DHS Watchdog Says CBP's Drone Program Is An Insecure, Possibly Rights-Violating Mess

from the your-tax-dollars-thrown-wildly-into-the-air dept

The CBP has drones. How many, it's not really sure. It depends on when you ask. Or how you ask. The EFF's FOIA lawsuit against the agency caused it to suddenly "remember" it had deployed drones 200 more times than it had previously disclosed.

The CBP's drones are a lending library for US law enforcement agencies. An audit of the program found the CBP's drones were more often used by others than by the agency owning them, despite this agency being charged with patrolling thousands of miles of US border -- something that might be aided by some additional eyes in the skies.

But the eyes were worthless. The Inspector General concluded it was an airborne boondoggle. The CBP wasn't malicious, just inept. As the IG saw it, the half-billion slated for drone use would be better spent on more personnel and ground-based surveillance.

Nevertheless, the drones continue to fly. When not straying far from the border to aid inland law enforcement agencies, the agency's unmanned aircraft are still aloft, engaging in surveillance no one can really say for certain is 100% legal. The Inspector General's latest report [PDF] shows the CBP has done very little to ensure its drone deployments are secure or legally-compliant.

CBP has not ensured effective safeguards for surveillance information, such as images and video, collected on and transmitted from its UAS. CBP did not perform a PTA [Privacy Threshold Analysis] for ISR Systems [Intelligence, Surveillance, Reconnaissance] used in the UAS [Unmanned Aircraft Systems] program to collect data because CBP officials were unaware of the requirement to do so. Failure to include ISR Systems in CBP’s information technology inventory enabled system deployment without CBP Privacy Office oversight. Without a privacy assessment, CBP could not determine whether ISR Systems contained data requiring safeguards per privacy laws, regulations, and DHS policy.

This is what's going to have to pass as the "good news" in "good news and bad news." There only appears to be bad news. CBP didn't implement security controls to safeguard its surveillance systems, including a failure to control access to ground control stations housing collected surveillance footage/data. The long string of screw ups listed in this report are the result of serious structural failure.

These information security deficiencies occurred because CBP did not establish an effective program structure, including the leadership, expertise, staff, training, and guidance needed to manage ISR Systems effectively.

This leaves the CBP's drone program susceptible to threats both external and internal. Additionally, the lack of a privacy assessment means the CBP can't say its surveillance doesn't violate civil liberties or local laws. CBP officials seemed to be entirely unaware of the need to perform an impact assessment prior to deployment. But the officials did agree it was someone else's fault they didn't know how to do their job. The IG saw the buck being passed by everyone it spoke to. The final resting place for the oft-passed buck was the outside contractor who set up the ISR system. When in doubt, blame the civilians -- a strategy that makes no sense when you're discussing the lack of compliance with DHS policy and federal regulations.

As the IG sees it, the ISR program operates without authorization or approval. DHS requirements have yet to be met by the CBP, so every one of its hundreds of drone flights have been, at the very least, policy violations.

The CBP also could not provide the IG with a security assessment report for its ISR system, suggesting this has never been done in the program's half-decade-plus of existence. Then there are other system-critical odds and ends the CBP can't seem to get a grip on. Unauthorized media devices/USB drives are being plugged into system-critical hardware. Software patches are delivered irregularly and inconsistently. No one appears to be tasked with monitoring system events on ISR systems and a plethora of outdated software is still in use, which means some system-critical software hasn't been patched in months or years and possibly may never receive another update.

Also described as "inadequate:" personnel management, physical access controls, staffing levels, and systems training.

So far, so government. But this a government agency with access to plenty of funding and advanced tech. It has plenty of tools but uses them poorly. Despite being told its unmanned systems were mostly useless, the CBP continues to pour money on the problems it won't fix, rather than follow the IG's last list of recommendations. It has access to plenty of surveillance tech, but won't provide proper training, perform mandated assessments, or even put together a half-assed organizational chart for its drone operations.

The CBP has shown it can't be trusted with the stuff that's given to it to use in its border patrolling efforts. Sadly though, the response from Congress year after year has been to give it more money and stuff to use poorly, unwisely, and possibly illegally.

Filed Under: 4th amendment, cbp, civil liberties, dhs, drones, inspector general, surveillance

Tech Employees Revolting Over Government Contracts Reminds Us That Government Needs Tech More than Tech Needs Government

from the don't-be-complicit dept

While we were still in the middle of the heat storm over Donald Trump's decision to enact a zero tolerance border policy that resulted in children being separated from their parents at the border in far greater numbers than previous administrations, there was some interesting background coverage about the employees and customers of big tech companies like Microsoft receiving backlash for contracting with ICE. While much of that backlash came from outside those companies, there was plenty coming from within as well. Microsoft in particular saw throngs of employees outraged that the technology they had helped to develop was now being turned on the innocent children of migrants and asylum-seekers.

In an open letter to Microsoft CEO Satya Nadella sent today, employees demanded that the company cancel its $19.4 million contract with ICE and instate a policy against working with clients who violate international human rights law. The text of the employee letter was first reported by the New York Times and confirmed by Gizmodo.

“We believe that Microsoft must take an ethical stand, and put children and families above profits,” the letter, signed by Microsoft employees, states. “We request that Microsoft cancel its contracts with ICE, and with other clients who directly enable ICE. As the people who build the technologies that Microsoft profits from, we refuse to be complicit. We are part of a growing movement, comprised of many across the industry who recognize the grave responsibility that those creating powerful technology have to ensure what they build is used for good, and not for harm.”

The 300 employees that signed the open letter represent a fraction of Microsoft's total work force, of course, but you can bet that those willing to sign such a letter also represent a fraction of the staff that share the letter's viewpoint. For its part, Microsoft condemned the Trump separation policy (how brave!), but the company has also refused thus far to acknowledge whether the ICE contract includes facial recognition software or AI. Such powerful tools would seem to be in the wheelhouse of what ICE would want as it carries out this ridiculous policy and Microsoft's refusal to say such tools are not included in its contract with the agency sure seem to suggest that they are.

Of course, Microsoft is niether the only tech company going through this, nor the company that has had the largest in employee backlash. That distinction likely goes to Google, where employees not only voiced displeasure over the company's contract to provide AI technology for the Pentagon's drone warfare program, but where many people actually up and quit.

The resigning employees’ frustrations range from particular ethical concerns over the use of artificial intelligence in drone warfare to broader worries about Google’s political decisions—and the erosion of user trust that could result from these actions. Many of them have written accounts of their decisions to leave the company, and their stories have been gathered and shared in an internal document, the contents of which multiple sources have described to Gizmodo.

Google has long had a culture that encouraged employee feedback on the products it produces, in some cases such influence resulting in real policy shifts. The employees protesting Google's drone contract say that has changed recently, with upper management far less transparent about what work the company is doing and far more deaf to the opinions of the employees that actually carry that work out. Combine it all with the growing distrust of Google in the public and it can appear that Google is trying to pantomime the caricature it is so often painted to be: faceless corporate greed-hounds without soul or morality.

And then there is Amazon, where the company's AI contracts with the government and its granting of access to data-mining company Palantir also resulted in anger from within.

Amazon employees objected to the Trump administration’s “zero-tolerance” policy at the U.S. border, which has resulted in thousands of children being separated from their parents.

“Along with much of the world we watched in horror recently as U.S. authorities tore children away from their parents,” the letter, distributed on a mailing list called ‘we-won’t-build-it,’ states. “In the face of this immoral U.S. policy, and the U.S.’s increasingly inhumane treatment of refugees and immigrants beyond this specific policy, we are deeply concerned that Amazon is implicated, providing infrastructure and services that enable ICE and DHS.”

Amazon employees want the company out of the policing and immigration business, and have gone further by calling on the company to boot customers working with ICE off of its platform. Leadership at Amazon, as elsewhere, has been mostly silent, but it's worth noting that Amazon shareholders actually kicked off the angry protests even before its employees did so. Whatever shakes out of this, this isn't something Jeff Bezos is going to be able to ignore.

This is a good time to remind people that companies, including big tech companies, are not comprised of the steel and glass that makes up their offices, but of the people that run and work within them. It's also worth acknowledging that the government has been after big tech firms for some time over the very tools that are likely in this contract. The lesson in this is that the government needs tech companies to carry out this disaster of a policy more than tech companies need the government for anything at all.

In other words, if these companies decided to put some moral courage on display en masse, it would have an effect. If they elect to do otherwise, their employees may force their hand. After all, the people signing these government contracts are certainly not the ones fulfilling them. That work is being done by the very employees revolting in protest. Given that there is pressure coming from not just within these companies to get out of the immigration business, but from outside as well, business interests may be lining up to give these companies an excuse to show a little backbone.

Filed Under: drones, employees, facial recognition, government, ice, protest, surveillance, tech
Companies: facebook, google, microsoft

Fighting The Future: Teamsters Demand UPS Ban Drones And Autonomous Vehicles

from the giving-unions-a-bad-name dept

As I've occasionally mentioned in the past, my undergraduate studies were in (of all things) "industrial and labor relations," which involved many, many courses of study on the history of unions, collective bargaining and the economics around such things. I tend to have a fairly nuanced view of unionizing that I won't get into here, other than to note that a big part of the reasons why unions get a bad name is when they take indefensible positions that they think will "protect" their members, but which actually are long term suicidal. This is one of those stories. Reports are coming out that as the Teamsters are entering negotiations on a new contract with shipping giant UPS, their demands include a ban on both drone deliveries and on the use of autonomous vehicles. These are, not surprisingly, both technologies that UPS has been experimenting with lately (as has nearly every other delivery company).

You can understand the short term thinking here, of course, UPS drivers see both of those options as potential "competition" that would decrease the number of drivers and potentially cause many to lose their jobs. And that might be true (though, it also might not be true as we'll discuss below). But, at the very least, demanding that the company that employs you directly choose not to invest in the technologies of the future is demanding that a company commit suicide -- in which case all those jobs for drivers would likely be eliminated anyway. While there are obviously a lot more variables at work here, it's not hard to see how a competing delivery company -- whether Fedex, the US Postal Service, Amazon or someone else entirely -- could get drone/driverless car delivery right, and suddenly UPS's service is seen as slower, more expensive and less efficient in many cases. If that's the case, UPS would likely have to layoff tons of workers anyway.

The other key point: the idea that these technologies are simply going to destroy all the jobs is almost certainly highly overstated. They very likely will change the nature of jobs, but not eliminate them. Professor James Bessen has been doing lots of research on this for years, and has found that in areas of heavy automation, jobs often increase (though they may be changed). That links to an academic paper he wrote, but he also wrote a more general audience targeted piece for the Atlantic on what he calls the automation paradox. As Bessen explains:

Automation reduces the cost of a product or service, and lower prices tend to attract more customers. Software made it cheaper and faster to trawl through legal documents, so law firms searched more documents and judges allowed more and more-expansive discovery requests. Likewise, ATMs made it cheaper to operate bank branches, so banks dramatically increased their number of offices. So when demand increases enough in response to lower prices, employment goes up with automation, not down. And this is what has been happening with computer automation overall during the last three decades. It’s also what happened during the Industrial Revolution when automation in textiles, steel-making, and a whole range of other industries led to a major increase in manufacturing jobs.

He does note that the nature of many jobs can change, and also recognizes that just because this has happened in most industries in the past it doesn't necessarily mean the same thing will happen in the future.

But, if we were to game out the scenarios here, which one makes more sense? As explained above, forcing UPS to put a complete ban on these technologies will be devastating for the company and the people it employs should the technology take off. If, instead, as Bessen suggests, jobs change and demand increases, then wouldn't the union's membership be much better served by working with the company together on a program that enables the experimentation and deployment of these technologies combined with programs to help its current workforce transition into new or related jobs around the likely increased demand for shipping? Even if we see the worst case scenario that the union clearly believes, of drones/autonomous vehicles destroying jobs -- as already discussed that will happen anyway if the Teamsters ban UPS from innovating while their competitors do.

This is, yet again, an example of short term thinking on the part of the union, and a near total lack of strategic vision for what will best serve membership in the long term. It is focused on pretending the future doesn't exist, and if everyone just covers their eyes and ears and pretends these technologies don't exist, they somehow, magically, won't change the market. If I were a member of the Teamsters I'd be quite angry at this kind of short-term, destructive thinking by my union, rather than being forward-looking and aiming for solutions that will actually help the members in the long run.

Filed Under: adapting, autonomous vehicles, competition, drones, future, innovation, teamsters, unions
Companies: teamsters, ups

Drone-Maker DJI Offers Bug Bounty Program, Then Threatens Bug-Finder With The CFAA

from the that's-a-shitty-bounty dept

Far too many companies and industries out there seem to think that the best way to handle a security researcher finding security holes in their tech and websites is to immediately begin issuing threats. This is almost always monumentally dumb for any number of reasons, ranging from the work these researchers do actually being a benefit to these companies issuing the threats, to the resulting coverage of the threats making the vulnerabilities more widely known than they would have been otherwise.

But drone-maker DJI gets special marks for attacking security researchers, having decided to turn on one that was working within the bug-bounty program it had set up.

DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback—including a threat of charges under the Computer Fraud and Abuse Act (CFAA). DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."

Finisterre helpfully documented his interactions with several DJI employees, all of which paint a pretty clear picture of a company that encouraged his work in finding exposed data and insecure public-facing websites. So appreciative was DJI, in fact, that Finisterre won the top prize for its bug-bounty program: $30,000. That prize came for Finisterre's discovery that DJI's SSL certificates and firmware encryption keys had been exposed via GitHub for years. After receiving written confirmation from DJI that its servers were within the scope of the bounty program, Finisterre submitted his disclosure report.

That's when things got weird.

When Finisterre submitted his full report on the exposure to the bug bounty program, he received an e-mail from DJI's Brendan Schulman that said the company's servers were suddenly not in scope for the bounty program. Still, Finisterre received notification from DJI's bug bounty program e-mail account on September 28 that his report earned the top reward for the program—$30,000 in cash. Then, Finisterre heard nothing for nearly a month.

Ultimately, Finisterre received an e-mail containing an agreement contract that he said "did not offer researchers any sort of protection. For me personally, the wording put my right to work at risk, and posed a direct conflict of interest to many things including my freedom of speech." It seemed clear to Finisterre that "the entire ‘Bug Bounty’ program was rushed based on this alone," he wrote.

He goes on to note that he had several lawyers look over the contract, all of whom balked at the language it contained. Hiring any of them to work the contract to the point that it was something he would sign would cost several thousand dollars, reducing the bounty reward to the point that it wasn't really worth collecting. On top of all that, the language in the contract offered nothing in the way of protection from the CFAA, which is frankly insane for a bug bounty program. The whole point is to research vulnerabilities. Jail time is not supposed to be a risk in that sort of work.

When Finisterre decided to refuse the bounty and go public instead, DJI suddenly began calling him a "hacker" and acted as though it barely had any idea who he was, despite having interacted with him over hundreds of emails.

DJI is investigating the reported unauthorized access of one of DJI’s servers containing personal information submitted by our users. As part of its commitment to customers’ data security, DJI engaged an independent cyber security firm to investigate this report and the impact of any unauthorized access to that data. Today, a hacker who obtained some of this data posted online his confidential communications with DJI employees about his attempts to claim a “bug bounty” from the DJI Security Response Center.

DJI implemented its Security Response Center to encourage independent security researchers to responsibly report potential vulnerabilities. DJI asks researchers to follow standard terms for bug bounty programs, which are designed to protect confidential data and allow time for analysis and resolution of a vulnerability before it is publicly disclosed. The hacker in question refused to agree to these terms, despite DJI’s continued attempts to negotiate with him, and threatened DJI if his terms were not met.

DJI has also shuttered the bug bounty program, with emails to it resulting in bouncebacks informing the reader that while they can still submit bug reports, the bounties are no longer available.

And so here we are. DJI offered a bug bounty program that one researcher responded to with a report about some serious vulnerabilities, including the disclosure of DJI customer information. Instead of being grateful for that information and correcting it, DJI instead decided to go the strongarm route, resulting in the public now knowing just how bad at security DJI is. Way to go?

Filed Under: bug bounty, cfaa, drones, hacks, kevin finisterre, threats
Companies: dji

Gov't Must Pay Legal Fees In Court Battle Over 'Secret' Drone Docs Gov't Couldn't Stop Talking About

from the putting-its-money-where-its-nonstop-mouth-is dept

The government will be paying its opponent's legal fees after needlessly drawing out FOIA litigation, the Ninth Circuit Appeals Court has decided [PDF]. The First Amendment Coalition sued the Department of Justice after it refused to produce documents discussing the legal rationale for extrajudicial drone strikes targeting American citizens.

The legal memo FAC sought was the same legal memo the ACLU and New York Times sued the DOJ for refusing to release. (Or so the FAC thought. But its litigation -- along with the ACLU/NYT litigation -- made it clear the government was holding on to more than one legal memo.) In the NYT/ACLU case, the Second Circuit Court told the DOJ to cough up its justification for killing Anwar al-Awlaki, pointing to several public comments made about the drone strike by prominent US government officials. The court wasn't interested in the DOJ's arguments something publicly discussed frequently would be too "sensitive" to put in the hands of the ACLU and New York Times.

The DOJ made the same arguments in this case, but the Second Circuit decision undoes its attempt to fend off FAC's legal fees claims. Factoring into the Ninth's conclusions is the leak of a white paper by the US government providing its legal analysis of extrajudicial drone strikes. This was then followed by an official release of the same white paper.

This leak -- and the court-ordered release of the DOJ's legal memo to the ACLU and New York Times -- prompted the FAC to ask the district court to vacate its decision in favor of the DOJ's secrecy and award it legal fees, since it was seeking the same document. This motion was filed nearly three years ago, just to give you some idea how long the DOJ has dragged out a losing legal battle.

The Appeals Court notes the documents might not have been released by the government if it hadn't been for its entanglement in multiple FOIA lawsuits. As the court points out, the fact that the government voluntarily handed the documents to the FAC after the drone strike white paper's official release doesn't absolve it of racking up FAC's legal fees for no apparent reason.

FAC was met with abject resistance throughout the entire litigation until the OLC-CIA memo was produced roughly two and a half years after the lawsuit was initiated, and almost a year and seven months after the Government waived any secrecy or privilege with the official release of the White Paper.

Additionally, FAC's litigation is possibly the only reason the public's now aware there are multiple legal memos justifying extrajudicial killings of American citizens.

There is no question that the Second Circuit’s decision in the SDNY litigation was an impetus for FAC to continue its litigation. But what actually triggered the release of the OLC-CIA memo was that FAC sought to vacate the district court’s grant of summary judgment. It was the appellant’s “dogged determination,” therefore, that led the district court to “direct” the parties to discuss whether the litigation was moot, and which resulted in the Government’s decision—as acknowledged by the lower court—to “voluntarily disclose[] the CIA memorandum to [FAC].” Because of FAC’s efforts, the public then learned that the OLC-DOD memo was not the first memo addressing the justification for the drone attack, nor was it identical to the prior OLC-CIA memo. Plaintiff’s litigation, therefore, “triggered the release of additional or key documents.”

Summing it up, the Ninth Circuit Appeals Court has harsh words for both the DOJ and the lower court.

There is no reason why the district court failed to recognize, as the Second Circuit did, that the official release of the White Paper—coupled with all the prior public statements of high-ranking Government officials— constituted a waiver of any secrecy and privilege that the Government had asserted. The district court, therefore, erred in granting summary judgment and dismissing the complaint. But for this error, the district court litigation would have ended earlier. Thus, FAC had to endure unnecessarily protracted litigation. It is counterintuitive to punish FAC for expending additional legal fees to pursue the litigation, when it would have sooner been entitled to the release of both memoranda—and the right to recoup its counsel fees—if not for the district court’s error.

The lawsuit now goes back to the lower court to determine how much the government will be paying FAC for the DOJ's protracted refusal to even acknowledge the existence of drone strike memos government officials couldn't stop talking about.

Filed Under: 2nd circuit, 9th circuit, anwar al-awlaki, doj, drones, fees, foia, secrecy, transparency

Islamic State Using Small Drones Routinely In Iraq For Scouting And Dropping Explosives

from the drone-swarms-coming-up-next dept

Here on Techdirt we like to remind people that drones are not just death-dealing machines in the sky, but can also be a force for good. However, like any other technology, drones can and are utilized by the worst as well as the best. Inevitably, that includes terrorist groups like Islamic State (ISIS), as an interesting article from the Los Angeles Times reveals:

In the seven months of the Iraqi government's drive to recapture Mosul from the jihadists, small drones have become a signature tactic of the [ISIS] group: Their appearance on the horizon, loaded with a camera, signals that punishing mortar barrages will soon be on the way. Others guide car bombs to their target, or drop small explosives miles behind the front line.

Most of these drones come from the Chinese company DJI, generally regarded as the leading drone manufacturer in terms of market share. Clearly, the routine use of its products by ISIS is not the best publicity in the world:

Reports that Islamic State had used DJI products pushed the company in February to create a geofence, a software restriction that creates a no-fly zone, over large swaths of Iraq and Syria, specifically over Mosul.

But there are problems with geofencing. First, there is the issue of when a demand to geofence certain regions is legitimate, since answering that question requires a political judgment about who is really in power. Secondly, it's not that hard to get around geofencing, either by using quick fixes, or simply swapping to other drones that run on open source code that allows geofencing to be turned off.

Given that geofencing may not work, countermeasures are generally necessary. Those include rather crude solutions like shooting drones out of the sky with firearms, to more sophisticated ones like the DroneGun, from the Australia-based DroneShield Ltd., a company that specializes in counter-drone technology:

[the DroneGun] jams the GPS signal and radio linkages between the drone and its operator. The device, which sends out a jamming cone over a mile in length, forces the drone to either land immediately or to return to its base so that it can be tracked.

DroneShield's CEO, Oleg Vornik, already has some thoughts on what terrorists will do next:

"we believe organizations like ISIS will begin deploying swarms of drones. If you saw the Super Bowl halftime, you would have seen dozens of drones with little lights on them moving in a choreographed fashion," Vornik said. "That technology can be used to load grenades onto a large number of drones."

In other words, as drones continue to develop new and potentially exciting capabilities, so terrorists will eagerly embrace them -- just like everyone else.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: drones, isis, off the shelf, surveillance

China To Require Drone Owners To Register, Just As Similar US Requirements Are Struck Down

from the not-what-you-might-expect dept

The South China Morning Post has a story about a new requirement for drone owners in China to register with the country's civilian aviation regulator starting next month. So is this yet another example of the Chinese authorities clamping down on a potentially subversive new technology by ensuring that drone use can be tracked? Well, that might be one reason, but it's probably also to do with this:

The move is the latest by Chinese authorities to tackle the drone safety threat after the illegal use of unmanned aerial vehicles (UAVs) made headlines at least a dozen times since the beginning of 2017.

The latest case was in April when more than 240 flights were disrupted by drones flying near Chongqing Jiangbei International Airport in southwest China, leaving 10,000 travellers delayed.

And if you still think this is another manifestation of China's authoritarianism, just using safety as a pretext, you might like to bear in mind that the US authorities have required drone owners to register their machines for over a year. However, those regulations have just been struck down by a federal court in Washington, D.C., and it's not clear what the FAA will now do. Perhaps more interesting than arguing about China's real motives here, is information in the South China Morning Post story about who is using this technology in China:

Once the preserve of the military, they are now used in a wide range of industries, from aerial surveillance of crops to search operations and delivery of medical supplies to remote or otherwise inaccessible regions. For Chinese consumers, drones have become the favoured gadget for taking aerial videos and photos.

There are also estimates of future growth:

The overall UAV market in China is expected to reach 75 billion yuan (US$10.9 billion) by 2025, of which consumer drones will contribute 30 billion yuan while agricultural and forestry drones, as well as security drones, are likely to account for 20 billion yuan and 15 billion yuan respectively, iiMedia Research said in a report last year.

It's worth noting that the company generally regarded as world's top drone maker, DJI, is also Chinese. Given the activity and importance of the sector, what's surprising is not that China has brought in registration requirements for drone owners, but that it has taken so long.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: china, drones, privacy, regulations, us

Connecticut Lawmakers Vote To Give Police Drones With Guns

from the Death-From-Above-2017 dept

Connecticut's legislature has managed to back into legalizing law enforcement use of weaponized drones. In writing a new drone law, lawmakers banned the use of weaponized drones, but made an exception for police. It's not a case of "Hey, let's give the cops weaponized drones!" as much as it is a case of not wanting law enforcement to be unable to have that option.

As for how police will or won't be able to deploy weaponized drones, that's still up in the air (I am so sorry):

Details on how law enforcement could use drones with weapons would be spelled out in new rules to be developed by the state Police Officer Standards and Training Council. Officers also would have to receive training before being allowed to use drones with weapons.

All well and good, but police officers also receive training in things like civil liberties and proper force deployment, and we see daily how much good that has done. The more encouraging parts of the bill -- one that would see Connecticut join North Dakota in police use of weaponized drones -- are the reporting requirements and warrant stipulation.

It would require police to get a warrant before using a drone, unless there are emergency circumstances or the person who is the subject of the drone use gives permission. It also would require police to report yearly on how often they use drones and why, and create new crimes and penalties for criminal use of drones, including voyeurism.

Unfortunately, Connecticut's bill isn't as limited as North Dakota's. North Dakota's forbids the use of lethal weapons, but it's easy to see some less-than-lethal rounds becoming much more lethal when fired from a few hundred feet in the air. This bill would allow lethal force to be deployed from police drones. One lawmaker sees a pretty rosy future for airborne police weaponry.

"Obviously this is for very limited circumstances," said Republican state Sen. John Kissel, of Enfield, co-chairman of the Judiciary Committee that approved the measure Wednesday and sent it to the House of Representatives. "We can certainly envision some incident on some campus or someplace where someone is a rogue shooter or someone was kidnapped and you try to blow out a tire."

The problem with tools like these is they lend themselves to mission creep and abuse. Certainly, no law enforcement agency wants to take home the record for "First Civilian Killed by a Drone," but once the seal's broken, lethal force becomes easier and easier to deploy.

And it's not as though this is a necessary step to take. Law enforcement often complains about being left behind in the tech race, but it's not as though criminals are taking to the air and endangering citizens with weaponized drones. This would put the police ahead of everybody and move them one step closer to being a military force. And there's no warrant in existence that grants police the license to kill -- only to apprehend.

But that might be good enough for airborne Drug Warriors, etc. who believe many criminal acts are punishable by death, should the suspect be unwilling to immediately surrender himself into custody. We've seen plenty of senseless death and destruction stemming from overuse of vehicle pursuits. This is the next step: flying guns shooting at suspects as they flee through "civilian" traffic. Law enforcement officers aren't great shots with both feet planted on the ground. Giving them a gun in the air is a bad idea.

Filed Under: connecticut, drones, guns, police, weapons

How Drones Help Transparency Activists To See Things The Hungarian Government Wants To Hide

from the not-just-about-dealing-out-death dept

It's remarkable how quickly drones have become a familiar part of the modern world. Like most tools, they can be used for good and evil, but it tends to be the latter that is highlighted when it comes to drones. In the last few days, it was widely reported that President Trump has given the CIA power to launch drone strikes against suspected terrorists, in addition to being able to use the technology to locate them. Dealing death from the skies may be the most dramatic application of drones, but there are plenty of other, more benign, uses, even if they receive less attention. For example, activists in Hungary have been deploying them in a variety of innovative ways in order to bolster transparency and openness in a country where these are increasingly under threat. That's because the country's prime minister, Viktor Orbán, is a self-confessed believer in the "illiberal state," which Wikipedia describes as follows:

a governing system in which, although elections take place, citizens are cut off from knowledge about the activities of those who exercise real power because of the lack of civil liberties. It is not an "open society".

The Hungarian organization Atlatszo.hu wants to reconnect citizens with that knowledge about those in power:

Established in 2011, atlatszo.hu -- "atlatszo" means transparent in Hungarian – produces investigative reports, accepts information from whistleblowers, files freedom of information requests, and commences freedom of information lawsuits in cases where its requests are refused.

Atlatszo.hu operates a Tor-based anonymous whistleblowing platform (Magyarleaks), a freedom of information request generator for the general public (Kimittud), a crowdsourced bribe tracker to report everyday corruption anonymously (Fizettem), and an independent blogging platform for other NGOs and independent media.

Atlatszo.hu uses a wide range of modern technologies in its work, and that also includes drones. Here's a post on Open Society Foundations from a few months back explaining why eyes in the sky are a powerful tool for taking a look at things governments would rather keep to themselves:

Through drone footage, we've revealed the hidden assets of government politicians and pro-government oligarchs, including castles acquired by companies tied to the son-in-law of Hungary's prime minister. Such concrete signs of personal enrichment -- which, in many cases, can only be filmed from the air -- give citizens a clear picture of the corruption and inequality that is all around them.

At the same time, drones are useful for throwing into relief the power of civil society. In 2014, we captured aerial footage of the protests against the government's internet tax.

Recording protests from the air is important because it allows more accurate estimates of crowd sizes to be made, which are also harder to challenge given the detailed footage that goes well beyond what is possible to gather on the ground. There's a video showing this and other aspects of Atlatszo.hu's work, mostly in Hungarian, but with English subtitles, that gives a good idea of the huge potential for using drones in this domain -- and of the pushback activists are already receiving from the deeply unhappy authorities as a result. As drones become ever-cheaper and ever-more powerful, that tension seems likely to increase.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: activism, drones, hungary, transparency