Microscope Monday: Analysis of Massachusetts’ proposed License Plate Privacy Act, H 3068 / S 1648

steampunk_microscope

One of the curious things about digitization is that it allows data to be circulated and shared almost effortlessly. New, cheap ways of sharing and storing data can turn data collection that was previously quite innocent into a serious threat to our ability to be free from government surveillance.

Historically, the law has recognized no constitutional issue with law enforcement collection of license plate numbers, because cars are normally out in public when the numbers are collected. But what happens if cop cars can collect every license plate from every car they pass, moving or parked; check the plate against a database of outstanding warrants; link them to GPS coordinates; and retain the records of which car was where forever, so that they can retrospectively construct a map of your movements?

Well, folks, that bright new day is here. The devices are called “automated license plate readers”, or ALPRs for short. And the ACLU of Massachusetts is supporting a bill that tries to grapple with their implications, and that received its first Joint Committee on Transportation hearing on May 16.

Continue reading Microscope Monday: Analysis of Massachusetts’ proposed License Plate Privacy Act, H 3068 / S 1648

Free Methuen teenager Cameron D’Ambrosio

[Welcome to our new contributor, Garret Kirkland of the Defend the Fourth Coalition! – Ed.]

What the hell is going on in Massachusetts?

Nobody needs to be reminded about the Boston Marathon tragedy, and many of you heard about Cameron D’Ambrosio from Methuen, MA, who was taken into police custody in response to a Facebook post. I’m sure many, like myself, read about his case and assumed that they would “catch and release” him and put it out of mind. After all, it’s not really that shocking for an 18-year-old high school kid who aspires to be a hip hop artist to say stupid things.

This was what he wrote:

Continue reading Free Methuen teenager Cameron D’Ambrosio

A Helpful PSA from the Boston Regional Intelligence Center

nwa_prodigy

Here at the Boston Regional Intelligence Center, we have watched in sorrow as misinformation about our work to defend America and keep Americans safe here in America has appeared in certain scurrilous publications. We felt it was important to get the truth out about what we do and why we do it.

Some crypto-Marxist at the Jamaica Plain Gazette decided to ask this week why we were busy tracking the activities of local peace activists and the Occupy movement, instead of, say, paying attention to intelligence reports we had received from Russia about some guy called Tsarnasomethin Whatshisface.

God, you people! It’s like you think that just because we’ve taken billions of your dollars and told you we’ll use it to prevent terror attacks, you expect us to actually prevent them!

Allow us to break it down for you point-missing morons.

Continue reading A Helpful PSA from the Boston Regional Intelligence Center

Maryland v. King: Supreme Court Rules That Warrantless DNA Swabs of Arrestees Are A-OK

hollowmen

[Originally published before the ruling; text and headline updated to reflect it. – Ed.]

The Supreme Court is considering the case Maryland v. King (thanks to Jennifer Wagner at Genomics Law Report for an excellent and detailed analysis), which turns on whether law enforcement needs a warrant to take the DNA of someone arrested and charged with, but not yet convicted of a crime. Maryland AG Douglas Gansler has argued to NPR that the privacy intrusion involved is negligible:

“They’re presumed innocent when they’re handcuffed; they’re presumed innocent when they’re strip-searched; and they’re presumed innocent when they’re sitting in jail awaiting trial,” he observes. “Those are far greater invasions of privacy than touching a Q-tip to the inside of your cheek for a second.”

The cheek swab taken from Mr. King came up with a hit for a six-year-old rape case. King was convicted of that charge, and is serving life in prison. King’s attorney, Kannon Shanmugam, argues that the intrusiveness of the search comes from the fact that the search was capable of disclosing a wide array of deeply personal information, and was taken at a time when his client had not been charged with any crime:

“The default rule under the Fourth Amendment is that when a search takes place, it has to be supported either by a warrant issued by a magistrate or by some level of individualized suspicion”

In this case, two very different conceptions of the Fourth Amendment collide. It was once the case that the physical intrusiveness of a search more or less tracked with the amount of information about the arrestee that the search would disclose. Fourth Amendment jurisprudence built up a careful set of rules regarding stops, patdowns and strip-searches, each of which would disclose more than the last and received correspondingly more careful scrutiny.

That relationship is now breaking down. People with smartphones carry their whole lives in a readily searchable object in their pocket, and searching that object is, in all ways but the physical, more intrusive than a strip search. Here, Gansler argues that because a cheek swab is easily taken and doesn’t even properly penetrate the body, it deserves less Fourth Amendment protection; Shanmugam argues that because the cheek swab can disclose information on which his client’s freedom may turn, it deserves the highest Constitutional protection. Continue reading Maryland v. King: Supreme Court Rules That Warrantless DNA Swabs of Arrestees Are A-OK

By 2020, Commercial Vendors Will Offer Quantum Encryption

From the cover of Physics World magazine, March 2013
From the cover of Physics World magazine, March 2013

One of the major problems with challenging the surveillance state is that it is extremely difficult to prove legally that you have been under surveillance. The only people able to prove it are the government themselves, or (in highly unusual cases) people to whom the government has accidentally disclosed that they are under surveillance.

What if, then, there were a commercially available solution that was able to prove that you were under surveillance, and that changed encryption keys so rapidly that your data could be vulnerable at most for a few seconds before becoming secure again? This is the promise of quantum encryption systems.

Continue reading By 2020, Commercial Vendors Will Offer Quantum Encryption

Drawing The Line On Drones: Maine, Massachusetts legislators ponder when drones can be used without a warrant

drone_constitution

Scott Thistle at the Bangor Daily News reports that the Maine Senate is now considering a bill regulating the use of drones.

The bill is the result of consultations including legislators of both parties, the ACLU of Maine, and the Defense of Liberty PAC. It imposes a one-year moratorium on the use of drones by law enforcement in Maine, “except in emergencies”, pending a report from the Maine Criminal Justice Academy on how they could be used. However, the ACLU of Maine is unhappy with the version that has just passed out of the Judiciary Committee on a 7-6 vote, because it would in some circumstances allow police to operate drones without getting a Fourth Amendment compliant warrant. According to Thistle, the bill also does not make clear whether a drone could collect incidental footage that could later be used against a person other than the suspect detailed in a warrant.

There is also a Drone Privacy Act making its way through the Massachusetts legislature, though it is at an earlier stage and has the ACLU of Massachusetts’ strong support.

Perhaps the reason why the Maine bill has lost the support of the ACLU of Maine is that the “emergency exceptions” where a warrant is not required are rather broader in the Maine bill than in the Massachusetts bill. In Maine, the exceptions even include “conspiratorial activity that threatens the national security interest or is characteristic of organized crime”, which is vague, non-imminent, and broad enough to drive a truck through. The Massachusetts bill does not contain exceptions for those things.

Shenna Bellows, executive director of the ACLU of Maine, also objects to letting the police-run Criminal Justice Academy set the detailed rules for drone use. She states the problem plainly enough:

“The ACLU thinks that law enforcement should have a warrant before spying on Mainers with a drone and the [attorney general] does not. That’s the one issue where we cannot compromise.”

Good on you, Ms. Bellows. You have our full support.

FBI-Borg Informs US Private Sector of its Impending Assimilation, Generously Limits Fines for Resistance to $25,000 Per Day Per Violation

robert_mueller

The FBI has a new proposal afoot to require communications companies doing business in the US to make their communications technologies “wiretap-ready”, to avoid the “going-dark problem”. From Charlie Savage at the New York Times, six hours ago:

The Obama administration, resolving years of internal debate, is on the verge of backing a Federal Bureau of Investigation plan for a sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services, according to officials familiar with the deliberations. […]

Currently, such orders instruct recipients to provide technical assistance to law enforcement agencies, leaving wiggle room for companies to say they tried but could not make the technology work. Under the new proposal, providers could be ordered to comply, and judges could impose fines if they did not.

Under the proposal, officials said, for a company to be eligible for the strictest deadlines and fines — starting at $25,000 a day — it must first have been put on notice that it needed surveillance capabilities, triggering a 30-day period to consult with the government on any technical problems.

Lord forbid that private companies should offer services that can’t be wiretapped by the government. If the FBI finds itself unable to routinely spy on the communications of people not yet suspected of any crime, that’s a feature, not a bug, and is in fact what the Fourth Amendment requires.

In America, this manic need to collect every iota of data is “helping defeat the terrorists” and “protecting the homeland”. When other countries do it, though, it’s a whole different story. Read on!

Continue reading FBI-Borg Informs US Private Sector of its Impending Assimilation, Generously Limits Fines for Resistance to $25,000 Per Day Per Violation

Ace G-Man Knows All: FBI Agent Claims Power to Access Content of All Phone Calls Ever

Citizen! Were you under the misapprehension that the terrorist-sympathizing Supreme Court had ruled long ago that law enforcement had to get an actual warrant before accessing the content of your phone calls? Has that thought been keeping you up at night, because it allows people to express potentially un-American thoughts without the FBI being able to listen in and protect us? Well, fear no longer: your friendly neighborhood G-Man is on the case!

 

ace-g-man

Continue reading Ace G-Man Knows All: FBI Agent Claims Power to Access Content of All Phone Calls Ever

Drowning in Data, Starved for Wisdom: The surveillance state cannot meaningfully assess terrorism risks

In this movie, we're Brad.
Pity the analysts.

The NSA has just vigorously denied that their new Utah Data Center, intended for storing and processing intelligence data, will be used to spy on US citizens. The center will have a capacity of at least one yottabyte, and will provide employment for 100-200 people. With the most generous assumptions [200 employees, all employed only on reviewing the data, only one yottabyte of data, ten years to collect the yottabyte, 5GB per movie], each employee would be responsible on average for reviewing 4500 billion terabytes, or approximately 23 million years’ worth of Blu-ray quality movies, every year.

 

Must...keep...watching...my...country...needs...me
Must…keep…watching…my…country…needs…me

This astounding and continually increasing mismatch shows that we are well beyond the point where law enforcement is able to have a human review a manageable amount of the data in its possession potentially relating to terrorist threats. Computer processing power doubles every two years, but law enforcement employment is rising at a rate of about 7% every ten years, and nobody’s going to pay for it to double every two years instead. Purely machine-based review inevitably carries with it a far higher probability that important things will be missed, even if we were to suppose that the data was entirely accurate to begin with – which it certainly is not.

So why is anybody surprised that Tamerlan Tsarnaev, the elder of the Boston Marathon bombing suspects and one of around 750,000 people in the TIDE database, was not stopped at the border? That facial recognition software wasn’t able to flag him as a match for a suspect? That the fusion centers, intended to synthesize data into actionable “suspicious activity reports”, flag things too late for them to be of any use? That the Air Force is panicking a little at not having enough people to process the data provided by our drone fleet?

It’s in this context, then, that we should understand the calls for more surveillance after the Boston Marathon attacks for what they are. More cameras, more surveillance drones and more wiretapping, without many more humans to process the data, will make this problem worse, not better. These calls are being driven not by a realistic assessment that surveillance will help prevent the next attack, but by the internal incentives of the players in this market. Neither the drone manufacturers, nor law enforcement, nor elected officials, have an interest in being the ones to call a halt. So instead they’re promoting automation – automated drones, automated surveillance, and email scanning software techniques.

They are missing something very simple. We don’t need a terrorism database with 750,000 names on it. There are not 750,000 people out there who pose any sort of realistic threat to America. If the “terrorism watch list” were limited by law to a thousand records, then law enforcement would have to focus only on the thousand most serious threats. Given the real and likely manpower of the federal government, and the rarity of actual terrorism, that’s more than enough. If law enforcement used the power of the Fourth Amendment, instead of trying to find ways round it, it could focus more on the highest-probability threats.

Yes, they would miss stuff. That’s inevitable under both a tight and a loose system. But a tight system has the added advantages that it protects more people’s liberties, and costs a lot less.

UPDATE: With the help of a New Yorker fact-checker, the figure of “400 billion terabytes” above has been corrected to “500 billion terabytes”.

Civil Liberties Commentary on the Boston Marathon Manhunt

A variety of excellent commentary over the weekend reflected on the civil liberties implications of the Boston Marathon attacks.

Over at Salon, Falguni Sheth and Robert Prasch used a thought experiment (What would have been different if the bombing had happened in 1977, before mass electronic surveillance?) to argue that the vast expenditure on the surveillance state has not had the net effect of either preventing terrorism or making apprehending terrorists more efficient; so why are we doing it, again?

At Popehat, Clark dissects the unprecedented, expensive and ineffectual lockdown of Boston and the western suburbs, and observes that it is only after the lockdown ended and citizens were back outside their doors that the suspect was located.

Last, there’s an excellent analysis and discussion of the Fourth Amendment issues raised by house-to-house searches for a fugitive by (once again) Orin Kerr at the Volokh Conspiracy. Enjoy!