Tim Cushing's Techdirt Profile

Tim Cushing

About Tim Cushing

Posted on Techdirt - 5 July 2022 @ 03:46pm

Court Says Homeless Man Beaten By Firefighter Can Continue To Sue City For Ignoring First Responder Misconduct

This isn’t the kind of response one expects from a firefighter arriving at the scene of a fire. (via Courthouse News Service)

In August 2019 [Brad] Cox and other DFD [Dallas Fire Rescue Department] personnel were called to extinguish a grass fire. When Cox and other DFD personnel arrived, [Kyle] Vess, who is mentally ill, was walking near the fire. Due to Vess’s proximity to the fire, Cox thought Vess was responsible for starting it.

Cox and other DFD personnel attempted to detain Vess. Meanwhile, other DFD personnel called the Dallas Police Department (“DPD”) for assistance. Cox confronted Vess in an effort to detain him. Something provoked Vess, however, and he errantly swung at Cox, who swung back at Vess and hit him. According to the second amended complaint (“SAC”), Cox then beat Vess “senselessly” and subdued him. After subduing Vess, Cox continued to beat him, kicking him six times while he was on the ground. It was necessary for another firefighter to restrain Cox.

That’s from the recent federal court decision [PDF] allowing Vess’ lawsuit to move forward. The beating involved one more kick, delivered to the head of the “clearly subdued” Vess by Cox: one that resulted in a fractured orbital socket. The entire beating delivered more injuries, including a fractured sinus, cracked teeth, and facial paralysis to the right side of Vess’ face.

There’s body cam footage of the beating so neither Brad Cox nor the DFD could deny it happened.

They could, however, choose to do nothing about it.

DFD did not conduct an internal affairs investigation, and the Dallas Public Integrity Unit (“DPIU”) cleared Cox of any wrongdoing. Both entities “worked to ensure that no further or deeper investigation was done” because both had a practice of concealing internal disciplinary measures from the public. The office of the Dallas County District Attorney did not pursue an indictment of Cox, later “indicated remorse” for not having done so, and “admitted that a thorough investigation was not undertaken.”

And it had never bothered to seriously discipline Brad Cox, who has apparently been a problem for the DFD for nearly two decades when this incident took place:

According to the SAC, Cox was arrested in 2002 for suspected assault at a birthday party; was reprimanded three times for refusing to provide medical treatment to patients; was counseled in writing in 2011 for “unacceptable conduct” related to a patient; pleaded guilty to falsifying a government report; and is currently being sued in a case where he allegedly laughed at, and refused to give care to, a homeless man, who ultimately died.

Cox isn’t an anomaly.

[W]hen DFD personnel do engage in inappropriate behavior (whether in poor communities or elsewhere), DFD has refused to terminate any of these personnel in the last 30 to 40 years. This is so despite numerous examples of such inappropriate behavior—not punished by termination—including refusing to render care because of the person’s sexual orientation; refusing to transport a child to the hospital because the paramedic thought the mother was lying about the seriousness of her child’s illness; refusing to treat a man with a terminal condition because the paramedic believed the man was already dead; and refusing to follow standard procedures for a gunshot wound.

Brad Cox asked for qualified immunity, claiming the beating he handed out was unrelated to any “seizure” of Vess by law enforcement and, therefore, did not violate his Fourth Amendment rights. Wrong, says the court. A seizure takes place when an officer (or first responder, as in this case) uses physical force or a show of authority to restrain someone’s liberty. Cox may have felt he was just handing out a beating, but he did so as a government employee while in the presence of officers called to the scene. No immunity.

The city of Dallas tried to dismiss the lawsuit as well, arguing that the allegations did not sufficiently tie the city to Cox’s beating or the DFD’s unwillingness to terminate employees over severe misconduct. The court says that Vess has actually alleged all he needs to at this point. With the DFD making a four-decade run at never terminating an employee over severe misconduct, the city is at least partially responsible for this accountability vacuum.

[T]he court holds that Vess has alleged sufficient facts for the court to draw the reasonable inference that the City has a “de facto policy and/or custom of protection for previously disciplined personnel by refusing to terminate or separate from employment individuals unfit to serve as members of the Dallas Fire Department despite good cause for termination and the risk these individuals pose to the public.” And the court concludes that Vess has plausibly pleaded that this policy was the moving force behind Cox’s actions.

That’s enough to keep the lawsuit alive. And now the city of Dallas will have to confront its failure to oversee an agency that was created to fight fires and save lives but has ended up housing people like Brad Cox — a firefighter who assaults citizens, falsifies reports, and refuses to help the people he’s paid to help.

Posted on Techdirt - 5 July 2022 @ 12:15pm

Federal Agent Stupidly Threatens Twitter User With Arrest Over Protected First Amendment Expression

The Supreme Court’s decision to say “fuck it” to reproductive rights has resulted in plenty of firmly protected First Amendment expression. People are angry and have decided to let the Supreme Court, along with the rest of the federal government, know that they aren’t happy.

Twitter user mattie daddy did the same thing, only using Twitter for their response. Here’s what that looked like, as captured by Adam Steinbaugh after the Twitter user deleted tweets and locked down their account:

Reacting to President Biden calling for non-violence in response to the Supreme Court’s reprehensible decision, the Twitter user quote-tweeted the lukewarm call to non-action and added this statement:

Burn every fucking government building down right the fuck now. Slaughter them all. Fuck you god damn pigs.

Incitement? A terroristic threat? A violation of laws federal or local?

Actually, no. None of the above. This was anger, expressed inelegantly. No one was directly encouraged to engage in violence. No specific agency was targeted. None of the elements needed to prove a violation of the federal law cited by the federal idiot who responded to this tweet (which had 8 retweets and 31 likes when it was removed by the Twitter user): 18 U.S. Code § 115 (Influencing, impeding, or retaliating against a Federal official by threatening or injuring a family member.)

This appears to be the “relevant” part of the law cited by the US federal agent (Josh Henry of the DHS’s “Threat Management Branch”), and I am using the term “relevant” only in the sense that Henry cited this part of the US code in his threat letter to the Twitter user:

[Whoever threatens] with intent to impede, intimidate, or interfere with such official, judge, or law enforcement officer while engaged in the performance of official duties, or with intent to retaliate against such official, judge, or law enforcement officer on account of the performance of official duties, shall be punished as provided in subsection (b).

(2) Whoever assaults, kidnaps, or murders, or attempts or conspires to kidnap or murder, or threatens to assault, kidnap, or murder, any person who formerly served as a person designated in paragraph (1), or a member of the immediate family of any person who formerly served as a person designated in paragraph (1), with intent to retaliate against such person on account of the performance of official duties during the term of service of such person, shall be punished as provided in subsection (b).

I can’t see how that tweet fits into this framework, unless the very special agent Joshua Henry felt a wholesale call to burn everything down was indistinguishable from distinct actions or threats directed at specific government officials.

But that’s what Josh Henry put in his threat letter, which was published by the Twitter user shortly before tweets were deleted and the account locked.

If you can’t read/see the image, I will reproduce it in full, lest I be accused of misconstruing the language or intent of Special Agent Josh Henry of the US Department of Homeland Security, who really needs to be sent back to “Know What The Fuck You’re Talking About” school.

This letter is in reference to your recent post on Twitter. Specifically, on June 4, 2022, you became upset at the Roe Vs Wade decision and stated, “Burn every fucking government building down right the fuck now. Slaughter them all. Fuck you god damn pigs.”

This letter is to advise you that any further communications containing any real or implied harassment/threats against the personal safety of agencies, employees or contractors towards government facilities are unwarranted and unwelcome. You are advised as of the date of this letter to cease and desist in any conduct deemed harassing/threatening in nature, when communicating to or about the federal government. Failure to comply with this request could result in the filing of criminal charges for violations of 18 United States Code Statue [sic] 115.

In closing, please refrain from any harassing/threatening language when contacting any government agency.

First things fucking last: the tweet was sent on June 24, not June 4. Sure, it might be a typo, but details matter, especially when threatening someone with a loss of their freedoms over expression protected by the First Amendment.

Second: the most robust First Amendment protections apply to speech “to or about the federal government.” So, this agent has a higher bar to clear than most when it comes to “real or implied harassment/threats.” Agent Joshua Henry doesn’t even make an attempt to clear this bar. And then he goes on to cite a government “statue” that definitely doesn’t apply to the speech he’s being extremely stupid about.

Third: there’s no evidence this Twitter user ever directly contacted any government agency to repeat the (protected) hyperbolic expression of disgruntlement observed in this tweet.

None of this appears to be slowing the roll of DHS Special Agent Dunning-Kruger. As far as the agent sees it, he might need to do something even stupider in the near future since his angry letter has failed to silence the Twitter user or an ever-increasing number of online critics.

Henry said Walker sharing the letter on Twitter could bring more trouble.

“She’s kind of taking it as a joke,” Henry said. “She’s not remorseful about these statements, so that’ll be presented a United States Attorney and they’ll make a decision on that.”

Hopefully, Agent Henry’s superiors will be along shortly to smack the stupid out of him. Law and Crime’s editor Colin Kalmbacher spoke to Robert Sperling, the Director of Communications for the Federal Protective Service — the agency overseeing Agent Henry’s attempts to keep the country safe by steamrolling the rights of Twitter users.

If Henry presents this case, there’s a very good change he’ll get laughed out of the US Attorney’s office:

In a phone call, Sperling described the language as quite “colorful” but, when asked about the First Amendment implications, said he doubted the incident would actually be presented to a U.S. Attorney for prosecution.

Come get your boy, DHS. This is embarrassing. Of course people are angry about the Supreme Court decision. Of course they’re going to talk a bunch of shit on social media. But almost none of it will actually escape the boundaries of the First Amendment. Actions like these just make the federal government look stupid, censorial, and ineffective. With any luck, it will be Agent Henry who needs to worry about the dumb stuff coming out of his mouth, rather than some internet rando whose “threat” managed to reach a few dozen followers before being picked up in the DHS’s social media dragnet.

Posted on Techdirt - 5 July 2022 @ 10:48am

Your Tax Dollars At Work: Cops Busting People For Crop Tops, Twerking

Now that the Supreme Court has given states the freedom to police women’s bodies, it only makes sense that police are out there literally policing women’s bodies.

It’s summer. Temperatures are high pretty much everywhere. And when temps go up, the amount of clothing people are willing to put on goes down. For some reason, that completely expected turn of events resulted in some ridiculous enforcement of law by local law enforcement. (h/t Peter Bonilla)

Casey LaCaze-Lachney of Winnfield, Lousiana went to a festival in town June 11 dressed like this (screenshot via Lachney’s TikTok account):

For that, she was cited for indecent exposure by a Winnfield PD officer:

A Winnfield, LA woman’s TikTok video has gone viral after she took to the app to complain about an indecent exposure citation she received at a festival on Saturday, June 11. 

Casey LaCaze-Lachney, known on the app by her username @kazzi112, posted about the incident where it has received more than 2.6 million views. LaCaze-Lachney captioned the video “make it make sense” before showing viewers the outfit in question. 

LaCaze-Lachney is shown wearing a black t-shirt that covered her shoulders and was cropped just above the belly button, paired with cutoff denim shorts and a studded belt. 

The video went viral but this was no stunt. This actually happened. According to the Winnfield PD’s pathetic, incredibly defensive Facebook post, an officer actually believed this totally normal summer outfit violated the law:

Winnfield’s 6th Annual Dugdemona Festival held on Main Street was an amazing success. However, recent posts to social media have had a negative impact on the service of our police officers during this family fun-filled festival.

An unnamed citizen was cited for a city ordinance and has since taken to a popular social media site, blasting police officers. However, 3 female officers responded to various complaints about the person’s attire and the person of interest was issued a citation under the city ordinance.

Um, the only thing having a “negative impact on the service” of the PD’s officers is the service of the PD’s officers. If “various complaints” are made about someone who isn’t breaking the law, the officers (female or not) should ignore those complaints and concern themselves with actual lawbreaking.

But that didn’t happen. Instead, a citation was issued for violating city ordinance 14-76. This ordinance is quoted by the PD in its “stop being mad at us for being assholes” post. Here it is. See if you can’t spot the lawbreaking!

“It shall be unlawful for any person to wear pants, trousers, shorts, skirts, dresses, or skorts in any public place or places open to the public which either intentionally exposes undergarments or intentionally exposes any portion of the pubic hair, cleft of buttocks, or genitals.” Fines range from $25.00 for a first offense to a maximum of $300, and the person may be ordered to perform up to 40 hours of community service.

Even if the shorts/crop top managed to inadvertently expose, say, the “cleft of the buttocks” (perhaps when bending over), it would not be an intentional exposure. And I have no idea how this law applies to swimming pools, where the clothing worn is indistinguishable from “undergarments” in many cases.

To conclude this stupidity, the PD offered this statement, which says the PD will not lower itself to engaging with irate citizens for lowering the department to its current level by citing a person for wearing clothes.

“We, as public servants, will not engage in a social media war with any one or any organization, as it is improper and brings discredit upon this department. We also cannot comment on details of any case under investigation or pending court action.”

It’s a bit late for most of this. The department has already done the “improper” and succeeded in “bringing discredit” on itself. It was a stupid, unlawful move by local law enforcement. And it’s definitely going to end in some court action.

Speaking of court action, here’s our second bit of literal policing of women’s bodies. This one occurred quite a bit earlier than the Winnfield debacle, but is back in the news because the victim of body policing is getting a payout from the city of Portland over the actions of some similarly stupid officers.

I’m going to dole out this lead sentence in chunks for maximum impact:

The city will pay $75,000 to settle a federal lawsuit filed by a woman arrested by Portland police in 2019 after she was seen twerking in a bike lane downtown…

I’m not sure what part of this is more laughable: that officers believed twerking was a crime or that doing it in a bike lane was the part that triggered enforcement. Either way, it gets stupider:

…and had flipped off officers during a protest.

Definitely not a crime. In fact, it’s the opposite: it’s constitutionally protected expression. It really doesn’t matter where it happens (bike lane) or what expression (twerking) accompanies it. The precedent in this judicial circuit dates all the way back to 1990. So, Portland police officers have been on notice for more than three decades that flipping off cops cannot justify an arrest.

The cops had an excuse though:

Portland police Cmdr. Erica Hurley defended the arrest at the hearing, saying officers had probable cause to arrest the woman who wasn’t allowing traffic to move through. Police cars need to get through traffic just like any other cars, she said.

Well, that’s one way to look at it. Another way to look at it is that the momentary twerking did not actually block traffic and that maybe cops shouldn’t be driving their cars in bike lanes. And yet another way of looking at it is that no criminal act ever occurred. That’s the way the jury saw it when it handled her misdemeanor charge, returning a verdict of “not guilty.”

This is obviously just a very small, very specific sampling of police misconduct. But it’s particularly stupid misconduct that, nonetheless, received full-blown support from the agencies employing these officers. That’s why it’s a problem. It indicates no petty amount of bullshit is beneath being defended.

Posted on Techdirt - 1 July 2022 @ 03:33pm

Court To Litigants: A City Taking Down Its Own Statue Doesn’t Violate Your First Amendment Rights

Some days, it has got to suck to be a judge. Well, actually a lot of days. Most judicial work is tedious, including contractual disputes or bankruptcy proceedings or maritime law or any dozens of other aspects of litigation that would put most people to sleep.

On other days though, it’s a particular kind of annoying. It’s like working for the world’s worst boss, someone who makes ridiculous requests and expects you to take them seriously.

This case, brought to us by the Volokh Conspiracy, involves deeply unserious people with patently ridiculous arguments. And it’s all handed by the federal court judge like it’s the most legitimate thing to ever land on Judge Janet Hall’s docket.

The First Amendment lawsuit was filed by the “American Italian Women for Greater New Haven” (referred to as “AIW” in the decision). It concerns the city’s decision to remove a statue of Christopher Columbus from Wooster Square, a public park in the city. The city owned the park and the city owned the statue.

Christopher Columbus — an Italian long revered for his supposed “discovery” of lands already populated by indigenous people — has seen his reputation dim considerably over the last couple of decades. This has resulted in similar actions all over the nation, as Columbus’ reputation as a colonizing racist superseded his inexplicably popular failure to locate any part of Asia’s 17.21 million square miles.

The AIW found this move to be reprehensible. And not just reprehensible, but unconstitutional. The statue — a gift to the city from 200 Italian immigrants in 1892 — represented something more to the group than a tribute to a questionable historical figure. According to AIW’s complaint, the group met in the square often to recruit new members, participate in activities, and conduct an annual wreath-laying at the base of the statue.

So, where does the First Amendment violation start happening when a city removes its own property? It’s difficult to tell. But the opinion [PDF] does give us a look at the ridiculous assertions made by the Italian women’s group.

According to AIW, the decision to remove the Columbus statue arose from the City’s “pro-African American/anti-Italian American policy”, a policy that the City deliberately “established and perpetuated.”

This imagined policy is the basis for several claims, including discrimination (against Italians, I guess?), due process violations (because the AIW was not allowed to vote on the removal, I guess?), and the First Amendment violation because… well, that’s what the AIW wrote down in their complaint.

The court decides AIW (barely) has standing to bring the lawsuit, based solely on the “wreath-laying ceremony” that occurs at the base of the statue. But having standing to pursue a lawsuit doesn’t necessarily mean there’s anything actionable to pursue.

All the rest of the AIW’s activities could still be performed in the park with or without the statue. And, as the plaintiffs admit (which undercuts their discrimination claims), they have never been refused access to the park. Plus, the statue was made unavailable to everyone, not just Italian-Americans residing in New Haven.

There’s no due process claim to be had, either. Even if accepted as true, the allegation that the city somehow failed to allow residents to vote on the decision to remove the statue doesn’t work because the group did not have any property interest in a statue erected and owned by the city.

And that leads directly to this blunt dismissal of the group’s truly bizarre First Amendment claim.

Finally, in Count Four, AIW alleges that the removal of the statue violated its First Amendment rights. This claim fails, however, because the Columbus statue is government speech and, as such, AIW has no cognizable free speech interest in it. Indeed, the Supreme Court has directly foreclosed such a claim. In Pleasant Grove City, Utah v. Summum, 555 U.S. 460 (2009), the Court “held that the messages of permanent monuments in a public park constituted government speech, even when the monuments were privately funded and donated.” See Shurtleff v. City of Boston, Mass., 142 S. Ct. 1583, 1590 (2022) (summarizing Summum). Where a city is “communicat[ing] governmental messages”, as is the case here, it is “free to choose the [monument it displays] without the constraints of the First Amendment’s Free Speech Clause.”

That should be the end of this nonsense. The AIW is free to serve up an amended complaint, but it’s impossible to see how the group could come up with an actionable claim. The statue was the government’s to keep or remove. And it chose to remove it. Being angry isn’t the same as cognizable legal claim, something far too many plaintiffs fail to understand.

Posted on Techdirt - 1 July 2022 @ 09:34am

Kentucky Supreme Court Says Warrants Are Needed For Real-Time Cell Location Pings

In 2018, the Supreme Court declared warrantless access to historical cell site location information unconstitutional, given the privacy implications of being able to track someone’s movements over days or weeks without bothering to secure a warrant. Prior to this decision, cell site location info (CSLI) was treated as a third party record, requiring neither a warrant nor probable cause to obtain.

It did not extend this coverage to real-time access to CSLI, tower dumps, or ping requests made to service providers to engage in quasi-real time tracking. However, other courts in the nation have been willing to extend the coverage of the Carpenter decision, applying it to other third party records, including real-time acquisition of cell location info.

One of the courts to do so was the Kentucky state appeals court. In a case dealing with the apprehension of a robbery suspect, the court suppressed real-time location info law enforcement obtained without a warrant from a cell service provider — information that proved instrumental in officers’ location and arrest of the suspect.

This decision said this information was no longer covered by the Third Party Doctrine, but by the Fourth Amendment.

Thus, because pinging a cell phone enables the police almost instantaneously to track individuals far beyond the public thoroughfare into areas where they would have a reasonable, legitimate expectation of privacy, we conclude that a warrant is required to acquire real-time CSLI.

The government appealed the 2020 appellate decision, hoping the state’s top court would reverse the lower court’s decision. This bet has failed to pay off. The Kentucky Supreme Court has affirmed the lower court’s decision, declaring that access to real-time cell site location info requires the use of a warrant. The decision [PDF] also affirms the denial of good faith to the officers who obtained this info. (via FourthAmendment.com)

Like the Court of Appeals, we find that the police acquisition of Reed’s real-time CSLI was a warrantless, unreasonable search, and we find that the good-faith exception to the exclusionary rule does not apply in this case. Accordingly, we affirm the decision of the Court of Appeals to reverse the trial court’s judgment and remand this case to the trial court for further proceedings.

Like the appeals court, the Supreme Court says good faith doesn’t apply because “the officers were not acting in reliance of binding precedent.” Unlike far too many other courts, Kentucky’s top court refuses to grant good faith simply because no precedent exists. It holds cops in the state to a higher standard: a need for affirmative judicial precedent that supports their action, rather than simply allowing cops to abuse legal gray areas until contravening precedent is generated.

Key to the court’s findings here is how this information is obtained. Rather than being a third party record created by someone simply having their phone on while near cell towers, the location data obtained here required the interference of the cell service provider.

Real-time CSLI is not a passive location record but data generated by an affirmative action—a “ping” taken by the cell-service provider at the behest of a law enforcement officer. By “pinging” an individual’s cell phone, the cell service provider is able to determine, instantaneously, the cell phone’s location in relation to the available cell sites and to communicate that location information to law enforcement.

And that’s where the search moves from “reasonable” to “unreasonable,” says the court.

In obtaining an individual’s cell phone’s real-time CSLI, police commandeer the cell phone and its transmissions for the purpose of locating that individual. We find this usurpation of an individual’s private property profoundly invasive, and we liken it to a technological trespass. Such an appropriation of an individual’s cell phone is precisely the sort of invasion that we find the average citizen unwilling to accept.

Historic CSLI is intrusive because it allows law enforcement to track someone’s movements after the fact, providing officers with plenty of information about a person’s life, habits, contacts, and other activities. Prospective (“real-time”) CSLI is intrusive because it forces someone’s phone to, in essence, “answer” to law enforcement by providing its current location.

The government tried to argue that real-time pings were no different than observing a driver on a public road… apparently because law enforcement performed the stop on a public road. The court finds this argument ridiculous.

We do not disagree that an individual has no reasonable expectation of privacy in his movements on a public road and, thus, law enforcement may constitutionally observe those movements. But at issue in this case is not the observation of Reed’s movements on a roadway or the traffic stop performed on Reed’s vehicle but the acquisition of Reed’s CSLI that enabled officers to conduct a dragnet to intercept Reed’s vehicle. At the time police pinged Reed’s cell phone, Reed was not under visual police surveillance. Instead, the only reason police were able to locate and surveil Reed on a roadway was as a result of their acquisition of Reed’s CSLI. It is the constitutionality of the acquisition of Reed’s CSLI, not of his traffic stop, that we consider today. As such, we regard Knotts as inapplicable in this case. We find that a person’s reasonable expectation of privacy in his CSLI is unaffected by his or his cell phone’s physical location at the time the CSLI is generated or acquired by police.

Furthermore, the court says, giving the government’s other argument (that the third party doctrine is engaged just because a cell user has granted permission for third parties to gather data) credence would allow widespread abuse of third parties to bypass the Fourth Amendment.

Permitting application of the third-party doctrine to real-time CSLI would drastically alter the landscape of digital privacy. By the same logic offered by the Commonwealth, law enforcement could contact application developers whose applications are authorized to use the camera and microphone on a cell phone. Law enforcement could then, via those application developers, commandeer the cell phone as a photo, video, and audio surveillance device, simply because the cell phone’s owner granted authorization to those applications.

The government loses its evidence (again) and the case returns to the trial court where prosecutors can try to put the suspect behind bars, but without the benefit of the CSLI info or evidence derived from the traffic stop that followed the warrantless pings. And, again, the Kentucky court system holds officers in the state to a higher “good faith” standard — one that says cops don’t get to play fast and loose with unsettled law unless they like seeing their evidence tossed. More courts should do the same.

Posted on Techdirt - 30 June 2022 @ 01:33pm

Italian Exploit Developer Follows Hacking Team’s Lead, Sells Powerful Spyware To Human Rights Violators

Italian malware developer Hacking Team began making headlines in 2014. Infections uncovered by researchers at Toronto’s Citizen Lab and Russia’s Kaspersky Lab were traced back to servers located in the United States, Canada, UK, and Ecuador. The US servers topped the list. The second place finisher, however, was Kazakhstan.

Here’s a summary of the Kazakhstan government’s human rights abuses, as compiled by the US State Department:

Significant human rights issues included: unlawful or arbitrary killing by or on behalf of the government; torture by and on behalf of the government; political prisoners; problems with the independence of the judiciary; restrictions on free expression, the press, and the internet; interference with the rights of peaceful assembly and freedom of association; restrictions on political participation; corruption; trafficking in persons; and restrictions on workers’ freedom of association.

Hacking Team’s willingness to sell to abusive authoritarians was further exposed when it was (ironically) hacked by outsiders and its internal documents shared with the general public. The company’s internal “wiki” contained a list of customers, which included UN-blacklisted country Sudan. It also sold its malware to Russia, Saudi Arabia, Egypt, and Malaysia — countries all known for their long histories of human rights abuses. Its exploits also ended up in the hands of Mexican drug cartels.

Hacking Team has since been absorbed by another entity and now does business (but what kind?) under the name “Memento Labs.”

There’s a new Italian player on the phone exploit scene. RCS Labs is filling the void Hacking Team left in its apparent demise, apparently starting with none other than one of Hacking Team’s most infamous customers.

Cyber-security researchers have unearthed a new enterprise-grade Android spyware called ‘Hermit’ that is being used by the governments via SMS messages to target high-profile people like business executives, human rights activists, journalists, academics and government officials.

The team at cyber-security company Lookout Threat Lab uncovered the ‘surveillanceware’ that was used by the government of Kazakhstan in April, four months after nationwide protests against government policies were violently suppressed.

“Based on our analysis, the spyware, which we named ‘Hermit’ is likely developed by Italian spyware vendor RCS Lab and Tykelab Srl, a telecommunications solutions company we suspect to be operating as a front company,” the researchers said in a blog post.

A blog post by Google’s Threat Analysis Group (TAG) suggests RCS has relied on local ISPs to help deliver its malware payloads.

All campaigns TAG observed originated with a unique link sent to the target. Once clicked, the page attempted to get the user to download and install a malicious application on either Android or iOS. In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity. Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications. When ISP involvement is not possible, applications are masqueraded as messaging applications.

Not quite as elegant as NSO Group’s zero-click exploit, Pegasus. But just as nefarious, seeing as it cloaks itself as an official message from targets’ internet service providers. And RCS appears to be far less selective about who it sells to. That’s where the front company comes in, which likely enables RCS to provide malware to foreign governments the Italian government would rather local companies didn’t sell to, like the following:

RCS Lab has engaged with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Vietnam, Myanmar, and Turkmenistan.

None of these countries will ever top the “Least Likely To Abuse Powerful Spyware” list anytime soon. Marketing the “Hermit” malware as “lawful intercept” won’t decrease lawless applications. The only thing that can prevent abuse is refusing to sell to countries that routinely abuse their own citizens for fun and profit.

And RCS has apparently found a way to bypass Apple’s usually robust app store safeguards to deploy its malware, as The Verge reports:

Attackers were able to distribute infected apps on iOS by enrolling in Apple’s Developer Enterprise Program. This allowed bad actors to bypass the App Store’s standard vetting process and obtain a certificate that “satisfies all of the iOS code signing requirements on any iOS devices.”

It’s certain more evidence of abusive deployment will come to light in the near future, now that multiple security researchers have detected infections that can be traced back to RCS malware. And if RCS insists on doing business with shady governments, it can expect to find itself in the same sanctioned boat as Israeli malware merchants NSO Group and Candiru.

Posted on Techdirt - 30 June 2022 @ 10:41am

The Future Of Policing In China Is Pervasive, Surveillance-Driven Law Enforcement Crystal Balls

China is choked by surveillance. It’s everywhere and it touches every aspect of its citizens’ lives. The government uses it to stifle dissent, control the population, and persecute undesirables.

Law enforcement has been doing pre-crime for years, but China’s version is amped up and all-consuming. “Guilty until forever” is the guideline in China, where massive amounts of data from surveillance dragnets allow the government to assume things about people. It also allows them to convert normal activities into crime predicates by assuming the worst about its own citizens. This New York Times report shows just how far off the pre-crime deep end China has gone. Everything is on the table because, well, everything is available to a government that immerses its citizens in always-on surveillance.

The latest generation of technology digs through the vast amounts of data collected on their daily activities to find patterns and aberrations, promising to predict crimes or protests before they happen. They target potential troublemakers in the eyes of the Chinese government — not only those with a criminal past but also vulnerable groups, including ethnic minorities, migrant workers and those with a history of mental illness.

They can warn the police if a victim of a fraud tries to travel to Beijing to petition the government for payment or a drug user makes too many calls to the same number. They can signal officers each time a person with a history of mental illness gets near a school.

The only way to opt-out (so to speak) is to get off the surveillance grid. The Times report details the efforts taken by 74-year-old Zhang Yuqiao, who has been petitioning the government regularly for years. To avoid being caught in China’s surveillance net (and punished for bothering his government too often), Zhang turns off his phone, uses cash, and buys multiple rail tickets to destinations he’s never going to travel to.

That sort of effort may pay off in the short run. But it’s only a matter of time before the Chinese government decides a dearth of generated data is itself indicative of criminal plans or activities. After all, even the US government tends to believe these same things (the carrying of cash, tickets purchased at the last minute or for one-way trips) are things only criminals do.

And, much like every other government in the world, the Chinese government trumpets the successes of this pre-crime program that affects billions by pointing out the rounding error’s-worth of wins the system has provided. The wins, though, are underwhelming. Two cases highlighted by the Chinese government involved a fake migration permit and the apprehension of someone involved in a pyramid scheme. Not exactly the sort serious crime/national security threat one would assume an expensive, expansive system would be used for.

To accomplish this, the Chinese government is recruiting local tech companies. One is Megvii, an AI startup that has, for the past five years, created a “search engine for crime” that “digs out ordinary people who seem innocent” to help the government punish people for things like spending too much time at a train station.

Another is Hikvision, which supplies cameras to many of the Chinese government internment camps. The end goal of this collaboration is to shield the government from controversy and criticism.

In 2022, the police in Tianjin bought software made by a Megvii competitor, Hikvision, that aims to predict protests. The system collects data on legions of Chinese petitioners, a general term in China that describes people who try to file complaints about local officials with higher authorities.

It then scores petitioners on the likelihood that they will travel to Beijing. In the future, the data will be used to train machine-learning models, according to a procurement document.

Local officials want to prevent such trips to avoid political embarrassment or exposure of wrongdoing. And the central government doesn’t want groups of disgruntled citizens gathering in the capital.

Authorities are invited to fill in the blanks as to perceived temperament of those listed as problematic petitioners, often using loaded terms like “paranoid” or “short tempered.” This tracks directly with other efforts uncovered by the New York Times using leaked or otherwise obtained documents detailing Chinese surveillance — ones that include increased surveillance of “key persons” targeted by the government: people with mental illnesses, migrant workers, “idle” teenagers, ethnic minorities, and people suffering from HIV.

As for staying off the grid, like Zhang Yuqiao has tried to do? Well, as he found out when he started dodging the government’s surveillance, the grid comes to you. Photos in article show several cameras set up near Zhang’s home. According to Zhang, there are no other cameras in the village. When he has tried to dodge surveillance by turning off his phone, officers show up at his house to make sure he isn’t off on another trip to Beijing to again demand compensation for the torture of his family during the Cultural Revolution.

That’s how pre-crime works. The surveillance net is deployed. Data and recordings are fed to algorithms. The government adds its own bias. And out pops the sort of thing we’re seeing here: the unending persecution of someone who just wants the government to be held accountable for its actions. That’s the sort of threat the Chinese government really fears. Regular criminal activity is a nuisance. But government criticism is dangerous.

Posted on Techdirt - 29 June 2022 @ 10:43am

NSO Lawyer Tells Lawmakers Company Can Count To Five, Will Need More Time To Count Higher Than That

Israeli phone malware manufacturer NSO Group has plenty of customers. Or at least it did until the Israeli government edited the company’s list of approved customers and the US government slapped sanctions on it.

NSO has sold its malware to plenty of abusive governments with long histories of human rights violations. It has also sold its products to countries far less notorious for human rights abuse, but who still misused the company’s powerful Pegasus malware to target dissidents, political opponents, and government critics.

Facing pressure and criticism from pretty much every country that doesn’t openly engage in human rights abuses, NSO Group is trying to survive several months of bad press, sanctions, and dwindling funding. When not courting potential purchasers who may not care about the company’s sordid past, NSO Group reps are answering questions posed to them by lawmakers who appear to be poised to engage in more direct regulation of malicious code.

According to this report by Antoaneta Roussi for Politico, the spyware developer has publicly admitted it has a handful of European customers.

The Israeli spyware firm NSO Group on Tuesday told European lawmakers at least five EU countries have used its software and the firm has terminated at least one contract with an EU member country following abuse of its Pegasus surveillance software.

Speaking to the European Parliament’s committee looking into the use of spyware in Europe, NSO Group’s General Counsel Chaim Gelfand said the company had “made mistakes,” but that it had also passed up a huge amount of revenue, canceling contracts since misuse had come to light.

“At least five” leaves a whole lot open to interpretation. And counting any number accurately seems like something a tech company that has developed some of the most fiendishly clever malware ever created should be able to do easily. Providing an accurate total should be well within its technological grasp.

But, much like the FBI and its billions in funding can’t seem to count the number of encrypted devices in its evidence lockers, NSO Group appears to be unable to count the number of European customers it has in total during testimony it was informed ahead of time it would need to attend.

That’s all NSO could provide, apparently. And it’s not much. We already know Poland is an NSO customer. (And it’s still part of Europe, no matter what the Russian government would prefer at the moment.) And it seems pretty clear the Spanish government has deployed the malware. Phones owned by Catalan members of the EU Parliament were hit with Pegasus malware and the Spanish government has made no secret of its desire to crush the Catalan independence movement.

That’s two out of the “at least five.” Every other country in the European Union has “national security interests” and a desire to fight crime — two justifications used by NSO to move its product — so it stands to reason the number of European customers is much greater than the “at least five” NSO claims to have.

More ridiculous than this open-ended (but still seemingly small!) number the NSO handed to EU lawmakers is the follow-up statement by its general counsel.

At least five EU countries had used NSO’s tool, Gelfand said, adding he would come back to MEPs with a “more concrete number.” 

“Come back?” Are you kidding? How does NSO’s lawyer not have the actual number readily available? How was it not possible to have the actual number sent to him during this inquiry, moments after asking for it from NSO’s executives or account managers?

The only answer for this lack of accurate information is someone doesn’t want it revealed. NSO may not want to let the rest of the world know how many customers it has in Europe, especially given the propensity of its customers to abuse its products. And plenty of EU members may not want the public to know they’ve been buying powerful tech tools from a shady digital arms dealer.

Claiming you’ll come back with an answer when you already have instant access to one is pure bullshit. Granted, it’s the kind of bullshit you pay your general counsel handsomely to deliver when facing government inquiries but it’s not the sort of thing that endears you to regulators or the public they serve. This inability to count past five is going to do more reputational damage to a company that literally cannot afford it.

Posted on Techdirt - 28 June 2022 @ 10:51am

Security Researchers: Indian Police Agencies Digitally Planted Evidence To Frame Activists

Law enforcement agencies have access to very powerful digital tools. Thanks to companies with eyes on market expansion but very little consideration of moral or ethical issues, cops have the power to completely compromise phones, turning them into unwitting informants… or worse.

This blockbuster report — written by Andy Greenberg for Wired and based on research performed by Citizen Lab and SentinelOne — shows cops can use powerful malware to create the probable cause they need to start arresting people. The fix is in.

More than a year ago, forensic analysts revealed that unidentified hackers fabricated evidence on the computers of at least two activists arrested in Pune, India, in 2018, both of whom have languished in jail and, along with 13 others, face terrorism charges. Researchers at security firm SentinelOne and nonprofits Citizen Lab and Amnesty International have since linked that evidence fabrication to a broader hacking operation that targeted hundreds of individuals over nearly a decade, using phishing emails to infect targeted computers with spyware, as well as smartphone hacking tools sold by the Israeli hacking contractor NSO Group. But only now have SentinelOne’s researchers revealed ties between the hackers and a government entity: none other than the very same Indian police agency in the city of Pune that arrested multiple activists based on the fabricated evidence.

I get it. Who doesn’t like an easy day at work? Planting evidence makes arrests easy. Cops do it all the time. The difference here is the cops don’t have to carry around contraband on their persons or in their vehicles and wait for a situation to present itself.

Using powerful malware, officers can plant evidence whenever it’s most convenient for them and follow up with an arrest and device seizure that allows them access to the evidence they planted. And it’s not just for phones. The report notes that one activist arrested as the apparent result of planted evidence had his laptop compromised by police malware, allowing the Pune police to add 32 incriminating files to his hard drive.

It took researchers several months to confirm attribution. The link to the police department came via a recovery email address and phone number attached to compromised email accounts. That information was traced back to a police official in Pune who somehow thought it was wise to include his full name in the bogus recovery accounts.

That malware deployment has turned from passive to offensive shouldn’t come as a surprise. Very few malware developers care how their products are used and tend to make changes only when prompted by sanctions or months of negative press.

And it definitely shouldn’t come as a surprise that an element of the Indian government is abusing malware to plant evidence to shut down dissent. That’s the Indian government’s main goal at this point: to force the nation’s 1.2 billion residents into subservience by any means necessary. Whether it’s a law that abuses the notion of national security to turn residents into billions of data points or the government openly targeting critics via social media services (and threatening those services with fines and imprisonment when they fail to play along), the Indian government continues to expand the size of its thumb and, with any luck, will have an entire nation under it in the near future.

Posted on Techdirt - 27 June 2022 @ 03:37pm

Victims’ Rights Laws Abused Again To Hide Identities Of Officers Who Killed Someone

Ten states are currently home to a version of California’s “Marsy’s Law.” This law is a “victim’s rights” law, named after a California murder victim. It was written with the intent of involving crime victims in the criminal justice process, giving them a “right” to be heard during court proceedings, choose their own representation (rather than be solely represented by the prosecution), and — as is most relevant here — prevent crime victims’ names from being released publicly.

That’s where these laws have become convenient for cops. When cops deploy excessive force (including killing people), the person subjected to police violence is often hit with criminal charges. Resisting arrest is a popular one. So is “assaulting an officer,” which may mean nothing more than a person bumped into an officer while being detained. Since those are criminal charges, the cops turn themselves into victims, despite having performed far more violence than the person they restrained (to death, in some cases).

States where victim rights laws are in force allow officers to prevent their names from being published by media covering deadly force incidents. Since the cops are nominal “victims,” the law applies to them. A law enforcement officer in South Dakota used the state’s law to keep their name out of the papers following their shooting of driver during a traffic stop.

The same thing happened in Florida a few years later. Two cops who deployed deadly force were able to convince a judge the state’s Marsy’s Law applied to them — even superseding the public’s right to this information through the state’s public records laws.

It has happened again. Same state, same law, same outcome. Here’s Scott Shackford for Reason:

In Sarasota County, three deputies were sent to a condo in April to help evict 52-year-old Jeremiah Evans. According to Sarasota County Sheriff Department’s report, Evans pulled out a knife and threatened the deputies. One of the deputies shot and killed Evans.

Prosecutors determined that the shooting was justified. The Sarasota Herald-Tribune submitted a public records request to the State Attorney’s Office, and among the information they received were the unredacted last names of the deputies involved.

Then the Sarasota County Sheriff’s Office swung into action, going to a judge to invoke Marsy’s Law to try to prohibit the newspaper from publishing the names of the officers involved. On Friday evening a judge granted a temporary injunction preemptively prohibiting the newspaper from publishing the officers’ names. Despite failing to redact the names by accident, the State Attorney’s Office also supported the sheriff’s department and joined the action against the newspaper, essentially attempting to shift responsibility onto the newspaper for the office’s own supposed breach of the law.

The Herald-Tribune, which had already obtained some of this information (last names only) from the state attorney’s office, is rightfully upset at this turn of events. It has filed a motion in opposition to this injunction — one secured by both the Sheriff’s Office and the state attorney — pointing out that this is an unjustified abuse of the victim’s rights law in hopes of memory-holing information already provided to the paper.

In the newspaper’s motion, attorneys said nothing in Marsy’s law creates a private right of action against third parties or empowers courts to “censor private persons, such as respondents.” If disclosure of the deputies’ names violated Marsy’s Law, the motion argues, the violator was the State Attorney’s Office, not the newspaper. 

“Petitioners cite no case law that places Marsy’s Law above the free-speech guarantee in Article I, Section 4 of the Florida Constitution. And any reading of Marsy’s Law that prohibits the news media from publishing publicly disclosed information also would bring Marsy’s Law into conflict with the United States Constitution,” the motion states.

First and foremost, the law cannot be used to stuff the genie back into the bottle. The newspaper already has access to the involved officers’ last names, thanks to a public records response by the state attorney’s office. The emergency injunction does not prevent the paper from publishing information it already has because the public release, as the paper points out, was performed by the state attorney.

Second, the injunction process appears to have abandoned the concept of due process entirely. It was obtained by the sheriff and state attorney with zero opportunity for input from the party directly affected by the injunction. The paper was not notified the injunction was being sought and was not informed of law enforcement’s efforts until after the order was secured. And it was obtained on Friday evening at 6:30 pm, presumably to maximize the length of the questionably obtained opacity, preventing the paper from engaging in any challenge of the order until the following Monday.

This certainly isn’t the way those writing these laws expected them to be used. But that’s what these laws enable when they’re abused by public employees who deploy deadly force: a larger gap between state law enforcement officers and the already distant accountability that rarely serves to deter future misconduct.

More posts from Tim Cushing >>