Category Archives: Big Brother Surveillance Society

Law Enforcement Agencies All Over California Secretly Tracking Cell Phone Users

techdirt.com | Mar 14, 2014

by Tim Cushing

stingray-cell-phone-trackingMore documents have been uncovered (via FOI requests) that show local law enforcement agencies in California have been operating cell phone tower spoofers (stingray devices) in complete secrecy and wholly unregulated.

Sacramento News10 has obtained documents from agencies in San Jose, Oakland, Los Angeles, San Francisco, Sacramento and Alameda County — all of which point to stingray deployment. As has been the case in the past, the devices are acquired with DHS grants and put into use without oversight or guidelines to ensure privacy protections. The stingrays in use are mainly limited to collecting data, but as the ACLU points out, many manufacturers offer devices that also capture content.

California police using secret anti-terrorism, phone-tracking tech for ‘routine police work’

Police Use of “Stingray” Cell Phone Surveillance Technology Spark Privacy Concerns

‘StingRay’: Records Show Secret Cellphone Surveillance by Calif. Cops

The Latest Update in Technology: Sting Ray Cell Phone Surveillance Devices

When a Secretive Stingray Cell Phone Tracking “Warrant” Isn’t a Warrant

Some of these agencies have had these devices for several years now. Documents obtained from the Oakland Police Dept. show the agency has had stingrays in use since at least 2007, citing 21 “stingray arrests” during that year. This is hardly a surprising development as the city has been pushing for a total surveillance network for years now, something that (until very recently) seemed to be more slowed by contractor ineptitude than growing public outrage.

The device manufacturer’s (Harris) troubling non-disclosure agreement (which has been used to keep evidence of stingray usage out of court cases as well as has been deployed as an excuse for not securing warrants) rears its misshapen head again, mentioned both in one obtained document as well as by a spokesperson reached for comment. One document states:

“The Harris (REDACTED) equipment is proprietary and used for surveillance missions,” the agreement reads. “Its capabilities can only be discussed with sworn law enforcement officers, the military or federal government. This equipment’s capabilities are not for public knowledge and are protected under non-disclosure agreements as well as Title 18 USC 2512.”

The Sacramento County Sheriff’s Dept. had this to (not) say when asked about its stingray usage:

“While I am not familiar with what San Jose has said, my understanding is that the acquisition or use of this technology comes with a strict non-disclosure requirement,” said Undersheriff James Lewis in an emailed statement. “Therefore it would be inappropriate for us to comment about any agency that may be using the technology.”

Law enforcement agencies are conveniently choosing to believe a manufacturer’s non-disclosure agreement trumps public interest or even their own protection of citizens’ Fourth Amendment rights.

The devices aren’t cheap, either. Taxpayers are shelling out hundreds of thousands of dollars for these cell tower spoofers, and the agencies acquiring them are doing very little to ensure the money is spent wisely. ACLU’s examination of the documents shows that many of the agencies purchased devices without soliciting bids.

It’s hard to know whether San José or any of the other agencies that have purchased stingray devices are getting good value for their money because the contract was “sole source,” in other words, not put out to competitive bidding. The justification for skirting ordinary bidding processes is that Harris Corporation is the only manufacturer of this kind of device. (We are aware of other surveillance vendors that manufacture these devices, though a separate Freedom of Information Request we submitted to the Federal Communications Commission suggests that, as of June 2013, the only company to have obtained an equipment authorization from the FCC for this kind of device is Harris.)

With Harris effectively locking the market down, buyers are pretty much ensured prices far higher than the market would bear if opened to competition. (Not that I’m advocating for a robust surveillance device marketplace, but if you’re going to spend taxpayers’ money on products to spy on them, the least you can do is try to get the best value for their money…) Using federal grants also allows these departments to further avoid public scrutiny of the purchase and use by circumventing the normal acquisition process.

Beyond the obvious Fourth Amendment concerns looms the very real threat of mission creep. These agencies cite combating terrorism when applying for federal funds, but put the devices to use for ordinary law enforcement purposes. The documents cite stingray-related arrests, but since so little is known about the purchase, much less the deployment, there’s really no way to tell how much data and content totally unrelated to criminal investigations has been collected (and held) by these agencies.
‘StingRay’ facilities blanketing surveillance

Stingray: How Feds Track Your Cell

Advertisements

TSA behavior detection officers’ ability to detect bad actors little better than chance, GAO study says

tsasecurityjpg-cb813765badfd334
A federal study that looked at hundreds of studies on identifying signs of deception concluded that behavior detection officers like those employed at Cleveland Hopkins International Airport fare no better or only slightly better than anyone else in accurately picking up cues. (Lynn Ischay/The Plain Dealer)

Plain Dealer | Nov 23, 2013

By Alison Grant

CLEVELAND, Ohio — On the eve of the busiest travel days of the year, a new report says the ability of behavior detection officers at airports to accurately identify a passenger with malicious intent is no better or only slightly better than chance.

The Transportation Security Administration has spent $900 million since 2007 to train and deploy guards at security checkpoints to observe whether passengers exhibit signs of fear, stress and deception and may be a risk. It has 3,000 behavior detection officers at airports nationwide, including at Cleveland Hopkins International Airport.

But a new government analysis of findings from over 400 studies conducted over the past 60 years, and interviews with experts in the field, calls into question whether checkpoint officers can reliably spot dangerous passengers by discerning suspect behaviors and catching verbal cues.

TSA’s billion-dollar blunder

“The ability of humans to accurately identify deception based on behaviors is the same, roughly — essentially the same as chance — slightly greater than chance — 54 percent,” Stephen Lord, director of the Office of Homeland Security, said in testimony last Thursday   before a House subcommittee.

TSA Administrator John Pistole, in written testimony to the same committee, defended the use of behavior detection officers. He said looking for anomalous behavior is a common-sense approach used by law enforcement agencies worldwide.

Terrorists have used underwear, shoe and toner-cartridge bombs, and liquid explosives, Pistole said, but they all have in common the malicious intent of an actor.

“Since we cannot always predict the form evolving threats will take, (behavior detection officers) provide a crucial layer of security,” Pistole said.

In 2012 alone, the specially-trained officers made 2,116 referrals to law enforcement, resulting in 30 boarding denials, 79 investigations by law enforcement groups and 183 arrests, he said.

The manager in charge of TSA operations at Hopkins referred a call to the agency’s Washington headquarters. There, spokesman Ross Feinstein confirmed only that there were behavior detection officers at the Cleveland airport. For security reasons, TSA doesn’t release details such as how many officers it has stationed at security lanes.

“Behavior detection is vital to TSA’s layered approach to deter, detect and disrupt individuals who pose a threat to aviation,” Feinstein said.

Rob Kneen, president and CEO of the Traveline agency in Willoughby, said behavior detection officers are a valuable addition to measures such as TSA’s PreCheck program, which lets pre-approved travelers move more quickly through security.

“I look at it at the very minimum as a great supplemental support,” Kneen said.

Douglas Laird, president of Laird and Associates, an aviation security firm based in Nevada, said behavior detection has potential. Some people are very intuitive and can look at a crowd and pick out someone who poses a threat, said Laird,  a former Secret Service agent and chief of security for Northwest Airlines.

The problem with airport behavior detection officers, he said — inadequate training.

“To even have a hope of being successful, I think you’re looking at several hundreds of hours of training and lots of observation,” Laird said.

TSA said officers in the SPOT program (Screening of Passengers by Observation Technique) get four days of classroom instruction in behavior observation and analysis and 24 hours of on-the-job training in an airport environment. TSA has about 30 behavior detection instructors, each with significant experience and rigorous training, the agency said.

The author of a recent book on aviation security and profiling, Embry-Riddle Aeronautical University Professor Richard Bloom, agreed with the GAO conclusion that there is insufficient validated research to support behavior detection as TSA has implemented it.

 

Bloom likened the debate over behavior detection at airports to the controversy over  polygraph tests. A huge “meta-analysis” of numerous studies in the 1980s and a similar examination a decade ago cast doubt on the reliability of lie detector tests, he said.

“Yet they continue to be used, especially for security clearances,” Bloom said. “The real issue is, can you find verbal or nonverbal characteristics that are associated with a state of mind? The answer to that, at least at the moment, is no.”

In his book “Foundations of Psychological Profiling: Terrorism, Espionage and Deception,” published earlier this year, Bloom says that lacking hard proof that behavior detection works, it might help to think in terms of techniques used to interpret literature, poetry and philosophy.

“Maybe we can look at how we get meaning from other information,” Bloom said, “and putting that together can lead to conclusions about the intent of a person.”

Tennessee Highway Patrol uses big rigs to spy into cars and watch occupants

truck
It provides a better vantage point for officers. “You can actually look down in the vehicle and see what’s going on inside the vehicle,” said Lt. Don Boshears.

6 News | Nov 3, 2013

By HAYLEY HARMON

KNOXVILLE (WATE) – The Tennessee Highway Patrol is stepping up enforcement this week over the hot button issue of texting and driving.

Special patrols were out Tuesday in Knox County on the lookout for violators.

On day one of the two day sweep, they ticketed dozens of drivers.

6 News got to ride along with THP during the crackdown on what they call a deadly problem.

“People not looking, not paying attention to what they’re doing, not looking at the roadway,” said Sgt. Randall Martin with THP.

Troopers drove the front end of a tractor trailer Tuesday to scope out violators along I-40 in East Knox County.

“It’s marked up just like a highway patrol vehicle. It’s got lights. It’s got sirens,” said Martin.

Martin says drivers oftentimes don’t view it the same as they would a normal patrol car, so they’ll commit traffic violations right in front of it.

“They don’t really pay attention to the truck,” said Lt. Don Boshears of THP, who was driving the vehicle.

The tractor trailer enforcement has been used in other parts of the state, but this is the first time it’s being used in Knoxville.

It provides a better vantage point for officers.

“You can actually look down in the vehicle and see what’s going on inside the vehicle,” said Boshears.

When in a normal patrol car, it’s hard to be sure that someone is texting.

“You may think they’re texting, but if they’re holding it down low, you really can’t see it. But in this vehicle, obviously you can,” said Boshears.

During 6 News’ ride along with them, it took just a few minutes for them to ticket a number of texters.

“They’ll weave in the lane. They’re change their speed. They’ll speed up and then slow down,” said Boshears.

“Right there is one. White Toyota. He was driving with his left hand and had it in this hand and just had it right up here,” said Boshears, who radioed to other officers down the road in patrol cars to pull the driver over.

THP is using the program as a way to get drivers’ attention and get their eyes back on the road and off their phones.

“It puts awareness back where it belongs, and that’s on the road. Not on your cell phone,” said Martin. “If you’re not paying attention, you can’t see that vehicle changing lanes. You can’t see that vehicle pulling out in front of you. You can’t see traffic stopped in front of you so you have no time to react.”

The special enforcement continues through Wednesday, October 30 and will move around the county.

THP says the program has had a lot of success in other parts of the state, so they hope it cuts down on texting and driving in Knoxville as well.

NSA Prism program taps in to user data of Apple, Google and others

Prism

A slide depicting the top-secret PRISM program.

• Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook

• Companies deny any knowledge of program in operation since 2007

Guardian | Jun 6, 2013    

by Glenn Greenwald and Ewen MacAskill

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims “collection directly from the servers” of major US service providers.

Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.

In a statement, Google said: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a back door for the government to access private user data.”

Several senior tech executives insisted that they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a program. “If they are doing this, they are doing it without our knowledge,” one said.

An Apple spokesman said it had “never heard” of Prism.

The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.

Prism

The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

It also opens the possibility of communications made entirely within the US being collected without warrants.

Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.

The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.

Some of the world’s largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan “Your privacy is our priority” – was the first, with collection beginning in December 2007.

It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Collectively, the companies cover the vast majority of online email, search, video and communications networks.

Prism

 

The extent and nature of the data collected from each company varies.

Companies are legally obliged to comply with requests for users’ communications under US law, but the Prism program allows the intelligence services direct access to the companies’ servers. The NSA document notes the operations have “assistance of communications providers in the US”.

The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.

When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA’s inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers.

A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.

PRISM slide crop


The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.

The Prism program allows the NSA, the world’s largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.

With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a “home-field advantage” due to housing much of the internet’s architecture. But the presentation claimed “Fisa constraints restricted our home-field advantage” because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.

“Fisa was broken because it provided privacy protections to people who were not entitled to them,” the presentation claimed. “It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all.”

The new measures introduced in the FAA redefines “electronic surveillance” to exclude anyone “reasonably believed” to be outside the USA – a technical change which reduces the bar to initiating surveillance.

The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities’ requests.

In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.

The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming “access is 100% dependent on ISP provisioning”.

In the document, the NSA hails the Prism program as “one of the most valuable, unique and productive accesses for NSA”.

It boasts of what it calls “strong growth” in its use of the Prism program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was “exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype”. There was also a 131% increase in requests for Facebook data, and 63% for Google.

The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to “expand collection services from existing providers”.

The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.

Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.

“The problem is: we here in the Senate and the citizens we represent don’t know how well any of these safeguards actually work,” he said.

“The law doesn’t forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can’t say and average Americans can’t know.”

Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.

When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA’s inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers.

When the NSA reviews a communication it believes merits further investigation, it issues what it calls a “report”. According to the NSA, “over 2,000 Prism-based reports” are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.

In total, more than 77,000 intelligence reports have cited the PRISM program.

Jameel Jaffer, director of the ACLU’s Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.

“It’s shocking enough just that the NSA is asking companies to do this,” he said. “The NSA is part of the military. The military has been granted unprecedented access to civilian communications.

“This is unprecedented militarisation of domestic communications infrastructure. That’s profoundly troubling to anyone who is concerned about that separation.”

A senior administration official said in a statement: “The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.

“The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.

“This program was recently reauthorized by Congress after extensive hearings and debate.

“Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.

“The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target.”

PRISM scandal: tech giants flatly deny allowing NSA direct access to servers

Prism
Silicon Valley executives insist they did not know of secret PRISM program that grants access to emails and search history

guardian.co.uk | Jun 6, 2013

by Dominic Rushe and James Ball in New York

prism smallExecutives at several of the tech firms said they had never heard of PRISM until they were contacted by the Guardian

Two different versions of the PRISM scandal were emerging on Thursday with Silicon Valley executives denying all knowledge of the top secret program that gives the National Security Agency direct access to the internet giants’ servers.

The eavesdropping program is detailed in the form of PowerPoint slides in a leaked NSA document, seen and authenticated by the Guardian, which states that it is based on “legally-compelled collection” but operates with the “assistance of communications providers in the US.”

Each of the 41 slides in the document displays prominently the corporate logos of the tech companies claimed to be taking part in PRISM.

However, senior executives from the internet companies expressed surprise and shock and insisted that no direct access to servers had been offered to any government agency.

The top-secret NSA briefing presentation set out details of the PRISM program, which it said granted access to records such as emails, chat conversations, voice calls, documents and more. The presentation the listed dates when document collection began for each company, and said PRISM enabled “direct access from the servers of these US service providers: Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube, Apple“.

Senior officials with knowledge of the situation within the tech giants admitted to being confused by the NSA revelations, and said if such data collection was taking place, it was without companies’ knowledge.

An Apple spokesman said: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order,” he said.

Joe Sullivan, Facebook’s chief security officer, said it did not provide government organisation with direct access to Facebook servers. “When Facebook is asked for data or information about specific individuals, we carefully scrutinise any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

A Google spokesman also said it did not provide officials with access to its servers. “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘backdoor’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”

Microsoft said it only turned over data when served with a court order: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

A Yahoo spokesman said: “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.

Within the tech companies, and talking on off the record, executives said they had never even heard of PRISM until contacted by the Guardian. Executives said that they were regularly contacted by law officials and responded to all subpoenas but they denied ever having heard of a scheme like PRISM, an information programme internal the documents state has been running since 2007.

Executives said they were “confused” by the claims in the NSA document. “We operate under what we are required to do by law,” said one. “We receive requests for information all the time. Say about a potential terrorist threat or after the Boston bombing. But we have systems in place for that.” The executive claimed, as did others, that the most senior figures in their organisation had never heard of PRISM or any scheme like it.

The chief executive of transparency NGO Index on Censorship, Kirsty Hughes, remarked on Twitter that the contradiction seemed to leave two options: “Back door or front?” she posted.

NSA secretly collecting phone records, locations of millions of Verizon customers daily

nsa-tia
Under the terms of the order, the numbers of both parties on a call are handed over, as is location data and the time and duration of all calls.

NSA collecting phone records of millions of Verizon customers daily

Exclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama

Guardian | Jun 5, 2013

by Glenn Greenwald

Read the Verizon court order in full here
Obama administration justifies surveillance

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America’s largest telecoms providers, under a top secret court order issued in April.

The order, a copy of which has been obtained by the Guardian, requires Verizon on an “ongoing, daily basis” to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.

Related

NSA collection of Verizon phone records sparks angry reaction

Top-secret court order reveals NSA’s daily data collection on millions of Americans

NSA secretly vacuumed up Verizon phone records

Also Revealed by Verizon Leak: How the NSA and FBI Lie With Numbers

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government’s domestic spying powers.

Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama.

The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.

The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order.

The court order expressly bars Verizon from disclosing to the public either the existence of the FBI’s request for its customers’ records, or the court order itself.

“We decline comment,” said Ed McFadden, a Washington-based Verizon spokesman.

The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of “all call detail records or ‘telephony metadata’ created by Verizon for communications between the United States and abroad” or “wholly within the United States, including local telephone calls”.

The order directs Verizon to “continue production on an ongoing daily basis thereafter for the duration of this order”. It specifies that the records to be produced include “session identifying information”, such as “originating and terminating number”, the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and “comprehensive communication routing information”.

The information is classed as “metadata”, or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such “metadata” is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.

While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively.

It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders.

The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration’s surveillance activities.

For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on “secret legal interpretations” to claim surveillance powers so broad that the American public would be “stunned” to learn of the kind of domestic spying being conducted.

Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized.

Julian Sanchez, a surveillance expert with the Cato Institute, explained: “We’ve certainly seen the government increasingly strain the bounds of ‘relevance’ to collect large numbers of records at once — everyone at one or two degrees of separation from a target — but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion.” The April order requested by the FBI and NSA does precisely that.

The law on which the order explicitly relies is the so-called “business records” provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration’s extreme interpretation of the law to engage in excessive domestic surveillance.

In a letter to attorney general Eric Holder last year, they argued that “there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows.”

“We believe,” they wrote, “that most Americans would be stunned to learn the details of how these secret court opinions have interpreted” the “business records” provision of the Patriot Act.

Privacy advocates have long warned that allowing the government to collect and store unlimited “metadata” is a highly invasive form of surveillance of citizens’ communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication.

Such metadata is what the US government has long attempted to obtain in order to discover an individual’s network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.

The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, internet and email records. A furore erupted in 2006 when USA Today reported that the NSA had “been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth” and was “using the data to analyze calling patterns in an effort to detect terrorist activity.” Until now, there has been no indication that the Obama administration implemented a similar program.

These recent events reflect how profoundly the NSA’s mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency’s focus on domestic activities.

In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically.

At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: “The NSA’s capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter.”

Additional reporting by Ewen MacAskill and Spencer Ackerman

Why a drone can hover over your home, and you can’t stop it

800px-AR_Drones
Private drones. Source: Creative Commons

National Constitution Center | Mar 8, 2013

By Scott Bomboy

Lost in the controversy over the federal government’s use of military drones is an issue that hits home: commercial drones that can videotape you in your backyard.

Under limited circumstances, the FAA has approved the use, starting in 2015, of drones owned and operated by citizens. Some will be used for commercial purposes; others will used for recreational purposes.

The FAA Modernization and Reform Act of 2012 was approved by Congress and the president. It tasks the Federal Aviation Administration with setting policies for the commercial drone business by September 2015.

The act is mostly focused on air safety issues, but the implications of drones, with photo and infrared cameras, flying over personal air spaces is fraught with privacy issues.

Then there are the implications for commercial drones, news gathering and the First Amendment. Television stations spend millions of dollars on helicopters, which can show live video from a distance. Drones are the fraction of a helicopter’s cost, but they can’t fly as high as a helicopter under normal circumstances.

So what happens if a drone is hovering over your house as journalists gather news? Or what if it is drone owned by a police department? Or a news entertainment show like TMZ?

The Congressional Research Service prepared a detailed analysis of these conflicting issues in January 2013, and its conclusions were that until the civilian drones are tested and in service, the legal problems probably won’t be resolved.

“The legal issues discussed in this report will likely remain unresolved until the civilian use of drones becomes more widespread,” the Congressional Research Service said. “Once these regulations are tested and promulgated, the unique legal challenges that could arise based on the operational differences between drones and already ubiquitous fixed-wing aircraft and helicopters may come into sharper focus.”

In the end, the FAA will be the first government agency to set commercial drones use policies, under its powers to regulate national airspace. Congress will also get involved, at some point.

One immediate issue is the definition of a commercial drone, compared with a “model aircraft.” The operator of a commercial drone needs a special test certificate from the FAA to operate its flying vehicle. Larger models can’t fly near airports and over schools and churches.

Private, noncommercial drones are considered as recreational models.

The Congressional Research Service says smaller drones are exempt from FAA rules that apply to larger recreational drones.

“This prohibition [from FAA rules] applies if the model aircraft is less than 55 pounds, does not interfere with any manned aircraft, and is flown in accordance with a community-based set of safety guidelines,” says the report.

The novelty of commercial and recreation drones poses other legal issues. One Supreme Court case that set standards for ownership rights for the airspace over your house dates back in 1946.

In United States v. Causby, the Supreme Court dealt with a case where low-flying military planes flew over a chicken farm, causing chaos among the birds that resulted in damage to the property owner (i.e., lots of dead chickens).

Modern drones are silent (their noise won’t kill chickens), but they will most likely fly at lower altitudes, potentially putting them airspace that the courts may consider to be the controlled by the owner of the property below it.

Privacy concerns are even more problematic. As any journalist can tell you, the press has a right to photograph or videotape what can be seen from a public location, with some exceptions.

But what point in its flight is a drone above the airspace controlled by a homeowner? And can a drone operator use a thermal imaging camera to video record your house?

The Congressional Research Service rattles off other privacy scenarios: Can homeowners harm a drone if they deem it to be a trespassing threat? What about stalkers, Peeping Toms and wire tappers? Some drones can record sounds from 100 yards away from a source.

Part of the solution to these problems could come from Congress, which can pass laws to better define drone etiquette.

A lot depends on testing and recommendations that needs to come from the FAA in the next three years.

So far, the FAA is selecting six unmanned aircraft systems (UAS) test sites as mandated by Congress. The sites will function as test drone airports, with the purpose of figuring out how to safely manage flights.

But smaller, commercial drones are already being used for various purposes. A recent story from NBC News outlined how operators are widely using drones to capture video and images, by literally flying under the FAA’s radar.

One photographer interviewed by NBC said he has shot 60 hours of high-quality video using a 48-inch-sized drone, with no FAA issues.

Balancing the safety and privacy concerns over commercial and private drones is the useful news of drones for many purposes. They can help farmers manage their lands, realtors sell property, and they can be used to fight fires.

One estimate puts the global value of the commercial and private drone industry at $90 billion in the next 10 years, which will also create jobs.

The FAA also estimates that 10,000 commercial drones could be in use after September 2015, if the various problems are worked out with air traffic controls, licensing and logistics.

The legal matters could take much longer to resolve when it comes to privacy and other Constitutional issues. So you may need to encounter a drone flying over your backyard to claim damages and prove a legal point.