An FBI surveillance aircraft flying near Manassas Regional Airport in Virginia

According to flight data, over the weekend an FBI surveillance plane carried out a protracted overflight of the city of Dearborn, Michigan. Some 30% of the city’s population is Arab-American, which has made it a regular target for FBI sting operations.

Despite this, the FBI is loudly denying that the spy plane was conducting surveillance of the Arab-American community in general, insisting they “don’t conduct mass surveillance,” though they did not offer any details on actually what they were surveilling, and maintained there were no threats in the area of the flight, which includes Metro Detroit.

Though some Arab-American groups took that denial at face value, saying there is no reason to doubt the FBI, many aren’t so sure, and indeed the FBI’s overflights of US cities have tended in recent times to be for untoward reasons.

The Justice Department has been conducting such overflights in so-called “dirtbox” planes, which mimic the signals of a cellphone satellite, but being in the air instead of in orbit, are then connected to ordinary Americans’ phones as the closer signal, allowing them to seize cellphone data en masse from the air. The FBI has recently conducted such flights for the Justice Department as well.

If this proves to be the nature of this most recent flight, the FBI could theoretically claim Arab-Americans aren’t being targeted as such. After all, it is everyone who is a target, or at least their cellphones. Still, the FBI’s denial that it conducts mass surveillance as a general rule is demonstrably false, and the overflight is just one more in a troubling trend.

This post written originally by Jason Ditz for AntiWar.com

The American Civil Liberties Union has published a list of answers to frequently asked questions regarding the government’s ability to access your personal medical information.

Recently, some Americans who have visited a hospital, pharmacy, or doctor’s office have received letters informing them that their private health information may be turned over to “authorized federal officials” for the purposes of national security or intelligence activities.

The ACLU’s response takes into account legislation still in effect from the USA Patriot Act, as well as current HIPAA privacy regulations. The ACLU answers questions about whether police can obtain medical information without a warrant (yes), and whether the government (and possibly those acting on its behalf) can access that information under the Patriot Act (yes).

Many Americans feel a growing concern about the potential for government overreach in their ability to access private information about its citizens. The ACLU seems to share in this concern, recommending readers contact Congress to pass legislature that would revise medical privacy laws, in particular requiring law enforcement officials to obtain a warrant first before accessing private medical data.

You can read the full report, complete with legal sources for the ACLU’s findings, on their website.

Finally! There’s something that apparently virtually all governments around the world can actually agree upon. Unfortunately, it’s on par conceptually with handing out hydrogen bombs as lottery prizes.

If the drumbeat isn’t actually coordinated, it might as well be. Around the world, in testimony before national legislatures and in countless interviews with media, government officials and their surrogates are proclaiming the immediate need to “do something” about encryption that law enforcement and other government agencies can’t read on demand.

Here in the U.S., it’s a nearly constant harangue over on FOX News (nightmarishly, where most Americans apparently get their “news” these days). On CNN, it’s almost as pervasive (though anti-crypto tirades on CNN must share space with primetime reruns of a globetrotting celebrity chef and crime “reality” shows).

It’s much the same if you survey media around the world. The names and officials vary, but the message is the same — it’s not just terrorism that’s the enemy, it’s encryption itself.

That argument is a direct corollary to governments’ decidedly mixed feelings about social media on the Internet. On one hand, they’re ecstatic over the ability to monitor the public postings of criminal organizations like ISIL (or ISIS, or Islamic State, or Daesh — just different labels for the same fanatical lunatics) that sprung forth from the disastrously misguided policies of Bush 1 and Bush 2 era right-wing neocons — who not only set the stage for the resurrection of long-suppressed religious rivalries, but ultimately provided them with billions of dollars worth of U.S. weaponry as well. Great job there, guys.

Since it’s also the typical role of governments to conflate and confuse issues whenever possible for political advantage, when we dig deeper into their views on social media and encryption we really go down the rabbit hole.

While governments love their theoretical ability to track pretty much every looney who posts publicly on Twitter or Facebook or Google+, governments simultaneously bemoan the fact that it’s possible for uncontrolled communications — especially international communications — to take place at all in these contexts.

In particular, it’s the ability of radical nutcases overseas to recruit ignorant (especially so-called “lone wolf”) nutcases in other countries that is said to be of especial concern, notably when these communications suddenly “go dark” off the public threads and into private, securely encrypted channels.

“Go dark” — by the way — is now the government code phrase for crypto they can’t read on demand. Dark threads, dark sites, dark links. You get the idea.

One would be remiss to not admit that these radical recruiting efforts are of significant concern.

But where governments’ analysis breaks down massively is with the direction of their proposed solutions, which aren’t aimed at addressing the root causes of fanatical religious terrorism, but rather appear almost entirely based on preventing secure communications — for anybody! — in the first place.

Naturally they don’t phrase this goal in quite those words. Rather, they continue to push (to blankly nodding politicians, journalists, and cable anchors) the tired and utterly discredited concept of “key escrow” cryptography, where governments would have “backdoor” keys to unlock encrypted communications, supposedly only when absolutely necessary and with due legal process.

Rewind 20 years or so and it’s like “Groundhog Day” all over again, back in the early to mid 90s when NSA was pushing their “Clipper Chip” hardware concept for key escrowed encryption, an idea that was mercilessly buried in relatively short order.

But like a vampire entombed without appropriate rituals, the old key escrow concepts have returned to the land of the living, all the uglier and more dangerous after their decades festering in the backrooms of governments.

The hardware Clipper concept dates to a time well before the founding of Twitter or Facebook, and a few years before Google’s arrival. Apple existed back then, but centralized social media as we know it today wasn’t yet even really a glimmer in anyone’s eye.

While governments generally seem to realize that stopping all crypto that they can’t access on demand is not practical, they also realize that the big social media platforms (of which I’ve named only a few) — where most users do most of their social communicating — are the obvious targets for legislative, political, and other pressures.

And this is why we see governments subtly (and often, not so subtly) demonizing these firms as being uncooperative or somehow uncaring about fighting evil, about fighting crime, about fighting terrorism. How dare they — authorities repeat as a mantra — implement encryption systems that governments cannot access at the click of a mouse, or sometimes access at all under any conditions.

Well, welcome to the 21st century, because the encryption genie isn’t going back into his bottle, no matter how hard you push.

Strong crypto is critical to our communications, to our infrastructures, to our economies, and increasingly to many other aspects of our lives.

Strong crypto is simply not possible — let’s say that once more with feeling — not possible, given key escrow or other government backdoors designed into these systems. There is no practical or even theoretically accepted means for including such mechanisms without fatally weakening the entire associated encryption ecosystem, and opening it up to all manner of unauthorized access via hacking and various subversions of the key escrow process.

But governments just don’t seem willing to accept the science and reality of this, and keep pushing the key escrow meme. It’s like the old joke about the would-be astronaut who wanted to travel to the sun, and when reminded that he’d burn up, replied that it wasn’t a problem, because he’d go at night. Right.

Notably, just as we had governments who ignored realistic advice and unleashed the monsters of religious fanatical terrorism, we now have many of the same governments on the cusp of trying to hobble, undermine, and decimate the strong encryption systems that are so very vital.

There’s every reason to believe that we’d experience a similarly disastrous outcome in the encryption context as well, especially if social media firms were required to deploy only weak crypto — putting the vast populations of innocent users at risk — while driving the bad guys even further underground and out of view.

If we don’t vigorously fight back against government efforts to weaken encryption, we’re all going to be badly burned.

Published by Lauren Weinstein on vortex.com

Not all surveillance tools were lost to the FBI after the expiration of several Patriot Act powers on Sunday.

The national law enforcement agency still operates an air force of low-flying planes that can identify individuals thousands of feet below by the cellphones they carry, and all without a judge’s approval.

The spy planes capture video, and at times, are equipped with cellphone surveillance technology, but none bear the FBI’s insignia, instead are hidden behind names of fictitious companies used as a front for the FBI. The surveillance is captured without a judges approval and used in ongoing investigations, the FBI said.

The spy planes are one tool in the FBI’s arsenal to track down suspected terrorists not included in the Patriot Act debate. On Sunday, lawmakers let the Patriot Act expire, and with it the FBI’s use of roving wiretaps, which allow agents to follow suspects as they switch phones, and the “lone wolf” provision which allowed the agency to spy on non-U.S. persons, even if they had no established connection with a terrorist group.

But the FBI still has its spy planes.

The spy planes are sometimes used to collect evidence and, at other times, to ensure the safety of those police officers who have been sent to disrupt a criminal operation in a remote area, said Jon Adler, president of the Federal Law Enforcement Officers Association.

The full story is available here

One of the NSA’s most controversial surveillance programs ended at least temporarily Sunday, after US senators failed to pass a bill that would have reformed Section 215 of the Patriot Act, which is set to expire at midnight.

In a contentious Sunday session, US senators tried to pass the USA Freedom Act, which would take the bulk collection of phone records out of the hands of the NSA. Instead, it would be stored by telecoms. The legislation would force the government to obtain a court order from the Foreign Intelligence Surveillance Act any time it wishes to access such records from telecoms and would limit the access to records that are relevant to a national security investigation. It looks likely that the bill will pass sometime this week.

Last week, the senate failed to pass the same bill, but tonight agreed to scrap that vote and try again. Senator Rand Paul stymied that effort, saying in a speech that the bill still didn’t go far enough to curb surveillance. Senate Majority Leader Mitch McConnell, who had originally opposed the bill, announced that it was “now the only realistic way forward” and urged Republicans to vote yes with him. McConnell mustered enough votes to advance the bill procedurally, meaning debate is over and the bill can now be voted on quickly later. The Senate will meet again tomorrow at noon ET, likely to take up the vote again. But by that time, the relevant section of the Patriot Act will have expired.

“Congress should take advantage of this sunset to pass far reaching surveillance reform, instead of the weak bill currently under consideration,” said Michael Macleod-Ball, acting director of the ACLU Washington Legislative Office.

The bulk phone records collection program was first uncovered by USA Today in 2006, although US telecoms denied at the time that they were handing over the records of customers to the government. But in 2013 a document leaked by NSA whistleblower Edward Snowden confirmed that the government had been collecting all phone detail records from certain US telecoms for years, including calls that are wholly domestic—meaning both parties are located in the US. The records are collected even though the vast majority of people involved in the calls are not suspected of ties to terrorism or criminal activity. The collection doesn’t involve the content of calls, but instead involves so-called metadata—the phone numbers on both sides of a call and the date and duration of the call.

Civil liberties groups have challenged the program on Fourth Amendment grounds, and although one federal judge called it “likely unconstitutional” a three-judge panel in the 6th Circuit Court of Appeals did not go that far in its recent judgement about the program. The panel did, however, rule that the program is currently illegal under US law, since legislation the government had been using to justify it—Section 215 of the USA Patriot Act—does not in fact allow for the mass collection of records in this way.

The Privacy and Civil Liberties Oversight Board convened by President Obama in the wake of the Snowden revelations recommended that the program be overhauled so that the records would be retained by the telecoms while still being accessible to the NSA with a court order. To do this, however, lawmakers needed to draft a law authorizing it, hence the USA Freedom Act.

Although the House passed its version of the bill by a landslide earlier this month, its path through the Senate has been rocky. Last November, Democratic Senate lawmakers hoped to advance their version during an end-of-year lame-duck session before they lost their majority position to newly elected Republicans who would be taking office in January. But they failed by just two votes to obtain the 60 votes necessary to close down a debate on amendments to the bill and advance the legislation to the Senate floor. That outcome was repeated last week during a second attempt to move the bill forward.

The bill’s initial failure last November was due in part to opposition from Mitch McConnell and others who oppose the USA Freedom Act and instead wanted to re-authorize Section 215 of the Patriot Act, which the government was still maintaining at the time gave it legal authorization to conduct bulk collection of phone records. Section 215 authorizes the government to obtain business records—including medical, credit card and financial records—if they are relevant to an FBI investigation. But it, along with two other sections of the Patriot Act, are set to expire after midnight tonight. This means the bulk collection would have to stop without re-authorization, but so would the collection of other records allowed by Section 215.

The recent 6th Circuit Court of Appeals ruling made a straight re-authorization difficult, however. Because the three-judge appellate panel ruled that Section 215 as written cannot be used to legally justify the mass collection of US phone records, lawmakers were left with the choice of either revising Section 215 so that it does authorize bulk collection or re-authorizing it as is and leaving the government with no legal coverage for its bulk collection program.

The USA Freedom Act was proffered as a compromise—it would essentially re-authorize Section 215 so that the government could continue to obtain business records relevant to an investigation, but kill the bulk collection of phone records. Under the legislation, the government would have six months of transition to close down its collection program.

McConnell failed last week to get the Patriot Act re-authorized, so he tried to get a temporary extension for the expiring sections to buy time until lawmakers could decide on a permanent solution. But opposition was strong, particularly after a report released last week by the Justice Department’s own inspector general office revealed that between 2007 and 2009, the government had been using Section 215 to also obtain access to large collections of electronic communication transactional information—which likely refers to the “to” and “from” lines of emails and text and instant messages, as well as web addresses visited and internet protocol addresses.

The report also called into question the efficacy of the collection programs. The inspectors found that neither the call records collection program—nor any other bulk surveillance conducted under Section 215—had produced significant intelligence or intelligence that they weren’t able to obtain through other means.

“[T]he agents we interviewed did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders, but told us that the material produced pursuant to Section 215 orders was valuable in that it was used to support other investigative requests, develop investigative leads, and corroborate other information,” the inspectors stated.

This provided more fodder for those opposed to the Patriot Act. Senators Ron Wyden (D-Oregon) and Rand Paul (R-Kentucky) staged a kind of filibuster last week to prevent any re-authorizion or extension of the Patriot Act. With that failing as well as the USA Freedom Act, McConnell convened the special session today, following a week-long holiday recess, to revisit them. The Senate was looking at two motions today—one to advance the USA Freedom Act and the other to pass an extension for the sections of the Patriot Act that are set to expire.

The White House was clear on what it wanted senators to do. During his weekly address to the nation on Saturday, President Obama called on Americans to “join me in speaking with one voice to the Senate. Put the politics aside. Put our national security first. Pass the USA Freedom Act—now.”

Though the senators didn’t heed those words tonight, it appears likely that eventually the bill will pass. The procedural voice vote earlier in the evening agreeing to take up the reform bill passed by 77-17, showing there is likely sufficient support to pass the law soon and put an end to the bulk collection program for good.

Story originally written by Kim Zetter for WIRED

FBI agents can’t point to any major terrorism cases they’ve cracked thanks to the key snooping powers in the Patriot Act, the Justice Department’s inspector general said in a report Thursday that could complicate efforts to keep key parts of the law operating.

Inspector General Michael E. Horowitz said that between 2004 and 2009, the FBI tripled its use of bulk collection under Section 215 of the Patriot Act, which allows government agents to compel businesses to turn over records and documents, and increasingly scooped up records of Americans who had no ties to official terrorism investigations.

The FBI did finally come up with procedures to try to minimize the information it was gathering on non-targets, but it took far too long, Mr. Horowitz said in the 77-page report, which comes just as Congress is trying to decide whether to extend, rewrite or entirely nix Section 215.

Backers say the Patriot Act powers are critical and must be kept intact, particularly with the spread of the threat from terrorists. But opponents have doubted the efficacy of Section 215, particularly when it’s used to justify bulk data collection such as in the case of the National Security Agency’s phone metadata program, revealed in leaks from former government contractor Edward Snowden.

The new report adds ammunition to those opponents, with the inspector general concluding that no major cases have been broken by use of the Patriot Act’s records-snooping provisions.

“The agents we interviewed did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders,” the inspector general concluded — though he said agents did view the material they gathered as “valuable” in developing other leads or corroborating information.”

The report said agents bumped their number of bulk-data requests under Section 215 from seven in 2004 to 21 in 2009 as a result of technological advances and legislative changes that the intelligence community believed expanded the reach of the law.

Increasingly, that meant scooping up information on those who weren’t targets of a terrorism investigation, Mr. Horowitz said. He said that while Section 215 authority allows the government to do that, the FBI needed more checks to make sure it was using the power properly.

“While the expanded scope of these requests can be important uses of Section 215 authority, we believe these expanded uses require continued significant oversight,” he concluded.

The report was an update to a previous study done in 2008 that urged the department to figure out ways to minimize the amount of data it was gathering on ordinary Americans even as it was targeting terrorists.

In Thursday’s report Mr. Horowitz said the administration finally came up with procedures — five years later. He said it never should have taken that long but that he considers that issue solved.

The report was heavily redacted, and key details were deleted. The entire chart showing the number of Section 215 requests made from 2007 through 2009 was blacked out, as was the breakdown of what types of investigations they stemmed from: counterintelligence, counterterrorism, cyber or foreign intelligence investigations.

Section 215 of the Patriot Act is slated to expire at the end of this month. The House, in an overwhelming bipartisan vote, passed a bill to renew it but also to limit it so the government could no longer do bulk collection such as the NSA phone data program. That legislation is known as the USA Freedom Act.

But Senate Republican leaders have balked, insisting the NSA program and Section 215 should be kept intact as is.

Majority Leader Mitch McConnell, who is leading the fight to protect the NSA program, is counting on his opponents not being able to muster the 60 votes needed to pass the bill, leaving them with the choice of either extending Section 215 or seeing all of the powers expire — including those that would go after specific terrorist suspects. Mr. McConnell believes that, faced with that choice, enough of his colleagues will vote to extend all of the powers.

Read the full story here.

This article originally reported by Maggie Ybarra at The Washington Times

by Virgil Vaduva

It’s a web of mistrust, accusations and outrage. It all started earlier this year when the Department of Homeland Security send Reddit a subpoena for the identities of some members of the DarkNetMarkets subreddit, an online community where users share information and discuss various online markets located on the “dark net,” which is an euphemism used to describe services, sites and machines using anonymizing protocols such as TOR.

This is the current relationship between members of the DarkNetMarkets subreddit and the Bitcoin wallet hosting service, Coinbase.

On May 2nd, a Coinbase customer posted an ominous warning on Reddit, accompanied by screenshots, demonstrating that Coinbase is actively monitoring customer transactions. This particular user claims to have made a donation to Gwern Branwen, who is a researcher and the moderator of the DarkNetMarkets subreddit.

The complain went on to state:

“When I donated to gwern, I hadn’t made any other transactions with Coinbase for two weeks or more. The only transaction in Coinbase for the last two weeks until right now is the gwern donation. It’s no coincidence.”

A second user followed with a post a day later stating,

“Last friday a user posted that after donating to one of Gwern’s wallets coinbase sent him an email shortly after confirmed. Me being an inquisitive person and supporter of /u/gwern decided to give the theory a go and donated 5 dollars to the account. Well pics or it didn’t happen right? Proof: http://imgur.com/XrzWwo4“

Then, after another day, a third user wrote about an even a worse experience; he claims in his post that he made a payment to a dark net market from his Coinbase account and local cops showed up at his house in an attempt to interview him about onine activities:

“I wasn’t home yet from work, but my wife tells me local LE showed up and wanted to have a “chat”. Asked if I or anone had ever ordered anything illicit in the mail. Said “nobody’s in trouble, we’re just following up on something that might be nothing””

Many more Reddit users have been railing against Coinbase and speculating about the reasons behind what appears to be clear monitoring of transactions, especially to wallet addresses associated with dark net markets or researchers, activists or dissidents.

A Coinbase spokesperson e-mailed a comment to The Daily Dot and said, “We don’t comment on specific cases, however, Coinbase is required to monitor activity on its platform in accordance with the Bank Secrecy Act and other regulation governing all Money Service Businesses.”

It was unclear how donations made to specific users constitute a violation of the Bank Secrecy Act.

Until Coinbase explains their monitoring activities in more detail, my recommendation would be to either stay away from their services or practice more caution when using them to make donations to people like Gwern Branwen, Edward Snowden or Ross Ulbricht.

Also, do not send Bitcoin to questionable address directly from your Coinbase account as Coinbase has a physical address for all their customers; if you do need to make anonymous donations or payments to certain individuals, withdraw all your Bitcoin from Coinbase and then make use of a Bitcoin mixing service like bitmixer.io.

Bitcoin is a revolutionary technology which can facilitate anonymous and safe transactions, but it is not anonymous by default. Learn about it and use it correctly before assuming anonymity.

Virgil Vaduva is a Libertarian security professional, journalist, photographer and overall liberty freak.  He spent most of his life in Communist Romania and participated in the 1989 street protests which led to the collapse of the Ceausescu regime. He can be reached at vvaduva at truthvoice.com.

If you are an activist and are using a printer to print out flyers to hand out on the street or any other documents that go out into the public, the police and government agents can easily track the document back to the printer you used, or even back to you, thanks to a technology pioneered by Canon and Xerox.

Virtually all modern and quality color laser printers and color copiers are designed to print invisible tracking “codes” across every single printed page of their output. These codes reveal which device produced a document and, in some cases, a timestamp for when the document was printed or copied.

Pattern of yellow dots on each printout can be used to track the document back to the device used and eventually find the person who made the copies

According to experts, several printer companies quietly encode the serial number and the manufacturing code of their color laser printers and color copiers on every document those machines produce. Governments, including the United States, already use the hidden dots to supposedly track currency counterfeiters.

Peter Crean, a senior research fellow at Xerox, said his company’s laser printers, copiers and multifunction workstations, such as its WorkCentre Pro series, put the “serial number of each machine coded in little yellow dots” in every printout. The millimeter-sized dots appear about every inch on a page, nestled within the printed words and margins.

“It’s a trail back to you, like a license plate,” Crean says.

The dots’ minuscule size, covering less than one-thousandth of the page, along with their color combination of yellow on white, makes them invisible to the naked eye, Crean says. One way to determine if your color laser is applying this tracking process is to shine a blue LED light–say, from a keychain laser flashlight–on your page and use a magnifier.

Laser-printing technology makes it incredibly easy to counterfeit money and documents, and Crean says the dots, in use in some printers for decades, allow law enforcement to identify and track down counterfeiters.

However, they could also be employed to track a document back to any person or business that printed it. Although the technology has existed for a long time, printer companies have not been required to notify customers of the feature.

Lorelei Pagano, a counterfeiting specialist with the U.S. Secret Service, stresses that the government uses the embedded serial numbers only when alerted to a forgery. “The only time any information is gained from these documents is purely in [the case of] a criminal act,” she says.

John Morris, a lawyer for The Center for Democracy and Technology , says, “That type of assurance doesn’t really assure me at all, unless there’s some type of statute.” He adds, “At a bare minimum, there needs to be a notice to consumers.”

If the practice disturbs you, don’t bother trying to disable the encoding mechanism–you’ll probably just break your printer.

Crean describes the device as a chip located “way in the machine, right near the laser” that embeds the dots when the document “is about 20 billionths of a second” from printing.

“Standard mischief won’t get you around it,” Crean adds.

Neither Crean nor Pagano has an estimate of how many laser printers, copiers, and multifunction devices track documents, but they say that the practice is commonplace among major printer companies.

“The industry absolutely has been extraordinarily helpful [to law enforcement],” Pagano says.

According to Pagano, counterfeiting cases are brought to the Secret Service, which checks the documents, determines the brand and serial number of the printer, and contacts the company. Some, like Xerox, have a customer database, and they share the information with the government.

Crean says Xerox and the government have a good relationship. “The U.S. government had been on board all along–they would actually come out to our labs,” Crean says.

Unlike ink jet printers, laser printers, fax machines, and copiers fire a laser through a mirror and series of lenses to embed the document or image on a page. Such devices range from a little over $100 to more than $1000, and are designed for both home and office.

Crean says Xerox pioneered this technology about 20 years ago, to assuage fears that their color copiers could easily be used to counterfeit bills.

“We developed the first (encoding mechanism) in house because several countries had expressed concern about allowing us to sell the printers in their country,” Crean says.

Since then, he says, many other companies have adopted the practice.

In the video below, the good people from the Electronic Frontier Foundation describe three different ways to see the tracking dots your printer produces: with a blue light, with a microscope, or with a scanner. If you don’t have the necessary equipment for a particular step, go on to the next one.