Brindle

Frequent FOIA requesters CREW (Citizens for Responsibility and Ethics in Washington) and NSA (National Security Archive) are trying to obtain a court ruling forcing the Trump administration to stop standing in the way of transparency and accountability.

Their complaint [PDF], filed earlier this year, accuses the Trump administration of not just serious impropriety, but of actually taking proactive steps to ensure there's no documentation of its questionable deeds.

From early on in this Administration, White House staff have used and, on information and belief, continue to use certain email messaging applications that destroy the contents of messages as soon as they are read, without regard to whether the messages are presidential records. Presidential statements made on Twitter sent from the President’s personal Twitter account, which are subject to federal record-keeping obligations, have been destroyed. The President also has implied that he is secretly tape-recording some or all conversations with Administration officials, and it is unclear if these tapes are being preserved. And there is at least one news report that, when the ongoing congressional and FBI investigations were disclosed, White House aides purged their phones of potentially compromising information. These practices violate the Presidential Records Act.

On top of that, the lawsuit alleges the White House is going even darker by consolidating power and forcing federal agencies to route as much as possible through administration staff to ensure as many records as possible could be considered exempt from FOIA requests.

The DOJ has filed its motion to dismiss [PDF]. And it's incredibly dismissive, as Eriq Gardner reports:

In a court filing Friday, not only do attorneys at the Justice Department say that courts can't review this, but they also argue that when it comes to laws pertaining to government record-keeping, judicial review would be inappropriate even if Trump deleted secret recordings with administration officials or even if his staff purged phone records because they expected to be subpoenaed in connection with various investigations.

Over the course of 36 pages, the DOJ tells the court the plaintiffs are wrong, the court is wrong… pretty the only entity entirely in the right is the President and his staff, who efforts cannot be questioned under the Presidential Records Act.

Courts cannot review the President’s compliance with the Presidential Records Act (“PRA”). As the D.C. Circuit has squarely held, “permitting judicial review of the President’s compliance with the PRA would upset the intricate statutory scheme Congress carefully drafted to keep in equipoise important competing political and constitutional concerns.” Armstrong v. Bush, 924 F.2d 282, 290 (D.C. Cir. 1991) (“Armstrong I”). Indeed, “Congress . . . sought assiduously to minimize outside interference with the day-to-day operations of the President and his closest advisors and to ensure executive branch control over presidential records during the President’s term in office,” and so “it is difficult to conclude that Congress intended to allow courts, at the behest of private citizens, to rule on the adequacy of the President’s records management practices or overrule his records creation, management, and disposal decisions.”

The DOJ's arguments are pretty blunt, considering they're spread over 30 pages. The DOJ flatly states the plaintiffs have no standing as they can allege no harm but possibly-thwarted FOIA requests at some point in the future. Even if the court somehow finds a way to grant standing, the DOJ states this won't help the plaintiffs' case at all.

Even if Plaintiffs had standing, the vast majority of their claims are precluded by the PRA. As noted above, the D.C. Circuit held in Armstrong I that private litigants may not bring suit to challenge the President’s compliance with the PRA. While the D.C. Circuit subsequently held that courts hearing FOIA cases may review the President’s PRA guidelines to ensure that he does not improperly treat agency records subject to FOIA as though they were instead presidential records subject to the PRA, see Armstrong v. Exec. Office of the President, 1 F.3d 1274, 1294 (D.C. Cir. 1993) (“Armstrong II”), D.C. Circuit law does not permit judicial review of whether the President is properly managing and preserving those records that are in fact subject to the PRA.

The DOJ likely has a point. Congress did give the President's office lots of leeway on how to handle records retention. It's the sort of thing that seems like a good idea when you're the party in power but not so much when things change hands. For everyone else on the outside, it's just another way the government insulates itself from accountability.

Permalink | Comments | Email This Story

A couple of weeks ago, we wrote about a proposal from the International Association of Scientific Technical and Medical Publishers (STM) to introduce upload filtering on the ResearchGate site in order to stop authors from sharing their own papers without "permission". In its letter to ResearchGate, STM's proposal concluded with a thinly-veiled threat to call in the lawyers if the site refused to implement the upload filters. In the absence of ResearchGate's acquiescence, a newly-formed "Coalition for Responsible Sharing", whose members include the American Chemical Society (ACS), Brill, Elsevier, Wiley and Wolters Kluwer, has issued a statement confirming the move:

Following unsuccessful attempts to jointly find ways for scholarly collaboration network ResearchGate to run its service in a copyright-compliant way, a coalition of information analytics businesses, publishers and societies is now left with no other choice but to take formal steps to remedy the illicit hosting of millions of subscription articles on the ResearchGate site.

Those formal steps include sending "millions of takedown notices for unauthorized content on its site now and in the future." Two Coalition publishers, ACS and Elsevier, have also filed a lawsuit in a German regional court, asking for “clarity and judgement” on the legality of ResearchGate's activities. Justifying these actions, the Coalition's statement says: "ResearchGate acquires volumes of articles each month in violation of agreements between journals and authors" -- and that, in a nutshell, is the problem.

The articles posted on ResearchGate are generally uploaded by the authors; they want them there so that their peers can read them. They also welcome the seamless access to other articles written by their fellow researchers. In other words, academic authors are perfectly happy with ResearchGate and how it uses the papers that they write, because it helps them work better as researchers. A recent post on The Scholarly Kitchen blog noted:

Researchers particularly appreciate ResearchGate because they can easily follow who cites their articles, and they can follow references to find other articles they may find of interest. Researchers do not stop to think about copyright concerns and in fact, the platform encourages them, frequently, to upload their published papers.

The problem lies in the unfair and one-sided contracts academic authors sign with publishers, which often do not allow them to share their own published papers freely. The issues with ResearchGate would disappear if researchers stopped agreeing to these completely unnecessary restrictions -- and if publishers stopped demanding them.

The Coalition for Responsible Sharing's statement makes another significant comment about ResearchGate: that it acquires all these articles "without making any contribution to the production or publication of the intellectual work it hosts." But much the same could be said about publishers, which take papers written by publicly-funded academics for free, chosen by academics for free, and reviewed by academics for free, and then add some editorial polish at the end. Despite their minimal contributions, publishers -- and publishers alone -- enjoy the profits that result. The extremely high margins offer incontrovertible proof that ResearchGate and similar scholarly collaboration networks are not a problem for anybody. The growing popularity and importance of unedited preprints confirms that what publishers add is dispensable. That makes the Coalition for Responsible Sharing's criticism of ResearchGate and its business model deeply hypocritical.

It is also foolish. By sending millions of take-down notices to ResearchGate -- and thus making it harder for researchers to share their own papers on a site they currently find useful -- the Coalition for Responsible Sharing will inevitably push people to use other alternatives, notably Sci-Hub. Unlike ResearchGate, which largely offers articles uploaded by their own authors, Sci-Hub generally sources its papers without the permission of the academics. So, once more, the clumsy actions of publishers desperate to assert control at all costs make it more likely that unauthorized copies will be downloaded and shared, not less. How responsible is that?

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Permalink | Comments | Email This Story

Several users have discovered that the Mini was almost constantly recording sounds and transmitting to Google. This was discovered on the My Activity page where thousands of false commands.

Last week, the Hollywood Reporter broke the story that famed Hollywood movie mogul Harvey Weinstein (formerly of Miramax and more recently of the Weinstein Company -- from which he was fired over the weekend, despite practically begging for his friends to support him) had seriously lawyered up, hiring three high profile lawyers: David Boies, Lisa Bloom and Charles Harder to deal with two apparent stories that were in the works -- one from the NY Times and another from the New Yorker (two publications not known for backing down from threats) -- about some fairly horrible alleged behavior by Weinstein towards young female actresses, employees and more.

A day later, the NY Times published its article about Harvey Weinstein and, damn, it's quite an article. It details multiple cases of alleged sexual harassment by Weinstein against both employees and hopeful actresses -- and includes claims of Weinstein having to pay off some of those individuals. The article was not based on a single source, but many sources, including one actress (Ashley Judd) willing to put her name behind the accusations (and just as we were completing this post, the New Yorker published its piece which appears to be more detailed and more damning, with more names and even more horrifying stories about Weinstein). And with the NY Times' publication, much of the "legal team" leaped into action. Of course, if you're not familiar with the three lawyers named above, it may help to do a quick review, before we dig in on the myriad (often contradictory) responses we've now seen from Weinstein and his legal team over the past few days.

Boies, of course, shows up everywhere these days, but often not for good reasons. You may recall him representing SCO in its quixotic attack on Linux. Or representing Oracle against Google in claiming that APIs can be copyrightable. Or representing Theranos, the now disgraced biotech firm that exaggerated what it could do. Or representing Sony Pictures when its emails were all leaked, to the point of sending a ridiculous threat letter to us for daring to report on those emails. Lisa Bloom's only appearance here was when she was on the right side of the silly James Woods defamation case against an anonymous tweeter. Many found Bloom's appearance as part of the team quite odd, since she's built her reputation on representing victims of sexual harassment. She later claimed she was just advising Weinstein, rather than acting as his lawyer (hmm....) and then, over the weekend, she resigned from whatever it was that she was doing. However, the NY Times has a quite incredible article suggesting her initial response to the accusations was to effectively go after the women, by posting "photos of several of the accusers in very friendly poses with Harvey after his alleged misconduct." Ick.

And, Charles Harder? What is there that needs to be said about Charles Harder? Oh, right, that he's currently leading the legal team that's suing us in a defamation suit that we've won (though he has since appealed).

Within hours of the article being published, Harder announced that Weinstein would be suing the NY Times for defamation.

"The New York Times published today a story that is saturated with false and defamatory statements about Harvey Weinstein," he writes in an email to The Hollywood Reporter. "It relies on mostly hearsay accounts and a faulty report, apparently stolen from an employee personnel file, which has been debunked by nine different eyewitnesses. We sent the Times the facts and evidence, but they ignored it and rushed to publish. We are preparing the lawsuit now. All proceeds will be donated to women’s organizations."

But here's the thing: Weinstein himself seems to be admitting that many of the accusations are accurate. He's quoted apologizing for his behavior in the initial NY Times article:

In a statement to The Times on Thursday afternoon, Mr. Weinstein said: “I appreciate the way I’ve behaved with colleagues in the past has caused a lot of pain, and I sincerely apologize for it. Though I’m trying to do better, I know I have a long way to go.”

He added that he was working with therapists and planning to take a leave of absence to “deal with this issue head on.”

That seems like an admission. The full statement is even more bizarre:

I came of age in the 60’s and 70’s, when all the rules about behavior and workplaces were different. That was the culture then.

I have since learned it’s not an excuse, in the office - or out of it. To anyone. I realized some time ago that I needed to be a better person and my interactions with the people I work with have changed.

I appreciate the way I’ve behaved with colleagues in the past has caused a lot of pain, and I sincerely apologize for it.

Though I’m trying to do better, I know I have a long way to go. That is my commitment. My journey now will be to learn about myself and conquer my demons. Over the last year I've asked Lisa Bloom to tutor me and she's put together a team of people. I've brought on therapists and I plan to take a leave of absence from my company and to deal with this issue head on. I so respect all women and regret what happened. I hope that my actions will speak louder than words and that one day we will all be able to earn their trust and sit down together with Lisa to learn more. Jay Z wrote in 4:44 "I'm not the man I thought I was and I better be that man for my children." The same is true for me. I want a second chance in the community but I know I've got work to do to earn it. I have goals that are now priorities. Trust me, this isn't an overnight process. I've been trying to do this for 10 years and this is a wake-up call. I cannot be more remorseful about the people I hurt and I plan to do right by all of them.

I am going to need a place to channel that anger so I've decided that I'm going to give the NRA my full attention. I hope Wayne LaPierre will enjoy his retirement party. I'm going to do it at the same place I had my Bar Mitzvah. I'm making a movie about our President, perhaps we can make it a joint retirement party. One year ago, I began organizing a $5 million foundation to give scholarships to women directors at USC. While this might seem coincidental, it has been in the works for a year. It will be named after my mom and I won't disappoint her.

That whole statement is... weird. Others have covered the many problems with it, but it seems like a pretty clear admission. Given that, it's pretty ridiculous to then claim you're suing the NY Times. Under what theory? Well, according to Weinstein, because it didn't give him enough time to respond:

“I mean every word of that apology,” he told TheWrap. “The reason I am suing the New York Times is they didn’t give me enough time to respond.”

Um. What? First of all, he gave an entire statement to the NY Times. So he clearly had time to respond. Second, there's no legal requirement that a news publication needs to give you "enough time to respond," let alone any time to respond. That's not how the press works.

In another interview, he told the NY Post that he's suing because the NY Times wasn't honest with him:

Weinstein said, “What I am saying is that I bear responsibility for my actions, but the reason I am suing is because of the Times’ inability to be honest with me, and their reckless reporting. They told me lies. They made assumptions.

“The Times had a deal with us that they would tell us about the people they had on the record in the story, so we could respond appropriately, but they didn’t live up to the bargain.

“The Times editors were so fearful they were going to be scooped by New York Magazine and they would lose the story, that they went ahead and posted the story filled with reckless reporting, and without checking all they had with me and my team.

Once again, Weinstein seems to be confused about how journalism works -- and what legal requirements there are. Even as rich and powerful as Harvey Weinstein is, there is no legal requirement to give him as much time as he wants to respond. Indeed, his lawyer Bloom admits they had two days:

“Two days ago, after begging, they gave us a couple dozen allegations that spanned 30 years and a dozen countries. They said we have until 1 pm today. We said ‘Why?’ They never said.”

Again, giving two days actually seems kind of generous.

The whole thing seems like Weinstein is trying out any and all possible responses at once. Normally you select one: you deny and sue or you apologize or you try to make a quip and laugh off the accusation. Harvey seems to be doing all of this at once.

He even tried denial (and a quip) before the admission and the threat:

In a brief interview on Wednesday, Weinstein declined to comment on the charges.

"I've not been aware of this," he said. "I don't know what you're talking about, honestly."

[....]

Weinstein later issued a statement through a spokesperson, as did Bloom. “The story sounds so good I want to buy the movie rights,” said Weinstein.

Of course, as the NY Times has pointed out, at no point has Weinstein said what is factually untrue in its reporting. And if you're suing for defamation, that's kind of the first thing you're supposed to do. Meanwhile, it appears that other stories are starting to come out (and they keep coming) -- including some fairly damning claims about attempts to cover up previous investigations. And, perhaps most troubling, a claim that the NY Times had this story a dozen years ago and was pressured into killing it. Of course, perhaps that's the real reason behind the threat of the lawsuit -- to try to scare off others from coming forward. All of the links in this paragraph suggest if that's the theory, well, it's not working. It's also not clear that a lawsuit would be wise. Beyond the failure to give an actual legal reason for the lawsuit so far, as many people have pointed out, it's unclear that Harvey would want to go through the discovery process in such a lawsuit should it get that far.

And, in the meantime, the NY Times has said that Weinstein "should publicly waive the NDAs in the women's agreements so they can tell their stories." If he fails to do so, that says a lot right there.

Still, in the end, it appears that Weinstein's strategy here seems to be... to do all of the following, even if some parts contradict other parts:

1. Deny with a quip ("I don't know what you're talking about, honestly." "I want to buy the movie rights.")
2. Offer a weak excuse that's not even a real excuse ("I came of age in the 60's and 70's")
3. Apologize ("the way I’ve behaved with colleagues in the past has caused a lot of pain," "I cannot be more remorseful about the people I hurt and I plan to do right by all of them.")
4. Threaten to sue ("the reason I am suing is because of the Times’ inability to be honest with me, and their reckless reporting")
5. Claim the story is not accurate ("a story that is saturated with false and defamatory statements about Harvey Weinstein")
6. Say the real problem was that the paper didn't live up to its word ("The Times had a deal with us")
7. Also claim that the problem was not enough time to respond (despite responding) ("The reason I am suing the New York Times is they didn’t give me enough time to respond.")
8. Deflect from being accused of using your power to bed powerless women by... talking about the NRA?!? ("I'm going to give the NRA my full attention.")
9. Insist that you've seen the light and are changing ("I want a second chance in the community but I know I've got work to do to earn it. I have goals that are now priorities. Trust me, this isn't an overnight process. I've been trying to do this for 10 years and this is a wake-up call.")
10. Talk about how you've thrown money at womens' issues, as if that makes this okay ("I began organizing a $5 million foundation to give scholarships to women directors at USC.")

None of these seem particularly genuine at all -- which perhaps explains the contradictory nature of many of them. Instead, it looks an awful lot like how people who are caught doing something bad act when they can't come to terms with what they've done, and will thrash about wildly, trying on every possible response, hoping one of them gets them out of the situation. Who knows if an actual lawsuit will be filed, but of all the possible responses above, that one seems the least likely to end well.

Permalink | Comments | Email This Story

To build a wall, you've got to break a few laws. That's the message being sent by a new bill, which helps pave the way for the eventual construction of a border wall by exempting the CBP and US Border Patrol from a large number of federal laws.

H.R. 3548 [PDF] would give the CBP a free pass to ignore all sorts of federal restrictions when engaging in its enforcement activities. All the things citizens can't legally do on federal land, the CBP and Border Patrol would be allowed to. This would keep the federal government from getting in its own way in the event wall construction actually takes place, as well as keep CBP agents from worrying about polluting, killing endangered species, or violating sacred grave sites while pursuing undocumented aliens.

The authority is so broad that CBP and its officers are given exemptions from the requirements of 36 different federal laws, including but not limited to, the National Environment Policy Act, the Endangered Species Act, the Clean Water Act, the Clean Air Act, the Fish and Wildlife Act, the Eagle Protection Act, the Native American Graves and Repatriation Act, AND "Subchapter 5, and chapter 7 of title 5, United States Code (commonly known as the 'Administrative Procedure Act')."

The last one listed is why the American Society of News Editors is commenting on the bill. The Administrative Procedure Act covers federal FOIA law. If this goes through unaltered, it could easily be read to exempt the CBP and Border Patrol from responding to open records requests pertaining to their activities... pretty much everything these entities do. The bill covers everything from tactical infrastructure efforts to detainments to patrol efforts.

ASNE isn't quite sure what to make of this exemption being included, but knows there's no way the law should be passed with this part intact.

It's unclear whether this reading is accurate, or intended, but unless someone asks, we might not know until it is too late. Unfortunately, there has been little to no stated opposition to this bill, so it could very well pass the House Committee on Wednesday, and later the entire House, unchecked.

The risk of leaving this stone unturned is clear: The public and press would be in the dark with regard to CBP activities near the border. We wouldn't have access to records of arrests, injuries, deaths and other major incidents at the border or the costs of securing the borders, including the cost and other details of building a border wall.

It could have been a mistake with legislators wishing to exempt CBP from something else, but if it can be read as excusing ICE from its FOIA duties, you can be sure that's exactly how the agency will read it. Alerting representatives is the only way this will receive any attention, considering it's just a few words in the middle of a 102-page bill seeking expanded powers for the agency.

Permalink | Comments | Email This Story

Joshua Topolsky: The "notch" on the new iPhone X is not just strange, interesting, or even odd - it is bad. It is bad design, and as a result, bad for the user experience. The justification for the notch (the new Face ID tech, which lets you unlock the device just by looking at it) could have easily been accomplished with no visual break in the display. Yet here is this awkward blind spot cradled by two blobs of actual screenspace. [...] Plenty has been written about the mind-numbing, face-palming, irritating stupidity of the notch. And yet, I can't stop thinking about it. I would love to say that this awful design compromise is an anomaly for Apple. But it would be more accurate to describe it as the norm. Apple really, really wants you to "embrace the notch" and consider it a design element. With the home button gone, the iPhone X lost the iconic shape we've come to expect from iPhones, and to set a recognisable shape for the iPhone for the next decade, Apple chose the notch, and decided to embrace it. The goal of the industry is clearly to move to truly fullscreen displays; no notches like the Essential phone or the iPhone X, and no thin chins and foreheads like the Galaxy S8 or the LG V30. With Apple trying to build a visual brand around the notch, we're going to be inundated with article after article explaining how the notch is great design, how it's a good idea, how it actually makes a lot of sense to have the notch because of [insert pseudoscience], how it is the pinnacle of design. And all those articles will look entirely foolish once Android phones start moving to true fullscreen with under-display cameras and sensors in a few years from now, after which Apple will drag its feet, only to eventually move to true fullscreen displays 2-3 years later, at which point the authors of the aforementioned articles will do a complete 180 overnight, as if the notch never happened. Notches and chins and foreheads are necessary imperfections due to technological limitations on the way to fullscreen perfection. Pretending they are not will only make you look foolish five years from now.

The solutions proposed by legislators, law enforcement, intelligence agencies, and multiple direct beneficiaries of amped-up surveillance in the wake of acts of terrorism are always the same: more of the stuff that didn't prevent the last attack.

London is a thicket of CCTV cameras and yet it's suffered multiple attacks in recent years. The NYPD and New York's former mayor idolized the London system: cameras everywhere (but not on NYPD officers). Despite this, New York City's relative safety appears to based more on policing tactics than hundreds of passive eyes.

Considering the unshakable belief "more cameras = more safety," how do surveillance supporters explain the recent shooting in Las Vegas, perhaps the most heavily-surveilled city on the planet?

In 2013, Nevada outfitted the Strip's "real-time crime center" with an additional 37 pivot-and-zoom cameras with a $350,000 federal grant. And as a surveillance expert told the Sun, most casinos on the strip are running thousands of cameras already: "Casinos have 100 percent coverage of virtually every square inch," he said. In the highways around Vegas, there are still cameras every half-mile. "Loss-prevention" recording devices stalk the Strip's employees in the back-of-house.

And still, while the footage will be rewound and analyzed in the coming weeks, acquired by the press, and used to model future scenarios, none of those cameras stopped a man from walking into the Mandalay and stocking a small arsenal of automatic weapons in his hotel room.

More isn't better. This much is clear. The NSA's infamous haystacks have caused more problems for analysts, who are tasked with sifting through millions of communications in hopes of flagging something worth pursuing. Thousands of cameras are useless if there aren't thousands of eyes to watch them in real time. It may help investigators after the fact, but after-the-fact detective work is never preferable to preventing deadly attacks.

As Molly Osberg points out for Splinter, the proposed prevention efforts will likely include even more cameras. And these proposals will come with zero stats backing up claims of increased safety and security.

[L]ondon police estimated almost a decade ago that for every 1,000 security cameras installed, only one crime was solved.

Eliminating cameras isn't the answer. But neither is continuing to prop up the delusion that more = safer. The same goes for other surveillance methods. Grabbing millions of communications daily might seem like a good way to catch something relevant now and then, but hours are wasted on filtering out false positives and internet detritus that wouldn't be swept up in more targeted approaches.

The surveillance state hasn't failed. It's just enamored with compounding its existing problems by adding more capacity. The only thing really guaranteed is more failure.

Permalink | Comments | Email This Story

We've just written about a troubling move by Elsevier to create its own, watered-down version of Wikipedia in the field of science. If you are wondering what other plans it has for the academic world, here's a post from Elsevier’s Vice President, Policy and Communications, Gemma Hersh, that offers some clues. She's "responsible for developing and refreshing policies in areas related to open access, open data, text mining and others," and in "Working towards a transition to open access", Hersh meditates upon the two main kinds of open access, "gold" and "green". She observes:

While gold open access offers immediate access to the final published article, the trade-off is cost. For those that can't or don't wish to pay the article publishing charge (APC) for gold open access, green open access -- making a version of the subscription article widely available after a time delay or embargo period -- remains a viable alternative to enabling widespread public access.

She has a suggestion for how the transition from green open access to gold open access might be effected:

Europe is a region where a transition to fully gold open access is likely to be most cost-neutral and, perhaps for this reason, where gold OA currently has the highest policy focus. This is in stark contrast to other research-intensive countries such as the US, China and Japan, which on the whole have pursued the subscription/green open access path. Therefore one possible first step for Europe to explore would be to enable European articles to be available gold open access within Europe and green open access outside of Europe.

Blithely ignoring the technical impossibility of enforcing an online geographical gold/green border, Hersh is proposing to add all the horrors of geoblocking -- a long-standing blight on the video world -- to open access. But gold open access papers that aren't fully accessible outside Europe simply aren't open access at all. The whole point of open access is that it makes academic work freely available to everyone, everywhere, without restriction -- unlike today, where only the privileged few can afford wide access to research that is often paid for by the public.

It's hard to know why Elsevier is putting forward an idea that is self-evidently preposterous. Perhaps it now feels it has such a stranglehold on the entire academic knowledge production process that it doesn't even need to hide its contempt for open access and those who support it.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Permalink | Comments | Email This Story

After years of listening to tough-on-crime legislators and the tough-on-crime lawmen that love to hear them talk about filthy criminals beating the system by getting off on technicalities, it's somewhat funny to discover lots of what's complained about is nothing more than good old-fashioned due process and/or the collateral damage of crooked, inept, or lazy cops.

We've seen a lot of en masse criminal case dismissals recently. Thousands of convictions and charges were dropped in Massachusetts as the result of a state crime lab tech's years of faked drug tests. All over the nation, cops are letting perps walk rather than discuss law enforcement's worst-kept secret: Stingray devices.

Add to that list several hundred cases being dropped by prosecutors in Baltimore -- all thanks to officer misconduct. [via Scott Shackford at Reason]

Hundreds of criminal cases are impacted by the questionable conduct of Baltimore police officers, the city's top prosecutor announced in a statement.

Baltimore State's Attorney Marilyn J. Mosby's office released the updated numbers Wednesday. She said the actions of eight officers indicted for racketeering have affected 295 cases, and three more incidents of questionable use of body-worn cameras have impacted a total of 569 cases. Overall, she said up to 338 cases have been or could be dismissed.

The body camera footage at issue was discussed here earlier. What looked like an officer planting evidence turned out to be an officer performing an improvisational reenactment of "discovering" evidence he had actually discovered earlier (but without his body camera turned on). While less malicious than framing someone, the end result is no less questionable: a cop stuffing drugs into an object for recorded "discovery" later. Either way, it's something no cop should be doing, especially when they're wearing body cameras they can activate at any time.

The numbers of dismissals will likely continue to grow. Moby's office counts up to 338 possible dismissals so far, but characterizes these totals as "preliminary." The Baltimore PD, however, is spinning these dismissals in a different -- but wholly expected -- direction. While promising to "work to address the concerns" raised by the racketeering and footage-faking, police spokesman T.J. Smith claims these multiple cases of footage manipulation (there are four in total) are not indicative of larger, unaddressed problems with officer accountability.

Smith pointed out the importance of separating the four incidents, as they are "unique and independent of each other," adding that while eight officers are in federal prison for their criminal conduct, "the cases involving body-worn camera footage is still being investigated and no criminal wrongdoing has been proven."

Well, "unique" and "independent" except for the fact they all involved members of the Baltimore PD. Only a fool (or a police union spokesman) would believe these are the only times Baltimore officers have massaged camera footage and that the hundreds of cases edging towards dismissal will be the end of the prosecutorial bleeding. Misconduct of this type -- especially misuse of recording equipment -- tends to be a department-wide problem, rather than a few "bad apples" rising to the top of the barrel to be plucked and tossed by prosecutors.

Permalink | Comments | Email This Story

Jails and prisons continue to sacrifice what few physical interactions prisoners have with loved ones on the outside to phone service provider Securus. The New Orleans Advocate reports a local jail is the latest in a long line of correctional facilities to ban in-person visits, replacing them with Securus communication software and hardware.

Inmates at the Jefferson Parish Correctional Center in Gretna will no longer be able to receive in-person visits from relatives and friends beginning Oct. 10, when the facility will begin a "video visitation" program similar to one put in place at New Orleans' lockup a couple of years ago.

To jailers, this move just makes sense. It all but eliminates contraband smuggling and allows prisons and jails to allocate fewer staffers to monitoring prisoner visits. But it makes little sense for those stuck inside and even less sense for those on the outside who will be spending a lot more money on visits that used to be free.

The Sheriff's Office said 20-minute sessions will cost nearly $13.

At this per minute rate, it makes no difference visiting hours are being expanded. While it may sometimes be more convenient to Skype prisoners than visit in person, no one's asking for $0.60/minute communications to be their only option.

But this is something Securus has pushed for a long time. Back in 2015, Securus finally dropped a clause in its contracts that mandated correctional facilities using its equipment move to video-only visits. But that doesn't mean jails aren't still heavily encouraged to ban in-person visits. The pivot to video doesn't just generate an absurd amount of income for the communications provider. It also pads the pockets of prisons.

Jails stand to make a profit by adopting this type of visitation. If families do a video visit at the jail, it's free, but if they do it from their home computer, it can cost $1 per minute. Securus promised the Cheshire County Jail a 20 percent cut of the thousands of dollars those fees bring in — that cut totaled $2,500 for the jail last year. The county paid $30,000 to install the video system.

This perversity incentivizes prison and jails to further dehumanize inmates by cutting them off from most, if not all, outside human contact while incarcerated. Jails don't have to step up to full-on bans to discourage visits. They can just enact highly-intrusive search policies and shorten visiting hours to achieve the same effect.

The push to video further benefits the state by ensuring almost every communication between prisoners and outsiders is recorded. In-person visits may be lightly-surveilled by staff, but calls routed through Securus hardware/software are swept up in their entirety, easily accessed by the government.

It's not like prisoners aren't warned that all calls are recorded, but these bans eliminate any possibility of an intimate one-on-one conversation with a loved one or family member.

Just as problematic is the government's access to every conversation. While prisoners have an extremely diminished expectation of privacy, the government has repeatedly overstepped the very minimal boundaries remaining to listen in on privileged calls from prisoners to their legal reps.

And if the per call price seems high now, it's only going to get worse. Along with attacking net neutrality and loosening regulation of telcos and cable companies, FCC chairman Ajit Pai has made it clear the sky's the limit for prison phone call fees.

In the end, very little will be done about it. Convicted prisoners are the least sympathetic group when it comes to pushing new legislation. Very few politicians are willing to go to bat for incarcerated people and even fewer constituents are willing to support candidates who appear the least bit empathetic for those behind bars. Topping it all off is the fact that those affected the most cannot vote, despite being handy sources of federal revenue for states and cities housing inmates.

The push will continue to further isolate prisoners, which is only going to serve to reduce the chances of societal reintegration after they've done their time. But that's OK, because the harder it is to return to normal life, the greater the chance released inmates will end up back in prison racking up $15 phone calls that benefit Securus and others willing to shamelessly exploit a very captive audience.

Permalink | Comments | Email This Story

When the Department of Justice handed down remedies for the Seattle Police Department's excessive use of excessive force, it told officers they would need to dial back their penchant for deadliness. Just prior to the DOJ's civil rights investigation, the PD was responsible for 20% of the city's homicides. The DOJ recommended officers work on their de-escalation tactics, as well as partake in training meant to steer officers away from viewing anything strange (medical conditions, mental health issues, drug impairment, behavioral crises) as something to be shot at or beaten.

Seattle PD officials adopted the DOJ recommendations and altered the department's use of force policies. Rather than comply or quit, several police officers decided to file a federal lawsuit against the DOJ. The officers asserted a nonexistent right (the "right" to make it home alive) and hammered an existing right (the 2nd Amendment) to it in hopes of persuading a federal court that using less force less often somehow violated their right to keep and bear arms.

The crowdfunded lawsuit didn't get very far. The district court pointed out the 2nd Amendment does not create a "right" to defend yourself, much less attempt to guarantee officers' personal safety. Gun ownership is regulated, not a free pass for cops to violate PD use of force policies as they see fit. It also tossed a variety of other rights violations claims, noting these were even more tenuously connected to the officers' protest of the new use of force policy than the 2nd Amendment claims.

The officers appealed this decision because of course they did. Despite raising less than $4,000 of their $100,000 legal defense fund goal, the officers apparently had enough funding to lose twice. The Ninth Circuit Court of Appeals has rejected [PDF] the officers' ridiculous rights violation assertions. (h/t Kevin Gosztola)

As the court points out, the use of force policy these officers felt needed to be addressed with a civil rights lawsuit does zero damage to the officers' civil rights.

The UF [Use of Force] Policy explicitly recognizes that Appellants may use their department-issued firearms in self-defense in an encounter with a suspect—including the use of deadly force with a firearm. The UF Policy states that “[d]eadly force may only be used in circumstances where threat of death or serious physical injury to the officer or others is imminent[,]” and recognizes that “sometimes the use-of-force is unavoidable[.]” As a result, the UF Policy does not impose a substantial burden on Appellants’ right to use a firearm for the purpose of lawful self-defense.

The court goes on to note the restrictions placed on force deployment do not undermine officers' ability to defend themselves if needed.

The UF Policy requires Appellants to employ de-escalation techniques only “[w]hen safe under the totality of the circumstances and time and circumstances permit.” Thus, the UF Policy expressly contemplates that de-escalation techniques will not be feasible in every situation, and even states that “sometimes, the use of force is unavoidable.” The UF Policy also provides that Appellants may use deadly force where an objectively reasonable officer would conclude that the “threat of death or serious physical injury to the officer or others is imminent.” These provisions ensure that Appellants may use their department-issued firearms to defend themselves and the public.

The court also reminds officers use of force policies are written with more than police officers in mind. Their rights are not more important than the rights of the people they serve.

The UF Policy also requires that Appellants use “[d]e-escalation tactics and techniques . . . when safe and without compromising law enforcement priorities,” and states that Appellants “shall consider whether a subject’s lack of compliance is a deliberate attempt to resist or an inability to comply based on” a variety of factors. Those provisions advance the City of Seattle’s important government interest of ensuring the safety of the public by mandating de-escalation techniques and reducing the likelihood that a firearm will be drawn or used where such force is not “objectively reasonable,” “proportional to the threat or urgency of the situation,” or “necessary to achieve a law-enforcement objective.”

Also struck down is the officers' attempt to restructure the 2nd Amendment to cover their use of deadly force while on the clock. As the court notes, the rights are limited to "defending hearth and home." Nowhere is it written police officers have a right to make it home safely, and there's nothing in the Constitution that allows public employees to unjustifiably take the lives of others in order to ensure officers suffer no harm. That ends this particularly misguided attempt to turn the Constitution into a free pass for excessive force… unless there's still enough left of the $3,730 to crank out a Supreme Court petition.

The 123 suing officers represent about a tenth of the Seattle PD's police force. Why this percentage thought the new policy was worth suing over is unclear. The lawsuit was so misguided the Seattle police union didn't offer its endorsement or support, and it's in the business of suing over anything that threatens officer autonomy. The only thing this lawsuit has done is provided a list of 123 officers who would apparently prefer to shoot their way out of any situation, whether or not the use of force is justified.

Permalink | Comments | Email This Story

Even though Oracle is based in the heart of Silicon Valley (I can see its offices from my own office window as I type this), the company has become sort of anti-Silicon Valley. It tends to represent the opposite of nearly everything that is accepted wisdom around here. And its latest crusade is against open source technology being used by the federal government -- and against the government hiring people out of Silicon Valley to help create more modern systems. Instead, Oracle would apparently prefer the government just give it lots of money.

First, some background: over the past few years, one of the most positive things involving the federal government and technology has been the success of two similar (but also very different) organizations in the US government: US Digital Service (USDS) and 18F. If you're completely unfamiliar with them there are plenty of articles describing both projects, but this one is a good overview. But the really short version is that both projects were an attempt to convince internet savvy engineers to help out in the federal government, and to bring a better understanding of modern technology into government. And it's been a huge success in a variety of ways -- such as creating federal government websites that are modern, secure and actually work. And even though both programs are associated with President Obama, the Trump administration has been adamant that it supports both organizations as well, and they're important to continuing to modernize the federal government. The offices are not politicized, and they have been some of the best proof we've got that government done right involves smart, dedicated technologists.

Of course, not everyone is thrilled with these organizations. Old school federal contractors, for one, have been grumbling loudly about 18F daring to do things like making government procurement open to small businesses. After all, these contractors have spent decades charging the government billions for crappy products, in part, because they know how to work the system. Bringing in actual engineers who realize that it's crazy to spend so much money on crappy solutions -- especially when there are much better solutions that are often open, seems to really piss off some folks who grew fat and happy overcharging the government. And they've found some front groups who argue that these programs are a waste of government money, which would be better spent giving billions to private contractors.

Either way, the Trump Administration, following a Trump executive order, requested feedback on how best to modernize government IT. The request for comments and all the submitted comments are on Github (which is nice to see). Many are quite interesting, but the one that really caught my eye, was Oracle's submission, which I can only describe as... curmudgeonly.

A little more background: if it weren't for Oracle's failures, there might not even be a USDS. USDS really grew out of the emergency hiring of some top notch internet engineers in response to the Healthcare.gov rollout debacle. And if you don't recall, a big part of that debacle was blamed on Oracle's technology. So, perhaps it's not surprising that Oracle might hold a bit of a grudge against USDS. Similarly, while Oracle likes to claim that it's supportive of open source technologies, most recognize that open source has been eating Oracle's lunch for a while now.

Even with all that background, the sheer contempt found in Oracle's submission on IT modernization is pretty stunning. The letter complains about three "false narratives" that "have taken the [US government] off track":

False Narrative: Government should attempt to emulate the fast-paced innovation of Silicon Valley. Silicon Valley is comprised of IT vendors most of which fail. The USG is not a technology vendor nor is it a start-up. Under no circumstance should the USG attempt to become a technology vendor. The USG can never develop, support or secure products economically or at scale. Government developed products are not subject to the extensive testing in the commercial market. Instead, the Government should attempt to emulate the best-practices of large private-sector Fortune 50 customers, which have competed, evaluated, procured and secured commercial technology successfully.

Now, this is kind of funny if you follow anything having to do with government and IT projects over the past few decades, as compared to what's happened on projects where USDS and 18F have been involved. For example, remember the big new $600 million (only $220 million over budget) computer system the FBI paid for that was useless for catching terrorists and had to be completely written off? This was the system, built by giant government contractor SAIC, that a computer science professor who was asked to review the system said he was planning to go on a crime spree the day the system launched, knowing the FBI wouldn't be functional. The same system that was so bad that a contractor who was trying to do something so simple as add a printer to the network had to hack the system, accessing the usernames and passwords of 38,000 FBI employees (including then director Robert Mueller) just to do his job.

Is that really the kind of world we want to go back to? And that's just one example, but there are many others like this. Yet, whenever you look at the systems that USDS and 18F are working on, they seem to actually work. They also seem secure. So, sure, it's easy to attack having the government put together these systems, but real world experience seems to show that these groups, staffed with experienced internet engineers does things a lot better.

False Narrative: In-house government IT development know-how is critical for IT modernization. In-house government procurement and program management expertise is central to successful modernization efforts. Significant IT development expertise is not. Substantial custom software development efforts were the norm at large commercial enterprises, until it became obvious that the cost and complexity of developing technology was prohibitive, with the end-products inherently insecure and too costly to maintain long-term. The most important skill set of CIO’s today is to critically compete and evaluate commercial alternatives to capture the benefits of innovation conducted at scale, and then to manage the implementation of those technologies efficiently. Then, as evidenced by both OPM and Equifax, there needs to be a singular focus on updating, patching, and securing these systems over time.

There's at least some truth to the idea that developing things from scratch is not ideal in many cases, but claiming that those making decisions on federal IT shouldn't have development knowledge is ludicrous. When you don't have that kind of knowledge, that's when you get the big federal contractors coming in and selling you $600 million FBI computer systems that are useless at catching terrorists. I'd be curious if any software developers out there actually think they get better requirements docs from those with dev experience, or those without? Because over and over and over again, I've seen that when the management side actually understands software development, then the process tends to go much more smoothly, because people are much more realistic. Having non-technically inclined managers making these decisions tends to go poorly. Remember the massive computer system that the Copyright Office wasted millions on? That involved a failure of the Copyright Office to set requirements with the outside vendor who never could actually build a working system.

False Narrative: The mandate to use open source technology is required because technology developed at taxpayer expense must be available to the taxpayer. Here there is an inexplicable conflation between “open data,” which has a long legacy in the USG and stems from decades old principles that the USG should not hold copyrights, and “open source” technology preferences, which have been long debated and rejected. There is no such principle that technology developed or procured by the USG should be available free for all citizens, in fact that would present a significant dis-incentive to conducting business with the USG.

This is the most ridiculous of all. Copyright law is pretty clear on this: works of the US government shouldn't be subject to copyright -- and many in the government have embraced variations on open source to live up to that requirement. The idea that open source somehow creates disincentive to working with the US government is hilarious. Maybe for a company like Oracle, but tons of others are happy to work with the US government and lots of open source technologies have made government IT faster, cheaper and more secure.

But Oracle really wants to dig in on this point, with some complete bullshit about how open source is somehow less secure... because the Equifax hack came via a vulnerability in open source:

Developing custom software and then releasing that code under an open source license puts the government at unnecessary security risk as that code is not “maintained by a community,” but is rather assessed and exploited by adversaries. Further, this practice puts the government – most likely in violation of the law – in direct competition with U.S. technology companies, who are now forced to compete against the unlimited resources of the U.S. taxpayer. The Equifax breach stemmed from an exploit in the open source Apache Struts framework.

The Equifax breach stemmed from Equifax failing to patch a widely discussed bug that competent administrators should have patched. The bug was found and patched because it was open source.

Speaking of "false narratives," Oracle also claims that open source technology is being used less and less in the corporate world:

Open source software has many appropriate uses and should be competed against proprietary software for the best fit and functionality for any given workload, but the fact is that the use of open source software has been declining rapidly in the private sector. There is no math that can justify open source from a cost perspective as the cost of support plus the opportunity cost of forgoing features, functions, automation and security overwhelm any presumed cost savings. The actions of 18F and USDS plainly promote open source solutions and then propagate those mandates across government with the implicit endorsement of the White House. The USG’s enthusiasm for open source software is wholly inconsistent with the use of OSS in the private sector.

If you actually follow the open source software market, Oracle's claim here is laughable. Open source is now commonplace in the enterprise and that's only increasing, not decreasing.

Also, somewhat hilariously, Oracle tries to argue that letting USDS and 18F develop things means that there will be extra costs, compared to letting private companies develop stuff:

The largest contributor to cost and complexity is customization, yet actions of the USG and the Report seem to embrace both government developed bespoke technology and customization. Custom code needs to be maintained, patched, upgraded and secured over the long-term. The cost of technology comes almost entirely from labor, not from component parts, whether software, hardware, or networking. The goal should be to seek leverage and scale by engineering out labor costs, including process engineering. Government developed technology solutions must be maintained by the government. Every line of code written by 18F, USDS or another government agency creates a support tail that results in long term unbudgeted costs.

But, again, looking at historical IT implementations pre-USDS and 18F and you see example after example of it being the outsourced, private, large government contractor companies whose work results in massive unplanned maintenance costs.

Seriously, this entire filing by Oracle is one giant false narrative of people living in denial about how the world works these days.

There's even more nuttiness in the filing, but you can go through it yourself and count how frequently you gasp at just how wrong it is. This is an old, legacy company trying to cling desperately to old, obsolete, legacy ways. Oracle's entire business was originally created to serve the US government as a customer, and it clearly doesn't want to give that up. But, once again, things like this just make it clear why the top engineers coming out of school today don't have much interest in going to work for a company with views like Oracle's.

Permalink | Comments | Email This Story

Blatant hypocrisy aside, the Trump Administration's use of personal email accounts isn't just a low-flying middle finger to public records laws. It's also a stupidly insecure method for handling sensitive communications.

Senior adviser Jared Kushner continued to use his personal email account -- albeit in a limited fashion -- after taking his official position. He did this despite being warned by the nation's professional spooks that doing so was a really bad idea. Josh Meyer reports for Politico:

The National Security Agency warned senior White House officials in classified briefings that improper use of personal cellphones and email could make them vulnerable to espionage by Russia, China, Iran and other adversaries, according to officials familiar with the briefings.

The briefings came soon after President Donald Trump was sworn into office on Jan. 20, and before some top aides, including senior adviser Jared Kushner, used their personal email and phones to conduct official White House business, as disclosed by POLITICO this week.

As noted, the NSA also cautioned against the continued use of personal devices -- something that makes every admin official who still insists on using their own laptops and phones attack vectors for cybercriminals and state-sponsored attacks from unfriendly governments.

But whatever, it's just the nation's top intelligence experts talking. Use of personal devices and email accounts continued, despite admin staff being told to assume these were already compromised. At this point -- more than six months after that cautionary meeting -- it's likely bad guys are standing in line to access cycles on admin accounts and devices.

As Meyer notes, this isn't necessarily just a Trump administration issue. It's something that happens with every incoming president and their crew. No one wants to give up devices and email accounts and not many of them can be immediately convinced about the level of risk.

But the point remains: when the NSA explains what could possibly happen to insecure devices and accounts, its information is coming from a place of deep personal experience (as it were):

A second former U.S. intelligence official said that the NSA briefers understand how insidious the cyberespionage campaigns can be because they conduct similar operations against others.

So, it's not the only administration to play it fast and loose for the first several post-inauguration months. But it's the one that will (and should) take the most heat for it. For one, evidence is being amassed showing Russian interference and influence on the election run, if not on the administration itself. For another, it's an administration that found its way into office using Hillary Clinton's personal email server use as a springboard. The other problem is the Trump Team has decided to throw its energy into shutting down internal leaks rather than addressing its own security holes, which means info is probably being exfiltrated to state actors with something far more nefarious in mind than leaking docs to journalists.

Permalink | Comments | Email This Story

There are obviously a lot of mixed motivations behind the push for SESTA -- the Stop Enabling Sex Trafficking Act -- with many of those motivations based on good intentions of actually stopping sex trafficking. Of course, we've explained in great detail how SESTA isn't likely to help at all, and is quite likely to make the problem worse. It also seems clear that many of those lining up in support of the bill see it as a wedge -- a way to slowly dismantle intermediary liability protections for platforms on the internet. And thus, some just see it as a way to attack Google and Facebook out of a general dislike for those companies -- without realizing (or without caring) just how much damage it will do to free speech online and the platforms that enable such speech. We've also been perplexed by SESTA supporters using completely bogus stats to insist the problem of sex trafficking is much larger than it truly is. As we noted, sex trafficking is both very real and an absolute tragedy for those caught up in it and their families. But we should be realistic about the actual scope of the problem -- and many SESTA supporters aren't actually able to do that.

But perhaps the motivation behind some SESTA supporters is... even more absurd. An email popped up in my inbox recently with a bunch of really strong language supporting SESTA, coming from a group calling itself the National Center on Sexual Exploitation (NCSE). They run the website "End Sexual Exploitation" and are strong supporters of SESTA. But what caught my eye is that the end of the email noted the true mission of NCSE isn't to end sex trafficking... but to rid the world of the "public health crisis of pornography."

You see, NCSE began its life in 1962 as Morality in Media, and was a reaction to a ridiculous moral panic over "pornographic material" being left outside of a school. NCSE appears to believe that all porn is pure evil and must be eradicated. The group has insisted that porn is a "public health crisis" and has worked to get states to declare it as such. It also posts a Dirty Dozen list of organizations that it needs to shame for "perpetuating sexual exploitation."

Want to know how totally fucked up the list is? They include the American Library Association and Amnesty International on this year's list. Really. They completely misrepresent the ALA's opposition to mandatory internet filters to claim that libraries have been turned into "a XXX space that fosters child sexual abuse." It put Amnesty on the list because Amnesty dares to call sex workers "sex workers" rather than prostitutes. They also list the Justice Department as an honorable mention for failing to enforce obscenity laws, which NCOSE wants to use to basically criminalize pornography. In other words, NCSE supports pretty blatant censorship.

Now people can certainly differ on their beliefs about prostitution and pornography, but having groups like this at the forefront of destructive, counterproductive bills like SESTA -- which will do nothing to stop actual sex trafficking, and plenty to harm free speech online -- raises some serious questions about what really are the goals of SESTA. NCSE certainly seems to think it's part of the plan to wipe out all pornography. Considering that other SESTA supporters insist (incorrectly) that SESTA won't have any impact on speech online, they might want to consider why one of their major coalition partners seems to be eagerly looking for ways to censor the internet.

Permalink | Comments | Email This Story

While Amazon continues its search for the location of HQ2, we take a look at a few reasons why Baltimore, Maryland is the BEST option out of the bunch.

Previously only available by invite, Google is opening up Android's Family Link parental control feature to everyone. Here's how it works.

Another warrant requirement for Stingray use has been established. Again, it's not a federal decision, so jurisdiction is limited, but there's now another case to cite when fighting warrantless Stingray use in federal courts.

This decision comes from the DC Appeals Court (very much not the DC Circuit Court of Appeals). The case involves the Metro PD's use of a Stingray to track two phones: the suspect's and one he had stolen. The lower court handed the government a win. After pointing out there was plenty of time (around 10 hours between report of crime and Stingray deployment) to obtain a warrant (thus no exigent circumstances exception), the court decided the evidence derived from the tracking fell into the "inevitable discovery" exception since the tracking of the stolen phone would have led officers to the suspect.

The problem is the officers testifying for the Metro PD could not say for sure which phone they were tracking: the suspect's or the phone he had allegedly stolen from the victim. The lower court cut the cops some slack, allowing for the possibility of they were tracking a phone (the victim's) the suspect had no privacy interest in.

The appeals court, however, doesn't read it the same way. First, it goes further than the lower court, deciding the use of Stingray devices requires a warrant. As it points out in its opinion [PDF], the use of Stingray devices is far more invasive than other tracking methods. To begin with, it does something historic cell site location data and/or GPS trackers can't: locate a suspect no one's actively tracking.

With a cell-site simulator, however, police no longer need to track a person visually from some starting location or physically install a tracking device on an object that is in, or will come into, his or her possession. Instead, they can remotely activate the latent tracking function of a device that the person is almost certainly carrying in his or her pocket or purse: a cellphone. As the present case demonstrates, police officers first obtain subscriber information and real-time location information from the target‘s telecommunications provider to narrow down the search area. They then proceed to that area with a cell-site simulator, which they use to force the person‘s cellphone to identify itself and reveal its exact location. It is in this sense that a cell-site simulator is a locating, not merely a tracking, device: A cell-site simulator allows police officers who possess a person‘s telephone number to discover that person‘s precise location remotely and at will.

Further, Stingray devices force peoples' phones to relinquish information to law enforcement.

A final consideration is that when the police use a cell-site simulator to locate a person‘s cellphone, the simulator does not merely passively listen for transmissions sent by the phone in the ordinary course of the phone‘s operation. Instead, the cell-site simulator exploits a security vulnerability in the phone—the fact that cellphones are, in the words of the defense expert, ― "dumb devices," unable to differentiate between a legitimate cellular tower and a cell-site simulator masquerading as one — and actively induces the phone to divulge its identifying information.

Which flows directly into this determination:

The preceding considerations lead us to conclude that the use of a cell-site simulator to locate Mr. Jones‘s phone invaded a reasonable expectation of privacy and was thus a search.

There are reasons the court feels a warrant requirement is necessary -- ones that involve government responsibility and accountability.

[T]he simulator‘s operation involve[s] exploitation of a security flaw in a device that most people now feel obligated to carry with them at all times. Allowing the government to deploy such a powerful tool without judicial oversight would surely ―shrink the realm of guaranteed privacy "far below that which existed when the Fourth Amendment was adopted." Kyllo, 533 U.S. at 34. It would also place an individual in the difficult position either of accepting the risk that at any moment his or her cellphone could be converted into tracking device or of forgoing ― "necessary use of" the cellphone.

The government argued cellphone users have no expectation of privacy in location information they know (or should know) is being broadcast to third parties. The appeals court disagrees, pointing to the Supreme Court's decision on wiretap use.

Contrary to the government‘s argument, Katz makes clear that a person does not lose a reasonable expectation of privacy merely because he or she is made aware of the government‘s capacity to invade his or her privacy. When Katz was issued, the public and the courts were well aware of the government‘s capacity to wiretap and eavesdrop through technological means, yet the Supreme Court did not find this fact determinative of the question whether individuals possess a reasonable expectation of privacy in their conversations.

[...]

A person‘s awareness that the government can locate and track him or her using his or her cellphone likewise should not be sufficient to negate the person‘s otherwise legitimate expectation of privacy.

The court also shoots holes in the government's "inevitable discovery" theory. At some point, the officers switched from tracking a phone with zero privacy interest (the victim's) to tracking the suspect's phone. When they did this, they screwed themselves out of a warrant exception. The court decides the government doesn't get to pile up wrongs and ask the court to view them as "right."

[H]ere the government is asking us to find inevitable discovery where the police had mutually exclusive options and, for whatever reason, chose the option that turned out to be unlawful. The inevitable-discovery doctrine does not apply in this type of situation.

The good faith exception is killed off as well, thanks to the secrecy surrounding the Metro PD's ownership and deployment of a Stingray device.

The Supreme Court has not, however, recognized the applicability of the good-faith exception in a situation remotely like the present one—where the police, not acting pursuant to a seemingly valid warrant, statute, or court opinion, conducted an unlawful search using a secret technology that they had shielded from judicial oversight and public scrutiny. See supra note 26. Indeed, assuming the police believed the warrantless use of the cell-site simulator to be lawful, they could not have reasonably relied on that belief, given the secrecy surrounding the device and the lack of law on the issue.

As for the government's argument suppression of evidence isn't needed to deter future wrongdoing because the PD now abides by DOJ guidance recommending search warrants for Stingray use, the court finds its assertions hollow.

The government has not cited any case in which a court has declined to apply the exclusionary rule based on the government‘s representation that it will not engage in unlawful conduct in the future. [...] And given that the DOJ policy memorandum does not describe any sort of enforcement mechanism that would ensure compliance with the policy, and given that the present administration or a subsequent one may well revise this policy, we are not convinced that the need to deter future constitutional violations is lacking.

And with that, the government loses almost all of its evidence, as well as the testimony of one of its witnesses. The conviction obtained is also reversed. The concurring opinion points out something that clearly separates Stingray cellphone tracking from other cellsite location info collection methods: it turns people's cellphones into investigative tools by law enforcement. And it doesn't do this voluntarily, no matter how the government might choose to misread the Third Party Doctrine. It does it by forcing all phones in the area to connect with the Stingray device and cough up their identifying info, including location.

This decision stands next to the one in Maryland as the first court-determined Stingray warrant requirements. More will come, although it's not entirely clear at this point which way these decisions will go. The Supreme Court is set to hear a case on warrantless access to historic cell site data. Whatever's decided there will factor into ongoing courtroom discussions about warrantless deployment of cell tower spoofers.

Permalink | Comments | Email This Story

It looks like being the wrong kind of American will result in the mandatory collection of social media account handles and aliases. New rules on social media snooping have been floated several times with varying degrees of sincerity, but this time the DHS actually means it.

The Department of Homeland Security published the new rule in the Federal Register last week, saying it wants to include "social media handles, aliases, associated identifiable information, and search results" as part of people's immigration file. The new requirement takes effect Oct. 18.

This will affect all immigrants, whether or not their legal status says they should be treated like US citizens. The rule covers permanent residents and naturalized citizens, not just visa applicants and visitors. And it will proceed despite two important missing elements: clear legal authority and any proven national security value.

The DHS admitted in a letter to Ron Wyden it had no authority to search Americans' social media accounts. All it could point to was the "border exception" upheld by courts as a valid Fourth Amendment bypass thanks to its national security nexus. But as for laws explicitly allowing the government to gather social media info from Americans, it had nothing.

Critics of this stepped-up demand for information point out it's a reactionary move by the DHS, aligning it with the repeated failures of the constantly one-step-behind-the-terrorists TSA.

Alex Nowrasteh, an immigration policy analyst at the Cato Institute’s Center for Global Liberty and Prosperity, said the expansion seems to originate from concerns about Tashfeen Malik, one of the San Bernardino shooters in late 2015.

“This is another example of the government changing security protocols based on a previous incident that will impose an enormous cost and that is of dubious value for the future,” Nowrasteh said. “Social media has been used in immigration courts for years but there’s little evidence that it’s helped with visa vetting.”

But it's not just libertarian-leaning entities making this point. DHS oversight has said the same thing. A report released by the DHS Inspector General says the DHS has no plan in place to measure the effectiveness of social media account searches.

[T]hese pilots, on which DHS plans to base future department-wide use of social media screening, lack criteria for measuring performance to ensure they meet their objectives. Although the pilots include some objectives, such as determining the effectiveness of an automated search tool and assessing data collection and dissemination procedures, it is not clear DHS is measuring and evaluating the pilots’ results to determine how well they are performing against set criteria. Absent measurement criteria, the pilots may provide limited information for planning and implementing an effective, department-wide future social media screening program.

As the report notes, the policy shift was inspired by a terrorist attack the searches might have done little to prevent. The pilot programs rolled out December 2015, meaning the planned intrusiveness expansion predates President Trump's grandiose border plans.

This is bound to have a chilling effect on Americans who don't even plan to travel out of the country. Anyone spending much time interacting with immigrants/visa holders/permanent residents on social media can expect to have their sides of conversations revealed by these searches, even if they're natural-born US citizens located well outside the DHS's Constitution-free zones. The latent threat of exposed convos could steer US citizens away from engaging with anyone whose nationality might not be 100% American.

The new rule is silent on the subject of passwords, but it's pretty clear reluctance to turn over this info will result in "incomplete" searches of immigrants' devices. The best case scenario is they're free to go… without their devices. The worst case is hours of detention while CBP/ICE agents attempt to talk detainees into handing over this information.

Permalink | Comments | Email This Story

Consistency is Apple's main motivation given for switching the results from Microsoft's Bing to Google in these cases. Safari on Mac and iOS already currently use Google search as the default provider, thanks to a deal worth billions to Apple (and Google) over the last decade. This change will now mirror those results when Siri, the iOS Search bar or Spotlight is used. "Switching to Google as the web search provider for Siri, Search within iOS and Spotlight on Mac will allow these services to have a consistent web search experience with the default in Safari," reads an Apple statement sent this morning. "We have strong relationships with Google and Microsoft and remain committed to delivering the best user experience possible." Interesting move. The only logical move, of course - Bing is terrible - but still interesting if you look at the relationship between Apple and Google.

Making American Political Hypocrisy Great Again:

President Trump's son-in-law and senior adviser Jared Kushner has used a private email account to conduct and discuss official White House business dozens of times, his lawyer confirmed Sunday.

Kushner used the private account through his first nine months in government service, even as the president continued to criticize his opponent in the 2016 presidential election, Democrat Hillary Clinton, for her use of a private email account for government business.

And, because once is never enough:

Ivanka Trump used a personal email account to communicate with a member of President Trump’s administration, a watchdog group said Monday.

American Oversight obtained documents through the Freedom of Information Act (FOIA) that show Ivanka Trump, a senior White House adviser to her father, used a personal email account to contact Small Business Administration Administrator Linda McMahon in February.

It's not as though anyone isn't aware of their responsibility to use official government email accounts for official government business. There's a duty to preserve records that goes hand-in-hand with FOIA law. Those who choose to do business this way are either lazy or devious. And it doesn't necessarily have to be one or the other.

At this point, the criticisms that paved the way to Trump's win can almost all be levied against the new administration. All we're really waiting for is someone to show up with a birth certificate showing Donald Trump isn't a natural-born US citizen.

Clinton's excuse for her continuous use of a private email account was "convenience." Guess what Kushner's is:

Once in the White House, Kushner used his private account for convenience from time to time — especially when he was traveling or using a personal laptop, according to two people familiar with his practice.

As innocuous as the use appears to be -- at least according to obtained documents and unidentified sources' statements -- the point is people in government positions know better than to continue using private email accounts for government business. There's no excuse at this point -- not with more than 25 years of mainstream email use and a half-century of federal public records law.

That officials continue to do this highlights a flaw in public records laws: the fact that they're written by people with the most interest in keeping some communications secret. Private email accounts are used because there's a good likelihood courts won't force every email to be turned over in the event of a records request lawsuit. Even better, since the chance of an actual lawsuit being filed is low enough, many public figures feel these dice are safe to roll.

This isn't solely a Trump Administration problem, but it's definitely a case of double standards. We expect those from our politicians, sadly. But we don't expect them on the level we've seen over the past several months, where political opponents are savaged by administration officials (including the president) for behavior Trump's own team engages in.

Permalink | Comments | Email This Story

Over the last few years, Larry Lessig has not shied away from trying to bring about change to the corruption he sees in our political system with "big" projects. Rather than chipping away at ideas, Lessig has been announcing huge, almost impossible plans, generating lots of attention and hoping that they either create real change, or at the very least, create discussion on the topics he's attacking. So far, even he admits that most of those projects have been less than successful in achieving their goals. Back in 2014, there was his attempt to build a crowdfunded SuperPAC with the goal of ending SuperPACs (supporting candidates who would change campaign finance). While they raised a lot of money, Lessig admitted that the organization failed to make a real difference in the elections it participated in. Then there was the plan to call a new Constitutional Convention (which continues to garner discussion to this day, but mainly from those ideologically opposed to Lessig). And, of course, the failed campaign to be the Democratic nominee for President, where his main goal was to get into the debates -- only to have the Democrats change the rules to keep him out.

Each of these can certainly have the appearance of a rather quixotic approach to taking on government corruption. And while there are many things I do agree with Lessig on, there's also a pretty long list where I disagree with him. But, what I respect is that even as outwardly "crazy" as many of these plans appear to be, there's always an astoundingly detailed, well-thought out and well-argued logic behind them, even if the likelihood of success is low. He's making big gestures that may have a low probability of success, but these aren't campaigns that have just been thrown together on a whim -- they have a clear purpose and fit in with a larger theme, often trying to game the system in some clever way. They're gimmicky, but in ways that at least make you think.

All of that is true with his latest project as well: an attempt to change the way we elect the president. Obviously, many people who were upset with the results of last year's election (and lingering anger about the 2000 election) have been arguing that it's time to get rid of the electoral college. And, frankly, it's kind of difficult to justify why we still have an electoral college when it's quite clear that it serves no really useful function. But, of course, because of the way things worked out in 2000 and 2016, even discussing the problems of the electoral college have become (stupidly) partisan. And, because it's part of the Constitution, getting rid of the electoral college is a near impossibility.

So, instead, Lessig is attacking things a step down the chain with his EqualVotes campaign. The argument, again, makes a lot of sense. Don't get rid of the electoral college -- but stop giving all electoral votes in a state to the winner of the popular vote in that state. This is the part that's really undemocratic. As Lessig explains:

A Republican from California is no less a United States citizen than a Democrat. Yet her vote for President counts for nothing. Likewise with a Democrat in Texas. There is no reason not to allocate electors in a way that gives equal weight to every citizen’s vote, at least within the constraints of the framers’ original compromise.

States initially adopted “winner take all” because it amplified the power of that state’s votes. This troubled even Jefferson, who recognized the incentive to try to expand a state’s influence. As he wrote, “[a]n election by districts would be best if it could be general, but while ten States choose either by legislatures or by [winner take all] it is folly and worse than folly for the other States not to do it.”

Yet once (practically) every other state had embraced winner take all, its important effect was not to amplify, but to shift the focus of the presidential campaigns. This is because under “winner take all,” the only states in which it makes any sense for a presidential candidate to campaign are “battleground states” — states in which the popular vote can be expected to be so close that one side has a real chance to beat the other.

Thus in 2016, two-thirds of campaign events happened in just 6 battleground states — Florida, North Carolina, Ohio, Pennsylvania, Virginia, and Michigan. Four battleground states — Florida, North Carolina, Ohio and Pennsylvania — saw 71% of campaign ad spending and 57% of candidate appearances. All together, the 14 battleground states saw 99% of ad spending and 95% of candidate visits for campaign purposes.

The argument, then, is to try to force states away from "winner-take-all." Right now, only Maine and Nebraska don't do winner take all with their electoral college votes, but they both don't have many votes anyway.

Lessig's plan to bring this about is to bring legal challenges and hopefully get them to the Supreme Court. As Lessig explains:

The Supreme Court has made it clear that the principle of “one person, one vote” applies in the “Presidential selection process”—first in a set of cases in the 1960s, and most recently, in 2000, in a case called Bush v. Gore. But the Court has not yet considered whether “winner take all” rules are themselves consistent with “one person, one vote.” Delaware asked the Supreme Court to consider the question 50 years ago. The Court declined the request for review.

It is long past time for the Court to address this inequality directly.

In a separate post, Lessig has laid out the reasoning more clearly and responded to some of the key questions. The sort of judo move here, is that Lessig is effectively trying to use the Supreme Court's reasoning in Bush v. Gore to make this work -- and he's argued that if you supported the Supreme Court in that ruling, you're being inconsistent if you argue against the case he's hoping to bring, as they're based on the same principles of one person, one vote.

The real question for the opponents here is Bush v. Gore (2000): If the application of “one person, one vote” to restrict winner-take-all is invalid because the Framers never intended the clause to be used in that way, was the application of “one person, one vote” to the Florida recount invalid, because of course, the Framers of the 14th Amendment had no intent whatsoever about the Supreme Court supervising the state’s rules for counting or recounting votes?

The point is just this: It’s perfectly respectable to say, Bush was wrong, and our claim is wrong as well. But it is selective to say, Bush was right, but our claim is wrong.

Of course, there are still others who argue that a proportional breakdown will create other problems as well, such as those who support an even more radical change: to a ranked choice voting system. And while I agree that a ranked choice setup would be much better, it has basically zero chance of happening any time soon. Lessig's chances with this lawsuit appear quite slim as well, but they're at least above zero. And, yes, I'm sure some people will point to the National Popular Vote Interstate Compact, as a sort of "competing" idea to Lessig's to force a move to make the popular vote actually matter -- and Lessig has said he's supportive of that effort too -- he just sees EqualVote as another way of forcing the issue.

Either way, this is a project worth paying attention to -- even if it may be a longshot. Lessig may take a lot of these longshots, but if he gets one right, it could have a pretty major impact.

Permalink | Comments | Email This Story

A few weeks ago, we noted that Judge Rodney Gilstrap, a judge in East Texas who is infamous for handling approximately 25% of all patent cases in the entire country, appeared to be ignoring the Supreme Court in an effort to keep all those patent cases in his own docket. You see, earlier this year, in an important case, the Supreme Court said that the proper venue for a patent lawsuit to be brought should be where the defendant "resides" rather than just wherever they "do business." Previously, patent trolls had said that the lawsuits could be brought wherever a company did business -- which, with internet firms, meant anywhere -- allowing them to file in their favorite court in East Texas. The Supreme Court said "that's not what the law says."

But Gilstrap tried, somewhat creatively, to twist himself around those rules, by arguing that all sorts of other factors could be used to determine "residence" -- basically including (again) if you had any connection to that jurisdiction at all -- and thus continue to allow East Texas to be an acceptable venue. We listed out those factors in the earlier post, but don't need to do so again, because the Court of Appeals for the Federal Circuit has already weighed in and said "nope, that's not how it works."

The ruling is pretty straightforward. Basically, it says "when we say a defendant has to reside in that venue, we mean it."

As discussed in greater detail below, our analysis of the case law and statute reveal three general requirements relevant to the inquiry: (1) there must be a physical place in the district; (2) it must be a regular and established place of business; and (3) it must be the place of the defendant. If any statutory requirement is not satisfied, venue is improper...

The court then points out that words have meaning, and making up a "test" that is untethered to the meaning of the words in the statute is simply not acceptable.

The statutory language we need to interpret is “where the defendant . . . has a regular and established place of business.” 28 U.S.C. § 1400(b). The noun in this phrase is “place,” and “regular” and “established” are adjectives modifying the noun “place.” The following words, “of business,” indicate the nature and purpose of the “place,” and the preceding words, “the defendant,” indicate that it must be that of the defendant. Thus, § 1400(b) requires that “a defendant has” a “place of business” that is “regular” and “established.” All of these requirements must be present. The district court’s four-factor test is not sufficiently tethered to this statutory language and thus it fails to inform each of the necessary requirements of the statute.

And thus, Gilstrap's argument that a "virtual" presence in the district is enough... is not, in fact, enough:

As noted above, when determining venue, the first requirement is that there “must be a physical place in the district.” The district court erred as a matter of law in holding that “a fixed physical location in the district is not a prerequisite to proper venue.” ... This interpretation impermissibly expands the statute. The statute requires a “place,” i.e., “[a] building or a part of a building set apart for any purpose” or “quarters of any kind” from which business is conducted. William Dwight Whitney, The Century Dictionary, 732 (Benjamin E. Smith, ed. 1911); see also Place, Black’s Law Dictionary (1st ed. 1891) (defining place as a “locality, limited by boundaries”). The statute thus cannot be read to refer merely to a virtual space or to electronic communications from one person to another. But such “places” would seemingly be authorized under the district court’s test.

The court dings the other prongs of Gilstrap's test as well, showing that each is insufficient and then sends it back to the lower court to determine which other court the case should be transferred to, but making it clear that "East Texas" is not one of the options.

Permalink | Comments | Email This Story

This is a supercut of all of Jim's pranks on Dwight from The Office. Personally, I love a good workplace prank, but only if I'm the one doing the pranking (or at least in on it) and not getting pranked. I don't take kindly to being pranked and I well set you car on fire. Last on Tuesday I locked all the doors to the bathrooms then-- "Filled the water cooler and coffee machine with baby laxatives?" Baby? Horse. Gas masks are mandatory until a hazmat team clears the building. Keep going for the video. Thanks to Lydia, who agrees one of the keys to a good prank is not actually killing anybody on accident.

At the beginning of this week, reports emerged that Avast, owner of the popular CCleaner software, had been hacked. Initial investigations by security researchers at Cisco Talos discovered that the intruder not only compromised Avast's servers, but managed to embed both a backdoor and "a multi-stage malware payload" that rode on top of the installation of CCleaner. That infected software -- traditionally designed to help scrub PCs of cookies and other tracking software and malware -- was subsequently distributed by Avast to 700,000 customers (initially, that number was thought to be 2.27 million).

And while that's all notably terrible, it appears initial reports dramatically under-stated both the scope and the damage done by the hack. Initially, news reports and statements by Avast insisted that the hackers weren't able to "do any harm" because the second, multi-stage malware payload was never effectively delivered. But subsequent reports by both Avast and Cisco Talos researchers indicate this payload was effectively delivered -- with the express goal of gaining access to the servers and networks of at least 18 technology giants, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself.

Cisco's researchers say they obtained a copy of the hackers' command-and-control server from an unnamed source. That server contained detailed logs of the 700,000 or so computers that had "phoned home" to the hackers earlier this month. Subsequent investigation has concluded that the hackers didn't really care about most of the infected customers, and that this may have been a sophisticated state-sponsored attack specifically designed access and copy internal information and trade secrets from major tech firms:

"That target list presents a new wrinkle in the unfolding analysis of the CCleaner attack, one that shifts it from what might have otherwise been a run-of-the-mill mass cybercrime scheme to a potentially state-sponsored spying operation that cast a wide net, and then filtered it for specific tech-industry victims. Cisco and security firm Kaspersky have both pointed out that the malware element in the tainted version of CCleaner shares some code with a sophisticated hacking group known as Group 72, or Axiom, which security firm Novetta named a Chinese government operation in 2015."

One configuration file on the attackers' server was also set for China's time zone, though of course neither of these are enough solid evidence to definitively conclude state-sponsored involvement... yet. In an updated post to its website, Avast has been forced to concede that their initial claim that the second, multi-staged payload was never delivered was false, and that the total number of compromised machines at these targeted companies is "at least in the order of hundreds":

"First of all, analysis of the data from the CnC server has proven that this was an APT (Advanced Persistent Threat) programmed to deliver the 2nd stage payload to select users. Specifically, the server logs indicated 20 machines in a total of 8 organizations to which the 2nd stage payload was sent, but given that the logs were only collected for little over three days, the actual number of computers that received the 2nd stage payload was likely at least in the order of hundreds. This is a change from our previous statement, in which we said that to the best of our knowledge, the 2nd stage payload never delivered."

Cisco also warned impacted tech companies that deleting the software itself off of infected PCs is no guarantee that the threat has been mitigated, since the payload may have installed a second payload on their networks with its own, still-active command and control server. Like previous attacks of this type, the reported scope of the sophisticated attack is likely to only grow as researchers dig deeper.

As several outlets were quick to correctly note the attack on CCleaner highlights a supply-side security problem at a growing number of software companies like Ukrainian accounting software MeDoc and South Korea-based firm Netsarang, which both passed on malware to trusting clients in the last few months. Traditionally we've comforted ourselves by insisting we're safe if we just avoid untrusted app stores, dubious attachments, or questionable links -- but this attack further up the software supply chain erodes public trust, which could deter users from using or updating essential protection.

Permalink | Comments | Email This Story

No matter how well you prepare for airport security — wearing belt-less pants and slip-on shoes, knowing exactly how to stand when it’s your turn — you may still end up waiting because your carry-on hasn’t finished its trip through the baggage scanner. That may soon improve, now that the Transportation Security Administration has approved new, faster scanners for use at airport checkpoints.

Massachusetts-based Analogic Corp. revealed this week that its ConneCT scanner had received a stamp of approval from the TSA by meeting the agency’s Advanced Technology (AT) detection standards.

Like the speedier machine currently being tested by American Airlines at Phoenix’s Sky Harbor Airport, the Analogic scanner users computed tomography (CT) to generate a fuller, three-dimensional image of bags and their content. As the L.A. Times points out, the TSA approval of ConneCT means that additional airports will be able to test this next generation of scanners, hopefully expediting their deployment in the long run.

The Technology

The newly approved ConneCT scanners, manufactured by Analogic Corp, uses the same imaging technology one would find in a hospital CT machine. But instead of looking at your insides, the scanners will generate a 3D image of carry-on baggage.

The image is then analyzed by security officers, who can manipulate the image, spinning 360 degrees to show the contents from several angles.

Additionally, the machines use an algorithm to automatically identify weapons, Analogic says in a statement.

If an item in the bag appears suspicious, a security worker will check the bag.

“With record-breaking air travel numbers and new threats to the public, it is ever more important to deploy cutting-edge technology that can evolve with the security landscape,” Jim Ryan, senior vice president and general manager of security detection and power technologies at Analogic, said in a statement.

Moving Faster

TSA has previously noted that CT screening technology could decrease time spend in security screening by about 30%.

Travelers would be able to speed through the lines, as the technology would allow them to keep liquids and personal electronics in their bags.

The L.A. Times reports that Analogic estimates the number of passengers going through security in one hour would increase from 180 to 500 if its scanners were in use.

While its unclear just where the scanners will turn up, Analogic already has one customers: American Airlines. The carrier announced in June that it would purchase several ConneCT scanners for use in the future.

Rick Osterloh, Google's senior vice president of hardware, writes: About a year and a half ago, I joined Google to pursue my dream job to create compelling hardware products, built with Google's smarts at their core. As a first step, we brought together various consumer hardware-related efforts and established a single hardware organization within the company. Our team's goal is to offer the best Google experience - across hardware, software and services - to people around the world. Last fall, we introduced our first family of Made by Google products, including Pixel smartphones, Google Home, Google Wifi, Daydream View and Chromecast Ultra, and we're preparing to unveil our second generation of products on October 4. We're excited about the 2017 lineup, but even more inspired by what's in store over the next five, 10, even 20 years. Creating beautiful products that people rely on every single day is a journey, and we are investing for the long run. That's why we've signed an agreement with HTC, a leader in consumer electronics, that will fuel even more product innovation in the years ahead. With this agreement, a team of HTC talent will join Google as part of the hardware organization. These future fellow Googlers are amazing folks we've already been working with closely on the Pixel smartphone line, and we're excited to see what we can do together as one team. The deal also includes a non-exclusive license for HTC intellectual property. This may elicit some flashbacks to Google buying Motorola, but said purchase was more about patents than it was about the company's hardware business - and even after selling Motorola, it turned out this was actually a pretty good deal. Google's sale of Motorola supposedly was part of a series of deals with Samsung, which included a patent-sharing agreement and Samsung promising to stick closer to stock Android. It seems like Google is feeling more confident now, and is willing to risk agitating Samsung by investing in their own hardware capabilities.