Wikileaks Hacking Team Emails Implicate NJ Fusion Center

lidless-eye

This week, Wikileaks released a searchable database of over a million internal emails from an Italian outfit called HackingTeam, which sells surveillance and hacking tools to dubious dictatorships around the world. Their software offerings include simple keyloggers all the way up to dragnet internet surveillance software.

I was willing to lay money that our friendly neighborhood fusion centers, the state-and-DHS-funded arms of the surveillance state, would be mixed up with HackingTeam somewhere. Looks like I win that bet.

Email #2640 shows the setup of a presentation from HackingTeam to the New Jersey fusion center’s most senior people, which apparently went ahead on November 1, 2013. The meeting was a success; by January, email #255362 shows that the fusion center was “interested in deploying” HackingTeam’s product. The subject line “DaVinci” shows what software is involved; “DaVinci” is the brand name for HackingTeam’s “remote control system” that promises to “break encryption and allow law enforcement agencies to monitor encrypted files and emails, Skype and other Voice over IP or chat communication […] It allows identification of the target’s location and relationships. It can also remotely activate microphones and cameras on a computer and works worldwide.” DaVinci has infamously been used by Middle Eastern governments to spy on Arab Spring activists.

It appears that the senior NJROIC figures were “excited about its capabilities.” I’ll bet they were.

The emails don’t go on to show whether NJROIC actually implemented DaVinci. Whether or not they did, it’s reasonable to deduce that NJROIC has a strong interest in being able to subvert NJ residents’ communications privacy. Reached for comment, an NJROIC spokesman was at pains to state that everything they do is under the guidance of the Attorney-General, conforms to applicable laws, and involves obtaining court orders and warrants as appropriate, but would not be drawn on the hypothetical question of whether encryption-subversion software would be treated as requiring a warrant.

Subverting encryption is, to an extent, a natural part of the arms race between users on one side, and the government and criminal hackers on the other. But if it’s done without the procedural safeguards embodied in the Fourth Amendment – safeguards that third-party firms like HackingTeam appear willing gleefully to ignore in pursuit of juicy contracts – it opens all of our communications to the government’s unsleeping eye, whether we try to encrypt them or not. The government should steer well away from this kind of “offensive cybersecurity”, and focus on keeping its elderly, hole-filled networks secure instead of exploring new ways to weaken yours and mine.

Congress, Don’t You Dare Revive The PATRIOT Act

usam-e1415383995341

In the runup to last night’s sunset of three PATRIOT Act authorities, TV-watchers were barraged with lurid threats of “horrific terrorist attacks and violence” that would be our lot if we dared to let go of any of them. And then the authorities did sunset, and we all woke up this morning, still alive, and mysteriously unmassacred.

Look around you. What you see outside is that apocalypse’s first day, and … we’re OK. A small part of the surveillance state has stopped collecting new data. In the full daylight, cops are still stopping suspects. In the shadows, PRISM collection continues, unreformed. But this morning proves that Section 215 was never needed. The dragnets enabled under it didn’t do a blind bit of good.

This is hard to swallow, but it’s true. There never was, on this topic, any “tradeoff between privacy and security”. There never was any well-intentioned desire to Keep Us Safe™. The NSA felt able to launch mass metadata dragnets, and they did. That’s it. No-one really bothered analyzing whether the dragnets really worked. It wasn’t about effectiveness, or about safety. It was about fostering a culture of submission to authority.

In the same way, more locally, for twenty years and more, the NYPD wasted millions of dollars in staff time, conducting suspicionless “stop and frisks” of millions of people who had done nothing wrong. When questioned, they argued that without stop and frisk, lawlessness would run rampant. And then, when they were forced to stop last year, what happened? Crime fell.

In the same way, after 9/11, we took the Fourth Amendment, and broke it. We chose to torture people, run secret prisons, and launch illegal wars, all, again, to Keep Us Safe. It was, and is, for nothing. The bombs we dropped, the pain we caused, the lives we took, were all in vain.

We should be under no illusions now. The claim that Section 215 was needed, like the claim that the Iraq War was needed, were always nonsense. In all likelihood, the claims we need the other mass surveillance systems are nonsense too. Don’t go telling us that we can’t do without, say, mass internet surveillance under Section 702 of the FISA Amendments Act, or without full take of entire countries’ audio and Internet communications under Executive Order 12,333. We’ve done without such things before. We can do without them again. We gain no safety from submission, and it should not have taken fourteen years to learn that lesson, stop submitting and start standing up straight again.

Here’s the bad news. Not only the sunset happened last night. The Senate also voted for cloture on the USA FREEDOM Act, which would put these three expired provisions back into law, by a margin of 77 to 17. On Tuesday, they’ll vote on the bill itself, and it looks likely, based on the cloture vote, to pass. Even if there are no amendments, the President will sign it. So on the third day after sunset, Section 215 will rise again, like a new-bitten zombie, and start looking for prey. Undead Section 215 will be a little different – for example, instead of holding the dragnet data itself, the NSA will pay Internet and phone companies to hold onto it, and it’s likely that when it passes it will allow the NSA to instruct companies to format the data in such a way that the NSA can query it almost frictionlessly. Permanent sunset will mean the NSA actually has to collect less, and that’s so unimaginable to Senators – well, to all but a very few Senators – that they are racing to restore the lapsed parts of the PATRIOT Act and deprive you and me once again of the liberties we have so improbably won back.

So I say to our more servile Senators: Don’t you dare restore the PATRIOT Act. You aren’t here above all to Keep Us Safe™; you’re here above all to protect the Constitution. Endorsing the USA FREEDOM Act breaks that oath. Look at the side the fearmongers have taken, and the profits they stand to make, and vote the other way. Vote No on the USA FREEDOM Act tomorrow, and then let’s discuss, deeply, seriously, openly and fearlessly, what kinds of surveillance the Constitution will allow. The American people are ready to breathe more freely and live their lives less watched. It’s time to move forward.

Most Reps Voting for USA FREEDOM Were Opponents of Surveillance Reform

ackbar-trap-usaf

The House just voted to pass the USA FREEDOM Act, which reauthorizes and alters Section 215 of the PATRIOT Act, with a vote of 338 to 88. It’s being depicted as a landslide in favor of reform. It is, sadly, anything but. This is why.

Last week’s ruling by the 2nd Circuit fundamentally changed the Congressional debate. Senator McConnell, the Majority Leader, had been pushing for a straight reauthorization of Section 215 of the PATRIOT Act. But the 2nd Circuit ruling said, among much else, that if Congress did a straight reauthorization of the same language, then their ruling that mass metadata surveillance was unlawful would still stand. In other words, straight reauthorization will no longer get surveillance defenders what they want. So, as the next best thing, the administration and the intelligence committees swung behind the USA FREEDOM Act. This Act would impose token limits on how much they can collect with a single request, but would modernize intelligence collection for a world where much communication is not an actual phone call. As a compromise between moderate surveillance reformers and the intelligence community, it actually offers a lot that the intelligence community likes. So it looks much better to them at this point than straight reauthorization (=no mass metadata surveillance under Section 215) or straight sunset (=no mass metadata surveillance under Section 215).

How do we know this happened? We can measure it.

Continue reading Most Reps Voting for USA FREEDOM Were Opponents of Surveillance Reform

The NSA Is Not Above The Law

tr-above-the-law

[Crossposted at Restore The Fourth]

Last Thursday’s 2nd Circuit Court of Appeals ruling in ACLU v. Clapper threw a bomb into the middle of the debate over renewing the legal authority governing the NSA’s mass metadata surveillance programs. In a unanimous ruling, the Justices held that such programs, untethered to the limiting factor of what is relevant to a specific investigation, were never authorized under Section 215 of the PATRIOT Act.

Bob Litt, the general counsel of the Office of the Director of National Intelligence, scrambled to respond, arguing at a panel on transparency in DC on May 8 that the ruling is not binding on the FISC, that it is not currently in effect, and that it will be overturned soon anyway. Senate Intelligence Committee Chairman Richard Burr (R-NC), who vehemently supports mass NSA surveillance, is contending that “I think the statutory language today allows the NSA to do exactly what they’re doing […] I have a very tough time thinking the Supreme Court would look at this law […] and come to the conclusion that we didn’t empower the NSA to do bulk collection.” In the same article, Stewart Baker, the former general counsel for the NSA, is reported as deriding the ruling as a “97-page law review article” whose “significance is close to zero.”

Collectively, these assertions are the public face of what’s nothing less than a desperate effort by the NSA to declare itself literally above the law. But let’s take them one at a time, shall we?

Continue reading The NSA Is Not Above The Law

Sharing Is Not Caring: Amtrak, DHS and Travelers’ Rights

Sample form for internal passport for prisoners of war, Geneva Conventions, 1956
Sample form for internal passport for prisoners of war, Geneva Conventions, 1956

Traveling in today’s America is becoming more and more constrained. Every year, there are more checks, more searches, and more guards. If you go by car, ALPR systems will track you. If you go by plane, you and your belongings can be legally searched, groped, mocked, impounded or vandalized. If you stay in a motel, your information may be shared up front with law enforcement. And now, even the trains are getting on the act.

The aptly-named PapersPlease.org filed a Freedom of Information Act request last October asking how Amtrak handled sharing of information with the Department of Homeland Security. While Amtrak is regularly subsidized, it is legally a private company, and as such should not share information on passengers unless the police provide them with a valid, individualized probable-cause warrant. You know, that old Fourth Amendment thing?

Ahem.

Continue reading Sharing Is Not Caring: Amtrak, DHS and Travelers’ Rights

If You Don’t Call Your Congressmember After Reading This, You’ll Regret It

captain-america-shield-surveillance

We’re asking everybody to call their Congressmember (Massachusetts numbers below the fold) to support HR1466, the Surveillance State Repeal Act, a bipartisan bill we helped introduce that would truly end mass surveillance. This is why it matters.

On June 1, the part of the PATRIOT Act that has been used to legitimate the mass collection of all of our phone call information, and much else besides, will lapse, It’s a terrible provision known as “Section 215.” Section 215 allows the FBI – and, it appears, other intelligence agencies too – to collect “any tangible things” that are “relevant” to a terrorism investigation. As it turns out, the intelligence community has argued explicitly that every single call in the United States is “relevant”. So, it appears, if we don’t let the NSA know exactly when I called the Danish Pastry House in Watertown about my one-year-old daughter’s first birthday cake, then ISIS will destroy us all.

There has been no legislation proposed yet from either chamber of Congress to renew Section 215. The intelligence community is panicking, and is apparently literally waving pictures of the burning Twin Towers at our elected officials, and telling them that if Section 215 lapses and there’s another attack, it’ll be the lawmakers’ fault and ISIS will destroy us all.

There may be a bill launched next week that would renew it, called the USA FREEDOM Act. Many civil liberties groups plan to support it, because it would also include reforms to Section 215, and may also reform (not repeal) the government’s other mass surveillance programs. We haven’t seen that bill yet, but it would have to be very strong to make it a better deal than simply letting the government’s Section 215 authority die.

There’s actually no evidence that Section 215’s mass surveillance programs have ever stopped a terrorist attack, and the government’s own reports have repeatedly shown that it has never stopped one. Follow me below the fold for the explanation why, and for the numbers to call!

Continue reading If You Don’t Call Your Congressmember After Reading This, You’ll Regret It

NSA Whistleblower Russ Tice Explains NSA Targeting of US Politicians

captain-america-freedom-fear

Mass surveillance is damaging enough; but the capabilities we have handed to the surveillance agencies create a different kind of opportunity for the empire-building surveillance bureaucrat.

The constant claim is that Americans are not “wittingly” “targeted” under the dragnet; it’s just that their communications are vacuumed up “incidentally” because they are one, two, or three “hops” from a given “target”, a category that includes a shifting set of millions of people at a time. But even that face-saving statement is a lie. American citizens are “targets” themselves, and there’s an obvious category of people it would make strategic sense for the surveillance agencies to target: Namely, the set of people with authority over the budgets and remits of the surveillance agencies themselves.

NSA whistleblower Russell Tice is much less well known than Edward Snowden, but his testimony is just as explosive. Here’s an interview he gave in 2013, with a partial transcript:

Okay. They [the NSA] went after members of Congress, both Senate and the House, especially on the intelligence committees and on the armed services committees and judicial. But they went after other ones, too. They went after heaps of lawyers and law firms. They went after judges. One of the judges [Samuel Alito] is now sitting on the Supreme Court that I had his wiretap information in my hand. Two are former FISA court judges. They went after State Department officials. They went after people in the White House–their own people. They went after antiwar groups. They went after U.S. companies that that do business around the world. They went after U.S. banking firms and financial firms that do international business. They went after NGOs like the Red Cross that that go overseas and do humanitarian work. They went after a few antiwar civil rights groups. So, you know, don’t tell me that there’s no abuse, because I’ve had this stuff in my hand and looked at it.

Continue reading NSA Whistleblower Russ Tice Explains NSA Targeting of US Politicians

NSA Whistleblower John Tye Explains Executive Order 12333

captain-america-freedom-fear

It’s been widely reported that the NSA, under the constitutionally suspect authority of Section 215 of the PATRIOT Act, collects all Americans’ phone metadata. Congress has not yet passed any reforms to this law, but there have been many proposals for changes and the national debate is still raging. Yet Americans’ data is also being collected under a different program that’s entirely hidden from public oversight, and that was authorized under the Reagan-era Executive Order 12333.

That’s the topic of a TEDx-Charlottesville talk by whistleblower John Napier Tye, entitled “Why I spoke out against the NSA.” Tye objected to NSA surveillance while working in the US State Department. He explains that EO 12333 governs data collected overseas, as opposed to domestic surveillance which is authorized by statute. However, because Americans’ emails and other communications are stored in servers all over the globe, the distinction between domestic and international surveillance is much less salient than when the order was originally given by President Reagan in 1981.

Continue reading NSA Whistleblower John Tye Explains Executive Order 12333

Boston’s Fusion Center Gives Itself an A+ on “Privacy and Civil Liberties”

ftoaplus

Ten months ago, Digital Fourth submitted a public records request to Boston’s fusion center, the Boston Regional Intelligence Center. It took two appeals to the Secretary of State to get it, but we finally got a response.

The states operate a network of 78 fusion centers across the nation, which coordinate intelligence-related information between federal agencies and state and local law enforcement, in the name of thwarting terrorist attacks. They have never, to anyone’s knowledge, actually thwarted one, and they have become bywords in Washington for waste and ineffectiveness. Previously, we reported on constitutional violations and the results of a FOIA request at Massachusetts’ “Commonwealth Fusion Center”, operated by the State Police; now it’s the turn of Massachusetts’ other fusion center, headquartered at the Boston PD.

The most interesting document we received is the “2013 Fusion Center Assessment Individual Report: Boston Regional Intelligence Center”. This report was heavily redacted, but luckily the State of Colorado has posted on its website an unredacted 2014 report from Colorado’s fusion center that is absolutely identical in format to the Boston report we received, rendering all of the redactions in the Boston report moot. So if you’d like to understand what the BRIC didn’t want us to see, read on.

Continue reading Boston’s Fusion Center Gives Itself an A+ on “Privacy and Civil Liberties”

We All Now Live In Walls Of Glass: Police peer into suspects’ homes without warrants

Over the last two years, at least 50 law enforcement agencies around the United States have used radar devices that allow them to peer through walls and into your home without a warrant, according to USA Today. The devices, each of which costs nearly $6,000, detect movement – even breathing – through walls and up to 50 feet away.

According to contracts obtained by USA Today, the US Marshals Service began buying the radars in 2012 and has since spent $180,000 on the equipment – enough for thirty Range-R radars manufactured by L-3 Communications. Disturbingly, the radars can even be mounted on a drone.

The devices were originally manufactured for use in Iraq and Afghanistan ,but have made their way onto domestic soil, providing yet another example of how the use of military gear by police results in an infringement of our fundamental right to be free of unreasonable and warrantless searches and seizures.

Continue reading We All Now Live In Walls Of Glass: Police peer into suspects’ homes without warrants