Brindle

It’s no secret that Samsung is a large company. Just take a look around your house and you’ll probably find at least one Samsung product. It could be your phone, TV, Blu-ray player, headphones, computer, dishwasher, dryer, refrigerator, vacuum, or light bulbs. Even if you don’t see the Samsung logo on something you still might have a product with some Samsung internals.

Samsung is everywhere.

It’s easy to think we can understand just how large a company like Samsung is, but in reality we have no idea. Did you know Samsung built the tallest building in the world? Did you know Samsung has more employees than Apple, Google, and Microsoft combined? Did you know they have their own military department? That’s just the tip of the iceberg.

The video below goes in-depth at how massive Samsung has become. The company that first started out making noodles is now in nearly every household. If you’ve got 11 minutes to spare it’s well worth a watch. You’ll never look at the Samsung Galaxy S6 in your pocket the same way.

A street artist going by the name Wanksy started spraypainting problematic potholes in Manchester, England with crude penises, and the majority were repaired within 48 hours, and even more within the week. That is how you GET THINGS DONE. Wanksy says the inspiration for his road wieners came(!) after a friend was injured on his bicycle due to a pothole. Wanksy also says the paint that he uses isn't permanent, and washes away in a couple weeks, leaving repaired potholes peen-free. Obviously, I'm going to go out tonight and spraypaint penises on every pothole I see. And wall. And...basically every surface. Eventually, the area around my apartment building will be known as Penistown, and I will be elected mayor AND president of the neighborhood watch. Keep going for a coupe more pothole peens of all shapes and sizes. Thanks to ThomasTheTank, who doesn't even feel potholes when he runs over them because he's a f***ing tank.

A huge report (747 pages) on the NSA's Stellar Wind program has been turned over to Charlie Savage of the New York Times after a successful FOIA lawsuit. Stellar Wind has its basis in an order issued by George W. Bush shortly after the 9/11 attacks. Not an executive order, per se, but Bush basically telling the NSA that it was OK to start collecting email and phone metadata, as well as warrantlessly tap international calls into and out of the United States.

The extensive detailing of the program's history contains some rather surprising elements. While much of it remains redacted, there's still enough exposed that indicates the program was like many others the NSA has pursued: expansive, intrusive, done without oversight… and ultimately mostly useless.

In 2004, the F.B.I. looked at a sampling of all the tips to see how many had made a “significant contribution” to identifying a terrorist, deporting a terrorism suspect, or developing a confidential informant about terrorists.

Just 1.2 percent of the tips from 2001 to 2004 had made such a contribution. Two years later, the F.B.I. reviewed all the leads from the warrantless wiretapping part of Stellarwind between August 2004 and January 2006. None had proved useful.

Not that this lack of results kept those writing the report from celebrating the "successes" the FBI apparently couldn't find. Of course, there's nothing to be gleaned from this information because those have been completely redacted.

What is clear is that the program quite possibly did more harm than good. The NSA was sweeping up an unprecedented amount of information but -- because of its secret origins -- was mostly unable to share with the CIA or FBI. In particular, the warrantless wiretapping the NSA engaged in couldn't be passed on to the FBI until leaked details finally forced legislators to act on this apparent breach of Americans' privacy -- which they did by codifying the NSA's actions, making them perfectly -- and retroactively -- legal. Even then, it still posed problems for the FBI.

F.B.I. agents were asked to scrutinize phone numbers deemed suspicious because of information from the program. But the agents were not told why the numbers had been deemed suspicious, only “not to use the information in legal or judicial proceedings.”

That made some agents uncomfortable, and it was not clear how such mysterious leads fit into their rules for investigations.

The FBI, which is now heavily engaged in the management of parallel construction for law enforcement Stingray usage, found itself in the awkward position of disguising the origin of intelligence it hadn't specifically asked for, as well as having the NSA tell it what it could and couldn't say in front of judges. This would include applications made to the FISA court.

We asked [DOJ intelligence counsel James] Baker whether he thought the restrictions on the use of Stellar Wind-derived leads disseminated to field offices, as described above, were sufficient to guard against including Stellar Wind information in FISA applications. Baker stated that his experience with FBI record-keeping practices did not give him a high degree of confidence that such separation could be consistently maintained. In addition, Baker believed that the nature of FBI international terrorism investigations would make it difficult to track Stellar Wind-derived information. According the FBI OGC, Baker did not share with the FBI his concerns about whether its record-keeping practices would keep Stellar Wind information from being used in FISA applications.

Rather than disconnect the FBI from the influx of questionably-obtained NSA "tips," the administration worked with the DOJ to make it easier for the agency to find something to do with intelligence passed on by the NSA.

The Justice Department created the new type of investigation, initially called a “threat assessment,” which could be opened with lower-grade tips. Agents now use them tens of thousands of times a year.

Questionable "intel" leads to even more questionable not-quite-investigations. As can be seen by the FBI's own conclusions, about the only thing Stellar Wind did for it was increase the number of man hours wasted running down the NSA's "leads."

As for the FISA court, there's a good reason it's been perceived as a "rubber stamp" for NSA requests. Bush's secret executive authorizations were disclosed to FISA Judge Royce Lamberth by Bush himself. Further orders for these collections were routed only through Lamberth, and his successor, Colleen Kollar-Kotelly.

This belated admission (which did nothing to halt the collections) was prompted by none other than James Baker, who stumbled across a clumsy attempt at parallel construction.

[Baker] came across “strange, unattributed” language in an application for an ordinary surveillance warrant and figured it out, then insisted on telling Judge Lamberth.

Another FISA court judge did discover the NSA's Stellar Wind program, although to him it appeared to be an extensive string of telephone metadata abuses by the NSA. Judge Reggie Walton threatened to shut down the Section 215 collection entirely in 2009, concerned about the agency's deliberate misleading of the court on the program's inner workings and its extent. As Marcy Wheeler points out, these weren't technically "abuses." They were just Stellar Wind collections that failed to be properly obscured when placed in front of a FISA judge other than Colleen Kollar-Kotelly.

I have long scoffed at the claim that the phone dragnet violations discovered in 2009 were accidental. It has always been clear they were, instead, features of Stellar Wind that NSA simply never turned off, even though they violated the FISC orders on it.

The Stellar Wind IG Report liberated by Charlie Savage confirms that.

It describes that numbers were put on an alert list and automatically chained.

"An automated process was created to alert and automatically chain new and potential reportable telephone numbers using what was called an “alert list.” Telephone numbers on the alert list were automatically run against incoming metadata to look for contacts. (PDF 31)"

This was precisely the substance of the violations admitted in 2009.

Kollar-Kotelly, on the other hand, was much more indulgent when responding to NSA requests, allowing the agency to recast the low bar of pen register orders as justifying bulk email metadata collections obtained through Stellar Wind -- something she did a few years before the NSA allowed Stellar Wind to bleed into its Section 215 collections.

The documents don't restore any faith in the "oversight" of the NSA's activities. Instead, it shows two presidents acting in secrecy to permit the surveillance of American citizens and involved agencies covering it up with parallel construction, intense secrecy, manipulation of oversight bodies and several very questionable legal theories.

Permalink | Comments | Email This Story

Did you know that U.S. ISPs in uncompetitive markets are really, really shitty at their jobs? While I assumed that was pretty common public knowledge by this point, there's an interesting new groundswell of attention being paid to the fact that most ISPs are absolutely abysmal at communicating 1: what real-world speeds a user can get; and 2: whether users can actually get service at all. Case in point was the recent, Kafka-esque experience of a new Washington homeowner, who spent months being given the runaround by Comcast and CenturyLink regarding service the companies repeatedly (but falsely) promised was available.

This week, another story is making the rounds that highlights how ISPs will often claim to offer one speed, then actually offer users something dramatically more pathetic (if you can get connected at all). This user in Michigan, for example was told by AT&T's website and employees repeatedly that he should be able to get 20 Mbps at his address -- only to discover that the top speed he could get was a not-so-brisk 300 kbps. Such circa 1999 speeds are of course well below the FCC's new 25 Mbps broadband definition, changed to highlight the notable lack of U.S. competition at higher speeds.

Given that AT&T likely doesn't see any competition in the user's market, that 300 kbps isn't just slow, it's unreliable, suffers from the more-than-occasional hiccup and for good measure it's capped at 150 GB of usage before overages are incurred. Similarly, no competition means AT&T doesn't have great motivation to upgrade its outdated internal databases, or improve customer service. The lack of competition and regulatory capture in so many of these states makes communicating with AT&T (or getting regulators to care about broken promises) a Sisyphean endeavor:

"I’ve complained to just about everybody, the FCC, the FTC, the Michigan Public Service Commission,” Mortimer said. "I got a call back from the office of the president of AT&T responding to my FCC complaint. All I got was, ‘sorry, Mr. Mortimer, the speeds are the fastest available at this time.’" Since Ars first spoke with Mortimer in January, he suffered several more frustrations with AT&T. In one incident, his Internet service was shut off after an auto-payment error, he said. In another mishap, AT&T raised his bill from $33 to $89.40 after adding a phone line to his Internet service, even though he never asked for phone service."

While we generally like to cling to the narrative that broadband connectivity in the States is bad but getting better (thanks to gigabit deployments and Google Fiber), the reality is that in many areas, it's getting worse. The story forgets to mention that AT&T and Verizon are hanging up on unwanted DSL users like these they don't want to upgrade so they can focus on more profitable (read: capped) wireless services. AT&T's so disinterested in the DSL market right now, it's actually turning away eligible customers eager to give them money, and hoping that many of the DSL customers it has get frustrated and leave. Verizon, meanwhile, is taking an even classier route: waiting until natural disasters strike, then refusing to repair DSL and phone customer lines it no longer wants.

The good news is that once you're actually connected at the speed your ISP advertises, more often than not you'll be able to reach those speeds consistently. An annual FCC study informed by custom firmware-embedded routers shows that most ISPs (with the exception of most DSL providers) deliver the speeds they advertise. The FCC has been naming and shaming ISPs that don't with fairly good results. Still, these DSL lines nobody wants to upgrade are going to be a notable problem going forward. And with billions of subsidies already thrown at companies like AT&T and Verizon over the last generation to avoid exactly these problems, people are justifiably skeptical that throwing more federal taxpayer dollars at these markets is actually going to help things.

That's of course where municipal broadband and the FCC's push to eliminate protectionist state laws comes in. Poorly-served towns and cities need the right to craft their own, flexible and customized broadband solutions in cases of market failure -- whether that's a publicly-owned fiber ring or a public/private partnership with somebody like Google. Instead, we've watched as the same telcos that don't even want to serve many of these DSL customers -- pass protectionist law preventing these communities from doing anything about it. We're only just starting to see this logjam starting to break, but it's going to take a lot more work to get many of these broadband black holes out of the grip of mega-ISP apathy.

Permalink | Comments | Email This Story

The DEA likes to borrow stuff. It's just not very good about returning borrowed items in the same shape it got them.

Like a woman's Facebook account.

Or a businessman's semi truck.

And his employee's life.

Craig Patty runs a tiny trucking company in Texas. He has only two trucks in his "fleet." One of them was being taken to Houston for repairs by his employee, Lawrence Chapa. Or so he thought.

In reality, Chapa was working with the DEA, which had paid him to load up Patty's truck with marijuana and haul it back to Houston so the DEA could bust the prospective buyers. That's when everything went completely, horribly wrong.

[A]s the truck entered northwest Houston under the watch of approximately two dozen law enforcement officers, several heavily armed Los Zetas cartel-connected soldiers in sport utility vehicles converged on Patty’s truck.

In the ensuing firefight, Patty’s truck was wrecked and riddled with bullet holes, and a plainclothes Houston police officer shot and wounded a plainclothes Harris County Sheriff’s Office deputy who was mistaken for a gangster.

The truck’s driver was killed and four attackers were arrested and charged with capital murder.

Until Patty received a call notifying him that his employee had been killed, he was completely unaware of the DEA's operations involving both his truck and his driver. Unbelievably, things got even worse for Patty after this discovery.

Patty's truck was impounded by the DEA. After it was released to him, it was out of service for several months as it underwent more than $100,000-worth of repairs. The DEA offered him no financial assistance for the truck it helped fill with bullet holes nor did it offer to make up for the revenue Patty lost while his truck was out of commission. His insurance company likewise turned down his claim, citing his truck's use in a law enforcement operation.

Nor did the DEA offer to do something to repair his newly-acquired reputation as a drug runner and/or DEA informant -- something that makes Patty's life a little bit more dangerous.

Nor will it have to. A federal judge has dismissed Patty's lawsuit against the DEA seeking up to $6.4 million in damages. (h/t to attorney Mark Bennett, who previously advised Patty but did not represent him in this lawsuit.)

A Houston-based federal judge ruled that the U.S. Drug Enforcement Administration does not owe the owner of a small Texas trucking company anything, not even the cost of repairing the bullet holes to a tractor-trailer truck that the agency used without his permission for a wild 2011 drug cartel sting that resulted in the execution-style murder of the truck’s driver, who was secretly working as a government informant.

The government argued that it is neither culpable for the damage nor under any obligation to inform the owner of any property that it wishes to use in its operations, because "clandestine."

No statute, regulation, or policy “specifically prescribe[d]” or prohibited the course of action Patty alleges the DEA agents followed. The DEA derives its authority from the Controlled Substances Act, 21 U.S.C. § 801, its implementing regulations, and various executive orders…

In this case, Task Force Officer Villasana submitted a similar declaration. He states that the DEA’s decision “to proceed with such an operation is entirely discretionary, and not mandated by any statute, rule, or policy.” Whether and how to conduct such an undercover investigation and operation is “necessarily discretionary in nature.” Villasana did not try to give advance notice to Patty that the Task Force would be using his truck because of operation’s covert nature, the risks of injury and potential for damage if something went wrong, and the uncertainty about whether other individuals (including Patty) could be trusted.

Patty responded that Villasana's own testimony ran contrary to this declaration's assertions.

Patty argues that DEA policy prohibited Villasana’s actions… He points to Villasana’s deposition testimony that “[i]f we’re going to use somebody else’s vehicle, we have to have permission,” and that “if [Villasana] knew who the owner was and the informant would have said to [him], Hey, listen, so-and-so, [the owner] owns this truck and I’m going to do this, [he] would say, Well, we need to get ahold of [the owner].”

The judge points out that Villasana also testified that he was "not aware" of any policy instructing him to notify the vehicle's owner of its potential use in a drug sting operation, nor was he under any obligation to even determine the identity of the owner through DMV records. No permission was needed, at least not as stipulated by DEA policy. What Villasana spoke of in his testimony was something left solely to his discretion.

So, it would appear the government -- especially law enforcement agencies -- can take stuff but are under no legal obligation to return it in working order. Nor are they expected to compensate the owner for any damage sustained.

This argument, perhaps the most solid of the multiple presented, dead ends thusly.

In any event, Patty fails to explain how these constitutional provisions specifically prescribed a different course of conduct or specifically proscribed what the officers did. The record shows that the DEA task force members did not know Patty’s name, were under the impression that his driver was the vehicle’s rightful lessee, and third parties caused the vehicle damage. To borrow a phrase from qualified immunity law, Patty has not shown that the “clearly established law” in place when the undercover operation was planned and implemented made the officers’ conduct unconstitutional.

In the end, it's the crime-fighting ends that justify the means -- even if the means include destroying half of a businessman's fleet of vehicles and turning him into a potential drug cartel target.

Orchestrating a covert controlled drug delivery using a vehicle and driver unconnected to any law enforcement organization to obtain evidence against a suspected drug cartel smuggling operation to prosecute those responsible fits within and furthers these policy goals. Deciding to carry out the operation without giving the vehicle owner advance notice and obtaining his consent is consistent with maintaining the covert nature of the operation and therefore with the policy goals.

Patty argues that Villasana’s testimony shows that he did not make a conscious decision whether to get Patty’s permission to use the truck, and therefore did not consider public-policy interests. But “the proper inquiry under prong two is not whether [the government actor] in fact engaged in a policy analysis when reaching his decision but instead whether his decision was ‘susceptible to policy analysis.’” Spotts v. United States, 613 F.3d 559, 572 (5th Cir. 2010) (quoting Gaubert, 499 U.S. at 325). Courts have consistently held that covert law-enforcement operations like the one at issue here are susceptible to policy analysis and covered by the discretionary function exception.

Furthermore -- quoting previous Eighth and Ninth Circuit Court decisions:

"...discretionary, policy-based decisions concerning undercover operations are protected from civil liability by the discretionary function exception, even when those decisions result in harm to innocent third parties."

TL; DR, courtesy of Andy Vickers, Patty's attorney:

A federally deputized corporal from the Houston Police Department decides to pay your small company’s driver to drive your truck to the Mexican border, load it up with illegal drugs, and try to catch some bad guys. He knows that the driver is lying to “the owner” – although he doesn’t know your name or identity and doesn’t bother to find out. The bad guys outwit the cops. Your company’s driver is killed. Your truck is riddled with bullet holes.

Query:   is our federal government liable to pay for the damages to you and your property?

Answer:   Nope.

Law enforcement immunity, combined with deference towards the judgment of those in the business of busting bad guys means it's almost impossible to force the government to reimburse private citizens for property taken without permission and damaged during the course of its "covert" use. Maybe the DEA could just bypass the legal process and cut Patty a check for the repairs? You know, just to be "neighborly" and show that we're all Americans here and no one -- not even the Drug Enforcement Agency -- is "above' making amends when things go horribly wrong.

Not a chance. To do so without an accompanying legal piece of paper explaining how this payment is not an admission of wrongdoing would be to admit fault, however implicitly. And the government doesn't want to be facing any more lawsuits than it already does. In this case, it saw a chance for a swift, cheap dismissal (thanks to some poorly-aimed arguments) and took it. And, barring a successful appeal, the decision continues the trend of courts finding law enforcement officers and federal agents culpable for their actions in only the most egregious cases.

Permalink | Comments | Email This Story

So… this US Marshal seems to have a ton of unresolved issues to work through. (h/t to Techdirt reader william)

Where to start… First off, this guy doesn't look like he's patrolling an LA suburb. He's dressed for a war zone.


There's a message being sent by this "tactical gear" and it says that these Marshals think they're a military detachment and everyone around them not clearly labeled as law enforcement is the "enemy" -- including anyone with a camera.

Now, it's pretty well established that citizens have the right to film law enforcement officers while in public places. There are exceptions, of course, but none of those appear to be in play here.

What does appear to be in play is the mental exception far too many law enforcement officers feel they can deploy whenever they'd rather not be "watched." According to an interview with Beatriz Paez, whose filming was "interrupted" by the US Marshal (and fortunately filmed by yet another person from across the street), the officers first turned their backs to her (which is fine) and then proceeded to keep moving towards her to block off her view.

When this more subtle intimidation failed to deter Paez, the US Marshal simply stormed up to her, grabbed her phone, smashed it to the ground and finally, kicked the shattered device back to her.

I guess she can be thankful he didn't demand she hand over the phone as evidence. Although, if he had deployed that BS tactic, he'd just look stupid rather than abusive and potentially dangerous -- a person armed to the teeth who can't control his impulses.

As is par for the course when law enforcement officials can no longer ignore the bad behavior of one of their officers, thanks to a citizen's recording, there's now an "investigation" underway.

“The U.S. Marshals Service is aware of video footage of an incident that took place Sunday in Los Angeles County involving a Deputy U.S. Marshal. The agency is currently reviewing the incident,” officials said in a statement.

I would hope that review has been concluded already. The video is only 58 seconds long and the marshal's actions are clearly visible. One would think the review would be about 60-65 seconds long and conclude with a supervisor's disgusted, "Seriously, dude. WTF." This should be followed by an appropriate punishment, like perhaps some sort of anger management courses and long relocation to the basement office, but will more likely conclude with a stern talking-to and a short paid vacation.

And make of this what you will:

Paez said she began recording when she saw the law enforcement presence, their military-style weapons and a line of people being detained. She said the officers started letting the people they detained go soon after she pulled out her phone and started recording.

Hmm. It would appear the officers were uncomfortable with possibly questionable actions being recorded for posterity. We don't know exactly what was going on, and it could just be a coincidence, but the attempts to intimidate Paez into putting down her phone (which concluded with a US Marshal's smash-and-grab grab-and-smash) suggest something not quite by-the-book was underway when she first began documenting the scene. We'll know more if Paez's footage can be recovered from her destroyed phone.

Permalink | Comments | Email This Story

A note of caution to anyone who works on the security team of a major automobile manufacturer: Don’t plan your summer vacation just yet.

The post Researchers Plan to Demonstrate a Wireless Car Hack This Summer appeared first on WIRED.

7-year old Colin Gilpatric recently wrote George Lucas asking him to change the rules so Jedis can get married, so that he can get married in the future without having to become a Sith. Obviously, because George Lucas has absolutely no problem throwing traditional Star Wars canon into a CG Sarlaac pit where Greedo shot first, LucasFilm agreed to the changes. Admittedly, I doubt George was even aware of the request and the response was created by LucasFilm PR, who did a wonderful job fulfilling a young boy's dreams. I dunno, maybe I'm just still a little bitter George Lucas never responded to my request to CG my face onto each side of Princess Leia's golden bikini top during the sail barge scene in the Blu-Ray re-release of Return of the Jedi. I COULD HAVE BEEN A STAR. Keep going for a picture of the bonus swag LucasFilm sent, as well as a video of Colin opening the package and another of him battling Darth Vader during Disney Star Wars Weekends.

According to the FBI and the law enforcement agencies it slaps with restrictive non-disclosure agreements, it's better to have indicted and lost than to not have deployed the Stingray at all.

Just one day before a city police officer was to face questions about a secret device used to locate suspects in a violent robbery spree, prosecutors dropped more than a dozen charges against the three defendants.

The move this month freed the officer from having to testify about a highly controversial surveillance tool — one that is subject to a confidentiality agreement between the St. Louis police and the FBI.

The department insists the Stingray had nothing to do with the dismissal. In fact, the spokesperson doesn't mention the Stingray at all (because one simply mustn't). Instead, it claims that recently uncovered information has "diminished the prosecutive merits of the case." What an odd statement to make when one suspect has already entered a guilty plea in connection with a robbery spree that resulted in the theft of cash and cell phones from seven people in just under two hours.

One of the public defenders assigned to the case believes otherwise. A victim's cell phone was traced to a hotel room using "a proven law enforcement technique." What this "technique" involved was never specified. When asked to explain in greater detail, the St. Louis Police Department called it a day. And now it looks as though it may not even be able to hold onto its single guilty plea.

Defense lawyers scheduled a deposition April 9 to ask an intelligence officer under oath about StingRay. But the charges were dismissed April 8 against all but the female defendant. She had already admitted the crimes and agreed to testify against the others but now wants to rescind her guilty plea.

This is great news for the victims of the crime spree.

Brandon Pavelich, who was pistol-whipped in one of the robberies and required 18 stitches, said he was “shocked” when prosecutors told him the charges were dropped and explained only that “legal issues” had developed.

Sorry 'bout all the stitches, says the FBI. These things will happen, unfortunately, because getting pistol-whipped and relieved of your belongings are integral to protecting this nation against terrorists.

The bureau supplied an April 2014 affidavit from Supervisory Special Agent Bradley Morrison, chief of the Tracking Technology Unit. He wrote that “cell site simulators are exempt from (court) discovery pursuant to the ‘law enforcement sensitive’ qualified evidentiary privilege” and also not subject to freedom of information laws.

Any FBI information shared with local authorities “is considered homeland security information,” he wrote. He warned that targets of investigation could benefit from piecing together minor details, “much like a jigsaw puzzle.”

It's not much of a consolation prize for the victims. In fact, it probably makes things a bit easier for criminals. The "jigsaw puzzle" piece handed over to criminals by this refusal to discuss "techniques" is that cell phone theft has a much better chance of going unprosecuted than criminal activities not involving cell phones. Cell phones are a potential "Get Out of Jail Free" card. Sure, they're also handy tracking devices -- the Narc That Fits in Your Pocket™ -- but if vague but "proven" law enforcement "techniques" are used to obtain warrants or effect arrests, evidentiary challenges and discovery requests have a small chance of resulting in a "screw it" from law enforcement agencies. That's better odds than were in play prior to the widespread use of IMSI catchers.

Certainly the victims of criminal activity are righteous in their anger. But where are the courts? They should be incensed that law enforcement feels it can withhold information from judges and defense attorneys simply because the FBI says so. The FBI doesn't have jurisdiction over courts or law enforcement agencies. The only power it does have is to do what it can to block local law enforcement from obtaining or deploying IMSI catchers if they won't play by its rules.

And where's the DOJ in all of this? It stands to reason the FBI is more concerned with prosecutions than justice, but this is a department wholly dedicated to the premise -- even if its actions often run counter to the "justice" ideal. It sits idly by while its subordinate agency tells law enforcement agencies to conceal Stingray usage and to drop cases rather than risk any national insecurity or additional criminal evasiveness.

This has gone past the point of outrage into the realm of the absurd. Dangerous criminals are being cut loose because certain techniques can't be confirmed or denied -- free to roam the streets like anthropomorphized Glomar responses, only with the potential to cause actual harm, rather than simply acting as existential threats to law enforcement techniques or the nation's well-being.

Permalink | Comments | Email This Story

In a little more than a month, elements of the PATRIOT Act are up for renewal. Among aspects being considered is the Section 215 program, an element which could suddenly disappear from the NSA's surveillance arsenal if the provision isn't re-upped yet again. (Or not. Wording in the most recent Section 215 authorization from the FISA court suggests it will just renew the order on June 1st unless it hears otherwise from Congress.)

With enough of a concerted non-effort, these provisions could simply expire. But there's no way this date comes and goes without a vote. PATRIOT Act renewals have generally faced minimal opposition, but this year there's a bit more uncertainty. A year-and-a-half of surveillance leaks has finally forced many legislators to confront what exactly they're authorizing in the name of national security. The leaks have led directly to numerous bills seeking to curb the NSA's domestic surveillance efforts. None have been successful to this point, but there's enough ill will out there that this renewal isn't the slam dunk it's been in previous years.

Obviously well aware of this increased opposition, Sen. Majority Leader Mitch McConnell has introduced a last-minute bill that would reauthorize the expiring PATRIOT Act provisions until the end of 2020. To ensure it gets to the floor before opposing bills or June 1st's expiration date, McConnell and co-sponsor Richard Burr invoked a Senate rule that allowed them to bypass the usual process -- namely its initial appearance before a Senate committee, which can then decide if the bill should move forward.

This allows McConnell and supporters to get a jump on Sen. Leahy's revamped USA Freedom Act, which is due to be presented to the Senate committee Wednesday. (McConnell presented his bill Tuesday night). Leahy isn't happy.

“Despite overwhelming consensus that the bulk collection of Americans’ phone records under Section 215 of the USA Patriot Act must end, Senate Republican leaders are proposing to extend that authority without change,” he said in a statement Tuesday night. “This tone deaf attempt to pave the way for five and a half more years of unchecked surveillance will not succeed. I will oppose any reauthorization of Section 215 that does not contain meaningful reforms.”

McConnell may not believe he has the votes necessary to push through a "no questions asked" renewal of these PATRIOT Act provisions, but his actions signal there's still a number of senators willing to grant national security agencies whatever they need, whenever they ask.

Permalink | Comments | Email This Story

Comcast's week just got notably worse with the news (barring some last minute miracle) that the cable giant will likely be walking away from its $45 billion acquisition of Time Warner Cable after leaks suggested the DOJ and FCC will likely be blocking the deal. Regulatory opposition was based in part on the belated realization that Comcast had failed to adhere to the conditions set in its 2011 acquisition of NBC, despite the fact that most of the conditions were volunteered and engineered by Comcast to be as meaningless as possible. The real deal killer however? More than a year's worth of unrelenting, negative media attention for what's arguably some of the worst customer service in any industry.

Leading this latest merger sales job for Comcast was top lobbyist David Cohen, who played a starring role in getting Comcast's 2011 acquisition of NBC approved, earning him the reputation for being a telecom policy and lobbying "rock star." As any well-paid lobbyist would, when tasked with a new merger to sell, Cohen repeatedly pushed a litany of utterly unbelievable deal benefits pulled entirely out of the ether, denied absolutely every criticism as illegitimate and irresponsible, then proudly proclaimed that nobody "reasonable or knowledgeable" could possibly object to the company's merger.

Cohen's secret weapon during the NBC acquisition was something Comcast called its "Internet Essentials" program, which provides $10, 5 Mbps broadband to homes that qualify for the National School Lunch Program. Cohen consistently touted Internet Essentials as an utterly selfless, altruistic effort to close the digital divide, wholly unrelated to the company's attempt to grease the M&A rails. There's many reasons why Cohen and Comcast failed to win the hearts of consumers and regulators, but Internet Essentials perfectly exemplifies Comcast's unique brand of hubris.

The program became an absolutely massive public relations boon to Comcast, which held junket after junket at schools across the nation, patting itself on the back for being a noble corporate citizen, with Cohen and politicians endlessly photographed surrounded by smiling children as they pretended to crush the digital divide in classrooms across America. The PR success of the effort even prompted Cohen to start calling himself Comcast's "Chief Diversity Officer," despite the fact the title's real goal was to help him dodge legal lobbying restrictions on how many hours a week he can lobby.

Since it worked so well for the NBC deal, Cohen and his lobbyist team started hyping the program even more heavily for the Time Warner Cable deal. The problem was, by this point people were starting to see through the effort. The program started taking national media heat for being hard to find, hard to qualify for, rife with caveats and little more than a faux-altruistic show pony for regulators. As a result, depending on the state, only about 11 to 15% of the millions of eligible households were able to sign up for the program. Stanford Law Professor Susan Crawford recently called Internet Essentials a "customer acquisition program masquerading as a philanthropic gesture," highlighting the restrictions Comcast baked into the program to ensure it had to do as little heavy lifting as possible:

"...only low-income families with school-age children are eligible for the program. It does nothing to close the digital divide for other underserved groups like the elderly, the disabled, and low-income childless adults. Plus, it’s hard to apply: the California Emerging Technology Fund says that it takes two or three months for applications to arrive. No existing Comcast customers are eligible — no matter how “low-income” you are, you can’t decide to reduce your bill by applying for Internet Essentials instead. (Families have been told to drop their Comcast service for 90 days and then try signing up — a terrible hardship for anyone.)"

Whenever anybody pointed out that Comcast's effort was anything less than the pinnacle of nobility, Cohen trotted out a brand of snotty rhetoric that only managed to make the company seem less likable than ever. Case in point from a blog post this week, in which Cohen once again tried to "set the record straight" about the deal benefits:

"And while it may be easy for critics to do this from the sidelines, we would rather try, in the spirit of President Kennedy, to light a candle than to curse the darkness. The reality is that Internet Essentials has been one of the most successful, if not the most successful, private sector initiatives to close the digital divide ever. And it’s not just Comcast that says this; scores of credible civic and community leaders have said the same...But to those critics and business interests that want to take shots at the program, we say join us in the fight against the digital divide to make broadband a reality for all Americans, working together to do more, rather than sniping at cross purposes to run down what has been done."

To be clear here, Comcast is offering a limited number of homes a $10, 5 Mbps down, 1 Mbps up broadband service that costs the company virtually nothing to provide, then behaving as if it had just cured bowel cancer. Meanwhile, the lion's share of the "credible civic and community leaders" supporting the program are usually paid to do so. Most importantly though, Cohen ignores that these amorphous "critics" of the program are the same poor families he breathlessly claims to care so much about. Said critics had to protest in Comcast's hometown of Philadelphia to get Comcast's attention regarding the failures of the program:

"A 10-year-old back-due cable-TV bill for $180 made Hawkins ineligible for the $9.95-a-month Internet Essentials that Comcast publicized as an aid to closing the nation's digital divide - the term for the substantial number of poor people who can't afford $50-a-month Internet service. Hawkins didn't think that was right, and Comcast wouldn't agree to a payment plan. She has a son, Khyrie, then a fifth grader at L.P. Hill Elementary School on Ridge Avenue. "They opened a can of worms with me," said Hawkins, who helped organize a protest in 2012 at Comcast's Center City headquarters to present executives with bologna sandwiches that she thought represented its Internet Essentials program."

Internet Essentials was the very heart of Comcast's Time Warner Cable merger sales pitch, as it shifted the focus away from Comcast's poor customer service reputation and toward Comcast's manufactured image as a champion of diversity, propped up by a chorus of astroturfers on the Comcast payroll. Cohen pitched a laundry list of other imaginary deal benefits that were equally negligible, from hallucinated cyber security improvements to claims the deal would be a boon to creative people everywhere.

But as AT&T found out when it tried to claim that killing T-Mobile would magically increase wireless competition, there actually is a line you can cross when it comes to lobbying bullshit and blistering hubris, even in Washington DC. However, government only respects that line when consumers can be bothered to pay attention, and they were certainly paying attention here after two decades of being abused by one of the least competitive, most apathetic industries in American history.

Permalink | Comments | Email This Story

This news is infuriating if true. And its chance of being true are pretty high, considering how little cops having the whistle blown on them care for those blowing the whistle. In this case, police officials didn't just stonewall a court order to produce records. They also allegedly dropped backdoors and keyloggers onto the plaintiff's hard drive.

An Arkansas lawyer representing current and former police officers in a contentious whistle-blower lawsuit is crying foul after finding three distinct pieces of malware on an external hard drive supplied by police department officials.

In response to a discovery request, the Fort Smith Police Department was ordered to turn over numerous items, including Word documents, PDFs and emails. Attorney Matt Campbell provided an external hard drive to the PD. When it was returned to him, it contained some of what he requested, along with three pieces of software he definitely didn't request.

In a subfolder titled D:\Bales Court Order, a computer security consultant for Campbell allegedly found three well-known trojans, including:

Win32:Zbot-AVH[Trj], a password logger and backdoor
NSIS:Downloader-CC[Trj], a program that connects to attacker-controlled servers and downloads and installs additional programs, and
Two instances of Win32Cycbot-NF[Trj], a backdoor

The police department claims it has no idea how these ended up on Campbell's hard drive. It maintains its innocence despite acknowledging its computers have anti-virus software installed that should have prevented these from ending up on its drives, much less being copied to an external drive. Campbell isn't buying these proclamations. In an affidavit submitted to the court, he alleges the PD added these trojans to take control of his computer and intercept his passwords and communications.

Campbell's first attempt to have this apparent breach investigated went nowhere.

Last September, Arkansas State Police officials declined Campbell's request that the agency's criminal investigation division probe how the hard drive sent to Campbell came to be booby-trapped. "The allegations submitted for review appear to be limited to misdemeanor violations which do not rise to a threshold for assigning a case to the CID Special Investigations Unit," the commander of the CID wrote in a September 29 letter declining the request.

So, even though CID stands for "Criminal Investigation Division" and a misdemeanor is, in fact, a criminal offense, the Arkansas State Police decided that it couldn't be bothered to examine an incident that could have resulted in breaches of attorney-client privilege. "Don't bother us until it's a felony, " is the message being sent here. Even if the CID had no interest in dealing with small-time (but not really, considering the implications) misdemeanors, it could have at least referred Campbell to authorities who would be interested in pursuing this. But it didn't -- which either means it had no interest in anyone pursuing this further or knew no other entity would be interested in pursuing an investigation of the Ft. Smith PD.

Perhaps the latter is more likely. Campbell took his complaint to the district's prosecuting attorney and met similar non-results. The district attorney's office claimed it didn't have the resources to pursue this, suggesting that its limited resources will only be used to investigate those outside of the law enforcement sphere.

So, Campbell has asked the judge to hold the department in contempt of court and impose sanctions. Not only did the PD apparently drop malware on Campbell's drive, but it also skirted many of the discovery order's stipulations.

Defendants have failed to properly answer discovery requests in compliance with this Court's Order, to wit:

a. Defendants have engaged in intentional spoliation of evidence by deleting entire email accounts without allowing Plaintiffs to search the emails;

b. Defendants have engaged in ongoing, intentional spoliation of evidence by failing to preserve and provide deleted emails that, by their own admissions, were recoverable;

c. Defendants have relied upon past AFOIA responses in answering Plaintiffs' discovery requests, resulting in Defendants providing emails that have improper redactions; and

d. Defendants have failed to provide usable documents related to Capt. Alan Haney's computer, inasmuch as the external hard drive supplied to Plaintiffs contained malicious software designed to hack into Plaintiffs' counsel's computer, rendering the hard drive unsafe for Plaintiffs' use.

The affidavit goes into greater detail on all of these accusations. One of the most egregious abuses alleged is the apparently intentional deletion of the entire content of a PD official's email account.

After receiving Defendants' responses to Plaintiffs' requests, Plaintiffs reviewed the produced documents and noted that few, if any, emails from most of the Defendants had been produced, aside from what had been previously produced in response to AFOIA requests. Accordingly, Plaintiffs' counsel arranged with Defendants' counsel to meet at the FSPD with Mr. Matlock, and that meeting was scheduled for August 5, 2014.

[...]

As this Court may recall, Defendants cancelled this scheduled meeting on August 1, 2014, via email to Plaintiffs' counsel. Plaintiffs' counsel contacted this Court on August 4, 2014, in an effort to have the August 5 meeting date honored. Defendants' counsel responded on that same date, contending that there was nothing untoward or suspicious about the last-minute rescheduling and that Court intervention into the matter was not needed.

Except there was something suspicious about this last-minute rescheduling.

The meeting between Plaintiffs, Defendants, and Mr. Matlock was rescheduled for August 28, 2014. On August 5, 2014, however, Maj. Chris Boyd, Sr., retired from the FSPD. On August 28, when Plaintiffs' counsel asked Mr. Matlock to pull up Maj. Boyd's email account, Defendant Jarrard Copeland immediately asked Mr. Matlock whether Boyd still had an email account, to which Mr. Matlock replied that he did not. Mr. Matlock further informed Plaintiffs' counsel that the emails had been deleted. When pressed on this issue, Mr. Matlock confirmed that they were deleted after Maj. Boyd's retirement on August 5, 2014.

On top of that, Mr. Matlock was still telling other cops he would to be in town during the day he told the plaintiffs he wouldn't be available (August 5), according to emails obtained by Campbell. Then, suddenly, he was completely unavailable.

That this was intentional spoliation is bolstered by the fact that, as late as 6:10 PM on August 4, 2014, Mr. Matlock was planning on being at the SPD 'by lunch' on August 5, 2015, and was communicating with other officers about doing specific tasks on the afternoon of August 5…

It was not until 9:06 AM on August 5, 2014 - the date originally scheduled for the meeting and four days after Defendants had cancelled the meeting that Mr. Matlock informed anyone that he was taking that entire day off as a 'discretionary day.' And it was not until on or about August 19, 2014, when Plaintiffs' counsel requested Mr. Matlock's payroll record for the period covering August 5, that the SPD Payroll Department was actually informed that Mr. Matlock had taken a discretionary day two weeks prior. Interestingly, this is the only discretionary day that Mr. Matlock has taken in the last three-plus years.

Given the amount of obstruction and non-compliance alleged in this affidavit, it's really not that surprising that someone -- with or without approval from superiors -- loaded tainted software onto Campbell's hard drive. Sure, there's a case to be made for stupidity rather than malice, but with the other obfuscation detailed in Campbell's affidavit, the scale is definitely leaning towards the latter.

Hopefully, the court will examine these accusations closely, considering no other entity that could hold the PD responsible for its alleged misconduct seems willing to move forward with an investigation.

Permalink | Comments | Email This Story

In response to reports last week that passenger Wi-Fi networks make some planes vulnerable to hacking, the FBI and TSA have issued an alert to airlines advising them to be on the lookout for evidence of tampering or network intrusions. The FBI and TSA note that they currently have no information to support claims that […]

The post Feds Warn Airlines to Look Out for Passengers Hacking Jets appeared first on WIRED.

Security researchers with Fox-IT in the Netherlands have found a way to detect Quantum Insert attacks.

The post How to Detect Sneaky NSA ‘Quantum Insert’ Attacks appeared first on WIRED.

The FBI seems to be more interested in securing convictions than finding the truth. An investigation into questions about the agency's hair analysis commenced in 1996, but years of foot dragging by the FBI means the full truth has only come to light over the past couple of years. What's detailed in a report compiled by the National Association of Criminal Defense Lawyers and The Innocence Project is an almost surreally callous drive for sucessful prosecutions that potentially put dozens of innocent people behind bars.

The Justice Department and FBI have formally acknowledged that nearly every examiner in an elite FBI forensic unit gave flawed testimony in almost all trials in which they offered evidence against criminal defendants over more than a two-decade period before 2000.

Of 28 examiners with the FBI Laboratory’s microscopic hair comparison unit, 26 overstated forensic matches in ways that favored prosecutors in more than 95 percent of the 268 trials reviewed so far…

This isn't to say that nearly every case reviewed will be overturned. For some, it's too late. Of those reviewed, 28 pertain to prisoners with death sentences -- of which nearly all have already died... or been put to death. For others, their convictions may not have hinged on apparently questionable DNA evidence.

What's uncovered here is just the beginning. There are nearly 1,200 more cases to review. For many of those, it will likely be several years (and several lawsuits) before the truth comes out. Of those 1,200, nearly 700 are being met with stonewalling by local law enforcement and prosecutors, who have refused to provide requested transcripts and other court materials.

Part of this widespread failure is undoubtedly due to the FBI's desire to rack up convictions. (The same is true for those entities it worked with -- local law enforcement agencies and prosecutors.) But a larger portion of this can be chalked up to the FBI's own desire to keep its "slam dunk" forensics analysis from being questioned by anyone inside or outside of its labs. For four decades (1972-2012), the FBI refused to provide any guidelines for the use of, not just hair DNA evidence, but almost any forensic evidence, in court.

The FBI is waiting to complete all reviews to assess causes but has acknowledged that hair examiners until 2012 lacked written standards defining scientifically appropriate and erroneous ways to explain results in court. The bureau expects this year to complete similar standards for testimony and lab reports for 19 forensic disciplines.

Judging from how analysts performed in court, the lack of guidance was apparently construed to mean "put people in jail," rather than unbiased scientific analysis. This news follows on the heels of a highly critical report condemning the agency's faith in "bite mark analysis," a practice that is increasingly being perceived as junk science -- foisted on law enforcement by self-described "experts" with no hard data to back up their findings. The courts, so far, have often indulged bite mark experts, despite a National Academy of Sciences report finding that bite mark analysis provides "no evidence of an existing scientific basis for identifying an individual to the exclusion of all others."

These are people who have the power to effectively end someone's life and they've been instrumental in ensuring that problems tracing back to the early 1970s -- and first examined 25 years later -- remained buried until it could no longer be ignored.

Permalink | Comments | Email This Story

Paying for college has never exactly been easy, but it's been getting increasingly difficult over time. On top of that, it's getting more difficult to get into some of the more selective schools. CA Gov. Jerry Brown remarked that "normal" people can't get accepted to Berkeley anymore (hold the jokes on how normal the students at Berkeley have ever been, okay?). Proposals for free community college tuition (with fine print attached) might make higher education more accessible and certain colleges more socio-economically diverse, but what's going on with the costs of tuition?

• All the Ivy League universities and a bunch of prestigious schools like MIT and Stanford offer free tuition for students from families earning less than specified income levels. However, if the goal of these kinds of programs is really to achieve higher socio-economic diversity of student populations, perhaps efforts to level the playing field should start far earlier than college. [url]
• The putative reason for the increasing college tuition is related to slashed government funding, but the conventional wisdom seems to ignore the growth of the student population, as well as the administrative expansion which has been roughly ten times the rate of growth of tenured faculty positions. Some folks point to the seven-figure salaries for high-ranking university executives as a scapegoat, but the situation seems to be much more complex. Is there a more efficient way to deliver higher education and reliably recognize student achievements? [url]
• Government subsidized higher education isn't going to lower the costs of educating -- it'll just obscure the relationship between that cost and tuition. Reducing administration costs for colleges and universities seems like the place to start, but it's not clear how the cuts there would begin... or why they would be initiated by the very people who are in charge of the administration budgets. [url]

After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.

Permalink | Comments | Email This Story

Back in December, when the Sony emails first leaked, we wrote about how Sony hired super-high-powered lawyer David Boies to send off ridiculously misinformed letters to media outlets warning them that they should not write anything based on information in the leaks. Boies took it a ridiculous step further, threatening to sue Twitter for not blocking screenshots of the emails. Both threats had no real legal basis.

Of course, now that the emails are in the news again, thanks to Wikileaks posting the archive online and making it searchable, Sony is apparently shelling out more big bucks to Boies to send around another version of the letter. You can see the letter here or at the bottom of the post.

Once again, the legal reasoning in the letter is... questionable at best. The included attack on Wikileaks is even more confused, arguing that freeing up this information helps North Korean censorship. It's difficult to see how that's really true, but okay. But the really ridiculous part is arguing that the media should not publish this information to support the First Amendment. Really.

SPE [Sony Pictures Entertainment] therefore again asks for your help in protecting the First Amendment and declining to exploit the Stolen Information. As I stated in my December 2014 letter, SPE does not consent to your possession, review, copying, dissemination, publication, uploading, downloading, or making use of any of the Stolen Information. And we again ask that you take all reasonable actions to prevent your company and any of your employees, independent contractors, agents, consultants, or anyone who may have access to your files from examining, copying, disseminating, distributing, publishing, downloading, uploading, or making any use of the Stolen Information.

This is a rather confused understanding of the First Amendment, and the rights of the press to look at and publish newsworthy information, even if it's obtained through more questionable means. Hell, it seems worth mentioning right about now that Sony Pictures Entertainment just happens to be making a movie about Ed Snowden. Apparently, it's fine and dandy for Sony to make a movie detailing how the press was able to report on a bunch of "stolen information," but if anyone in the media does that about Sony, then it's magically illegal? Is Sony really going to try to push that argument in court? Because it's going to get a massive First Amendment smackdown if it tries.

Thankfully, it appears that most of the press is ignoring these threats, and there have been a number of interesting and newsworthy stories coming out of people looking through the emails. Well, except for Hollywood's favored mouthpieces, like Deadline.com. It reported on this letter, but used it to repeat Sony's completely bogus talking points and insist that "respectable media outlets don't seem to have any appetite to re-enter territory that seemed morally questionable in December."

While one might argue that revealing internal gossip and bad jokes by Sony execs is morally questionable, it seems that stories about paying for political investigations of companies you don't like is extremely newsworthy. As is trying to influence international trade policy with statements that completely contradict what you've said publicly. There is plenty of newsworthy information in these documents, and the media would be doing the First Amendment a major disservice to ignore newsworthy information just because Sony doesn't like it.


Permalink | Comments | Email This Story

Say what you will about the Baltimore PD and its cell tower spoofers (like... "It would rather let accused criminals go than violate its [bogus] non-disclosure agreement with the FBI…" or "It hides usage of these devices behind pen register/trap and trace warrants and then argues the two collection methods are really the same thing…"), but at least it's making sure the hundreds of thousands of dollars it's spent on the technology isn't going to waste.

On Wednesday, Baltimore police Det. Emmanuel Cabreja said the department has deployed the device, called Hailstorm, and similar technology about 4,300 times since 2007.

As the AP notes, the number of deployments admitted to here is the largest ever made public. This doesn't necessarily mean the rate of usage (more than once a day, on average) is out of the ordinary, however. Thanks to the very restrictive non-disclosure agreement the FBI forces law enforcement agencies to sign (while falsely claiming "the FCC made us do it!"), information on cell tower spoofers has very rarely been disclosed.

Det. Cabreja confirmed the ultra-restrictive terms of the FBI's NDA, which forbids law enforcement agencies from producing any information on Stingray devices, no matter who's asking for it.

Cabreja said under questioning from defense attorneys that he did not comply with a subpoena to bring the device to court because of a nondisclosure agreement between the Baltimore police and the Federal Bureau of Investigation.

“Does it instruct you to withhold evidence from the state’s attorney and the circuit court of Baltimore city, even if upon order to produce?” asked defense attorney Joshua Insley.

“Yes,” Cabreja replied, saying he spoke with the FBI last week about the case.

There's nothing quite like hearing confirmation that two law enforcement agencies worked together to withhold information from a party being prosecuted by directly violating a court order. But it gets even better. The Baltimore PD's NDA was made public, and it shows the State's Attorney's office signing off on withholding Stingray information from judges and defendants, as well as agreeing to toss cases if exposure seems unavoidable. In contrast, the Erie County Sheriff's Department's agreement obtained by the NYCLU only contained signatures from law enforcement officials.


The courts -- at least in Baltimore -- seem to be tiring of this secrecy. Baltimore judge Barry Williams has previously questioned the Baltimore PD's citation of its non-disclosure agreement with the FBI, with one memorably pointing out that the PD "doesn't have a non-disclosure agreement with this court." Unfortunately, if the Baltimore PD prioritizes its NDA over its obligation to obey court orders and turn over requested evidence, then it does actually have an NDA "with the court," albeit one the court never agreed to. If the FBI says Stingray info isn't going to be turned over -- no matter who's asking for it -- that information will remain hidden, even if it means tossing criminal cases.

Permalink | Comments | Email This Story

Change a teacher's desktop wallpaper? That's a felony.

The Pasco County Sheriff's Office has charged Domanik Green, an eighth-grader at Paul R. Smith Middle School, with an offense against a computer system and unauthorized access, a felony. Sheriff Chris Nocco said Thursday that Green logged onto the school's network on March 31 using an administrative-level password without permission. He then changed the background image on a teacher's computer to one showing two men kissing.

Seemingly everyone at every level of government wants to talk about cybersecurity. Most of what's discussed is delivered in the breathless cadence of a lifetime paranoiac. (Won't someone think of the poor multimillion-dollar studios?!!?) This school is one level of government. So is the sheriff's office. Both felt the 14-year-old's actions were severe enough to warrant felony charges. Why? Because somebody hacked something. If you can even call it "hacking…"

Green had previously received a three-day suspension for accessing the system inappropriately. Other students also got in trouble at the time, he said. It was a well-known trick, Green said, because the password was easy to remember: a teacher's last name. He said he discovered it by watching the teacher type it in.

The teen changed a computer's wallpaper and was able to do so because the most basic of security precautions weren't taken. Multiple students took advantage of this lax security to access computers with webcams so they could chat "face-to-face" while utilizing the school's network.

The school got all bent out of shape because some of the computers accessed contained encrypted test questions. It turned the student over to law enforcement because it deemed his "breach" of its system too "serious" to be handled by just a 10-day suspension. It had him arrested because of things he could have done, rather than the thing he actually did.

One of the computers Green, 14, accessed also had encrypted 2014 FCAT questions stored on it, though the sheriff and Pasco County School District officials said Green did not view or tamper with those files.

And yet, Sheriff Chris Nocco is still looking to prosecute a 14-year-old for attempting to annoy one of his teachers. Here's the student's description of what he did.

"So I logged out of that computer [because that computer didn't have a webcam] and logged into a different one and I logged into a teacher's computer who I didn't like and tried putting inappropriate pictures onto his computer to annoy him," Green said.

Here's Sheriff Nocco's statement:

"Even though some might say this is just a teenage prank, who knows what this teenager might have done," Nocco said.

Well... you do know what "he might have done," Sheriff Nocco. And yet, your response to this situation is to hand out felony charges to a teen for something he might have done? Is that the way law enforcement is really supposed to work? [The FBI has issued the following statement: "That's the way it works for us. Almost exclusively."]

He told you exactly what he did and why he did it. Your own investigative efforts confirmed he never accessed the oh-so-untouchable FCAT questions. Incredibly, Sheriff Nocco wants to not only punish this student for something he might have done, but any other teens who might do stuff.

The sheriff said Green's case should be a warning to other students: "If information comes back to us and we get evidence (that other kids have done it), they're going to face the same consequences," Nocco said.

Sheriff Nocco: I will arrest and charge teens with felonies for annoying educators and/or exposing their inability to make even the most minimal effort to keep their computers secure. If I lived in this county, I'd be very concerned that law enforcement officials are keen on the idea of arresting and prosecuting teens for stuff they didn't do (access test questions) or things they might have done (TBD as needed for maximum damage to teens' futures).

Permalink | Comments | Email This Story

If someone hasn't already sold the movie rights to the story of Eddie Raymond Tipton, expect it to happen soon. Tipton, an Iowa-based former "security director" for the Multi-State Lottery Association (MUSL), is accused of trying to pull off the perfect plot to allow himself to win the lottery. It didn't work, but not for the lack of effort. MUSL runs a bunch of the big name lotteries in the US, including Mega Millions and Powerball. It also runs the somewhat smaller Hot Lotto offering, which was what Tipton apparently targeted. When he was arrested back in January, the claims were that it had to do with him just playing and winning the lottery and then trying to hide the winnings. Lottery employees are (for obvious reasons) not allowed to play. However, late last week, prosecutors in Iowa revealed that it was now accusing Tipton of not just that, but also tampering with the lottery equipment right before supposedly winning $14.3 million. Because of these new revelations, Tipton's trial has been pushed back until July. However, the details of the plot and how it unraveled feel like they come straight out of a Hollywood plot.

First, there's the story of how Tipton was discovered winning the lottery in the first place. The ticket was purchased in late December 2010 in a QuickTrip off of Highway 80 in Iowa. The winning $14.3 million went unclaimed for nearly a year, but right before it was set to expire, a New York lawyer named Crawford Shaw showed up with paperwork to claim it. However, Shaw refused to reveal the necessary details about who actually won the money, as Shaw was merely representing Hexham Investments Trust, which was a shell company set up in Belize. Belize, as you already know, is a popular place to setup offshore companies if you want the true ownership to be anonymous. The problem, however, is that Iowa doesn't allow for anonymous lottery winners. That resulted in Iowa officials investigating who was really behind the winning ticket.

The resulting investigation took them from the NY lawyer Shaw to some (unnamed) guy in Quebec City, Canada, who was listed as Hexham Investments Trust's trustor and president. That guy eventually pointed investigators to two other guys in the Houston area: Robert Rhodes and an unnamed Houston attorney -- who had also known the NY attorney, Shaw, for many years. The attorney in Houston insisted that he represented the winner of the ticket who wished to remain anonymous. Somewhat stumped, investigators released a video and screenshots of the guy at the QuickTrip who bought the ticket: A colleague of Tipton's at the MUSL told investigators that it was Tipton. Investigators then discovered that Rhodes and Tipton had gone to University of Houston together and frequently talked to each other by phone. After some more investigating, Tipton was officially arrested and charged with fraud in January.

And that's where the story stood until just recently. In March, Rhodes was also arrested for fraud and then prosecutors revealed that Tipton was in the draw room in November, a month before the winning ticket was purchased and that they believe he tampered with the equipment:

Prosecutors also argued in their reply that Tipton was in the draw room on Nov. 20, 2010, "ostensibly to change the time on the computers." The prosecution alleged the cameras in the room on that date recorded about one second per minute instead of how they normally operate, recording every second a person is in the room.

"Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions; the fifth person is Defendant," the prosecution wrote.

It is a reasonable deduction to infer that Defendant tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection."

Of course, some of the additional evidence seems purely speculative. For example, prosecutors quote Tipton's co-workers talking about his "obsession" with rootkits:

In their reply to the defense's motion, prosecutors argued that Tipton's co-workers said he "was 'obsessed' with root kits, a type of computer program that can be installed quickly, set to do just about anything, and then self-destruct without a trace." The prosecution claimed a witness will testify that Tipton told him before December 2010 that he had a self-destructing root kit.

Honestly, that part of it feels pretty weak, and one would hope they have more extensive evidence to support that claim. However, given all of the other evidence in the case, and the timing of all of the events, it certainly does raise reasonable questions about just what Tipton was up to in that room.

Permalink | Comments | Email This Story

Over the past decade, criminals have apparently gained an insurmountable technology lead over law enforcement. I'm not sure how this is possible, especially considering many criminals don't have access to the same technology cops do, much less access to generous DHS funding, and yet, here we are witnessing police officers (following orders from the FBI) tossing cases and lying to judges in order to "protect" secret tools that aren't all that much of a secret.

We recently covered a Baltimore detective's courtroom admission that a) the Baltimore PD had deployed its Stingray equipment 4,300 times over the past seven years and b) that it had hidden this information from courts and defendants. The argument for this secrecy was that doing otherwise allows criminals to devise ways to beat the system.

No one's looking to expose ongoing investigations, but as far as some law enforcement agencies are concerned, everyone is under continuous investigation by default. And since that's the case, anything that might be construed as giving criminals a head start is subject to a thoroughly ridiculous code of silence that excludes the majority of the justice system.

This cop-specific technopanic is so all-encompassing that it has bled over into the unreality of creative efforts -- like TV shows. (via The Verge)

David Simon, creator of "The Wire" and a former Baltimore Sun reporter, said in an email that "the transition from landlines to cellular technology left police investigations vulnerable well over a decade ago."

He noted that there was new technology at the time — such as Nextel phones that mimicked walkie-talkies — that "was actually impervious to any interception by law enforcement during a critical window of time."

"At points, we were asked by law enforcement not to reveal certain vulnerabilities in our plotlines," Simon said. That included communications using Nextel devices.

The Wire also featured detectives using a cell signal-capturing device called a "Triggerfish." Any relation to today's Stingrays is likely not coincidental, no matter what the post-credits disclaimer might have stated. The Stingray isn't a secret, but it has been awarded an unprecedented amount of secrecy. Cops lie to judges, defendants and even prosecutors to keep the Stingray out of the public eye. And yet, it seems clear that The Wire's creators knew something about the technology over a decade ago.

But the inherent ridiculousness of asking a fictional television show to withhold dramatic elements just because they may have hewed too closely to reality can't be ignored. Criminals will find vulnerabilities in the system and law enforcement will work hard to close these gaps. But criminals aren't so far ahead as to be unstoppable.

This attempt to censor The Wire isn't much different than the law enforcement secrecy efforts we see being deployed in courts. The motivation behind these efforts is highly suspect. It doesn't seem so much to be aimed at preventing criminals from exploiting vulnerabilities as it is at keeping law enforcement officers from working any harder than they feel they should have to. It's not about keeping bad guys from outmaneuvering cops. It has more to do with preventing public disclosure from resulting in unwanted changes -- like additional scrutiny from magistrate judges or the challenging of submitted evidence. It's about preserving the most efficient law enforcement methods -- generally anything that doesn't require permission from an outside entity or generate a paper trail.

Permalink | Comments | Email This Story

Like so many other incumbent ISPs, Time Warner Cable has grown all-too comfortable with the lack of broadband competition it enjoys across most of its territory. Some markets are worse than others, usually not-coincidentally directly tied to the level of regulatory capture in a region. In the Carolinas, the company has worked tirelessly to protect its regional monopoly and duopoly, passing a bill in North Carolina (on the fourth try) preventing towns and cities from improving regional broadband. Company execs have also downplayed the rise of gigabit broadband, proudly informing users they don't really want faster, cheaper services.

Now Time Warner Cable is facing the worst-case scenario for a government-pampered duopolist. One, the FCC has moved to pre-empt Time Warner Cable's protectionist law in North Carolina, arguing it hinders the deployment of broadband services in a reasonable and timely basis. Two, Google Fiber recently announced it will be expanding $70, gigabit services (you know, the ones users don't need or want) into Raleigh, Durham and Charlotte sometime in the next year. The one-two punch of regulators thinking independently and increased competition has to be a nightmarish hellscape for company executives.

Time Warner Cable has of course responded by announcing it is increasing speeds in Charlotte and Raleigh six fold (to 300 Mbps) at no additional charge sometime this summer:

"Starting this week, customers will receive communications from TWC outlining the first phase of the project as the company begins the process of creating a 100% digital network..."With ‘TWC Maxx,’ we’re essentially reinventing the TWC experience,” said Darrel Hegar, regional vice president of operations, Time Warner Cable. “We will boost Internet speeds for customers up to six times faster, add to our robust TWC WiFi, dramatically improve the TV product and set a high bar in our industry for differentiated, exceptional customer service."

That's on the heels of an AT&T announcement that it would be offering its own $70, gigabit service in parts of North Carolina (it's $110 or more in non Google Fiber markets). Funny how this whole competition thing works, huh? Granted the whole concept of responding to price competition is new to some of these folks, so there's obviously some initial kinks to work out as these companies figure out what the concept means.

For example, Time Warner Cable's 300 Mbps down, 20 Mbps up tier will run you $65 promotional, $108 regular price -- notably slower and more expensive than Google Fiber's symmetrical 1 Gbps, $70 a month offering. Similarly, AT&T's service is very selectively deployed (mostly high-end developments) and the company is only willing to match Google Fiber's price point if you agree to deep packet inspection snoopvertising. Meanwhile, while Google Fiber pricing is generally straightforward, both AT&T and Time Warner Cable still employ a wide variety of obnoxious fees to drive up the advertised price post sale.

That's of course the best part about real broadband competition. You actually have a choice, and can respond to slow speeds, abysmal customer service, net neutrality violations and other shenanigans by voting with your wallet. The downside? Google Fiber's only available in a handful of markets, hopefully putting the onus on other companies to follow Google Fiber's lead and start lighting a fire under the posterior of a broadband industry that's just screaming for some disruption.

Permalink | Comments | Email This Story

Google's Chrome is the best web browser for my needs. Apple's MacBooks are the best computers for my needs. So why is the combination of the two such a wretched and chronically compromised situation? Almost every advice column on how to improve MacBook battery life begins with the suggestion to avoid using Chrome in favor of Apple's more efficient Safari browser. The idea that Chrome is a big and profligate battery drain on MacBooks has existed almost as long as the browser has been available, and most benchmarks reiterate it by showing Chrome's gluttonous consumption of system resources for seemingly basic tasks. Does the same apply to Chrome for Windows or Linux? I don't have a laptop, so I have no way of testing it out.

The early targets that have signaled shifts in America's domestic surveillance techniques weren't activists and political dissidents, or terrorists. They've been drug dealers.

The post Want to See Domestic Spying’s Future? Follow the Drug War appeared first on WIRED.

Once again, it seems that John Oliver is doing a show on topics that we regularly talk about in these parts. And he's pretty damn good at it. Last night's episode was all about government surveillance, focused mainly on Section 215 of the PATRIOT Act and the fact that it's set to sunset on June 1st if Congress doesn't renew it (and, of course, there's been no debate at all on it, meaning that late in May you'll see a frantic, crazed and fact-free "debate" in which fearmongers will insist that we're all going to die if it's not extended). Oliver actually flew to Moscow and interviewed Ed Snowden as part of the episode: Believe it or not, Oliver actually challenged Snowden a lot more than most of Snowden's interviews, which is pretty interesting (but perhaps not that surprising -- given that Oliver also gave former NSA boss Keith Alexander his most challenging interview in Oliver's very first episode). Oliver challenged Snowden on whether or not journalists could do a good enough job keeping some of the information in the documents secret (pointing to one particular fuck up in which there was a bad redaction). He also questioned how carefully Snowden reviewed all of the info before handing it over.

But, much more of the interview (and the rest of the show) actually focused on getting the public to actually care about what was going on. Oliver used the late night talk show TV trope of asking people on the street what they knew about Ed Snowden and what he revealed (the answer: basically nothing), and then flipped it around to ask them how they would feel if photos they or their loved ones took of their penises should be collected by the NSA. Then, suddenly, they were worried about the government's surveillance capabilities. That leads to Oliver coaxing Snowden into explaining the power of government surveillance -- including Section 215, Executive Order 12333, the PRISM program and even (barely) the upstream collection program under Section 702 of the FISA Act (not named in the show, though the others are) -- about how it allows the government to collect "dick picks" (which Snowden will only call "photos of your junk.")

It's an amusing segment, but I'm not convinced it's as powerful as it could have been (or as Oliver has been on other topics), in which he has been able to get people really motivated to be angry and speak out about certain injustices. And that's too bad, because this is a huge issue. I recognize it's a lot to ask of a primarily comedy show, but Oliver has been so successful at getting people worked up on issues like net neutrality, that it's almost a disappointment that he's not able to create the same level of outrage over government surveillance. In fact, most of the news coverage of Oliver's interview seems to be about the mundane aspects of his interview with Snowden, such as whether or not he misses "hot pockets."

Permalink | Comments | Email This Story

The feature phone. Still big in Japan. Still being sold in the millions. Still relevant, though? And does it even matter what a 30-something tech writer at a Western tech site thinks? Japan's large elderly population - people who haven't even heard of Angry Birds, Gmail or Uber - they're the ones sticking to their flip phones. Hardy, easy to use and cheaper than an iPhone. (If you need a primer on the phenomenon of gara-kei, you should probably read up on that here, but in short, it's how Japan's mobile phone market sped ahead with early technologies, then faltered when smartphone competition arrived.) So let's try using one. The best and newest feature phone available in Japan, no less. It's pitched as bringing the best smartphone features to the flip form factor. Is it better than a plain, old smartphone? Good lord, no.