Posts

Thursday: Move

/10 Comments/in , , , /by

Need something easy on the nerves today, something mellow, and yet something that won’t let a listener off too lightly. Guess for today that’s John Legend’s Tiny Desk Concert.

I promised reindeer tales today, haven’t forgotten.

From Anthrax to Zombies

  • First outbreak in 75 years forces evacuation of reindeer herders (The Siberian Times) — The last outbreak in the Siberian tundra was in 1941; news of this outbreak broke across mainstream media this past week, with some outlets referring to it as a “zombie” infection since it came back from dormancy, likely rising from a long-dead human or animal corpse.
  • Infected reindeer corpses to be collected and destroyed (The Barent Observer) — A lot of odd details about anthrax and its history pop up as the outbreak evolves. Like the mortality rate for skin anthrax (24%) and the alleged leak of anthrax from a Soviet bio-warfare lab in 1979. Reindeer deaths were blamed initially on unusually warm weather (~30C); the same unusually warm weather may have encouraged the release of long-dormant anthrax from the tundra.
  • Siberian outbreak may have started five weeks earlier (The Siberian Times) — Russia’s Federal Service for Veterinary and Phytosanitary Surveillance senior official is angry about the slow response to the first diagnosis; the affected region does not have strong veterinary service, and it took a herder four days’ walk across the tundra to inform authorities about an infection due to a lack of communications technology. The situation must be serious as the Health Minister Veronika Skvortsova has now been vaccinated against anthrax. Reports as of yesterday indicate 90 people have been hospitalized, 23 of which have been diagnosed with anthrax, and one child died. The form most appear infected with is intestinal; its mortality rate is a little over 50%. Infection is blamed on anthrax-contaminated meat; shipment of meat from the area is now banned. Russian bio-warfare troops have established a clean camp for the evacuated herder families until the reindeer corpses have been disposed of and inoculations distributed across the area’s population.
  • Important: keep in mind this Siberian outbreak may be unusual for its location, but not across the globe. In the last quarter there have been small anthrax outbreaks in Indonesia, Kazakhstan, Kenya, Bangladesh, and Bulgaria. Just search under Google News for “anthrax” stories over the last year.
  • Coincidentally, anthrax drug maker filed and received FDA’s ‘orphan status’ (GlobeNewsWire) — There have been so few orders for anthrax prophylaxis vaccine BioThrax that specialty biopharmaceutical company Emergent BioSolutions requested ‘orphan status’ from the FDA, granted to special therapies for rare conditions affecting less than 200,000 persons in the U.S. The status was awarded mid-June.
  • Investor sues anthrax drug maker for misleading expectations (Washington Business Journal) — Suit filed against the company and executives claims Emergent BioSolutions mislead investors into thinking the company would sell as many doses of BioThrax to the U.S. government during the next five years as the preceding five years. On the face of it, investor appears to expect Emergent BioSolutions to predict both actual vaccine demand in advance along with government funding (hello, GOP-led Congress?) and other new competitors in the same marketspace. Seems a bit much to me, like the investor feels entitled to profits without risk. Maybe they’ll get lucky and climate change will increase likelihood of anthrax infections — cha-ching.
  • Another coincidence: Last Friday marked 8 years since anthrax researcher Bruce Ivin’s death (Tulsa World) — And this coming Saturday marks six years since the FBI released its report on the anthrax attacks it blamed on Ivins.

Cybernia

  • Facebook let police shut down feed from negotiations resulting in another civilian-death-by-cop (The Mary Sue) –Yeah, we wouldn’t want to let the public see the police use deadly force against an African American mother and her five-year-old child instead of talking and waiting them out of the situation as they do so many white men in armed confrontations. And now police blame Instagram for her death. Since when does using Instagram come with an automatic death warrant?
  • Can GPS location signals be spoofed? Yep. (IEEE) — It’s possible the U.S. Navy patrol boats caught in Iran’s waters may have relied on spoofed GPS; we don’t know yet as the “misnavigating” incident is still under investigation. This article does a nice job explaining GPS spoofing, but it leaves us with a mystery. GPS signals are generated in civilian and military formats, the first is unencrypted and the second encrypted. If the “misnavigated” patrol boats captured by Iran in January were sent spoofed GPS location data, does this mean U.S. military encryption was broken? The piece also ask about reliability of GPS given spoofing when it comes to self-driving, self-navigating cars. Oh hell no.
  • Security firm F-Secure releases paper on trojan targeting entities involved in South China Sea dispute (F-Secure) — The Remote Access Trojan (RAT) has been called NanHaiShu, which means South China Sea Rat. The RAT, containing a VBA macro that executes an embedded JScript file, was spread via email messages using industry-specific terms. The targets were deliberately selected for spearfishing as the senders knew the users did not lock down Microsoft Office’s default security setting to prevent macro execution. The malware had been in the wild for about two years, but its activity synced with events related to the South China Sea dispute.

Tomorrow’s Friday, which means jazz. Guess I’d better start poking around in my files for something good. Catch you later!

Big Brother Works Both Sides of the Atlantic

/11 Comments/in , /by

I was rather surprised that there seemed to be more outrage Sunday about the UK’s announced plan to roll out the same ability to monitor everyone’s online activity that the US set up after 9/11 then over Eric Lichtblau’s report–based on the ACLU’s FOIA efforts–revealing that cops all over the country are using our smart phones to spy on us.

At least from the published reports, it sounds like the Brits want to be able to do through GCHQ what NSA and FBI have been doing with hoovered telecom records for years.

A new law – which may be announced in the forthcoming Queen’s Speech in May – would not allow GCHQ to access the content of emails, calls or messages without a warrant.

But it would enable intelligence officers to identify who an individual or group is in contact with, how often and for how long. They would also be able to see which websites someone had visited.

[snip]

“What this is talking about doing is not focusing on terrorists or criminals, it’s absolutely everybody’s emails, phone calls, web access…” he told the BBC.

“All that’s got to be recorded for two years and the government will be able to get at it with no by your leave from anybody.”

He said that until now anyone wishing to monitor communications had been required to gain permission from a magistrate.

Plus, such plans will likely face more of a hurdle in Parliament than such schemes to expand surveillance face in Congress.

Meanwhile, the materials collected from all over the country via ACLU’s state affiliates show that local police are using some of the same approaches–things like communities of interest–that our massive data collection supports.

And as ACLU’s summary makes clear that not just the Feds using Secret PATRIOT, but local cops, are using cell phones to track people with no warrants.

Most law enforcement agencies do not obtain a warrant to track cell phones, but some do, and the legal standards used vary widely. Some police departments protect privacy by obtaining a warrant based upon probable cause when tracking cell phones. For example, police in the County of Hawaii, Wichita, and Lexington, Ky. demonstrate probable cause and obtain a warrant when tracking cell phones. If these police departments can protect both public safety and privacy by meeting the warrant and probable cause requirements, then surely other agencies can as well.

Unfortunately, other departments do not always demonstrate probable cause and obtain a warrant when tracking cell phones. For example, police in Lincoln, Neb. obtain even GPS location data, which is more precise than cell tower location information, on telephones without demonstrating probable cause. Police in Wilson County, N.C. obtain historical cell tracking data where it is “relevant and material” to an ongoing investigation, a standard lower than probable cause.

Read more

FBI Admits It Used GPS Tracking on 250 People without Probable Cause

/14 Comments/in , /by

NPR’s Carrie Johnson puts together the numbers on how many GPS trackers the FBI had to get warrants for after US v Jones held that you need a warrant to attach a GPS tracker to a car. And while she doesn’t state it this way, what the FBI basically admitted is that in 250 of the 3,000 cases where they had GPS units activated but no warrant–over 8% of the GPS devices in question–they lacked probable cause.

Before the Supreme Court ruling in late January, the FBI had about 3,000 GPS tracking devices in the field.

Government lawyers scrambled to get search warrants for weeks before the decision, working to convince judges they had probable cause to believe crimes were taking place.

But after the ruling, FBI officials tell NPR, agents still had to turn off 250 devices that they couldn’t turn back on.

FBI General Counsel Andrew Weissmann even admits to Johnson that they were using GPS tracking to get probable cause.

Weissmann says FBI agents in the field need clear rules. So, for now, he’s telling agents who are in doubt “to obtain a warrant to protect your investigation.”

But he says that’s not always possible.

“And the problem with that is that a search warrant requires probable cause to be shown and many of these techniques are things that you use in order to establish probable cause,” Weissmann says. “If you require probable cause for every technique, then you are making it very very hard for law enforcement.”

Now, I can understand why Weissmann and Robert Mueller would like to use GPS in the examples Mueller cited–where they have things like Internet statements and gun purchases.

But last I checked both of those things were constitutionally protected activities themselves.

So what the FBI’s reaction to Jones has really revealed is that it had been violating the Fourth Amendment protections of around 250 people to get around their First and Second Amendment protections.

Will SCOTUS Invent a “Database-and-Mining” Exception to the Fourth Amendment?

/7 Comments/in /by

As I noted yesterday, the Administration appealed the 2nd Circuit Decision granting review of the FISA Amendments Act to the Supreme Court last week. I wanted to talk about their argument in more detail here.

Over at Lawfare, Steve Vladeck noted that this case would likely decide whether and what the “foreign intelligence surveillance” exception to the Fourth Amendment, akin to “special needs” exceptions like border searches and drug testing.

Third, if the Court affirms (or denies certiorari), this case could very well finally settle the question whether the Fourth Amendment’s Warrant Clause includes a “foreign intelligence surveillance exception,” as the FISA Court of Review held in the In re Directives decision in 2008. That’s because on the merits, 50 U.S.C. § 1881a(b)(5) mandates that the authorized surveillance “shall be conducted in a manner consistent with the fourth amendment to the Constitution of the United States.” Thus, although it is hard to see how surveillance under § 1881a could violate the Fourth Amendment, explication of the (as yet unclear) Fourth Amendment principles that govern in such cases would necessarily circumscribe the government’s authority under this provision going forward (especially if In re Directives is not followed…).

I would go further and say that this case will determine whether there is what I’ll call a database-and-mining exception allowing the government to collect domestic data to which no reasonable suspicion attaches, store it, data mine it, and based on the results of that data mining use the data itself to establish cause for further surveillance. Thus, it will have an impact not just for this warrantless wiretapping application, but also for things like Secret PATRIOT, in which the government is collecting US person geolocation data in an effort to be able to pinpoint the locations of alleged terrorists, not to mention the more general databases collecting things like who buys hydrogen peroxide.

I make a distinction between foreign intelligence surveillance and “database-and-mining” exceptions because the government is, in fact, conducting domestic surveillance under these programs and using it to collect intelligence on US persons (indeed, when asked about Secret PATRIOT earlier this month, James Clapper invoked “foreign or domestic” intelligence in the context of Secret PATRIOT). The government has managed to hide that fact thus far by blatantly misleading the FISA Court of Review in In re Directives and doing so (to a lesser degree) here.

In In re Directives, the government misled the court in two ways. First, according to Russ Feingold, the government didn’t reveal (and the company challenging the order didn’t have access to) information about how the targeting is used. The amendments he tried to pass–and which Mike McConnell and Michael Mukasey issued veto threats in response to–suggest some of the problems Feingold foresaw and the intelligence community refused to fix: reverse targeting, inclusion of US person data in larger data mining samples, and the retention and use of improperly collected information.

The government even more blatantly misled the FISCR with regards to what it did with US person data.

The petitioner’s concern with incidental collections is overblown. It is settled beyond peradventure that incidental collections occurring as a result of constitutionally permissible acquisitions to not render those acquisitions unlawful.9 [citations omitted] The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.

9 The petitioner has not charged that the Executive Branch is surveilling overseas persons in order intentionally to surveil persons in the United States. Because the issue is not before us, we do not pass on the legitimacy vel non of such a practice.

The notion that the government doesn’t have this US person data in a database is farcical at this point, as the graphic above showing the relative size of the NSA’s data center in UT–which I snipped from this larger ACLU graphic–makes clear (though the government’s unwillingness to be legally bound to segregate US person data made that clear, as well). Read more

SCOTUS Unanimously Declares (Some) GPS Tracking a Search

/9 Comments/in , /by

Good news! The Fourth Amendment is not totally dead yet!

SCOTUS just handed down its decision in US v. Jones, which I wrote about here. And while there are three concurring opinions (the majority authored by Scalia and joined by Roberts, Kennedy, Thomas, and Sotomayor, a concurrence from Sotomayor, and another concurrence written by Alito and joined by Ginsburg, Breyer, and Kagan), all upheld the Circuit Court decision throwing out evidence warrantless use of a GPS surveillance.

But the opinions are worth reading closely because–as I pointed out in my earlier post–they may indicate whether SCOTUS would find the Administration’s secret use of the PATRIOT Act to track people via the GPS in their cell phones to be legal (as well as other digital surveillance).

Scalia’s opinion focused on the way the government occupied property in this case, arguing that more recent decisions that have focused on reasonable expectations of privacy do not affect the original protection of the Fourth Amendment tied to property.

It is important to be clear about what occurred in this case: The Government physically occupied private property for the purpose of obtaining information. We have no doubt that such a physical intrusion would have been considered a “search” within the meaning of the Fourth Amendment when it was adopted.

[snip]

Jones’s Fourth Amendment rights do not rise or fall with the Katz formulation [expectation of privacy]. At bottom, we must “assur[e] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.” Kyllo, supra, at 34. As explained, for most of our history the Fourth Amendment was understood to embody a particular concern for government trespass upon the areas (“persons, houses, papers, and effects”) it enumerates.

[snip]

What we apply is an 18th-century guarantee against un- reasonable searches, which we believe must provide at a minimum the degree of protection it afforded when it was adopted. The concurrence does not share that belief. It would apply exclusively Katz’s reasonable-expectation of-
privacy test, even when that eliminates rights that previously existed.

Alito’s concurrence, on the other hand, sees four problems with this approach, which boil down to the implications of Scalia’s logic being both too narrow and too broad. The first three are:

  • It would find non-trespassing long-term surveillance okay but short term trespass not (both one and two are versions of this)
  • Given different state property laws (particularly community property under marriage), it would have inconsistent results in different states

Alito’s fourth problem, though, is the key one: Scalia’s approach is not very helpful given how much surveillance is electronic.

Fourth, the Court’s reliance on the law of trespass will present particularly vexing problems in cases involving surveillance that is carried out by making electronic, as opposed to physical, contact with the item to be tracked. For example, suppose that the officers in the present case had followed respondent by surreptitiously activating a stolen vehicle detection system that came with the car when it was purchased.

That said, having made a case that electronic surveillance can be just as inappropriate as physical trespass assisted surveillance, Alito goes onto make problematic squishy distinctions, suggesting our current expectations of privacy with regards to GPS tracking pivot on the length of time the surveillance continues. And he suggests we may be losing our expectation of privacy with respect to that tracking.

For example, when a user activates the GPS on such a phone, a provider is able to monitor the phone’s location and speed of movement and can then report back real-time traffic conditions after combining (“crowdsourcing”)
the speed of all such phones on any particular road.9 Similarly, phone-location-tracking services are offered as “social” tools, allowing consumers to find (or to avoid) others who enroll in these services. The availability and use of these and other new devices will continue to shape the average person’s expectations about the privacy of his or her daily movements.

Most troubling, Alito suggests that for some “extraordinary offenses,” extended tracking might be okay.

We also need not consider whether prolonged GPS monitoring in the context of investigations involving extraordinary offenses would similarly intrude on a constitutionally protected sphere of privacy. In such cases, long-term tracking might have been mounted using previously available techniques.

Both Alito and Scalia (who rightly mocks this carve out) seem unwilling to talk about what might be acceptable in counterterrorism surveillance.

In short, while Scalia crafts a fairly cautious opinion based on private property, Alito crafts one that could easily be chipped away as we all get used to our smart phones.

The two arch-conservative Republicans both defend the Fourth Amendment, though, but it’s unclear they’re read to talk about the big questions before us (and, presumably, before them in the near future). In at least one way, Alito even underestimates what the government is capable of, claiming it cannot

But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy. For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue
every single movement of an individual’s car for a very long period.

That’s likely a false assumption, particularly given the storage capacity our government is using to surveil us and the requirements on cell phone companies to store data.

Sotomayor, IMO, is the only one ready to articulate where all this is heading. She makes it clear that she sides with those that see a problem with electronic surveillance too.

I would take these attributes of GPS monitoring into account when considering the existence of a reasonable societal expectation of privacy in the sum of one’s public movements. I would ask whether people reasonably expect that their movements will be recorded and aggregated in a manner that enables the Government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on.

[snip]

I would also consider the appropriateness of entrusting to the, in the absence of any oversight from a coordinate branch, a tool so amenable to misuse, especially in light of the Fourth Amendment’s goal to curb arbitrary exercises of police power to and prevent“a too permeating police surveillance,”

And in a footnote, makes a broader claim about the current expectation of privacy than Alito makes.

Owners of GPS-equipped cars and smartphones do not contemplate that these devices will be used to enable covert surveillance of their movements.

Ultimately, the other Justices have not tipped their hand where they’ll come down on more generalized issues of cell phone based surveillance. Sotomayor’s opinion actually doesn’t go much further than Scalia claims to when he says they can return to Katz on such issues–but obviously none of the other Republicans joined her opinion. And all those who joined Alito’s opinion seem to be hiding behind the squishy definitions that will allow them to flip flop when the Administration invokes national security.

Update: This is a great post on what Jones means for the Fourth Amendment more generally.