Entries Tagged "privacy"

Page 131 of 144

Vehicle Tracking in the UK

Universal automobile surveillance is coming:

Britain is to become the first country in the world where the movements of all vehicles on the roads are recorded. A new national surveillance system will hold the records for at least two years.

Using a network of cameras that can automatically read every passing number plate, the plan is to build a huge database of vehicle movements so that the police and security services can analyse any journey a driver has made over several years.

The network will incorporate thousands of existing CCTV cameras which are being converted to read number plates automatically night and day to provide 24/7 coverage of all motorways and main roads, as well as towns, cities, ports and petrol-station forecourts.

By next March a central database installed alongside the Police National Computer in Hendon, north London, will store the details of 35 million number-plate “reads” per day. These will include time, date and precise location, with camera sites monitored by global positioning satellites.

As The Independent opines, this is only the beginning:

The new national surveillance network for tracking car journeys, which has taken more than 25 years to develop, is only the beginning of plans to monitor the movements of all British citizens. The Home Office Scientific Development Branch in Hertfordshire is already working on ways of automatically recognising human faces by computer, which many people would see as truly introducing the prospect of Orwellian street surveillance, where our every move is recorded and stored by machines.

Although the problems of facial recognition by computer are far more formidable than for car number plates, experts believe it is only a matter of time before machines can reliably pull a face out of a crowd of moving people.

If the police and security services can show that a national surveillance operation based on recording car movements can protect the public against criminals and terrorists, there will be a strong political will to do the same with street cameras designed to monitor the flow of human traffic.

I’ve already written about the security risks of what I call “wholesale surveillance.” Once this information is collected, it will be misused, lost, and stolen. It will be filled with errors. The problems and insecurities that come from living in a surveillance society more than outweigh any crimefighting (and terrorist-fighting) advantages.

Posted on December 22, 2005 at 2:41 PMView Comments

The Security Threat of Unchecked Presidential Power

This past Thursday, the New York Times exposed the most significant violation of federal surveillance law in the post-Watergate era. President Bush secretly authorized the National Security Agency to engage in domestic spying, wiretapping thousands of Americans and bypassing the legal procedures regulating this activity.

This isn’t about the spying, although that’s a major issue in itself. This is about the Fourth Amendment protections against illegal search. This is about circumventing a teeny tiny check by the judicial branch, placed there by the legislative branch, placed there 27 years ago—on the last occasion that the executive branch abused its power so broadly.

In defending this secret spying on Americans, Bush said that he relied on his constitutional powers (Article 2) and the joint resolution passed by Congress after 9/11 that led to the war in Iraq. This rationale was spelled out in a memo written by John Yoo, a White House attorney, less than two weeks after the attacks of 9/11. It’s a dense read and a terrifying piece of legal contortionism, but it basically says that the president has unlimited powers to fight terrorism. He can spy on anyone, arrest anyone, and kidnap anyone and ship him to another country … merely on the suspicion that he might be a terrorist. And according to the memo, this power lasts until there is no more terrorism in the world.

Yoo starts by arguing that the Constitution gives the president total power during wartime. He also notes that Congress has recently been quiescent when the president takes some military action on his own, citing President Clinton’s 1998 strike against Sudan and Afghanistan.

Yoo then says: “The terrorist incidents of September 11, 2001, were surely far graver a threat to the national security of the United States than the 1998 attacks. … The President’s power to respond militarily to the later attacks must be correspondingly broader.”

This is novel reasoning. It’s as if the police would have greater powers when investigating a murder than a burglary.

More to the point, the congressional resolution of Sept. 14, 2001, specifically refused the White House’s initial attempt to seek authority to preempt any future acts of terrorism, and narrowly gave Bush permission to go after those responsible for the attacks on the Pentagon and World Trade Center.

Yoo’s memo ignored this. Written 11 days after Congress refused to grant the president wide-ranging powers, it admitted that “the Joint Resolution is somewhat narrower than the President’s constitutional authority,” but argued “the President’s broad constitutional power to use military force … would allow the President to … [take] whatever actions he deems appropriate … to pre-empt or respond to terrorist threats from new quarters.”

Even if Congress specifically says no.

The result is that the president’s wartime powers, with its armies, battles, victories, and congressional declarations, now extend to the rhetorical “War on Terror”: a war with no fronts, no boundaries, no opposing army, and—most ominously—no knowable “victory.” Investigations, arrests, and trials are not tools of war. But according to the Yoo memo, the president can define war however he chooses, and remain “at war” for as long as he chooses.

This is indefinite dictatorial power. And I don’t use that term lightly; the very definition of a dictatorship is a system that puts a ruler above the law. In the weeks after 9/11, while America and the world were grieving, Bush built a legal rationale for a dictatorship. Then he immediately started using it to avoid the law.

This is, fundamentally, why this issue crossed political lines in Congress. If the president can ignore laws regulating surveillance and wiretapping, why is Congress bothering to debate reauthorizing certain provisions of the Patriot Act? Any debate over laws is predicated on the belief that the executive branch will follow the law.

This is not a partisan issue between Democrats and Republicans; it’s a president unilaterally overriding the Fourth Amendment, Congress and the Supreme Court. Unchecked presidential power has nothing to do with how much you either love or hate George W. Bush. You have to imagine this power in the hands of the person you most don’t want to see as president, whether it be Dick Cheney or Hillary Rodham Clinton, Michael Moore or Ann Coulter.

Laws are what give us security against the actions of the majority and the powerful. If we discard our constitutional protections against tyranny in an attempt to protect us from terrorism, we’re all less safe as a result.

This essay was published today as an op-ed in the Minneapolis Star Tribune.

Here’s the opening paragraph of the Yoo memo. Remember, think of this power in the hands of your least favorite politician when you read it:

You have asked for our opinion as to the scope of the President’s authority to take military action in response to the terrorist attacks on the United States on September 11, 2001. We conclude that the President has broad constitutional power to use military force. Congress has acknowledged this inherent executive power in both the War Powers Resolution, Pub. L. No. 93-148, 87 Stat. 555 (1973), codified at 50 U.S.C. § 1541-1548 (the “WPR”), and in the Joint Resolution passed by Congress on September 14, 2001, Pub. L. No. 107-40, 115 Stat. 224 (2001). Further, the President has the constitutional power not only to retaliate against any person, organization, or State suspected of involvement in terrorist attacks on the United States, but also against foreign States suspected of harboring or supporting such organizations. Finally, the President may deploy military force preemptively against terrorist organizations or the States that harbor or support them, whether or not they can be linked to the specific terrorist incidents of September 11.

There’s a similar reasoning in the Braybee memo, which was written in 2002 about torture:

In a series of opinions examining various legal questions arising after September 11, we have examined the scope of the President’s Commander-in-Chief power. . . . Foremost among the objectives committed by the Constitution to [the President’s] trust. As Hamilton explained in arguing for the Constitution’s adoption, “because the circumstances which may affect the public safety are not reducible within certain limits, it must be admitted, as a necessary consequence, that there can be no limitation of that authority, which is to provide for the defense and safety of the community, in any manner essential to its efficacy.”

. . . [The Constitution’s] sweeping grant vests in the President an unenumerated Executive power . . . The Commander in Chief power and the President’s obligation to protect the Nation imply the ancillary powers necessary to their successful exercise.

NSA watcher James Bamford points out how this action was definitely considered illegal in 1978, which is why FISA was passed in the first place:

When the Foreign Intelligence Surveillance Act was created in 1978, one of the things that the Attorney General at the time, Griffin Bell, said—he testified before the intelligence committee, and he said that the current bill recognizes no inherent power of the President to conduct electronic surveillance. He said, “This bill specifically states that the procedures in the bill are the exclusive means by which electronic surveillance may be conducted.” In other words, what the President is saying is that he has these inherent powers to conduct electronic surveillance, but the whole reason for creating this act, according to the Attorney General at the time, was to prevent the President from using any inherent powers and to use exclusively this act.

Also this from Salon, discussing a 1952 precedent:

Attorney General Alberto Gonzales argues that the president’s authority rests on two foundations: Congress’s authorization to use military force against al-Qaida, and the Constitution’s vesting of power in the president as commander-in-chief, which necessarily includes gathering “signals intelligence” on the enemy. But that argument cannot be squared with Supreme Court precedent. In 1952, the Supreme Court considered a remarkably similar argument during the Korean War. Youngstown Sheet & Tube Co. v. Sawyer, widely considered the most important separation-of-powers case ever decided by the court, flatly rejected the president’s assertion of unilateral domestic authority during wartime. President Truman had invoked the commander-in-chief clause to justify seizing most of the nation’s steel mills. A nationwide strike threatened to undermine the war, Truman contended, because the mills were critical to manufacturing munitions.

The Supreme Court’s rationale for rejecting Truman’s claims applies with full force to Bush’s policy. In what proved to be the most influential opinion in the case, Justice Robert Jackson identified three possible scenarios in which a president’s actions may be challenged. Where the president acts with explicit or implicit authorization from Congress, his authority “is at its maximum,” and will generally be upheld. Where Congress has been silent, the president acts in a “zone of twilight” in which legality “is likely to depend on the imperatives of events and contemporary imponderables rather than on abstract theories of law.” But where the president acts in defiance of “the expressed or implied will of Congress,” Justice Jackson maintained, his power is “at its lowest ebb,” and his actions can be sustained only if Congress has no authority to regulate the subject at all.

In the steel seizure case, Congress had considered and rejected giving the president the authority to seize businesses in the face of threatened strikes, thereby placing President Truman’s action in the third of Justice Jackson’s categories. As to the war power, Justice Jackson noted, “The Constitution did not contemplate that the Commander in Chief of the Army and Navy will constitute him also Commander in Chief of the country, its industries, and its inhabitants.”

Like Truman, President Bush acted in the face of contrary congressional authority. In FISA, Congress expressly addressed the subject of warrantless wiretaps during wartime, and limited them to the first 15 days after war is declared. Congress then went further and made it a crime, punishable by up to five years in jail, to conduct a wiretap without statutory authorization.

The Attorney General said that the Administration didn’t try to do this legally, because they didn’t think they could get the law passed. But don’t worry, an NSA shift supervisor is acting in the role of a FISC judge:

GENERAL HAYDEN: FISA involves the process—FISA involves marshaling arguments; FISA involves looping paperwork around, even in the case of emergency authorizations from the Attorney General. And beyond that, it’s a little—it’s difficult for me to get into further discussions as to why this is more optimized under this process without, frankly, revealing too much about what it is we do and why and how we do it.

Q If FISA didn’t work, why didn’t you seek a new statute that allowed something like this legally?

ATTORNEY GENERAL GONZALES: That question was asked earlier. We’ve had discussions with members of Congress, certain members of Congress, about whether or not we could get an amendment to FISA, and we were advised that that was not likely to be—that was not something we could likely get, certainly not without jeopardizing the existence of the program, and therefore, killing the program. And that—and so a decision was made that because we felt that the authorities were there, that we should continue moving forward with this program.

Q And who determined that these targets were al Qaeda? Did you wiretap them?

GENERAL HAYDEN: The judgment is made by the operational work force at the National Security Agency using the information available to them at the time, and the standard that they apply—and it’s a two-person standard that must be signed off by a shift supervisor, and carefully recorded as to what created the operational imperative to cover any target, but particularly with regard to those inside the United States.

Q So a shift supervisor is now making decisions that a FISA judge would normally make? I just want to make sure I understand. Is that what you’re saying?

Senators from both parties are demanding hearings:

Democratic and Republican calls mounted on Tuesday for U.S. congressional hearings into President George W. Bush’s assertion that he can order warrantless spying on Americans with suspected terrorist ties.

Vice President Dick Cheney predicted a backlash against critics of the administration’s anti-terrorism policies. He also dismissed charges that Bush overstepped his constitutional bounds when he implemented the recently disclosed eavesdropping shortly after the September 11 attacks.

Republican Sens. Chuck Hagel of Nebraska and Olympia Snowe of Maine joined Democratic Sens. Carl Levin of Michigan, Dianne Feinstein of California and Ron Wyden of Oregon in calling for a joint investigation by the Senate Intelligence and Judiciary Committees into whether the government eavesdropped “without appropriate legal authority.”

Senate Minority Leader Harry Reid, a Nevada Democrat, said he would prefer separate hearings by the Judiciary Committee, which has already promised one, and Intelligence Committee.

This New York Times paragraph is further evidence that we’re talking about an Echelon-like surveillance program here:

Administration officials, speaking anonymously because of the sensitivity of the information, suggested that the speed with which the operation identified “hot numbers” – the telephone numbers of suspects – and then hooked into their conversations lay behind the need to operate outside the old law.

And some more snippets.

There are about a zillion more URLs I could list here. I posted these already, but both Oren Kerr and
Daniel Solove have good discussions of the legal issues. And here are three legal posts by Marty Lederman. A summary of the Republican arguments. Four good blog posts. Spooks comment on the issue.

And this George W. Bush quote (video and transcript), from December 18, 2000, is just too surreal not to reprint: “If this were a dictatorship, it’d be a heck of a lot easier, just so long as I’m the dictator.”

I guess 9/11 made it a heck of a lot easier.

Look, I don’t think 100% of the blame belongs to President Bush. (This kind of thing was also debated under Clinton.) The Congress, Democrats included, have allowed the Executive to gather power at the expense of the other two branches. This is the fundamental security issue here, and it’ll be an issue regardless of who wins the White House in 2008.

EDITED TO ADD (12/21): FISC Judge James Robertson resigned yesterday:

Two associates familiar with his decision said yesterday that Robertson privately expressed deep concern that the warrantless surveillance program authorized by the president in 2001 was legally questionable and may have tainted the FISA court’s work.

….Robertson indicated privately to colleagues in recent conversations that he was concerned that information gained from warrantless NSA surveillance could have then been used to obtain FISA warrants. FISA court Presiding Judge Colleen Kollar-Kotelly, who had been briefed on the spying program by the administration, raised the same concern in 2004 and insisted that the Justice Department certify in writing that it was not occurring.

“They just don’t know if the product of wiretaps were used for FISA warrants—to kind of cleanse the information,” said one source, who spoke on the condition of anonymity because of the classified nature of the FISA warrants. “What I’ve heard some of the judges say is they feel they’ve participated in a Potemkin court.”

More generally, here’s some of the relevant statutes and decisions:

Foreign Intelligence Surveillance Act (FISA)” (1978).

Authorization for Use of Military Force (2001),” the law authorizing Bush to use military force against the 9/11 terrorists.

United States v. United States District Court,” 407 U.S. 297 (1972), a national security surveillance case that turned on the Fourth Amendment.

Hamdi v. Rumsfeld,” 124 S. Ct. 981 (2004), the recent Supreme Court case examining the president’s powers during wartime.

[The Government’s position] cannot be mandated by any reasonable view of the separation of powers, as this view only serves to condense power into a single branch of government. We have long since made clear that a state of war is not a blank check for the President when it comes to the rights of the Nation’s citizens. Youngstown Steel and Tube, 343 U.S. at 587. Whatever power the United States Constitution envisions for the Executive in times of conflict with other Nations or enemy organizations, it most assuredly envisions a role for all three branches when individual liberties are at stake.

And here are a bunch of blog posts:

Daniel Solove: “Hypothetical: What If President Bush Were Correct About His Surveillance Powers?.”

Seth Weinberger: “Declaring War and Executive Power.”

Juliette Kayyem: “Wiretaps, AUMF and Bush’s Comments Today.”

Mark Schmitt: “Alito and the Wiretaps.”

Eric Muller: “Lawless Like I Said.”

Cass Sunstein: “Presidential Wiretap.”

Spencer Overton: “Judge Damon J. Keith: No Warrantless Wiretaps of Citizens.”

Will Baude: “Presidential Authority, A Lament.”

And news articles:

Washington Post: “Clash Is Latest Chapter in Bush Effort to Widen Executive Power.”

The clash over the secret domestic spying program is one slice of a broader struggle over the power of the presidency that has animated the Bush administration. George W. Bush and Dick Cheney came to office convinced that the authority of the presidency had eroded and have spent the past five years trying to reclaim it.

From shielding energy policy deliberations to setting up military tribunals without court involvement, Bush, with Cheney’s encouragement, has taken what scholars call a more expansive view of his role than any commander in chief in decades. With few exceptions, Congress and the courts have largely stayed out of the way, deferential to the argument that a president needs free rein, especially in wartime.

New York Times: Spying Program Snared U.S. Calls.”

A surveillance program approved by President Bush to conduct eavesdropping without warrants has captured what are purely domestic communications in some cases, despite a requirement by the White House that one end of the intercepted conversations take place on foreign soil, officials say.

Posted on December 21, 2005 at 6:50 AM

NSA and Bush’s Illegal Eavesdropping

When President Bush directed the National Security Agency to secretly eavesdrop on American citizens, he transferred an authority previously under the purview of the Justice Department to the Defense Department and bypassed the very laws put in place to protect Americans against widespread government eavesdropping. The reason may have been to tap the NSA’s capability for data-mining and widespread surveillance.

Illegal wiretapping of Americans is nothing new. In the 1950s and ’60s, in a program called “Project Shamrock,” the NSA intercepted every single telegram coming into or going out of the United States. It conducted eavesdropping without a warrant on behalf of the CIA and other agencies. Much of this became public during the 1975 Church Committee hearings and resulted in the now famous Foreign Intelligence Surveillance Act (FISA) of 1978.

The purpose of this law was to protect the American people by regulating government eavesdropping. Like many laws limiting the power of government, it relies on checks and balances: one branch of the government watching the other. The law established a secret court, the Foreign Intelligence Surveillance Court (FISC), and empowered it to approve national-security-related eavesdropping warrants. The Justice Department can request FISA warrants to monitor foreign communications as well as communications by American citizens, provided that they meet certain minimal criteria.

The FISC issued about 500 FISA warrants per year from 1979 through 1995, and has slowly increased subsequently—1,758 were issued in 2004. The process is designed for speed and even has provisions where the Justice Department can wiretap first and ask for permission later. In all that time, only four warrant requests were ever rejected: all in 2003. (We don’t know any details, of course, as the court proceedings are secret.)

FISA warrants are carried out by the FBI, but in the days immediately after the terrorist attacks, there was a widespread perception in Washington that the FBI wasn’t up to dealing with these new threats—they couldn’t uncover plots in a timely manner. So instead the Bush administration turned to the NSA. They had the tools, the expertise, the experience, and so they were given the mission.

The NSA’s ability to eavesdrop on communications is exemplified by a technological capability called Echelon. Echelon is the world’s largest information “vacuum cleaner,” sucking up a staggering amount of voice, fax, and data communications—satellite, microwave, fiber-optic, cellular and everything else—from all over the world: an estimated 3 billion communications per day. These communications are then processed through sophisticated data-mining technologies, which look for simple phrases like “assassinate the president” as well as more complicated communications patterns.

Supposedly Echelon only covers communications outside of the United States. Although there is no evidence that the Bush administration has employed Echelon to monitor communications to and from the U.S., this surveillance capability is probably exactly what the president wanted and may explain why the administration sought to bypass the FISA process of acquiring a warrant for searches.

Perhaps the NSA just didn’t have any experience submitting FISA warrants, so Bush unilaterally waived that requirement. And perhaps Bush thought FISA was a hindrance—in 2002 there was a widespread but false believe that the FISC got in the way of the investigation of Zacarias Moussaoui (the presumed “20th hijacker”)—and bypassed the court for that reason.

Most likely, Bush wanted a whole new surveillance paradigm. You can think of the FBI’s capabilities as “retail surveillance”: It eavesdrops on a particular person or phone. The NSA, on the other hand, conducts “wholesale surveillance.” It, or more exactly its computers, listens to everything. An example might be to feed the computers every voice, fax, and e-mail communication looking for the name “Ayman al-Zawahiri.” This type of surveillance is more along the lines of Project Shamrock, and not legal under FISA. As Sen. Jay Rockefeller wrote in a secret memo after being briefed on the program, it raises “profound oversight issues.”

It is also unclear whether Echelon-style eavesdropping would prevent terrorist attacks. In the months before 9/11, Echelon noticed considerable “chatter”: bits of conversation suggesting some sort of imminent attack. But because much of the planning for 9/11 occurred face-to-face, analysts were unable to learn details.

The fundamental issue here is security, but it’s not the security most people think of. James Madison famously said: “If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary.” Terrorism is a serious risk to our nation, but an even greater threat is the centralization of American political power in the hands of any single branch of the government.

Over 200 years ago, the framers of the U.S. Constitution established an ingenious security device against tyrannical government: they divided government power among three different bodies. A carefully thought out system of checks and balances in the executive branch, the legislative branch, and the judicial branch, ensured that no single branch became too powerful.

After watching tyrannies rise and fall throughout Europe, this seemed like a prudent way to form a government. Courts monitor the actions of police. Congress passes laws that even the president must follow. Since 9/11, the United States has seen an enormous power grab by the executive branch. It’s time we brought back the security system that’s protected us from government for over 200 years.

A version of this essay originally appeared in Salon.

I wrote another essay about the legal and constitutional implications of this. The Minneapolis Star Tribune will publish it either Wednesday or Thursday, and I will post it here at that time.

I didn’t talk about the political dynamics in either essay, but they’re fascinating. The White House kept this secret, but they briefed at least six people outside the administration. The current and former chief justices of the FISC knew about this. Last Sunday’s Washington Post reported that both of them had misgivings about the program, but neither did anything about it. The White House also briefed the Committee Chairs and Ranking Members of the House and Senate Intelligence Committees, and they didn’t do anything about it. (Although Sen. Rockefeller wrote a bizarre I’m-not-going-down-with-you memo to Cheney and for his files.)

Cheney was on television this weekend citing this minimal disclosure as evidence that Congress acquiesced to the program. I see it as evidence of something else: if people from both the Legislative and the Judiciary branches knowingly permitted unlawful surveillance by the Executive branch, then the current system of checks and balances isn’t working.

It’s also evidence about how secretive this administration is. None of the other FISC judges, and none of the other House or Senate Intelligence Committee members, were told about this,­ even under clearance. And if there’s one thing these people hate, it’s being kept in the dark on a matter within their jurisdiction. That’s why Senator Feinstein, a member of the Senate Intelligence Committee, was so upset yesterday. And it’s pushing Senator Specter, and some of the Republicans in these Judiciary committees, further into the civil liberties camp.

There are about a zillion links worth reading, but here are some of them you might not yet have seen. Some good newspaper commentaries. An excellent legal analysis. Three blog posts. Four more blog posts. Daniel Solove on FISA. Two legal analyses. An interesting “Democracy Now” commentary, including interesting comments on the NSA’s capabilities by James Bamford. And finally, my 2004 essay on the security of checks and balances.

“Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.”—William Pitt, House of Commons, 11/18/1783.

Posted on December 20, 2005 at 12:45 PMView Comments

The Military is Spying on Americans

The Defense Department is collecting data on perfectly legal, peaceful, anti-war protesters.

The DOD database obtained by NBC News includes nearly four dozen anti-war meetings or protests, including some that have taken place far from any military installation, post or recruitment center. One “incident” included in the database is a large anti-war protest at Hollywood and Vine in Los Angeles last March that included effigies of President Bush and anti-war protest banners. Another incident mentions a planned protest against military recruiters last December in Boston and a planned protest last April at McDonald’s National Salute to America’s Heroes—a military air and sea show in Fort Lauderdale, Fla.

The Fort Lauderdale protest was deemed not to be a credible threat and a column in the database concludes: “US group exercising constitutional rights.” Two-hundred and forty-three other incidents in the database were discounted because they had no connection to the Department of Defense—yet they all remained in the database.

The DOD has strict guidelines (PDF link), adopted in December 1982, that limit the extent to which they can collect and retain information on U.S. citizens.

Still, the DOD database includes at least 20 references to U.S. citizens or U.S. persons. Other documents obtained by NBC News show that the Defense Department is clearly increasing its domestic monitoring activities. One DOD briefing document stamped “secret” concludes: “[W]e have noted increased communication and encouragement between protest groups using the [I]nternet,” but no “significant connection” between incidents, such as “reoccurring instigators at protests” or “vehicle descriptions.”

Personally, I am very worried about this increase in military activity inside our country. If anyone should be making sure protesters stay on the right side of the law, it’s the police…not the military.

And it could get worse.

EDITED TO ADD (12/16): There’s also this news :

Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without the court-approved warrants ordinarily required for domestic spying, according to government officials…..

Mr. Bush’s executive order allowing some warrantless eavesdropping on those inside the United States including American citizens, permanent legal residents, tourists and other foreigners is based on classified legal opinions that assert that the president has broad powers to order such searches, derived in part from the September 2001 Congressional resolution authorizing him to wage war on Al Qaeda and other terrorist groups, according to the officials familiar with the N.S.A. operation.

And:

….officials familiar with it said the N.S.A. eavesdropped without warrants on up to 500 people in the United States at any given time. The list changes as some names are added and others dropped, so the number monitored in this country may have reached into the thousands over the past three years, several officials said. Overseas, about 5,000 to 7,000 people suspected of terrorist ties are monitored at one time, according to those officials.

This is a very long article, but worth reading. It is not overstatement to suggest that this may be the most significant violation of federal surveillance law in the post-Watergate era.

EDITED TO ADD (12/16): Good analysis from Political Animal. The reason Bush’s executive order is a big deal is because it’s against the law.

Here is the Foreign Intelligence Surveillance Act. Its Section 1809a makes it a criminal offense to “engage in electronic surveillance under color of law except as authorized by statute.”

FISA does authorize surveillance without a warrant, but not on US citizens (with the possible exception of citizens speaking from property openly owned by a foreign power; e.g., an embassy.)

FISA also says that the Attorney General can authorize emergency surveillance without a warrant when there is no time to obtain one. But it requires that the Attorney General notify the judge of that authorization immediately, and that he (and yes, the law does say ‘he’) apply for a warrant “as soon as practicable, but not more than 72 hours after the Attorney General authorizes such surveillance.”

It also says this:

“In the absence of a judicial order approving such electronic surveillance, the surveillance shall terminate when the information sought is obtained, when the application for the order is denied, or after the expiration of 72 hours from the time of authorization by the Attorney General, whichever is earliest. In the event that such application for approval is denied, or in any other case where the electronic surveillance is terminated and no order is issued approving the surveillance, no information obtained or evidence derived from such surveillance shall be received in evidence or otherwise disclosed in any trial, hearing, or other proceeding in or before any court, grand jury, department, office, agency, regulatory body, legislative committee, or other authority of the United States, a State, or political subdivision thereof”.

Nothing in the New York Times report suggests that the wiretaps Bush authorized extended only for 72 hours, or that normal warrants were sought in each case within 72 hours after the wiretap began. On the contrary, no one would have needed a special program or presidential order if they had.

According to the Times, “the Bush administration views the operation as necessary so that the agency can move quickly to monitor communications that may disclose threats to the United States.” But this is just wrong. As I noted above, the law specifically allows for warrantless surveillance in emergencies, when the government needs to start surveillance before it can get a warrant. It explains exactly what the government needs to do under those circumstances. It therefore provides the flexibility the administration claims it needed.

They had no need to go around the law. They could easily have obeyed it. They just didn’t want to.

Posted on December 16, 2005 at 6:49 AMView Comments

Totally Secure Classical Communications?

My eighth Wired column:

How would you feel if you invested millions of dollars in quantum cryptography, and then learned that you could do the same thing with a few 25-cent Radio Shack components?

I’m exaggerating a little here, but if a new idea out of Texas A&M University turns out to be secure, we’ve come close.

Earlier this month, Laszlo Kish proposed securing a communications link, like a phone or computer line, with a pair of resistors. By adding electronic noise, or using the natural thermal noise of the resistors—called “Johnson noise”—Kish can prevent eavesdroppers from listening in.

In the blue-sky field of quantum cryptography, the strange physics of the subatomic world are harnessed to create a secure, unbreakable communications channel between two points. Kish’s research is intriguing, in part, because it uses the simpler properties of classic physics—the stuff you learned in high school—to achieve the same results.

At least, that’s the theory.

I go on to describe how the system works, and then discuss the security:

There hasn’t been enough analysis. I certainly don’t know enough electrical engineering to know whether there is any clever way to eavesdrop on Kish’s scheme. And I’m sure Kish doesn’t know enough security to know that, either. The physics and stochastic mathematics look good, but all sorts of security problems crop up when you try to actually build and operate something like this.

It’s definitely an idea worth exploring, and it’ll take people with expertise in both security and electrical engineering to fully vet the system.

There are practical problems with the system, though. The bandwidth the system can handle appears very limited. The paper gives the bandwidth-distance product as 2 x 106 meter-Hz. This means that over a 1-kilometer link, you can only send at 2,000 bps. A dialup modem from 1985 is faster. Even with a fat 500-pair cable you’re still limited to 1 million bps over 1 kilometer.

And multi-wire cables have their own problems; there are all sorts of cable-capacitance and cross-talk issues with that sort of link. Phone companies really hate those high-density cables, because of how long it takes to terminate or splice them.

Even more basic: It’s vulnerable to man-in-the-middle attacks. Someone who can intercept and modify messages in transit can break the security. This means you need an authenticated channel to make it work—a link that guarantees you’re talking to the person you think you’re talking to. How often in the real world do we have a wire that is authenticated but not confidential? Not very often.

Generally, if you can eavesdrop you can also mount active attacks. But this scheme only defends against passive eavesdropping.

For those keeping score, that’s four practical problems: It’s only link encryption and not end-to-end, it’s bandwidth-limited (but may be enough for key exchange), it works best for short ranges and it requires authentication to make it work. I can envision some specialized circumstances where this might be useful, but they’re few and far between.

But quantum key distributions have the same problems. Basically, if Kish’s scheme is secure, it’s superior to quantum communications in every respect: price, maintenance, speed, vibration, thermal resistance and so on.

Both this and the quantum solution share another problem, however; they’re solutions looking for a problem. In the realm of security, encryption is the one thing we already do pretty well. Focusing on encryption is like sticking a tall stake in the ground and hoping the enemy runs right into it, instead of building a wide wall.

Arguing about whether this kind of thing is more secure than AES—the United States’ national encryption standard—is like arguing about whether the stake should be a mile tall or a mile and a half tall. However tall it is, the enemy is going to go around the stake.

Software security, network security, operating system security, user interface—these are the hard security problems. Replacing AES with this kind of thing won’t make anything more secure, because all the other parts of the security system are so much worse.

This is not to belittle the research. I think information-theoretic security is important, regardless of practicality. And I’m thrilled that an easy-to-build classical system can work as well as a sexy, media-hyped quantum cryptosystem. But don’t throw away your crypto software yet.

Here’s the press release, here’s the paper, and here’s the Slashdot thread.

EDITED TO ADD (1/31): Here’s an interesting rebuttal.

Posted on December 15, 2005 at 6:13 AMView Comments

Most Stolen Identities Never Used

This is something I’ve been saying for a while, and it’s nice to see some independent confirmation:

A new study suggests consumers whose credit cards are lost or stolen or whose personal information is accidentally compromised face little risk of becoming victims of identity theft.

The analysis, released on Wednesday, also found that even in the most dangerous data breaches—where thieves access social security numbers and other sensitive information on consumers they have deliberately targeted—only about 1 in 1,000 victims had their identities stolen.

The reason is that thieves are stealing far more identities than they need. Two years ago, if someone asked me about protecting against identity theft, I would tell them to shred their trash and be careful giving information over the Internet. Today, that advice is obsolete. Criminals are not stealing identity information in ones and twos; they’re stealing identity information in blocks of hundreds of thousands and even millions.

If a criminal ring wants a dozen identities for some fraud scam, and they steal a database with 500,000 identities, then—as a percentage—almost none of those identities will ever be the victims of fraud.

Some other findings from their press release:

A significant finding from the research is that different breaches pose different degrees of risk. In the research, ID Analytics distinguishes between “identity-level” breaches, where names and Social Security numbers were stolen and “account-level” breaches, where only account numbers—sometimes associated with names—were stolen. ID Analytics also discovered that the degree of risk varies based on the nature of the data breach, for example, whether the breach was the result of a deliberate hacking into a database or a seemingly unintentional loss of data, such as tapes or disks being lost in transit.

And:

ID Analytics’ fraud experts believe the reason for the minimal use of stolen identities is based on the amount of time it takes to actually perpetrate identity theft against a consumer. As an example, it takes approximately five minutes to fill out a credit application. At this rate, it would take a fraudster working full-time ­ averaging 6.5 hours day, five days a week, 50 weeks a year ­ over 50 years to fully utilize a breached file consisting of one million consumer identities. If the criminal outsourced the work at a rate of $10 an hour in an effort to use a breached file of the same size in one year, it would cost that criminal about $830,000.

Another key finding indicates that in certain targeted data breaches, notices may have a deterrent effect. In one large-scale identity-level breach, thieves slowed their use of the data to commit identity theft after public notification. The research also showed how the criminals who stole the data in the breaches used identity data manipulation, or “tumbling” to avoid detection and to prolong the scam.

That last bit is interesting, and it makes this recommendation even more surprising:

The company suggests, for instance, that companies shouldn’t always notify consumers of data breaches because they may be unnecessarily alarming people who stand little chance of being victimized.

I agree with them that all this notification is having a “boy who cried wolf” effect on people. I know people living in California who get disclosure notifications in the mail regularly, and who have stopped paying attention to them.

But remember, the main security value of notification requirements is the cost. By increasing the cost to companies of data thefts, the goal is for them to increase their security. (The main security value used to be the public shaming, but these breaches are now so common that the press no longer writes about them.) Direct fines would be a better way of dealing with the economic externality, but the notification law is all we’ve got right now. I don’t support eliminating it until there’s something else in its place.

Posted on December 12, 2005 at 9:50 AMView Comments

U.S. Immigration Database Security

In September, the Inspector General of the Department of Homeland Security published a report on the security of the USCIS (United States Citizenship and Immigration Services) databases. It’s called: “Security Weaknesses Increase Risks to Critical United States Citizenship and Immigration Services Database,” and a redacted version (.pdf) is on the DHS website.

This is from the Executive Summary:

Although USCIS has not established adequate or effective database security controls for the Central Index System, it has implemented many essential security controls such as procedures for controlling temporary or emergency system access, a configuration management plan, and procedures for implementing routine and emergency changes. Further, we did not identify any significant configuration weaknesses during our technical tests of the Central Index System. However, additional work remains to implement the access controls, configuration management procedures, and continuity of operations safeguards necessary to protect sensitive Central Index System data effectively. Specifically, USCIS has not: 1) implemented effective user administration procedures; 2) reviewed and retained [REDACTED] effectively, 3) ensured that system changes are properly controlled; 4) developed and tested an adequate Information technology (IT) contingency plan; 5) implemented [REDACTED]; or 6) monitored system security functions sufficiently. These database security exposures increase the risk that unauthorized individuals could gain access to critical USCIS database resources and compromise the confidentiality, integrity, and availability of sensitive Central Index System data. [REDACTED]

Posted on December 8, 2005 at 7:38 AMView Comments

Snake-Oil Research in Nature

Snake-oil isn’t only in commercial products. Here’s a piece of research published (behind a paywall) in Nature that’s just full of it.

The article suggests using chaos in an electro-optical system to generate a pseudo-random light sequence, which is then added to the message to protect it from interception. Now, the idea of using chaos to build encryption systems has been tried many times in the cryptographic community, and has always failed. But the authors of the Nature article show no signs of familiarity with prior cryptographic work.

The published system has the obvious problem that it does not include any form of message authentication, so it will be trivial to send spoofed messages or tamper with messages while they are in transit.

But a closer examination of the paper’s figures suggests a far more fundamental problem. There’s no key. Anyone with a valid receiver can decode the ciphertext. No key equals no security, and what you have left is a totally broken system.

I e-mailed Claudio R. Mirasso, the corresponding author, about the lack of any key, and got this reply: “To extract the message from the chaotic carrier you need to replicate the carrier itself. This can only be done by a laser that matches the emitter characteristics within, let’s say, within 2-5%. Semiconductor lasers with such similarity have to be carefully selected from the same wafer. Even though you have to test them because they can still be too different and do not synchronize. We talk abut a hardware key. Also the operating conditions (current, feedback length and coupling strength) are part of the key.”

Let me translate that. He’s saying that there is a hardware key baked into the system at fabrication. (It comes from manufacturing deviations in the lasers.) There’s no way to change the key in the field. There’s no way to recover security if any of the transmitters/receivers are lost or stolen. And they don’t know how hard it would be for an attacker to build a compatible receiver, or even a tunable receiver that could listen to a variety of encodings.

This paper would never get past peer review in any competent cryptography journal or conference. I’m surprised it was accepted in Nature, a fiercely competitive journal. I don’t know why Nature is taking articles on topics that are outside its usual competence, but it looks to me like Nature got burnt here by a lack of expertise in the area.

To be fair, the paper very carefully skirts the issue of security, and claims hardly anything: “Additionally, chaotic carriers offer a certain degree of intrinsic privacy, which could complement (via robust hardware encryption) both classical (software based) and quantum cryptography systems.” Now that “certain degree of intrinsic privacy” is approximately zero. But other than that, they’re very careful how they word their claims.

For instance, the abstract says: “Chaotic signals have been proposed as broadband information carriers with the potential of providing a high level of robustness and privacy in data transmission.” But there’s no disclosure that this proposal is bogus, from a privacy perspective. And the next-to-last paragraph says “Building on this, it should be possible to develop reliable cost-effective secure communication systems that exploit deeper properties of chaotic dynamics.” No disclosure that “chaotic dynamics” is actually irrelevant to the “secure” part. The last paragraph talks about “smart encryption techniques” (referencing a paper that talks about chaos encryption), “developing active eavesdropper-evasion strategies” (whatever that means), and so on. It’s just enough that if you don’t parse their words carefully and don’t already know the area well, you might come away with the impression that this is a major advance in secure communications. It seems as if it would have helped to have a more careful disclaimer.

Communications security was listed as one of the motivations for studying this communications technique. To list this as a motivation, without explaining that their experimental setup is actually useless for communications security, is questionable at best.

Meanwhile, the press has written articles that convey the wrong impression. Science News has an article that lauds this as a big achievement for communications privacy.

It talks about it as a “new encryption strategy,” “chaos-encrypted communication,” “1 gigabyte of chaos-encrypted information per second.” It’s obvious that the communications security aspect is what Science News is writing about. If the authors knew that their scheme is useless for communications security, they didn’t explain that very well.

There is also a New Scientist article titled “Let chaos keep your secrets safe” that characterizes this as a “new cryptographic technique, ” but I can’t get a copy of the full article.

Here are two more articles that discuss its security benefits. In the latter, Mirasso says “the main task we have for the future” is to “define, test, and calibrate the security that our system can offer.”

And their project web page says that “the continuous increase of computer speed threatens the safety” of traditional cryptography (which is bogus) and suggests using physical-layer chaos as a way to solve this. That’s listed as the goal of the project.

There’s a lesson here. This is research undertaken by researchers with no prior track record in cryptography, submitted to a journal with no background in cryptography, and reviewed by reviewers with who knows what kind of experience in cryptography. Cryptography is a subtle subject, and trying to design new cryptosystems without the necessary experience and training in the field is a quick route to insecurity.

And what’s up with Nature? Cryptographers with no training in physics know better than to think they are competent to evaluate physics research. If a physics paper were submitted to a cryptography journal, the authors would likely be gently redirected to a physics journal—we wouldn’t want our cryptography conferences to accept a paper on a subject they aren’t competent to evaluate. Why would Nature expect the situation to be any different when physicists try to do cryptography research?

Posted on December 7, 2005 at 6:36 AMView Comments

FBI to Approve All Software?

Sounds implausible, I know. But how else do you explain this FCC ruling (from September—I missed it until now):

The Federal Communications Commission thinks you have the right to use software on your computer only if the FBI approves.

No, really. In an obscure “policy” document released around 9 p.m. ET last Friday, the FCC announced this remarkable decision.

According to the three-page document, to preserve the openness that characterizes today’s Internet, “consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement.” Read the last seven words again.

The FCC didn’t offer much in the way of clarification. But the clearest reading of the pronouncement is that some unelected bureaucrats at the commission have decreeed that Americans don’t have the right to use software such as Skype or PGPfone if it doesn’t support mandatory backdoors for wiretapping. (That interpretation was confirmed by an FCC spokesman on Monday, who asked not to be identified by name. Also, the announcement came at the same time as the FCC posted its wiretapping rules for Internet telephony.)

Posted on December 2, 2005 at 11:24 AMView Comments

Google and Privacy

Daniel Solove on Google and privacy:

A New York Times editorial observes:

At a North Carolina strangulation-murder trial this month, prosecutors announced an unusual piece of evidence: Google searches allegedly done by the defendant that included the words “neck” and “snap.” The data were taken from the defendant’s computer, prosecutors say. But it might have come directly from Google, which—unbeknownst to many users—keeps records of every search on its site, in ways that can be traced back to individuals.

This is an interesting fact—Google keeps records of every search in a way that can be traceable to individuals. The op-ed goes on to say:

Google has been aggressive about collecting information about its users’ activities online. It stores their search data, possibly forever, and puts “cookies” on their computers that make it possible to track those searches in a personally identifiable way—cookies that do not expire until 2038. Its e-mail system, Gmail, scans the content of e-mail messages so relevant ads can be posted. Google’s written privacy policy reserves the right to pool what it learns about users from their searches with what it learns from their e-mail messages, though Google says it won’t do so. . . .

The government can gain access to Google’s data storehouse simply by presenting a valid warrant or subpoena. . . .

This is an important point. No matter what Google’s privacy policy says, the fact that it maintains information about people’s search activity enables the government to gather that data, often with a mere subpoena, which provides virtually no protection to privacy—and sometimes without even a subpoena.

Solove goes on to argue that if companies like Google want to collect people’s data (even if people are willing to supply it), the least they can do is fight for greater protections against government access to that data. While this won’t address all the problems, it would be a step forward to see companies like Google use their power to foster meaningful legislative change.

EDITED TO ADD (12/3): Here’s an op ed from The Boston Globe on the same topic.

Posted on November 30, 2005 at 3:08 PMView Comments

1 129 130 131 132 133 144

Sidebar photo of Bruce Schneier by Joe MacInnis.