Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged cell-site-location-data

Rss Feed Group items tagged

Paul Merrell

The Government Can No Longer Track Your Cell Phone Without a Warrant | Motherboard - 0 views

  • The government and police regularly use location data pulled off of cell phone towers to put criminals at the scenes of crimes—often without a warrant. Well, an appeals court ruled today that the practice is unconstitutional, in one of the strongest judicial defenses of technology privacy rights we've seen in a while.  The United States Court of Appeals for the Eleventh Circuit ruled that the government illegally obtained and used Quartavious Davis's cell phone location data to help convict him in a string of armed robberies in Miami and unequivocally stated that cell phone location information is protected by the Fourth Amendment. "In short, we hold that cell site location information is within the subscriber’s reasonable expectation of privacy," the court ruled in an opinion written by Judge David Sentelle. "The obtaining of that data without a warrant is a Fourth Amendment violation."
  • In Davis's case, police used his cell phone's call history against him to put him at the scene of several armed robberies. They obtained a court order—which does not require the government to show probable cause—not a warrant, to do so. From now on, that'll be illegal. The decision applies only in the Eleventh Circuit, but sets a strong precedent for future cases.
  • "One’s cell phone, unlike an automobile, can accompany its owner anywhere. Thus, the exposure of the cell site location information can convert what would otherwise be a private event into a public one," he wrote. "In that sense, cell site data is more like communications data than it is like GPS information. That is, it is private in nature rather than being public data that warrants privacy protection only when its collection creates a sufficient mosaic to expose that which would otherwise be private." Finally, the government argued that, because Davis made outgoing calls, he "voluntarily" gave up his location data. Sentelle rejected that, too, citing a prior decision by a Third Circuit Court. "The Third Circuit went on to observe that 'a cell phone customer has not ‘voluntarily’ shared his location information with a cellular provider in any meaningful way.' That circuit further noted that 'it is unlikely that cell phone customers are aware that their cell phone providers collect and store historical location information,'” Sentelle wrote.
  • ...2 more annotations...
  • Indeed, the decision alone is a huge privacy win, but Sentelle's strong language supporting cell phone users' privacy rights is perhaps the most important part of the opinion. Sentelle pushed back against several of the federal government's arguments, including one that suggested that, because cell phone location data based on a caller's closest cell tower isn't precise, it should be readily collectable.  "The United States further argues that cell site location information is less protected than GPS data because it is less precise. We are not sure why this should be significant. We do not doubt that there may be a difference in precision, but that is not to say that the difference in precision has constitutional significance," Sentelle wrote. "That information obtained by an invasion of privacy may not be entirely precise does not change the calculus as to whether obtaining it was in fact an invasion of privacy." The court also cited the infamous US v. Jones Supreme Court decision that held that attaching a GPS to a suspect's car is a "search" under the Fourth Amendment. Sentelle suggested a cell phone user has an even greater expectation of location privacy with his or her cell phone use than a driver does with his or her car. A car, Sentelle wrote, isn't always with a person, while a cell phone, these days, usually is.
  • "Therefore, as the Third Circuit concluded, 'when a cell phone user makes a call, the only information that is voluntarily and knowingly conveyed to the phone company is the number that is dialed, and there is no indication to the user that making that call will also locate the caller,'" he continued.
  •  
    Another victory for civil libertarians against the surveillance state. Note that this is another decision drawing guidance from the Supreme Court's decision in U.S. v. Jones, shortly before the Edward Snowden leaks came to light, that called for re-examination of the Third Party Doctrine, an older doctrine that data given to or generated by third parties is not protected by the Fourth Amendment.   
Paul Merrell

US v. Davis, 754 F. 3d 1205 - Court of Appeals, 11th Circuit 2014 - Google Scholar - 0 views

  • 754 F.3d 1205 (2014) UNITED STATES of America, Plaintiff-Appellee, v. Quartavious DAVIS, Defendant-Appellant. No. 12-12928. United States Court of Appeals, Eleventh Circuit. June 11, 2014.
  • The prosecution also offered records obtained from cell phone service providers evidencing that Davis and his co-defendants had placed and received cell phone calls in close proximity to the locations of each of the charged robberies around the 1210*1210 time that the robberies were committed, except for the Mayor's Jewelry store robbery. Davis preserved his objection to the cell phone location evidence and his claim that the government's obtaining such evidence without a warrant issued upon a showing of probable cause violated his rights under the Fourth Amendment.
  • The evidence obtained under the order and presented against Davis in the district court consisted of so-called "cell site location information." That location information 1211*1211 includes a record of calls made by the providers' customer, in this case Davis, and reveals which cell tower carried the call to or from the customer. The cell tower in use will normally be the cell tower closest to the customer. The cell site location information will also reflect the direction of the user from the tower. It is therefore possible to extrapolate the location of the cell phone user at the time and date reflected in the call record.
  • ...3 more annotations...
  • Davis's Fourth Amendment argument raises issues of first impression in this circuit, and not definitively decided elsewhere in the country. The evidence at issue consists of records obtained from cell phone service providers pursuant to the Stored Communications Act ("SCA"), 18 U.S.C. §§ 2703(c) and (d). Under that Act, the government can obtain from providers of electronic communication service records of subscriber services when the government has obtained either a warrant, § 2703(c)(A), or, as occurred in this case, a court order under subsection (d), see § 2703(c)(B). The order under subsection (d) does not require the government to show probable cause.
  • As we suggested above, the question whether cell site location information is protected by the Fourth Amendment guarantees against warrantless searches has never been determined by this court or the Supreme Court. Two circuits have considered the question, but not in the context of the use of the evidence in a criminal proceeding. Also, one of those opinions issued before the Supreme Court's decision in United States v. Jones, ___ U.S. ___, 132 S.Ct. 945, 181 L.Ed.2d 911 (2012), the most relevant Supreme Court precedent.
  • In short, we hold that cell site location information is within the subscriber's reasonable expectation of privacy. The obtaining of that data without a warrant is a Fourth Amendment violation.
  •  
    11th U.S. Circuit Court of Appeals (Southeastern U.S.) holds that section 2703(d) of the Stored Communications Act, which purports to allow the obtaining of a search warrant without a showing of probable cause, violates the 4th Amendment warrant requirement as applied to cell tower "site location information." That should also apply to "fake" cell towers, like the Stingray device (IMSI catcher) used to obtain the same type of information. Likely doubly so because such devices trespass on a radio connection assigned by the FCC between the legitimate cell tower and the user's telephone.
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 0 views

  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

Court Limits Police 'StingRay' Cell Phone Tracking for the First Time | Motherboard - 0 views

  • The  Florida Supreme Court has ruled that warrantless tracking of people's location using their cell phone signal is unconstitutional, a move that could have far-reaching consequences and suggests that the most common use of police surveillance tools called StingRays is illegal. The StingRay, if you aren't familiar, is essentially a fake cell phone tower that is used by at least 45 branches of law enforcement in the United States to track criminal suspects (the UK uses them as well). But the way it works—as a cell tower spoofer—means that, by design, all cell phones within a certain geographical area will connect to it, meaning police are sweeping up location information about everyone nearby.
  • When police have access to StingRays, they use them often: In 2011, the Los Angeles Police Department used it for 340 different investigations; in Tallahassee, Fla., police used them for 250 investigations between 2007 and 2014. Most often, tracking of specific suspects is done without a warrant. StingRays aren't at the heart of Thursday's Florida Supreme Court Decision; warrantless cell phone location tracking is, according to court justice Jorge Labarga's opinion. Nonetheless, the most common use of StingRays would fall under his decision.
  • In this instance, a suspected cocaine dealer, Shawn Tracey, was tracked in 2007 by police without a warrant. Labarga said this was a violation of the Fourth Amendment. "Regardless of Tracey's location on public roads, the use of his cell site location information emanating from his cell phone in order to track him in real time was a search within the purview of the Fourth Amendment for which probable cause was required," Labarga wrote. No matter where you are, you're giving your location data to third parties: Facebook, Google, all manner of apps you've opted into. But that doesn't give police or the government in general permission to scrape that data or con you into giving it to them, he suggested.
  • ...2 more annotations...
  • "While a person may voluntarily convey personal information to a business or other entity for personal purposes, such disclosure cannot reasonably be considered to be disclosure for all purposes to third parties not involved in that transaction," he wrote. "Requiring a cell phone user to turn off the cell phone just to assure privacy from governmental intrusion that can reveal a detailed and intimate picture of the user's life places an unreasonable burden on the user to forego necessary use of his cell phone, a device now considered essential by much of the populace," he continued. Again, this decision only counts in Florida for the time being, but it's the first time a high court has ruled, based on the US Constitution, that the practice is illegal, and it sets a strong precedent for future cases. Previously, New Jersey and Massachusetts made similar rulings using their state constitutions.
  • "It's a great decision, and it's a big deal," Nate Wessler, a staff attorney with the American Civil Liberties Union, told me. "The way the court's decision is written, it would apply to most StingRay use." Wessler said that while this is a huge decision, it's not clear yet if all StingRay use—warrant or not—may one day be ruled unconstitutional. The ruling simply hasn't been tested yet. "It's an unanswered question, but the devices wrap up innocent people, which looks like a dragnet search that's not legal under the Fourth Amendment," he said. "Even if they're tracking a specific suspect, they're getting info about every bystander. That's a concern."
Paul Merrell

Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahama... - 0 views

  • The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas. According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month. SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called “metadata” – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country.
  • All told, the NSA is using MYSTIC to gather personal data on mobile calls placed in countries with a combined population of more than 250 million people. And according to classified documents, the agency is seeking funding to export the sweeping surveillance capability elsewhere. The program raises profound questions about the nature and extent of American surveillance abroad. The U.S. intelligence community routinely justifies its massive spying efforts by citing the threats to national security posed by global terrorism and unpredictable rival nations like Russia and Iran. But the NSA documents indicate that SOMALGET has been deployed in the Bahamas to locate “international narcotics traffickers and special-interest alien smugglers” – traditional law-enforcement concerns, but a far cry from derailing terror plots or intercepting weapons of mass destruction.
  • By targeting the Bahamas’ entire mobile network, the NSA is intentionally collecting and retaining intelligence on millions of people who have not been accused of any crime or terrorist activity. Nearly five million Americans visit the country each year, and many prominent U.S. citizens keep homes there, including Sen. Tom Harkin (D-Iowa), Bill Gates, and Oprah Winfrey.
  • ...12 more annotations...
  • The Intercept has confirmed that as of 2013, the NSA was actively using MYSTIC to gather cell-phone metadata in five countries, and was intercepting voice data in two of them. Documents show that the NSA has been generating intelligence reports from MYSTIC surveillance in the Bahamas, Mexico, Kenya, the Philippines, and one other country, which The Intercept is not naming in response to specific, credible concerns that doing so could lead to increased violence. The more expansive full-take recording capability has been deployed in both the Bahamas and the unnamed country. MYSTIC was established in 2009 by the NSA’s Special Source Operations division, which works with corporate partners to conduct surveillance. Documents in the Snowden archive describe it as a “program for embedded collection systems overtly installed on target networks, predominantly for the collection and processing of wireless/mobile communications networks.”
  • If an entire nation’s cell-phone calls were a menu of TV shows, MYSTIC would be a cable programming guide showing which channels offer which shows, and when. SOMALGET would be the DVR that automatically records every show on every channel and stores them for a month. MYSTIC provides the access; SOMALGET provides the massive amounts of storage needed to archive all those calls so that analysts can listen to them at will after the fact. According to one NSA document, SOMALGET is “deployed against entire networks” in the Bahamas and the second country, and processes “over 100 million call events per day.”
  • When U.S. drug agents need to tap a phone of a suspected drug kingpin in another country, they call up their counterparts and ask them set up an intercept. To facilitate those taps, many nations – including the Bahamas – have hired contractors who install and maintain so-called lawful intercept equipment on their telecommunications. With SOMALGET, it appears that the NSA has used the access those contractors developed to secretly mine the country’s entire phone system for “signals intelligence” –recording every mobile call in the country. “Host countries,” the document notes, “are not aware of NSA’s SIGINT collection.” “Lawful intercept systems engineer communications vulnerabilities into networks, forcing the carriers to weaken,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “Host governments really should be thinking twice before they accept one of these Trojan horses.”
  • The DEA has long been in a unique position to help the NSA gain backdoor access to foreign phone networks. “DEA has close relationships with foreign government counterparts and vetted foreign partners,” the manager of the NSA’s drug-war efforts reported in a 2004 memo. Indeed, with more than 80 international offices, the DEA is one of the most widely deployed U.S. agencies around the globe. But what many foreign governments fail to realize is that U.S. drug agents don’t confine themselves to simply fighting narcotics traffickers. “DEA is actually one of the biggest spy operations there is,” says Finn Selander, a former DEA special agent who works with the drug-reform advocacy group Law Enforcement Against Prohibition. “Our mandate is not just drugs. We collect intelligence.” What’s more, Selander adds, the NSA has aided the DEA for years on surveillance operations. “On our reports, there’s drug information and then there’s non-drug information,” he says. “So countries let us in because they don’t view us, really, as a spy organization.”
  • When U.S. drug agents wiretap a country’s phone networks, they must comply with the host country’s laws and work alongside their law enforcement counterparts. “The way DEA works with our allies – it could be Bahamas or Jamaica or anywhere – the host country has to invite us,” says Margolis. “We come in and provide the support, but they do the intercept themselves.” The Bahamas’ Listening Devices Act requires all wiretaps to be authorized in writing either by the minister of national security or the police commissioner in consultation with the attorney general. The individuals to be targeted must be named. Under the nation’s Data Protection Act, personal data may only be “collected by means which are both lawful and fair in the circumstances of the case.” The office of the Bahamian data protection commissioner, which administers the act, said in a statement that it “was not aware of the matter you raise.” Countries like the Bahamas don’t install lawful intercepts on their own. With the adoption of international standards, a thriving market has emerged for private firms that are contracted by foreign governments to install and maintain lawful intercept equipment. Currently valued at more than $128 million, the global market for private interception services is expected to skyrocket to more than $970 million within the next four years, according to a 2013 report from the research firm Markets and Markets.
  • The proliferation of private contractors has apparently provided the NSA with direct access to foreign phone networks. According to the documents, MYSTIC draws its data from “collection systems” that were overtly installed on the telecommunications systems of targeted countries, apparently by corporate “partners” cooperating with the NSA. One NSA document spells out that “the overt purpose” given for accessing foreign telecommunications systems is “for legitimate commercial service for the Telco’s themselves.” But the same document adds: “Our covert mission is the provision of SIGINT,” or signals intelligence.
  • According to the NSA documents, MYSTIC targets calls and other data transmitted on  Global System for Mobile Communications networks – the primary framework used for cell phone calls worldwide. In the Philippines, MYSTIC collects “GSM, Short Message Service (SMS) and Call Detail Records” via access provided by a “DSD asset in a Philippine provider site.” (The DSD refers to the Defence Signals Directorate, an arm of Australian intelligence. The Australian consulate in New York declined to comment.) The operation in Kenya is “sponsored” by the CIA, according to the documents, and collects “GSM metadata with the potential for content at a later date.” The Mexican operation is likewise sponsored by the CIA. The documents don’t say how or under what pretenses the agency is gathering call data in those countries. In the Bahamas, the documents say, the NSA intercepts GSM data that is transmitted over what is known as the “A link”–or “A interface”–a core component of many mobile networks. The A link transfers data between two crucial parts of GSM networks – the base station subsystem, where phones in the field communicate with cell towers, and the network subsystem, which routes calls and text messages to the appropriate destination. “It’s where all of the telephone traffic goes,” says the former engineer.
  • “I seriously don’t think that would be your run-of-the-mill legal interception equipment,” says the former engineer, who worked with hardware and software that typically maxed out at 1,000 intercepts. The NSA, by contrast, is recording and storing tens of millions of calls – “mass surveillance,” he observes, that goes far beyond the standard practices for lawful interception recognized around the world. The Bahamas Telecommunications Company did not respond to repeated phone calls and emails.
  • If the U.S. government wanted to make a case for surveillance in the Bahamas, it could point to the country’s status as a leading haven for tax cheats, corporate shell games, and a wide array of black-market traffickers. The State Department considers the Bahamas both a “major drug-transit country” and a “major money laundering country” (a designation it shares with more than 60 other nations, including the U.S.). According to the International Monetary Fund, as of 2011 the Bahamas was home to 271 banks and trust companies with active licenses. At the time, the Bahamian banks held $595 billion in U.S. assets. But the NSA documents don’t reflect a concerted focus on the money launderers and powerful financial institutions – including numerous Western banks – that underpin the black market for narcotics in the Bahamas. Instead, an internal NSA presentation from 2013 recounts with pride how analysts used SOMALGET to locate an individual who “arranged Mexico-to-United States marijuana shipments” through the U.S. Postal Service.
  • The presentation doesn’t say whether the NSA shared the information with the DEA. But the drug agency’s Special Operations Divison has come under fire for improperly using classified information obtained by the NSA to launch criminal investigations – and then creating false narratives to mislead courts about how the investigations began. The tactic – known as parallel construction – was first reported by Reuters last year, and is now under investigation by the Justice Department’s inspector general. So: Beyond a desire to bust island pot dealers, why would the NSA choose to apply a powerful collection tool such as SOMALGET against the Bahamas, which poses virtually no threat to the United States? The answer may lie in a document that characterizes the Bahamas operation as a “test bed for system deployments, capabilities, and improvements” to SOMALGET. The country’s small population – fewer than 400,000 residents – provides a manageable sample to try out the surveillance system’s features. Since SOMALGET is also operational in one other country, the Bahamas may be used as a sort of guinea pig to beta-test improvements and alterations without impacting the system’s operations elsewhere. “From an engineering point of view it makes perfect sense,” says the former engineer. “Absolutely.”
  • SOMALGET operates under Executive Order 12333, a Reagan-era rule establishing wide latitude for the NSA and other intelligence agencies to spy on other countries, as long as the attorney general is convinced the efforts are aimed at gathering foreign intelligence. In 2000, the NSA assured Congress that all electronic surveillance performed under 12333 “must be conducted in a manner that minimizes the acquisition, retention, and dissemination of information about unconsenting U.S. persons.” In reality, many legal experts point out, the lack of judicial oversight or criminal penalties for violating the order render the guidelines meaningless. “I think it would be open, whether it was legal or not,” says German, the former FBI agent. “Because we don’t have all the facts about how they’re doing it. For a long time, the NSA has been interpreting their authority in the broadest possible way, even beyond what an objective observer would say was reasonable.” “An American citizen has Fourth Amendment rights wherever they are,” adds Kurt Opsahl, an attorney with the Electronic Frontier Foundation. “Nevertheless, there have certainly been a number of things published over the last year which suggest that there are broad, sweeping programs that the NSA and other government agencies are doing abroad that sweep up the communications of Americans.”
  • Legal or not, the NSA’s covert surveillance of an entire nation suggests that it will take more than the president’s tepid “limits” to rein in the ambitions of the intelligence community. “It’s almost like they have this mentality – if we can, we will,” says German. “There’s no analysis of the long-term risks of doing it, no analysis of whether it’s actually worth the effort, no analysis of whether we couldn’t take those resources and actually put them on real threats and do more good.” It’s not surprising, German adds, that the government’s covert program in the Bahamas didn’t remain covert. “The undermining of international law and international cooperation is such a long-term negative result of these programs that they had to know would eventually be exposed, whether through a leak, whether through a spy, whether through an accident,” he says. “Nothing stays secret forever. It really shows the arrogance of these agencies – they were just going to do what they were going to do, and they weren’t really going to consider any other important aspects of how our long-term security needs to be addressed.”
  •  
    Words fail me.
Paul Merrell

FBI says search warrants not needed to use "stingrays" in public places | Ars Technica - 0 views

  • The Federal Bureau of Investigation is taking the position that court warrants are not required when deploying cell-site simulators in public places. Nicknamed "stingrays," the devices are decoy cell towers that capture locations and identities of mobile phone users and can intercept calls and texts. The FBI made its position known during private briefings with staff members of Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Sen. Chuck Grassley (R-Iowa). In response, the two lawmakers wrote Attorney General Eric Holder and Homeland Security chief Jeh Johnson, maintaining they were "concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests" of Americans. According to the letter, which was released last week: For example, we understand that the FBI’s new policy requires FBI agents to obtain a search warrant whenever a cell-site simulator is used as part of a FBI investigation or operation, unless one of several exceptions apply, including (among others): (1) cases that pose an imminent danger to public safety, (2) cases that involve a fugitive, or (3) cases in which the technology is used in public places or other locations at which the FBI deems there is no reasonable expectation of privacy.
  • The letter was prompted in part by a Wall Street Journal report in November that said the Justice Department was deploying small airplanes equipped with cell-site simulators that enabled "investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location." The bureau's position on Americans' privacy isn't surprising. The Obama Administration has repeatedly maintained that the public has no privacy in public places. It began making that argument as early as 2010, when it told a federal appeals court that the authorities should be allowed to affix GPS devices on vehicles and track a suspect's every move without court authorization. The Supreme Court, however, eventually ruled that warrants are required. What's more, the administration has argued that placing a webcam with pan-and-zoom capabilities on a utility pole to spy on a suspect at his or her residence was no different from a police officer's observation from the public right-of-way. A federal judge last month disagreed with the government's position, tossing evidence gathered by the webcam that was operated from afar.
  • In their letter, Leahy and Grassley complained that little is known about how stingrays, also known as ISMI catchers, are used by law enforcement agencies. The Harris Corp., a maker of the devices from Florida, includes non-disclosure clauses with buyers. Baltimore authorities cited a non-disclosure agreement to a judge in November as their grounds for refusing to say how they tracked a suspect's mobile phone. They eventually dropped charges rather than disclose their techniques. Further, sometimes the authorities simply lie to judges about their use or undertake other underhanded methods to prevent the public from knowing that the cell-site simulators are being used.
  • ...1 more annotation...
  • Hanni Fakhoury, an attorney for the Electronic Frontier Foundation, said some states and judges are pushing back against stingrays. "In Tacoma, judges now require police (to) specifically note they plan to use an IMSI catcher and promise not to store data collected from people who are not investigation targets," he said. "The Florida and Massachusetts state supreme courts ruled warrants were necessary for real-time cell phone tracking. Nine states—Colorado, Illinois, Indiana, Maryland, Minnesota, Tennessee, Utah, Virginia, and Wisconsin—passed laws specifically requiring police to use a warrant to track a cell phone in real time."
  •  
    Is there any problem here that couldn't be cured by discharge and public flogging for any government official caught using information derived from a stingray?
Paul Merrell

The US government doesn't want you to know the cops are tracking you | Trevor Timm | Co... - 0 views

  • All across America, from Florida to Colorado and back again, the country's increasingly militarized local police forces are using a secretive technology to vacuum up cellphone data from entire neighborhoods – including from people inside their own homes – almost always without a warrant. This week, numerous investigations by major news agencies revealed the US government is now taking unbelievable measures to make sure you never find out about it. But a landmark court ruling for privacy could soon force the cops to stop, even as the Obama administration fights to keep its latest tool for mass surveillance a secret.So-called International Mobile Subscriber Identity (IMSI) catchers – more often called their popular brand name, "Stingray" – have long been the talk of the civil liberties crowd, for the indiscriminate and invasive way these roving devices conduct surveillance. Essentially, Stingrays act as fake cellphone towers (usually mounted in a mobile police truck) that police can point toward any given area and force every phone in the area to connect to it. So even if you're not making a call, police can find out who you've been calling, and for how long, as well as your precise location. As Nathan Freed Wessler of the ACLU explained on Thursday, "In one Florida case, a police officer explained in court that he 'quite literally stood in front of every door and window' with his stingray to track the phones inside a large apartment complex."
  • Yet these mass surveillance devices have largely stayed out of the public eye, thanks to the federal government and local police refusing to disclose they're using them in the first place – sometimes, shockingly, even to judges. As the Associated Press reported this week, the Obama administration has been telling local cops to keep information on Stingrays secret from members of the news media, even when it seems like local public records laws would mandate their disclosure. The AP noted:Federal involvement in local open records proceedings is unusual. It comes at a time when President Barack Obama has said he welcomes a debate on government surveillance and called for more transparency about spying in the wake of disclosures about classified federal surveillance programs.
  • Some of the government's tactics to hide Stingray from journalists and the public have been downright disturbing. After the ACLU had filed a records request for information on Stingrays, the local police force initially told them that, yes, they had the documents and to come on down to the station to look at them. But just before an ACLU rep was due to arrive, US Marshals seized the records and hid them away at another location, in what Wessler describes as "a blatant violation of state open-records laws".The federal government has used various other tactics around the country to prevent disclosure of similar information.USA Today also published a significant nationwide investigation about the Stingray problem, as well as what are known as "cellphone tower dumps". When police agencies don't have Stingrays at their disposal, they can go to cell phone providers to get the cellphone location information of everyone who has connected to a specific cell tower (which inevitably includes thousands of innocent people). The paper's John Kelly reported that one Colorado case shows cellphone tower dumps got police "'cellular telephone numbers, including the date, time and duration of any calls,' as well as numbers and location data for all phones that connected to the towers searched, whether calls were being made or not."
  • ...3 more annotations...
  • It's scary enough to think that the NSA is collecting so much information, but this mass location and metadata tracking at the local level all may be about to change. This week, the ACLU won a historic victory in the 11th Circuit Court of Appeals (serving Florida, Alabama and Georgia), which ruled that police need to get a warrant from a judge before extracting from your cellphone the location data obtained by way of a cell tower. This ruling will apply whether cops are going after one person, the whole tower and, one can assume, Stingrays. (The case was also argued by the aforementioned Wessler, who clearly is this month’s civil liberties Most Valuable Player.)This case has huge implications, and not just for the Stingrays secretly being used in Florida. It virtually guarantees the US supreme court will soon have to tackle the larger cellphone location question in some form – and whether police across the country have to finally start getting a warrant to find out where your precise location for days or weeks at a time. But as Stanford law professor Jennifer Granick wrote on Friday, it could also have an impact on NSA spying, which relies on the theory that indiscriminately collecting metadata is fair game until a court says otherwise.
  • You may be asking: how, exactly, are the local cops getting their hands on such advanced military technology? Well, the feds are, in many cases, giving away the technology for free. When the US government is not loaning police agencies their own Stingrays, the Defense Department and Homeland Security are giving federal grants to cops, which allow departments to purchase the gear at the cost of $400,000 a pop from defense contractors like Harris Corporation, which makes the Stingray brand.
  • Like Stingrays, and the NSA's phone dragnet before them, the militarization of America's local cops is a phenomenon that's only now getting widespread attention. As journalist Radley Balko, who wrote a seminal book on the subject two years ago, said this week, the Obama administration could easily limit these tactics to "cases of legitimate national security" – but has clearly chosen not to.No matter how much President Obama talks about how he has "maintained a healthy skepticism toward our surveillance programs", it seems the Most Transparent Administration in American History™ remains much more interested in maintaining a healthy, top-secret surveillance state.
Paul Merrell

Civil Rights Coalition files FCC Complaint Against Baltimore Police Department for Ille... - 0 views

  • This week the Center for Media Justice, ColorOfChange.org, and New America’s Open Technology Institute filed a complaint with the Federal Communications Commission alleging the Baltimore police are violating the federal Communications Act by using cell site simulators, also known as Stingrays, that disrupt cellphone calls and interfere with the cellular network—and are doing so in a way that has a disproportionate impact on communities of color. Stingrays operate by mimicking a cell tower and directing all cellphones in a given area to route communications through the Stingray instead of the nearby tower. They are especially pernicious surveillance tools because they collect information on every single phone in a given area—not just the suspect’s phone—this means they allow the police to conduct indiscriminate, dragnet searches. They are also able to locate people inside traditionally-protected private spaces like homes, doctors’ offices, or places of worship. Stingrays can also be configured to capture the content of communications. Because Stingrays operate on the same spectrum as cellular networks but are not actually transmitting communications the way a cell tower would, they interfere with cell phone communications within as much as a 500 meter radius of the device (Baltimore’s devices may be limited to 200 meters). This means that any important phone call placed or text message sent within that radius may not get through. As the complaint notes, “[d]epending on the nature of an emergency, it may be urgently necessary for a caller to reach, for example, a parent or child, doctor, psychiatrist, school, hospital, poison control center, or suicide prevention hotline.” But these and even 911 calls could be blocked.
  • The Baltimore Police Department could be among the most prolific users of cell site simulator technology in the country. A Baltimore detective testified last year that the BPD used Stingrays 4,300 times between 2007 and 2015. Like other law enforcement agencies, Baltimore has used its devices for major and minor crimes—everything from trying to locate a man who had kidnapped two small children to trying to find another man who took his wife’s cellphone during an argument (and later returned it). According to logs obtained by USA Today, the Baltimore PD also used its Stingrays to locate witnesses, to investigate unarmed robberies, and for mysterious “other” purposes. And like other law enforcement agencies, the Baltimore PD has regularly withheld information about Stingrays from defense attorneys, judges, and the public. Moreover, according to the FCC complaint, the Baltimore PD’s use of Stingrays disproportionately impacts African American communities. Coming on the heels of a scathing Department of Justice report finding “BPD engages in a pattern or practice of conduct that violates the Constitution or federal law,” this may not be surprising, but it still should be shocking. The DOJ’s investigation found that BPD not only regularly makes unconstitutional stops and arrests and uses excessive force within African-American communities but also retaliates against people for constitutionally protected expression, and uses enforcement strategies that produce “severe and unjustified disparities in the rates of stops, searches and arrests of African Americans.”
  • Adding Stingrays to this mix means that these same communities are subject to more surveillance that chills speech and are less able to make 911 and other emergency calls than communities where the police aren’t regularly using Stingrays. A map included in the FCC complaint shows exactly how this is impacting Baltimore’s African-American communities. It plots hundreds of addresses where USA Today discovered BPD was using Stingrays over a map of Baltimore’s black population based on 2010 Census data included in the DOJ’s recent report:
  • ...2 more annotations...
  • The Communications Act gives the FCC the authority to regulate radio, television, wire, satellite, and cable communications in all 50 states, the District of Columbia and U.S. territories. This includes being responsible for protecting cellphone networks from disruption and ensuring that emergency calls can be completed under any circumstances. And it requires the FCC to ensure that access to networks is available “to all people of the United States, without discrimination on the basis of race, color, religion, national origin, or sex.” Considering that the spectrum law enforcement is utilizing without permission is public property leased to private companies for the purpose of providing them next generation wireless communications, it goes without saying that the FCC has a duty to act.
  • But we should not assume that the Baltimore Police Department is an outlier—EFF has found that law enforcement has been secretly using stingrays for years and across the country. No community should have to speculate as to whether such a powerful surveillance technology is being used on its residents. Thus, we also ask the FCC to engage in a rule-making proceeding that addresses not only the problem of harmful interference but also the duty of every police department to use Stingrays in a constitutional way, and to publicly disclose—not hide—the facts around acquisition and use of this powerful wireless surveillance technology.  Anyone can support the complaint by tweeting at FCC Commissioners or by signing the petitions hosted by Color of Change or MAG-Net.
  •  
    An important test case on the constitutionality of stingray mobile device surveillance.
Gary Edwards

Take A Break From The Snowden Drama For A Reminder Of What He's Revealed So Far - Forbes - 0 views

  • Here’s a recap of Snowden’s leaked documents published so far, in my own highly subjective order of importance.
  • The publication of Snowden’s leaks began with a top secret order from the Foreign Intelligence Surveillance Court (FISC) sent to Verizon on behalf of the NSA, demanding the cell phone records of all of Verizon Business Network Services’ American customers for the three month period ending in July. The order, obtained by the Guardian, sought only the metadata of those millions of users’ calls–who called whom when and from what locations–but specifically requested Americans’ records, disregarding foreigners despite the NSA’s legal restrictions that it may only surveil non-U.S. persons. Senators Saxby Chambliss and Diane Feinstein defended the program and said it was in fact a three-month renewal of surveillance practices that had gone for seven years.
  • In a congressional hearing, NSA director Keith Alexander argued that the kind of surveillance of Americans’ data revealed in that Verizon order was necessary to for archiving purposes, but was rarely accessed and only with strict oversight from Foreign Intelligence Surveillance Court judges. But another secret document published by the Guardian revealed the NSA’s own rules for when it makes broad exceptions to its foreign vs. U.S. persons distinction, accessing Americans’ data and holding onto it indefinitely. Those exceptions include anytime Americans’ data is judged to be “significant foreign intelligence” information or information about a crime that has been or is about to be committed, any data “involved in the unauthorized disclosure of national security information,” or necessary to “assess a communications security vulnerability.” Any encrypted data that the NSA wants to crack can also be held indefinitely, regardless of whether its American or foreign origin.
  • ...6 more annotations...
  • Another leaked slide deck revealed a software tool called Boundless Informant, which the NSA appears to use for tracking the origin of data it collects. The leaked materials included a map produced by the program showing the frequency of data collection in countries around the world. While Iran, Pakistan and Jordan appeared to be the most surveilled countries according to the map, it also pointed to significant data collection from the United States.
  • A leaked executive order from President Obama shows the administration asked intelligence agencies to draw up a list of potential offensive cyberattack targets around the world. The order, which suggests targeting “systems, processes and infrastructure” states that such offensive hacking operations “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” The order followed repeated accusations by the U.S. government that China has engaged in state-sponsored hacking operations, and was timed just a day before President Obama’s summit with Chinese President Xi Jinping.
  • Documents leaked to the Guardian revealed a five-year-old British intelligence scheme to tap transatlantic fiberoptic cables to gather data. A program known as Tempora, created by the U.K.’s NSA equivalent Government Communications Headquarters (GCHQ) has for the last 18 months been able to store huge amounts of that raw data for up to 30 days. Much of the data is shared with the NSA, which had assigned 250 analysts to sift through it as of May of last year.
  • Another GCHQ project revealed to the Guardian through leaked documents intercepted the communications of delegates to the G20 summit of world leaders in London in 2009. The scheme included monitoring the attendees’ phone calls and emails by accessing their Blackberrys, and even setting up fake Internet cafes that used keylogging software to surveil them.
  • Snowden showed the Hong Kong newspaper the South China Morning Post documents that it said outlined extensive hacking of Chinese and Hong Kong targets by the NSA since 2009, with 61,000 targets globally and “hundreds” in China. Other SCMP stories based on Snowden’s revelations stated that the NSA had gained access to the Chinese fiberoptic network operator Pacnet as well as Chinese mobile phone carriers, and had gathered large quantities of Chinese SMS messages.
  • The Guardian’s Glenn Greenwald has said that Snowden provided him “thousands” of documents, of which “dozens” are newsworthy. And Snowden himself has said he’d like to expose his trove of leaks to the global media so that each country’s reporters can decide whether “U.S. network operations against their people should be published.” So regardless of where Snowden ends up, expect more of his revelations to follow.
  •  
    Nice tight summary
Paul Merrell

Justice Dept. to Require Warrants for Some Cellphone Tracking - The New York Times - 0 views

  • The Justice Department will regularly require federal agents to seek warrants before using secretive equipment that can locate and track cellphones, the agency announced Thursday, the first regulations on an increasingly controversial technology.The new policy, which also limits what information may be collected and how long it can be stored, puts a measure of judicial oversight on a technology that was designed to hunt terrorists overseas but has become a popular tool among federal agents and local police officers for fighting crime.Civil libertarians have expressed grave privacy concerns about the technology’s proliferation, but the new Justice Department policies do not apply to local police forces.
  • The device, commonly called a cell-site simulator or StingRay, tricks cellphones into connecting with it by acting like a cell tower, allowing the authorities to determine the location of a tracked phone. In doing so, however, the equipment also connects with all other phones in the area, allowing investigators to collect information on people not suspected of any crime.The device is also capable of capturing calls, text messages, emails and other data. Until Thursday’s regulations, the rules for the use of that information and the duration it could be kept had not been detailed and varied across the department’s offices and agencies.
  •  
    A policy is not a law. DoJ is trying to spread some tanglefoot for civil liberties organizations that are prepping litigation over unfettered abuse of Stingray devices by federal, state, and local officials. Warrantless use of Stingrays has been severely undermined by recent Supreme Court rulings, notably U.S. v. Jones and Riley v. California.
Paul Merrell

Bulk Collection Under Section 215 Has Ended… What's Next? | Just Security - 0 views

  • The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”
  • But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.
  • There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.
  • ...2 more annotations...
  • The US intelligence community’s broadest surveillance authorities are enshrined in Executive Order 12333, which primarily covers the interception of electronic communications overseas. The Order authorizes the collection, retention, and dissemination of “foreign intelligence” information, which includes information “relating to the capabilities, intentions or activities of foreign powers, organizations or persons.” In other words, so long as they are operating outside the US, intelligence agencies are authorized to collect information about any foreign person — and, of course, any Americans with whom they communicate. The NSA has conceded that EO 12333 is the basis of most of its surveillance. While public information about these programs is limited, a few highlights give a sense of the breadth of EO 12333 operations: The NSA gathers information about every cell phone call made to, from, and within the Bahamas, Mexico, Kenya, the Philippines, and Afghanistan, and possibly other countries. A joint US-UK program tapped into the cables connecting internal Yahoo and Google networks to gather e-mail address books and contact lists from their customers. Another US-UK collaboration collected images from video chats among Yahoo users and possibly other webcam services. The NSA collects both the content and metadata of hundreds of millions of text messages from around the world. By tapping into the cables that connect global networks, the NSA has created a database of the location of hundreds of millions of mobile phones outside the US.
  • Given its scope, EO 12333 is clearly critical to those seeking serious surveillance reform. The path to reform is, however, less clear. There is no sunset provision that requires action by Congress and creates an opportunity for exposing privacy risks. Even in the unlikely event that Congress was inclined to intervene, it would have to address questions about the extent of its constitutional authority to regulate overseas surveillance. To the best of my knowledge, there is no litigation challenging EO 12333 and the government doesn’t give notice to criminal defendants when it uses evidence derived from surveillance under the order, so the likelihood of a court ruling is slim. The Privacy and Civil Liberties Oversight Board is currently reviewing two programs under EO 12333, but it is anticipated that much of its report will be classified (although it has promised a less detailed unclassified version as well). While the short-term outlook for additional surveillance reform is challenging, from a longer-term perspective, the distinctions that our law makes between Americans and non-Americans and between domestic and foreign collection cannot stand indefinitely. If the Fourth Amendment is to meaningfully protect Americans’ privacy, the courts and Congress must come to grips with this reality.
Paul Merrell

New York Police Have Used Stingrays Widely, New Documents Show - 0 views

  • The NYPD has used cell-site simulators, commonly known as Stingrays, more than 1,000 times since 2008, according to documents turned over to the New York Civil Liberties Union. The documents represent the first time the department has acknowledged using the devices. The NYPD also disclosed that it does not get a warrant before using a Stingray, which sweeps up massive amounts of data. Instead, the police obtain a “pen register order” from a court, more typically used to collect call data for a specific phone. Those orders do not require the police to establish probable cause. Additionally, the NYPD has no written policy guidelines on the use of Stingrays. Stingrays work by imitating cellphone towers. They force all nearby phones to connect to them, revealing the owners’ locations. That means they collect data on potentially hundreds of people. They are small enough to fit in a suitcase, or be mounted on a plane.
  • When they were originally developed in 2003, Stingrays were designed for military use. But in the past decade, they have increasingly been purchased by law enforcement agencies. According to the ACLU, Stingrays are used by at least 59 police departments in 23 states, and at least 13 federal agencies, including the DEA, FBI, and the IRS. Because most departments withhold information about Stingrays, these numbers likely underrepresent the total.
  • Stingrays have long been a topic of concern for privacy activists. “Cell-site simulators are powerful surveillance devices that can track people, including in their homes, and collect information on innocent bystanders,” said Mariko Hirose, a senior staff attorney at the NYCLU.  “If they are going to be used in communities the police should at minimum obtain a warrant and follow written policies.” Instead, law enforcement agencies have fought to keep Stingrays secret, even dropping criminal cases to avoid disclosing anything about them. The FBI has forced local police agencies to sign Stingray-related non-disclosure agreements, claiming that criminals and terrorists who know about Stingrays could take countermeasures against them. The increasing use of Stingrays, coupled with the lack of transparency, has alarmed civil liberties groups. “I think it’s critical to have transparency about the use of technology like Stingrays,” said Faiza Patel, an attorney with the Brennan Center for Justice. “That’s what allows courts, the public, and our elected officials to weigh in on the proper rules.”
  • ...1 more annotation...
  • In September, the Department of Justice issued guidelines requiring its officers to seek probable cause warrants before using a Stingray. But the guidelines only applied to federal law enforcement agencies, not to state and local police, who have fought such a change. In one ongoing court case, the state of Maryland has argued that anyone who turns on their phone consents to having his or her location tracked. In November, Senator Ron Wyden, D-Ore., and Rep. Jason Chaffetz, R-Utah, introduced the GPS Act, a bill that would extend the Department of Justice’s guidelines to all law enforcement agencies. “Buying a smartphone shouldn’t be interpreted as giving the government a free pass to track your movements,” Wyden said.
Paul Merrell

Senators accuse government of using 'secret law' to collect Americans' data | World new... - 0 views

  • A bipartisan group of 26 US senators has written to intelligence chiefs to complain that the administration is relying on a "secret body of law" to collect massive amounts of data on US citizens.The senators accuse officials of making misleading statements and demand that the director of national intelligence James Clapper answer a series of specific questions on the scale of domestic surveillance as well as the legal justification for it.In their strongly-worded letter to Clapper, the senators said they believed the government may be misinterpreting existing legislation to justify the sweeping collection of telephone and internet data revealed by the Guardian."We are concerned that by depending on secret interpretations of the Patriot Act that differed from an intuitive reading of the statute, this program essentially relied for years on a secret body of law," they say.
  • "This and misleading statements by intelligence officials have prevented our constituents from evaluating the decisions that their government was making, and will unfortunately undermine trust in government more broadly."This is the strongest attack yet from Congress since the disclosures began, and comes after Clapper admitted he had given "the least untruthful answer possible" when pushed on these issues by Senators at a hearing before the latest revelations by the Guardian and the Washington Post.In a press statement, the group of senators added: "The recent public disclosures of secret government surveillance programs have exposed how secret interpretations of the USA Patriot Act have allowed for the bulk collection of massive amounts of data on the communications of ordinary Americans with no connection to wrongdoing."
  • They said: "Reliance on secret law to conduct domestic surveillance activities raises serious civil liberty concerns and all but removes the public from an informed national security and civil liberty debate." A spokesman for the office of the director of national intelligence (ODNI) acknowledged the letter. "The ODNI received a letter from 26 senators this morning requesting further engagement on vital intelligence programs recently disclosed in the media, which we are still evaluating. The intelligence and law enforcement communities will continue to work with all members of Congress to ensure the proper balance of privacy and protection for American citizens."The letter was organised by Oregan Democrat Ron Wyden, a member of the intelligence committee, but includes four Republican senators: Mark Kirk, Mike Lee, Lisa Murkowski and Dean Heller.
  • ...3 more annotations...
  • The senators said they were seeking public answers to the following questions in order to give the American people the information they need to conduct an informed public debate. The specific questions include:• How long has the NSA used Patriot Act authorities to engage in bulk collection of Americans' records? Was this collection underway when the law was reauthorized in 2006?• Has the NSA used USA Patriot Act authorities to conduct bulk collection of any other types of records pertaining to Americans, beyond phone records?• Has the NSA collected or made any plans to collect Americans' cell-site location data in bulk?• Have there been any violations of the court orders permitting this bulk collection, or of the rules governing access to these records? If so, please describe these violations.
  • They ask Clapper to publicly provide information about the duration and scope of the program and provide examples of its effectiveness in providing unique intelligence, if such examples exist.The senators also expressed their concern that the program itself has a significant impact on the privacy of law-abiding Americans and that the Patriot Act could be used for the bulk collection of records beyond phone metadata."The Patriot Act's 'business records' authority can be used to give the government access to private financial, medical, consumer and firearm sales records, among others," said a press statement.In addition to raising concerns about the law's scope, the senators noted that keeping the official interpretation of the law secret and the instances of misleading public statements from executive branch officials prevented the American people from having an informed public debate about national security and domestic surveillance.
  • A bipartisan group of 26 US senators has written to intelligence chiefs to complain that the administration is relying on a "secret body of law" to collect massive amounts of data on US citizens.The senators accuse officials of making misleading statements and demand that the director of national intelligence James Clapper answer a series of specific questions on the scale of domestic surveillance as well as the legal justification for it.In their strongly-worded letter to Clapper, the senators said they believed the government may be misinterpreting existing legislation to justify the sweeping collection of telephone and internet data revealed by the Guardian."We are concerned that by depending on secret interpretations of the Patriot Act that differed from an intuitive reading of the statute, this program essentially relied for years on a secret body of law," they say."This and misleading statements by intelligence officials have prevented our constituents from evaluating the decisions that their government was making, and will unfortunately undermine trust in government more broadly."
Paul Merrell

Privacy Day | ACLU of Oregon - 0 views

  • Help strengthen Oregon's privacy protections and limit the use of dragnet surveillance. We are advocating for:•    SB 339 - Strict guidelines for the use of automatic license plate readers (ALPR) •    SB 640 - A warrant requirement to access email, phone, and location records •    SB 641 - A warrant requirement to search cell phones Advances in technology have made it too easy for law enforcement to track where you go, what you do, and who you are with. Most of the data the government collects is about innocent people who are not suspected of any crimes. Yet the government collects that personal information - or accesses it directly from your internet or cell phone provider – and can keep it for years on end.  Technology has changed but your rights haven't.
  •  
    Privacy measures that the ACLU is pushing at the state level in Oregon. Links are to short summaries of legislation.
Paul Merrell

U.S. government reveals breadth of requests for Internet records | Reuters - 0 views

  • The Federal Bureau of Investigation has used a secretive authority to compel Internet and telecommunications firms to hand over customer data including an individual’s complete web browsing history and records of all online purchases, a court filing released Monday shows.The documents are believed to be the first time the government has provided details of its so-called national security letters, which are used by the FBI to conduct electronic surveillance without the need for court approval.The filing made public Monday was the result of an 11-year-old legal battle waged by Nicholas Merrill, founder of Calyx Internet Access, a hosted service provider, who refused to comply with a national security letter (NSL) he received in 2004. Merrill told Reuters the release was significant “because the public deserves to know how the government is gathering information without warrants on Americans who are not even suspected of a crime.”
  • National security letters have been available as a law enforcement tool since the 1970s, but their frequency and breadth expanded dramatically under the USA Patriot Act, which was passed shortly after the Sept. 11, 2001 attacks. They are almost always accompanied by an open-ended gag order barring companies from disclosing the contents of the demand for customer data.A federal court ruled earlier this year that the gag on Merrill’s NSL should be lifted. Merrill's challenge also disclosed that the FBI may use NSLs to gain IP addresses on everyone a suspect has corresponded with and cell-site location information. The FBI said in the court filings it no longer used NSLs for location information. The secretive orders have long drawn the ire of tech companies and privacy advocates, who argue NSLs allow the government to snoop on user content without appropriate judicial oversight or transparency.
  • Last year, the Obama administration announced it would permit Internet companies to disclose more about the number of NSLs they receive. But they can still only provide a range such as between 0 and 999 requests, or between 1,000 and 1,999. Twitter (TWTR.N) has sued in federal court seeking the ability to publish more details in its semi-annual transparency reports. Several thousand NSLs are now issued by the FBI every year, though the agency says it is unaware of the precise number. At one point that number eclipsed 50,000 letters annually. The FBI did not respond to a request for comment Monday.
Paul Merrell

Feds May Have To Reveal FISA Phone Records In Murder Case | Techdirt - 0 views

  • There's been a lot of focus elsewhere concerning the FISA rulings that were leaked, showing that the government is scooping up the details of pretty much every phone call. However, a case concerning some guys who were trying to rob an armored truck may lead to some interesting revelations related to what the government collects. Daryl Davis, Hasam Williams, Terrance Brown, Toriano Johnson, and Joseph K. Simmons were charged with trying to rob a bunch of armored Brink's trucks, in which one of the robberies went wrong and a Brink's employee was shot and killed. As part of the case against the group, the DOJ obtained call records. However, during discovery, the government refused to hand over call records for July of 2010, claiming that when they sought them from the telco, the DOJ was told that those records had been purged. Terrance Brown's lawyer is now claiming that since it appears the NSA has sucked up all of this data for quite some time, it would appear that the government should, in fact, already have the phone records from July 2010, which he argues would show that he was nowhere near the robbery when it happened. Defendant Brown urges that the records are important to his defense because cell-site records could be used to show that Brown was not in the vicinity of the attempted robbery that allegedly occurred in July 2010. And, relying on a June 5, 2013, Guardian newspaper article that published a FISA Court order relating to cellular telephone data collected by Verizon,1 Defendant Brown now suggests that the Government likely actually does possess the metadata relating to telephone calls made in July 2010 from the two numbers attributed to Defendant Brown.
  • The court agrees that, under the law, the government may need to produce those records. Here, Defendant asserts that, under Brady v. Maryland, 373 U.S. 83 (1963), due process requires the production of the July 2010 telephone records because they are anticipated to be exculpatory in that they are expected to show that Defendant Brown was not physically located at the scene of the alleged attempted Brink’s truck robbery in July 2010. In view of Defendant Brown’s Motion and the requirements of FISA, it is hereby ORDERED and ADJUDGED that the Government shall respond to Defendant Brown’s Motion and, if desired, shall file an affidavit of the Attorney General of the United States. That order was actually issued Monday, only giving the government until yesterday to comply. At the time of posting, the government's reply has not yet shown up in PACER, though it may pop up soon. I'm guessing that they'll try to either get some sort of extension or explain why those records are somehow inaccessible -- but it could get interesting.
  •  
    This is definitely one to watch. The Court's order is short but definitely enlightening. The defendant's trial is already under way, so the Court set a very short response time, and required the Feds to concurrently file the affidavit of the Attorney General if the Feds want to claim that disclosure would harm national security. She has also ordered that the Feds concurrently explain any belief that thre information was lawfully gathered, citing some specific portions of the FISA Act that are at the heart of the government's claim of right to compel telcos to disclose the information to the Feds.    Then the court decides whether the Feds must produce the records anyway. Tough position for the government because it would be extremely difficult to argue that the phone call metadata itself is classified, since they are by law "business records" of a private party, the telco.  And this sets the stage for a flood of habeas corpus petitions by persons already convicted seeking new trials with NSA surveillance records disclosed. Easiest way out for the Feds is to claim that the records do not exist, but someone will have to sign a statement under penalty of perjury file to that effect.  If the Court orders disclosure, the Feds have a right of immediate appeal. So this one could win up in the Supreme Court very quickly (days, not months). Reading the Court's order, the judge seems predisposed to order production of the records. So stay tuned to this channel. I'm reminded that about a week ago, an MSNBC reporter blogged that he didn't think that the PRISM story "has legs" that will keep it in the news very long. He was wrong. 
1 - 16 of 16
Showing 20 items per page