Congrats, FBI, You've Now Convinced Silicon Valley To Encrypt And Dump Log Files

from the a-victory-for-privacy dept

Soon after the original Snowden revelations, I went around talking to a bunch of startups and startup organizers, discussing whether they'd be more willing to speak out and complain about excessive government surveillance. Some certainly did, but many were cautious. A key thing that I heard over and over again was "well, our own data privacy protections... aren't that great, and we'd hate to call attention to that." Every single time I'd hear that I'd point out that this should now be their first priority: clean up your own act, now and fix your own handling of people's data, because it's an issue that's going to become increasingly important, and you're being foolish and shortsighted to ignore it.

While the Snowden revelations certainly did get some companies to improve their own practices, it looks like the FBI's decision to go after Apple over encryption, has really galvanized many in Silicon Valley to take action to truly protect their users from snooping government officials -- meaning making use of real (not backdoored) encryption and also diong other things like dumping log files more frequently.

“We have to keep as little [information] as possible so that even if the government or some other entity wanted access to it, we’d be able to say that we don’t have it,” said Gadea, founder and chief executive of Envoy. The 30-person company enables businesses to register visitors using iPads instead of handwritten visitor logs. The technology tracks who works at a firm, who visits the firm, and their contact information.

The article is full of such stories -- including one of a company called Stealth Worker that is basically helping lots of startups build in better security from the start:

Stealth Worker — a start-up funded six months ago by the prominent incubator Y-Combinator — provides contract cybersecurity experts to early-stage start-ups, which often operate on a shoestring budget. Stealth Worker chief executive Ken Baylor said that in the past month he had been approached by a half-dozen companies looking for ways to build tougher encryption and other secure technical architectures.

Because it's the Washington Post, and they feel the need to be "balanced" the article does include the one ridiculous contrarian quote from our old friend, former NSA General Counsel Stewart Baker, who basically dismisses reality as a myth in the heads of some engineers:

“This is a Silicon Valley delusion that the government wants to outlaw encryption,” Stewart A. Baker, a former National Security Agency general counsel, said in an interview. “I grant that there is a radicalized subculture of engineers that is very prone to that delusion, but it is a delusion.”

This is classic Baker: saying something that avoids the actual truth by saying something that's nominally true, but not what people are actually discussing. The claim of "outlawing encryption" is really shorthand for "outlawing effective encryption that is less vulnerable to attack." And that's absolutely what many in the government are trying to do. I mean, there's no delusion necessary when you can just read the bill put forth by Senators Dianne Feinstein and Richard Burr, that absolutely would make real encryption illegal. Sure, it says you can keep encryption, but only if it includes a way for 3rd parties to decrypt it. And the only way that's possible is to introduce serious vulnerabilities into the encryption.

The thing that Baker and many others truly don't get about Silicon Valley is that when you give techies a challenge that involves making "the best" of something, they like solving the challenge. The suggestions to backdoor encryption undermine that philosophy. They're saying that techies would need to deliberately cripple their own solutions. And the more that the FBI and clueless Senators push for such a solution, the stronger Silicon Valley will dig in and keep building better overall solutions that are less prone to government snooping.

Maybe, just maybe, if the likes of the NSA and FBI hadn't regularly abused their snooping powers, folks would be more willing to give them the benefit of the doubt. But it's a bit late for that at this point.

Filed Under: doj, encryption, fbi, silicon valley, startups, surveillance

Another Court Finds FBI's NIT Warrants To Be Invalid, But Credits Agents' 'Good Faith' To Deny Suppression

from the sure,-someone-screwed-up-but-it's-not-going-to-help-you dept

Yet another court has found that the warrant used by the FBI in the Playpen child porn investigation is invalid, rendering its NIT-assisted "search" unconstitutional. As USA Today's Brad Heath points out, this is at least the sixth court to find that Rule 41's jurisdictional limitations do not permit warrants issued in Virginia to support searches performed all over the nation.

While the court agrees that the warrant is invalid, it places the blame at the feet of the magistrate judge who issued it, rather than the agents who obtained it.

That Congress has “not caught up” with technological advances does not change the fact that the target of the NIT in Werdene’s case was located outside of the magistrate judge’s district and beyond her jurisdiction under subsection (b)(1). The property to be seized pursuant to the NIT warrant was not the server located in Newington, Virginia, but the IP address and related material “[f]rom any ‘activating’ computer” that accessed Playpen. (Gov’t’s Opp., Ex. 1 Attach. A.) Since that material was located outside of the Eastern District of Virginia, the magistrate judge did not have authority to issue the warrant under Rule 41(b)(1).

So, unlike other cases, this will not result in a suppression of evidence, thanks to the "good faith exception."

Werdene claims that the Government acted with intentional and deliberate disregard of Rule 41 because the FBI misled the magistrate judge “with respect to the true location of the activating computers to be searched.” (Def.’s Mem. at 17.) This argument is belied by both the warrant and warrant application. Agent Macfarlane stated in the warrant application that the “NIT may cause an activating computer—wherever located—to send to a computer controlled by or known to the government, network level messages containing information that may assist in identifying the computer, its location, other information about the computer and the user of the computer.” With this information, the magistrate judge believed that she had jurisdiction to issue the NIT warrant. Contrary to Werdene’s assertion, this is not a case where the agents “hid the ball” from the magistrate or misrepresented how the search would be conducted.

[...]

[T]o the extent a mistake was made in this case, it was not made by the agents in “reckless . . . disregard for Fourth Amendment rights.” Davis, 564 U.S. at 238 (quoting Herring, 555 U.S. at 144). Rather, it was made by the magistrate when she mistakenly issued a warrant outside her jurisdiction.

Added to this is another wrinkle that doesn't work in the defendant's favor. The court also follows Third Circuit precedent in finding that there is "no expectation of privacy" in an IP address, even if a person has taken measures to hide that information from others.

Werdene had no reasonable expectation of privacy in his IP address. Aside from providing the address to Comcast, his internet service provider, a necessary aspect of Tor is the initial transmission of a user’s IP address to a third-party: “in order for a prospective user to use the Tor network they must disclose information, including their IP addresses, to unknown individuals running Tor nodes, so that their communications can be directed toward their destinations.” United States v. Farrell, No. 15-cr-029, 2016 WL 705197, at *2 (W.D. Wash. Feb. 23, 2016). The court in Farrell held that “[u]nder these circumstances Tor users clearly lack a reasonable expectation of privacy in their IP addresses while using the Tor network.”

The FBI is struggling to keep its many Playpen cases from falling apart, thanks to bogus warrants, a tool it refuses to discuss, and unexpected pushback from usually ultra-compliant courts. The proposed changes to Rule 41 will remove jurisdiction limits, but it isn't law yet. (Fortunately, there's an actual effort to prevent this from happening, as it would only take Congressional inactivity to see it become codified.) This outcome doesn't necessarily hurt this particular case, but yet another judge finding the warrants invalid from word one isn't exactly a confidence-builder either.

Filed Under: doj, fbi, malware, nit, playpen, rule 41, warrant

FBI Agent Testifies That The Agency's Tor-Exploiting Malware Isn't Actually Malware

from the just-a-tool-that-does-things-to-people's-computer-w/o-their-knowledge-or-per dept

It wasn't supposed to go this way. The same tactics that are causing the FBI problems now -- running a child porn website, using local warrants to deploy its spyware to thousands of computers around the US (and the world!) -- slipped by almost unnoticed in 2012. In a post-Snowden 2016, the FBI can hardly catch a break.

Just recently, a judge presiding over one of its child porn cases agreed the FBI should not be forced to hand over details on its Network Investigative Technique to the defendant. Simultaneously, the judge noted the defendant had several good reasons to have access to this information. While this conundrum spares the FBI the indignity of the indefinite confinement it's perfectly willing to see applied to others, it doesn't exactly salvage this case, which could be on the verge of dismissal.

In related cases, judges have declared the warrant used to deploy the NIT is invalid, thanks to Rule 41's jurisdictional limits. If a warrant is issued in Virginia (as this one was), the search is supposed to be performed in Virginia, not in Kansas or Oklahoma or Massachusetts.

While the larger issue of whether the evidence can be used against Jay Michaud continues to be discussed, the FBI is spending its time officially expressing its displeasure with its NIT being referred to disparagingly as "malware."

In a testimony earlier this week in the case of US vs. Jay Michaud, FBI special agent Daniel Alfin argued that the hacking tool used to identify Michaud and thousands of other Playpen users—which the FBI euphemistically calls a “Network Investigative Technique” or “NIT”—isn't malware because it was authorized by a court and didn't damage the security of Michaud's computer.

According to the FBI agent, this software isn't malware because it doesn't do any permanent damage.

I have personally executed the NIT on a computer under my control and observed that it did not make any changes to the security settings on my computer or otherwise render it more vulnerable to intrusion than it already was. Additionally, it did not “infect” my computer or leave any residual malware on my computer.

In a very limited sense, Agent Alfin is correct. The tool left no residual damage, nor did it alter settings on the end users' computers. However, it did do something most computer users would consider malicious: it stripped them of their anonymity. The people visiting this site used Tor to obscure their identifying info. They did this on purpose, most likely because they were seeking illegal content. But the fact that the tool removes protections users consciously deployed makes it malicious.

Child porn enthusiasts and other criminals aren't the only people who take active steps to obscure their connection points. Journalists do it. Activists do it. Citizens of oppressive government do it. The FBI doesn't restrict itself to only deploying its surveillance tools against the worst of the worst. It has a long, troubling history of deploying its surveillance tools against people engaged in activities protected by the First Amendment. Anything that undoes something the recipient has proactively done is by definition unwanted, if not simply malicious.

As regular Techdirt commenter That Anonymous Coward pointed out on Twitter, the FBI sure as hell would find this tool "malicious" if it were directed at its computers and devices by someone outside of the agency. This would definitely fit under the CFAA's broad definition of "unauthorized access." Deploying this NIT via a compromised FBI server would make it a lot easier to locate agents working in the field. I don't think the FBI would be OK with this despite there being no "residual malware" left behind after field devices had been identified and located.

Filed Under: doj, fbi, hacking, malware, nit, trojan

Judge Says Defendant Has Right To Examine FBI's Hacking Tool While Stating FBI Has Right To Withhold Details

from the gridlock dept

As we covered recently, the judge presiding over Jay Michaud's case in Washington -- part of the FBI's Playpen child porn sting operation -- recently declared the FBI did not have to turn over information on its hacking tool to the defense. How Judge Robert Bryan arrived at this conclusion wasn't fully explained during his oral order, but it had something to do with the government's secret, judge's-eyes-only presentation that preceded the order.

It also may have had something to do with the government's declaration that it wouldn't be turning over this information to Michaud under any circumstances. Either way, Bryan arrived at the contradictory conclusion that the FBI did not need to turn over this information despite conceding the defense had a right to see this information.

A written ruling has been issued which offers a bit more in the way of explanation while simultaneously failing to deliver Judge Bryan from the conundrum he has created. (via Ars Technica)

The government’s oral arguments on February 17 and May 12, 2016 and its related briefing addressing materiality essentially amount to an ipse dixit argument, without convincing expert support, that 1) giving the defendant full access to the N.I.T. code will not turn up anything helpful to the defense, and 2) a showing of materiality demands facts, not hypotheses, and the defendant has done nothing more than fabricate guesses about what the N.I.T. code could show.

Bryan believes the government is entitled to withhold this information. He also believes the information should be handed over to the defense for a number of reasons.

These arguments bear little fruit. The defendant is not required to accept the government’s assurances that reviewing the N.I.T. code will yield no helpful information. The government asserts that the N.I.T. code will not be helpful to the defense, but that information may well, in the hands of a defense lawyer with a fertile mind, be a treasure trove of exculpatory evidence.

Judge Bryan points out the information still has worth to the defendant even if it doesn't show anything that could result in suppressed evidence. It could also be the details do nothing more than further cement the government's case against Michaud. If so, all the more reason for the defense to have access to it.

Furthermore, even if the defendant’s review of the N.I.T. code ultimately only yields inculpatory evidence,“[e]ven inculpatory evidence may be relevant [because a] defendant who knows that the government has evidence that renders his planned defense useless can alter his trial strategy.

Acknowledging the conundrum is the first step.

The resolution of Defendant’s Third Motion to Compel Discovery places this matter in an unusual position: the defendant has the right to review the full N.I.T. code, but the government does not have to produce it. Thus, we reach the question of sanctions: What should be done about it when, under these facts, the defense has a justifiable need for information in the hands of the government, but the government has a justifiable right not to turn the information over to the defense?

According to motions filed by Michaud, one way out of the mess is the dismissal of the case. Bryan doesn't exactly seem amenable to that outcome -- especially given his belief that the FBI's secrecy is justified -- but with this much paint surrounding his corner, he may be forced to resolve this in favor of the defendant, rather than continue to lock him out of information that could drastically alter its outcome.

Filed Under: catch 22, doj, fbi, hacking, jay michaud, malware, nit, robert bryan

Senators Wyden And Paul Introduce SMH Bill To Stop Massive Expansion Of Gov't Computer Hacking

from the smdh dept

We've written a few times now about Rule 41, a proposal that was put forth by the Justice Department last year, in what they claimed was a mere "administrative" change to the rules covering their ability to hack into computers. But the reality is that the change would allow the DOJ/FBI to basically hack into millions of computers overseas based on a single warrant and basically no oversight. The whole concept was a disaster, as many civil liberties and tech companies explained at the time. But none of that mattered, apparently. The Judicial Conference Advisory Committee approved the request back in March, and the Supreme Court gave its blessing a few weeks ago.

This is a very dangerous power being handed over to a government agency that has shown a history of being willing to abuse such powers. And it was done without any legislative change, but merely by running it up through the courts as a mere administrative change. At least some in Congress are not happy about this. Senators Ron Wyden and Rand Paul have now introduced a bill to stop this change, called the Stopping Mass Hacking Act, or SMH Act, which is explained here. Of course, there's really not much to explain: the bill basically just says that the new rules will not be allowed to go into effect. The explanation is just more details on how awful Rule 41 will be for everyone.

Of course, "SMH" has another definition as well that may be more recognized by folks on the internet: Shaking My Head. And, it seems that Wyden is well aware of this, as he's put up a Medium post about this new bill with the title Shaking My Head, and this gif: Well played.

In that post, Wyden notes:

For law enforcement to conduct a remote electronic search, they generally need to plant malware in — i.e. hack — a device. These rule changes will allow the government to search millions of computers with the warrant of a single judge. To me, that’s clearly a policy change that’s outside the scope of an “administrative change,” and it is something that Congress should consider. An agency with the record of the Justice Department shouldn’t be able to wave its arms and grant itself entirely new powers.

[....]

These changes would dramatically expand the government’s hacking and surveillance authority. The American public should understand that these changes won’t just affect criminals: computer security experts and civil liberties advocates say the amendments would also dramatically expand the government’s ability to hack the electronic devices of law-abiding Americans if their devices were affected by a computer attack. Devices will be subject to search if their owners were victims of a botnet attack — so the government will be treating victims of hacking the same way they treat the perpetrators.

There's a lot more in that article describing just how ridiculous this situation is. It's a travesty that it was pushed through as an administrative change, and hopefully the rest of Congress agrees. Of course, getting Congress to actually rein in the power of law enforcement to spy on people, tragically, feels like a long shot. Either way, it's worth letting your own Senators know how important this issue is to you.

Filed Under: doj, fbi, hacking, rand paul, ron wyden, rule 41, supreme court, surveillance

Judge In Child Porn Case Reverses Course, Says FBI Will Not Have To Turn Over Details On Its Hacking Tool

from the no-unending-solitary-confinement-for-special-agents,-apparently dept

Back in February, the judge presiding over the FBI's case against Jay Michaud ordered the agency to turn over information on the hacking tool it used to unmask Tor users who visited a seized child porn site. The FBI further solidified its status as a law unto itself by responding that it would not comply with the court's order, no matter what.

Unfortunately, we won't be seeing any FBI officials tossed into jail cells indefinitely for contempt of court charges. The judge in that case has reversed course, as Motherboard reports.

The government's motion has been granted, and the FBI does not have to provide the exploit code to the defense as previously ordered. That means that the defense in the case will probably be unable to examine how the evidence against their client was collected in the first place.

It is not totally clear why Judge Robert J. Bryan changed his mind. On Thursday, the government and Bryan held a private meeting, where the government presented its reasons for nondisclosure of the Tor Browser exploit.

The judge apparently believes the defense should still be able to examine the code but apparently can't be bothered with ensuring this will happen.

Despite backtracking somewhat, Bryan still thinks the defense has a reason to see that code, according to audio of the public section of Thursday’s hearing provided by activist Phil Mocek. Of course, whether the FBI decides to then provide it is another matter.

Given the FBI's earlier promise to withhold the details of the NIT despite being ordered to disclose them, I'd say there's about a 0% chance of the FBI voluntarily turning this information over to the defense. Right now, the agency is working overtime just trying to keep the evidence it obtained with its hacking tool from being tossed out of three other courts. It's also facing the prospect that third-party interlopers like Mozilla may still result in it having to release these details to someone outside of its own offices. At this point, hardly anything's going the FBI's way, so it will take whatever it can get, even if it's only temporary relief.

Filed Under: discovery, doj, fbi, hacking, jay michaud, malware, nit, playpen

FBI Questions Veracity Of Emails It Released To FOIA Requester While Defending Refusal To Discuss Hacking Efforts

from the 'assuming-we-even-wrote-those-words-we-wrote' dept

The FBI has entered its explanation for its declaration that it won't discuss the NIT (Network Investigative Technique) in open court or with the defense -- no matter what. Its decision to run a child porn website for two weeks while it deployed the NIT has backfired immensely, resulting in successful challenges of the warrant and the evidence obtained. For the most part, the NIT warrant used by the FBI has been declared invalid because it violates Rule 41's limitations on deployment: a warrant obtained in Virginia can't be used to search computers located in other jurisdictions.

The FBI says it will only discuss the NIT with the judge in an ex parte in camera proceeding, cutting the defense entirely out of the loop. It also argues against the defendant's portrayal of the agency as inherently untrustworthy, what with its long history of hiding information from the courts, starting with its Stingray NDAs.

While not directly related to the subject matter at hand, Jay Michaud's lawyer is buttressing his arguments against the agency's trustworthiness with a wealth of released documents showing the FBI routinely demanded law enforcement agencies hide Stingray-related information from defendants, judges -- even other prosecutors.

Michaud's defense also submitted emails obtained with a FOIA request that showed the agency even hid information on surveillance tech from other FBI agents and federal prosecutors. The choice to cut the latter out of the chain of evidence was based on a supposed trend of prosecutors examining FBI surveillance technology/methods before retiring to work as defense lawyers.

What's most hilarious about the FBI's arguments is the fact that it openly questions the legitimacy of documents it released to Brad Heath and USA Today.

The actual emails (assuming they are genuine) show no improper concealment.

This is an awfully strange thing to say about documents originating from its own offices and released, presumably after a review, to a FOIA requester. If the FBI is forced to assume the emails it released are genuine, it argues that they don't actually say what they appear to say -- which is that information about FBI surveillance techniques must be hidden from damn near everybody but especially those who might be called to testify in court.

Nothing in the email suggests that anyone should be deceived or misled. Rather, the email merely urges the common-sense practice of not disseminating sensitive information unless there is a reason to do so. This concept is called “need to know.” It is familiar to anyone who has worked in the military or law enforcement, and it is an entirely proper way to protect sensitive information.

The government says this shows the FBI does disseminate this info, but only on a "need to know" basis. But it says nothing as to why the "need to know" list doesn't include judges, defendants or prosecutors involved in these cases.

And its other arguments are just as terrible, but at least they don't include the FBI raising doubts as to the legitimacy of documents it generated itself. It claims -- as it has in the past -- that the restrictive NDAs it forces law enforcement to sign before using Stingray equipment aren't restrictive and don't heavily hint (if not state outright) that agencies are to let perps walk rather than introduce Stingray-related evidence in court.

[A] careful reading of this material shows no evidence that the FBI has deceived or misled courts or prosecutors.

Technically true. But plenty of law enforcement agencies have. And when these omissions are challenged, they tend to excuse them by citing the FBI's NDA. So, the FBI ties up agencies with NDAs in hopes of limiting disclosures. Then it throws them under the bus when disclosures aren't made.

[T]he FBI made no false or misleading statements to courts, prosecutors, or anybody else in the Andrews investigation. The pen/trap application and related statements in Andrews were made by local law enforcement and local prosecutors.

Yes, but only because they felt they needed to do so, or because they may have been explicitly told to do so after asking the FBI. The FBI cites only this case because Michaud's defense only cites this case. There are countless others where it's been made apparent evidence of Stingray use has been hidden from everyone but the agency deploying the device.

We don't know what the outcome will be yet, but it's apparent the FBI will not be discussing the details of its NIT in court -- even as it tries to make itself out as a paragon of transparency in this filing. It even says it would prefer to handle this in an adversarial fashion (in the "allow the defense to participate" sense of the word) but simply cannot because it would presumably allow any number of criminals to escape its NIT tentacles in the future.

Filed Under: doj, email, fbi, foia, hacking, nit

FBI Found To Be Harvesting Surreptitious Recordings Around Two Other California Courthouses

from the bugging-in-bulk dept

Earlier this year, the FBI was catching heat for some undersupervised and overly-broad surveillance it deployed around the San Mateo courthouse in California. Hoping to catch conversations related to suspected bid-rigging during real estate auctions, the FBI scattered hidden microphones around the courthouse steps where the auctions took place.

The defendants' legal representation raised hell, claiming the surreptitious recordings violated their clients' rights. After all, the Supreme Court had declared in 1967 that closing a phone booth door was not dissimilar to holding a conversation in hushed tones, bringing a limited expectation of privacy to public places.

The FBI couldn't have felt all that confident about its secret recordings as it vowed not to enter any of the conversations it captured into evidence. That wasn't enough for the judge, however, who said he still needed to determine whether other evidence had been tainted by this questionable surveillance.

Not only was there a question about the legality under the Fourth Amendment, but there were unanswered questions about how many completely irrelevant conversations the FBI's bugs might have picked up -- like privileged discussions between lawyers and clients, both of whom are often at courthouses simultaneously.

Apparently, the FBI thought it was going to get away with this, most likely by declaring anything that happens in public to be completely stripped of privacy expectations. The surreptitious recordings in San Mateo didn't go nearly as smoothly as planned and now evidence has been produced showing the FBI targeted more than one courthouse during its bid-rigging investigation. (via Nate Cardozo)

At the Rene C. Davidson Courthouse in Oakland, the FBI planted hidden microphones inside light fixtures on the courthouse’s exterior steps to capture the conversations of people attending the foreclosure auctions. Cameras and microphones were installed in parked Alameda County vehicles next to the courthouse. The FBI even hid a microphone in the AC Transit bus stop on Fallon Street, and dropped a bugged backpack next to a statue inside the courthouse, according to a letter sent by US Justice Department attorney Kate Patchen to Marr's attorneys on March 15. The surveillance was ongoing from March 2010 to January 2011.

And:

In Martinez, the FBI planted microphones in bushes, at a bus stop, on a pole, and inside parked and roving vehicles near the auction site.

Three courthouses. At least a dozen microphones. Hundreds of hours of recordings. And for what?

Tough to say. Multiple prosecutions of suspected bid-riggers are ongoing, but the investigative groundwork is failing to pass inspection. Once again, prosecutors are promising not to use the questionable recordings in court, but they're far less likely to drop any evidence springing from those captured conversations.

In addition, defendants' lawyers in the San Mateo County case are going so far as to claim the FBI committed felonies by recording conversations, as California is a two-party consent state. They might have to settle for some suppressed evidence though, as the state law has a fairly broad "public area" exception, which would cover courthouse steps and bus stops. But that interpretation of the state's wiretap law exceptions may be subject to the government's interpretation of public spaces from its 1967 Katz decision, which would grant hushed conversations in public an expectation of privacy.

The FBI -- through its actions -- is repeatedly demonstrating it cares little for the rules that govern its investigations and intelligence gathering. It only cares when it gets caught. This is its culture, something that traces back -- with only minimal interruption -- to its inception.

Filed Under: california, courthouses, expectation of privacy, fbi, recordings, surveillance, warrants

FBI Response To FOIA Request About Whether It Is Hacking Your Amazon Echo: ¯\_(ツ)_/¯

from the so,-yes-then? dept

We've talked in the past about how claims of dangerous silence from certain law enforcement and intelligence groups within the American government are so much the crying of "wolf!" As some will decry the use of security tools like encryption, or other privacy tools, the fact is that the so-called "internet of things" industry has created what is essentially an invited-in army of confidential informants. Domestic surveillance, once a time-consuming, laborious, and difficult task for those doing the spying has since become laughably easy by relative standards. One can imagine J. Edgar Hoover having to change his trousers if he learned exactly to what degree Americans today have accepted hackable or easily-compromised cameras and microphones into our homes, so excited would he be.

In this era, then, it would seem the public buying these IoT products would have an interest in learning if their government is using those products against them in this way. In large part, it seems that the government ain't telling. Take the Amazon Echo, for instance, a device with a microphone that is voice-activated to play your favorite music, tell you the weather, read you the latest news, *cough*-let the government spy on you-*cough*, tells you the traffic, and reads you your audiobook-- wait, what was that government spying thing? Is that for real?

Gizmodo recently tried to find out via an FOIA request. The government's response was a shrug of the shoulders and the wink of an eye.

Back in March, I filed a Freedom of Information request with the FBI asking if the agency had ever wiretapped an Amazon Echo. This week I got a response: “We can neither confirm nor deny...”

In many ways the Echo is a law enforcement dream. Imagine if you could go back in time and tell police that one day people would willingly put microphones in their own homes that, with a little hacking, could be heard from anywhere in the world 24/7. First, you’d need to explain what hacking was, but then they’d be like, “Nah bruh, yer pullin’ my leg.”

The full FOIA response is embedded below. As Gizmodo notes, there is neither a confirmation or denial that records of surveillance by Echo exist, and the letter even goes on to insist that this response shouldn't be taken to mean that there are in fact such records. But, particularly in a post-Snowden world in which we live, what else can you expect the public to think? With all that's gone on, both the innocent and nefarious alike would be crazy not to simply operate on the assumption that the alphabet agencies were hacking all the internet of things it could before this FOIA response. The government's non-answer in this case will serve as confirmation for some and a return to this SOP for most others.

And screaming in the vaccum of certainty here is the overriding sense that any oversight of these surveillance practices that might exist is sorely lacking in teeth. It's difficult not to picture Americans shuffling within their own homes, casting worried looks at the devices around them, wondering for all the world when each might be weaponized as a telescreen. If the internet of things is going to become a new great industry, this is certainly going to be one of the hurdles it must overcome.

Filed Under: amazon echo, fbi, foia, glomar response, internet of things, iot

James Comey Still Trying To Blame Increase In Violent Crime On 'Viral Videos'

from the pitching-woe dept

FBI Director James Comey says we're "going dark" as more platforms move towards encryption. Nobody's buying it. Not Congress. Not NSA officials. Definitely not those who have actually researched the subject.

He also says people with cameras are causing spikes in crime rates by making police officers so self-conscious they can't do their job. Comey blamed citizens with cameras for escalating crime rates last October. He was immediately contradicted by Attorney General Loretta Lynch. Having learned nothing from the experience, Comey has dusted off his 2015 talking points for redeployment in 2016.

FBI Director James Comey said Wednesday he believes a "viral video effect" causes weak police work and could be "at the heart" of a spike in violent crime in some American cities.

“There’s a perception that police are less likely to do the marginal additional policing that suppresses crime—the getting out of your car at 2 in the morning and saying to a group of guys, ‘Hey, what are you doing here?’” he told reporters at FBI headquarters.

This is a guy with access to some of the best intelligence and advice your tax dollars can buy. And yet he'd rather tuck his thumbs into his suspenders, lean towards reporters and aw-shucks at them with his "I may just be a simple director of the most powerful law enforcement agency in the United States, but…" pitches.

He sounds like a small town local running for sheriff, rather than a top government official with his finger on the pulse of criminal activity and law enforcement technology.

Comey spoke to reporters after being briefed on crime statistics from 40 major cities, most of which saw an increase in murders, he said.

"I was very worried about it last fall and I am in many ways more worried," Comey told reporters at FBI headquarters. "The numbers are not only going up, they're continuing to go up faster than they were going up last year. And I worry very much it's a problem that most of America can drive around. ... I don't know what the answer is, but, holy cow, do we have a problem."

That's classic Comey: You've got problems? I don't have answers.

Encryption got you down? I'm sure the "smart people" in tech can deliver unicorns on command. No, I'm sorry. I don't have any technical details but, you know, those guys at Apple and Google are so damn smart. They'll think of something.

Crime rates spiking in major cities? "Holy cow, do we have a problem?" Any ideas, Mr. Top of the Law Enforcement Food Chain? "I don't know what the answer is."

OK. Well… um… keep on earning that paycheck... I guess.

Not for nothing has James Comey earned a petition calling for his removal. Comey claims criminals are somehow exploiting a "tech gap" the FBI can't seem to close, despite its hundreds of millions of dollars. I don't know how many criminals are staying one step ahead of the FBI in a tech arms race anyone can participate in. (The fact that the FBI can buy/obtain/hoard exploits and malware, along with other high-tech tools the general public can't purchase, somehow always gets lost in law enforcement's portrayal of this so-called "race.") But it can certainly be said criminals are one step ahead of the FBI's top man, who often seems genuinely baffled by the issues confronting his agency.

It may be that Comey is playing dumb because he believes it's the best way to advance his agency's agenda. But he's been doing this for more than a year and there's been no forward movement. If anything, the FBI is less likely to receive Congressional assistance than it was before Comey began running his mouth on these two subjects.

Not only has he lost the support of Congress, but he's not winning any powerful friends within the law enforcement community.

“He ought to stick to what he knows,” James O. Pasco Jr., executive director of the National Fraternal Order of Police, told the New York Times. “He’s basically saying that police officers are afraid to do their jobs with absolutely no proof.”

Unfortunately, this -- and "going dark" -- appears to be all Comey knows.

Filed Under: blame, crime, fbi, james comey, law enforcement, transparency