For More Information:Jack King, Public Affairs Director(202) 872-8600 ext. 228, email@example.comThe FBI’s I-Drives – The Real ‘X-Files’By Jack KingNACDL Public Affairs DirectorShortly before Oklahoma City bomber Timothy McVeigh was executed in 2001, the FBI revealed that it had recently discovered some 4,400 pages of witness interviews and other documents that should have been turned over to his defense attorneys before trial. Among the documents “found” years after the trial were FBI interview reports (FBI Form 302s) of witnesses who believed they had seen McVeigh with the infamous “John Doe Number 2,” a short, stocky young man whose drawing was widely circulated before and after McVeigh’s arrest on traffic and weapons charges, and other leads of possible interest to the defense but which the FBI had decided were dead ends. Federal prosecutors insisted they had no idea that the documents existed. Prosecutors are legally required to turn over any material exculpatory evidence -- evidence tending to disprove a criminal defendant’s guilt or mitigate his punishment – to the defense upon request. Late “discovery” of mislaid exculpatory evidence is not uncommon.1 The question is: How does the single-greatest record-keeping agency in the United States lose huge chunks of closely-related case-specific documents before they go into the official files?One “place” where thousands of pages of documents may go “overlooked” is not a place at all. It’s a shared “temporary storage” drive on FBI field office computer networks that the bureau calls the “I-drive.” According to David M. Hardy, Acting Deputy Assistant Director of the FBI’s Records Management Division, “The ‘I-drive system’ … is used by field offices to hold investigative documents so that supervisors can approve them before putting them in the FBI’s official case files.”2 In other words, evidence that isn’t “approved” by a supervisory agent does not go in the file. It stays in limbo – on the I-drive.Federal prosecutor Mike Wald, of the South Florida Money Laundering Strike Force in Miami, told National Public Radio, “If things do not go into that file, there’s a good reason for it. It’s not because it’s being hidden. It’s because either it is an inappropriate document that shouldn’t have been prepared or, in some way, is too sensitive to go into a straight report…. In a large investigation, [FBI agents] would make hundreds and even thousands of decisions on what information that is coming into that field division would be of value, things to pursue, things to drop and which direction to go that would be a continuing process.” 3 The trouble with that reasoning is, under Brady v. Maryland 4 and its progeny, prosecutors are not supposed to decide what is, or is not, material and exculpatory – if in doubt, that decision must be made by the judge. The I-drive is found only on the field office computer networks.5 According to FBI officials, headquarters in Washington does not maintain an I-drive nor does it have any access to the field offices’ I-drives.6 Nor do prosecutors have access to the drives. When a prosecutor searches the official case file for exculpatory evidence in response to a specific or general Brady demand, he is limited to only the evidence the FBI has placed in it. But under a 1995 U.S. Supreme Court case, Kyles v. Whitley7, the prosecutor has an affirmative duty to seek out exculpatory evidence, even if it is being concealed by law enforcement, and a conviction may be reversed for government misconduct although the prosecutor was also duped.American University law professor Michael Tigar, who represented Terry Nichols in the federal Oklahoma City bombing case in 1996, explained how the FBI frustrated the prosecution and the defense in that case on National Public Radio’s “All Things Considered” in September 2004.8 “[T]he worst problem was that the prosecutors we faced were not being told the truth by the FBI about what they had. They, in good faith, negotiated with us a deal that required them to produce relevant FBI materials. They broke that deal. They broke it because the FBI decided to withhold things from the lawyers, the government lawyers that were trying the case. The bureau’s out of control.”Tigar said that the revelations about the I-drive are part of a pattern. “They are recidivists. They [have been] warned over and over and over again that their information technology, acquisition, management and disclosure [are] seriously flawed, and that they’d better do something.”The I-drive problem was revealed in an Associated Press wire story in March 2004. AP writer John Solomon wrote in a story published March 2 that “concerned FBI agents” brought the story to AP’s attention. The FBI said it would ask its internal inspection division to determine how many documents are on I-drives in FBI offices across the country that did not make it into official case files.9 If a large number of documents are found, Solomon wrote, a review would begin to determine whether any should have been turned over to defense lawyers or to bodies like the Sept. 11 Commission or Congress, according to officials. “The only official records system the FBI has is our paper records,” Robert J. Garrity Jr., then-deputy assistant director in charge of the Records Management Division told AP. Documents that do not get into the FBI’s official case files or its automated computer case system would not be searched for materials that should be turned over to defense lawyers or Congress, Garrity acknowledged. If ignorance is bliss, federal prosecutors and FBI headquarters until recently have been most blissfully unaware of this electronic black hole in which evidence that does not “fit” the FBI’s theory of the case could be stored indefinitely. Since FBI supervisors in Washington claim to have been unaware of the FBI field office I-drives until contacted by AP, it is unlikely that federal prosecutors know of them either. Defense lawyers litigating criminal cases should henceforth make discovery requests under Brady, Giglio and Kyles v. Whitley in every case involving the FBI, requesting that the prosecutor order a review of the relevant field office’s I-drive and any other temporary records storage drive for potential Brady material. Footnotes: 1. See, e.g., Associated Press, “Judge Frees Lawyer, Reprimands FBI,” Richmond Times-Dispatch, June 3, 2001 at C5.2. Letter from David M. Hardy, Acting Deputy Assistant Director, Records Management Division, Federal Bureau of Investigation to Jesse Trentadue [an attorney in Salt Lake City] dated June 8, 2004 (emphasis added).
3. National Public Radio, “All Things Considered,” Sept. 6, 2004, “Defense lawyers voice concern over how the FBI handles information,” (transcript) 2004 WL 57379940 (emphasis added). Broadcast audio, “Lawyers Raise Concern Over Hidden FBI ‘I-Drives,’” archived at: http://www.npr.org/features/feature.php?wfId=3892787, last visited Sept. 7, 2004.
4. 373 U.S. 83 (1963).
5. See Note 2 supra.
6. Letter from William L. Hooton, Assistant Director, FBI Records Management Division, to Jesse Trentadue, dated March 25, 3004.
7. 514 U.S. 419 (1995).
8. See Note 3 supra.
9. John Solomon, “FBI Didn’t Search ‘I-Drive’ Files,” Associated Press, Mar. 2, 2004.
Downloads:I-Drive File (PDF)United States v. Bennett, E.D.La., No. 95-106, Government's Opposition to Additional Discovery, filed 2/23/05, describing the FBI field office's I-drive as "a cyberspace wasteland for rejected digital detritis and debris." A must-read for defense counsel preparing an I-drive discovery request.Links:"Other Opinion: FBI's Undisclosed McVeigh Files Are Part of Larger Problem," by Ellen S. Podgor, Atlanta Journal-Constitution, June 3, 2001
Henry K. Lee, Chronicle Staff Writer
Monday, September 10, 2007
(09-10) 17:03 PDT SAN JOSE - A computer expert who served as a confidential source for an elite FBI computer crime squad has been arrested on wire-fraud charges, five years after being released from federal prison for hacking into government computers.
Max Ray Butler, 35, also known as Max Vision, was arrested Wednesday on a federal arrest warrant issued in Pennsylvania, authorities said. He was charged a day earlier with wire fraud, identity theft and access-device fraud.
The alleged crimes happened from October through December in Allegheny County, Pa. Further details of the case were unavailable, as the affidavit from a U.S. Secret Service agent that accompanied the criminal complaint remains under seal.
Butler is to appear Tuesday before U.S. Magistrate Patricia Trumbull in San Jose for a detention hearing.
Butler was released from federal prison in October 2002 after being sentenced to 18 months and ordered to pay more than $60,000 in restitution for computer hacking. He was indicted in 2000 on charges of hacking into computers used by UC Berkeley, national laboratories, federal departments, Air Force bases and a NASA flight center in 1998.
Butler grew up in Idaho and lived with his family in Washington, where authorities said he has a 1997 misdemeanor conviction for attempted trafficking of stolen property.
He developed a proficiency with computers, eventually attracting the attention of the FBI's Computer Crime Squad, which used him as a confidential informant.
But at his sentencing in 2001, a federal prosecutor said Butler "masqueraded as an informant for the FBI," claiming to be cooperating with the agency while using computer programs that conducted automated, unauthorized system attacks.
An FBI search warrant affidavit in 2000 said Butler was "well known" to squad members and "has provided useful and timely information on computer crimes in the past."
In 1997, Butler started a company known as Max Vision in Mountain View, specializing in "penetration testing" and "ethical hacking" procedures in which he would simulate for clients how a hacker would penetrate their computer systems, according to the company Web site.
FOR IMMEDIATE RELEASECONTACT: firstname.lastname@example.org; (212) 549-2666
Group Files Freedom of Information Request to Obtain National Security Letter Records
NEW YORK – As a result of newly released Department of Defense (DoD) documents revealing the potential abuse of the government’s surveillance powers, the American Civil Liberties Union today filed a Freedom of Information Act (FOIA) request to force the FBI to turn over documents concerning its use of National Security Letters (NSLs) that demand private data about individuals within the United States without court approval. In today’s request, the ACLU seeks records pertaining to the FBI’s issuing of NSLs at the behest of other agencies that are not authorized to access this sensitive information on their own. In addition, the ACLU is requesting all documents indicating how the FBI has interpreted and used its power to silence NSL recipients since the Patriot Act’s gag provision was amended in 2006.
“The FBI appears to be secretly and illegally rubber stamping the surveillance requests of the Department of Defense when the law clearly forbids it,” said ACLU Executive Director Anthony D. Romero. “The Freedom of Information Act lets us discover the extent to which the FBI has acted as the DoD’s lackey in misusing the Patriot Act powers. The public has a right to know if the FBI has conspired to sidestep the legal limits of the government’s surveillance program.”
In April, the ACLU filed Freedom of Information Act requests with both the Department of Defense and the CIA seeking all documents related to their use of NSLs to gain access to personal records of people in the United States. And in June, the ACLU filed a lawsuit to force those agencies to turn over the requested documents. Last month, as a result of this lawsuit, the ACLU received over 1,000 pages of documents, including 455 NSLs issued by the DoD after 9/11. The documents disclosed that, in order to circumvent statutory limits on its NSL power, the DoD has been asking the FBI to issue NSLs in strictly military investigations. In addition, the documents also revealed that the Department of Defense may have provided misleading information to Congress about the extent to which the department was working secretly with the FBI to obtain records to which DoD was not otherwise entitled.
NSLs are secretly issued by the government to obtain access to personal customer records from Internet service providers, financial institutions, and credit reporting agencies. In almost all cases, recipients of the NSLs are forbidden, or "gagged," from disclosing that they have received the letters. While the FBI has broad NSL powers and compliance with FBI-issued NSLs is mandatory, the Defense Department's NSL power is more limited in scope, and, in most cases, compliance with DoD demands is not mandatory. Additionally, while the FBI can issue NSLs in its own investigations, Congress has not given the agency the power to issue NSLs in non-FBI investigations.
“It is clear that the excessive secrecy surrounding the government’s use of National Security Letters has led to widespread abuses. The FBI must now come clean about its role in the military’s expanded domestic intelligence activities, and about how it is using its dangerous gag power,” said Melissa Goodman, staff attorney with the ACLU’s National Security Project. “When it comes to the government’s surveillance powers involving sensitive, private records, following the law is not optional.”
Recent revelations about the Defense Department's use of NSLs come on the heels of widespread reports of other significant government abuses of the NSL power. A March 2007 report from the Justice Department's Inspector General (IG) estimated that the FBI issued over 143,000 NSLs between 2003 and 2005, an astronomical increase from previous years. The IG's report also found numerous examples of improper and illegal uses of NSLs by the FBI.
The ACLU has successfully challenged the NSL power in two separate lawsuits. In one case involving an Internet Service Provider, a federal court in September struck down as unconstitutional the National Security Letter provision of the Patriot Act authorizing the FBI to demand a range of personal records without court approval, and to gag those who receive NSLs from discussing the letters.
Senator Russ Feingold and Representative Jerrold Nadler have introduced legislation to rein in this unchecked NSL authority. The ACLU urges immediate consideration of these bills.
Attorneys filing this FOIA request are Goodman, Danielle Tully, and Jameel Jaffer of the ACLU's National Security Project.
Today’s FOIA request to the FBI is available at: http://www.aclu.org/safefree/nationalsecurityletters/32899res20071129.html
All of the Defense Department’s NSL-related documents obtained by the ACLU are available at: http://www.aclu.org/safefree/nationalsecurityletters/32088res20071014.html
More information about the ACLU's challenges to the NSL power is available at: http://www.aclu.org/nsl
Sign up to receive Security Resource Alerts
January 22, 2008 (Network World) -- Start-up Packet Analytics Corp. on Monday announced a tool for searching aggregated log data to analyze traffic activity between IP-based host computers. Net/FSE, which stands for Network Forensic Search Engine, is Linux-based server software that provides a Web interface for network managers to easily see an analytical profile of host-to-host activity based on NetFlow router data as well as log information related to the organization's firewall, intrusion-detection systems and security information management. (Learn more about Security Information Management products from our Security Information Management Buyer's Guide. The Net/FSE tool was developed at Los Alamos National Laboratory by Packet Analysis co-founders Ben Uphoff and Paul Criscuolo, both former technical staff members at the lab. "If an enterprise already has centralized logging, we can start directly searching that, and we can also act as the data-aggregation point," said Uphoff, vice president of research, about Net/FSE. The tool was developed at Los Alamos in response to requests from the FBI to provide detail on network activity based on a list of IP addresses related to possible security problems, he added. The tool is restricted to IPv4 traffic and doesn't support IPv6. Packet Analytics regards Splunk Inc. and LogLogic Inc. as its closest competitors. Packet Analytics' goal to commercialize Net/FSE is backed with $100,000 in funding from the Los Alamos National Lab Venture Acceleration Fund, plus $50,000 from Flywheel Ventures and another $50,000 from an undisclosed "angel" investor. The start-up said it has one enterprise customer, Los Alamos National Bank, using Net/FSE. Santa Fe-based Packet Analytics was founded last July and has only two employees. To spur interest in Net/FSE, the company today will make the Net/FSE software available for free download to those using it to analyze up to 1 million events per day with limited support, says Andy Alsop, co-founder and CEO. For use with up to 3 million events per day, the price for Net/NSF would be $1,495 with $299 for support each year, with prices of up to $18,900 for the tool and $3,790 for support for use analyzing 50 million events per day.
Jim Higdon on January 24, 2008
A Texas research company that's comprised of experienced VoIP security teams operating globally around the clock, Sipera Systems Inc.'s VIPER Lab has identified thousands of vulnerabilities and security threats since its inception in 2003, including fuzzing, floods, spoofing, stealth attacks and VoIP spam. In January 2008, VIPER Lab released its predictions for the top five VoIP threats of 2008, as reported in Forbes magazine and elsewhere. What do you need to know now about your VoIP security weaknesses, and what can you really do about it?
A Guide to Understanding VoIP Security ThreatsA Proactive Approach to VoIP Security Fending Off VoIP Attacks Internet Security and Wiretapping
The top five VoIP threat predictions for 2008 are:1. DoS (denial of service) Attacks on VoIP Networks: This has been a concern for the IEEE (Institute of Electrical and Electronics Engineers) since 2006, and VoIP watchers have been concerned about DoS attacks for the past year. DoS attacks can overwhelm your company's phone lines, creating long-term busy signals, forced call disconnects and an exhausted work force.2. VoIP Eavesdropping: In June 2007, it was learned that a hacker with a packet sniffer and VOMIT could tap directly into VoIP calls. Then it was learned that those vulnerabilities could also lead to DoS attacks. “Anyone on your network,” stated an article found at EnterpriseVoIPPlanet, “anyone on other networks that you contact — and all points in between, including service providers — all have the opportunity to do an awful lot of juicy snooping.” Not to mention, of course, that the FBI and other security agencies can do all the VoIP snooping that they want. How do you prevent unwanted listeners on your VoIP calls? Place all VoIP phones on separate, secured vLANs to protect against rogue devices, then protect that vLAN against the introduction of unauthorized devices. Once you've isolated your VoIP devices, limit their inbound and outbound traffic so that they can only communicate with their call manager, encrypt the calls that travel over public networks, and watch the news and get ready to react, according to SearchSecurity.com. 3. Microsoft Office Communications Server: Hackers love attacking Microsoft, and Microsoft loves being unprepared. VIPER Lab predicts that hackers will find vulnerabilities in Microsoft Office Communications Server’s VoIP client and use it to access networks that had previously been secure, and the organization is not alone in reaching this conclusion. Network World blogger Mitchell Ashley suggests that Microsoft could learn from Vonage’s vulnerability to spoofing attacks.4. Vishing by VoIP: The FBI has been aware of vishing for nearly a year now, and the IC3 (Internet Crime Complain Center) recently released a report stating that vishing attacks are on the rise. With caller ID spoofing, the criminals can be very difficult to track, “due to rapidly evolving criminal methodologies,” according to the IC3.
5. VoIP Attacks Against Service Providers: These sorts of attacks will escalate, VIPER Lab predicts, because of readily available, anonymous $20 SIM cards. As UMA (Unlicensed Mobile Access) technology becomes more widely deployed to allow calls to switch from cell networks to VoIP networks, VIPER Labs warns that “service providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making it easier to spoof identities and use illegal accounts to launch a variety of attacks.” Such attacks include scripting “various flood, fuzzing and spoofing attacks,” according to VoIP blogger Rich Tehrani. “The hacker could set up multiple IPSec tunnels to various PDGs in the network or across multiple GPRS sessions [generating] up to 10,000 messages per second … equal [to] the traffic of 10 million users,” he wrote.So how can your company best protect its VoIP network from these sorts of threats? It should protect itself on three levels: network architecture, security protocols and user interaction. At the network level, hosting VoIP on a VPN (virtual private network) does a good job of separating VoIP’s security holes from the underlying data network. Like all computer systems exposed to outside vulnerabilities, a VoIP network should be covered in firewalls, anti-virus programs and a sturdy intrusion-prevention system. At the user level, company employees should be trained and assessed against high-risk security behavior, like using Google Talk, Skype or other hosted IP voice technologies that could expose the company’s VoIP network to outside attack.Other VoIP best security practices include installing application-layer gateways between trusted and untrusted zones, establishing security zones to isolate VoIP segments, and applying encryption as a part of a holistic security program. For more information on best security practices, download the white paper "A Proactive Approach to VoIP Security."
A Guide to Understanding VoIP Security Threats
Detailed confession filed in S.L. about Oklahoma City plot
By Geoffrey Fattah, Deseret News
Published: Thursday, Feb. 22 2007 1:02 p.m. MST
The only surviving convicted criminal in the April 19, 1995, bombing of the Alfred P. Murrah Federal Building in Oklahoma City is saying his co-conspirator, Timothy McVeigh, told him he was taking orders from a top FBI official in orchestrating the bombing.
A declaration from Terry Lynn Nichols, filed in U.S. District Court in Salt Lake City, has proven to be one of the most detailed confessions by Nichols to date about his involvement in the bombing as well as the involvement of others. However, one congressman who has investigated the bombings remains skeptical of Nichols' claims.
The declaration was filed as part of Salt Lake City attorney Jesse Trentadue's pending wrongful death suit against the government for the death of his brother in a federal corrections facility in Oklahoma City. Trentadue claims his brother was killed during an interrogation by FBI agents when agents mistook his brother for a suspect in the Oklahoma City bombing investigation.
The most shocking allegation in the 19-page signed declaration is Nichols' assertion that the whole bombing plot was an FBI operation and that McVeigh let slip during a bout of anger that he was taking instruction from former FBI official Larry Potts.
Your Own Smart Phone, Turned Against You
Defense contractor starts RIOT
My day starts out normally enough: I drop the kids at school and head to the Starbucks, where I use my Smart Phone to pay for my tall Caffé Mocha soy because that’s how I roll: I save one minute not having to reach into my wallet to physically pull out my credit card, it’s logged into the app.
After "checking in" with Foursquare, which tells me a couple of moms from the school have already been there this morning, and then my Facebook, which tells me another "friend" is headed there now, I dash to the Safeway, where I get discounts on my feta cheese, avocados, organic yogurt and Fat Bastard chardonnay because I logged it all in the store’s Just for U program. Again, that’s how we roll.
I Skype with an activist in Australia before she leaves for a fact-finding mission in Iraq. Then I Google the news for the latest Brennan/drone hearings and fire off angry commentaries on Gmail and Twitter to friends, declaring the U.S government fascistic, and worse than the Taliban. I then rush to meet colleagues, including writer Gareth Porter – who just got back from the Middle East and is now writing a story about how Israel may be responsible for leaking fraudulent documents describing Iran’s nuclear capability – at the Lebanese Taverna down the street. I check in two more times with Facebook and Foursquare, because I get extra points when I check into the restaurant. Maybe tomorrow I’ll be the mayor.
I go to the Home Depot to get some material for my son’s science project – he’s going to facilitate electromagnetic energy with batteries and copper coil. I check in again at the Starbucks attached to the Barnes & Noble for my second coffee of the day and buy the book The Perfect Soldiers about the 9/11 hijackers, because I heard it was taken away from one of the 9/11 conspirators at Gitmo, and I wanted to see for myself whether it posed a danger to national security.
Two days later, I am standing at the checkpoint at Dulles Airport heading for Europe. I am flagged for an extra screen. They search my laptop, because, as it were, this happens a lot. I am never told why, though I am eventually cleared to travel. I may never know. Was it my lunching partners and the frequency with which we met, or the diatribes on Twitter? Was it my phone calls overseas, or the purchase of materials that are commonly used to make an explosive devise? My reading habits? My love for feta cheese?
Are one of my friends flagged on the elusive Terrorist Identities Datamart Environment (TIDE) list?
Better yet, am I?
* * *
None of this happened of course –I don’t carry a so-called smart phone, and I am a Facebook resister. Gareth wrote that story in 2010 and I haven’t been to Europe for some time. I don’t drink Caffé Mochas or have a Gmail account or engage in Foursquare, and as for Twitter, I wouldn’t call Washington the Taliban, it’s a clunky comparison.
But I wanted to illustrate that any or all of these things taken together might be of utmost interest to Uncle Sam. As we know, these daily rituals we take for granted are duly recorded and even filed away by increasingly sophisticated corporate monitors who monetize our every online move. But now we have to worry about the government using these very tools to track our every move – in law enforcement investigations, data mining schemes, fusion centers and the latest raison d’etre, cybersecurity.
Sound outrageous? Perhaps, but, as The Guardian reported just recently, the defense industry is already working with Raytheon to build its own application that would map our physical movements, as well as our activity on social networking sites, including Facebook, Google, Twitter and FourSquare, which taken together, can drill down on both the location and buying habits of millions of users a day. According to writer Damien Gayle:
Critics have already dubbed it a ‘Google for spies’ and say it is likely to be used by governments as a means of monitoring and tracking people online to detect signs of dissent.Raytheon claims it has not yet sold the software – known as Rapid Information Overlay Technology, or Riot – to any clients but admitted it had shared the technology with the U.S. government in 2010.However, it is similar to another social tracking software known as Geotime, which the U.S. military already uses and was in recent years purchased for trials by London’s Metropolitan Police.
Critics have already dubbed it a ‘Google for spies’ and say it is likely to be used by governments as a means of monitoring and tracking people online to detect signs of dissent.
Raytheon claims it has not yet sold the software – known as Rapid Information Overlay Technology, or Riot – to any clients but admitted it had shared the technology with the U.S. government in 2010.
However, it is similar to another social tracking software known as Geotime, which the U.S. military already uses and was in recent years purchased for trials by London’s Metropolitan Police.
The video, seen here walks the viewer through a typical RIOT search. It’s fairly straightforward and most unsettling, as it’s clear that everything I did in my fictional day about town would have been great fodder for a RIOT search, boiled down to the starkest elements, in pie charts, bar graphs and even photographs. In fact, any picture taken with my smart phone of me, my friends, or my children and posted publicly on any an open social network like Instagram or FourSquare would have become part of my virtual dossier, and would’ve been key to pinpointing my location at any point in time because of their embedded coordinates. Furthermore, if anyone takes a photo of meor my family on their smart phone, we automatically become part of their online portfolio.
According to Guardian reporter Ryan Gallagher, who broke the story on Feb. 10, the video:
reveals how an “extreme-scale analytics” system created by Raytheon, the world’s fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.But the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing “trillions of entities” from cyberspace…
reveals how an “extreme-scale analytics” system created by Raytheon, the world’s fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.
Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.
But the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing “trillions of entities” from cyberspace…
When reached by the reporter, Raytheon indicated that the software had not been "sold" to anyone – but it is clearly not "old news."
“Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation’s rapidly changing security needs," said Jared Adams, a spokesman for Raytheon’s intelligence and information systems department, in an email to The Guardian.
“Its innovative privacy features are the most robust that we’re aware of, enabling the sharing and analysis of data without personally identifiable information [such as social security numbers, bank or other financial account information] being disclosed.”
RIOT culls though all open source material, so no, this does not involve cracking passwords or accessing records that would ostensibly require a warrant nor permission to access, like credit card information, health and employment records, or bank statements. However, knowing that the government can pinpoint your exact location, as well as the location of anyone you’ve chatted with in any of these social network apps, what you’ve purchased or shared with them at those locations and when, is a bit creepy – and dangerous.
"The video is frightening. It surely takes stalking and voyeurism to a new level," said Diane Roark, a former House Intelligence Committee aide whose home was raided by the FBI when she was caught up in the warrantless wiretapping leak scandal in 2007. She was never charged with the newspaper leak, but she had been active in warning congress and anyone who would listen that the National Security Agency (NSA) was deploying a surveillance tool that was spying on Americans illegally. Her warnings went unheeded, even as it turned out to be true.
But as Roark pointed in an email to Antiwar.com, that NSA program is one of many post-9/11 government efforts to use current technology to spy on Americans. The proliferation of GPS, social networking sites and massive buying and selling of personal data by marketing and advertising companies is just making their job easier.
Jay Stanley, senior policy analyst at the American Civil Liberties Union (ACLU) takes particular note of RIOT’s ability to formulate the daily routines and travel habits of targeted individuals. The "target" in the video checks in with Foursquare every day at the gym around 6 a.m, allowing the program to map his location. The Raytheon representative in the video notes this would be good to know if one wanted to get a hold of the target, or "get at his laptop."
"The reference to the laptop is certainly jarring," Stanley writes. "Remember, this is an application apparently targeted at law enforcement and national security agencies, not at ordinary individuals. Given this, it sounds to me like the video is suggesting that Riot could be used as a way to schedule a black-bag job to plant spyware on someone’s laptop."
Former NSA senior executive Tom Drake paid the price for blowing the whistle on the National Security Agency’s (NSA) surveillance activities. He was not only raided, but lost his job and his security clearances for his dissent. Since then he has been an arch critic of domestic spying practices.
“The real danger is the state becoming the ultimate digital stalker of anybody it wishes to target, track, monitor and surveil and especially when that person becomes a designated person of interest to the state,” he told Antiwar.com.
“Think of RIOT as a social media version of the panopticon watching all persona level activity posted across the expanse of the digital space we inhabit in our world.”
Meanwhile, networking apps offered by Google or Facebook have not been entirely up front about how much personal information is shared and when. Usually they come clean or reverse course after an uproar or lawsuit, but there is no doubt a lot going on under the radar. That should be taken into consideration when taking advantage of applications that enhance one’s "consumer experience" and/or allow the user to congregate in real time with friends and like-minded users based on geographic location.
Example: last August, Google paid $22.5 million in fines to the Federal Trade Commission on charges it sidestepped Apple security settings to track Safari users’ browsing habits. This was two years after it was forced to pay $8.5 in fees over its now-defunct Google Buzz program, which "inadvertently" exposed Gmail (Google Mail) personal contacts publicly. But these were merely bumps in the road for Google and its quest for total information dominance: last year it announced it would be tracking the browsing and buying habits of all users on its You Tube, Gmail and its ubiquitous search engine. From The Washington Post on the new policies, which went into effect a year ago (emphasis mine):
Google can collect information about users when they activate an Android mobile phone, sign into their accounts online or enter search terms. It can also store cookies on people’s computers to see which Web sites they visit or use its popular maps program to estimate their location. However, users who have not logged on to Google or one of its other sites, such as YouTube, are not affected by the new policy.
But this is merely a pinprick in the vast body of profit-making enterprises starring you! – and going on right under your fingertips. The Atlantic’s Alex Madrigal tried an experiment and found how "Google – and 104 other companies – are tracking me on the web." But that was a year ago – an epoch in Internet time; he may be shocked to find how many, and how, companies are using his information today.
“Social networking sites are often not transparent about what information is shared and how it is shared,” Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre, told The Guardian. “Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search.”
Which brings us back to the government, which has been attempting for years to get at personal content generated by consumers and traversing the social networking universe. "Cybersecurity," one could say, is its new Trojan Horse.
The real smart phone?
Programs like RIOT will allow them to do an end-run, and gleam enough about you and me without warrants and messy legal red tape. RIOT, along with evolving White House policy that allows the government to sift, share, peruse and keep personal records on Americans not even suspected of a crime in dossiers up to five years, reanimates the Total Information Awareness project killed off during the Bush Administration. Helping this along are congress’s ongoing attempts to pass new Internet laws like CISPA (Cyber Security Sharing and Protection Act), which would encourage companies – including Big Daddies like Microsoft, Google and Facebook – to share users’ personal information with Uncle Sam without legal recourse or transparency.
So don’t feel ashamed if, like me, you’ve resisted all the bells and whistles of modern telecommunication, content with keeping the antiquated dumb phone in your pocket (yes, they still exist), and the networking face-to-face, and not just byte-to- byte. It just might be the smartest decision you ever make.
see link for full story
THE OPINIONS of the Justice Department’s Office of Legal Counsel (OLC) are important, setting legal interpretations that bind federal agencies on issues such as torture and secret surveillance. So why can’t the public read all of the OLC’s legal conclusions?
That question underlies a challenge that the Electronic Frontier Foundation (EFF) has made against the Justice Department, seeking an OLC assessment of the FBI’s authority to surveil Americans without a judicial warrant. The Justice Department refused to hand over the OLC opinion, citing exceptions to the Freedom of Information Act. So far, the suit hasn’t gone the EFF’s way. But, as The Post and others recently argued in an amicus brief, the U.S. Court of Appeals for the District of Columbia Circuit should recognize the critical interest that the public has in knowing how the executive branch interprets the laws the Constitution tasks it to enforce.
Washington Post Editorials
Editorials represent the views of The Washington Post as an institution, as determined through debate among members of the editorial board. News reporters and editors never contribute to editorial board discussions, and editorial board members don’t have any role in news coverage.
The public has a right to know what the executive branch thinks it can do.
At issue is an 11-page document dating to 2010, when the FBI was reviewing its practice of demanding telephone and other records from communications firms without a warrant — as long as the government claimed that the information was related to a national security investigation. Justice’s inspector general found that, even with all the leeway the law gives the FBI, it still sometimes demanded personal data without much of any process at all. After the FBI asked the OLC to weigh in, the EFF and others naturally wanted to know what determination the office made on the legal questions involved.
But the Justice Department denied the request, and the EFF’s appeal to Justice’s Office of Information Policy languished without a decision. In the case that followed, District Judge Richard J. Leon ruled that the OLC’s work was a protected part of a deliberative process within the government, necessary to ensure that policymakers can have open and frank discussions before they make final decisions.
Yet, as the amicus brief points out, the OLC’s opinions aren’t some intermediary step toward establishing the final legal interpretations for the executive branch. In general, they are the final legal interpretations for the executive branch. The FBI could choose to exercise the authority that the OLC said it had — or not — but Congress, the judiciary and the public at large all deserve to know what the executive branch thinks it can do, once it issues a conclusive opinion.
April 9, 2013 -
Public interest research group, The Electronic Privacy Information Center (EPIC) has filed a Freedom of Information Act (FOIA) lawsuit against the FBI to obtain documents about the agency’s Next Generation Identification database.
The database in question contains biometric identifiers, and is intended to provide an incremental replacement of the FBI’s current Integrated Automated Fingerprint Identification System (IAFIS) technical capabilities. According to the FBI’s website, the contract to create this system was awarded to Lockheed Martin Transportation and Security Solutions.
According to EPIC’s complaint, the FBI failed to disclose documents in reports to two Freedom of Information Act requests from last year related to the Next Generation Identification program, including contracts with commercial entities and technical specifications.
The complaint also says that by the time the database is complete, it will be the largest in the world; it will contain photographic images of “millions of individuals who are neither criminals nor suspects”; and that “The NGI databases will be available to private entities, unrelated to a law enforcement agency.”
At this point, it is unclear why the FBI has not disclosed documents to EPIC, and how soon that may happen.
A recent Biometric Research Note suggests that the U.S. Government is a major driver for biometrics and spends at least US$450 million per annum on pure scientific biometric research.
The firm expects that amount to grow as federal law enforcement agencies increase their efforts to integrate more biometric technologies under the FBI’s Next Generation Identification program.
Supported videos include:
Easily create a Forum Website with Website Toolbox.