Category Archives: Regulatory matters

Fingerprint-electronicInvestigation

Are You Unique – How to Check Your Browser Fingerprints & Online Privacy?

Think you have taken all measures to remain anonymous and untraceable online? Or are you still (unknowingly) leaving browser fingerprints that can be traced to you and your devices?

The good news is, there’s a way to check and confirm if you are unique in cyberspace.

A browser fingerprint, or device fingerprint, is the systematic collection of information about a remote device for identification purposes, even when cookies are turned off.

There’s a web site “Am I Unique” which you can visit and check by clicking “View my browser fingerprint” as shown below:

Fingerprinting-Browser

That should give much food for thoughts for the Christmas holidays?

According to a recent international survey on 23,376 Internet users in 24 countries, carried out between October 7, 2014 and November 12, 2014, which found some 64 percent confessed they’re more concerned today about online privacy than they were a year ago.

Privacy-survey

That’s one way to gauge the post-Snowden effects. And if you still wonder why privacy matters, I highly recommend the Glenn Greenwald’s TEDTalk on “Why Privacy Matters“.

Surveillance-Homes

Shhh… US Federal Court: Warrantless Surveillance Footage in Public Areas is an Invasion of Privacy

Guess one would easily assume privacy does not apply in public areas – just look at the proliferation of CCTV cameras in the streets.

Well, that’s probably not necessarily the case judging by one recent court ruling in Washington. It may be good news for the general public and bad news for law enforcement.

Now first, many would probably associate the following 2 photos with typical covert surveillance operations, whereby operatives waited patiently to snap photos (and video) evidence of their subjects.

Surveillance-Detectives

Surveillance-Detectives2

But in this case involving the Washington police and Leonel Vargas (an “undocumented” immigrant suspected of drug trafficking), the authorities had a better idea.

The police planted a video camera, without a warrant, on a nearby utility pole 100 yards from Vargas’ rural Washington state house and shot 6 weeks worth of footage of his front yard whereby they eventually captured convincing evidence.

Vargas challenged the case on the grounds of violation of his privacy, which the government argued was not valid as his front yard is a public space and thus privacy does not apply.

The evidence put forward by the authorities was subsequently thrown out of the court by US District Judge Edward Shea, whose ruling is well summed up as such:

Law enforcement’s warrantless and constant covert video surveillance of Defendant’s rural front yard is contrary to the public’s reasonable expectation of privacy and violates Defendant’s Fourth Amendment right to be free from unreasonable search. The video evidence and fruit of the video evidence are suppressed.

Find out more about this case from here and there.

Sydney

One Question on the Sydney Siege: Why didn’t the Snipers Shoot Earlier?

I’m troubled by the Sydney siege at the Lindt Chocolate Café in Martin Place that has just concluded with 3 fatalities and 3 injured.

For starters, here’s one easy question: What’s wrong with these pictures (above from 7 News and the 2 below) and the video below (watch from 2:06 onwards)?

Sydney siege gunman-PIC
Photo credit: 7 News

Sydney-LindtCafeSeige-PIC
Picture: Ross Schultz Source: News Corp Australia

Now, the real question is: Where were the snipers? And why didn’t they shoot when they had the chance?

(Snipers reportedly manned nearby rooftops and shouted “Hostage down, window two” only when tactical police stormed the café at the end of the siege.)

If the media had these clear shots of the gunman Man Haron Monis, why didn’t the authorities have the snipers to take him down within the 16 hours window? If the snipers were not in a better position than the media, surely they have enough time to move for better views, rooftop or on the ground? The snipers of course need clearance from their commanders who should be on site with their squads. So does that mean the authorities did not want to kill him for whatever reasons?

Certainly many complicated questions but in any case, there were 17 hostages at stake and the police did not move in for the kill until (negotiations apparently failed and) there were gunshots within the café?

I have only one potential explanation: the authorities were concerned with the hostage taker’s claims that there were other explosive devices planted around the city – and the police have intelligence that he has comrades who would trigger those devices if he’s dead (I know it’s easier said than done but with good use of negotiators and intelligence, and a good 16-hour timeframe, the police and intelligence agencies could have established if he has other accomplices to detonate those devices, if any – plus it’s not that Man Haron Monis was any stranger to the Australian authorities. They should have a huge file on him all along).

Anything short (and as it turned out, his former lawyer, Manny Conditsis, reportedly told the media that Monis was an isolated figure who had acted alone), it’s sad to see yet another case whereby the authorities have not followed protocol in hostage situations: Take the man down (at the very opportunity).

It’s reminiscent of the Manila hostage event of 23 August 2010, when the hostage taker, former Philippines police officer Rolando Mendoza, hijacked a tourist bus with 25 hostages onboard. He was in plain sight (see picture below) several times, more than sufficient for the snipers to decide where to aim. But the Philippines authorities missed the opportunities, resulting in 9 deaths (including the perpetrator).

Manila-BusHostage-PIC

A longer version of this column appears in AsiaSentinel.com

MichaelHayden

Shhh… Michael Hayden on the Senate’s CIA Interrogation Report

Photo (above) credit: CIA

I like to share this POLITICO MAGAZINE exclusive interview with former CIA Director (May 30, 2006 – February 12, 2009) Michael Hayden on the release of the US Senate’s report.

Michael Hayden Is Not Sorry
The Senate report rakes Bush’s former CIA director over the coals. He fires back in an exclusive interview.

By MICHAEL HIRSH
December 09, 2014

Though the CIA’s “enhanced interrogation” program long predated his takeover of the agency in 2006, former Director Michael Hayden has found himself at the center of the explosive controversy surrounding the Senate Intelligence Committee’s executive summary of its still-classified report on torture. In a long, impassioned speech on the floor Tuesday, Committee Chair Dianne Feinstein cited Hayden’s testimony repeatedly as evidence that the CIA had not been forthright about a program that the committee majority report called brutal, ineffective, often unauthorized “and far worse than the CIA represented to policymakers and others.” She publicly accused Hayden of falsely describing the CIA’s interrogation techniques “as minimally harmful and applied in a highly clinical and professional manner.” In an interview with Politico Magazine National Editor Michael Hirsh, Hayden angrily rebuts many of the report’s findings.

Michael Hirsh: The report concludes, rather shockingly, that Pres. George W. Bush and other senior officials—including Defense Secretary Donald Rumsfeld for a time and Secretary of State Colin Powell—were not aware of many details of the interrogation programs for a long period. According to CIA records, it concludes, no CIA officer including Directors George Tenet and Porter Goss briefed the president on the specific enhanced interrogation techniques before April 2006. Is that true?

Michael Hayden: It is not. The president personally approved the waterboarding of Abu Zubaydah [in 2002]. It’s in his book! What happened here is that the White House refused to give them [the Senate Intelligence Committee] White House documents based upon the separation of powers and executive privilege. That’s not in their report, but all of that proves that there was dialogue was going on with the White House. What I can say is that the president never knew where the [black] sites were. That’s the only fact I’m aware that he didn’t know.

Hirsh: The report directly challenges your truthfulness, repeatedly stating that your testimony on the details of the programs –for example on whether the interrogations could be stopped at any time by any CIA participant who wanted them halted— is “not congruent with CIA records.” Does that mean you weren’t telling the truth?

Hayden: I would never lie to the committee. I did not lie.

Hirsh: Does it mean that you, along with others at senior levels, were misled about what was actually going on in the program?

Hayden: My testimony is consistent with what I was told and what I had read in CIA records. I said what the agency told me, but I didn’t just accept it at face value. I did what research I could on my own, but I had a 10-day window in which to look at this thing [the committee’s request for information]. I was actually in Virginia for about 30 hours and studied the program for about three before I went up to testify. I was trying to describe a program I didn’t run. The points being made against my testimony in many instances appear to be selective reading of isolated incidents designed to prove a point where I was trying to describe the overall tenor of the program. I think the conclusions they drew were analytically offensive and almost street-like in their simplistic language and conclusions. The agency has pushed back rather robustly in its own response.

Hirsh: You seem upset.

Hayden: Yeah, I’m emotional about it. Everything here happened before I got there [to the CIA], and I’m the one she [Sen. Feinstein] condemns on the floor of the Senate? Gee, how’d that happen? I’m the dumb son of a bitch who went down and tried to lay out this program in great detail to them. I’m mentioned twice as much in there as George Tenet—but George and Porter Goss had 97 detainees during their tenure, while I had two.

Hirsh: Is there anything you think the report gets right?

Hayden: All of us are really upset because we could have used a fair and balanced review of what we did. … The agency clearly admits it was fly-by-wire in the beginning. They were making it up as they went along and it should have been more well-prepared. They’ve freely admitted that. They said that early on they lacked the core competencies required to undertake an unprecedented program of detaining and interrogating suspected terrorists around the world. But then what the committee does is to take what I said out of context. They take statements I made about the later days of the program, for example when I said it was well-regulated and there were medical personnel available, etc., and then apply it to the early days of the program, when there were not. It misrepresents what I said.

Hirsh: One of the most stunning and cited conclusions of the report is that interrogations of CIA detainees were brutal and far worse than the CIA represented to policymakers and others.

Hayden: That is untrue. And let me give you a data point. John Durham, a special independent prosecutor, over a three-year period investigated every known CIA interaction with every CIA detainee. At the end of that the Obama administration declined any prosecution. [In 2012, the Justice Department announced that its investigation into two interrogation deaths that Durham concluded were suspicious out of the 101 he examined—those of Afghan detainee Gul Rahman and Iraqi detainee Manadel al-Jamadi—would be closed with no charges.] So if A is true how does B get to be true? If the CIA routinely did things they weren’t authorized to do, then why is there no follow-up? I have copies of the DOJ reports they’re using today. The question is, is the DoJ going to open any investigation and the DoJ answer is no. You can’t have it both ways. You can’t have all this supposed documentary evidence saying the agency mistreated these prisoners and then Barack Obama’s and Eric Holder’s Department of Justice saying no, you’ve got bupkis here.

Hirsh: What about the report’s overarching conclusion that these enhanced techniques simply were not effective at getting intelligence?

Hayden: My very best argument is that I went to [then-Deputy CIA Director] Mike Morell and I said, ‘Don’t fuck with me. If this story [about the usefulness of intelligence gained from enhanced techniques] isn’t airtight then I’m not saying it to Congress.’ They came back and said our version of the story is correct. Because of this program Zubaydah begat [Khalid Sheikh Mohammed], who begat [others]. We learned a great deal from the detainees.

Hirsh: The report says that even the CIA’s inspector general was not fully informed about the programs—that in fact the CIA impeded oversight by the IG.

Hayden: The IG never told me that. The IG never reported that to Congress. Look, I’m relying on people below me. If they tell you an untruth, you get rid of them. But I never felt I was being misled, certainly not on the important contours of this program. What they [the committee] are doing is grabbing emails out of the ether in a massive fishing expedition. This is a partisan report, as you can see from the minority report out of the committee.

Hirsh: Can you sort out the discrepancy between your testimony that there were only 97 detainees in the history of the program when the report says there 119?

Hayden: We knew there were more. The high-value-target program—they don’t show up on my list if they’re at the [black] sites. And committee knew all about that. They have chapter and verse from [former CIA IG John] Helgerson about it. It’s a question of what criteria you use. When I met with my team about these discrepancies, I said, ‘You tell [incoming CIA director] Leon Panetta he’s got to change the numbers that have been briefed to Congress.’

Hirsh: The report suggests that you misrepresented what you told Congress in the briefings, telling a meeting of foreign ambassadors to the United States in 2006 that every committee member was “fully briefed.”

Hayden: I mean what are they doing—trying to score my public speeches? What’s that about? You want me to go out and score Ron Wyden’s speeches?

Hirsh: You don’t believe you’re in legal jeopardy?

Hayden: No, not at all. I didn’t do anything wrong. How could I be in legal jeopardy?

Michael Hirsh is national editor for Politico Magazine.

CIAreport-Guatanamo

The US Senate Intelligence Committee & CIA Interrogation Report – A Closer Look at the Tortures at Guantanamo Bay

CIA-guantanamo

In view of the huge trove of news coverage following the release of the long overdue and highly anticipated CIA Interrogation report (the BBC has a nice summary of the 20 key findings) by the US Senate Intelligence Committee on Tuesday, I thought it is good to (re)view this UK’s Channel 4 “Guantanamo Handbook” documentary.

It is a reenactment of the tortures at one of the most well known US military prisons in Cuba called the Guantanamo Bay detention camp, also referred to as Guantánamo, G-bay or GTMO – whereby 7 British volunteered to be detainees and subjected to selected CIA-style tortures for 48 hours.

Most notably, one volunteer who started off saying he supported the torture program as a means to gather intelligence and save lives – as per White House speaks – was the first to withdraw on medical grounds after just 10 hours, saying even though he had “strong views” earlier, he has “become more sympathetic of what’s going on there than before” and felt lucky he was “pulled” (out of the program).

Action speaks louder than words? Period.

iPhone-Encryption

Shhh… DOJ Uses 18th Century Law to Make Apple Unlock Encrypted iPhones

It’s time to raise the antenna again on smartphone encryption matters.

Law enforcement agencies, particularly the FBI, have been desperately pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption. And authorities are apparently giving in.

According to an exclusive report by Ars Technica (below) earlier this week, court documents from 2 federal criminal cases in New York and California show the US Department of Justice on October 31 this year went as far as exercising a 18th century law – the All Writs Act – to compel Apple and at least one other company to cooperate with law enforcement officials in investigations dealing with locked and encrypted smartphones.

The 225-year-old law gives the courts the right to issue whatever writs or orders in order to compel someone to do something.

To the extent that Apple has recently beefed up encryption in its latest iOS 8, the fact that the DOJ would go to such absurd lengths might set worrying precedence – recall a recent ludicrous DOJ assertion that the new encryption standards would kill a child.

A more disturbing question: What would you do if you were FBI director James Comey making his rounds to denounce smartphone encryption?

Make the DOJ use the All Writs Act to force manufacturers to install convenient backdoors. Why not?

—————————————-

Feds want Apple’s help to defeat encrypted phones, new legal case shows

Prosecutors invoke 18th-century All Writs Act to get around thorny problem.
by Cyrus Farivar – Dec 1 2014, 10:00pm CST

OAKLAND, CA—Newly discovered court documents from two federal criminal cases in New York and California that remain otherwise sealed suggest that the Department of Justice (DOJ) is pursuing an unusual legal strategy to compel cellphone makers to assist investigations.

In both cases, the seized phones—one of which is an iPhone 5S—are encrypted and cannot be cracked by federal authorities. Prosecutors have now invoked the All Writs Act, an 18th-century federal law that simply allows courts to issue a writ, or order, which compels a person or company to do something.

Some legal experts are concerned that these rarely made public examples of the lengths the government is willing to go in defeating encrypted phones raise new questions as to how far the government can compel a private company to aid a criminal investigation.

Two federal judges agree that the phone manufacturer in each case—one of which remains sealed, one of which is definitively Apple—should provide aid to the government.

Ars is publishing the documents in the California case for the first time in which a federal judge in Oakland specifically notes that “Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.”

The two orders were both handed down on October 31, 2014, about six weeks after Apple announced that it would be expanding encryption under iOS 8, which aims to render such a data handover to law enforcement useless. Last month, The Wall Street Journal reported that DOJ officials told Apple that it was “marketing to criminals” and that “a child will die” because of Apple’s security design choices.

Apple did not immediately respond to Ars’ request for comment.

Meet the “All Writs Act”

Alex Abdo, an attorney with the American Civil Liberties Union, wondered if the government could invoke the All Writs Act to “compel Master Lock to come to your house and break [a physical lock] open.”

“That’s kind of like the question of could the government compel your laptop maker to unlock your disk encryption?” he said. “And I think those are very complicated questions, and if so, then that’s complicated constitutional questions whether the government can conscript them to be their agents. Then there’s one further question: can the government use the All Writs Act to compel the installation of backdoors?”

But, if Apple really can’t decrypt the phone as it claims, the point is moot.

“Then that’s pretty much the end of it,” Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, told Ars. “The writ doesn’t require Apple to do something that is impossible for it to do.”

Andrew Crocker, a legal fellow also at the Electronic Frontier Foundation, pointed out on Twitter on Tuesday that back in 2005, a different New York magistrate refused to accept the government’s invocation of the All Writs Act to obtain real-time cell site data.

As Magistrate Judge James Orenstein wrote at the time:

Thus, as far as I can tell, the government proposes that I use the All Writs Act in an entirely unprecedented way. To appreciate just how unprecedented the argument is, it is necessary to recognize that the government need only run this Hail Mary play if its arguments under the electronic surveillance and disclosure statutes fail.

The government thus asks me to read into the All Writs Act an empowerment of the judiciary to grant the executive branch authority to use investigative techniques either explicitly denied it by the legislative branch, or at a minimum omitted from a far-reaching and detailed statutory scheme that has received the legislature’s intensive and repeated consideration. Such a broad reading of the statute invites an exercise of judicial activism that is breathtaking in its scope and fundamentally inconsistent with my understanding of the extent of my authority.

“Any capabilities [Apple] may have to unlock the iPhone”

One of the new phone search cases was filed in federal court in Oakland, just across the bay from San Francisco, while another was filed in federal court in Manhattan.

In the Oakland case, prosecutors asked a federal judge in to “assist in the execution of a federal search warrant by facilitating the un-locking of an iPhone.”

Ars went in person to the Oakland courthouse on Wednesday to obtain the documents and is publishing both the government’s application and the judge’s order for the first time here. The All Writs Act application and order are not available via PACER, the online database for federal court records.

“This Court has the authority to order Apple, Inc., to use any capabilities it may have to unlock the iPhone,” Garth Hire, an assistant US attorney, wrote to the court and cited the All Writs Act.

“The government is aware, and can represent, that in other cases, courts have ordered the unlocking of an iPhone under this authority,” he wrote. “Additionally, Apple has routinely complied with such orders.”

“This court should issue the order because doing so would enable agents to comply with this Court’s warrant commanding that the iPhone be examined for evidence identified by the warrant,” he continued. “Examination of the iPhone without Apple’s assistance, if it is possible at all, would require significant resources and may harm the iPhone. Moreover, the order is not likely to place any unreasonable burden on Apple.”

In response, Magistrate Judge Kandis Westmore ordered that Apple “provide reasonable technical assistance to enable law enforcement agents to obtain access to unencrypted data.” She did not specifically mention the All Writs Act.

But she added:


It is further ordered that, to the extent that data on the iOS device is encrypted, Apple may provide a copy of the encrypted data to law enforcement but Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.

Westmore’s language is a near-duplicate of a June 6, 2014 order issued by a different judge from the Northern California district, San Jose division, which is about 40 miles south of Oakland. There, Magistrate Judge Howard Lloyd ordered Apple to assist in the search of an iPad Mini, months before the release of iOS 8.

New spying tools afoot

On Tuesday, The Wall Street Journal reported on an order issued by a federal magistrate in New York in a case involving alleged credit card fraud.

In that Manhattan case, Magistrate Judge Gabriel Gorenstein granted the government’s proposed order on the same day as Westmore (October 31, 2014), also citing the All Writs Act, which compels the unnamed phone manufacturer to provide “reasonable technical assistance” in unlocking the device.

The mystery company could challenge the judge’s order, according to Brian Owsley, a former federal magistrate judge who now is a law professor at Indiana Tech.

“Unfortunately, we will probably not know because the issue will likely be sealed even though there should be more transparency in these issues,” he told Ars by e-mail, noting that during his tenure on the bench he could not remember a time when the government invoked the All Writs Act.

“It is only through greater transparency will we start to get the answers. If the provider simply complies we will know nothing. Here, Judge Gorenstein’s approach strikes me as very even-handed, but the inherent problem is that those who are concerned about privacy issues in general simply have to hope that the provider will speak up for us.”

But Orin Kerr, a law professor at George Washington University and a former federal prosecutor, does not believe that the seized phone in the New York case was an iOS 8 device.

“The government obtained a warrant on October 10 for a phone already in its possession,” he told Ars by e-mail. “Apple’s announcement was something like September 18. If it was an iPhone, it was probably an iPhone running [on] an earlier operating system.”

Still, Alex Abdo, the ACLU attorney, after reading a copy of the Oakland documents, concluded that the “government’s application raises troubling questions about the extent to which it can force companies to break the products they sell.”

“We are heartened, however, that the court recognized that possibility and stopped short of ordering Apple to come up with a way to decrypt its customers’ data,” he added.

“More broadly, it is disconcerting that the government is relying on a catch-all law to seek surveillance powers that it should be seeking from Congress and the public,” said Abdo. “If the government wants new spying tools, it should allow our democratic process to debate them openly first.”

UPDATE 1:50pm CT: Jonathan Mayer, a lecturer at Stanford Law, said that use of the All Writs Act is not as novel as it may seem. (He recommended his recent lecture on the subject!)

“The TL;DR is that there is nothing new about using the All Writs Act to compel assistance,” Mayer told Ars by e-mail. “And there is also nothing new about using it to compel assistance with unlocking a phone. That repeated language you saw? It’s provided by Apple itself!”

“As for the opinion discounting the All Writs Act, that had to do with surveillance under the Electronic Communications Privacy Act. Where ECPA applies, the All Writs Act doesn’t. (It’s just a default, as the court rightly noted.) Phone unlocking isn’t covered by ECPA, so the All Writs Act remains in play.”

JamesRisen

Shhh… Glenn Greenwald with James Risen on “Pay Any Price: Greed, Power, and Endless War”

Photo (above) Source: https://www.youtube.com/watch?v=wZ68ZQhzwPs

I like to share with you this interview on the new book by James Risen, the two-time Pulitzer Prize-winning New York Times investigative reporter at the center of one of the most significant press freedom cases in decades who exposed the warrantless wiretapping of Americans by the National Security Agency as early as 2005, 8 years before the Snowden revelations. Risen also hit headlines after being on Obama’s blacklist after he was threatened with prison terms by the Justice Department for refusing to reveal the source of one of his stories.

And here is the transcript from The Intercept.

BBC-MikeHarris

Shhh… Views on the “Don’t Spy On US” Campaign

I saw this Sky News clip earlier this week and thought I should share it. The 2 opposing views illustrate how these arguments could go on forever. But which side are you on?

Above from Sky News: The Campaign Director of the Don’t Spy On Us campaign, Mike Harris and the Director of the Centre for Security and Intelligence Studies at the University of Buckingham, Professor Anthony Glees discuss whether the UK needs more anti-terror laws.

USsenate2

Shhh… US Senate Vote Falls Short of Curbing NSA Surveillance

It’s a fitting scene from the classic movie Gone with the Wind with the famous closing quote “Frankly, my dear, I don’t give a damn”.

The US Senate vote on the USA Freedom Act Tuesday night to rein in the NSA spying power came shy of just 2 votes of the 60 needed to take up the legislation, which would have otherwise stopped the controversial phone record metadata collection by the NSA

Any hope will now hinge on June next year as the legal grounds for the NSA phone snooping, as revealed by the Snowden revelations, under the Patriot Act will then expire – which means the NSA would require then new legislation to justify their access to these mass data.

AfriLeaks

Shhh… WikiLeaks’ Cousin AfriLeaks – A New Anonymous Whistleblowing & Open Data Platform for Africa

AfriLeaks, a brand new anonymous whistleblowing platform, will be launched end November but unlike the renowned and established WikiLeaks, this African cousin will not be releasing secret information directly to the public.

“[AfriLeaks will] provide a secure tool for connectivity between the whistleblowers and the media who then investigate the substance and character of the leak,” according to Khadija Sharife of the African Network of Centers for Investigative Reporting (ANCIR) – the organization that will host the platform – in a Deutsche Welle report earlier this week

According to Deustche Welle, unlike WikiLeaks’ aim to publish and disclose information, “AfriLeaks will be there to provide leads for stories to media and research organizations. The new platform will allow whistleblowers to choose the media or research organization to which they want to send the information”.

Assange-Bio

WikiLeaks founder Julian Assange may be smiling. According to a biography (above), Assange described “going to Africa and testing my ground” in the early days of WikiLeaks where one of the very first story his whistleblowing platform broke was on Kenya – which was then fed to The Guardian who ran “The Looting of Kenya” as a front-page story. The article was subsequently picked up by the Kenyan media.

“From our point of view, the leak supported the idea that oppressed media organizations could suddenly be freed when a story that mattered to them – and which they couldn’t reveal on their own – was given legitimacy and the oxygen of international exposure first,” according to the book.

“We kept at it, kept publishing stuff that the African papers were too frightened to publish…”

FacialRecognition

Shhh… US Federal Judge Calls for Scrutiny of FBI’s Facial Recognition System

A federal judge, US District Judge Tanya Chutkan, ruled last week that the FBI’s futuristic facial-recognition database requires scrutiny from open-government advocates because of the size and scope of the surveillance technology as well as privacy concerns – see story below.

Quick background: The FBI announced in late September its US$1 billion facial recognition program – the Next Generation Identification (NGI) System – was finally up and running. In development since at least 2008, “the NGI System was developed to expand the Bureau’s biometric identification capabilities, ultimately replacing the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) in addition to adding new services and capabilities”.

Privacy groups are concerned that the NGI System becomes invasive by collecting images of people suspected of no wrongdoing.

Federal Judge Says Public Has a Right to Know About FBI’s Facial Recognition Database

By Dustin Volz National Journal November 7, 2014

A federal judge has ruled that the FBI’s futuristic facial-recognition database is deserving of scrutiny from open-government advocates because of the size and scope of the surveillance technology.

U.S. District Judge Tanya Chutkan said the bureau’s Next Generation Identification program represents a “significant public interest” due to concerns regarding its potential impact on privacy rights and should be subject to rigorous transparency oversight.

“There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered,” Chutkan wrote in an opinion released late Wednesday.

Her ruling validated a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center that last year made a 2010 government report on the database public and awarded the group nearly $20,000 in attorneys’ fees. That government report revealed the FBI’s facial-recognition technology could fail up to 20 percent of the time. Privacy groups believe that failure rate may be even higher, as a search can be considered successful if the correct suspect is listed within the top 50 candidates.

“The opinion strongly supports the work of open-government organizations and validates their focus on trying to inform the public about government surveillance programs,” said Jeramie Scott, national security counsel with EPIC.

Privacy groups, including EPIC, have long assailed Next Generation Identification, which they argue could be used as an invasive means of tracking that collects images of people suspected of no wrongdoing. The program—a biometric database that includes iris scans and palm prints along with facial recognition—became “fully operational” this summer, despite not undergoing an internal review, known as a Privacy Impact Assessment, since 2008. Government officials have repeatedly pledged they would complete a new privacy audit.

FBI Director James Comey has told Congress that the database would not collect or store photos of ordinary citizens, and instead is designed to “find bad guys by matching pictures to mug shots.” But privacy groups contend that the images could be shared among the FBI and other agencies, including the National Security Agency, and even with state motor-vehicle departments.

In his testimony, given in June, Comey did not completely refute that database information could potentially be shared with states, however.

Government use of facial-recognition technology has undergone increasing scrutiny in recent years, as systems once thought to exist only in science fiction movies have become reality. TheNew York Times reported on leaks from Edward Snowden revealing that the NSA intercepts “millions of images per day” across the Internet as part of an intelligence-gathering program that includes a daily cache of some 55,000 “facial-recognition quality images.”

The Justice Department did not immediately return a request for comment regarding whether it will appeal Chutkan’s decision.

FBIdoc-OpOnymous

Shhh… Counting the Costs of FBI’s Operation Onymous

Op-Onymous

The FBI announced last week that law enforcement agencies including the bureau, the Department of Homeland Security and Europol have arrested 26-year old San Francisco resident Blake Benthall (below) who was allegedly the operator and administrator – under the handle “Defcon” – of the online drugs marketplace Silk Road 2.0, just a year after the original Silk Road’s alleged mastermind, Russ Ulbricht, was also arrested in San Francisco.

BlakeBenthall

According to related court documents, Benthall was charged last Friday with narcotics trafficking, as well as conspiracy charges related to money laundering, computer hacking, and trafficking in fraudulent identification documents – which Benthall reportedly “admitted to everything”.

“The website [Silk Road 2.0] has operated on the “Tor” network, a special network of computers on the Internet, distributed around the world, designed to conceal the true IP addresses of the computers on the network and thereby the identities of the network’s users,” according to the FBI.

The globally coordinated effort involving 17 nations dubbed Operation Onymous – obviously as opposed to the “anonymous” Tor network – has reportedly led to 17 arrests and a seizure of more than 400 “hidden services” and darknet domains, $1 million in bitcoins, $250,000 in cash plus a variety of drugs, gold and silver.

It later emerged there were actually just over 27 sites seized – including Silk Road 2.0 – instead of more than 400 as initially reported: the FBI spokesperson David Berman later clarified the 400 URLs amounted only to a dozen or so sites.

However, several pertinent questions surfaced:

- Is Tor still safe given the FBI has obviously broken (how?) into it?

- Is the world really a safer place after the FBI shut down a major “darknet” marketplace? What makes the authorities rule out the emergence of a more secure, bigger and effective Silk Road 3.0? (The FBI said in its press release that “Those looking to follow in the footsteps of alleged cyber-criminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired.”)

- How much of taxpayers’ monies were spent to make these 17 arrests in 17 nations with this global operation?

Blackberry-Encryption

Shhh… Former NSA Attorney: Encryption Behind Blackberry’s Demise & Warning to Apple and Google

The authorities hate smartphone encryption and it shows. And they’re in concerted efforts to wage a war against it.

In echoing the recent messages from FBI director James Comey and GCHQ chief Robert Hannigan, former NSA general counsel Stewart Baker told the Web Summit audience in Dublin earlier this week that the moves by Google and Apple and others to encrypt user data was more hostile to western intelligence gathering than to surveillance by China or Russia.

In a conversation with Guardian special projects editor James Ball, Baker used Blackberry as an example:

Encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now – that has not ended well for Blackberry,” said Baker.

He claimed that by encrypting user data Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia. “They restricted their own ability to sell. We have a tendency to think that once the cyberwar is won in the US that that is the end of it – but that is the easiest war to swim.”

Baker said the market for absolute encryption was very small, and that few companies wanted all their employees’ data to be completely protected. “There’s a very comfortable techno-libertarian culture where you think you’re doing the right thing,” said Baker.

“But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.

This latest anti-encryption blabbing drew quick defense from Blackberry COO Marty Beard, who found Baker’s remarks “don’t make any sense”.

“Security is a topic that’s increasing in importance,” Beard told the audience at FedScoop’s FedTalks event Thursday. “It’s the reason that all G7 countries and the G20 work with BlackBerry.

“We just see it growing in importance. The increasing cybersecurity threats are exploding, security across all [technology] layers is critical.”

SeattleTimes

Shhh… FBI’s Mock-Up As Newspaper to Hack Suspect’s Computer

Previously on Shhh-cretly, we reported how the FBI could legally impersonate someone’s identity to create a phony Facebook account in that person’s name without that person’s knowledge in order to reach out to suspected criminals – and separately the NSA also disguised itself as Facebook servers in order to gain access to the computers of intelligence targets.

Well the buck doesn’t stop there. It turned out that the FBI, in the spirits of catching suspects, was also involved in planting fake news stories: The editor of The Seattle Times found out only last week that the FBI made a mock-up of the publication’s website in 2007 in order to spread spyware onto the computer of a suspect.

The FBI is reportedly defending its right to rely on such tactics to prevent “possible act of violence” – and let’s not forget FBI director James Comey is not impressed with Apple and Google phones being “too secure” and he’s been busy making his rounds pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption so that the bureau can access those devices, in the namesake of law enforcement of course.

Or do you think the bureau has gone well overboard and beyond its restraints?

Right2Bforgotten

Shhh… The BBC “Forgotten” List (& Forgotten Company Directors?)

The BBC plans to publish a regularly updated list of articles removed from the search engine Google following the controversial “right to be forgotten rule”.

Google has so far received some 153,000 requests which have involved about half a million different link and 40 percent of these links have been removed. However, according to associate professor David Glance, director of the Center for Software Practice at the University of Western Australia:

… there is a great deal of concern about the sorts of things that are being removed. So, for example, information about former company directors have been removed. So various people are now asking for that type of information to be restored because it’s part of the public record and important information when you are considering the effectiveness or the background of a company or the directors.”

Comey-FBI

Shhh… FBI’s Comey Hints Action Against Apple & Google Over Encryption

The FBI director James Comey has been busy making his rounds pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption.

“Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction — in a direction of fear and mistrust,” Comey reportedly told the Brookings Institution in a speech last week, where he hinted that the administration might consider new laws and regulations to force companies to offer the government some ways to unlock personal data stored on the phones, such as photos, videos, emails, messages and contacts list “so that those of us in law enforcement, national security and public safety can continue to do the job you have entrusted us to do, in the way you would want us to.”

Here are some video clips to amplify his views on the subject:

Google-JapanDoraemon

Shhh… Japan’s “Forget” Ruling on Google

The Tokyo District Court ordered Google Japan last Thursday to follow Europe’s recent “right to be forgotten” ruling and remove the search results of a Japanese man’s past relations with a criminal organization following his complaint of violation into his privacy.

According to the judge preceding the case, some of the Google results “infringe personal rights” and had harmed the plaintiff.

The European Court of Justice ruled in May that anyone living in the European Union and Europeans living outside the region could ask search engines to remove links if they believed the online contents breached their right to privacy and are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed.”

But despite the uproar and headlines in the aftermath, the dirty little secret is that nothing has really changed. What Google has effectively done is to remove results from name search of those names approved to be deleted but only on its European websites. The same results remain on the Google US homepage and all its non-European sites.

Furthermore, Google is only removing the results but not the links. Its European sites may have deleted the results for a search on a specific name but a search for the same name accompanied by other key words may still churn out the same results.

In an earlier Shhh-cretly column, I explained with examples why there is a limit on the extent of privacy and any attempt to manually and selectively remove the Google search contents, successful or otherwise, is like playing God.

CitizenB-NGF

Shhh-cretly to Feature in “Citizen B”: A Documentary on Surveillance & Privacy

Shhh-cretly was interviewed by renowned and award-winning director Werner Boote, who was in Hong Kong with his Austrian crew this week to film Citizen B, a 90-minute documentary on surveillance and privacy to be released in 2015.

IMG_20141009_161005

IMG_20141009_161920

CitizenB

CitizenB2

CarmenSegarra

Shhh… The Secret Tapes of Goldman Sachs by Carmen Segarra

In what could be equivalent to a nuclear bomb on Wall Street, former New York Federal Reserve Examiner Carmen Segarra has released some 46 hours worth of voice recordings, secretly taped with a small recorder on her keychain in 2012, that purportedly show bank regulators going soft and cozy with banking giant Goldman Sachs at a time when the New York Fed was expected to become a stronger regulator after the financial crisis of 2008.

To demonstrate a case in point from the recordings: “We’re looking at a transaction that’s legal but shady,” according to a New York Fed staffer in reference to a proposed Goldman Sachs financial transaction.

The secret recordings – released to both a reporter for ProPublica and radio program This American Life – show an unwillingness among some Fed supervisors to both demand specific information from Goldman about a transaction with Banco Santander and to strongly criticize what Segarra concluded was the lack of an appropriate conflict-of-interest policy at Goldman.

Segarra, who later suited the New York Fed for wrongful termination after her refusal to alter a critical examination of Goldman’s legal and compliance units, said her colleagues were too soft on those kinds of transactions and the banking industry in general.