Posted on Techdirt - 30 March 2015 @ 3:45pm
Two things remain certain in life: death... and law enforcement agencies using license plate readers obtained with Homeland Security grants for purposes not even remotely related to securing the homeland.
Here's how Newport News, Virginia's police department obtained its automatic license plate readers:
Grant money from a terrorism prevention program of the U.S. Department of Homeland Security through the Virginia Department of Emergency Management provided the funding for automatic license plate readers for several Hampton Roads agencies, including Newport News, Suffolk, Norfolk, Williamsburg, James City County, York-Poquoson and Isle of Wight, said Laura Southard, public outreach coordinator for the state's emergency management department.
Hampton Roads law enforcement departments received $869,000 in 2009, $357,000 in 2010 and $143,000 in 2011 for license plate readers, Southard said.
And here's what it's doing with them
Delinquent taxpayers in Newport News could have their vehicles impounded if new cameras snap a photo of their license plates around town.
In an attempt to claim the nearly $4 million in delinquent personal property taxes owed, the city will soon begin using license plate scanners to find vehicles on which more than $200 in personal property taxes are owed.
The cameras will be mounted to the backs of six sheriff's department cruisers to automatically read license plate numbers. Those numbers will be cross-searched with a database updated daily of all the license plates in the city with more than $200 in personal property taxes owed, Treasurer Marty Eubank said.
The terms "terrorism" and "drug enforcement" were likely thrown around during the application process, but the end result is the city viewing law enforcement technology as just another revenue generator
. A "hit" from the ALPR will result in the vehicle being towed within three days if the delinquent taxes aren't paid off or a payment plan set up.
While the city has every right to pursue delinquent taxes, it has no business re-purposing federally-purchased law enforcement technology to do so. Citizens concerned about ALPR databases housing millions of non-hit records have always been assured that this technology will be used to fight the baddest of the bad: drug dealers, terrorists, auto thieves, kidnappers, etc. But now it's being used to collect back taxes -- hardly the sort of thing Homeland Security funds should be used for.
Things get even more petty a little down the road in Hampton, Virginia. While Newport News' enforcement efforts don't kick in unless more than $200 is owed, Hampton is all about the Lincolns.
Hampton has one camera mounted to a city minivan, not a police vehicle, which is driven around town every week day, said Dave Ellis, field compliance supervisor in the Hampton Treasurer's Office. When field investigators find a vehicle with a license plate for which more than $5 in property taxes is owed, they first place a warning sticker on the vehicle telling the owner to make contact with the city. If there is no response from the owner after about a week, the investigators go back and remove the license plates or put on a wheel lock, Ellis said.
Hampton's tax-collecting ALPRs were first deployed in 2008. It's left unclear how the usually "law enforcement-only" technology ended up in the city's hands, but most likely a Memorandum of Understanding allowed the transfer of the plate readers. To date, $1.4 million in federal funds have been dispersed to pay for law enforcement's ALPRs -- and now some of them are being used to track down $5 property tax deadbeats.
Isle of Wight doesn't even bother doing its own tax collection efforts. According to the article, this is outsourced to a private company with its own plate readers, meaning there's next to zero accountability. Turning a city job private keeps records related to tax collection efforts a little further away from curious constituents and their Freedom of Information requests.
Not that the Hampton Roads law enforcement network is too concerned about overstepping its bounds or potentially violating constitutional rights. As was covered here late last year, these same law enforcement agencies have built their own
phone record database -- filled with data obtained from subpoenas, warrants and court orders -- which is shared between the multiple agencies with no apparent oversight.
Once you get past the re-purposing of federal funds for local tax collection, you arrive at the question of cost effectiveness. Hampton sends its city vehicle out every weekday
to troll for plates. On top of the paycheck handed out to the driver(s), there's fuel and vehicle wear-and-tear costs to be considered, along with whatever's being paid to maintain the technology and its database. And yet, it seems satisfied to have collected $60,000 in unpaid taxes last year -- seemingly "break even" at best.
The bottom line is this: if you want to use ALPRs to catch delinquent taxpayers, then be upfront about this and use local funds to purchase the equipment. Don't simply use the technology because it's there. Using federally-funded plate readers is basically asking the rest of the US to fund your local
tax collection efforts. And just like when law enforcement deploys these readers, there should be explicit, public
information about how the data is collected, retained and destroyed. Sure, law enforcement agencies have been less than open
about these factors, but at least they have the (poor) excuse that there are means and methods to protect. The cities doing this don't have anything to protect -- at least nothing that would (supposedly) threaten public safety if it were made known.
12 Comments | Leave a Comment..
Posted on Techdirt - 30 March 2015 @ 2:39pm
The recently-released 9/11 Commission's review of FBI tactics in the wake of the 2001 terrorist attacks seems to suggest the agency should perform even more racial profiling than it already does. As Kevin Gosztola of Firedoglake points out, the language in the report places a lot of emphasis on "domain awareness" and pre-crime policing.
Documents the American Civil Liberties Union have been able to obtain show [PDF] that “FBI analysts make judgments based on crude stereotypes about the types of crimes different racial and ethnic groups commit, which they then use to justify collecting demographic data to map where people with that racial or ethnic makeup live.” The FBI uses “domain analysis” to target American Muslims and Islamic institutions.
The similarities between this suggested course of action and the NYPD's infamous "Demographics Unit" (led by a former CIA official) are notable. Both involve questionable tactics like declaring entire mosques
"terrorist organizations" simply because attendees followed the same religion as the 9/11 attackers. Notably, the FBI found the NYPD's tactics so thoroughly violated the rights of those being surveilled that it refused to access
any of the intelligence gathered by the Demographics Unit. That decision ultimately cost the FBI nothing in terms of usable intel. Despite years of rights violations and round-the-clock surveillance, the NYPD's special unit was never instrumental
in preventing attacks or producing significant arrests.
Marcy Wheeler at Emptywheel notes that the FBI's analysis of the 9/11 Commission's reports indicates a significant percentage of FBI agents found racial profiling and pre-crime "investigations" to be a waste of time
According to one anecdote, 20% of analysts (not even Field Agents!) understand the point of this. And even in offices where they do understand, the Field Agents won’t do their part by going and filling in the blanks analysts identify.
The "blanks" are contained in CSCCs (Central Strategic Coordinating Components), linked to field offices' "domain awareness" programs. But one-fifth of agents refused to comply with this directive -- not because 20% of FBI agents are necessarily against racial profiling (documents obtained by the ACLU show otherwise) -- but because the tactic just doesn't work
Call me crazy. But maybe the people responding to actual crimes believe they learn enough in that process — and are plenty busy enough trying to catch criminals — that they don’t see the point of racially profiling people like NYPD does? Maybe they believe the ongoing threats are where the past ones have been, and there’s no need to spend their time investigating where there aren’t crimes in case there ever are in the future?
Doing investigative work like investigators, rather than like surveillance dragnets? That's probably crazy enough to work. Not that the FBI has any desire to dial back its requests for encryption backdoors
and unfettered access to electronic communications, but those actually out in the field seem to know what works and what doesn't. And a constant APB for anyone fitting the "Muslim/Male" description isn't exactly helpful.
Of course, those at the top -- the ones finding this to be a credible way to fight terrorism -- see this 20% as outliers who have failed to "get on the bus." And in a mixture of the worst parts of bureaucracy and corporate culture, they've responded with "do more of what isn't productive, only faster and harder."
Yet rather than analyzing whether this concept serves any purpose whatsoever, it instead says, “it’s corporate policy, no one is doing it well, so it needs to improve.”
There's a lesson here, but those writing the review aren't comprehending it. (Wheeler notes that many of those interviewed for the report aren't actually FBI agents, but rather representatives of other intelligence agencies, like the CIA.) To catch terrorists, you need smarter investigative work, not work that involves blanket surveillance and the rote filling in of blanks. The NYPD should
know this, considering its failure to catch plots later uncovered by the FBI, but it doesn't. Despite the disbandment
of the "Demographics Unit," it still clings to the belief that mass surveillance
beats real police work any day of the week. The FBI has figured this out -- or at least a percentage of its agents have -- but that's not going to be enough to persuade those calling for more of everything to dial back their efforts a bit.
The FBI can be smart, but it's apparently hampered by upper management with an obvious fondness for bad ideas that simultaneously expand the agency's power. If it is how it looks, the real aim of the agency heads is more
power, not fewer
6 Comments | Leave a Comment..
Posted on Techdirt - 30 March 2015 @ 1:33pm
Major corporations are actively monitoring social media during standardized tests. This is being done to "protect" the "integrity" of test questions and answers. None of this is particularly surprising, other than the fact that a member of school administration was the one to blow the whistle on it.
Students in New Jersey are in the middle PARCC testing right now. This is a new standardized test which is administered by Pearson. It's not without its detractors; many parents are opting their kids out of the test, and after what Pearson just did I'm sure the number will grow.
The superintendent's email
A blogger by the name of Bob Braun got his hands on an email one NJ school district superintendent sent out to a mailing list. Said email discusses a dire "security breach" in which a student tweeted a mention of the recent PARCC test.
wasn't sent to remind teaching staff to keep a better eye on testing students. It was sent to inform the rest of them about a situation she (Elizabeth Jewett) found unacceptable. [all emphasis hers]
Good morning all,
Last night at 10 PM, my testing coordinator received a call from the NJDOE [New Jersey Department of Education] that Pearson had initiated a Priority 1 Alert for an item breach within our school. The information the NJDOE initially called with was that there was a security breach DURING the test session, and they suggested the student took a picture of a test item and tweeted it. After further investigation on our part, it turned out that the student had posted a tweet (NO PICTURE) at 3:18PM (after school) that referenced a PARCC test question. The student deleted the tweet and we spoke with the parent -- who was obviously concerned as to her child's tweets being monitored by the DOE. The DOE informed us that Pearson is monitoring all social media during PARCC testing. I have to say that I find this disturbing -- and if our parents were concerned before about a conspiracy with all the student data, I am sure I will be receiving more letters of refusal once this gets out (not to mention the fact that the DOE wanted us to also issue discipline to the student). I thought this was worth sharing with the group.
Well, the news has gotten out, spreading from Bob Braun's blog to the New York Times
and Washington Post
. Pearson remains unapologetic for its protection of its test turf, noting that it only monitors public
social media posts and cross-references those to ensure it's only reporting currently-testing students to various education agencies. All well and good, but when a private company wields the power to nudge public schools into disciplining students for so-called "security breaches," it's a bit of a problem.
This widespread coverage has prompted several educational entities to take action
In response to parent concerns, states using Pearson’s new PARCC exam did ask the company to stop cross-checking the names of students suspected of making inappropriate posts against the company’s list of registered test-takers. And New Jersey officials said Thursday that they would review the monitoring process to make sure student privacy is not compromised.
But Pearson isn't the only company keeping an eye on students for school administrators. Politico's coverage contains statements from a number of social media monitoring companies that provide surveillance tools and reporting to a variety of institutions.
Caveon is monitoring social networks on behalf of Pearson to safeguard against leaks of Common Core testing questions. Others -- like the infamous Geo Listening
-- are there simply to monitor and report.
Enter the surveillance services, which promise to scan student posts around the clock and flag anything that hints at bullying, violence or depression. The services will also flag any post that could tarnish the reputation of either the student or the educational institution. They’ll even alert administrators to garden-variety teenage hijinks, like a group of kids making plans to skateboard on school property .
Some of the monitoring software on the market can track and log every keystroke a student makes while using a school computer in any location, including at home. Principals can request text alerts if kids type in words like “guns” or “drugs,” or browse websites about anorexia or suicide. They can even order up reports identifying which students fritter away hours on Facebook and which buckle down to homework right after dinner.
Other programs scan all student emails, text messages and documents sent on a school’s online platform and alert school administrators — or law enforcement — to any that sound inappropriate.
Some of the tools run covertly. Others are expressly pointed out by administration to increase the deterrent factor. Some even go so far as to cross-reference multiple social media accounts in order to strip away students' anonymity on networks where no "real name" is required.
These companies generate tons of data and possible "hits," but how useful are they? Gaggle
, a service that scans emails, texts and discussion boards for "anything inappropriate," says it sends "thousands" of alerts to schools every year. But its contribution to a better-behaved student body is decidedly minimal.
In Deerfield, Gaggle has unearthed just one serious incident in the past the 18 months — an eighth-grader emailing a nude photo of herself, [Deerfield Superintendent Michael] Lubelfeld said.
The same goes for the other monitoring software deployed by Lubelfeld's school district -- which monitors students' computer usage. Only a "few violations" have been detected despite its constant presence.
Sure, the accounts may be public and there's no expectation of privacy in tweets, Facebook posts and school computer usage, but Pearson's monitoring didn't restrict itself to testing hours or even, indeed, school
hours. The scope of these companies' surveillance lends itself to tons of false positives, and this can have a very negative effect on students who are going to find themselves punished for off-campus behavior -- or worse, for doing nothing wrong at all.
10 Comments | Leave a Comment..
Posted on Techdirt - 30 March 2015 @ 3:47am
It's no secret that many companies monitor their employees' computer use. But things are going much further than simply ensuring the normal "don'ts" -- file sharing, porn viewing, etc. -- are tracked for disciplinary reasons. Companies are now on the lookout for the next "insider threat." Some companies are viewing the Snowden saga as the ultimate cautionary tale, albeit one that results in more surveillance rather than less. (via Dealbreaker)
Guarding against such risks is an expanding niche in the security industry, with at least 20 companies marketing software tools for tracking and analyzing employee behavior. “The bad guys helped us,” says Idan Tendler, the founder and chief executive officer of Fortscale Security in San Francisco. “It started with Snowden, and people said, ‘Wow, if that happened in the NSA, it could happen to us.’ ”
But the effort to find -- and prevent -- the next "insider threat" from damaging his or her company seems to be just as misguided as the government's efforts
to do the same. Looking for potential threats often results in viewing almost everything
as an indicator of future treachery.
One company cited "changes in email habits" as being indicative of an "insider threat." Others, like Stroz Friedberg, aren't as selective. The company, started by former FBI agent Edward Stroz, veers into the same dangerous territory the government does when rooting out "threats." In its hands, normal activities are viewed with suspicion by its monitoring software.
The software establishes a base line and then scans for variations that may signal that an employee presents a growing risk to the company. Red flags could include a spike in references to financial stresses such as “late rent” and “medical bills.”
And what better way to tackle "late rent" or "medical bills" than suddenly finding yourself unemployed simply because re-purposed FBI analytic software thinks any small sign of (possibly temporary) financial instability indicates your next move will be to steal something. Millions of people in the US deal with these realities frequently -- especially the latter. And yet, millions of employees still find other ways to tackle these problems instead of dipping their hands in the tills or running off with sensitive documents.
Stroz's software also thinks -- like the government -- that an unhappy employee
is a malicious employee.
He offers the scenario of a star trader at a bank who’s disappointed with the size of her annual bonus. Instead of being blindsided when she defects to a rival, a bank using Scout could identify her discontent early and make sure she doesn’t take sensitive data or other team members with her.
Or, the company could try to work with the employee rather than just secretly track her until her eventual exit. Once again, unhappy employees leave companies all the time without taking anything with them. Sure, a few do, but the deployment of software like this will generally produce more false positives (and a further strain work relationships) than insider threats. And there's nothing like firing people for something they haven't
done (but might!) to endear a company to its remaining employees.
Despite all of this, Edward Stroz believes his company's predictive employee policing software is just another way for companies to show their employees how much their staff means to them.
He’s still careful when discussing the software, describing it as a way to help employers build a “caring workplace.”
Oh, it's anything but. While employees will often accept monitoring of their internet/computer usage as being a necessary part of the employee-employer relationship, they're not going to be happy to find out that searching for information about medical bills might see them lose a source of income. And they're definitely not going to be thrilled to learn that expressing displeasure about company practices and policies may result in the same thing. If a company wants to foster a "caring workplace," it should be addressing
employee discontent, not monitoring
it. But what do you expect from companies -- and the entities that provide them with spyware -- that view the Snowden leaks as justifying
Oh, and employees had better believe their file sharing use will be actively monitored (and used against them). Stroz Friedberg may be making enterprise pre-crime software now, but its past as an RIAA lobbying firm
(and its slightly-later past as a Six Strikes "independent expert
") has been well-noted.
27 Comments | Leave a Comment..
Posted on Techdirt - 27 March 2015 @ 7:39pm
It doesn't happen often, but a judge has called out police officers for using a non-existent offense -- "contempt of cop" -- to justify the use of force against a detained person. Multnomah County (OR) Judge Diana Stewart cleared 16-year-old Portland resident Thai Gurule of several charges brought against him after he was pummeled and tased by police officers for… well, basically for responding angrily to a somewhat derogatory gesture.
Police that night had been looking for a group of seven to nine African American men, including one shirtless one, who had been walking the streets, reportedly damaging property and yelling profanities. Within minutes of receiving the group's last known location, police several blocks away focused their attention on a group of three young men: Gurule, his 20-year-old brother and their friend.
That was the narrative up to the point where Thai Gurule found himself on the receiving end of fists and Tasers. Ignoring the fact that this group had little in common with the suspects other than race, we come to what turned this incident into a confrontation and, finally, a one-side melee.
The following comes from the judge's statement
on the dismissal of charges:
As the youth walked past, Officer Hughes said, "Hey" to the youth and when the youth continued, he again said, "Hey" and clapped his hands.
Thai Gurule turned to face Officer Hughes and in an angry or aggressive voice said "Don't fucking clap your hands at me". Officer Hughes stepped forward while the youth stepped back.
Cue escalation. The officers decided to cuff Gurule (for "resisting arrest," apparently). As a crowd began to gather, the officers decided to move Gurule into a prone position for cuffing, supposedly for officer safety. But rather than let Gurule move to a prone position, one of the officers decided to speed up the process by sweeping Gurule's feet out from underneath him. From that point, it became an uncontrolled beating. One officer held Gurule by the hair while the other two wrestled him to the ground and hit him multiple times with their fists and knees. Finding the one-sided "struggle" to be ineffective, Sgt. Lile deployed his Taser.
After they were done throwing blows, the officers threw the book at Thai Gurule, listing all of the following charges on the police report
Interference with public safety
The accompanying reports filed by the officers maintained that Gurule repeatedly swung his fists at officers and tried to choke one of them. Unfortunately for these officers, multiple recordings of the incident
that contradicted their narrative were made available to the judge.
Judge Stewart was obviously irate at the thick stack of lies delivered to her in the form of police reports and sworn testimony. She also was none too happy with the officers' justification for initiating the arrest of a person who had done nothing more than fail to treat Officer Hughes with as much deference as he felt he deserved. Not only did she dismiss the charges, but she read the entire damning dismissal order out loud.
In discussing the "resisting arrest" charge, Judge Stewart also addressed the pure BS motivating the officers' arrest of Gurule. She points out there's an exceedingly low bar that needs to be met to satisfy the requirements for bringing this charge, but the officers couldn't even meet that.
Actual restraint was placed upon the youth at the moment that Officers Hughes and Hornstein placed control or escort holds on the youth. At that moment, even given the broad authority described above, there is insufficient evidence before the court that the Officers were operating under their community caretaking function, or therefore under color.
At that time, there is no evidence of concerns about a crowd forming. That concern arose as much as a minute later when the officers decided to take the youth to the ground.
Establishing this, she gets to the heart of the matter.
The only facts before the court are that the youth failed the attitude test when he turned and aggressively complained about Officer Hughes clapping him hands. Officer Hughes stepped forward and the youth stepped back and Officer Hughes, immediately followed by Officer Hornstein placed the holds restraining the youth.
And there it is: the bogus arrest was prompted by a little disrespect Officer Hughes just couldn't handle. It is surprising enough that a judge would call out an officer for this sort of behavior. It's even more surprising that she would move on to allowing an arrested suspect's self-defense claims stand. In most cases, the judicial branch shows deference to police officers who use excessive force in their
self-defense ("feared for their safety"). In this instance, the deference went the other way.
[W]hile a person may not use physical force to resist what is actually or perceived by the defendant to be an unlawful arrest, a person may use physical force in defending oneself from excessive use of force by an arresting officer. Any injury caused to an officer in the course of engaging in a justifiable use of force to defend oneself may under such circumstances be justified and not criminal.
In this case, the youth's age is a relevant factor which the court considers even without the testimony of youth. Therefore, the question before the court is whether this youth and a reasonable 16 year old youth in his position would have believed that the use or imminent use of force against him exceeded the force reasonably necessary and whether he was entitled to defend himself with a degree of force which a reasonable 16 year old would reasonably believe to be necessary for the purpose.
The take down, although intended to be gentle and with adequate warning was nothing like that plan. Officer Hornstein swept the youth's feet out from under him causing him the sensation of falling forward without the use of his hands to break his fall. The next 35 to 45 seconds was a melee of fists and punches and bodies falling upon him. Prior to reaching the wall, the youth was attempting to regain his footing and get back on his feet and remove himself from what a reasonable person would have felt was a senseless and aggressive use of excessive physical force.
Once at the wall, the independent evidence of the video clips is less clear but continues to show the youth trying to struggle away from the officers rather than engage in a physical altercation…
[G]iven that confusion, rapidity of events, the tangle of officers and the youth and the confusion caused by the crowd, I find that as to all charges herein, the state has not established beyond a reasonable doubt that the youth was not reasonably justified in the use of self-defense as to all of the charges herein.
And with that, Thai Gurule is no longer facing criminal charges. As of yet, there's no word of what consequences, if any, are awaiting the officers involved. The city's police department is only a couple of years removed from a DOJ investigation
, but incidents like these show there's still work to be done.
And, of course, the local police union has greeted this decision with assertions that the officers involved did nothing wrong and that Judge Stewart is nothing more than an armchair quarterback
, but you'll have to click over to Popehat to read Ken White's entertaining/infuriating take
on the union head's counterclaims.
Read More | 66 Comments | Leave a Comment..
Posted on Techdirt - 27 March 2015 @ 9:37am
The Pentagon may not know where some very sensitive equipment has disappeared to, but a variety of private resellers seem to have some idea where it might be found. A leaked US Naval Criminal Investigative Service (NCIS) document obtained by The Intercept details the agency's inability to keep track of its explosives-detecting equipment, bequeathed to it by the Defense Department's Joint Improvised Explosive Device Defeat Organization (JIEDDO).
While it did manage to track down some of its missing equipment at various equipment resellers (the document lists a variety of URLs, including ebay.com and craigslist.org), it still has no idea how much of it is still in the military's possession.
In all, more than 32,000 pieces of equipment were issued. Some kits are still in use, making it difficult to compile a precise inventory of what was issued and what might be missing.
The March 2014 document asks for assistance in locating missing devices to prevent them from being used against the US and its allies. It also points out that the failure to keep tabs on this equipment is mostly internal.
These investigations also determined the loss and theft of advanced technologies intended to give US military personnel tactical advantage on the battlefield was due to poor accountability controls by many of the military units who were issued the gear.
The Intercept managed to track down two eBay listings for NCIS equipment -- one from December of last year
and an active listing
for a CNVD-T Clip-On Night Vision Device Thermal System. For only $16,599, this equipment can be yours.... (Update: For what it's worth, the ebay seller featured below got in touch to insist that he is a licensed dealer of these items from the manufacturer, and that it's perfectly legal to sell these items
As is to be expected from a task force that is apparently unable to control its own inventory, JIEDDO isn't a great steward of taxpayer funds.
JIEDDO has been heavily criticized over the years for expending large sums of money without attaining clear results. According to a 2012 report by the Government Accountability Office, JIEDDO had spent over $18 billion yet lacked an effective way to oversee its programs.
And as is so often the case when the government finds new ways to hand out military gear, those receiving the handouts seem alarmingly unconcerned with keeping close tabs on the equipment's whereabouts. Last year, another Pentagon-related equipment dispersal program caught heat
for its lousy inventory control systems. The 1033 program, which hands out military equipment and weapons to local law enforcement agencies, is decentralized and disorganized, leading to 184 law enforcement agencies losing their access to militarization toys for misplacing everything from several assault rifles to an entire Humvee.
So, the Department of Defense may do several things well, but ensuring sensitive/powerful military gear remains in its control -- rather than in the hands of enemies or eBay users -- isn't one of them.
And, of course, the NCIS has refused to comment on the leaked document and has yet to make a bid it can neither confirm nor deny on its former property. If you're so inclined, you can always contact the not-quite-redacted Steve Sheldon, Intelligence Specialist (NCIS Southwest Field Office) at (619) 556-1106 and inquire as to whether ~$17,000 is a fair price for a "like new" clip-on night vision scope.
Read More | 17 Comments | Leave a Comment..
Posted on Techdirt - 27 March 2015 @ 8:18am
The TSA's PreCheck program also expedites security screening for "notorious convicted felons" and "former domestic terrorists." Who knew? From the sounds of its in-depth pre-screening efforts, you would think (unnamed) convicted felons wouldn't be able to sail past the checkpoint without even slowing down, but apparently, that's exactly what happened. And it's not just any former felon/domestic terrorist, but one who was previously convicted of murder and offenses involving explosives. (via Kevin Underhill/Lowering the Bar)
The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure alleging a sufficiently notorious convicted felon was improperly cleared for TSA Pre✓ screening, creating a significant aviation security breach. The disclosure identified this event as a possible error in the TSA Secure Flight program since the traveler’s boarding pass contained a TSA Pre✓ indicator and encrypted barcode.
The good news (such as it were) is that the TSA did not
grant the unnamed felon/terrorist PreCheck approval through its laborious and intrusive
application process. It also didn't wave him/her through because lines were backing up at the normal checkpoints. (This is called "Managed Inclusion" by the TSA, but it more resembles "For the Hell of It
" in practice…) That ends the good news.
It did, however, use its "risk assessment rules" to determine the terrorist/felon to be of no threat. This might be encouraging news for former felons/domestic terrorists, perhaps signaling that government agencies may ultimately forgive some criminal acts and not subject former felons to additional security harassment in perpetuity. Then again, this may just be the TSA's excuse for waving someone with questionable PreCheck clearance through security because a checkmark -- and its own internal bureaucracy -- told it to.
We also determined the Transportation Security Officer (TSO) followed standard operating procedures, but did not feel empowered to redirect the traveler from TSA Pre✓ screening to standard lane screening.
The OIG recommends more "empowerment" for rank-and-file. Good luck with that. If officers don't feel empowered, it's because management has shown them that questioning the (broken and wildly inconsistent) system isn't an option. Neither is doing any independent thinking. When this officer attempted to push it up the line, he/she ran into a pretty predictable response.
[T]he TSO knew of the traveler's TSA Pre✓disqualifying criminal convictions. The TSO followed the standard operating procedures and reported this to the supervisory TSO who then directed the TSO to take no further action and allow the traveler through the TSA Pre✓ lane. As a result, TSA does not have an incident report for this event.
One of the TSA's Behavioral Detection Officers (highly-trained in the art of the mental coin toss
) was also contacted by the concerned officer. And, again, no further action was taken/recommended.
In the end, a felon/terrorist boarded a plane because the TSA's bureaucratic process can't handle contradictory variables. The PreCheck approval said "yes," but the previous convictions said PreCheck approval should never have happened. The TSA deferred to the obviously incorrect checkmark on the boarding pass. And now we have the punchline to the joke that starts, "A murderer with explosives experience walks into a PreCheck lane…"
The OIG's mostly-redacted recommendation criticizing the TSA's over-reliance on fallible pre-screening processes was mostly ignored by the agency.
TSA officials did not concur with Recommendation 1. In its response, TSA said that with respect to individuals who may pose an elevated security risk to commercial aviation, theU.S. Government's approach to domestic aviation security relies heavily on the TSDB and its Selectee List and No Fly List subcomponents. TSA said, had the intelligence or national law enforcement communities felt that this traveler posed an elevated risk to commercial aviation, they would have nominated the traveler to one of these lists and prevented the traveler from being designated as lower-risk.
To which the OIG responded, "Well, that 's obviously not working because this traveler should have been automatically denied PreCheck approval."
We consider TSA's actions nonresponsive to the intent of Recommendation 1, which is unresolved and open. TSA said it relies on the U.S. Government watchlisting process to identify individuals that represent an elevated risk to commercial aviation. However, not all non-watchlisted passengers are lower-risk and eligible for TSA Pre✓. For example, TSA has established disqualifying criteria, in addition to the watchlisting process, for an applicant seeking TSA Pre✓ Application Program membership. TSA will deny membership to an applicant convicted of any of the 28 disqualifying criminal offenses or not a U.S. citizen or Lawful Permanent Resident. Even though the traveler is not watchlisted, the traveler would be permanently ineligible for TSA Pre✓.
And yet, a convicted murderer has been PreCheck approved. The TSA wants to blame the rest of the government. The OIG just wants someone to use common sense, rather than never questioning a boarding pass. The OIG has a good point. The TSA claims it's shifting to a smarter, more responsive travel security, like the PreCheck program and its many Behavioral Detection Officers. But when a situation involving both arose, it left the thinking to its brainstem -- unwavering faith in databases and policy -- rather than making any move indicative of higher thought processes.
Read More | 16 Comments | Leave a Comment..
Posted on Techdirt - 27 March 2015 @ 4:07am
With bots performing all sorts of intellectual property policing these days, fair use considerations are completely off the table. Nuances that can't be handled by a bot should theoretically be turned over to a human being in disputed cases. Unfortunately, dispute processes are often handled in an automated fashion, leading to even more problems.
Tolriq Yatse, the developer of a popular Xbox Media Center (XMBC) remote control app for Android phones, ran into this very problem with Google's Play Store, which suddenly dumped his app over "intellectual property violations" after more than 2 years of trouble-free listing. This might have been a quick fix if Google had been more forthcoming with details, but all Yatse received was a brief notice as his app was removed from the Play store.
Nothing was changed at all apart filling the new forced content rating form and suddenly lost all my revenues.
I hope someone human answer with details soon, but I'm joining the anger from all developers around about how #Google treat devs, take 30% share without problem but certainly do not do support or act as human when killing someone.
His complaints reached his fans and customers, who then made their presence felt. This finally prompted a Google human to give Yatse the details he needed so he could fix his app and get it relisted
Thank you for your additional comments.
As previously explained, your promotional images include content that you do not appear to have permission to distribute. For example, images related to films are most likely protected by the various studios that produced and released them. It is reasonable to assume that these would not be made legally available in public domain or via Creative Commons as most studios are extremely protective of their intellectual property. The same could be said of images from various TV series…
This part of Google's response refers to screenshots used in the app's listing. They used to look something like this…
The images used here are only indicative of the app's capabilities. Even if (obviously) unlicensed, the app doesn't promise anything more than control of XBMC content. It doesn't promise access to studios' offerings or otherwise act as a movie/TV show portal. In this context, the movie posters displayed in the screenshots would appear to fall under "fair use." Google's response to Yatse indicates that, even with a human now involved, the Play Store won't tolerate the use of unlicensed images in "promotional" screenshots.
In fact, fair use isn't even discussed. Instead, Google asked Yatse to prove ownership of the disputed artwork before the app could be relisted.
If you are able to prove otherwise, either via direct authorization from a studio representative or the location where you sourced these images (public domain and/or Creative Commons), we could review that information and reconsider the merits of this case.
The motivating factor for this non-consideration is potential litigation, according to the Google Play Team.
This may represent a change from two years ago in that most studios today will file complaints over use of their content unless someone has entered into an agreement with them on some level, and that should not come as a surprise to you.
Even with a direct response, there are still some gray areas the developer is left to address himself.
We are unable to provide specific guidance as to which images may be allowed, but we trust that you will use your best judgment based on what we have mentioned above and in previous communications.
As Yatse points out, this isn't good news for developers.
The answer is very interesting for all Google Play developers :
- Google will remove your application on suspicions and not on real facts.
- No human will check what you upload or say.
- It's nearly impossible to have a real contact and support.
- You need to try to fix problem yourself without details and hope to have it fixed before ban. (Very hard when in fact there's no problem)
Google Play has moved to preemptive takedowns, unprompted by studio complaints. This isn't a good thing. It may protect Google (but only slightly, considering the studios' ongoing antipathy
towards the tech company) but it does nothing for developers whose sales it takes a portion of.
In response, Yatse has swapped out the offending artwork for CC-licensed and public domain works. But even that wasn't enough for the Google bots. Those images had to be removed
before his app was approved for relisting.
#Yatse is now back on Play Store, without any images until I can figure out what the Google bot does not like in open sources ones.
This understandably limits his options and makes it much harder to convey the app's functionality. Here are the screenshots currently available at Google Play
, which show that Yatse (the app) is probably some sort of remote control program and has some color options.
So, based on no complaints from studios or other rights holders, an app comes down. And even with the use of properly-licensed images, it fails to be reinstated. And throughout all of the discussions, fair use isn't mentioned a single time. That's the reality of preemptive IP policing, and it's unlikely to change anytime soon.
49 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 3:47pm
Good news from California: a bill requiring warrants for Stingray device usage (among other things) has passed out of a Senate committee and is headed for an assembly vote.
Among other sweeping new requirements to enhance digital privacy, the bill notably imposes a warrant requirement before police can access nearly any type of digital data produced by or contained within a device or service.
In other words, that would include any use of a stingray, also known as a cell-site simulator, which can not only used to determine a phone’s location, but can also intercept calls and text messages. During the act of locating a phone, stingrays also sweep up information about nearby phones—not just the target phone.
Despite similar bills being killed by governor vetoes in 2012 and 2013, California legislators are still looking to reform the state's privacy laws. For one thing, this new bill would put the state's Electronic Communication Privacy Act in compliance with the Supreme Court's recent Riley v. California
decision (warrant requirement for cell phone searches incident to arrest), as Cyrus Farivar points out.
The committee passed it with a 6-1 vote, suggesting there's broader support for privacy and Fourth Amendment protections now
than there were in the pre-Snowden days. Of course, the usual opposition was on hand to portray those pushing for a warrant requirement as being in favor of sexually abusing children.
[Marty] Vranicar [California District Attorneys Association] told the committee that the bill would "undermine efforts to find child exploitation," specifically child pornography.
"SB 178 threatens law enforcement’s ability to conduct undercover child porn investigation. the so-called peer-to-peer investigations," he said. "Officers, after creating online profiles—these e-mails provide metadata that is the key to providing information. This would effectively end online undercover investigations in California."
Vranicar failed to explain how an officer conducting an ongoing investigation would be unable to obtain a warrant for PTP user data… unless, of course, the "investigation" was nothing more than unfocused trolling or a sting running dangerously low on probable cause. Nothing in the bill forbids officers from using other methods -- Fourth Amendment-respecting methods -- to pursue those suspected of child exploitation. What it does do is make it more difficult to run stings and honeypots, both of which are already on shaky ground in terms of legality.
Additionally, the bill
demands extensive reporting requirements pertaining to government requests for data, and makes an effort to strip away the secrecy surrounding search warrants.
1546.2 (a) Except as otherwise provided in this section, any government entity that executes a warrant or wiretap order or issues an emergency request pursuant to Section 1546.1 shall contemporaneously serve upon, or deliver by registered or first-class mail, electronic mail, or other means reasonably calculated to be effective, the identified targets of the warrant, order, or emergency request, a notice that informs the recipient that information about the recipient has been compelled or requested, and states with reasonable specificity the nature of the government investigation under which the information is sought. The notice shall include a copy of the warrant or order, or a written statement setting forth facts giving rise to the emergency.
(b) If there is no identified target of a warrant, wiretap order, or emergency request at the time of its issuance, the government entity shall take reasonable steps to provide the notice, within three days of the execution of the warrant, to all individuals about whom information was disclosed or obtained.
This isn't blanket coverage or without exceptions. Officers can still offer sworn affidavits in support of sealing to the court, which may then seal warrants on a rolling 90-day basis at its discretion.
Law enforcement will continue to fight this bill, but its opposition seemingly had no effect on the Public Safety Committee. This bill brings the government into a much tighter alignment with the wording and the intent of the Fourth Amendment. The arguments against it demonstrate that the law enforcement community continues to prize efficient policing over the public's (supposedly) guaranteed rights.
Read More | 12 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 2:36pm
Cyber-this and cyber-that. That's all the government wants to talk about. The NSA, which has always yearned for a larger slice of the cybersecurity pie, is pushing legislators to grant it permission to go all-out on the offensive to protect
foreign-owned movie studios the USofA from hackers.
NSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody’s guess, but the idea that the NSA is somehow hamstrung is absurd.
Yes, we (or rather, our representatives) are expected to believe the NSA is just barely getting by when it comes to cyber-capabilities. Somehow, backdoors in phone SIM cards
, backdoors in networking hardware
, backdoors in hard drives
, compromised encryption standards
, collection points on internet backbones
, the cooperation of national security agencies around the world
, stealth deployment
of malicious spyware, the phone records
of pretty much every American, access to major tech company data centers
, an arsenal
of purchased software and hardware exploits, various odds and ends yet to be disclosed and the full support of the last two administrations just isn't enough. Now, it wants the blessing of lawmakers to do even more than it already does. Which is quite a bit, actually.
The NSA runs sophisticated hacking operations all over the world. A Washington Post report showed that the NSA carried out 231 “offensive” operations in 2011 - and that number has surely grown since then. That report also revealed that the NSA runs a $652m project that has infected tens of thousands of computers with malware.
That was four years ago -- a lifetime when it comes to an agency with the capabilities the NSA possesses. Anyone who believes the current numbers are lower is probably lobbying increased power. And they don't believe
it. They'd just act like they do.
Unfortunately, legislators may be in a receptive mood. CISA
-- CISPA rebranded -- is back on the table. The recent Sony hack
, which caused millions of dollars of embarrassment, has gotten more than a few of them fired up
about the oft-deployed term "cybersecurity." Most of those backing this legislation don't seem to have the slightest idea (or just don't care) how much collateral damage it will cause or the extent to which they're looking to expand government power.
The NSA knows, and it wants this bill to sail through unburdened by anything more than its requests for permission to fire.
The bill will do little to stop cyberattacks, but it will do a lot to give the NSA even more power to collect Americans’ communications from tech companies without any legal process whatsoever. The bill’s text was finally released a couple days ago, and, as EFF points out, tucked in the bill were the powers to do the exact type of “offensive” attacks for which Rogers is pining.
In the meantime, Section 215 languishes slightly, as Trevor Timm points out. But that's the least of the NSA's worries. It has tech companies openly opposing
its "collect everything" approach. Apple and Google are both being villainized by security and law enforcement agencies for their encryption-by-default
plans. More and more broad requests for user data are being challenged, and (eventually) some of the administration's minor surveillance tweaks will be implemented.
Section 215 may die. (Or it may keep on living even in death, thanks to some ambiguous language in the PATRIOT Act.) But I would imagine the bulk phone metadata is no longer a priority for the NSA. It has too many other programs that harvest more and face fewer challenges. The NSA wants to be a major cyberwar player, which is something that will only increase its questionable tactics and domestic surveillance efforts. If it gets its way via CISA, it will be able to make broader and deeper demands for information from tech companies. Under the guise of "information sharing," the NSA will collect more
less. And what it does share will be buried under redactions, gag orders and chants of "national security." Its partnerships with tech companies will bear a greater resemblance to parasitic relationships than anything approaching equitable
, especially when these companies will have this "sharing" foisted upon them by dangerously terrible legislation.
But until it reaches that point, the NSA will keep claiming it's under-equipped to handle the modern world. And it will continue to make the very dubious claim that the best defense is an unrestrained offense.
27 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 12:32pm
Well, this is (potentially) good news. New York is going forward with the first "right to repair" bill in the nation, as pointed out on Twitter by Amanda Levendowski. The bill will allow constituents to bypass manufacturer-authorized dealers/repair centers and use smaller (and cheaper) repair outlets. Or, if neither seems within the price range, they're more than welcome to perform these repairs -- using previously-hidden manufacturer specs and instructions -- themselves.
Perhaps the best thing about the bill (if it passes with as few loopholes as possible) is that it will eliminate the sort of ridiculousness that has been the end result of this tight grip on repair "permission." Like Immigrations and Customs Enforcement (ICE) raiding repair shops for using aftermarket products. Or teens being sued by multi-billion dollar companies for doing the same. Or local governments requiring unrelated licenses to be obtained before a person can start offering repairs.
Here's what's being authorized before the exceptions kick in. (ALL CAPS in the original.)
MANUFACTURERS OF DIGITAL ELECTRONIC PARTS AND MACHINES SOLD OR USED IN THE STATE OF NEW YORK SHALL:
I. MAKE AVAILABLE FOR PURCHASE BY INDEPENDENT REPAIR FACILITIES OR OTHER OWNERS OF PRODUCTS MANUFACTURED BY SUCH MANUFACTURER DIAGNOSTIC AND REPAIR INFORMATION, INCLUDING REPAIR TECHNICAL UPDATES, UPDATES AND CORRECTIONS TO FIRMWARE, AND RELATED DOCUMENTATION, IN THE SAME MANNER SUCH MANUFACTURER MAKES AVAILABLE TO ITS AUTHORIZED REPAIR CHANNEL. EACH MANUFACTURER SHALL PROVIDE ACCESS TO SUCH MANUFACTURER'S DIAGNOSTIC AND REPAIR INFORMATION SYSTEM FOR PURCHASE BY OWNERS AND INDEPENDENT REPAIR FACILITIES UPON FAIR AND REASONABLE TERMS; AND
II. MAKE AVAILABLE FOR PURCHASE BY THE PRODUCT OWNER, OR THE AUTHORIZED AGENT OF THE OWNER, SUCH SERVICE PARTS, INCLUSIVE OF ANY UPDATES TO THE FIRMWARE OF THE PARTS, FOR PURCHASE UPON FAIR AND REASONABLE TERMS…
EACH MANUFACTURER OF DIGITAL ELECTRONIC PRODUCTS SOLD OR USED IN THE STATE OF NEW YORK SHALL MAKE AVAILABLE FOR PURCHASE BY OWNERS AND INDEPENDENT REPAIR FACILITIES ALL DIAGNOSTIC REPAIR TOOLS INCORPORATING THE SAME DIAGNOSTIC, REPAIR AND REMOTE COMMUNICATIONS CAPABILITIES THAT SUCH MANUFACTURER MAKES AVAILABLE TO ITS OWN REPAIR OR ENGINEERING STAFF OR ANY AUTHORIZED REPAIR CHANNELS. EACH MANUFACTURER SHALL OFFER SUCH TOOLS FOR SALE TO OWNERS AND TO INDEPENDENT REPAIR FACILITIES UPON FAIR AND REASONABLE TERMS.
That's the good part. But there are potential loopholes in the bill already, including a major exception for one of the most tightlipped industries: auto manufacturers.
NOTHING IN THIS SECTION SHALL APPLY TO MOTOR VEHICLE MANUFACTURERS OR MOTOR VEHICLE DEALERS AS DEFINED IN THIS SECTION.
If any industry needs to be covered under a "right to repair," it's the auto industry, which has continually abused intellectual property laws
to keep the general public from diagnosing their own vehicles in order to perform their own repairs.
There's other potential bad news in there as well.
NOTHING IN THIS SECTION SHALL BE CONSTRUED TO REQUIRE A MANUFACTURER TO DIVULGE A TRADE SECRET.
Yeah. Guess what's going to start being declared "trade secrets?" Probably almost everything the bill orders manufacturers to make available to the public. Even if this bill passes, there's going to be a ton of litigation over what does and does not define a "trade secret." In the meantime, the public will be no better off than they were before the bill's passage.
And there's this exception, which would seem to pick up whatever slack "trade secrets" can't.
NOTHING IN THIS SECTION SHALL BE CONSTRUED TO REQUIRE MANUFACTURERS OR AUTHORIZED REPAIR PROVIDERS TO PROVIDE AN OWNER OR INDEPENDENT REPAIR PROVIDER ACCESS TO NON-DIAGNOSTIC AND REPAIR INFORMATION PROVIDED BY A MANUFACTURER TO AN AUTHORIZED REPAIR PROVIDER PURSUANT TO THE TERMS OF AN AUTHORIZING AGREEMENT.
"Non-diagnostic" could become the new "diagnostic." And the use of the word "and" seems to make "repair information" off-limits if any agreements are already in place with authorized dealers and repair shops.
There's also a good chance the bill's "fair and reasonable terms" will be construed as permission to price independent repair shops and the general public out of the market. Legislators obviously can't set base prices (or even determine a fair market price -- that information is kept under wraps as well), so the suggestion of a "fair" price is open to advantageous interpretation. There's an attempt to set some limits in the bill's definitions, with the most significant one being "THE ABILITY OF AFTERMARKET TECHNICIANS OR SHOPS TO AFFORD THE INFORMATION," but that, again, is going to generate a lot of friction (possibly of the litigious variety) when manfacturers and the rest of the public repeatedly fail to agree on the definition of "affordable."
Still, it's more than most governments are willing to attempt. Massachusetts passed one in 2013
-- one that targeted
auto manufacturers and dealers. It met with the usual resistance
from the auto industry (both ends) but gathered 86% of the public's votes, clearly signaling unhappiness with the automakers' closed systems. A federal "right to repair" law has been mooted several times
, but has never gained significant traction.
If this bill is going to succeed as a law, legislators need to do some loophole stitching pre-passage, and regulators will need to keep a very close eye on reticent manufacturers after it becomes law.
Read More | 13 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 11:33am
Since the Snowden leaks began, there have been several efforts made -- legislative and administrative -- in response to the exposure of the NSA's domestic surveillance programs. Some have been real fixes. Some have been fake fixes. Others have targeted the thing the NSA desires even more than seemingly limitless access to data from all over the world: funding.
But none of these, not even the President's weak reform efforts, have managed to take hold. Neither will this, most likely, although you have to admire the audacity of the bill's authors, Reps. Thomas Massie and Marc Pocan.
The bill would completely repeal the Patriot Act, the sweeping national security law passed in the days after Sept. 11, 2001, as well as the 2008 FISA Amendments Act, another spying law that the NSA has used to justify collecting vast swaths of people's communications through the Internet.
If anything's due for a complete revamp, if not a complete repeal, it's the Patriot Act. It wasn't even good legislation back when it was passed. At best, it was "timely," which is a term that gives the rushed, secretive, knee-jerk legislation far more credit than it deserves. Pocan and Massie's (the latter of which has just introduced
a new phone-unlocking bill with Rep. Zoe Lofgren to replace the bad one
passed by the House in 2014) "Surveillance State Repeal Act
" doesn't waste any time "tinkering around the edges."
Not only would the bill repeal the law, it would reset anything (amendments/additional government powers) brought into force by the Patriot Act and
the FISA Amendments Act of 2008. On top of that, it would demand the immediate deletion of tons of data from the NSA's collections.
DESTRUCTION OF CERTAIN INFORMATION.—The Director of National Intelligence and the Attorney General shall destroy any information collected under the USA PATRIOT Act (Public Law 107-56) and the amendments made by such Act, as in effect the day before the date of the enactment of this Act, concerning a United States person that is not related to an investigation that is actively ongoing on such date.
The bill, oddly, also describes a path towards FISA Judge For Life positions.
TERMS; REAPPOINTMENT.—Section 103(d) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1803(d)) is amended— (1) by striking ‘‘maximum of seven’’ and inserting ‘‘maximum of ten’’; and (2) by striking ‘‘and shall not be eligible for re-designation’’.
Which is fine (not really) if you like
the judges already appointed. But this is the sort of thing that leads to the permanent appointment of judges favored by either side of the surveillance question. And so far, presidential administrations have come down in favor of domestic surveillance. Removing the term limits just encourages the appointment of permanent NSA rubber stamps
The bill creates a warrant requirement for the acquisition of US persons' data under the FISA Amendments Act and
Executive Order 12333. It also expressly forbids a government mandate for encryption backdoors
, although the first sentence of this section seems to be a rather large loophole.
Notwithstanding any other provision of law, the Federal Government shall not mandate that the manufacturer of an electronic device or software for an electronic device build into such device or software a mechanism that allows the Federal Government to bypass the encryption or privacy technology of such device or software.
If this bill somehow manages to pass a round or two of scrutiny, language tweaks will certainly be requested -- possibly leading to a complete subversion of the bill's intent. But that's a huge
"if." Very few legislators have the stomach to gut the Patriot Act or
the FISA Amendments Act. Many will be happy to entertain smaller fixes, but most won't be willing to essentially strip the NSA of its domestic surveillance powers. No one wants to be the "yea" vote that's pointed to in the wake of a terrorist attack and only a few more are actually willing to go head-to-head with the intelligence agency.
Read More | 30 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 10:31am
CNN and Fox had the market cornered on ridiculous airplane crash theories, up until recently. When Malaysia Airlines Flight 17 just up and vanished, CNN produced wall-to-wall coverage seemingly cribbed from low-rent conspiracy theory sites. UFO? Black hole? Any and all theories were entertained.
Fox News hasn't exactly been the epitome of restraint, either. While it managed to avoid following CNN down these plane crash rabbit holes, it too has entertained some theories better left to operations that don't claim "news" to be a major part of their offerings. Fox News host Anna Kooiman suggested the metric system was to blame, what with kilometers being different than miles and Celsius and Fahrenheit not seeing eye-to-eye, potentially leading to some sort of in-flight calculation error.
MSNBC has decided it won't let its competition be the only "news" agencies spouting ridiculous theories. In an effort to get out ahead of the facts -- black box recordings indicated the co-pilot of the aircraft deliberately crashed the plane after locking the commanding pilot out of the cockpit -- MSNBC allowed the following theory to be presented -- completely unchallenged -- by one of its guests.
“There’s one possibility that no one has brought up, and I wonder could this be a hacking incident?” former commercial pilot Jay Rollins told MSNBC’s Diaz-Balart. “This is very similar in my mind to what happened when the U.S. lost that drone over Iran. The same thing, suddenly the aircraft was responding to outside forces…"
Rollins said that the plane’s descent was “worrisome” because “it makes me think about hacking, some sort of interference into the computer system.”
Now, hacking a plane isn't impossible
. At 2013's Hack in the Box conference, German security consultant Hugo Teso used his own app -- PlaneSploit -- to demonstrate that an Android phone could be used to reroute a plane, send it diving towards the ground or to set off every alarm in the aircraft
Or not. Teso's demonstration involved sending flight information to airborne planes with these instructions (in a simulated environment, of course) via ACARS (Aircraft Communications and Response Addressing System) to the FMS (Flight Management System). But there were multiple problems with his plan. First of all, the flight computer has to accept
the new instructions and, secondly, pilots would have to be unable to override bad instructions. Neither of which are a distinct possibility.
Patrick Smith, another commercial airline pilot, albeit one far less likely to openly speculate on "hacked" planes than Jay Rollins, pointed out the flaws in Teso's hack
The problem is, the FMS — and certainly not ACARS — does not directly control an airplane the way people think it does, and the way, with respect to this story, media reports are implying. Neither the FMS nor the autopilot flies the plane. The crew flies the plane through these components. We tell it what to do, when to do it, and how to do it. Whatever data finds its way into the FMS, and regardless of where it’s coming from, it still needs to make sense to the crew. If it doesn’t, we’re not going to allow the plane, or ourselves, to follow it.
The sorts of disruptions that might arise aren’t anything a crew couldn’t notice and easily override. The FMS cannot say to the plane, “descend toward the ground now!” or “Slow to stall speed now!” or “Turn left and fly into that building!” It doesn’t work that way. What you might see would be something like an en route waypoint that would, if followed, carry you astray of course, or an altitude that’s out of whack with what ATC or the charts tells you it ought to be. That sort of thing. Anything weird or unsafe — an incorrect course or altitude — would be corrected very quickly by the pilots.
So, the problem isn't that hacking is impossible. It's just very, very
unlikely. And in this case, hacking had nothing to do with the plane crash.
No, the problem is that news agencies looking to wring every bit of ratings possible from a tragedy are willing to make viewers stupider under the guise of "news." When facts just aren't available, 24-hour news teams lean heavily on whatever theory will provide the most entertainment (for lack of a better word). Former pilot Jay Rollins may have three decades of experience, but his speculation draws on none of it. Instead, it just takes a bit of what's selling right now (anything "cyber"
) and what has always
sold (fear) and leaves the viewers with less
information than they would have obtained by skipping the coverage completely. The truth, however, is simultaneously more horrific (in that there's little that can be done to thwart a pilot determined to crash a plane) than the "hacked plane" theory and more mundane -- at least in terms of "exciting" news coverage.
50 Comments | Leave a Comment..
Posted on Techdirt - 25 March 2015 @ 2:50pm
Asset forfeiture -- both at state and national levels -- is receiving some intense scrutiny, thanks to unflattering coverage in major news outlets like the New York Times and Washington Post. Attorney General Eric Holder made some minor cuts to the DOJ's participation in states' forfeiture programs. Meanwhile, at the state level, legislators have introduced bills targeting these programs' perverted incentives -- namely, that the agency performing the asset seizure usually benefits directly from the "forfeited" wealth.
It hasn't always been successful. Wyoming legislators were shot down by the governor -- a former prosecutor -- who explained that asset forfeiture is "good" and "right" -- something it rarely is in practice. Washington DC's city council managed to push its reform bill through, placing more constraints on seizures and raising the evidentiary standard needed to declare other people's assets "guilty."
Back at the national level, Sen. Chuck Grassley is raising some pointed questions about the US Marshals' use of asset forfeiture funds. He sent two letters to the agency recently, the first of which questioned its hiring practices.
Grassley said a whistleblower claimed that Kimberly Beal, then the deputy assistant director of the AFD, had qualification requirements waived to hire a person for a high-paying contract who was recommended by Stacia Hylton, the director of the Marshals Service. According to the whistleblower, Beal did so while under consideration for her current position of assistant director, raising suspicions that the hiring was a quid pro quo arrangement.
“This quid pro quo exchange of favors, if true, would raise serious doubts about the operational practices of the USMS AFD under Ms. Beal as well as, frankly, Ms. Hylton’s leadership of the USMS,” Grassley’s office said in the letter.
The second letter
questions the Marshals Service's appetite for office luxuries.
1. Regarding AFD offices at Crystal Mall 4, please answer the following questions:
a. Did AFD purchase a conference table that exceeded $10,000 in cost? If so, what was the cost and why was a less expensive table not considered?
b. Did AFD replace window treatments already provided for in the office lease with expensive custom window treatments? If so, why and what was the cost?
c. Did AFD install custom wallpaper, artwork, crown moldings, and chair rails in its offices? If so, why and at what cost for each of these installations?
d. Does AFD intend to expend similar amounts to decorate and furnish new office space it anticipates moving into in the near future? What will happen to the furnishings and decorations after AFD moves out?
That's the most eyegrabbing part of Grassley's letter but the rest asks similar -- if less dramatic -- questions about the agency's spending habits.
The US Marshals Service doesn't necessarily have a long history of asset forfeiture abuse, but it has previously been called out by the DOJ's Inspector General for being less than accurate with its bookkeeping
In at least eight of the 55 cases taken up by the asset team between 2005 and 2010, the purchaser or the price of the asset was not recorded. On top of that, the team failed to perform sufficient market research to properly value the assets it was eyeing; for some of them, it couldn’t even provide the OIG with bank statements and other basic documentation.
More damning was the OIG's discovery
of a huge conflict of interest. Another
whistleblower uncovered lead asset forfeiture official Leonard Briskman's extremely fortuitous moonlighting gig. Briskman, who appraised assets for the US Marshals Service, ran his own private appraisal business on the side
The inspector general reported that in several instances, Briskman valued and sold the same asset himself without supervision by anyone in the marshal’s office. In addition, he failed to publicly announce the sale of some assets, which limited their availability to the general public. In one case, an assistant U.S. Attorney from the Southern District of New York objected to a decision by Briskman to sell assets that had been seized during the Bernard Madoff case–more than one million shares of a pet prescription firm and a 5 percent stake in another investment portfolio–without announcing the sale.
The US Marshals Service doesn't need to dirty its hands by performing seizures. All it has to do is sit there and wait for assets from equitable sharing programs
to roll in. And roll in they do, thanks to local law enforcement agencies partnering up with the DOJ to avoid state laws put in place to limit the sort of abuse that is all too frequent when cops are given the authority to declare money, vehicles and other property guilty on the spot.
As would befit any government agency spending other people's money and divesting itself of other people's property, the US Marshals Service buys $10,000 tables and does little to ensure its auctioned items return something close to market value. Because of its lax accounting and questionable appraisals, money from sales went AWOL and what it did receive from auctions was likely less than it would have obtained with a bit more diligence and competence.
Whether Grassley will receive any answers to his questions remains to be seen, but the recent history of the US Marshals Service doesn't indicate it's an agency enthralled with concepts like fiscal responsibility and public accountability. If the agency is blowing seized funds on pricey tables and custom window treatments, it's going to take more than a couple of angry letters to change its "Spend it like you seized it!" culture.
22 Comments | Leave a Comment..
Posted on Techdirt - 25 March 2015 @ 1:15am
Following a trail blazed by Maryland councilman Kirby Delauter, a Virgin Islands Attorney General is making an ass of herself by threatening journalists for having the audacity to do their job. Delauter infamously publicly attacked a reporter for daring to publish his name in her paper, apparently unaware that this sort of thing happens to public officials roughly all the damn time. The ensuing internet maelstrom forced a retraction and apology from Delauter.
The Virgin Islands Daily News is still waiting for an apology from acting Attorney General Terri Griffiths for this wholly inappropriate response to acts of journalism. [via Jim Romenesko]
Acting Attorney General Terri Griffiths told executives of The Virgin Islands Daily News on Thursday morning that she will prosecute the newspaper on criminal charges because of its telephone calls to obtain comment and information from her.
"I'll be filing criminal charges against you," Griffiths said as she abruptly left a meeting at The Daily News' offices on St. Thomas.
She also claimed a quote appearing in one of the paper's stories was "fabricated." This is the quote:
"I will not comment on the Parole Board hearings."
This quote seems like something an attorney general would be very likely to say. In fact, the refusal to comment has long been a hallmark of law enforcement-press relations. Not commenting is the national pastime of law enforcers, who are often the first party to issue a solid "no comment" after controversial incidents. But Griffith claims this completely innocuous and completely boring quote was fabricated. The Daily News found otherwise.
The Daily News has reviewed Griffiths' allegations that a quote attributed to her had been fabricated and stands by its published report, Robbins said.
"We take any report of inaccuracy very seriously, and we publish a clarification or correction if an error appears in print," Robbins said. "In this case, we found that the reporter was accurate."
But Griffiths is more upset that Daily News reporters are calling her on her cell phone to obtain additional "no comments" on various stories involving her office. This would almost be a legitimate complaint (provided you ignore the ensuing "I'll put you in jail" threat that accompanied it), if it weren't for the fact that Griffiths herself
provided the cell phone number to the paper.
Griffiths spoke at length about her desire not to be called on the cell phone or after hours, and she termed the calls "telephone harassment."
Daily News reporters have called Griffiths on her cell when unable to reach her on her office phone. The cell number they used is the one she provided to the newspaper.
The meeting broke down when Robbins asked Griffiths to answer specific questions about her grievances.
Griffiths objected to that and said she did not want to be "blindsided."
"I don't want to talk to your reporters ever. There will be no communication between me and The Daily News ever again," she said.
She asked Robbins whether he would instruct reporters not to call her on the cell phone.
Robbins said, "No."
Griffiths then left the meeting, announcing, "Then I am going to file criminal charges against you."
Welcome to the life of a public figure, Ms. Griffiths. Reporters are going to call you when your input is needed or desired. It won't always be during business hours, especially if your office can't provide "I will not comment" (non)comments in your absence. Certainly, an excessive amount of calls after "business hours" (whatever that means to powerful law enforcement figures/journalists -- I would imagine those timetables have significant differences) would be irritating, but it doesn't rise to the level of harassment.
And Griffiths' comment about resenting being "blindsided" strongly suggests she'd rather not deal with this part of the job at all. Any question can be deferred to a later time if the answer isn't immediately apparent, but the pattern of calls Griffiths calls "harassment" suggests she's not exactly forthcoming or timely in her responses.
Harassment may be a crime, but journalism isn't. If Griffiths would rather not answer questions, she can place that burden on her staff. Or she can communicate only through official statements and press releases. Or she can give the newspaper guidance on what times are acceptable to call. But what she definitely can't do -- or at least shouldn't
-- is abuse the power of her position to mute pesky guardians of public accountability.
23 Comments | Leave a Comment..
Posted on Techdirt - 24 March 2015 @ 3:46pm
Poor dears. A bunch of law enforcement associations are worried that they won't be able to keep all that sweet, sweet ALPR (automatic license plate reader) data for as long as they want to. In fact, they're so worried, they've issued a letter in response to a nonexistent legislative threat.
Despite the fact that no federal license plate legislation has been proposed, the International Association of Chiefs of Police (IACP) has sent a pre-emptive letter to top Congressional lawmakers, warning them against any future restrictions of automated license plate readers. The IACP claims to be the "world's oldest and largest association of law enforcement executives."
is stained with the tears of law enforcement entities whose thirst for bulk collections is only rivaled by national security agencies.
We are deeply concerned about efforts to portray automated license plate recognition (ALPR) technology as a national real-time tracking capability for law enforcement. The fact is that this technology and the data it generates is not used to track people in real time. ALPR is used every day to generate investigative leads that help law enforcement solve murders, rapes, and serial property crimes, recover abducted children, detect drug and human trafficking rings, find stolen vehicles, apprehend violent criminal alien fugitives, and support terrorism investigations.
The "efforts to portray" ALPRs as ad hoc tracking devices aren't limited to imaginative conspiracy theorists. Millions of plate scans are added to private companies' databases every day
. The total number of records retained by Vigilant, the most prominent manufacturer of ALPRs, totals in the billions
. That amount of data can easily be used to track nearly anyone's day-to-day movements. And the database is accessible by law enforcement agencies around the nation. There's no geofencing keeping the data compartmentalized to what's "relevant" to local agencies.
As for the rest of the paragraph, those claims have yet to be backed up by arrest statistics. The amount of plate data collected far outweighs the results
There is a misconception of continuous government tracking of individuals using ALPR information. This has led to attempts to curtail law enforcement’s use of the technology without a proper and fair effort to truly understand the anonymous nature of the data, how it is used, and how it is protected.
Note how the "misconception" is nothing privacy advocates are actually saying. No one's mistaking plate scans for a GPS tracking device. They've just noted that the end result is nearly identical. Gather enough data and you don't need a more "intrusive" method.
We are seeing harmful proposals – appropriations amendments and legislation – to restrict or completely ban law enforcement’s use of ALPR technology and data without any effort to truly understand the issue. Yet, any review would make clear that the value of this technology is beyond question, and that protections against mis-use of the data by law enforcement are already in place. That is one of the reasons why critics are hard-pressed to identify any actual instances of mis-use.
Translation: no one understands this high-tech device but us cops.
Also: "value" is "beyond question?" If so, why is it so hard to get any law enforcement agency to produce some evidence
to back up this claim? It's high tech, but it's also fallible tech
. And it's tech that is being deployed with little to nothing in the way of privacy protections or oversight.
That's what legislators (non-federal) are seeking. Some sort of limits and accountability. Virginia just passed one of the most restrictive pieces of legislation
pertaining to ALPRs -- one that installs limits on collection and retention.
Virginia has become the first state in America to impose a very short data retention limit on the use of automated license plate readers (LPRs, or ALPRs). VA cops will now only be able to keep such data for seven days unless there is an active, ongoing criminal investigation.
Only a few states have imposed any legislative limits on the technology. For most US law enforcement agencies, the data is gathered en masse (and sometimes in inappropriate places
) and held forever. The LAPD argued that every one
of the thousands of plate scans it had gathered is somehow "relevant" to ongoing investigations. When you're faced with claims like that, it's hard to argue with legislative limits being introduced. The police won't police themselves. Someone usually has to force them into applying even the most minimal of restrictions on ALPR use.
We call on Congress to foster a reasonable and transparent discussion about ALPR.
That's rich. "Transparent discussion." The hell does that even mean in a law enforcement context? Agencies don't want to talk about ALPRs
, Stingray devices
, their officers' misconduct
, etc. The prevailing law enforcement mentality is almost completely opposed to transparency. These police associations aren't interested in Congress or anyone else having a "transparent discussion." What they want is a guided
discussion that results in more data-hauling business as usual for the agencies these associations represent.
But this sentence is the best thing about this overwrought letter:
If legislative efforts to curtail ALPR use are successful, federal, state, and local law enforcement’s ability to investigate crimes will be significantly impacted given the extensive use of the technology today.
Shorter police: "We like our shiny tech tools so much, we've forgotten how to perform police work." If they can't get as much as they can, as often as they can and access it at their leisure, the streets will run red with the blood of the innocent. This sort of thinking goes all the way to the top, where the FBI's James Comey has promised
death, molestation and Colombia 2.0 if the government isn't allowed to build itself backdoors in cellphone encryption.
How a device that delivers a 0.2% hit rate has become something the cops lean on so heavily they simply can't go on without it is a question that deserves a "transparent" answer, rather than the hitch-in-the-throat talking points delivered here. All anyone wants is something telling cops they can't keep everything
for as long as they want
. They want privacy impact assessments and honest answers to worrying questions. All we've received so far is unproven claims of the tech's "effectiveness" and the constant pimping of dead children and human trafficking victims, with the existential threat of suppliers delivering product to a receptive market thrown in for good measure.
49 Comments | Leave a Comment..
Posted on Techdirt - 24 March 2015 @ 9:31am
The NSA's bulk phone metadata program is unstoppable. Despite being called out by legislators and the administration's civil liberties oversight board as unconstitutional and illegal -- and despite being targeted by several of the administration's surveillance reforms -- it continues uninterrupted and largely unchanged.
Legislators who watched their Section 215-targeting bills die on the Congressional floor are now watching the clock. This part of the PATRIOT Act is set to expire June 1st (as is the latest bulk metadata order) and if Congress doesn't act to renew it, the program will grind to a halt. Or so you would think. But the FISA judge James Boasberg doesn't see why this provision's sunset should have any negative effect on the continued collection of phone metadata.
On the last page of the court's most recent order, Boasberg says the following:
If Congress, conversely, has not enacted legislation amending § 1861 or extending its sunset date established by Section 102(b) of Public Law 109-177, 120 Stat. 195, as most recently amended by Section 2(a) of Public Law 112-14, 125 Stat. 216, the government is directed to provide a legal memorandum pursuant to Rule 11(d) addressing the power of the Court to grant such authority beyond June 1, 2015.
It's Public Law 109-177
that's aiding the effortless reauthorization. Charlie Savage of the New York Times
noted this possibility last year. There's an exception in place that allows authorized surveillance programs to continue even after their authorizations have lapsed.
(2) Exception.–With respect to any particular foreign intelligence investigation that began before the date on which the provisions referred to in paragraph (1) cease to have effect, or with respect to any particular offense or potential offense that began or occurred before the date on which such provisions cease to have effect, such provisions shall continue in effect.
provide for endless bulk surveillance under Section 215, even without renewal of the program. Or it could just be the FISA judge signaling conversations the general public isn't privy to, as Marcy Wheeler points out
That basically says the Court is aware of this discussion, either because it reads the NYT or because the government has mentioned it. This order doesn’t tip a hand on how FISC would regard this claim, but it does make clear it considers it a distinct possibility.
Note, unless I’m missing something, no language like this appears in any of the unredacted sections of previous dragnet orders, not even when Congress was giving the government straight renewals. We can’t be sure, but that certainly seems to suggest the Court has been having conversations — either by itself or with the government — about alternatives in a way Bob Litt and others are not having publicly.
Even if the court chooses to read the PATRIOT Act as killing Section 215 when it sunsets, this likely won't end the collection of phone metadata. The government still has other options
Many privacy advocates believe the White House would have two routes available if it chose to continue the program, absent congressional action. Along with potentially being able to continue investigations that are ongoing despite an expiration, the administration could also rely on a "pen/trap" statute, which allows for phone tapping and has a loose standard of relevancy, akin to Section 215, and typically does not require probable cause.
This option would require a bit more paperwork and slightly refined targeting of court-approved numbers. It would, at least temporarily, halt the incoming collection of everything
and force the NSA to relinquish control of the database. A PR/TT order wouldn't allow for collection in bulk, but rather return records linked to certain numbers from telcos searching their own
databases. So, it would be a step forward in terms of Section 215 reform (moving the database out of the NSA's control), however inadvertently.
Others believe the language in the latest FISA order signifies nothing in particular.
Stewart Baker, a former general counsel at the NSA, said it's possible the surveillance court could use the leeway to grant a "one-off measure" in May to keep the bulk-records program going only through June. He noted that Boasberg's order requests that a memorandum from the government be filed not by June 1 but by May 22, a notable deadline, given that "most observers expect that Congress will only act at the last minute."
"The much harder question is whether it could issue any orders in June," Baker said. "There's an argument that it can, but I suspect that the administration won't be willing to make that argument."
Section 215 might expire, but the door is open for the NSA to continue its collecting uninterrupted. Things may become much more interesting in late May as the clock winds down. Perhaps Congress will have the courage to just let this section of the PATRIOT Act die, but it will have to weather plenty of "terrorists... terrorists everywhere!" posturing from Section 215's defenderss. If nothing else, an expiration would force the reforms the NSA has shown little interest in implementing.
Read More | 13 Comments | Leave a Comment..
Posted on Techdirt - 24 March 2015 @ 4:09am
It appears that Amazon is very serious about walling off its garden. Late last year, it pushed out a firmware update for its Amazon Fire TV devices that not only made rooted devices unusable, but prevented Fire TV owners from rolling back firmware to previous, more root-friendly versions. Apparently, Kindle users were also included in this lockdown.
A recent post at Good Reader notes that the latest firmware for Kindles is pretty much identical to its Fire TV firmware, right down to the destruction of functionality.
The new firmware was pushed out to all modern Kindle devices in late November of last year. Anything after version 5.60 will not allow you to hack the firmware and do interesting things like change the screensaver system or install custom apps.
And, like its firmware for the Fire TV, rollback to less hack-resistant firmware
is nearly impossible. You can
force it back, provided you have a soldering iron
(and the willingness to apply it to your device) or you can follow a few not-so-simple steps
to take your root access back from Amazon. But once again, it's the company removing functionality for the sole purpose of making devices perform the way Amazon wants them to, rather than leaving these sorts of decisions to those who have purchased the devices.
And it's not as though Kindle owners are receiving any heads up from Amazon about the firmware's plans for their jailbroken devices. No mention of it is made in the firmware's specifications
, which only tells you about the (supposedly) good
things the update will bring: vague "bug fixes and improvements." Softpedia's hosting page for the latest version
(5.6.1) goes into a little more detail, but it only contains a list of slightly-upgraded Amazon features, rather than the limitations the firmware will impose on paying customers.
If you like Amazon's walled garden, the company is more than happy to ensure you never find the gate. If you don't, Amazon is more than happy to step in and brick over any openings. The latter does a huge disservice to paying customers who are looking to get the most out of something they purchased
, but seems to still somehow "belong" to Amazon.
111 Comments | Leave a Comment..
Posted on Techdirt - 23 March 2015 @ 1:38pm
If you're a UK-based journalist who's reported on the Snowden leaks, it's safe to say you're under investigation. Not only are you being investigated, but that investigation itself is so secret, it can't be discussed. The Intercept's Ryan Gallagher sent a Freedom of Information request to London's Metropolitan Police (the Met) for more information about the investigation -- something twice publicly confirmed by Met representatives.
But when asked specifically for information on the ongoing investigation, the agency had nothing to say.
[T]he Metropolitan Police... says everything about the investigation’s existence is a secret and too dangerous to disclose. In response to a Freedom of Information Act request from this reporter, the force has repeatedly refused to release any information about the status of the investigation, how many officers are working on it, or how much taxpayer money has been spent on it. The Met wrote in its response:
"to confirm or deny whether we hold any information concerning any current or previous investigations into the alleged actions of Edward Snowden could potentially be misused proving detrimental to national security.'
In this current environment, where there is a possibility of increased threat of terrorist activity, providing any details even to confirm or deny that any information exists could assist any group or persons who wish to cause harm to the people of the nation which would undermine the safeguarding of national security."
The response is hardly a response. In fact, almost the entirety of the nine-page document
Gallagher received is simply reasons WHY the Met won't be responding affirmatively or negatively to his inquiry. The only new information gleaned is that control of the investigation has changed hands.
AC Mark Rowley has taken over as Head of Specialist Operations following the departure of Cressida Dick
That's the one thing the "Counter Terrorism Command" can confirm. This would be the same department within the Met that was directly involved with the detainment and questioning
of Glenn Greenwald's partner, David Miranda. Everything else falls under a variety of exemptions, including the oh-so-opaque "state secrets" designation.
The Metropolitan Police Service can neither confirm nor deny whether it holds any of the information that you have requested, as the duty in S1(1)(a) of the Freedom of Information Act 2000 does not apply, by virtue of the following exemptions:
Section 23(5) - Information supplied by, or concerning, certain security bodies
Section 24(2) - National Security
Section 30(3) Criminal Investigations
Section 31(3) - Law Enforcement
Section 40(5) - Personal information
There's more detail later, when the response details the agency's decision to declare the request to be "not in the public interest."
The security of the country is of paramount importance and the Police service will not divulge whether information is or is not held if to do so would undermine National Security or law enforcement. Whilst there is a public interest in the transparency of policing operations and providing assurance that the police service is appropriately and effectively engaging with the threats posed by groups or individuals there is a very strong public interest in safeguarding the integrity of police investigations and operations in the highly sensitive area of extremism, crime prevention, public disorder and terrorism prevention.
After weighing up the competing interests I have determined that confirmation or denial of any information being held concerning whether the MPS has investigated the alleged actions of Edward Snowden or not would not be in the public interest. To confirm or deny that information is held regarding any individual or investigation that may or may not have taken place could be detrimental to any investigations that may be being conducted now or in the future.
But, of course, all of this discussion about national security, public interest and possibly compromised investigations does not
confirm that there's a twice-previously-confirmed investigation of UK journalists in progress.
However, this should not be taken as necessarily indicating that any information that would meet your request exists or does not exist.
This UK-style Glomar tosses the request back to The Intercept, which has tossed it to the nearest governing body..
The Intercept has filed a complaint with the Information Commissioner’s Office, the public body that enforces the U.K.’s freedom of information laws, about the Met’s refusal to release information about the current status of the investigation. The commissioner will now look at how the police handled the request and decide whether they should be ordered to hand over the relevant details.
Even in the UK, information doesn't want to be free. It wants to be litigated
The Met continues to maintain its code of silence in the face of its earlier public statements about investigating those publishing the Snowden leaks. When asked how something the agency itself publicly discussed several months ago is now a "national security" issue, the Met offered a swift "no comment" -- a handy way to dodge the logic hole in its Freedom of Information request denial.
Read More | 14 Comments | Leave a Comment..
Posted on Techdirt - 23 March 2015 @ 8:08am
You don't hear much about FBI whistleblowers. Many other agencies have had wrongdoing exposed by employees (and the government has often seen fit to slap the whistles out of their mouths with harsh prosecution), but the FBI isn't one of them. Forty-three years ago, whistleblowers broke into the FBI and retrieved damning documents, but no one's really broken out of the FBI to do the same. In fact, the FBI would rather not talk about whistleblowing at all.
An optimist might chalk this up to the FBI being a tightly-run organization that polices itself for malfeasance and wrongdoing. They'd be wrong, of course. Just within the past year, the FBI has twice thwarted its own oversight and may soon face budgetary constraints if it won't turn over the documents the DOJ's Inspector General is seeking.
There's a reason no one blows the whistle at the FBI and this GAO report spells it out: unlike every other government agency, the DOJ's internal policies contain nothing to shield FBI whistleblowers from retaliation.
Unlike employees of other executive branch agencies, FBI employees do not have a process to seek corrective action if they experience retaliation based on a disclosure of wrongdoing to their supervisors or others in their chain of command who are not designated officials. This difference is due, in part, to DOJ’s decisions about how to implement the statute governing FBI whistleblowers. When issuing its regulations in 1999, DOJ officials did not include supervisors in the list of entities designated to receive protected disclosures, stating that Congress intended DOJ to limit the universe of recipients of protected disclosures, in part because of the sensitive information to which FBI employees have access.
To ostensibly protect means, methods and (presumably) the country itself, the DOJ eliminated several options whistleblowers could pursue when taking their complaints through official channels. A 2012 Presidential Policy Directive aimed at increasing whistleblower protections failed to move the needle.
In response to this requirement, DOJ reviewed its regulations and in an April 2014 report recommended adding more senior officials in FBI field offices to the list of designated entities, but did not recommend adding all supervisors. DOJ cited a number of reasons for this, including concerns about striking the right balance between the benefits of an expanded list and the additional resources and time needed to handle a possible increase in complaints. By dismissing retaliation complaints based on a disclosure made to an employee’s supervisor or someone in that person’s chain of command, DOJ leaves some FBI whistleblowers—such as the 17 complainants we identified—without protection from retaliation.
The DOJ is plainly uninterested in sheltering those who would point out FBI wrongdoing. It has set up a minefield most whistleblowers are unable to navigate.
We concluded that, without clear information on how to make a protected disclosure, FBI whistleblowers may not be aware that, depending on how they report their allegation, they may not be able to seek corrective action if they experience retaliation.
So, with no roadmap and extremely limited protections, whistleblowers who do
manage to bring their complaints up through proper channels are often subjected to retaliatory actions for which they have no remedy.
[I]n 2002, former FBI agent Jane Turner filed a whistleblower complaint with DOJ alleging that her colleagues had stolen items from Ground Zero after the September 11, 2001, terrorist attacks. She was then given a “does not meet expectations” rating, placed on leave, and notified of proposed removal.
This retalitation was reported by Agent Turner to the DOJ, which then slowly ground its heavy wheels of so-called justice for more than a decade.
[The] DOJ ultimately found in her favor in 2013—over 10 years later.
Turner's case isn't an anomaly. The GAO found that, while the DOJ was often quick to dismiss retaliation complaints simply because the whistleblower failed to properly navigate its labyrinthine reporting restrictions, it was seldom interested in moving quickly on behalf of those who managed to luck into complete compliance.
The 4 complaints we reviewed in our 2015 report that met threshold regulatory requirements and that DOJ ultimately adjudicated on the merits, took up to 10.6 years to resolve, and DOJ did not provide parties with expected time frames for its decisions throughout these cases.
The DOJ blames this on "case complexity" and "staffing priorities." The latter excuse is likely the most honest. The DOJ is far more inclined to prosecute whistleblowers than protect whistleblowers. Blowing the whistle at the FBI means being subjected to vindictive actions with little to no recourse. The DOJ may
decide to take a whistleblower's case, but will do little, if anything, to escalate its response. In the meantime, whistleblowers are apparently supposed to take a number and wait things out in a hostile environment.
Will this GAO report result in better protections? Highly doubtful, considering a directive issued by the President's office itself failed to produce any significant change. Even the agency's inside oversight -- the Office of the Inspector General -- is finding the DOJ completely unresponsive to its complaints about FBI stonewalling and obfuscation. It's highly unlikely the DOJ will handle lower-level whistleblower complaints with more speed or openness.
The DOJ, along with the FBI, has successfully neutralized most forms of accountability. The OIG is openly ignored. FOIA requests are frequently greeted with massive amounts of withheld documents
. When pressed, the nation's top law enforcement agency tends to wrap itself in a patchwork of undeclared wars (drugs, terrorism) and claims accountability will lead to an unsafe and unsecured country. Meanwhile, its own underling agencies go rogue while tangled, useless policies keep whistleblowers from ever opening their mouths.
Read More | 15 Comments | Leave a Comment..
More posts from Capitalist Lion Tamer >>