Capitalist Lion Tamer’s Techdirt Profile


About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]

[recently retired]

[various side projects]

Posted on Techdirt - 27 June 2017 @ 6:45pm

To Avoid Being Cut Out Of The Market, US Tech Companies Are Allowing Russian Vetting Of Source Code

from the backdoors-for-all dept

Nobody trusts anybody, and it's probably going to end up affecting end users the most. The Snowden leaks showed the NSA's Tailored Access Operations routinely intercepted network hardware to insert backdoors. The exploits leaked by the Shadow Brokers indicated the NSA was very active on the software exploit front as well.

In response to the Snowden leaks, it appears the Russian hardware/software purchasers are stepping up their due diligence efforts. This comes at a time when the Russian government is suspected of hacking away at the American democratic process, as Reuters reports.

Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems.

According to the article, multiple US officials and company executives are tracing the uptick in review demands to a downturn in US-Russian relations following Russia's 2014 annexation of Crimea. But the NSA's hardware operations were exposed in mid-2014, so it's hard to believe the Snowden effect isn't in play.

[Some] reviews are… conducted by the Federal Service for Technical and Export Control (FSTEC), a Russian defense agency tasked with countering cyber espionage and protecting state secrets. Records published by FSTEC and reviewed by Reuters show that from 1996 to 2013, it conducted source code reviews as part of approvals for 13 technology products from Western companies. In the past three years alone it carried out 28 reviews.

Since these companies aren't willing to give up their share of an $18.4 billion market, compromises are being made. Examinations of code are being done in "clean rooms," with conditions somewhat controlled by the companies being vetted. But this isn't always the case. Nor are these precautions necessarily enough to prevent those doing the vetting -- some linked to the Russian government -- from finding undiscovered security holes and flaws. The vetting may help keep Russian government agencies and private companies from being spied on by the US, but it's not going to do much to keep the Russian government from spying on Russian companies and Russian computer users.

So far, only one company has publicly announced its refusal to submit its software for vetting. Symantec has rejected testing by Echelon, a Moscow-based lab with some tenuous ties to the Russian military.

But for Symantec, the lab "didn't meet our bar" for independence, said spokeswoman Kristen Batch.

“In the case of Russia, we decided the protection of our customer base through the deployment of uncompromised security products was more important than pursuing an increase in market share in Russia,” said Batch, who added that the company did not believe Russia had tried to hack into its products.

The company also provides testing for the Russian Ministry of Defense and multiple law enforcement agencies. Echelon claims it's wholly independent from the Russian government, but those assertions haven't been enough to overcome Symantec's objections. Other companies (the article lists HP and IBM) have allowed their products to be tested by Echelon, but neither were willing to comment on this story.

The Russians are checking for US backdoors while potentially seeking to install their own. US companies are given the choice of possibly aiding in Russian domestic surveillance or being locked out of the market. Any lost sales here can at least be partially chalked up to the Snowden leaks. If so, the fallout from the leaks is still causing harm to US companies, years down the road.

9 Comments | Leave a Comment..

Posted on Techdirt - 27 June 2017 @ 3:33pm

Court Says Gov't Has To Give Back $167,000 It Seized During A String Of 4th Amendment Violations

from the rare-loss-for-civil-asset-forfeiture dept

The Ninth Circuit Court of Appeals has no good news for the lying law enforcement officers who were hoping to walk off with $167,000 of someone else's money. Two years ago, the district court ruled in favor of Straughn Gorman, who was subjected to two lengthy traffic stops in less than an hour by officers hoping to help themselves to cash he was carrying in his RV.

After stopping Gorman for a non-violation (driving too slow in the left lane), State Trooper Greg Monroe spent roughly a half-hour trying to obtain consent to search Gorman's RV. His reasonable suspicion? Gorman's use of the word "chick" to describe the girlfriend he was driving to visit and the supposedly "rehearsed" aspects of his employment history. Trooper Monroe performed an extensive background check on Gorman while hoping to prolong the stop until a K-9 unit could be deployed, but even his non-routine call to an El Paso DEA records center failed to drag out the traffic stop long enough for it to arrive.

All Monroe knew when he finally let Gorman go is Gorman had at least $2,000 on him. Monroe wasn't going to let this money get away, so he called up another officer from another agency and "relayed his suspicions." He also told the other officer (Deputy Doug Fisher) to bring a drug-sniffing dog with him. Fisher wasn't assigned to patrol the highway Gorman was traveling on, but decided that would be the best use of his time.

Fisher pulled over Gorman after his tire touched the fog line a couple of times. Another records check was run, even though Fisher already knew what results to expect, thanks to Trooper Monroe's heads-up. The drug dog supposedly alerted near a right-rear compartment of the RV. Gorman gave the deputy permission to search that area, but that wasn't good enough for Fisher. Fisher said the alert gave him permission to search the entire RV. This resulted in the discovery of $167,000 in cash, which Fisher took. Gorman was (again) free to go. Gorman was never charged with any criminal act, much less given a citation for the supposed moving violations that predicated the two stops.

The government appealed the lower court's decision, which gave Gorman back his $167,000 plus legal fees. It raised a number of defenses for its actions (which included the state's attorney omitting several facts about the two searches from its affidavits), but the Appeals Court is no more receptive of this deception and deceit than the lower court. From the decision [PDF]:

We hold that the search of Gorman’s vehicle following the coordinated traffic stops violated the Constitution and affirm the district court’s order granting Gorman’s motion to suppress. Gorman’s first roadside detention was unreasonably prolonged in violation of the Fourth Amendment. The dog sniff and the search of Gorman’s vehicle, in turn, followed directly in an unbroken causal chain of events from that constitutional violation. As a result, the seized currency is the “fruit of the poisonous tree” and was properly suppressed under the exclusionary rule.


The coordinated action at issue in Gorman’s case offers a prime illustration of the value of the “fruit of the poisonous tree” analysis. The analysis allows us to see the officers’ conduct in Gorman’s case as what it is: a single integrated effort by police to circumvent the Constitution by making two coordinated stops. When the result of one stop is communicated and, on that basis, another stop is planned and implemented, the coordinated stops become, in effect, one integrated stop that must as a whole satisfy the Constitution’s requirements. An illegal police venture cannot be made legal simply by dividing it into two coordinated stops.

This won't be the only time officers behave this way. The Supreme Court's Rodriguez decision stated traffic stops are over once the "objective is complete." This forces officers to be a bit more creative if they're engaged in fishing expeditions without reasonable suspicion to extend the stop. One "solution" is shown above: have a second law enforcement officer initiate a stop to prolong the roadside investigation without triggering the protections of Rodriguez. Another "solution" is to have K-9 units perform stops or be in close proximity, thus lowering the chances of a court finding the stop to be "prolonged."

Both of these solutions are violations of Rodriguez, even if some courts will award the government points for effort. Fortunately, there are a few courts adhering to the intent of the decision: it's not the length of the Fourth Amendment violation, it's the violation itself.

Unfortunately, anything cash-related tends to make officers bypass their better judgment and push the edge of the Fourth Amendment envelope. The good news -- at least for Straugh Gorman -- is he's getting all of his cash back, plus legal fees. That it took more than two years for this to happen is unfortunate, but to be expected -- especially in a legal system that's stacked against victims of civil asset forfeiture.

Read More | 19 Comments | Leave a Comment..

Posted on Techdirt - 27 June 2017 @ 11:56am

How The ACLU's Fight To Protect 'Indecent' Speech Saved The Internet From Being Treated Like Broadcast TV

from the early-adopters-FTW dept

The ACLU is celebrating twenty years of making the internet better. On June 26th, 1997, the ACLU prevailed in Reno v. ACLU, with the Supreme Court striking down the anti-indecency portions of the 1996 Communications Decency Act (CDA).

As can be gathered by the law's name, it was written from a position of morality and panic -- the fear that the internet's connectivity would drown the nation's youth in easily-accessible porn. And yet, the law survives today as one of the most important factors in the internet's speedy growth, thanks to Section 230, which prevents service providers and social media platforms from being held civilly responsible for users' posts and actions.

But it might not have been that way. In 1996, the ACLU didn't even have a website of its own and most legislators had nothing more than bill sponsors' parades of horribles to go on. So, for the children, the CDA criminalized "obscene or indecent" material if it could be viewed by minors.

It was another case of legislators "knowing" what was indecent when they saw it. But even under that wholly subjective standard, the government spent most of its time shrugging.

During the various internet censorship cases the ACLU brought, we asked the government to identify speech in each category, and they were largely unable to do so. For example, they said that an online photo on Playboy’s website of a topless woman was not harmful to minors, but a virtually identical photo on Penthouse’s website was.

The ACLU's website was born from this legal battle. In order to show standing, the ACLU had to publish something the government might consider "indecent." It chose a Supreme Court decision declaring George Carlin's famous "Seven Words You Can't Say on TV" monologue "indecent." The entire monologue was included in the decision's appendix. The ACLU posted the decision and asked readers to guess which words the Supreme Court had found indecent. Obviously, it ended up with far more than seven words, which was enough to give it standing to challenge the CDA provision.

The plan worked. The ACLU took its challenge all the way to the Supreme Court and won. If it hadn't, the internet would be as boring and lifeless as the blandest of network TV offerings. That's the standard legislators were hoping to apply to the world's greatest communication platform: the same rules the FCC applies to broadcast TV. The Supreme Court struck down this damaging provision, recognizing the enormous potential of the web and the threat posed to it by "think of the children" legislation.

The record demonstrates that the growth of the Internet has been and continues to be phenomenal. As a matter of constitutional tradition, in the absence of evidence to the contrary, we presume that governmental regulation of the content of speech is more likely to interfere with the free exchange of ideas than to encourage it. The interest in encouraging freedom of expression in a democratic society outweighs any theoretical but unproven benefit of censorship.

The ACLU's site has a long interview with Chris Hansen, who led the ACLU's litigation. It's well worth reading, especially considering what the web might have become if no one had stepped up to defend "indecent" speech.

24 Comments | Leave a Comment..

Posted on Techdirt - 27 June 2017 @ 3:23am

Appeals Court Upholds Matthew Keys' Two-Year Sentence For A 40-Minute Web Defacement

from the can-never-have-too-much-deterrent-apparently dept

The Ninth Circuit Court of Appeals has upheld Matthew Keys' conviction and sentence of two years for a 40-minute web defacement he didn't actually perform himself. That works out to basically 18 days for every minute of mild disruption the LA Times suffered, as it (very briefly) suffered through a headline changed to read "Pressure builds in House to elect CHIPPY 1337."

Prosecutors actually wanted five years for this momentary mild hacking, but still managed to end up with two years after the LA Times submitted enough paperwork to make it appear as though this 40-minute malicious hiccup racked up $1 million in CFAA damages.

The appeals court isn't there to question the accuracy of the LA Times' bill of lading, but it does use the inflated figure to affirm the part of the sentencing affected by the claimed damages. From the unpublished opinion [PDF]:

Concerning employee response time, the district court did not abuse its discretion by relying on loss estimates based on employees’ testimonies or on the worksheet prepared by a Fox 40 executive. In response to Keys’s challenge to inconsistencies in the employee salary evidence, the district court appropriately re-reviewed the trial testimony and considered the amount in light of national statistics on the value of non-liquid employee benefits.

The government presented evidence that nearly all of the 20,000 Fox 40 Rewards Program members cancelled their participation in response to Keys’s conduct. Starting essentially from square one, the database took three years to rebuild. The district court did not abuse its discretion in relying on the Fox 40 executive’s representation that this process cost $200,000. It was appropriate for the district court to order restitution in the amount it cost Fox 40 to replace the member database, as it would be difficult to determine the fair market value of such an asset.

Basically, this database could have been worth any amount, so why not the $200k the LA Times claims it's worth. That adds to the restitution amount owed by Keys and also plays a small part in the sentencing. But in total, this is overkill for a 40-minute web defacement, especially one performed by someone else using Keys' login credentials. The move may have been petty and amateurish but it's extremely difficult to believe the momentary elevation of Chippy 1337 to the front page of the LA Times' website warrants a two-year sentence and thousands of dollars in fines.

But it appears the DOJ is happy with this outcome. And having completed its prosecution of Keys, it's presumably performing an OJ Simpson-style hunt for the person who actually performed the defacement.

Read More | 75 Comments | Leave a Comment..

Posted on Techdirt - 26 June 2017 @ 10:35am

Appeals Court Sticks Trolling 'Stupid Patent' Winner With $43,000 In Legal Fees

from the nominal-East-Texans-to-experience-lifestyle-changes dept

Winning the never-coveted "Stupid Patent of the Month" award is no honor. In fact, it sometimes enrages recipients to the point of sueball-throwing. But there is definitely a large amount of schadenfreude to be enjoyed by onlookers -- perhaps no more so than in the case of 2015 "SPotM" winner, conspiratorially-monikered Rothschild Connected Devices Innovations, LLC (whose limited liability fails to save it).

Rothschild "invented" a method of hooking up a mixing device to the internet to allow consumers to produce custom blends of their own. Prior art should have invalidated it, but didn't. Instead, the stupid patent allowed Rothschild to go after anyone who allowed users to customize anything over the internet. In one case, Rothschild applied its super-vague patent to a remotely accessible thermostat, arguing this was patent infringement because it allowed users to remotely customize temperatures. To cap off its troll pedigree, Rothschild filed all of its infringement lawsuits in the Eastern Texas District.

Now it's being told by the Federal Circuit Court of Appeals it must shell out some money for its disingenuous claims and litigation. (h/t The Technologist) As the opinion details, Rothschild tried to dismiss the lawsuit once it became apparent it wasn't going to win. The defendant served Rothschild with notice the patent would likely be found invalid after examination, as its first patent claim was ineligible for protection under federal law. ADS (the defendant) offered to settle for $43,000 in legal fees. Rothschild refused.

ADS then filed a motion to dismiss, using the same information it had given to Rothschild. It also included prior art that further bolstered its claims about the patent's lack of validity. Rothschild quickly moved to dismiss the case, hoping to avoid both a settlement or being stuck with paying the defendant's legal fees. This attempt failed.

ADS moved to block the dismissal, detailing Rothchild's long history of patent trolling. From the decision [PDF]:

ADS opposed and filed a cross-motion for attorney fees pursuant to § 285,4 see J.A. 249, based on its view that Rothschild’s suit was objectively unreasonable because Rothschild knew or should have known that claim 1 covers patent-ineligible subject matter under § 101 and is anticipated by prior art under § 102(a)(1), see J.A. 261–64. ADS also argued that Rothschild did not intend to test the merits of its claim and instead filed this and over fifty other lawsuits in the District Court to “‘exploit[] the high cost to defend complex litigation to extract nuisance value settlements’” from various defendants.

The district court, however, granted the motion to dismiss and stated Rothschild's abuse of its likely-invalid patent was evidence of nothing. The Appeals Court reverses this decision, pointing out the lower court ignored evidence and statements presented to it by ADS almost as much as Rothschild did.

The District Court clearly erred by failing to consider Rothschild’s willful ignorance of the prior art. In its Safe Harbor Notice and Cross-Motion for attorney fees, ADS included prior art that purportedly anticipates claim 1 of the ’090 patent. In response to ADS’s Cross-Motion for attorney fees, Rothschild submitted two affidavits relevant here. In the first, Rothschild’s counsel stated that he had “not conducted an analysis of any of the prior art asserted in [the] Cross[-]Motion to form a belief as to whether that prior art would invalidate” the ’090 patent. In the second, Rothschild’s founder echoed these statements. However, in the same affidavits, Rothschild’s counsel and founder both assert that they possessed a “good faith” belief that the ’090 patent “is valid.” It is unclear how Rothschild’s counsel and founder could reasonably believe that claim 1 is valid if neither analyzed the purportedly invalidating prior art provided by ADS. More problematic here, the District Court did not address these incongruent statements in its analysis.


In his declaration, Rothschild’s counsel states that he “reviewed publicly available information regarding ADS’s products and, in good faith, made a determination that the accused products infringed at least claim 1 of the [’090 patent].” Rothschild’s founder makes similar statements in his declaration. However, neither Rothschild’s counsel nor its founder supports their declaration statements with examples of websites, product brochures, manuals, or any other publicly available information that they purportedly reviewed. The conclusory and unsupported statements from Rothschild’s counsel and founder that claim 1 of the ’090 patent is valid have no evidentiary value.

As for Rothschild's long history of East Texas trolling, the Appeals Court has this to say:

According to ADS, Rothschild has asserted claim 1 of the ’090 patent in fifty-eight cases against technologies ranging from video cameras to coffeemakers to heat pumps. Appellant’s Br. 9. Further, ADS contends that Rothschild has settled the vast majority, if not all, of these cases for significantly below the average cost of defending an infringement lawsuit.

The District Court rejected ADS’s contention, finding “the fact that a patentee has asserted a patent against a wide variety of defendants and settled many of those cases . . . does not alone show bad faith.” The District Court based this aspect of its analysis on a clearly erroneous assessment of the evidence. The District Court predicated its finding on “the absence of any showing that [Rothschild] acted unreasonably or in bad faith in the context of this suit.” However, as explained above, that ancillary finding improperly rests upon statements from Rothschild’s counsel and founder that have no evidentiary value. Therefore, in the absence of evidence demonstrating that Rothschild engaged in reasonable conduct before the District Court, the undisputed evidence regarding Rothschild’s vexatious litigation warrants an affirmative exceptional case finding here.

This being an "exception case," ADS is entitled to legal fees. The $43,000 Rothschild tried to duck by dismissing the suit is awarded to the defendant on reversal.

This will hopefully be the beginning of the end for this patent troll. A Supreme Court decision shutting down forum shopping -- primarily by making the Eastern District of Texas far more difficult to exploit -- should drive another nail into Rothschild's coffin. I'm sure it never had any intention of paying anything out to anyone, as is the nature of all IP trolling operations. Once the judgments start going the other way, it's difficult to continue to capitalize on this super-shady "business model."

Read More | 8 Comments | Leave a Comment..

Posted on Techdirt - 26 June 2017 @ 6:30am

To Keep The Skies Safe, The TSA Wants To Know What You're Reading

from the how-could-this-go-wrong dept

The TSA continues to expand the intrusiveness of its searches, supposedly justified by an increased threat to air travel that doesn't seem to have materialized. In fact, the TSA has admitted attacks on airplanes are the threat voted Least Likely To Occur. One only needs to look at the recent string of terrorist attacks to see there are far more efficient ways to attack the populace than purchasing a ticket and making your way past security.

Nevertheless, the charade continues, only with more of it as often as possible. Fliers are now being asked to stow explosive batteries in the cargo hold and liquid limits are still being enforced to ensure dangerous things like medication and breast milk aren't brought on board.

Now, the TSA wants to know what you're reading. As airlines have increased rates for checked bags, travellers are packing more and more into their carry-on luggage. This is causing problems for the TSA's X-ray machines, which are having more trouble discerning what's actually being carried in passengers' bags. The densest materials are the hardest to "see" through, so TSA agents will now be demanding access to reading materials travelers are carrying.

The TSA is testing new requirements that passengers remove books and other paper goods from their carry-on baggage when going through airline security. Given the sensitivity of our reading choices, this raises privacy concerns.

Tests of the policy are underway in some small airports around the country, and DHS Secretary John Kelly recently said that “we might, and likely will” apply the policy nationwide. “What we’re doing now is working out the tactics, techniques, and procedures, if you will, in a few airports, to find out exactly how to do that with the least amount of inconvenience to the traveler,” he told Fox News. The policy may also apply to food items.

There's no good reason for the government to know what you're reading. In fact, as the ACLU points out in this post, there are protections in place to prevent the government from obtaining that information.

[T]here is a long history of special legal protection for the privacy of one’s reading habits in the United States, not only through numerous Supreme Court and other court decisions, but also through state laws that criminalize the violation of public library reading privacy or require a warrant to obtain book sales, rental, or lending records.

But, as government lawyers have reminded citizens, travelling via air is a privilege, not a right, even in a country where someone's destination might be 3,000 miles away. (Travelling by car has its own set of Fourth Amendment problems. It's also far more dangerous. Deciding to drive not only takes longer, but subjects people to a whole new set of issues.) The decision to fly means allowing the government to do whatever it wants to make flying secure, even if nearly everything it does has zero effect on curbing terrorist activity.

There are plenty of reasons people might not want to share their reading habits with other fliers in eyesight of the examination are, much less a bunch of government employees with the power to detain people for almost any reason. It's not just about hiding trashy novels from TSA agents. It's about any number of reading materials that could subject to additional scrutiny by the government.

For example, in 2010 the ACLU sued on behalf of a man who was abusively interrogated, handcuffed, and detained for nearly five hours because he was carrying a set of Arabic-language flash cards and a book critical of U.S. foreign policy. We also know that the DHS database known as the “Automated Targeting System,” which tracks information on international travelers, has included notations in travelers’ permanent files about controversial books in their possession.

Since the searches aren't limited to books, but any set of papers flagged by scanners, lawyers carrying privileged legal documents might find themselves having to hand these over to TSA agents to page through. Reading anything about national security and/or terrorism is likely to result in enhanced screening efforts and (possibly) missed flights. The government has no right to know what you're reading, but it has the right to make you hand over everything you're hoping to carry onboard to do with it what it pleases. This includes adding travellers to secret lists that are almost impossible to be removed from or simply asking a bunch of irrelevant questions based on the incredibly faulty premise that terrorists would read certain materials when engaged in acts of terrorism.

The ACLU suggests two things the TSA can do to minimize privacy violations. One would be strict policies and new training procedures to better ensure travelers' privacy and to prevent the additional search from becoming a handy way to increase detentions and add travelers to secret lists.

The second thing would be more along the privacy lines voluntarily adopted by companies selling and shipping sensitive goods: the plain brown packaging program. Travellers should be allowed to use plain book covers to obscure titles and other sensitive information while still allowing agents to verify the books are just books and not, say, sheets of explosives or hollowed-out weapons containers. The TSA should only be interested in ensuring a book is a book. It should have zero interest in the title or content of travellers' reading materials.

X-ray machines are supposed to minimize intrusiveness by allowing travellers to keep their bags closed. The TSA is undoing this small privacy protection step-by-step, with books and other papers following electronic devices onto X-ray belts and into the hands of TSA agents. If the TSA is honest about its reasons for examining books separately, the lack of exterior identifying information shouldn't pose a problem. If it does, the TSA (or the agent performing the search) has ulterior motives and should be prevented from stripping away yet another layer of personal privacy at security checkpoints.

98 Comments | Leave a Comment..

Posted on Techdirt - 26 June 2017 @ 3:27am

Australia To Push For Encryption Backdoors At Next 'Five Eyes' Meeting

from the yet-another-forever-war dept

There's been no unified push for encryption backdoors from world leaders, but the number of those suggesting it might be a good idea has increased in recent months. UK Prime Minister Theresa May recently said terrorists shouldn't be allowed to use Whatsapp to hide their conversations from law enforcement even as her own party members routinely use the app to engage in secure communications. Newly-elected French president Emmanuel Macron said basically the same thing while campaigning, stating a preference for compelled access to encrypted communications.

Shortly before he was shown the exit door, former FBI director James Comey floated the idea of an "international framework" for encryption backdoors. It appeared Comey realized he wasn't going to be able to sell this idea at home, so perhaps a little international peer pressure would push US legislators towards mandating lawful access.

Comey may get his wish, even if he won't be able to take advantage of it himself. Australian Attorney General George Brandis is stating he'll be pushing for backdoors at the next Five Eyes meetup.

The United States, United Kingdom, Canada, Australia, and New Zealand, will meet in the Canadian city of Ottawa next week, where they will discuss tactics to combat terrorism and border protection, two senior Australian ministers said.

Australia has made it clear it wants tech companies to do much more to give intelligence and law enforcement agencies access to encrypted communications.

“I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption,” Australian Attorney General Senator Brandis said in a joint statement.

“These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies.”

Brandis has already rationalized away potential objections to backdooring encryption, reasoning that people's tendency to overshare on social media indicates they won't care if the government (or several governments, actually) has access to their private messages.

So far, there's very little real evidence criminals and terrorists are using encrypted services at a higher rate than non-criminals/terrorists. There have been several statements made to that effect and backed by public displays of devices law enforcement officials claim can't be unlocked, but most post-attack investigations show terrorists are still mostly using unencrypted communications platforms. Available evidence also shows investigations of normal criminal activity is rarely thwarted by device encryption. At this point, backdoors are a "solution" in need of a problem.

All that's happening here is a push to compromise personal security in the name of national security. A hole is hole, no matter how it's pitched in secret spy meetings.

49 Comments | Leave a Comment..

Posted on Techdirt - 23 June 2017 @ 1:37pm

UK Law Enforcement Telling Citizens To 'See Something Say Something' About Dark Web Use

from the surfing-with-the-enemy dept

See Something, Say Something (UK Edition) has arrived! In the wake of terrorist attacks, local law enforcement are urging people to report "suspicious" activities. There's a long list of things to be on the lookout for, but most notable is the call to view certain internet use as suspicious, as Joseph Cox reports.

Police in the capital have reportedly been handing out leaflets listing what authorities deem as suspicious activity, in the hope that vigilant community members can continue to provide helpful information to law enforcement. Perhaps, in a sign of how online communities play an increased role in radicalization, the leaflet specifically points to use of the dark web as a potential link to terrorism.

"Be aware of what is going on around you—of anything that strikes you as different or unusual, or anyone that you feel is acting suspiciously—it could be someone you know or even someone or something you notice when you are out and about that doesn't feel quite right," another version of the leaflet, which is part of a national campaign and not London specific, reads.

Specifically, it asks citizens to report someone "visiting the dark web or purchasing unusual items online." Not exactly the sort of thing one's likely to catch shoulder-surfing. The leaflet also recommends reporting people for engaging in suspicious photography -- something that's worked out oh so well here in the US.

As Cox points out, tying terrorism to dark web use is kind of pointless. While the dark web is no doubt used by some terrorists, it certainly isn't where most of their activity takes place.

[M]uch of the communication between Islamic State supporters takes place on social media, such as Telegram. And the group's and supporters' propaganda videos are often distributed on everyday social network sites.

What an "education" campaign like this has the potential to do is turn any deviation from normal web use into something inherently suspicious. If law enforcement likes chasing down worthless tips, depicting things non-terrorists do as terrorist-centric is a good way to get that ball rolling.

I don't doubt the public can play a part in preventing terrorist attacks, but the leaflet asks citizens to become intrusive extensions of the government. Most citizens aren't going to know whether their friends and neighbors surf the dark web, much less have any idea if they're "carrying out suspicious transactions on their bank account." The upshot will be a generalized heightened level of suspicion that will most likely manifest itself as expressions of citizens' inherent biases and bigotry.

34 Comments | Leave a Comment..

Posted on Techdirt - 23 June 2017 @ 10:42am

Cops Sent Warrant To Facebook To Dig Up Dirt On Woman Whose Boyfriend They Had Just Killed

from the blue-lives-are-more-equal-than-others dept

Everything anyone has ever said about staying safe while interacting with the police is wrong. That citizens are told to comport themselves in complete obeisance just to avoid being beaten or shot by officers is itself bizarre -- an insane inversion of the term "public servant." But Philando Castile, who was shot five times and killed by (now former) Officer Jeronimo Yanez, played by all the rules (which look suspiciously like the same instructions given to stay "safe" during an armed robbery). It didn't matter.

Castile didn't have a criminal record -- or at least nothing on it that mattered. Otherwise, he wouldn't have been allowed to own a weapon, much less obtain a permit to conceal the gun. Castile told Yanez -- as the permit requires -- he had a concealed weapon. He tried to respond to the officer's demand for his ID, reaching into his pocket. For both of these compliant efforts, he was killed.

Castile's shooting might have gone unnoticed -- washed into the jet stream of "officer-involved killings" that happen over 1,000 time a year. But his girlfriend, Diamond Reynolds, immediately live-streamed the aftermath via Facebook. Her boyfriend bled out while responding officers tried to figure out what to do, beyond call for more backup to handle a dead black man sitting in his own vehicle. Only after Yanez fired seven bullets into the cab of the vehicle did officers finally remove his girlfriend's four year old daughter.

To "win" at killing citizens, you must start the spin immediately. Yanez spun his own, speaking to a lawyer less than two hours after killing Castile. Local law enforcement did the same thing. Documents obtained by Tony Webster show Special Agent Bill O'Donnell issued a warrant to Facebook for "all information retained" by the company on Diamond Reynolds, Castile's girlfriend. This was to include all email sent or received by that account, as well as "chat logs," which presumably means the content of private messages. The warrant also demands any communications that may have been deleted by Reynolds, as well as metadata on photos or videos uploaded to Facebook. It came accompanied with an indefinite gag order.

Why would law enforcement want (much less need) information from the victim's girlfriend's Facebook account? It appears officers were looking to justify the killing after the fact. The following sworn statement was contained in the affidavit:

Your affiant is aware through training and expertise that individuals frequently call and/or text messages to each other regarding criminal activity during and/or after and [sic] event has occurred.

This is warrant boilerplate, especially when it comes to obtaining information from accounts or devices. But this warrant should be considered anything but business as usual. Should be. Isn't. This is the actual standard operating procedure after an officer kills someone: the department goes digging through its criminal records to find any reason at all to have killed the person and to buttress "feared for safety" excuses given by officers -- awarding them points for effort based on information they didn't have when they ended someone's life.

When it comes to police shootings in America, there are no aggressors in uniform, only victims. Officer Yanez made his own excuses, theorizing Castile's willingness to smoke pot in front of a 4-year-old child indicated Castile had no respect for human life.

I thought, I was gonna die, and I thought if he's, if he has the, the guts and the audacity to smoke marijuana in front of the five year old girl and risk her lungs and risk her life by giving her secondhand smoke and the front seat passenger doing the same thing, then what, what care does he give about me?

Following his testimony's logic, smoking pot in front of a child has so severely damaged Castile's moral compass, he apparently would have thought nothing about shooting an officer over a non-functioning tail light. There's no logical boundary cops won't cross to pin the blame on the dead. Hence the Facebook warrant to dig up dirt on his girlfriend in hopes of adding a bit more post facto righteousness to the shoot.

The only upside -- and it's incredibly small given the surrounding circumstances -- is Facebook refused to hand over the information on the grounds that the indefinite gag order was unconstitutional. Faced with this pushback, Minnesota police withdrew the warrant. But in the end, Yanez was acquitted and Philando Castile is still dead -- a man who did nothing more than try to comply with an officer's orders.

211 Comments | Leave a Comment..

Posted on Techdirt - 22 June 2017 @ 3:34pm

Florida Cops Shut Down Secret Spy Plane Plan After Backlash By Locals

from the if-it-wasn't-for-those-meddling-journalists... dept

The Miami-Dade Police Department has decided to drop its wide-area surveillance plan in the face of public backlash. The MDPD tried to slip it past residents and the county government by claiming the acquisition of a secret spy plane was too important to be done properly.

Documents submitted by the commission, first reported by New Times last Thursday, showed that MDPD has already applied for a $500,000 Department of Justice grant to begin testing the program. The department claimed the deadline to apply for the grants had allegedly been too pressing to wait to notify the public, and so County Mayor Carlos Gimenez's office applied for the DOJ money without first getting public approval.

A classic case of asking forgiveness rather than permission, coupled with a deliberate attempt to circumvent the part of the process that would have caused the most problems for the MDPD's surveillance plans: the public's comments.

Once the document was posted publicly, the backlash began, led by a number of rights groups including the ACLU and the Defending Rights and Dissent Foundation. The surveillance system sought is repurposed Iraq War tech: a high-powered camera system mounted on an airplane that proponents and opponents both describe as a "DVR for real life." Capable of capturing a 32-square-mile area, the cameras don't provide much in terms of close-up detail, but do allow law enforcement agencies to track people's movements over a several hour period, whether in real-time or by replaying recordings.

As the Miami New Times reports, the MDPD has offered no justification for this expansion of its surveillance powers. Apparently, the new surveillance tech was supposed to sell itself, what with most of the cost being offset by a $500,000 DOJ grant. Just as disturbing is the fact that so few county lawmakers questioned the acquisition, even after being made aware the MDPD had already applied for the grant without running it by them first.

Fortunately, the plan is now dead. The MDPD may still want its eye in the sky, but its top official has decided he won't go against the public's will... for now.

[A]fter New Times broke news of the plan two weeks ago, MDPD Director Juan Perez announced in an email to the American Civil Liberties Union today that he's scrapping the program.

"There is some good news on the horizon for you," Perez told ACLU Florida Director Howard Simon at 10:20 a.m., according to a copy Simon sent New Times. "I am scrapping the project, but would like to get your opinion on the matter."

The ACLU is obviously pleased with this decision, but still hasn't heard from the MDPD director whether this includes trashing its DOJ grant request, or whether this grant money might be still be used to purchase other surveillance gear the public won't know about until it's on the doorstep of approval.

The good news is the public's voice was heard, if a little after the fact. The invaluable reporting by the Miami New Times was instrumental in mobilizing opposition, something good journalism has a tendency to do. The real test of the MDPD's new outlook will be when the next opportunity to buy up surveillance gear with federal grants arrives. Hopefully, it will seek out public comment first, rather than only react when the backlash becomes too much to ignore.

8 Comments | Leave a Comment..

Posted on Techdirt - 22 June 2017 @ 11:56am

Legislators Want To Open Up Wiretap Laws To Target Sex Workers And Their Customers

from the ongoing-holy-war dept

Under the guise of fighting sex trafficking, legislators have been offering up a slew of bills that will make things much worse for plenty of people not involved in this heinous crime. Elizabeth Nolan Brown, who is the go-to expert on all sorts of government abuse done in the name of sex-trafficked children, has tallied up the current stack of legislative paperwork floating around the halls of Congress. Spoiler alert: it's a lot.

So far this year, federal lawmakers have introduced more than 30 bills related to "sex trafficking," which many in government now define to mean all prostitution. This week alone brought three new efforts. And following the familiar pattern of the drug war, these measures mostly focus on giving federal law enforcement more "tools" to find, prosecute, and punish people for actions only tangentially, if at all, connected to causing harm.

Currently, the forerunner for "worst" is one that makes a mockery of federal wiretap statutes. The laws governing government eavesdropping have been modified over the years with an eye on protecting something even more sacrosanct than someone's home: someone's private conversations. Wiretaps are only supposed to be used for felonies -- dangerous, possibly life-threatening criminal activities. They're supposed to be issued only when law enforcement has exhausted all other options and subjected to strict oversight to prevent their abuse. (Note: what's supposed to happen and what actually happens are two very different things.)

What they're not supposed to be used for is small-time stuff -- misdemeanors and other low-level, non-dangerous crimes. But that's exactly what legislators are hoping to do: expand wiretap authority to cover the consensual exchange of money for services.

One such measure would expand state and local government authority "to seek wiretap warrants in sexual exploitation and prostitution cases" (emphasis mine) and mandate the Centers for Disease Control and Prevention and National Institute of Justice conduct a "study on the long-term physical and psychological effects of the commercial sex trade." It would also give the Department of Homeland Security a mandate to develop protocols "for implementation across federal, state, and local law enforcement" on how to screen people "suspected of engaging in commercial sex acts" for the possibility that they have been trafficked. The screening process would also be applied to people suspected of working in violation of any labor regulations, including occupational licensing rules.

Combine this new authority with government officials' natural tendency to name-and-shame anyone involved with consensual sex work and you've got a whole can of wiretapped worms just waiting to be exploited for maximum public damage. Add to that the underlying assertion that sex work is some sort of illness that must be studied by the CDC and, presumably, "remedied" by even more ridiculous, harmful legislation.

And no one really wants to see the DHS getting involved in local vice cases. The DHS has already proven it knows almost nothing about securing the homeland. Asking it to dip into prostitution busts is basically asking for widespread rights violations, especially if this activity takes places in the so-called "Constitution-Free Zone," which covers areas where a large majority of the US population resides.

Also included: more federal targeting of customers and a potential to add "hate crime" sentencing enhancements to the crime of buying sex. Brown points out the bill orders the DOJ to view buying sex as a "form of gender-based violence."

And there's more, which hardly seems possible. Prostitutes could possibly be legally considered "criminal street gang members" under proposed legislation. And some bills would allow the government to start seizing personal property if fines are not paid.

The named target is sex trafficking and the supposed beneficiaries would be children, who are kidnapped and exploited all the damn time according to stats made up out of thin air. But the real targets will be the oldest profession, which includes plenty of un-exploited sex workers voluntarily providing services to paying customers. But the end result will be a spectacular amount of collateral damage -- and that's not just limited to customers having their conversations intercepted or being hit with hate crime enhancements. The proposed legislation would also wreak havoc on the internet.

Grassley's bill cobbles together a host of changes that give federal prosecuting agencies more power. Among other things, it would create a federal mandate to fight "sextortion" (without defining what this means); ask the quasi-governmental National Center for Missing and Exploited to assist the government in identifying "misleading domain names" and "misleading words or digital images on the Internet"; and more than quadruple annual appropriations for grants related to these activities.

Starting with this premise, those caught up in these supposed anti-sex trafficking efforts will find themselves in the position of proving a negative. If the government decides you're looking for child porn or exploited children (or offering either of these) but can't find images or terminology affirming this hunch, it can still go after you for being "misleading."

These bills may namecheck sex trafficking and carry the veneer of honest law enforcement work, but underneath every one of them lies the Puritanical notion that buying and selling sex is immoral and must be punished not by God, but by the government itself.

53 Comments | Leave a Comment..

Posted on Techdirt - 22 June 2017 @ 9:38am

Former University Official Files Libel Lawsuit Against His Replacement For Things A Journalist Said

from the that's-not-how-this-works dept

We've covered a lot of ridiculous defamation lawsuits here at Techdirt. A ton. MANY. We like covering them so much we bought the company. But this defamation lawsuit passed on to us by Adam Steinbaugh is just baffling. Even more baffling, it's been filed with professional representation. Its attempt to fashion a libel lawsuit out of nothing bears far more resemblance to those filed by plaintiffs with fools for lawyers.

In March of last year, Jim Myers of the The Tennessean wrote an article about some staff changes at a local university's culinary arts program. If this seems like extraordinarily innocuous subject matter, you're obviously not former director Tom Loftis or his legal representation. Loftis has formally shouted "defamation" in a crowded courthouse. But his accusations aren't levied against Myers or The Tennessean, but rather against someone featured in the article: new culinary arts director Randy Rayburn.

His complaint [PDF] tries to turn Rayburn into the libelous villain by attributing things Myers wrote about Loftis and Rayburn into direct quotes by Rayburn.

On March 2, 2016, The Tennessean published an article, which is attached hereto as Exhibit A and incorporated herein by reference, under the byline of Jim Myers. The words in the article were spoken by Randy Rayburn and published by Mr. Myers in The Tennessean.

This opening assertion is then immediately proven false by Loftis' next allegations. (Emphasis mine.)

"It starts and ends on the cooking line," wrote Mr. Myers, "regardless of the talent of the chef or the quality of the wait staff." The article promoted an event called "Tennessee Flavors," purportedly the product of the Defendant, Randy Rayburn, as a benefit for the culinary arts program of Nashville State Community College.

Myers claimed to have written before about "the dearth of qualified line cooks in town, from our best restaurants to the hotels and convention centers ...." Rayburn, according to Myers, "recognized this need every day in his kitchens at the old Sunset Grill, Midtown Cafe, and Cabana, so he decided to do something about it by dedicating himself to helping build a Culinary Arts program at what used to be called Nashville Tech." These words of self-aggrandizement portray Rayburn as the savior of culinary arts from the incompetence of Plaintiff. The school had chosen to name its new facility at the former Hickory Hollow Mali in Antioch, "The Randy Rayburn School of Culinary Arts."

Reputation isn't zero-sum. Self-aggrandizement isn't defamation, even if it makes someone else look worse by comparison. And we still have yet to see any direct quotes from Rayburn -- only the columnist's impression of Rayburn and his activities.

Myers quoted Rayburn as willing to tell you "it hasn't been easy." When he sought the help of local restaurateurs and chefs to offer feedback on the program and the quality of his graduates, he was quoted, "the reports he got back weren't flattering. The program was simply turning out unqualified students."

Rayburn, "with his name on the building" chose to apply his experience in "how to cut losses and move on quickly," and "decided to get more involved."

Myers then wrote: "they started by cleaning house from the top by removing director Tom Loftis. It was a politically inexpedient move last year since Loftis was the brother-in-law of Bill Freeman who was running for Mayor at the time. If the election had gone a different way, it might have affected funding for the school."

And we still have yet to see Rayburn quote with anything more damning in it than his assessment of returned assessments. But Loftis isn't going to let facts stand in the way of a $1.5 million defamation suit.

These boastful and unseemly comments were reckless and made with a conscience [sic] indifference to the truth. No specific deficiencies were described nor was it revealed in this article whether any of the individuals about whom complaints were made had even attended the school much less graduated from it. No effort was made to determine whether these deficiencies were a function of a failure of instruction rather than an inadequacy of the individual. Among the chefs mentioned in the article were individuals who, to the knowledge of the Plaintiff, had never employed a graduate of the school.

And on and on it goes. Normally, a stupid defamation lawsuit is filed against the biggest target, be it Google or Yelp, etc., rather than the person actually engaging in alleged libel. This suit goes for the smaller target -- Randy Rayburn -- either out of spite (because Rayburn replaced Loftis and had a building named after him and appears to be better liked by local writers, etc.) or because Loftis thinks Rayburn will put up less of a fight than The Tennessean.

The motion to dismiss [PDF], filed by Rayburn's lawyer, Daniel Horwitz, does a thorough job explaining why this should be laughed out of court. It points out that Rayburn is never directly quoted -- at least not saying anything remotely defamatory -- and that the lawsuit states repeatedly that the words Loftis is bothered by were written by Myers and published by The Tennessean, neither of which are party to this lawsuit.

The problem here is Rayburn has to defend himself against these completely baseless allegations or get hit with an expensive default judgment. The best case scenario is the lawsuit being tossed as soon as a judge reviews the motion to dismiss. Unfortunately, this state has no anti-SLAPP law, so it will be extremely difficult to hold Loftis financially culpable for Rayburn's legal fees.

Hurt feelings often result in bogus lawsuits, but this one appears to be almost entirely motivated by the fact the plaintiff's successor at the university appears to be both better-liked and better at the job.

Read More | 8 Comments | Leave a Comment..

Posted on Techdirt - 22 June 2017 @ 8:25am

Colorado Voters Will Get A Chance To Prevent Preteens From Using Smartphones

from the making-the-state-an-adoptive-parent dept

Some enterprising Colorado residents have turned a small tech panic into a stupid ballot measure. (via Free Range Kids)

Dr. Timothy J. Farnum apparently doesn't like the way his teenaged kids act. He blames this on smartphones.

"They would get the phone and lock themselves in their room and change who they were," he said.

With one of his sons, then 12, he thought the problem became bad enough to warrant taking the phone away.

"(With smartphones), the internet is always begging for your attention," he said. "The apps are all designed to addict you. ... For children, it's not a good thing."

Because parenting is hard, Farnum has decided to see if the state can't pick up his parenting slack. He has introduced a ballot measure that would ban retailers from selling phones to preteens, even indirectly. If this anesthesiologist can find 300,000 like-minded idiots willing to follow him into legislative infamy, his proposal could possibly become law.

To drum up support for his idea, Farnum has cobbled together a website that probably looks terrible on mobile devices. It certainly looks awful on the regular web.

And it's full of terribleness -- half-arguments and citation-less assertions, not exactly the sort of thing you'd expect from a board of directors composed of people with medical degrees. Here's just a few of the convincing arguments Farnum deploys:

Years from now parents will look back on our time and shake their heads and wonder how we allowed this atrocity. Allowing our children to be robbed of their carefree days of wonder, laughter, and normal natural development. Yes, they will wonder, didn't they see it?, didn't they see their children stop achieving, stop playing, stop laughing, ceasing to be free? Instead, isolating themselves in their rooms choosing soft and cushy electronic lives over their real ones. Didn't they see the damage?


Currently, parents are supposed to do everything, and the manufacturers, content and service providers, basically everyone in the whole industry gets a free pass. Parents are somehow supposed to be up to date on the current recommendations on usage from experts, and enforce these recommendations, plus guard their children everywhere they go. This is not only unfair, it is altogether impossible given the saturation of our children's environment.


The wild west free for all that we have now has left parents with little clear direction, and has caused incalculable damage to children. The American Academy of Pediatricians came out in 2000 with their recommendations, reaffirmed them in 2012, and yet parents are unaware, and children continue to be harmed.

FINALLY. A citation to something other than Farnum's gut instinct, or how the world should change to better accommodate his strained relationship with his sullen, withdrawn children. Something written by someone other than an anesthesiologist.

Or not. There's no link to these recommendations or direct quotes from any AAP report. It's as if Farnum believes you can just type something on the internet and readers are obligated to believe it.

The AAP certainly doesn't suggest legislation should take the place of parenting, no matter how Farnum skews it.

The AAP recommends that parents and caregivers develop a family media plan that takes into account the health, education and entertainment needs of each child as well as the whole family.

“Families should proactively think about their children’s media use and talk with children about it, because too much media use can mean that children don’t have enough time during the day to play, study, talk, or sleep,” said Jenny Radesky, MD, FAAP, lead author of the policy statement, “Media and Young Minds,” which focuses on infants, toddlers and pre-school children. “What’s most important is that parents be their child’s ‘media mentor.’ That means teaching them how to use it as a tool to create, connect and learn.”

What a revolutionary idea: parents engaging in the act of parenting! But if that's not for you, there's Farnum's ballot measure [PDF], which is prefaced with phrasing guaranteeing it will never be taken seriously.





It's pretty much a conspiracy theorist's message board post, only with some nonsensical legislation attached. The proposal would require retailers to ask customers if they're buying phones for preteens and, apparently, refuse the sale if the answer is "yes." Retailers are also required to put up signage informing customers of the new state-enforced policy and train employees to dig into the details of customers' purchases. Then they'll have to turn this information over to the state.






This is a really disturbing addition, as it places smartphone sellers under a more pervasive form of regulation than sellers of other age-controlled items like alcohol, cigarettes, and porn. And it makes no sense at all to maintain these records, as the proposal contains no avenue of state recourse against parents who lie to retailers about the cellphone recipient's age.

Retailers who violate the law face steadily-increasing fines, starting at $500 and topping out at $20,000. Retailers are given an "affirmative defense" to use when accused of violating the law, but can only use this defense twice in a 24-month period. And it's not really an affirmative defense. It's really nothing more than a statement of compliance with mandated sales policy changes that can be used to shield the retailer from fines if it's determined to have violated the law.

Finally, to cap off the nonsense this is, Farnum's own site presents this contradictory argument:

It absolutely is a parents right to choose how to raise their child. But it is also our American parents right to form an alliance together and try to make manufacturers and service providers accountable for the mess they have created.

It is a parent's right to choose. Here's some legislation taking that choice away! And some sort of plan to collect reparations from local retailers for the evils perpetrated on society by manufacturers. Somehow this proposal managed to survive the scrutiny of state ballot officials, which doesn't say much for their judgment skills.

Read More | 53 Comments | Leave a Comment..

Posted on Techdirt - 21 June 2017 @ 2:57pm

Sheriff Defends Deputies' Lies In Court By Saying Officers Didn't Know They Were Supposed To Tell The Truth

from the keep-calm-and-screw-citizens dept

The Orange County (CA) District Attorney's office remains in the news. It's not often an entire prosecutors' office gets booted off a high-profile murder case, but that's what happens when misconduct occurs on a massive scale. An open-and-shut murder case with eight victims is now the DA's perpetual nightmare. Judge Thomas Goethals kicked the agency to the curb after uncovering repeated discovery violations committed by prosecutors.

But the problems go back further than this case. The office has hidden the existence of a law enforcement database from defense lawyers (and judges) for a quarter century -- a database holding all sorts of information about jailhouse snitches that may have made the difference in a number of cases.

A quarter-century of obfuscation followed by outright lying on the stand by prosecution witnesses is something you'd think would be addressed by a swift housecleaning. You'd be wrong. So far, there have been no announcements from the DA about pending investigations -- either into its own misconduct, or the repeated abuses of the jail's snitch program run by the local sheriff's office.

Add to that yet another revelation from the current criminal case: the sheriff's office shredded documents ahead of an announced investigation by the DOJ.

Sheriff's deputies doctored and shredded records after the announced launch of a U.S. Department of Justice (DOJ) probe eight years ago into suspected police corruption, according to the latest courthouse bombshell filed March 30 in what is known nationally as the Orange County Jailhouse Informant Scandal.

Revealed in a brief filed by Scott Sanders, the assistant public defender in People v. Scott Dekraai, a pending death penalty case marred by astonishing law enforcement misconduct, Deputy Michael Carrillo wrote an entry never intended for public consumption: "ADUJSTED (sic) THE DISCIPLINARY ISOLATION LOGS FOR THE DOJ TO MATCH THE LOGS FOR AD-SEG AND PC LOGS, PER SGT JOHNSON."

Those in charge of the sheriff's snitch program have been asked to testify in response to perjury allegations. They have chosen not to, with each sheriff's office witness called pleading the Fifth. This chain of events has led to the most jaw-dropping law enforcement statement I have ever read, and that includes arguments made in support of setting toddlers on fire with carelessly-tossed flashbang grenades.

Sheriff Sandra Hutchens claims the veteran officers were unaware they were required to testify honestly during prior court appearances for the death penalty case marred by astonishing degrees of government cheating.

Officers, especially veteran ones, are aware they are required to testify honestly. This is why they're sworn in before testimony. There's a promise made at that point. Not testifying honestly is called "perjury," as the officers are surely aware. High school students taking civics classes are aware of this. No one's really unclear on the whole "tell the truth in court" thing.

This is R. Scott Moxley's paraphrasing of what was actually asserted by the sheriff. The paraphrasing strips the original quote of its defensive obfuscation, but the real quote is no less damning, if not as direct. (Original quote obtained from Moxley.)

[T]he OC sheriff was asked why a veteran deputy had lied about the existence of incriminating agency TRED records after swearing in open court he would tell the "whole truth" and she replied, "I believe he was unclear about what he could or couldn't say about that system."

I'm not sure what the deputy thought was unclear, other than it seemed wiser for him to lie to the court than reveal the database the sheriff's office had kept hidden from defendants for years. If there was a question about what could be said in open court, the sheriff's witnesses could have asked to discuss the specifics in camera and allow the judge to decided whether it could be discussed publicly. Denying the existence of records that exist is still perjury, no matter how the sheriff wants to spin it.

Hutchens and every "veteran officer" she's referring to should be fired immediately. Anyone who honestly believes testifying in court is subject to discretion calls by the sheriff's office about what can and can't be discussed needs to replaced with those who understands and respects the oaths they take. If they're actually stupid enough to believe being a law enforcement officer makes truth-telling under oath optional, they should be forced to tattoo "THIS END UP" on their foreheads to prevent them from making unfortunate decisions about which method of bipedal ambulation works most efficiently and have "DON'T LIE IN COURT" notes safety-pinned to their chests if they're going to be within 1000 feet of any US courthouse.

51 Comments | Leave a Comment..

Posted on Techdirt - 21 June 2017 @ 12:03pm

Deputy Attorney General Asks Congress For $21 Million To Solve The FBI's 'Going Dark' Problem

from the 21-million-buys-a-lot-of-hysteria dept

James Comey may have been unceremoniously dumped by the Commander-in-Chief, but his device encryption legacy lives on.

The Justice Department is requesting more than $20 million in federal funding to bankroll efforts related to resolving the government’s continuing “Going Dark” problem, Deputy Attorney General Rod Rosenstein said Tuesday, signaling one of the Trump administration’s first attempts at tackling the issue of ubiquitous, hard-to-crack encryption amid growing concerns involving its impact on criminal investigations.

The request came during Rosenstein's testimony before the Appropriations Committee -- the place where all government officials perform their most sincere acts of begging. Not that the FBI was likely to be faced with budget cuts -- not with a "law and order" president running the country and overseen by an Attorney General who appears to believe we're currently engulfed in a massive drug-and-immigrant crimewave.

Here's Rosenstein's full "going dark" budget request:

Department of Justice must continue to take a leading role in enhancing the capabilities of the law enforcement and national security communities. This budget request will provide $21.6 million in funding to counter the “Going Dark” threat. The seriousness of this threat cannot be overstated. “Going Dark” refers to law enforcement’s increasing inability to lawfully access, collect, and intercept real-time communications and stored data, even with a warrant, due to fundamental shifts in communications services and technologies. This phenomenon is severely impairing our ability to conduct investigations and bring criminals to justice. The FBI will use this funding to develop and acquire tools for electronic device analysis, cryptanalytic capability, and forensic tools. The Department’s role has been to collect, house, analyze, and share critical data among our federal, state, local, and tribal partners.

Beg to differ, but the "seriousness of this threat" can be overstated. Comey did so on multiple occasions. Sometimes others -- mainly Manhattan DA Cyrus Vance -- followed suit. Both claimed to have a large number of phones in their possession that couldn't be cracked. Even if the underlying assumption that all of these phones contained valuable evidence directly related to investigations, one still had to wonder how hard investigators were trying to get into these phones. Or how many other options they'd explored before throwing their hands up in frustration and resigning the devices to a dismal future as press conference props.

Take, for instance, this quote from the Washington Times article:

Days before leaving office on May 9, Mr. Comey said federal investigators had legally seized more than 6,000 smartphones and electronic devices during a recent six-month span but found that 46 percent couldn’t be opened “with any technique.”

This stat is almost completely unbelievable. Documents obtained from local law enforcement agencies with much smaller budgets show investigators are finding multiple ways to obtain data and communications from locked phones. We're also not hearing these sentiments echoed by law enforcement officials at the local level. If it's this much of a problem for the FBI -- nearly half of all devices seized -- one would think smaller agencies would be seeing a much higher access failure rate, followed directly by public complaints about device encryption. But we're just not seeing that.

Hopefully whatever's handed to the FBI to solve its apparently singular "going dark" program is put to use wisely. But nothing about the "going dark" hype suggests this will be the case. It may just disappear into some sort of talking points war fund and used to promote the spread of "going dark" hysteria until enough legislators are on the hook. If the money is deployed intelligently, it could actually make a difference for the agency. But all evidence points to the agency angling for legislation and favorable court precedent that will make the rest of us pay the price for the agency's inability or unwillingness to see anything but darkness when confronted with technical hurdles.

24 Comments | Leave a Comment..

Posted on Techdirt - 21 June 2017 @ 6:17am

Secret Defense Dept. Report Shows Manning Leaks Did No Serious Damage

from the confirming-unofficial-statements-from-US-officials dept

Prosecutors seeking to justify a lengthy sentence (and the abuses that had already occurred) in the Chelsea Manning case insisted the documents she leaked had caused serious damage to those exposed by them. They said this even as multiple government officials admitted the most the United States had suffered was some embarrassment.

Jason Leopold has obtained an official assessment of the Manning leaks which shows the same thing: no real damage was done.

Regarding the hundreds of thousands of Iraq-related military documents and State Department cables provided by the Army private Chelsea Manning, the report assessed “with high confidence that disclosure of the Iraq data set will have no direct personal impact on current and former U.S. leadership in Iraq.”

This doesn't necessarily mean no damage was done. But the report confirms the United States didn't suffer from the Manning leaks.

The report also determined that a different set of documents that was published the same year, relating to the U.S. war in Afghanistan, would not result in “significant impact” to U.S. operations. It did, however, have the potential to cause “serious damage” to “intelligence sources, informants and the Afghan population” and U.S and NATO intelligence collection efforts.

The report [PDF] also notes investigators located the encrypted Wikileaks "insurance" file -- one Julian Assange says he'll release the key to if he feels his ability to disseminate information is threatened. (Stay tuned!) The assessment concludes it's unlikely this file contains anything damaging either.

Based on public statements by Assange, the IRTF assesses with moderate confidence that the "Insurance File" does not contain any USG data beyond what the IRTF has already reviewed.

The document dates back to 2011. It may have been some use in Manning's defense during the trial (a defense severely limited by the nature of espionage proceedings). As Leopold notes, Manning was not allowed to view this report. Instead, she was forced to fight the charges blind while prosecutors cherry-picked portions of the report to bolster their arguments.

Not that any of this matters at this point. The damage has already been done to Manning's life. And Manning's prosecution likely serves as a low-key chilling effect to dissuade potential leakers and whistleblowers from publicly humiliating the US government. But it does show the government is willing to use evidence that doesn't actually exist to secure a conviction.

Read More | 14 Comments | Leave a Comment..

Posted on Techdirt - 20 June 2017 @ 9:32am

Supreme Court Makes It Even More Difficult To Sue Federal Officials Over Rights Violations

from the BUILD-THAT-WALL dept

If you wanted even more leeway for government officials to bypass accountability, you've got it. Courtesy of the US Supreme Court, the immunity for federal officials has just been expanded. On a day when the court handed down two significant First Amendment victories, the court has dialed back an avenue of redress for people whose rights have been violated by federal employees.

This case has its origins in the 2001 Twin Towers attack. In the wake of the attack, the government engaged in some questionable behavior (not unlike some of its World War II actions), rounding up undocumented Arab immigrants and detaining them under harsh conditions.

When they were finally released, they sued the US government for violating their rights. Unfortunately, options for directly suing federal officers are severely limited. Up until the Supreme Court's 1971 Bivens decision, plaintiffs had almost no way to seek redress for rights violated by federal employees. Bivens produced a new option, but its limited scope still made it very difficult for plaintiffs to secure a ruling in their favor. It's especially useless in cases like the one before the Supreme Court -- a case where the plaintiffs have no other way to bring a suit against the government other than going the Bivens route, thanks to their status as undocumented aliens at the time the rights violations allegedly occurred.

This new decision limits Bivens even further by adding national security concerns to the mix. In cases like these -- prompted by federal government reactions to a domestic terrorist attack -- the Supreme Court comes down on the side of the US government. But it's not just national security playing a limiting factor in seeking justice for violated rights. It's pretty much any case where the government hasn't seen this particular sort of violation before.

Cornell law prof Michael Dorf points out how severely restricting this ruling is for plaintiffs who have a single recourse option available to them:

The key move in the majority opinion is one of characterization. The Court says that it is not enough for a Bivens action to be available that there are precedents in the same general area holding that no "special factors" warrant denial of a Bivens action; the "special factors" must be evaluated by reference to a highly particularized description of the case at hand. How particularlized? The Court says:

Without endeavoring to create an exhaustive list of differences that are meaningful enough to make a given context a new one, some examples might prove instructive. A case might differ in a meaningful way because of the rank of the officers involved; the constitutional right at issue; the generality or specificity of the official action; the extent of judicial guidance as to how an officer should respond to the problem or emergency to be confronted; the statutory or other legal mandate under which the officer was operating; the risk of disruptive intrusion by the Judiciary into the functioning of other branches; or the presence of potential special factors that previous Bivens cases did not consider.

The shorthand version is the same excuse used in tons of normal, non-Bivens civil rights cases: if the court hasn't previously ruled on this specific set of circumstances before (and judged them to be a violation of rights), qualified immunity for government employees will be upheld. The problem is violations must be "clearly established" by a court decision to bypass immunity -- which is an extreme rarity in a system that heavily relies on precedent, frequently punts on tough legal questions, and often tells plaintiffs their redress is tied to legislation Congress has yet to write, much less pass.

Mix in national security concerns, "special considerations," and expansive immunity protections for government employees and this decision demands future Bivens petitioners do the impossible:

That means that it is now possible for a federal officer to violate clearly established rights--i.e., to commit rights violations that are established as clear in virtue of being very similar to rights violations that were adjudicated in prior cases--but still not be subject to a Bivens action because the case is nonetheless too different from prior Bivens cases to overcome the "special factors" limitation.

To bring a successful Bivens action a civil rights plaintiff must now pass through the eye of a tiny needle inside the eye of another tiny needle.

The decision [PDF] also suggests plaintiffs just wait around with their rights violated until Congress does something about it:

The proper balance in situations like this, between deterring constitutional violations and freeing high officials to make the lawful decisions necessary to protect the Nation in times of great peril, is one for the Congress to undertake, not the Judiciary.

What remains after this decision is almost nothing for plaintiffs -- like the Muslims and Arabs rounded up in a legally-unsound reaction to a terrorist attack -- and another expansion of immunity protections for federal officers and officials. As Steve Vladeck pointed out on Twitter, future Bivens cases will be limited to a small subset of prior Bivens decisions. The chances of previous decisions being perfectly applicable to the facts at hand in future cases hovers right around 0%. In the context of this case, it means the government can again engage in such a roundup of Muslims and Arabs without worrying about future lawsuits. None of the courts involved declared this roundup to be a violation of rights, so as far as the judiciary is concerned, similar actions won't violate any established precedent.

Plaintiffs bringing these complaints -- plaintiffs who often have no other options under the law -- will have to be willing to spend lots of time and money pursuing miracles. The Supreme Court has ruled that if it walks like a duck, acts like a duck, but quacks a bit more like a Canvasback than a Mallard, federal immunity will be upheld..

Read More | 25 Comments | Leave a Comment..

Posted on Techdirt - 20 June 2017 @ 3:38am

Oversight Report Shows NSA Failed To Secure Its Systems Following The Snowden Leaks

from the NSA-officials:-'feel-good-story-of-2015,-etc.' dept

It appears the NSA hasn't learned much since Ed Snowden left with several thousands of its super-secret documents. Agency officials were quick to claim the leaks would cause untold amounts of damage, but behind the scenes, not much was being done to make sure it didn't happen again.

A Defense Department Inspector General's report obtained via FOIA lawsuit by the New York Times shows the NSA fell short of several security goals in the post-Snowden cleanup. For an agency that was so concerned about being irreparably breached, the NSA still seems primed for more leakage. Charlie Savage reports:

The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the report, an investigation by the Defense Department’s inspector general completed in 2016. The report was classified at the time and made public in redacted form this week in response to a Freedom of Information Act lawsuit by The New York Times.

The agency also failed to meaningfully reduce the number of officials and contractors who were empowered to download and transfer data classified as top secret, as well as the number of “privileged” users, who have greater power to access the N.S.A.’s most sensitive computer systems. And it did not fully implement software to monitor what those users were doing.

Let's not forget the NSA wants to be engaged in ensuring the cybersecurity of the nation. It's repeatedly asked for more power and a better seat in the CyberWar room. But it doesn't even take its OWN security seriously. The NSA told its oversight it was engaging in 40 "Secure the Net" initiatives, directly after the first Snowden leak. Two years later, it told Congress it had completed 34 of 40 STN initiatives. The term "completion" apparently has multiple definitions, depending on who's using the word. The IG sampled only seven of the initiatives and found four were mostly done and three were nowhere near completed. Extrapolating from the sampling, it's safe to assume the NSA's internal security efforts are only slightly more than half-baked.

The three the NSA failed to implement are of crucial importance, especially if it's looking to keep its in-house documents safe at home. From the report [PDF]:

NSA officials did not effectively implement three PRIVAC [Privileged Access]-related STN initiatives:

- fully implement technology to oversee privileged user activities;

- effectively reduce the number of privileged users; and

- effectively reduce the number of authorized DTAs [Data Transfer Agents].

First off, the NSA -- prior to the Snowden leaks -- had no idea how many users had privileged access. Post-Snowden, things hardly improved. Considering the tech capabilities of the agency, it's incredibly amusing to see how the NSA "tracked" privileged users.

NSA officials stated they used a manually kept spreadsheet, which they no longer had, to identify the initial number of privileged users.

Pretty much useless, considering this number the NSA couldn't verify (thanks to its missing spreadsheet) was supposed to be used to establish a baseline for the planned reduction in privileged users. Despite missing this key data, the NSA moved ahead, "arbitrarily revoking access" and asking users to reapply for privileged status. It then reported a reduction by citing the number of users it denied restoration of access privileges. It did not factor in any new users it granted privileged access to or tally up the number of accounts it never bothered to revoke.

As the fully-redacted chart presumably points out (according to the text above it), the NSA had a "continued and consistent increase in the number of privileged users once the [redacted] enrollment process began."

The NSA also claimed it had reduced the number of DTAs. And again, the NSA had no receipts.

Although repeatedly requested, NSA officials could not provide supporting documentation for the total number of DTAs before and after the purge or the actual number of users purged.

The NSA's objectively-terrible internal controls (again) ensured no number could be verified.

NSA did not know how many DTAs it had because the manually kept list was corrupted during the months leading up to the security breach.

The NSA handled these missing numbers the same way it had privileged users: it made up a new baseline, arbitrarily decided it could show a downtrend in DTAs, and delivered this as "proof" of another completed security initiative.

The report points out repeatedly the NSA's failure to provide documentation backing its STN claims -- either from before the initiatives took force or after they supposedly hag been completed. The IG's comments note the NSA's response to the report ignored its detailed description of multiple failures in order to spin this as a "win" for the agency.

Although the Director, Technology Directorate NSA/CSS Chief Information Officer, agreed, he did not address all the specifics of the recommendation. Therefore, we request that the director provide additional comments on the final report that identify specific actions NSA will take.

Here's how the NSA portrayed the report's findings:

While the Media Leak events that led to Secure the Net (STN) were both unforeseen and serious, we consider the extensive progress we made in a short time to be a "good news" story.

Sure, if you consider a half-done job securing NSA assets to be "good news," rather than just an ongoing series of security holes left halfway unplugged while agency officials testify before Congressional oversight in front of a "MISSION ACCOMPLISHED" banner backdrop.

Read More | 12 Comments | Leave a Comment..

Posted on Techdirt - 19 June 2017 @ 3:46pm

South Carolina Sheriffs Less Interested In Enforcing Laws Than Taking Stuff

from the my-own-private-Nottingham dept

It's not like we need any more evidence showing asset forfeiture has almost nothing to do with enforcing laws or breaking up criminal organizations. But law enforcement agencies just keep generating damning data.

The Charleston Post and Courier's article on the subject runs under an innocuous title that seems to put the blame on the federal government for the asset forfeiture sins of local police, but the article tells a completely different story. The officers and officials quoted in the story make noises about taking down criminals, but the greedy devil is in the details.

Every year in Spartanburg County, the Sheriff's Office organizes a week-long crackdown on Interstates 26 and 85 involving multiple local and federal agencies. They call it "Rolling Thunder."

Cool name. About as cool as the "interdiction teams" Rolling Thunder contains, which makes it sound as though officers are seriously engaged in disrupting drug trafficking. And the numbers here show the week-long effort did indeed result in a whole lot of searches.

During the March operation, deputies and their colleagues pulled over 1,110 motorists — the majority of whom were black or Hispanic — mostly for infractions such as making improper lane changes or following too closely. Police searched 158 vehicles, including large tour buses. Drug-detecting dogs sniffed around 105 vehicles, and the tour bus luggage…

But did it result in a whole lot of drug traffickers being shown the (jail) door? Of course not.

Just eight felony arrests were made, but police found and seized 233 pounds of marijuana, nearly 8 kilos of cocaine, 164 ounces of heroin, more than 4,800 prescription drug items, 65 grams of methamphetamine, $139,320 in cash and counterfeit consumer products.

Why even make the slightest effort to prosecute when civil asset forfeiture allows you to make nearly no effort at all? Here's Rolling Thunder "participant" trophy-winner Sheriff Chuck Wright making claims about the wondrous works of interdiction teams.

“You’re not going to do this here and get a free pass,” Wright said. “People in Spartanburg County elected me to enforce all laws, and that’s what I’m going to do.”

“The proof is in the pudding. Look around. Do you want this in your street?” Wright said.

But a free pass is exactly what most people got. Eight felony arrests arising from 158 vehicle searches which turned up a whole bunch of drugs and cash. Not sure how a search-and-release program isn't a "free pass" or does anything to prevent more drugs from ending up on the street. Drug producers can always produce more drugs. And as long as their mules aren't sitting in jail, they should have little trouble moving product from point A to B.

The most damning fact is this: South Carolina law enforcement agencies simply stopped enforcing laws when told they weren't allowed to enrich themselves through asset forfeiture. When the federal government briefly shut down its equitable sharing program -- which allowed agencies to route around state forfeiture restrictions to stake a larger claim of seized property -- local agencies shut down their drug interdiction efforts.

"The tip of the spear has just been blunted — it’s got no point now," Charleston County Sheriff Al Cannon said at the time.

Hampton County suspended drug interdiction patrols until the payment program resumed.

This is the ugly reality of asset forfeiture. It's not about laws. Or drugs. Or taking down drug cartels. It's about taking stuff from people with a minimum of legal fuss. When the going gets tough, the tough shut down. What began as a well-intentioned notion has become a mockery of property rights and due process.

140 Comments | Leave a Comment..

Posted on Techdirt - 19 June 2017 @ 9:39am

There Is No 'Going Dark' Problem

from the to-make-investigative-omelets,-you've-got-to-crack-a-few-phones dept

Former FBI Director James Comey made plenty of headlines with his insistence cellphone encryption would be the end of law enforcement as we know it. Comey's assertions made it seem as though regular police investigative work was no longer of any use and that any and all evidence pertinent to cases resided behind cellphone passcodes.

He insisted the problem would only get worse in the future. If not put to an end by legislated backdoors or smart tech guys coding up "safe" holes in device encryption, we may as well accept the fact that no criminal committing more than a moving violation would ever be brought to justice.

Default encryption does pose a problem for law enforcement, but it's nowhere near as insurmountable as Comey has portrayed it. Multiple FOIA requests handled through MuckRock have shown law enforcement still has several phone-cracking options at its disposal and doesn't seem to be having many problems recovering evidence.

This is superbly illustrated in documents obtained from the Tulsa and Tuscon (AZ) Police Departments by Curtis Waltman. Tuscon PD documents [PDF] show law enforcement officers are using tools crafted by the same company that provided the hack to the FBI in the San Bernardino case, among several other options. But the real motherlode is the Tulsa PD's log of cracked phones.

The kicker really is how often these are being used - it is simply really hard to believe that out of the 783 times Tulsa Police used their extraction devices, all were for crimes in which it was necessary to look at all of the phone’s data… There are some days where the devices were used multiple times - Tulsa used theirs eight times on February 28th of this year, eight again on April 3rd, and a whopping 14 times on May 10th 2016. That is a whole lot of data that Tulsa was able to tap into, and we aren’t even able to understand the why.

The document contains page after page of cracked phones, ranging from Samsungs to HTCs to LGs… even iPhones (5 and 6). "Going dark" remains a Comey fairy tale, for the most part, if these documents are anything to go by.

And there's apparently very few rules for deployment of cellphone-cracking devices. Only one PD in Arizona returned any guidelines in response to requests and those rules basically state there are no rules. The Mesa PD's Computer Forensic Unit makes the most of its limited resources by limiting its work to… any crime at all.

This is the list of criminal activity the unit provides forensic work for, listed in order of priority.

Sexual Assault
Child Crimes
(which I assume means "crimes against children," rather than crimes committed BY children)
Aggravated Assault/Robbery
Property Crimes
All other felonies
All misdemeanors

Everything. That would explain the number of cellphones accessed by these PDs. Presumably other PDs are also operating under very loose guidance or none at all.

This sort of intrusiveness should be limited to serious felonies and investigations where it's plainly apparent the best route to evidence runs through the suspect's cellphone. Otherwise, law enforcement agencies are just using these tools because they have them, not because they necessarily need them.

Read More | 24 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>