Who's A Rat - Largest Online Database of Informants and Agents
HomeMembers LoginLatest NewsRefer A LawyerMessage BoardOnline StoreAffiliatesAbout UsContact Us
Who's A Rat - Largest Online Database of Informants and Agents Worldwide!
Site Navigation
Visit Our Store
Refer A Lawyer
Link To Us
Latest News
Top Secret Documents
Make A Donation
Important Case Law
Members Login
Message Board
Legal Information
Advertise your AD, Book or Movie

Informants and Agents?Who's a Rat Message Board

Sign up Calendar

  Author   Comment  

Posts: 8,736
Reply with quote  #1 

For More Information:
Jack King, Public Affairs Director
(202) 872-8600 ext. 228,

The FBI’s I-Drives – The Real ‘X-Files’

By Jack King
NACDL Public Affairs Director

Shortly before Oklahoma City bomber Timothy McVeigh was executed in 2001, the FBI revealed that it had recently discovered some 4,400 pages of witness interviews and other documents that should have been turned over to his defense attorneys before trial. Among the documents “found” years after the trial were FBI interview reports (FBI Form 302s) of witnesses who believed they had seen McVeigh with the infamous “John Doe Number 2,” a short, stocky young man whose drawing was widely circulated before and after McVeigh’s arrest on traffic and weapons charges, and other leads of possible interest to the defense but which the FBI had decided were dead ends.

Federal prosecutors insisted they had no idea that the documents existed. Prosecutors are legally required to turn over any material exculpatory evidence -- evidence tending to disprove a criminal defendant’s guilt or mitigate his punishment – to the defense upon request. Late “discovery” of mislaid exculpatory evidence is not uncommon.1 The question is: How does the single-greatest record-keeping agency in the United States lose huge chunks of closely-related case-specific documents before they go into the official files?

One “place” where thousands of pages of documents may go “overlooked” is not a place at all. It’s a shared “temporary storage” drive on FBI field office computer networks that the bureau calls the “I-drive.” According to David M. Hardy, Acting Deputy Assistant Director of the FBI’s Records Management Division, “The ‘I-drive system’ … is used by field offices to hold investigative documents so that supervisors can approve them before putting them in the FBI’s official case files.2 In other words, evidence that isn’t “approved” by a supervisory agent does not go in the file. It stays in limbo – on the I-drive.

Federal prosecutor Mike Wald, of the South Florida Money Laundering Strike Force in Miami, told National Public Radio, “If things do not go into that file, there’s a good reason for it. It’s not because it’s being hidden. It’s because either it is an inappropriate document that shouldn’t have been prepared or, in some way, is too sensitive to go into a straight report…. In a large investigation, [FBI agents] would make hundreds and even thousands of decisions on what information that is coming into that field division would be of value, things to pursue, things to drop and which direction to go that would be a continuing process.” 3

The trouble with that reasoning is, under Brady v. Maryland 4 and its progeny, prosecutors are not supposed to decide what is, or is not, material and exculpatory – if in doubt, that decision must be made by the judge.

The I-drive is found only on the field office computer networks.5 According to FBI officials, headquarters in Washington does not maintain an I-drive nor does it have any access to the field offices’ I-drives.6 Nor do prosecutors have access to the drives. When a prosecutor searches the official case file for exculpatory evidence in response to a specific or general Brady demand, he is limited to only the evidence the FBI has placed in it. But under a 1995 U.S. Supreme Court case, Kyles v. Whitley7, the prosecutor has an affirmative duty to seek out exculpatory evidence, even if it is being concealed by law enforcement, and a conviction may be reversed for government misconduct although the prosecutor was also duped.

American University law professor Michael Tigar, who represented Terry Nichols in the federal Oklahoma City bombing case in 1996, explained how the FBI frustrated the prosecution and the defense in that case on National Public Radio’s “All Things Considered” in September 2004.8 “[T]he worst problem was that the prosecutors we faced were not being told the truth by the FBI about what they had. They, in good faith, negotiated with us a deal that required them to produce relevant FBI materials. They broke that deal. They broke it because the FBI decided to withhold things from the lawyers, the government lawyers that were trying the case. The bureau’s out of control.”

Tigar said that the revelations about the I-drive are part of a pattern. “They are recidivists. They [have been] warned over and over and over again that their information technology, acquisition, management and disclosure [are] seriously flawed, and that they’d better do something.”

The I-drive problem was revealed in an Associated Press wire story in March 2004. AP writer John Solomon wrote in a story published March 2 that “concerned FBI agents” brought the story to AP’s attention. The FBI said it would ask its internal inspection division to determine how many documents are on I-drives in FBI offices across the country that did not make it into official case files.9 If a large number of documents are found, Solomon wrote, a review would begin to determine whether any should have been turned over to defense lawyers or to bodies like the Sept. 11 Commission or Congress, according to officials.

“The only official records system the FBI has is our paper records,” Robert J. Garrity Jr., then-deputy assistant director in charge of the Records Management Division told AP. Documents that do not get into the FBI’s official case files or its automated computer case system would not be searched for materials that should be turned over to defense lawyers or Congress, Garrity acknowledged.

If ignorance is bliss, federal prosecutors and FBI headquarters until recently have been most blissfully unaware of this electronic black hole in which evidence that does not “fit” the FBI’s theory of the case could be stored indefinitely. Since FBI supervisors in Washington claim to have been unaware of the FBI field office I-drives until contacted by AP, it is unlikely that federal prosecutors know of them either. Defense lawyers litigating criminal cases should henceforth make discovery requests under Brady, Giglio and Kyles v. Whitley in every case involving the FBI, requesting that the prosecutor order a review of the relevant field office’s I-drive and any other temporary records storage drive for potential Brady material.


1. See, e.g., Associated Press, “Judge Frees Lawyer, Reprimands FBI,” Richmond Times-Dispatch, June 3, 2001 at C5.

2. Letter from David M. Hardy, Acting Deputy Assistant Director, Records Management Division, Federal Bureau of Investigation to Jesse Trentadue [an attorney in Salt Lake City] dated June 8, 2004 (emphasis added).

3. National Public Radio, “All Things Considered,” Sept. 6, 2004, “Defense lawyers voice concern over how the FBI handles information,” (transcript) 2004 WL 57379940 (emphasis added). Broadcast audio, “Lawyers Raise Concern Over Hidden FBI ‘I-Drives,’” archived at: http://www.npr.org/features/feature.php?wfId=3892787, last visited Sept. 7, 2004.

4. 373 U.S. 83 (1963).

5. See Note 2 supra.

6. Letter from William L. Hooton, Assistant Director, FBI Records Management Division, to Jesse Trentadue, dated March 25, 3004.

7. 514 U.S. 419 (1995).

8. See Note 3 supra.

9. John Solomon, “FBI Didn’t Search ‘I-Drive’ Files,” Associated Press, Mar. 2, 2004.


I-Drive File (PDF)

United States v. Bennett, E.D.La., No. 95-106, Government's Opposition to Additional Discovery, filed 2/23/05, describing the FBI field office's I-drive as "a cyberspace wasteland for rejected digital detritis and debris." A must-read for defense counsel preparing an I-drive discovery request.


"Other Opinion: FBI's Undisclosed McVeigh Files Are Part of Larger Problem," by Ellen S. Podgor, Atlanta Journal-Constitution, June 3, 2001


Posts: 8,736
Reply with quote  #2 

Ex-FBI hacker informant arrested for alleged wire fraud

Monday, September 10, 2007

Georgia (default)
Times New Roman

(09-10) 17:03 PDT SAN JOSE - A computer expert who served as a confidential source for an elite FBI computer crime squad has been arrested on wire-fraud charges, five years after being released from federal prison for hacking into government computers.

Max Ray Butler, 35, also known as Max Vision, was arrested Wednesday on a federal arrest warrant issued in Pennsylvania, authorities said. He was charged a day earlier with wire fraud, identity theft and access-device fraud.

The alleged crimes happened from October through December in Allegheny County, Pa. Further details of the case were unavailable, as the affidavit from a U.S. Secret Service agent that accompanied the criminal complaint remains under seal.

Butler is to appear Tuesday before U.S. Magistrate Patricia Trumbull in San Jose for a detention hearing.

Butler was released from federal prison in October 2002 after being sentenced to 18 months and ordered to pay more than $60,000 in restitution for computer hacking. He was indicted in 2000 on charges of hacking into computers used by UC Berkeley, national laboratories, federal departments, Air Force bases and a NASA flight center in 1998.

Butler grew up in Idaho and lived with his family in Washington, where authorities said he has a 1997 misdemeanor conviction for attempted trafficking of stolen property.

He developed a proficiency with computers, eventually attracting the attention of the FBI's Computer Crime Squad, which used him as a confidential informant.

But at his sentencing in 2001, a federal prosecutor said Butler "masqueraded as an informant for the FBI," claiming to be cooperating with the agency while using computer programs that conducted automated, unauthorized system attacks.

An FBI search warrant affidavit in 2000 said Butler was "well known" to squad members and "has provided useful and timely information on computer crimes in the past."

In 1997, Butler started a company known as Max Vision in Mountain View, specializing in "penetration testing" and "ethical hacking" procedures in which he would simulate for clients how a hacker would penetrate their computer systems, according to the company Web site.


Posts: 8,736
Reply with quote  #3 

FBI Improperly Using Patriot Act Surveillance Powers, ACLU Charges (11/29/2007)

CONTACT: media@aclu.org; (212) 549-2666

Group Files Freedom of Information Request to Obtain National Security Letter Records

NEW YORK – As a result of newly released Department of Defense (DoD) documents revealing the potential abuse of the government’s surveillance powers, the American Civil Liberties Union today filed a Freedom of Information Act (FOIA) request to force the FBI to turn over documents concerning its use of National Security Letters (NSLs) that demand private data about individuals within the United States without court approval. In today’s request, the ACLU seeks records pertaining to the FBI’s issuing of NSLs at the behest of other agencies that are not authorized to access this sensitive information on their own. In addition, the ACLU is requesting all documents indicating how the FBI has interpreted and used its power to silence NSL recipients since the Patriot Act’s gag provision was amended in 2006.

“The FBI appears to be secretly and illegally rubber stamping the surveillance requests of the Department of Defense when the law clearly forbids it,” said ACLU Executive Director Anthony D. Romero. “The Freedom of Information Act lets us discover the extent to which the FBI has acted as the DoD’s lackey in misusing the Patriot Act powers. The public has a right to know if the FBI has conspired to sidestep the legal limits of the government’s surveillance program.”

In April, the ACLU filed Freedom of Information Act requests with both the Department of Defense and the CIA seeking all documents related to their use of NSLs to gain access to personal records of people in the United States. And in June, the ACLU filed a lawsuit to force those agencies to turn over the requested documents. Last month, as a result of this lawsuit, the ACLU received over 1,000 pages of documents, including 455 NSLs issued by the DoD after 9/11. The documents disclosed that, in order to circumvent statutory limits on its NSL power, the DoD has been asking the FBI to issue NSLs in strictly military investigations. In addition, the documents also revealed that the Department of Defense may have provided misleading information to Congress about the extent to which the department was working secretly with the FBI to obtain records to which DoD was not otherwise entitled.

NSLs are secretly issued by the government to obtain access to personal customer records from Internet service providers, financial institutions, and credit reporting agencies. In almost all cases, recipients of the NSLs are forbidden, or "gagged," from disclosing that they have received the letters. While the FBI has broad NSL powers and compliance with FBI-issued NSLs is mandatory, the Defense Department's NSL power is more limited in scope, and, in most cases, compliance with DoD demands is not mandatory. Additionally, while the FBI can issue NSLs in its own investigations, Congress has not given the agency the power to issue NSLs in non-FBI investigations.

“It is clear that the excessive secrecy surrounding the government’s use of National Security Letters has led to widespread abuses. The FBI must now come clean about its role in the military’s expanded domestic intelligence activities, and about how it is using its dangerous gag power,” said Melissa Goodman, staff attorney with the ACLU’s National Security Project. “When it comes to the government’s surveillance powers involving sensitive, private records, following the law is not optional.”

Recent revelations about the Defense Department's use of NSLs come on the heels of widespread reports of other significant government abuses of the NSL power. A March 2007 report from the Justice Department's Inspector General (IG) estimated that the FBI issued over 143,000 NSLs between 2003 and 2005, an astronomical increase from previous years. The IG's report also found numerous examples of improper and illegal uses of NSLs by the FBI.

The ACLU has successfully challenged the NSL power in two separate lawsuits. In one case involving an Internet Service Provider, a federal court in September struck down as unconstitutional the National Security Letter provision of the Patriot Act authorizing the FBI to demand a range of personal records without court approval, and to gag those who receive NSLs from discussing the letters.

Senator Russ Feingold and Representative Jerrold Nadler have introduced legislation to rein in this unchecked NSL authority. The ACLU urges immediate consideration of these bills.

Attorneys filing this FOIA request are Goodman, Danielle Tully, and Jameel Jaffer of the ACLU's National Security Project.

Today’s FOIA request to the FBI is available at:

All of the Defense Department’s NSL-related documents obtained by the ACLU are available at:

More information about the ACLU's challenges to the NSL power is available at: http://www.aclu.org/nsl


Posts: 8,736
Reply with quote  #4 
At ALA Midwinter, Arab-American FBI Agent Says Agency Cuts Corners
Norman Oder -- Library Journal, 1/12/2008

* After Pressure from FBI, Scheduled “Whistleblower” Will Only Answer (Some) Questions at Midwinter

* First appearance at public forum
* Says FBI lax on National Security Letters
* Suggests gag order isn’t wise

In his first appearance at a public forum (though he has done media interviews), Bassem Youssef, the highest-ranking Arab American agent in the FBI, this morning offered a careful but impassioned indictment of current FBI practices in the war on terror, warning that the FBI is cutting corners to acquire data without supporting the human intelligence that would be more effective. He had been scheduled to present a speech at the American Library Association (ALA) Midwinter Meeting in Philadelphia, but after the FBI got wind of an ALA press release, he was limited to answering questions and was sometimes cautioned by his attorney, Stephen Kohn, not to offer more details.

Youssef, who noted that he was speaking for himself, not the FBI, explained how FBI standards have become less stringent in overseeing what may become fishing expeditions for information. Before 9/11 and the USA PATRIOT Act, he said, National Security Letters (NSLs)—which do not require judicial oversight, as do subpoenas—had to be authorized by an official at FBI headquarters. After the Patriot Act, however, NSLs could be authorized by the Special Agent in Charge at FBI field offices. “That diffused it, in terms of authority,” he said.

NSLs, Youssef, explained, allow the FBI to search the “community of interest” of a target—essentially anyone the person calls. “If there’s an assumption that all their contacts are bad contacts, we’re in big trouble.”

Shunted aside?

Youssef, who immigrated to the United States with his family from Egypt, had been lauded for work in the 1990s, but after he complained that his skills were not being used following the 9/11 attacks, he was shunted aside and has sued for discrimination. (The Department of Justice’s Office of Professional Responsibility, in a preliminary investigation, found grounds to believe that Youssef’s disclosures to the FBI director contributed to his not being placed in a department investigating international terrorism.) “All I’ve ever wanted to do was be a good FBI agent…and arrest terrorists,” Youssef told the audience.

Youssef was moved from counterintelligence to head the Communications Analysis Unit, supervising 50 agents. “As easy as it was to get an NSL for warrantless searching, the FBI wasn’t even doing that,” his lawyer explained. “Instead, they were relying on a very narrow exception known as exigent circumstances, where they need nothing—nothing!”

FBI officials, Kohn said, told Youssef that an exigent circumstance meant “we need it promptly. We now know that the definition provided was a false definition, because exigent circumstances require life-threatening or imminent [danger].”

Gag order OK?

Attorney Tom Susman, a consultant to ALA’s Washington Office, asked Youssef whether he thought the gag order accompanying NSLs, which prohibits targets—such as the four “John Doe” librarians in Connecticut—from revealing that an investigation is ongoing, was “in all cases fully justified.”

“There’s so much I can’t get into,” replied Youssef. “But I can say that it takes an official who’s got the expertise and experience to justify” whether such a gag order is necessary.

“Would it make it less effective if there were more central control?” Susman followed up.

Obtaining telephone, library, and email records in counterterrorism investigations, Youssef responded, requires expertise. He gave the hypothetical example of an FBI official who has worked only organized crime. “You could imagine what sort of abuse might happen as a result.”

“If the person signing the NSL hasno real basic understanding of terrorism,” Kohn continued, “what gives them the qualification for signing for warrantless searches for thousands of Americans?”

Depressing or inspiring?

One questioner in the audience called the session “the most depressing 45 minutes,” while another, later on and after Kohn urged attendees to support the work of the National Whistleblowers Center, said that Youssef’s willingness to press on was inspiring.

“I’m a strong believer in God,” Youssef responded, explaining the source of his fortitude. “I believe that God is a righteous God. Jesus Christ is my lord, and I live for him.” Later, at the end of the session, he got a standing ovation.

Posts: 8,736
Reply with quote  #5 

FBI requests spawn network forensics start-up

Ellen Messmer                                           Today’s Top Stories    or                          Other Linux and Unix Stories                                          
                        Click here to find out more!



Sign up to receive Security Resource Alerts


January 22, 2008 (Network World) -- Start-up Packet Analytics Corp. on Monday announced a tool for searching aggregated log data to analyze traffic activity between IP-based host computers.

Net/FSE, which stands for Network Forensic Search Engine, is Linux-based server software that provides a Web interface for network managers to easily see an analytical profile of host-to-host activity based on NetFlow router data as well as log information related to the organization's firewall, intrusion-detection systems and security information management. (Learn more about Security Information Management products from our Security Information Management Buyer's Guide.

The Net/FSE tool was developed at Los Alamos National Laboratory by Packet Analysis co-founders Ben Uphoff and Paul Criscuolo, both former technical staff members at the lab.

"If an enterprise already has centralized logging, we can start directly searching that, and we can also act as the data-aggregation point," said Uphoff, vice president of research, about Net/FSE.

The tool was developed at Los Alamos in response to requests from the FBI to provide detail on network activity based on a list of IP addresses related to possible security problems, he added. The tool is restricted to IPv4 traffic and doesn't support IPv6.

Packet Analytics regards Splunk Inc. and LogLogic Inc. as its closest competitors.

Packet Analytics' goal to commercialize Net/FSE is backed with $100,000 in funding from the Los Alamos National Lab Venture Acceleration Fund, plus $50,000 from Flywheel Ventures and another $50,000 from an undisclosed "angel" investor. The start-up said it has one enterprise customer, Los Alamos National Bank, using Net/FSE.

Santa Fe-based Packet Analytics was founded last July and has only two employees. To spur interest in Net/FSE, the company today will make the Net/FSE software available for free download to those using it to analyze up to 1 million events per day with limited support, says Andy Alsop, co-founder and CEO.

For use with up to 3 million events per day, the price for Net/NSF would be $1,495 with $299 for support each year, with prices of up to $18,900 for the tool and $3,790 for support for use analyzing 50 million events per day.


Posts: 8,736
Reply with quote  #6 



The Top 5 VoIP Security Threats of 2008

Know what problems to expect and learn how you can avoid them.

Jim Higdon on January 24, 2008


A Texas research company that's comprised of experienced VoIP security teams operating globally around the clock, Sipera Systems Inc.'s VIPER Lab has identified thousands of vulnerabilities and security threats since its inception in 2003, including fuzzing, floods, spoofing, stealth attacks and VoIP spam. In January 2008, VIPER Lab released its predictions for the top five VoIP threats of 2008, as reported in Forbes magazine and elsewhere. What do you need to know now about your VoIP security weaknesses, and what can you really do about it?

           Related Articles:

The top five VoIP threat predictions for 2008 are:

1. DoS (denial of service) Attacks on VoIP Networks: This has been a concern for the IEEE (Institute of Electrical and Electronics Engineers) since 2006, and VoIP watchers have been concerned about DoS attacks for the past year. DoS attacks can overwhelm your company's phone lines, creating long-term busy signals, forced call disconnects and an exhausted work force.

2. VoIP Eavesdropping:
In June 2007, it was learned that a hacker with a packet sniffer and VOMIT could tap directly into VoIP calls. Then it was learned that those vulnerabilities could also lead to DoS attacks. “Anyone on your network,” stated an article found at EnterpriseVoIPPlanet, “anyone on other networks that you contact — and all points in between, including service providers — all have the opportunity to do an awful lot of juicy snooping.” Not to mention, of course, that the FBI and other security agencies can do all the VoIP snooping that they want. How do you prevent unwanted listeners on your VoIP calls? Place all VoIP phones on separate, secured vLANs to protect against rogue devices, then protect that vLAN against the introduction of unauthorized devices. Once you've isolated your VoIP devices, limit their inbound and outbound traffic so that they can only communicate with their call manager, encrypt the calls that travel over public networks, and watch the news and get ready to react, according to SearchSecurity.com.  

3. Microsoft Office Communications Server:
Hackers love attacking Microsoft, and Microsoft loves being unprepared. VIPER Lab predicts that hackers will find vulnerabilities in Microsoft Office Communications Server’s VoIP client and use it to access networks that had previously been secure, and the organization is not alone in reaching this conclusion. Network World blogger Mitchell Ashley suggests that Microsoft could learn from Vonage’s vulnerability to spoofing attacks.

4. Vishing by VoIP: The FBI has been aware of vishing for nearly a year now, and the IC3 (Internet Crime Complain Center) recently released a report stating that vishing attacks are on the rise. With caller ID spoofing, the criminals can be very difficult to track, “due to rapidly evolving criminal methodologies,” according to the IC3.

5. VoIP Attacks Against Service Providers: These sorts of attacks will escalate, VIPER Lab predicts, because of readily available, anonymous $20 SIM cards. As UMA (Unlicensed Mobile Access) technology becomes more widely deployed to allow calls to switch from cell networks to VoIP networks, VIPER Labs warns that “service providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making it easier to spoof identities and use illegal accounts to launch a variety of attacks.” Such attacks include scripting “various flood, fuzzing and spoofing attacks,” according to VoIP blogger Rich Tehrani. “The hacker could set up multiple IPSec tunnels to various PDGs in the network or across multiple GPRS sessions [generating] up to 10,000 messages per second … equal [to] the traffic of 10 million users,” he wrote.

So how can your company best protect its VoIP network from these sorts of threats? It should protect itself on three levels: network architecture, security protocols and user interaction. At the network level, hosting VoIP on a VPN (virtual private network) does a good job of separating VoIP’s security holes from the underlying data network. Like all computer systems exposed to outside vulnerabilities, a VoIP network should be covered in firewalls, anti-virus programs and a sturdy intrusion-prevention system. At the user level, company employees should be trained and assessed against high-risk security behavior, like using Google Talk, Skype or other hosted IP voice technologies that could expose the company’s VoIP network to outside attack.

Other VoIP best security practices include installing application-layer gateways between trusted and untrusted zones, establishing security zones to isolate VoIP segments, and applying encryption as a part of a holistic security program. For more information on best security practices, download the white paper "A Proactive Approach to VoIP Security."  

Related Articles:

A Guide to Understanding VoIP Security Threats

A Proactive Approach to VoIP Security

Fending Off VoIP Attacks

Internet Security and Wiretapping

Posts: 8,736
Reply with quote  #7 
FBI agent charged with beating her father

see link for full story


 Thu, March 29, 2012

YOUNGSTOWN — A 46-year-old woman, who police listed as a former FBI agent, has been charged with domestic violence for allegedly assaulting her partially blind father this week.

Posts: 8,736
Reply with quote  #8 
see link for full story

Nichols says bombing was FBI op

Detailed confession filed in S.L. about Oklahoma City plot

Published: Thursday, Feb. 22 2007 1:02 p.m. MST

The only surviving convicted criminal in the April 19, 1995, bombing of the Alfred P. Murrah Federal Building in Oklahoma City is saying his co-conspirator, Timothy McVeigh, told him he was taking orders from a top FBI official in orchestrating the bombing.

A declaration from Terry Lynn Nichols, filed in U.S. District Court in Salt Lake City, has proven to be one of the most detailed confessions by Nichols to date about his involvement in the bombing as well as the involvement of others. However, one congressman who has investigated the bombings remains skeptical of Nichols' claims.

The declaration was filed as part of Salt Lake City attorney Jesse Trentadue's pending wrongful death suit against the government for the death of his brother in a federal corrections facility in Oklahoma City. Trentadue claims his brother was killed during an interrogation by FBI agents when agents mistook his brother for a suspect in the Oklahoma City bombing investigation.

The most shocking allegation in the 19-page signed declaration is Nichols' assertion that the whole bombing plot was an FBI operation and that McVeigh let slip during a bout of anger that he was taking instruction from former FBI official Larry Potts.


Posts: 8,736
Reply with quote  #9 
see link for full story

Your Own Smart Phone, Turned Against You

Defense contractor starts RIOT

by Kelley B. Vlahos, February 19, 2013

My day starts out normally enough: I drop the kids at school and head to the Starbucks, where I use my Smart Phone to pay for my tall Caffé Mocha soy because that’s how I roll: I save one minute not having to reach into my wallet to physically pull out my credit card, it’s logged into the app.

After "checking in" with Foursquare, which tells me a couple of moms from the school have already been there this morning, and then my Facebook, which tells me another "friend" is headed there now, I dash to the Safeway, where I get discounts on my feta cheese, avocados, organic yogurt and Fat Bastard chardonnay because I logged it all in the store’s Just for U program. Again, that’s how we roll.

I Skype with an activist in Australia before she leaves for a fact-finding mission in Iraq. Then I Google the news for the latest Brennan/drone hearings and fire off angry commentaries on Gmail and Twitter to friends, declaring the U.S government fascistic, and worse than the Taliban. I then rush to meet colleagues, including writer Gareth Porter – who just got back from the Middle East and is now writing a story about how Israel may be responsible for leaking fraudulent documents describing Iran’s nuclear capability – at the Lebanese Taverna down the street. I check in two more times with Facebook and Foursquare, because I get extra points when I check into the restaurant. Maybe tomorrow I’ll be the mayor.

I go to the Home Depot to get some material for my son’s science project – he’s going to facilitate electromagnetic energy with batteries and copper coil. I check in again at the Starbucks attached to the Barnes & Noble for my second coffee of the day and buy the book The Perfect Soldiers about the 9/11 hijackers, because I heard it was taken away from one of the 9/11 conspirators at Gitmo, and I wanted to see for myself whether it posed a danger to national security.

Two days later, I am standing at the checkpoint at Dulles Airport heading for Europe. I am flagged for an extra screen. They search my laptop, because, as it were, this happens a lot. I am never told why, though I am eventually cleared to travel. I may never know. Was it my lunching partners and the frequency with which we met, or the diatribes on Twitter? Was it my phone calls overseas, or the purchase of materials that are commonly used to make an explosive devise? My reading habits? My love for feta cheese?

Are one of my friends flagged on the elusive Terrorist Identities Datamart Environment (TIDE) list?

Better yet, am I?

* * *

None of this happened of course –I don’t carry a so-called smart phone, and I am a Facebook resister. Gareth wrote that story in 2010 and I haven’t been to Europe for some time. I don’t drink Caffé Mochas or have a Gmail account or engage in Foursquare, and as for Twitter, I wouldn’t call Washington the Taliban, it’s a clunky comparison.

But I wanted to illustrate that any or all of these things taken together might be of utmost interest to Uncle Sam. As we know, these daily rituals we take for granted are duly recorded and even filed away by increasingly sophisticated corporate monitors who monetize our every online move. But now we have to worry about the government using these very tools to track our every move – in law enforcement investigations, data mining schemes, fusion centers and the latest raison d’etre, cybersecurity.

Sound outrageous? Perhaps, but, as The Guardian reported just recently, the defense industry is already working with Raytheon to build its own application that would map our physical movements, as well as our activity on social networking sites, including Facebook, Google, Twitter and FourSquare, which taken together, can drill down on both the location and buying habits of millions of users a day. According to writer Damien Gayle:

Critics have already dubbed it a ‘Google for spies’ and say it is likely to be used by governments as a means of monitoring and tracking people online to detect signs of dissent.

Raytheon claims it has not yet sold the software – known as Rapid Information Overlay Technology, or Riot – to any clients but admitted it had shared the technology with the U.S. government in 2010.

However, it is similar to another social tracking software known as Geotime, which the U.S. military already uses and was in recent years purchased for trials by London’s Metropolitan Police.

The video, seen here walks the viewer through a typical RIOT search. It’s fairly straightforward and most unsettling, as it’s clear that everything I did in my fictional day about town would have been great fodder for a RIOT search, boiled down to the starkest elements, in pie charts, bar graphs and even photographs. In fact, any picture taken with my smart phone of me, my friends, or my children and posted publicly on any an open social network like Instagram or FourSquare would have become part of my virtual dossier, and would’ve been key to pinpointing my location at any point in time because of their embedded coordinates. Furthermore, if anyone takes a photo of meor my family on their smart phone, we automatically become part of their online portfolio.

According to Guardian reporter Ryan Gallagher, who broke the story on Feb. 10, the video:

reveals how an “extreme-scale analytics” system created by Raytheon, the world’s fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.

Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.

But the Massachusetts-based company has acknowledged the technology was shared with US government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analysing “trillions of entities” from cyberspace…

When reached by the reporter, Raytheon indicated that the software had not been "sold" to anyone – but it is clearly not "old news."

“Riot is a big data analytics system design we are working on with industry, national labs and commercial partners to help turn massive amounts of data into useable information to help meet our nation’s rapidly changing security needs," said Jared Adams, a spokesman for Raytheon’s intelligence and information systems department, in an email to The Guardian.

“Its innovative privacy features are the most robust that we’re aware of, enabling the sharing and analysis of data without personally identifiable information [such as social security numbers, bank or other financial account information] being disclosed.”

RIOT culls though all open source material, so no, this does not involve cracking passwords or accessing records that would ostensibly require a warrant nor permission to access, like credit card information, health and employment records, or bank statements. However, knowing that the government can pinpoint your exact location, as well as the location of anyone you’ve chatted with in any of these social network apps, what you’ve purchased or shared with them at those locations and when, is a bit creepy – and dangerous.

"The video is frightening. It surely takes stalking and voyeurism to a new level," said Diane Roark, a former House Intelligence Committee aide whose home was raided by the FBI when she was caught up in the warrantless wiretapping leak scandal in 2007. She was never charged with the newspaper leak, but she had been active in warning congress and anyone who would listen that the National Security Agency (NSA) was deploying a surveillance tool that was spying on Americans illegally. Her warnings went unheeded, even as it turned out to be true.

But as Roark pointed in an email to Antiwar.com, that NSA program is one of many post-9/11 government efforts to use current technology to spy on Americans. The proliferation of GPS, social networking sites and massive buying and selling of personal data by marketing and advertising companies is just making their job easier.

Jay Stanley, senior policy analyst at the American Civil Liberties Union (ACLU) takes particular note of RIOT’s ability to formulate the daily routines and travel habits of targeted individuals. The "target" in the video checks in with Foursquare every day at the gym around 6 a.m, allowing the program to map his location. The Raytheon representative in the video notes this would be good to know if one wanted to get a hold of the target, or "get at his laptop."

"The reference to the laptop is certainly jarring," Stanley writes. "Remember, this is an application apparently targeted at law enforcement and national security agencies, not at ordinary individuals. Given this, it sounds to me like the video is suggesting that Riot could be used as a way to schedule a black-bag job to plant spyware on someone’s laptop."

Former NSA senior executive Tom Drake paid the price for blowing the whistle on the National Security Agency’s (NSA) surveillance activities. He was not only raided, but lost his job and his security clearances for his dissent. Since then he has been an arch critic of domestic spying practices.

“The real danger is the state becoming the ultimate digital stalker of anybody it wishes to target, track, monitor and surveil and especially when that person becomes a designated person of interest to the state,” he told Antiwar.com.

“Think of RIOT as a social media version of the panopticon watching all persona level activity posted across the expanse of the digital space we inhabit in our world.”

Meanwhile, networking apps offered by Google or Facebook have not been entirely up front about how much personal information is shared and when. Usually they come clean or reverse course after an uproar or lawsuit, but there is no doubt a lot going on under the radar. That should be taken into consideration when taking advantage of applications that enhance one’s "consumer experience" and/or allow the user to congregate in real time with friends and like-minded users based on geographic location.

Example: last August, Google paid $22.5 million in fines to the Federal Trade Commission on charges it sidestepped Apple security settings to track Safari users’ browsing habits. This was two years after it was forced to pay $8.5 in fees over its now-defunct Google Buzz program, which "inadvertently" exposed Gmail (Google Mail) personal contacts publicly. But these were merely bumps in the road for Google and its quest for total information dominance: last year it announced it would be tracking the browsing and buying habits of all users on its You Tube, Gmail and its ubiquitous search engine. From The Washington Post on the new policies, which went into effect a year ago (emphasis mine):

Google can collect information about users when they activate an Android mobile phone, sign into their accounts online or enter search terms. It can also store cookies on people’s computers to see which Web sites they visit or use its popular maps program to estimate their location. However, users who have not logged on to Google or one of its other sites, such as YouTube, are not affected by the new policy.

As for Facebook, which "obliterates" all other competitors in the social networking market, it’s always finding new ways to exploit its legion of members – including the 604 million who access Facebook on their mobile phones each month. Users, indeed, push back when they feel Godzilla is getting too close to Tokyo: in 2009 it forced Facebook to reverse a new privacy policy that would have given Facebook more rights over their content. More recently, its acquired property Instagram was forced to get rid of a pending policy clause that would have allowed the popular photo sharing site – and in effect the Facebook universe – to sell user images posted on its space to third party advertisers.

But this is merely a pinprick in the vast body of profit-making enterprises starring you! – and going on right under your fingertips. The Atlantic’s Alex Madrigal tried an experiment and found how "Google – and 104 other companies – are tracking me on the web." But that was a year ago – an epoch in Internet time; he may be shocked to find how many, and how, companies are using his information today.

“Social networking sites are often not transparent about what information is shared and how it is shared,” Ginger McCall, an attorney at the Washington-based Electronic Privacy Information Centre, told The Guardian. “Users may be posting information that they believe will be viewed only by their friends, but instead, it is being viewed by government officials or pulled in by data collection services like the Riot search.”

Which brings us back to the government, which has been attempting for years to get at personal content generated by consumers and traversing the social networking universe. "Cybersecurity," one could say, is its new Trojan Horse.

The real smart phone?

Programs like RIOT will allow them to do an end-run, and gleam enough about you and me without warrants and messy legal red tape. RIOT, along with evolving White House policy that allows the government to sift, share, peruse and keep personal records on Americans not even suspected of a crime in dossiers up to five years, reanimates the Total Information Awareness project killed off during the Bush Administration. Helping this along are congress’s ongoing attempts to pass new Internet laws like CISPA (Cyber Security Sharing and Protection Act), which would encourage companies – including Big Daddies like Microsoft, Google and Facebook – to share users’ personal information with Uncle Sam without legal recourse or transparency.


So don’t feel ashamed if, like me, you’ve resisted all the bells and whistles of modern telecommunication, content with keeping the antiquated dumb phone in your pocket (yes, they still exist), and the networking face-to-face, and not just byte-to- byte. It just might be the smartest decision you ever make.


Posts: 8,736
Reply with quote  #10 

FBI Director: ID And Deter Attackers 'Behind The Keyboards'

Finding LulzSec's 'Sabu' a prime example of tracking down cybercriminals, official tells RSA Conference 2013 attendees Mar 01, 2013

Posts: 8,736
Reply with quote  #11 


see link for full story

Life Inside the Aaron Swartz Investigation

By Quinn Norton
Share21 Mar 3 2013, 9:24 PM ET
A reluctant witness's account of a Federal prosecution. If you haven't been following the case, start with the editor's note for context.
Quinn Norton's grand jury subpoena (Quinn Norton).
Once your life is inside a federal investigation, there is no space outside of it. The only private thing is your thoughts, and even they don't feel safe anymore. Every word you speak or write can be used, manipulated, or played like a card against your future and the future of those you love. There are no neutral parties, no sources of unimpeachable wisdom and trust.
The lawyers tell you: take no notes.
The lawyers tell you: talk to no one.
It is the loneliest of lonely things to be surrounded by your loved ones, in danger, and forced to be silent.
May you never experience a Federal investigation. I did, and it consumed me, and changed every day that will come after it for the rest of my life.
It all began with a call from Aaron Swartz on a jail-room phone. This essay is my attempt to explain what happened between that call and my friend's suicide. This will not be the final word on Aaron's story, nor is it intended to be.
Two years later, these are the events as I remember them, and the feelings as I knew them.
* * *
Aaron and I were best friends. We'd been the voice in each other's ears and silent textual companions online for more than four years. We were a daily presence for each other, no matter the number of miles that separated us.

Related Documentation

For the first year, we lived together. Being just roommates lasted less than a month, and we entered a powerful and sometimes difficult relationship which we decided would only last a year. We spent the next three years trying and failing to cleanly end our romance. He was an incredibly secretive person, private about our life together, his thoughts, and the events of his life. I was a nosy reporter, always trying to get things out of him. He would never tell me how much he was paid in the Reddit sale, and his reticence came a running joke between us: me prying, cajoling, pressuring, and Aaron, never giving in.
On January 6, 2011, I got a call on my mobile phone from a number I didn't recognize. Usually I don't answer unknown numbers. This time I did. I heard Aaron's voice: scratchy, distant, nearly inaudible. He'd been arrested. I didn't ask him what happened. I only asked him what he wanted me to do.
He needed bail. He had a lawyer, Andy Good, in Boston. I had to get a hold of this lawyer and find someone to bail him out. I found a local friend, who went and got out $1,000 to post Aaron's bail. I didn't ask any questions. Neither did my friend.
The rest of January went on in a strange haze. Neither of us seemed able to believe this was serious. Aaron eventually told me it was computer related, something about a wiring closet at MIT -- explaining only the contents of his arrest record.
I am a journalist of hackers. They are my beat and my friends, so I'd seen people harassed and persecuted. Some piece of research or conference presentation would suddenly become an investigation, phone calls and meetings with lawyers. We came to expect raids, surveillance, and threats from powerful men who couldn't tell the good guys from the bad in my world.
February brought the inevitable raid. The Secret Service came to his house and his office at the Harvard Ethics Center and took hard drives and computers. Aaron's phone was taken. He got an iPhone to replace it. I asked him if I could have his old phone when he got it back. He said, "Sure. It might be a while."
I knew that Law Enforcement could be terrible about getting things back in a timely manner. But I couldn't yet imagine it would be years, or that there might be a trial. Most of these cases, even the PACER affair that had interrupted life and scared us in 2009, resolved with the police simply going away.
In early March I was staying at a friend's loft in the Bay Area. Someone knocked at the door of the loft, and I ran downstairs, still dressed in my pajamas, and answered the door. It was a tall man and a short woman in blazers and unmatched trousers. They had the dowdy cleanliness of law enforcement. They said they were from the Secret Service and that they wanted to ask me a few questions. Shocked and unsure of myself, I let them in to talk to me. One should never, ever do this.
They asked about Aaron, I told them I didn't know anything. They pointed out that he'd called me, and asked what he told me. I told them I hadn't asked anything about his arrest, and they were incredulous.
Eventually I ran out of things to tell them, and they produced the real reason for their visit: a subpoena. The prosecution wanted my communications with Aaron, anything we'd shared, any time I'd talked about JSTOR or MIT or the case with anyone. It was pages of demands for my digital life with Aaron, the private world we'd shared. There was a grand jury date listed as well: "YOU ARE COMMANDED," it read.
I had to Google grand jury to find out what it was.
I did know I'd need a lawyer. I went to a lawyer friend and explained I was broke. She thought of someone she'd worked with once in Boston and gave him a call about helping with my case, pro bono. I didn't understand how any of this worked. In time, I would dub the case the "World of Shit I Don't Know."
A week before the Secret Service came to the door, my car was rear-ended by a school bus. The car itself was totaled, but I thought there'd been no injuries, just a little soreness in my neck. Within a few weeks the stress of the case and the neck pain would develop into a cycle of torturous daily migraines, a pain so rich it blotted out thought for hours a day. It was the second time this had happened to me, the first being in 2007. In both cases the standard complement of migraine medications weren't very effective: only opioids worked, and my doctor put me on Vicodin.
And so, scared, naive, and in pain, I met my lawyers Adam and Jose, from the firm Fish and Richardson in a beautiful and shiny building next door to and towering over the federal courthouse. The building looked like a modernist space station, the Jetsons with cleaner lines and an endless sense of power and money. I am a hackerspace girl who has grown up broke, sometimes too broke to eat, with a drug dealing Vietnam vet dad. I felt immediately and continually out of place. I met my lawyers many times, but I never felt comfortable.
In that first meeting, I told them I would be a good client and that I was deeply grateful for their help. I was. They told me not to talk to Aaron, that I shouldn't stay with him. I did anyway. Sometimes we just needed to hold each other. Sometimes we needed to say something. But we tried to and mostly obeyed the proscriptions on talking abut the case.
As strange as it seems now, when I was first subpoenaed, Aaron was more worried about me than him, and both of us were worried about Ada, my seven-year-old daughter. She was the light of both of our lives, and we wanted to make sure none of this would touch her. The problem was my computer. It contained interviews and communications with confidential sources for stories going back five years. The subpoena didn't actually call for my computer, but materials on my computer. Jose and Adam implied that if the prosecutor didn't think I was being honest, he might move against me, seize things.
And if the prosecutor took my computer, I would have to go to jail rather than turn over my password. I had no choice. I'd been logging all of my communications for years, professional and personal. Aaron knew this, and he was furious at me for it when he read the subpoena. It was a kind of impersonal fury, not directed at me and my decisions, but the situation itself. "Why did you log?" he asked me repeatedly. I told him that it had kept me sane in my divorce. But he already knew that, he'd been there.
These days, I not only don't log, I refuse to talk to anyone who does. I often refuse to communicate without encryption. But I had to continue to log during the investigation. I was told that changing my behavior while being investigated could be held against me, because in an investigation it is suspicious to learn from your mistakes.
Aaron and I sat together in his place one night in March. He could see I was scared and he held me. He told me that Steve Heymann, the prosecutor, had offered a deal: three months in prison, three months in some sort of halfway house, and three months probation, and one felony count. He told me he would take it if I wanted him to.
We talked about it, about what a felony count would mean to him, to his life and his dreams in politics. I thought about my father, sent away to state penn when I was 17, and how it had crushed him. He'd not lasted long after prison.
To be a felon in this country is to be a pariah, to be unlistened to. Aaron wanted more than anything to speak to power, to make reforms in the very system that was attacking him now. In most states a felon can't even vote. The thought of him not voting was unfathomable.
But the truth is I wanted him to take the plea deal and end it. I wanted to not be scared anymore, to not deal with these people anymore. Nine months didn't seem so long, and I came very close to asking him to do it. But I looked at him, and I thought about PCCC (the first of his political action groups), Demand Progress, and Washington DC, and all the work he'd done. "If you want to fight it, you should fight it," I told him. I told him I would support him.
I've spent many nights this year, awake, wishing I'd been a little more selfish that day. We were at the mercy of a man we didn't know and who we'd never met. We were in his power, but we didn't know it yet.
Aaron said Steve had been furious when he turned down the plea. He sometimes screamed at my smiling and compliant lawyers over the phone until they visibly shrank in their seats, glancing uncomfortably at each other.
Despite this, my lawyers very much wanted to play nice. They explained there were two ways to approach a prosecutor, hostile and friendly. They told me they didn't know this prosecutor, but that they favored a cooperative approach.
I wanted to be friendly and cooperative -- it was how I got through life. I didn't know anything the prosecution cared about, and I thought that maybe I could talk Steve out of the prosecution, or at least into not being so harsh. This was so obviously a ridiculous application of justice, I thought. If I just had the chance to explain, maybe this would all go away. My lawyers told me this was possible. They nursed this idea. They told me Steve wanted to meet me, and they wanted me to meet him. They wanted to set up something called a proffer -- a kind of chat with the prosecution. Steve offered me a "Queen for a day" letter, granting me immunity so that the government couldn't use anything I said during the session against me in a criminal prosecution.
I went home and started researching what a proffer actually was, and how it might work. I learned that the "Queen for a day," or proffer, letter was often used by targets of the investigation to negotiate deals of lighter sentencing in exchange for information; in short, it was the mechanics of snitching. I was outraged and disturbed. I didn't want a deal, I didn't want immunity, I just wanted to sit down and talk about the whole terrible business, to tell them why this case wasn't worth their time, and Aaron didn't deserve their attention. I didn't need a deal, and in fact, given that I had nothing to offer the government's case, I didn't think I even qualified for it.
I asked my lawyers to refuse, and we fought about it, repeatedly. They brought up things from my past that could be used against me; not criminal behavior per se, even they admitted, but they wanted me to have immunity. I had a terrible headache, and eventually gave in.
Aaron was furious. He told me not to meet Steve. But no one, including Aaron, would tell me why. No one would tell me even how to get out of it. And still I had an unshakable belief that if I could just somehow explain all this it would go away. I delayed once, too sick to go. My lawyers told me Steve was furious at my medical delay. I might be arrested. I told Aaron, and others, that I wanted to talk to Steve human to human.
As I learned more and more about the proffer, I realized it wasn't the straightforward sit down and chat Adam and Jose had told me it was. There were different types -- some quite positive -- but there seemed to be no way to tell what I was walking into. Aaron told me his lawyer was angry too, that I was being an idiot. I began to wonder (stupidly, and to myself) if he thought my contempt arrest would help his case. He wondered, loudly, whose side I was on.
My lawyers were starting to get into fights with other lawyers, sometimes screaming fights, and the lawyers' stories weren't matching up. I was getting more ill, headaches everyday and unable to get properly treated due to insurance problems. My thoughts of talking the prosecutors out of this foolish attack on Aaron were fading, even as Jose and Adam still encouraged me to try.

Posts: 8,736
Reply with quote  #12 

see link for full story


Open Justice Department’s legal interpretations to the public

April 1 2013

THE OPINIONS of the Justice Department’s Office of Legal Counsel (OLC) are important, setting legal interpretations that bind federal agencies on issues such as torture and secret surveillance. So why can’t the public read all of the OLC’s legal conclusions?

That question underlies a challenge that the Electronic Frontier Foundation (EFF) has made against the Justice Department, seeking an OLC assessment of the FBI’s authority to surveil Americans without a judicial warrant. The Justice Department refused to hand over the OLC opinion, citing exceptions to the Freedom of Information Act. So far, the suit hasn’t gone the EFF’s way. But, as The Post and others recently argued in an amicus brief, the U.S. Court of Appeals for the District of Columbia Circuit should recognize the critical interest that the public has in knowing how the executive branch interprets the laws the Constitution tasks it to enforce.

Washington Post Editorials

Editorials represent the views of The Washington Post as an institution, as determined through debate among members of the editorial board. News reporters and editors never contribute to editorial board discussions, and editorial board members don’t have any role in news coverage.

The public has a right to know what the executive branch thinks it can do.


At issue is an 11-page document dating to 2010, when the FBI was reviewing its practice of demanding telephone and other records from communications firms without a warrant — as long as the government claimed that the information was related to a national security investigation. Justice’s inspector general found that, even with all the leeway the law gives the FBI, it still sometimes demanded personal data without much of any process at all. After the FBI asked the OLC to weigh in, the EFF and others naturally wanted to know what determination the office made on the legal questions involved.

But the Justice Department denied the request, and the EFF’s appeal to Justice’s Office of Information Policy languished without a decision. In the case that followed, District Judge Richard J. Leon ruled that the OLC’s work was a protected part of a deliberative process within the government, necessary to ensure that policymakers can have open and frank discussions before they make final decisions.

Yet, as the amicus brief points out, the OLC’s opinions aren’t some intermediary step toward establishing the final legal interpretations for the executive branch. In general, they are the final legal interpretations for the executive branch. The FBI could choose to exercise the authority that the OLC said it had — or not — but Congress, the judiciary and the public at large all deserve to know what the executive branch thinks it can do, once it issues a conclusive opinion.


Posts: 8,736
Reply with quote  #13 

see link for full story

EPIC files FOIA lawsuit against FBI for details on biometric database


April 9, 2013 - 

Public interest research group, The Electronic Privacy Information Center (EPIC) has filed a Freedom of Information Act (FOIA) lawsuit against the FBI to obtain documents about the agency’s Next Generation Identification database.

The database in question contains biometric identifiers, and is intended to provide an incremental replacement of the FBI’s current Integrated Automated Fingerprint Identification System (IAFIS) technical capabilities. According to the FBI’s website, the contract to create this system was awarded to Lockheed Martin Transportation and Security Solutions. 

According to EPIC’s complaint, the FBI failed to disclose documents in reports to two Freedom of Information Act requests from last year related to the Next Generation Identification program, including contracts with commercial entities and technical specifications.

The complaint also says that by the time the database is complete, it will be the largest in the world; it will contain photographic images of “millions of individuals who are neither criminals nor suspects”; and that “The NGI databases will be available to private entities, unrelated to a law enforcement agency.”

At this point, it is unclear why the FBI has not disclosed documents to EPIC, and how soon that may happen.

A recent Biometric Research Note suggests that the U.S. Government is a major driver for biometrics and spends at least US$450 million per annum on pure scientific biometric research.

The firm expects that amount to grow as federal law enforcement agencies increase their efforts to integrate more biometric technologies under the FBI’s Next Generation Identification program.


Posts: 8,736
Reply with quote  #14 
Congressman Mike Rogers is a former FBI  agent and one of the most dangerous men
in Congress for destroying the US Constitution. He is a corporate pimp and reports
directly to FBI  Headquarters.

2 reads

1st read

Electronic Frontier Foundation

April 12, 2013 | By Mark M. Jaycox and Rainey Reitman
CISPA Amendments Passed Out of Committee—Here’s Why The New Version Still Threatens Online Privacy

Wednesday, the House Permanent Select Committee on Intelligence marked up the Cyber Intelligence Sharing and Protection Act (CISPA), the misguided “cybersecurity” bill that would create a gaping exception to existing privacy law while doing little to address palpable and pressing online security issues. The markup was held entirely behind closed doors—even though the issues being considered will have serious effects on the liberty of Internet users—and was passed out of the committee.

This means the bill can go to the floor and be voted on at anytime. Please tell your Representative now to vote no on CISPA. We probably have only a few days left before the floor vote.

Here’s our analysis of the amendments and why they don’t go nearly far enough in fixing the serious problems with the bill.
Amendments That Helped—Barely.

The amendments that passed only chipped away at the edges of CISPA, without addressing the core civil liberties concerns. Here’s an overview of some of the most important changes in the bill:

Using Information for "National Security" Purposes

This amendment (PDF) would narrow how information can be used by the government after it is shared by companies. Before, the government could use information collected under CISPA for any "national security" purpose—a catch-all term we've long complained about that could basically mean anything. This amendment stops the government from using the information collected for any "national security" purpose. However, information collected under CISPA can still be used for a wide range of poorly defined purposes, like for a "cybersecurity purpose." Under the current language of the bill, "cybersecurity purpose" is defined extremely broadly—leaving the door wide open for the government to claim its use of the data were for wide-ranging actions. Another amendment (PDF) imposes the same limits: companies can only use the information they learn under CISPA for a "cybersecurity purpose." But to really address the issue of how information collected under CISPA is used, Congress would need to narrow the definition of "cybersecurity purpose."

Companies "Hacking Back"

Another amendment (PDF) approved by the committee attempts to clarify whether or not a company can "hack back" at a suspected online threat. But just like the previous amendment, its intent is far different than its actual impact.

The amendment limits companies from acting beyond their own computer networks to gather threat information; however, it ignores another section of the bill that allows wide ranging acts in response to the perceived threat. The immunity section of CISPA covers any "decision made" based on information a company learns so long as it acts in good faith.

This is a huge loophole. A company could still use aggressive countermeasures outside of its own network as long as it believed the countermeasures were necessary for protection. This section could have been fixed by limiting the broad legal immunity given to companies. But it wasn't. So the amendment still leaves the door open to abuse. A user's only recourse is to prove a company didn't act in "good faith," which is notoriously hard.

New Privacy Reports and Guidelines

The amendment (PDF) by Rep. Thompson requires that the Inspector General and the Privacy and Civil Liberties Oversight Board report on how CISPA impacts privacy and civil liberties in the government. While this is certainly nice, it leaves a big gap: it produces a report on government activity, but doesn’t address the corporate side. There’s no assessment of whether companies over-collect or over-share sensitive information. The potential for companies to improperly share sensitive or personal identifiable information is a fundamental problem with the bill.
Amendments That Didn’t Pass—But Should Have

The most important amendment the committee considered was Rep. Adam Schiff’s amendment (PDF). It created a new requirement that companies take “reasonable efforts” to remove unnecessary personal information of users before passing data to the government. While this wouldn’t fix everything that’s wrong with CISPA, it would do one vital thing: help minimize how much personal information of users actually flowed to the government without a warrant.

In a hearing on CISPA, industry representatives who testified in support of CISPA said it was possible for them to take reasonable efforts to minimize personal user information before sending it to the government. However, the committee voted for an amendment that would only force the government to minimize personal information after the information is alrady in the government's hands. The amendment doesn't fix the fundamental problem that companies are collecting and then sharing sensitive personal information to the government.

Rep. Schiff's amendment was accompanied by good pro-privacy amendments from Rep. Jan Schakowsky. One of Rep. Schakowsky's amendment sought to tackle the overly broad immunity given to companies who share data with the government. The immunity is yet another major problem in CISPA. It allows companies to bypass privacy laws that prevent companies from inappropriately sharing your private information, including the content of your emails. These laws also expressly allow lawsuits against companies that go too far in divulging your private information. Companies should be held accountable if they break these laws. Rep. Schakowsky's amendment would've narrowed the overly broad immunity granted to companies.

And as we mentioned above, another one of our major complaints with CISPA was that companies can directly give sensitive personal information to the National Security Agency. One proposed amendment (PDF), championed by Rep. Schakowsky (the only Representative to vote against CISPA in committee last year), would have mandated companies only report information about computer and network security threats to civilian agencies. Unfortunately, this amendment was defeated.
CISPA Still Possesses Core Problems

Rep. Rogers has framed the amendments to CISPA as "pro-privacy," but they don't fix core problems with the bill. The government should not need to minimize data because companies should not be freely sharing it in the first place. And the "national security fix" still doesn't solve the problem of users' personal information being collected by private companies and then shared with the government. Lastly, the broad legal immunity leaves users with little privacy protections or recourse if a company improperly shares their data. The immunity could even be used by companies to justify acts against threats outside of their own network. These problems must be fixed.

After the bill passed out of committee, the White House issued a statement that concurred with our privacy and civil liberties concerns. The statement noted:

    information sharing improvements are essential to effective legislation, but they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections ... Further, we believe the adopted committee amendments reflect a good faith-effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities.

Just like last year, CISPA is nearly as bad as where it began. And your Congressmen need to hear about it from you: tweet them and email them to make sure your voice is heard.

2nd read
see link for full story

 Amended Cybersecurity Bill CISPA Passes Committee; Privacy Concerns Linger
By Katy O'Donnell | April 10, 2013 7:04 pm

The House Permanent Select Committee on Intelligence approved an amended version of the Cyber Intelligence Sharing and Protection Act Wednesday afternoon, 18-2, following a closed-door markup.

The bill, sponsored by Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.), has ignited privacy concerns even as a spate of high-profile hackings in recent months has raised public awareness of gaping holes in the nation’s cybersecurity.

CISPA, Rogers said “is the one bill, out of everything you’ve seen… that protects a free and open internet and allows people to share cyber threat information to protect their clients, their business, their personally identifying information.”

The legislation would make it easier for the government and the private sector to share threat information to address cyber attacks collaboratively and in real time. Crucially, the bill offers broad legal immunity to businesses sharing threat information with each other and the government. The business community argues that liability and anti-trust protections are necessary to ensure businesses start sharing information (the lack of immunity is a key criticism of  President Barack Obama’s Feb.12 cyber executive order).

Critics have alleged that the bill protects big business at the expense of consumers. A failed amendment from Rep. Jan Schakowsky (D-Ill.) would have limited the legal immunity for businesses, enabling consumers to take legal action against a company.

Schakowsky and fellow committee member Adam Schiff (D-Calif.) told reporters after the markup that all of their civil-liberties-oriented amendments were voted down during the markup, with each of the four amendments between them getting between two and four votes.

Schiff introduced an amendment that would have required companies to strip personally identifying data from any information they were passing on to the government. The committee passed a separate amendment, offered by Rep. Jim Himes (D-Conn.) and supported by Rogers and Ruppersberger, that would require government to minimize such data once it received the information.

The co-sponsors explained that putting the onus of data minimization on government makes it easier for businesses to choose to share information with the government.

“You need businesses to voluntarily cooperate with the government,” Rogers said. “We don’t want to put a burden on you that opens you up to a whole new set of lawsuits.”

Another amendment from Schakowsky would have required that companies report threats to civilian agencies. As drafted, Schiff told reporters, a company could “basically pick” which agency it wanted to give information to.

Privacy and civi-liberties advocates have long voiced concerns about personal information flowing directly to military organizations like the National Security Agency. Existing privacy laws prevent personal information going to the NSA because the inherently secretive organization is subject to little oversight.

Rogers rebuffed those concerns Wednesday, noting that domestic monitoring is not permitted under the bill.

“This is not a surveillance program,” Rogers said, “at all.”

Rogers has repeatedly insisted that the National Security Agency must be able to participate in the information sharing program since it collects intelligence abroad and could warn companies of threats from state actors like Iran.

Still, in a bid to quell concerns about the bill enabling broad government surveillance of individuals, Rogers and Ruppersberger had said before the markup that they would support striking a provision that would have allowed government to use shared cybersecurity information for vague “national security purposes.” The co-sponsors preemptively supported a handful of amendments that passed Wednesday.

An amendment introduced by Rep. Jim Langevin (D-R.I.) that would prohibit businesses from going on offense against hackers — or “hacking back” — also passed the committee; so did an amendment limiting information sharing between companies to cybersecurity purposes.

Rogers said he and Ruppersberger wanted to “make it really clear that [businesses] can’t use this for marketing…[or] any other purpose than to close the gap” in cybersecurity.

Posts: 8,736
Reply with quote  #15 
see link for full story

NYC cases show how crooked officers misuse FBI database for cyber snooping, other offenses

Sunday, July 7, 12:23 PM

NEW YORK — It’s billed by the FBI as “the lifeline of law enforcement” — a federal database used to catch criminals, recover stolen property and even identify terrorism suspects.

But authorities say Edwin Vargas logged onto the restricted system and ran names for reasons that had nothing to do with his duties as a New York Police Department detective. Instead, he was accused in May of looking up personal information on two fellow officers without their knowledge.

The allegation against Vargas is one of a batch of corruption cases in recent years against NYPD officers accused of abusing the FBI-operated National Crime Information Center database to cyber snoop on co-workers, tip off drug dealers, stage robberies and — most notoriously — scheme to abduct and eat women.

The NCIC database serves 90,000 agencies and gets 9 million entries a day by users seeking information on stolen guns and cars, fugitives, sex offenders, orders of protection and other subjects, according to an FBI website. The NYPD system — called the “Finest,” as in “New York’s Finest” — also allows access to state criminal and Department of Motor Vehicles records.

How often the database is used for unauthorized purposes is unclear. The NYPD insists that officers are under strict orders to use it only during car stops, ongoing investigations or other police work. The department assigns them login names and passwords that allow supervisors to track their usage on desktop computers in station houses or on laptops in patrol cars.

NYPD recruits are warned that “if you misuse or you access information in an inappropriate manner ... you are in serious trouble — such as being prosecuted, being fired and also big fines,” a police academy instructor testified at the trial of Gilbert Valle, who was convicted in March in a bizarre plot to kidnap, cook and cannibalize women.

In addition, an FBI compliance unit conducts spot audits to examine users’ ”policies, procedures, and security requirements,” the FBI said in a statement. The FBI also requires each state to have its own audit programs and claims that “malicious misuse is not commonly discovered.”

But both the instructor testifying at the Valle trial and an Internal Affairs Bureau investigator who took the witness stand in an earlier case have conceded that officers can easily circumvent safeguards.

The investigator testified as a government witness at the 2010 trial of an NYPD officer accused of using the database to conduct surveillance of a perfume warehouse in New Jersey before an armed robbery there. He told jurors that officers often do searches while logged in under another officer’s name — either out of neglect or, in this case, intent.

“Unfortunately ... it’s not unusual that it happens,” the investigator said.

The instructor, when asked about an officer’s ability to effectively log in anonymously, responded, “I know it occurs. I wouldn’t say it’s common, but I know it does occur.”

At a trial where Valle was convicted in March, prosecutors alleged that the officer used the database — sometimes accessing it while riding in a patrol car with his supervising sergeant — to help compile dossiers on women that listed their birthdates, addresses, heights and weights. None of the women were harmed, but prosecutors alleged he went as far as to show up on one woman’s block after striking an agreement to kidnap her for $5,000 for a New Jersey man who wanted to rape and kill her.

Posts: 8,736
Reply with quote  #16 
2 reads

1st read see link for full stories
11 July 2013, 19:35

DEF CON hacker conference says no feds, please
In a blog entry on the conference web site, DEF CON founder Jeff Moss (aka The Dark Tangent) has asked federal agents not to attend this year's DEF CON, which is set to take place in early August. Since recent news of the US government's extensive eavesdropping operations has made it difficult for many hackers to feel comfortable casually mixing with law enforcement officials, Moss is asking FBI agents, known as "feds", to take the year off. "This will give everybody time to think about how we got here, and what comes next," Moss wrote.

2nd read
08 June 2009, 09:43
Hacker joins US Government's Homeland Security Advisory Council

During the Homeland Security Advisory Council (HSAC) meeting on June 5th the US Homeland Security Secretary, Janet Napolitano, swore in new council members. The new members include Jeff Moss, also known as "Dark Tangent", founder of the hacker event DEFCON and the Black Hat security conference. Moss previously worked in the Information System Security division at Ernst & Young and on the board of Secure Computing Corporation, which was acquired by McAfee.

Apart from Moss, the advisory body consists of politicians, policemen, business men and scientists. The chairman is format CIA and FBI chief William Webster. The members of the HSAC make recommendations and give advice directly to the Secretary of Homeland Security.

Posts: 8,736
Reply with quote  #17 

Encryption vs. Surveillance in the New Civil Rights Movement
Saturday, 12 December 2015 00:00 By Abi Hassen, Truthout | News Analysis


Encryption vs. Surveillance in the New Civil Rights Movement(Image: Jared Rodriguez / Truthout)

What if in 1960, instead of performing an act of civil disobedience at the Woolworth lunch counter, the Greensboro Four had been arrested for "attempted disorderly conduct" on their way downtown?

Even if the charge were bogus and had no chance in court, its effect on the movement would have been real. Instead of engaging in a high-profile confrontation with the state that highlighted the cruelty of the United States' racist laws, four young Black people would have been arrested on minor charges - hardly a noteworthy occurrence.
Law enforcement officials do not make clear distinctions between activism and terrorism - they even explicitly conflate the two.

Law enforcement and the intelligence complex are paving the way to preempt activism in this way with their current talk of banning strong encryption while perpetuating an ever-growing system of mass data collection and surveillance. Don't be fooled by their calls of "terrorism." Actual terrorists such as al-Qaeda have known about and subverted electronic eavesdropping for decades and will continue to do so. The current efforts at subverting digital security will not stop the Bin Ladens and al-Qaedas of the world. Rather, they will disrupt this generation's Martin Luther King Jrs., Black Panthers and Greensboro Fours.

The US national security apparatus has historically viewed Black activists as a particularly dangerous threat. During the FBI Cointelpro operations of the civil rights era, agents spied on, disrupted and even assassinated leaders of Black Power organizations. Though it's been about 50 years since the "I Have a Dream" speech prompted the FBI to consider Martin Luther King Jr. the nation's "most dangerous Negro," FBI agents are still 80 percent white (less than 5 percent Black), and 80 percent male. The FBI headquarters, the J. Edgar Hoover Building, stands as a virtual monument to the destruction of Black movements - think of it as the anti-MLK memorial. The absurdity of putting Assata Shakur, a 68-year-old grandmother who has no intention of ever returning to the United States, on a Most Wanted Terrorist list, combined with FBI Director James Comey's recent attempts to link protests to a fictitious "rise in crime" do little to reconcile the FBI's anti-Black legacy.

This is the context in which Black activists should view the FBI's and other agencies' attempts to gain access to the public's private data.

It's Not About Terrorism

Law enforcement officials have learned they can justify any expansion of power by crying "terrorism," while the public has learned that governments are not particularly good at preventing terrorism (unless they create it). However, law enforcement is really good at one thing: putting Black people in prison. Anti-encryption laws would continue this dynamic, in which the state continues to be basically ineffective against terrorism but gains more and more power to mass incarcerate.

Following the mass shooting in San Bernadino, California, there has been renewed pressure against encryption, building on the familiar calls from law enforcement to compromise public access to strong encryption in the wake of the Paris attacks. As it turns out, the attackers in Paris were known to law enforcement, discussed their plans in an English-language ISIS magazine and weren't even using strong encryption. However, immediately after the attack, without key facts of the attack, New York City Police Department Commissioner Bill Bratton, along with CIA Director John Brennan, and various other current and former officials, went on a media blitz complaining that governments were "going blind" due to new technology. They didn't propose any technical or legislative solutions to their alleged problem. Their goal was clear: to equate terrorism with encryption. This kind of disingenuous fearmongering only serves to confuse the real issues and to lead people into wrongly believing that law enforcement's war on encryption is actually about terrorism.

Meanwhile, Manhattan District Attorney Cyrus Vance has proposed anti-encryption legislation that would allow police to decrypt devices they already have in their physical possession. Vance himself, in a New York Times op-ed, says the law is meant to " solve and prosecute crimes"; he doesn't even mention prevention. The proposal asks Congress to "enact a statute that requires any designer of an operating system for a smart phone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant," i.e. the ability to read "at rest" (as opposed to "in-transit") data off captured devices. This data was recoverable on earlier versions of iOS and Android until Apple and Google made it unreadable to everyone, including themselves. This was done partially to avoid giving this power to repressive governments.

The reason Vance's proposal does not aim to compromise "in-transit" data or third-party applications - the only things that could stop an imminent act of terror in real time - is because of how radical and counterproductive this would actually be.

"It's completely unrealistic to stop public access to strong encryption," said Matt Mitchell, a security researcher and encryption trainer with Crypto Harlem. "It would require developers to fundamentally rebuild the internet. Imagine a recall and update to all apps and websites that were not wiretap ready. While terrorist, criminals and monitored foreign governments would move to encrypted technologies that did not have the backdoors because they were not USA-made."

So, in the end, after the exploiting of public sympathy for Paris and San Bernadino, law enforcement wants to increase its power to fight everyday crime. Unfortunately, these powers are never spared for the "bad guys" and will surely be used against agents for social change.

Counterterrorism as Counter-Activism

The post-9/11 lesson for many activists, journalists and dissidents is that the spying apparatus built as a response to acts of terror is much better at investigating, intimidating and prosecuting suspects than at stopping actual acts of terrorism.

Law enforcement officials do not make clear distinctions between activism and terrorism - they even explicitly conflate the two. Anti-terrorism tools, from spies and infiltrators, to stingrays and MRAPs, seem to inevitably find their way into the hands of local law enforcement officials, where they are used against the public in times of protest. It is disheartening - but not surprising - that within weeks of the Paris attacks, climate change activists have been put under house arrest.

Government secrecy makes it difficult to know the extent of domestic spying on activists, but what we do know is troubling for the prospects of future movements. An illustrative example of how destructive government infiltration can be comes out of Washington State, where a group of antiwar activists called Port Militarization Resistance were spied on electronically as well as through undercover operations. Lindsey Schromen-Wawrin, an attorney for several activists associated with Port Militarization Resistance, explained to Truthout that:

Advocates for positive social change must contend with a surveillance state that seeks to be omnipresent and omnipotent. Antiwar activists in Olympia and Tacoma had a military spy in their movement for two years from 2007 to 2009. He orchestrated preemptive police suppression of demonstrations. He got several activists onto a Washington State domestic terrorist list. He wrecked a movement.

"The lessons folks learned from the spying was that the paranoia is worse than the actual spy," Schromen-Wawrin added. This "panopticon effect," the principle that people who think they are being watched will alter their behavior, has real results in deterring people from taking part in activism and other efforts to make social change.

The current wave of Black activists, a predictable target of state suppression, is already feeling the effects of surveillance. Anti-police violence and Black Lives Matter activists are being spied on electronically and by undercover officers and informants across the country. Minneapolis, Chicago, Ferguson, Baltimore, Washington, DC, and New York are just some of the cities where spying has been discovered through government documents, but it is surely more widespread. Sandy Nurse, a veteran New York City organizer who has been a part of many protest actions, explained:

We know that at any time you could be monitored. The police target people they perceive as leaders or people at the front of the march. We're called out by name by officers and it's not because we introduced ourselves. They've been shown a picture saying this person is a leader. The cops even came, one time, to my four-unit apartment building for a "security check" right before an action I helped plan (it took them an hour to get here when someone was murdered outfront). They make it scarier for people to step up in their activism.

It forces us to be very public. Sometimes the only way to protect yourself is to be super transparent about what you're doing, which itself creates problems. When you put everything out there, people show up just to disrupt your activism. It also creates barriers. Muslims, trans people, poor and working-class people who are more vulnerable might not show up while those who have more money or privilege to weather out an arrest are more able to participate.

Never knowing whether an organizing space is safe has created a climate where you have all this risk even though you're not doing anything that could hurt anyone. Why do we have to put our electronic devices in another room just to make a sign and show it to people? We're not hiding; we're openly trying to make things better. Why do they need to spend this money to spy on us?

Looking Forward

We are seeing the emergence of a new civil rights movement just as the gains from the previous generation's movement are being dismantled and some of the most dangerous strains of US racism are being mainstreamed (and even discussed openly by presidential candidates). The ability to confront the state through marches, rallies and direct actions is a necessary aspect of movement building that is threatened by a mass-surveillance society.

Encryption offers this movement a mathematical backing of the First Amendment's guarantee of free speech and association. Widespread adoption of uncompromisable encrypted communication gives activists, journalists and the public small spaces to be free from government subversion while forcing law enforcement and intelligence agencies to abandon the failing project of mass surveillance. New encryption technology does help.

"Texting with other activists now I don't feel paranoid like I did a couple years ago. I feel careful," Nurse said. "A truly free society would welcome this."
Copyright, Truthout. May not be reprinted without permission.

Abi Hassen

Abi Hassen is an attorney, consultant and cofounder of the Black Movement-Law Project. He was formerly the mass defense coordinator at the National Lawyers Guild. He has a J.D. from New York University School of Law, and an undergraduate degree in computer science from The Evergreen State College. With his extensive background in labor, political and community organizing, Abi has been active at the intersection of law, technology and organizing for social justice for over a decade.
Related Stories
Protest Is the New Terror: How US Law Enforcement Is Working to Criminalize Dissent
By Derek Royden, Occupy.com | News Analysis
The Post-Paris War on Encryption Is an Opportunistic Attack on Our Civil Liberties
By Dan Massoglia, Truthout | News Analysis
A State of Emergency in France: Draconian Measures Threaten Civil Liberties
By Bianca Jagger, Truthout | Op-Ed
Previous Topic | Next Topic

Easily create a Forum Website with Website Toolbox.

? ?
Copyright ? 2001-2004 Who?s A Rat. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.