Posted on Techdirt - 26 October 2016 @ 8:27am
After spending several days basking in the fiery glow of negative press (and seeing potential investors walk away from buying the company), Yahoo is asking the government to please please let it talk about the spying it apparently performed for the NSA or FBI.
Yahoo sent a letter to National Intelligence director James Clapper on Wednesday urging the U.S. government to provide clearer information to citizens on national security demands for user data.
Yahoo’s letter called for intelligence groups to confirm if future reported demands for data are real, and if they are, declassify them with context for the public.
Pots, kettles, and other analogous materials are rendered incomprehensible in its statement, which involves a media company implicitly criticizing other media companies.
In a letter today to James Clapper, Director of National Intelligence (DNI), Yahoo is formally urging that the U.S. government provide its citizens with clarification around national security orders they issue to internet companies to obtain user data.
While the letter makes specific reference to recent allegations against Yahoo, it is intended to set a stronger precedent of transparency for our users and all citizens who could be affected by government requests for user data. As we’ve said before, recent press reports have been misleading; the mail scanning described in the article does not exist on our systems.
"Does not exist" is not nearly the same thing as "did not exist." This means Yahoo is no longer scanning emails in this fashion, not that it never performed this scanning.
The letter does make a good point about transparency. Currently, Yahoo is unable to defend itself against any allegations because it is likely under a gag order. Yahoo would like Clapper's office to share in the public pain, especially since it had a problem sharing in the communications gathered on its behalf by the email provider.
Public embarrassment or not, Clapper's office is probably not rushing through a declassification review of this Section 702 FISA order. It could still be months or years before the government produces this document and/or allows Yahoo to speak openly about its email scanning program.
Perhaps recognizing that a displeased letter to the ODNI doesn't create much leverage, the company appears to be making this a global issue, rather than simply a domestic one. Marcy Wheeler points out that the letter mentions Yahoo's global reach and users several times and namechecks the EU's Privacy Shield agreement. This may be the key that loosens the Intelligence Community's Glomarred lips.
But there’s another reason why Clapper’s office — or rather ODNI General Counsel Bob Litt — may be so quiet.
Litt is the one who made many of the representations about US spying to authorities here [Wheeler is in Europe at the moment]. Someone — Litt, if he’s still around for a hearing that may take place under President Hillary — may also need to go testify under oath in an Irish court in conjunction with a lawsuit there. Whoever testifies will be asked about the kinds of surveillance implicating European users the government makes US companies do.
In other words, Bob Litt is the one who made certain representations to the European authorities. And now some of those same people are asking questions about how this scan complies with the terms Litt laid out.
Which makes his silence all the more instructive.
Someone's going to have to start talking about Yahoo's email scanning program soon. Yahoo obviously can't, which means the ODNI is going to have to address this on someone else's timetable. We already have US legislators demanding answers. European politicians are already unhappy about the apparent breach of the Privacy Shield Agreement. If the ODNI continues to avoid the issue, all it will be doing is letting a private company take the fall for its possible overreach.
Read More | 20 Comments | Leave a Comment..
Posted on Techdirt - 25 October 2016 @ 5:00pm
The US government is still holding onto its opacity ideals while publicly touting transparency directives. The FISA court -- which presides over the NSA's surveillance programs -- has normally been completely shrouded in darkness. Things changed in 2013 after Ed Snowden began leaking documents.
Forced into a conversation about domestic surveillance, the administration responded with more transparency promises and the signing of the USA Freedom Act into law. The new law curtailed the collection of domestic business records (phone metadata and other third-party records) and required the court to make its opinions public following declassification reviews.
All well and good, but the government has apparently decided the new law only requires transparency going forward. FISA opinions dating back to 2001 still remain locked up, despite transparency promises and reform efforts.
The ACLU is now suing the government to force the release of over a decade's-worth of FISC opinions. Many of those still withheld contain rulings on issues that are the very definition of "public interest." The appendix to the motion [PDF] contains a list of opinions the ACLU would like to see released, including the following:
- The order authorizing Yahoo's bulk email scanning.
- Rulings on the FBI's use of NITs and other malware.
- Orders compelling "technical assistance" to weaken encryption or hand over code to the US government.
- Stingray deployments authorized by the FISA court.
- Possible First Amendment violations arising from the Section 215 program.
- A 2013 order detailing "unauthorized NSA surveillance."
The government would like these to remain secret, which is why it's interpreted the new law to only affect decisions reached after the implementation of the USA Freedom Act. But that runs counter to the whole point of surveillance reform and the administration's own transparency directives: to better inform the public about the government's actions. Transparency goes hand-in-hand with accountability and keeping these out of the public's hands does nothing to further either goal.
Read More | 3 Comments | Leave a Comment..
Posted on Techdirt - 25 October 2016 @ 3:24am
Another stack of documents has been leaked to The Intercept, these ones detailing a little-known New Zealand company's facilitation of worldwide surveillance.
Dozens of internal documents and emails from Endace, obtained by The Intercept and reported in cooperation with Television New Zealand, reveal the firm’s key role helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories.
Endace -- like almost every other company in the literal spyware business -- also seems willing to sell to the highest bidder, no matter where they sit on their home nation's friends/enemies lists.
The leaked files, which were provided by a source through SecureDrop, show that Endace listed a Moroccan security agency implicated in torture as one of its customers. They also indicate that the company sold its surveillance gear to more than half a dozen other government agencies, including in the United States, Israel, Denmark, Australia, Canada, Spain, and India.
The documents now in The Intercept's hands detail Endace's work for GCHQ, assisting it in its quest to pull as much data and communications as it can from underseas cables which conveniently route about one-fourth of the world's internet traffic into the waiting arms of the spy agency. These leaked documents were cross-referenced with The Intercept's Snowden stash to confirm their legitimacy.
The documents show GCHQ asked Endace for several modifications of the stock product it originally presented to the agency. These alterations served one purpose: to build haystacks faster.
A November 2010 company document said that “FGA” ["friendly government agency"] had an order of 20 systems scheduled for delivery in March 2011. Each system was equipped with two “data acquisition” cards capable of intercepting 20Gs of internet traffic. The total capacity of the order would enable GCHQ to monitor a massive amount of data — the equivalent of being able to download 3,750 high-definition movies every minute, or 2.5 billion average-sized emails an hour.
Other info in the documents shows Endace and GCHQ were (are?) aiming for deployment of 300-500 of these systems, allowing the agency to pull in a large percentage of the traffic traveling through tapped underseas cables. There are also hints that suggest some data is more useful to the GCHQ than others, with WhatsApp, Facebook, Gmail, and Hotmail being specifically named. Also of importance to GCHQ: the ability to track targets by MAC address.
When Endace isn't selling to "friendly" government surveillance agencies (and "friendly" governments with decades of human rights abuses under their belts), it's also selling its interception technology to telcos to better assist them in complying with law enforcement requests.
Perhaps the most darkly comic aspect of all of this is that UK and New Zealand taxpayers are likely being double-dipped for surveillance efforts that encompass their own data and communications. Not only are they paying for the tech and ongoing collection efforts, but Endace was also awarded $11.1 million in government grants to defray 50% of the cost of "substantial product developments." Endace isn't saying which products were developed using these grants, and the New Zealand government says the company isn't obligated to reveal how this money was spent.
15 Comments | Leave a Comment..
Posted on Techdirt - 24 October 2016 @ 5:23pm
Executive director of Photography is Not a Crime (PINAC) Grant Stern is taking Miami Beach mayor Philip Levine to court over public records request denials. As Fusion's Ethan Chiel reports, the mayor has been busy blocking critics on both Twitter and Facebook, and Stern aims to find out just how many constituents the mayor is tuning out.
[T]he suit demands the release of 30 days of Levine’s tweets, the list of users blocked from commenting on his Facebook page, and records regarding Levine’s radio show. The suit seems to ask Florida’s Eleventh Judicial Court to decide what qualifies as official communication on social media by an elected official.
Stern has some personal experience with Mayor Levine. Facebook comments and tweeted responses by Stern have been deleted and/or met with blocks. The push to have the court issue an opinion on what is or isn't an "official communication" is also prompted by the mayor's actions (or the actions of whoever runs his official social media accounts). As Chiel notes, Stern's (swiftly deleted) Facebook comment requesting a month's-worth of Mayor Levine's tweets (after being blocked on Twitter) was greeted with a hasty rewrite of the mayor's social media account info.
At some point in the intervening period, the about section of Levine’s Facebook page and his Twitter bio were updated with a new disclaimer: “This page expresses the opinions and views of Mayor Levine and not those of the City of MB.”
This hasty rewrite appears to have led directly to the denial the city issued in response to Stern's request for social media blocklists:
Stern received a letter from Deputy City Attorney Aleksandr Boksner who said that the block list for the Facebook account was “not a public record that was made or received in the course of the official business of the City of Miami Beach,” and thus wouldn’t be produced.
Stern's lawsuit [PDF] argues to the contrary: Mayor Levine clearly uses both accounts for official city business.
Levine utilizes Facebook® to communicate the official acts and businesses of the City of Miami Beach to his constituents. Levine’s Facebook® account addresses him as a governmental official and that his current office is the mayor of Miami Beach, Florida. Levine’s account states that he is: “Making Miami Beach the city that works...for its people.”
After a cursory review of Levine’s Twitter® and Facebook®, there’s no question that Levine utilizes social media to communicate the City of Miami Beach’s official business. Levine’s communications include posts such as renaming a Miami Beach street after Muhammad Ali to informing residents of the Zika virus outbreak in the city.
The city has refused to comment on the lawsuit, but it's fairly clear it considers social media accounts off limits for public records requests. That decision may not stand up to judicial scrutiny, however, not even with the hasty appendage of "not the city of MB" wording. Other government agencies have turned over blocklists to requesters, and it's a bit disingenuous to claim a public account disseminating information of interest to constituents is not "public records" subject to Florida's public records laws.
Read More | 12 Comments | Leave a Comment..
Posted on Techdirt - 24 October 2016 @ 1:33pm
This might be big, depending on how much of this information is passed on to the general public, rather than delivered ex parte or under seal. Joseph Cox of Vice/Motherboard was the first to snag this ruling [PDF] by a Washington district court judge ordering the FBI to turn over tons of info about the NIT it deployed in the Playpen child porn investigation.
As we're already aware, the NIT was deployed by the FBI in Virginia but obtained identifying information about Tor-cloaked site visitors not just all over this country, but all over the world. The motion to compel discovery asked for several details about the NIT and its deployment and most of them have been granted.
Here's the full list (with additional commentary):
1. All records related to the Government’s review and approval of Operation Pacifier.
The Court has taken this discovery request under advisement. An order is soon forthcoming.
2. Copies of any reports made to the National Center for Missing and Exploited Children (NCMEC) regarding child pornography posted on the Playpen web site.
Defendants’ motions are granted.
3. Copies of any notifications that were sent to victims by the Government for obtaining restitution related to images that were posted on, or distributed from, the Playpen web site.
Defendants’ motions are granted.
4. The number of new images and videos (i.e. content not previously identified by NCMEC) that was posted on the site between February 20, 2015 and March 5, 2015.
Defendants’ motions are granted.
(This information -- whether or not actually useful in suppression motions -- should at least provide some insight into how much additional child porn made its way to site visitors as a result of the FBI's decision to seize [and act as administrators of] the server, rather than shut it down. Information obtained in other court cases suggests the FBI not only acted as hosts during the NIT deployment, but actually made the site faster and more responsive.)
5. The names of all agents, contractors or other personnel who assisted with relocating, maintaining and operating Playpen while it was under Government control.
Defendants’ motions are granted.
6. Copies of all notes, emails, reports, postings, etc. related to the maintenance, administration and operation of Playpen between February 20, 2015 and March 5, 2015.
Defendants’ motions are granted.
(Again, this info could confirm whether or not the FBI improved the child porn site's performance during its two-week turn as administrators, as well as provide additional insight into how much child porn distribution was aided and abetted by the agency.)
7. Copies of all legal memoranda, emails and other documents related to the legality of the FBI’s operation of Playpen (and the distribution of child pornography by the Government), including requests for agency/departmental approvals of the undercover operation of Playpen and any communications with Main Justice or the Office of General Counsel at the FBI.
The Court has taken this discovery request under advisement. An order is soon forthcoming.
(This would be the government's legal rationale for running a child porn site rather than shutting it down. Chances are this will remain under seal and is probably FOIA-proof, as most legal guidance documents are.)
8. Copies of all correspondence, referrals and other records indicating whether the exploit used in the Playpen operation has been submitted by the FBI or any other agency to the White House’s Vulnerability Equities Process (VEP) and what, if any, decision was made by the VEP.
The Court has taken this discovery request under advisement. An order is soon forthcoming.
(Little is known about the government's actual handling of the VEP. On one hand, we have public statements which pay lip service to not screwing US companies by hoarding vulnerabilities. On the other hand, we have the exact opposite in practice.)
9. Copies of invoices and other documents for the hosting facility/facilities where the Government operated the Playpen server, the server from which the Government delivered the NIT malware and the server that NIT targets sent their identifying information back to, including documents revealing whether the Government informed the hosting provider(s) that child pornography would be stored in their facility or transmitted over their networks.
Defendants’ motions are granted. To the extent that the Playpen hosting provider was the Government, not a private party, it appears there may not be much discovery responsive to this request.
(There may be nothing here. Or there could be third party hosts involved who were never informed about their participation in the FBI's sting operation. If so, fun times ahead for the US government.)
10. The number of Playpen-related investigations that have been initiated but did not result in criminal charges, beyond the approximately 200 cases now pending across the country.
Defendants’ motions are granted.
(Another can of worms the FBI would probably like to remain closed. According to the government's own arguments in these cases, users would have connected to the site for a single purpose: to engage in criminal activity. A lack of charges would be a surprise and somewhat undermine the government's assertions about the criminal intent of visitors to the site.)
11. The total number of IP addresses and MAC IDs that were seized during the time the FBI was operating Playpen, over and above those related to these approximately 200 pending cases.
Defendants’ motions are granted.
12. The number of IP addresses and MAC IDs obtained during the investigation from foreign computers and the countries in which this data was obtained.
Defendants’ motions are granted.
(These are the potential goldmine. This will show how far-flung the FBI's net actually was, as well as provide more ammo for suppression motions predicated on Rule 41 jurisdictional limitations. The FBI is well aware it can't perform searches outside the jurisdiction covered by the warrant, but it chose to do so anyway. So far, its evidence has mostly held up, thanks to courts deciding suppression isn't the correct remedy, or crediting the FBI for unearned "good faith." The FBI and DOJ are pushing for changes to Rule 41 that eliminate the jurisdictional limits, so it's disingenuous for the agency to claim its agents acted in good faith when securing the warrant.)
This now becomes the Playpen case to watch, even if most of this information is likely to remain in the hands of defense lawyers only. Dismissal and suppression motions will contain references to the content of these documents, however, which will shed more light on the FBI's NIT deployment and its child porn site administration.
Read More | 14 Comments | Leave a Comment..
Posted on Techdirt - 24 October 2016 @ 8:06am
The NSA doesn't like the fact that it didn't get a big enough slice of the tax-dollar-grabbing cyber pie. After much discussion about which agencies would oversee what aspects of the US government's cyberwar defense systems, the NSA -- despite all of its computing power and hoarded exploits -- ended up with the unenviable task of protecting the home turf rather than engaging in more offensive maneuvers.
Currently, the NSA has responsibility for protecting U.S. government IT systems that carry classified or sensitive data — like the Department of Defense’ massive intranet known as NIPRNet.
It's a clear case of cyber envy. The DHS gets all the good stuff, including a first look at any juicy data turned over to it from the government's one-way "information sharing" program.
But the security of most civilian federal IT systems — and the private sector networks that support the functioning of vital industries like banks and telecoms — are the responsibility of DHS’ Office of Cybersecurity and Communication…
The DHS is supposed to vet and minimize this information before passing it along to federal cybersecurity partners like the NSA. The NSA, however, isn't used to seeing unminimized data. Nor is it content to hang out underneath the DHS's cybertable and wait for it to toss it a bone. So, it's proposing a revamping of the federal government's cyber strategies so that they align more closely with what the NSA apparently feels should have been done in the first place.
“I’m now firmly convinced that we need to rethink how we do cyber defense as a nation, possibly even going so far as that we unite pieces of those three organizations into one organization that does it on behalf of the whole government,” said Curtis Dukes, the NSA’s deputy national manager for national security systems.
Yeah! That's how a partnership is supposed to work: the NSA seated in the same room with the DHS and law enforcement agencies, with everyone comparing the size of their information silos. Excellent. Dukes says he might be a "bit biased" in placing the NSA on equal footing with domestic security and law enforcement agencies, but cyber lives are at stake, dammit!
Dukes said the “bad news” was, with every cyber intrusion becoming a potential crime scene, meaning the FBI had to be involved, and with the DHS in charge, “as we orchestrate across those three department and agencies what we find is that we’re suboptimal and by the time we actually respond to an intrusion, it takes hours to days and by then in cyber time, the adversary has already met their objective.”
Figuring out under whose authorities an incident response should be run meant giving the enemy a head start, he said. “By the time we fill out the paperwork that would allow NSA to provide assistance, it’s typically days to a week before we can actually respond,” he added.
Wonderful. Exigent circumstances but for domestic snooping.
The NSA wants first access to private sector communications and data because the current method takes too long to get the data into the NSA's hands. That's the pitch. Never mind the fact that the NSA is supposed to be an intelligence service tasked with collecting FOREIGN communications and data. Never mind the fact that the agency exploited post-9/11 terrorism fears to become a domestic surveillance agency that turned the Third Party Doctrine into a loophole to be exploited in bulk. Never mind that it simply makes more sense to route domestic security-related data to the the domestic agencies (DHS, FBI, etc.) for several reasons, not the least of which are (at least) two Constitutional amendments (First, Fourth).
But there you have it: the NSA is lobbying for first peek at shared data from US companies, and it's claiming its only interest is better cybersecurity. And it's making this pitch while glossing over the fact that it is not -- and never has been -- a domestic law enforcement agency. Somehow, it still feels it's entitled to act like one and engage in even more domestic snooping.
13 Comments | Leave a Comment..
Posted on Techdirt - 24 October 2016 @ 6:07am
Another "free speech" controversy has blown up at Facebook. "Free speech" in quotes because Facebook is a private company that can make it own rules about speech it's willing to tolerate, much less protect. It's also one that can make up the rules as it goes along and apply them inconsistently. Welcome to the Internet. That's just how things are done.
So, it comes as no surprise that moderators at Facebook attempted to remove Donald Trump's posts as "hate speech." (via Slashdot)
Facebook employees pushed to remove some of Republican presidential candidate Donald Trump's Facebook posts — such as one proposing the ban of Muslims from entering the U.S. — from the service as hate speech that violated the giant social network's policies, the Wall Street Journal reported Friday.
To some readers, Facebook's attempts to remove posts by a Republican may seem like business as usual. The social media network has been criticized before for playing politics with its news feeds. But digging a little deeper into the details of the story reveals this mini-debacle starts as most censorship stories do: with the site's users, rather than its moderation team.
Issues around Mr. Trump’s posts emerged when he posted on Facebook a link to a Dec. 7 campaign statement “on preventing Muslim immigration.” The statement called for “a total and complete shutdown of Muslims entering the United States until our country’s representatives can figure out what is going on.”
Users flagged the December content as hate speech, a move that triggered a review by Facebook’s community-operations team, with hundreds of employees in several offices world-wide.
Flagging a policy proposal as "hate speech" sounds very much like certain Facebook users' attempts to create their own echo chambers -- the normal efforts of those who have mistaken the "report" button for Facebook's still-nonexistent "dislike" button.
The problem could have ended there. Moderators could have easily decided this was relevant to the upcoming election and not something that should be declared "hate speech." But it didn't go that way.
Some Facebook employees said in internal chat rooms that the post broke Facebook’s rules on hate speech as detailed in its internal guidelines, according to people familiar with the matter.
Facebook's definition of "hate speech" is far too broad. Even CEO Mark Zuckerberg agreed the post violated the company's "hate speech" policy, but overrode moderators and reinstated the posts. The rules will apparently continue to be rewritten on the fly.
On Friday, senior members of Facebook’s policy team posted more details on its policy. “In the weeks ahead, we’re going to begin allowing more items that people find newsworthy, significant, or important to the public interest—even if they might otherwise violate our standards,” they wrote.
This is a better interpretation of the rules, but one that should be permanently implemented, rather than just half-assed into place to lower the risk of losing campaign advertising dollars. Facebook has earned a lot of the criticism thrown in its direction over its surprisingly terrible post moderation decisions. So, FB earns a golf clap for deciding to prevent user-generated echo chambers, at least up until the second Tuesday in November.
The other problem is that this decision just isn't good enough for some Facebook employees.
[O]thers, including some Muslim employees at Facebook, were upset that the platform would make an exception. In Dublin, where many of Facebook’s content reviewers work, more than a dozen Muslim employees met with their managers to discuss the policy, according to another person familiar with the matter. Some created internal Facebook groups protesting the decision, while others threatened to leave.
Those that threatened to leave should do so. They're only going to make Facebook an even worse place for the world to get its news. There's plenty of unpleasantness out there that is newsworthy, significant, or important to the public interest. Very little of it rises to the level of hate speech -- even in Facebook's broad, constantly-changing definition of the term.
Lot of things Trump has said and advocated for are objectively repugnant and undoubtedly offensive to the races and religions targeted by them. But they are not "hate speech." They are bad ideas borne of worse thought processes. In any event, it's better to know what presidential candidates are supporting, rather than being unpleasantly surprised post-election.
The same goes for "normal" people. Why police "hate speech" in such a heavy-handed fashion? Wouldn't it be better to have those in your social circles out themselves publicly as repellant human beings, rather than discover this during a child's birthday party or other IRL social gathering?
Facebook isn't a free speech defender. It's a private company with a lot of advertising dollars and billions of users with competing interests on the line. It will play it safe and continue its long run of dubious moderation decisions. But what it shouldn't do is continue to expand its definition of hate speech so moderators become nothing more than a heckler's veto extensions.
150 Comments | Leave a Comment..
Posted on Techdirt - 24 October 2016 @ 3:10am
An attempt to force the government to reveal its secret list of terrorist groups has been shot down by the Seventh Circuit Court of Appeals [PDF]. The Heartland Alliance Immigrant Justice Center's FOIA request for "Tier III" terrorist groups can remain unfulfilled. [h/t Brad Heath]
Without giving too much away (and neither the court nor the government does), "Tier III" is apparently more nebulous and fluid than tiers I and II.
Tier I and Tier II organizations are publicly identified terrorist groups such as ISIS and al‐Qaeda. Tier III organizations are defined in 8 U.S.C. § 1182(a)(3)(B)(vi)(III) as any group of two or more people that engages in terrorist activity (as defined in 8 U.S.C. § 1182(a)(3)(B)(iv)), even if their terrorist activity is conducted exclusively against regimes that are enemies of the United States. Tier III organizations tend to have a lower profile than Tier I’s or Tier II’s, not only because the government does not publish their names but also because they tend to be groups about which the U.S. government does not have good intelligence, making it essential that the Department be able to obtain information about them during screening interviews that are as focused and complete as possible.
The government withheld this info under FOIA 7(E), which covers "techniques and procedures for law enforcement investigations or prosecutions." As the government argued, divulging these "groups" of two or more possible terrorists would likely allow screened immigrants to hide their involvement in these groups.
[A]s explained in the government’s brief, “an alien who becomes aware that a particular organi‐zation has been found to fall within the definition of a Tier III organization will have a very strong incentive to falsify or misrepresent any and all encounters, activities, or associations that he or she may have had with that organization.” If the alien doesn’t know that a terrorist organization that he has belonged to, been affiliated with, or maybe simply has provided supplies or money to, has been identified by our government as a terrorist organization, he is likely to be less guarded in answering questions about his activities in or associations with the organization. But if he knows that the organization he belonged to or was associated with is deemed a terrorist organization, he is likely to deny having ever had any connection to it or even having ever heard of it.
The Justice Center pointed out that the government's fear of slippery foreigners might be overstated. After all, members of terrorist groups -- whether publicly acknowledged by the government or not -- would be just as likely to lie about their affiliation even if privy to the contents of the Tier III list.
The Appeals Court doesn't think much of the Justice Center's counterargument, positing that any interrogation predicated on the Center's assumptions would be a "dumb interrogation." In the eyes of the court, the government's secrets allow it to more gracefully handle questionings, allowing it to tease out affiliations detainees would otherwise be unwilling to disclose.
The court isn't much kinder to the Justice Center's speculations about the contents of the Tier III list.
We learn in the Center’s reply brief that its primary concern is not with names but with the Tier III category itself, for it says for example that “the designation of Tier III organizations is often doubtful.” It hopes that if it can obtain the names of all the organizations—its goal in this litigation—it will be able to discredit some or perhaps many of them. Deeply distrustful of the U.S. government, by the tone and content of its briefs the Center signals its disbelief that the government has secrets worth keeping from asylum seekers and their helpers (such as the Center), but it does not explain what the government would gain by pretending that harmless organizations are actually terrorist groups.
The court does give the government a bit more credit than it deserves. It's not so much that the government would try to gain something by designating harmless groups as terrorist organizations. It's that government agencies have shown a willingness in the past to designate political groups they don't like as enemies or criminals, subjecting them to unlawful surveillance and other rights violations.
The concurring opinion raises another concern -- one that the court finds bolsters the government's secrecy assertions, but one that could also be read as a call for more scrutiny of this particular list.
At oral argument, the government noted plausible foreign relations grounds for the government withholding this information under other FOIA exemptions. Specifically, it noted that U.S. government relations with Tier III organizations might change on short notice, and that revealing certain Tier III organizations might have foreign policy ramifications. What one day might be an allied Christian militia fighting against the Islamic State (ISIS) might the next day be our nation's enemy, and while not rising to the level of a Tier I or II organization, might fall under Tier III. All of this suggests that the government has, in our nation’s FOIA law, adequate alternative claims for exemption that it chose to avoid, so there is no need to broadly construe 7(E).
The unasked question is this: if alliances shift, does the government immediately release detainees affiliated with groups the government has arbitrarily decided are now the nation's allies? Or do they just sit around forgotten in detention centers while the government moves organization names on and off the list? Who knows. The opinion suggests this is a problem for Congress to solve -- either by scaling back the scope of the FOIA exemption or by actually using its oversight powers to periodically review the Tier III list.
Read More | 29 Comments | Leave a Comment..
Posted on Techdirt - 21 October 2016 @ 3:21am
FBI Director James Comey didn't dig into his bag of "Ferguson Effect" rhetorical devices during his comments to a law enforcement conference on Sunday, but he came close. Under that theory, the possibility of being held accountable by citizens and their recording devices has apparently been holding officers back from enforcing laws, making arrests, or otherwise earning their paychecks.
The problem now is a lack of data, Comey claims. Law enforcement has lost control of the narrative, he stated, as if a one-sided portrayal of every police use of excessive/deadly force was somehow beneficial to the nation.
Dramatic videos of deadly law enforcement encounters and the absence of reliable data about how often police use force contribute to a regrettable narrative that "biased police are killing black men at epidemic rates," FBI Director James Comey said Sunday.
That story line has formed amid a lack of comprehensive, national data about how many citizens are killed or injured at the hands of police officers.
Thanks to the DOJ and FBI's active disinterest in collecting this data (until just recently), the "narrative" is no longer law enforcement's to control. Comey at least admits the FBI -- which was charged with collecting this data but somehow believed voluntary reporting would result in a comprehensive dataset -- is partly to blame.
We do not know whether number of black, brown or white people being shot by police is up because we have not collected data.
The problem with Comey's comments is that he apparently believes data on excessive force and killings by police officers will be ultimately exculpatory.
We need to show people what American law enforcement is really like, because if they see what we see, the chasm will close.
But the data collected by the public of its own initiative shows exactly what Comey claims it doesn't: that law enforcement officers are killing black men at "epidemic rates." Worse, Comey believes data collected and disseminated well after the fact will somehow be able to defuse immediate reactions to released video of officers killing or abusing citizens.
Videos of fatal police encounters that capture the public's attention and are shared broadly across the internet can fuel the perception that "something terrible is being done by the police," even if the data aren't there to back it up.
Given the audience, Comey probably didn't feel comfortable pitching the truth: that policing in America is every bit as bad as it's portrayed to be. Comey thinks data will give law enforcement control over the narrative, but that seems to be his only concern. The culture of American policing needs to change before the data start matching law enforcement's narrative.
Almost without fail, DOJ investigations of law enforcement agencies find two things: routine use of excessive force and biased policing. These aren't anomalies or "bad apples." This is how policing in America works.
As for the narrative, law enforcement still largely controls it. The corpse of the recently killed is barely on the way to the city morgue before law enforcement officials are dumping criminal records and officers' "feared for their safety" claims into the hands of reporters. No amount of pointing to stats is going to change the fact that far too many interactions are needlessly escalated by responding officers, or that biased police tactics are generating far too many interactions in the first place.
While it's good to know the FBI is finally going to push for better data collection on police use of force, the fact that it did nothing for nearly two decades counts against any goodwill it might hope to generate by finally doing its job. Unfortunately for those hoping this might lead to better policing, Jim Comey has made it clear it's really about controlling the narrative and pushing the American public to view law enforcement the way Comey feels they should be viewed: as good people in tough jobs who rarely, if ever, screw up. We'll just have to see what sort of spin is applied when Comey realizes the numbers aren't going to add up to his preconceptions.
89 Comments | Leave a Comment..
Posted on Techdirt - 20 October 2016 @ 2:35pm
The CIA is still causing problems for Jeffrey Scudder. Scudder used to work for the CIA. He was forced out of the agency after making a FOIA request for "historical documents of long-dormant conflicts and operations" while still employed there. Perhaps the agency thought only citizens outside of the agency should be making FOIA requests. Or maybe it thought Scudder was engaged in a particularly labyrinthine plot to exfiltrate declassified documents out of the agency. Whatever its thought process, it resulted in an FBI raid of Scudder's house, the seizure of his electronics, and the end of his career.
Unfortunately for the CIA, this has given Scudder more time to file FOIA requests and sue the agency when it responds in increasingly ridiculous ways. Scudder has already tangled with the CIA over its refusal to join the 20th century (never mind the current one) when turning over responsive documents. His last major request to the agency asked for "softcopy" -- i.e., not paper -- copies of 419 articles from the CIA's "Studies in Intelligence."
The CIA told him it had no way of providing him documents in the format he asked for. Instead, it claimed it only had one way to comply with the request: the stupidest, most circuitous way.
The defendant [CIA] avers that if it were ordered to honor the plaintiff's [FOIA] request [for soft copy records], it would have to print the existing electronic documents to paper and then rescan them into electronic documents so that they may be reproduced and released on removable media..."
Scudder called this an "administrative gimmick" -- something meant to discourage requesters and generate extra FOIA fees. The judge presiding over the case was less kind. She called it "Rube Goldbergian" while pointing out that FOIA law does allow requests to be turned down if they're too burdensome, but that's not an invitation to agencies to turn normal requests into overly burdensome ones by adding several layers of administrative busywork.
It's this case that's cited in Scudder's latest lawsuit against the CIA -- again hoping to force the agency to deliver documents digitally, rather than via a method lying somewhere between the hellish bureaucratic redundancy of Terry Gilliam's "Brazil" and a shoddy steampunk plot point. (To be fair, it could be institutional. The Defense Department itself once turned down a request from MuckRock because it couldn't find any money in its budget to repair/replace the single fax machine it used to receive FOIA requests.) From the filing [PDF] (via The FOIA Project)
Mr. Scudder, joined by three esteemed members of the academic community, now seeks through this new FOIA litigation to resolve once and for all whether CIA’s electronic production policy inextricably conflicts with the agency’s obligations under FOIA. A new FOIA request – outlined below – seeking electronic copies of historical CIA records is ripe for adjudication by this Court. Through this litigation, Mr. Scudder and his colleagues seek to bring CIA’s refusal to adhere to the letter – to say nothing of the spirit – of FOIA to an end.
This is pretty much more of the same for Scudder v. CIA, only this time Scudder brought colleagues: Ken Osgood, Hugh Wilford, and Mark Stout. He's also getting out ahead of the CIA's eventual denials and obtuse claims of technical ineptitude. He's forcing the issue by forcing the CIA to respond well ahead of its usual lackadaisical FOIA response schedule. Even better, he's brought another federal judge's not-at-all-impressed opinion of the CIA's reluctance to familiarize itself with peedee effs and ceedee romms… in 2016.
Hopefully, the court will prevent the CIA from continuing to blow taxpayer dollars on reams of paper, black toner cartridges, and snail mail postage.
Read More | 6 Comments | Leave a Comment..
Posted on Techdirt - 20 October 2016 @ 3:06am
Over the past several years, the DEA has run hundreds of wiretap warrants through a single county judge's court after getting them approved by whoever happened to be in the local district attorney's office when agents need one signed. The latter part of this process runs contrary to statutes enacted specifically to prevent abuse of wiretap warrants by the federal agencies.
The approval process, which had been streamlined to eliminate any possible roadblocks to the DEA's deployment of wiretaps all over the country, was considered by the DOJ to be far enough outside legal boundaries as to make the warrants questionable, if not legally "toxic."
The district attorney who was supposed to personally approve these wiretap warrants never did. Former Riverside County district attorney Paul Zellerbach delegated this task to anyone but himself. Because of this, some of the warrants have been challenged in court, leading to the DOJ stepping in to salvage wiretaps its lawyers had previously instructed DEA agents to keep out of federal courts.
Not much of this seems to matter now, as another Riverside County judge has just declared the DEA's wiretap warrants to be perfectly valid.
Superior Court Judge John Molloy ruled that the district attorney was allowed to delegate the responsibility of approving wiretap applications to his second-in-command.
Except that's not really what happened. Zellerbach, who managed to obtain a warrant of his own by failing to show up for court, never designated any particular person to approve the warrants. As Brett Kelman and Brad Heath reported earlier, Zellerbach himself stated that he delegated this task to "lower level lawyers," rather than a specific person -- contrary to statutes directly stemming from the federal government's previous abuse of wiretap warrants to surveil civil rights leaders during the 1960s.
Federal law bars the government from seeking court approval for a wiretap unless a top prosecutor has personally signed off on that request.
Zellerbach claimed he had no time to personally approve these wiretap requests. And he probably didn't, what with the DEA funneling several hundred of these through his office and into the hands of county judge Helios Hernandez (who singlehandedly approved five times as many wiretap warrants as any other judge in the nation).
Judge Molloy, however, likely views this abuse of the system as good police work.
Molloy, a former prosecutor who used to work with wiretap applications, ruled that Zellerbach’s practice of letting his number-two prosecutor sign off on them did not violate state or federal wiretap laws.
Molloy also said that because Zellerbach was away at an education conference in another Southern California town when the specific wiretap defense lawyers were challenging was approved, he would have been allowed to delegate it anyway.
Zellerbach's second-in-command testified in court that he usually handled wiretap requests, paying no mind to the federal limitation that Zellerbach be actually absent before he had permission to do so.
Under Zellerbach, that person was Van Wagenen. However, on Friday, Van Wagenen testified that he didn’t actually check if Zellerbach was available before he signed hundreds of applications.
“The protocol was that I was to sign the application instead of Mr. Zellerbach,” Van Wagenen said.
“On any occasion?” asked defense attorney Jan Ronis.
“If I was available and in the office, yes,” Van Wagenen answered.
Judge Molloy revisited the questioning minutes later.
‘Did you ever ask Paul Zellerbach to review a wiretap application?” Molloy asked.
“I did not,” Van Wagenen said.
"This is fine" ruled the judge, and at least one warrant -- if not dozens of others obtained in the same jurisdiction (which would be a significant percentage of the DEA's wiretap warrants) -- has been given a post facto veneer of lawfulness. This takes some weight off the DOJ's legal team, which had previously advised the DEA to steer clear of federal prosecutions stemming from questionable warrants. Now, it can just let the highest level local judge's blessing do its work for it.
3 Comments | Leave a Comment..
Posted on Techdirt - 19 October 2016 @ 5:15pm
The Chicago Reader has put together a massive, must-read investigation into the Chicago Police Department's secret budget. The Chicago PD has -- for years now -- used the spoils of its asset forfeiture program to obtain surveillance equipment like Stingrays. This discretionary spending is done off the city's books, allowing the CPD to avoid anything that might prevent it from acquiring surveillance tech -- like meddling city legislators… or the public itself.
Since 2009, the year CPD began keeping electronic records of its forfeiture accounts, the department has brought in nearly $72 million in cash and assets through civil forfeiture, keeping nearly $47 million for itself and sending on almost $18 million to the Cook County state's attorney's office and almost $7.2 million to the Illinois State Police, according to our analysis of CPD records.
The Chicago Police Department doesn't disclose its forfeiture income or expenditures to the public, and doesn't account for it in its official budget. Instead, CPD's Bureau of Organized Crime, the division tasked with drug- and gang-related investigations, oversees the forfeiture fund in what amounts to a secret budget—an off-the-books stream of income used to supplement the bureau's public budget.
The Reader found that CPD uses civil forfeiture funds to finance many of the day-to-day operations of its narcotics unit and to secretly purchase controversial surveillance equipment without public scrutiny or City Council oversight.
It sounds like a lot of money -- $72 million in civil forfeiture funds -- and it is. But it's not like this money comes from a few large busts that have seriously affected the city's drug trade. That may be the rationale for the PD's convictionless seizing of property and cash (just like "terrorism" is often cited when acquiring surveillance tech ultimately destined for plain vanilla law enforcement use). But in reality, the forfeiture's rarely do anything more than financially cripple a large number of individuals who have little to anything to do with drug trafficking. The Chicago Reader reports that the median seizure in Illinois is only $530 -- hardly an amount one associates with criminal empires. In fact, the normal cash seizure probably sounds more like the following than a breathtaking dismantling of a local drug-running crew.
Ellie Mae Swansey, a 72-year-old retiree living on a fixed income, had her 2001 PT Cruiser seized two years ago when Chicago police arrested her son for drug manufacturing. The costs of simply beginning the long, circuitous, extremely-frustrating battle to reclaim her vehicle were prohibitive.
In order to have a chance at getting their property returned, claimants must put down a bond toward their asset when first submitting the official paperwork. This means that Swansey had to pay $140 (10 percent of her car's value) just to start the process. Then, to appear in court, she had to pay an additional $177 fee.
To Swansey, who lives on a $655-per-month social security check, these costs are substantial. Successful claimants will have 90 percent of their bond returned; unsuccessful claimants get nothing back.
The extensive investigation, compiled from dozens of FOIA request (more on than in a bit), notes that 90% of the seized funds spent by the CPD went to expected, above-board expenses: vehicles, cellphones, etc. But the rest of it went other places, obscured by redactions and withheld documents. Payments to cellphone forensics companies like CellBrite were uncovered, as were purchases of a license plate reader installed near the CPD's infamous Homan Square
detention center black site, and $417,000-worth of cell tower spoofers.
The Chicago PD will continue to roll over retirees like Swansey because the laws governing forfeiture in Illinois have completely corrupted the incentives. It's not about law enforcement or crime prevention. It's about autonomy, power, and a steady flow of spendable cash.
When a government agency is allowed to handle the forfeiture proceeds it brings in—as is the case with both CPD and the Cook County state's attorney's office—it controls both "the sword and the purse," like an army that is also its own taxing authority. This is according to Lee McGrath, legislative counsel for the Institute for Justice, which seeks to reform civil asset forfeiture laws across the country.
And for what? What has been the end result of this massive amount of supposedly drug-focused seizures and spending?
[T]he prices of many drugs have decreased and purity has increased since the [drug] war began.
The second part of this story is just as interesting. It details how the Chicago Reader managed to get its hands on this stash of documents. It began with a FOIA request for Stingray documents from the Chicago PD. In between the redactions, the PD accidentally gave up its quasi-"black budget" account numbers.
On October 13, 2014, Christopher Kennedy, from CPD's Gang Investigations Division, wrote to Nicholas Roti, then chief of the department's Bureau of Organized Crime:
"Because this equipment will be used for [REDACTED] investigations in to [sic] [word missing] [I] recommend that it be paid for with both 1505 and 1505ML funds in equal amounts," he wrote.
Several requests later, Lucy Parson Lab (government transparency activists) and the Chicago Reader confirmed that these accounts were tied to asset forfeiture. Moving on from there, however, required some outside assistance. The Reader was going to be asking for a lot of documents and it would have been easy for the Chicago PD to deny such a request from a single entity as "unduly burdensome."
But several public records requesters, each using their own name? Not as easy.
To get over this hurdle, Lucy Parsons Labs launched a collaboration with MuckRock, a FOIA and transparency website, asking ordinary users to send FOIA requests on our behalf.
Lucy Parsons Labs drafted a sample FOIA request for users to download and submit. We also managed the responses from CPD—MuckRock's platform automatically followed up with CPD when the department was late responding to a request. Once checks came back from CPD, Lucy Parsons members collected the data in a centralized location and classified each purchase as being either part of routine police activities or as part of broader surveillance efforts. Eleven of our 13 community requesters used the MuckRock FOIA platform to submit and manage their requests.
This is how you beat a system predisposed to telling you "no." A "burdensome" request split 20 ways is no longer a burden. Sure, the Chicago PD might have experienced a bit more of a crunch fulfilling these, but it couldn't use the law to deny releasing documents it almost certainly would have preferred to keep under wraps.
14 Comments | Leave a Comment..
Posted on Techdirt - 19 October 2016 @ 3:00pm
The FBI and CBP have been using the nation's borders as recruiting stations for informants. This phrasing makes it sound a lot more voluntary than it actually is. The Intercept has obtained documents showing how these two agencies work together to pressure foreign visitors into basically becoming spies for the United States.
The FBI gives CBP a list of countries of origin to watch out for among passengers, sometimes specifying other characteristics, such as travel history or age. It also briefs CPB officers on its intelligence requirements. The CBP sifts through its data to provide the bureau with a list of incoming travelers of potential interest. The FBI can then ask CBP to flag people for extra screening, questioning, and follow-up visits. According to the documents, the FBI uses the border questioning as a pretext to approach people it wants to turn informant and inserts itself into the immigration process by instructing agents on how to offer an “immigration relief dangle.”
These documents confirm what was alleged in a lawsuit filed by Rahinah Ibrahim two years ago. Her filing pointed out that the FBI has used threats in the past to secure cooperation, like revoking traveling privileges or trying to prosecute immigrants for minor crimes. Ibrahim's lawsuit had another allegation: the secret "no fly" list is also being used as a coercive tool, with agents threatening to add travelers' names to the list if they refused to go to work as informants.
The documents obtained here note that the joint recruiting efforts have expanded far past the nation's border. Some form exists in every airport in the nation. Travel to and from certain countries is flagged for extra scrutiny. The CBP collects extensive data on everything crossing US borders -- people or products -- and turns this over to the FBI with any potential targets pre-flagged. It also provides the FBI with a list of passengers expected to arrive from "countries of interest" at the nation's airports within the next 72 hours.
The CBP is supposedly in the border-securing business and the FBI in the law enforcement business, but these directives turn them both into intelligence agencies. This has made both agencies far more interested in recruitment and data harvesting than their original directives. The documents show that the CBP tends to grab the most data, starting with basic traveler information. There is no predetermined endpoint to the CBP's investigative work. Secondary screenings at borders could run from a few minutes to several hours, depending on how much the CBP wants to harvest.
The CBP materials indicate that as part of secondary inspections, CBP can search “pocket litter,” documents, and cellphones. The April 2012 presentation promises a “full cell dump, including #s, text messages, pictures, etc.” at certain airports.
Everything is passed on to the Joint Terrorism Task Force, which then starts the uglier work of pushing certain travelers into becoming informants, using both carrots, sticks and, in some cases, visits to their homes. Immigration revocation threats are common. So is the promise of benefits. But in both cases, the FBI -- working with CBP info -- is using motivations it can't actually offer or revoke.
When potential informants are not U.S. citizens, they may be particularly vulnerable to pressure from the FBI. Indeed, the bureau is counting on people thinking that FBI involvement in immigration decisions is normal, the documents indicate. In reality, FBI agents are expressly forbidden from promising immigration benefits to potential informants or threatening deportation.
The agency apparently believes deceiving foreign citizens during the recruitment process causes zero damage.
“If subject is deemed ‘recruitable,’” the slides state, then a “series of overt interviews set into motion.” If the person is “not recruitable,” then “NO HARM. Subject believes that the interview is part of the immigration process.”
This is why these recruitment efforts work. The FBI is counting on the ignorance of visiting travelers to help it turn visitors into informants. A suspicionless detention in which several invasive questions are asked is considered to be "no harm," and the FBI will just move on to the next suggestion from CBP. And even if they think this might have been out of the ordinary, what are they going to do? Complain to another person in uniform and hope that the implied threats of deportation are bogus?
15 Comments | Leave a Comment..
Posted on Techdirt - 19 October 2016 @ 1:34pm
Let's review some Intelligence Community terminology, shall we? [All expanded definitions courtesy of Vice News and Jason Leopold's FOIA tenacity.]
"Collect [It] All [These Paychecks You Haven't Earned]"
The Intelligence Community Inspector General (IC IG) Investigations Division (INV) identified [redacted] is an employee of CENTRA* Technology, working on ODNI contract [redacted] The data analysis indicated that [redacted] was not likely present at her assigned worksite for the full period in which she billed the contract. [redacted] 1 June 2012 to 29 July [redacted] billed the government for 630 hours for which she was not present at her worksite.
*Jason Leopold points out CENTRA was contracted to review CIA torture documents. Or NOT review them, as appears to be the case here.
Total cost to taxpayers for [redacted] not being at work? Almost $30,000.
Finding: [redacted] falsely charged approximately 306 hours from 1 June 12 to 29 July 2013. She had a billing rate of $89.14 per hour during this time frame. The total amount of mischarging is approximately $27,301.
"Haystacks [of Single Women]"
In the administrative hearing held on 30 March 2012, [redacted] admitted that while at work he used his AIN connection to purchase non-official plane tickets, send instant messages to friends, and check online dating services. According to [redacted] he accessed these online dating and social accounts to view images of scantily clad or naked women. [Redacted] noted that while on the AlN he used MySpace and Meebo as his means of e-mailing and instant messaging his friends and acknowledged that some of these conversations lasted all day. [Redacted] also explained that 95% of his time spent on the internet was for personal use.
Total tab run up by Lazyass P. Horndog* - $974,000 over six years, with an admitted 95% of that being tax dollars down the drain.
"Incidental Collection [of Money in Exchange for not Doing a Damn Thing]"
Finding: [Redacted] submitted false time cards for approximately 220 hours which he did not work, from 15 FEB 12 until 31 JUL 12. [Redacted's] hourly rate charged to the government was approximately $125 per hour; the total loss to the government for this time frame is approximately $27,500. During the IC IG interview with on 18 October 2012, he admitted that he falsely recorded his time since 2005. Mr. [Redacted] previously worked on the same contract at a facility without [redacted]; therefore the IC IG has no record of his time at work prior to 15 Feb 2012. Mr. [Redacted] charged approximately 8.8 hours per week which he did not work over 25 weeks from 1 January 2005 through 15 Feb 2012. An average of 8.8 hours per week from January 2005 through 15 February 2012, equates to approximately 3,282.4 hours which is an estimated loss of $410,300 (without accounting for rate adjustments).
"Minimization Procedures [for Open Browser Tabs on Government Computers]"
In May 2013. the IC IG Investigations Division obtained additional AIN records of sexual chat. We found that [redacted] began using AIN for sex chat in May 2010 and continued on a near daily basis until his removal ODNI facilities on July 18, 2013, under the direction of agency security officials.
[Redacted] often engaged in as many as 20 exchanges per day seeking sex partners. The majority of [redacted's] sex chat included attempts to establish after work sexual encounters, descriptions of desired sex acts and graphic descriptions of his genitalia.
Upon discovery of information that [redacted] attempted to establish a sexual relationship with a possible minor residing in northern Virginia, this office referred the matter to the FBI, specifically the Northern Virginia Internet Crimes Against Children (ICAC) task force.
There's way too much fraud, misconduct, and criminal activity in these reports to fully cover here. The 264 pages [PDF] released to Leopold and Vice as the result of an FOIA lawsuit detail extramarital affairs involving supervisors and subordinates, unapproved telecommuting by contractors handling sensitive documents, and page after page of attendance fraud.
Multiple cases are included, most involving hundreds of hours and tens of thousands of dollars of unearned wages. The intelligence community has the big budget and all the manpower it wants, but it apparently doesn't have enough actual work to keep them all busy. Contractors have charged taxpayers for hours they never worked, running personal errands, moonlighting as university instructors, and tending their Farmville crops.
This is the direct result of the community's "collect it all" attitude. If some is good, more is better, and while budgets and staffing expand exponentially, lots and lots of tax dollars are spent paying contractors who aren't doing anything and plenty of other contractors engaged in IC busywork that contributes nothing to the nation's security and safety.
Read More | 16 Comments | Leave a Comment..
Posted on Techdirt - 19 October 2016 @ 8:24am
The Seventh Circuit Court of Appeals confirms what's already known about the NSA's domestic surveillance: it's not just for terrorism.
The NSA collections -- done in the FBI's name -- are supposed to only gather info related to international terrorism. But that requirement has been phased out. The NSA "tips" a certain amount of data to the FBI for its own use and it has been shown in the past to do the same for the DEA, which it then instructs to obscure the origin of its info.
An opinion [PDF] just released by the Appeals Court, says basically the same thing: although the NSA's surveillance is supposed to be used to sniff out terrorists, there's nothing in the law that prevents it from using its collections to go after criminals.
Gregory Turner was convicted of conspiring with Prince Asiel Ben Israel (both US persons) to provide aid to Zimbabwean "Specially Designated Nationals" -- in this case a group working to block the institution of more democratic processes and procedures in that country.
Turner moved to suppress the evidence, claiming that the government's use of a FISA order to obtain information on his activities violated the NSAs foreign intelligence directives. But the court finds the directive does not limit FISA warrants to terrorism only. The government only needs to "reasonably believe" a target is an "agent of a foreign power."
The government informed Turner it had gathered evidence using FISA-authorized surveillance. Then it refused to turn over information to him with regards to its activities. From the redacted, terribly-reproduced decision:
On February 27, 2014, Turner filed a motion for disclosure of FISA materials and motion to suppress evidence obtained or derived from FISA. The government responded to these motions with a classified brief and a sealed appendix submitted ex parte to the district court and redacted, unclassified version served to Turner. Additionally, the government filed a "Declaration and Claim of Privilege" by the Attorney General that declared, "it would harm the national security of the United States to disclose or hold an adversarial hearing with regards to the FISA materials…"
Both motions by Turner were denied. These denials have been upheld by the Appeals Court. Turner claimed the government failed to meet its probable cause requirements for the FISA warrant and also violated his First Amendment rights with its surveillance.
Much of the court's reasoning is redacted but it does have this to say about Turner's assertions.
Turner contends that "FISA appears to require the communications subject to surveillance of a United States person must related directly to activities involving international terrorism as defined in FISA." Turner misstates the law. FISA is not limited to activities involving international terrorism. FISA authorizes surveillance and searches based on probable cause that the target is an "agent of foreign power," which relates to "any person" engaged in certain activities… on behalf of a foreign power, including "clandestine intelligence gathering activities" and "enter[ing] the United States under a false or fraudulent identity… or while in the United States… assum[ing] a false or fraudulent identity." These activities are listed in addition to "international terrorism."
Not only that, but the laws governing FISA-ordered activities were loosened in 2008 to encompass all sorts of criminal activity not related to foreign powers or international terrorism.
FISA, as amended in 2008, "eliminated any justification for the FISA court to balance the relative weight the government places on criminal prosecution as compared to other counterintelligence responses." [...] [T]he amended FISA statute "does not oblige the government to demonstrate to the FISA court that its primary purpose in conducting electronic surveillance is not criminal prosecution."
As for Turner's First Amendment claims, the court finds the activities he engaged in were not covered under the First Amendment, no matter how "right" Turner may have believed undermining the installation of a democratic government was. As the court sees it, the government established Turner was an "agent of a foreign power," something that strips away protections normally afforded to political activity. Or maybe just political activity the US government doesn't approve of.
Either way, it's very clear FISA court orders can be used to engage in domestic surveillance purely to investigate criminal activity, something the NSA hasn't exactly been forthcoming about. As long as a foreign power is somehow involved, the NSA and the FBI are interchangeable surveillance pieces, even though one of them is assumed to be mostly uninvolved in domestic surveillance of US persons.
Read More | 24 Comments | Leave a Comment..
Posted on Techdirt - 19 October 2016 @ 3:15am
Pam Geller has decided there's nothing like grabbing more shovels when you're already in a hole. [And that means it's time for notable "leftist publication" Techdirt to crank out another "little hit piece" filled with "hyperbole and nonsense," apparently...]
Geller doesn't like the way she's been treated by Facebook, YouTube, and Twitter and has decided the problem is Section 230 of the CDA. So, she's suing the DOJ for "enforcing" the immunity the government has granted to websites to shield them from being held responsible for user-generated content.
The DOJ responded to her lawsuit by pointing out that the DOJ doesn't ENFORCE anything. It's a defense service providers can raise when entities come after them for content posted by their users. In Geller's mind, Section 230 gives service providers the "right" to arbitrarily remove content. She's wrong, of course. It does no such thing. Instead, Section 230 prevents service providers from being held civilly liable for making "good faith" efforts to remove objectionable content. The rest of what Geller's complaining about can be traced back to each provider's terms of service and their individual translations of what that means in terms of Geller's often-inflammatory content.
Geller continues to insist this is about suing Facebook, even though Facebook isn't a named party. And her response to the DOJ's motion to dismiss strongly suggests she feels she can't directly sue any service provider for taking down her content because of Section 230. This is also incorrect. She may have almost no chance of winning the suit, but nothing in Section 230 prevents service providers from being sued for allegedly discriminatory behavior. From Geller's opposition motion [PDF] (h/t Adam Steinbaugh):
By way of § 230, the Government is empowering this type of discrimination and censorship. By its own terms, § 230 permits Facebook, Twitter, and YouTube “to restrict access to or availability of material that [they] consider to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.”
This is where Geller misreads "permits" as "orders." Section 230 does not place any content-based restrictions on speech. Instead, it immunizes service providers from civil liability for good faith content removal. Geller calls this immunization "government-sanctioned discrimination and censorship of speech" -- somehow finding a defense mechanism to be an avenue of attack. (She repeats her laughable assertion that Section 230 is a "heckler's veto" multiple times in the filing.)
From there, Geller theorizes that Section 230 would prevent Facebook, et al from being sued for violating California's anti-discrimination statutes. This theory is incorrect as well.
The pertinent part of Section 230 reads:
Nothing in this section shall be construed to prevent any State from enforcing any State law that is consistent with this section. No cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.
This law immunizes Facebook from being held liable for, say, Pam Geller's controversial content -- even if a state law says otherwise. What it doesn't do is immunize Facebook from liability for violating California discrimination laws, which is where Geller has a somewhat more cognizable claim. Unfortunately for her, she's chosen to name the wrong defendants and file in the wrong jurisdiction. Continuing to misconstrue a defense as an attack, Geller insists that she has standing to sue the federal government for content removal performed by a private company.
The very reason why Facebook, Twitter, and YouTube are able to engage in their discriminatory practices with impunity is § 230. See Klayman v. Zuckerberg, 753 F.3d 1354 (D.C. Cir. 2014) (concluding that § 230 foreclosed tort liability predicated on Facebook’s decision to allow or to remove content). In other words, the Government has sanctioned these discriminatory practices by placing them above the law. Consequently, the traceability element is satisfied.
If there's anything "traceable" here, it's the California location of the entities she mentions in her lawsuit (YouTube, Facebook, Twitter) but has not named as defendants. California law is the angle she should be using to attack these companies for their allegedly "discriminatory" removal of her postings, but she has filed in federal court and named the DOJ as the defendant.
Geller notes that California law prohibits the sort of discriminatory behavior she's alleging:
Section 51 of the California Civil Code provides, in relevant part, All persons within the jurisdiction of this state are free and equal, and no matter what their sex, race, color, religion, ancestry, national origin, disability, medical condition, genetic information, marital status, or sexual orientation are entitled to the full and equal accommodations, advantages, facilities, privileges, or services in all business establishments of every kind whatsoever.
If her allegations are true and these service providers are discriminating against her, Section 230 would not immunize them against these claims. But even if she were to raise claims solely under this law, she would likely not succeed.
The law only requires company provide "access." It does not demand they allow anyone to do whatever they want once they're granted access. Under this law, Facebook can't deny Geller an account simply because it doesn't like her religious views, but it is under no obligation to allow her to post whatever she wants. The DOJ, in its motion to dismiss, addressed this point as well (even though it was under no obligation to make California's arguments for it).
Nor is it clear how California law can require a private social media company to publish Plaintiffs’ speech, see Compl. ¶¶ 46-61, or how such a state-law requirement would be consistent with the First Amendment, which arguably protects a social media company’s editorial control or judgment from government regulation that would require publication of a certain message.
If Geller were able to prove she was denied access based on her religious beliefs (and a temporary ban doesn't cut it, legally-speaking), Section 230 would not stand in the way of the civil suit Geller doesn't appear to actually want to file. All Section 230 immunizes against is holding Facebook civilly liable for content users like Pam Geller have posted. And Geller's main complaint is that Facebook keeps taking her posts down, not allowing them to stay up.
At best, Geller's extremely misguided lawsuit may eventually boil down to litigation directly implicating California's anti-discrimination law and how that is actually applied to service providers located in California, but with users all over the world. It may also result in a somewhat indirect challenge of that law's Constitutionality. But what it won't do is make the federal government responsible for Facebook's actions. And Geller, whose popularity and following largely relies on inflammatory speech, is only shooting herself in the foot by attacking Section 230. If this immunization were not provided to social media platforms, it's highly unlikely she'd have anything more than a self-hosted personal blog for a soapbox.
The final irony is that Geller is no doubt opposed to anti-discrimination laws like California's that force private businesses to cater to customers they'd rather not -- perhaps even in opposition to their own religious beliefs. (See also: same sex marriage/wedding cakes.) But she wants the government to step in and act as arbiters of private companies' terms of service and prevent the sort of discrimination she claims is taking place.
Read More | 36 Comments | Leave a Comment..
Posted on Techdirt - 18 October 2016 @ 2:30pm
Fake lawsuits featuring fake plaintiffs filed against fake defendants and hustled past judges to secure court orders demanding delisting by search engines: that's the new face of reputation management, apparently.
Paul Alan Levy, along with newly-acquired partner Eugene Volokh, have managed to track down the possible perpetrator behind a couple dozen bogus lawsuits filed in recent months. Richart Ruddie and his company, Profile Defenders, appear to be engaging in some illegal activity in order to provide clients with the services they've promised them.
Ruddie has refused to comment on the lawsuits or answer questions posed by Levy and Volokh. Instead, he has opted to fight speech with more speech [lol] by issuing a very self-serving press release.
Here's what Profile Defenders has to say about itself -- not in response to any questions, but rather to buff some of the tarnish off its dented armor. It's not just about "protecting the rich." [No. Really.] It's about saving clients from cyberbullying. (h/t Paul Alan Levy)
Reputation management companies like Profile Defenders protect the innocent from the action of cyberbullies who prey on people.
Fortunately, reputation management companies like Profile Defenders have arrived, and in the war between reputation companies vs cyber bullies they give the innocent a chance to tell their story on the Internet. Co-founder of Profile Defenders, Richart Ruddie, is glad that people are given a second chance after being defamed by cyber bullies that act like new age mobsters trying to destroy good people through cyber bullying.
I assume Levy, Volokh, and others who have covered this slowly-unravelling debacle are the "new age monsters" attempting to destroy "good people" --"good people" who apparently have no problem filing bogus lawsuits and forging signatures, all the while charging thousands of dollars to drag down their clients' reputations along with their own.
Then there's this, helpfully pointed out by a commenter (and victim of one of PD's bogus lawsuits) on Levy's post. Ruddie's personal blog contains a post with some enlightening thoughts about journalism.
Writers and journalists typically use their powers for evil and to hurt good people.
And what sort of people are the "good people" hurt by "evil" journalists? Richart Ruddie is, according to Richart Ruddie.
Had one of the nicest compliments this past weekend. A new friend said "Chart do you know why I like you?"
"At the end of the day you're just a genuine person Richart Ruddie"
You're not looking for anything from anybody, you are just here to be happy and have a good time and if you can facilitate others to be happy as well then you do your part to ensure all others around you are happy.
Yep. Genuine as fuck. More from Levy:
[I] expect that Ruddie will prove a slippery character – the home page of his “Profile Defenders” web site provides a New York City street address that appears to be phony (a letter I sent him at that address demanding that he preserve relevant documents came back undeliverable), and both the Linked In and Google profiles of Profile Defenders show a Washington, D.C. address that does not exist. Moreover, Florida’s records reveal that Ruddie maintains a stable of many different LLC’s. It may take the investigative resources of a federal or state grand jury or of the Federal Trade Commission to track him and his assets down, and bring him to justice.
Volokh and Levy have uncovered plenty of damning evidence strongly suggesting Ruddie's company is now in the business of filing bogus lawsuits simply because (a) there's very little chance any judge will examine these cases closely (and when a judge does, the suit is refiled in another court) and (b) it's one of the only methods proven to result in delistings of negative reviews hosted by non-parties to the lawsuits. As Levy notes, it may be almost impossible to blow this wide open, much less get Ruddie to answer any questions about these lawsuits on the record. But the reputational damage his company is now causing indirectly to its clients may result in lawsuits Ruddie can't ignore, filed by aggrieved customers who paid thousands of dollars just to see themselves swept into Profile Defender's destructive vortex.
13 Comments | Leave a Comment..
Posted on Techdirt - 18 October 2016 @ 10:39am
Never let it be said law enforcement won't get their man. Even if it's the wrong man. And even if they do it twice.
This was Denver native Steven Talley's first experience with the local PD.
It was just after sundown when a man knocked on Steve Talley’s door in south Denver. The man claimed to have hit Talley’s silver Jeep Cherokee and asked him to assess the damage. So Talley, wearing boxers and a tank top, went outside to take a look.
Seconds later, he was knocked to the pavement outside his house. Flash bang grenades detonated, temporarily blinding and deafening him. Three men dressed in black jackets, goggles, and helmets repeatedly hit him with batons and the butts of their guns. He remembers one of the men telling him, “So you like to fuck with my brothers in blue!” while another stood on his face and cracked two of his teeth. “You’ve got the wrong guy,” he remembers shouting. “You guys are crazy.”
Talley was driven to a Denver detention center, where he was booked for two bank robberies — the first on May 14 and the second on September 5, 2014, 10 days before his arrest — and for assaulting an officer during the second robbery.
Surveillance camera footage from the robbed banks had been circulated. Acquaintances and Talley's estranged ex-wife asserted that the man shown was Talley. Using these statements, the Denver PD moved forward with its particularly brutal arrest, one that left Talley with multiple injuries.
In the months that followed, a series of medical exams revealed that Talley had sustained several injuries on the night of his arrest, including a broken sternum, several broken teeth, four ruptured disks, blood clots in his right leg, nerve damage in his right ankle, and a possibly fractured penis.
Talley was held for two months until recordings made by his employer showed he was at his desk on sales calls during the time the May robbery took place. He was released and charges were dropped. But investigators still didn't have the right suspect in custody. So they turned the footage over to the FBI, which put one of its facial recognition experts on the case.
The detective assigned to Talley’s case, Jeffery Hart, had requested that an FBI facial examiner manually compare stills from the banks’ grainy surveillance videos to several pictures of Talley — a tall, broad-shouldered white man with short blond hair, mild blue eyes, and a square jaw.
The FBI analysis concluded that Talley’s face did not match the May robber’s, but that he and the September robber shared multiple corresponding characteristics, including the shape of the head, chin, jaw line, mole marks, and ear features. “The questioned individual depicted” in the September images, the report concluded, “appears to be Talley.”
"Appears." That was enough to justify putting Talley through this whole nightmarish experience again. Talley was arrested again, under the new law enforcement theory that the robberies had been committed by two different men, both of whom resembled Talley enough to have him arrested twice.
This time, the case fell apart almost immediately.
The FBI’s facial analysis was further called into question in court, when the prosecution’s star witness directly contradicted its conclusions. When Bonita Shipp — the sole witness to the September 5 robbery, who had previously identified Talley based on Hart’s photographic line-up — took the stand, she testified that Talley was not the same man who threatened her and robbed her station.
According to the internal bank form tellers fill out after each robbery, Shipp originally described the suspect as 6 feet, 175 pounds, with a slender build. But the man who stood before her, she noted, did not fit this description. Talley stood just under 6 feet 4 inches and weighed between 230 and 250 pounds. He did not, in her opinion, appear to be a slender man.
[I]n the cross-examination with the prosecutor, Shipp said that she had not previously told anybody about the robber’s hands. “When he reached his hands over the counter,” she told the DA, “I could see through his surgical gloves, and I could — he had like marks on his hands.”
The markings were moles and freckles, which she believed she would recognize if presented again with the robber’s hands. At the hearing, Talley offered to show Shipp his hands, and she examined them. “It’s not him,” she told the courtroom. “It’s not the guy who robbed me.” The prosecutor, Shipp recalled, went slack-jawed.
The reliance on facial recognition proved much more fallible than was asserted in court. The similarity between the faces -- as determined by the FBI's expert -- was based on little more than what one forensic scientist called "voodoo witchcraft."
No threshold currently exists for the number of points of similarity necessary to constitute a match. Even when agencies like the FBI do institute classification guidelines, subjective comparisons have been shown to differ greatly from examiner to examiner. And the appearance of differences, or similarities, between faces can often depend on photographic conditions outside of the examiner’s control, such as perspective, lighting, image quality, and camera angle.
And yet, the FBI and many other law enforcement agencies believe facial recognition software -- utilizing massive databases -- will do a better job than their own experts, which aren't exactly setting the forensic science world on fire. If anything, the move to software will only guarantee replicable errors, rather than a significant decrease in false positives. And whatever the software decides will still need to be translated by a human and presented by an expert in court, where claims of "certainty" have long been overstated.
Talley's case is one of the more dramatic outcomes of reliance on forensic techniques too inconclusive to truly be called "science." The continued push towards more reliance on experts' subjectivity and massive biometric databases ensures Talley's case won't remain an anomaly. In this incident, the only thing that's been proven is that law enforcement has the means and methods to arrest the wrong guy twice for the same crime.
74 Comments | Leave a Comment..
Posted on Techdirt - 18 October 2016 @ 9:40am
The EFF's series on "shadow regulation" continues, this time exploring how American pharmaceutical companies are keeping affordable medication out of the hands of Americans. The examination goes beyond what's already common knowledge: that patents and regulatory capture have created a skewed marketplace that ensures healthy profit margins, rather than healthy Americans.
But what's not generally known is that the pharmaceutical companies have "partnered" with internet intermediaries to lock Americans out of purchasing options specifically approved by the FDA. To hear big pharmaceutical companies tell it, purchasing drugs from other countries (where the price is generally lower) is extremely dangerous, if not completely illegal. But that's simply not true.
[D]iscretionary guidelines developed by the Food and Drug Administration (FDA) and enforced by the CBP allow American consumers to import a 90-day supply of some prescription medications for personal use, including by bringing them across border checkpoints in personal luggage, or by mailing them from overseas. In the latter case, a large market exists for pharmacies registered in other countries such as Canada, Australia and Turkey, that will accept online orders and mail genuine pharmaceuticals to American consumers at cheaper than local prices.
Multiple industry groups -- most of them using the word "safe" in their names to insinuate that purchasing drugs anywhere but where they want you to is inherently "dangerous" -- have blacklisted certain foreign sellers and have pushed for internet service providers to enforce the blacklists.
The Alliance for Safe Online Pharmacies (ASOP) and Center for Safe Internet Pharmacies (CSIP) are two of these groups. Both groups feature a lot of overlapping membership but having two separate organizations gives this the appearance of more membership diversification than there actually is. While there's nothing inherently bad about wanting to ensure Americans purchase legitimate medications from foreign vendors, the blacklists cover more than just questionable sellers.
Two registers of online pharmacy websites are approved by both the ASOP and the CSIP. These are run respectively by LegitScript, and by the National Association of Boards of Pharmacy (NABP) under the name Verified Internet Pharmacy Practice Sites (VIPPS). A third, independent register is run by the eponymous PharmacyChecker.com, which the ASOP and the CSIP do not recognize. This is because while all three exclude sellers of fake and counterfeit drugs from their approved lists, only the U.S. pharmaceutical industry-run registers LegitScript and VIPPS also exclude overseas online pharmacies that supply genuine drugs to Americans under the FDA's personal use policy.
The shadow regulation keeps American purchasers away from legitimate sellers with lower prices. Going forward, ICANN's domain name registration is going to further prevent Americans from accessing more affordable drugs. These groups have pressured ICANN into using the same skewed blacklist when approving .pharmacy domains. While there are still other top-level domains available that may also help bring customers to legitimate vendors these groups want to lock out of the market, that too may change in the coming months. The National Association of Boards of Pharmacy (NABP) wants ICANN to police the web for it and, hopefully, to shut down domains owned by foreign medical vendors it doesn't like.
If it can't force ICANN to bend to its will, it will use tools it already has in place: pressuring online payments providers and ad services to cut off support for any seller it hasn't whitelisted.
This all helps ensure the industry can sell you drugs at the price it wants, rather than the price the market defines. Somehow, the exact same medicine produced by the exact same company should cost more simply because an American pharm tech put it into a bottle and printed a label, rather than someone who lives outside US borders.
12 Comments | Leave a Comment..
Posted on Techdirt - 18 October 2016 @ 8:24am
Thomas Fox-Brewster of Forbes has dug up an unsealed memorandum in support of a federal search warrant demanding… all the fingerprints of every occupant in the searched residence.
FORBES found a court filing, dated May 9 2016, in which the Department of Justice sought to search a Lancaster, California, property. But there was a more remarkable aspect of the search, as pointed out in the memorandum: “authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.” The warrant was not available to the public, nor were other documents related to the case.
The memorandum goes on to point out that simply demanding fingerprints implicates neither the Fourth nor Fifth Amendments. But the additional permissions sought certainly do.
“While the government does not know ahead of time the identity of every digital device or fingerprint (or indeed, every other piece of evidence) that it will find in the search, it has demonstrated probable cause that evidence may exist at the search location, and needs the ability to gain access to those devices and maintain that access to search them. For that reason, the warrant authorizes the seizure of ‘passwords, encryption keys, and other access devices that may be necessary to access the device,’” the document read.
Not only are the devices being seized, but so are any passwords, which does carry some implications, but not necessarily at the point of seizure. It's the refusal to turn over passwords or encryption keys in the face of a court order that can result in contempt charges, and it's still less-than-settled that access information has no testimonial value.
But even the seizure of these devices in hopes of searching them later (but securing fingerprints to unlock them first) is a Fourth Amendment problem if they're accessed in nearly any way during the unlocking process. One court found, post-Riley, that simply opening a flip phone constituted a search. In that context, forcing a finger onto the phone and viewing the screen's contents could be considered a search -- and a warrantless one at that.
Of course, the government cited plenty of cases to back up its seizure, detention of residents, and its taking of fingerprints -- most of them at least 30 years old.
It also cited Holt v. United States, a 1910 case, and United States v. Dionisio, a 1973 case, though it did point to more recent cases, including Virginia v. Baust, where the defendant was compelled to provide his fingerprint to unlock a device (though Baust did provide his biometric data, it failed to open the iPhone; after 48 hours of not using Touch ID or a reboot Apple asks for the code to be re-entered.).
As for the Fourth, the feds said protections against unreasonable searches did not stand up when “the taking of fingerprints is supported by reasonable suspicion,” citing 1985′s Hayes v. Florida. Other cases, dated well before the advent of smartphones, were used to justify any brief detention that would arise from forcing someone to open their device with a fingerprint.
This is the reality of what the government is seeking: law enforcement officers detaining suspects and non-suspects alike and forcing them to apply their fingers to all locked devices on the premises. If this is the new normal for warrant service, it's time for the courts to step up and be a bit more aggressive in holding the government to particularity requirements.
Read More | 33 Comments | Leave a Comment..
More posts from Capitalist Lion Tamer >>