Yah, These ARE The Droids We Have Been Looking For And Fearing

I did not always write about it so much here, but I got fairly deep into “Deflategate” analysis and law when it was going on. Because it was fascinating. I met so many lawyers, professors and others, it was bonkers. Have remained friends with many, if not most, of all of them. One is Alexandra J. Roberts, which is kind of funny because she was not necessarily one of the major players. Yet, she is one of the enduring benefits I have come to love from the bigger picture.

Today, Ms Roberts advises of some R2D2 like cop robots. I “might” have engaged in some frivolity in response. But, really, it is a pretty notable moment.

Police droids on the ground? Police drones in the air? You think Kyllo will protect you from a Supreme Court with Neil Gorsuch on it? Hell, you think Merrick Garland would not have done what he has done all of his life and sign off on ever greater law enforcement collection and oppression? Not a chance in hell. Neither Gorsuch, nor Garland, would ever have penned what Scalia did in Kyllo:

It would be foolish to contend that the degree of privacy secured to citizens by the Fourth Amendment has been entirely unaffected by the advance of technology. For example, as the cases discussed above make clear, the technology enabling human flight has exposed to public view (and hence, we have said, to official observation) uncovered portions of the house and its curtilage that once were private. See Ciraolo, supra, at 215. The question we confront today is what limits there are upon this power of technology to shrink the realm of guaranteed privacy.

So, with no further adieu, here, via the Bo Globe, is the deal:

There’s a new security officer in town. But this one runs on batteries, not Dunkin’ Donuts.

Next time you’re visiting the Prudential Center, don’t be alarmed if you bump into a large, rolling robot as it travels the corridors where shoppers pop in and out of stores.

No, it’s not an oversized Roomba on the loose. It’s the “Knightscope K5,” an egg-shaped autonomous machine equipped with real-time monitoring and detection technology that allows it to keep tabs on what’s happening nearby.

Marvelous! R2D2 is making us all safer!

Nope. Sorry. Safe streets, broken windows, and “cop on the beat” policing cannot be accomplished by a tin can.

Just Say No to this idiotic and lazy policing bullshit. The next thing you know, the tin can will be probable cause. And Neil Gorsuch will help further that craven “good faith” reliance opinion in a heartbeat.

Parting Shot: Holy hell, we have our first reference to hate crimes for anti-cop robot violence! See here.

Frankly, having been in the field for three decades, I think the thought that cops are proper “hate crime” victims is absurd. Honestly, all “hate crimes” laws are completely absurd as they create different and more, and less, valuable classes of human crime victims. This may sound lovely to you in the safety of your perch, where you want to lash out at the evil others.

But if the “all men are created equal” language in the Declaration of Independence is to be given the meaning that so many demagogues over American history assign to it, then the “hate crimes” segregation and preference of one set of human victims over others, is total unfathomable bullshit.

That is just as to humans. Let’s not even go to the “victim’s rights” of squeaky ass little R2D2 tin cans.

Bmaz is a rather large saguaro cactus in the Southwestern Sonoran desert. A lover of the Constitution, law, family, sports, food and spirits. As you might imagine, a bit prickly occasionally. Bmaz has attended all three state universities in Arizona, with both undergraduate and graduate degrees from Arizona State University, and with significant post-graduate work (in physics and organic chemistry, go figure) at both the University of Colorado in Boulder and the University of Arizona. Married, with both a lovely child and a giant Sasquatch dog. Bmaz has been a participant on the internet since the early 2000’s, including active participation in the precursor to Emptywheel, The Next Hurrah. Formally joined the Emptywheel blog as an original contributing member at its founding in 2007. Bmaz grew up around politics, education, sports and, most significantly, cars; notably around Formula One racing and Concours de Elegance automobile restoration and showing. Currently lives in the Cactus Patch with his lovely wife and beast of a dog, and practices both criminal and civil trial law.

The Lesson Trump Has (Thus Far) Not Taught Us: Civilian Casualties

I have a confession.

There’s something I like about the Trump Administration.

It’s the way that his unpopularity taints long-standing policies or practices or beliefs, making people aware of and opposed to them in a way they weren’t when the same policies or beliefs were widely held under George Bush or Barack Obama. Many, though not all, of these policies or beliefs were embraced unquestioningly by centrists or even avowed leftists.

I’ve been keeping a running list in my mind, which I’ll begin to lay out here (I guess I’ll update it as I remember more).

  • Expansive surveillance
  • The presumption of regularity, by which courts and the public assume the Executive Branch operates in good faith and from evidence
  • Denigration of immigrants
  • Denigration of Muslims
  • Denigration health insurance

As an example, Obama deported a huge number of people. But now that Trump has expanded that same practice, it has been made visible and delegitimized.

In short, Trump has made things that should always have been criticized are now being far more widely so.

But there’s one thing that Trump has escalated that has thus far — with the singular exception of the botched raid on Yemen — escaped widespread condemnation: the bombing of civilians. There was the Al Jineh mosque on March 16, a school sheltering families in Raqqa on March 21, and this strike last week in Mosul, not to mention continued Saudi attacks in Yemen that the US facilitates.

Again, I’m not saying such civilian strikes didn’t happen under Obama. And it’s not clear whether this spate of civilian bombings arises from a change in the rule of engagement put in place in December, the influence of James Mattis, or Trump’s announced review of rules of engagement. But civilians are dying.

And for the most part, unlike all the other horrible things happening under President Trump, they’re getting little notice and condemnation in the US.

Update: This NYT story on the Mosul strike says that the increased civilian casualties do reflect a change in rules of engagement put in place under Trump.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Wednesday: Mend

Repair Day here, can’t spend much time reading or writing as I’ll be tied up mending things. Enjoy a little mellow Foo Fighters’ tune — can’t handle metal rock today or I’ll end up HULK SMASHing things I’m supposed to fix.

Here’s a range of topics which deserve more attention:

UK’s Chilcot report released today (Guardian-UK) — [Insert lengthy string of epithets here, circa 2003] I’m sure one of the other team members here at emptywheel will elaborate more effectively on the ugliness in the report and on former Prime Minister Tony Blair‘s continued lies rationalizations for military intervention in Iraq over alleged 9/11 terrorists and non-existent nuclear weapons. His self-flagellation and tepid mea culpa are pathetic, like watching a wee gnat flailing on an elephant’s ass. Thirteen years later, Iraq has become a training ground for terrorists. Self-fulfilling prophecy, much?

The full Chilcot report can be found here. The Guardian is working on a collaborative evaluation of the same.

BreachedDataSweetSpot_06JUL2016Hookup site Ashley Madison under investigation by FTC (Reuters) — Not clear exactly what FTC’s focus is, whether they are looking primarily at the data breach or if they are looking into the misleading use of “fembot” AI to chat up potential customers. Though the article’s characterization of the business as a “discreet dating site” cracks me up, I’m still concerned about the potential risks involved with a breach, especially since other breached data make Ashley Madison’s data more valuable. Like in this Venn diagram; if you were a foreign agent, which breached data would you mine most carefully?

French Parliament released its inquiry into November terrorist attacks (20 Minutes) — Six months after the attack at the Bataclan and in the streets of Paris, representatives of the Parliamentary inquiry spoke yesterday about the inquiry’s findings:

  • Poor cooperation between intelligence functions — In spite of consolidation of General Intelligence and Directorate of Territorial Surveillance under the Central Directorate of Internal Intelligence in 2008 and then the Directorate General of Internal Security (ISB) in 2014, there were gaps in hand-offs between functions.
  • Ineffective collection and sharing of prison intelligence — The ISB did not have information from Justice (the prison service) about the relationships between incarcerated radical Islamists nor information about targets’ release from custody.
  • Poor cooperation between EU members and EU system gaps — Fake Syrian passports should have been caught by the EU’s Frontex at external borders to EU, and Frontex has no access to data collected by police and intelligence services internal to the EU.
  • Gaps in jurisdiction — Not all law enforcement was engaged as they should have been during the November attack, and when engaged, not where they should have been.
  • Victims and families treated inadequately — Some families were told they were “ineligible” to be notified of their relatives’ deaths. Forensic Institute was swamped by the volume of work. At least one victim tried to call the police; they hung up on the victim because she whispered on the phone.

It’s not clear what steps the French will take next to fix these problems identified after looking at 2015’s January and November terrorist attacks, though it is reassuring to see a relatively detailed evaluation. Some of the suspects involved in both the November attacks in Paris and in Brussels are still being rounded up and bound over for prosecution; two were handed over by Belgium to France just this week. The full Parliamentary inquiry report will be released next week.

NHTSA informed by Tesla of self-driving car accident 9 days later (Reuters) — The delay in reporting may have misled investors in advance of Tesla’s offer for SolarCity suggest reports, including one by Fortune magazine. To be fair, I don’t think all the details about the accident were fully known immediately. Look at the condition of the vehicle in the Reuters’ report and the Florida Highway Patrol report; the FHP’s sketch of the accident site doesn’t automatically lead one to think the accident was induced by distracted driving or by auto-pilot. Can’t find the report now, but a DVD player was found much later; it was this device which revealed the driver’s last activities. How did the FHP’s report make its way to Tesla? And as Tesla responded, with one million auto accidents a year, not every accident is reported to the NHTSA. Begs the question: should all self-driving car accidents be automatically reported to the NHTSA and their automakers, and why?

‘Zero Days’ documentary on Stuxnet out this Friday (Flavorwire) — If director Alex Gibney can make this subject exciting to the average non-technical schmoe, hats off. It’s a challenge to make the tedium of coding exciting to non-coders, let alone fluff process control equipment. This is a really important story with a very long tail; hope Gibney was able to do it justice.

EIGHT DAYS in session left in U.S. House of Representatives’ July calendar. Hearing about EPA scheduled this morning, but I don’t think it had anything to do whatsoever with Flint Water Crisis.

Okay, that’s enough to get you over the hump, just don’t break anything on the way down. I’m off to go fix stuff.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Friday: How It Begins

I was half way through a post yesterday when a friend in the UK told me a member of Parliament had been killed by a fascist.

An assassination, I thought at that moment, unable to write another word for my post. How many times has an assassination kicked off a horrible chain of events?

I hoped and prayed as best a lapsed Catholic can that the murder of MP Jo Cox by a man shouting, “Britain First!” was not the beginning of something dreadful. Research says it’s less likely than if an autocratic figure had been killed, but who can really say with certainty?

We won’t know for some time if this was a trigger event for something else, though it did set off a cascade of stomach-turning crap. So many media outlets referred to politician Cox’s death by a political fanatic as something other than an assassination. Really? Would Cox have been targeted had she not been a pro-EU unity supporter? Would the assassin — characterized by so many euphemisms as mentally ill — have killed her had he not been rabidly anti-EU and racist, impelled by ramped-up anti-EU rhetoric in advance of the EU-Brexit referendum?

And the disparity in coverage between [lone white gunman suspected of mental illness] and [armed terrorist—labeled so because they’re not white]? Beyond disgusting. The racism is all the more obvious. The public is conditioned by media’s implicit bias to expect and accept the lone white gunman, but never the dark-skinned person bearing a weapon. The accused must have sympathized with white nationalism, irrespective of country, having bought his firearm components from U.S. neo-Nazis more than a decade ago. The description of his attack on Cox is chilling — it was a cold political execution, not just some wildly insane flailing without care for the outcome.

The world lost someone very special when Jo Cox died yesterday. Someone who lived progressive values out in the open, modeling a better way for us. Don’t kid yourself this was just a crazed man acting alone when white nationalist politicians like Nigel Farage believe “violence is the next step” if angry constituents feel they’ve lost control.

And don’t fool yourself into believing this was an isolated event occurring in a vacuum.

Today’s Friday jazz is a performance of She’s Crying for Me by the Yorkshire Jazz Band, in honor of Jo Cox’s home county.

A note on hacking stories
The breach of the DNC’s computers is one of a number of stories over the last several years following a pattern: the breach is attributed to one entity and then yet another entity, while the story itself has a rather interesting point of origin. Initial reports may say the hackers were affiliated with [nation/state X] and later reports attribute the hacking to [unaligned third party Y] — or a variation on this order — a key characteristic is the story’s immaculate birth.

Try looking for yourself for the earliest story reporting the hacking of the DNC. Who reported it and when? Who were the original sources? Did the story arise from a call to law enforcement or a police report, and a local beat reporter who gathered named eyewitnesses for quotes? Or did the story just pop out of thin air, perhaps simultaneously across multiple outlets all regurgitating the same thing at the same time?

My point: Be more skeptical. There’s an adage in reporting, drummed into journalism students’ heads: If your mother says she loves you, check it out.

Three examples of manipulated opinion
Speaking of being more skeptical, bias manifests itself in all manner of ways and can be easily used for good or ill.

  • U.S. government and military orgs tricked into running ‘imposter code’ (Ars Technica) — Suckers didn’t perform due diligence on packages of code hosted at developer communities before running them. Gee, I wonder if any political parties’ personnel might have done the same thing…
  • GOP-led House waffles on HR 5293 surveillance bill because Orlando (HuffPo) — Ugh. Would this vote have been different this time if a lone crazed white gunman had shot up a bar? Sadly, we can’t tell based on the bill’s approval last year because the vote took place one day before Dylan Roof’s mass shooting in a Charleston church. Nor can we tell from the bill’s 2014 approval by the House because the mass shootings the week of the vote were just plain old run-of-the-mill apolitical/non-racist with too few fatalities.
  • Send manuscripts out under a man’s name = agents and publishers notice (Jezebel) — If you’re a woman you can be a great writer and you won’t get any nibbles on your manuscript — unless you submit it under a male name. Hello, implicit bias, much? This isn’t the only example, either.

Worthwhile long read
This commentary at Tor.com looks at the movie V for Vendetta, saying it’s “more important than ever,” in spite of the adaptation’s rejection by Alan Moore, author of the graphic novel on which this film was based. The essay was published this past Tuesday; read it now in light of Jo Cox’s assassination Thursday. A single event can change perception. This line alone now means something very different to me:

It seems strange that my life should end in such a terrible place. But for three years I had roses, and apologized to no one.

If time permits, I may slap up a post this weekend to make up for yesterday’s writer’s block. Otherwise I’ll catch you on Monday.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Why Is the Government Poison-Pilling ECPA Reform?

Back in 2009, the Obama Administration had Jeff Sessions gut an effort by Dianne Feinstein to gut an effort by Patrick Leahy to gut an effort by Russ Feingold to halt the phone and Internet dragnet programs (as well as, probably, some Post Cut Through Dialed Digit collections we don’t yet know about).

See what Jeff Sesssions–I mean Barack Obama–did in complete secrecy and behind the cover of Jeff Sessions’ skirts the other night?

They absolutely gutted the minimization procedures tied to pen registers! Pen registers are almost certainly the means by which the government is conducting the data mining of American people (using the meta-data from their calls and emails to decide whether to tap them fully). And Jeff Sesssions–I mean Barack Obama–simply gutted any requirement that the government get rid of all this meta-data when they’re done with it. They gutted any prohibitions against sharing this information widely. In fact, they’ve specified that judges should only require minimization procedures in extraordinary circumstances. Otherwise, there is very little limiting what they can do with your data and mine once they’ve collected it. [no idea why I was spelling Sessions with 3 ses]

At each stage of this gutting process, Feingold’s effort to end bulk collection got watered down until, with Sessons’ amendments, the Internet dragnet was permitted to operate as it had been. Almost the very same time this happened, NSA’s General Counsel finally admitted that every single record the agency had collected under the dragnet program had violated the category restrictions set back in 2004. Probably 20 days later, Reggie Walton would shut down the dragnet until at least July 2010.

But before that happened, the Administration made what appears to be — now knowing all that we know now — an effort to legalize the illegal Internet dragnet that had replaced the prior illegal Internet dragnet.

I think that past history provides an instructive lens with which to review what may happen to ECPA reform on Thursday. A version of the bill, which would require the government to obtain a warrant for any data held on the cloud, passed the House unanimously. But several amendments have been added to the bill in the Senate Judiciary Committee that I think are designed to serve as poison pills to kill the bill.

The first is language that would let the FBI resume obtaining Electronic Communication Transaction Records with just a National Security Letter (similar language got added to the Intelligence Authorization; I’ll return to this issue, which I think has been curiously reported).

The second is language that would provide a vast emergency exception to the new warrant requirement, as described by Jennifer Daskal in this post.

[T]here has been relatively little attention to an equally, if not more, troubling emergency authorization provision being offered by Sen. Jeff Sessions. (An excellent post by Al Gidari and op-ed by a retired DC homicide detective are two examples to the contrary.)

The amendment would allow the government to bypass the warrant requirement in times of claimed emergency. Specifically, it would mandate that providers turn over sought-after data in response to a claimed emergency from federal, state, or local law enforcement officials. Under current law, companies are permitted, but not required, to comply with such emergency — and warrantless — requests for data.

There are two huge problems with this proposal. First, it appears to be responding to a problem that doesn’t exist. Companies already have discretion to make emergency disclosures to governmental officials, and proponents of the legislation have failed to identify a single instance in which providers failed to disclose sought-after information in response to an actual, life-threatening emergency. To the contrary, the data suggest that providers do in fact regularly cooperate in response to emergency requests. (See the discussion here.)

Second, and of particular concern, the emergency disclosure mandate operates with no judicial backstop. None. Whatsoever. This is in direct contrast with the provisions in both the Wiretap Act and Foreign Intelligence Surveillance Act (FISA) that require companies to comply with emergency disclosure orders, but then also require subsequent post-hoc review by a court. Under the Wiretap Act, an emergency order has to be followed up with an application for a court authorization within 48 hours (see 18 U.S.C. § 2518(7)). And under FISA, an emergency order has to be followed with an application to the court within 7 days (see 50 U.S.C. § 1805(5)). If the order isn’t filed or the court application denied, the collection has to cease.

The proposed Sessions amendment, by contrast, allows the government to claim emergency and compel production of emails, without any back-end review.

Albert Gidari notes that providers are already getting a ton of emergency requests, and a good number of them turn out to be unfounded.

For the last 15 years, providers have routinely assisted law enforcement in emergency cases by voluntarily disclosing stored content and transactional information as permitted by section 2702 (b)(8) and (c)(4) of Title 18. Providers recently began including data about emergency disclosures in their transparency reports and the data is illuminating. For example, for the period January to June 2015, Google reports that it received 236 requests affecting 351 user accounts and that it produced data in 69% of the cases. For July to December 2015, Microsoft reports that it received 146 requests affecting 226 users and that it produced content in 8% of the cases, transactional information in 54% of the cases and that it rejected about 20% of the requests. For the same period, Facebook reports that it received 855 requests affecting 1223 users and that it produced some data in response in 74% of the cases. Traditional residential and wireless phone companies receive orders of magnitude more emergency requests. AT&T, for example, reports receiving 56,359 requests affecting 62,829 users. Verizon reports getting approximately 50,000 requests from law enforcement each year.

[snip]

Remember, in an emergency, there is no court oversight or legal process in advance of the disclosure. For over 15 years, Congress correctly has relied on providers to make a good faith determination that there is an emergency that requires disclosure before legal process can be obtained. Providers have procedures and trained personnel to winnow out the non-emergency cases and to deal with some law enforcement agencies for whom the term “emergency” is an elastic concept and its definition expansive.

Part of the problem, and the temptation, is that there is no nunc pro tunc court order or oversight for emergency requests or disclosures. Law enforcement does not have to show a court after the fact that the disclosure was warranted at the time; indeed, no one may ever know about the request or disclosure at all if it doesn’t result in a criminal proceeding where the evidence is introduced at trial. In wiretaps and pen register emergencies, the law requires providers to cut off continued disclosure if law enforcement hasn’t applied for an order within 48 hours.  But if disclosure were mandatory for stored content, all of a user’s content would be out the door and no court would ever be the wiser. At least today, under the voluntary disclosure rules, providers stand in the way of excessive or non-emergency disclosures.

[snip]

A very common experience among providers when the factual basis of an emergency request is questioned is that the requesting agency simply withdraws the request, never to be heard from again. This suggests that to some, emergency requests are viewed as shortcuts or pretexts for expediting an investigation. In other cases when questioned, agents withdraw the emergency request and return with proper legal process in hand shortly thereafter, which suggests it was no emergency at all but rather an inconvenience to procure process. In still other cases, some agents refuse to reveal the circumstances giving rise to the putative emergency. This is why some providers require written certification of an emergency and a short statement of the facts so as to create a record of events — putting it in writing goes a long way to ensuring an emergency exists that requires disclosure. But when all is in place, providers respond promptly, often within an hour because most have a professional, well-trained team available 7×24.

In other words, what seems to happen now, is law enforcement use emergency requests to go on fishing expeditions, some of which are thwarted by provider gatekeeping. Jeff Sessions — the guy who 7 years ago helped the Obama Administration preserve the dragnets — now wants to make it so these fishing expeditions will have no oversight at all, a move that would make ECPA reform meaningless.

The effort to lard up ECPA reform with things that make surveillance worse (not to mention the government’s disinterest in reforming ECPA since 2007, when it first started identifying language it wanted to reform) has my spidey sense tingling. The FBI has claimed, repeatedly, in sworn testimony, that since the 2010 Warshak decision in the Sixth Circuit, it has adopted that ruling everywhere (meaning that it has obtained a warrant for stored email). If that’s true, it should have no objection to ECPA reform. And yet … it does.

I’m guessing these emergency requests are why. I suspect, too, that there are some providers that we haven’t even thought of that are even more permissive when turning over “emergency” content than the telecoms.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.