FBI data mines consumer grocery records for 'signs of terrorists'

CQ Politics: "Like Hansel and Gretel hoping to follow their bread crumbs out of the forest, the FBI sifted through customer data collected by San Francisco-area grocery stores in 2005 and 2006, hoping that sales records of Middle Eastern food would lead to Iranian terrorists.

The idea was that a spike in, say, falafel sales, combined with other data, would lead to Iranian secret agents in the south San Francisco-San Jose area. The brainchild of top FBI counterterrorism officials Phil Mudd and Willie T. Hulon, according to well-informed sources, the project didn’t last long. It was torpedoed by the head of the FBI’s criminal investigations division, Michael A. Mason, who argued that putting somebody on a terrorist list for what they ate was ridiculous — and possibly illegal.

A check of federal court records in California did not reveal any prosecutions developed from falafel trails. "


As 27BStroke6 points out - "It's not clear how the FBI got the records to sift through in the first place - did grocery stores volunteer the data or get served with national security letters or the dread Section 215 of the Patriot Act."

Not going to say we told you so...

Really.

Face Police coming to US Airports...

Newsweek: "Specially trained security personnel" will be watching passengers for "micro-expressions" that will reveal treacherous agendas and insidious intentions at airports around the country. These agents, who may literally hold your fate in their hands have been given a lofty, Orwellian name: 'Behavior Detection Officers.'"

"So while TSA employees are confiscating our scissors and water bottles, they’re going to secretly be staring at us, looking for some telltale sign of terrorist intent in a grimace, a sigh, a crinkled nose"


Creepy, yes. But probably more effective than strip searching toddlers based on inaccurate name matches from a super-duper-secret watchlist, or taking our water away. Can we just be free and get on with it? Take our chances? Not be anal probed OR terrorized?

U.S. to Expand Domestic Use Of Spy Satellites

Wall Street Journal: "The U.S.'s top intelligence official has greatly expanded the range of federal and local authorities who can get access to information from the nation's vast network of spy satellites in the U.S. The decision, made three months ago by Director of National Intelligence Michael McConnell, places for the first time some of the U.S.'s most powerful intelligence-gathering tools at the disposal of domestic security officials.

The move was authorized in a May 25 memo sent to Homeland Security Secretary Michael Chertoff asking his department to facilitate access to the spy network on behalf of civilian agencies and law enforcement.

Until now, only a handful of federal civilian agencies, such as the National Aeronautics and Space Administration and the U.S. Geological Survey, have had access to the most basic spy-satellite imagery, and only for the purpose of scientific and environmental study. "


When did the people represented by the government become separated from it? Why have they become the enemy, to be tagged, cataloged, monitored and watched? Why are we wasting resources watching ourselves? Do you, personally, need to be watched? If the answer is 'no', then any time spent watching you is wasted, and time that could be spent watching someone who needs watching. Why would you support a plan to watch yourself, at great cost and exactly zero impact? Lame.

So Democrats and Republicans both hate freedom after all...

27bStroke6: "A new law expanding the government's spying powers gives the Bush Administration a six-month window to install possibly permanent back doors in the nation's communication networks. The legislation was passed hurriedly by Congress over the weekend and signed into law Sunday by President Bush."

"In short, the law gives the Administration the power to order the nation's communication service providers -- which range from Gmail, AOL IM, Twitter, Skype, traditional phone companies, ISPs, internet backbone providers, Federal Express, and social networks -- to create possibly permanent spying outposts for the federal government."


Let the Noise to Signal ratio increase in 3...2...1... now. Not even going out on a limb to say that this infrastructure will absolutely be used in routine wholesale surveillance of US citizens, our actions, our thoughts, and our interconnections.

So the meta-theme is that people want freedom, and governments want control. Looks like we're well on our way to joining the ranks of nations we would have ridiculed as being 'not free' even 20 years ago.

Question: Why do we feel like the 'war on terrr' is merely a pretext? Why do those charged with preserving individual freedom seem driven to curtail it at every available opportunity? Republican. Democrat. Doesn't seem to matter. The motivations and actions of our elected representatives appear counter to what they should be as leaders of a free society.

Unless we're over that?

Windows Vista streams personal data to Microsoft

Softpedia: "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company. "

So on the plus side, Microsoft is pretty open about the fact that they're watching you - although we'd wager that most Vista users are utterly unaware that a steady stream of personal info is phoning home. Is it a spyware OS? Maybe. Maybe not. We're not using it, so we don't really care.

The real question is "who does your computer, your property, serve? You, or others?"

NYC Trying to Regulate Photon Detection and Recording

New York Times: "Some tourists, amateur photographers, even would-be filmmakers hoping to make it big on YouTube could soon be forced to obtain a city permit and $1 million in liability insurance before taking pictures or filming on city property, including sidewalks."



..meanwhile installing their own surveillance cameras on every corner.

AT&T expands domestic surveillance to include 'copyright violations'...

Via 27BStroke6: "AT&T, one of the nation's largest ISPs and internet backbone providers, is now working with Hollywood and the recording industry to create a network-based solution to police copyright infringement, according to the Los Angeles Times."

Well, since they have the deep packet inspection technologies riding on the backbone, and since their collaboration with the NSA (and the tech used) is in the open, why not resell the service... Discounting the invasive nature of sniffing customer's (and potentially non-customer's) internet traffic, there's the issue of privacy, security, false positives, and of course, the ever-present issue that an IP address doesn't equal identity. Will they start filtering porn next? Or spam? Or offers from competing ISPs?

Once they've demonstrated the capability, will they be compelled to try to identify and block fraud, threats, or other activities? What about corporate data? What about legitimate fair use of copyright works (e.g. streaming MP3s of CDs you own from your home PC to your work PC? Or, god forbid Trent Reznor tries to upload one of his own tracks to his web site)...

And will it all be moot once this hits the public eye, and session encryption tools like Tor become more mainstream? Blah.

AT&T sucks. Seriously. They should be ashamed of spying on their own customers - and AT&T customers suck too. At least the ones who continue to subscribe to AT&T services knowing the open hostility that AT&T exhibits toward its customers.


Oh, and in related AT&T wholesale surveillance news, The SpyRoom docs have been released. Also from Wired: "A civil liberties group suing telecom giant AT&T for allegedly installing illegal secret surveillance rooms in its internet facilities at the behest of the National Security Agency published substantial portions of long-sealed case documents Tuesday."

Google spy-vans

Roundup of the Google residential and vehicle spy-van stories... For those not yet in the loop, Google Maps has rolled out a new 'feature' where you can click on a street and get a 360 degree view of that location - including whatever happened to be there when the shots were taken.

People and their faces. Car make, model, and license plates. Through open windows... While it shows what anyone would see while sitting on the street at that moment in time, it's now available to any interwebs user, including stalkers, thieves, or profile builders. (Nice new Mercedes in this driveway, next to house address, including license plate - And hey - there's the owner's face.. Seems to have a nice plasma on the living room wall... etc.)

Here's BoingBoing's look at the spy vehicles being used to make the photos.

And 27StrokeB6's running log of interesting street level views (bikini-clad sunbathers, dude walking out of strip club, etc)...

And the appropriately named "streetviewer"

While limited to major metro areas (SF, NYC, Vegas), the goal is probably to capture everything. They do have a 'this invades my privacy' button, but we're not sure what it does. Here's a flash-back to keeping your house out of the photo database, using the DMCA and a wall sized original poem.

And we're still holding our breath hoping that Elinor Mills of CNet will follow up last year's CNet / Google spat by posting a street level view of the homes of Google's founders.

Terrorism stats database - moving beyond hype

LiveScience: "The majority of terrorist attacks result in no fatalities, with just 1 percent of such attacks causing the deaths of 25 or more people.

And terror incidents began rising some in 1998, and that level remained relatively constant through 2004.

These and other myth-busting facts about global terrorism are now available on a new online database open to the public.

The database identifies more than 30,000 bombings, 13,400 assassinations and 3,200 kidnappings. Also, it details more than 1,200 terrorist attacks within the United States.

The unclassified Global Terrorism Database (GTD) will give anyone interested the opportunity to peruse through the actual details of global terror attacks. The online terror rap sheet is expected to be a critical tool for researchers and policy-makers who can use it to improve responses to terrorism."


Objective reality should get more airtime... Link to the database web-front-end...

Step 1. Aquire ad companies. Step 2. Wholesale surveillance. Step 3. Profit.

Interesting duo-fecta of announcements this week from two competing retardo-level market cap companies in the computing world. Both Micro$oft and Google have acquired ad-serving companies that extend reach beyond their own properties - and curiously, both have plans to do the deep cross-property profiling of individuals and their online activities.


From the Financial Times, on Google's 'do no evil' plan: "Google’s ambition to maximise the personal information it holds on users is so great that the search engine envisages a day when it can tell people what jobs to take and how they might spend their days off. Eric Schmidt, Google’s chief executive, said gathering more personal data was a key way for Google to expand... Fears have been stoked by the potential for Google to build up a detailed picture of someone’s behaviour by combining its records of web searches with the information from DoubleClick’s “cookies”, the software it places on users’ machines to track which sites they visit."


From New Scientist on Micro$oft's continued push to assimilation: "If you thought you could protect your privacy on the web by lying about your personal details, think again. In online communities at least, entering fake details such as a bogus name or age may no longer prevent others from working out exactly who you are. That is the spectre raised by new research conducted by Microsoft. The computing giant is developing software that could accurately guess your name, age, gender and potentially even your location, by analysing telltale patterns in your web browsing history. But experts say the idea is a clear threat to privacy - and may be illegal in some places."


Spiffy. Inescapable pervasive wholesale surveillance, by Micro$oft, Google, the federal government, and ISPs.. Let the countdown to investigative subpoenas begin? Pleh. Time to start a new internet. This one's been infected.

Total Information Awareness - more lives than a cat.

Washington Times: "Homeland Security officials are testing a supersnoop computer system that sifts through personal information on U.S. citizens to detect possible terrorist attacks, prompting concerns from lawmakers who have called for investigations.

The system uses the same data-mining process that was developed by the Pentagon's Total Information Awareness (TIA) project that was banned by Congress in 2003 because of vast privacy violations. "

" The ADVISE and TIA data-mining projects rely on personal data to track individual behavior and consumer transactions to develop computer algorithms that create a pattern that some behavioral scientists say can predict terrorist behavior. Data can include credit-card purchases, telephone or Internet details, medical records, travel and banking information"


Notice a pattern here? Aside from the academic and civil rights arguments against pervasive monitoring of pretty much everything, and aside from the 'bad science' behind this approach as a preventative security apparatus, we're seeing a pattern of disregard.. Executive branch starts it up, Legislative shuts it down. Executive branch moves it to another agency, gives it a new name. Legislative shuts it down. Ad infinitum.

It's a bad idea, open to massive abuse, inaccuracy, and is unlikely to be effective at much more than wasting time and money - at least in the 'war on terrrr'.. Human intelligence and traditional law enforcement is a better bet here.

The information that one is missing a kidney, makes occasional trips to Cleveland, and prefers Colgate toothpaste in no way susses out criminal or terrorist intent. It's all noise, no signal. But it's a great tool for traditional crimes, drug crimes, etc - that happens to bypass due process protections and thresholds for probable cause. (you know, one or two foundational Constitutional amendments...)

It's also a great way to keep tabs on affiliations, dissidents and those who disagree with the those in power. Opinion crimes.

It's just a question of 'what kind of society do we want'... What freedoms do we value? And even if we trust the party in power not to abuse the systems, what about your least favorite party? Going through mail, monitoring phone calls, tracking behaviors. Not to mention insiders... individuals with searchable access to every fact on everyone. Bah.

Justice Dept.: FBI Misused Patriot Act

AP: "The FBI improperly and, in some cases, illegally used the USA Patriot Act to secretly obtain personal information about people in the United States, a Justice Department audit concluded Friday.

And for three years the FBI has underreported to Congress how often it forced businesses to turn over the customer data, the audit found.

FBI agents sometimes demanded the data without proper authorization, according to the 126-page audit by Justice Department Inspector General Glenn A. Fine. At other times, the audit found, the FBI improperly obtained telephone records in non-emergency circumstances."


No big surprise here. Law enforcement has a job to do, and will use whatever tools are available to them to do so. The problem is a policy level issue, and is a good example of the need for checks and balances between branches of government -- back to the framer's intent to prevent abuses of individual rights. This is likely just the tip of the iceberg.

Jobs / RIAA SlapFight - none of it matters..

Lots of layers to the Steve Jobs / RIAA / DRM conversation..

Jobs, of course, recently called for an end to DRM. It's been speculated that this is less a genuine dislike of DRM (which has given Apple a lock on music distribution and allowed them to dictate low wholesale prices for downloads as a loss leader for iPod sales) and more of a response to the EU desire to open "FairPlay" (quotes intentional) DRM to other providers.

Blame shift to record labels - they make us use DRM.

The RIAA, in turn, has responded with a call (mirroring the EU) to open "FairPlay" DRM. This is likely less about a genuine desire to improve competition for consumers and more about bitterness at Apple's dominance and price-setting - coupled with a genuine desire to ensure that downloads are a horrible consumer experience.

Blame shift to Apple - they have a monopoly.
Blame shift to consumers - they're all thieves. (enter swat team raids and lawsuits against 13 year olds, despite an independent study showing that sharing has zero impact on record sales).

With 90% of the music industry's revenue coming from DRM-free CDs (the profitable atom-bit model of yesteryear), the consumer experience with a CD is mostly better than downloads. You can rip, mix, burn, move songs freely between devices in uncrippled form, etc.

And with 90% of tracks on iPods being DRM free and 'pirated' according to Microsoft's Ballmer, (Real's Glaser puts it at 50%, and the music industry would like to think it's all pirated), the recording industry would like nothing more than to have the Internet go away, downloads to disappear, and CDs to remain the dominant form of delivery. And entire CDs, to boot. None of this 'single track' stuff -- since there are maybe a few commercial hits at best on any given CD. It's more profitable and doesn't require any change of business model.

Ensuring that downloads are crippled with DRM keeps the old model a better experience (if more expensive).

Meanwhile, it all sucks for consumers. Who would like to be able to get the tracks they want at a reasonable price and use them in a fair manner on any device they want - without threat of expiration.

The bottom line is that the corporate slap fight in the media really doesn't matter - no one has the consumer's interest on the agenda. (and where are the aritsts in all this?)

If the two choices are either overpriced CDs with a few songs you want, or crippled downloads laden with restrictive DRM schemes, piracy remains the best overall consumer experience and will continue to flourish.

Now that AACS is utterly busted in multiple directions, the MPAA should bear this all in mind as they crawl in bed with Micro$oft.

And consumers should bear this in mind as choose vendors, services and as they vote.

House introduces bill to require ISPs to monitor, archive everything forever

CNet: "All Internet service providers would need to track their customers' online activities to aid police in future investigations under legislation introduced Tuesday as part of a Republican 'law and order agenda.'

Employees of any Internet provider who fail to store that information face fines and prison terms of up to one year, the bill says. The U.S. Justice Department could order the companies to store those records forever."

"Because there is no limit on how broad the rules can be, Gonzales would be permitted to force Internet providers to keep logs of Web browsing, instant message exchanges, or e-mail conversations indefinitely."

"That broad wording also would permit the records to be obtained by private litigants in noncriminal cases, such as divorces and employment disputes. That raises additional privacy concerns, civil libertarians say."


It's a given that this is a bad idea for several reasons - from 'this completely guts the notion of personal privacy' to 'the law of unintended consequences'. While surely a boon for storage companies, it pretty much sucks for everyone else.

1. Tremendous privacy implications for individuals, small business, anyone using an ISP for any reason.

2. Giant cyber-criminal target (crack, mine, build profiles for spearphishing, compromise unencrypted passwords, find legal but extortable information, etc)

3. Will trap data of normal people and do exactly zero to trap info on criminals (who are using encryption, other people's connections, blah blah)

4. IP and behavioral data doesn't prove identity or intent. Functionally useless. (see Splunk'd AOL Search Info, wardriving, RIAA/MPAA dragnets, log poisoning and rewriting, etc.)

So how do people (law enforcement, divorce lawyers, lawyers) access the traffic? where is it stored? how is it secured? how does one review the data for accuracy? will slightly different system-times wrongly implicate individuals based on timestamps and IPs ? (See 'DHCP for Dummies). How do we treat wifi hotspots? Open home and business wifi access points? Rogue ISP employees? Worms, botnets and malware infected computers (and whatever they might do)? Compromised law enforcement logins? We could do this all night.

It's retarded, impractical, an abhorrent breach of privacy, and dangerous for everyone.

On the plus side, maybe this will finally negate the 'net neutrality' argument (treating different bits differently) as users start using Tor, anonymizers, tunneling to Russian VPNs, etc. to encrypt all traffic - leaving nothing for ISP logs to grab or interpret. Maybe this is a good thing.

This is the litmus test for "do everyday people value their own privacy - and is the government still of, by, and for the people"...

U.S. Set to Begin a Vast Expansion of DNA Sampling

New York Times: "The Justice Department is completing rules to allow the collection of DNA from most people arrested or detained by federal authorities, a vast expansion of DNA gathering"

"The goal, justice officials said, is to make the practice of DNA sampling as routine as fingerprinting for anyone detained by federal agents, including illegal immigrants. Until now, federal authorities have taken DNA samples only from convicted felons."

"While the proposed rules have not been finished, justice officials said they were certain to bring a huge new workload for the F.B.I. laboratory that logs, analyzes and stores federal DNA samples. Federal Bureau of Investigation officials said they anticipated an increase ranging from 250,000 to as many as 1 million samples a year. The laboratory currently receives about 96,000 samples a year, said Robert Fram, chief of the agency’s Scientific Analysis Section."


All your DNA are belong to us. Forever.
And still doesn't address the issue of the millions of chimeric twins out there. One body - multiple versions of DNA.

FBI conducting multi-year internet porn study

ZDNet: "The FBI appears to have adopted an invasive Internet surveillance technique that collects far more data on innocent Americans than previously has been disclosed."

"Such a technique is broader and potentially more intrusive than the FBI's Carnivore surveillance system, later renamed DCS1000. It raises concerns similar to those stirred by widespread Internet monitoring that the National Security Agency is said to have done, according to documents that have surfaced in one federal lawsuit, and may stretch the bounds of what's legally permissible." On Monday, a Justice Department representative would not immediately answer questions about this kind of surveillance technique.

"What they're doing is even worse than Carnivore," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation who attended the Stanford event. "What they're doing is intercepting everyone and then choosing their targets."



Only a matter of time before the needle-stack makers legislate full data retention at ISPs.. First for the 'war on terr-r', then 'for the children', and later .. well, it will be too late to matter because they won't care what you think. ISP costs go up due to massive storage requirements, innocent Americans will have ALL internet surfing, communications, etc. stored for later perusal by law enforcement, divorce lawyers, the RIAA/MPAA or anyone else who can hack a massively distributed database.

Meanwhile, terrorists and others are unaffected as the needlestack gets larger. But it's not really about that. It's about control. And in the end, the government has the shiny new law enforcement tool they wanted. We're sure it will be useful, but at what cost to the rest of us? And what happens to checks, balances, the fourth amendment, etc. If anything will spur consumer adoption of encryption and Tor-like objects, this will be it.

Stay tuned.

Brittain planning cottage industry around "crowdporn" cameras

The Sun Online: "As part of the most shocking extension of Big Brother powers ever planned here, lenses in lampposts would snap “naked” pictures of passers-by to trap terror suspects.

The proposal is contained in leaked documents drawn up by the Home Office and presented to PM Tony Blair’s working group on Security, Crime and Justice. But the prospect of the State snooping on individuals’ most private parts is certain to spark national fury. And officials are battling to find a way of dealing with that reaction."

"Officials have agreed one solution would be to allow only women to monitor female subjects — although they admit this would be “very problematic” in crowds... “Privacy is an issue because the machines see through clothing.”"

"Cops would also get the power to build a database of everyone in the land. Three-dimensional CCTV pictures would be coupled with records of people’s mobile phones and even their travel cards to get details of their movements and habits. Facial recognition systems to help track individuals’ movements are also being considered."


And UK parents want some perv behind a government camera looking through their children's clothes because....?

Gonzales dislikes freedom, America

SF Chronicle: "One of the Bush administration's most far-reaching assertions of government power was revealed quietly last week when Attorney General Alberto Gonzales testified that habeas corpus -- the right to go to federal court and challenge one's imprisonment -- is not protected by the Constitution."

"Gonzales acknowledged that the Constitution declares "habeas corpus shall not be suspended unless ... in cases of rebellion or invasion the public safety may require it.'' But he insisted that "there is no express grant of habeas in the Constitution.''

Specter was incredulous, asking how the Constitution could bar the suspension of a right that didn't exist -- a right, he noted, that was first recognized in medieval England as a shield against the king's power to dispatch troublesome subjects to royal dungeons."


This isn't about technical accuracy; it's about intent. And Gonzales' intent is painfully clear.

Bush says feds can open mail without warrant

The Seattle Times: "President Bush quietly has claimed sweeping new powers to open Americans' mail without a judge's warrant."


Slippery slope has become an open shaft.

Face search engine will let anyone find every picture of you on the Internets...

New Scientist: "A search engine that uses sophisticated facial recognition to allow users to identify and find people in online images will launch next month. But civil liberties groups say the biometric-style tool could compromise the privacy of anyone who has their picture online."


Yikes. And people have called us paranoid for years because we chose not to be in photographs or put our mugs on the Internets... Nice search tool for stalkers, ID thieves and governments.. Not to mention blackmailers. Or employers who want to pre-screen candidates for 'youthful indiscretions'..

Come to think of it, this is a huge risk to undercover officers, CIA or other covert operatives... Take a picture of someone who's past or loyalty or identity may be suspect, post it to the web, then run a cross index for every photo of this person -- turning up any family photos (and in the process, identifying family members), further leveraging any surrounding ID or metadata to suss out the real identity of the individual in question... This could go very dark very quickly.

It's like a huge internet-wide social network that you can't opt out of.

The idea's out there now (and was originally developed for governments), but it should still die a fiery death on principal.

Bush suspends habeas corpus, right to counsel, legalizes torture

CNN: "-- President Bush signed legislation Tuesday authorizing tough interrogation of terror suspects and smoothing the way for trials before military commissions, calling it a 'vital tool' in the war against terrorism.

Bush's plan for treatment of the terror suspects became law just six weeks after he acknowledged that the CIA had been secretly interrogating suspected terrorists overseas and pressed Congress to quickly give authority to try them in military commissions."

""The president can now, with the approval of Congress, indefinitely hold people without charge, take away protections against horrific abuse, put people on trial based on hearsay evidence, authorize trials that can sentence people to death based on testimony literally beaten out of witnesses, and slam shut the courthouse door for habeas petitions,""

..."The legislation also says the president can "interpret the meaning and application" of international standards for prisoner treatment, a provision intended to allow him to authorize aggressive interrogation methods that might otherwise be seen as illegal by international courts."


...so the rule is that if you want to 'disappear' someone, anyone, unfriendly to the administration, simply call them a terror suspect.

What could possibly go wrong?

Senate Committee approves pervasive NSA surveillance of US Citizens without warrants

Wired News:: "A bill radically redefining and expanding the government's ability to eavesdrop and search the houses of American citizens without court approval passed a key Senate committee Wednesday, and may be voted on by the full Senate as early as next week.

By a 10-8 vote, the Senate Judiciary Committee approved S.2453, the 'National Security Surveillance Act,' which was co-written by the committee's chairman Senator Arlen Specter (R-Penn) in concert with the White House."


Lovely. Any chance this will be killed?

Senate Prepping Bill to Sue Bush

Associated Press: "A powerful Republican committee chairman who has led the fight against President Bush's signing statements said Monday he would have a bill ready by the end of the week allowing Congress to sue him in federal court.

'We will submit legislation to the United States Senate which will...authorize the Congress to undertake judicial review of those signing statements with the view to having the president's acts declared unconstitutional,' Judiciary Committee Chairman Arlen Specter, R-Pa., said on the Senate floor.

Specter's announcement came the same day that an American Bar Association task force concluded that by attaching conditions to legislation, the president has sidestepped his constitutional duty to either sign a bill, veto it, or take no action.

Bush has issued at least 750 signing statements during his presidency, reserving the right to revise, interpret or disregard laws on national security and constitutional grounds."


Wow. Who saw that one coming? It's about time Congress started checking and balancing.. Oh wait.. election year. Makes perfect sense now...