Link

How a Facial Recognition Mismatch Can Ruin Your Life

Via The Intercept:

“As an analytical scientist, whenever someone gives me absolute certainty, my red flag goes up,” said Jason Latham, who worked as a biochemist prior to becoming a forensic scientist and certified video examiner. “When I came from analytical sciences to forensic sciences, I was like some of these guys are not scientists. They are voodoo witchcraft.”

Forensic reports generally provide few details about the methods they use to arrive at points of similarity. But in Talley’s case, the FBI examiner’s report displayed a high degree of certainty. George Reis, a facial examiner who has testified more than 50 times for state, federal, and military courts throughout the country on forensic visual comparisons, pointed out that the report on Talley’s case was vague. “It is generally considered best practice to be specific in reports and to point out features of similarity, as well as differences, in any comparison illustration or chart,” Reis noted. “In the Talley case no such markings exist. The video frames that were used in the FBI illustration were of poor quality and limited value.”

Facial recognition: sorta fun if you’re using it for commercial stuff like tagging your friends, but really dangerous if its part of what is used to convict persons for crimes they’re alleged to have committed.

Quote

We have never had absolute privacy in this country. Cars, safe deposit boxes, our apartments, our houses, even the contents of our minds—any one of us, in appropriate circumstances, can be compelled to say what we saw. We have never lived with large swaths of our life off limits, where judicial authority is ineffective. That is something we need to talk about. I don’t think the FBI should tell people what to do. I don’t think tech companies should tell people what to do. The American people need to decide.

-James Comey, Director of the FBI

The problem is that Comey is simply wrong: the state has never held absolute power over citizens. The 5th Amendment in the United States guarantees a right to avoid testifying against oneself. Our devices are now so personalized with our communciations, thoughts, banking, business, and life that they are functionally a self-testamonial about our lives.

Moreover, even when some evidence is unavailable – be it because authorities don’t know to look for it, or cannot find it – that doesn’t immediately mean that a case is terminated. Instead, a range of powers as well as alternate charges can be brought to bear. And the price of a democracy is that, sometimes, authorities cannot bring charges against people they suspect but cannot prove may have broken the law. This restraint on state power is a core feature of liberal democratic governance and is a restraint that needs to be maintained so that we can all enjoy our freedoms.

Link

FBI watched as hacker dumped Bell Canada passwords online

FBI watched as hacker dumped Bell Canada passwords online:

When Bell Canada’s website was hacked last year — and the accounts and passwords of more than 12,000 Canadians posted online — the Federal Bureau of Investigation was not only watching, but letting the hackers stage the attack from what was secretly an FBI server.

Christopher Parsons, a postdoctoral fellow who studies state access to telecommunication data at the Citizen Lab at the Munk School of Global Affairs in Toronto, said it made “good tactical sense” that the FBI used confidential informants and an undercover server to build their case.

It was the fact they did nothing to stop the crime before it occurred that makes this case unusual, Parsons said.

“In this case it sounds like the FBI had that ability, had that option to prevent these things from happening, perhaps with a weaker case, but instead they opted to endanger innocents in order to build a stronger case,” said Parsons. “The problem there is there is no indication Bell had been notified. This wasn’t dummy data that was released — this was live, real customer data.”

 

Link

Secret Courts, Secret Evidence, and American Justice

Techdirt has recently covered a just shameful decision out of the US. The case involved an alleged domestic terror suspect who the FBI helped in every way to plan a bombing in Chicago. From the article:

Daoud’s lawyers made a much more thorough request for the evidence obtained via the FAA. As they note, there may be significant problems with the FISA information, including, but not limited to the FISA application for electronic surveillance may fail to establish probable cause that Dauoud was “an agent of a foreign power.” As they note, he was an American citizen and school student in suburban Chicago. They also suggest the FISA application may have contained material falsehoods or omissions and might violate the 4th Amendment. The surveillance also may have violated the FISA law. There are many other reasons they bring up as well.

The Justice Department (of course) argued that it shouldn’t have to hand over any of this info, in part because it’s classified and in part because they’re not going to use that evidence against Daoud.

Unfortunately, the court wasted little time in agreeing with the feds that they don’t need to turn over the evidence collected under FISA.

Just to be clear, this means that a secret court approved the secret surveillance of a domestically situated American citizen, and then refused to disclose the collected evidence. The American defendant, then, cannot know the totality of evidence that the state collected. This evidence might have played a key role in subsequent investigative efforts and, as a result, may have ‘poisoned’ the subsequent evidence.

Of course, we seemingly won’t ever know if such a poisoning theorem is true or not. All we’ll know is that American courts permit the state to engage in secret surveillance without disclosing what was collected to defence attorneys. And declare all subsequent proceedings as a ‘fair’ trial environment.

Link

FBI: Smart Meter Hacks Likely to Spread

Though a little over a year old, this post concerning the security of smartmeters is particularly valuable considering the rapid adoption of the technologies throughout Canada. Particularly pertinent:

Citing confidential sources, the FBI said it believes former employees of the meter manufacturer and employees of the utility were altering the meters in exchange for cash and training others to do so. “These individuals are charging $300 to $1,000 to reprogram residential meters, and about $3,000 to reprogram commercial meters,” the alert states.

The FBI believes that miscreants hacked into the smart meters using an optical converter device — such as an infrared light — connected to a laptop that allows the smart meter to communicate with the computer. After making that connection, the thieves changed the settings for recording power consumption using software that can be downloaded from the Internet.

“The optical converter used in this scheme can be obtained on the Internet for about $400,” the alert reads. “The optical port on each meter is intended to allow technicians to diagnose problems in the field. This method does not require removal, alteration, or disassembly of the meter, and leaves the meter physically intact.”

The bureau also said another method of attacking the meters involves placing a strong magnet on the devices, which causes it to stop measuring usage, while still providing electricity to the customer.

So, this suggests that insider threats and poor shielding enable significant fraud. Can’t say it’s surprising given how often these meters have been compromised when deployed in other jurisdictions.

Quote

The same vulnerabilities that enable crime in the first place also give law enforcement a way to wiretap — when they have a narrowly targeted warrant and can’t get what they’re after some other way. The very reasons why we have Patch Tuesday followed by Exploit Wednesday, why opening e-mail attachments feels like Russian roulette, and why anti-virus software and firewalls aren’t enough to keep us safe online provide the very backdoors the FBI wants.

* Matt Blaze and Susan Landau, “The FBI Needs Hackers, Not Backdoors
Link

FYI: Governments Spy On Citizens. A Lot.

You often hear that if you’ve nothing to hide then government surveillance isn’t really something you should fear. It’s only the bad people that are targeted! Well….sorta. It is the case that (sometimes) ‘bad people’ are targeted. It’s also (often) the case that the definition of ‘bad people’ extends to ‘individuals exercising basic rights and freedoms.’ This is the lesson that a woman in the US learned: the FBI had secretly generated a 436 page report about her on the grounds that she and friends were organizing a local protest.

What’s more significant is the rampant inaccuracies in the report. The woman herself notes that,

I am repeatedly identified as a member of a different, more mainstream liberal activist group which I was not only not a part of, but actually fought with on countless occasions. To somehow not know that I detested this group of people was a colossal failure of intelligence-gathering. Hopefully the FBI has not gotten any better at figuring out who is a part of what, and that this has worked to the detriment of their surveillance of other activists. I am also repeatedly identified as being a part of campaigns that I was never involved with, or didn’t even know about, including protests in other cities. Maybe the FBI assumes every protester-type attends all other activist meetings and protests, like we’re just one big faceless monolith. “Oh, hey, you’re into this topic? Well, then, you’re probably into this topic, right? You’re all pinkos to us.”

In taking a general survey of all area activists, the files keep trying to draw non-existant connections between the most mainstream groups/people and the most radical, as though one was a front for the other. There are a few flyers from local events that have nothing to do with our campaign, including one posted to advertise a lefty discussion group at the university library. The FBI mentions that activists may be planning “direct action” at their meetings, which the document’s author clarifies means “illegal acts.” “Direct action” was then, and I’d say now, a term used to talk about civil disobedience and intentional arrests. While such things are illegal actions, the tone and context in these FBI files makes it sound like protesters got together and planned how to fly airplanes into buildings or something.

You see, it isn’t just the government surveillance that is itself pernicious. It’s the inaccuracies, mistaken profilings, and generalized suspicion cast upon citizens that can cause significant harms. It is the potential for these profiles to be developed and then sit indefinitely in government databases, just waiting to be used against law abiding ‘good’ citizens, that should give all citizens pause before they grant authorities more expansive surveillance powers.