When the USA FREEDOM Act passed on June 2, we criticized it as weak-tea reform that codified rather than changing surveillance agency practices. It’s still weak-tea reform that codified agency practices, but it has also now led to a new and valuable ruling on the infamous practice of “national security letters” (NSLs).
NSLs are issued by the FBI, mostly to companies, and ask them for information on their users. They originated in the late 1970s, but at that time the FBI couldn’t require compliance; enforcement mechanisms were added only in the late 1990s, after the Aldrich Ames spy scandal. The PATRIOT Act of 2001 loosened the rules, allowing, among other changes, NSLs to be issued without the specific approval of the FBI Director or Assistant Director. NSL use exploded from 8,500 in 2000 to 56,504 in 2004 and still runs at a rate of above 21,000 per year. NSL recipients are barred from discussing whether they have received them or what the NSL asks for. Companies aren’t even allowed under law to state that they have not received any NSLs. The argument the government has repeatedly made is that allowing companies to say this, would encourage terrorists to use those companies and not others; but this attitude also leaves the average privacy-conscious consumer in the same soup as the “terrorist.”
Until now, with a new ruling from the Ninth Circuit.
I was willing to lay money that our friendly neighborhood fusion centers, the state-and-DHS-funded arms of the surveillance state, would be mixed up with HackingTeam somewhere. Looks like I win that bet.
Email #2640 shows the setup of a presentation from HackingTeam to the New Jersey fusion center’s most senior people, which apparently went ahead on November 1, 2013. The meeting was a success; by January, email #255362 shows that the fusion center was “interested in deploying” HackingTeam’s product. The subject line “DaVinci” shows what software is involved; “DaVinci” is the brand name for HackingTeam’s “remote control system” that promises to “break encryption and allow law enforcement agencies to monitor encrypted files and emails, Skype and other Voice over IP or chat communication […] It allows identification of the target’s location and relationships. It can also remotely activate microphones and cameras on a computer and works worldwide.” DaVinci has infamously been used by Middle Eastern governments to spy on Arab Spring activists.
It appears that the senior NJROIC figures were “excited about its capabilities.” I’ll bet they were.
The emails don’t go on to show whether NJROIC actually implemented DaVinci. Whether or not they did, it’s reasonable to deduce that NJROIC has a strong interest in being able to subvert NJ residents’ communications privacy. Reached for comment, an NJROIC spokesman was at pains to state that everything they do is under the guidance of the Attorney-General, conforms to applicable laws, and involves obtaining court orders and warrants as appropriate, but would not be drawn on the hypothetical question of whether encryption-subversion software would be treated as requiring a warrant.
Subverting encryption is, to an extent, a natural part of the arms race between users on one side, and the government and criminal hackers on the other. But if it’s done without the procedural safeguards embodied in the Fourth Amendment – safeguards that third-party firms like HackingTeam appear willing gleefully to ignore in pursuit of juicy contracts – it opens all of our communications to the government’s unsleeping eye, whether we try to encrypt them or not. The government should steer well away from this kind of “offensive cybersecurity”, and focus on keeping its elderly, hole-filled networks secure instead of exploring new ways to weaken yours and mine.
Traveling in today’s America is becoming more and more constrained. Every year, there are more checks, more searches, and more guards. If you go by car, ALPR systems will track you. If you go by plane, you and your belongings can be legally searched, groped, mocked, impounded or vandalized. If you stay in a motel, your information may be shared up front with law enforcement. And now, even the trains are getting on the act.
The aptly-named PapersPlease.org filed a Freedom of Information Act request last October asking how Amtrak handled sharing of information with the Department of Homeland Security. While Amtrak is regularly subsidized, it is legally a private company, and as such should not share information on passengers unless the police provide them with a valid, individualized probable-cause warrant. You know, that old Fourth Amendment thing?
We’re asking everybody to call their Congressmember (Massachusetts numbers below the fold) to support HR1466, the Surveillance State Repeal Act, a bipartisan bill we helped introduce that would truly end mass surveillance. This is why it matters.
On June 1, the part of the PATRIOT Act that has been used to legitimate the mass collection of all of our phone call information, and much else besides, will lapse, It’s a terrible provision known as “Section 215.” Section 215 allows the FBI – and, it appears, other intelligence agencies too – to collect “any tangible things” that are “relevant” to a terrorism investigation. As it turns out, the intelligence community has argued explicitly that every single call in the United States is “relevant”. So, it appears, if we don’t let the NSA know exactly when I called the Danish Pastry House in Watertown about my one-year-old daughter’s first birthday cake, then ISIS will destroy us all.
There has been no legislation proposed yet from either chamber of Congress to renew Section 215. The intelligence community is panicking, and is apparently literally waving pictures of the burning Twin Towers at our elected officials, and telling them that if Section 215 lapses and there’s another attack, it’ll be the lawmakers’ fault and ISIS will destroy us all.
There may be a bill launched next week that would renew it, called the USA FREEDOM Act. Many civil liberties groups plan to support it, because it would also include reforms to Section 215, and may also reform (not repeal) the government’s other mass surveillance programs. We haven’t seen that bill yet, but it would have to be very strong to make it a better deal than simply letting the government’s Section 215 authority die.
There’s actually no evidence that Section 215’s mass surveillance programs have ever stopped a terrorist attack, and the government’s own reports have repeatedly shown that it has never stopped one. Follow me below the fold for the explanation why, and for the numbers to call!
Mass surveillance is damaging enough; but the capabilities we have handed to the surveillance agencies create a different kind of opportunity for the empire-building surveillance bureaucrat.
The constant claim is that Americans are not “wittingly”“targeted” under the dragnet; it’s just that their communications are vacuumed up “incidentally” because they are one, two, or three “hops” from a given “target”, a category that includes a shifting set of millions of people at a time. But even that face-saving statement is a lie. American citizens are “targets” themselves, and there’s an obvious category of people it would make strategic sense for the surveillance agencies to target: Namely, the set of people with authority over the budgets and remits of the surveillance agencies themselves.
NSA whistleblower Russell Tice is much less well known than Edward Snowden, but his testimony is just as explosive. Here’s an interview he gave in 2013, with a partial transcript:
Okay. They [the NSA] went after members of Congress, both Senate and the House, especially on the intelligence committees and on the armed services committees and judicial. But they went after other ones, too. They went after heaps of lawyers and law firms. They went after judges. One of the judges [Samuel Alito] is now sitting on the Supreme Court that I had his wiretap information in my hand. Two are former FISA court judges. They went after State Department officials. They went after people in the White House–their own people. They went after antiwar groups. They went after U.S. companies that that do business around the world. They went after U.S. banking firms and financial firms that do international business. They went after NGOs like the Red Cross that that go overseas and do humanitarian work. They went after a few antiwar civil rights groups. So, you know, don’t tell me that there’s no abuse, because I’ve had this stuff in my hand and looked at it.
It’s been widely reported that the NSA, under the constitutionally suspect authority of Section 215 of the PATRIOT Act, collects all Americans’ phone metadata. Congress has not yet passed any reforms to this law, but there have been many proposals for changes and the national debate is still raging. Yet Americans’ data is also being collected under a different program that’s entirely hidden from public oversight, and that was authorized under the Reagan-era Executive Order 12333.
That’s the topic of a TEDx-Charlottesville talk by whistleblower John Napier Tye, entitled “Why I spoke out against the NSA.” Tye objected to NSA surveillance while working in the US State Department. He explains that EO 12333 governs data collected overseas, as opposed to domestic surveillance which is authorized by statute. However, because Americans’ emails and other communications are stored in servers all over the globe, the distinction between domestic and international surveillance is much less salient than when the order was originally given by President Reagan in 1981.
Ten months ago, Digital Fourth submitted a public records request to Boston’s fusion center, the Boston Regional Intelligence Center. It took two appeals to the Secretary of State to get it, but we finally got a response.
The states operate a network of 78 fusion centers across the nation, which coordinate intelligence-related information between federal agencies and state and local law enforcement, in the name of thwarting terrorist attacks. They have never, to anyone’s knowledge, actually thwarted one, and they have become bywords in Washington for waste and ineffectiveness. Previously, we reported on constitutional violations and the results of a FOIA request at Massachusetts’ “Commonwealth Fusion Center”, operated by the State Police; now it’s the turn of Massachusetts’ other fusion center, headquartered at the Boston PD.
The most interesting document we received is the “2013 Fusion Center Assessment Individual Report: Boston Regional Intelligence Center”. This report was heavily redacted, but luckily the State of Colorado has posted on its website an unredacted 2014 report from Colorado’s fusion center that is absolutely identical in format to the Boston report we received, rendering all of the redactions in the Boston report moot. So if you’d like to understand what the BRIC didn’t want us to see, read on.
Over the last two years, at least 50 law enforcement agencies around the United States have used radar devices that allow them to peer through walls and into your home without a warrant, according to USA Today. The devices, each of which costs nearly $6,000, detect movement – even breathing – through walls and up to 50 feet away.
According to contracts obtained by USA Today, the US Marshals Service began buying the radars in 2012 and has since spent $180,000 on the equipment – enough for thirty Range-R radars manufactured by L-3 Communications. Disturbingly, the radars can even be mounted on a drone.
The devices were originally manufactured for use in Iraq and Afghanistan ,but have made their way onto domestic soil, providing yet another example of how the use of military gear by police results in an infringement of our fundamental right to be free of unreasonable and warrantless searches and seizures.
When Michael Brown was shot in Ferguson, MO, there was no video of it. When Denis Reynoso was shot in Lynn, MA, there was no video of it. But what if there had been? And what if police bodycams could significantly reduce incidents of use of force by police?
Responding to this need, Digital Fourth took model legislation developed by the Harvard Black Law Students Association that mandates bodycams for police departments, modified it for Massachusetts, and got a bill filed on Beacon Hill. This session was the first time our gallant volunteers have tried anything like this, and we got a strong response. Sen. Jamie Eldridge filed the bill in the Senate; Rep. Denise Provost filed it in the House; and it has already attracted as cosponsors Rep. Benjamin Swan (D-Springfield), Rep. Mary Keefe (D-Worcester) and Rep. Byron Rushing (D-Boston).
The bill is a result of months of consultation with interested police departments and grapples with some difficult issues – how would bodycam data be used? When would officers be required to record? What about the consent of the people being filmed? It sets up a blue-ribbon committee to review traffic stops, pedestrian stops, and bodycam footage, requires police officers to carry bodycams in almost all circumstances, and sets strong controls on the use and dissemination of the footage.
As this appears to be the only bodycams bill that got filed in the 2015-16 session, we believe that our bill represents the best chance of fostering a discussion about reducing on-the-ground unreasonable searches and seizures – the bread and butter of the Fourth Amendment – and that it could substantially improve relations between the police and communities of color in particular. Community-police relations directly affects those working on policy initiatives: One of the people advising on our bill, Segun Idowu, chairman of the Boston Police Cameras Action Team, was arrested at a Black Lives Matter protest and is currently facing trial.
“Our research, inspired by current events, confirms that community/police relations may be improved with the use of this technology, as bodycams will provide a truth that has no color,” said McKenzie Morris, President of the Harvard Black Law Students Association. “This legislation, albeit a first step, is a necessary endeavor for the pursuit of transparency and accountability in policing.”
For who-knows-how-many years, the Drug Enforcement Administration has been using Automatic License Plate Recognition software to create a national database of the driving habits of ordinary citizens not suspected of a crime, according to documents obtained by the American Civil Liberties Union through the Freedom of Information Act. The documents describe the state of the surveillance effort as of 2009, leaving us wondering just how vast it could be today.
This vehicle tracking program originated near border crossings in the southwestern United States but has grown into a nation-wide project. It is a joint effort between the DEA and local, state, and federal law enforcement agencies throughout the United States. The surveillance program has been alluded to in Congressional testimony every once in a while through the years, but has yet to be fully understood. The documents released by the ACLU, despite being heavily redacted, shine some much-needed light on the interests and priorities of the DEA and federal law enforcement agencies in general. As of 2009, at least 100 license plate readers had been deployed in states like California, Arizona, New Mexico, Texas, Florida, Georgia, Nevada and New Jersey.
And we should be concerned. According to the ACLU:
These records . . . offer documentation that this program is a major DEA initiative that has the potential to track our movements around the country. With its jurisdiction and its finances, the federal government is uniquely positioned to create a centralized repository of all drivers’ movements across the country — and the DEA seems to be moving toward doing just that. If license plate readers continue to proliferate without restriction and the DEA holds license plate reader data for extended periods of time, the agency will soon possess a detailed and invasive depiction of our lives.