Tag: Police

Categories
Aside Quotations

2013.4.8

Although some of the core supporters of that group are prone to violence and criminal behaviour, Catt has never been convicted of criminal conduct in connections to the demonstrations he attended. Nonetheless, Catt’s personal information was held on the National Domestic Extremism Database that is maintained by the National Public Order Intelligence Unit. The information held on him included his name, age, description of his appearance and his history of attending political demonstrations. The police had retained a photograph of Mr Catt but it had been destroyed since it was deemed to be unnecessary. The information was accessible to members of the police who engage in investigations on “Smash EDO”.

In the ruling the Court of Appeal departs from earlier judgments by mentioning that the “reasonable expectation of privacy” is not the only factor to take into account in determining whether an individual’s Article 8 (1) right has been infringed. In surveying ECtHR case law, the Court noted that it is also important to check whether personal data has been subjected to systematic processing and if it is entered in a database. The rationale to include consideration of the latter two categories is that in this way authorities can recover information by reference to a particular person. Therefore, “the processing and retention of even publicly available information may involve an interference with the subject’s article 8 rights.” Since in the case of Catt, personal data was retained and ready to be processed, the Court found a violation of Article 8 (1) that requires justification.

Carolin Moeller, “Peaceful Protester’s personal data removed from extremism database

The removal of Mr. Catt’s data from these databases is a significant victory for him and all those involved in fighting for citizens’ rights. However, the case acts as a clear lens through which we can see how certain facets of the state are actively involved in pseudo-criminalizing dissent: you’re welcome to say or do anything, so long as you’re prepared to be placed under perpetual state suspicion.

Categories
Writing

The DEA, iMessage, and the Broader Significance

It’s been widely reported that the DEA San Jose office is unable to conduct surveillance of Apple iMessages. The note is revealing in its very phrasing; the author(s) state that:

While it is impossible to intercept iMessages between two Apple devices, iMessages between an Apple device and a non-Apple device are transmitted as Short Message Service (SMS) messages and can sometimes be intercepted, depending on where the intercept is placed. The outcome seems to be more successful if the intercept is placed on the non-Apple device. (emphasis added)

Note that despite the ‘encryption’ the agent(s) recognize that they can sometimes intercept messages. Importantly they are ‘more successful’ when the intercept is on the non-Apple device. Their phrasing suggests one of the following:

  1. Authorities are occasionally able to intercept messages between Apple devices; or
  2. Authorities are occasionally able to intercept messages that are inbound to an Apple device that are sent from a non-Apple device.

Either situation is interesting, insofar as the former raises questions of the efficacy of Apple’s encryption process and the latter questions about where a tap is placed pre-encryption in the Apple network.

More broadly, however, the challenge facing the DEA is one that is already encountered by investigators around the world. In fact, the DEA is in a pretty envious position: most of the major ‘messaging’ companies have some degree of corporate presence in the US and can thus be easily served with a wiretap order. Sure, a host of orders might need to be issued (one to Apple, one to Facebook, one to Google, etc etc) but this is a possible course of action.

Officers outside of the US that want similar access to messages that flow outside of SMS channels experience a different reality. They tend to need a MLAT or other cross-national warrant might be needed. Such warrants are incredibly time consuming and, as a result, resource intensive. These kinds of pressures are, in part, responsible for the uptick in discussions around state agents serving malware to mobile and fixed computing systems: it just isn’t practical to ‘wiretap’ many of these communications anymore, on the basis that the companies running the services are beyond the authorities’ jurisdictions.

So, while encryption is (fortunately) becoming more and more common, this isn’t necessarily the ‘solution’ to third-parties intercepting communications. Indeed, all it means is that attackers (in this case, the state) are targeting the far softer domains of the communications infrastructure: everything around the encryption layer itself.

Categories
Humour Links

Cat Found With Malware Strapped to Collar

No, really, no joke: a Japanese hacker is playing with the authorities. The latest gambit involved attaching an SD card with malware code to a cat’s collar. Authorities still have no clue who designed the software or who the individual(s) is/are.

Categories
Quotations

2013.1.17

The same vulnerabilities that enable crime in the first place also give law enforcement a way to wiretap — when they have a narrowly targeted warrant and can’t get what they’re after some other way. The very reasons why we have Patch Tuesday followed by Exploit Wednesday, why opening e-mail attachments feels like Russian roulette, and why anti-virus software and firewalls aren’t enough to keep us safe online provide the very backdoors the FBI wants.

Matt Blaze and Susan Landau, “The FBI Needs Hackers, Not Backdoors
Categories
Quotations

2013.1.12

I don’t believe the public would intend for the government to be rummaging through your cupboards while your wife is lying in the next room being prepared to be taken to her final resting place. That’s an extraordinary violation of privacy.

Andrew Fackrell, in Dennis Romboy’s “Police drug search intrudes on husband’s final moments with deceased wife
Categories
Quotations

2012.11.27

As Denham points out, though, the RCMP is not under her jurisdiction, so she can’t bring them into line. But the RCMP simply shouldn’t be running a surveillance system on people who haven’t broken any law, and they shouldn’t be able to take advantage of the federal-provincial jurisdictional split to do so either.

This means Canada’s Privacy Commissioner Jennifer Stoddart is going to have to school the Mounties on what privacy rights really mean, and why setting up a massive “just in case” database is not only a bad idea, it’s against the law.

Vincent Gogolek, “It Takes Two To Kill Illegal Police Licence Surveillance
Categories
Writing

Ubiquitous Police Surveillance and Guilt by Location

The Times Colonist has a particularly good opinion piece concerning authorities’ use of automatic license plate recognition. This technology was recently subject of an investigation in British Columbia, with the provincial information and privacy commissioner asserting that many of the current uses of the technology must stop. For more information, you can read the decision  (.pdf) or some press coverage about the decision.

When speaking about authorities’ interests in retaining locational information about people who aren’t immediately of interest to police, the author of the opinion piece writes:

And the concept [of collecting such information] goes against the golden thread that winds its way throughout our justice system – the presumption of innocence unless proven otherwise. A person shouldn’t become the focus of an investigation just because he or she happened to drive along a certain street at a certain time.

But a person who hasn’t done anything wrong shouldn’t worry, right? Ask that to people whose lives have been ruined when they have been investigated or charged for a crime and later exonerated. That stigma of being the target of a police investigation is not easily erased, even when a person is cleared of all wrongdoing.

This latter paragraph – that the stigma of a false investigation can significantly alter a person’s life possibilities for an extensive period of time – is often forgotten about or glossed over when reporting on new policing surveillance practices. In an era where information is in abundance, and the attention span to monitor stories and issues is at a premium, a false charge may be legally overturned without the population more generally ever correcting their false impressions. This can create a long-standing disadvantage for falsely accused person as they try to carry on with their lives.

Moreover, the very potential that information could be used against you turns the (popular) understanding of guilt on its head: instead of authorities clearly linking a person’s presence at a location with a crime, it becomes the responsibility of each individual to demonstrate the innocence of being in place X at time Y. Given that these license plate scanners can capture where people are, at any time of the day, there isn’t a necessary reason that a person will know why they were at X at Y. While such oversights ought to be understood as the reasonable failings of a reasonable human’s mind, the danger is that an inability to justify one’s presence at a particular place could be taken as an indication of potential guilt. As a result of such ‘suspicious’ behaviour an individual who was just driving at the ‘wrong place’ at the ‘wrong time’ could be subjected to more intrusive police surveillance, simply because a scanner identified a person at a particular place at a particular time.

Fortunately, the privacy commissioner has significantly come out against this ubiquitous form of surveillance. Her stance should limit these dystopian risks of license plate scanners in her jurisdiction. Now it’s up to the authorities to respect the decision and mediate how and why they use the technology.

Categories
Links Writing

Social Media Used to Target Advocate/Journalist

While it comes as no surprise that police monitored Facebook during last year’s Occupy protests, in the case of Occupy Miami an advocate/journalist was specifically targeted after his Facebook profile was subjected to police surveillance. An email produced in the court case revealed:

the police had been monitoring Miller’s Facebook page and had sent out a notice warning officers in charge of evicting the Occupy Miami protestors that Miller was planning to cover the process.

Significantly, the police tried to destroy evidence showing that they had unlawfully targeted the advocate, footage that (after having been forensically recovered) revealed that the charges laid against the advocate were blatantly false. That authorities conduct such surveillance – often without the targets of surveillance knowing that they have been targeted or, when targeted, why – matters for the general population because lawfully exercising one’s rights increasingly leads to citizens being punished for doing so. Moreover, when the surveillance is accompanied by deliberate attempts to undermine citizens’ capacities to respond to unlawful detentions and false charges, we have a very, very real problem that can affect any citizen.

We know from academic research conducted by scholars such as Jeffrey Monaghan and Kevin Walby that Canadian authorities use broad catch-all caricatures during major events to identify ‘problem populations.’ We also know that many of the suspects that are identified during such events are identically labeled regardless of actually belonging in the caricature population. The capacity to ‘effectively’ sort in a way resembling fact or reality is marginal at best. Consequently, we can’t just say that the case of Occupy surveillance is an ‘American thing’: Canadian authorities do the same thing to Canadian citizens of all ages, be they high school or university students, employed middle-aged citizens, or the elderly. These are surveillance and sorting processes that are widely adopted with relatively poor regulation or oversight. These processes speak to the significant expansion of what constitutes general policing as well as speaking to the state-born risks of citizens even in ‘safe’ countries using social media in an unreflective manner.

Categories
Writing

Skype Discloses Subscriber Info to Private Investigators

In a not-particularly-surprising move, Skype handed over a 16 year old’s subscriber information to a firm hired by Paypal. No warrant was required, as the information was provided to a private party, and that party subsequently gave it to police. In essence, a very large telecommunications service provider (TSP) made available personally identifiable information that, ultimately, led to an arrest without authorities having to convince a judge that they had legitimate grounds to get that information from the TSP.

At a talk I recently attended, a retired Assistant RCMP Commissioner emphasized time and time again that Canadians need to be more worried about corporations like Skype, Google, and Facebook than they do the federal or provincial governments. He correctly, I believe, spoke to the social harms that these companies can and do cause to individuals who both subscribe and do not subscribe to the companies’ service offerings.

Non-controversially, we know that many large companies can take actions that are harmful to individuals, as can states themselves. What is less recognized, however, is that there are more and more cases where private intermediaries are acting as one or two degrees of separation between public institutions and large private data stores. Such ‘intermediary protection’ often lets states access and use personal data that they otherwise cannot access without considerable difficulty. Worse, where authorities refuse to bring intermediary-provided data to court it can be challenging for accused persons to argue that an investigation was predicated on inappropriate access to their personal data. More time has to be spent considering the role of these data intermediaries and thinking through how to prevent the disclosure of personal data to state authorities in the absence of judicial oversight. Failure to tackle this problem will simply lead to more and more inappropriate access to corporate data by authorities, and critically to access without adequate or necessary judicial oversight.

Categories
Links

Police Look Up Woman’s License 425 Times

We should never forget that a large number of data/privacy breeches start from within a bureaucracy/organization. When an audit was performed on the drivers license database in Minnesota, auditors found that a staggering number of officers had ‘checked up’ on a woman’s profile. From the article on this:

The numbers were astounding: One hundred and four officers in 18 different agencies from around the state had accessed her driver’s license record 425 times in what could be one of the largest private data breaches by law enforcement in history.

The Department of Public Safety sent letters to all 18 agencies demanding an Internal Affairs investigation of the 104 officers. If the cops are found to be in violation of federal privacy law, they could be fired.

It isn’t enough to assume that the police are all knights in shining armour, incapable of doing wrong. No: they’re people, with all the expected foibles and failings. Give them information and powers and they will abuse them. The only questions are when and with what consequence.