Group items tagged

The Department of Homeland Security aims to increase its domestic human intelligence collection activity this year, the Department recently told Congress. In a question for the record from a September 2014 congressional hearing, Rep. Paul C. Broun (R-GA) asked:  “Do we currently have enough human intelligence capacity–both here in the homeland and overseas–to counter the threats posed by state and non-state actors alike?” The Department replied, in a response published in the full hearing volume last month (at p. 64): “DHS is working on increasing its human intelligence-gathering capabilities at home and anticipates increasing its field collector/reporter personnel by 50 percent, from 19 to approximately 30, during the coming year.” “We are also training Intelligence Officers in State and major urban area fusion centers to do intelligence reporting. This will increase the human intelligence capability by additional 50–60 personnel.” The projected increase in DHS HUMINT collection activity was not specifically mentioned in the Department’s FY 2015 budget request.

Human intelligence collection in this context does not necessarily mean that the Department is running spies under cover. According to a 2009 report from the Congressional Research Service (footnote 38), “For purposes of DHS intelligence collection, HUMINT is used to refer to overt collection of information and intelligence from human sources. DHS does not, generally, engage in covert or clandestine HUMINT.” In any case, “The DHS Intelligence Enterprise has increased intelligence reporting, producing over 3,000 reports in fiscal year 2014,” DHS also told Rep. Broun. A June 2014 report from the Government Accountability Office found fault with some of that reporting, which is generated by the DHS Office of Intelligence and Analysis (I&A). “I&A customers had mixed views on the extent to which its analytic products and services are useful,” GAO found. See DHS Intelligence Analysis: Additional Actions Needed to Address Analytic Priorities and Workforce Challenges, GAO report GAO-14-397, June 2014. DHS concurred with the resulting GAO recommendations.

More than a month after Sen. Ron Wyden (D-Ore.) requested information about US Customs and Border Protection's practice of searching cell phones at US borders and airports, he's still waiting for answers—but he's not waiting to introduce legislation to end the practice. "It's very concerning that [the Department of Homeland Security] hasn't managed to answer my questions about the number of digital searches at the border, five weeks after I requested that basic information," Wyden, a leading congressional advocate for civil liberties and privacy, told Mother Jones on Tuesday through a spokesman. "If CBP were to undertake a system of indiscriminate digital searches, that would distract CBP from its core mission, dragging time and attention away from catching the bad guys." Wyden's request to DHS and CBP came on the heels of a February 18 report from the Associated Press of a "fivefold increase" in electronic media searches in fiscal year 2016 over the previous year, from fewer than 5,000 to nearly 24,000. It also followed Homeland Security Secretary John Kelly's suggestion that visitors from a select group of countries, mainly Muslim, might be required to hand over passwords to their social media accounts as a condition of entry. (That comment came a week after President Donald Trump first unveiled his executive order⁠ banning travel from seven majority-Muslim countries.) The Knight First Amendment Institute, which advocates for freedom of speech, sued DHS on Monday for records relating to the seizure of electronic devices at border checkpoints. Wyden requested similar data on CBP device searches and demands for travelers' passwords. "There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers," Wyden wrote in the February 20 letter to DHS and CBP. "By requesting a traveler's credentials and then directly accessing their data, CBP would be short-circuiting the vital checks and balances that exist in our current system." The senator wrote that the searches not only violate civil liberties but could reduce international business travel or force companies to outfit employees with "burner" laptops and mobile devices, "which some firms already use when employees visit nations like China."

"Folks are going to be less likely to travel freely to the US with the devices they need if they don't feel their sensitive business information is going to be safe at the border," Wyden said Tuesday, noting that CBP can copy the information it views on a device. "Then they can store that information and search it without a warrant." Wyden will soon introduce legislation to force law enforcement to obtain warrants before searching devices at the border. His bill would also prevent CBP from compelling travelers to reveal passwords to their accounts. A DHS spokesman said in a statement that "all travelers arriving to the US are subject to CBP inspection," which includes inspection of any electronic devices they may be carrying. Access to these devices, the spokesman said, helps CBP agents ascertain the identity and admissibility of people from other countries and "deter the entry of possible terrorists, terrorist weapons, controlled substances," and other prohibited items. "CBP electronic media searches," the spokesman said, "have resulted in arrests for child pornography, evidence helpful in combating terrorist activity, violations of export controls, convictions for intellectual property rights violations, and visa fraud discoveries." In a March 27 USA Today op-ed, Joseph B. Maher, DHS acting general counsel, compared device searches to searching luggage. "Just as Customs is charged with inspecting luggage, vehicles and cargo containers upon arrival to the USA, there are circumstances in this digital age when we must inspect an electronic device for violations of the law," Maher wrote.

But in a unanimous 2014 ruling, the Supreme Court found that police need warrants to search cell phones. Chief Justice John Roberts wrote in the opinion that cell phones are "such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy." In response to a Justice Department argument that cell phones were akin to wallets, purses, and address books, Roberts wrote: "That is like saying a ride on horseback is materially indistinguishable from a flight to the moon." The law, however, applies differently at the border because of the "border search doctrine," which has traditionally given law enforcement wider latitude under the Fourth Amendment to perform searches at borders and international airports. CBP says it keeps tight controls on its searches and is sensitive to personal privacy. Wyden isn't convinced. "Given Trump's worrying track record so far, and the ease with which CBP could change its guidelines, it's important we create common-sense statutory protections for Americans' liberty and security," he says.

Public Citizen Defends Merchant From Unconstitutional Interference by NSA, Department of Homeland Security In Lawsuit Filed Against Agencies, Public Citizen Argues That Attempts to Stop Production of Parody Merchandise Are Inconsistent With First Amendment BALTIMORE, Md. – A Minnesota activist who uses images and names of government agencies on satirical merchandise is entitled to do so under the First Amendment, Public Citizen argued in a lawsuit filed today against the National Security Agency (NSA) and the Department of Homeland Security (DHS) on behalf of the merchant. The suit, filed in the U.S. District Court for the District of Maryland, targets cease-and-desist letters sent to the merchant’s producer by the NSA and DHS. On his website LibertyManiacs.com, Sauk Rapids, Minn., resident Dan McCall sells T-shirts, hats, bumper stickers and other items with his designs, printed by Zazzle.com – for example, a mug with the NSA seal above the words “Spying On You Since 1952” and a parodied NSA seal that says “Peeping While You’re Sleeping” above the words “The NSA: The only part of government that actually listens.”

On March 15, 2011, Zazzle received a warning letter from the NSA, and on Aug 11, 2011, it received one from DHS. The NSA said that Zazzle, by selling the merchandise, was in violation of a provision of the National Security Agency Act of 1959 that prohibits the “use [of] the words ‘National Security Agency,’ the initials, ‘NSA,’ the seal of the National Security Agency, or any colorable imitation of such words … in connection with any merchandise, impersonation, solicitation, or commercial activity in a manner reasonably calculated to convey the impression that such use is approved, endorsed, or authorized by the National Security Agency” without the permission of the NSA. DHS said that Zazzle, by selling McCall’s DHS parody items, was in violation of a law making it a crime to “mutilate or alter the seal of any department or agency of the United States,” among other provisions. In the lawsuit filed in defense of McCall, Public Citizen points out that the graphics did not create any likelihood of confusion about source or sponsorship, and no reasonable person would believe that the agencies themselves produced merchandise with those messages. The complaint also asserts that the First Amendment protects McCall and Zazzle’s right to use the seals to accurately identify the agencies he is criticizing. “The agencies’ attempts to forbid McCall from displaying and selling his merchandise are inconsistent with the First Amendment,” said Paul Alan Levy, the Public Citizen attorney handling the case. “It’s bad enough that these agencies have us under constant surveillance; forbidding citizens from criticizing them is beyond the pale.”

Public Citizen is asking the court to declare that several provisions of the National Security Agency Act cannot be enforced to forbid McCall from displaying his merchandise, and that two other laws are unconstitutionally overbroad because they violate the First Amendment by saying no one can “mutilate or alter the seal of any department or agency of the United States.” McCall is now selling his merchandise at CafePress.com. See the full complaint for declaratory relief here.

The Senate Intelligence Committee recently introduced the Cybersecurity Information Sharing Act of 2014. It’s the fourth time in four years that Congress has tried to pass "cybersecurity" legislation. Unfortunately, the newest Senate bill is one of the worst yet. Cybersecurity bills aim to facilitate information sharing between companies and the government, but they always seem to come with broad immunity clauses for companies, vague definitions, and aggressive spying powers. Given such calculated violence to users' privacy rights, it’s no surprise that these bills fail every year. What is a surprise is that the bills keep coming back from the dead. Last year, President Obama signed Executive Order 13636 (EO 13636) directing the Department of Homeland Security (DHS) to expand current information sharing programs that are far more privacy protective than anything seen in recent cybersecurity bills. Despite this, members of Congress like Rep. Mike Rogers and Senator Dianne Feinstein keep on introducing bills that would destroy these privacy protections and grant new spying powers to companies.

Aside from its redundancy, the Senate's bill grants two new authorities to companies. First, the bill authorizes companies to launch countermeasures for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system. Combined, the two definitions could be read by companies to permit attacks on machines that unwittingly contribute to network congestion. The countermeasures clause will increasingly militarize the Internet—a prospect that may appeal to some "active defense" (aka offensive) cybersecurity companies, but does not favor the everyday user. Second, the bill adds a new authority for companies to monitor information systems to protect an entity's rights or property. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called “cyber threat indicators,” freely with government agencies like the NSA.

Such sharing will occur because under this bill, DHS would no longer be the lead agency making decisions about the cybersecurity information received, retained, or shared to companies or within the government. Its new role in the bill mandates DHS send information to agencies like the NSA—"in real-time and simultaneous[ly]." DHS is even barred from "delay[ing]" or "interfer[ing]" with the information, which ensures that DHS's current privacy protections won’t be applied to the information. The provision is ripe for improper and over-expansive information sharing. This leads to a question: What stops your sensitive personal information from being shared by companies to the government? Almost nothing. Companies must only remove personally identifiable information if the information is known to be US person information and not directly related to the threat. Such a willful blindness approach is inappropriate. Further, the bill does not even impose this weak minimization requirement on information shared by, and within, the government (including federal, state, local, and tribal governments) thereby allowing the government to share information containing personally identifiable information. The bill should require deletion of all information not directly related to a threat.

In a major scoop said to put a “stake in the heart of the Muslim ban,” MSNBC‘s Rachel Maddow reported Thursday evening on a new leaked Department of Homeland Security (DHS) analysis which essentially shreds the Trump administration’s rationale for banning travel from seven Muslim-majority nations. The document, prepared by DHS’ internal intelligence agency, the Office of Intelligence and Analysis, concludes that the majority of foreign-born, U.S.-based violent extremists were radicalized several years after their entry into the U.S.

The Washington Post‘s Greg Sargent on Friday suggested that the leaked analysis could be part of the “real reason for the delay,” rather than the stated reason of not wanting to sully the warm reception received by the president after his joint-session speech Tuesday evening. “The Trump administration can’t solve the problem that has always bedeviled this policy, which is that there isn’t any credible national security rationale for it,” he wrote. “Unlike on the campaign trail, when you’re governing, you actually have to have justification for what you’re proposing, or you often run into trouble.” Similarly, Maddow observed that “they really do have a problem here,” pointing to the document’s key finding, which states that “most foreign-born, U.S.-based violent extremists are likely radicalized several years after their entry to the United States, limiting the ability of screening and vetting officials to prevent their entry because of national security concerns.” “The national security justification for this whole ban—this setting up of extreme vetting—is bull-pucky,” Maddow said. “There’s nothing they can set up at the border to tell you years down the road who might become…a radical and violent person years from now.” This latest leak follows the release of another DHS analysis last week that similarly undermined the Trump administration’s claim that people traveling from Syria, Iran, Iraq, Yemen, Sudan, Libya, and Somalia pose a severe threat to the United States. That document, obtained by the Associated Press, concluded that “citizenship is an ‘unlikely indicator’ of terrorism threats to the United States and that few people from the countries Trump listed in his travel ban have carried out attacks or been involved in terrorism-related activities in the U.S. since Syria’s civil war started in 2011,” as AP reported. Taken together, the two documents throw cold water on most of the administration’s stated justification for the pending executive order.

This month, the United States District Court for the District of Columbia ruled that the Department of Homeland Security must make its plan to shut off the Internet and cellphone communications available to the American public. You, of course, may now be thinking: What plan?! Though President Barack Obama swiftly disapproved of ousted Egyptian President Hosni Mubarak turning off the Internet in his country (to quell widespread civil disobedience) in 2011, the US government has the authority to do the same sort of thing, under a plan that was devised during the George W. Bush administration. Many details of the government’s controversial “kill switch” authority have been classified, such as the conditions under which it can be implemented and how the switch can be used. But thanks to a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center (EPIC), DHS has to reveal those details by December 12 — or mount an appeal. (The smart betting is on an appeal, since DHS has fought to release this information so far.) Yet here’s what we do know about the government’s “kill switch” plan:

What are the constitutional problems? Civil liberties advocates argue that kill switches violate the First Amendment and pose a problem because they aren’t subject to rigorous judicial and congressional oversight. “There is no court in the loop at all, at any stage in the SOP 303 process,” according to the Center for Democracy and Technology. ”The executive branch, untethered by the checks and balances of court oversight, clear instruction from Congress, or transparency to the public, is free to act as it will and in secret.” David Jacobs of EPIC says, “Cutting off communications imposes a prior restraint on speech, so the First Amendment imposes the strictest of limitations…We don’t know how DHS thinks [the kill switch] is consistent with the First Amendment.” He adds, “Such a policy, unbounded by clear rules and oversight, just invites abuse.”

Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws. The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors' Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12. "The Justice Department is helping private companies evade federal wiretap laws," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. "Alarm bells should be going off." Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.

The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as "2511 letters," a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books. The Wiretap Act limits the ability of Internet providers to eavesdrop on network traffic except when monitoring is a "necessary incident" to providing the service or it takes place with a user's "lawful consent." An industry representative told CNET the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It's not clear how many 2511 letters were issued by the Justice Department. In 2011, Deputy Secretary of Defense William Lynn publicly disclosed the existence of the original project, called the DIB Cyber Pilot, which used login banners to inform network users that monitoring was taking place. In May 2012, the pilot was turned into an ongoing program -- broader but still voluntary -- by the name of Joint Cybersecurity Services Pilot, with the Department of Homeland Security becoming involved for the first time. It was renamed again to Enhanced Cybersecurity Services program in January, and is currently being expanded to all types of companies operating critical infrastructure.

Another e-mail message from a Justice Department attorney wondered: "Will the program cover all parts of the company network -- including say day care centers (as mentioned as a question in a [deputies committee meeting]) and what are the policy implications of this?" The deputies committee includes the deputy secretary of defense, the deputy director of national intelligence, the deputy attorney general, and the vice chairman of the Joint Chiefs of Staff. "These agencies are clearly seeking authority to receive a large amount of information, including personal information, from private Internet networks," says EPIC staff attorney Amie Stepanovich, who filed a lawsuit against Homeland Security in March 2012 seeking documents relating to the program under the Freedom of Information Act. "If this program was broadly deployed, it would raise serious questions about government cybersecurity practices." In January, the Department of Homeland Security's privacy office published a privacy analysis (PDF) of the program saying that users of the networks of companies participating in the program will see "an electronic login banner [saying] information and data on the network may be monitored or disclosed to third parties, and/or that the network users' communications on the network are not private."

If anyone in the United States Senate had any doubts that the proposed Cyber Information Sharing Act (CISA) was universally hated by a range of civil society groups, a literal blizzard of faxes should’ve cleared up the issue by now. What’s not getting attention is a CISA “alternative” introduced last week by Sens. Mark Warner (D-Va) and Susan Collins (R-Me). Dubbed the “FISMA Reform Act,” the authors make the following claims about the bill:  This legislation would allow the Secretary of Homeland Security to operate intrusion detection and prevention capabilities on all federal agencies on the .gov domain. The bipartisan bill would also direct the Secretary of Homeland Security to conduct risk assessments of any network within the government domain. The bill would allow the Secretary of Homeland Security to operate defensive countermeasures on these networks once a cyber threat has been detected. The legislation would strengthen and streamline the authority Congress gave to DHS last year to issue binding operational directives to federal agencies, especially to respond to substantial cyber security threats in emergency circumstances.

The bill would require the Office of Management and Budget to report to Congress annually on the extent to which OMB has exercised its existing authority to enforce government wide cyber security standards. On the surface, it actually sounds like a rational response to the disastrous OPM hack. Unfortunately, the Warner-Collins bill has some vague or problematic language and non-existent definitions that make it potentially just as dangerous for data security and privacy as CISA. The bill would allow the Secretary of Homeland Security to carry out cyber security activities “in conjunction with other agencies and the private sector” [for] “assessing and fostering the development of information security technologies and capabilities for use across multiple agencies.” While the phrase “information sharing” is not present in this subsection, “security technologies and capabilities” is more than broad — and vague — enough to allow it.

The bill would also allow the secretary to “acquire, intercept, retain, use, and disclose communications and other system traffic that are transiting to or from or stored on agency information systems and deploy countermeasures with regard to the communications and system traffic.”

The ability to travel in the United States is about to become more restrictive as the TSA announces it will soon be enforcing new identification standards in American airports. Beginning in 2016, passengers attempting to pass through a federal TSA checkpoint will be subject to the requirements of the REAL ID Act. To that end, the TSA will put higher scrutiny on travelers’ identities, and will only accept a federal passport or a “REAL-ID” card, which is issued by the states to meet federal requirements. Passengers will not be allowed to fly through an American airport without submitting to the advanced federal specifications. Both federal passports and REAL-ID cards require a number of unique personal identifiers to be stored together in government databases, including his or her full name, date of birth, Social Security Number, scanned signature, and other identifiers. Both cards require biometric data: a front-facing digital photograph of the passenger’s face, which is ultimately used with a facial recognition database.

The enhanced security measures stem from the passage of the REAL ID Act of 2005, a U.S. law enacted by President Bush that states that a Federal agency may not accept state-issued identification cards without complying with a number of enhanced standards of the REAL ID Act. The states were given a number of years to comply, and many moved to pass their own laws to meet the benchmarks of the REAL ID Act. Due to some sluggish response, DHS extended the compliance deadline several times. Unfortunately, most states were all too willing to bend to the requirements of the federal government in order to obtain “state certifications” of compliance. To signify their compliance with the federal standards, many states are now issuing identity cards emblazoned with gold stars in the corner.

According to the Department of Homeland Security, only Arizona, Idaho, Louisiana, Maine, Minnesota, New Hampshire, New York, and American Samoa have not met REAL ID standards as of January 2015. By DHS estimates, 70%-80% of all U.S. drivers are already carrying around REAL ID cards or live in states that have received extensions for compliance. Some states have even gone as far as to require the applicant to present birth certificates, W-2 tax forms, bank statements, and/or pay stubs to verify one’s identity before handing out the new REAL-ID cards. Some cards have RFID chips embedded in them. Among the 39 benchmarks of the REAL ID Act, state ID cards have to be scannable with a bar code reader, and the states are required to share access to an electronic database with all other states.

The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians. The source of the data is not named in the contract, but an ICE representative said the data came from Vigilant Solutions, the leading network for license plate recognition data. “Like most other law enforcement agencies, ICE uses information obtained from license plate readers as one tool in support of its investigations,” spokesperson Dani Bennett said in a statement. “ICE is not seeking to build a license plate reader database, and will not collect nor contribute any data to a national public or private database through this contract.”

While it collects few photos itself, Vigilant Solutions has amassed a database of more than 2 billion license plate photos by ingesting data from partners like vehicle repossession agencies and other private groups. Vigilant also partners with local law enforcement agencies, often collecting even more data from camera-equipped police cars. The result is a massive vehicle-tracking network generating as many as 100 million sightings per month, each tagged with a date, time, and GPS coordinates of the sighting.

ICE agents would be able to query that database in two ways. A historical search would turn up every place a given license plate has been spotted in the last five years, a detailed record of the target’s movements. That data could be used to find a given subject’s residence or even identify associates if a given car is regularly spotted in a specific parking lot. “Knowing the previous locations of a vehicle can help determine the whereabouts of subjects of criminal investigations or priority aliens to facilitate their interdiction and removal,” an official privacy assessment explains. “In some cases, when other leads have gone cold, the availability of commercial LPR data may be the only viable way to find a subject.” ICE agents can also receive instantaneous email alerts whenever a new record of a particular plate is found — a system known internally as a “hot list.” (The same alerts can also be funneled to the Vigilant’s iOS app.) According to the privacy assessment, as many as 2,500 license plates could be uploaded to the hot list in a single batch, although the assessment does not detail how often new batches can be added. With sightings flooding in from police dashcams and stationary readers on bridges and toll booths, it would be hard for anyone on the list to stay unnoticed for long. Those powers are particularly troubling given ICE’s recent move to expand deportations beyond criminal offenders, fueling concerns of politically motivated enforcement. In California, state officials have braced for rumored deportation sweeps targeted at sanctuary cities. In New York, community leaders say they’ve been specifically targeted for deportation as a result of their activism. With automated license plate recognition, that targeting would only grow more powerful. For civil liberties groups, the implications go far beyond immigration.

New documents prove what was once dismissed as paranoid fantasy: totally integrated corporate-state repression of dissent

It was more sophisticated than we had imagined: new documents show that the violent crackdown on Occupy last fall – so mystifying at the time – was not just coordinated at the level of the FBI, the Department of Homeland Security, and local police. The crackdown, which involved, as you may recall, violent arrests, group disruption, canister missiles to the skulls of protesters, people held in handcuffs so tight they were injured, people held in bondage till they were forced to wet or soil themselves –was coordinated with the big banks themselves. The Partnership for Civil Justice Fund, in a groundbreaking scoop that should once more shame major US media outlets (why are nonprofits now some of the only entities in America left breaking major civil liberties news?), filed this request. The document – reproduced here in an easily searchable format – shows a terrifying network of coordinated DHS, FBI, police, regional fusion center, and private-sector activity so completely merged into one another that the monstrous whole is, in fact, one entity: in some cases, bearing a single name, the Domestic Security Alliance Council. And it reveals this merged entity to have one centrally planned, locally executed mission. The documents, in short, show the cops and DHS working for and with banks to target, arrest, and politically disable peaceful American citizens.

As Mara Verheyden-Hilliard, executive director of the PCJF, put it, the documents show that from the start, the FBI – though it acknowledges Occupy movement as being, in fact, a peaceful organization – nonetheless designated OWS repeatedly as a "terrorist threat"

“The NMS also collects information about every Wi‐Fi client accessing the network, including its MAC address, IP address, signal intensity, data rate and traffic status,” the document reads. “Additional NMS features include a fault management system for issuing alarms and logging events according to a set of customizable filtering rules, along with centralized and version‐controlled remote updating of the Aruba Mesh Operating System software.”

it’s rare that we ever get a glimpse of how our expanding secret state really works.  But every now and then, a single case can suddenly illuminate an otherwise dark landscape.  Such is Rahinah Ibrahim's case, carefully laid out by TomDispatch regular Peter Van Buren today.  It should chill you to the bone.

Whatever happened to honor among thieves? When the National Security Agency was caught eavesdropping on German Chancellor Angela Merkel’s cell phone, it was considered a rude way to treat a friend. Now U.S. intelligence officials are saying—albeit very quietly, behind closed doors on Capitol Hill—that our Israeli “friends” have gone too far with their spying operations here. According to classified briefings on legislation that would lower visa restrictions on Israeli citizens, Jerusalem’s efforts to steal U.S. secrets under the cover of trade missions and joint defense technology contracts have “crossed red lines.”  Israel’s espionage activities in America are unrivaled and unseemly, counterspies have told members of the House Judiciary and Foreign Affairs committees, going far beyond activities by other close allies, such as Germany, France, the U.K. and Japan. A congressional staffer familiar with a briefing last January called the testimony “very sobering…alarming…even terrifying.” Another staffer called it “damaging.”  The Jewish state’s primary target: America’s industrial and technical secrets. 

“No other country close to the United States continues to cross the line on espionage like the Israelis do,” said a former congressional staffer who attended another classified briefing in late 2013, one of several in recent months given by officials from the Department of Homeland Security (DHS), the State Department, the FBI and the National Counterintelligence Directorate. 

“I don’t think anyone was surprised by these revelations,” the former aide said. “But when you step back and hear…that there are no other countries taking advantage of our security relationship the way the Israelis are for espionage purposes, it is quite shocking. I mean, it shouldn’t be lost on anyone that after all the hand-wringing over [Jonathan] Pollard, it’s still going on.” Israel and pro-Israel groups in America have long lobbied U.S. administrations to free Pollard, a former U.S. naval intelligence analyst serving a life sentence since 1987 for stealing tens of thousands of secrets for Israel. (U.S. counterintelligence officials suspect that Israel traded some of the Cold War-era information to Moscow in exchange for the emigration of Russian Jews.) After denying for over a decade that Pollard was its paid agent, Israel apologized and promised not to spy on U.S. soil again. Since then, more Israeli spies have been arrested and convicted by U.S. courts. 

Imagine you are the target of a phishing attack: Someone sends you an email attachment containing malware. Your email service provider shares the attachment with the government, so that others can configure their computer systems to spot similar attacks. The next day, your provider gets a call. It’s the Department of Homeland Security (DHS), and they’re curious. The malware appears to be from Turkey. Why, DHS wants to know, might someone in Turkey be interested in attacking you? So, would your email company please share all your emails with the government? Knowing more about you, investigators might better understand the attack. Normally, your email provider wouldn’t be allowed to give this information over without your consent or a search warrant. But that could soon change. The Senate may soon make another attempt at passing the Cybersecurity Information Sharing Act, a bill that would waive privacy laws in the name of cybersecurity. In April, the US House of Representatives passed by strong majorities two similar “cyber threat” information sharing bills. These bills grant companies immunity for giving DHS information about network attacks, attackers, and online crimes.

Sharing information about security vulnerabilities is a good idea. Shared vulnerability data empowers other system operators to check and see if they, too, have been attacked, and also to guard against being similarly attacked in the future. I’ve spent most of my career fighting for researchers’ rights to share this kind of information against threats from companies that didn’t want their customers to know their products were flawed. But, these bills gut legal protections against government fishing expeditions exactly at a time when individuals and Internet companies need privacy laws to get stronger, not weaker. 

Worse, the bills aren’t needed. Private companies share threat data with each other, and even with the government, all the time. The threat data that security professionals use to protect networks from future attacks is a far more narrow category of information than those included in the bills being considered by Congress, and will only rarely contain private information. And none of the recent cyberattacks — not Sony, not Target, and not the devastating grab of sensitive background check interviews on government employees at the Office of Personnel Management — would have been mitigated by these bills.

In a new court filing, the Department of Justice revealed that it kept a secret database of telephone metadata—with one party in the United States and another abroad—that ended in 2013. The three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use "administrative subpoenas" to obtain business records and other "tangible things." The affidavit does not specify which countries records were included, but specifically does mention Iran. This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013.

The criminal case involves an Iranian-American man named Shantia Hassanshahi, who is accused of violating the American trade embargo against Iran. His lawyer, Mir Saied Kashani, told Ars that the government has clearly abused its authority. "They’ve converted this from a war on drugs to a war on privacy," he said. "[Hassanshahi] is not accused of any drug crime but they used this drug enforcement information to gather information against him, that's contrary to the law, and we will revisit that. We will bring motions in the court and we will appeal if necessary." Neither the DEA nor the Department of Justice immediately responded to Ars' query as to whether this program is continuing under a different authority.

The story begins in 2011, when a Department of Homeland Security (DHS) agent received a tip about someone who might be in violation of American sanctions against Iran. The source provided an e-mail from an Iranian businessman, Manoucher Sheiki, who was involved in acquiring power grid equipment. A second Homeland Security agent, Joshua Akronowitz, wrote in a 2013 affidavit that he searched Sheiki’s Iranian phone number in this database, but declined to explain exactly what kind of database it was. Akronowitz found that the Iranian number came up exactly one time in the database, and was linked to an 818 number, based in Los Angeles County. That number turned out to be the Google Voice number of Hassanshahi. DHS then subpoenaed Google, and got Hassanshahi’s call log and later, metadata on his Gmail account. By early 2012, the agency found out that he was set to return to Los Angeles from Iran. At LAX Airport, customs agents seized his phone, laptop, thumb drives, camcorder, and SIM cards and sent them to Homeland Security. Last year, Kashani, Hassanshahi’s lawyer, argued that this evidence should be suppressed on account that it was the "fruit of the poisonous tree"—obtained via illicit means. In support of his arguments, Kashani cited an important ongoing NSA-related lawsuit, Klayman v. Obama, which remains the only instance where a judge has order the NSA metadata program to be shut down—that order was stayed pending an appeal. (Earlier this month, Ars explored Klayman and other pending notable surveillance cases.)

President Obama plans to announce legislation Tuesday that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyber­attacks. On the heels of a destructive attack at Sony Pictures Entertainment and major breaches at JPMorgan Chase and retail chains, Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said. “He’s been doing everything he can within his executive authority to move the ball on this,” said a senior administration official who spoke on the condition of anonymity to discuss legislation that has not yet been released. “We’ve got to get something in place that allows both industry and government to work more closely together.”

The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against ­cyberattacks and to give law enforcement greater authority to combat cybercrime. The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said. Some analysts questioned the need for such legislation, saying there are adequate measures in place to enable sharing between companies and the government and among companies.

“We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.” The administration official disagreed. The lack of such immunity is what prevents many companies from greater sharing of data with the government, the official said. “We have heard that time and time again,” the official said. The proposal, which builds on a 2011 administration bill, grants liability protection to companies that provide indicators of cyberattacks and threats to the Department of Homeland Security.

If you’re reading this, you probably follow the news. So you’ve probably heard of the latest iteration of the “crisis at the border”: tens of thousands of children, many of them unaccompanied by an adult, crossing the desert from Mexico into the United States, where they surrender to the Border Patrol in hope of being allowed to remain here permanently. Immigration and Customs Enforcement’s detention and hearing system has been overwhelmed by the surge of children and, in some cases, their parents. The Obama Administration has asked Congress to approve new funding to speed up processing and deportations of these illegal immigrants. Even if you’ve followed this story closely, you probably haven’t heard the depressing backstory — the reason so many Central Americans are sending their children on a dangerous thousand-mile journey up the spine of Mexico, where they ride atop freight trains, endure shakedowns by corrupt police and face rapists, bandits and other predators. (For a sense of what it’s like, check out the excellent 2009 film “Sin Nombre.”) NPR and other mainstream news outlets are parroting the White House, which blames unscrupulous “coyotes” (human smugglers) for “lying to parents, telling them that if they put their kids in the hands of traffickers and get to the United States that they will be able to stay.” True: the coyotes are saying that in order to gin up business. Also true: U.S. law has changed, and many of these kids have a strong legal case for asylum. Unfortunately, U.S. officials are ignoring the law.

The sad truth is that this “crisis at the border” is yet another example of “blowback.” Blowback is an unintended negative consequence of U.S. political, military and/or economic intervention overseas — when something we did in the past comes back to bite us in the ass. 9/11 is the classic example; arming and funding radical Islamists in the Middle East and South Asia who were less grateful for our help than angry at the U.S.’ simultaneous backing for oppressive governments (The House of Saud, Saddam, Assad, etc.) in the region. More recent cases include U.S. support for Islamist insurgents in Libya and Syria, which destabilized both countries and led to the murders of U.S. consular officials in Benghazi, and the rise of ISIS, the guerilla army that imperils the U.S.-backed Maliki regime in Baghdad, respectively. Confusing the issue for casual American news consumers is that the current border crisis doesn’t involve the usual Mexicans traveling north in search of work. Instead, we’re talking about people from Central American nations devastated by a century of American colonialism and imperialism, much of that intervention surprisingly recent. Central American refugees are merely transiting through Mexico.

“The unaccompanied children crossing the border into the United States are leaving behind mainly three Central American countries, Honduras, El Salvador and Guatemala. The first two are among the world’s most violent and all three have deep poverty, according to a Pew Research report based on Department of Homeland Security (DHS) information,” reports NBC News. “El Salvador ranked second in terms of homicides in Latin America in 2011, and it is still high on the list. Honduras, Guatemala and El Salvador are among the poorest nations in Latin America. Thirty percent of Hondurans, 17 percent of Salvadorans and 26 percent of Guatemalans live on less than $2 a day.” The fact that Honduras is the biggest source of the exodus jumped out at me. That’s because, in 2009, the United States government — under President Obama — tacitly supported a military coup that overthrew the democratically elected president of Honduras. “Washington has a very close relationship with the Honduran military, which goes back decades,” The Guardian noted at the time. “During the 1980s, the US used bases in Honduras to train and arm the Contras, Nicaraguan paramilitaries who became known for their atrocities in their war against the Sandinista government in neighbouring Nicaragua.”

Uncle Sam’s Databases of Suspicion A Shadow Form of National ID

We do know that the nation’s domestic-intelligence network is massive, including at least 59 federal agencies, over 300 Defense Department units, and approximately 78 state-based fusion centers, as well as the multitude of law enforcement agencies they serve. We also know that local law enforcement agencies have themselves raised concerns about the system’s lack of privacy protections.

The SAR database is part of an ever-expanding domestic surveillance system established after 9/11 to gather intelligence on potential terrorism threats. At an abstract level, such a system may seem sensible: far better to prevent terrorism before it happens than to investigate and prosecute after a tragedy. Based on that reasoning, the government exhorts Americans to “see something, say something” -- the SAR program’s slogan. Indeed, just this week at a conference in New York City, FBI Director James Comey asked the public to report any suspicions they have to authorities. “When the hair on the back of your neck stands, listen to that instinct and just tell somebody,” said Comey. And seeking to reassure those who do not want to get their fellow Americans in trouble based on instinct alone, the FBI director added, “We investigate in secret for a very good reason, we don't want to smear innocent people.”