Entries Tagged "law enforcement"

Page 13 of 46

Transparency and Accountability

As part of the fallout of the Boston bombings, we’re probably going to get some new laws that give the FBI additional investigative powers. As with the Patriot Act after 9/11, the debate over whether these new laws are helpful will be minimal, but the effects on civil liberties could be large. Even though most people are skeptical about sacrificing personal freedoms for security, it’s hard for politicians to say no to the FBI right now, and it’s politically expedient to demand that something be done.

If our leaders can’t say no—and there’s no reason to believe they can—there are two concepts that need to be part of any new counterterrorism laws, and investigative laws in general: transparency and accountability.

Long ago, we realized that simply trusting people and government agencies to always do the right thing doesn’t work, so we need to check up on them. In a democracy, transparency and accountability are how we do that. It’s how we ensure that we get both effective and cost-effective government. It’s how we prevent those we trust from abusing that trust, and protect ourselves when they do. And it’s especially important when security is concerned.

First, we need to ensure that the stuff we’re paying money for actually works and has a measureable impact. Law-enforcement organizations regularly invest in technologies that don’t make us any safer. The TSA, for example, could devote an entire museum to expensive but ineffective systems: puffer machines, body scanners, FAST behavioral screening, and so on. Local police departments have been wasting lots of post-9/11 money on unnecessary high-tech weaponry and equipment. The occasional high-profile success aside, police surveillance cameras have been shown to be a largely ineffective police tool.

Sometimes honest mistakes led organizations to invest in these technologies. Sometimes there’s self-deception and mismanagement—and far too often lobbyists are involved. Given the enormous amount of security money post-9/11, you inevitably end up with an enormous amount of waste. Transparency and accountability are how we keep all of this in check.

Second, we need to ensure that law enforcement does what we expect it to do and nothing more. Police powers are invariably abused. Mission creep is inevitable, and it results in laws designed to combat one particular type of crime being used for an ever-widening array of crimes. Transparency is the only way we have of knowing when this is going on.

For example, that’s how we learned that the FBI is abusing National Security Letters. Traditionally, we use the warrant process to protect ourselves from police overreach. It’s not enough for the police to want to conduct a search; they also need to convince a neutral third party—a judge—that the search is in the public interest and will respect the rights of those searched. That’s accountability, and it’s the very mechanism that NSLs were exempted from.

When laws are broken, accountability is how we punish those who abused their power. It’s how, for example, we correct racial profiling by police departments. And it’s a lack of accountability that permits the FBI to get away with massive data collection until exposed by a whistleblower or noticed by a judge.

Third, transparency and accountability keep both law enforcement and politicians from lying to us. The Bush Administration lied about the extent of the NSA’s warrantless wiretapping program. The TSA lied about the ability of full-body scanners to save naked images of people. We’ve been lied to about the lethality of tasers, when and how the FBI eavesdrops on cell-phone calls, and about the existence of surveillance records. Without transparency, we would never know.

A decade ago, the FBI was heavily lobbying Congress for a law to give it new wiretapping powers: a law known as CALEA. One of its key justifications was that existing law didn’t allow it to perform speedy wiretaps during kidnapping investigations. It sounded plausible—and who wouldn’t feel sympathy for kidnapping victims?—but when civil-liberties organizations analyzed the actual data, they found that it was just a story; there were no instances of wiretapping in kidnapping investigations. Without transparency, we would never have known that the FBI was making up stories to scare Congress.

If we’re going to give the government any new powers, we need to ensure that there’s oversight. Sometimes this oversight is before action occurs. Warrants are a great example. Sometimes they’re after action occurs: public reporting, audits by inspector generals, open hearings, notice to those affected, or some other mechanism. Too often, law enforcement tries to exempt itself from this principle by supporting laws that are specifically excused from oversight…or by establishing secret courts that just rubber-stamp government wiretapping requests.

Furthermore, we need to ensure that mechanisms for accountability have teeth and are used.

As we respond to the threat of terrorism, we must remember that there are other threats as well. A society without transparency and accountability is the very definition of a police state. And while a police state might have a low crime rate—especially if you don’t define police corruption and other abuses of power as crime—and an even lower terrorism rate, it’s not a society that most of us would willingly choose to live in.

We already give law enforcement enormous power to intrude into our lives. We do this because we know they need this power to catch criminals, and we’re all safer thereby. But because we recognize that a powerful police force is itself a danger to society, we must temper this power with transparency and accountability.

This essay previously appeared on TheAtlantic.com.

Posted on May 14, 2013 at 5:48 AMView Comments

Intelligence Analysis and the Connect-the-Dots Metaphor

The FBI and the CIA are being criticized for not keeping better track of Tamerlan Tsarnaev in the months before the Boston Marathon bombings. How could they have ignored such a dangerous person? How do we reform the intelligence community to ensure this kind of failure doesn’t happen again?

It’s an old song by now, one we heard after the 9/11 attacks in 2001 and after the Underwear Bomber’s failed attack in 2009. The problem is that connecting the dots is a bad metaphor, and focusing on it makes us more likely to implement useless reforms.

Connecting the dots in a coloring book is easy and fun. They’re right there on the page, and they’re all numbered. All you have to do is move your pencil from one dot to the next, and when you’re done, you’ve drawn a sailboat. Or a tiger. It’s so simple that 5-year-olds can do it.

But in real life, the dots can only be numbered after the fact. With the benefit of hindsight, it’s easy to draw lines from a Russian request for information to a foreign visit to some other piece of information that might have been collected.

In hindsight, we know who the bad guys are. Before the fact, there are an enormous number of potential bad guys.

How many? We don’t know. But we know that the no-fly list had 21,000 people on it last year. The Terrorist Identities Datamart Environment, also known as the watch list, has 700,000 names on it.

We have no idea how many potential “dots” the FBI, CIA, NSA and other agencies collect, but it’s easily in the millions. It’s easy to work backwards through the data and see all the obvious warning signs. But before a terrorist attack, when there are millions of dots—some important but the vast majority unimportant—uncovering plots is a lot harder.

Rather than thinking of intelligence as a simple connect-the-dots picture, think of it as a million unnumbered pictures superimposed on top of each other. Or a random-dot stereogram. Is it a sailboat, a puppy, two guys with pressure-cooker bombs, or just an unintelligible mess of dots? You try to figure it out.

It’s not a matter of not enough data, either.

Piling more data onto the mix makes it harder, not easier. The best way to think of it is a needle-in-a-haystack problem; the last thing you want to do is increase the amount of hay you have to search through. The television show Person of Interest is fiction, not fact.

There’s a name for this sort of logical fallacy: hindsight bias. First explained by psychologists Daniel Kahneman and Amos Tversky, it’s surprisingly common. Since what actually happened is so obvious once it happens, we overestimate how obvious it was before it happened.

We actually misremember what we once thought, believing that we knew all along that what happened would happen. It’s a surprisingly strong tendency, one that has been observed in countless laboratory experiments and real-world examples of behavior. And it’s what all the post-Boston-Marathon bombing dot-connectors are doing.

Before we start blaming agencies for failing to stop the Boston bombers, and before we push “intelligence reforms” that will shred civil liberties without making us any safer, we need to stop seeing the past as a bunch of obvious dots that need connecting.

Kahneman, a Nobel prize winner, wisely noted: “Actions that seemed prudent in foresight can look irresponsibly negligent in hindsight.” Kahneman calls it “the illusion of understanding,” explaining that the past is only so understandable because we have cast it as simple inevitable stories and leave out the rest.

Nassim Taleb, an expert on risk engineering, calls this tendency the “narrative fallacy.” We humans are natural storytellers, and the world of stories is much more tidy, predictable and coherent than the real world.

Millions of people behave strangely enough to warrant the FBI’s notice, and almost all of them are harmless. It is simply not possible to find every plot beforehand, especially when the perpetrators act alone and on impulse.

We have to accept that there always will be a risk of terrorism, and that when the occasional plot succeeds, it’s not necessarily because our law enforcement systems have failed.

This essay previously appeared on CNN.

EDITED TO ADD (5/7): The hindsight bias was actually first discovered by Baruch Fischhoff: “Hindsight is not equal to foresight: The effect of outcome knowledge on judgment under uncertainty,” Journal of Experimental Psychology: Human Perception and Performance, 1(3), 1975, pp. 288-299.

Posted on May 7, 2013 at 6:10 AMView Comments

The Police Now Like Amateur Photography

PhotographyIsNotACrime.com points out the obvious: after years of warning us that photography is suspicious, the police were happy to accept all of those amateur photographs and videos at the Boston Marathon.

Adding to the hypocrisy is that these same authorities will most likely start clamping down on citizens with cameras more than ever once the smoke clears and we once again become a nation of paranoids willing to give up our freedoms in exchange for some type of perceived security.

After all, that is exactly how it played out in the years after the 9/11 terrorist attacks where it became impossible to photograph buildings, trains or airplanes without drawing the suspicion of authorities as potential terrorists.

Posted on April 23, 2013 at 12:34 PMView Comments

About Police Shoot Outs and Spectators

Hopefully this advice is superfluous for my audience, but it’s so well written it’s worth reading nonetheless:

7. SO, the bottom line is this: If you are in a place where you hear steady, and sustained, and nearby (lets call that, for some technical reasons, anything less than 800 meters) gunfire, do these things:

  • Go to your basement. You are cool there.
  • If you don’t have a basement, go to the other side of the house from the firing, and leave, heading away from the firing. Do not stop for a mile.
  • If you do not think that you can leave, get on the ground floor, as far from the firing as possible, and place something solid between you and the firing. Solid is something like a bathtub, a car (engine block), a couple of concrete walls (single layer brick…nope).
  • If you are high up (say 4rd story or higher) just get away from the side of the building where the firing is taking place. You will, mostly, be protected by the thick concrete of the structure.

8. But for cripes sake, do not step out on to your front porch and start recording a video on your iPhone, unless you actually have a death-wish, or are being paid significant amounts of money, in advance, as a combat journalist/cameraman.

Posted on April 21, 2013 at 10:48 AMView Comments

The Boston Marathon Bomber Manhunt

I generally give the police a lot of tactical leeway in times like this. The very armed and very dangerous suspects warranted extraordinary treatment. They were perfectly capable of killing again, taking hostages, planting more bombs—and we didn’t know the extent of the plot or the group. That’s why I didn’t object to the massive police dragnet, the city-wide lock down, and so on.

Ross Anderson has a different take:

…a million people were under virtual house arrest; the 19-year-old fugitive from justice happened to be a Muslim. Whatever happened to the doctrine that infringements of one liberty to protect another should be necessary and proportionate?

In the London bombings, four idiots killed themselves in the first incident with a few dozen bystanders, but the second four failed and ran for it when their bombs didn’t go off. It didn’t occur to anyone to lock down London. They were eventually tracked down and arrested, together with their support team. Digital forensics played a big role; the last bomber to be caught left the country and changed his SIM, but not his IMEI. It’s next to impossible for anyone to escape nowadays if the authorities try hard.

He has a point, although I’m not sure I agree with it.

Opinions?

EDITED TO ADD (4/20): This makes the argument very well. On the other hand, readers are rightfully pointing out that the lock down was in response to the shooting of a campus police officer, a carjacking, a firefight, and a vehicle chase with thrown bombs: the sort of thing that pretty much only happens in the movies.

EDITED TO ADD (4/20): More commentary on this Slashdot thread.

Posted on April 20, 2013 at 8:19 AMView Comments

Text Message Retention Policies

The FBI wants cell phone carriers to store SMS messages for a long time, enabling them to conduct surveillance backwards in time. Nothing new there—data retention laws are being debated in many countries around the world—but this was something I did not know:

Wireless providers’ current SMS retention policies vary. An internal Justice Department document (PDF) that the ACLU obtained through the Freedom of Information Act shows that, as of 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. Verizon did for up to five days, a change from its earlier no-logs-at-all position, and Virgin Mobile kept them for 90 days. The carriers generally kept metadata such as the phone numbers associated with the text for 90 days to 18 months; AT&T was an outlier, keeping it for as long as seven years.

An e-mail message from a detective in the Baltimore County Police Department, leaked by Antisec and reproduced in a 2011 Wired article, says that Verizon keeps “text message content on their servers for 3-5 days.” And: “Sprint stores their text message content going back 12 days and Nextel content for 7 days. AT&T/Cingular do not preserve content at all. Us Cellular: 3-5 days Boost Mobile LLC: 7 days”

That second set of data is from 2009.

Leaks seems to be the primary way we learn how our privacy is being violated these days—we need more of them.

EDITED TO ADD (4/12): Discussion of Canadian policy.

Posted on March 21, 2013 at 1:17 PMView Comments

How the FBI Intercepts Cell Phone Data

Good article on “Stingrays,” which the FBI uses to monitor cell phone data. Basically, they trick the phone into joining a fake network. And, since cell phones inherently trust the network—as opposed to computers which inherently do not trust the Internet—it’s easy to track people and collect data. There are lots of questions about whether or not it is illegal for the FBI to do this without a warrant. We know that the FBI has been doing this for almost twenty years, and that they know that they’re on shaky legal ground.

The latest release, amounting to some 300 selectively redacted pages, not only suggests that sophisticated cellphone spy gear has been widely deployed since the mid-’90s. It reveals that the FBI conducted training sessions on cell tracking techniques in 2007 and around the same time was operating an internal “secret” website with the purpose of sharing information and interactive media about “effective tools” for surveillance. There are also some previously classified emails between FBI agents that show the feds joking about using the spy gear. “Are you smart enough to turn the knobs by yourself?” one agent asks a colleague.

Of course, if a policeman actually has your phone, he can suck pretty much everything out of it—again, without a warrant.

Using a single “data extraction session” they were able to pull:

  • call activity
  • phone book directory information
  • stored voicemails and text messages
  • photos and videos
  • apps
  • eight different passwords
  • 659 geolocation points, including 227 cell towers and 403 WiFi networks with which the cell phone had previously connected.

Posted on March 7, 2013 at 1:39 PMView Comments

Technologies of Surveillance

It’s a new day for the New York Police Department, with technology increasingly informing the way cops do their jobs. With innovation comes new possibilities but also new concerns.

For one, the NYPD is testing a new type of security apparatus that uses terahertz radiation to detect guns under clothing from a distance. As Police Commissioner Ray Kelly explained to the Daily News back in January, If something is obstructing the flow of that radiation—a weapon, for example—the device will highlight that object.

Ignore, for a moment, the glaring constitutional concerns, which make the stop-and-frisk debate pale in comparison: virtual strip-searching, evasion of probable cause, potential racial profiling. Organizations like the American Civil Liberties Union are all over those, even though their opposition probably won’t make a difference. We’re scared of both terrorism and crime, even as the risks decrease; and when we’re scared, we’re willing to give up all sorts of freedoms to assuage our fears. Often, the courts go along.

A more pressing question is the effectiveness of technologies that are supposed to make us safer. These include the NYPD’s Domain Awareness System, developed by Microsoft, which aims to integrate massive quantities of data to alert cops when a crime may be taking place. Other innovations are surely in the pipeline, all promising to make the city safer. But are we being sold a bill of goods?

For example, press reports make the gun-detection machine look good. We see images from the camera that pretty clearly show a gun outlined under someone’s clothing. From that, we can imagine how this technology can spot gun-toting criminals as they enter government buildings or terrorize neighborhoods. Given the right inputs, we naturally construct these stories in our heads. The technology seems like a good idea, we conclude.

The reality is that we reach these conclusions much in the same way we decide that, say, drinking Mountain Dew makes you look cool. These are, after all, the products of for-profit companies, pushed by vendors looking to make sales. As such, they’re marketed no less aggressively than soda pop and deodorant. Those images of criminals with concealed weapons were carefully created both to demonstrate maximum effectiveness and push our fear buttons. These companies deliberately craft stories of their effectiveness, both through advertising and placement on television and movies, where police are often showed using high-powered tools to catch high-value targets with minimum complication.

The truth is that many of these technologies are nowhere near as reliable as claimed. They end up costing us gazillions of dollars and open the door for significant abuse. Of course, the vendors hope that by the time we realize this, they’re too embedded in our security culture to be removed.

The current poster child for this sort of morass is the airport full-body scanner. Rushed into airports after the underwear bomber Umar Farouk Abdulmutallab nearly blew up a Northwest Airlines flight in 2009, they made us feel better, even though they don’t work very well and, ironically, wouldn’t have caught Abdulmutallab with his underwear bomb. Both the Transportation Security Administration and vendors repeatedly lied about their effectiveness, whether they stored images, and how safe they were. In January, finally, backscatter X-ray scanners were removed from airports because the company who made them couldn’t sufficiently blur the images so they didn’t show travelers naked. Now, only millimeter-wave full-body scanners remain.

Another example is closed-circuit television (CCTV) cameras. These have been marketed as a technological solution to both crime and understaffed police and security organizations. London, for example, is rife with them, and New York has plenty of its own. To many, it seems apparent that they make us safer, despite cries of Big Brother. The problem is that in study after study, researchers have concluded that they don’t.

Counterterrorist data mining and fusion centers: nowhere near as useful as those selling the technologies claimed. It’s the same with DNA testing and fingerprint technologies: both are far less accurate than most people believe. Even torture has been oversold as a security system—this time by a government instead of a company—despite decades of evidence that it doesn’t work and makes us all less safe.

It’s not that these technologies are totally useless. It’s that they’re expensive, and none of them is a panacea. Maybe there’s a use for a terahertz radar, and maybe the benefits of the technology are worth the costs. But we should not forget that there’s a profit motive at work, too.

An edited version of this essay, without links, appeared in the New York Daily News.

EDITED TO ADD (2/13): IBM’s version massive data policing system is being tested in Rio de Jeneiro.

Posted on March 5, 2013 at 6:28 AMView Comments

1 11 12 13 14 15 46

Sidebar photo of Bruce Schneier by Joe MacInnis.