-
China vs. U.S.: Privacy for Whom?
The New York Times ran an article on the use of surveillance tech in China. One wishes they would do the same for the U.S.
The NYT article came to some scary conclusions about autocratic China. Chinese authorities implement facial recognition tech everywhere they can, the police seek to connect electronic activity (making a call) to physical location, biometric information such as fingerprint and DNA is collected on a mass scale, and the government wants to tie together all of this data to build comprehensive profiles on troublesome citizens. The latter is the Holy Grail of surveillance, a single source to know all there is known about a person.
Should the Times (or China) wish to expand its review of invasive government surveillance technology, particularly those technologies which integrate multiple systems, it need look no further than its hometown police force, the NYPD, and data aggregated into the little-known Consular Consolidated Database (CCD) by the U.S. State Department.
Prior to 2021, when the New York City Council passed the Public Oversight of Surveillance Technology (POST) Act, citizens were left to piece together the various technologies used to surveil them based on scattered media reports. We know now the NYPD deploys facial recognition surveillance (and can retroactively employ facial recognition against video saved from one of 20,000 cameras), x-ray vans, Stingrays, ShotSpotters, and drones, among others, equipment all originally deployed in the Iraq and Afghan wars. But we still don’t know how many of these technologies are used in coordination with each other, and, as in China, that is the key to understanding their real effectiveness.
POST reporting and other sources offer some clues. The NYPD uses the smartphone-based Domain Awareness System (DAS), “one of the world’s largest networks of cameras, license plate readers, and radiological censors,” all created by Microsoft with video analytics by IBM. DAS also utilizes automated license plate reader (ALPRs) devices attached to police cars or fixed on poles to capture the license plates of all cars passing by. ALPRs can also capture photographs of cars, along with photos of the driver and passengers. This information is uploaded to a database where it can be analyzed to study movements, associations, and relationships. Facial Identification can then run photos, including from databases of arrest photos, juvenile arrest photos of children as young as 11, and photos connected to handgun permits. The system analyzes an image against those databases and generates potential matches in real-time.
Included in DAS is a translator application which helps officers communicate with community members who do not speak English, while of course also recording and storing their remarks. DAS ties in to ShotSpotter, a technology developed for the Iraq War which pinpoints the sound of gunfire with real-time locations, even when no one calls 911. This technology triangulates where a shooting occurred and alerts police officers to the scene, letting them know relevant information, including the number of shots fired, if the shooter was moving at the time of the incident (e.g., in a vehicle), and the direction of the shooter’s movement. DNA data can also be accessed, so wide-spread collection is a must. One area of activity outlined in Chief of Detectives Memo #17 instructs on how to collect “abandoned” DNA samples from objects such as water bottles, gum, and apple cores. For example, police officers are taught to wait for the suspect to take a drink or smoke, and collect the sample once a suspect throws the cup or butt away.
What is deployed in New York to aggregate sensor and bio data (including social media monitoring and cell phone locator services, which when tied to facial recognition can identify individuals, say who attend a protest, visit an AIDs clinic, etc.) will no doubt be coming soon to your town as the weapons of war all come home. The next step would be to tie together cities into regional and then state-wide networks. The extent to which information obtained from DAS is shared with federal agencies, such as immigration authorities, remains unknown. What we do know is the phrase “reasonable expectation of privacy” needs some updating.
Perhaps the largest known data aggregator within the Federal government is the innocent-sounding Consular Consolidated Database (CCD) administered by the U.S. Department of State. Originally a simple database created in the 1990s to track visa and passport issuances, the CCD is now one of the largest global databases of personal information, growing at a rate of some 35,000 records a day. The system collects data from both foreign visa applicants and American citizens to include but not limited to imagery for use with facial recognition, biometric data such as ten-fingerprint samples, home/business addresses, phone numbers, email addresses, financial information, race, gender, social security and alien registration numbers, passport information, certain Federal benefits, medical information, legal information, education information, family information, travel history, arrests and convictions, and social media indicators.
The CCD is especially valuable in that it is a database of databases, pulling together information collected elsewhere including abroad, as well as from some commercial databases and public records, and making the aggregate available both for individual search by identifiers like name, social security number or facial recognition, but also for very large scale analytic searches to identify patterns and trends. This massive pool of data is then made accessible to the Department of Homeland Security, Department of Commerce, Department of Defense, Department of Justice, Office of Personnel Management, Federal Bureau of Investigation, and “other interagency partners” to include potentially intelligence services. In addition to the State Department, information is regularly input into the CCD by the FBI, the Integrated Automated Fingerprint Identification System, DEA, ICE, IRS, DOD, Treasury, Health and Human Services (HHS), DHS, Interpol, and U.S. Marshal Service (USMS.)
Numbers of records held by CCD are not available, with the last public tallies documented in 2016 showing 290 million passport records on American citizens, 25 million records pertaining to American citizens living abroad, 184 million visa records of foreigners, and over 75 million photographs. Some 35,000 records are added to the CCD daily, so do the math given the existing tallies are up to 13 years old. As a point of comparison, Google’s database of landmark photos holds only five million records. The Library of Congress database lists 29 million books.
The New York Times article about surveillance in China is scary, showing what a vast, interconnected system is capable of doing in exposing a person’s life to scrutiny. The Chinese authorities are, however, realistic about their technological limitations. According to one bidding document, the Ministry of Public Security, China’s top police agency, believed one of their biggest problems was data had not been centralized. That Chinese problem appears well on its way to resolution inside the United States, and that is also quite scary.
Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.
Local LE Chipping Away at the Fourth Amendment
The Bill of Rights was designed to protect the People from their government. That’s quite literally becoming history today as new challenges, now from local law enforcement, chip away at the Fourth Amendment’s protections of privacy. New laws and devices spread spying on Americans to the local level.
A Brief Explanation of Post-Constitutional America
The cornerstone of the Bill of Rights was that the People grant exceptions to those rights to the Government. Absent those specific exceptions, the rest of the stuff was inalienable, not up for grabs, not dependent in any way on Government’s decision to grant or withhold them. Constitutional America was clearly imperfect, but the underlying premise spoke of a striving toward an ideal.
The cornerstone of Post-Constitutional America is just the opposite. The People have what rights the Government chooses to allow them to have, such that privacy is the exception, free speech a variable, torture a tool to be used or withheld as the Government finds appropriate. It is a turning on its head of Constitutional America, back to a time when a tyrant and king (may we call old King George an “evil dictator” to use the preferred language of today?) controlled Americans’ daily lives by decree.
It should be unnecessary to have to argue the critical importance of the Fourth Amendment, but these days it seems necessary. If the First Amendment’s right to speak out publicly was the People’s wall of security, then the Fourth Amendment’s right to privacy was its buttress. Privacy is the right to think without the Government intruding. It is part of being American. If you want to personally give it away for yourself, feel free, but you are required to allow others to exercise it.
9/11 Changed Everything
Under the umbrella of post-9/11 fear, the relationship between the Government and the People of the United States changed. As early NSA whistleblowers Thomas Drake, Bill Binney, Kirk Wiebe and others made clear, within days after the attacks, the vast capability of the NSA was turned 180 degrees away from sites abroad toward a new definition of the People: we were now targets.
Such acts, along with flimsy pieces of faux-legislation such as the Patriot Act, were not only harmful to our privacy by themselves, they also sent clear signals to law enforcement at all levels that new rules applied; after all, if the federal government was spying on Americans in clear contrivance of the Fourth Amendment, then why couldn’t local law enforcement do the same? With such tacit approval, and the redefining of every person in America as a potential terrorist, it all fell into place.
So while the Snowden NSA revelations expose violations of the Fourth Amendment on the largest scale, let’s examine some examples of how those big-scale acts filter down to local levels.
Los Angeles
In 2008 the city of Los Angeles passed municipal ordinance 41.49 requiring hotels to gather, hold for at least 90 days and make available upon request a large amount of information on their guests. The information included guests’ credit card number, home address, driver’s license information and vehicle license number. Several dozen other cities, including Atlanta and Seattle, passed similar ordinances.
Ordinarily the police would need to show probable cause, and to seek individual warrants on a person-by-person, case-by-case basis, to gather such information. The L.A. ordinance, however, allows police to simply demand it from a hotel, with no judicial or other oversight. The premise was that the information was the property of the hotel once the guest voluntarily surrendered it in order to stay the night. Personal information transformed into “business records,” L.A. argues, is inherently less “private” than personal information per se.
Similarities to how the NSA collected mountains of phone call data from places like Verizon, claiming it too was simply now part of business records routinely available per the Patriot Act, are noted.
The U.S. Supreme Court, after two opposite rulings through lower courts, has agreed to hear the case after the City of Los Angeles’ petition to do so. L.A. claims “These laws expressly help police investigate crimes such as prostitution and gambling, capture dangerous fugitives and even authorize federal law enforcement to examine these registers, an authorization which can be vital in the immediate aftermath of a homeland terrorist attack.”
In addition to the clear, broad Fourth Amendment violations, opponents cite the reality that information, once gathered, can be disseminated anywhere for any purpose. Data gathered in L.A. for a perhaps legitimate gambling investigation can go on to populate an infinite number of databases indefinitely for an undeterminable range of purposes into the future. It does not go away. It waits to be used.
And all that brings us to Virginia.
Virginia Police Collect and Share Phone Data
Five local police departments in southeastern Virginia have been secretly and automatically sharing telephone data and compiling it into a large database for nearly two years. According to a 2012 memorandum of understanding published for the first time this week by the Center for Investigative Reporting (the database had been kept secret from the public,) the police departments from Hampton, Newport News, Norfolk, Chesapeake, and Suffolk all participate in something called the “Hampton Roads Telephone Analysis Sharing Network.”
Those police departments “agree to share telephone intelligence information derived from any source,” including subpoenaed telephone call detail records, subpoenaed telephone subscriber information, and seized mobile devices. The telephone intelligence information will be stored in the master Pen-Link telephone database and participating agencies can make inquires of the database by either telephone or e-mail contact with a member.”
Such data transfers, the document goes on to explain, can happen automatically if the agency agrees to have certain software installed on their computer, or via e-mail or DVD. No information is available as to what, if any, data security protocols are in place.
The significance of such data transfer cannot be underplayed. The assumption by the police is that any data gathered legally– for example, under warrant, after a showing of probable cause specific to a case or incident– can then be stored, shared and repurposed forever as the police see fit. The shaky legal premise for this whole system is that once taken in via some sort of legal means (though of course there is no outside control that all of the data was gathered legally), the data becomes akin to common property, and no further justification or judicial oversight needs to be applied to its use, any use, ever, forever.
An even shakier legal premise it that a secret database of any kind can be maintained by the police: Virginia law, The Government Data Collection and Dissemination Practices Act, specifically states “There shall be no personal information system whose existence is secret.”
Not an End in Sight
Local actions have commonalities with the larger actions the NSA has been doing. The use of the collective where the law intended the individual– a single phone call versus redefining every call as a single set of business records– is clear. The manipulation of a legal act, such as collecting information via a warrant and then repurposing it into a general pool of data in Virginia, is also a marker of modern times. The most significant commonality between local actions and federal ones is the broad contempt for civil liberties. And that describes Post-Constitutional America as clearly as anything else.
The examples above are, or likely soon will be, going to be tested in court. Other offenses to the Fourth Amendment have fallen to the People’s side: In 2012, a court ruled law enforcement authorities generally need search warrants when they attach GPS devices to a vehicle. In July 2014, the Supreme Court said that the authorities need warrants to dive into the mobile phones of people they arrest.
At the same time, the proliferation of low-cost surveillance devices, such as license plate scanners and Stingray, continue to raise new questions even as a handful of older ones are resolved. The battle against the tyrant King George continues.
Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.
Mysterious Phony Cell Towers: Who is Spying on You Now?
A security researcher identified multiple “fake” cell phone towers around the United States, many near military bases, designed to intercept calls and texts without your knowledge, and to potentially inject spyware into your phone by defeating built-in encryption.The researcher has located a number of towers; what he can’t figure out is who built them and who controls them.
Tech
The basics of the technology are pretty clear: your cell phone is always trying to electronically latch-on to three cell towers. Three means the network can triangulate your phone’s location, and pass you off from one set of towers to the next tower in line as you move around. The phone obviously looks for the strongest tower signal to get you the best reception, those bars. The fake towers, called Interceptors, jump into this dance and hijack your signal for whatever purpose the tower owner would like. The Interceptors then transparently pass your signal on to a real tower so you can complete your call, and you don’t know anything happened.
Because phones use various types of encryption, the Interceptors need to get around that. There are likely complex methods, but why not go old-school and save some time and money? The towers do that by dropping your modern-day 4G or 3G signal, and substituting a near-obsolete 2G signal, which is not encrypted. That is one way researchers can find the Interceptor towers, by identifying a phone using a 2G signal when it should be 4G or 3G.
More Tech
Want more tech? Popular Science magazine has it:
Whether your phone uses Android or iOS, it also has a second operating system that runs on a part of the phone called a baseband processor. The baseband processor functions as a communications middleman between the phone’s main O.S. and the cell towers. And because chip manufacturers jealously guard details about the baseband O.S., it has been too challenging a target for garden-variety hackers.
But for governments or other entities able to afford a price tag of $100,000, high-quality interceptors are quite realistic. Some interceptors are limited, only able to passively listen to either outgoing or incoming calls. But full-featured devices like the VME Dominator, available only to government agencies, not only capture calls and texts, but actively control the phone, sending out spoof texts, for example. Edward Snowden revealed the NSA is capable of an over-the-air attack that tells the phone to fake a shut-down while leaving the microphone running, turning the seemingly deactivated phone into a bug. And various ethical hackers have demonstrated DIY interceptor projects that work well-enough for less than $3,000.
Those VME Dominators are quite a piece of electronics. In addition to ho-hum listening in, they allow for voice manipulation, up or down channel blocking, text intercept and modification, calling and sending texts on behalf of the user, and directional finding of a user. The VME Dominator, its manufacturer Meganet claims, “is far superior to passive systems.”
Stingray
Police departments around the U.S. have been using such tech to spy on, well, everyone with a cell phone. The cops’ devices are called Stingrays, and work off the same 4G-to-2G exploit mentioned above.
The tech does not require a phone’s GPS and was first deployed against America’s enemies in Iraq. Then it came home.
Also available is a version of Stingray that can be worn by a single person like a vest.
Because the antiquated 2G network in the U.S. is due to be retired soon, the Department of Homeland Security is issuing grants to local police agencies to obtain a new, state-of-the-art cell phone tracking system called Hailstorm. The key advantage is Hailstorm will work natively with 4G, rendering current layperson detection methods ineffectual.
Who is Spying On You Now?
The technology is important, but not the real story here. The real question is: who owns those Interceptor towers and who is spying on you?
Is it:
— The NSA? A likely culprit. While post-Patriot Act the NSA can simply dial up your cell provider (Verizon, ATT, etc.) and ask for whatever they want, the towers might be left-overs from an earlier time. The towers do have the advantage of being able to inject spyware. But their biggest advantage is that they bypass the carriers, which keeps the spying much more secret. It also keeps the spying outside any future court systems that might seek to rein in the spooks.
— Local law enforcement? Maybe, but the national placement of the towers, and their proximity in many cases to military bases, smells Federal.
— DEA or FBI? Also likely. Towers could be established in specific locations for specific investigations, hence the less-than-nationwide coverage. One tower was found at a Vegas casino. While the NSA shares information with both the DEA and the FBI, what self-respecting law enforcement agency wouldn’t want its own independent capability?
— The military? Another maybe. The military might want the towers to keep a personal eye on the area around their bases, or to spy on their own personnel to ensure they are not on the phone to Moscow or Beijing.
— Private business? Unlikely, but the towers could be testbeds for new technology to be sold to the government, or perhaps some sort of industrial spying.
The mystery remains!
Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.
Stung: Government Disappears Stingray Spying Records
We’ve heard variations on the phrase “If you have nothing to hide, you have nothing to fear” from the government for quite some time. It appears this may be true, at least if you are the government.In the case of Stingray, a cell phone spying device used against Americans, the government does have something to hide and they fear the release of more information. Meanwhile, the Fourth Amendment weeps quietly in the corner.
Stingray
Cell phone technology is very useful to the cops to locate you and to track your movements. In addition to whatever as-yet undisclosed things the NSA may be up to on its own, the FBI acknowledges a device called Stingray to create electronic, “fake,” cell phone towers and track people via their phones in the U.S. without their knowledge. The tech does not require a phone’s GPS. This technology was first known to have been deployed against America’s enemies in Iraq, and it has come home to be used against a new enemy– you.
Stingray, also known as an International Mobile Subscriber Identity, or IMSI, catcher, works like this. The cell network is designed around triangulation and whenever possible your phone is in constant contact with at least three towers. As you move, one tower “hands off” your signal to the next one in your line of motion. Stingray electronically inserts itself into this process as if it was a (fake; “spoofed”) cell tower itself to grab location data before passing your legitimate signal back to the real cell network. The handoffs in and out of Stingray are invisible to you. Stingrays also “inadvertently” scoop up the cell phone data of anyone within several kilometers of the designated target person. Though typically used to collect location metadata, Stingray can also capture conversations, texts and mobile web use if needed.
Stingray offers some unique advantages to a national security state: it bypasses the phone company entirely, which is handy if laws change and phone companies no longer must cooperate with the government, or simply if the cops don’t want the phone company or anyone else to know they’re snooping.
This has led the Electronic Frontier Foundation (EFF) to warn “A Stingray— which could potentially be beamed into all the houses in one neighborhood looking for a particular signal— is the digital version of the pre-Revolutionary war practice of British soldiers going door-to-door, searching Americans’ homes without rationale or suspicion, let alone judicial approval… [Stingray is ] the biggest technological threat to cell phone privacy.”
Trying to Learn about Stingray
Learning how Stingray works is difficult.
The Electronic Privacy Information Center filed a FOIA request for more information on Stingrays, but the FBI is sitting on 25,000 pages of documents explaining the device that it won’t release.
The device itself is made by the Harris Corporation. Harris makes electronics for commercial use and is a significant defense contractor. For Stingray, available only to law enforcement agencies, Harris requires a non-disclosure agreement that police departments around the country have been signing for years explicitly prohibiting them from telling anyone, including other government bodies, about their use of the equipment “without the prior written consent of Harris.”
A price list of Harris’ spying technology, along with limited technical details, was leaked online, but that’s about all we know.
Though the non-disclosure agreement includes an exception for “judicially mandated disclosures,” there are no mechanisms for judges even to learn that the equipment was used at all, thus cutting off any possibility they could know enough demand disclosure. In at least one case in Florida, a police department revealed that it had decided not to seek a warrant to use the technology explicitly to avoid telling a judge about the equipment. It subsequently kept the information hidden from the defendant as well. The agreement with Harris goes further to require law enforcement to notify Harris any time journalists or anyone else files a public records request to obtain information about Stingray and also demands the police department assist Harris in deciding what information to release.
Something to HideAn evolving situation in Florida shows how hard the government is working to keep the details of its Stingray spying on Americans secret.
The ACLU originally sought Stingray records in Sarasota, Florida after they learned a detective there obtained permission to use the device simply by filing an application with a local court, instead of obtaining a probable-cause warrant as once was required by the Fourth Amendment of the Constitution. It became clear that the Sarasota police had additionally used Stingray at least 200 times since 2010 without even the minimal step of even notifying a judge. In line with the non-disclosure agreement, very rarely were arrested persons advised that Stingray data was used to locate and prosecute them.
The ACLU, which earlier in 2014 filed a Florida state-level FOIA-type request with the Sarasota police department for information detailing its use of Stingray, had an appointment with the local cops to review documents. The local police agreed to the review. However, the June 2014 morning of the ACLU’s appointment, U.S. Marshals arrived ahead of them and physically took possession of the files. The Marshals barred the Sarasota police from releasing them. The rationale used by the federal government was that having quickly deputized a Sarasota cop, all Sarasota records became federal property.
“This is consistent with what we’ve seen around the country with federal agencies trying to meddle with public requests for Stingray information,” an ACLU spokesperson said, noting that federal authorities have in other cases invoked the Homeland Security Act to prevent the release of such records. “The feds are working very hard to block any release of this information to the public.”
A Court Says the Feds Can Hide the Records
Following the feds’ seizure of the Stingray records, the ACLU filed an emergency motion with a Florida court that would require Sarasota to make its Stingray records available. However, in a decision issued June 17, 2014, a Florida state circuit court judge found that his court lacked jurisdiction over a federal agency, allowing the transfer of the Stingray documents to the feds and de facto blocking their release.
The ACLU plans further appeals. Unless and until they succeed, details of another way of spying on Americans will remain secret. The government does indeed have something to hide.
Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.
Shredding the Fourth Amendment in Post-Constitutional America
Here’s a bit of history from another America: The Bill of Rights was designed to protect the people from their government. If the First Amendment’s right to speak out publicly was the people’s wall of security, then the Fourth Amendment’s right to privacy was its buttress. It was once thought that the government should neither be able to stop citizens from speaking nor peer into their lives. Think of that as the essence of the Constitutional era that ended when those towers came down on September 11, 2001. Consider how privacy worked before 9/11 and how it works now, in Post-Constitutional America.
The Fourth Amendment
A response to British King George’s excessive invasions of privacy in colonial America, the Fourth Amendment pulls no punches:
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
In Post-Constitutional America, the government might as well have taken scissors to the original copy of the Constitution stored in the National Archives, then crumpled up the Fourth Amendment and tossed it in the garbage can. The NSA revelations of Edward Snowden are, in that sense, not just a shock to the conscience but to the Fourth Amendment itself: Our government spies on us. All of us. Without suspicion. Without warrants. Without probable cause. Without restraint. This would qualify as “unreasonable” in our old constitutional world, but no more.
Here, then, are four ways that, in the name of American “security” and according to our government, the Fourth Amendment no longer really applies to our lives.
The Constitutional Borderline
Begin at America’s borders. Most people believe they are “in” the United States as soon as they step off an international flight and are thus fully covered by the Bill of Rights. The truth has, in the twenty-first century, become infinitely more complicated as long-standing practices are manipulated to serve the expanding desires of the national security state. The mining of words and concepts for new, darker meanings is a hallmark of how things work in Post-Constitutional America.
Over the years, recognizing that certain situations could render Fourth Amendment requirements impractical or against the public interest, the Supreme Court crafted various exceptions to them. One was the “border search.” The idea was that the United States should be able to protect itself by stopping and examining people entering the country. As a result, routine border searches without warrants are constitutionally “reasonable” simply by virtue of where they take place. It’s a concept with a long history, enumerated by the First Congress in 1789.
Here’s the twist in the present era: The definition of “border” has been changed. Upon arriving in the United States from abroad, you are not legally present in the country until allowed to enter by Department of Homeland Security (DHS) officials. You know, the guys who look into your luggage and stamp your passport. Until that moment, you exist in a legal void where the protections of the Bill of Rights and the laws of the United States do not apply. This concept also predates Post-Constitutional America and the DHS. Remember the sorting process at Ellis Island in the late nineteenth and early twentieth centuries? No lawyers allowed there.
Those modest exceptions were all part of constitutional America. Today, once reasonable searches at the border have morphed into a vast “Constitution-free zone.” The “border” is now a strip of land circling the country and extending 100 miles inland that includes two-thirds of the U.S. population. In this vast region, Customs and Border Protection (CBP) can set up checkpoints and conduct warrantless searches. At airports, American citizens are now similarly subjected to search and seizure as filmmaker Laura Poitras — whose work focuses on national security issues in general and Edward Snowden in the particular — knows firsthand. Since 2006, almost every time Poitras has returned to the U.S., her plane has been met by government agents and her laptop and phone examined.
There are multiple similar high-profile cases (including those of a Wikileaks researcher and a Chelsea Manning supporter), but ordinary citizens are hardly exempt. Despite standing in an American airport, a pane of glass away from loved ones, you are not in the U.S. and have no Fourth Amendment rights. How many such airport searches are conducted in the aggregate is unknown. The best information we have comes from a FOIA request by the ACLU. It revealed that, in the 18-month period beginning in October 2008, more than 6,600 people, about half of them U.S. citizens, were subjected to electronic device searches at the border.
Still, reminding us that it’s possible to have a sense of humor on the road to hell, the CBP offers this undoubtedly inadvertent pun at its website: “It is not the intent of CBP to subject travelers to unwarranted scrutiny.” (emphasis added)
Making It All Constitutional In-House
Here’s another example of how definitions have been readjusted to serve the national security state’s overriding needs: The Department of Justice (DOJ) created a Post-Constitutional interpretation of the Fourth Amendment that allows it to access millions of records of Americans using only subpoenas, not search warrants.
Some background: A warrant is court permission to search and seize something. As the Fourth Amendment makes clear, it must be specific: enter Thomas Anderson’s home and look for hacked software. Warrants can only be issued on “probable cause.” The Supreme Court defined probable cause as requiring a high standard of proof, or to quote its words, “a fair probability that contraband or evidence of a crime will be found in a particular place.”
A subpoena on the other hand is nothing more than a government order issued to a citizen or organization to do something, most typically to produce a document. Standards for issuing a subpoena are flexible, as most executive agencies can issue them on their own without interaction with a court. In such cases, there is no independent oversight.The Department of Justice now claims that, under the Fourth Amendment, it can simply subpoena an Internet company like Facebook and demand that they look for and turn over all the records they have on our Mr. Anderson. Their explanation: The DOJ isn’t doing the searching, just demanding that another organization do it. As far as its lawyers are concerned, in such a situation, no warrant is needed. In addition, the Department of Justice believes it has the authority to subpoena multiple records, maybe even all the records Facebook has. Records on you? Some group of people including you? Everyone? We don’t know, as sources of data like Facebook and Google are prohibited from disclosing much about the information they hand over to the NSA or other government outfits about you.
It’s easy enough to miss the gravity of this in-house interpretation when it comes to the Fourth Amendment. If the FBI today came to your home and demanded access to your emails, it would require a warrant obtained from a court after a show of probable cause to get them. If, however, the Department of Justice can simply issue a subpoena to Google to the same end, they can potentially vacuum up every Gmail message you’ve ever sent without a warrant and it won’t constitute a “search.” The DOJ has continued this practice even though in 2010 a federal appeals court ruled that bulk warrantless access to email violates the Fourth Amendment. An FBI field manual released under the Freedom of Information Act similarly makes it clear that the Bureau’s agents don’t need warrants to access email in bulk when it’s pulled directly from Google, Yahoo, Microsoft, or other service providers.
How far can the use of a subpoena go in bypassing the Fourth Amendment? Recently, the inspector general of the Department of Veterans Affairs (VA) issued a subpoena — no court involved — demanding that the Project On Government Oversight (POGO) turn over all information it has collected relating to abuses and mismanagement at VA medical facilities. POGO is a private, non-profit group, dedicated to assisting whistleblowers. The VA subpoena demands access to records sent via an encrypted website to POGO under a promise of anonymity, many from current or former VA employees.
Rather than seek to break the encryption surreptitiously and illegally to expose the whistleblowers, the government has taken a simpler, if unconstitutional route, by simply demanding the names and reports. POGO has refused to comply, setting up a legal confrontation. In the meantime, consider it just another sign of the direction the government is heading when it comes to the Fourth Amendment.
Technology and the Fourth Amendment
Some observers suggest that there is little new here. For example, the compiling of information on innocent Americans by J. Edgar Hoover’s low-tech FBI back in the 1960s has been well documented. Paper reports on activities, recordings of conversations, and photos of meetings and trysts, all secretly obtained, exposed the lives of civil rights leaders, popular musicians, and antiwar protesters. From 1956 to at least 1971, the government also wiretapped the calls and conversations of Americans under the Bureau’s counterintelligence program (COINTELPRO).
But those who look to such history of government illegality for a strange kind of nothing-new-under-the-sun reassurance have not grasped the impact of fast-developing technology. In scale, scope, and sheer efficiency, the systems now being employed inside the U.S. by the NSA and other intelligence agencies are something quite new and historically significant. Size matters.
To avoid such encroaching digitization would essentially mean withdrawing from society, not exactly an option for most Americans. More of life is now online — from banking to travel to social media. Where the NSA was once limited to traditional notions of communication — the written and spoken word — new possibilities for following you and intruding on your life in myriad ways are being created. The agency can, for instance, now collect images, photos, and video, and subject them to facial recognition technology that can increasingly put a name to a face. Such technology, employed today at casinos as well as in the secret world of the national security state, can pick out a face in a crowd and identify it, taking into account age, changes in facial hair, new glasses, hats, and the like.
An offshoot of facial recognition is the broader category of biometrics, the use of physical and biological traits unique to a person for identification. These can be anything from ordinary fingerprinting to cutting-edge DNA records and iris scans. (Biometrics is already big business and even has its own trade association in Washington.) One of the world’s largest known collections of biometric data is held by the Department of State. As of December 2009, its Consular Consolidated Database (CCD) contained more than 75 million photographs of Americans and foreigners and is growing at a rate of approximately 35,000 records per day. CCD also collects and stores indefinitely the fingerprints of all foreigners issued visas.
With ever more data available, the NSA and other agencies are creating ever more robust ways to store it. Such storage is cheap and bounteous, with few limits other than the availability of electricity and water to cool the electronics. Emerging tech will surely bypass many of the existing constraints to make holding more data longer even easier and cheaper. The old days of file cabinets, or later, clunky disk drives, are over in an era of mega-data storage warehouses.
The way data is aggregated is also changing fast. Where data was once kept in cabinets in separate offices, later in bureaucratically isolated, agency-by-agency digital islands, post-9/11 sharing mandates coupled with new technology have led to fusion databases. In these, information from such disparate sources as license plate readers, wiretaps, and records of library book choices can be aggregated and easily shared. Basically everything about a person, gathered worldwide by various agencies and means, can now be put into a single “file.”
Once you have the whole haystack, there’s still the problem of how to locate the needle. For this, emerging technologies grow ever more capable of analyzing Big Data. Some simple ones are even available to the public, like IBM’s Non-Obvious Relationship Awareness software (NORA). It can, for example, scan multiple databases, geolocation information, and social media friend lists and recognize relationships that may not be obvious at first glance. The software is fast and requires no human intervention. It runs 24/7/365/Forever.
Tools like NORA and its more sophisticated classified cousins are NSA’s solution to one of the last hurdles to knowing nearly everything: The need for human analysts to “connect the dots.” Skilled analysts take time to train, are prone to human error, and — given the quickly expanding supply of data — will always be in demand. Automated analysis also offers the NSA other advantages. Software doesn’t have a conscience and it can’t blow the whistle.
What does all this mean in terms of the Fourth Amendment? It’s simple: The technological and human factors that constrained the gathering and processing of data in the past are fast disappearing. Prior to these “advances,” even the most ill-intentioned government urges to intrude on and do away with the privacy of citizens were held in check by the possible. The techno-gloves are now off and the possible is increasingly whatever an official or bureaucrat wants to do. That means violations of the Fourth Amendment are held in check only by the goodwill of the government, which might have qualified as the ultimate nightmare of those who wrote the Constitution.
On this front, however, there are signs of hope that the Supreme Court may return to its check-and-balance role of the Constitutional era. One sign, directly addressing the Fourth Amendment, is this week’s unanimous decision that the police cannot search the contents of a cell phone without a warrant. (The court also recently issued a ruling determining that the procedures for challenging one’s inclusion on the government’s no-fly list are unconstitutional, another hopeful sign.)
Prior to the cell phone decision, law enforcement held that if someone was arrested for, say, a traffic violation, the police had the right to examine the full contents of his or her cell phone — call lists, photos, social media, contacts, whatever was on the device. Police traditionally have been able to search physical objects they find on an arrestee without a warrant on the grounds that such searches are for the protection of the officers.
In its new decision, however, the court acknowledged that cell phones represent far more than a “physical object.” The information they hold is a portrait of someone’s life like what’s in a closet at home or on a computer sitting on your desk. Searches of those locations almost always require a warrant.
Does this matter when talking about the NSA’s technological dragnet? Maybe. While the Supreme Court’s decision applies directly to street-level law enforcement, it does suggest an evolution within the court, a recognition of the way advances in technology have changed the Fourth Amendment. A cell phone is not an object anymore; it is now recognized as a portal to other information that a person has gathered in one place for convenience with, as of this decision, a reasonable expectation of privacy.
National Security Disclosures Under HIPPA
While the NSA’s electronic basket of violations of the Fourth Amendment were, pre-Snowden, meant to take place in utter secrecy, here’s a violation that sits in broad daylight: Since 2002, my doctor can disclose my medical records to the NSA without my permission or knowledge. So can yours.
Congress passed the Health Information Portability and Accountability Act (HIPPA) in 1996 “to assure that individuals’ health information is properly protected.” You likely signed a HIPPA agreement at your doctor’s office, granting access to your records. However, Congress quietly amended the HIPPA Act in 2002 to permit disclosure of those records for national security purposes. Specifically, the new version of this “privacy law” states: “We may also disclose your PHI [Personal Health Information] to authorized federal officials as necessary for national security and intelligence activities.” The text is embedded deep in your health care provider’s documentation. Look for it.
How does this work? We don’t know. Do the NSA or other agencies have ongoing access to the medical records of all Americans? Do they have to request specific ones? Do doctors have any choice in whose records to forward under what conditions? No one knows. My HMO, after much transferring of my calls, would ultimately only refer me back to the HIPPA text with a promise that they follow the law.
The Snowden revelations are often dismissed by people who wonder what they have to hide. (Who cares if the NSA sees my cute cat videos?) That’s why health care spying stands out. How much more invasive could it be than for your government to have unfettered access to such a potentially personal and private part of your life — something, by the way, that couldn’t have less to do with American “security” or combating terrorism.
Our health care providers, in direct confrontation with the Fourth Amendment, are now part of the metastasizing national security state. You’re right to be afraid, but for goodness sake, don’t discuss your fears with your doctor.
How the Unreasonable Becomes Reasonable
At this point, when it comes to national security matters, the Fourth Amendment has by any practical definition been done away with as a part of Post-Constitutional America. Whole books have been written just about Edward Snowden and more information about government spying regularly becomes available. We don’t lack for examples. Yet as the obviousness of what is being done becomes impossible to ignore and reassurances offered up by the president and others are shown to be lies, the government continues to spin the debate into false discussions about how to “balance” freedom versus security, to raise the specter of another 9/11 if spying is curtailed, and to fall back on that go-to “nothing to hide, nothing to fear” line.
In Post-Constitutional America, the old words that once defined our democracy are twisted in new ways, not discarded. Previously unreasonable searches become reasonable ones under new government interpretations of the Fourth Amendment. Traditional tools of law, like subpoenas and warrants, continue to exist even as they morph into monstrous new forms.
Americans are told (and often believe) that they retain rights they no longer have. Wait for the rhetoric that goes with the celebrations of our freedoms this July 4th. You won’t hear a lot about the NSA then, but you should. In pre-constitutional America the colonists knew that they were under the king’s thumb. In totalitarian states of the last century like the Soviet Union, people dealt with their lack of rights and privacy with grim humor and subtle protest. However, in America, ever exceptional, citizens passively watch their rights disappear in the service of dark ends, largely without protest and often while still celebrating a land that no longer exists.
Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.
A Government Turning the Tools of War on Its Citizens
While poets and psychologists talk about soldiers bringing the battlefield home with them, in fact, the U.S. is doing just that. More and more, weapons, tactics, techniques and procedures that have been used abroad in war are coming home, this time employed against American Citizens.
A front-page article in the Washington Post confirms that wartime surveillance blimps– aerostats– used in Iraq and Afghanistan will now monitor most of the Northeast United States. The aerostats will be able to track individual cars and trucks as they move about their business.
Welcome Home Aerostat
The latest (known) example of war technology coming home is the aerostat, a medium-sized blimp tethered high above its target area. Anyone who served in Iraq or Afghanistan will recognize the thing, as one or more flew over nearly every military base of any size or importance (You can see photos online).
What did those blimps do in war? Even drones have to land sometime, but a blimp can stay aloft 24/7/forever. Blimps are cheaper and do not require skilled pilots. Blimps can carry literally tons of equipment, significantly more than a drone. The blimps can carry any sensor or technology the U.S. has available, suspending it at altitude to soak up whatever that sensor is aimed at– cell calls, radio waves, electronic whatevers. The aerostats also carried high-powered cameras, with heat and night vision of course. While in Iraq, I had the aerostat video feed on my desktop. Soldiers being soldiers, occasional diversions were found when a camera operator spotted almost anything of vague interest, including two dogs mating, an Iraqi relieving himself outdoors or on really dull days, even a person hanging out laundry. The device obviously also had much less benign tasks assigned to it.
The war has come home again, as the Army confirmed that by summer 2014 at least two of these aerostats will be permanently over the Washington DC area. They will be run by the Army, using operators who likely learned their trade at war. The aerostats are brought to you by the Raytheon company, who also makes some of America’s favorite weapons and surveillence gear.
Armor, Drones and Armed DronesOthers have written about the rise of warrior cops. Armored military-style vehicles are now part of most big-city police forces, as are military-style weapons. The FBI has admitted to using drones over America. In a 2010 Department of Homeland Security report, the Customs and Border Protection agency suggests arming their fleet of drones to “immobilize TOIs,” or targets of interest.
Stingray Knows Where You Are
Much of the technology and methodology the NSA and others have been shown to be using against American Citizens was developed on and for the battlefields of Iraq and Afghanistan, in particular the advanced use of cell phones to track people’s movements.
A technique now at use here at home is employing a fake cell phone tower under a program called Stingray. Stingrays spoof a legitimate cell phone tower in order to trick nearby cellphones and other wireless devices into connecting to the fake tower instead of a nearby real one. When devices connect, stingrays can harvest MAC addresses and other unique identifiers and data, as well as location information. To prevent detection, the stingray relays the call itself to a real tower so the pickup is transparent to the caller. By gathering the wireless device’s signal strength from various locations, the Feds can pinpoint where the device is being used with much more precision than they can get through data obtained from the mobile network provider’s fixed tower location.
Better yet, stingray bypasses the phone company entirely. Handy when the phone company is controlled by the enemy, handy when laws change and the phone companies no longer cooperate with the government, handy when you simply don’t want the phone company to know you’re snooping on its network.
Meta-Your-Data
Also refined in Iraq, Afghanistan and the greater archipelago of the war of terror was the use of metadata and data-mining, essentially amassing everything, however minor or unimportant, and then using increasingly powerful computers to pull out of that large pile actionable information, i.e., specific information to feed back to combat commanders and special forces to allow them to kill specific people. Knowing, for example, the name of a guy’s girlfriend leads to knowing what car she drives which leads to knowing when she left home which leads to listening to her make a date via cell phone which leads a credit card charge for a room which leads to a strike on a particular location at a specific time, high-tech flagrante delicto.
The FBI has followed the NSA’s wartime lead in creating its Investigative Data Warehouse, a collection of more than a billion documents on Americans including intelligence reports, social security files, drivers’ licenses, and private financial information including credit card data. All accessible to 13,000 analysts making a million queries monthly. One of them called it the “uber-Google.”
It’s All Good
No need to worry Citizens, as the aerostats will only be used for your own good. In fact, their sensors will scan for incoming cruise missiles, mine-laying ships, armed drones, or anything incoming from hundreds of miles away, because of course Washington is constantly being attacked by those sorts of things (I love the idea of protecting the city from mine-laying ships sneaking up the Potomac River).
Those DC-based aerostats will certainly not have employed the Gorgon Stare system, now in use in Afghanistan to rave reviews. Gorgon Stare, made up of nine video cameras, can transmit live images of physical movement across an entire town (four km radius), much wider in scope than any drone. Might be handy for VIP visits and presidential stuff, however, right?
And of course the temptation to mount a stingray device where it can ping thousands of cell phones would be ignored.
But I could be wrong about all the 1984-stuff, in which case the multi-million dollar aerostat program would be noteworthy only as another waste of taxpayer money. Remember when that was what made us the maddest about the government?
Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.
The National Security State Continues to Militarize the Homeland
(This article originally appeared on the Huffington Post)
While poets and psychologists talk about soldiers bringing the battlefield home with them, in fact, the U.S. is doing just that. More and more, weapons, tactics, techniques and procedures that have been used abroad in war are coming home, this time employed against American Citizens.
Armor, Drones and Armed Drones
Others have written about the rise of warrior cops. Armored military-style vehicles are now part of most big-city police forces, as are military-style weapons. The FBI has admitted to using drones over America. In a 2010 Department of Homeland Security report, the Customs and Border Protection agency suggests arming their fleet of drones to “immobilize TOIs,” or targets of interest.
Stingray Knows Where You Are
Much of the technology and methodology the NSA and others have been shown to be using against American Citizens was developed on and for the battlefields of Iraq and Afghanistan, in particular the advanced use of cell phones to track people’s movements.
A technique now at use here at home is employing a fake cell phone tower under a program called Stingray. Stingrays spoof a legitimate cell phone tower in order to trick nearby cellphones and other wireless devices into connecting to the fake tower instead of a nearby real one. When devices connect, stingrays can harvest MAC addresses and other unique identifiers and data, as well as location information. To prevent detection, the stingray relays the call itself to a real tower so the pickup is transparent to the caller. By gathering the wireless device’s signal strength from various locations, the Feds can pinpoint where the device is being used with much more precision than they can get through data obtained from the mobile network provider’s fixed tower location.
Better yet, stingray bypasses the phone company entirely. Handy when the phone company is controlled by the enemy, handy when laws change and the phone companies no longer cooperate with the government, handy when you simply don’t want the phone company to know you’re snooping on its network.
Meta-Your-Data
Also refined in Iraq, Afghanistan and the greater archipelago of the war of terror was the use of metadata and data-mining, essentially amassing everything, however minor or unimportant, and then using increasingly powerful computers to pull out of that large pile actionable information, i.e., specific information to feed back to combat commanders and special forces to allow them to kill specific people. Knowing, for example, the name of a guy’s girlfriend leads to knowing what car she drives which leads to knowing when she left home which leads to listening to her make a date via cell phone which leads a credit card charge for a room which leads to a strike on a particular location at a specific time, high-tech flagrante delicto.
The FBI has followed the NSA’s wartime lead in creating its Investigative Data Warehouse, a collection of more than a billion documents on Americans including intelligence reports, social security files, drivers’ licenses, and private financial information including credit card data. All accessible to 13,000 analysts making a million queries monthly. One of them called it the “uber-Google.”
Welcome Home Aerostat
The latest (known) example of war technology coming home is the aerostat, a medium-sized blimp tethered high above its target area. Anyone who served in Iraq or Afghanistan will recognize the thing, as one or more flew over nearly every military base of any size or importance (You can see photos online).
What did those blimps do in war? Even drones have to land sometime, but a blimp can stay aloft 24/7/forever. Blimps are cheaper and do not require skilled pilots. Blimps can carry tons of equipment, significantly more than a drone. The blimps can carry any sensor or technology the U.S. has available, suspending it at altitude to soak up whatever that sensor is aimed at– cell calls, radio waves, electronic whatevers. The aerostats also carried high-powered cameras, with heat and night vision of course. While in Iraq, I had the aerostat video feed on my desktop. Soldiers being soldiers, occasional diversions were found when a camera operator spotted almost anything of vague interest, including two dogs mating, an Iraqi relieving himself outdoors or on really dull days, even a person hanging out laundry. The device obviously also had much less benign tasks assigned to it.
The war has come home again, as the Army announced this week that by 2014 at least two of these aerostats will be permanently over Washington DC. They will be run by the Army, using operators who likely learned their trade at war. The aerostats are brought to you by the Raytheon company, who also makes some of America’s favorite weapons and surveillence gear.
It’s All Good
No need to worry Citizens, as the aerostats will only be used for your own good. In fact, their sensors will scan for incoming cruise missiles, mine-laying ships, armed drones, or anything incoming from hundreds of miles away, because of course Washington is constantly being attacked by those sorts of things (I love the idea of protecting the city from mine-laying ships sneaking up the Potomac River).
Those DC-based aerostats will certainly not have employed the Gorgon Stare system, now in use in Afghanistan to rave reviews. Gorgon Stare, made up of nine video cameras, can transmit live images of physical movement across an entire town (four km radius), much wider in scope than any drone. Might be handy for VIP visits and presidential stuff, however, right?
And of course the temptation to mount a stingray device where it can ping thousands of cell phones would be ignored.
But I could be wrong about all the 1984-stuff, in which case the multi-million dollar aerostat program to protect against mines in the Potomac would be noteworthy only as another waste of taxpayer money. Remember when that was what made us the maddest about the government?
Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.
Buy Peter’s Books on Amazon!
