Schneier on Security: Tagged courts

Entries Tagged "courts"

Page 17 of 29

Is the Whole Country an Airport Security Zone?

Full-body scanners in roving vans:

American Science & Engineering, a company based in Billerica, Massachusetts, has sold U.S. and foreign government agencies more than 500 backscatter x-ray scanners mounted in vans that can be driven past neighboring vehicles to see their contents, Joe Reiss, a vice president of marketing at the company told me in an interview.

This should be no different than the Kyllo case, where the Supreme Court ruled that the police needed a warrant before they can use a thermal sensor on a building to search for marijuana growers.

Held: Where, as here, the Government uses a device that is not in general public use, to explore details of a private home that would previously have been unknowable without physical intrusion, the surveillance is a Fourth Amendment “search,” and is presumptively unreasonable without a warrant.

Posted on August 27, 2010 at 7:58 AM • View Comments

Filming the Police

In at least three U.S. states, it is illegal to film an active duty policeman:

The legal justification for arresting the “shooter” rests on existing wiretapping or eavesdropping laws, with statutes against obstructing law enforcement sometimes cited. Illinois, Massachusetts, and Maryland are among the 12 states in which all parties must consent for a recording to be legal unless, as with TV news crews, it is obvious to all that recording is underway. Since the police do not consent, the camera-wielder can be arrested. Most all-party-consent states also include an exception for recording in public places where “no expectation of privacy exists” (Illinois does not) but in practice this exception is not being recognized.

Massachusetts attorney June Jensen represented Simon Glik who was arrested for such a recording. She explained, “[T]he statute has been misconstrued by Boston police. You could go to the Boston Common and snap pictures and record if you want.” Legal scholar and professor Jonathan Turley agrees, “The police are basing this claim on a ridiculous reading of the two-party consent surveillance law—requiring all parties to consent to being taped. I have written in the area of surveillance law and can say that this is utter nonsense.”

The courts, however, disagree. A few weeks ago, an Illinois judge rejected a motion to dismiss an eavesdropping charge against Christopher Drew, who recorded his own arrest for selling one-dollar artwork on the streets of Chicago. Although the misdemeanor charges of not having a peddler’s license and peddling in a prohibited area were dropped, Drew is being prosecuted for illegal recording, a Class I felony punishable by 4 to 15 years in prison.

This is a horrible idea, and will make us all less secure. I wrote in 2008:

You cannot evaluate the value of privacy and disclosure unless you account for the relative power levels of the discloser and the disclosee.

If I disclose information to you, your power with respect to me increases. One way to address this power imbalance is for you to similarly disclose information to me. We both have less privacy, but the balance of power is maintained. But this mechanism fails utterly if you and I have different power levels to begin with.

An example will make this clearer. You’re stopped by a police officer, who demands to see identification. Divulging your identity will give the officer enormous power over you: He or she can search police databases using the information on your ID; he or she can create a police record attached to your name; he or she can put you on this or that secret terrorist watch list. Asking to see the officer’s ID in return gives you no comparable power over him or her. The power imbalance is too great, and mutual disclosure does not make it OK.

You can think of your existing power as the exponent in an equation that determines the value, to you, of more information. The more power you have, the more additional power you derive from the new data.

Another example: When your doctor says “take off your clothes,” it makes no sense for you to say, “You first, doc.” The two of you are not engaging in an interaction of equals.

This is the principle that should guide decision-makers when they consider installing surveillance cameras or launching data-mining programs. It’s not enough to open the efforts to public scrutiny. All aspects of government work best when the relative power between the governors and the governed remains as small as possible—when liberty is high and control is low. Forced openness in government reduces the relative power differential between the two, and is generally good. Forced openness in laypeople increases the relative power, and is generally bad.

EDITED TO ADD (7/13): Another article. One jurisdiction in Pennsylvania has explicitly ruled the opposite: that it’s legal to record police officers no matter what.

Posted on June 16, 2010 at 1:36 PM • View Comments

Dating Recordings by Power Line Fluctuations

Interesting:

The capability, called “electrical network frequency analysis” (ENF), is now attracting interest from the FBI and is considered the exciting new frontier in digital forensics, with power lines acting as silent witnesses to crime.

In the “high profile” murder trial, which took place earlier this year, ENF meant prosecutors were able to show that a seized voice recording that became vital to their case was authentic. Defence lawyers suggested it could have been concocted by a witness to incriminate the accused.

[…]

ENF relies on frequency variations in the electricity supplied by the National Grid. Digital devices such as CCTV recorders, telephone recorders and camcorders that are plugged in to or located near the mains pick up these deviations in the power supply, which are caused by peaks and troughs in demand. Battery-powered devices are not immune to to ENF analysis, as grid frequency variations can be induced in their recordings from a distance.

At the Metropolitan Police’s digital forensics lab in Penge, south London, scientists have created a database that has recorded these deviations once every one and a half seconds for the last five years. Over a short period they form a unique signature of the electrical frequency at that time, which research has shown is the same in London as it is in Glasgow.

On receipt of recordings made by the police or public, the scientists are able to detect the variations in mains electricity occurring at the time the recording was made. This signature is extracted and automatically matched against their ENF database, which indicates when it was made.

The technique can also uncover covert editing—or rule it out, as in the recent murder trial—because a spliced recording will register more than one ENF match.

Posted on June 16, 2010 at 7:00 AM • View Comments

If You See Something, Think Twice About Saying Something

“If you see something, say something.” Or, maybe not:

The Travis County Criminal Justice Center was closed for most of the day on Friday, May 14, after a man reported that a “suspicious package” had been left in the building. The court complex was evacuated, and the APD Explosive Ordinance Disposal Unit was called in for a look-see. The package in question, a backpack, contained paperwork but no explosive device. The building reopened at 1:40pm. The man who reported the suspicious package, Douglas Scott Hoopes, was arrested and charged with making a false report and booked into the jail. The charge is a felony punishable by up to two years in jail.

I don’t think we can have it both ways. We expect people to report anything suspicious—even dumb things—and now we want to press charges if they report something that isn’t an actual threat. Truth is, if you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.

I think this excerpt from a poem by Rick Moranis says it best:

If you see something,
Say something.
If you say something,
Mean something.
If you mean something,
You may have to prove something.
If you can’t prove something,
You may regret saying something.

There’s more.

EDITED TO ADD (5/26): Seems like he left the package himself, and then called it in. So there’s ample reason to arrest him. Never mind.

Posted on May 26, 2010 at 9:16 AM • View Comments

Software Liabilities in the UK

The British High Court ruled that a software vendor’s EULA—which denied all liability for poor software—was not reasonable.

I wrote about software liabilities back in 2003.

Posted on May 17, 2010 at 6:18 AM • View Comments

Nobody Encrypts their Phone Calls

From the Forbes blog:

In an annual report published Friday by the U.S. judicial system on the number of wiretaps it granted over the past year …, the courts revealed that there were 2,376 wiretaps by law enforcement agencies in 2009, up 26% from 1,891 the year before, and up 76% from 1999. (Those numbers, it should be noted, don’t include international wiretaps or those aimed at intelligence purposes rather than law enforcement.)

But in the midst of that wiretapping bonanza, a more surprising figure is the number of cases in which law enforcement encountered encryption as a barrier: one.

According to the courts, only one wiretapping case in the entire country encountered encryption last year, and in that single case, whatever privacy tools were used don’t seemed to have posed much of a hurdle to eavesdroppers. “In 2009, encryption was encountered during one state wiretap, but did not prevent officials from obtaining the plain text of the communications,” reads the report.

Posted on May 6, 2010 at 7:06 AM • View Comments

Marc Rotenberg on Google's Italian Privacy Case

Interesting commentary:

I don’t think this is really a case about ISP liability at all. It is a case about the use of a person’s image, without their consent, that generates commercial value for someone else. That is the essence of the Italian law at issue in this case. It is also how the right of privacy was first established in the United States.

The video at the center of this case was very popular in Italy and drove lots of users to the Google Video site. This boosted advertising and support for other Google services. As a consequence, Google actually had an incentive not to respond to the many requests it received before it actually took down the video.

Back in the U.S., here is the relevant history: after Brandeis and Warren published their famous article on the right to privacy in 1890, state courts struggled with its application. In a New York state case in 1902, a court rejected the newly proposed right. In a second case, a Georgia state court in 1905 endorsed it.

What is striking is that both cases involved the use of a person’s image without their consent. In New York, it was a young girl, whose image was drawn and placed on an oatmeal box for advertising purposes. In Georgia, a man’s image was placed in a newspaper, without his consent, to sell insurance.

Also important is the fact that the New York judge who rejected the privacy claim, suggested that the state assembly could simple pass a law to create the right. The New York legislature did exactly that and in 1903 New York enacted the first privacy law in the United States to protect a person’s “name or likeness” for commercial use.

The whole thing is worth reading.

EDITED TO ADD (3/18): A rebuttal.

Posted on March 9, 2010 at 12:36 PM • View Comments

Remotely Spying on Kids with School Laptops

It’s a really creepy story. A school issues laptops to students, and then remotely and surreptitiously turns on the camera. (Here’s the lawsuit.)

This is an excellent technical investigation of what actually happened.

This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the toolchain used to accomplish spying. Taking a look at the LMSD Staff List, Mike Perbix is listed as a Network Tech at LMSD. Mr. Perbix has a large online web forum footprint as well as a personal blog, and a lot of his posts, attributed to his role at Lower Merion, provide insight into the tools, methods, and capabilities deployed against students at LMSD. Of the three network techs employed at LMSD, Mr. Perbix appears to have been the mastermind behind a massive, highly effective digital panopticon.

Posted on February 24, 2010 at 1:56 PM • View Comments

Dahlia Lithwick on Terrorism Derangement Syndrome

In Slate.

Posted on February 10, 2010 at 6:43 AM • View Comments

Prison Escape Artist

Clever ruse:

When he went to court for hearings, he could see the system was flawed. He would arrive on the twelfth floor in handcuffs and attached at the waist to a dozen other inmates. A correction officer would lead them into the bull pen, an area where inmates wait for their lawyers. From the bull pen, the inmates would follow their lawyers or court officials either up a set of back stairs into a courtroom or down a set of stairs.

The more Tackmann went to court, the more he noticed that once the inmate at the head of the line would get uncuffed and turn into the bull pen, he would be out of view of the correction officer at the back of the line. He could then avoid the bull pen and dart down the rear stairs.

[…]

On the morning of September 30, Tackmann prepared for court in Manhattan. He dressed in a light-gray three-piece suit that he thinks was his stepfather’s. He wore two sets of dress socks. One around his feet, the other around the Rikers Island slippers he was ordered to wear (“to make them look like shoes; they looked like suede shoes”).

As he was bussed to the courthouse, he rehearsed the move in his mind.

When you come up to the twelfth floor, you’re handcuffed with like twelve people on a chain. The C.O. is right there with you.You have to be ready, so if the move is there…

That day, the move was there. “I was in the front of the line. The C.O.—it was some new guy. He un-handcuffed us in the hallway, and I was the first one around the corner.”

Tackmann raced down the stairwell and knocked on a courtroom door. A court officer opened it.

Tackmann had the shtick worked out—the lawyer in distress. “You know,” he said, “I was just with a client, and my mother is real sick in Bellevue. Could you tell me how to get to Bellevue? I gotta get over there fast; she is 80 years old.”

He wanted to sprint. The adrenaline was gushing. He calmly walked to the courtroom entrance as the sweat trickled around his neck. He raced down several flights of stairs and tried the door. It was locked. He walked down another flight. Locked. What is going on? Did they find out I was missing already? One more flight down. The door was open. He jumped in an elevator, got out on the ground floor, and walked into the street. Freedom. But not for long.

Posted on January 18, 2010 at 6:57 AM • View Comments

←Previous 1 … 15 16 17 18 19 … 29 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.