shouldn't be one -- see also: "good faith").
There are few activities that separate citizens from their Fourth Amendment rights faster than driving but, at least in this decision, the rights didn't evaporate quite as quickly as Officer Scott may have hoped. Away goes the evidence. With that dismissed during oral arguments, the government decided there was nothing left to prosecute, so the charges have been dropped as well.
When Dirty Harry acolytes bitch about "technicalities" putting drug dealers back on the streets, these are the sorts of things they're often unknowingly referring to: law enforcement's inability to stay within the confines of the law and the Constitution.
39 Comments | Leave a Comment..
Posted on Techdirt - 23 September 2016 @ 1:03pm
It's not like the NYPD's earned enough trust to be given the benefit of a doubt, but it's latest excuse as to why it can't come up with requested data sounds about as believable as a soaking wet teen's explanation as to why the family car is currently lying at the bottom of the backyard pool isn't his fault.
The New York City Police Department takes in millions of dollars in cash each year as evidence, often keeping the money through a procedure called civil forfeiture. But as New York City lawmakers pressed for greater transparency into how much was being seized and from whom, a department official claimed providing that information would be nearly impossible—because querying the 4-year old computer system that tracks evidence and property for the data would "lead to system crashes."
The system that "tracks" this information (apparently by tossing input into a pile of unsearchable bits) was considered top of the line in 2012. Sure, technology moves fast but certainly not fast enough to turn something the NYPD claimed would "revolutionize" evidence/property tracking into a hulking pile of sullen, un-queryable data four years later. As Sean Gallagher of Ars Technica points out, the system was submitted for consideration for the 2012 Computerworld Honors, which hands out awards to leaps forward in information technology.
NYPD officials, responding to city's Public Safety Committee, explained that the top-dollar tracking system wasn't actually a system at all.
NYPD's Assistant Deputy Commissioner Robert Messner told the New York City Council's Public Safety Committee that the department had no idea how much money it took in as evidence, nor did it have a way of reporting how much was seized through civil forfeiture proceedings—where property and money is taken from people suspected of involvement in a crime through a civil filing, and the individuals whom it is seized from are put in the position of proving that the property was not involved in the crime of which they were accused.
Where accountability is needed most, it almost always seems to go missing. Asset forfeiture -- in multiple, mostly-nefarious forms -- is a law enforcement tool seemingly handcrafted for abuse and exploitation. When the NYPD isn't seizing cash and cars simply because Officer Smith thought he spotted a fleck of marijuana somewhere in a three-mile radius, it's taking ownership of people's personal belongings (phones, cash, etc.) simply because they happened to be in their pockets when they were arrested.
The NYPD's inability to quantify its sketchy takings isn't surprising. There's nothing to be gained from keeping a tracking system like this in working order. The more data the NYPD can provide to overseers, FOIL-wielding citizens, and meddling defense lawyers, the more likely it is that someone will uncover abuse of the forfeiture process.
The NYPD isn't satisfied with simply being a closed book -- it's actively engaged in removing pages. At some point, someone on the inside must have needed some information and found the tracking system unworkable. But the cost of fixing it -- both in terms of the money paid to contractors and the potential "harm" done to a very profitable program -- was likely considered too much of an expense to bear. So, when faced with demands for data, the NYPD excuses its lack of info production with "the database ate our homework."
What data has been pried loose from the unwilling NYPD already shows it willingly lies to city officials about its asset forfeitures, as the Village Voice reports.
The NYPD's testimony was also disingenuous: As part of a FOIL request filed by the Bronx Defenders, the NYPD had already compiled and released figures that show the staggering amounts that it has seized.
At the hearing, the NYPD claimed that it only legally forfeited $11,653 in currency last year — that is, gone to court and actually made a case as to why the NYPD should be taking this money.
In the accounting summaries which the Bronx Defenders submitted as part of its testimony, the NYPD reports that as of December 2013, its property clerk had almost $69 million in seized cash on hand. This amount had been carried over from previous years, showing an annual accumulation of seized cash that has reached an enormous amount. The documents also show that each month, the five property clerk’s offices across the city took in tens of thousands of dollars in cash, ultimately generating over $6 million in revenue for the department.
And where did the Bronx Defenders get its numbers? The same software the NYPD claims can't produce these numbers.
The report that the NYPD released appears to have been generated through the same use of their database that the department now claims is technologically impossible.
At the point of the database's inception, the NYPD claimed it would provide "cradle-to-grave" tracking of seized property. Apparently "cradle-to-grave" is about as meaningless a phrase as "unlimited data:" both terminate far sooner than their descriptors would indicate.
It may be the software can't handle complex queries encompassing the entirety of its seizure records, but that's not an acceptable excuse. The problem should have been caught and fixed by this point. I'm pretty sure the NYPD has some way of tracking seized assets since it seems to have few concerns about bouncing checks when spending the proceeds. But it's sure as hell not going to turn this over to opponents of its sketchy seizure programs without a fight. So when it became apparent the database would provide next to nothing in terms of accountability, the NYPD considered that a feature, rather than a bug.
52 Comments | Leave a Comment..
Posted on Techdirt - 23 September 2016 @ 10:50am
Secrecy still continues to shroud law enforcement Stingray use, in large part because courts have been far too receptive to the government's insistence that the release of any details at all would result in the expensive tech being rendered instantly useless.
The NYPD has decided to go past the usual "law enforcement means and methods" obfuscatory tactics and push a rather novel narrative about why it would be "dangerous" for IMSI catcher info to make its way into the public domain. (I mean more so… I guess.)
Joseph Cox of Motherboard reports the NYPD's latest opacity play involves hoodie-wearing males operating laptops in underlit rooms and comic book supervillain-esque levels of coordinated criminal activity.
In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking.
In the words [PDF] of the NYPD's Gregory Antonsen, hackers would be able to crack open Stingrays like OPM records if the department were to turn over Harris Corp. contract info and nondisclosure agreements to the New York branch of the ACLU in response to its FOIL request. Also: terrorism.
The purpose of this affidavit is to explain the reasons that disclosing the Withheld Records would cause grave damage to counterterrorism and law enforcement operations, and so could endanger the lives or safety of New Yorkers.
Additionally, disclosing the Withheld Records would reveal confidential and non-routine criminal investigative techniques, which would hamper ability to conduct operations and would permit perpetrators to evade detection. Moreover, disclosure of the Withheld Records would jeopardize the ability of NYPD to secure its information technology assets.
After detailing the use of Stingrays to perform a variety of heartwarming investigations (tracking down a missing elderly person, rescuing someone from sex trafficking, etc.), Antonsen gets down to business. According to the NYPD's theory, any information released about the NYPD's IMSI catcher contracts could be "scrutinized" by bad guys who would be able to infer from extremely limited information the extent of the department's cellphone-tracking capabilities. It's basically the mosaic theory, but without the mosaic.
But the far stupider assertion is the one made without any supportive citations -- just a far-fetched hypothetical.
The CSS technologies are also critical and essential information technology assets. As such, all CSS technologies require periodic software updates. Public disclosure of the specifications of the CSS technologies in the NYPD's possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize ability to keep the technologies secure. Of great concern is that a highly sophisticated hacker could use the knowledge of CSS technologies to invade the CSS software undetected, thus creating a situation in which law enforcement personnel are lured into a situation based on a misleading cell-phone location and are then trapped and ambushed.
The ACLU's Chris Soghoian has responded [PDF] to the NYPD's assertions. As to the claims that providing contract information would somehow result in sophisticated criminals finding ways to route around this surveillance, Soghoian points out that every Stingray device -- no matter its capabilities -- can be defeated by even the dumbest thug… and all without having to scour a redacted invoice for clues.
The most effective countermeasure, which can be used by anyone at no cost is to simply turn off a phone or put it into airplane mode. This will thwart tracking by any model of Stingray. Knowing the models of Stingrays that the NYPD uses does not make this countermeasure more or less effective. It is 100% effective regardless of which models of Stingrays the NYPD uses.
Soghoian went easy on the "but criminals will beat our IMSI catchers" argument. The "but we'll be hacked" argument is treated with all the respect it deserves: none.
It would be a serious problem if the costly surveillance devices purchased by the NYPD without public competitive bidding are so woefully insecure that the only thing protecting them from hackers is the secrecy surrounding their model names.
He also chides the NYPD for making claims the federal government isn't even willing to make.
The Harris Corporation, which in addition to manufacturing Stingrays has been awarded public contracts for securing the President's communications and supplying secure radios used by the U.S. Army, is clearly capable of designing secure products for its government customers that does not rely on keeping secret the mere existence of the devices for their security.
Soghoian also points out that the release of other information would similarly have zero effect on the devices' capabilities. Because they spoof cell towers, it does criminals no good to know how many the NYPD has or even where they tend to deploy them. A cellphone can't tell it's connected to a BS "tower." And just because the NYPD may be more likely to deploy them in certain areas does not guarantee that avoiding those areas will allow criminals to avoid detection.
And this wonderful paragraph snarkily deflates the NYPD's paranoid ravings its tech officers deploy as justification for continued secrecy.
Inspector Antonsen also claims that knowing the number of Stingrays owned by the NYPD may enable an extremely well-resourced criminal group to orchestrate a greater number of simultaneous hostage situations than the number of Stingrays available to the NYPD. Even assuming that such a sophisticated criminal group made the unlikely decision to rely on its knowledge of the number of Stingrays in the possession to use cell phones in executing such a hypothetical event, knowing that number will not help them as it is almost certainly the case that one, if not multiple, federal law enforcement agencies would step in and assist the NYPD with their own cellular surveillance technology. Moreover, this hypothetical is no different from saying that at some point some criminal group may be able to overwhelm the number of police cars that the NYPD owns or the number of police officers on the force.
It's hard to believe law enforcement is still throwing out these tired arguments after nearly a decade of incremental exposure of Stingray information. The NYPD wants publicly-available information (Stingray names, suggested retail prices) to somehow be the first cat successfully stuffed back into the bag. Since it has no legitimate arguments to justify this cat stuffing, tech officers are resorting to hypothetical scenarios even the most-handwavingest of sci-fi writers wouldn't feel comfortable inserting into their speculative fiction.
Read More | 34 Comments | Leave a Comment..
Posted on Techdirt - 23 September 2016 @ 3:18am
The DOJ is finally addressing some long-ignored problems with the forensic evidence its prosecutors rely on. For two decades, FBI forensics experts handed out flawed testimony in hundreds of criminal cases, routinely overstating the certainty of conclusions reached by forensic examination. Of those cases, 28 ended in death penalty verdicts.
An earlier attempt to address issues with flawed science and flawed testimony swiftly ran aground. Federal judge Jed S. Rakoff very publicly resigned from a committee formed to examine these issues after he was informed by the attorney general's office that he wasn't actually supposed to be examining these issues.
Last evening, January 27, 2015, I was telephonically informed that the Deputy Attorney General of the U.S. Department of Justice has decided that the subject of pre-trial forensic discovery -- i.e., the extent to which information regarding forensic science experts and their data, opinions, methodologies, etc., should be disclosed before they testify in court -- is beyond the “scope” of the Commission’s business and therefore cannot properly be the subject of Commission reports or discussions in any respect.
Because I believe that this unilateral decision is a major mistake that is likely to significantly erode the effectiveness of the Commission -- and because I believe it reflects a determination by the Department of Justice to place strategic advantage over a search for the truth -- I have decided to resign from the Commission, effective immediately. I have never before felt the need to resign from any of the many committees on which I have served over the years; but given what I believe is the unsupportable position now taken by the Department of Justice, I feel I have no choice.
Caleb Mason of Brown, White & Osborn (the "White" is Popehat's Ken White) reports that the DOJ appears to be taking these problems more seriously. It has issued a directive [PDF] forbidding forensic experts from making claims about "scientific certainty" when presenting evidence.
Directive Number 1 provides that agencies must now “ensure that forensic examiners are not using the expressions ‘reasonable scientific certainty’ in their reports or testimony.” Yes, you read that right. The Department of Justice is telling its forensic expert witnesses to stop claiming “scientific certainty.” Why? Because for most forensic disciplines, there never was any, and DOJ is—after decades of resistance—admitting it.
One of the forms of evidence is fingerprints, the thing every law enforcement agency makes sure to obtain when booking suspects because it's supposedly so infallible. But like almost everything else law enforcement forensic experts claim are reasonably certain, scientifically-speaking, examination of prints no more guarantees a match than examining bite marks.
Fingerprint examiners look for “matching points” in prints, but believe it or not, there are no general standards for which points to look at, how many points to look at, or even what counts as a “point.” Not only are there no established standards, there isn’t even general agreement within the forensic analysis community. Some people like eight points, others ten, others twelve. Many examiners insist they can make an identification with just a single point.
Even more amazingly, in stark contrast to DNA matching, no one knows what the statistical likelihood is of two fingerprints sharing particular points, or whether that likelihood is different for different regions or features of the print. This is the crucial question for any identification methodology, because while each person’s fingerprints may be unique, the examiner doesn’t look at every molecule—the examiner looks at whatever five (or eight, or ten) “points” he or she chooses to look at.
Why is this process still so vague even after decades of reliance on it for identifying suspects? Well, it's because the DOJ won't allow anyone other than the government to take a look at the collected records. Researchers who may have been able to make better determinations on how many points are needed for more definitive matches (or how often false positives are returned by the database) have been locked out by the DOJ.
But the big fingerprint databases are controlled by DOJ, and DOJ has steadfastly refused to let researchers use them for the types of analyses geneticists do with DNA. That’s what makes print analysis so frustrating: the data exists, so fingerprint analysis could be a genuine scientific discipline, with publicly-available databases, peer-reviewed research, known error rates, and accepted methodologies. It could be a real body of knowledge about the differential rates of occurrence among populations of particular physical features of our fingerprints. Hopefully one day it will be. But it’s not now, as the DOJ directives finally acknowledge.
The DOJ's not offering to open up its fingerprint database for outside examination. But at least it's admitting it hasn't let anyone without a vested interest in successful prosecutions take a good look at the methods used by its forensic examiners or the collected evidence they're working with.
[As a bonus, here's another fantastic read by Caleb Mason: a Constitutional examination of Jay-Z's hit track, entitled "JAY-Z’S 99 PROBLEMS, VERSE 2: A CLOSE READING WITH FOURTH AMENDMENT GUIDANCE FOR COPS AND PERPS."]
Read More | 52 Comments | Leave a Comment..
Posted on Techdirt - 22 September 2016 @ 4:44pm
In a victory that's only sure to add more entities to the list of government agencies wishing Jason Leopold was dead, a federal judge has decided to roll back some of the opacity surrounding electronic surveillance.
US District Court Judge Beryl Howell said at a hearing Friday morning that absent an objection by government attorneys, the court would post to its website next week a list of all case numbers from 2012 in which federal prosecutors in Washington, DC applied for an order to install a pen register or a trap and trace device.
This is a response to a petition by Leopold and Vice to unseal court dockets containing electronic surveillance affidavits, orders, etc. The step forward towards more transparency is welcome news, but it appears the wheels of justice aren't grinding any faster. This petition was submitted to the court in 2013.
Default mode for nearly any case involving law enforcement surveillance is pitch-black darkness. The government asks for cases to be sealed with alarming (and annoying) frequency, often claiming the potential exposure of law enforcement means and methods would be detrimental to the business of catching criminals. This makes no sense considering the technology used is decades old and the methodology has been common knowledge for nearly the same length of time.
And yet, these requests are granted more often than not. Howell's district (Washington DC) presides over an extremely high percentage of sealed cases.
That traditional aversion to court secrecy has been overcome in the last few decades. To take but one example, the case name In re Sealed Case first appeared in 1981; it is now the most common case name on the D.C. Circuit Court of Appeals docket.
That may be changing. In addition to cutting loose a list of 2012 case numbers, Howell is looking to prevent the government from relying on the DC district to rubberstamp its secrecy requests.
At Friday's hearing, Howell approved a plan that would lay the groundwork for the systematic review and unsealing of a large volume of federal court documents related to the government's use of electronic surveillance.
This is a process that should have been put into place years ago. And, if implemented, should be spread to all federal court districts. The government asks for dockets to be sealed because it doesn't want to tip off those who are being surveilled. Fair enough, but that doesn't explain why dockets remained sealed for months or years after investigations have been closed.
Howell is asking for a response from government officials, so there's a chance it will still be months or years before the list of 2012 sealed cases is released. But if the review process changes (i.e., there actually is one), then indefinite docket sealing will no longer be the presumption.
10 Comments | Leave a Comment..
Posted on Techdirt - 22 September 2016 @ 2:40pm
Drive it like you
stole seized it.
Documents provided by Outside Legal Counsel show the department seized the Ostipow’s 1965 Chevy Nova SS on April 24, 2008, when the vehicle’s mileage was 73,865. [Sheriff William L.] Federspiel, who signed the vehicle title transfer form, sold the partially restored muscle car over a year later on June 4, 2009, for $1,500.
The vehicle’s title certificate filled out by Federspiel around the time it was sold says the mileage was 130,000 — 54,000 miles more than when the department seized the car.
The backstory to this seizure and extended joyride starts at the plaintiff's farm. In 2008, the sheriff's office obtained a warrant to search a second house on the Ostipow's property -- one in which their son lived. In the house, deputies found marijuana plants and seeds. The Ostipow's steadfastly maintain they knew nothing about their son's illegal activities. Presumably, they allowed him to live his own life in a house located some distance away from theirs. [Photo courtesy of Outside Legal Counsel]
Ostensibly there for drugs, deputies soon broadened their horizons.
Instead of only seizing the illegal plants and seeds, deputies seized essentially everything from the farmhouse, including, oddly, dozens of animal mounts being kept long-term at the farmhouse by Gerald because Royetta, his wife, simply didn't like these mounted animals in the main house.
But that is not all the deputies seized. The deputies also went out to outbuildings of the farmhouse and seized all the equipment, deer blinds, hundreds of tools, and many other items which lacked any realistic connection to the pot plants and seeds of Steven's grow. They even seized the '65 Nova and the car trailer it was on.
Not satisfied with cleaning out the farmhouse the Ostipow's son resided in (as well as every building surrounding it), the deputies returned with another warrant and cleaned out the Ostipow's house -- one located a half-mile away from the supposed grow operation. They found no illegal evidence, but that didn't stop them from taking plenty of their property, including the cash in Gerald Ostipow's wallet.
Then they just kept coming.
In the weeks that followed, deputies from the Saginaw County Sheriff's Office would arrive, off duty, in their personal vehicles and would continue to take more items long after the completion of the execution of the search warrants. No inventory tabulation exists for these items taken and there appears to be no records of these "self-help" items being officially sold.
The proceedings -- which have dragged on for eight years now -- never resulted in criminal charges against the Ostipows. After a trip up to the state Supreme Court, it was finally determined that Gerald Ostipow "should have been aware" of the grow operation taking place on his property. But it was also determined that Royetta's (Gerald's wife) interest in the belongings taken was free and clear. The Sheriff's office was ordered to return most the property it seized.
The problem is that the Sheriff's department no longer had the property it seized, including the vehicle it racked up 54,000 miles on.
However, the injury inflicted upon the Ostipows was not complete. After the final judgment was entered, it was discovered that all of the Ostipow's property had been sold by Sheriff Federspiel (he himself having signed the vehicle title transfer document for the Nova) and members of his department before there was a final determination about forfeitability of items seized and held.
The department's actions are indicative of an agency that seldom has trouble retaining anything it designates as "guilty" property. So secure was the sheriff's office in its belief that it would ultimately prevail -- despite never bringing criminal charges against the couple whose assets it seized -- that it moved ahead with converting the property to cash without having any legal right to do so.
The Ostipows are now suing [PDF] the sheriff and his deputies in federal court for blithely blowing past even the minimal protections granted to victims of asset forfeiture. In addition to $1 million+ in damages, the Ostipows are seeking declarations that the asset forfeiture processes deployed by the sheriff's department are Constitutional violations and the compelled released of documents requested by the couple in an earlier FOIA request.
Hopefully, Sheriff Federspiel will learn from this experience. Then again, he's already converted a seized Mustang into a department/personal vehicle and has gone on record with statements that portray his anti-drug efforts as shopping trips for his department.
Federspiel hopes his department will claim more vehicles through drug forfeiture or drunk driving laws to equip his six-person cadre of captains, lieutenants and sergeants by the end of his first term. “I don’t want to buy another vehicle for my command staff,” he says.
He’s targeted a 2008 black Cadillac Escalade which, if acquired, would become the mobile, anti-drug dealing billboard for Undersheriff Robert X. Karl.
Given that this is the voice of leadership in the department, it's hardly surprising deputies feel search warrants entitle them to grab as much as they can from citizens they either can't or won't bring charges against.
Read More | 72 Comments | Leave a Comment..
Posted on Techdirt - 22 September 2016 @ 10:45am
Apparently the legal battle between a bunch of contractors providing "smart meter" equipment to the city of Seattle and FOIA clearinghouse MuckRock isn't over. The last time we checked in, a judge had overturned his own hastily-granted injunction, relieving MuckRock of the impossible demands placed on it by miffed tech provider Landis+Gyr -- which included handing over the details of everyone who might have seen Landis+Gyr's documents and "retrieving protected information that may have been downloaded" from the site.
MuckRock was allowed to reinstate the documents and Landis+Gyr walked away from a debacle of its own making. Another contractor utilized by Seattle Power and Light (Ericsson) had pursued a similar injunction but dropped MuckRock from its complaint, following Landis+Gyr into battle against the entity that had released the documents to requester Phil Mocek: the city of Seattle.
But there's still one company pursuing a case against MuckRock. The EFF, on its way back into court to fight the tenacious litigant, points out that Elster Solutions, LLC is still hoping to hold MuckRock accountable for publishing documents received from the city of Seattle. But it's impossible to ascertain why it's going after MuckRock.
First off, Section 230 shields MuckRock from this sort of litigation.
Section 230 provides broad protections for online platforms such as MuckRock, shielding them from liability based on the activities of users who post content to their websites. Given that broad immunity, MuckRock cannot be sued for hosting public records sought by one of its users regardless of whether they contain trade secrets.
MuckRock isn't the correct target because it only hosts the documents. It did not demand them itself, nor did it actively participate in the posting of the documents. MuckRock's system is automated. Default user settings will, without addtional input or control, post all correspondence and responsive documents pertaining to public records requests routed through the site. This makes Mocek's request and published documents third party, user-generated content.
The other reason why Elster's decision to name MuckRock as a defendant is completely misguided is this simple fact:
MuckRock currently does not host any documents from the company, Elster Solutions, LLC, that are subject to the public records request.
Even if MuckRock were able to obtain these documents, it wouldn't be doing so directly -- which is exactly what Elster claims has happened or might possibly happen. It wants to prevent the release of unredacted documents to the site (via requester Phil Mocek), but its litigious attention should be solely focused on the entity releasing them, rather than the site hosting them. At this point, MuckRock doesn't have anything Elster wants to argue about, and yet, it's doing so anyway. Its complaint is not only seemingly unfamiliar with Section 230 protections, but also severely deficient. From the EFF's motion to dismiss [PDF]
The Court should dismiss MuckRock from the lawsuit due to the obvious deficiencies in in Elster’s allegations in the Complaint. With respect to MuckRock, the Complaint contains precisely the type of bare, conclusory, or formulaic allegations the Court said were insufficient in Iqbal. See Yates, 2014 U.S. Dist. LEXIS 71077, at *8 (“[b]are, conclusory and formulaic allegations of involvement do not state a claim for relief against a particular defendant”). The Complaint mentions MuckRock in only three paragraphs, and in all three instances fails to specify any conduct by MuckRock that underlies any purported claim against it. (See Complaint ¶¶ 2, 6, 18.) Paragraph 6 references MuckRock’s domicile and state of incorporation. Paragraph 18 merely recites that Phil Mocek made a request for certain documents. And paragraph 2 is an introductory paragraph vaguely alleging that Mocek “and/or” MuckRock submitted a records request.
This lawsuit shouldn't last for much longer. What's surprising is that it's lasted this long already.
Read More | 6 Comments | Leave a Comment..
Posted on Techdirt - 21 September 2016 @ 12:51pm
Cyrus Farivar of Ars Technica reports that another federal judge has found the warrant used by the FBI to deploy its Tor-busting malware is invalid. This finding isn't unique. Multiple judges in various jurisdictions have found the warrant invalid due to Rule 41, which limits execution of warrants to the jurisdiction where they were issued. But only in a few of the dozens of cases stemming from the FBI's child porn investigation has a judge ruled to suppress the evidence obtained by the FBI's NIT.
A federal judge in Iowa has ordered the suppression of child pornography evidence derived from an invalid warrant. The warrant was issued as part of a controversial government-sanctioned operation to hack Tor users. Out of nearly 200 such cases nationwide that involve the Tor-hidden child porn site known as "Playpen," US District Judge Robert Pratt is just the third to make such a ruling.
In other cases, judges have found the warrant invalid, but have granted the FBI the "good faith" exception or found that the information harvested by the agency's hacking tool isn't protected under the Fourth Amendment. In one particularly memorable case, the presiding judge wandered off script and conflated security and privacy, suggesting that because computer hacking is so commonplace, the FBI should be allowed to peek into compromised computers (and compromise them!) and extract whatever it can without worrying about tripping all over the Fourth Amendment.
With hundreds of cases all over the nation (and many more handed off to foreign law enforcement agencies) stemming from a single warrant, this collection of rulings is far from coherent. But, more often than not, judges have found that the reach of the FBI's NIT deployment far exceeded its Rule 41 grasp. That all could change by the end of the year, making future investigations handled in this manner (running seized websites to deploy hacking tools) much less likely to be successfully challenged in court.
Judge Pratt's ruling [PDF], however, did at least shut down the government's Third Party Doctrine arguments.
There is a significant difference between obtaining an IP address from a third party and obtaining it directly from a defendant’s computer.
If a defendant writes his IP address on a piece of paper and places it in a drawer in his home, there would be no question that law enforcement would need a warrant to access that piece of paper—even accepting that the defendant had no reasonable expectation of privacy in the IP address itself. Here, Defendants' IP addresses were stored on their computers in their homes rather than in a drawer.
Analogies to physical objects are seldom perfect, but Pratt's does better than most.
"Judge Pratt correctly interpreted the NIT's function and picked the correct analogy," Fred Jennings, a New York-based lawyer who has worked on numerous computer crime cases, told Ars. Jennings continues:
[Pratt] correctly points out that the usual analogies, to tracking devices or IP information turned over by a third-party service provider, are inapplicable to this type of government hacking. A common theme in digital privacy, with Fourth Amendment issues especially, is the difficulty of analogizing to apt precedent—there are nuances to digital communication that simply don't trace back well to 20th-century precedent about physical intrusion or literal wiretapping.
The evidence suppression will likely result in charges being dropped, as anything located on the defendant's devices would have stemmed from the invalid NIT warrant. Outcomes like these don't do much to appease the general public, as the actions alleged are often viewed as indefensible. But the ugliness of the crime has no bearing on the Constitution and the rules governing search warrants.
The FBI can't play by different rules just because the targets are less sympathetic. That's why the push back against the proposed Rule 41 changes is important, because alterations to jurisdictional limits won't solely be used to chase down the worst of the worst. It will greatly expand the reach of questionable search warrants and investigative tools and encourage magistrate shopping by law enforcement to lower the level of scrutiny their deficient affidavits might otherwise receive.
Read More | 10 Comments | Leave a Comment..
Posted on Techdirt - 20 September 2016 @ 2:34pm
The Intercept has obtained user manuals for Harris Corporation's IMSI catchers, colloquially known as Stingrays, thanks to an anonymous leaker. The documents appear to have come from a Florida law enforcement agency. This would be the public's first chance to see these documents in unredacted form. These operating manuals have been held onto tighter by law enforcement agencies than nondisclosure agreements or info on investigations utilizing this technology.
The documents show what's so attractive about Stingrays: their power and their ease of use.
Richard Tynan, a technologist with Privacy International, told The Intercept that the “manuals released today offer the most up-to-date view on the operation of” Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the “Stingray II” device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.
The tech can be deployed easily thanks to a relatively user-friendly interface and offers an array of tools to be used that go beyond simply tracking the location of a targeted phone. Not only can these devices snag every phone that happens to be in range of the device, but the IMSI catcher can force every phone in the area to come down to its level, so to speak.
In order to maintain an uninterrupted connection to a target’s phone, the Harris software also offers the option of intentionally degrading (or “redirecting”) someone’s phone onto an inferior network, for example, knocking a connection from LTE to 2G.
However one might feel about the lawfulness of deploying mass surveillance to track -- in most cases -- a single suspected criminal, there has to be at least some concern that law enforcement can downgrade paying customers' connections while performing an investigation.
The user's manual [PDF] uses telco jargon almost ironically, referring to targeted phones as "subscribers" (who haven't intentionally signed up for law enforcement tracking) and the towers officers will be spoofing as "providers" (the cell companies whose connection will be replaced/downgraded as law enforcement sees fit). Lists of "subscribers" and "providers" can be imported and exported. "Subscribing" numbers can be given nicknames to more easily separate them from the countless other cell phone numbers swept up during the device's deployment.
Much of what's in the documents isn't exactly surprising. A lot of this has been sniffed out by FOIA requesters and defense lawyers, but until this point, the underlying details have mostly been implied -- read between redactions and parsed from deliberately-obtuse law enforcement testimony.
Harris can't be happy these documents have leaked. A warning on the Gemini control software manual [PDF] states that Harris must be allowed to challenge any disclosure of the contents of these documents -- which presumably includes law enforcement compliance with defense production requests. Law enforcement agencies can't be happy either, as it shows just how much power many of them have at their fingertips. But nothing stays a secret forever, especially when the surveillance technology in question has gone from overseas deployment against enemy combatants to chasing down fast food thieves in local neighborhoods.
Three can keep a secret if two of them are dead, as the saying goes. With hundreds of law enforcement agencies deploying cell tower spoofers thousands of times, the FBI's bullshit nondisclosure demands are apparently no replacement for a pile of silenced corpses.
Read More | 18 Comments | Leave a Comment..
Posted on Techdirt - 20 September 2016 @ 3:23am
German website Netzpolitik might be headed for another treason investigation. The German government went after the site once for publishing leaked documents detailing mass surveillance operations and it may do so again after its latest publication.
The site has obtained a classified report from the country's intelligence oversight office that shows the BND (Germany's intelligence service) illegally collected and stored data and information obtained via its partnership with the NSA.
The report’s executive summary describes serious violations of the law [emphasis added]:
The BND has illegally and massively restricted my supervision authority on several occasions. A comprehensive and efficient control was not possible.
Contrary to its explicit obligation by law, the BND has created [seven] databases without an establishing order and used them (for many years), thus disregarding fundamental principles of legality. Under current law, the data saved in these databases have to be deleted immediately. They may not be used further.
Although this inspection was only focused on the BND station in Bad Aibling, I found serious legal violations, which are of outstanding importance and concern core areas of the BND’s mission.
The BND has collected personal data without a legal basis and has processed it systematically. The BND’s claim that this information is essential, cannot substitute a missing legal basis. Limitations of fundamental rights always need to be based on law.
German (constitutional) law […] also applies to personal data which the BND has collected abroad and processes domestically. These constitutional restrictions have to be strictly abided by the BND.
Some of what was illegally gathered and stored was obtained via the NSA's XKeyscore program, which harvests email, online chats, and browser histories in bulk. The report notes that the indiscriminate collection of data and communications was subject to very little in the way of minimization, resulting in plenty of non-targets being swept up in the dragnet and their data/communications dumped into the BND's databases.
Because of its […] systematic conception, XKEYSCORE – indisputedly – collects […] also a great number of personal data of irreproachable persons. The BND is not capable of substantiating their number […]. In one case I checked, the ratio was 1:15, i.e. for one target person, personal data of fifteen irreproachable persons were collected and stored, which were – indisputably – not required by the BND to fulfill its tasks […].
The collection and processing of these data are profound violations of [the] BND law.
These infringements of constitutional rights are conducted without any legal basis and thus harm the constitutional right of informational self-determination of irreproachable persons. Furthermore, these infringements of constitutional rights result from the inappropriately – and thus disproportionately – large scale of these measures, i.e. the inappropriately large number of irreproachable persons surveilled […].
Not only did the BND harvest in bulk, but it also passed on this 1:15 collection unminimized to the NSA.
The amazing part of this leaked report is that it only details the violations of a single BND collection outpost. There are seven more in Germany yet to be examined. On top of that, the oversight body couldn't even get a clear picture of the illegal activities occurring at this single station. There were just too many of them.
This "storage and processing of personal metadata in VERAS is subject to the BND law and subsidiarily to the Federal Data Protection Act". But in many aspects the Data Protection Commissioner was hindered from examining the data properly. When requesting only the retained data of individuals protected by fundamental rights, the database had too many be displayed. Thus, she gradually reduced the time frame: "90 days, 30 days, 1 day". Still too many hits:
In none of the these cases, the system was able to display the hits because the number exceeded the limit of 15,002 – not even in the case of the least possible time restriction of one day.
This means the Federal Data Protection Commissioner was not able to examine the contents of the massive meta data retention. Additionally, she was not able to check how the BND used personal data, because: There are no logs.
The BND is neither aware of the kind or the scope of logs, nor was it technologically possible to access the log data of VERAS 6. Further, there existed no technical capability to analyze the logs.
Unfortunately, the violations found by the Data Protection Commissioner have since been codified into law. The BND is harvesting even more than it was when it was inspected, having just finished a 300 million euro revamp of its surveillance tech. Much like here in the US pre-Snowden, the oversight in Germany is relatively toothless. Whatever exists will be actively thwarted by intelligence agencies (the report states that BND deleted logs the Commissioner asked to examine) or by other legislators who are always willing to sacrifice the public's rights for national security.
15 Comments | Leave a Comment..
Posted on Techdirt - 19 September 2016 @ 9:34am
If you're going to argue against YouTube, Spotify, etc. and the supposed wholesale screwing of artists, it helps if:
A. You're not a former member of an entity with decades of experience in screwing artists, and
B. You have some grasp of basic economic concepts.
Paul Young, a former director of licensing for Universal Music Group, has an op-ed posted at The Hill decrying the unfairness of streaming services and the wrongness of the DMCA. But any point he's trying to make is buried under ignorance and the demand that some artists be treated more equally than others.
The music community’s grievances are the following: (1) The DMCA allows internet service providers to build ad-based businesses built upon infringing content that the artists cannot effectively police through “notice and take down” procedures; (2) If and when service providers pay the artists, it’s on the providers’ hopelessly complex terms, resulting in payments that offer fractions of pennies per view; (3) Service providers offer “free” teaser music to the public when copyright owners should have the absolute right to control distribution of their music.
(1) The DMCA sucks, but it sucks the way studios and labels wanted it to. Now they don't like it and they want to change it to suck in a different way. They're also arguing for "notice and STAY down," which works out great for labels/studios… unless they're inadvertently targeting their OWN site with unvetted DMCA notices.
(2) "Hopelessly complex terms" are included in almost every royalty agreement. Service providers don't have a monopoly on this behavior.
(3) If copyright owners want "absolute control," they're free to pull their music, movies, etc. from services they don't like. Not many have, because not many are willing to give up this revenue stream they constantly claim isn't paying enough. As for the artists themselves, they have no "absolute control" -- not if they're signed to a label. Young may be writing about screwed artists, but he's really only interested in protecting the "rights" of gatekeepers.
He confirms this by claiming major labels deserve to be treated better than other copyright owners.
Free music streaming is fair only for original, home-based music. However, what the public streams mostly comprises of premium, professional content. This content is expensive to create, risky to market and requires many behind-the- scene professionals.
It's OK for service providers to screw the little guy. But don't mess with the majors. They have oh-so-many mouths to feed -- mouths that are more deserving of revenue than creators that don't cut them in on the deal. Young wants a better deal for artists, but with a caste system attached.
Every minute, 400 hours of footage is uploaded to YouTube, much of it synched to copyrighted music. [Note: citation needed.] This gives YouTube a distinct advantage over Spotify, Tidal, Apple Music and other services that do not offer user-generated streaming of works they do not control.
Much of this YouTube footage is monetized with paid ads. YouTube retains a minimum of 45 percent of this revenue, at prices it sets (but does not reveal), irrespective of the content’s creation costs.
Major label music should "pay" more -- whether it's a premium in subscription fees or a larger cut of advertising revenue payouts. Why? Because it costs more to make. But production costs have little to do with pricing -- and that includes advertising revenue.
If we lived in Young's world, tickets to "Paranormal Activity" (production budget: $450,000) would be $5 and tickets to "Avatar" (production budget $425,000,000) would be $4,700. [Productions costs taken from here.] Buying My Bloody Valentine's "Loveless" would bankrupt music fans just as certainly as it nearly financially destroyed the label that released it, while Owl City's basement-produced hit album could presumably be had for a handful of pocket change.
Young -- and the label he worked for -- appear to believe the internet owes them a living. But just them. Not the rest of these shabby artists the labels are unwilling to gatekeep for.
Once Young has finished deliberately misunderstanding how markets work, he moves on to the point of his op-ed, which begins with him recycling the stupid "built on the backs of artists" trope that presumes no service provider could ever become successful without engaging in copyright infringement. Then he goes right off the rails.
I would argue for stronger, industry-wide measures: a complete repeal of the safe harbor provisions of the DMCA and a prohibition on any unauthorized uploading of the property of others.
The first part is insane. Young actually wants service providers to be fully responsible for the actions of their users. Like the ongoing attacks on Section 230 of the CDA, this is a very lazy, very dangerous attempt to paint targets on the backs of those who have money, rather than perform the more difficult work of targeting the users who actually commit copyright infringement, make defamatory statements, etc.
This line of thinking says labels and studios need do nothing more than bitch loudly and expect everyone else to solve their problems -- whether it's websites, legislators, or internet service providers. This is how they "protect" their artists. By complaining stupidly and demanding the internet be torn apart and rebuilt to their specifications, damn the collateral damage.
The second part is just moronic. Every site prohibits unauthorized uploadings. Active efforts are made to police uploaded content and any site that wants to stay alive for long sets up a DMCA agent to respond to takedown notices. But it's never enough. Young apparently feels current prohibitions just aren't prohibitive enough, as though there were a magical tech solution somewhere that might prevent any unauthorized uploading from taking place ever again, if only service providers weren't so busy raking in billions on the backs of major label artists.
The whole op-ed is an embarrassment. But, unfortunately, it's par for the course in major label/studio arguments. It's worse than the blind leading the naked. It's the ignorant leading the angry. It's short-sighted rent-seeking by people who somehow think they can force more revenue out of service providers by destroying the protections that have allowed them to prosper.
46 Comments | Leave a Comment..
Posted on Techdirt - 19 September 2016 @ 3:25am
The FBI's impersonation of an AP journalist during an investigation raised some serious questions about what the agency considered to be acceptable behavior when pursuing suspects. The outing of this tactic led to a lawsuit by the Associated Press, which was naturally unhappy its name was being used to deliver malware to a teenaged bomb threat suspect.
The FBI performed its own investigation of the matter (but only after it had become public knowledge -- seven years after the incident actually occurred) and found that rules may have been broken by this impersonation of a news agency. Certain approval steps were skipped, making the investigatory tactic not exactly by the book. But in the end, the report congratulated the FBI on using the ends to justify the means.
The DOJ's Inspector General [PDF] has now reviewed the incident as well and, uncharacteristically, is even more supportive and less critical of the FBI's actions.
We found that Department and FBI policies in effect in 2007 did not prohibit agents from impersonating journalists or from posing as a member of a news organization, nor was there any requirement that agents seek special approval to engage in such undercover activities. The only policies in effect at the time that might have required elevated consideration regarding the FBI’s plans turned on whether the undercover activity involved a “sensitive circumstance.” We concluded, given the lack of clarity in the policy language, that making a determination whether a situation was a “sensitive circumstance” was a challenging one and that the judgments made by the agents were not unreasonable given the lack of clarity.
Basically, the OIG has granted the FBI a "good faith" exception. The report also notes that an interim policy eliminated much of the vagueness previously present in the FBI's policies. That being said, the OIG's recommendation doesn't want for vagueness.
Recommendation 2: The FBI should consider the appropriate level of review required before FBI employees in a criminal investigation use the name of third party organizations or businesses without their knowledge or consent.
"Consider the appropriate level of review" sounds a lot like something that could be interpreted as "roll the dice and see what happens" or "it's always easier to ask for forgiveness than permission." Fortunately, the OIG has additional guidance on this recommendation, which makes it less vague than it first appears.
After reviewing a draft of this report, the FBI provided comments explaining that the heightened level of review and approval required for FBI employees to pose as members of the news media was introduced because such activity potentially could “impair news-gathering activities” under the First Amendment, but that such constitutional considerations do not apply to businesses and other third parties. Our recommendation, however, does not rely on equating the reputational interests of some third party organizations and businesses with the constitutional interests of others. We believe that reputational interests, and the potential impact FBI investigations can have on those interests, are themselves sufficiently important to merit some level of review before FBI employees use the names of third party organizations or businesses without their knowledge or consent.
As is pointed out by Marcy Wheeler, the FBI is arguing that it shouldn't have to seek special approval to imitate non-journalistic entities. It could impersonate any number of companies without additional oversight because there are fewer Constitutional concerns. It could -- in the hypothetical Wheeler proposes -- pretend to be Apple and issue a software update. That's one way to ensure a phone's crackable once the FBI gets its hands on it.
So, the change in policy will only affect the FBI's ability to impersonate journalists or their employers. It won't prevent the FBI from doing this. It will only require additional signatures on the paperwork.
Another OIG finding of note is that the FBI is the worst at impersonating journalists. Fortunately for it and its terrible imitation skills, it was only up against a 15-year-old bomb threat suspect.
Grant identified himself in the e-mail as “Norm Weatherill,” an “AP Staff Publisher.”
At 2:55 p.m. Jenkins responded, “leave me alone.”
Grant replied at 3:21 p.m.:
I respect that you do not want to be bothered by the Press. Please let me explain my actions. I am not trying to find out your true identity. As a member of the Press, I would rather not know who you are as writers are not allowed to reveal their sources. The school has continually requested that the Press NOT cover this story. After the School Meeting last night, it is obvious to me that this needs coverage. Readers find this type of story fascinating. People don’t understand your actions and we are left to guess what message you are trying to send. . . .
Nothing says "competent journalist" like random capitalization and referring to the Associated Press as "the Press..." if that's even what's happening here. It could very well be that "the Man" assumes everything is "us vs. them" and that "the Press" is just another key player in a larger conspiracy to subvert "School Meetings" and the administrators that oversee them. Whatever this mess of words is, "competent" it certainly isn't.
On top of that, the FBI couldn't even nail down a writing style that has its own, frequently-updated guidebook, as Ryan J. Reilly points out at the Huffington Post.
Despite the fact that the “entire investigative team was present” and “consulted together about what to say before the message was sent,” none of them apparently thought to follow AP Style.
Neither did the fake news story the FBI posted to its fake website -- the link used to serve the suspect with malware.
All joking aside, the policies the FBI had in place before this blew up were plainly inadequate. The policies replacing them aren't much better. The agency is already given plenty of leeway in terms of investigative tactics. Limiting its impersonation to those that don't implicate First Amendment rights won't stop it from impersonating any other private entity that might serve its purposes.
Read More | 43 Comments | Leave a Comment..
Posted on Techdirt - 16 September 2016 @ 1:02pm
John McCain -- fighting for the government's right to get all up in your everything -- has decided to embrace the "grumpy" part of his "grumpy old legislator" personality.
Back in July, McCain expressed his displeasure with Apple declining his invitation to show up and get yelled at/field false accusations at his hearing on encryption. He dourly noted that he was "seeking the widest variety of input," but his invited guests included Manhattan DA Cy Vance, a former Bush-era Homeland Security advisor and former NSA deputy director Chris Inglis. Not having Apple to kick around peeved McCain, who finished off the "discussion" with subpoena threats.
Another encryption hearing hosted by McCain devolved into the senator ranting about something no one cares about but him: a tech company not immediately prostrating itself in front of an intelligence agency. Here's Marcy Wheeler's summation of McCain's "contribution" to the discussion.
His tertiary point seems to have been to attack Apple and Twitter for making efforts to protect their customers. After getting a witness to comment about Twitter’s long-term refusal to let Dataminr to sell Twitter data to the CIA, he suggested perhaps the response should be to “expose” the company.
"Expose" how? This was "exposed" already, with the aftershocks of the exposure being "so what?" and "who cares?" Twitter simply enforced a pre-existing policy, pointing out to a third-party data mining company that it wasn't allowed to sell Twitter data to the government for surveillance use. This blocked the CIA from drinking from the Dataminr/Twitter firehose, which made the CIA sad and Twitter look stalwart and -- generally speaking -- didn't prevent the government from using any number of other methods to scoop up public tweets for surveillance purposes.
It also made McCain mad and he's still aching about it three months later. So, Wheeler has decided to help McCain out by publicizing Twitter's decision to hold a third-party social media data miner to the terms of its agreement with the government. Two more headlines have been added to her post, both breaking the news that was broken months ago and did little to appreciably nudge surveillance/outrage needles in any direction.
But it's still a big deal to McCain. He spent a little over two minutes (starting about 46:50 in the recording posted here) crafting his molehill into a mountain before cajoling NSA director Michael Rogers into answering what should have been a hypothetical question. While Admiral Rogers uncomfortably admitted he "didn't understand" why Twitter would enforce a pre-existing policy, McCain was unable to get anyone in the room to say anything on the record about "exposing" Twitter for its apparently nefarious decision to enforce the rules of Dataminr's agreement.
Wheeler has a better question:
Of course, you might ask why McCain is demanding that our tech companies to make money off of surveillance of you. And why he considers Twitter such an exception.
32 Comments | Leave a Comment..
Posted on Techdirt - 16 September 2016 @ 11:50am
USA Today, the Associated Press, and Vice News have joined forces to sue the FBI over its refusal to release even the most minimal amount of information on the hack it purchased to crack open the iPhone seized during its San Bernardino shooting investigation.
The DOJ certainly seemed adamant that Apple disclose all sorts of inside info to the government during the heated litigation. It turned down offers of assistance from hackers and security researchers before finally shelling out an unknown amount of money to an Israeli firm to gain access to the phone's contents. It also ensured it would never have to discuss the technical details of the hacking by not demanding this information be included in the purchase price.
Now, it refuses to even discuss the purchase price. Educated guesses that put it north of $1 million are based on a James Comey comment in which he said it was several times his annual salary. Somehow, the actual amount paid -- if revealed -- would somehow prevent the FBI's investigation from reaching its conclusion.
This FOIA lawsuit [PDF] targets other innocuous information the FBI refuses to release: contractor info on the party used to open up the seized iPhone (and discover nothing of investigative use on it).
This action is brought pursuant to the Freedom of Information Act (“FOIA”), 5 U.S.C. §§ 552, et seq., for basic contracting information from the Federal Bureau of Investigation (“FBI”) regarding one of its most publicly-discussed and controversial acquisitions: a technological tool openly purchased from a third-party vendor that was used to circumvent the need for a court order to access the locked iPhone of Syed Rizwan Farook, one of the perpetrators of the mass killings in San Bernardino, California.
As the lawsuit cleverly points out by using FBI director James Comey's own words against him, the public's interest in this information should easily outweigh the FBI's stated reasons for withholding it.
[T]he News Organizations seek to compel the FBI to provide records of the publicly-acknowledged business transaction that resulted in the purchase this March of the so-called iPhone access tool. The public interest in receiving this information is significant. The FBI’s purchase of this tool allowed government access to Mr. Farook’s phone, providing new information about one of the deadliest attacks on American soil in recent years, but also apparently failing to reveal any evidence of links between Mr. Farook and foreign terrorists or terrorist organizations...
FBI Director James Comey has himself stressed the essential importance of a nationwide “adult conversation” about whether and when law enforcement should be able to access encrypted devices because, “‘We’ve got to get to a point where we can reach [wrongdoers] as easily as they can reach us and change behavior by that reach-out.’” Mr. Comey also noted the need for increased information sharing with the public, an acknowledgment particularly critical given the potential of future legislative action on this issue, noting, “‘We need to understand in the FBI, how is this exactly affecting our work, and then share that with folks.’”
Moreover, the FBI’s purchase of the technology – and its subsequent verification that it had successfully obtained the data it was seeking thanks to that technology – confirmed that a serious undisclosed security vulnerability existed (and likely still exists) in one of the most popular consumer products in the world. And in order to exploit that vulnerability, the FBI contracted with an unidentified third-party vendor, effectively sanctioning that party to retain this potentially dangerous technology without any public assurance about what that vendor represents, whether the vendor has adequate security measures, whether the vendor is a proper recipient of government funds, or whether it will act only in the public interest.
The complaint points out the FBI has offered up zero information on this mysterious contractor, leaving several questions unanswered. The agency has refused to turn over anything on the vetting process used to select this vendor, raising the possibility that the FBI's chosen hacking entity may also be aiding blacklisted governments, terrorist groups, or criminals with accessing communications and data.
The news agencies participating in the lawsuit have been seeking this info since the All Writs Order was vacated back in March. Every request has been denied. The lawsuit seeks an order compelling the release of this information.
The DOJ will obviously fight this but it should be an interesting case to watch… if there's anything to be seen from the outside. Despite the hack being specific to one iPhone make running one specific version of iOS -- and there being nothing of interest found on the cracked phone -- the DOJ is sure to claim that any disclosure, however minimal, will do serious damage to national security and law enforcement means and methods.
Read More | 14 Comments | Leave a Comment..
Posted on Techdirt - 16 September 2016 @ 9:34am
Lauri Love, the British hacker the DOJ has been dying to get its hands on, has just been handed over to the US by his own government. The decision issued today [PDF] basically states that honoring extradition agreements is more important than any concerns issued about Love's health and well-being once handed over to US federal agents.
Mr Love’s Article 8 rights are clearly engaged. In balancing the factors for and against extradition I am satisfied that the very strong counter-balancing factors required to find extradition would be disproportionate are not found in this case. Mr Love faces extremely serious charges for offences of computer hacking over a period of one year from October 2012 to October 2013. I accept Mr Love suffers from both physical and mental health issues but I have found the medical facilities in the United States prison estate on arrival and during any sentence if he is convicted available to him, are such that I can be satisfied his needs will be comprehensively met by the US authorities.
I am satisfied Mr Love’s extradition would be compatible with his Convention rights and I send this case to the Secretary of State for her decision as to whether or not Mr Love should be extradited.
Once in the US, authorities have promised to address Love's mental and physical health concerns by placing him in "segregated housing" while determining if he's capable of being housed in the general population. As anyone who's followed prosecutions of whistleblowers and hackers knows, "segregated housing" is just a colorful term for "solitary confinement" -- not generally known to improve the mental well-being of people who've already expressed suicidal thoughts.
On top of a trip to solitary, Love will be facing charges from three jurisdictions related to the alleged hacking of multiple government/government contractor websites and databases.
Mr Love is accused in three indictments in three districts as follows:
(i) Southern District of New York – Mr Love faces two counts on Indictment, one of computer hacking (maximum sentence of 10 years imprisonment) and one of aggravated identity theft (maximum sentence of 2 years imprisonment to be imposed consecutively to the sentence for count 1).
(ii) The New Jersey request details two counts on one indictment. One count is conspiracy to access a computer without authorisation and obtain information from a department or agency of the United States (maximum sentence of 5 years imprisonment) and one of accessing a computer without authorisation and obtaining information from a department or agency of the United States (maximum sentence of 5 years imprisonment).
(iii) The Eastern District of Virginia request contains nine counts on an Indictment, count 1 – conspiracy to cause damage to a protected computer and to commit access device fraud (maximum sentence of 5 years imprisonment); counts 2 -7 – causing damage to a protected computer and aiding and abetting (maximum sentence of 5 years imprisonment); count 8 – access device fraud and aiding and abetting (maximum sentence of 10 years imprisonment) and count 9 – aggravated identity theft and aiding and abetting (maximum sentence of 2 years imprisonment).
There's little to be gained by adding up the maximum possible jail sentence facing Love. Rest assured, if convicted, it will likely be over a decade. Consolidation of the cases and charges is likely, but more than one of the charges carry possible 10-year sentences.
Meanwhile, back in the UK, Love has managed to escape being jailed for refusing to turn over passwords and encryption keys to law enforcement. UK investigators fought hard to force Love -- who they've never formally charged -- to crack open multiple seized devices for them. This attempt was shot down in May by a judge who viewed this as an end run around protections built into RIPA, the laws governing law enforcement's investigatory powers.
The final decision on Love's extradition is in the hands of Elizabeth Truss, the recently-appointed Secretary of State for Justice. Truss' previous government work doesn't really provide much guidance on which side she'll come down on this, but her voting record tends to indicate she's more sympathetic to national security/law enforcement interests than those of her constituents. Considering the UK and US have a very cozy surveillance relationship, it stands to reason Truss will likely decide to appease the DOJ, rather than overturn the court's decision.
Read More | 30 Comments | Leave a Comment..
Posted on Techdirt - 16 September 2016 @ 3:26am
Mishandling classified material can result in a variety of punishments, depending on who you are. If you're a presidential candidate, the routing of hundreds of sensitive documents through an unsecured, private email server might result in a few conversations with the FBI, but not in any criminal charges. If you're a retired general, routing classified material to your biographer/mistress might result in criminal charges, but not any time served. If you're a whistleblower taking your complaints to the press, you'll likely see some jail time to go along with your destroyed career.
And if you're a Marine Corps officer trying to warn others of trouble headed their way, you're more likely to be treated like Jason Brezler than Hillary Clinton, Gen. David Petraeus, or even former CIA Director Leon Panetta.
Brezler is facing dismissal from the Marine Corps for mishandling a classified document -- one containing information about an allegedly corrupt Afghan police chief who had already been kicked off a US base by Brezler himself.
[T]he local police chief, Sarwar Jan, turned into a problem.
"Sarwar Jan, he was a threat to not only the Afghans but our own Marines," Brezler says.
The chief was maybe linked to the Taliban. He was also alleged to be a pedophile who preyed on local boys — something alarmingly common among Afghan warlords.
Recently there's been a debate about whether U.S. forces should tolerate Afghan allies who keep kids at their barracks. Back in 2010, there was no policy. Brezler couldn't fire Sarwar Jan, but he could kick him off the base.
"We put Sarwar Jan on the next helicopter. And, once he left, we could have probably had a parade the next day through the bazaar. The Afghans were absolutely elated," he says.
After returning stateside, Brezler received an email from an officer located in Afghanistan informing him that Sarwar Jan was once again residing in the base Brezler had kicked him out of -- and had brought a group of underage boys with him. Brezler attached a classified report detailing the allegations against Jan and hit "Reply All."
The allegations about Jan weren't all that unusual. The sexual and physical abuse of minors is considered standard operating procedure by many Afghans in powerful positions.
Rampant sexual abuse of children has long been a problem in Afghanistan, particularly among armed commanders who dominate much of the rural landscape and can bully the population. The practice is called bacha bazi, literally “boy play,” and American soldiers and Marines have been instructed not to intervene — in some cases, not even when their Afghan allies have abused boys on military bases, according to interviews and court records.
In some cases, Marines have been told to ignore the behavior. In other cases, they've been punished for trying to prevent it. Brezler's concerns about Jan's arrival at another base were never addressed. Instead, the Marines chose to go after him for sending a classified document to other Marines. Brezler even went through the proper channels, reporting himself for mishandling sensitive information. He was told it was just "minor spillage" -- something that happened occasionally but generally without serious repercussions.
Less than three weeks after Brezler's warning went out (and was apparently ignored), a 17-year-old Afghan male who had been living in Jan's quarters stole a weapon and killed three unarmed Marines. When the Marine Corps resisted turning over information to the victims' families, Brezler sought the help of Rep. Peter King. King took this info to the media and that's when things got worse for Brezler.
And that's when the U.S. Marine Corps got serious — about investigating Jason Brezler.
"Almost a year had gone by from the time, he had moved on, the Marine Corps had moved on," says lawyer Mike Bowe. "A news story comes out that reveals that he's talking to Congressman King about these murders, and three days later he is sent to a Board of Inquiry to be kicked out of the Marine Corps."
The inquiry was retaliation, Bowe says, for embarrassing the Marine Corps brass. He says there were hundreds of similar cases of "spillage" the same year, and only two were punished. A Pentagon inspector general's report concluded it was not retaliation.
At this point, the Marine Corps is offering him an honorable discharge -- a "thanks, but no thanks" for his attempt to warn his fellow soldiers about the long list of allegations against police chief Sarwar Jan. Brezler sued for full reinstatement as a Marine and the discharge has been put on hold pending a possible jury trial later this year.
There are a handful of disturbing aspects of the Marine Corps' dismissal of Brezler, not the least of which is its decision to ramp up its efforts to rid itself of him after it had been publicly embarrassed by a US congress member. It also highlights the absurdity -- and danger -- inherent to the military's weirdly-selective non-interventionist policy: one deployed by an outside force playing World Police within its borders (decidedly interventionist) that draws the line at preventing the sexual abuse of minors on its bases by local officials.
The decision to go after the messenger -- one that self-reported his mishandling of sensitive information -- shows the government, by and large, cares more about protecting itself from embarrassment than solving its problems.
20 Comments | Leave a Comment..
Posted on Techdirt - 15 September 2016 @ 11:27pm
Representative Jason Chaffetz, fresh off his bombshell report on the OPM hacking, is promising to drop another explosive report in the future. This one will deal with law enforcement's dirty little secret -- one that's not that much of a secret anymore.
The Stingray, a controversial cellphone tracking device used by the U.S. government and law enforcement, will be the subject of a forthcoming investigation from the House Oversight Committee, according to Committee Chairman Jason Chaffetz (R-Utah).
"You will be shocked at what the federal government is doing to collect your personal information," Chaffetz said on Wednesday morning. "And they can't keep it secure, that's the point."
It's a good point, one fresh in the mind of millions thanks to the just-delivered OPM report. The government appears willing to take security seriously if it means doling out tax dollars to dozens of agencies with cyberstars in their eyes and crafting bad legislation, but not so much when it comes to actually ensuring its own backyard is locked down.
Chaffetz was one of the legislators behind the 2015 attempt to turn the DOJ's Stingray guidance into law, laying down a warrant requirement for US law enforcement. Unfortunately, the bill went nowhere. Presumably, a thorough investigation into law enforcement use of this repurposed war tech might prompt more legislative cooperation in the future.
Chaffetz has done little to endear himself to security and law enforcement agencies since his arrival on the Hill. In addition to the failed Stingray warrant bill, Chaffetz also partnered with Ron Wyden to attempt to add a warrant requirement for law enforcement GPS tracking -- something the Supreme Court almost addressed in its US v. Jones decision.
He also made new friends with the Secret Service while grilling officials over an incident where drunken agents arrived on the scene of a "suspicious package" report in spectacular fashion, crashing the vehicle they were driving into a White House barricade. Almost as soon as the hearing had begun, Secret Service employees were accessing Chaffetz's personal info (generated by his attempt to join the Secret Service in 2003), hoping to find something embarrassing they could use to discredit him.
This new report will further alienate law enforcement agencies and personnel, starting with the FBI -- which has acted as Stingray Overlord since the introduction of the equipment -- and trickling all the way down to the local level, where agencies have relied on secrecy, lies, and case dismissals to keep information about the cell phone-tracking devices from being made public.
16 Comments | Leave a Comment..
Posted on Techdirt - 15 September 2016 @ 11:44am
As Dianne Feinstein and Richard Burr mount another attempt to legislate holes in encryption, national security officials are offering testimony suggesting this is no way to solve the perceived problem. Another encryption hearing, again hosted by a visibly irritated John McCain (this time the villain is Twitter), featured testimony from NSA Director Michael Rogers [PDF] and Undersecretary of Defense for Intelligence Marcel Lettre [PDF] -- neither of whom offered support for mandated backdoors.
As nice as that sounds, the testimony wasn't so much "We support strong encryption," as it was "We support strong encryption*."
Lettre's testimony follows statements of support for encryption -- and opposition to legislated backdoors or "golden keys" -- with the veiled suggestion that the government will be leaning heavily on tech companies to solve this problem for it.
We need to strengthen our partnership with industry to find ways to protect against the national security threats to the United States. We will continue to work closely with our industry partners to find innovative ways to outmaneuver malicious actors' adoption of strong encryption, while ensuring that individual privacy interests are protected.
The problem here is that encryption isn't so much a privacy issue as it is a security issue. Approaching it from this incorrect angle suggests Lettre isn't opposed to backdooring encryption as long as access isn't abused by the government. But that limitation isn't going to stop malicious actors from abusing backdoors or other security holes built at the government's behest. It could be that Lettre misspoke, but that misreading of the real issue casts doubt on the sincerity of the rest of that paragraph.
I believe any steps we take as a government must be carefully considered to avoid introducing unintentional weaknesses in the protection of our commercial networks and national security systems. We should also be careful not to negatively affect our economic competitiveness as a world leader in technology, which could unintentionally drive technology innovation outside the United States.
This isn't quite as supportive as it might look at first glance either. Lettre wants to protect "commercial networks" and "national security systems." This wouldn't appear to cover computers, cellphones, or other personal devices that utilize encryption to protect their contents. Nor does it appear Lettre wants to extend his "hands off" approach to communications platforms that offer end-to-end encryption.
The NSA director's testimony is a bit better. There's far less hedging in Roger's statement than in Lettre's. Then again, it's far more vague in terms of the NSA's intentions. His statement poses more questions than answers (both figuratively and literally -- it ends with a "where do we go from here" question), but it does hint at being aligned with Lettre's suggestion that partnering with tech companies is a better solution than legislative mandates.
However, in the NSA's case, its "partnerships" with tech companies often don't appear to include approaching them directly. If anything, the "way forward" is the way things have been done for years by the NSA's Tailored Access Operations. Why ask for mandated backdoors when you can just intercept hardware shipments to install your own? Or reroute server traffic with man-in-middle attacks that grab content before encryption is applied?
While it is heartening to see natsec leaders refusing to back legislation pushed by Security Committee members, the fact is that there's still a powerful law enforcement lobby that can't be ignored -- one that begins with James "My god, it's full of darkness" Comey and runs all the way down to local-level district attorneys.
These entities may not offer much vocal support for mandated backdoors and do actually realize the harm they'll cause, but as long as their own stuff stays relatively protected, they're not necessarily opposed to anything that makes it easier to access communications and data.
Read More | 13 Comments | Leave a Comment..
Posted on Techdirt - 14 September 2016 @ 2:22pm
The Fourth Amendment contains an exception for "plain view:" evidence of criminal activity seen by law enforcement, whether it's through a cracked-open doorway, on a vehicle's seat, etc., can be seized and used without seeking a warrant. The government would also like to avail itself of a "plain hearing" exception, which it can use to salvage evidence of criminal activity in overheard conversations intercepted with a wiretap.
The Ninth Circuit Court of Appeals agrees with the government's "plain hearing" theory, though not with its assertions on how far the exception should stretch.
The FBI obtained a wiretap warrant for a number it believed belonged to the target of its drug investigation, Ignacio Escamilla. After listening to several conversations about drug dealing, the agents came to the conclusion that Escamilla wasn't actually using the phone number targeted by the wiretap. However, they felt the conversations they were overhearing were related to the Escamilla drug conspiracy they were investigating. So, they kept listening.
These conversations -- which didn't include the target of the wiretap -- led to the arrest of Michael Carey, who pled guilty to drug charges while reserving the option to move to suppress the evidence. The lower court concluded that the government could use wiretap warrants to gather evidence against other individuals, even if they weren't actually targeted by the wiretap. This was the "plain hearing" holding.
The Appeals Court agrees [PDF] to a certain extent. While the government is welcome to make use of some unrelated evidence it comes across while eavesdropping, it cannot simply continue to intercept conversations once it's established the target of the warrant is not actually using that phone number.
In short, we see no reason to depart from principles requiring cessation of a wiretap once the government knows or reasonably should know that the person speaking on the tapped line is not involved in the target conspiracy. See Ramirez, 112 F.3d at 851–52. The government may use evidence obtained from a valid wiretap “[p]rior to the officers’ discovery of [a] factual mistake” that causes or should cause them to realize that they are listening to phone calls “erroneously included within the terms of the” wiretap order. Cf. Garrison, 480 U.S. at 87–88. And once the officers know or should know they are listening to conversations outside the scope of the wiretap order, they must discontinue monitoring the wiretap until they secure a new wiretap order, if possible.
However, this conclusion doesn't automatically result in suppression of the recorded evidence. The Appeals Court notes that the defendant and the government are diametrically opposed on the admissibility of the evidence.
It is unclear how much of the government’s wiretap evidence may fall outside of the “plain hearing” doctrine. Because the parties staked out polarized positions before the district court—the government arguing for all wiretap evidence, Carey for none of it—and because the district court adopted the government’s position in denying the motion to suppress, the record lacks the findings necessary to determine what evidence was admissible against Carey. We vacate the district court’s order denying the motion to suppress and remand on an open record to determine what evidence is admissible against Carey under the legal framework set forth above.
So, we can add "plain hearing" and "plain sight" to the "plain smell" exception used by far too many law enforcement officers to begin fishing expeditions and wander outside the confines of the Supreme Court's Rodriguez decision.
Read More | 8 Comments | Leave a Comment..
More posts from Capitalist Lion Tamer >>