Friday, September 18, 2015

This Graphic Explains 20 Cognitive Biases That Affect Your Decision-Making

Handy...

http://lifehacker.com/this-graphic-explains-20-cognitive-biases-that-affect-y-1730901381?utm_content=bufferfe0f4&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer


From My iPhone

The Zettabyte Era—Trends and Analysis - Cisco

The Zettabyte Era—Trends and Analysis - Cisco: Connected healthcare, with applications such as health monitors, medicine dispensers, first-responder connectivity, and telemedicine, will be the fastest growing industry segment, at 49 percent CAGR. Connected car applications will have the second fastest growth, at 37 percent CAGR. Chips for pets and livestock, digital health monitors, and numerous other next-generation M2M services are promoting this growth.

Thursday, September 17, 2015

FBI investigating nationwide school-threat ‘game’ - Local News - The Daily Astorian

Sad...

http://www.dailyastorian.com/Local_News/20150917/fbi-investigating-nationwide-school-threat-game


From My iPhone

Fwd: How Much Cyber Security Risk Does Your Company Face?



From: "Dark Reading" <DarkReading@techwebonlineevents.com>
Date: September 17, 2015 at 09:04:09 PDT
To: scobb@scobb.net
Subject: How Much Cyber Security Risk Does Your Company Face?
Reply-To: "Dark Reading" <CSR4_OnlineEvents@techweb.com>

InformationWeek

InformationWeek

Measuring Cyber Risk Through Security Data Analysis


Register Now

Date: Tuesday, September 29, 2015
Time:
12:00 PM ET/ 9:00 AM PT

Duration: 60 min

No matter what the industry, most CEOs have the same question about cyber security: How safe is our data? Yet measuring IT security risk remains a difficult and elusive task, because there are so many technologies and variables involved.

In this unique webcast, editors at Dark Reading will join top IT security experts to discuss ways that your organization can mine and harvest security data to provide a clearer picture on the cyber risk faced by your organization. You'll get insight on ways that you can correlate and integrate a variety of information about your current threat environment, and how you can martial that internal data to create reports that measure your organization's current cyber risk. You'll also get tips on how you can use existing data to report on your enterprise's current security posture, and offer forecasts on future risk.

Register Today

Webinar Sponsored by:


Speakers:

Speaker
Tim Wilson
Editor in Chief
Dark Reading

Speaker
John Pironti
President
IP Architects, LLC

 
 

System Requirements and Technical Support


You are subscribed as scobb@scobb.net

TO UNSUBSCRIBE:

You are receiving this email because you provided UBM Tech with your email address.
To opt-out of any future Webcasts offer from Dark Reading please click here.

PRIVACY NOTICE
UBM Tech takes your privacy seriously.
To learn more, please read our
Privacy Policy

FOR FURTHER COMMUNICATION, PLEASE CONTACT:
Customer Service
UBM Tech
2 Penn Plaza, 15th Floor
New York, NY 10121

 


Hacking: Internet Lines Cut in California

Backhoe attack now on...

http://www.breitbart.com/national-security/2015/09/16/hacking-internet-lines-cut-california/


From My iPhone

Wife of pastor who committed suicide after Ashley Madison: Don't walk alone

A local pastor recently committed suicide after hackers revealed that he was a customer of the infidelity web site Ashley Madison.

http://www.wwltv.com/story/news/2015/09/11/wife-pastor-who-committed-suicide-after-ashley-madison-dont-walk-alone/72095154/


From My iPhone

Wednesday, September 16, 2015

It’s criminal | Consumer Information

It’s criminal | Consumer Information: The Department of Justice (DOJ) recently announced the extradition of six Nigerian nationals from South Africa to Mississippi to face a nine-count federal indictment for various Internet frauds.

Hacking Team's $175,000 Apple Store And Google Play Surveillance Apps Flirt With Illegality - Forbes

Hacking Team's $175,000 Apple Store And Google Play Surveillance Apps Flirt With Illegality - Forbes: Anyone browsing Apple AAPL 0.06%’s App Store or Google GOOGL 0.07% Play should be careful about what they download. It might just be sophisticated, stealthy malware written by coders at “notorious” Italian surveillance company Hacking Team TISI % that works with the likes of the FBI, the Drug Enforcement Agency and umpteen other global government agencies, some of which have questionable records on human rights.

Hacking Team built drone-based Wi-Fi hacking hardware | Ars Technica

Hacking Team built drone-based Wi-Fi hacking hardware | Ars Technica: This piece of hardware was designed to insert malicious code into Wi-Fi network communications, potentially acting as a malicious access point to launch exploits or man-in-the-middle attacks.

One huge mistake people make when renting cars

One huge mistake people make when renting cars: When you connect your gadget to a car with Bluetooth, the car stores your phone number to make it easier to connect later. It also stores your call logs, including any contacts you dialed. Just one problem: All that information is saved inside the system and just sitting around for the next renter to find.

The personal value of IoT is all about connections

The personal value of IoT is all about connections: "“The value of the network is directly related to the number of connected devices”"



'via Blog this'

Cyberspies Impersonate Security Researcher

Cyberspies Impersonate Security Researcher: "A cyber espionage group likely out of Iran turned the tables on a security researcher who may have gotten a little too close to its operation: the attackers posed as the researcher in a spear-phishing email."



'via Blog this'

Russian hacker admits role in massive data breach scheme | TheHill

Nice!

http://thehill.com/policy/cybersecurity/253737-russian-hacker-admits-role-in-massive-data-breach-scheme


From My iPhone

Saturday, September 12, 2015

Zero days - security leaks for sale (VPRO Backlight) - YouTube

Zero days - security leaks for sale (VPRO Backlight) - YouTube: "sell security leaks to the highest bidder."



'via Blog this'

The top mistakes banks make defending against hackers | ITProPortal.com

The top mistakes banks make defending against hackers | ITProPortal.com: "Many financial institutions fail to perform comprehensive risk analysis and assessment, exposing their companies and clients to enormous risk. For example, many banks tend to underestimate or even ignore the security of their websites, focusing instead on “more sensitive” web applications such as e-banking. "



'via Blog this'

Saturday, September 5, 2015

Papers, Please!

http://papersplease.org/wp/

nt to expunge the government's travel metadata surveillance archives and end the government's pre-crime profiling and permission-based controls on who it "allows" to travel by common carrier or public right-of-way.

Posted in Freedom To TravelSurveillance State | 1 Comment »

Expert critique of European travel surveillance and profiling plans

July 6th, 2015

Independent legal experts commissioned by the Council of Europe (COE) to assess proposals for surveillance and profiling of air travellers throughout the European Union have returned a detailed and perceptive critique of the proposed EU directive on government access to, and use of, Passenger Name Record (PNR) data from airline reservations.

Before the revelations by Edward Snowden and other whistleblowers about dragnet surveillance of telephone and Internet communications, few people appreciated the nature of the threat to freedom posed bygovernment acquisition and use of PNR data for dragnet travel surveillance.

The expert report to the Council of Europe marks a breakthrough in the "post-Snowden" understanding of the nature and significance of government demands for PNR data. The report reframes the PNR debate from being an issue of privacy and data protection to being part of a larger debate about suspicionless surveillance and pre-crime profiling. The report also focuses the attention of European citizens, travellers, and policy-makers on the decisions made (in whole or in part) on the basis of PNR data: decisions to subject travellers to search, interrogation, or the total denial of transportation ("no-fly" orders).

The report specifically cites the Kafkaesque case of Dr. Rahinah Ibrahim as an example of the way that decisions made on such a basis tend to evade judicial review or effective redress.

The PNR directive under consideration by the European Union would require each EU member to establish a Passenger Analysis Unit (PAU), if it doesn't already have one. These PAUs would function as new national surveillance and pre-crime policing agencies. Each PAU would be required to obtain PNR data for all air travellers on flights subject to its jurisdiction, "analyze" this data (i.e. carry out algorithmic pre-crimeprofiling of air travellers using PNR data as one of its inputs) and share the raw PNR data with its counterparts throughout the EU.

The United Kingdom already has such a Passenger Analysis Unit. It's not clear which, if any, other EU members already have such units, although staff of the US Department of Homeland Security, based in Germany and elsewhere in Europe, already perform similar functionsas "advisors" making "recommendations" to their European counterparts regarding the treatment of European travellers, based on US profiling of PNRs and other travel history and surveillance data.

The COE expert report on Passenger Name Records, Data Mining & Data Protection was commissioned by the COE Directorate General Human Rights and Rule of Law, and prepared by Douwe Korff(Emeritus Professor of International Law at London Metropolitan University, Associate at the Oxford Martin School of the University of Oxford, and currently Visiting Fellow at Yale University in the USA) and Marie Georges (independent expert formerly on the staff of the French national data protection authority, CNIL). The report was presented and discussed at a meeting last week of the "Consultative Committee of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (T-PD)".

According to the introduction to the report:

Much has been said and written about Passenger Name Records (PNR) in the last decade and a half. When we were asked to write a short report for the Consultative Committee about PNR, "in the wider contexts", we therefore thought we could confine ourselves to a relatively straightforward overview of the literature and arguments.

However, the task turned out to be more complex than anticipated. In particular, the context has changed as a result of the Snowden revelations. Much of what was said and written about PNR before his exposés had looked at the issues narrowly, as only related to the "identification" of "known or [clearly 'identified'] suspected terrorists" (and perhaps other major international criminals). However, the most recent details of what US and European authorities are doing, or plan to do, with PNR data show that they are part of the global surveillance operations we now know about.

More specifically, it became clear to us that there is a (partly deliberate?) semantic confusion about this "identification"; that the whole surveillance schemes are not only to do with finding previously-identified individuals, but also (and perhaps even mainly) with "mining" the vast amounts of disparate data to create "profiles" that are used to single out from the vast data stores people "identified" as statistically more likely to be (or even to become?) a terrorist (or other serious criminal), or to be "involved" in some way in terrorism or major crime. That is a different kind of "identification" from the previous one, as we discuss in this report.

We show this relatively recent (although predicted) development with reference to the most recent developments in the USA, which we believe provide the model for what is being planned (or perhaps already begun to be implemented) also in Europe. In the USA, PNR data are now expressly permitted to be added to and combined with other data, to create the kinds of profiles just mentioned — and our analysis of Article 4 of the proposed EU PNR Directive shows that, on a close reading, exactly the same will be allowed in the EU if the proposal is adopted….

Yet it is obvious (indeed, even from the information about PNR use that we describe) that these are used not only to "identify" known terrorists or people identified as suspects in the traditional sense, but that these data mountains are also being "mined" to label people as "suspected terrorist" on the basis of profiles and algorithms. We believe that that in fact is the more insidious aspect of the operations.


The report develops these key points about government access to and use of PNR data as a suspicionless dragnet surveillance system and as part of predictive pre-crime policing (outside of normal mechanisms for penal sanctions or for review and redress for police action) in detail.

In addition, the report endorses and highlights the point we have been making for many years that because most PNR data for flights worldwide is hosted by, and communicated through, reservation databases accessible from the USA and worldwide without purpose or geographic access limitations or access logs, the USA and other governments can already obtain and use this data, entirely bypassing putative controls on access to PNRs directly from airlines.

The report specifically directs the attention of European officials totestimony by Edward Hasbrouck of the Identity Project at a European Parliament hearing in 2010 (hearing agenda and witness listslides,video):

"Europe" must also examine the highly credible claims by Edward Hasbrouck … that the USA has been systematically violating previous agreements, and is still systematically by-passing European data protection law, by accessing the CRSsused in global airline reservation systems hosted in the USA to obtain full PNR data on most flights, including most European flights (including even entirely intra-European ones), outside of any international agreements….

[W]e believe that the supposed safeguards against such further — dangerous — uses of the data are weak and effectively meaningless, both in their own terms and because, as Edward Hasbrouck has shown, the USA can in any case obtain access to essentially all (full) PNRs, through the Computerized Reservation Systems used by all the main airlines, as described next.


Read the rest of this entry »

Posted in Freedom To TravelSurveillance State | No Comments

Supreme Court finds L.A. hotel guest surveillance law unconstitutional

June 23rd, 2015

The Supreme Court has found unconstitutional on its face a Los Angeles ordinance requiring operators of hotels and motels to demand specified personal information from and about each guest and their behavior (date and time of arrival and departure, license plate number of the vehicle in which they arrived, etc.), log this travel metadata, and make this log ("guest register") available for warrantless, suspicionless inspection by police at any time, under penalty of immediate arrest and imprisonment of the hotelier, without possibility of judicial review before complying with a demand for inspection.

The Supreme Court rejected the contention that hotels are so instrinsically dangerous as to justify their treatment as a "closely regulated industry" subject to inspection (i.e. search) without probable cause: "[N]othing inherent in the operation of hotels poses a clear and significant risk to the public welfare."  By implication, this is a significant rebuff to post-9/11 (and pre-9/11) arguments that travel or travelers are per se suspicious, and to claims that there is or should be some sort of travel (or travel industry) exception to the Fourth Amendment.

And lest anyone be tempted to say that travel services providers with legally-imposed duties to accommodate the public are somehow different when it comes to the applicability of the Fourth Amendment, the Supreme Court also found that, "laws obligating inns to provide suitable lodging to all paying guests are not the same as laws subjecting inns to warrantless searches."  The same logic, of course, would appear to apply to common carriers, who are obligated by law to provide transportation to all paying passengers.

The ruling by the Supreme Court in Los Angeles v. Patel upholds an en banc decision last year by the 9th Circuit Court of Appeals in a lawsuit first brought seven years ago by hotel owners Naranjibhai Patel and Ramilaben Patel and by the Los Angeles Lodging Association, an association of Indian-American proprietors of the sort of budget hotels that might, if allowed to do so by the government, provide accommodations of last resort to people without government-issued ID credentials who would otherwise have to sleep on the streets or under bridges.

We again commend Messrs. Patel and the LA Lodging Association for doing the right thing and standing up for their customers, even as small business owners highly vulnerable to police harassment and retaliation for questioning authority.

The Supreme Court ruling addresses only the rights of hotel owners, not those of hotel guests, and does noting in itself to establish a right to obtain lodging without having or showing government-issued permission papers. Nor does it address the requirement for hotels to monitor and log their guests' identities and activities — only the requirement to make those logs available to the government without any possibility of prior judicial review of government demands for access.

As others have noted, and as we discussed in relation to the 9th Circuit's decision and the Supreme Court's decision to review it, much of the logic of this decision is equally applicable to other dragnet travel surveillance schemes involving compelled compilation, retention, and government access to travel metadata held by third parties (in this case, hotels) rather than by travelers themselves.

But as we have also noted before, this remains the only case we are aware of in which any of those travel companies — not just hotels but also airlines and other types of travel companies– have gone to court to challenge government demands for information about their customers.

Especially in light of this decision by the Supreme Court, it should be apparent that there's an Achilles heel for the government to the "third-party" doctrine that individuals have no standing to challenge government demands for information  provided to and held by third parties, because that information is owned by those third parties and not by the individuals to whom it pertains:  As this case makes clear, those third parties — not just hotels but also airlines and others — do have standing to challenge these demands, and have a good chance of success if they persevere.

The shame is on larger travel companies with deeper pockets for going along with government surveillance of their customers and guests without question, and leaving it to highly vulnerable small businesses with fewer resources to challenge this dragnet travel surveillance scheme.

In the wake of the Supreme Court's decision in L.A. vs. Patel, there's more reason than ever for travelers to demand that all travel companies make public, contractually binding commitments, in their tariffs or terms of service, not to disclose information about their customers to the government without challenging those demands and without seeking to notify their customers of those demands.

Posted in Freedom To TravelPapers, PleaseSurveillance State | 1 Comment »

Will the REAL-ID Act deny you access to Federal facilities?

June 22nd, 2015

As we've noted in our previous commentaries on the REAL-ACT in this blog and in our recent presentation at the Cato Institute, there are two components to the threats against individual residents of "noncompliant" states (and territories and the District of Columbia) that are being used by the DHS to try to induce reluctant state governments to incorporate their state drivers license and ID databases to the distributed national REAL-ID database by connecting them to the contractor-operated REAL-ID hub:

Threatened denial of common carrier airline transportation to individuals who present drivers licenses or other ID credentials issued by noncompliant states; andThreatened denial of access to (certain) Federal facilities to these individuals.

The first of these threats appears to be hollow. The TSA has consistently argued, when demands for ID from air travelers have been challenged in court, that no ID credentials at all are required to fly.

The TSA claims the right to subject any traveler to more intrusive search and interrogation, without probable cause, and may use this arbitrary power against residents of states that don't comply with the REAL-ID Act. But the TSA appears to realize that it has no legal authority for outright denial of air travel to people who don't have, or decline to carry or show to the TSA or its contractors, government-issued ID credentials, REAL-ID Act compliant or not.

With respect to its threat to deny access to Federal facilities, the DHS (in its usual fashion of rulemaking by press release) has posted an announcement on its website that this will be implemented in phases determined by the "Federal Security Level" (FSL) assigned to individual facilities.

But what are the facilities, if any, to which these levels have been assigned, and to which individuals with ID from noncompliant states will therefore be denied access? We've filed a series of Freedom of Information Act requests to find out.

The responses to our FOIA requests suggest that this prong of the REAL-ID Act enforcement cattle prod is, to mix metaphors, a paper tiger. We've been unable to find any Federal facility to which such an FSL has actually been assigned.

Read the rest of this entry »

Posted in Papers, PleaseREAL IDSecret Law | No Comments

More on Amtrak passenger data requirements

June 21st, 2015

Amtrak has released a third batch of records (1st interim response,2nd interim response) in response to our Freedom of Information Act (FOIA) request for information about Amtrak's collection and "sharing" with the US and Canadian governments of information about Amtrak travelers on international routes between the US and Canada:

Amtrak-FOIA-29OCT2014-signed.pdf (note that this file is actually in .doc format, and is not a copy of our request, as the filename might imply, but a collection of responsive records)date of birthAM.docFunction summary.docIDPFOIARequest.pdf (another collection of responsive records, beginning with a list of all of Amtrak's cross-border routes including both trains and Amtrak feeder buses)Regression User testing 9222305 (4).docTheIdentityProject_InterimResponse3.pdf (cover letter from Amtrak's FOIA office accompanying the interim response)wspBORDER.doc

The files with ".doc" filenames all appear to be from Amtrak's IT department, and relate to the implementation by Amtrak of requirements for inclusion of passenger ID data desired by the US government in each Amtrak reservation for travel across the US-Canada border. As we have noted previously, this "requirement" was imposed internally and "voluntarily" by Amtrak, and was not a requirement of any law, regulation, or order from any other US or Canadian government agency.  It remains unclear from the records released to date whether anyone in Amtrak's IT department was aware that this was solely an Amtrak requirement and not an externally imposed obligation.

According to these records, Amtrak began requiring a date of birth in the reservation, before a ticket could be issued, for each passenger on any international route, including infant passengers, beginning in November or December of 2000. (There are some inconsistencies in the dates in different records.)  Beginning in July or August 2005, Amtrak began also requiring a nationality and passport or other ID number in each such reservation, as part of Amtrak's "voluntary" participation in the DHS "Advanced Passenger Information System" (APIS) also used by airlines.

These records include the formats used by Amtrak sales agents working directly in Amtrak's own "ARROW" reservation system, as well as the formats used by travel agents making Amtrak reservations through each of the four major CRSs/GDSs: Amadeus, Galileo, Sabre, and Worldspan.  Amtrak's software testing staff noted the complexity of these formats (which is indicative of how burdensome they are for the travel agents who have to learn and use them) and the likelihood of errors by travel agents. The Amtrak records include information provided to travel agents and travelers, describing these "requirements" but giving no clue that these requirements were voluntarily self-imposed by Amtrak itself.

The files linked above are posted here exactly as we received them by email from Amtrak's FOIA office. The filenames are not indicative of the actual file contents, and some of the filename extensions don't correspond to the file formats. One of the ".pdf" files, for example, is actually in MS-Word ".doc" format (also readable in Libre Office among other programs) rather than in PDF format.

We requested that all records found in digital form be released as bitwise copies of the files as found in Amtrak's filesystems, but some of the files we received appear to be derivative, modified versions of copies of the original files, in some cases in completely different formats.

Most of the the records responsive to our request that we believe are likely to exist have not yet been released. Amtrak is continuing to process our request, and we expect further responses.

Posted in Papers, Please | No Comments

US again takes people off "no-fly" list to try to evade judicial review

June 16th, 2015

Four days before a Federal judge was scheduled to hear arguments in a lawsuit brought by four Muslim US citizens who were placed on the US government's "no-fly" list to try to pressure them into becoming informants for the FBI, the government has notified the plaintiffs in the case that all of them have been removed from the no-fly list.

The plaintiffs in Tanvir v. Lynch are continuing to press their claims, as are other US citizens challenging their placement on the no-fly list in retaliation for declining to inform on their friends, families, communities, and fellow worshippers.  But we expect that, as has been its pattern, the government defendants will now try to get the case dismissed as "moot".

So far as we know, every other instance in which the US government has told anyone whether or not they are or were on the no-fly list, or that they have been removed from that list, has come after the victims of these no-fly orders have challenged them in Federal court.

Either (1) the government never had any reason to think any of these people posed a threat to aviation, but never bothered to assess the basis, if any, for belief that they posed such a threat until faced with the imminent need to defend their blacklisting to a Federal judge. Or (2) the government genuinely (although mistakenly and without any adequate basis) believed that they posed a threat, but saw the possibility of judicial review of no-fly decisions as a greater threat to the standard operating procedures of the TSA, DHS, and FBI. Or (3) both of the above.

We'll take Door Number 3, if you please.

Posted in Freedom To TravelSecret Law | No Comments

If your travel history is "suspicious", is that cause for search?

June 12th, 2015

If the file about you the DHS has compiled from airline reservations, license-plate readers, and other travel surveillance data sources is deemed "suspicious", does that constitute probable cause for a search of your home and business or seizure of your possessions?

That question has arisen in  the case of Albuquerque antique gun collector and dealer Bob Adams, argued in May 2015 and currently awaiting a decision by the 10th Circuit Court of Appeals in Denver.

On January 23, 2013, Mr. Adams' home and business was raided by a SWAT team including DHS and other Federal and state agencies.  Various of his possessions, including his collection and inventory of firearms, were seized, damaged, and/or destroyed in the raid. On November 4, 2013, after Mr. Adams had filed suit to recover his property, he was indicted for various technical violations of Federal laws relating to firearms imports and dealer licensing and reporting.

Both the search warrant and the indictment were based, in part, on allegations by Federal law enforcement officers regarding the records of Mr. Adams' international travel history in the DHS Automated Targeting System (ATS). In an affidavit supporting the application to a Federal magistrate for the search of Mr. Adams' home and business, "Special Agent" Frank Ortiz of the New Mexico Attorney General's Office claimed that ATS records showed that Mr. Adams had repeatedly flown to Canada without having return flight reservations to the US, and had subsequently re-entered the US as a passenger in a private car.  This, agent Ortiz opined (based on his purported "expertise" in interpreting such data) was evidence of a pattern of suspicious behaviour characteristic of Mr. Adams' alleged modus operandi for unlawful firearms imports.

(There's a long but generally undisclosed history of airlines "voluntarily" giving police access, without warrants, to PNR data, and ofpolice using it as the basis for interrogations and searches.)

The Federal judge to which the criminal case against Mr. Adams was assigned first upheld the search warrant but then, on reconsideration,ordered all the evidence obtained from the search suppressed, on the basis of other materially false statements, made in apparent bad faith, in Agent Ortiz's affidavit. The government, which would have no case against Mr. Adams without that evidence, has appealed that ruling to the 10th Circuit Court of Appeals.

The ruling by the District Court, the arguments to the Court of Appeals, and most of the publicity about the case have focused on questions related to firearms.  But what concerns us are the issues related to ATSand its use as a surveillance and suspicion-generating system.

First, ATS data is neither accurate nor complete, and should not be relied on. For example, even experts may be unable to tell, from a particular PNR, whether or not it corresponds to actual travel or issuance of a ticket. (Mr. Adams says some of the DHS records of flights he allegedly took to Canada don't correspond to flights he actually took, which is an inevitable consequence of the DHS orders to airlines to transmit copies to DHS of all reservations for such flights, including reservations that were unticketed and/or cancelled.) And license plate readers and the associated optical character recognition systems are, of course, subject to an unknown but substantial percentage of errors. (Mr. Adams says he has never traveled in some of the private vehicles in which ATS records that he crossed the US-Canada border.) Most importantly, the DHS has itself exempted ATS from the requirements of the Privacy Act for accuracy and completeness, on the basis of a claim that it is necessary to include inaccurate and incomplete data. Having done so, the government should be "estopped" from suggesting that any court or jury rely on this data.

Second, if the purpose of the ATS dragnet of warantless, suspicionless travel surveillance is to develop or support suspicions of criminal activity, that is a general law-enforcement purpose that goes far beyond the scope of permissible administrative searches or seizures of personal information incident to air travel or for purposes of aviation security.

Third, the evidence presented to the court in support of the application for a search warrant, to the grand jury in support of the indictment, and to Mr. Adams as part of pre-trial discovery, appears to have included only excerpts from TECS records (entry/exit logs which are one of the components of ATS), but not the complete TECS records, and none of the Passenger Name Record (PNR) data also included in ATS.  Full TECS records would include indications of the source of the data, and PNRs might well have made clear whether airline reservations had actually been ticketed and used, or had been cancelled as Mr. Adams claims.

It seems likely that the complete contents of the ATS records about Mr. Adams' travel, including full TECS records and all PNR data, constituted potentially exculpatory evidence known to, and in the possession of, the government, which it was required to disclose to the defense pursuant to the decision of the Supreme Court in Brady v. Maryland.

More generally, it would seem that a complete ATS file for any involved individual, including complete TECS and PNR data, would constitute potentially exculpatory evidence in virtually any prosecution in which international travel might be relevant: smuggling, facilitating unlawful immigration, etc. It would be almost impossible for the government to know in which cases such data might support an alibi, support or undermine the credibility of a witness, or support or refute some other testimony or claim. If the government doesn't proactively produce this material (as it is required to do), defense attorneys should object to this as a violation of the Brady doctrine, and/or specifically include it in routine discovery motions.  (We are available to assist defense counsel in interpreting such disclosures, and/or in explaining to courts how they could be exculpatory.)

Having carried out this extensive (although unreliable) surveillance of travelers, DHS appears to be using it selectively, introducing only those excerpts, in those cases, which it thinks it can spin as suspicious — and not mentioning other portions of these files that might refute these or other government allegations.  We wonder how many other criminal prosecutions this has tainted.

Posted in Freedom To TravelSurveillance State | 1 Comment »

TSA statements to court reviewing interrogations of travelers

June 2nd, 2015

In a filing with the Court of Appeals reviewing a TSA mandate for airlines to interogate passengers on international flights before allowing them to board, the TSA has directly contradicted previous explicit written statements by an official TSA spokesperson as to whether passengers are required by the TSA to answer questions from airline staff about their travel purposes as a condition of being allowed to fly.

Equally if not more disturbingly, the TSA also claimed in the same filingwith the 11th Circuit Court of Appeals that an airline licensed by the US government to operate as a common carrier has "independent discretion to deny boarding to any passenger about whom they have a concern."

In an email message in January of this year to "professional troublemaker" and frequent traveler Jonathan Corbett, the TSA "Office of Global Strategic Communicationsa Desk" said:

American Airlines is required to conduct a security interview with passengers prior to departure to the United States from an overseas last point of departure airport. If a passenger declines the security interview, American Airlines will deny the passenger boarding. The contents of the security program and the security interview are considered Sensitive Security Information (SSI).


But when Mr. Corbett petitioned the 11th Circuit Court of Appeals to review the TSA's secret orders to airlines containing this mandate, the TSA filed the following statement with the court:

Interviews are … intended only to determine screening protocols before a passenger may fly. TSA does not direct U.S. aircraft operators to refuse to carry a passenger who declines participation in the interview process.


This isn't the first time the TSA has told Federal judges that official TSA notices and public statements about what air travelers are "required" to do, as a condition of being "allowed" to exercise our right to travel, are false.

In 2006, the TSA told the 9th Circuit Court of Appeals panel reviewing the requirement for air travelers to show government-issued ID credentials in Gilmore v. Gonzalez that there is no such TSA requirement in the secret TSA security directives to airlines, despite notices still posted at TSA checkpoints (and, at the time, on the TSA website) that passengers are required to show ID. Most people who are unable and/or unwilling to show ID are allowed to fly, although some aren't. There are no rules or publicly-disclosed criteria for who the TSA does or does not allow to fly.  The TSA's orders to the airlines, and the airline policies approved by the TSA, are secret.

At a minimum, the TSA's repeated disavowals in court of what it has publicly claimed or implied are TSA requirements mean that travelers cannot resoanably be expected to believe or rely on those official but not legally beinding TSA statements, and have good cause to demand that TSA explicitly state whether anything they ask is a legally-binding TSA "order", a request, or an airline or or other private demand not mandated by the TSA. Noncompliance with requests not explicitly identified by TSA staff as TSA orders cannot reasonably construed as interference with, or refusal to submit to, TSA requirements.

The only way to reconcile the TSA's statement to the court that "TSA does not direct U.S. aircraft operators to refuse to carry a passenger who declines participation in the interview process" with the agency's previous statement to the public that, "If a passenger declines the security interview, American Airlines will deny the passenger boarding," is that the airline — on its own initiative and inidepndently of the TSA-mandated and TSA-approved "security program" — has committed to the TSA that it will deny boarding to anyone whoi declines to answer the airline's questions about their travels.

That possible interpretation is supported by the TSA's further statement to the Court of Appeals:

While … carriers retain their independent discretion to deny boarding to any passenger about whom they have a concern, whether as a result of an interview or otherwise, that outcome is not dictated by the international security interview program.


The problems with this — aside from the TSA's misleading statements to the public about the source of this "requirement" — are that an airline, by law, has no such discretion, and that the TSA is required by law (49 USC § 40101) to "consider … the public right of freedom of transit through the navigable airspace" in carrying out its responsibilities including approving airline policies.

The duty of the TSA, if it becomes aware of an airline policy or practice to exercise such unlawful "discretion" or claim the "right to refuse service", is to disapprove the policy or practice. If an airline persists in such a practice, the duty of the TSA is to order the airline to discontinue to the practice or, if that is outside the TSA's jurisdiction, to refer the airline to the Department of Transportation for the imposition of sanctions, which ultimately could include the revocation of the airline's certification from the DOT to operate as a common carrier.

It's bad enough that airlines are trying unilaterally to abrogate their responsibilities as common carriers. It's far worse that the government is acquiescing in, much less encouraging, such practices.

Posted in Freedom To TravelSecret Law | 1 Comment »

DHS still playing politics with FOIA requests

May 18th, 2015

The latest response to one of our Freedom of Information Act (FOIA) requests confirms our suspicion that despite sworn testimony to the contrary to Congress by the DHS Chief FOIA Officer, the DHS has resumed, or never abandoned, its illegal practice of political interference and specially disfavored and delayed treatment of FOIA requests from journalists and activist organizations — including the Identity Project.

In 2005, the Associated Press discovered from the response to one of its FOIA requests for FOIA processing records that the DHS Chief FOIA Officer had ordered FOIA officers for the DHS headquarters and all DHS components (TSA, CBP, etc.) to flag all "significant" FOIA requests for special handling. "Significant" FOIA requests were to include, inter alia, any request on a controversial topic; likely to generate news coverage; or from a journalist, news organization, or activist organization (those terms being undefined in the order).

All planned actions on "significant" FOIA requests (acknowledgments of receipt, releases of responsive records, appeals, litigation, etc.) were to be reported in advance to the DHS "front office" for inclusion in aweekly report to the DHS White House liaison.  Crucially, both the general order and the memos accompanying the weekly reports when they were circulated to all DHS and component FOIA officersexplicitly forbade the release of any records or any other response to a "significant" request without the express prior approval of the DHS "front office".

Questioned about this before a Congressional oversight committeeduring the ensuing scandal, DHS Chief FOIA Officer Mary Ellen Callahan swore that these orders didn't really mean what they appeared to say. This was merely an "awareness" or "notification" system, not really an approval system, Chief FOIA Officer Callahan claimed:

[T]o my knowledge, no information deemed releasable by the FOIA Office or the Office of the General Counsel has at any point been withheld.


The Chief FOIA Officer told Congress, under oath,  that the "notification" period had been reduced from indefinite to one day, and the default after one day, in the absence of "front office" action, had been changed from continued indefinite withholding to release of the response:

In fact, we continue to improve the system; DHS has now moved to a one-day awareness review for significant FOIA responses…. Significant FOIA releases are uploaded into a SharePoint system for a limited awareness review period – now one business day – and then automatically released by the relevant component FOIA office back to the requester.


But had anything really changed?  We got an answer last week, as we were attempting to find out when we should expect a response to one of our requests for information about the "Federal Security Level" (FSL) that determines the date of applicability of certain REAL-ID Act rulesfor access to Federal facilities.

We requested information about what, if any, FSL has been assigned to each of a sampling of Federal facilities in the San Francisco Bay Area, including symbolic targets and critical infrastructure (the Golden Gate and Bay Bridges), Federal courthouses and office buildings, and more. We'll be publishing those responses, and our analysis of them, in a future article.

At its mid-point, the San Francisco-Oakland Bay Bridge passes (in a tunnel between the east and west high-level spans) through Yerba Buena Island, a Federal reservation which constitutes the US Coast Guard Station San Francisco. We asked for records about the FSL for Station San Francisco, including the Bay Bridge, and about the FSL for the (former?) NSA listening post at Two Rock Ranch in Sonoma County, which operates as USCG Training Center ("TRACEN") Petaluma.

The Coast Guard is a partially military, partially civilian component of both the DHS and the Department of Defense. The DoD also hasspecial rules for "significant" FOIA requests, but they are quite explicitly a notification system, not an approval system like the (former?) DHS system.  In any case, it appears that the Coast Guard generally processes FOIA requests in its civilian, DHS capacity.

Our request was submitted to USCG headquarters, but after some run-around was referred to local USCG FOIA Officers in San Francisco and Petaluma for their separate responses directly to us. So far, so good. We had several cordial conversations with Mr. Kevin Fong, the FOIA Officer for USCG Sector San Francisco. So far as we could tell, he seemed to be making a sincere effort to identify any records responsive to our request.

The week before last, Mr. Fong told us that he had been unable to identify any responsive records (which would seem to indicate that the Bay Bridge had never been assigned an FSL).  Mr. Fong said that he would be sending us formal notice of his failure to find any responsive records.

Since no responsive records had been found, there were no legal or interpretive issues that might have required higher-level consultation or decision-making regarding whether any of those records might be exempt from disclosure. No further "processing" of records was required, since there were no records to process. The statutory deadline for the Coast Guard's response to our FOIA request had long since passed, and a response could and should have been provided immediately.

Instead, we got radio silence for another week. When we called Mr. Fong at the end of last week to find out what was holding up his response, he told us that our request had been designated as "significant". No surprise there. We're an educational and activist organization that takes an interest in controversial and newsworthy topics. So far as we know, all of our requests are designated as "significant" and included in the weekly reports to the DHS White House liaison.

Mr. Fong continued, however, that because our request was "significant" he had been required to submit his proposed response to national headquarters (whether of the USCG or of DHS wasn't clear), and had been forbidden to provide his formal written response until he received approval from headquarters.  He had been waiting a week for that approval.

Assuming what Mr. Fong told us is true, this is exactly the practice that the DHS Chief FOIA Officer swore under oath before Congress had been ended five years ago.

We've called the attention both of Mr. Fong and of the USCG headquarters FOIA office to the discrepancy between the way our current request is being handled and the previous DHS claims about the alleged reform of the process for "significant" FOIA requests.

DHS responses to others of our pending FOIA requests may be similarly blocked, but we can't tell for sure. An otherwise-complete response to another of our FOIA requests, two years overdue, is also being held up pending "final review". For this request, however — unlike the request referred to the Coast Guard discussed above — we don't know whether the review that is delaying the response the additional review and approval by the DHS "front office" required because =our request was deemed "significant", or some other review.

We're still waiting for any comment, or any official response to our original FOIA request.

Posted in Secret Law | 2 Comments »

« Previous Entries

SEPTEMBER 2015smtwtfs« Aug   123456789101112131415161718192021222324252627282930 

CATEGORIES

Freedom To Travel (404)Papers, Please (261)REAL ID (44)RFID (21)Secret Law (262)Secure Flight (69)Surveillance State (280)

ARCHIVES

select...August 2015July 2015June 2015May 2015April 2015March 2015February 2015January 2015December 2014November 2014October 2014September 2014August 2014July 2014June 2014May 2014April 2014March 2014February 2014January 2014December 2013November 2013October 2013September 2013August 2013June 2013May 2013April 2013March 2013February 2013January 2013December 2012November 2012October 2012September 2012August 2012July 2012June 2012May 2012April 2012March 2012February 2012January 2012December 2011November 2011October 2011September 2011August 2011July 2011June 2011May 2011April 2011March 2011February 2011January 2011December 2010November 2010October 2010September 2010August 2010July 2010June 2010May 2010April 2010March 2010February 2010January 2010December 2009November 2009October 2009September 2009August 2009July 2009June 2009May 2009April 2009March 2009February 2009January 2009December 2008November 2008October 2008September 2008August 2008July 2008June 2008May 2008April 2008March 2008February 2008January 2008December 2007September 2007August 2007June 2007May 2007April 2007February 2007January 2007December 2006November 2006October 2006August 2006May 2006April 2006March 2006February 2006January 2006

SEARCH

 

META

RSS Feed (Entries)RSS Feed (Comments)Log in

Copyright © 201

​Toyota investing $50M to research cars that can think for themselves - CNET

...what coupd possibly go wrong...

Http://www.cnet.com/news/toyota-investing-50m-to-research-cars-that-can-think-for-themselves/

5 things the FTC should do to improve data security in the wake of Wyndham - FierceITSecurity

http://www.fierceitsecurity.com/story/5-things-ftc-should-do-improve-data-security-wake-wyndham/2015-09-03

Collecting of Details on Travelers Documented

http://www.washingtonpost.com/wp-dyn/content/article/2007/09/21/AR2007092102347_2.html

...Homeland Security Secretary Michael Chertoff in August 2006 said that "if we learned anything from Sept. 11, 2001, it is that we need to be better at connecting the dots of terrorist-related information. After Sept. 11, we used credit-card and telephone records to identify those linked with the hijackers. But wouldn't it be better to identify such connections before a hijacker boards a plane?"

Friday, September 4, 2015

Ashley Madison - A final analysis of the data

Ashley Madison - A final analysis of the data: "In this article, we provide an analysis to the Ashley Madison data that uses data science to answer questions without putting in jeopardy the privacy of the users of the A.M. website."



'via Blog this'

Malvertising Headache Swells to Migraine Proportions | Online Advertising | E-Commerce Times

Malvertising Headache Swells to Migraine Proportions | Online
Advertising | E-Commerce Times


http://www.ecommercetimes.com/story/82421.html

Martin Luther King, Jr. - Wikiquote


The trouble isn't so much that our scientific genius lags behind, but our moral genius lags behind. MLK

https://en.m.wikiquote.org/wiki/Martin_Luther_King,_Jr.

Wednesday, September 2, 2015