Tag: domestic surveillance

Cyberwars: FBIs Facial Recognition Database

facial_rec1This past summer, the FBI was compelled to release information about the operational facial recognition database they working on. As part of its Next Generation Identification (NGI) program, this database is part of the FBIs efforts to build a “bigger, faster and better” means of biometric identification. Earlier this month, the FBI announced that the system is now working at “full operational capability”, and many people are worried…

To break it down, the NGI database is made up of millions of stored mugshots and other photos, which are then used when analyzing footage taken by CCTV feeds or other cameras around the country. The full deployment of the program comes three months after James Comey, the bureau’s director, announced that the agency was “piloting the use of mug shots” alongside the bureau’s other databases, in order to catch wanted criminals.

FBI_NGI_Slide_WideDesigned to replace the bureau’s aging fingerprint database, the NGI is different in that it is designed to be multimodal. This means that it will link multiple forms of biometric data to biographical information such as name, address,  ID number, age and ethnicity. It’s currently focused on fingerprint and facial records, but it will also be capable of holding iris scans and palm prints, with the possibility of added voice recognition and gate analysis (i.e. how people walk).

As the FBI said in a statement on Monday, Sept. 15th, the NGI, combined with fingerprint database:

[W]ill provide the nation’s law enforcement community with an investigative tool that provides an image-searching capability of photographs associated with criminal identities.

Naturally, the worries that this database will be another step towards “Big Brother” monitoring. However, what is equally (if not more) worrisome is the fact that the details of the program are only a matter of public record thanks to a lawsuit filed by the Electronic Frontier Foundation. The lawsuit was issued in June of 2013, wherein the EFF compelled the FBI to produce records in accordance Freedom of Information Act to detail the program and its face-recognition components.

facial_recCiting the FBI documents, the EFF claims that the facial recognition technology is not very reliable and that the way the database returns results is fundamentally flawed, as well as pointing out that it will indiscriminately combine the details of both criminals and non-criminals. Based on their own interpretation, they claim it could fail 20 percent of the time, which could lead to innocent persons becoming the subject of police investigations.

Nevertheless, the bureau remains confident that the system will simplify and enhance law enforcement both locally and federally. As they said of the program when it was first announced back in 2011:

The NGI system has introduced enhanced automated fingerprint and latent search capabilities, mobile fingerprint identification, and electronic image storage, all while adding enhanced processing speed and automation for electronic exchange of fingerprints to more than 18,000 law enforcement agencies and other authorized criminal justice partners 24 hours a day, 365 days a year.

fingerprint_databaseIn 2012, the NGI database already contained 13.6 million images (of seven to eight million individuals) and by mid-2013, it had 16 million images. We now know it aims to have 52 million facial records in its system by next year, and those will include some regular citizens. This is another source of concern for the EFF and civil liberties advocates, which is the estimated 4.3 million images taken for non-criminal purposes.

Whenever someone applies for a job that requires a background check, they are required to submit fingerprint records. These records are then entered into federal databases. Right now, the FBI’s fingerprint database contains around 70 million criminal profiles, and 34 million non-criminal records. With the NGI database now up and running, photographs can be submitted by employers and other sources along with fingerprints, which puts non-criminals on file.

FBI-facial-recognitionThe database, while maintained by the FBI, can be searched by law enforcement at all levels. According to Jennifer Lynch, the EFF attorney behind the lawsuit:

Your image would be searched every time there is a criminal investigation. The problem with that is the face recognition is still not 100 percent accurate.” This means that the system is liable to make mismatches with data. If a camera catches a criminal’s face and that is compared to images in the database, there’s no guarantee that it will pop up an accurate result. 

What’s more, when the database is searched it does not return a completely positive result; but instead provides the top hits, ranked by probability of match. So if your face just happens to be similar to a snapshot of a criminal caught in CCTV footage, you may become a suspect in that case. Combined with other forms of biometric readers and scanners, it is part of a general trend where privacy is shrinking and public spaces are increasingly permeated by digital surveillance.

internet-of-things-2This sort of data exchange and on-the-ground scanning will be made possible byand is one of the explicit aims ofFirstNet, the nationwide broadband network for law enforcement and first responders, colloquially referred to by some as the “internet of cops”. Much like all things pertaining the expansion of the internet into the “internet of things”, this sort of growth has the capacity to affect privacy and become invasive as well as connective.

As always, fears of an “Orwellian” situation can be allayed by reminding people that the best defense is public access to the information – to know what is taking place and how it works. While there are doubts as to the efficacy of the NGI database and the potential for harm, the fact that we know about its inner workings and limitations could serve as a legal defense wherever a potentially innocent person is targeted by it.

And of course, as the issue of domestic surveillance grows, there are also countless efforts being put forth by “Little Brother” to protect privacy and resist identification. The internet revolution cuts both ways, and ensures that everyone registered in the torrential data stream has a degree of input. Fight the power! Peace out!

Sources: motherboard.com, arstechnica.com, singularityhub.com

Cyberwars: Latest Snowden Leaks

FRANCE-US-EU-SURVEILLANCE-SNOWDENThe case against the NSA’s program of cyberwarfare and espionage has become somewhat like an onion. With every new revelation, the matter becomes more stinking and fetid. Certainly, the first release of classified NSA documents – which dealt with the US’s ongoing cyberwarfare against China and other nations – was damaging to the agency’s image. But it has been the subsequent publication of documents that deal with domestic surveillance that have been the most damning.

According to Snowden, he was motivated to leak this information because of the troubling case of hypocrisy inherent in the NSA programs. And in the lastest leak, Snowden has now confirmed that at least five Muslim-Americans – including prominent lawyers, a civil rights leader and academics – were the subject of years’ worth of surveillance by both the FBI and the National Security Agency.

under_surveillance_full_v2Among the targets were Nihad Awad, the executive director of the Council on American-Islamic Relations – the top Muslim-American civil rights organization in the United States – and Faisal Galil, a longtime Republican operative and former Bush Administration official who worked for the Department of Homeland Security and held a top-secret security clearance during the time he was under surveillance.

Also among the American targets was Asim Ghafoor, an attorney for the al-Haramain Islamic Foundation who who has represented clients in terrorism-related cases . He is also the man who famously discovered in 2004 that he and his clients were under surveillance after the Treasury Department mistakenly released to him a document listing calls he’d made to his clients.

wire_tappingOther targets include Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University and Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights. All of the targets appear to have been singled out because of their Muslim backgrounds and their activities either defending Muslim clients or on behalf of various causes.

The individuals appear on an NSA spreadsheet in the Snowden archives called “FISA recap”—short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to suspect of an American of being engaged in or abetting terrorism, espionage, or sabotage against the US.

FILE PHOTO NSA Compiles Massive Database Of Private Phone CallsThe authorizations must be regularly renewed by the court for the surveillance to remain in effect, usually every 90 days for U.S. citizens. In none of these cases were the individuals singled out for surveillance because they were suspected of committing or planning a crime. And six years after the period the document covers, none of them has been charged with any crime related to the surveillance.

Greenwald says the revelations offer a more detailed look at who the government is targeting. Although there are some Americans on the list who have been accused of terrorism, the five highlighted in The Intercept piece have all led what appear to be law-abiding lives. As Greenwald explained:

This is the first time that there’s a human face on who the targets are of their most intrusive type of surveillance. [H]ere you really get to see who these people are who are the people worthy of their most invasive scrutiny. I think it’s important for people to judge—are these really terrorists or are these people who seem to be targeted for their political dissidence and their political activism?

 

faisal_gillAll of these five individuals identified in the article has gone on record to vehemently deny any involvement in terrorism or espionage. Outside of their ancestry, there appears to be no justification whatsoever for the surveillance. Faisal Gill, whose AOL and Yahoo! email accounts were monitored while he was a Republican candidate for the Virginia House of Delegates, had this to say when interview by The Intercept:

I just don’t know why. I’ve done everything in my life to be patriotic. I served in the Navy, served in the government, was active in my community—I’ve done everything that a good citizen, in my opinion, should do.

Ghafoor was also of the opinion that profiling had everything to do with him being targeted for electronic surveillance. When told that no non-Muslim attorneys who defended terror suspects had been identified on the list, he replied:

I believe that they tapped me because my name is Asim Abdur Rahman Ghafoor, my parents are from India. I travelled to Saudi Arabia as a young man, and I do the pilgrimage. Yes, absolutely I believe that had something to do with it.

https://i0.wp.com/media.nj.com/ledgerupdates_impact/photo/2012/06/muslim-lawsuitjpg-88e364e9b8e195f4.jpgCivil liberties groups have expressed anger that the five appear to have been targeted largely for having Muslim backgrounds. One such group is the Muslim Advocates, which released the following statement shortly after the story was published:

This report confirms the worst fears of American Muslims: the federal government has targeted Americans, even those who have served their country in the military and government, simply because of their faith or religious heritage. Muslim Advocates calls on the President and Congress to take steps immediately to reform the NSA surveillance program to uphold basic privacy rights and civil liberties that the Constitution guarantees to every American, regardless of faith.

The new revelations confirm for the first time that the government targeted U.S. attorneys, sometimes without warrants. Crucially, the revelations also give targets of the domestic surveillance legal standing to sue. Snowden indicated to Greenwald last year that he included the target list in the cache of leaked documents because he wanted people who had been under such surveillance to have evidence to challenge the spying in court.

An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone in BerlinIn the past, journalists and attorneys have tried to challenge the constitutionality of the government’s surveillance activities in court. But since the defendants did not have proof that they in particular had been targeted, the courts were forced to rule that they did not have standing. The spreadsheet, however, provides evidence of targeted surveillance for those who have now been identified.

In short, this latest revelation has provided Americans, and not just those of Muslim descent, with the means to hold the NSA and the FBI accountable for the first time. Since the historic episode known as the “war on terror” began, revelations have led to challenges and promises for reform. But in all cases, the crucial issue of whether or not these programs would be allowed to continue has been carefully sidestepped.

cyber_security2Whether it was the failure of FISA reform to reign in domestic wiretapping and data mining, or the Obama administrations endorsement of “transparent” surveillance, it seems obvious clear that an administrative solution was not in the works. But opening the way for successive lawsuits for wrongful surveillance might just prove to be more effective.

What is certain, though, is that the battle between civil liberties and surveillance in the “Digital Age” is nowhere close to being resolved. As the daily volume of data sent around the world continues to grow – from terabytes to petabytes to exabytes – there will continually be a need for monitors to watch for sinister things. And as long as they are willing to push the boundaries in the name of security, there will continue to be challenges.

Sources: wired.com, firstlook.org

Cyberwars: ACLU and NSA ex-Director to Debate Tomorrow!

keith-alexander-nsa-flickrIn what is sure to be a barn-burner of a debate, the former head of the National Security Agency – General Keith Alexander – will be participating tomorrow in a with ACLU Executive Director Anthony Romero. The televised, surveillance-themed debate, will take place tomorrow –  June 30th, 10:30am Eastern Time – on MSNBC. The subject: whether or not the NSA’s vast surveillance and data mining programs are making American’s safer.

While many would prefer that the current head of the NSA be involved in the debate, General Alexander is a far better spokesperson for the controversial programs that have been the subject of so much controversy. After all, “Emperor Alexander” – as his subordinates called him – is the man most directly responsible for the current disposition of the  NSA’s cyber surveillance and warfare program.Who better to debate their merit with the head of the ACLU – an organization dedicated to the preservation of personal freedom?

Edward-Snowden-660x367And according to classified documents leaked by Edward Snowden, General Alexander’s influence and power within the halls of government knew no bounds during his tenure. A four-star Army general with active units under his command, he was also the head of the National Security Agency, chief of the Central Security Service, and the commander of the US Cyber Command. It is this last position and the power it wields that has raised the greatest consternation amongst civil-libertarians and privacy advocates.

Keith Alexander is responsible for building this place up between 2005 and 2013, insisting that the US’s inherent vulnerability to digital attacks required that he and those like him assume more authority over the data zipping around the globe. According to Alexander, this threat is so paramount that it only makes sense that all power to control the flow of information should be concentrated in as few hands as possible, namely his.

NSA_fort_meadeIn a recent security conference held in Canada before the Canadian Security Intelligence Service (CSIS), Alexander expressed the threat in the following, cryptic way:

What we see is an increasing level of activity on the networks. I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in.

If this alone were not reason enough to put people on edge, there are also voices within the NSA who view Alexander as a quintessential larger-than-life personality. One former senior CIA official who agreed to speak on condition of anonymity, claimed:

We jokingly referred to him as Emperor Alexander—with good cause, because whatever Keith wants, Keith gets. We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else.

And it is because of such freedom to monitor people’s daily activities that movements like the February 11th “The Day We Fight Back” movement – an international cause that embraced 360 organizations in 70 countries that were dedicated to ending mass surveillance – have been mounted, demanding reform.

us_supremecourtIn addition, a series of recent ruling from the US Supreme Court have begun to put the kibosh on the surveillance programs that Alexander spent eight years building up. With everything from cell phone tracking to cell phone taps, a precedent is being set that is likely to outlaw all of the NSA domestic surveillance. But no matter what, the role of Snowden’s testimony in securing this landmark event cannot be underestimated.

In fact, in a recent interview, the ACLU’s Anthony Romero acknowledged a great debt to Snowden and claimed that the debate would not be happening without him. As he put it:

I think Edward Snowden has done this country a service… regardless of whether or not what he did was legal or illegal, whether or not we think the sedition laws or the espionage laws that are being used to possibly prosecute Snowden are too broad, the fact is that he has kick-started a debate that we did not have. This debate was anemic. Everyone was asleep at the switch.

One can only imagine what outcome this debate will have. But we can rest assured that some of the more predictable talking points will include the necessities emerging out of the War on Terror, the rise of the information revolution, and the dangers of Big Brother Government, as well as the NSA’s failure to prevent such attacks as the Boston Marathon Bombing, the Benghazi Embassy bombing, and a slew of other terrorist incidents that took place during Alexander’s tenure.

Do I sound biased? Well perhaps that’s because I am. Go ACLU, stick to Emperor Alexander!

Sources: engadget.com, democracynow.org

Down with Big Brother: Supreme Court Rules Against Cell Phone Taps

wire_tappingIn another landmark decision, the Supreme Court issued a far-reaching defense of digital privacy by declaring that law enforcement officials are henceforth forbidden from searching cell phones without a warrant at the scene of an arrest or after. The decision was based on two cases in which police searches of mobile devices led to long prison sentences. This decision is just the latest nail in the coffin of warrantless surveillance, a battle that began over a decade ago and has persisted despite promises for change.

The ruling opinion notes that cell phones have in fact become tiny computers in Americans’ pockets teeming with highly private data, and that gaining access to them is now fundamentally different from rifling through someone’s pockets or purse. This contradicts the argument from U.S. prosecutors that a search of a cell phone should instead be treated “as materially indistinguishable” from a search of any other box or bag found on an arrestee’s body.

U.S. Supreme Court Hands Down Major Decisions On Last Day Of SessionThe Court ruling takes this into consideration, and asserted the counter-argument in the ruling opinion:

That is like saying a ride on horseback is materially indistinguishable from a flight to the moon. Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by a cigarette pack, a wallet or a purse… A decade ago officers might have occasionally stumbled across a highly personal item such as a diary, but today many of the more than 90% of American adults who own cell phones keep on their person a digital record of nearly every aspect of their lives.

In one of the two cases at issue, a California man was charged with assault and attempted murder in relation to a street gang in which he was allegedly a member. The connection between his actions and gang activity were made when police searched his smartphone without a warrant and found videos and photos that prosecutors claimed demonstrated that he was associated with the “Bloods” gang. In short, the contents of his phone were used to put his crime into a context that carried with it a stiffer penalty.

warrantless_phonesearchesIn the second case, a Boston man had his cell phone searched when he was arrested after an apparent drug sale. By finding his home address on his flip phone, police were able search his home and find a larger stash of drugs. Both defendants argued that the warrantless searches violated the fourth amendment. The Supreme Court’s Wednesday ruling sided with both defendants and declared that the searches were unconstitutional.

Privacy groups celebrated the ruling, with Hanni Fakhoury of the Electronic Frontier Foundation (EFF) calling it a “bright line, uniform, pro-privacy standard.” The American Civil Liberties Union, the long-time champion of privacy rights and an opponent to all forms of warrantless surveillance, declared the decision “revolutionary.” As Steven R. Shapiro, the ACLU’s national legal director, said in a statement:

By recognizing that the digital revolution has transformed our expectations of privacy, today’s decision…will help to protect the privacy rights of all Americans. We have entered a new world but, as the court today recognized, our old values still apply and limit the government’s ability to rummage through the intimate details of our private lives.

domestic_surveillanceIn its ruling, the court also rejected prosecutors’ notion that the ability to remotely wipe or lock a phone required police to search the devices immediately upon arrest before evidence could be destroyed. The court responded that police can easily prevent evidence from being remotely destroyed by turning the phone off or removing its battery, or putting it into a Faraday cage that blocks radio waves until a search warrant can be obtained.

But perhaps the most remarkable portion of the ruling was its recognition of the unique nature of modern smartphones as personal objects. Even calling them mere “cell phones” is a misnomer. As the ruling reads:

The term ‘cell phone’ is itself misleading shorthand. Many of these devices are in fact minicomputers that also have the capacity to be used as a telephone. They could just as easily be called cameras, video players, rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps or newspapers.

warrantless_phonesearches1The EFF’s Fakhoury pointed to language in the ruling about how the sheer volume of data stored on cell phones makes them fundamentally different from other personal objects that might contain private information. This statement that the quantity of information searched matters – rather than merely the kind of information – might influence other privacy cases. As Fakhoury stated, this could have implications for other NSA data-collection programs:

The court recognizes that two pictures reveal something limited but a thousand reveals something very different. Does it mean something different when you’re collecting one person’s phone calls versus collecting everyone’s phone calls over five years? Technology allows the government to see things in quantities they couldn’t see otherwise.

Granted, the court did provide for some exceptions, but only in cases of extraordinary and specific danger – like child abduction or the threat of a terrorist attack. But such specifications require that police establish that an emergency exists before taking drastic action. Occurring on the heels of the Supreme Court decision that outlawed the use of cell phones to track people’s movements, this latest decision is another victory in the battle of privacy versus state security.

And given the precedent it has set, perhaps we can look forward to some meaningful ruling against everything the NSA has been doing in Fort Meade for the past few years. One can always hope, can’t one?

Sources: cnet.com, wired.com, time.com

Reinstating Net Neutrality: New Bill Before US Congress

cap-hillA new “net neutrality” bill is on its way towards Congress, one which seeks to reinstate the free and open nature of the net – something that has been under fire in recent years. And one week ago, Senator Patrick Leahy of Vermont and Representative Doris Matsui of California took another decisive step when they announced that they will propose a bill to stop the Federal Communications Commission from allowing paid “fast lanes” on the internet.

In short, the proposed bill demands that the FCC to use whatever authority it sees fit to make sure that Internet providers don’t speed up certain types of content (like Netflix videos) at the expense of others (like e-mail). It wouldn’t give the commission new powers, but the bill – known as the Online Competition and Consumer Choice Act – would give the FCC crucial political cover to prohibit what consumer advocates say would harm startup companies and Internet services by requiring them to pay extra fees to ISPs.

Wireless-Internet-1And this past spring, after a federal court struck down the FCC’s existing net neutrality rules – which sought to ensure that ISPs didn’t discriminate against certain internet traffic – the commission proposed a new set of rules that has left many worried that ISPs could start charging web companies like Google and Netflix to deliver their content at faster speeds. Such an arrangement, these sources say, would squeeze out newer and smaller operations that can’t pay the fees.

Leahy and Matsui, both Democrats, are part of a widespread effort to ensure that all web companies, from Google to Netflix to Snapchat, are treated equally on the internet. On the other side, big-name internet service providers such as Comcast and Verizon are fighting to maintain control over how their networks operate. Caught in the middle are internet users who stand to lose if the ISPs create a new internet where its harder for certain services to reach them.

https://i0.wp.com/img.washingtonpost.com/blogs/the-switch/files/2014/06/Screen-Shot-2014-06-16-at-18.12.56.jpgAfter holding a hearing on net neutrality in Vermont this past summer, Leahy came to an invariable conclusion:

Americans are speaking loud and clear. They want an Internet that is a platform for free expression and innovation, where the best ideas and services can reach consumers based on merit rather than based on a financial relationship with a broadband provider.

Though FCC chairman Ted Wheeler has claimed that internet fast lanes would be “commercially unreasonable” and therefore forbidden under its own proposed new rules, critics worry that the rules are too broad and would allow for loopholes as to what counts as commercially reasonable activity. Since the new rules were proposed, protests have taken place in front of the FCC’s offices, massive internet petitions have been mounted, and an epic rant was made by Last Week Tonight host John Oliver.

https://i0.wp.com/www.wired.com/images_blogs/threatlevel/2014/01/topic_net-neutrality.pngThe new bill would provide a mandate regarding how the FCC deals with any sort of paid prioritization, but it wouldn’t reclassify providers. Also, the new bill would only apply to connections from internet service providers to customers’ homes, commonly referred to as last mile connections. It wouldn’t pertain to “peering”, the deals governing the ways that internet service providers connect with each other or with content providers like Netflix and Google.

Despite these limitations, Public Knowledge supports the proposed legislation. As vice president of government affairs Chris Lewis said in a statement:

This bill sends a clear signal to the FCC that fast lanes and paid prioritization could endanger the internet ecosystem as we know it. The reason we have seen so much financial investment and innovation online is because the playing field for new entrepreneurs is level. As the FCC continues to evaluate new net neutrality rules, it’s important they understand that Americans want an internet that everyone can succeed in, not just the companies with enough money to pay a toll to ISPs.

https://i0.wp.com/www3.pcmag.com/media/images/425188-net-neutrality.pngThe bill may face serious challenges, however. Republicans control the House and have proposed their own bill to block the FCC from reclassifying internet service providers. In this respect, net neutrality is dividing lawmakers along partisan lines, and Republicans are not expected to support the proposed Leahy-Matsui bill. But in theory, a bipartisan agreement could be reached, especially since the Leahy-Matsui bill leaves reclassification off the table.

And given the level of public pressure on law makers and regulators to protect the function of the internet, it’s too early to count this or any other legislation that addressing the issue of neutrality out. Network neutrality has become a hot button issue, much like domestic surveillance and data collection. And the people are sending a clear message: they want the internet to be a level playing field and won’t rest until the rules clearly reflect that.

Sources: wired.com, washingtonpost.com

Little Brother is Watching Back: The NSA Under Fire

11thCCAEarlier this month, the Eleventh Circuit Court of Appeals finished deliberations with the case of United States v. Davis. And the ruling made there is sure to has long-reaching implications for the future of domestic surveillance. In short, the court determined that the NSA’s practice of tracking people’s movements using data from their cell phone without a warrant was unconstitutional. This decision was important for two reasons.

Not only does it provides substantive and procedural protections against abuse of an increasingly common and highly invasive surveillance method, it also also likely to provide support for other cases where security needs trumping privacy is concerned. The Davis decision, in effect, suggests that the U.S. government’s collection of all kinds of business records and transactional data – aka. “metadata” – for law enforcement and national security purposes may also be unconstitutional.

nsa_aerialThe Davis case brought this issue to the fore because the tracking was used to make an arrest. Basically, mobile phones send signals to the nearest cell towers so that the communications network system knows where to route a call should one come in. Many providers collect and store the location of towers a customer connects to at the beginning and end of the call for billing purposes. In this case, FBI agentsobtained these records without a search warrant and used them to place the defendant, Quartavious Davis, near the scene of a number of robberies.

The prosecution argued that cell tracking without a warrant is constitutional per the 1979 case Smith v. Maryland, where the Supreme Court said that phone users have no “reasonable expectation of privacy” in the phone numbers they dial, and therefore they aren’t protected under the Fourth Amendment. Key to the Smith case was the Court’s view that the suspect had knowingly disclosed the phone numbers to the phone company and therefore had no protection with regard to them.

government-surveillanceAdditionally, Smith built on the 1976 case of United States v. Miller, which held that a person does not have Fourth Amendment rights in their bank records because they are the bank’s business records and not the customer’s private data. Together the cases are known as the “third-party doctrine,” which says that you have no Fourth Amendment interest in a third party’s business records because you have voluntarily disclosed information to the business and assumed the risk of that information being further disclosed to the government.

This third-party doctrine is what the NSA has been using up until now to justify its practice of collecting bulk information on phone-call records as well as its past collection of internet activities and financial information. The details of this warrantless metadata collection was revealed in the documents leaked by Edward Snowden, which led to the current round of legal challenges. As we speak, the ones dealing with the phone records bulk-collection program are currently wending their way through the federal courts.

metadataLast December, a District of Columbia judge held that the bulk collection of phone records violates the Fourth Amendment – regardless of Smith – and called the program “almost Orwellian.” Shortly thereafter, a different district court judge relied on Smith to give the program his stamp of approval. This month, a third federal judge was obligated to allow the warrantless collection of records to continue, but opined that the Supreme Court should overturn Smith v. Maryland. 

Relying on the Jones concurrences, the Eleventh Circuit concluded that under the “reasonable expectation of privacy” test, cell phone location data is also protected under the Fourth Amendment, since this data can reveal a range of private matters. The appellate judges also dismissed the argument used in Smith that people lose their right to data submitted to businesses, rejecting the idea that people know in any meaningful way that in using their cell phone they are sending their location information to a provider.

wire_tappingThe appellate judges in Davis, by refusing to apply Smith and Miller to a case involving stored records, have taken a giant step toward undermining the legal justification propping up many of the government’s metadata collection practices. The information that the NSA currently collects include far more detailed data than the simple information at issue in Smith and are far more revealing of private conduct, social networks, and thought processes.

This is especially true because the records are collected in bulk. In Jones, Justice Sotomayor opined that it may be time to rethink the third-party doctrine. The Eleventh Circuit has taken a step in that direction, writing an appellate-level opinion that rejects the extension of those 1970s-era cases to modern communication networks and data. Given the sheer amount of information that is now shared, transferred and processed today, compared to thirty-five years ago, this should come as no surprise.

This is great privacy news for anyone who uses a cell phone. But as a legal precedent, it may also be indicative of what’s coming. In the coming months and years, when the appellate courts finally get hold of the NSA’s bulk metadata collection programs, these programs may very well be knocked down. And if so, one of the last vestiges of the so-called “War on Terror” – a historical episode filled with tragedies, vagaries and abuses of power – may finally be over.

Sources: wired.com

February 11th – The Day We Fight Back

government-surveillanceGood morning all! For those who are unaware, as I was until very recently, this February 11th marks a special day, one which may become a regular thing for people in this day and age. It’s known as “The Day We Fight Back”, an international movement that embraces 360 organizations in 70 countries that are dedicated to ending mass surveillance, like that conducted by the NSA.

At the heart of this cause is the Thirteen Principles, a series of human rights obligations designed to compel all states to stop the mass spying, be it through direct observation with cameras and drones, to digital surveillance involving metadata-mining algorithms. The Principles are already being used in national campaigns and international pressure to reign in organizations like the NSA.

nsasecurity_primary-100041064-largeThese principles include:

1. Legality: In the absence of legislation, no violation of privacy should be considered permissible and this legislative process must meet a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of and can foresee its application. Also, these laws should be subject to period review.

2. Legitimate Aim: No security measures or surveillance should be conducted on the basis of race, color, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.

3. Necessity: Laws which permit surveillance should be limited to that which can be shown to be permissible by, and consistent with, a legitimate security aim. It should also only be permitted when no other means exist.

4. Adequacy: Any instance of communications surveillance authorized by law must be appropriate to fulfill the specific legitimate aim identified.

gavel5. Proportionality: Decisions about communications surveillance must be made by weighing the benefit of that surveillance against the potential for harm that would be caused to the individual’s or others rights, and then demonstrating the benefit-cost ratio is favorable and justifiable.

6. Competent Judicial Authority: Decisions relating to the authorization of communication surveillance must be made by an independent and impartial judicial authority.

7. Due Process: The State must ensure that lawful procedures that govern any interference with human rights are properly enumerated in law. This means that, except in cases of emergency, every individual is entitled to legislative process by an independent judiciary.

8. User Notification: With few exceptions, individuals should be notified of a decision authorizing communications surveillance with enough time and information to enable them to appeal the decision, and should have access to the materials presented in support of the application for authorization.

9. Transparency: Where applied, the State – and those service providers involved – should provide individuals with sufficient information to enable them to fully comprehend the scope, nature and application of the laws permitting communications surveillance.

cyber_security10. Public Oversight: States should establish independent oversight mechanisms to ensure transparency and accountability and these mechanisms should have the authority to access all potentially relevant information about actions taken in order to assess their legitimacy.

11. Integrity of communications and systems: States should not compel service providers, hardware or software vendors to build surveillance or monitoring capability into their systems, or to collect or retain particular information purely for State surveillance purposes.

12. Safeguards for international cooperation: The mutual legal assistance treaties (MLATs) and other agreements entered into by states should ensure that, where the laws of more than one state could apply to communications surveillance, the available standard with the higher level of protection for individual rights is applied.

13. Safeguards against illegitimate access: States should enact legislation that provides significant civil and criminal penalties for public and private organizations that conduct illegal communications surveillance, as well as legal protection for whistle blowers, and avenues for redress by affected individuals.

hackers_securityAll of these principles speak directly to the recent revelations made about domestic and online surveillance by the NSA and other security agencies in the past decade or so. They also embrace numerous suggestions that have been made since the issue first broke in the mid 2000’s about way it could be redressed. These have only become more relevant since, thanks to the expansions that have taken place.

Already, many of them are being seriously considered by the Obama administration as a means of making PRISM and other NSA surveillance programs acceptable. By spelling them out to this degree, the public has the opportunity to make it clear that any surveillance is conditional, and until such time as these conditions are met, the issue will not be closed. I have signed on, and hope that others will as well.

If there’s one thing I have learned in the course of Snowden’s revelations about NSA surveillance, and the nature of what Keith Alexander and his minions do over at Fort Meade, it is that cyber surveillance is this age is an evolving thing. If the law is expected to evolve with it, and we are to avoid passive acceptance of these intrusions in our lives, then we must play an active role in how that law is written and implemented.

Click on the image below to find out more about this campaign, or to sign on:

TDWFB2

Cyberwars: NSA Building Quantum Computer

D-Wave's 128-qubit quantum processorAs documents that illustrate the NSA’s clandestine behavior continue to be leaked, the extents to which the agency has been going to gain supremacy over cyberspace are becoming ever more clear. Thanks to a new series of documents released by Snowden, it now seems that these efforts included two programs who’s purpose was to create a ““useful quantum computer” that would be capable of breaking all known forms of classical encryption.

According to the documents, which were published by The Washington Post earlier this month, there are at least two programs that deal with quantum computers and their use in breaking classical encryption — “Penetrating Hard Targets” and “Owning the Net.” The first program is funded to the tune of $79.7 million and includes efforts to build “a cryptologically useful quantum computer” that can:

sustain and enhance research operations at NSA/CSS Washington locations, including the Laboratory for Physical Sciences facility in College Park, MD.

nsa_aerialThe second program, Owning the Net, deals with developing new methods of intercepting communications, including the use of quantum computers to break encryption. Given the fact that quanutm machinery is considered the next great leap in computer science, offering unprecedented speed and the ability to conduct operations at many times the efficiency of normal computers, this should not come as a surprise.

Such a computer would give the NSA unprecedented access to encrypted files and communications, enadling them to break any protective cypher, access anyone’s data with ease, and mount cyber attacks with impunity. But a working model would also vital for defensive purposes. Much in the same way that the Cold War involved ongoing escalation between nuclear armament production, cybersecurity wars are also subject to constant one-upmanship.

quantum-computers-The-Next-GenerationIn short, if China, Russia, or some other potentially hostile power were to obtain a quantum computer before the US, all of its encrypted information would be laid bare. Under the circumstances, and given their mandate to protect the US’s infrastructure, data and people from harm, the NSA would much rather they come into possesion of one first. Hence why so much attention is dedicated to the issue, since whoever builds the worlds first quantum computer will enjoy full-court dominance for a time.

The mathematical, cryptographical, and quantum mechanical communities have long known that quantum computing should be able to crack classical encryption very easily. To crack RSA, the world’s prevailing cryptosystem, you need to be able to factor prime numbers — a task that is very difficult with a normal, classical-physics CPU, but might be very easy for a quantum computer. But of course, the emphasis is still very much on the word might, as no one has built a fully functioning multi-qubit quantum computer yet.

quantum-entanglement1As for when that might be, no one can say for sure. But the smart money is apparently anticipating one soon, since researchers are getting to the point where coherence on a single qubit-level is becoming feasible, allowing them to move on to the trickier subject of stringing multiple fully-entangled qubits together, as well as the necessary error checking/fault tolerance measures that go along with multi-qubit setups.

But from what it’s published so far, the Laboratory for Physical Sciences – which is carrying out the NSA’s quantum computing work under contract – doesn’t seem to be leading the pack in terms of building a quantum computer. In this respect, it’s IBM with its superconducting waveguide-cavity qubits that appears to be closer to realizing a quantum computer, with other major IT firms and their own supcomputer models not far behind.

hackers_securityDespite what this recent set of leaks demonstrates then, the public should take comfort in knowing that the NSA is not ahead of the rest of the industry. In reality, something like a working quantum computer would be so hugely significant that it would be impossible for the NSA to develop it internally and keep it a secret. And by the time the NSA does have a working quantum computer to intercept all of our encrypted data, they won’t be the only ones, which would ensure they lacked dominance in this field.

So really, thess latest leaks ought to not worry people too much, and instead should put the NSAs ongoing struggle to control cyberspace in perspective. One might go so far as to say that the NSA is trying to remain relevant in an age where they are becoming increasingly outmatched. With billions of terabytes traversing the globe on any given day and trillions of devices and sensors creating a “second skin” of information over the globe, no one organization is capable of controlling or monitoring it all.

So to those in the habit of dredging up 1984 every time they hear about the latest NSA and domestic surveillance scandal, I say: Suck on it, Big Brother!

Source: wired.com

New Movie Trailer: Divergent

DivergentCame across this trailer recently, for the upcoming movie adaptation of the 2011 novel Divergent. And while the trailer does look like impressive, this does seem like a really predictable move on Hollywood’s part. With the recent adaptation of the Hunger Games and Ender’s Game, it was only a matter of time before producers began looking farther afield to find more examples of YA dystopian literature.

In fact, that’s been a subject which I’ve been thinking about quite a lot lately. In terms of sci-fi trends, the past decade has seen a revival of dystopian literature, and the majority of it seems to be aimed at young readers. Not surprising really, seeing as how issues like the “war on terror”, domestic surveillance and NSA data mining have led to a resurgence of fears that humanity could still be living in Big Brother state in the near future.

divergent-iron-on-patches-summit-boothAnd with the rise in publications that appeal to young adult readers – with everything from Twilight to Harry Potter – writer’s began to see just how accessible dystopian tales would be to young readers. And Divergent is certainly no exception to this rule. And just like the Hunger Games, a dystopian society is used as a metaphor to address the issues of teen angst and the struggle to belong.

Basically, the story takes place in a Chicago of the future, where live in a society that is divided into castes and membership is determined when people turn 16. Enter into this Beatrice “Pris” Prior, a young woman with a special mind who undergoes the test designed to determine what caste she belongs to, only to find out that the test failed and she has been declared “Divergent”.

divergent-movie-set-reportThe rest of the movie, as is made clear from the trailer, consists of her joining the resistance – a group composed of “casteless” people (aka. other Divergents) – and waging war against the state. So, a society where people are forced into specialized roles, where those who are different must live in secret or face persecution, and a heroine who rises up to bring down the system… sound like the teenage experience to you?

Yeah, me too. And while some criticize Divergent for being a Hunger Games ripoff, people who actually know their dystopian lit are quick to point out that that book was probably a ripoff of Battle Royale. And in reality, all these books are eating crumbs off the table of Zamyatin, Huxley and Orwell, and the YA angle with all its wish fulfillment is nothing that hasn’t been seen a hundred times before.

Anyhoo, the movie is set for release on March 21st, 2014. Enjoy the trailer!

Crypto Wars: The Tech World vs. the NSA

cyber_securitySix years ago, something interesting took place at Microsoft’s Windows annual Crypto conference in Santa Barbara. In the course of the presentations, two members of the company’s security group (Dan Shumow and Niels Ferguson) gave a talk that dealt with internet security and the possibility that major systems could be hacked.

They called their presentation “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng”. That’s a name few people outside of the techy community would recognize, as it refers to a pseudorandom number generating program that is used extensively in cryptography. And thought the presentation was only nine slides and a few minutes long, they managed to capture the attention of the crowd with some rather stark observations.

cyber_security1Basically, they laid out a case showing that the new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made one of the program’s algorithms susceptible to cracking. But the weakness they described wasn’t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.

At the time, no one thought much of it. But today, that’s all changed, thanks to Edward Snowden. Apparently, cryptographers and journalists are seeing a connection between the talk given by Shumow and Ferguson and the classified NSA documents Snowden leaked. Apparently, some of that information confirms that the weakness in the Dual_EC_DRBG algorithm might be indeed a backdoor.

nsa_aerialEarlier this month, an article appeared in the New York Times that implied that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world.

Naturally, these allegations not only stoked the fires over the NSA’s long history of spying on databases, both domestic and foreign, it has also raised questions over the integrity of the rather byzantine process that produces security standards in the first place. The National Institute of Standards and Technology (NIST) approved Dual_EC_DRBG and the standard, is now facing criticism alongside the NSA.

nist_aerialbigAnd while NIST has since been forced to re-open the program to examination and public discussion, security and crypto firms around the world are scrambling to unravel just how deeply the suspect algorithm infiltrated their code, if at all. Some even went so far as to publicly denounce it, such as corporate giant RSA Security.

But of course, a number of crypto experts have noted that the Times hasn’t released the memos that purport to prove the existence of a backdoor. What’s more, the paper’s direct quotes from the classified documents don’t mention a backdoor or efforts by the NSA to weaken it or the standard, only the efforts of the agency to push the standard through NIST’s committees for approval.

nsasecurity_primary-100041064-largeOne such person is Jon Callas, the CTO of Silent Circle – a company that offers encrypted phone communication. Having attended the Crypto conference in 2007 and heard the presentation by Shumow, he believes that the real problem may lie in the fact that the algorithm was poorly made:

If [the NSA] spent $250 million weakening the standard and this is the best that they could do, then we have nothing to fear from them. Because this was really ham-fisted. When you put on your conspiratorial hat about what the NSA would be doing, you would expect something more devious, Machiavellian … and this thing is just laughably bad. This is Boris and Natasha sort of stuff.

Sources at Microsoft agree. In addition to the presenters – who never mention the NSA in their presentation and went out of their way to avoid accusing NIST of any wrongdoing – a manager who spoke with WIRED on condition of anonymity believes the reporters at the Times saw the classified documents dealing with the program, read about the 2007 talk, and assumed their was a connection.

cryptographyBut Paul Kocher, president and chief scientist of Cryptography Research, says that regardless of the lack of evidence in the Times story, he discounts the “bad cryptography” explanation for the weakness, in favor of the backdoor one:

Bad cryptography happens through laziness and ignorance. But in this case, a great deal of effort went into creating this and choosing a structure that happens to be amenable to attack.

Personally, I find it interesting that the NSA would be so committed to making sure a program passed inspection. Especially one that had a fatal flaw that, when exploited properly, could be used to give someone who knew about it access to encrypted information. But of course, it’s not like the NSA has been known to invade people’s privacy, right? RIGHT?

Clearly, all there is at this point is speculation. One thing is certain though. In the coming weeks and months, the NSA is going to be the recipient of even more flak over its monitoring and cryptographic activities. Whether this effects any change in policy remains to be seen, but I doubt anyone will be holding their breaths.

Sources: wired.com, nytimes.com