1. Monthly archive
  2. November 2015

November 2015

Federal Judge: Stingrays are “simply too powerful” without adequate oversight

A federal judge in Illinois has recently taken the unusual step of issuing three new stringent requirements for the government when it wants to deploy cell-site simulators. The move aims to protect the Fourth Amendment rights of innocent bystanders against unreasonable search and seizure. Of course, for now, this order only applies to this one judge in the Northern District of Illinois. These new stingray requirements come just about a month after the Department of Homeland Security imposed its own warrant requirement, following a similar move by the Department of Justice. Not only can stingrays be used to determine location by spoofing a cell tower, but they can also be used to intercept calls and text messages. Once deployed, the devices intercept data from a target phone as well as information from other phones within the vicinity.

As part of an ongoing drug case, US Magistrate Judge Iain Johnston told prosecutors recently that they will now have to fulfill three distinct requirements before he will sign off on the use of the invasive surveillance devices, as a way to protect the privacy of those who happened to be near a surveillance target. The memorandum opinion came down earlier in Nov as part of a largely sealed ongoing drug investigation, the details of which the judge described as "unsurprising." What is surprising is Judge Johnston’s order to compel government investigators to not only obtain a warrant (which he acknowledges they do in this case), but also to not use them when "an inordinate number of innocent third parties’ information will be collected," such as at a public sporting event.

Why it’s so hard to keep up with how the US government is spying on its own people

[Commentary] Since 2013, Americans have gained immense insight about how the government conducts digital spying programs, largely thanks to the revelations made by former security contractor Edward Snowden. But a new report shows it's really hard to keep track of all the ways the United States is snooping on its own people. There is a reason for all the secrecy: The government argues it has a vested interest in keeping capabilities secret so that terrorists and other targets aren't able to figure out how to evade surveillance. That's one of the reasons some intelligence officials were quick to blame Snowden in the wake of the recent Paris attacks, arguing his revelations may have given terrorists a road map for how evade detection.

The lack of transparency and public awareness of how Americans' data was being collected is also one of the reasons Snowden said he was compelled to come forward with information about government spying. “My sole motive is to inform the public as to that which is done in their name and that which is done against them,” he wrote in a note that accompanied the first document he leaked to The Washington Post. But big disclosures such as Snowden's come along rarely. And now we're seeing that reporting on these programs is like a sort of like playing whack-a-mole: Even if one program appears to have ended, others spring up in their place -- and the general public often doesn't learn about them until years after they've taken effect.

GAO Report Says Federal Agencies Lack Method to Grade Critical Infrastructure Cybersecurity

Most federal agencies overseeing the security of America’s critical infrastructure still lack formal methods for determining whether those essential networks are protected from hackers, according to a new government report. Of the 15 critical infrastructure industries examined in the Government Accountability Office (GAO) report -- including banking, finance energy and telecommunications -- 12 were overseen by agencies that didn’t have proper cybersecurity metrics. These so-called “sector-specific” agencies “had not developed metrics to measure and report on the effectiveness of all of their cyber risk mitigation activities or their sectors’ cybersecurity posture," the report concluded.

The watchdog pointed the finger at the private sector, noting the agencies have to “rely on their private sector partners to voluntarily share information needed to measure efforts.” In the meantime, infrastructure necessary to maintain a functioning economy and power grid will remain vulnerable to hackers.

Let's Get Serious About the Repack Gap

[Commentary] The Federal Communications Commission gave assurances that no stations will be forced off the air following the incentive auction in 2016 because they can't build their new channels in 39 months as the FCC has mandated. But that should be taken with a grain of salt until the repack rules are rewritten, perhaps around the regionalized repack scheme cooked up by National Association of Broadcasters.

Is Facebook a proto-state?

[Commentary] As the debate about Facebook’s use of Safety Check in Paris, but not in Beirut, saturated social media this past weekend, one could not help but notice that in the past, this kind of service -- connecting victims of a terrorist attack with loved ones -- might have been administered by an element of the state, specifically by those working in public health or local government. Both the US State Department and authorities in Paris issued numbers for citizens to call for assistance. Paris actually had three: One that rang at the Paris Prefecture of Police, and two separate numbers for relatives of victims abroad and within France. But these hotlines did not come close to the speed and efficiency of Facebook’s Safety Check.

It wasn’t the first time that Facebook has assumed a kind of official authority. Earlier in 2015, the social network launched Amber Alerts, a collaboration with the National Center for Missing and Exploited Children to send targeted messages to the newsfeeds of users in areas where a child has gone missing. “Facebook … in essence in this situation, is the world’s largest neighborhood watch,” Emily Vacher, Facebook’s Security, Trust and Safety manager told ABC News. The use of Safety Check in Paris was only the latest example of Facebook’s ascendance, and a sign that, as the social network continues to take on new roles and responsibilities, it is becoming something of a sovereign state.

[Smitha Khorana is a Tow Center post-doctoral fellow at Columbia Journalism School]

File Says NSA Found Way to Replace E-mail Program

When the National Security Agency’s bulk collection of records about Americans’ e-mails came to light in 2013, the government conceded the program’s existence but said it had shut down the effort in December 2011 for “operational and resource reasons.” While that particular secret program stopped, newly disclosed documents show that the NSA had found a way to create a functional equivalent. The shift has permitted the agency to continue analyzing social links revealed by Americans’ e-mail patterns, but without collecting the data in bulk from American telecommunications companies -- and with less oversight by the Foreign Intelligence Surveillance Court.

The disclosure comes as a sister program that collects Americans’ phone records in bulk is set to end in Nov. Under a law enacted in June, known as the USA Freedom Act, the program will be replaced with a system in which the NSA can still gain access to the data to hunt for associates of terrorism suspects, but the bulk logs will stay in the hands of phone companies. The newly disclosed information about the e-mail records program is contained in a report by the NSA’s inspector general that was obtained through a lawsuit under the Freedom of Information Act. One passage lists four reasons that the NSA decided to end the e-mail program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that “other authorities can satisfy certain foreign intelligence requirements” that the bulk e-mail records program “had been designed to meet.” The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the NSA’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court. Because of the way the Internet operates, domestic data is often found on fiber optic cables abroad. The NSA had long barred analysts from using Americans’ data that had been swept up abroad, but in November 2010 it changed that rule, documents leaked by Edward J. Snowden have shown.

© 1994-2024 Benton Institute for Broadband & Society. All Rights Reserved.