How the cops are tracking you

By Trevor Timm, The Guardian

All across America, from Florida to Colorado and back again, the country’s increasingly militarized local police forces are using a secretive technology to vacuum up cellphone data from entire neighborhoods – including from people inside their own homes – almost always without a warrant. Numerous investigations by major news agencies revealed the US government is now taking unbelievable measures to make sure you never find out about it.

So-called International Mobile Subscriber Identity (IMSI) catchers – more often called their popular brand name, “Stingray” – have long been the talk of the civil liberties crowd, for the indiscriminate and invasive way these roving devices conduct surveillance. Essentially, Stingrays act as fake cellphone towers (usually mounted in a mobile police truck) that police can point toward any given area and force every phone in the area to connect to it. So even if you’re not making a call, police can find out who you’ve been calling, and for how long, as well as your precise location. As Nathan Freed Wessler of the ACLU explained, “In one Florida case, a police officer explained in court that he ‘quite literally stood in front of every door and window’ with his stingray to track the phones inside a large apartment complex.”

Yet these mass surveillance devices have largely stayed out of the public eye, thanks to the federal government and local police refusing to disclose they’re using them in the first place – sometimes, shockingly, even to judges.

Some of the government’s tactics to hide Stingray from journalists and the public have been downright disturbing. After the ACLU had filed a records request for information on Stingrays, the local police force initially told them that, yes, they had the documents and to come on down to the station to look at them. But just before an ACLU rep was due to arrive, US Marshals seized the records and hid them away at another location, in what Wessler describes as “a blatant violation of state open-records laws”.

The federal government has used various other tactics around the country to prevent disclosure of similar information.

USA Today also published a significant nationwide investigation about the Stingray problem, as well as what are known as “cellphone tower dumps”. When police agencies don’t have Stingrays at their disposal, they can go to cell phone providers to get the cellphone location information of everyone who has connected to a specific cell tower (which inevitably includes thousands of innocent people). The paper’s John Kelly reported that one Colorado case shows cellphone tower dumps got police “‘cellular telephone numbers, including the date, time and duration of any calls,’ as well as numbers and location data for all phones that connected to the towers searched, whether calls were being made or not.”

It’s scary enough to think that the NSA is collecting so much information, but this mass location and metadata tracking at the local level all may be about to change. The ACLU won a historic victory in the 11th Circuit Court of Appeals (serving Florida, Alabama and Georgia), which ruled that police need to get a warrant from a judge before extracting from your cellphone the location data obtained by way of a cell tower. This ruling will apply whether cops are going after one person, the whole tower and, one can assume, Stingrays. (The case was also argued by the aforementioned Wessler, who clearly is this month’s civil liberties Most Valuable Player.)

This case has huge implications, and not just for the Stingrays secretly being used in Florida. It virtually guarantees the US supreme court will soon have to tackle the larger cellphone location question in some form – and whether police across the country have to finally start getting a warrant to find out where your precise location for days or weeks at a time. But as Stanford law professor Jennifer Granick wrote said, it could also have an impact on NSA spying, which relies on the theory that indiscriminately collecting metadata is fair game until a court says otherwise.

You may be asking: how, exactly, are the local cops getting their hands on such advanced military technology? Well, the feds are, in many cases, giving away the technology for free. When the US government is not loaning police agencies their own Stingrays, the Defense Department and Homeland Security are giving federal grants to cops, which allow departments to purchase the gear at the cost of $400,000 a pop from defense contractors like Harris Corporation, which makes the Stingray brand.

Speaking of which, the New York Times’s Matt Apuzzo wrote another essential, overlooked story  detailing all of the other free military gear – like machine guns, armored vehicles and aircraft – that police are receiving from the Pentagon. An example from his story about the militarization of what used to be routine police activities also comes from Florida: “In Florida in 2010, officers in SWAT gear and with guns drawn carried out raids on barbershops that mostly led only to charges of ‘barbering without a license.'”

Like Stingrays, and the NSA’s phone dragnet before them, the militarization of America’s local cops is a phenomenon that’s only now getting widespread attention.

No matter how much one administration or the other talks about respecting the Constitution both parties remain much more interested in maintaining a healthy, top-secret surveillance state.

Cyber security takes on new urgency for groups targeted by Trump

Activists from the grassroots to large organizations like the ACLU are working to fortify their digital platforms against potential government intrusions. Many fear that a Trump presidency will usher in an age of greater government surveillance and the suppression of civil rights.

“We can’t trust Trump with the NSA,” argued John Napier Tye, who served in the U.S. State Department’s Bureau of Democracy, Human Rights, and Labor from 2011 to 2014. “There are simply not enough safeguards in place to protect Americans from our own National Security Agency.”

Others point out that while Americans’ privacy has been eroded under past presidents, Trump may push the state surveillance apparatus to new limits. And this is especially concerning to historically marginalized communities, as technology and civil rights analyst Logan Koepke warned, saying, “People of color, activists, and community organizers disproportionately are targets of the surveillance state.”

Groups have been forced to decide which aspects of cyber security to prioritize. For journalists, finding secure methods of communication and information sharing is a primary concern. While mainstream industry leaders like David Remnick and Christiane Amanpour have appealed to the need for better security in the Trump era, for those engaged in activism or leftist political coverage, the threat feels even more severe.

“To prepare for life under Trump we’ll have to do more than download Signal and learn PGP,” admonished an organizer at the New Inquiry, referring to some common encryption practices among activist journalists. “We’ll have to learn how to scheme in the shadows, pass notes, and encrypt our offline communications as securely as we do our emails.” To that end, ad-hoc workshops, “cryptoparties” and online guides to digital security have multiplied across the country — and beyond — as journalists scramble to fortify their data.

For immigrants, issues of privacy take a different form. Many of the millions of non-citizens who have had their personal information recorded for programs such as the Deferred Action for Childhood Arrivals, are being used by the Trump administration to identify targets for deportation. “Programs [like DACA] intended to protect undocumented immigrants are having the ultimate effect of exposing them,” Councilman Ritchie Torres told New York Magazine. “It’s a cruel irony.” Many organizers are now calling on these organizations to destroy this information. In New York City, Mayor Bill de Blasio has suggested that his administration may move ahead with destroying the databases of all participants in the city’s ID program, IDNYC. But immigrants and others should be aware — many online data miners and social media sites have already been implicated for helping U.S. immigration officers surveil possible targets.

Trump’s rise has also emboldened many online “trolls,” many of whom tend to target women and LGBT users for their abuse. Now that America has “elected the biggest online troll this country has seen,” said CommunityRED co-founder Shauna Dillavou, it is more important than ever for these communities to take precautions. “Surveillance is a feminist issue,” argued Koepeke, directing readers to take advantage of the wealth of resources available to empower feminists — and others — to protect themselves online. A good place to start is Noah Kelley’s impressive Feminist Guide to Cyber Security, published through HACK*BLOSSOM, a cyber justice organization committed to an “inclusive culture of technology” and “feminist vision.”

Yet, amidst these widespread efforts to screen, shield or destroy data, at least one community is rushing to duplicate and distribute its information: environmental scientists. Many in the scientific community say Trump has suppressed and even deleted federal data related to climate change. Researchers, developers, students and climate justice activists across the United States and abroad have launched “guerrilla archiving” in an effort to collect and store relevant information in various remote locations. (Instructions for how to participate in this campaign can be found online, including here). Eric Holthaus, a leader in this data archiving campaign, said the aim is to make it “harder for someone who maybe maliciously would want to destroy” data related to climate change to do so. While Holthaus said he hopes the efforts will prove unnecessary, “it definitely feels like we are entering a time when climate scientists feel the need to sort of hunker down and preserve what they’ve done so far.”

Individuals everywhere would do well to consider bolstering their own online security practices, regardless of their affiliations or activism, said Kio Stark, a tech journalist and feminist. Even if activists are not worried about being flagged for their politics, Stark explained, they should consider what implications this might have for those connected to them. “I’m especially keen to make sure people understand that it’s not just them, it’s their networks that can be put at risk,” Stark said. “They can protect others by being careful.”

It’s Not Just the NSA

It’s not just the NSA, remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that’s not what’s happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:

In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of that total number approximately 40% were conducted as a result of requests for counterterrorism-related information from other U.S. intelligence agencies. Approximately 27% of the total number are duplicative or recurring queries conducted at different times using the same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702 collection. However, the CIA does not track the number of metadata-only queries using U.S. person identifiers.

This involves big collections of content and metadata (so, no, not “just metadata” as meaningless as that phrase is) under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a “target” — where a “target” can be incredibly loosely defined (i.e., it can include groups or machines or just about anything).

But it’s not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they’re doing so without anything resembling a warrant. Oh, and let’s make this even worse: the FBI isn’t even tracking how often it does this. It’s just doing it willy nilly:

The FBI does not track how many queries it conducts using U.S. person identifiers. The FBI is responsible for identifying and countering threats to the homeland, such as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its domestic mission, the FBI routinely deals with information about US persons and is expected to look for domestic connections to threats emanating from abroad, including threats involving Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within the information lawfully in its possession, the FBI does not distinguish between U.S. and non- U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI does not receive all of Section 702 collection; rather, the FBI only requests and receives a small percentage of total Section 702 collection and only for those selectors in which the FBI has an investigative interest.

Moreover, because the FBI stores Section 702 collection in the same database as its “traditional” FISA collection, a query of “traditional” FISA collection will also query Section 702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to locate relevant information that is already in its possession when it opens new national security investigations and assessments. Therefore, the FBI believes the number of queries is substantial. However, only FBI personnel trained in the Section 702 minimization procedures are able to View any Section 702 collection that is responsive to any query.

Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn’t have in the first place — including tons of Americans’ communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a “substantial” number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight.

The CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it’s doing so. Of course, when it comes to metadata searches, the CIA doesn’t bother. It’s also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for “other U.S. intelligence agencies,” when the CIA should be especially limited in its ability to do these searches in the first place.

Want more?

Government Documents Show Creeping Covert Surveillance in Orange County and Beyond

Messages show New York police surveillance of Black Lives Matter