Posted on Techdirt - 1 April 2015 @ 3:48pm
MuckRock is again reporting on a mysteriously missing document -- one that was previously acknowledged to exist but come public records request time, simply can't be found.
A couple of months ago, it was the FBI claiming that a Drone Impact Assessment it had previously "released" in response to an FOIA request (read: redacted in full) suddenly couldn't be located. Now, it's the gold standard of Freedom of Information obfuscation -- the New York Police Department -- claiming the same thing.
In December 2013, the NYPD ordered its 77 precinct commanders to route reporters’ requests for crime reports through the agency’s press office, rather than release these documents directly. So where’s the order itself?
More than fifteen months after MuckRock requested it, the NYPD has a rather familiar answer: we couldn’t find it.
It's not as though the document never existed. The NYPD's decision to deny journalists access to its crime blotters -- something it had allowed for decades previously -- was heavily criticized
by a variety of outlets
(including this one
). The document's existence was even acknowledged by the NYPD's Deputy Commissioner of Public Information, who claimed it was nothing more than a reiteration of previously-existing policy. (If so, then it had never been enforced until the distribution of this suddenly-nonexistent memo.)
But now, more than a year after it was first requested, the NYPD's FOIL response team claims the document everyone was talking about several months ago just isn't there.
In regards to the document(s) you requested, this unit is unable to locate documents responsive to your request based on the information provided.
In addition to the documents MuckRock didn't
receive, the NYPD is expected to not answer MuckRock's follow-up question sometime within the next 12-18 months.
MuckRock has emailed the NYPD’s DCPI [Deputy Commissioner of Public Information] to request clarification as to how this order was so widely disseminated throughout the department without being put in writing.
Perhaps the last words of the memo were, "BURN AFTER READING?"
And so, the NYPD continues on in its quest to leave no FOIL request
unthwarted. I'd say it has its work cut out for it, but it's already been touted
as "worse than the CIA, NSA and FBI" in the Information Doesn't Want to Be Free category. Between its generally frosty exterior and its no-oversight-needed in-house document classification
, the NYPD continues to put other reluctant participants in open records laws to shame.
9 Comments | Leave a Comment..
Posted on Techdirt - 1 April 2015 @ 2:35pm
Police accountability remains a major concern. Lawsuits alleging improper police conduct are filed seemingly nonstop. The Department of Justice continues to investigate police department after police department for a variety of civil rights violations. More and more police departments are equipping body cameras on their officers in hopes of trimming down the number of complaints and lawsuits filed against them.
Meanwhile, the public has taken police accountability into its own hands, thanks to the steady march of technology -- which has put a portable phone in almost every person's hands, and put a camera inside most of those phones.
So, we have two entities viewing accountability from seemingly opposite directions. Over the years, many officers have made it clear through their actions that being filmed isn't something they're comfortable with. This has resulted in additional misconduct and abuse of existing laws to shut down recordings. But what are these officers going to do when a city council -- or worse, a Memorandum of Understanding with the Justice Department -- directs them to start generating their own recordings?
One answer has already been presented by the Denver Police Department. They simply won't activate the cameras.
During a six-month trial run for body cameras in the Denver Police Department, only about one out of every four use-of-force incidents involving officers was recorded.
Cases where officers punched people, used pepper spray or Tasers, or struck people with batons were not recorded because officers failed to turn on cameras, technical malfunctions occurred or because the cameras were not distributed to enough people, according to a report released Tuesday by Denver's independent monitor Nick Mitchell.
This is a case-by-case "solution," self-applied as needed by certain officers. For other departments, it appears the imposition of recording devices will be greeted by legislation
. Legislators cite "privacy concerns" but their bills do little more than hand law enforcement agencies full control over body camera recordings
Lawmakers in at least 15 states have introduced bills to exempt video recordings of police encounters with citizens from state public records laws, or to limit what can be made public.
Their stated motive: preserving the privacy of people being videotaped, and saving considerable time and money that would need to be spent on public information requests as the technology quickly becomes widely used.
A small amount of redaction (face-blurring, etc.) would address the privacy concerns. After all, reality TV pioneer COPS has run for years with minimal privacy complaints and that's all it's ever used. As for the latter concern -- expenses related to open records requests -- there are ways to address this that won't cede complete control to law enforcement agencies. Seattle's Police Department worked with
a local activist to find a solution that would provide footage, protect privacy and stay ahead of voluminous public records requests. Unfortunately, the result of these efforts has produced nothing more than extremely blurry footage in which everything is "redacted" by default
Justifications offered by legislators try desperately to skew law enforcement's total control of body camera footage as some sort of win for the general public.
"Public safety trumps transparency," said Kansas state Sen. Greg Smith, a Republican. "It's not trying to hide something. It's making sure we're not releasing information that's going to get other people hurt."
The problem is that if it's the public being abused in these videos, there are very few options available to obtain recordings of misconduct.
The Kansas Senate voted 40-0 last month to exempt the recordings from the state's open records act. Police would only have to release them to people who are the subject of the recordings and their representatives, and could charge them a viewing fee. Kansas police also would be able to release videos at their own discretion.
The "fix" for possibly overbroad public records requests includes a) making acquiring a recording unaffordable, even for the person on the receiving end of alleged abuse and b) allowing the Kansas police to push out a steady stream of exculpatory video. The latter of the two is perfectly acceptable, but only if it's balanced by the public's ability to obtain less-than-flattering video of interactions with police officers. Nothing about this bill makes the public any "safer," no matter what Sen. Greg Smith says.
The potential for abuse of laws like these is so obvious even the cops can see it.
"I think it's a fair concern and a fair criticism that people might cherry pick and release only the ones that show them in a favorable light," said former Charlotte, North Carolina, police chief Darrel Stephens, executive director of the Major Cities Chiefs Association.
Arizona's legislation goes even further than its Midwestern counterpart.
The bill declares that body camera recordings are not public records, and as such can be released only if the public interest "outweighs the interests of privacy or confidentiality or the best interests of the state."
Not even the subject of the footage can demand a copy of the recording without somehow talking a judge into issuing an order for its release. Washington's proposed legislation similarly exempts all body camera video from public examination and routes footage requests through the courts. In both cases, bill sponsors claim publicly-released video could be used for "criminal purposes," but have yet to explain how a properly-redacted video would become a tool for "extortion" by "unscrupulous website owners."
hypocrisy, of course, is that law enforcement agencies and local governments have declared arrest mugshots to be public records and have allowed "unscrupulous website owners" to post the shots and demand payment for their removal. But mugshots only involve members of the public, making them of lesser concern than footage that will also contain police officers. This sort of legislation is nothing more than the codification of a double standard, if that's the motivation behind it.
On the other hand, some states are at least moving to ensure the general public can continue their unpaid police accountability efforts
The Colorado bill, which you can read here, states that if a cop seizes a camera from a citizen without permission or a warrant or deliberately interferes with a citizen’s right to record by intimidation or destruction of the camera, the citizen is entitled to $15,000 in civil fees in addition to attorney fees.
This bill will help ensure at least one
recording of an officer-involved incident remains intact, seeing as Denver police officers aren't all that into capturing their end of these interactions.
Another bill in Texas which has not gotten nearly as much publicity comes from democratic representative Eric Johnson, which seeks to protect citizens from bullying officers as well as criminalize cops who confiscate cameras, only to destroy footage.
This pushes back against Texas Congressman Jason Villalba's recently-introduced bill, which hopes to add a 25-foot no-recording
"halo" around police officers at all times -- stretching to 100 feet if the camera operator happens to be armed. Villalba has openly stated that "officer safety" is a greater concern than violated First Amendment rights, which would actually be criminalized if his bill passes.
California has also introduced a bill involving citizen recordings -- one that will make an incredibly obvious statement into law… presumably because that's the only way the state will get law enforcement to respect it
In California, Senate Bill 411 would amend the state's penal code to say that simply filming or taking a photograph of an officer performing his duty in a public place does not automatically amount to interference.
"Filming isn't interference" would seem to be something that shouldn't need to be inserted as an amendment to criminal statutes. As would the following, which is perhaps even more
infuriatingly obvious than the sentence above:
Supporters say it protects the First Amendment and clarifies that filming alone does not give police officers probable cause to search or confiscate an individual's property.
Undoubtedly, there will be law enforcement pushback against the proposed legislation, which should be referenced in the future as the "We Shouldn't Even Need to Be Telling You This" Act, with "SMDH
" as the short title.
Both sets of cameras will help increase law enforcement accountability, but one set is receiving the majority of proposed legislative protections. Shielding body camera recordings from the public eye limits their effectiveness
as misconduct deterrents
-- the very reason they've been instituted.
13 Comments | Leave a Comment..
Posted on Techdirt - 1 April 2015 @ 12:34pm
To live in the US is to live in a nation of fears -- most of them, irrational. The Department of Homeland Security -- the eerily nationalistic-sounding phoenix that rose from the ashes of the World Trade Center -- has done all it can to turn Americans into government informants, where they're encouraged to turn in complete strangers for suspicious activities like not packing enough clothes or purchasing cookware.
The DHS fears nothing more than a person armed with a camera. If any citizen aims a lens at public transportation, infrastructure, certain manufacturing plants or government buildings, they're assumed to be practicing the dark art of terrorism.
Terrorism is only one of the nation's collective fears: one so seldom realized that the amount of attention paid to it by a vast number of government bodies is almost laughable.
Another fear that is almost inversely proportional to the amount of attention paid to it is child victimization, especially kidnapping and pedophilia. From a young age, parents and educators drill into kids' heads that all strangers are inherently dangerous. This is somehow supposed to protect children from abusers despite the fact that nearly 90% of abuse is committed by someone the child knows and trusts -- family members, child care providers, neighbors, close relatives, family friends, etc.
This hysteria over child sexual abuse has reached the point that being an unaccompanied adult (especially male) in an area frequented by children is considered inherently suspicious. Toronto's Legoland exhibit turned away a 63-year-old Lego fan simply because he wasn't accompanied by a child. The stated reason for this bizarre policy? To "protect the children." Likewise UK's Puxton Park, which turned away a 53-year-old man for the same reason. The explanation given by the park's director for its stupid policy is equally stupid:
He added: ‘There is a lot in the headlines about paedophiles and things that are going on with children.’
Perfect. The media says child molestation is happening pretty much nonstop and so it must be. Therefore, no single adults allowed. The perception is the reality. But as Dan Le Sac and Scroobius Pip pointed out
in "Thou Shalt Always Kill
Thou shalt not think any male over the age of 30 that plays with a child that is not their own is a paedophile/Some people are just nice.
Combine cameras, overwrought pedophile fears, insular communities and former homeless MTV VJ Jesse Camp
, stir vigorously and you end up with the sort of mob "justice" rarely seen outside of horror movies set in remote, backwoodsy locations
. (via PetaPixel
"I received a call that there was a suspicious vehicle, a light brown Volvo station wagon, Massachusetts plate, and there was a male and female in the Raysal area taking pictures of some children," says Chief Deputy, Roger Deel.
Jennifer Adkins, the mother of three kids, and a resident of Raysal, is the one who contacted Chief Deputy Deel. She also confronted the photographers, with a group of others.
Audio recording captured the encounter. You hear a McDowell resident say, "And there are no pictures of any children on there?”
“No. And you can check it, not of your kids. I can show you. Jesus Christ. We didn't stop and approach like, yeah; you guys are making us out to be like crazy pedophiles. You guys are making us out to be people that we are not,” says Marisha and Jesse Camp.
“Have you looked at yourself in the mirror? You all don't look like upstanding citizens," says Jennifer Adkins.
The audio recording of the confrontation can be heard at WVVA's website
. According to Marisha, another person threatened to "beat them and their cameras into the ground." Whatever violence might have resulted from this confrontation was prevented when a state trooper arrived and escorted the couple out of town. But the angry crowd already had all the justification it needed for harassing, threatening and detaining the couple -- and it's every bit as eloquent as the Puxton Park director's defense of his "no single adults allowed" policy.
A man says, “There's just too much going on with kids getting hurt and Y'all might be cool, I'm not saying you're not.”
That's what irrational fear gets us: irrational behavior. Not every adult with a camera is a security threat or a pedophile. Strangers may be unknown quantities, but they are not inherently dangerous simply because they're unknown. No combination of these factors should be considered untrustworthy by default.
But that's where we're at. And these irrational fears are stoked by some of the most trusted members of the community: law enforcement officials, educators and the media. Two of those three directly profit from permanently-heightened fears. The other -- educators -- parrot the skewed information delivered by the other two. The perception becomes the reality. And that "reality" manifests itself as the ugliness detailed above.
43 Comments | Leave a Comment..
Posted on Techdirt - 1 April 2015 @ 4:18am
Is a public school classroom a private space? That seems to be the assertion of school administrators after an 11-year-old student recorded a teacher bullying a student.
A St. Lucie County teacher has been fired after a student used her cellphone to record a teacher bullying another student.
The Samuel Gaines Academy student, 11-year-old- Brianna Cooper, is being praised by her peers. But, she's still facing punishment from school leaders for recording the audio illegally.
WPTV legal expert Michelle Suskauer says it is illegal in Florida to record anyone without them knowing.
Florida's two-party consent/wiretapping law
is outdated and likely unconstitutional, but for now it stands. It also provides an exception
for recording oral communications where the person speaking would not have a reasonable expectation of privacy.
A classroom, in a public school, would seem to be a place where no one
would have an expectation of privacy. Administrators certainly go to lengths to assure their students that nothing they do while at the school is afforded any sort of expectation of privacy, what with random locker/vehicle/cell phone searches and monitoring of computer use. So, why would a teacher be granted an expectation of privacy for something said in a classroom?
Well, it's not so much Florida's law implicated here as much as it is the district's policy on personal devices, even though the school allegedly referred to the recording as "illegal." According to the policy
, "wireless communication devices" may not be used to record anything
on school grounds.
Inappropriate use includes, but is not limited to: (1) activation, display, manipulation, or inappropriate storage during prohibited times; (2) texting, phoning, or web browsing during prohibited times; (3) taping conversations, music, or other audio at any time; (4) photography or videography of any kind; and (5) any activity that could in any manner infringe upon the rights of other individuals, including but not limited to students, teachers, and staff members.
Now, using this policy to suspend a student who exposed teacher misconduct is just pure tone-deafness, which explains the district's decision to quickly reverse the suspension
. Not only that, but this "violation" doesn't even carry with it the penalty of suspension.
Any disruptive, harassing, or other inappropriate use of a wireless communications device while under the School Board’s jurisdiction, shall be cause for disciplinary action under this heading, including confiscation of the device as contraband and, in the event of repeated or serious misuse, loss of the privilege to possess such a device on school property or while attending a school function.
So, the suspension makes even less sense than it would otherwise, given the school's actual policy on cell phone use -- something it seems to have (briefly) ignored in favor of deterring a student from exposing staff misconduct.
But there's still a link to Florida's outdated wiretapping law contained in the school policies. This sentence wraps up the paragraph on inappropriate use of cell phones.
The use of a wireless communications device shall be cause for disciplinary action and/or criminal penalties if the device is used in a criminal act.
At which point, we're back to the question of privacy expectations. Certainly, most schools are quick to cite privacy laws when dealing with the release of student information. Anything to do with minors is inherently more sensitive than that of adults. Not that privacy concerns prevent schools from being as invasive as possible
when dealing with their students, requiring signatures on policies that allow administrators to search students' devices, lockers and vehicles for nearly any reason, as well as the offering of waivers to use photos and student information in news stories and school-produced materials.
But this school also forbids the recording of anything
while on campus, even with a personal cell phone, granting an expectation of privacy that doesn't actually exist under Florida law. Public schools are public and words uttered by educators and administrators in classrooms and assemblies (any place where it's not "one-on-one") are very much "public" by definition. Florida's wiretapping law shouldn't apply. Unfortunately, school policies take precedent in situations like these, and this district has pretty much assured that the bullying that schools seem so concerned about will only be handled with hearsay, as any recording evidence to back up allegations is forbidden.
Kudos to the school for quickly realizing suspending the student was the wrong way to handle this, but the policies it forces students to follow are just going to make it harder for administrators to deal with misbehaving students and teachers.
36 Comments | Leave a Comment..
Posted on Techdirt - 31 March 2015 @ 2:40pm
The DOJ's most infamous drone deployments involve justifications for extrajudicial killings. But its agencies also have fleets of (nonlethal) drones, something these agencies tend to avoid discussing until sued into doing so.
The Office of the Inspector General has taken another look at the drones deployed by DOJ agencies and found that, while plenty of money has been spent acquiring and maintaining drones/operators, very little deployment is actually occurring.
Our September 2013 interim report found that between 2004 and 2013, the FBI spent approximately $3 million to acquire small UAS it deployed to support its investigations. As of August 2014, the FBI had acquired 34 UAS vehicles and associated control stations, of which it considered 17 vehicles and a smaller number of control stations to be operational.
$3 million spent on drones, with only half currently considered "operational." In eight years (2006-2014), the drones have only been deployed to assist in 13 investigations, with nine of those occurring in the last four years. This may be good news for those concerned about extensive domestic surveillance, but it's not good news for those interested in how their tax dollars are being spent.
The FBI may have the desire for more unchecked surveillance and the drones needed to do the job, but it apparently lacks the manpower…
During the time of our review, the FBI maintained its UAS at one location in the United States and had only one team composed of two pilots on staff who were adequately trained to operate its UAS.
...or Fourth Amendment concerns…
The FBI told us that that it determined it did not need to obtain search warrants for any of its UAS operations.
That's the nice thing about making your own in-house "determinations": they'll rarely be challenged.
As for the half-functional 34-drone fleet "manned" by the FBI's two
pilots, it couldn't be more unlike the agency's earlier assertions.
This approach differs from the decentralized deployment approach that FBI officials told us they employ for the FBI’s manned aircraft.
If you're wondering where more of your tax dollars are being misspent, it's right there in the following paragraphs. Because the FBI has only two drone pilots, these operators are driven or flown to locations where the drones are needed, sometimes arriving more than a day after the request for assistance was made. The FBI, despite being a national
law enforcement agency, houses both its pilots and
its drones at the same location.
Considering the FBI claims the drones have been used in potentially life-threatening situations (search-and-rescue efforts, suspected kidnappings), spending a day shipping drones and pilots where needed seems like the sort of thing that would result in unnecessary deaths/injuries. In response, the OIG has asked the FBI to handle its drone fleet less stupidly.
The ATF also has a few drones of its own. (The US Marshals Service and DEA were queried by the OIG, but both claimed to have no drones in their possession, which is true, but misleading. [More on that below.]) And, like the FBI, the drones are expensive, underutilized and, far too often, not worth the money that's been spent on them.
One UAS program manager told us ATF found that one of its smaller UAS models, which cost nearly $90,000, was too difficult to use reliably in operations. Furthermore, the TOB discovered that a gas-powered UAS model, which cost approximately $315,000 and was specified to fly for up to 2 hours, was never operable due to multiple technical defects.
The lack of functioning flying eyeballs resulted in the Special Operations Division shutting down the ATF's drone fleet in June 2014. Those drones were transferred to the Naval Criminal Investigative Service "at no cost" -- a fair price for non-functioning drones. With its drones and drone program dead, the ATF did the logical thing: bought more drones.
Less than a week after ATF’s Special Operations Division suspended its UAS program, ATF’s National Response Team (NRT) purchased five small, commercially available UAS at a total cost of about $15,000.
These new drones were deployed exactly once. At that point, the ATF determined it would need to permission from the FAA before deploying its drones in the future. With that, the ATF's drone program returned to its briefly interrupted hibernation.
For those agencies claiming they have no drones (US Marshals Service, DEA), that's only true if limited to direct ownership. Every major DOJ agency has availed itself to the DHS's fleet of drones, a majority of which belong to the CBP.
Specifically, four DOJ law enforcement components – the FBI, ATF, DEA, and USMS – have received UAS support from the U.S. Customs and Border Protection (CBP), part of the U.S. Department of Homeland Security (DHS), which operates a fleet of Predator-B UAS. In response to our request, the CBP provided to us evidence indicating it operated UAS at least 95 times on missions that involved DOJ components in some way. Of these flights, the CBP identified that DEA was involved in 73, the FBI in 13, ATF in 4, the USMS in 3, and 2 for multiple DOJ components.
So, when the DEA says it has no drones, it's technically correct. But the drones it doesn't
own have flown more times than the 34 drones the FBI actually owns
. The CBP's drone fleet seems to have enough drones for everyone
, and this division of labor (so to speak) allows the DEA and other DOJ agencies to minimize their drone paper trails. But more drones doesn't mean useful
drones. The CBP's drone fleet may perform well in other agencies' hands, but it's next to useless
when deployed by Customs itself.
While the investigation generally points to limited drone usage -- which is a good thing -- the discovery that the DOJ's drone fleets are expensive, mismanaged and almost completely worthless isn't.
Read More | 14 Comments | Leave a Comment..
Posted on Techdirt - 31 March 2015 @ 8:16am
Do you remember the last time your tweets made a corporation cry? Or when you Facebooked a multinational into deleting its home page? Or that one time when police were called in to investigate threats to withhold future purchases?
In an article far less overwrought than its title would suggest, some analysts are comparing social media backlash to "cyberbullying."
Cyberbullying isn't something normally associated with large corporations. However, in the last week alone social networking played a big role in humbling two culturally influential institutions: Starbucks and DC Comics. Both companies beat a hasty retreat from planned campaigns, and in the process learned a painful lesson in frontier Internet justice.
They join a gallery of big companies that have learned the hard way that hell hath no fury like a Twitter user scorned. So has social media ushered in the age of cyberbullying of big companies?
According to experts, the answer is yes … and no. By and large, the Internet is seen by many as a way to hold companies accountable for their business practices, and give consumers a measure of leverage. Yet it also means big firms no longer totally control their own narratives, and companies can quickly become helpless bystanders in their own story.
Since the average social media user's market cap is far below that of the "bullied," this would seem to be be more evidence that the internet levels the playing field like nothing that has come before it. Sure, pre-internet backlash was possible, but it involved letter-writing campaigns that worked only for those who enjoyed delayed gratification, boycotts that generally had more effect on local media coverage than the bottom lines of the companies targeted, and petitions with actual handwritten signatures very few people in the upper management levels ever saw.
Now, the backlash is not only immediate, but it's massively multiplied. The word "firestorm" is thrown around, but despite its causal ubiquity, it's actually a rather apt metaphor. When a company (and there's so many
to choose from
) screws up -- especially
if its first reaction is to quell/ignore
criticism -- the complaints of the few become the movement of the masses. An entity's reputation can go up in flames in a matter of hours, especially if its responses are combative or defensive. Memory-holing offending content or killing off social media pages is completely suicidal. And complaints about the "unfairness" of the criticism (even when the criticism isn't legitimate) isn't going to turn the tide, because no one really wants to hear a multi-million dollar corporation indulging in self-pity.
Of course, the same platforms that are decried as being tools of bandwagon-jumping haters can be used proactively by companies. Too many companies believe a fire can be extinguished by waiting for it to burn itself out. Engagement means more than blasting out corporate site links and discount codes. It means listening. It also means publicly dealing with screw-ups in real time
. Some companies can't handle this, having outsourced their social media presence to random employees or interaction-free bots. The internet can be "won," but most companies apparently aren't in the position to do so, despite years of social media unrest clearly indicating the importance of agility and responsiveness.
No matter what it feels
like to be the target of the well-oiled internet hate machine, it's a stretch to call this sort of thing "bullying." Wrong or right, internet backlash usually involves "punching up." Sure, the number of people involved can give this a "bullying" appearance, but the same tools being used to criticize can be used to connect. Far too many companies either can't or won't perform this essential part of maintaining an "online presence." And when they don't, they lose. Unlike most other bullying, the power still remains in the hands of the "bullied." It's up to them to use it effectively.
42 Comments | Leave a Comment..
Posted on Techdirt - 30 March 2015 @ 3:45pm
Two things remain certain in life: death... and law enforcement agencies using license plate readers obtained with Homeland Security grants for purposes not even remotely related to securing the homeland.
Here's how Newport News, Virginia's police department obtained its automatic license plate readers:
Grant money from a terrorism prevention program of the U.S. Department of Homeland Security through the Virginia Department of Emergency Management provided the funding for automatic license plate readers for several Hampton Roads agencies, including Newport News, Suffolk, Norfolk, Williamsburg, James City County, York-Poquoson and Isle of Wight, said Laura Southard, public outreach coordinator for the state's emergency management department.
Hampton Roads law enforcement departments received $869,000 in 2009, $357,000 in 2010 and $143,000 in 2011 for license plate readers, Southard said.
And here's what it's doing with them
Delinquent taxpayers in Newport News could have their vehicles impounded if new cameras snap a photo of their license plates around town.
In an attempt to claim the nearly $4 million in delinquent personal property taxes owed, the city will soon begin using license plate scanners to find vehicles on which more than $200 in personal property taxes are owed.
The cameras will be mounted to the backs of six sheriff's department cruisers to automatically read license plate numbers. Those numbers will be cross-searched with a database updated daily of all the license plates in the city with more than $200 in personal property taxes owed, Treasurer Marty Eubank said.
The terms "terrorism" and "drug enforcement" were likely thrown around during the application process, but the end result is the city viewing law enforcement technology as just another revenue generator
. A "hit" from the ALPR will result in the vehicle being towed within three days if the delinquent taxes aren't paid off or a payment plan set up.
While the city has every right to pursue delinquent taxes, it has no business re-purposing federally-purchased law enforcement technology to do so. Citizens concerned about ALPR databases housing millions of non-hit records have always been assured that this technology will be used to fight the baddest of the bad: drug dealers, terrorists, auto thieves, kidnappers, etc. But now it's being used to collect back taxes -- hardly the sort of thing Homeland Security funds should be used for.
Things get even more petty a little down the road in Hampton, Virginia. While Newport News' enforcement efforts don't kick in unless more than $200 is owed, Hampton is all about the Lincolns.
Hampton has one camera mounted to a city minivan, not a police vehicle, which is driven around town every week day, said Dave Ellis, field compliance supervisor in the Hampton Treasurer's Office. When field investigators find a vehicle with a license plate for which more than $5 in property taxes is owed, they first place a warning sticker on the vehicle telling the owner to make contact with the city. If there is no response from the owner after about a week, the investigators go back and remove the license plates or put on a wheel lock, Ellis said.
Hampton's tax-collecting ALPRs were first deployed in 2008. It's left unclear how the usually "law enforcement-only" technology ended up in the city's hands, but most likely a Memorandum of Understanding allowed the transfer of the plate readers. To date, $1.4 million in federal funds have been dispersed to pay for law enforcement's ALPRs -- and now some of them are being used to track down $5 property tax deadbeats.
Isle of Wight doesn't even bother doing its own tax collection efforts. According to the article, this is outsourced to a private company with its own plate readers, meaning there's next to zero accountability. Turning a city job private keeps records related to tax collection efforts a little further away from curious constituents and their Freedom of Information requests.
Not that the Hampton Roads law enforcement network is too concerned about overstepping its bounds or potentially violating constitutional rights. As was covered here late last year, these same law enforcement agencies have built their own
phone record database -- filled with data obtained from subpoenas, warrants and court orders -- which is shared between the multiple agencies with no apparent oversight.
Once you get past the re-purposing of federal funds for local tax collection, you arrive at the question of cost effectiveness. Hampton sends its city vehicle out every weekday
to troll for plates. On top of the paycheck handed out to the driver(s), there's fuel and vehicle wear-and-tear costs to be considered, along with whatever's being paid to maintain the technology and its database. And yet, it seems satisfied to have collected $60,000 in unpaid taxes last year -- seemingly "break even" at best.
The bottom line is this: if you want to use ALPRs to catch delinquent taxpayers, then be upfront about this and use local funds to purchase the equipment. Don't simply use the technology because it's there. Using federally-funded plate readers is basically asking the rest of the US to fund your local
tax collection efforts. And just like when law enforcement deploys these readers, there should be explicit, public
information about how the data is collected, retained and destroyed. Sure, law enforcement agencies have been less than open
about these factors, but at least they have the (poor) excuse that there are means and methods to protect. The cities doing this don't have anything to protect -- at least nothing that would (supposedly) threaten public safety if it were made known.
24 Comments | Leave a Comment..
Posted on Techdirt - 30 March 2015 @ 2:39pm
The recently-released 9/11 Commission's review of FBI tactics in the wake of the 2001 terrorist attacks seems to suggest the agency should perform even more racial profiling than it already does. As Kevin Gosztola of Firedoglake points out, the language in the report places a lot of emphasis on "domain awareness" and pre-crime policing.
Documents the American Civil Liberties Union have been able to obtain show [PDF] that “FBI analysts make judgments based on crude stereotypes about the types of crimes different racial and ethnic groups commit, which they then use to justify collecting demographic data to map where people with that racial or ethnic makeup live.” The FBI uses “domain analysis” to target American Muslims and Islamic institutions.
The similarities between this suggested course of action and the NYPD's infamous "Demographics Unit" (led by a former CIA official) are notable. Both involve questionable tactics like declaring entire mosques
"terrorist organizations" simply because attendees followed the same religion as the 9/11 attackers. Notably, the FBI found the NYPD's tactics so thoroughly violated the rights of those being surveilled that it refused to access
any of the intelligence gathered by the Demographics Unit. That decision ultimately cost the FBI nothing in terms of usable intel. Despite years of rights violations and round-the-clock surveillance, the NYPD's special unit was never instrumental
in preventing attacks or producing significant arrests.
Marcy Wheeler at Emptywheel notes that the FBI's analysis of the 9/11 Commission's reports indicates a significant percentage of FBI agents found racial profiling and pre-crime "investigations" to be a waste of time
According to one anecdote, 20% of analysts (not even Field Agents!) understand the point of this. And even in offices where they do understand, the Field Agents won’t do their part by going and filling in the blanks analysts identify.
The "blanks" are contained in CSCCs (Central Strategic Coordinating Components), linked to field offices' "domain awareness" programs. But one-fifth of agents refused to comply with this directive -- not because 20% of FBI agents are necessarily against racial profiling (documents obtained by the ACLU show otherwise) -- but because the tactic just doesn't work
Call me crazy. But maybe the people responding to actual crimes believe they learn enough in that process — and are plenty busy enough trying to catch criminals — that they don’t see the point of racially profiling people like NYPD does? Maybe they believe the ongoing threats are where the past ones have been, and there’s no need to spend their time investigating where there aren’t crimes in case there ever are in the future?
Doing investigative work like investigators, rather than like surveillance dragnets? That's probably crazy enough to work. Not that the FBI has any desire to dial back its requests for encryption backdoors
and unfettered access to electronic communications, but those actually out in the field seem to know what works and what doesn't. And a constant APB for anyone fitting the "Muslim/Male" description isn't exactly helpful.
Of course, those at the top -- the ones finding this to be a credible way to fight terrorism -- see this 20% as outliers who have failed to "get on the bus." And in a mixture of the worst parts of bureaucracy and corporate culture, they've responded with "do more of what isn't productive, only faster and harder."
Yet rather than analyzing whether this concept serves any purpose whatsoever, it instead says, “it’s corporate policy, no one is doing it well, so it needs to improve.”
There's a lesson here, but those writing the review aren't comprehending it. (Wheeler notes that many of those interviewed for the report aren't actually FBI agents, but rather representatives of other intelligence agencies, like the CIA.) To catch terrorists, you need smarter investigative work, not work that involves blanket surveillance and the rote filling in of blanks. The NYPD should
know this, considering its failure to catch plots later uncovered by the FBI, but it doesn't. Despite the disbandment
of the "Demographics Unit," it still clings to the belief that mass surveillance
beats real police work any day of the week. The FBI has figured this out -- or at least a percentage of its agents have -- but that's not going to be enough to persuade those calling for more of everything to dial back their efforts a bit.
The FBI can be smart, but it's apparently hampered by upper management with an obvious fondness for bad ideas that simultaneously expand the agency's power. If it is how it looks, the real aim of the agency heads is more
power, not fewer
21 Comments | Leave a Comment..
Posted on Techdirt - 30 March 2015 @ 1:33pm
Major corporations are actively monitoring social media during standardized tests. This is being done to "protect" the "integrity" of test questions and answers. None of this is particularly surprising, other than the fact that a member of school administration was the one to blow the whistle on it.
Students in New Jersey are in the middle PARCC testing right now. This is a new standardized test which is administered by Pearson. It's not without its detractors; many parents are opting their kids out of the test, and after what Pearson just did I'm sure the number will grow.
The superintendent's email
A blogger by the name of Bob Braun got his hands on an email one NJ school district superintendent sent out to a mailing list. Said email discusses a dire "security breach" in which a student tweeted a mention of the recent PARCC test.
wasn't sent to remind teaching staff to keep a better eye on testing students. It was sent to inform the rest of them about a situation she (Elizabeth Jewett) found unacceptable. [all emphasis hers]
Good morning all,
Last night at 10 PM, my testing coordinator received a call from the NJDOE [New Jersey Department of Education] that Pearson had initiated a Priority 1 Alert for an item breach within our school. The information the NJDOE initially called with was that there was a security breach DURING the test session, and they suggested the student took a picture of a test item and tweeted it. After further investigation on our part, it turned out that the student had posted a tweet (NO PICTURE) at 3:18PM (after school) that referenced a PARCC test question. The student deleted the tweet and we spoke with the parent -- who was obviously concerned as to her child's tweets being monitored by the DOE. The DOE informed us that Pearson is monitoring all social media during PARCC testing. I have to say that I find this disturbing -- and if our parents were concerned before about a conspiracy with all the student data, I am sure I will be receiving more letters of refusal once this gets out (not to mention the fact that the DOE wanted us to also issue discipline to the student). I thought this was worth sharing with the group.
Well, the news has gotten out, spreading from Bob Braun's blog to the New York Times
and Washington Post
. Pearson remains unapologetic for its protection of its test turf, noting that it only monitors public
social media posts and cross-references those to ensure it's only reporting currently-testing students to various education agencies. All well and good, but when a private company wields the power to nudge public schools into disciplining students for so-called "security breaches," it's a bit of a problem.
This widespread coverage has prompted several educational entities to take action
In response to parent concerns, states using Pearson’s new PARCC exam did ask the company to stop cross-checking the names of students suspected of making inappropriate posts against the company’s list of registered test-takers. And New Jersey officials said Thursday that they would review the monitoring process to make sure student privacy is not compromised.
But Pearson isn't the only company keeping an eye on students for school administrators. Politico's coverage contains statements from a number of social media monitoring companies that provide surveillance tools and reporting to a variety of institutions.
Caveon is monitoring social networks on behalf of Pearson to safeguard against leaks of Common Core testing questions. Others -- like the infamous Geo Listening
-- are there simply to monitor and report.
Enter the surveillance services, which promise to scan student posts around the clock and flag anything that hints at bullying, violence or depression. The services will also flag any post that could tarnish the reputation of either the student or the educational institution. They’ll even alert administrators to garden-variety teenage hijinks, like a group of kids making plans to skateboard on school property .
Some of the monitoring software on the market can track and log every keystroke a student makes while using a school computer in any location, including at home. Principals can request text alerts if kids type in words like “guns” or “drugs,” or browse websites about anorexia or suicide. They can even order up reports identifying which students fritter away hours on Facebook and which buckle down to homework right after dinner.
Other programs scan all student emails, text messages and documents sent on a school’s online platform and alert school administrators — or law enforcement — to any that sound inappropriate.
Some of the tools run covertly. Others are expressly pointed out by administration to increase the deterrent factor. Some even go so far as to cross-reference multiple social media accounts in order to strip away students' anonymity on networks where no "real name" is required.
These companies generate tons of data and possible "hits," but how useful are they? Gaggle
, a service that scans emails, texts and discussion boards for "anything inappropriate," says it sends "thousands" of alerts to schools every year. But its contribution to a better-behaved student body is decidedly minimal.
In Deerfield, Gaggle has unearthed just one serious incident in the past the 18 months — an eighth-grader emailing a nude photo of herself, [Deerfield Superintendent Michael] Lubelfeld said.
The same goes for the other monitoring software deployed by Lubelfeld's school district -- which monitors students' computer usage. Only a "few violations" have been detected despite its constant presence.
Sure, the accounts may be public and there's no expectation of privacy in tweets, Facebook posts and school computer usage, but Pearson's monitoring didn't restrict itself to testing hours or even, indeed, school
hours. The scope of these companies' surveillance lends itself to tons of false positives, and this can have a very negative effect on students who are going to find themselves punished for off-campus behavior -- or worse, for doing nothing wrong at all.
17 Comments | Leave a Comment..
Posted on Techdirt - 30 March 2015 @ 3:47am
It's no secret that many companies monitor their employees' computer use. But things are going much further than simply ensuring the normal "don'ts" -- file sharing, porn viewing, etc. -- are tracked for disciplinary reasons. Companies are now on the lookout for the next "insider threat." Some companies are viewing the Snowden saga as the ultimate cautionary tale, albeit one that results in more surveillance rather than less. (via Dealbreaker)
Guarding against such risks is an expanding niche in the security industry, with at least 20 companies marketing software tools for tracking and analyzing employee behavior. “The bad guys helped us,” says Idan Tendler, the founder and chief executive officer of Fortscale Security in San Francisco. “It started with Snowden, and people said, ‘Wow, if that happened in the NSA, it could happen to us.’ ”
But the effort to find -- and prevent -- the next "insider threat" from damaging his or her company seems to be just as misguided as the government's efforts
to do the same. Looking for potential threats often results in viewing almost everything
as an indicator of future treachery.
One company cited "changes in email habits" as being indicative of an "insider threat." Others, like Stroz Friedberg, aren't as selective. The company, started by former FBI agent Edward Stroz, veers into the same dangerous territory the government does when rooting out "threats." In its hands, normal activities are viewed with suspicion by its monitoring software.
The software establishes a base line and then scans for variations that may signal that an employee presents a growing risk to the company. Red flags could include a spike in references to financial stresses such as “late rent” and “medical bills.”
And what better way to tackle "late rent" or "medical bills" than suddenly finding yourself unemployed simply because re-purposed FBI analytic software thinks any small sign of (possibly temporary) financial instability indicates your next move will be to steal something. Millions of people in the US deal with these realities frequently -- especially the latter. And yet, millions of employees still find other ways to tackle these problems instead of dipping their hands in the tills or running off with sensitive documents.
Stroz's software also thinks -- like the government -- that an unhappy employee
is a malicious employee.
He offers the scenario of a star trader at a bank who’s disappointed with the size of her annual bonus. Instead of being blindsided when she defects to a rival, a bank using Scout could identify her discontent early and make sure she doesn’t take sensitive data or other team members with her.
Or, the company could try to work with the employee rather than just secretly track her until her eventual exit. Once again, unhappy employees leave companies all the time without taking anything with them. Sure, a few do, but the deployment of software like this will generally produce more false positives (and a further strain work relationships) than insider threats. And there's nothing like firing people for something they haven't
done (but might!) to endear a company to its remaining employees.
Despite all of this, Edward Stroz believes his company's predictive employee policing software is just another way for companies to show their employees how much their staff means to them.
He’s still careful when discussing the software, describing it as a way to help employers build a “caring workplace.”
Oh, it's anything but. While employees will often accept monitoring of their internet/computer usage as being a necessary part of the employee-employer relationship, they're not going to be happy to find out that searching for information about medical bills might see them lose a source of income. And they're definitely not going to be thrilled to learn that expressing displeasure about company practices and policies may result in the same thing. If a company wants to foster a "caring workplace," it should be addressing
employee discontent, not monitoring
it. But what do you expect from companies -- and the entities that provide them with spyware -- that view the Snowden leaks as justifying
Oh, and employees had better believe their file sharing use will be actively monitored (and used against them). Stroz Friedberg may be making enterprise pre-crime software now, but its past as an RIAA lobbying firm
(and its slightly-later past as a Six Strikes "independent expert
") has been well-noted.
29 Comments | Leave a Comment..
Posted on Techdirt - 27 March 2015 @ 7:39pm
It doesn't happen often, but a judge has called out police officers for using a non-existent offense -- "contempt of cop" -- to justify the use of force against a detained person. Multnomah County (OR) Judge Diana Stewart cleared 16-year-old Portland resident Thai Gurule of several charges brought against him after he was pummeled and tased by police officers for… well, basically for responding angrily to a somewhat derogatory gesture.
Police that night had been looking for a group of seven to nine African American men, including one shirtless one, who had been walking the streets, reportedly damaging property and yelling profanities. Within minutes of receiving the group's last known location, police several blocks away focused their attention on a group of three young men: Gurule, his 20-year-old brother and their friend.
That was the narrative up to the point where Thai Gurule found himself on the receiving end of fists and Tasers. Ignoring the fact that this group had little in common with the suspects other than race, we come to what turned this incident into a confrontation and, finally, a one-side melee.
The following comes from the judge's statement
on the dismissal of charges:
As the youth walked past, Officer Hughes said, "Hey" to the youth and when the youth continued, he again said, "Hey" and clapped his hands.
Thai Gurule turned to face Officer Hughes and in an angry or aggressive voice said "Don't fucking clap your hands at me". Officer Hughes stepped forward while the youth stepped back.
Cue escalation. The officers decided to cuff Gurule (for "resisting arrest," apparently). As a crowd began to gather, the officers decided to move Gurule into a prone position for cuffing, supposedly for officer safety. But rather than let Gurule move to a prone position, one of the officers decided to speed up the process by sweeping Gurule's feet out from underneath him. From that point, it became an uncontrolled beating. One officer held Gurule by the hair while the other two wrestled him to the ground and hit him multiple times with their fists and knees. Finding the one-sided "struggle" to be ineffective, Sgt. Lile deployed his Taser.
After they were done throwing blows, the officers threw the book at Thai Gurule, listing all of the following charges on the police report
Interference with public safety
The accompanying reports filed by the officers maintained that Gurule repeatedly swung his fists at officers and tried to choke one of them. Unfortunately for these officers, multiple recordings of the incident
that contradicted their narrative were made available to the judge.
Judge Stewart was obviously irate at the thick stack of lies delivered to her in the form of police reports and sworn testimony. She also was none too happy with the officers' justification for initiating the arrest of a person who had done nothing more than fail to treat Officer Hughes with as much deference as he felt he deserved. Not only did she dismiss the charges, but she read the entire damning dismissal order out loud.
In discussing the "resisting arrest" charge, Judge Stewart also addressed the pure BS motivating the officers' arrest of Gurule. She points out there's an exceedingly low bar that needs to be met to satisfy the requirements for bringing this charge, but the officers couldn't even meet that.
Actual restraint was placed upon the youth at the moment that Officers Hughes and Hornstein placed control or escort holds on the youth. At that moment, even given the broad authority described above, there is insufficient evidence before the court that the Officers were operating under their community caretaking function, or therefore under color.
At that time, there is no evidence of concerns about a crowd forming. That concern arose as much as a minute later when the officers decided to take the youth to the ground.
Establishing this, she gets to the heart of the matter.
The only facts before the court are that the youth failed the attitude test when he turned and aggressively complained about Officer Hughes clapping him hands. Officer Hughes stepped forward and the youth stepped back and Officer Hughes, immediately followed by Officer Hornstein placed the holds restraining the youth.
And there it is: the bogus arrest was prompted by a little disrespect Officer Hughes just couldn't handle. It is surprising enough that a judge would call out an officer for this sort of behavior. It's even more surprising that she would move on to allowing an arrested suspect's self-defense claims stand. In most cases, the judicial branch shows deference to police officers who use excessive force in their
self-defense ("feared for their safety"). In this instance, the deference went the other way.
[W]hile a person may not use physical force to resist what is actually or perceived by the defendant to be an unlawful arrest, a person may use physical force in defending oneself from excessive use of force by an arresting officer. Any injury caused to an officer in the course of engaging in a justifiable use of force to defend oneself may under such circumstances be justified and not criminal.
In this case, the youth's age is a relevant factor which the court considers even without the testimony of youth. Therefore, the question before the court is whether this youth and a reasonable 16 year old youth in his position would have believed that the use or imminent use of force against him exceeded the force reasonably necessary and whether he was entitled to defend himself with a degree of force which a reasonable 16 year old would reasonably believe to be necessary for the purpose.
The take down, although intended to be gentle and with adequate warning was nothing like that plan. Officer Hornstein swept the youth's feet out from under him causing him the sensation of falling forward without the use of his hands to break his fall. The next 35 to 45 seconds was a melee of fists and punches and bodies falling upon him. Prior to reaching the wall, the youth was attempting to regain his footing and get back on his feet and remove himself from what a reasonable person would have felt was a senseless and aggressive use of excessive physical force.
Once at the wall, the independent evidence of the video clips is less clear but continues to show the youth trying to struggle away from the officers rather than engage in a physical altercation…
[G]iven that confusion, rapidity of events, the tangle of officers and the youth and the confusion caused by the crowd, I find that as to all charges herein, the state has not established beyond a reasonable doubt that the youth was not reasonably justified in the use of self-defense as to all of the charges herein.
And with that, Thai Gurule is no longer facing criminal charges. As of yet, there's no word of what consequences, if any, are awaiting the officers involved. The city's police department is only a couple of years removed from a DOJ investigation
, but incidents like these show there's still work to be done.
And, of course, the local police union has greeted this decision with assertions that the officers involved did nothing wrong and that Judge Stewart is nothing more than an armchair quarterback
, but you'll have to click over to Popehat to read Ken White's entertaining/infuriating take
on the union head's counterclaims.
Read More | 67 Comments | Leave a Comment..
Posted on Techdirt - 27 March 2015 @ 9:37am
The Pentagon may not know where some very sensitive equipment has disappeared to, but a variety of private resellers seem to have some idea where it might be found. A leaked US Naval Criminal Investigative Service (NCIS) document obtained by The Intercept details the agency's inability to keep track of its explosives-detecting equipment, bequeathed to it by the Defense Department's Joint Improvised Explosive Device Defeat Organization (JIEDDO).
While it did manage to track down some of its missing equipment at various equipment resellers (the document lists a variety of URLs, including ebay.com and craigslist.org), it still has no idea how much of it is still in the military's possession.
In all, more than 32,000 pieces of equipment were issued. Some kits are still in use, making it difficult to compile a precise inventory of what was issued and what might be missing.
The March 2014 document asks for assistance in locating missing devices to prevent them from being used against the US and its allies. It also points out that the failure to keep tabs on this equipment is mostly internal.
These investigations also determined the loss and theft of advanced technologies intended to give US military personnel tactical advantage on the battlefield was due to poor accountability controls by many of the military units who were issued the gear.
The Intercept managed to track down two eBay listings for NCIS equipment -- one from December of last year
and an active listing
for a CNVD-T Clip-On Night Vision Device Thermal System. For only $16,599, this equipment can be yours.... (Update: For what it's worth, the ebay seller featured below got in touch to insist that he is a licensed dealer of these items from the manufacturer, and that it's perfectly legal to sell these items
As is to be expected from a task force that is apparently unable to control its own inventory, JIEDDO isn't a great steward of taxpayer funds.
JIEDDO has been heavily criticized over the years for expending large sums of money without attaining clear results. According to a 2012 report by the Government Accountability Office, JIEDDO had spent over $18 billion yet lacked an effective way to oversee its programs.
And as is so often the case when the government finds new ways to hand out military gear, those receiving the handouts seem alarmingly unconcerned with keeping close tabs on the equipment's whereabouts. Last year, another Pentagon-related equipment dispersal program caught heat
for its lousy inventory control systems. The 1033 program, which hands out military equipment and weapons to local law enforcement agencies, is decentralized and disorganized, leading to 184 law enforcement agencies losing their access to militarization toys for misplacing everything from several assault rifles to an entire Humvee.
So, the Department of Defense may do several things well, but ensuring sensitive/powerful military gear remains in its control -- rather than in the hands of enemies or eBay users -- isn't one of them.
And, of course, the NCIS has refused to comment on the leaked document and has yet to make a bid it can neither confirm nor deny on its former property. If you're so inclined, you can always contact the not-quite-redacted Steve Sheldon, Intelligence Specialist (NCIS Southwest Field Office) at (619) 556-1106 and inquire as to whether ~$17,000 is a fair price for a "like new" clip-on night vision scope.
Read More | 17 Comments | Leave a Comment..
Posted on Techdirt - 27 March 2015 @ 8:18am
The TSA's PreCheck program also expedites security screening for "notorious convicted felons" and "former domestic terrorists." Who knew? From the sounds of its in-depth pre-screening efforts, you would think (unnamed) convicted felons wouldn't be able to sail past the checkpoint without even slowing down, but apparently, that's exactly what happened. And it's not just any former felon/domestic terrorist, but one who was previously convicted of murder and offenses involving explosives. (via Kevin Underhill/Lowering the Bar)
The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure alleging a sufficiently notorious convicted felon was improperly cleared for TSA Pre✓ screening, creating a significant aviation security breach. The disclosure identified this event as a possible error in the TSA Secure Flight program since the traveler’s boarding pass contained a TSA Pre✓ indicator and encrypted barcode.
The good news (such as it were) is that the TSA did not
grant the unnamed felon/terrorist PreCheck approval through its laborious and intrusive
application process. It also didn't wave him/her through because lines were backing up at the normal checkpoints. (This is called "Managed Inclusion" by the TSA, but it more resembles "For the Hell of It
" in practice…) That ends the good news.
It did, however, use its "risk assessment rules" to determine the terrorist/felon to be of no threat. This might be encouraging news for former felons/domestic terrorists, perhaps signaling that government agencies may ultimately forgive some criminal acts and not subject former felons to additional security harassment in perpetuity. Then again, this may just be the TSA's excuse for waving someone with questionable PreCheck clearance through security because a checkmark -- and its own internal bureaucracy -- told it to.
We also determined the Transportation Security Officer (TSO) followed standard operating procedures, but did not feel empowered to redirect the traveler from TSA Pre✓ screening to standard lane screening.
The OIG recommends more "empowerment" for rank-and-file. Good luck with that. If officers don't feel empowered, it's because management has shown them that questioning the (broken and wildly inconsistent) system isn't an option. Neither is doing any independent thinking. When this officer attempted to push it up the line, he/she ran into a pretty predictable response.
[T]he TSO knew of the traveler's TSA Pre✓disqualifying criminal convictions. The TSO followed the standard operating procedures and reported this to the supervisory TSO who then directed the TSO to take no further action and allow the traveler through the TSA Pre✓ lane. As a result, TSA does not have an incident report for this event.
One of the TSA's Behavioral Detection Officers (highly-trained in the art of the mental coin toss
) was also contacted by the concerned officer. And, again, no further action was taken/recommended.
In the end, a felon/terrorist boarded a plane because the TSA's bureaucratic process can't handle contradictory variables. The PreCheck approval said "yes," but the previous convictions said PreCheck approval should never have happened. The TSA deferred to the obviously incorrect checkmark on the boarding pass. And now we have the punchline to the joke that starts, "A murderer with explosives experience walks into a PreCheck lane…"
The OIG's mostly-redacted recommendation criticizing the TSA's over-reliance on fallible pre-screening processes was mostly ignored by the agency.
TSA officials did not concur with Recommendation 1. In its response, TSA said that with respect to individuals who may pose an elevated security risk to commercial aviation, theU.S. Government's approach to domestic aviation security relies heavily on the TSDB and its Selectee List and No Fly List subcomponents. TSA said, had the intelligence or national law enforcement communities felt that this traveler posed an elevated risk to commercial aviation, they would have nominated the traveler to one of these lists and prevented the traveler from being designated as lower-risk.
To which the OIG responded, "Well, that 's obviously not working because this traveler should have been automatically denied PreCheck approval."
We consider TSA's actions nonresponsive to the intent of Recommendation 1, which is unresolved and open. TSA said it relies on the U.S. Government watchlisting process to identify individuals that represent an elevated risk to commercial aviation. However, not all non-watchlisted passengers are lower-risk and eligible for TSA Pre✓. For example, TSA has established disqualifying criteria, in addition to the watchlisting process, for an applicant seeking TSA Pre✓ Application Program membership. TSA will deny membership to an applicant convicted of any of the 28 disqualifying criminal offenses or not a U.S. citizen or Lawful Permanent Resident. Even though the traveler is not watchlisted, the traveler would be permanently ineligible for TSA Pre✓.
And yet, a convicted murderer has been PreCheck approved. The TSA wants to blame the rest of the government. The OIG just wants someone to use common sense, rather than never questioning a boarding pass. The OIG has a good point. The TSA claims it's shifting to a smarter, more responsive travel security, like the PreCheck program and its many Behavioral Detection Officers. But when a situation involving both arose, it left the thinking to its brainstem -- unwavering faith in databases and policy -- rather than making any move indicative of higher thought processes.
Read More | 16 Comments | Leave a Comment..
Posted on Techdirt - 27 March 2015 @ 4:07am
With bots performing all sorts of intellectual property policing these days, fair use considerations are completely off the table. Nuances that can't be handled by a bot should theoretically be turned over to a human being in disputed cases. Unfortunately, dispute processes are often handled in an automated fashion, leading to even more problems.
Tolriq Yatse, the developer of a popular Xbox Media Center (XMBC) remote control app for Android phones, ran into this very problem with Google's Play Store, which suddenly dumped his app over "intellectual property violations" after more than 2 years of trouble-free listing. This might have been a quick fix if Google had been more forthcoming with details, but all Yatse received was a brief notice as his app was removed from the Play store.
Nothing was changed at all apart filling the new forced content rating form and suddenly lost all my revenues.
I hope someone human answer with details soon, but I'm joining the anger from all developers around about how #Google treat devs, take 30% share without problem but certainly do not do support or act as human when killing someone.
His complaints reached his fans and customers, who then made their presence felt. This finally prompted a Google human to give Yatse the details he needed so he could fix his app and get it relisted
Thank you for your additional comments.
As previously explained, your promotional images include content that you do not appear to have permission to distribute. For example, images related to films are most likely protected by the various studios that produced and released them. It is reasonable to assume that these would not be made legally available in public domain or via Creative Commons as most studios are extremely protective of their intellectual property. The same could be said of images from various TV series…
This part of Google's response refers to screenshots used in the app's listing. They used to look something like this…
The images used here are only indicative of the app's capabilities. Even if (obviously) unlicensed, the app doesn't promise anything more than control of XBMC content. It doesn't promise access to studios' offerings or otherwise act as a movie/TV show portal. In this context, the movie posters displayed in the screenshots would appear to fall under "fair use." Google's response to Yatse indicates that, even with a human now involved, the Play Store won't tolerate the use of unlicensed images in "promotional" screenshots.
In fact, fair use isn't even discussed. Instead, Google asked Yatse to prove ownership of the disputed artwork before the app could be relisted.
If you are able to prove otherwise, either via direct authorization from a studio representative or the location where you sourced these images (public domain and/or Creative Commons), we could review that information and reconsider the merits of this case.
The motivating factor for this non-consideration is potential litigation, according to the Google Play Team.
This may represent a change from two years ago in that most studios today will file complaints over use of their content unless someone has entered into an agreement with them on some level, and that should not come as a surprise to you.
Even with a direct response, there are still some gray areas the developer is left to address himself.
We are unable to provide specific guidance as to which images may be allowed, but we trust that you will use your best judgment based on what we have mentioned above and in previous communications.
As Yatse points out, this isn't good news for developers.
The answer is very interesting for all Google Play developers :
- Google will remove your application on suspicions and not on real facts.
- No human will check what you upload or say.
- It's nearly impossible to have a real contact and support.
- You need to try to fix problem yourself without details and hope to have it fixed before ban. (Very hard when in fact there's no problem)
Google Play has moved to preemptive takedowns, unprompted by studio complaints. This isn't a good thing. It may protect Google (but only slightly, considering the studios' ongoing antipathy
towards the tech company) but it does nothing for developers whose sales it takes a portion of.
In response, Yatse has swapped out the offending artwork for CC-licensed and public domain works. But even that wasn't enough for the Google bots. Those images had to be removed
before his app was approved for relisting.
#Yatse is now back on Play Store, without any images until I can figure out what the Google bot does not like in open sources ones.
This understandably limits his options and makes it much harder to convey the app's functionality. Here are the screenshots currently available at Google Play
, which show that Yatse (the app) is probably some sort of remote control program and has some color options.
So, based on no complaints from studios or other rights holders, an app comes down. And even with the use of properly-licensed images, it fails to be reinstated. And throughout all of the discussions, fair use isn't mentioned a single time. That's the reality of preemptive IP policing, and it's unlikely to change anytime soon.
49 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 3:47pm
Good news from California: a bill requiring warrants for Stingray device usage (among other things) has passed out of a Senate committee and is headed for an assembly vote.
Among other sweeping new requirements to enhance digital privacy, the bill notably imposes a warrant requirement before police can access nearly any type of digital data produced by or contained within a device or service.
In other words, that would include any use of a stingray, also known as a cell-site simulator, which can not only used to determine a phone’s location, but can also intercept calls and text messages. During the act of locating a phone, stingrays also sweep up information about nearby phones—not just the target phone.
Despite similar bills being killed by governor vetoes in 2012 and 2013, California legislators are still looking to reform the state's privacy laws. For one thing, this new bill would put the state's Electronic Communication Privacy Act in compliance with the Supreme Court's recent Riley v. California
decision (warrant requirement for cell phone searches incident to arrest), as Cyrus Farivar points out.
The committee passed it with a 6-1 vote, suggesting there's broader support for privacy and Fourth Amendment protections now
than there were in the pre-Snowden days. Of course, the usual opposition was on hand to portray those pushing for a warrant requirement as being in favor of sexually abusing children.
[Marty] Vranicar [California District Attorneys Association] told the committee that the bill would "undermine efforts to find child exploitation," specifically child pornography.
"SB 178 threatens law enforcement’s ability to conduct undercover child porn investigation. the so-called peer-to-peer investigations," he said. "Officers, after creating online profiles—these e-mails provide metadata that is the key to providing information. This would effectively end online undercover investigations in California."
Vranicar failed to explain how an officer conducting an ongoing investigation would be unable to obtain a warrant for PTP user data… unless, of course, the "investigation" was nothing more than unfocused trolling or a sting running dangerously low on probable cause. Nothing in the bill forbids officers from using other methods -- Fourth Amendment-respecting methods -- to pursue those suspected of child exploitation. What it does do is make it more difficult to run stings and honeypots, both of which are already on shaky ground in terms of legality.
Additionally, the bill
demands extensive reporting requirements pertaining to government requests for data, and makes an effort to strip away the secrecy surrounding search warrants.
1546.2 (a) Except as otherwise provided in this section, any government entity that executes a warrant or wiretap order or issues an emergency request pursuant to Section 1546.1 shall contemporaneously serve upon, or deliver by registered or first-class mail, electronic mail, or other means reasonably calculated to be effective, the identified targets of the warrant, order, or emergency request, a notice that informs the recipient that information about the recipient has been compelled or requested, and states with reasonable specificity the nature of the government investigation under which the information is sought. The notice shall include a copy of the warrant or order, or a written statement setting forth facts giving rise to the emergency.
(b) If there is no identified target of a warrant, wiretap order, or emergency request at the time of its issuance, the government entity shall take reasonable steps to provide the notice, within three days of the execution of the warrant, to all individuals about whom information was disclosed or obtained.
This isn't blanket coverage or without exceptions. Officers can still offer sworn affidavits in support of sealing to the court, which may then seal warrants on a rolling 90-day basis at its discretion.
Law enforcement will continue to fight this bill, but its opposition seemingly had no effect on the Public Safety Committee. This bill brings the government into a much tighter alignment with the wording and the intent of the Fourth Amendment. The arguments against it demonstrate that the law enforcement community continues to prize efficient policing over the public's (supposedly) guaranteed rights.
Read More | 12 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 2:36pm
Cyber-this and cyber-that. That's all the government wants to talk about. The NSA, which has always yearned for a larger slice of the cybersecurity pie, is pushing legislators to grant it permission to go all-out on the offensive to protect
foreign-owned movie studios the USofA from hackers.
NSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol’ NSA just doesn’t have the “cyber-offensive” capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody’s guess, but the idea that the NSA is somehow hamstrung is absurd.
Yes, we (or rather, our representatives) are expected to believe the NSA is just barely getting by when it comes to cyber-capabilities. Somehow, backdoors in phone SIM cards
, backdoors in networking hardware
, backdoors in hard drives
, compromised encryption standards
, collection points on internet backbones
, the cooperation of national security agencies around the world
, stealth deployment
of malicious spyware, the phone records
of pretty much every American, access to major tech company data centers
, an arsenal
of purchased software and hardware exploits, various odds and ends yet to be disclosed and the full support of the last two administrations just isn't enough. Now, it wants the blessing of lawmakers to do even more than it already does. Which is quite a bit, actually.
The NSA runs sophisticated hacking operations all over the world. A Washington Post report showed that the NSA carried out 231 “offensive” operations in 2011 - and that number has surely grown since then. That report also revealed that the NSA runs a $652m project that has infected tens of thousands of computers with malware.
That was four years ago -- a lifetime when it comes to an agency with the capabilities the NSA possesses. Anyone who believes the current numbers are lower is probably lobbying increased power. And they don't believe
it. They'd just act like they do.
Unfortunately, legislators may be in a receptive mood. CISA
-- CISPA rebranded -- is back on the table. The recent Sony hack
, which caused millions of dollars of embarrassment, has gotten more than a few of them fired up
about the oft-deployed term "cybersecurity." Most of those backing this legislation don't seem to have the slightest idea (or just don't care) how much collateral damage it will cause or the extent to which they're looking to expand government power.
The NSA knows, and it wants this bill to sail through unburdened by anything more than its requests for permission to fire.
The bill will do little to stop cyberattacks, but it will do a lot to give the NSA even more power to collect Americans’ communications from tech companies without any legal process whatsoever. The bill’s text was finally released a couple days ago, and, as EFF points out, tucked in the bill were the powers to do the exact type of “offensive” attacks for which Rogers is pining.
In the meantime, Section 215 languishes slightly, as Trevor Timm points out. But that's the least of the NSA's worries. It has tech companies openly opposing
its "collect everything" approach. Apple and Google are both being villainized by security and law enforcement agencies for their encryption-by-default
plans. More and more broad requests for user data are being challenged, and (eventually) some of the administration's minor surveillance tweaks will be implemented.
Section 215 may die. (Or it may keep on living even in death, thanks to some ambiguous language in the PATRIOT Act.) But I would imagine the bulk phone metadata is no longer a priority for the NSA. It has too many other programs that harvest more and face fewer challenges. The NSA wants to be a major cyberwar player, which is something that will only increase its questionable tactics and domestic surveillance efforts. If it gets its way via CISA, it will be able to make broader and deeper demands for information from tech companies. Under the guise of "information sharing," the NSA will collect more
less. And what it does share will be buried under redactions, gag orders and chants of "national security." Its partnerships with tech companies will bear a greater resemblance to parasitic relationships than anything approaching equitable
, especially when these companies will have this "sharing" foisted upon them by dangerously terrible legislation.
But until it reaches that point, the NSA will keep claiming it's under-equipped to handle the modern world. And it will continue to make the very dubious claim that the best defense is an unrestrained offense.
27 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 12:32pm
Well, this is (potentially) good news. New York is going forward with the first "right to repair" bill in the nation, as pointed out on Twitter by Amanda Levendowski. The bill will allow constituents to bypass manufacturer-authorized dealers/repair centers and use smaller (and cheaper) repair outlets. Or, if neither seems within the price range, they're more than welcome to perform these repairs -- using previously-hidden manufacturer specs and instructions -- themselves.
Perhaps the best thing about the bill (if it passes with as few loopholes as possible) is that it will eliminate the sort of ridiculousness that has been the end result of this tight grip on repair "permission." Like Immigrations and Customs Enforcement (ICE) raiding repair shops for using aftermarket products. Or teens being sued by multi-billion dollar companies for doing the same. Or local governments requiring unrelated licenses to be obtained before a person can start offering repairs.
Here's what's being authorized before the exceptions kick in. (ALL CAPS in the original.)
MANUFACTURERS OF DIGITAL ELECTRONIC PARTS AND MACHINES SOLD OR USED IN THE STATE OF NEW YORK SHALL:
I. MAKE AVAILABLE FOR PURCHASE BY INDEPENDENT REPAIR FACILITIES OR OTHER OWNERS OF PRODUCTS MANUFACTURED BY SUCH MANUFACTURER DIAGNOSTIC AND REPAIR INFORMATION, INCLUDING REPAIR TECHNICAL UPDATES, UPDATES AND CORRECTIONS TO FIRMWARE, AND RELATED DOCUMENTATION, IN THE SAME MANNER SUCH MANUFACTURER MAKES AVAILABLE TO ITS AUTHORIZED REPAIR CHANNEL. EACH MANUFACTURER SHALL PROVIDE ACCESS TO SUCH MANUFACTURER'S DIAGNOSTIC AND REPAIR INFORMATION SYSTEM FOR PURCHASE BY OWNERS AND INDEPENDENT REPAIR FACILITIES UPON FAIR AND REASONABLE TERMS; AND
II. MAKE AVAILABLE FOR PURCHASE BY THE PRODUCT OWNER, OR THE AUTHORIZED AGENT OF THE OWNER, SUCH SERVICE PARTS, INCLUSIVE OF ANY UPDATES TO THE FIRMWARE OF THE PARTS, FOR PURCHASE UPON FAIR AND REASONABLE TERMS…
EACH MANUFACTURER OF DIGITAL ELECTRONIC PRODUCTS SOLD OR USED IN THE STATE OF NEW YORK SHALL MAKE AVAILABLE FOR PURCHASE BY OWNERS AND INDEPENDENT REPAIR FACILITIES ALL DIAGNOSTIC REPAIR TOOLS INCORPORATING THE SAME DIAGNOSTIC, REPAIR AND REMOTE COMMUNICATIONS CAPABILITIES THAT SUCH MANUFACTURER MAKES AVAILABLE TO ITS OWN REPAIR OR ENGINEERING STAFF OR ANY AUTHORIZED REPAIR CHANNELS. EACH MANUFACTURER SHALL OFFER SUCH TOOLS FOR SALE TO OWNERS AND TO INDEPENDENT REPAIR FACILITIES UPON FAIR AND REASONABLE TERMS.
That's the good part. But there are potential loopholes in the bill already, including a major exception for one of the most tightlipped industries: auto manufacturers.
NOTHING IN THIS SECTION SHALL APPLY TO MOTOR VEHICLE MANUFACTURERS OR MOTOR VEHICLE DEALERS AS DEFINED IN THIS SECTION.
If any industry needs to be covered under a "right to repair," it's the auto industry, which has continually abused intellectual property laws
to keep the general public from diagnosing their own vehicles in order to perform their own repairs.
There's other potential bad news in there as well.
NOTHING IN THIS SECTION SHALL BE CONSTRUED TO REQUIRE A MANUFACTURER TO DIVULGE A TRADE SECRET.
Yeah. Guess what's going to start being declared "trade secrets?" Probably almost everything the bill orders manufacturers to make available to the public. Even if this bill passes, there's going to be a ton of litigation over what does and does not define a "trade secret." In the meantime, the public will be no better off than they were before the bill's passage.
And there's this exception, which would seem to pick up whatever slack "trade secrets" can't.
NOTHING IN THIS SECTION SHALL BE CONSTRUED TO REQUIRE MANUFACTURERS OR AUTHORIZED REPAIR PROVIDERS TO PROVIDE AN OWNER OR INDEPENDENT REPAIR PROVIDER ACCESS TO NON-DIAGNOSTIC AND REPAIR INFORMATION PROVIDED BY A MANUFACTURER TO AN AUTHORIZED REPAIR PROVIDER PURSUANT TO THE TERMS OF AN AUTHORIZING AGREEMENT.
"Non-diagnostic" could become the new "diagnostic." And the use of the word "and" seems to make "repair information" off-limits if any agreements are already in place with authorized dealers and repair shops.
There's also a good chance the bill's "fair and reasonable terms" will be construed as permission to price independent repair shops and the general public out of the market. Legislators obviously can't set base prices (or even determine a fair market price -- that information is kept under wraps as well), so the suggestion of a "fair" price is open to advantageous interpretation. There's an attempt to set some limits in the bill's definitions, with the most significant one being "THE ABILITY OF AFTERMARKET TECHNICIANS OR SHOPS TO AFFORD THE INFORMATION," but that, again, is going to generate a lot of friction (possibly of the litigious variety) when manfacturers and the rest of the public repeatedly fail to agree on the definition of "affordable."
Still, it's more than most governments are willing to attempt. Massachusetts passed one in 2013
-- one that targeted
auto manufacturers and dealers. It met with the usual resistance
from the auto industry (both ends) but gathered 86% of the public's votes, clearly signaling unhappiness with the automakers' closed systems. A federal "right to repair" law has been mooted several times
, but has never gained significant traction.
If this bill is going to succeed as a law, legislators need to do some loophole stitching pre-passage, and regulators will need to keep a very close eye on reticent manufacturers after it becomes law.
Read More | 13 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 11:33am
Since the Snowden leaks began, there have been several efforts made -- legislative and administrative -- in response to the exposure of the NSA's domestic surveillance programs. Some have been real fixes. Some have been fake fixes. Others have targeted the thing the NSA desires even more than seemingly limitless access to data from all over the world: funding.
But none of these, not even the President's weak reform efforts, have managed to take hold. Neither will this, most likely, although you have to admire the audacity of the bill's authors, Reps. Thomas Massie and Marc Pocan.
The bill would completely repeal the Patriot Act, the sweeping national security law passed in the days after Sept. 11, 2001, as well as the 2008 FISA Amendments Act, another spying law that the NSA has used to justify collecting vast swaths of people's communications through the Internet.
If anything's due for a complete revamp, if not a complete repeal, it's the Patriot Act. It wasn't even good legislation back when it was passed. At best, it was "timely," which is a term that gives the rushed, secretive, knee-jerk legislation far more credit than it deserves. Pocan and Massie's (the latter of which has just introduced
a new phone-unlocking bill with Rep. Zoe Lofgren to replace the bad one
passed by the House in 2014) "Surveillance State Repeal Act
" doesn't waste any time "tinkering around the edges."
Not only would the bill repeal the law, it would reset anything (amendments/additional government powers) brought into force by the Patriot Act and
the FISA Amendments Act of 2008. On top of that, it would demand the immediate deletion of tons of data from the NSA's collections.
DESTRUCTION OF CERTAIN INFORMATION.—The Director of National Intelligence and the Attorney General shall destroy any information collected under the USA PATRIOT Act (Public Law 107-56) and the amendments made by such Act, as in effect the day before the date of the enactment of this Act, concerning a United States person that is not related to an investigation that is actively ongoing on such date.
The bill, oddly, also describes a path towards FISA Judge For Life positions.
TERMS; REAPPOINTMENT.—Section 103(d) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1803(d)) is amended— (1) by striking ‘‘maximum of seven’’ and inserting ‘‘maximum of ten’’; and (2) by striking ‘‘and shall not be eligible for re-designation’’.
Which is fine (not really) if you like
the judges already appointed. But this is the sort of thing that leads to the permanent appointment of judges favored by either side of the surveillance question. And so far, presidential administrations have come down in favor of domestic surveillance. Removing the term limits just encourages the appointment of permanent NSA rubber stamps
The bill creates a warrant requirement for the acquisition of US persons' data under the FISA Amendments Act and
Executive Order 12333. It also expressly forbids a government mandate for encryption backdoors
, although the first sentence of this section seems to be a rather large loophole.
Notwithstanding any other provision of law, the Federal Government shall not mandate that the manufacturer of an electronic device or software for an electronic device build into such device or software a mechanism that allows the Federal Government to bypass the encryption or privacy technology of such device or software.
If this bill somehow manages to pass a round or two of scrutiny, language tweaks will certainly be requested -- possibly leading to a complete subversion of the bill's intent. But that's a huge
"if." Very few legislators have the stomach to gut the Patriot Act or
the FISA Amendments Act. Many will be happy to entertain smaller fixes, but most won't be willing to essentially strip the NSA of its domestic surveillance powers. No one wants to be the "yea" vote that's pointed to in the wake of a terrorist attack and only a few more are actually willing to go head-to-head with the intelligence agency.
Read More | 30 Comments | Leave a Comment..
Posted on Techdirt - 26 March 2015 @ 10:31am
CNN and Fox had the market cornered on ridiculous airplane crash theories, up until recently. When Malaysia Airlines Flight 17 just up and vanished, CNN produced wall-to-wall coverage seemingly cribbed from low-rent conspiracy theory sites. UFO? Black hole? Any and all theories were entertained.
Fox News hasn't exactly been the epitome of restraint, either. While it managed to avoid following CNN down these plane crash rabbit holes, it too has entertained some theories better left to operations that don't claim "news" to be a major part of their offerings. Fox News host Anna Kooiman suggested the metric system was to blame, what with kilometers being different than miles and Celsius and Fahrenheit not seeing eye-to-eye, potentially leading to some sort of in-flight calculation error.
MSNBC has decided it won't let its competition be the only "news" agencies spouting ridiculous theories. In an effort to get out ahead of the facts -- black box recordings indicated the co-pilot of the aircraft deliberately crashed the plane after locking the commanding pilot out of the cockpit -- MSNBC allowed the following theory to be presented -- completely unchallenged -- by one of its guests.
“There’s one possibility that no one has brought up, and I wonder could this be a hacking incident?” former commercial pilot Jay Rollins told MSNBC’s Diaz-Balart. “This is very similar in my mind to what happened when the U.S. lost that drone over Iran. The same thing, suddenly the aircraft was responding to outside forces…"
Rollins said that the plane’s descent was “worrisome” because “it makes me think about hacking, some sort of interference into the computer system.”
Now, hacking a plane isn't impossible
. At 2013's Hack in the Box conference, German security consultant Hugo Teso used his own app -- PlaneSploit -- to demonstrate that an Android phone could be used to reroute a plane, send it diving towards the ground or to set off every alarm in the aircraft
Or not. Teso's demonstration involved sending flight information to airborne planes with these instructions (in a simulated environment, of course) via ACARS (Aircraft Communications and Response Addressing System) to the FMS (Flight Management System). But there were multiple problems with his plan. First of all, the flight computer has to accept
the new instructions and, secondly, pilots would have to be unable to override bad instructions. Neither of which are a distinct possibility.
Patrick Smith, another commercial airline pilot, albeit one far less likely to openly speculate on "hacked" planes than Jay Rollins, pointed out the flaws in Teso's hack
The problem is, the FMS — and certainly not ACARS — does not directly control an airplane the way people think it does, and the way, with respect to this story, media reports are implying. Neither the FMS nor the autopilot flies the plane. The crew flies the plane through these components. We tell it what to do, when to do it, and how to do it. Whatever data finds its way into the FMS, and regardless of where it’s coming from, it still needs to make sense to the crew. If it doesn’t, we’re not going to allow the plane, or ourselves, to follow it.
The sorts of disruptions that might arise aren’t anything a crew couldn’t notice and easily override. The FMS cannot say to the plane, “descend toward the ground now!” or “Slow to stall speed now!” or “Turn left and fly into that building!” It doesn’t work that way. What you might see would be something like an en route waypoint that would, if followed, carry you astray of course, or an altitude that’s out of whack with what ATC or the charts tells you it ought to be. That sort of thing. Anything weird or unsafe — an incorrect course or altitude — would be corrected very quickly by the pilots.
So, the problem isn't that hacking is impossible. It's just very, very
unlikely. And in this case, hacking had nothing to do with the plane crash.
No, the problem is that news agencies looking to wring every bit of ratings possible from a tragedy are willing to make viewers stupider under the guise of "news." When facts just aren't available, 24-hour news teams lean heavily on whatever theory will provide the most entertainment (for lack of a better word). Former pilot Jay Rollins may have three decades of experience, but his speculation draws on none of it. Instead, it just takes a bit of what's selling right now (anything "cyber"
) and what has always
sold (fear) and leaves the viewers with less
information than they would have obtained by skipping the coverage completely. The truth, however, is simultaneously more horrific (in that there's little that can be done to thwart a pilot determined to crash a plane) than the "hacked plane" theory and more mundane -- at least in terms of "exciting" news coverage.
50 Comments | Leave a Comment..
Posted on Techdirt - 25 March 2015 @ 2:50pm
Asset forfeiture -- both at state and national levels -- is receiving some intense scrutiny, thanks to unflattering coverage in major news outlets like the New York Times and Washington Post. Attorney General Eric Holder made some minor cuts to the DOJ's participation in states' forfeiture programs. Meanwhile, at the state level, legislators have introduced bills targeting these programs' perverted incentives -- namely, that the agency performing the asset seizure usually benefits directly from the "forfeited" wealth.
It hasn't always been successful. Wyoming legislators were shot down by the governor -- a former prosecutor -- who explained that asset forfeiture is "good" and "right" -- something it rarely is in practice. Washington DC's city council managed to push its reform bill through, placing more constraints on seizures and raising the evidentiary standard needed to declare other people's assets "guilty."
Back at the national level, Sen. Chuck Grassley is raising some pointed questions about the US Marshals' use of asset forfeiture funds. He sent two letters to the agency recently, the first of which questioned its hiring practices.
Grassley said a whistleblower claimed that Kimberly Beal, then the deputy assistant director of the AFD, had qualification requirements waived to hire a person for a high-paying contract who was recommended by Stacia Hylton, the director of the Marshals Service. According to the whistleblower, Beal did so while under consideration for her current position of assistant director, raising suspicions that the hiring was a quid pro quo arrangement.
“This quid pro quo exchange of favors, if true, would raise serious doubts about the operational practices of the USMS AFD under Ms. Beal as well as, frankly, Ms. Hylton’s leadership of the USMS,” Grassley’s office said in the letter.
The second letter
questions the Marshals Service's appetite for office luxuries.
1. Regarding AFD offices at Crystal Mall 4, please answer the following questions:
a. Did AFD purchase a conference table that exceeded $10,000 in cost? If so, what was the cost and why was a less expensive table not considered?
b. Did AFD replace window treatments already provided for in the office lease with expensive custom window treatments? If so, why and what was the cost?
c. Did AFD install custom wallpaper, artwork, crown moldings, and chair rails in its offices? If so, why and at what cost for each of these installations?
d. Does AFD intend to expend similar amounts to decorate and furnish new office space it anticipates moving into in the near future? What will happen to the furnishings and decorations after AFD moves out?
That's the most eyegrabbing part of Grassley's letter but the rest asks similar -- if less dramatic -- questions about the agency's spending habits.
The US Marshals Service doesn't necessarily have a long history of asset forfeiture abuse, but it has previously been called out by the DOJ's Inspector General for being less than accurate with its bookkeeping
In at least eight of the 55 cases taken up by the asset team between 2005 and 2010, the purchaser or the price of the asset was not recorded. On top of that, the team failed to perform sufficient market research to properly value the assets it was eyeing; for some of them, it couldn’t even provide the OIG with bank statements and other basic documentation.
More damning was the OIG's discovery
of a huge conflict of interest. Another
whistleblower uncovered lead asset forfeiture official Leonard Briskman's extremely fortuitous moonlighting gig. Briskman, who appraised assets for the US Marshals Service, ran his own private appraisal business on the side
The inspector general reported that in several instances, Briskman valued and sold the same asset himself without supervision by anyone in the marshal’s office. In addition, he failed to publicly announce the sale of some assets, which limited their availability to the general public. In one case, an assistant U.S. Attorney from the Southern District of New York objected to a decision by Briskman to sell assets that had been seized during the Bernard Madoff case–more than one million shares of a pet prescription firm and a 5 percent stake in another investment portfolio–without announcing the sale.
The US Marshals Service doesn't need to dirty its hands by performing seizures. All it has to do is sit there and wait for assets from equitable sharing programs
to roll in. And roll in they do, thanks to local law enforcement agencies partnering up with the DOJ to avoid state laws put in place to limit the sort of abuse that is all too frequent when cops are given the authority to declare money, vehicles and other property guilty on the spot.
As would befit any government agency spending other people's money and divesting itself of other people's property, the US Marshals Service buys $10,000 tables and does little to ensure its auctioned items return something close to market value. Because of its lax accounting and questionable appraisals, money from sales went AWOL and what it did receive from auctions was likely less than it would have obtained with a bit more diligence and competence.
Whether Grassley will receive any answers to his questions remains to be seen, but the recent history of the US Marshals Service doesn't indicate it's an agency enthralled with concepts like fiscal responsibility and public accountability. If the agency is blowing seized funds on pricey tables and custom window treatments, it's going to take more than a couple of angry letters to change its "Spend it like you seized it!" culture.
22 Comments | Leave a Comment..
More posts from Capitalist Lion Tamer >>