The controversial Cyber Intelligence Sharing and Protection Act (CISPA) just passed the U.S. House, and will now head to the upper Senate chamber for further deliberation. Rinse and repeat. This isn’t the first time that this has happened, but it still poses a major threat to Fourth Amendment rights, according to civil liberties campaigners. The Bill was passed 288-127 in favor of the Bill after two days of debate and discussion on the House floor. Only 18 members of the House abstained from the vote. CISPA will allow private sector firms to search personal and sensitive user data of ordinary U.S. residents to identify “threat information,” which can then be shared with other opt-in firms and the U.S. government — without the need for a court-ordered warrant. This means a company like Facebook, Twitter, Google, or any other technology or telecoms company, including your cell service provider, would be legally able to hand over vast amounts of data to the U.S. government and its law enforcement — for whatever purpose it deems necessary — and face no legal reprisals. And despite numerous amendments and changes, there are no requirements that personal data, such as health records or banking information, should be anonymized before sharing it with the government. It’s hoped that the data can be used in real time to stop cyberattacks in their tracks, or even trace back to the source of the attack. Because cyberattacks nowadays as weapons in the virtual battlefield could lead to all-out war. The Bill will also amend the National Security Act to allow U.S. intelligence services to hand over classified information to entities and people that do not have security clearance. The idea is that this will be used in order to help companies fight back against and prevent cyberattacks on their systems in the future. A great deal of controversy has stirred around this Bill. Having amendments passed in a veil of secrecy did not help matters, either. To make things even more complicated, a new amendment, voted down by lawmakers on Wednesday in the U.S. House, would have allowed U.S. companies to keep their privacy policies intact and their promises valid, including terms of service, legally enforceable in the future. It means that the many who signed up to such services under terms that promised their data would not be shared with anyone — unless a subpoena or court order was served — would no longer have such rights going forward. Though it would have weakened CISPA’s overall weight, now it gives additional legal immunity to companies sharing their customer data. Rep. Jared Polis (D-CO), in speaking to ZDNet’s sister site CNET, said that such firms are “completely exonerated from any risk of liability.” Hello Fourth Amendment, goodbye Fourth Amendment The key provision of CISPA is that it allows government entities to acquire your data without a warrant, should a private company holding your data hand it over. The Fourth Amendment of the U.S. Constitution states: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. “Upon probable cause.” That means the U.S. government has to seek out data based on evidence and intelligence. But while the U.S. government and its law enforcement agencies, intelligence services, and more than 600 agencies that can use your data cannot force a company to hand over data, it doesn’t mean your data is safe. The Fourth Amendment does not protect private companies from accessing and data mining your information for its own gain. It only protects against the U.S. government unlawfully accessing your data without a search warrant. CISPA bridges a gap between the private firms that can access your data for nefarious purposes — they would likely never do this — to the U.S. government. U.S. firms voluntarily handing data along the one-way street to the U.S. government effectively means the Fourth Amendment doesn’t have to apply; it’s not snooping if it was handed to the government under “cybersecurity” grounds. By this point, the U.S. government can do just about anything it likes with your data once it’s in its hands, in spite of the Fourth Amendment and notwithstanding lacking a search warrant. The kicker is that this is allowed as long as it’s lawful and pertains to “cybersecurity purposes,” rather than “national security” purposes. But because the language in CISPA is so ill defined, it could be used for many more reasons than were initially considered. According to privacy and civil liberties group the Electronic Frontier Foundation (EFF), even though the data was passed to the government for reasons pertaining only to “cybersecurity,” it can then be used to investigate other crime, not limited to cybersecurity crime, such as the “criminal exploitation of minor, protecting individuals from death or serious physical injury, or protecting the national security of the United States.” But it all flows through the U.S. Department of Justice, first and foremost, which can then be disseminated throughout government and its agencies, onto the FBI, the National Security Agency (NSA), Immigration and Customs, and so on. Even the U.S. Department of Agriculture can take on your data and use it against you, should you be fishing without a license. And because this is done behind the scenes and private companies do not have to tell you that they’ve handed your data to the government, you may never know about it. And private firms are exempt from Freedom of Information (FOI) requests, with such provisions disallowed under CISPA. Read More

The controversial Cyber Intelligence Sharing and Protection Act (CISPA) just passed the U.S. House, and will now head to the upper Senate chamber for further deliberation.

Rinse and repeat. This isn’t the first time that this has happened, but it still poses a major threat to Fourth Amendment rights, according to civil liberties campaigners.

The Bill was passed 288-127 in favor of the Bill after two days of debate and discussion on the House floor. Only 18 members of the House abstained from the vote.

CISPA will allow private sector firms to search personal and sensitive user data of ordinary U.S. residents to identify “threat information,” which can then be shared with other opt-in firms and the U.S. government — without the need for a court-ordered warrant.

This means a company like Facebook, Twitter, Google, or any other technology or telecoms company, including your cell service provider, would be legally able to hand over vast amounts of data to the U.S. government and its law enforcement — for whatever purpose it deems necessary — and face no legal reprisals.

And despite numerous amendments and changes, there are no requirements that personal data, such as health records or banking information, should be anonymized before sharing it with the government.

It’s hoped that the data can be used in real time to stop cyberattacks in their tracks, or even trace back to the source of the attack. Because cyberattacks nowadays as weapons in the virtual battlefield could lead to all-out war.

The Bill will also amend the National Security Act to allow U.S. intelligence services to hand over classified information to entities and people that do not have security clearance. The idea is that this will be used in order to help companies fight back against and prevent cyberattacks on their systems in the future.

A great deal of controversy has stirred around this Bill. Having amendments passed in a veil of secrecy did not help matters, either.

To make things even more complicated, a new amendment, voted down by lawmakers on Wednesday in the U.S. House, would have allowed U.S. companies to keep their privacy policies intact and their promises valid, including terms of service, legally enforceable in the future.

It means that the many who signed up to such services under terms that promised their data would not be shared with anyone — unless a subpoena or court order was served — would no longer have such rights going forward.

Though it would have weakened CISPA’s overall weight, now it gives additional legal immunity to companies sharing their customer data. Rep. Jared Polis (D-CO), in speaking to ZDNet’s sister site CNET, said that such firms are “completely exonerated from any risk of liability.”

Hello Fourth Amendment, goodbye Fourth Amendment

The key provision of CISPA is that it allows government entities to acquire your data without a warrant, should a private company holding your data hand it over.

The Fourth Amendment of the U.S. Constitution states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

“Upon probable cause.” That means the U.S. government has to seek out data based on evidence and intelligence. But while the U.S. government and its law enforcement agencies, intelligence services, and more than 600 agencies that can use your data cannot force a company to hand over data, it doesn’t mean your data is safe.

The Fourth Amendment does not protect private companies from accessing and data mining your information for its own gain. It only protects against the U.S. government unlawfully accessing your data without a search warrant.

CISPA bridges a gap between the private firms that can access your data for nefarious purposes — they would likely never do this — to the U.S. government.

U.S. firms voluntarily handing data along the one-way street to the U.S. government effectively means the Fourth Amendment doesn’t have to apply; it’s not snooping if it was handed to the government under “cybersecurity” grounds.

By this point, the U.S. government can do just about anything it likes with your data once it’s in its hands, in spite of the Fourth Amendment and notwithstanding lacking a search warrant. The kicker is that this is allowed as long as it’s lawful and pertains to “cybersecurity purposes,” rather than “national security” purposes. But because the language in CISPA is so ill defined, it could be used for many more reasons than were initially considered.

According to privacy and civil liberties group the Electronic Frontier Foundation (EFF), even though the data was passed to the government for reasons pertaining only to “cybersecurity,” it can then be used to investigate other crime, not limited to cybersecurity crime, such as the “criminal exploitation of minor, protecting individuals from death or serious physical injury, or protecting the national security of the United States.”

But it all flows through the U.S. Department of Justice, first and foremost, which can then be disseminated throughout government and its agencies, onto the FBI, the National Security Agency (NSA), Immigration and Customs, and so on. Even the U.S. Department of Agriculture can take on your data and use it against you, should you be fishing without a license.

And because this is done behind the scenes and private companies do not have to tell you that they’ve handed your data to the government, you may never know about it. And private firms are exempt from Freedom of Information (FOI) requests, with such provisions disallowed under CISPA.

Read More

Posted 4 weeks ago
23 notes • View comments
Tagged: CISPA, government, police state, internet, privacy, Twitter, Reddit, Google, YouTube, Facebook, Tumblr, bullshit, SOPA, censorship, surveillance, 4th Amendment, .
Historical data needs protection as cell-phone location tracking moves indoors »

Tuesday, April 09, 2013

At recent hearings regarding whether law enforcement should have to get a warrant for cell-phone location tracking, police from Dallas and Houston as well as an ostensibly (if not actually) neutral witness from the US Marshal’s Service claimed that historical location data should not require a warrant because it is relatively inaccurate. At the House panel in particular that suggestion was rebuffed by the 2009 example of Malte Spitz, a German politician who sued for access to his cell-phone location data and collaborated with a newspaper to generate this graphic tracking his every move for six months. In general, though, it turns out the notion that historical location data is inaccurate was an ill-timed argument. In the past month, a flurry of new developments have shown location data is rapidly becoming more accurate than ever, particularly a new study showing cell-phone users can be identified via location data using relatively few “pings.”

Now, this week’s IT news features discussion of emerging “indoor location tracking” by smart phones that in the near future will provide ever-more precise location data on anyone carrying one:

Claburn’s piece is the only critical item of the bunch, pointing out that, “this technology isn’t really for consumers. It’s for businesses, so they can track you and glean more data about what you’re looking at, where you’re going, how long you spend in a place and so on.” He could have added that it’s also for law enforcement, which makes thousands of requests for cell-phone location data every day - more every year as the technology becomes more ubiquitous and precise.

Most discussions of location tracking at the Texas Legislature have been about either GPS, which doesn’t work indoors or when line of sight to a satellite is blocked, or cell-phone tower triangulation, which generally does work indoors but in some circumstances is less accurate. Increasingly, though, both those methods are being enhanced by an array of technologies that collaborate to generate extremely accurate tracking data. Find below the jump an expurgated version of a startling list compiled by Mr. Dodge of some of the means being used to make location tracking data more accurate in the next few years, even indoors.

  • Wifi Triangulation – Wifi Triangulation measures signal loss or strength from multiple wifi hotspots to triangulate position. It is not necessary to connect to these wifi hotspots, only to measure the signal strength. Your phone displays signal strength in terms of  3 or 4 bars, but inside it is actually measuring signal strength very precisely. These services have a database of known wifi hotspots, and adds new hotspots as they are discovered by users. …
  • GPS/Cellular/Wifi Triangulation – Uses inputs from GPS/Cellular/Wifi, when available, to determine position. This is important for smooth transition from outdoor to indoor positioning. …  
  • Wifi Fingerprinting – Smartphones turn on wifi for a few seconds to get a Wifi Fingerprint and associate it with a Check-In location. Compares the current Wifi Fingerprint to a known database of Fingerprint/Location pairs. Often used in conjunction with Check-in services like Google Places or FourSquare. This allows a more accurate location within a building….
  • Dedicated Beacons - Cheap, low power, radio beacons located at known positions within a building. The only purpose of the beacons is to transmit a unique signal that can be received by your Smartphone. Uses the same location triangulation methods as wifi, but can be more accurate due to their specific location and purpose. …
  • Bluetooth Sensors - Many electronic devices contain Bluetooth, including every smartphone. These Bluetooth sensors can read signals from dedicated beacons, or dynamically create a mesh network of Bluetooth signals that constantly corrects and refines relative position and location.
  • Tracking Sensors from known positions - Most smartphones contain multiple sensors including a compass, gyroscope, accelerometer, altimeter, and barometer. These sensors can measure your direction, turns, speed, and height above sea level to create a three dimensional view of your location. Starting with a known position from other methods such as GPS, cellular, or wifi which work outside, the smartphone sensors can be used to track your position inside a building.
  • Magnetic sensors - Magnetic sensors can pick up the Earth’s natural magnetic forces to determine lat/long position similar to the way a compass works, but two dimensional, and much more accurate.
  • LED Lights - lights in the ceiling can be programmed to pulse in milli-seconds, so fast the human eye can’t detect the pulse. But, your smartphone camera can detect the pulses and distinguish between different lights and triangulate your position. The LED lights each have a unique pulse fingerprint. They can be used with standard light fixtures and remain in fixed positions within the building, making it easy to calculate location.
  • Cameras - A ceiling or wall mounted camera within a building can cover up to 100 square meters. The camera on your smartphone can automatically take many snapshot photos per second. Object recognition software uses pattern matching to compare those smartphone snapshots to the wall-mounted camera to determine precise location. 

One could already see from Malte Spitz’s example in 2009 that historical location data from cell phones had become shockingly accurate. And the trajectory is only headed in one direction: In the near future, smart-phone location tracking will be incredibly precise, no matter where you are. In that protean environment, it makes no sense for legislators or the courts to distinguish between real-time and historical tracking data as though the latter is somehow less invasive. Thanks to advancing technology, that distinction hasn’t really been true in several years and, in the near future, as smart phones evolve, it will become flat-out meaningless, if it hasn’t already.

Posted 1 month ago
2 notes • View comments
Tagged: police state, surveillance, privacy, cell phone, tracking, government, GPS, wifi, cellular, Google, social networking, internet, 4th Amendment, .
Source: gritsforbreakfast.blogspot.com
Hey Google, Can We Have Data About FISA Court Orders Too? »

priceofliberty:

Google took an unprecedented and fantastic step towards greater transparency earlier this week by releasing data about National Security Letters that it receives, but there is another class of government orders for user data that we are still totally in the dark about: Foreign Intelligence Surveillance Act (FISA) court orders. More transparency – even in broad brush strokes – related to how FISA orders are used to access user data would be extremely helpful for users concerned about government access and the opaque FISA process.

Congress passed FISA in 1978 to create a legal framework for conducting surveillance during foreign intelligence investigations. Prior to the passage of this law, there was some ambiguity about the role of the courts and Congress in regulating the Executive’s conduct in national security investigations. But FISA changed that: it created a procedure and a specialized court, the so-called FISA court, to oversee national security surveillance and to serve as a check on the government’s surveillance powers.

Unlike most American courts, the FISA court is a secret court, so its proceedings are done behind closed doors and any orders it issues come accompanied with a gag order (meaning that people and companies who receive an order can’t tell anyone about it). There are open questions about how the government is interpreting and implementing many provisions of FISA, including the recently reauthorized FISA Amendments Act and Section 215 of the PATRIOT Act, the so-called “business records” provision. The specifics remain shrouded in secrecy, but Senators Ron Wyden, Mark Udall, Rand Paul, and Jeff Merkley, among others, have indicated repeatedly that Americans would be “stunned” to find out how the government is interpreting and using these provisions.

Given the secrecy surrounding FISA and the public condemnation of elected officials, it’s understandable that the public is concerned about how the law is being interpreted and used as well. Releasing data about FISA court orders, even aggregated data, would help shed light on what is, presumably, the most secretive tool in the federal government’s surveillance toolkit. Such a release from Google, for example, could demonstrate (or disprove) that FISA orders do NOT authorize dragnet surveillance of large numbers of Google users at once.

Getting more clarity would be a good thing for Google users and  the American public, and we hope that Google finds a way to navigate the legal waters in order to publish aggregated data about the orders it receives through FISA.

Reblogged 1 month ago from priceofliberty
5 notes • View comments
Tagged: Google, internet, FISA, privacy, police state, surveillance, government, USA, PATRIOT ACT, EFF, .
Tech Crunch | Who’s Afraid Of Google Glass? »

To a limited extent I actually want Google Glass surveillance, in an uneasy Pandora’s-box kind of way. I want police officers, border guards, and other authorities to be required to wear them every moment that they’re on duty, and I want that data to be available to those who report police brutality or other abuses of authority.

Posted 2 months ago
2 notes • View comments
Tagged: police, law enforcement, cops, police accountability, google glass, google, glasses, surveillance, police state, .
Source: beatyourselfup.com
back to top