Posted on Techdirt - 24 August 2016 @ 4:07pm
The Director of National Intelligence's office has cleared another FISA court opinion [PDF] for release. These are getting far more interesting to read, even if little seems to be changing about the FBI/NSA's collection methods. The process is now a little bit more adversarial, thanks to the USA Freedom Act, which introduced the possibility of someone arguing on behalf of the surveilled and in the interest of privacy and the Fourth Amendment.
Unfortunately, this opinion finds the FISA court mostly unimpressed with the counterarguments. The discussion involved the use of pen register orders to capture "post-cut through" dialing digits -- the sort of thing the court determined to be content, rather than metadata in the past.
This time around, the court seems more amenable to the government's arguments that any digits obtained along with dialed phone numbers is fair game -- whether or not the orders actually allow for the collection of communications content.
The government claimed it had no technical ability to capture only dialing information. Everything entered on a phone keypad would make its way back to government with the pen register. Past the point of interception, the government was supposed to discard the extra digits because they might be considered content. This is what the court determined in 2006:
The court “had made modifications to the government’s proposed pen register orders,” reads the biannual report to Congress obtained by EPIC. “Although the [FISA Court] has authorized the government to record and decode all post-cut-through digits dialed by the targeted telephone, it has struck the language specifically authorizing the government to make affirmative investigative use of possible content” unless permission is specifically granted by the court.
A decade later, the FISA court is seeing things differently.
We have reviewed the record and considered briefs from the government and from amicus curiae appointed by the court under 50 U.S.C. 1803(i) to present argument in this matter. We conclude that section 1842 authorizes, and the Fourth Amendment to the Constitution of the United States does not prohibit, an order of the kind described in the certification. Read fairly and as a whole, the governing statutes evince Congress's understanding that pen registers and trap-and-trace devices will, under some circumstances, inevitably collect content information. Congress has addressed this difficulty by requiring the government to minimize the incidental collection of content through the employment of such technological measures as are reasonably available -- not by barring entirely, as a form of prophylaxis, the use of pen registers and trap-and~trace devices simply because they might gather content incidentally.
Nor does an order authorizing such surveillance run afoul of the Fourth Amendment's guarantee against unreasonable searches and seizures. The warrant requirement is generally a tolerable proxy for "reasonableness" when the government is seeking to unearth evidence of criminal wrongdoing, but it fails properly to balance the interests at stake when the government is instead seeking to preserve and protect the nation's security from foreign threat. We therefore hold that surveillance of this type may be constitutionally reasonable even when it is not authorized by a probable-cause warrant. We further hold, on the facts presented here, that the order under review reasonably balances the investigative needs of the government and the privacy interests of the people.
In other words, the Fourth Amendment is perfectly fine for criminal investigations, but doesn't really apply to national security investigations. Not really a comforting place to draw the line, considering the FBI's shift in focus from law enforcement to becoming the NSA's unofficial domestic wing over the past 15 years.
The problem with the removal of restrictions the court had erected earlier is that this decision doesn't just influence the collection of dialed digits through pen register orders. Other metadata collected from other forms of communications are also affected by this ruling, as is pointed out by Marc Zwillinger, the court-appointed amicus acting on behalf of the Fourth Amendment and the general public.
The amicus curiae contends that if the government's argument were applied to Internet pen registers, the government could collect information generated by a wide variety of activities on the Internet, including searching, uploading documents, and drafting emails.
The court leaves it up to Congress to solve the problem -- which to a certain extent it has. The laws surrounding pen register orders have been updated periodically, but the most recent changes are still more than 20 years old: the Communications Assistance for Law Enforcement Act (CALEA) was passed in 1994. At that point, Congress added statutory language that said the FBI, et al, must use "technology reasonably available to it" to restrict the recording/decoding of post-cut-through digits. Twenty years later, the government is still claiming it has no way of limiting this collection. I guess "nerd harder" is only applicable to the private sector.
The point made by Zwillinger isn't some form of privacy advocate paranoia. The Patriot Act allowed pen register orders to be deployed to capture internet metadata. As is pointed out in the opinion, Sen. Patrick Leahy expressed concern over this broadened collection and noted that without additional restrictions, the new law could be read as allowing the interception of a broad range of content, rather than just routing information. The court, however, interprets Congress's minimal actions post-Patriot Act as being indicative of its support for the collection of content (however inadvertently) with pen register orders. In fact, it goes so far as to claim the stipulations Congress did enact did not narrow the breadth of the collections, but rather only prevented the definition from being expanded further than it already had been.
According to the FISA court, the national security ends justify the Fourth Amendment-bruising means.
[T]he relevant statute at issue in this case authorizes the use of a pen register "to protect against… clandestine intelligence activities." 50 U.S.C. 1842(a)(1). Pursuant to that statute, the government seeks to monitor the dealings of a person, currently in the United States, who is suspected of collecting intelligence in the service of a foreign power. The purpose of the proposed monitoring is the preservation of national security. Few government interests are of a higher order. The interest at stake is no less -- and may even be greater -- for the foreign agent's being present in this country. And were we to insist on a showing of probable cause and the issuance of a judicial warrant in this setting, we would impede the Executive's ability to bring to bear against the threat those faculties -- "stealth, speed, and secrecy" -- needed to secure the nation's well-being in this most fundamental and sensitive of government endeavors.
The streak continues. The Fourth Amendment is mostly null and void when it comes to national security, whether it's the FBI using pen register orders to collect communications content or the DHS/CBP pawing through electronics/traveling dozens of miles from the border to hassle inland citizens.
Read More | 13 Comments | Leave a Comment..
Posted on Techdirt - 24 August 2016 @ 2:32pm
Former Riverside District Attorney Paul Zellerbach is in trouble, as Brad Heath and Brett Kelman report for The Desert Sun.
A judge issued an arrest warrant Tuesday for former Riverside County District Attorney Paul Zellerbach after he failed to appear at a court hearing to answer questions about an eavesdropping operation so vast it once accounted for nearly a fifth of all U.S. wiretaps.
"He should have been there," said Jan Ronis, the attorney who subpoenaed Zellerbach. "But he just blew us off. We could have had court today."
It's not uncommon for Zellerbach to go missing when people need him. When Zellerbach ran the DA's office, he was rarely there. The DEA found his office to be just as accommodating, with or without him, though. Although the DEA was supposed to run its wiretap warrant requests through federal judges and have them signed by the district attorney himself, it often found it easier to obtain a signature from whoever happened to be at the office and run them by Riverside County judge Helios Hernandez, who approved five times as many wiretap applications as any other judge in the US.
The wiretap applications' reach frequently exceeded their jurisdictional grasp, traveling far outside of Riverside County, California, to be deployed against suspects as far away as North Carolina. But that was only one issue with the warrants applications approved by Zellerbach's office.
The DOJ's lawyers didn't like the DEA's skirting of federal rules for wiretap applications.
"It was made very clear to the agents that if you're going to go the state route, then best wishes, good luck and all that, but that case isn't coming to federal court," a former Justice Department lawyer said.
"They'd want to bring these cases into the U.S. Attorney's Office, and the feds would tell them no (expletive) way," a former Justice Department official said.
California's wiretap laws weren't being followed either, thanks to Zellerbach holding office in absentia.
Riverside County’s former district attorney, Paul Zellerbach, has acknowledged that he allowed lower-level lawyers to do that job, saying he could not recall ever having reviewed a wiretap application himself. Four of the wiretaps in the Kentucky case were approved by one of Zellerbach’s assistants, and one was approved by an assistant to his successor.
Now, the DEA's toxic and possibly illegal wiretap warrants are being challenged, now that defense lawyers know exactly how much -- and how often -- state and federal requirements were being skirted by the drug warriors. That's what has led to Zellerbach's arrest warrant.
The first challenge, filed in Kentucky, led a federal judge to say that Riverside had issued so many wiretaps “that constitutional requirements cannot have been met.” The second challenge, filed locally, led to the warrant being issued for Zellerbach.
Zellerbach was subpoenaed to appear in the case of Christian Agraz, 33, an accused drug trafficker who was allegedly caught on a wiretap selling bricks of heroin in 2014.
The former DA did not appear at the hearing in the Agraz case on Tuesday morning, so Judge Michele Levine issued a bench warrant and assigned a bail of $1,500.
The constitutional requirements say Zellerbach was supposed to sign each wiretap application personally. Paul Zellerbach can't recall approving a single one of the hundreds that flowed through his office over the years.
The DEA's Riverside County-centric drug war looks like it's going to result in several cases being tossed out. Fortunately, the DEA still can keep everything it's claimed via civil asset forfeiture, which makes good busts out of bad ones and makes obtaining convictions entirely optional.
20 Comments | Leave a Comment..
Posted on Techdirt - 24 August 2016 @ 1:05pm
When all you have is repurposed war gear, everything looks like a war zone.
It's not just the Pentagon handing out mine-resistant vehicles and military rifles to any law enforcement agency that can spell "terrorism" correctly on a requisition form. It's also the FBI acting as a gatekeeper (and muzzle) for cell phone-tracking hardware originally developed for use in Iraq and Afghanistan.
The latest addition to the pantheon of "war gear, but for local law enforcement" is aerial surveillance. While this sort of surveillance is nothing new -- police have had helicopters for years -- the tech deployed to capture recordings is.
Bloomberg has a long, in-depth article on aerial surveillance tech deployed by the Baltimore Police Department -- all without ever informing constituents. Baltimore isn't the first city to deploy this repurposed military tech. The Los Angeles Sheriff's Department gave the same gear a test run back in 2014. The LASD also did little to inform the public about its purchase, claiming that people might get paranoid and/or angry if they knew.
Baltimore's acquisition of Persistent Surveillance Systems' 192-million megapixel eye in the sky also occurred under the cover of governmental darkness. The tech was given to the police and paid for by a private donor -- which kept the public out of the loop and any FOIA-able paper trail to a minimum.
Last year the public radio program Radiolab featured Persistent Surveillance in a segment about the tricky balance between security and privacy. Shortly after that, McNutt got an e-mail on behalf of Texas-based philanthropists Laura and John Arnold. John is a former Enron trader whose hedge fund, Centaurus Advisors, made billions before he retired in 2012. Since then, the Arnolds have funded a variety of hot-button causes, including advocating for public pension rollbacks and charter schools. The Arnolds told McNutt that if he could find a city that would allow the company to fly for several months, they would donate the money to keep the plane in the air. McNutt had met the lieutenant in charge of Baltimore’s ground-based camera system on the trade-show circuit, and they’d become friendly. “We settled in on Baltimore because it was ready, it was willing, and it was just post-Freddie Gray,” McNutt says. The Arnolds donated the money to the Baltimore Community Foundation, a nonprofit that administers donations to a wide range of local civic causes.
The cameras are able to capture activity across the city. The resolution may seem high, but the area covered by the cameras still makes individuals nearly unidentifiable. What it does do is provide a wide-angle look at the movements of these humans reduced to pixels by current tech limitations. Rather than just provide a closer inspection of certain areas, the scope of what's captured allows law enforcement to rewind their way through people's lives, seeing where certain pixels go and what pixels they interact with… and where those pixels go. The ability to trace movements backward can provide law enforcement with details on where criminal activities originate and where possible co-conspirators might be located. It also helps officers track down suspects who have fled from crime scenes.
While it's certain to provide some investigative use, it also gives the Baltimore PD an unprecedented overview of entire neighborhoods for it to peruse in hopes of discovering something that justifies its deployment. It expended zero manhours informing the public, however, before putting it to use. The BPD is already facing heat due to the unconstitutional deployments (multiple thousands of them) of its Stingray devices. Now it has another bit of questionable war tech in use and it's still refusing to discuss it.
Where the city stands in this approval process -- if there even was one -- remains a mystery. City officials aren't discussing the surveillance tech either. If there was any oversight of the high-tech donation, no records have surfaced.
The only party that seems comfortable talking about the surveillance tech is the person behind Persistent Surveillance Systems, Ross McNutt.
McNutt often says that when he stares into the computer monitors, the dots moving along the sidewalks and streets are mere pixels to him. Nothing more. If anyone else wants to project identifying features onto them—sex, race, whatever—that’s their doing, not his. Even as the technology advances and the camera lenses continue to get more powerful, he says, his company will choose to widen its viewing area beyond the current 30 square miles rather than sharpen the image resolution. He’s exasperated when his system is criticized not for what it does, but for its potential.
The potential is the problem. Surveillance systems like these are prone to both feature creep and mission creep. If they're already being deployed secretly, the chances for abuse move from merely "probable" to "almost inevitable." McNutt may be extremely open about his tech and its capabilities, every law enforcement agency that has made use of it has been the polar opposite. And when private donors skirt procurement processes and other red tape by purchasing surveillance tech for law enforcement agencies, a certain amount of accountability disappears.
If an agency feels it's counterproductive to gauge public sentiment before deploying more surveillance tech, the least it can do is keep them informed about upcoming changes. But the Baltimore PD did none of that. It simply took its expensive surveillance gift and put it to work.
30 Comments | Leave a Comment..
Posted on Techdirt - 24 August 2016 @ 10:39am
Earlier this year, complaint site Pissed Consumer noticed a disturbing new trend in the dark art of reputation management: unnamed rep management firms were using a couple of lawyers to run bogus defamation lawsuits through a local court to obtain court orders demanding the removal of "defamatory" reviews.
What was unusual wasn't the tactic itself. Plenty of bogus defamation lawsuits have been filed over negative reviews. It's that these lawsuits were resolved so quickly. Within a few weeks of the initial filing, the lawsuit would be over. Each lawsuit improbably skipped the discovery process necessary to uncover anonymous reviewers and proceeded straight to judgment with a (bogus) confessional statement from each "reviewer" handed in by the "defamed" entity's lawyer for the judge's approval. Once these were rubber stamped by inattentive judges, the lawyers served Google with court orders to delist the URLs.
To date, no one has uncovered the reputation management firm behind the bogus lawsuits. In each case, the companies purporting to be represented by these lawyers were shells -- some registered as businesses on the same day their lawsuits were filed.
It's one thing to do this sort of thing from behind the veil of quasi-anonymity afforded by the use of shell companies. It's quite another to file a bogus lawsuit with an apparently forged signature (of the supposed defamer) under your own name. But that's exactly what appears to have happened, as detailed in this post by Public Citizen's Paul Alan Levy.
In addition to posting his reviews of Mitul Patel on Yelp, [Matthew] Chan posted on RateMDs, kudzu.com and Healthgrades.com about his unsatisfactory experiences with Dr. Patel. Chan’s is but one of a number of negative reviews directed at Patel on these various sites, but Patel apparently took particular umbrage at this one: he filed a pro se libel action claiming, in highly conclusory terms, that the reviews were false and defamatory.
It doesn't get much more conclusory than this filing [PDF], which runs only three pages -- with one page containing nothing more than a date and a signature. The complaint lists the URLs of Chan's reviews, says they're defamatory... and that's basically it. No part of the reviews are quoted as evidence of defamation. The filing simply declares every review defamatory and demands an injunction. But that's the kind of detail you can omit when you know you're never going to have to confront the accused in court.
[I]nstead of suing Chan in Georgia, Patel filed in the circuit court for the city of Baltimore, Maryland, a court that would ordinarily have no personal jurisdiction over a Georgia consumer sued for criticizing a Georgia dentist. Patel justified suing there by identifying “Mathew Chan” as the defendant – note that the spelling of the given name is slightly different – and alleging that this Mathew Chan “maintains a primary residence located in Baltimore, Maryland.”
There's a problem with both the defendant named and the primary address. The name is misspelled, perhaps deliberately so. The address listed in the complaint is completely bogus.
The fact that the both the online docket for the case, and the “consent motion for injunction and final judgment” bearing a signature for “Mathew Chan,” list his address as 400 East Pratt St. in Baltimore implies to me that this is a case of deliberate fraud, because so far as I have been able to determine, 400 East Pratt Street is a downtown building that contains only offices, retail establishments and restaurants, but no residences.
Despite these deficiencies, the lawsuit made it past a judge because it contained a supposed mea culpa from "Mathew Chan" of "400 East Pratt Street" admitting to the defamatory postings. This motion with the bogus signature and admission was approved by judge Philip S. Jackson, who also instructed "Mathew Chan" to issue notices to search engines to delist the URLs if removing the original reviews proved impossible.
The real Matthew Chan -- who posted the reviews -- had never heard of the lawsuit until after the injunction had already been approved and served. Yelp notified him of the court order it had received. Chan, who still lives in Georgia as far as he can tell, informed Yelp of the situation and the review site decided to reinstate his review. Other sites, however, took the order at face value and removed the reviews. It appears Yelp was the only site to reach out to Chan when presented with the court order -- something that doesn't exactly bode well for users of other review sites. If sites protected by Section 230 are in this much of a hurry to remove content, they're really not the best venues for consumers' complaints.
Somewhat surprisingly, Levy received a response (of sorts) from Mitul Patel's lawyer. They claim this is the first they've heard of the lawsuit filed in Patel's name targeting negative reviews of Patel's dentistry. This wasn't delivered in a comment or statement, but rather in the form of a retraction demand [PDF]. The opening paragraphs are inadvertently hilarious.
This letter is to advise you that I have been retained to represent Mitul Patel, DDS, regarding the contents of your blog, dated Friday, August 19, 2016, entitled "Georgia Dentist Mitul Patel Takes Phony Litigation Scheme to New Extremes Trying to Suppress Criticism".
Based upon a review of your blog, which has unfortunately gone viral, please be advised that the contents of your blog are grossly inaccurate, factually incorrect, and were obviously written for no other purpose but to gain publicity for your blog, and to willfully damage the name and reputation of Dr. Patel.
First, there's the pain of being Streisanded, embodied in the phrase "has unfortunately gone viral." That's the sort of thing that happens when negative reviews are mysteriously injunctioned into the cornfield. Then there's the stupid accusation the Streisanded hurl at those who expose questionable -- and possibly fraudulent -- behavior: that it was motivated by a thirst for internet points. The first statement is merely sad. The second is mostly just tiresome.
The retraction demand goes on to claim that this is the first Mitul Patel has heard of the lawsuit (filed in his name) as well. While this would seem unlikely, Levy points out that a reputation management company could have created plausible deniability by filing a pro se lawsuit under Patel's name (its own kind of fraud) but without notifiying him that this is how it poorly and illegally handles its reputation-scrubbing duties. Unfortunately for Patel, whoever was hired to do this has done further damage to the dentist's reputation while presumably charging him for making things better.
Levy, of course, will not be retracting the post. His response to the demand letter points out that it's rather curious no disavowal was made until after the blog post "unfortunately went viral."
I was not persuaded, however, by your suggestion that I should "retract" the blog post or apologize for it. After all, you acknowledge that much of what I had to say on the blog was true. But I also have qualms about your assertion that, before my blog post was published, Patel had no knowledge of the lawsuit in Baltimore, for two reasons. First, in the course of investigating before I published my article, I obtained from Yelp copies of emails from Mitul Patel to Yelp, attaching the Baltimore court order and asking that Chan's Yelp comments be deleted. I attach the copies of these emails. Yelp has told me that Patel used [email address retracted], the same email address that [rest of sentence retracted]. Unless the email addresses were spoofed, those emails suggest that your client knew about the court order and was trying to take advantage of it.
Moreover, before I posted my article on the blog, I placed two telephone calls to Patel's dental clinic to try to speak with him about the lawsuit; I told his receptionist why I was calling. In addition, on Wednesday, August 17, I sent your client an email message mentioning his lawsuit against Chan and spelling out my concerns. Although he did not call me back and did not reply to the email, I trust he saw the messages before I published my article on Friday.
Levy goes on to point out that it seems strange someone or some company would pay a $165 filing fee to file a bogus defamation lawsuit for Patel without ever informing him it was doing so. The only motivation possible would be a shady reputation management company engaging in shadier tactics because Patel's paying it more than it's shelling out in filing fees. Levy has requested Patel provide him the name of anyone he's hired to do reputation cleanup work or perform SEO optimization on his behalf.
So, it's not just DMCA notices being abused to "protect" dishonest entities' reputations. It's also the legal system, where there's very little compelling lower level judges to spend a few minutes scrutinizing bare bones complaints (and injunction motions) handed to them by shady plaintiffs.
Read More | 28 Comments | Leave a Comment..
Posted on Techdirt - 24 August 2016 @ 3:22am
If this keeps up, the list of entities not hacked by Russian intelligence will be shorter than the list of those who have. [Caution: autoplay annoyance ahead.]
Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at the New York Times and other US news organizations, according to US officials briefed on the matter.
The New York Times has brought in investigators to "assess the damage." If anything truly damaging was obtained during the hack, there's a good chance we'll all get a chance to see it. While national security investigators are theorizing that the Russian hackers' targeting of non-government organizations is designed to give them a look at the government's inner workings without actually having to breach a government server, there's also the possibility that this hacking is more aligned with the focus of the Democratic National Committee hack: to find something potentially embarrassing and publish it for the world to see.
According to the CNN article, Clinton's campaign believes the DNC hack was politically-motivated. Hardly unsurprising, considering most Russian hacking attempts are propelled by politics. The claim that Russia wants Trump to win the election isn't an entirely outlandish theory. If so, the hacking of news agencies may be similarly motivated. The press hasn't been shy about pointing out Trump's lies and bad behavior, so it could be hackers are seeking communications pointing to an anti-Trump conspiracy.
It's likely they'll find evidence that fits this description, but it's hardly a conspiracy, no matter how theorists choose to spin it. Donald Trump is an exceptional presidential candidate -- and not in the most favorable definition of that term. While most candidates would at least pay lip service to presenting a unified front, Trump has been intentionally divisive, setting up "us vs. them" narratives that go beyond simple Republican vs. Democrat terms and deep into the party he supposedly represents.
Beyond the alleged backing of Trump, there's more to be gained than simply pointing out the media's transparent disdain for the Republican candidate. There are also leaked -- but unreleased -- documents stored on agencies' servers.
News organizations are considered top targets because they can yield valuable intelligence on reporter contacts in the government, as well as communications and unpublished works with sensitive information, US government officials believe.
It could very well be that the Russian government is seeking to provoke a cyberwar, utilizing hackers to fire its opening salvos. There's also money to be made -- on both sides -- from a variety of cybersecurity firms who will do all they can to turn high-profile hacking into a multi-decade cyber-Cold War that will provide them with plenty of lucrative contracts. So, instead of seeing these attacks as a very normal state of affairs, hyperbolic theorizing will take precedence over more measured responses.
24 Comments | Leave a Comment..
Posted on Techdirt - 23 August 2016 @ 11:45am
Another FBI/Playpen/NIT case has moved to the point of a motion to dismiss. The lawyer for defendant Steven Chase is arguing the government should abandon its prosecution because the FBI's activities during its conversion of child porn site Playpen into its own Rule 41-flouting watering hole were "outrageous." What did the FBI do (besides traveling beyond -- far beyond -- the warrant's jurisdiction to strip Tor users of their anonymity) to merit this accusation? It made Playpen a better, faster child porn website. Joseph Cox reports for Motherboard:
Newly filed court exhibits now suggest that the site performed substantially better while under the FBI's control, with users commenting on the improvements. The defense for the man accused of being the original administrator of Playpen claims that these improvements led to the site becoming even more popular.
“The FBI distributed child pornography to viewers and downloaders worldwide for nearly two weeks, until at least March 4, 2015, even working to improve the performance of the website beyond its original capability,” Peter Adolf, an assistant federal defender in the Western District of North Carolina, writes in a motion to have his client’s indictment thrown out.
The government generally isn't known for efficiency or immediate improvements, but the filing [PDF] points out that the gains were exponential.
From there the FBI distributed child pornography to viewers and downloaders worldwide for nearly two weeks, until at least March 4, 2015, even working to improve the performance of the website beyond its original capability. As a result, the number of visitors to Playpen while it was under Government control from an average of 11,000 weekly visitors to approximately 50,000 per week. During those two weeks, the website’s membership grew by over 30%, the number of unique weekly visitors to the site more than quadrupled, and approximately 200 videos, 9,000 images, and 13,000 links to child pornography were posted to the site.
A better child porn site, brought to thousands of criminal suspects all over the world by your tax dollars. What a time to be alive!
The motion to dismiss points out that making it easier and faster to download child porn images runs contrary to assertions the government has made in support of prosecutions and stricter penalties for child porn viewers.
This behavior is all the more shocking because the federal government itself – in sentencing memoranda, online mission statements, reports to congress, press releases, and arguments before this very Court and many others – has repeatedly emphasized that victims of child pornography are revictimized each and every time their images are viewed online. Despite these frequent pronouncements, the government here made no attempt during the two weeks it was running the site to reduce the harm to innocent third party victims by limiting the ability for users to view or access the images. Indeed, government agents worked hard to upgrade the website’s capability to distribute large amounts of child pornography quickly and efficiently, resulting in more users receiving more child pornography faster than they ever did when the website was running “illegally.”
And once the images have been downloaded from a (faster) source, they can be redistributed elsewhere, furthering the damage done to victims of child pornographers. It really can't be argued that the ends justified the means.
Once the government seized the server hosting the Playpen site, it possessed a wealth of information it could use to criminally prosecute users without resorting to operating the site for two weeks. Even if the government wanted to deploy an NIT, it could have done so without also rendering the Playpen site functional. It could have, for example, disabled access to the images of child pornography, turned off the ability to upload pictures or videos, or even just run the site for a much shorter period of time.
Moreover, as noted above, the government has charged less than 1% of Playpen members, the same percentage of users it already had IP addresses for on the day it seized the site. It cannot be that the government may distribute child pornography to a thousand users for each user it catches, particularly when it already has the necessary information to identify the same number of users before it had distributes a single image.
The defense points to a message [PDF] posted to the forums after the site was seized by the FBI as evidence the agency improved the site to better serve users (with its NIT). A Playpen administrator's account stated the following on February 28th, eight days after it took control of the site.
I upgraded the Token Ring to Ethernet about an hour ago and things seem to be working a bit better.
This is what the FBI will do to further its investigations: it will become a better distributor of illegal material than the criminals it's going after. The filing notes that a conservative estimate of the number of images distributed during the FBI's two-week hosting stint sits around one million.
Also of note: throwaway email accounts are to be expected when users create accounts at child porn sites. But I honestly expected more from the President of the United States.
The motion makes good points about the FBI's apparently hypocritical child porn distribution and points out it had many options -- including disabling image downloads -- to pursue that would still have allowed it to serve up its NIT to the site's visitors. Unfortunately, courts have a hard time finding law enforcement activity to be "outrageous" enough to toss cases. And in this particular prosecution, it's the worst of the worst being prosecuted: a child porn viewer.
Read More | 36 Comments | Leave a Comment..
Posted on Techdirt - 22 August 2016 @ 11:27pm
Three police unions in different cities have come forward to insert their feet in their mouths following changes to department policies. The thrust of their terrible arguments? Cops should be paid more for doing their job properly.
In Cincinnati, officers are being outfitted with body cameras. This, of course, has sent the local Fraternal Order of Police into defense mode. The FOP sent a letter to the city stating that officers won't be wearing the cameras until they're given more money. The union apparently believes any increase in officer accountability should be accompanied by an increase in pay.
A lawyer for Fraternal Order of Police Lodge #69, Stephen Lazarus, sent the city a "cease and desist" letter, saying until pay for wearing the equipment has been decided, officers shouldn't wear them. He asked that the city cease the program by Wednesday at the latest, pending the bargaining process.
The city's mayor has already suggested he'd be willing to grant an across-the-board 5% pay increase, but the union wants additional pay on top of that, simply for wearing body cameras. The union insists that cameras will alter many facets of officers' day-to-day duties, which -- judging from other cities' experiences with body cameras -- apparently includes discovering ways of ensuring footage of questionable arrests and uses of force aren't captured by the recording equipment.
Meanwhile, down in San Antonio, policies affecting misconduct punishments are receiving similar demands from that city's police union.
The San Antonio Express-News reports that the San Antonio police union demanded higher pay in exchange for accepting changes to their collective bargaining agreement that would have delivered stricter discipline for officer misconduct.
The Express-News notes that right now “the contract limits how far back a chief can invoke prior misconduct in punishing an officer — no more than two years in most instances — and automatically reduces suspensions of three days or less to a reprimand after two years.”
Once again, a union is fighting officer accountability with increased salary demands. In both cases, neither union seems to understand (or care) how tone deaf these arguments are.
Police reform is needed because officers aren't doing what they're being paid to do, or they're doing it in a way that results in civil rights lawsuits and DOJ interventions. The main obstacle to reform appears to be police unions, which often seem to offer hardline opposition to minor changes that even most of those supposedly represented by the union don't agree with.
It would be one thing if law enforcement was a historically-underpaid profession. But it isn't. These demands are simply a way to make cash-strapped cities rethink plans to introduce more accountability into the process.
But it's not always the unions that are at fault. The rank-and-file has its own issues with increased accountability. The city of Boston is outfitting its officers with body cameras. The pilot program asked for volunteers to wear the recording devices. There were no takers.
When the City of Boston called on 100 volunteers from the police department to help pilot a body camera program, something very expected, predictable, and heard of happened: Nothing.
Even with $500 bonuses as a result of negotiations with their union, not a single police officer in Boston volunteered to wear a camera.
If no one responds when asked nicely, the optional aspect goes away.
Speaking during the monthly “Ask the Commissioner” segment on WGBH-FM’s Boston Public Radio on Tuesday, Boston Police Commissioner William B. Evans said that a consultant has selected officers of all ages and races from five sections of the city and the department’s Youth Violence Strike Force to wear the cameras for a six-month trial. Any officer selected who chooses not to wear the camera would be subject to disciplinary action, Evans said.
It's not as though the police union here decided to sit this one out. When no officers volunteered to wear the cameras, the union claims that randomly selecting officers somehow breaches the department's contract.
Boston Police Patrolman’s Association President Patrick M. Rose told the Herald that goes against the deal the union reached with the department, which he says specifically states participants must be volunteers.
“The selection process must be from volunteers,” Rose wrote in an email to the Herald, adding that the union still supports that agreement.
“To require non-volunteers to participate in the program would clearly violate the agreement,” he said. “The BPPA would hope that the City and the Department would honor its written agreement with the BPPA concerning (body cameras).”
The Boston Police chief saw it differently, however, pointing out that no volunteers stepping forward to take part in a voluntary program also violates the agreement.
Somewhat ironically, civil rights and accountability activists were skeptical of the volunteer pilot program, fearing that the only cops that would volunteer would be exemplary models of the law enforcement profession and unlikely to generate much footage of misconduct or abuse. What a relief it must be to discover the Boston PD has no officers that fit that description.
44 Comments | Leave a Comment..
Posted on Techdirt - 22 August 2016 @ 6:26am
Javon Marshall -- a former college athlete spearheading a putative class action against several broadcasters for uncompensated use of his likeness -- has just seen the Sixth Circuit Appeals Court send him (and everyone "similarly situated") back home without a parting gift.
Marshall -- like many others who believe the mere existence of intellectual property protections entitles them to a paycheck -- sued a long list of broadcasters for allegedly violating the Lanham Act and the Tennessee "right of publicity" law by not paying him and other athletes for using his name and "image" in game broadcasts and advertising. Marshall also claimed the NCAA's waiver student-athletes sign is "vague and unenforceable." That may very well be, but that claim was never addressed by the plaintiff and the NCAA was never a defendant. It only served as an introduction to a long list of alleged violations [PDF] that the lower court determined to be baseless accusations.
The Appeals Court makes short work [PDF] of Marshall's attempt to have the lawsuit revived, pointing out in a wonderful opening paragraph just how unrealisitic his claims are. The first sentence alone indicates how far from legal reality Marshall's class action lawsuit strayed.
To state the plaintiffs’ theory in this case is nearly to refute it.
Going on, the court punches a dramatic hole in Marshall's flawed logic.
The theory begins with the assertion that college football and basketball players have a property interest in their names and images as they appear in television broadcasts of games in which the players are participants. Thus, the plaintiffs conclude, those broadcasts are illegal unless licensed by every player on each team. Whether referees, assistant coaches, and perhaps even spectators have the same rights as putative licensors is unclear from the plaintiffs’ briefs (and, by all appearances, to the plaintiffs themselves).
Very briefly addressing the plaintiff's arguments, the court waves them away in two sentences, offering its wholehearted support of the lower court's decision.
In any event, the plaintiffs seek to assert claims under Tennessee law, the Sherman Act, and the Lanham Act on behalf of a putative class of collegiate players nationwide. The defendants—various college athletic conferences and television networks, among others—responded in the district court with a motion to dismiss, which the court granted in a notably sound and thorough opinion.
The court goes on to call the plantiffs' claims under Tennessee law "legal fantasy," pointing out that the state's "right of publicity" specifically exempts sports broadcasts. The plaintiffs' common-law claim asserts a right never granted by the state. The Sherman Act antitrust claim fails because if a right doesn't exist, it can't be licensed in a noncompetitive fashion. The court saves its best comment for Marshall's trademark claim.
That leaves the plaintiffs’ claim under the Lanham Act, whose relevant provision bars the unauthorized use of a person’s name or likeness in commerce when doing so “is likely to cause confusion” as to whether the person endorses a product. 15 U.S.C. § 1125(a)(1)(A). The theory here is that if, say, ESPN shows a banner for “Tostitos” at the bottom of the screen during a football game, then consumers might become confused as to whether all the players on the screen endorse Tostitos. Suffice it to say that ordinary consumers have more sense than the theory itself does.
This futile lawsuit was perhaps encouraged by the relative success of a similar lawsuit against Electronic Arts for using the "likenesses" of players in its sports videogames. However, there's a crucial difference that factored into the Ninth Circuit Appeals Court's decision on behalf of the players: California's oft-abused "right of publicity" law which doesn't contain the same exemptions as Tennessee's. And in that case, there's still hope of a rehearing which might tilt the court towards finding California's law must defer to the First Amendment, rather than the other way around.
Read More | 5 Comments | Leave a Comment..
Posted on Techdirt - 22 August 2016 @ 3:22am
It's not just asset forfeiture being used by law enforcement to take property away from people. With civil asset forfeiture (as opposed to criminal asset forfeiture), property is deemed "guilty," even if its former possessors are not. Kaveh Waddell of The Atlantic is highlighting another way law enforcement agencies are taking possession of property: by calling it "evidence" and playing keep away with former defendants who've had their cases dismissed or have been acquitted.
Last summer, Kenneth Clavasquin was arrested in front of the Bronx apartment he shared with his mother. While the 23-year-old was being processed, the New York Police Department took his possessions, including his iPhone, and gave him a receipt detailing the items in police custody. That receipt would be his ticket to getting back his stuff after his case ended.
But the ticket is worthless. His case was dismissed but no one involved in the seizure of his items showed any interest in returning them. He brought the court's dismissal to the NYPD to retrieve his iPhone but the property desk claimed it was being held as "arrest evidence" -- even though there were no more criminal charges forthcoming. He was sent to the District Attorney's office to ask for permission to obtain the no longer needed "evidence," but the office was less than interested in helping him reclaim his belongings.
Clavasquin needed to get a release from the district attorney’s office stating that his property would no longer be needed for evidence. Over the following three months, he repeatedly called the assistant district attorney assigned to his case, but he neither got a release nor a written explanation of why he was being denied one.
Then, with the help of an attorney at the Bronx Defenders, a public-defender office that had been representing him since the day after his arrest, Clavasquin sent a formal written request for the district attorney’s release. He got no response.
Clavasquin's iPhone was seized in the summer of 2015. His case was dismissed in December. The phone is still in the possession of the NYPD while Clavasquin has continued making monthly service contract payments for a phone he can't use.
The article points out that this noxious blend of asset seizure and bureaucratic malaise affects "hundreds, if not thousands" of New York City arrestees. The city is now facing a class-action lawsuit over this process, filed by Clavasquin and two others with the help of Brooklyn Defenders. In these cases, neither form of asset forfeiture -- civil or criminal -- is being used. Instead, the NYPD is tying up possessions seized during arrests in miles of red tape, subverting what would appear from the outside to be a straightforward, two-step process: case dismissed, items returned.
Even if someone is able to move heaven, earth, and the District Attorney's office, that's not the end of the frustration. One thing most arrestees carry often disappears into the evidence locker as well, greatly increasing the difficulty of retrieving possessions.
The NYPD property clerk, which actually holds on to the items, requires two forms of ID before releasing any property. Drumming up two forms of ID can be difficult on its own, but it’s made harder still if the person’s wallet, which may contain a driver’s license, is in police custody. (The property clerk won’t count a seized license as a valid form of ID.)
Not only is the process labyrinthine, frustrating, and nonsensical, but there's a clock ticking the whole time. A person has 120 days from the point the criminal case has ended to demand return of their items from the NYPD. If their case has been dismissed, they have 270 days to secure the elusive release form from the DA's office -- something that explains the office's disinterest in answering phone calls, emails or letters asking for this piece of paper. Once the clock runs out, the city is free to auction off the seized property.
If the DA's office wants to put seized items into indefinite limbo, all it has to do is classify them as "investigatory evidence," which means they might be used at some point in future to further a criminal investigation. The DA's office has every reason to put seized items out of reach of their owners and very little compelling it to relinquish control of property that can eventually be used to (indirectly) fund its office. In practical terms, being arrested by the NYPD means losing whatever you had on you permanently -- unless you have the funds to pay an aggressive lawyer to navigate the deliberately daunting retrieval process.
Also of note is the fact that the most common item in NYPD evidence lockers are cellphones. Considering how many of these were seized during run-of-the-mill arrests, one has to question assertions made by district attorneys like Cyrus Vance, who claim there are hundreds of phones prosecutors and investigators can't access because of encryption. Sure, the numbers may be correct (Vance claimed his office was dealing with 175 uncrackable phones), but one has to ask how many of these actually may hold evidentiary value, and how many are simply sitting around waiting for the clock to run out so they can be auctioned.
It's just another form of legal robbery, once you strip away the bureaucratic lingo and law enforcement statements that try to give this a veneer of respectability. When criminal cases are dismissed, seized belonging are "evidence" of nothing and should be released to their owners. Instead, law enforcement agencies and district attorneys offices are working together to keep non-criminals from their rightful belongings.
29 Comments | Leave a Comment..
Posted on Techdirt - 19 August 2016 @ 5:59pm
Two contributors to Lawfare -- offensive security expert Dave Aitel and former GCHQ information security expert Matt Tait -- take on the government's Vulnerability Equities Process (VEP), which is back in the news thanks to a group of hackers absconding with some NSA zero-days.
The question is whether or not the VEP is being used properly. If the NSA discovered its exploits had been accessed by someone other than its own TAO (Tailored Access Operations) team, why did it choose to keep its exploits secret, rather than inform the developers affected? The vulnerabilities exposed so far seem to date as far back as 2013, but only now, after details have been exposed by the Shadow Brokers are companies like Cisco actually aware of these issues.
According to Lawfare's contributors, there are several reasons why the NSA would have kept quiet, even when confronted with evidence that these tools might be in the hands of criminals or antagonistic foreign powers. They claim the entire process -- which is supposed to push the NSA, FBI, et al towards disclosure -- is broken. But not for the reasons you might think.
The Office of the Director of National Intelligence claimed last year that the NSA divulges 90% of the exploits it discovers. Nowhere in this statement were any details as to what the NSA considered to be an acceptable timeframe for disclosure. It's always been assumed the NSA turns these exploits over to developers after they're no longer useful. The Obama administration may have reiterated the presumption of openness when reacting to yet another Snowden leak, but also made it clear that national security concerns will always trump personal security concerns -- even if the latter has the potential to affect more people.
The main thrust of the Lawfare article is that the "broken" part of the equities process is that there should be a presumption of disclosure at all. The authors point out that it might take years to discover or develop a useful exploit and -- given the nature of the NSA's business -- it should be under no pressure to make timely disclosures to developers whose software/hardware the agency is exploiting.
[F]rom an operational standpoint, it takes about two years to fully utilize and integrate a discovered vulnerability. For the intelligence officer charged with managing the offensive security process, the VEP injects uncertainty by requiring inexpert intergovernmental oversight of the actions of your offensive teams, effectively subjects certain classes of bugs to time limits and eventual public exposure—all without any strategic or tactical thought governing the overall process.
Individual exploitable software vulnerabilities are difficult to find in the first place. But to engineer the discovered vulnerability into an operationally deployable exploit that can bypass modern anti-exploit defenses is far harder. It is a challenge to get policymakers to appreciate how rare the skills are for building operationally reliable exploits. The skillset exists almost exclusively within the IC and in a small set of commercial vendors (many of whom were originally trained in intelligence). This is not an area where capacity can be easily increased by throwing money at it—meaningful development here requires monumental investment of time and resources in training and cultivating a workforce, as well as crafting mechanisms to identify traits of innate talent.
The authors do point out that disclosure can also be useful to intelligence services. If these disclosures result in safer computing for everyone else, then that's apparently an acceptable side effect.
[T]here are three major, non-technical reasons for vulnerability disclosure.
First, disclosure can provide cover in the event that an OPSEC failure leads you to believe a zero-day has been compromised—if there is a heightened risk of malicious use, it allows the vendor time to patch. Second, disclosing to vendors allows the government to out an enemy’s zero-day vulnerability without disclosing how it was found. And third, government disclosure can form the basis of building a better relationship with Silicon Valley.
Saddling intelligence agencies with a presumption of disclosure is possibly a dangerous idea. Less-than-useful exploits that could be divulged to developers might be tied to other exploits still being deployed by intelligence services. Any suggested timeframe for mandatory disclosure would likely cause further harm by forcing the NSA, FBI, etc. to turn over exploits just as they're generating optimal results. On top of that, the authors point out that a push towards disclosure hamstrings US intelligence services as agencies in unfriendly nations will never be constrained by requirements to put the public ahead of their own interests.
But the process is definitely broken, no matter whose side of the argument you take. The NSA says it discloses 90% of the vulnerabilities it discovers, but former personnel involved in these operations note they've never seen a vulnerability disclosed during their years in the agency.
It's unlikely that the process will ever be fixed to everyone's satisfaction. The most likely scenario is that the VEP will continue to trundle along doing absolutely nothing while being ineffectually attacked by those opposing intelligence community secrecy. As it stands now, the presumption of disclosure is completely subject to any national security concerns raised by intelligence and law enforcement agencies. Occasional political climate shifts may provoke transparency pledges from various administrations, but those should be viewed as sympathetic noises -- presidential pats on the head meant to fend off troubling questions and legislative pushes to put weight behind the administration's words.
17 Comments | Leave a Comment..
Posted on Techdirt - 19 August 2016 @ 4:16pm
When the only thing standing between law enforcement and a suspect they're seeking is a person's home, well… the home's got to go.
As seen previously here at Techdirt, police officers pretty much razed a residence to the ground searching for a shoplifting suspect. In another case, law enforcement spent nineteen hours engaged in a tense standoff with an empty residence before deciding to send in a battering ram.
Another standoff -- currently the center of a federal lawsuit -- stands somewhere in between these two cases. The house wasn't completely empty or completely destroyed. But that still doesn't make the Caldwell (ID) police look any more heroic… or any less destructive.
The lawsuit's [PDF] opening paragraph lays it all out.
On August 11, 2014, after registering her child for first grade, Ms. West returned to her home to find multiple City of Caldwell police officers in her yard searching for a Fabian Salinas. Wanting to cooperate, and uncertain whether Salinas was in her house, Ms. West gave the police a key to her house and gave them permission to use it to enter her house to arrest him. During a ten hour long standoff, police repeatedly exceeded the authority Ms. West had given them, breaking windows, crashing through ceilings, and riddling the home with holes from shooting canisters of tear gas destroying most of Ms. West and her children’s personal belongings. The only occupant of the house was Ms. West’s dog. Ms. West’s home remained uninhabitable for two months.
Here's one photo of the home, taken by officers and provided to the Idaho Statesman in response to a public records request. (More photos can be found at the link.)
If you'd like to see some pictures of the standoff with the family pet that include the Caldwell Police's impressive armored personnel carrier (presumably able to withstand even the nastiest of dog bites), those can be found here.
According to Courthouse News Service's interview with Shariz West's lawyer, the documentation he's viewed gives no explanation why it took a small army of SWAT officers 10 hours to discover the suspect wasn't in the home.
"I have no idea," he said. "I've read the police reports and debriefing, and it's my recollection that someone heard a deadbolt activate, which was impossible, and saw the curtains move, which is possible because there was a pit bull in the house at the time. Basically, they had a standoff with a dog."
And that some remedial attic-traversing training might be in order.
Fisher said some of the damage to the house was caused when an officer slipped off a truss while crawling in the attic and fell through the ceiling.
So, when given a key and consent from the occupant, officers instead chose to grab an armored vehicle and go through several windows and the attic. Even if they believed the suspect might be dangerous, there has to be some middle ground between full-scale assault and simply unlocking the door and stepping inside.
This happened back in 2014 but there's been no coverage of the Caldwell cops' 10-hour, one-dog standoff until now. Thomas Johnson of Fault Lines suggests that might have something to do with the local paper of record.
If you’re wondering why it took a couple of years for this event to make news outside of Idaho, it’s because the local paper apparently only checks court records or their exclusive police source, resulting in some very incomplete reporting. Why bother getting out there and talking to the homeowner or neighbors when you can sit on your chunk?
The "coverage" Johnson points to opens with some severe law enforcement spin:
A man who escaped a police standoff last August in Caldwell, only to be captured in Meridian about a week later, pleaded guilty in 3rd District Court to felony eluding and felony rioting.
That's a pretty generous depiction of what actually happened. From all appearances, the suspect was never in the home during the 10-hour standoff. And when someone's not actually where you think they are, it's a huge stretch to refer to their non-presence as an "escape." If that's the spin the PD's using, they can just claim any person with an outstanding warrant not found at Shariz West's home on that long day in August 2014 also "escaped" the same standoff.
In any event, the city and PD are now facing a lawsuit. The police did give her a three-week stay in a hotel. Too bad it took more than two months for her to be able to return to her residence. This raid on a house containing nothing more than a dog is the natural side effect of police militarization, which encourages law enforcement to escalate in questionable situations, rather than use more measured tactics to ensure occupants aren't deprived of a place to live simply because a suspect might be hiding somewhere behind closed doors.
Read More | 54 Comments | Leave a Comment..
Posted on Techdirt - 19 August 2016 @ 11:46am
Thanks to the internet, more law enforcement agencies are exceeding jurisdictional limitations than ever before. The FBI's Network Investigative Technique (NIT) -- deployed during a child porn investigation to strip Tor users of their anonymity -- travelled all over the United States and the world beyond. IP addresses and computer information harvested by the FBI were turned over to Europol and details obtained by Motherboard suggested at least 50 computers in Austria alone had been compromised by the FBI's hacking.
Rule 41 imposes jurisdictional limitations on the FBI's hacking attempts -- something the DOJ is trying (and succeeding, so far) to have changed. But the hacking goes both ways. Not only does the FBI go cruising past US borders while tracking down Tor users accessing seized child porn servers, but law enforcement agencies in other countries are doing the same thing -- and raising the same questions.
Australian authorities hacked Tor users in the US as part of a child pornography investigation, Motherboard has learned.
In one case, Australian authorities remotely hacked a computer in Michigan to obtain the suspect’s IP address.
“I think that's problematic, because they've got no jurisdiction,” Greg Barns, an Australian barrister who practices criminal and human rights law who's also a former national president of the Australian Lawyers Alliance, told Motherboard in a phone call.
It might be problematic, but no one seems all that interested in doing anything about it. No defendants garner less sympathy than those viewing child pornography, and law enforcement partnerships fighting the problem span the globe. No law enforcement agency is going to turn down child porn tips from another agency -- no matter where that agency is located or how it obtained this information.
The issues raised by these extraterritorial searches are likely to only be addressed (inconsistently) by local courts. Legislators aren't interested in restricting the pursuit of child pornographers, and as long as cases are handled locally and setting aside any chances of extradition demands, there's really no compelling reason for them to head off these abuses before they get worse.
The technique deployed by Australian law enforcement does raise a few questions of its own, though. It appears the agency deployed a phishing attack that prompted recipients to click a malicious link that phoned home with user info. The link, though, turned the agency into an actual distributor of child porn, rather than the more passive technique the FBI used when it took over hosting duties for a few weeks after seizing a child porn site's server.
Details on how exactly this was achieved are limited, but according to a court document from another case, “When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video file from an external website. If the user chose to open the file, a video file containing images of child pornography began to play, and the FLA [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file.”
The file was configured in such a way as to route the target’s traffic outside of the Tor network, the document explains.
Seems like a somewhat dubious use of law enforcement resources, but considering undercover officers are able to distribute other contraband (like drugs) in sting operations, it's likely this child porn distribution will be viewed as a lawful part of the agency's investigation.
21 Comments | Leave a Comment..
Posted on Techdirt - 19 August 2016 @ 10:47am
The Sixth Circuit Court of Appeals has decided a man whose communications were snagged by commercial spyware can sue the software's maker for violating federal wiretap law.
The plaintiff, Javier Luis, became involved in an online relationship with an unhappily married woman. Her husband, Joseph Zang, installed Awareness Technologies' "WebWatcher" on his wife's computer in order to keep tabs on her online communications. After discovering his communications had been intercepted, Luis sued the software's maker (along with the husband, who has already settled with Luis and is no longer listed as a defendant).
The Appeals Court doesn't form an opinion on the strength of Luis's claims -- only noting that they're strong enough to survive dismissal. Awareness Software will be able to more fully address the allegations in the lower court on remand, but for now, the Appeals Court finds [PDF] the software's "contemporaneous interception" of electronic communications to be a potential violation of the Wiretap Act.
Two allegations in the complaint support this inference. First, Luis alleges that the communications at issue “were not originally stored on the computer’s hard drive.” The communications were instead acquired by Awareness “as [they were] being written and communicated between senders and recipients.” This allegation directly supports the proposition that the communications were still “in flight” for the purposes of 18 U.S.C. § 2511.
Second, Luis alleges that “WebWatcher immediately and instantaneously rout[e]s the intercepted communications to their [i.e., Awareness’s] servers located in California.” (Emphasis in original.) This allegation directly supports an inference of contemporaneous interception because, if WebWatcher does in fact “immediately and instantaneously” copy and send communications “as [they are] being written,” then the acquisition of the communications likely occurs before the communications have come to rest in electronic storage.
Somewhat illogically, Awareness suggested that the supporting evidence provided by Luis could have referred to a different product (not made by Awareness) that has an identical name.
Awareness is of course correct that some possibility exists that the marketing materials might refer to another device carrying the trademark “WebWatcher” that is unaffiliated with Awareness’s own WebWatcher. This argument, however, is far-fetched at best, and the more “plausible inference,” see id. at 682, is that the materials do in fact apply to Awareness’s WebWatcher that Joseph allegedly used.
Slightly more logically, it suggested that it cannot be held liable under the Wiretap Act because it's the end user that actually violates the Act when they install the software and put it to use. This is what the lower court found in its decision, based on a Report and Recommendation (R & R) put together by a magistrate judge.
With respect to the claimed violation of 18 U.S.C. § 2511, the R&R concluded that Awareness itself did not “intercept” Luis’s communications because it was Joseph [Zang]—not Awareness—that installed the WebWatcher program on the computer used by Catherine. And with respect to the claimed violation of 18 U.S.C. § 2512, the R&R concluded that Awareness could not be held liable simply for manufacturing a product that others—such as Joseph—used to violate the Wiretap Act.
Awareness also argued that WebWatcher's interception of communications wasn't "contemporaneous" and therefore isn't a violation of the Wiretap Act. Instead, it claimed it grabbed communications in "near real-time" and stored a copy on its servers for access by users. The Appeals Court notes that Awareness's own promotional efforts seem to tell a different story.
The marketing materials attached to Luis’s complaint support this conclusion. As Luis notes, the materials state that WebWatcher lets its users review a person’s electronic communications “in near real-time, even while the person is still using the computer.” The materials further note that any deviation from real-time monitoring results not from delays regarding when the communications are acquired, but from variations in “the Internet connection speed of the computer being monitored.”
This near real-time monitoring is significant. If a WebWatcher user can in fact review another person’s communications in near real time, then WebWatcher must be acquiring the communications and transferring them to Awareness’s servers as soon as the communications are sent. The program, in other words, does not wait for the communications to be stored; instead, the program as described captures and reroutes the communications so that a WebWatcher user can review the communications at nearly the same time as they are being transmitted.
In addition, the marketing materials state that “[e]ven if a document is never even saved, WebWatcher still records it.” This feature indicates that WebWatcher does not wait for electronic communications to be saved in a computer’s electronic storage. Rather, the product records the communications as they are being sent, without regard for whether a copy is ever placed in the storage of the affected computer. This aspect of WebWacher’s operations thus implies that the alleged acquisition of Luis’s communications indeed occurred while the communications were still “in flight.”
[W]e today hold that a defendant such as Awareness—which allegedly violates § 2512(1)(b) by manufacturing, marketing, and selling a violative device—is subject to a private suit under § 2520 only when that defendant also plays an active role in the use of the relevant device to intercept, disclose, or intentionally use a plaintiff’s electronic communications.
So even though Awareness itself did not initiate the specific action that “intercepted, disclosed, or intentionally used” Luis’s communications in violation of the Wiretap Act, it is alleged to have actively manufactured, marketed, sold, and operated the device that was used to do so. This is enough to establish that Awareness was “engaged in” a violation of the Wiretap Act in a way that defendants such as those in Treworgy and Amato—who simply possessed wiretapping devices—were not.
The dissenting opinion, however, points out that allowing the plaintiff to pursue Awareness under the Wiretap Act not only shifts some responsibility off the shoulders of the person who initiated the interception (the aggrieved husband) but also more than "liberally construes" the content of Javier Luis's pro se filing.
The majority accepts Luis’s argument on appeal that the complaint directly implicates Awareness in paragraph 77. But this reading is much more than just charitable—it grasps at straws. In describing how WebWatcher operates, Paragraph 77 uses only a possessive pronoun that lacks any antecedent: “WebWatcher immediately and instantaneously routs the intercepted communications to their servers located in California to be stored for their subscribers to later retrieve at their leisure.” Awareness is neither named nor the subject of the action. This paragraph, located amidst Luis’s allegations against the other defendants, does not give rise to the plausible inference that Awareness intentionally intercepted Luis’s communications.
It does not put Awareness on notice that it—the manufacturer and seller— could be liable for anonymous customer Joseph Zang’s misuse of the WebWatcher. Luis’s novel theory of liability does not appear even to have been tried, much less to have been successful, in any previous case. Neither Awareness nor the district court should have been expected to divine it from Luis’s allegations against the other defendants. I would affirm the district court’s dismissal of Luis’s § 2511 claim against Awareness. I would affirm the dismissal of Luis’s state-law claims for the same reason.
That's the downside of this reversal by the Appeals Court: manufacturers and developers will now face an increased risk of civil litigation if their products could possibly be used to violate laws. This negative side effect is diminished somewhat by Awareness's participation in the interception -- the storage of communications on its servers -- but it's still the sort of thing that could encourage speculative litigation aimed at the target with the deepest pockets, rather than the entity that actually broke the law.
Read More | 13 Comments | Leave a Comment..
Posted on Techdirt - 19 August 2016 @ 6:33am
The NSA's exploit stash is allegedly for sale. As mentioned earlier this week, an individual or a group calling themselves Shadow Brokers claims to be auctioning off parts of the NSA's Tailored Access Operations (TAO) toolkit, containing several zero days -- including one in Cisco's (a favorite NSA TAO target) Adaptive Security Appliance which allows for remote code execution.
The thing about these vulnerabilities is that they aren't new. The exploits being hawked by Shadow Brokers date back to 2013, suggesting the agency has been sitting on these exploits for awhile. The fact that companies affected by them don't know about these flaws means the NSA hasn't been passing on this information.
Back in 2015, the NSA declared that it passed on information about vulnerabilities to affected companies "90% of the time." Of course, this statement contained very few details about how long the NSA exploited vulnerabilities before allowing them to be patched.
The White House told the NSA to make disclosure the preferred method of handling discovered vulnerabilities, but also gave it a sizable loophole to work with -- "a clear national security or law enforcement need."
Ellen Nakashima and Andrea Peterson of the Washington Post spoke to former NSA personnel. The statements they gave suggest there's almost always a "need" that outweighs the general public's security and safety.
Former NSA personnel who worked with the tool cache that was released say that when they worked at the agency, there was an aversion to disclosure.
“While I was there, I can’t think of a single example of a zero-day [flaw]” used by the agency “where we subsequently said, ‘Okay, we’re done with it and let’s turn it over to the defensive side so they can get it patched,’ ” said the former employee, who worked at the agency’s Tailored Access Organization for years. During that time, he said, he saw “hundreds” of such flaws.
He added: “If it’s something in active use, my experience was they fight like all get-out to prevent it from being disclosed.”
Said a second former employee, who also spoke on the condition of anonymity to describe sensitive government operations: “It’s hard to live in a world where you have capabilities and you’re disclosing your capabilities to your defensive team.”
So, there's no presumption of disclosure, not even with a Vulnerability Equities Process in place. If the NSA has a vulnerability to exploit, it will continue doing so until it's no longer effective. The agency's name alone grants it a presumption of secrecy because, after all, nothing has more "national security needs" than the National Security Agency.
This undercuts everything the disclosure process was supposed to do: allow developers to close holes in their software. With its TAO secrets out in the open, the government can no longer pretend stockpiling exploits is a good idea. Nor can it claim it's OK because it's only the "good guys" doing good things with them. The exploits will be sold to the highest bidder -- whether that bidder is a criminal or just another private company stockpiling exploits so it can sell those to highest bidder -- which in some cases may be UN-blacklisted countries with totalitarian governments and long histories of human rights abuses.
Matt Blaze -- referring to the just-disclosed Cisco zero day -- wonders if the NSA only just discovered hackers had made off with its stuff. And if it actually knew for three years these exploits had been compromised, why didn't it disclose the vulnerabilities to affected developers?
I wonder if NSA discovered that they lost the TAO exploit trove in 2013 or just now? If in 2013, why didn't they report the Cisco 0day?
Neither scenario is particularly flattering. Although it's presumed the hackers didn't actually crack an NSA server (theory is the exploits were harvested from a compromised server the NSA was running), not knowing that these vulnerabilities had been obtained by outsiders until possibly three years after it happened is not exactly a flattering look for a security agency.
The alternative is actually worse: that the NSA knew its exploits had been taken but STILL chose not to disclose the vulnerabilities to software developers. In this scenario, there's no longer any "what if" about it. The NSA knew exploits were in the "wrong" hands but withheld this info to continue utilizing the exploits. If that's the case, the NSA is complicit in any exploitation by the "wrong" people because it chose to withhold, rather than disclose, major vulnerabilities even after it knew it had been compromised.
It may be that the NSA truly didn't know about this hacking until the hackers started passing out parts of its exploit hoard, but that's not exactly comforting considering the agency's efforts to be declared the overseer of the US government's CyberWar.
21 Comments | Leave a Comment..
Posted on Techdirt - 18 August 2016 @ 3:36am
Stingrays are now as common as cockroaches in the United States, but we haven't heard much about their use by Canadian law enforcement. A denial or a confirmation would be nice, but not strictly necessary. It's safe to assume anything US cops can get, Canadian law enforcement can obtain as well.
Earlier this month, Vice's Motherboard revealed the first confirmation of Stingray use by a local law enforcement agency. (The Royal Canadian Mounted Police have owned and operated Stingray devices for most of the last ten years.)
According to the BC Civil Liberties Association, which posted a blog announcing the news on Monday, the Vancouver police used an IMSI catcher once, nearly a decade ago, and without a warrant.
“We sent a letter asking the Vancouver police if they’d ever used one of the RCMP’s IMSI catchers, and if they would again,” said Micheal Vonn, policy director for the BCCLA. “The answer to both questions was yes.”
So just once? A decade ago? The Vancouver PD sounds about as credible as a presidential candidate being questioned about past drug use. Still, the Vancouver PD insists it has no files on Stingray use, despite admitting to using a Stingray.
However, the Vancouver PD sounds way more credible than the Edmonton Police, which can't even get its spokespeople on the same page. On August 11, the Edmonton Police told Motherboard this:
On Thursday afternoon, Edmonton police spokesperson Anna Batchelor sent me an email saying, “I’m able to confirm the Edmonton Police Service owns a Stingray device and has used the device in the past during investigations.”
This was another first. Vancouver law enforcement -- according to what had been told to Motherboard -- didn't own the Stingray it used. It borrowed the device from the RCMP and was instructed on how to use it by a Mountie tech.
Several hours later, the Edmonton PD wasn't so sure it owned and/or deployed an IMSI catcher.
On Friday, I received a call from Superintendent Terry Rocchio of the Edmonton police, who delivered a frantic and conflicting message: the Edmonton police do not own a Stingray, he said, and Batchelor’s confirmation was the result of internal miscommunications. He was very sorry for the misinformation, he said.
Combined with the previous statement, it appears as though Edmonton PD superintendent Terry Rocchio is apologizing for his own words, which certainly gives the appearance of being misinformation. Further statements released by the Edmonton PD claim the department does not own a Stingray but, again, this is at odds with the unexpectedly straightforward statement given to Motherboard in response to its original query.
Now, it could be that Edmonton law enforcement did the same thing Vancouver's did and borrowed it from the nearest RCMP bug shop. Or it could be that this is just the Canadian version of playing along with non-disclosure agreements. Most agencies contacted by Motherboard refused to comment. Others refused to confirm or deny. And the one agency that DID say it had a Stingray now says it doesn't.
Given the opacity surrounding local law enforcement use/ownership of these devices, it's probably safe to say they've been deployed without warrants and hidden from judges, defendants, and -- quite possibly -- local legislators. Months or years from now, Motherboard may have a more complete answer, but for now, this appears to be Canadian law enforcement scrambling to stave off some inevitable discoveries.
12 Comments | Leave a Comment..
Posted on Techdirt - 17 August 2016 @ 11:30pm
A precedential decision [PDF] by Ontario's Court of Appeals concerning the privacy of SMS messages sounds more worrying than it actually is. Here's Vice Canada's opening paragraph on the ruling:
The texts you think you're sending in private can be used against you in court, according to a potentially precedent-setting new ruling from the Ontario Court of Appeal, which critics believe will have implications on privacy throughout the province.
The government's comment on the decision makes it sound even worse.
"The Crown's position ... is that once a person sends a message into the ether, he or she loses the requisite level of control over that message needed to challenge its subsequent acquisition by authorities from sources outside of that person's control," Nick Devlin, senior counsel with the Public Prosecution Service of Canada, told VICE News.
But that's not what the ruling says. Text messages sent "into the ether" do not lose their expectation of privacy. That would make SMS message content open to interception or seizure without a wiretap order or warrant. The circumstances of the case undercut the claims made in these two soundbites.
In no way does this create some sort of "Third Party Doctrine" governing the content of text messages. Instead, it simply confirms what should be obvious: that once messages are received, the recipient is free to discuss, expose, or otherwise provide the content to whoever asks for it. The sender is no longer in control of the sent message and cannot claim it is still a private communication.
An investigation into the trafficking of illegal firearms resulted in the seizure of phones owned by the two suspects. Police performed forensic searches on both devices and found messages implicating both arrestees. One of the suspects challenged the search and seizure of the devices. For the most part, he won.
1. Mr. Marakah’s s. 8 Charter challenge to exclude from evidence the items seized by the police during the search of his residence on November 6, 2012 is allowed and the evidence is excluded pursuant to s. 24(2) of the Charter;
2. Mr. Marakah’s s. 8 Charter challenge to exclude evidence obtained from his phone that was seized from him by police at the time of his arrest on November 6, 2012 is also allowed and the evidence is excluded pursuant to s. 24(2) of the Charter; and
3. Mr. Marakah’s s. 8 Charter challenge to exclude the evidence of his text messages found by the police on Andrew Winchester’s phone on November 6, 2012, is dismissed.
The last item on the list -- a dismissal of an evidence challenge -- is related to the messages found on Winchester's phone, which included Marakah's end of these conversations. The court ruled there is no expectation of privacy in messages sent to another person's phone.
This is pretty much analogous to claiming an expectation of privacy in mail sent (and received, opened, read, etc.) by another party. The government can't intercept and read the mail without the proper authorization, but there's nothing stopping it from viewing the content if it's seized from the recipient. The same goes for phone calls, which are ostensibly private conversations, but both conversants are more than welcome to discuss the content of the phone calls with law enforcement without infringing on the other party's expectation of privacy.
The failure here is operational security, not a lack of protections for Canadian citizens.
The appellant cited a 2013 ruling that said sent messages are "private communications" and can't be obtained by the government without a wiretap order.
As all parties acknowledged, it is clear that text messages qualify as telecommunications under the definition in the Interpretation Act. They also acknowledged that these messages, like voice communications, are made under circumstances that attract a reasonable expectation of privacy and therefore constitute “private communication” within the meaning of s. 183. Similarly, there is no question that the computer used by Telus would qualify as “any device” under the definitions in s. 183.
The difference between the Telus decision and this one is that in Telus, law enforcement intercepted messages in transit, utilizing the telco's temporary storage of transmitted messages to obtain "continuous production" of messages sent between two numbers. It's the interception that's key, not whether or not the content can be afforded a reasonable expectation of privacy. The appeals court points out that the court in Telus did not actually reach the conclusions the appellant claims it reached.
Abella J. expressly declined to decide the issue that is before the court in this appeal:
 We have not been asked to determine whether a general warrant is available to authorize the production of historical text messages, or to consider the operation and validity of the production order provision with respect to private communications. Rather, the focus of this appeal is on whether the general warrant power in s. 487.01 of the Code can authorize the prospective production of future text messages from a service provider’s computer. That means that we need not address whether the seizure of the text messages would constitute an interception if it were authorized after the messages were stored.
The court points out that a reasonable expectation of privacy is not automatically granted to all cases and incidents involving ostensibly private communications. Context factors into the equation -- both in determining the "reasonableness" of privacy expectations, as well as standing to challenge searches. Here, it finds the context does not help the appellant's case.
In this case, the application judge’s analysis was guided by Edwards and, on the objective reasonableness of the expectation of privacy, the factors set out by Binnie J. in Patrick. Having regard to those factors, he found that the factors that weighed most heavily in his assessment of the totality of the circumstances were that: (1) the appellant had no ownership in or control over Winchester’s phone; and (2) there was no obligation of confidentiality between the parties.
He had no ability to regulate access and no control over what Winchester (or anyone) did with the contents of Winchester’s phone. The appellant’s request to Winchester that he delete the messages is some indication of his awareness of this fact. Further, his choice over his method of communication created a permanent record over which Winchester exercised control.
The long dissent is worth reading as it challenges much of what the official opinion asserts -- mainly that a lack of control equals a lack of privacy expectations. Arguably, courts should treat text messages more carefully as they generate permanent records of conversations (phone calls don't) and are used far, far more often than email or snail mail (which also create permanent records of conversations).
It's much more on point, however, when noting that the seizure and search of the other party's phone -- resulting in the collection of Marakah's messages -- was also ruled to be unreasonable and a violation of Winchester's rights. The denial of Marakah's request to have this evidence excluded means it's possible for Canadian law enforcement to obtain evidence illegally but still use it in court -- just as long as it obtains the incriminating messages it needs from someone other than the sender.
[T]he text messages at issue are essential to the Crown’s case only because of this pattern of Charter infringements. The messages obtained from the appellant’s phone and evidence seized from his apartment are not admissible because the police infringed the appellant’s s. 8 rights when obtaining that evidence. The Crown abandoned reliance on the accused’s inculpatory statements and evidence obtained from them when faced with a challenge to their admissibility. And now the admissibility of the text messages obtained from Winchester’s phone is in issue because they too were obtained in a manner that infringed a Charter-protected right.
Finally, while the search of Winchester’s phone, considered in isolation, may be classified as a less serious breach of the appellant’s Charter-protected interests, I would take into account the fact that the appellant suffered many serious breaches of his Charter rights. In this case the police intruded upon significant privacy interests by conducting a warrantless search of his home and conducting an unnecessary and unrestricted forensic analysis of the appellant’s phone. Refusing to exclude the text messages obtained from Winchester’s phone would, in effect, neutralize any remedy granted for those breaches.
Considering that the court has already quashed the messages obtained from Marakah's phone due to the illegality of the seach, it only makes sense to do the same to the same messages that were obtained from Winchester's phone. Without evidence suppression, law enforcement will be encouraged to route around presumed privacy expectations (and warrant requirements) by choosing an alternate, "less private" source to obtain the same communications.
Read More | 7 Comments | Leave a Comment..
Posted on Techdirt - 17 August 2016 @ 2:42pm
Enigma Software -- creator of the SpyHunter suite of malware/adware removal tools -- recently sued BleepingComputer for forum posts by a third-party volunteer moderator that it claimed were defamatory. In addition, it brought Lanham Act trademark infringement claims against the site -- all in response to a couple of posts that portrayed it in a negative light.
The posts pointed out that the company had a history of threatening critics with litigation and had engaged in a variety of deceptive tactics, including triggering false positives to promote its spyware-cleaning products and placing paying customers on a periodic payment plan that ran in perpetuity under the guise of a one-time "removal" payment.
A somewhat bizarre decision by the judge presiding over the case allowed Enigma's questionable complaint to survive BleepingComputer's motion to dismiss. In doing so, the decision also suggested the judge was willing to poke holes in Section 230 protections -- something that's been happening far too frequently in recent months.
This bogus lawsuit should never have gotten this far. Enigma's original defamation claims contained wording found nowhere in the posts it didn't like, and the company had to make several inferences on behalf of the website it was suing to cobble together its complaint. The lack of a decent anti-SLAPP law in New York kept its defamation claims from being ejected on arrival. Faced with having to litigate its way out of this stupid mess, BleepingComputer has gone on the offensive.
The assertions made in its countersuit suggest Enigma Computer has been -- for quite some time -- fighting speech it doesn't like (the forum posts it sued over) with more speech. Unfortunately, if the "more speech" deployed is just shadiness and bogus claims (the same sort of thing it's suing BC for), then "more speech" isn't really a remedy.
Lawrence Abrams of BleepingComputer gives a brief overview of the latest filing at his company's website. (h/t The Register)
Yesterday, BleepingComputer filed its Answer, Affirmative Defenses, and Counterclaims in response to Enigma Software's Second Amended Complaint. In our filing we stand by our statements that Bleeping Computer has done nothing wrong, that there is no smear campaign against Enigma Software, and that any of the statements posted by the site's volunteer, Quietman7, are either true or purely opinion.
On the other hand, since being sued we have uncovered information that makes us believe that Enigma Software or their agents have been allegedly performing a long term campaign of attacks against BleepingComputer.com.
Our counterclaim includes examples of the following:
- Defamation of Bleeping Computer.
- Using our trademark "Bleeping Computer" without our permission.
- Creating web sites and web pages that use the trademark "Bleeping Computer" to associate the site with malware and other unwanted programs.
- Registering at least one domain with our trademark "Bleeping Computer".
- Copying text from BleepingComputer.com and hiding it in non-viewable HTML on their sites for search engine optimization purposes.
- Actively stating that the BleepingComputer.com security utilities called Rkill and Unhide are viruses.
Furthermore, in all of the above examples, the sites are or have been promoting Enigma's SpyHunter product.
The filing [PDF] fills in the details. Enigma (or its agent) has been creating websites that funnel users to its SpyHunter product while simultaneously suggesting BleepingComputer and its tools are malware.
One site is called Adware Bleeping Computer Removal, which hints that "Bleeping Computer" is something that is unwanted and in need of removal. Sure enough, the site offers instructions on how to remove adware while providing a handy link to download SpyHunter. Another Enigma software-pushing site uses the URL bleepingcomputerregistryfix.com.
Others are hidden behind URLs a bit more innocuous. Enginemachinesupplyshop.com contains pages that claim two tools BleepingComputer has created -- RKill and Unhide -- are "malware/viruses" that "infect" users' computers and should be removed. Naturally, the site recommends SpyHunter. It also includes statements that seem far more defamatory than any of the allegations Enigma is suing BleepingComputer for.
rkill.com is a dangerous computer virus which can destroy the infected computer and record your personal information. If you’re not careful when you visit websites or use online resources, your computer is vulnerable to virus attacks. It has the ability to slow down the computer performance seriously. The computer user’s personal information may be got by the virus makers through the virus, such as credit card or bank account details and social contacts’ information. Therefore, the best way to cancel the malicious behaviors of rkill.com is to get rid of it as soon as possible.
This is what RKill actually does.
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
BleepingComputer provides this utility free of charge to users.
The entire filing is worth reading to see just how much Enigma has allegedly done in an attempt to do damage to BleepingComputer's reputation. From what's shown here, it looks as though Enigma's history as a shady, litigious pusher of dubiously-effective software isn't exactly history. It's still very much a part of its reputation management scheme -- one that does nothing to elevate Enigma's esteem and everything to drag critics in the same business down to its level.
Read More | 9 Comments | Leave a Comment..
Posted on Techdirt - 17 August 2016 @ 11:47am
Cody Poplin at Lawfare points out that the Defense Department has just issued an update on rules governing its intelligence collection activities -- the first major update in over 30 years. These would directly affect the NSA, which operates under the Defense Department.
The most significant alteration appears to be to retention periods for US persons data. While everything is still assumed to be lawful under Executive Order 12333 and DoD Directive 5240.1, the point at which a record is deemed to be "collected" -- starting the clock on the retention period -- has changed.
Under the new rules, “collection” occurs “upon receipt,” whereas the previous manual defined “collection” as occurring when the information was “officially accept[ed] … for use.” The change ensures that all protections governing even the incidental collection of U.S. personal information (USPI) applies upon receipt of that information. The clock starts to run as soon as information is collected, meaning that collected information must be promptly evaluated to determine the proper retention period.
This should result in better minimization of incidentally-collected US persons info as the determination must be made shortly after harvesting, rather than waiting until the collected data is queried. This likely means the NSA may be making more efforts to head off incidental collection, as leaving things the way they are will now result in additional logistics headaches.
This doesn't necessarily mean incidentally-collected info will be swiftly disposed of. The DoD can still hold onto this data for five years. And, if the target of the incidental collection leaves the country during that retention period, the DoD can hold onto the data for a quarter-century.
Info on US persons/entities (still located in the US) is also being granted additional protections, including enhanced minimization procedures for dissemination of collected data to other agencies and other countries.
The NSA will also be expected to make additional trips to the FISA court.
[T]he new manual incorporates new physical search rules that reflect changes to the Foreign Intelligence Surveillance Act since 1982. These include requirements to obtain a FISA warrant for nonconsensual physical searches conducted inside the United States and for targeted collection of U.S. person information outside the United States.
Most of this appears to be changes for the better -- something that likely wouldn't have occurred without Snowden's leaked documents. The last change to these rules was made back in 1982 when no one had any idea the wealth of communications content and data that would be travelling around the globe in digital form.
But a closer look at the details -- especially the part pertaining to "special circumstances" that alter the rules of collection and retention -- suggests there still may be a few exploitable loopholes that would allow the NSA to target US persons and entities.
If DoD agencies wish to target a US person (whether at home or abroad), they're instructed to use the "least intrusive" method of surveillance: public sources. If the information sought can't be found there, the next step is to seek cooperation from other sources that may have the same info. This is basically a consensual search, but involving third parties. The last step is to seek top-level approval from the DoD's general counsel. This will provide some additional oversight, but still makes it a mostly "in-house" process -- something that's not exactly comforting.
The additional restrictions on the collection of US persons in the US seem to limit potential abuse/misuse of surveillance tools.
Other specific limitations apply to collection of USPI inside the United States, including that the information may be collected only if 1) the information is publicly available or 2) the source of the information is advised or otherwise aware that he or she is providing the information.
But the list of exceptions to these limitations appears to directly remove these two stipulations.
In the event that neither or the two previous requirements are met, the Defense Intelligence Component may employ collection methods that are directed at the United States if a) the foreign intelligence is significant and the collection is not undertaken for the purpose of acquiring information about a U.S. person’s domestic activities; b) the intelligence cannot be obtained publicly or from sources who are advised they are providing information to the DoD; or c) the Defense Intelligence Component head concerned or a single delegee has approved as being consistent with the manual and its outlined procedures the use of techniques other than the collection of publicly available information or from an informed source.
Reading these both together suggests that if the DoD can't obtain the info it's seeking from public/advised sources, it can use that limitation as a reason to deploy supposedly foreign-facing surveillance methods against US persons. If that's the correct reading (and the "or" -- rather than an "and" -- in the list of requirements suggests it is), the limitations on domestic surveillance are mostly meaningless.
9 Comments | Leave a Comment..
Posted on Techdirt - 16 August 2016 @ 2:32pm
An interesting decision by a federal judge in Florida suggests this district, at least, may not be amenable to the warrantless use of Stingray devices… or any other method that harvests cell site location data in real time.
Although the defendants lost their motions to suppress due to a lack of standing, the judge had this to say about the acquisition of cell site location info in this case. (via FourthAmendment.com)
Here, I agree with the Defendants that law enforcement's seizure of precise realtime location information by surreptitiously monitoring signals from the cell phones in this manner is a search subject to the proscriptions of the Fourth Amendment. Such is the express conclusion of the Florida Supreme Court and the conclusion suggested by the Supreme Court. See Tracey v. Florida, 152 So.3d 504 (Fla. 2014); United States v. Jones, 132 S.Ct. 945 (2012). As such, law enforcement should have obtained a search warrant issued upon probable cause. The Government concedes that the practice in this Court requires a warrant based upon probable cause for such searches and that the these pen/trap applications did not establish probable cause.
Originally, the defense claimed police used a Stingray to track five burner phones used by the defendants. This seemed to be the most logical conclusion, considering how closely and immediately the location data was acquired. But the government responded that no cell site simulators were used to track the devices. Instead, another tool that has long been available to law enforcement was deployed -- a tool created explicitly for law enforcement use by the cell provider.
On July 21, 2016, the Court heard argument of counsel and took testimony from Detective Joseph Petta, the co-affiant on each of the applications at issue. In short, Detective Petta testified that law enforcement obtained pen/trap authorizations for the cell phone numbers at issue in order to obtain precise realtime location information that was used to track the whereabouts of these phones, to identify those associated with Defendants, and to identify locations of interests. He denies use of a Stingray or similar device, but acknowledges that he used a website offered to law enforcement by Sprint (the "L-site") to obtain such information. Such realtime information was available every fifteen minutes twenty-four hours a day. He further acknowledges that law enforcement used the realtime information to track the cellular phones, which they believed were used by this group. By his account, such applications were the usual way to obtain such realtime location information at the time these applications were submitted.
According to Detective Petta, the website allows law enforcement to log on and obtain realtime or contemporaneous and highly precise longitudinal and latitudinal information linked to GoogleMaps. A spreadsheet of all such location data is made available to law enforcement. Detective Petta testified that the pen/trap orders were not used for any other purpose than to obtain the realtime location of the cell phones.
The information returned from L-site queries is likely not as timely or precise as a roving Stingray but can achieve the same objectives. (An example of L-site data can be seen here.) Sprint has made this tool available for law enforcement to use since at least 2009, tracking roughly with the rise in Stingray use by police departments. The difference here is any law enforcement agency can obtain this data, which opens the market to those who don't have these devices yet or a warrant requirement they'd rather work around. Obviously, this also aids those deploying parallel construction to keep Stingray use hidden.
Either way, the court doesn't agree with the government's assertion that a pen register order is sufficient for obtaining real-time cell site location info. The order cites the Supreme Court's US v. Jones decision in support of its determination that real-time location tracking is a search and requires the use of a warrant -- something the original decision failed to state quite as explicitly. (It only found that placing a GPS device on a vehicle is a search under the Fourth Amendment. The issue of real-time location tracking remained mostly unaddressed.)
But while this order may alter law enforcement's tactics (and even the government admits it should have acquired a warrant in light of other Florida district decisions), it does nothing for the two defendants. An expectation of privacy in real-time location data doesn't help two defendants with a handful of burner phones they're reluctant to claim as their own. The absence of any link between the tracked phones and the defendants means they have no standing to challenge the search.
Defendants here have asserted no claim to or interest in the cell phones at issue. The cell phones were not registered in Defendants' names, and Defendants presented no evidence regarding their possession, use, or control of the phones. Instead, Defendants rely solely upon loose allegations in the pen/trap applications submitted by the Government, which suggested a link between the cell phones and Defendants in conclusory, unsupported fashion. In the circumstances and in the absence of contrary case law, I am obliged to conclude that they fail to establish standing to contest the searches at issue and the motions to suppress should be denied.
A lack of standing tends to be fatal to motions to suppress. But the disavowal of ownership does shift the burden of proof back on the government, which makes it a little harder to prove the burner phones actually belonged to the defendants found carrying them. The court notes the "loose allegations" contained in the pen register applications are "conclusory" and "unsupported," which seems to indicate the government has a few more hurdles to overcome before it can tie the defendants to the phones they're not willing to claim.
7 Comments | Leave a Comment..
Posted on Techdirt - 16 August 2016 @ 11:44am
The unprecedented deployment of a bomb-defusing robot by Dallas police to kill an armed suspect raised several questions. While these robots have sometimes acted as part of a negotiation team in the past, no police department had previously rigged one up with an explosive device to take a suspect out.
One question that remains unanswered is whether this use of the Dallas PD's robot violated its own policies. Gawker's Andy Cush filed a public records request for PD policies on using robots to kill and discovered Dallas law enforcement was basically making things up as it went along.
Gawker filed a request with the department under the Texas Public Information Act seeking any departmental doctrine for using a bomb-carrying robot against a suspect, including but not limited to the use of the Remotec model. Last week, the department responded via email that “A search was made within the Dallas Police Department by the respective Divisions(s) for this information and no records were found.” (Emphasis theirs.)
Debra Webb, a public information officer with the DPD, told Gawker that based on the verbiage of the response, it is safe to assume that no records outlining departmental doctrine for the use of bomb-carrying robots against suspects exist. The apparent lack of any written plans would seem to confirm that officers on the ground came up with the killer robot strategy on the fly, as several experts suggested to the Intercept several days after the shootings.
Jason Koebler and Joseph Cox of Motherboard are seeking more answers about this incident -- one that could be used as a blueprint (albeit one without its own policy blueprint) for similar situations faced by other law enforcement agencies.
The Dallas PD does have several records pertaining to the incident but it's not interested in releasing them.
I formally asked the Dallas police department for body camera footage taken by police and onboard footage taken by the robot of the operation. Motherboard reporter Joseph Cox asked for communications that took place in the aftermath of the event, as well as documents about the purchase of the robot.
The police admitted in a response to me that it does have these videos, but told me in a letter that “all or part of the requested information may not be disclosed at this time.” The Dallas Police Department sent a separate letter to Texas Attorney General Ken Paxton asking him to exempt large parts of my request and the requests of 16 other journalists from “mandatory disclosure.”
Whether Paxton will grant this blanket exception remains to be seen. But past events show he's amenable to covering up records that might be embarrassing or show local law enforcement agencies operating at less than peak efficiency. At least in this case, he won't be put in the position of representing the public and the agency suing him when the public records litigation begins.
The problem with this request for a blanket exception covering these records is that the Dallas Police has, rather disingenuously, lumped public records from 17 different journalists into one big ball of presumptive nondisclosure.
Each of these journalists has requested different things, and each of them should require a separate legal review.
For example, one journalist asked for information about the network security of the link between the police’s robot control center and the robot itself—an interesting request, but one that has both future safety implications and nothing at all to do with Motherboard’s requests.
Furthermore, as Jason Koebler points out, the Dallas PD thinks it should be allowed to withhold documents simply because it might look bad if anyone else but law enforcement officials viewed them.
The Dallas Police Department tells the attorney general that some of the information requested could be “embarrassing” and subject to redaction under a “common law privacy” act, but does not state (at least in the part of the letter it released) which part of which request it believes could result in embarrassing records being released.
Sorry, public officials, but potential embarrassment is not a legitimate reason to withhold public records. The "common law privacy" cited by the PD suggests the info would also have to be "highly intimate" and, more importantly, "of no public interest" to justify withholding under this exemption.
This preemptive move by the Dallas PD -- one that treats multiple requests seeking different documents as an indivisible whole -- appears to be its way of throwing several wrenches into the public records machinery. Koebler reports the PD is asking as many questions as it can in hopes of creating a confusing mess out of multiple straightforward information requests -- even stupid things like whether or not it can redact credit card numbers.
What it's really asking of attorney general Ken Paxton is how long it can get away with not complying with requests. Should Paxton fail to grant it the secrecy it seeks, the next move will likely be a blend of over-redaction and increased fulfillment fees.
Granted, officers on the scene were less concerned with the generation of "embarrassing " public records than they were with neutralizing a hostile threat, but once the decision had been made to repurpose a bomb disposal robot into a killing machine, those up top knew the records requests would come rolling in. Dallas PD officials may not have had any policies in place for wiring up robots to kill, but they already have plenty of strategies on hand for fending off journalists and their records requests.
31 Comments | Leave a Comment..
More posts from Capitalist Lion Tamer >>