FBI says search warrants not needed to use “stingrays” in public (con’d)

Update: San Bernardino Sheriff’s Department doesn’t tell judges it’s using spy device (Stingray)

The sheriff in San Bernardino County—east of Los Angeles County—has deployed a stingray hundreds of times without a warrant, and under questionable judicial authority.

In response to a public records request, the San Bernardino Sheriff’s Department (SBSD) sent Ars, among other outlets, a rare example of a template for a “pen register and trap and trace order” application. (In the letter, county lawyers claimed this was a warrant application template, when it clearly is not.) The SBSD is the law enforcement agency for the entire county, the 12th-most populous county in the United States, and the fifth-most populous in California.

..

This template application, surprisingly, cites no legal authority on which to base its activities. The SBSD did not respond to Ars’ request for comment.
“This is astonishing because it suggests the absence of legal authorization (because if there were clear legal authorization you can bet the government would be citing it),” Fred Cate, a law professor at Indiana University, told Ars by e-mail.
“Alternatively, it might suggest that the government just doesn’t care about legal authorization. Either interpretation is profoundly troubling,” he said.
The documents sent to Ars by the SBSD’s county attorneys also show that since acquiring a stingray in late 2012, the agency has used it 303 times between January 1, 2014 and May 7, 2015.

..

The template is likely to mislead judges who receive applications based on it because it gives no indication that the Sheriff’s Department intends to use a stingray,” he wrote by e-mail.
“We have seen similarly misleading applications submitted to judges by police departments across the country,” he continued. “Judges have no hope of ensuring that use of stingrays complies with the Fourth Amendment if they are kept in the dark about law enforcement’s intent to use a stingray. When police hide the ball from judges, our justice system cannot ensure justice.”

Update: Baltimore Police Spying On Cellphones And Hiding It

A detective’s court testimony Monday revealed that Baltimore law enforcement is spying on residents at an incredible rate without a warrant — and doing their best to hide it.
Detective Michael Dressel testified that Baltimore law enforcement have used “sting rays”–devices that can track personal cell phone data and location–without court orders, The Baltimore Sun reports. Police said they have used sting rays 4,300 more than times since 2007.
“This is scandalous,” Tim Lynch, the Cato Institute’s Director for the Project on Criminal Justice, told The Daily Caller News Foundation. “Police agencies have misled the public about how the stingray devices have been used and how often. We need to find out what has been happening in other cities around the country. FBI officials and police chiefs need to come clean about this.”

Update: NYCLU releases details of EC Sheriff’s cell phone spying

The NYCLU says documents show the sheriff’s office has a confidentiality agreement with the FBI that allows it to maintain almost total secrecy over the records for this device, including that the FBI can request the sheriff’s office dismiss criminal prosecutions rather than risk compromising the secrecy of how the Stingray is used.]
“Stingrays are an advanced surveillance technology that can sweep up very private information, including information on innocent people,” said NYCLU Western Region Director John Curr III. “If the FBI can command the Sheriff’s Office to dismiss criminal cases to protect its secret stingrays, it is not clear how the $350,000 we are spending on stingray equipment is keeping the people of Buffalo safer.”

Update: NYT catches up on Stingray

A powerful new surveillance tool being adopted by police departments across the country comes with an unusual requirement: To buy it, law enforcement officials must sign a nondisclosure agreement preventing them from saying almost anything about the technology.
Any disclosure about the technology, which tracks cellphones and is often called StingRay, could allow criminals and terrorists to circumvent it, the F.B.I. has said in an affidavit. But the tool is adopted in such secrecy that communities are not always sure what they are buying or whether the technology could raise serious privacy concerns.
The confidentiality has elevated the stakes in a longstanding debate about the public disclosure of government practices versus law enforcement’s desire to keep its methods confidential. While companies routinely require nondisclosure agreements for technical products, legal experts say these agreements raise questions and are unusual given the privacy and even constitutional issues at stake.

Update: WaPost wakes up on Stingray

The Tallahassee police have used the StingRay or a similar device in 250 investigations over a six-year period from mid-2007 through early 2014, according to a list of cases compiled by the Tallahassee Police Department and provided to the American Civil Liberties Union.
That’s 40 or so instances a year in a city of 290,000, a surprisingly high rate given that the StingRay’s manufacturer, Harris Corp., has told the Federal Communications Commission that the device is used only in emergencies. At least 48 state and local law enforcement agencies in 20 states and the District of Columbia have bought the devices, according to the ACLU.
The secrecy surrounding the device’s use has begun to prompt a backlash in cities across the country. In Baltimore, a judge is pushing back against the refusal of police to answer questions while testifying. In Charlotte, N.C., following a newspaper investigation, the state’s attorney is reviewing whether prosecutors illegally withheld information about the device’s use from defendants.
In Tacoma, Wash., after a separate newspaper investigation found that judges in almost 200 cases had no idea they were issuing orders for the StingRay, the court set new rules requiring police to disclose the tool’s use. The state legislature is weighing a bill to regulate police use of the equipment.

#

The bureau’s position on Americans’ privacy isn’t surprising. The Obama Administration has repeatedly maintained that the public has no privacy in public places. It began making that argument as early as 2010, when it told a federal appeals court that the authorities should be allowed to affix GPS devices on vehicles and track a suspect’s every move without court authorization. The Supreme Court, however, eventually ruled that warrants are required. What’s more, the administration has argued that placing a webcam with pan-and-zoom capabilities on a utility pole to spy on a suspect at his or her residence was no different from a police officer’s observation from the public right-of-way. A federal judge last month disagreed with the government’s position, tossing evidence gathered by the webcam that was operated from afar.

In their letter, Leahy and Grassley complained that little is known about how stingrays, also known as ISMI catchers, are used by law enforcement agencies. The Harris Corp., a maker of the devices from Florida, includes non-disclosure clauses with buyers. Baltimore authorities cited a non-disclosure agreement to a judge in November as their grounds for refusing to say how they tracked a suspect’s mobile phone. They eventually dropped charges rather than disclose their techniques. Further, sometimes the authorities simply lie to judges about their use or undertake other underhanded methods to prevent the public from knowing that the cell-site simulators are being used.

via FBI says search warrants not needed to use “stingrays” in public places | Ars Technica.

Advertisements

“That’s right sir. 30 city and 42 highway and 5-10 years in the penitentiary for changing your owns spark plugs “

Dear Car Companies: This is NOT a Good “Features and Benefits” Point

These 12 car companies are lobbying hard to make working on the electrical and computer components of your own car illegal. General Motors has told the Copyright Office that proponents of copyright reform mistakenly “conflate ownership of a vehicle with ownership of the underlying computer software in a vehicle.”
General Motors also says that your car qualifies as a “mobile computing device.” Tinkering with it, therefore, could be a copyright violation because although you do own your car, you do not own the computer code inside it. Jail-breaking your iPad is currently illegal for the same reason. By the way, jail-breaking your iPhone is still legal; it’s just one more example of a government regulation that is full of double standards.

Get. Bent.

via 12 big car companies are trying to make working on your own car illegal – Watchdog.org.

RSA president: ‘the need for intelligence shouldn’t slow down the use of encryption’

In an interview with IDG News Service, Amit Yoran, president of RSA, also rejected calls by U.S. intelligence chiefs for industry to tread carefully in deploying more encryption in case it cuts off their ability to eavesdrop on communications by suspected criminals.
“The government is not the answer here,” he said, when asked about White House proposals for sharing of cybersecurity information. Despite the growing severity of attacks and a feeling that the government should “do something,” the issue is best left to private companies, because they are the ones developing networks and the technology that defends them, he said.
“Nobody is going to say information sharing is bad, but I’ve yet to see what is being asked to share by whom, for what purpose, to which parties, how will it be protected, how will it be used and then what is the value proposition back for sharing information,” Yoran said.
Instead, he said the government might better help by sharing some of its own threat intelligence with the private sector.

Good. Better ideas on CS will come from the private sector.

via RSA president questions government role in cybersecurity | Computerworld.

Attention All FORTRAN Programmers: Call your office, you are on deck

What made Ada difficult also made it secure and reliable—in simplified programing terms, it was hard to get code past Ada’s exacting compiler, but once you did, it was extremely reliable and resistant to many types of attacks. Could that reliability and security be combined with an easier development path?

via An unexpected source of mobile security: Ada — Defense Systems.

Jeb Love Big Government Spying

Former Florida Governor Jeb Bush stated that he is “nervous” about criticism of the NSA and that he wished the president would do a better job defending government surveillance systems on Monday’s “Hugh Hewitt Show.”
Bush said that lone wolf terrorism “is a serious threat in a world where we’re so connected with the rest of the world. We have people moving in and people moving out. People get their information now, not everybody gets to listen to your show to get all their information. People get their information in different ways. They get disaffected, disillusioned, preyed upon, and so yeah, I think that this is an ongoing threat, and I hope that our counterintelligence capabilities are always vigilant. I’ve always been nervous about the attacks on the NSA, and somehow that we’re losing our freedoms by keeping the homeland safe. I think we need to be really vigilant about that.”

via Jeb: I’m ‘Nervous’ About NSA Criticism, Obama Should Defend NSA – Breitbart.

Extrajudicial Taxes: Police, Courts, City Admin (Missouri)

But in all the news coverage, protests, and resulting spin, there is one aspect of this story that, for several reasons, is worthy of a lot more attention before it’s forgotten: the outrageous use of policing as a city revenue stream.

Take a look at the video by Radley Balko and think how much money is extorted from the citizens, in this area of Missouri.  How many of the many other ‘municipalities’ run on police/tickets/fines/bench warrants?

 

via Some police revenue streams are more outrageous than others – Watchdog.org.

F Bruni: Hillary is Old, Stained, and Stuck on Repeat

It was what kept coming to mind as she stood before the cameras once again, under fire once again, aggrieved once again by Americans’ refusal to see and simply trust how well intentioned and virtuous and good for the country she is:

Ouch!

via Hillary’s Prickly Apologia – NYTimes.com.

Marie Harf: ‘I’m just too nuanced for you stupid reporters.’

“Well, obviously, and part of this is coming up because three hundred of her emails were provided to the Select Committee. Somebody obviously had to go through all fifty-five thousand pages and determine if there was anything that was deemed responsive to the Select Committee’s request. So that process for that request was undertaken. If other requests come through in the future, they will be gone through as well to see if there’s anything responsive and appropriate to be provided. She and her team has said it was not used for anything but unclassified work. You know, we don’t undergo scans of everyone’s unclassified email to make sure they’re only doing unclassified work. So I think there was any indication she was doing anything but here, so I don’t think it’s really a pertinent question,” Harf replied.

watch the video.

via Marie Harf | Hillary Clinton | State Department | Emails.

GH Reynolds: On the Importance of the Third Amendment

The only Supreme Court case in which the Third Amendment did any heavy lifting is Griswold v. Connecticut, a case that’s not about troop-quartering, but about birth control. The Supreme Court held that the Third Amendment’s “penumbra” (a legal term that predates the Griswold case) extended to protecting the privacy of the home from government intrusions. “Would we,” asked the court, “allow the police to search the sacred precincts of marital bedrooms for telltale signs of the use of contraceptives?” The very idea, said the court, was “repulsive.”

Likewise, the U.S. Court of Appeals for the Second Circuit held in Engblom v. Carey that the Third Amendment protects a “fundamental right to privacy” in the home. Since then, courts haven’t done much to flesh these holdings out, but I wonder if they should. In the 18th century, when the Third Amendment was drafted, “troop quartering” meant literally having troops move into your house to live at your expense and sleep in your beds. It destroyed any semblance of domestic privacy, opening up conversations, affection, even spats to the observation and participation of outsiders. It converted a home into an arena.

via Quartering spyware troops in the digital age: Column.

Cuomo Orders NY Govt Emails to be “Learnered”

In a memo obtained by Capital New York, Cuomo officials announced that mass purging of email records is beginning across several state government agencies. The timing of the announcement, which followed through on a 2013 proposal, is worth noting: The large-scale destruction of state documents will be happening in the middle of a sprawling federal investigation of public corruption in Albany. That investigation has been looking at state legislators and the Cuomo administration.

via Amid Federal Corruption Probe, Andrew Cuomo Administration Purges State Government Emails.

Samsung: Privacy Not

“You can control your SmartTV, and use many of its features, with voice commands. If you enable Voice Recognition, you can interact with your Smart TV using your voice. To provide you the Voice Recognition feature, some voice commands may be transmitted (along with information about your device, including device identifiers) to a third-party service that converts speech to text or to the extent necessary to provide the Voice Recognition features to you. In addition, Samsung may collect and your device may capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

and

Please note that when you watch a video or access applications or content provided by a third-party, that provider may collect or receive information about your SmartTV (e.g., its IP address and device identifiers), the requested transaction (e.g., your request to buy or rent the video), and your use of the application or service. Samsung is not responsible for these providers’ privacy or security practices.

via Samsung’s SmartTV Privacy Policy Raises Accusations of Digital Spying.

Android card game Durak infects with adware

Security firm Avast said that one of the apps involved – a free version of the card game Durak – had been downloaded up to 10 million times, according to Google Play’s own counter.

Google has now blocked access.

But one expert noted that the problem might be less widespread than feared.

via BBC News – Android adware ‘infects millions’ of phones and tablets.

Dear Government, This Is Why Our Phones Will Be Encrypted

Update: DOJ Pays $134,000 To Settle Case Of DEA Agents Impersonating A Woman On Facebook

A few days ago, the Justice Department agreed to settle the case, paying her $134,000 for her troubles. As with many settlements, this one includes the government insisting that the settlement is not an admission of any guilt for its actions — though it also leaves open that Arquiett could seek to get some attorneys’ fees as well. Both Facebook and Senator Leahy had criticized the government for this action, and the DOJ promised to review this kind of practice — though that review is still “ongoing.” Either way, in this case, the DOJ realized that it was best to just pay up rather than let the case go much further.

Update: Court Rules Police Can Force Users to Unlock iPhones With Fingerprints

According to Judge Steven C. Fucci, while a criminal defendant can’t be compelled to hand over a passcode to police officers for the purpose of unlocking a cellular device, law enforcement officials can compel a defendant to give up a fingerprint.

The Fifth Amendment states that “no person shall be compelled in any criminal case to be a witness against himself,” which protects memorized information like passwords and passcodes, but it does not extend to fingerprints in the eyes of the law, as speculated by Wired last year.

Update: Don’t Want Nude Selfies Stolen? Don’t Let Cops See Your Phone

A team of CHP officers is now under investigation for a years-long “game” in which they stole and traded private photos from the phones of women they arrested.

#

It was created surreptitiously by a Drug Enforcement Administration agent, who seized Prince’s phone in July 2010 after arresting her, mined it for photographs, then used those pictures to forge a fraudulent profile which allowed authorities to impersonate Prince in an investigation into an alleged New York drug ring. Until, of course, Prince found out — and sued.
The result is an ongoing New York federal civil suit that Prince, who also goes by Sandra Arquiett, has filed against the United States and DEA Agent Timothy Sinnigen. The case, which Buzzfeed’s Chris Hamby first reported, has been sent for mediation by the judge in the case. It hints at the murky boundaries of social media privacy and raises questions as to how far law enforcement can go when using new technology to investigate cases.

To all the Chicken Little government prosecutors and agents:

We don’t need protection from straw-men pedophiles or kidnappers, we need protection from The Government.

via DEA created a fake Facebook profile in this woman’s name using seized pics — then impersonated her – The Washington Post.

The war on leaks has gone way too far when journalists’ emails are under surveillance

Most journalists and press freedom groups have been inexplicably quiet about the Justice Department’s treatment of WikiLeaks and its staffers ever since, despite the fact that there has been a (justified) backlash against the rest of the Justice Department’s attempt to subpoena reporters’ phone call records and spy on their emails. But almost all of the tactics used against WikiLeaks by the Justice Department in their war on leaks were also used against mainstream news organizations.

For example, after the Washington Post revealed in 2013 the Justice Department had gotten a warrant for the personal Gmail account of Fox News reporter James Rosen in 2010 without his knowledge by explicitly accusing him of being an espionage “co-conspirator” (for have the audacity to arrange to confidentially speak with a source), journalists and privacy advocates understandably reacted in shock and outrage.

The war on leaks has gone way too far when journalists’ emails are under surveillance

BMW sounds alarm over tech companies seeking connected car data

Ian Robertson, the German manufacturer’s board member for sales and marketing, said that every car rolling off its production lines had a wireless network that could yield information about location, speed, acceleration and even the occupants of the car.

“There’s plenty of people out there saying: ‘give us all the data you’ve got and we can tell you what we can do with it’,” he told the Financial Times on the sidelines of the Detroit motor show, adding that this included “Silicon Valley” companies, as well as advertising groups. “And we’re saying: ‘No thank you’.”

Ford was forced into an embarrassing retraction at last year’s Consumer Electronics Show in Las Vegas after Jim Farley, then head of marketing at the US carmaker, said: “We know everyone who breaks the law. We know exactly when you do it because we have a GPS sensor in your car.” He added: “By the way, we don’t supply that data to anyone.”

via BMW sounds alarm over tech companies seeking connected car data – FT.com.

No, North Korea Didn’t Hack Sony

All the evidence leads me to believe that the great Sony Pictures hack of 2014 is far more likely to be the work of one disgruntled employee facing a pink slip.
I may be biased, but, as the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world’s leading mobile security company, Cloudflare, I think I am worth hearing out.
The FBI was very clear in its press release about who it believed was responsible for the attack: “The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” they said in their December 19 statement, before adding, “the need to protect sensitive sources and methods precludes us from sharing all of this information”.

Click forth and read all:

via No, North Korea Didn’t Hack Sony – The Daily Beast.

Facebook Joins Sony in Fortitude Against Self-Censorship – NOT

In 2011, Facebook was hailed by opposition movements during the Arab Spring and in Russia as a powerful new tool to spread information beyond the control of repressive governments. That may no longer be the case, at least not in Russia. Russian Internet regulators said Saturday that they had sent Facebook a “demand” that it block access to a page calling for a demonstration in support of Alexei Navalny, the most prominent critic of Russian President Vladimir Putin.

via Facebook blocks Russian page supporting Navalny, Putin’s biggest critic – The Washington Post.

Gutfeld on the Sony Hack: It Is Not Our Business

I hate the news right now, because websites, TV shows, and blogs are all reporting on the Sony emails – poring over the content, sucking out the juiciest bits and spitting them our way.
Accidentally, I’ll get one right in the eye – but for the most part, I’m ducking and letting them fly right by. I don’t want to see them, period.
I want nothing to do with reading these emails, and it pisses me off to see how petty and shortsighted so much of the media are (and the public too), in their insatiable gobbling up of this private gossip. They’re like me with Lindeman chocolates.
If these were not emails, but hacked private financial records, would you find it so funny? Nope.
If this were medical data on a friend’s embarrassing illnesses, would you take a peek? Heck no.
If the leak happened to be a trove of nude pictures (like the Jen Lawrence hack), photos done privately for a loved one far away – would you still look, and get a kick out of it?
You and I do not deserve to read the Sony emails, any more than we deserve to indulge in private medical, financial, or sexual matters of other people. If you knew these people personally – would you look, if you could? I think not.

Correct.  Click forth and read all:

via GUTCHECK: Why Sony Should Scare You.

Chicago PD using Stingray out at the Eric Garner protest

Looks like police in Chicago have a tricked out surveillance truck equipped with cell site simulators, a.k.a. Stingrays, that force nearby phones to send data to cops instead of to phone company cell towers. Did those cops get a warrant for that?

Your tax dollars at work: Spying on people just because they demand that the government’s agents stop killing black people.

UPDATE: Anonymous has released a video featuring what appear to be Chicago police radio transmissions revealing police wiretapping of organizers’ phones at the protests last night the day after Thanksgiving, perhaps using a stingray. The transmissions pointing to real-time wiretapping involve the local DHS-funded spy ‘fusion’ center.

via Looks like Chicago PD had a stingray out at the Eric Garner protest last night | Privacy SOS.