Tag: Police

Categories
Links Writing

RCMP Found to Unlawfully Collect Publicly Available Information

The recent report from Office of the Privacy Commissioner of Canada, entitled “Investigation of the RCMP’s collection of open-source information under Project Wide Awake,” is an important read for those interested in the restrictions that apply to federal government agencies’ collection of this information.

The OPC found that the RCMP:

  • had sought to outsource its own legal accountabilities to a third-party vendor that aggregated information,
  • was unable to demonstrate that their vendor was lawfully collecting Canadian residents’ personal information,
  • operated in contravention to prior guarantees or agreements between the OPC and the RCMP,
  • was relying on a deficient privacy impact assessment, and
  • failed to adequately disclose to Canadian residents how information was being collected, with the effect of preventing them from understanding the activities that the RCMP was undertaking.

It is a breathtaking condemnation of the method by which the RCMP collected open source intelligence, and includes assertions that the agency is involved in activities that stand in contravention of PIPEDA and the Privacy Act, as well as its own internal processes and procedures. The findings in this investigation build from past investigations into how Clearview AI collected facial images to build biometric templates, guidance on publicly available information, and joint cross-national guidance concerning data scraping and the protection of privacy.

Categories
Links Writing

Generative AI Technologies and Emerging Wicked Policy Problems

While some emerging generative technologies may positively affect various domains (e.g., certain aspects of drug discovery and biological research, efficient translation between certain languages, speeding up certain administrative tasks, etc) they are, also, enabling new forms of harmful activities. Case in point, some individuals and groups are using generative technologies to generate child sexual abuse or exploitation materials:

Sexton says criminals are using older versions of AI models and fine-tuning them to create illegal material of children. This involves feeding a model existing abuse images or photos of people’s faces, allowing the AI to create images of specific individuals. “We’re seeing fine-tuned models which create new imagery of existing victims,” Sexton says. Perpetrators are “exchanging hundreds of new images of existing victims” and making requests about individuals, he says. Some threads on dark web forums share sets of faces of victims, the research says, and one thread was called: “Photo Resources for AI and Deepfaking Specific Girls.”

… realism also presents potential problems for investigators who spend hours trawling through abuse images to classify them and help identify victims. Analysts at the IWF, according to the organization’s new report, say the quality has improved quickly—although there are still some simple signs that images may not be real, such as extra fingers or incorrect lighting. “I am also concerned that future images may be of such good quality that we won’t even notice,” says one unnamed analyst quoted in the report.

The ability to produce generative child abuse content is becoming a wicked problem with few (if any) “good” solutions. It will be imperative for policy professionals to learn from past situations where technologies were found to sometimes facilitate child abuse related harms. In doing so, these professionals will need to draw lessons concerning what kinds of responses demonstrate necessity and proportionality with respect to the emergent harms of the day.

As just one example, we will have to carefully consider how generative AI-created child sexual abuse content is similar to, and distinctive from, past policy debates on the policing of online child sexual abuse content. Such care in developing policy responses will be needed to address these harms and to avoid undertaking performative actions that do little to address the underlying issues that drive this kind of behaviour.

Relatedly, we must also beware the promise that past (ineffective) solutions will somehow address the newest wicked problem. Novel solutions that are custom built to generative systems may be needed, and these solutions must simultaneously protect our privacy, Charter, and human rights while mitigating harms. Doing anything less will, at best, “merely” exchange one class of emergent harms for others.

Categories
Links Writing

Generalist Policing Models Remain Problematic

From the New York Time’s opinion section, this piece on“Why the F.B.I. Is so far behind on cybercrime?” reinforces the position that American law enforcement is stymied in investigating cybercrimes because:

…it lacks enough agents with advanced computer skills. It has not recruited as many of these people as it needs, and those it has hired often don’t stay long. Its deeply ingrained cultural standards, some dating to the bureau’s first director, J. Edgar Hoover, have prevented it from getting the right talent.

Emblematic of an organization stuck in the past is the F.B.I.’s longstanding expectation that agents should be able to do “any job, anywhere.” While other global law enforcement agencies have snatched up computer scientists, the F.B.I. tried to turn existing agents with no computer backgrounds into digital specialists, clinging to the “any job” mantra. It may be possible to turn an agent whose background is in accounting into a first-rate gang investigator, but it’s a lot harder to turn that same agent into a top-flight computer scientist.

The “any job” mantra also hinders recruitment. People who have spent years becoming computer experts may have little interest in pivoting to another assignment. Many may lack the aptitude for — or feel uneasy with — traditional law enforcement expectations, such as being in top physical fitness, handling a deadly force scenario or even interacting with the public.

This very same issue plagues the RCMP, which also has a generalist model that discourages or hinders specialization. While we do see better business practices in, say, France, with an increasing LEA capacity to pursue cybercrime, we’re not yet seeing North American federal governments overhaul their own policing services.1

Similarly, the FBI is suffering from an ‘arrest’ culture:

The F.B.I.’s emphasis on arrests, which are especially hard to come by in ransomware cases, similarly reflects its outdated approach to cybercrime. In the bureau, prestige often springs from being a successful trial agent, working on cases that result in indictments and convictions that make the news. But ransomware cases, by their nature, are long and complex, with a low likelihood of arrest. Even when suspects are identified, arresting them is nearly impossible if they’re located in countries that don’t have extradition agreements with the United States.

In the Canadian context, not only is pursuing to arrest a problem due to jurisdiction, the complexity of cases can mean an officer spends huge amounts of time on a computer, and not out in the field ‘doing the work’ of their colleagues who are not cyber-focused. This perception of just ‘playing games’ or ‘surfing social media’ can sometimes lead to challenges between cyber investigators and older-school leaders.2 And, making things even more challenging is that the resources to train to detect and pursue Child Sexual Abuse Material (CSAM) are relatively plentiful, whereas economic and non-CSAM investigations tend to be severely under resourced.

Though there is some hope coming for Canadian investigators, by way of CLOUD agreements between the Canadian and American governments, and the updates to the Cybercrime Convention, both will require updates to criminal law as well as potentially provincial privacy laws to empower LEAs with expanded powers. And, even with access to more American data that enables investigations this will not solve the arrest challenges when criminals are operating out of non-extradition countries.

It remains to be seen whether an expanded capacity to issue warrants to American providers will reduce some of the Canadian need for specialized training to investigate more rudimentary cyber-related crimes or if, instead, it will have a minimum effect overall.

  1. This is also generally true to provincial and municipal services as well. ↩︎
  2. Fortunately this is a less common issue, today, than a decade ago. ↩︎
Categories
Links Writing

Privacy and Contemporary Motor Vehicles

Writing for NBC News, Olivia Solon provides a useful overview of just how much data is collected by motor vehicles—using sensors embedded in the vehicles as well as collected by infotainment systems when linked with a smartphone—and how law enforcement agencies are using that information.

Law enforcement agencies have been focusing their investigative efforts on two main information sources: the telematics system — which is like the “black box” — and the infotainment system. The telematics system stores a vehicle’s turn-by-turn navigation, speed, acceleration and deceleration information, as well as more granular clues, such as when and where the lights were switched on, the doors were opened, seat belts were put on and airbags were deployed.

The infotainment system records recent destinations, call logs, contact lists, text messages, emails, pictures, videos, web histories, voice commands and social media feeds. It can also keep track of the phones that have been connected to the vehicle via USB cable or Bluetooth, as well as all the apps installed on the device.

Together, the data allows investigators to reconstruct a vehicle’s journey and paint a picture of driver and passenger behavior. In a criminal case, the sequence of doors opening and seat belts being inserted could help show that a suspect had an accomplice.

Of note, rental cars as well as second hand vehicles also retain all of this information and it can then be accessed by third-parties. It’s pretty easy to envision a situation where rental companies are obligated to assess retained data to determine if a certain class or classes of offences have been committed, and then overshare information collected by rental vehicles to avoid their own liability that could follow from failing to fully meet whatever obligations are placed upon them.

Of course, outright nefarious actors can also take advantage of the digital connectivity built into contemporary vehicles.

Just as the trove of data can be helpful for solving crimes, it can also be used to commit them, Amico said. He pointed to a case in Australia, where a man stalked his ex-girlfriend using an app that connected to her high-tech Land Rover and sent him live information about her movements. The app also allowed him to remotely start and stop her vehicle and open and close the windows.

As in so many different areas, connectivity is being included into vehicles without real or sufficient assessment of how to secure new technologies and defray harmful or undesirable secondary uses of data. Engineers rarely worry about these outcomes, corporate lawyers aren’t attentive to these classes of issues, and the security of contemporary vehicles is generally garbage. Combined, this means that government bodies are almost certainly going to expand the ranges of data they can access without having to first go through a public debate about the appropriateness of doing so or creation of specialized warrants that would limit data mining. Moreover, in countries with weak policing accountability structures, it will be impossible to even assess the regularity at which government officials obtain access to information from cars, how such data lets them overcome other issues they state they are encountering (e.g., encryption), or the utility of this data in investigating crimes and introducing it as evidence in court cases.

Categories
Links Writing

Safe Streets and Systemic Racism

Sabat Ismail, writing at Spacing Toronto, interrogates who safe streets are meant to be safe for. North American calls for adopting Nordic models of urban cityscapes are often focused on redesigning streets for cycling whilst ignoring that Nordic safety models are borne out of broader conceptions of social equity. Given the broader (white) recognition of the violent threat that police can represent to Black Canadians, cycling organizations which are principally advocating for safe streets must carefully think through how to make them safe, and appreciate why calls for greater law enforcement to protect non-automobile users may run counter to an equitable sense of safety. To this point, Ismail writes:

I recognize the ways that the safety of marginalized communities and particularly Black and Indigenous people is disregarded at every turn and that, in turn, we are often provided policing and enforcement as the only option to keep us safe. The options for “safety” presented provide a false choice – because we do not have the power to determine safety or to be imagined within its folds.

Redesigning streets without considering how the design of urban environments are rife with broader sets of values runs the very real risk of further systematizing racism while espousing values of freedom and equality. The values undergirding the concept of safe streets must be assessed by a diverse set of residents to understand what might equitably provide safety for all people; doing anything less will likely re-embed existing systems of power in urban design and law, to the ongoing detriment and harm of non-white inhabitants of North American cities.

Categories
Quotations

2019.2.19

The fact that it was [sic] responsibility not of the RCMP but of the employer, whether government department or private company, to actually remove a security risk from employment, that is, to exercise direct coercion, is precisely in line with the panoptic element. The RCMP merely watched, gathered information, and provided advice, silently and in the shadows. The effect was to induce political discipline through pervasive, diffuse fear of the consequences of risky ideas, friends, or associations. Totalitarian states enforced political discipline through cruder forms of police state coercion. In fighting the Nazi state, Canada was also groping towards a more effective, non-coercive, form of discipline. The RCMP provided to be able students of the new science of political surveillance.

Reg Whitaker et al, Secret Service: Political Policing in Canada from the Fenians to Fortress America
Categories
Aside Links

Supreme Court of Canada to Decide on Protection of Journalistic Material

From CBC News:

The materials at issue relate to three stories Makuch wrote in 2014 on a Calgary man, Farah Shirdon, 22, charged in absentia with various terrorism-related offences. The articles were largely based on conversations Makuch had with Shirdon, who was said to be in Iraq, via the online instant messaging app Kik Messenger.

With court permission, RCMP sought access to Makuch’s screen captures and logs of those chats. Makuch refused to hand them over.

RCMP and the Crown argued successfully at two levels of court that access to the chat logs were essential to the ongoing investigation into Shirdon, who may or may not be dead. They maintained that journalists have no special rights to withhold crucial information.

Backed by alarmed media and free-expression groups, Makuch and Vice Media argued unsuccessfully that the RCMP demand would put a damper on the willingness of sources to speak to journalists.

The conflicting views will now be tested before the Supreme Court.

This case matters for numerous reasons.

First, there has been a real drying up of certain sources, which has prevented journalists in Canada from bringing material to public light. Such material doesn’t just pertain to terrorism and foreign combatants but, also, white collar crime, political scandals, cybercrime issues, and more. The Canadian public is being badly served by the Crown’s continued pursuit of this case.

Second, this case threatens to further diminish relations between the state and non-state actors who may, as a result, be (further) biased against state authorities. It’s important to be critical of the government and especially aspects of the government which can dramatically reshape citizens’ life opportunities. But should the press gallery adopt an unwarranted and more critical and combative tone towards the government there could be a deleterious impact on the trust Canadians have in their government . By extension, this could lead to a further decline in the willingness to see the government as something that tries to represent the citizenry writ large. That kind of democratic malaise is dangerous to ongoing governance and a threat to the legitimization of all kinds of state activities.

Categories
Aside Links

Twenty-four pedestrians were hit on Toronto’s roads on Tuesday — including an 87-year-old who died

“Do we recognize that weather plays a part in it? Yes, that’s a contributing factor. But what do you do when you can’t see where you’re going? You slow down, you look around. Unfortunately, drivers, let’s be quite frank, are somewhat lazy. They don’t adjust for the driving conditions they face. They’re still trying to push the envelope.”

It’s always a bit shocking to have the Toronto police holding drivers to account for, you know, killing people with their vehicles. It’s a nice change from just blaming pedestrians.

But, at the same time, I don’t think that drivers being “somewhat lazy” is a legitimate comment when talking about people being killed. People get lazy and don’t wash the dishes. Or don’t take the dog out. When they get lazy and kill someone we tend to use another word when we’re not referring to drivers killing pedestrians.

That word? Manslaughter.

Categories
Links Quotations

Police surveillance scandal: Quebec tightens rules for monitoring journalists

From the Montreal Gazette:

Mark Bantey, a specialist in media law (who is also the Montreal Gazette’s lawyer), said he was stunned by the scope of the warrant involved in the Lagacé case. He said it seems the police were more worried about who was leaking information to the press than the actual crime.

“It sure looks like they (the police) have gone overboard because they’re not out there investigating a crime, but trying to determine who in the police department is leaking information to the press. You can’t use search warrants to get that sort of information,” Bantey said in an interview Tuesday. “There’s an obligation to exhaust all other possible sources of information before targeting the media.”

As for Couillard’s new directive about obtaining search warrants, he called it a first step that was unlikely to bring an immediate change to police practices. A better solution might be to adopt new legislation — a shield law — that protects media sources, he said.

Legislation to protect journalists from police surveillance is a good idea…until you ask a question of ‘who constitutes a journalist’?

Categories
Links

NYPD can’t count cash they’ve seized because it would crash computers

From Ars Technica:

The New York City Police Department takes in millions of dollars in cash each year as evidence, often keeping the money through a procedure called civil forfeiture. But as New York City lawmakers pressed for greater transparency into how much was being seized and from whom, a department official claimed providing that information would be nearly impossible—because querying the 4-year old computer system that tracks evidence and property for the data would “lead to system crashes.”

Even with the system, however, the NYPD’s Assistant Deputy Commissioner Robert Messner told the New York City Council’s Public Safety Committee that the department had no idea how much money it took in as evidence, nor did it have a way of reporting how much was seized through civil forfeiture proceedings—where property and money is taken from people suspected of involvement in a crime through a civil filing, and the individuals whom it is seized from are put in the position of proving that the property was not involved in the crime of which they were accused.

So NYPD has spend millions on an expensive database that prevents them from conducting accountability queries on seized evidence? That’s an interesting design choice.