Privacy

New Cybersecurity Bill Passed by Senate Creates Privacy Concerns

150 150 Joel Leppard

cybersecurity

A new bill called the Cybersecurity Information Sharing Act (CISA) was passed by the Senate on Tuesday. Its main goal is to stop hackers by getting companies to share information with the federal government about any cyber attacks they face. Basically, CISA works by works by letting companies share “cyber threat indicators” with the Department of Homeland Security, which then sends out a red alert to warn other people of the threat.

You may be thinking: Don’t companies already have initiatives in place to share threat information? Yes. But what makes CISA different is that Homeland Security can now share the report with the National Security Agency and other spy agencies.

One huge concern is that nowhere in the bill does it say customers’ personally identifiable information has to be left out of the report. In fact, of the countless amendments made to the bill, one necessary amendment that actually failed on Tuesday would have made it mandatory to remove that information before a company could share information about threats.

Here’s another catch: Although a company’s cooperation in sharing information is voluntary, the bill gives companies a nice incentive to do so by eliminating legal liability. For example, if a company ends up sharing too much information about its customers, it won’t have to worry about private lawsuits or antitrust laws.

CISA opposers believe that the bill ignores the goal of encouraging companies to increase their cybersecurity standards and puts more responsibility on a “generalized public-private secret information sharing network.” In other words, opponents say CISA creates a new law in the wrong places.

Learn more here: http://www.npr.org/sections/alltechconsidered/2015/10/27/452338925/senate-approves-cybersecurity-bill-what-you-need-to-know

Policing for Profit

150 150 Joel Leppard

GOOD-Cops-Main

Civil forfeiture laws allow police to seize your property, sell it and use the money to fund agency budgets. This means your car, cash, real estate or other property can be taken from you even if you are not convicted or charged with a crime.

I’m sure you are wondering how your property can be taken from you if you are not involved in any criminal activity. The answer to that is: Civil forfeiture is basically a way for the courts to try inanimate objects for their involvement with criminal activity. That is why civil forfeiture actions are in rem proceedings, which means “against or about a thing.”

Originally, civil forfeiture was created to drain resources from powerful criminal organizations, but today it has become a way of funding for law enforcement agencies and has also led to personal gain.  According to a 2003 article in the St. Petersburg Times, Tampa Bay police seized and kept cars for their own use. “The seized fleet consisted of some 42 cars, including a Lincoln Navigator, a Ford Expedition, and, Police Chief Bennie Holder’s favorite, a $38,000 Chevy Tahoe.”

In Florida, law enforcement must prove with clear and convincing evidence that the property being seized was related to criminal activity. Although this is a higher standard than most other states, it still puts property owners at a disadvantage. This is because unlike a criminal forfeiture case, in which the government has to prove someone is guilty “beyond a reasonable doubt,” the standards in a civil forfeiture case are much less rigorous. According to the Institute for Justice, “law enforcement in Florida still receives 85 percent of the funds generated from civil forfeiture.”

It is also a misconception that most people who have their property seized are wealthy. Some low-income families who do not have the resources to get their property back are also targeted by law enforcement. Regardless of socioeconomic status, it is not fair that likely innocent people are being stripped of their property without ever being convicted of a crime.

 

For more information, please read:

The Institute for Justice’s Initiative to End Policing for Profit

The Huffington Post article “Above the Law: New DPA Report Finds ‘Policing for Profit’ Gone Wild”

Central Florida Law Enforcement Agency Interested in Buying Hacking Team Technology

150 150 Joel Leppard

Hacker

Wikileaks, a website that posts original documents from anonymous sources, has recently leaked e-mails between the Metropolitan Bureau of Investigation (MBI) and the Italian company Hacking Team that show the MBI’s desire to purchase spyware technology that would enable the agency to infiltrate phones and computers.

The MBI is a multi-agency task force in Orlando that covers Osceola and Orange counties and includes members from State Attorney’s Office, Orlando Police Department, Orange County Sherriff’s department as well as other local police agencies and the DEA, FBI, ICE, Secret Service and other agencies. Hacking Team is a company that uses computer viruses to help law enforcement and national security organizations gain access to targeted networks.

Ironically, Hacking Team itself has been hacked in the past. The hackers exposed documents on a Twitter page titled “Hacked Team” that showed evidence of the company working with numerous repressive governments such as Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia and the UAE, many of whom have been criticized by international human rights organizations for aggressively monitoring journalists and other freedom activists. This is alarming because it essentially means that the MBI is using tax payer money to associate itself with and support a company that provides support for terrorists.

The recently leaked documents between the MBI and Hacking Team show that the MBI wants to purchase spyware called Galileo from the company. Galileo, which can be installed on phones and computers, will allow law enforcement officials to see what a targeted suspect is seeing in real time. The police would also be able to track the suspect’s movements. MBI director Larry Zweig even told the Orlando Sentinel that the task force wants to be able to track drug and human trafficking organizations through apps like Snapchat.

The MBI’s collaboration with Hacking Team wouldn’t be the first time that the agency has tried to use questionable methods to obtain evidence of criminal activity. In 1981, the MBI arrested 10 men on charges of running a football gambling ring after wire tapping two phones. The agency, however, was only permitted to tap one phone as part of the investigation. Therefore, none of the defendants went to jail.

In another instance, the MBI enlisted an alleged drug dealer named Donna Jean Gallagher as an informant in 1985. She later claimed that “she stole cocaine during MBI investigations to feed a habit agents knew about but did nothing to stop, was gang-raped by drug dealers while working for the agency and had sex with two of her supervising agents.” The agents were consequently fired.

If the MBI uses Galileo in its investigations, the agency needs to make sure that it filters out information obtained from people who are not targets of the investigation. In doing so, the MBI would be violating Title III of the Omnibus Crime Control and Safe Streets act of 1968. If the agency’s past transgressions say anything about the future of the MBI + Hacking Team partnership, however, it’s that there may be significant privacy concerns ahead.

Additional information:

This week, NPR 90.7 aired an interview Florida Center for Investigative Reporting reported Trevor Aaronson, who voices some of the concerns with providing MBI with this powerful technology. http://www.wmfe.org/fcir-leaked-documents-show-mbis-interest-in-surveillance-software/

Read the MBI and Hacking Team emails here:
https://wikileaks.org/hackingteam/emails/?q=randall+pennington&mfrom=&mto=&title=&notitle=&date=&nofrom=&noto=&count=50&sort=0#searchresult

Do NOT follow this link or you will be banned from the site!