Boston Fusion Center Trying to Sneak Millions of $ More Into House Budget


Those sneaky folks over at the Boston Regional Intelligence Center decided that we weren’t shoveling enough tax dollars towards their hard work of spying on protesters, harassing Twitter bloviators, and serving as a praetorian guard for major corporate interests. To remedy this injustice, they got the House to approve over two million dollars in extra funding for “technology and protocol upgrades” as part of H. 3773.

8000-1001 For the Boston Regional Intelligence Center to upgrade, expand, and integrate technology and protocols related to anti-terrorism, anti-crime, anti-gang, and emergency response; provided that intelligence developed shall be shared with the BRIC communities and other State municipal and federal agencies as necessary; provided further, that BRIC shall provide technology required to access the intelligence with its municipal partners, the State police, the MBTA, the Mass Port Authority, and appropriate federal agencies to assure maximum interagency collaboration for public safety and homeland security………………………………………………………………………..$2,250,000

It should be clear to everyone that there should not be an endless spigot of tax dollars going to fund counter-terrorism when we already vastly overspend on counter-terrorism, or to fund vaguely-worded “anti-crime and anti-gang” initiatives when crime is approaching historic lows. The Senate hasn’t passed its supplemental budget yet, so we’re asking Senators not to include this language.

If you, like us, feel uneasy about no-strings-attached funding going to your local spy center, please consider giving your state Senator a call; there’s a tool here for finding out who they are.

No Secret Laws: Ninth Circuit Weakens Secrecy Surrounding “National Security Letters”

Parts of the opinion were particularly pithy.

Parts of the opinion were particularly pithy.

When the USA FREEDOM Act passed on June 2, we criticized it as weak-tea reform that codified rather than changing surveillance agency practices. It’s still weak-tea reform that codified agency practices, but it has also now led to a new and valuable ruling on the infamous practice of “national security letters” (NSLs).

NSLs are issued by the FBI, mostly to companies, and ask them for information on their users. They originated in the late 1970s, but at that time the FBI couldn’t require compliance; enforcement mechanisms were added only in the late 1990s, after the Aldrich Ames spy scandal. The PATRIOT Act of 2001 loosened the rules, allowing, among other changes, NSLs to be issued without the specific approval of the FBI Director or Assistant Director. NSL use exploded from 8,500 in 2000 to 56,504 in 2004 and still runs at a rate of above 21,000 per year. NSL recipients are barred from discussing whether they have received them or what the NSL asks for. Companies aren’t even allowed under law to state that they have not received any NSLs. The argument the government has repeatedly made is that allowing companies to say this, would encourage terrorists to use those companies and not others; but this attitude also leaves the average privacy-conscious consumer in the same soup as the “terrorist.”

Until now, with a new ruling from the Ninth Circuit.

Read More →

Bodycams Delay Will Cost About Four Lives In Boston Per Year

Another kid’s DNA for our database!

Commissioner Evans of the Boston PD came before the Boston City Council last week to counter activists’ arguments that adopting an ordinance mandating police body-worn cameras would decrease police uses of force and complaints. His favored alternative solutions were (1) more ice-cream socials, because Boston is a “model” city for community policing; (2) delay, because more research is needed on whether they would work in Boston; and (3) in a sit-down interview with the Boston Herald, calling for laws requiring citizens filming police to keep their distance and for them to help police subdue suspects.

We’ll get to the ice-cream socials in a minute, shall we?

Read More →

Zen and the Art of Cybersecurity


In the hothouse of Congress, members have been sweating over the need to do something – anything – about “cybersecurity.” They were under pressure from the administration, the intelligence services, and the tech industry. But the latest news is that the Republican majority will be turning, in the few days left before the recess, from the contentious highways bill to a bill to defund Planned Parenthood, likely shifting the previously-catastrophically-urgent cybersecurity crisis through to the fall. So Congress, like my seven-year-olds in school assembly, can take a few deep breaths and imagine that they can smell a flower.

The truth is, there never was a “cybersecurity crisis.” Companies are already legally allowed to share information on hacking attempts with the government, and they usually do. This debate is not really about making US companies or the US government more secure; it’s about putting more of your information, that you have voluntarily shared with US companies, into the government’s hands, without companies being liable for violating their privacy policies for sharing personally identifiable information. All proposals on the table in Congress would immunize companies from suit in this way. In this sense, it would be perfectly all right for Congress to do nothing.

Nevertheless, there is a cybersecurity problem that is worth trying to solve. The government is not a good custodian of our data. Its networks are often poorly secured and vulnerable to outside intrusion. In the surveillance arena, there are now over five million people with security clearances, who are in a position to leak sensitive information. Cultivating a more disciplined approach to network protection and data retention would seem to be a good idea. That’s where the principle above comes in.

In this spirit, let’s calmly reflect on what a bill dealing with this real problem would look like.

Read More →

Your Police Dept May Spy On You “For Situational Awareness”


“Fusion centers” are intelligence-aggregation operations, created after the 9/11 Commission found that, had agencies (namely the FBI and CIA) engaged in more free and open sharing of information, the terrorist attacks could have been prevented. (The laws in 2001 permitted sharing that would have prevented the attacks; but the agencies were overly cautious about sharing data out of turf concerns.)

There are now at least 78 fusion centers dispersed throughout the United States. They claim to focus mostly on collecting intelligence of activity that may have a “nexus” to terrorism, but also criminal activity more broadly. But they operate in almost total darkness, with virtually no transparency. The little we do know suggests that fusion centers neither prevent terrorist acts nor respect First Amendment rights to free speech and free association.

The Intercept reported last week on the fusion centers’ targeting of Black Lives Matter protests, but there are also many other examples, going back to the fusion centers’ founding. The ACLU of Massachusetts found that the Boston Regional Intelligence Center — one of two fusion centers in the Bay State — was spying on antiwar groups; the Austin Regional Intelligence Center was caught monitoring peaceful animal rights activists protesting a circus (I reported on this for MuckRock); and a fusion center in Nebraska — the Nebraska Information Analysis Center — has a special network focusing on activists opposing the Keystone XL pipeline. They justify such activities by claiming that they are monitoring “for situational awareness”, and that this doesn’t constitute surveillance. In fact, that’s exactly what surveillance is; “For Your Situational Awareness” is military jargon for obtaining the intelligence needed to make appropriate battlefield decisions.

Given the lack of sunlight surrounding the everyday activities of the dozens of fusion centers throughout the country, we decided we want to find out more. Naturally, we filed a public records request. We wanted to find out where our other local fusion center — the Commonwealth Fusion Center run by the Massachusetts State Police — gets their intelligence; who has authorized access to their databases; whether any errors in their databases have been discovered; and what kind of information the CFC has on myself and Alex Marthews, the national chair of Restore the Fourth.

Here is what we found:

Read More →

Secretive “JTTF” Group Inspires Terror Plot In Western MA


Imagine this story. “A shadowy group referred to in the press as “the JTTF” has claimed responsibility for a planned attack on a college cafeteria. Aspiring martyr Alex Ciccolo, 23, of North Adams, MA, apparently fell under the influence of this group over a year ago. The JTTF has over one hundred cells located all over the country.

This is not the first time the JTTF has claimed responsibility for fomenting fear in our nation’s cities. It has a pattern of recruiting vulnerable, mentally ill young men, often playing on their religious feelings to incite them into criminal attacks on their fellow Americans.”

This reads like an absurd fiction, but it’s actually a fairly accurate description of the work done by the FBI’s Joint Terrorism Task Force on the recently announced Ciccolo case and in many other similar cases over the years.

First, to the facts. On July 14, it was announced that Alexander Ciccolo, 23, of North Adams, MA, had been arrested on July 4 for felony possession of four firearms previously used in interstate commerce. It was a felony because he had previously been convicted of a DUI in February of this year. The firearms had been delivered to him by a confidential FBI informant being paid by the FBI’s Western Massachusetts JTTF.

A supporting affidavit alleges, based on the testimony of a paid confidential informant, that Ciccolo intended to attack targets such as “college cafeterias”, maybe in Massachusetts and maybe elsewhere, and had expressed support for ISIS; and that Molotov cocktails, jihadist materials, and terror attack planning materials were found at his home. The FBI says they were tipped off by Ciccolo’s father, a police captain, that Ciccolo has had a history of mental illness and had been interested in Islam for about a year. The Western Mass Joint Terrorism Task Force took on the task of surveilling Ciccolo, and found a Facebook profile associated with him, which expressed an interest in martyrdom. It appears that the JTTF then arranged for a confidential informant to meet with Ciccolo and gain his trust. Wiretapped conversations then suggest that Ciccolo “spoke about his plans to travel to another state to conduct terrorist attacks on civilians, members of the U.S. military and law enforcement personnel”, a plan which later developed into a desire to attack an unspecified college cafeteria. Ciccolo bought a pressure cooker on July 3, and then was furnished with the guns by the confidential informant on July 4.

This case is worth probing because, horrifying as Ciccolo’s intentions may have been – we can all be glad that no such attack took place – it raises important questions about how counter-terrorism work is done in America today.

Read More →

Wikileaks Hacking Team Emails Implicate NJ Fusion Center


This week, Wikileaks released a searchable database of over a million internal emails from an Italian outfit called HackingTeam, which sells surveillance and hacking tools to dubious dictatorships around the world. Their software offerings include simple keyloggers all the way up to dragnet internet surveillance software.

I was willing to lay money that our friendly neighborhood fusion centers, the state-and-DHS-funded arms of the surveillance state, would be mixed up with HackingTeam somewhere. Looks like I win that bet.

Email #2640 shows the setup of a presentation from HackingTeam to the New Jersey fusion center’s most senior people, which apparently went ahead on November 1, 2013. The meeting was a success; by January, email #255362 shows that the fusion center was “interested in deploying” HackingTeam’s product. The subject line “DaVinci” shows what software is involved; “DaVinci” is the brand name for HackingTeam’s “remote control system” that promises to “break encryption and allow law enforcement agencies to monitor encrypted files and emails, Skype and other Voice over IP or chat communication […] It allows identification of the target’s location and relationships. It can also remotely activate microphones and cameras on a computer and works worldwide.” DaVinci has infamously been used by Middle Eastern governments to spy on Arab Spring activists.

It appears that the senior NJROIC figures were “excited about its capabilities.” I’ll bet they were.

The emails don’t go on to show whether NJROIC actually implemented DaVinci. Whether or not they did, it’s reasonable to deduce that NJROIC has a strong interest in being able to subvert NJ residents’ communications privacy. Reached for comment, an NJROIC spokesman was at pains to state that everything they do is under the guidance of the Attorney-General, conforms to applicable laws, and involves obtaining court orders and warrants as appropriate, but would not be drawn on the hypothetical question of whether encryption-subversion software would be treated as requiring a warrant.

Subverting encryption is, to an extent, a natural part of the arms race between users on one side, and the government and criminal hackers on the other. But if it’s done without the procedural safeguards embodied in the Fourth Amendment – safeguards that third-party firms like HackingTeam appear willing gleefully to ignore in pursuit of juicy contracts – it opens all of our communications to the government’s unsleeping eye, whether we try to encrypt them or not. The government should steer well away from this kind of “offensive cybersecurity”, and focus on keeping its elderly, hole-filled networks secure instead of exploring new ways to weaken yours and mine.

Congress, Don’t You Dare Revive The PATRIOT Act


In the runup to last night’s sunset of three PATRIOT Act authorities, TV-watchers were barraged with lurid threats of “horrific terrorist attacks and violence” that would be our lot if we dared to let go of any of them. And then the authorities did sunset, and we all woke up this morning, still alive, and mysteriously unmassacred.

Look around you. What you see outside is that apocalypse’s first day, and … we’re OK. A small part of the surveillance state has stopped collecting new data. In the full daylight, cops are still stopping suspects. In the shadows, PRISM collection continues, unreformed. But this morning proves that Section 215 was never needed. The dragnets enabled under it didn’t do a blind bit of good.

This is hard to swallow, but it’s true. There never was, on this topic, any “tradeoff between privacy and security”. There never was any well-intentioned desire to Keep Us Safe™. The NSA felt able to launch mass metadata dragnets, and they did. That’s it. No-one really bothered analyzing whether the dragnets really worked. It wasn’t about effectiveness, or about safety. It was about fostering a culture of submission to authority.

In the same way, more locally, for twenty years and more, the NYPD wasted millions of dollars in staff time, conducting suspicionless “stop and frisks” of millions of people who had done nothing wrong. When questioned, they argued that without stop and frisk, lawlessness would run rampant. And then, when they were forced to stop last year, what happened? Crime fell.

In the same way, after 9/11, we took the Fourth Amendment, and broke it. We chose to torture people, run secret prisons, and launch illegal wars, all, again, to Keep Us Safe. It was, and is, for nothing. The bombs we dropped, the pain we caused, the lives we took, were all in vain.

We should be under no illusions now. The claim that Section 215 was needed, like the claim that the Iraq War was needed, were always nonsense. In all likelihood, the claims we need the other mass surveillance systems are nonsense too. Don’t go telling us that we can’t do without, say, mass internet surveillance under Section 702 of the FISA Amendments Act, or without full take of entire countries’ audio and Internet communications under Executive Order 12,333. We’ve done without such things before. We can do without them again. We gain no safety from submission, and it should not have taken fourteen years to learn that lesson, stop submitting and start standing up straight again.

Here’s the bad news. Not only the sunset happened last night. The Senate also voted for cloture on the USA FREEDOM Act, which would put these three expired provisions back into law, by a margin of 77 to 17. On Tuesday, they’ll vote on the bill itself, and it looks likely, based on the cloture vote, to pass. Even if there are no amendments, the President will sign it. So on the third day after sunset, Section 215 will rise again, like a new-bitten zombie, and start looking for prey. Undead Section 215 will be a little different – for example, instead of holding the dragnet data itself, the NSA will pay Internet and phone companies to hold onto it, and it’s likely that when it passes it will allow the NSA to instruct companies to format the data in such a way that the NSA can query it almost frictionlessly. Permanent sunset will mean the NSA actually has to collect less, and that’s so unimaginable to Senators – well, to all but a very few Senators – that they are racing to restore the lapsed parts of the PATRIOT Act and deprive you and me once again of the liberties we have so improbably won back.

So I say to our more servile Senators: Don’t you dare restore the PATRIOT Act. You aren’t here above all to Keep Us Safe™; you’re here above all to protect the Constitution. Endorsing the USA FREEDOM Act breaks that oath. Look at the side the fearmongers have taken, and the profits they stand to make, and vote the other way. Vote No on the USA FREEDOM Act tomorrow, and then let’s discuss, deeply, seriously, openly and fearlessly, what kinds of surveillance the Constitution will allow. The American people are ready to breathe more freely and live their lives less watched. It’s time to move forward.

Most Reps Voting for USA FREEDOM Were Opponents of Surveillance Reform


The House just voted to pass the USA FREEDOM Act, which reauthorizes and alters Section 215 of the PATRIOT Act, with a vote of 338 to 88. It’s being depicted as a landslide in favor of reform. It is, sadly, anything but. This is why.

Last week’s ruling by the 2nd Circuit fundamentally changed the Congressional debate. Senator McConnell, the Majority Leader, had been pushing for a straight reauthorization of Section 215 of the PATRIOT Act. But the 2nd Circuit ruling said, among much else, that if Congress did a straight reauthorization of the same language, then their ruling that mass metadata surveillance was unlawful would still stand. In other words, straight reauthorization will no longer get surveillance defenders what they want. So, as the next best thing, the administration and the intelligence committees swung behind the USA FREEDOM Act. This Act would impose token limits on how much they can collect with a single request, but would modernize intelligence collection for a world where much communication is not an actual phone call. As a compromise between moderate surveillance reformers and the intelligence community, it actually offers a lot that the intelligence community likes. So it looks much better to them at this point than straight reauthorization (=no mass metadata surveillance under Section 215) or straight sunset (=no mass metadata surveillance under Section 215).

How do we know this happened? We can measure it.

Read More →

%d bloggers like this: