Posts by tom dial

Re: One crime one warrant

Fewer than 2,500 intercept warrants in the UK for a year amounts to around 1 for each 20,000 adults. That may actually not be unreasonable provided the number of people targeted in each warrant is sensible, the duration of the warrant is not too long, and there are legal constraints on use of the collected data. I suspect those are generally true in the UK, which seems to have a decent government overall.

While it is not sensible to think the Home Secretary spends much personal time examining the warrants for appropriateness or legal compliance, that does not imply that the office does not have employees who do so as part of their jobs, as both legal and political matters.

On the other hand, in the US, with a population roughly five times that of the UK, 2014 saw a total of 3,554 intercept warrants (1,279 federal and 2,275 state or local), for an average of about 1 per 65,000 adults. The average duration appears to have been about 33 days each. It is not clear that these numbers are exactly comparable to those quoted for the UK, and they are for content interceptions only and do not include orders for delivery of metadata.

Re: war on police

Thanks for the tip; it looks like an interesting book, and I look forward to reading more of it. A couple of quick samples suggest what I suspect others already have pointed out. If you are stopped by a police officer, politeness, a show of respect for the officer (whether or not honest), and compliance with requests and orders is prudent behavior, and likely to bring much better results than the alternatives, even for those who were driving/walking while black/hispanic. The time to protest police misconduct usually is not when it is occurring, and the person to whom the complaint should be given almost never is the officer involved.

That said, body cameras in use are likely to mitigate bad behavior on both sides of a police/citizen encounter. The downside is that a great many police visits are for domestic disagreements that both participants are likely to feel embarrassment over and think of as a privacy invasion. The solution might be for the cameras to run all the time unless all those involved in an encounter (including the police officer) agree that it can be turned off for privacy reasons. Storage for the camera to hold everything on a shift, and to retain a copy of it for a reasonable period, is cheap enough in relation to other police equipment and operations that it should not be an impediment.

It also is worth mentioning that the situations of most interest are those which include violence and perhaps a shooting or forcible arrest. In those, even with the body cameras running, the capture is likely to be ambiguous and incomplete, and outside observers with cell phones are likely to contribute to a better understanding than any one source would provide.

Indeed. Pulse oximeters, probably incorporating light guides, have been around for a long time, as have integrated circuit motion detectors. Both have been in widespread use since well before February, 2009. Integrating them using a computer and software seems like something a programmer skilled in dealing with sensors would do with little inspiration based on a goal of, for example, calculating calories expended over time. It is quite plausible that Apple and Fitbit declined to pay royalties on these patents because their legal departments, after examining them, declared them rubbish.

Re: Ignorance is bliss

The real problem with "nothing to hide, nothing to fear" relative to their domestic, and even foreign, TLAs is that for the overwhelming majority, nearly all the time, it is a factually correct statement. While this statement varies in accuracy depending on the government under which one lives, even the most oppressive regimes have resource limitations that require them to manage surveillance and focus on those who appear likely to cause trouble, and rely on much more pervasive means of surveillance than mere access to storage encryption keys will provide. At bottom, though, most people go about their lives following governmentally and socially approved paths and do not have to be particularly concerned, on a personal basis, about vulnerability to law enforcement activity.

That is not an argument against encrypting data to provide a degree of privacy and security, but surely it is unreasonable and simply incorrect to argue that Microsoft's storage of recovery keys reduces privacy security below what plain text storage provides.

A case in point is the Clipper Chip of Infamy. After considerable push back about possible government abuse or loss of the escrowed key information (and finding of implementation flaws) it was discarded along with the very real privacy and security benefits that it would have offered in well over 99% of all cases. Even if the entire escrow database had been published the result would not be inferior to what we have, which is that most telephony is done in the clear. The same is true of the related Capstone, intended for use with communications other than telephony, although much of the benefit was recovered through use of SSL and TLS.

Re: I'm shocked

It has been half a century since a law prevented African-American citizens from either registering to vote or voting. As always, the Civil Rights Act of 1964 and the Voting Rights Act of 1965 were not always followed, complaints made under the laws were not always prosecuted with vigor, and prosecution did not always result in conviction and punishment. Nonetheless, it has not been legal in any state to deny voter registration or voting based on race since 1965.

Getting registered in the US requires an affirmative act, most often, I think, checking a box on a driving license application or, for those who do not have or seek driving licenses, completion of a form to be filed with a local or state voting registrar. Twenty-three states also provide online registration applications and forty-seven accept the printable mail-in form available from www.usa.gov. In general, procedures here are not materially more difficult or greatly different from those in the UK.

Registration is nowhere controlled by major political parties as a matter of law and cases in which the major parties control it in practice are at most local and extremely rare.

Aside from the fact that "hanging chads" on punch card ballots has nothing at all to do with voter registration, it is a problem logically equivalent to mismarked paper ballots: almost entirely a matter of voter error and rarely a result of poor ballot quality or punch pin wear. It is possible, but extremely unlikely, for the punch used to be pushed completely through the card and leave the chad attached to the ballot. Most of the hanging chads would be dislodged before or during machine counting.

Re: What's the concern?

It is not entirely clear why these records should be thought private; they are, after all, records collected for a public purpose by a government agency, and are records that are important to the conduct of the very important election process. The example given shows, for the data items I recognized, what is available in many or most states to political parties able and willing to pony up the cash to buy a copy.

While the location information included might increase the risk to some people who require protection, the probability of that is low because either their location already is known to those who threaten them, or they have moved to a place of hiding and had the presence of mind to omit notifying the voting officials.

Re: I see a problem:

The citizens of Oklahoma (for example) remain free, through their elected representatives, to tax themselves as they see fit. Additionally, like all other states, they participate in various federal tax revenue sharing programs.

The ability of states to raise revenue probably will not be affected seriously by this change. Sales taxes are not the only source of state revenues and the part due to internet (or mail order) sales is unlikely to be large.

The states (and cities) where they have a physical presence, in the form of corporate taxes, fuel taxes, vehicle taxes and the like. Many states also collect employee personal income and other taxes from their residents. There is no scarcity of taxes.

What taxes the USPS pays is a matter that states could raise with the federal government through their congressional delegations.

Mea Culpa

Tracking back beyond the Register articles to the FOIA document release and Julia Angwin's ProPublica report, I see that the issue indeed has the appearance of inappropriate DHS action. The tone of SA Squire's email is that of an informal personal message, but its origin from an official DHS email address would be likely to convey the impression of a DHS anti-TOR policy, and might have been intended to do so. That impression might be incorrect, but surely would have been amplified when Thomas Grella forwarded it with a mild endorsement to the Lebanon police who raised the issue with the library. The library board later met publicly, and after discussing the issues raised, decided to reopen the relay, as they should. There does not seem to have been any significant degree of pressure in the episode.

Should the library employee have shut down the node before the board meeting? Probably not, since the board had approved it at a previous meeting.

Were the police out of line to raise the issue? I do not think so; their range of official action certainly would extend to making officials of the library and other public organizations aware of risks associated with their operations.

Did Tom Grella act inappropriately? Maybe; in choosing to forward Squire's email to the Lebanon police he probably should have provided more information than "this could become an issue."

SA Squire, however, should be counselled and possibly disciplined for one of two things. If he acted as a private citizen, he should have made that clear in the text of the message and sent it from a personal email account rather than his official DHS account, to avoid giving an incorrect impression that he was acting in his official capacity. Done that way he would have been entirely within his rights as a citizen. Hillary Clinton was criticised for using a private server to conduct public buisness; using public servers for private action is equally inappropriate. Alternatively, if Mr. Squire was expressing DHS policy, he should have worded his message more formally and referenced the specific policy.

Absent prior history of similar behavior, either offense warrants supervisory counselling, a review of the applicable laws and DHS policies and procedures, and possibly a temporary flag in is personnel record, to be removed after a year or so with no further issues of the type. In view of Lofgren's letter, however, they might be tempted to do more: federal agencies really hate to receive Congressional letters, and this event also brought them a good deal of bad PR.

Is Lofgren's letter a bit over the top? I think so, for the reasons I stated earlier, as modified above. It is not clear that either the DHS employee or the Lebanon, NH police actions constitute "interference," and whether or not by design, SA Squire separated himself, and DHS, from the actual conversations. While counselling certainly is in order for SA Squire, and clarification of the boundaries between official duties and private actions a good idea for all DHS (and other government) employees, Squire's only error probably was failing to state that he was acting as a private citizen, not as a DHS employee. Lofgren's letter suggests that she wants DHS to direct, or at least advise, employees to limit exercise of their constitutional rights, something that would be quite illegal.

-

Re: We can’t arrest or detain someone because they “might” do something.

The police in nearly any jurisdiction can arrest pretty much whomever they want, whenever they want to do it. However, it is likely to take more than a discussion "with other people about the possibility of doing «something»" to make a conspiracy charge stick in the US, where a concrete action in furtherance of the <<something>> usually is required in addition to the discussion, hence the somewhat common cases in which an arrest is made for things like solicitation of a murder (from a police officer) or conspiracy to blow up a bridge (from a couple of FBI agents).

Re: Same old program, different name.

One thing the documentation Edward Snowden released illegally does not show is that the NSA deceived the President, the Departments of Defense and Justice, or the Foreign Intelligence Surveillance Court. Indeed, it is fairly clear that they also provided timely and relatively complete information to the intelligence committees of the Senate and House of Representatives, despite the fact that few members of either body took the trouble to read the documents provided. A presumption that NSA managers and employees operated programs in secret that were intended to generally subvert the rights or liberties of US citizens or those of other countries is unwarranted. Replacement of the program being ended, of course, was authorized by the Congress and directed by the President.

Reasonable people may differ about the appropriateness of various intelligence agency programs and whether they are consistent with the US Constitution and laws. In addition to citizens, federal judges and legislators, including members of the intelligence committees, did so often, and there is no clear reason to think any of them dishonest.

Re: The scum leading the dumb

To press on with more or less irrelevant analogies, you also do not find a needle in a haystack if you do not look for it, and you are more likely to find a needle in a haystack if you look at all of it than if you look only at part.

It is worthwhile to keep in mind that SigInt agency capture and filtering of internet backbone data flows is pretty much the same thing they were (and are) doing with radio signals at places like Menwith Hill and Sugar Grove, and in numerous other listening stations before them. The internet changed the transmission means, but nothing else.

The fact that nearly all terrorist perpetrators were known (for some definition of known) may indicate no more than police/intelligence staffing insufficient to follow up on all of them. That seems to have been true in the Charlie Hebdo shootings and may have been a factor in the more recent ones in Paris. It is not clear whether increased data collection and analysis would make things better or worse, although I suspect the latter. Manpower and other resources used for collection and analysis might better be used for direct surveillance of those thought to be risks, and John Poindexter's notion that sorting and collating all the data by machine would replace human agents with algorithms always was pretty much a pipe dream, completely aside form the fact that it couldn't be sold even in the immediate post-9/11 panic.

Re: Deliberately missing the point, or fuckwit?

I am minded to ask what the legal protections are under European national laws for non-citizens and residents outside their respective countries. Are there any? Stewart Baker (former NSA legal counsel) has argued in testimony to the US Congress that US citizens and residents have more legal protection against their government than citizens and residents in most of Europe, including the UK, France, and Germany, have against theirs. The US has a requirement for warrants or other court orders, ensuring that demands for data have been reviewed at least minimally by a nominally independent third party.

We know from the files Edward Snowden released, and those later declassified in response, that the NSA's data collection and analysis was done under laws passed by the US Congress, executive orders issued and updated by numerous Presidents, with review and (usually) approval by a properly authorized court consisting of federal judges nominated by a President, approved by the Senate, and appointed, as additional duty, by the Chief Justice of the Supreme Court. Nothing in what was released or declassified suggests frequent, intentional, or systematic NSA action outside that legal framework. Nearly all US citizens are much more at risk from criminals after their money than any government official. Among government officials, the risks, in roughly descending order, are local police; tax assessors; ambitious, overcharging prosecutors (local ahead of federal); and far behind, the FBI and intelligence agencies.

The President, indeed, occasionally goes beyond what the Constitution and laws allow, and the laws sometimes authorize unconstitutional actions. That has been true for over 200 years. The courts have made corrections in the past and will continue to do so in the future.

The President and executive branch generally are not required to protect those who are not US citizens or in the US from anything, any more than another government is obliged to protect non-citizens located outside of their jurisdiction. This can be, and often is, modified by treaties and other intergovernment agreements, but is the default rule.

I anticipate quite a few down votes for this post. I would prefer a clear description of the legal protections that apply to European citizens and legal residents instead, but would be quite satisfied with both.

Re: Forget Cyber terrorists

"We are doomed not by terrorists (clue in name) but by our own stupidity,"

Or possibly cupidity or, more likely, the latter, augmented mightily by the former.

Re: US Constitution

Jonathan Adler (a real live US attorney) speaks to this somewhat at:

https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/11/20/the-metadata-collection-program-is-constitutional-at-least-according-to-judge-kavanaugh/

complete with a number of case law references for those interested in more detail.

As the OP said, it depends on the definition of "unreasonable."