Tag: law enforcement

Big Teacher Is Watching

Researching government invasions of privacy all day, I come across my fair share of incredibly creepy stories, but this one may just take the cake.  A lawsuit alleges that the Lower Merion School District in suburban Pennsylvania used laptops issued to each student to spy on the kids at home by remotely and surreptitiously activating the webcam built into the bezel of each one. The horrified parents of one student apparently learned about this capability when their son was called in to the assistant principal’s office and accused of “inappropriate behavior while at home.” The evidence? A still photograph taken by the laptop camera in the student’s home.

I’ll admit, at first I was somewhat skeptical—if only because this kind of spying is in such flagrant violation of so many statutes that I thought surely one of the dozens of people involved in setting it up would have piped up and said: “You know, we could all go to jail for this.” But then one of the commenters over at Boing Boing reminded me that I’d seen something like this before, in a clip from Frontline documentary about the use of technology in one Bronx school.  Scroll ahead to 4:37 and you’ll see a school administrator explain how he can monitor what the kids are up to on their laptops in class. When he sees students using the built-in Photo Booth software to check their hair instead of paying attention, he remotely triggers it to snap a picture, then laughs as the kids realize they’re under observation and scurry back to approved activities.

I’ll admit, when I first saw that documentary—it aired this past summer—that scene didn’t especially jump out at me. The kids were, after all, in class, where we expect them to be under the teacher’s watchful eye most of the time anyway. The now obvious question, of course, is: What prevents someone from activating precisely the same monitoring software when the kids take the laptops home, provided they’re still connected to the Internet?  Still more chilling: What use is being made of these capabilities by administrators who know better than to disclose their extracurricular surveillance to the students?  Are we confident that none of these schools employ anyone who might succumb to the temptation to check in on teenagers getting out of the shower in the morning? How would we ever know?

I dwell on this because it’s a powerful illustration of a more general point that can’t be made often enough about surveillance: Architecture is everything. The monitoring software on these laptops was installed with an arguably legitimate educational purpose, but once the architecture of surveillance is in place, abuse becomes practically inevitable.  Imagine that, instead of being allowed to install a bug in someone’s home after obtaining a warrant, the government placed bugs in all homes—promising to activate them only pursuant to a judicial order.  Even if we assume the promise were always kept and the system were unhackable—both wildly implausible suppositions—the amount of surveillance would surely spike, because the ease of resorting to it would be much greater even if the formal legal prerequisites remained the same. And, of course, the existence of the mics would have a psychological effect of making surveillance seem like a default.

You can see this effect in law enforcement demands for data retention laws, which would require Internet Service Providers to keep at least customer transactional logs for a period of years. In face-to-face interactions, of course, our default assumption is that no record at all exists of the great majority of our conversations. Law enforcement accepts this as a fact of nature. But with digital communication, the default is that just about every activity creates a record of some sort, and so police come to see it as outrageous that a potentially useful piece of evidence might be deleted.

Unfortunately, we tend to discuss surveillance in myopically narrow terms.  Should the government be able to listen in on the phone conversations of known terrorists? To pose the question is to answer it. What kind of technological architecture is required to reliably sweep up all the communications an intelligence agency might want—for perfectly legitimate reasons—and what kind of institutional incentives and inertia does that architecture create? A far more complicated question—and one likely to seem too abstract to bother about for legislators focused on the threat of the week.

Three Keys to Surveillance Success: Location, Location, Location

The invaluable Chris Soghoian has posted some illuminating—and sobering—information on the scope of surveillance being carried out with the assistance of telecommunications providers.  The entire panel discussion from this year’s ISS World surveillance conference is well worth listening to in full, but surely the most striking item is a direct quotation from Sprint’s head of electronic surveillance:

[M]y major concern is the volume of requests. We have a lot of things that are automated but that’s just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don’t know how we’ll handle the millions and millions of requests that are going to come in.

To be clear, that doesn’t mean they are giving law enforcement geolocation data on 8 million people. He’s talking about the wonderful automated backend Sprint runs for law enforcement, LSite, which allows investigators to rapidly retrieve information directly, without the burden of having to get a human being to respond to every specific request for data.  Rather, says Sprint, each of those 8 million requests represents a time when an FBI computer or agent pulled up a target’s location data using their portal or API. (I don’t think you can Tweet subpoenas yet.)  For an investigation whose targets are under ongoing realtime surveillance over a period of weeks or months, that could very well add up to hundreds or thousands of requests for a few individuals. So those 8 million data requests, according to a Sprint representative in the comments, actually “only” represent “several thousand” discrete cases.

As Kevin Bankston argues, that’s not entirely comforting. The Justice Department, Soghoian points out, is badly delinquent in reporting on its use of pen/trap orders, which are generally used to track communications routing information like phone numbers and IP addresses, but are likely to be increasingly used for location tracking. And recent changes in the law may have made it easier for intelligence agencies to turn cell phones into tracking devices.  In the criminal context, the legal process for getting geolocation information depends on a variety of things—different districts have come up with different standards, and it matters whether investigators want historical records about a subject or ongoing access to location info in real time. Some courts have ruled that a full-blown warrant is required in some circumstances, in other cases a “hybrid” order consisting of a pen/trap order and a 2703(d) order. But a passage from an Inspector General’s report suggests that the 2005 PATRIOT reauthorization may have made it easier to obtain location data:

After passage of the Reauthorization Act on March 9, 2006, combination orders became unnecessary for subscriber information and [REDACTED PHRASE]. Section 128 of the Reauthorization Act amended the FISA statute to authorize subscriber information to be provided in response to a pen register/trap and trace order. Therefore, combination orders for subscriber information were no longer necessary. In addition, OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [REDACTED PHRASE] from the FISA Court. Therefore, OIPR decided not to request [REDACTED PHRASE] pursuant to Section 215 until it re-briefed the issue for the FISA Court. As a result, in 2006 combination orders were submitted to the FISA Court only from January 1, 2006, through March 8, 2006.

The new statutory language permits FISA pen/traps to get more information than is allowed under a traditional criminal pen/trap, with a lower standard of review, including “any temporarily assigned network address or associated routing or transmission information.” Bear in mind that it would have made sense to rely on a 215 order only if the information sought was more extensive than what could be obtained using a National Security Letter, which requires no judicial approval. That makes it quite likely that it’s become legally easier to transform a cell phone into a tracking device even as providers are making it point-and-click simple to log into their servers and submit automated location queries.  So it’s become much more  urgent that the Justice Department start living up to its obligation to start telling us how often they’re using these souped-up pen/traps, and how many people are affected.  In congressional debates, pen/trap orders are invariably mischaracterized as minimally intrusive, providing little more than the list of times and phone numbers they produced 30 years ago.  If they’re turning into a plug-and-play solution for lojacking the population, Americans ought to know about it.

If you’re interested enough in this stuff to have made it through that discussion, incidentally, come check out our debate at Cato this afternoon, either in the flesh or via webcast. There will be a simultaneous “tweetchat” hosted by the folks at Get FISA Right.

Fact-checking Drug Czar Barry McCaffrey

I appeared on the CNN program Lou Dobbs Tonight last Thursday (Oct. 22) to discuss the medical marijuana issue and the drug war in general.  There were two other guests: Peter Moskos from John Jay College and the organization Law Enforcement Against Prohibition (LEAP) and Barry McCaffrey, retired General of the U.S. Army and former “Drug Czar” under President Bill Clinton.

I was really astonished by the doubletalk coming from McCaffrey.  Watch the clip below and then I’ll explain two of the worst examples so you can come to your own conclusions about this guy.

Doubletalk: Example One:

Tim Lynch: “Some states have changed their marijuana laws to allow patients who are suffering from cancer and AIDS–people who want to use marijuana for medical reasons–they’re exempt from the law. But there’s a clash between the laws of the state governments and the federal government. The federal government has come in and said, ‘We’re going to threaten people with federal prosecution, bring them into federal court.’ And what the [new memo from the Obama Justice Department] does this week is change federal policy. Basically, Attorney General Eric Holder is saying, ‘Look, for people, genuine patients–people suffering from cancer, people suffering from AIDS–these people are now off limits to federal prosecutors.’ It’s a very small step in the direction of reform.”

Now comes Barry McCaffrey: “There is zero truth to the fact that the Drug Enforcement Administration or any other federal law enforcement ever threatened care-givers or individual patients. That’s fantasy!”

Zero truth? Fantasy?  This report from USA Today tells the story of several patients who were harassed and threatened by federal agents. Excerpt:  ”In August 2002, federal agents seized six plants from [Diane] Monson’s home and destroyed them.”

This report from the San Francisco Chronicle tells the story of Bryan Epis and Ed Rosenthal.  Both men, in separate incidents, were raided, arrested, and prosecuted by federal officials.  The feds called them “drug dealers.”  When the cases came to trial, both men were eager to inform their juries about the actual circumstances surrounding their cases–but they were not allowed to convey those circumstances to jurors.  Federal prosecutors insisted that information concerning the medical aspect of marijuana was “irrelevant.”   Both men were convicted and jailed.

This report from the New York Times tells readers about the death of Peter McWilliams.  The feds said he was a “drug dealer.”  McWilliams also wanted to tell his story to a jury, but pled guilty when the judge told him he would not be allowed to inform the jury of his medical condition.  Excerpt:  “At his death, Mr. McWilliams was waiting to be sentenced in federal court after being convicted of having conspired to possess, manufacture and sell marijuana…. They pleaded guilty to the charge last year after United States District Judge George H. King ruled that they could not use California’s medical marijuana initiative, Proposition 215, as a defense, or even tell the jury of the initiative’s existence and their own medical conditions.”  The late William F. Buckley wrote about McWilliams’ case here.

Imagine what Diane Monson, Bryan Epis, Ed Rosenthal, and Peter McWilliams (and others) would have thought had they seen a former top official claim that federal officials never threatened patients or caregivers?!

Doubletalk: Example Two:

Tim Lynch: “After California changed its laws to allow the medical use of marijuana, [General Barry McCaffrey] was the Drug Czar at the time and he came in taking a very hard line. The Clinton administration’s position was that they were going to threaten doctors simply for discussing the pros and cons of using marijuana with their patients. That policy was fought over in the courts and [the Clinton/McCaffrey] policy was later declared illegal and unconstitutional for violating the free speech of doctors and for interfering with the doctor-patient relationship. This was the ruling by the Ninth Circuit Court of Appeals in a case called Conant – “C-O-N-A-N-T.”

Lou Dobbs: “The ruling stood in the Ninth Circuit?”

Tim Lynch: “Yes, it did.”

Now comes Barry McCaffrey: “That’s all nonsense!”

Nonsense?  Really?

Go here to read the New York Times story about McCaffrey’s hard-line policy.

The Conant ruling can be found here.  The name of the case was initially Conant v. McCaffrey, but as the months passed and the case worked its way up to the appeals court, the case was renamed Conant v. Walters because Bush entered the White House and he appointed his own drug czar, John Walters, who maintained the hard line policy initiated by Clinton and McCaffrey.

I should also mention that Conant was not an obscure case that McCaffrey could have somehow ”missed.”  Here’s a snippet from another New York Times report:  “The Supreme Court, in a silent rebuff on Tuesday to federal policy on medical marijuana, let stand an appeals court ruling that doctors may not be investigated, threatened or punished by federal regulators for recommending marijuana as a medical treatment for their patients.”  The point here is that the case was covered by major media as it unfolded.

When our television segment concluded, Lou Dobbs asked me some follow-up questions and asked me to supply additional info to one of his producers, which I was happy to do.

Whatever one’s view happens to be on drug policy, the historical record is there for any fair-minded person to see – and yet McCaffrey looked right into the camera and denied  past actions by himself and other federal agents.  And he didn’t say, “I think that’s wrong” or “I don’t remember it that way.”  He baldly asserted that my recounting of the facts was “nonsense.”   Now I suppose some will say that falsehoods are spoken on TV fairly often–maybe, I’m not sure–but it is distressing that this character held the posts that he did and that he continues to instruct cadets at West Point!

My fellow panelist, Peter Moskos, has a related blog post here and he had a good piece published in the Washington Post just yesterday.  For more Cato scholarship on drug policy, go here.

<object width=”425” height=”344”><param name=”movie” value=”http://www.youtube.com/v/Lycc6aMdiYc&rel=0&color1=0xb1b1b1&color2=0xcfcf…“></param><param name=”allowFullScreen” value=”true”></param><param name=”allowScriptAccess” value=”always”></param><embed src=”http://www.youtube.com/v/Lycc6aMdiYc&rel=0&color1=0xb1b1b1&color2=0xcfcf…” type=”application/x-shockwave-flash” allowfullscreen=”true” allowScriptAccess=”always” width=”425” height=”344”></embed></object>

Flex Your Rights

Friends of the Cato Institute who closely follow the news about search and seizure and other civil liberties issues will probably know that there are simple, practical steps one can take to exercise our constitutionally guaranteed liberties, even when confronted by the police.

For everyone else, there’s Flex Your Rights. Founded by former Cato intern Steven Silverman, Flex Your Rights aims to teach ordinary citizens how to make good use of their civil liberties:

The vast majority of people are mystified by the basic rules of search and seizure and due process of law. Consequentially, they’re likely to be tricked or intimidated by police into waiving their constitutional rights, resulting in a greater likelihood of regrettable outcomes.

The sum of these outcomes flow into all major criminal justice problems – including racial and class disparities in search, arrest, sentencing and incarceration rates.

In order to ensure that constitutional rights and equal justice are upheld by law enforcement, we must build a constitutionally literate citizenry.

“Regrettable outcomes” aren’t limited to time behind bars for breaking the drug laws. Consider also damage to property during searches, loss of dignity and privacy, wasted law enforcement time, and police violence during what’s sure to be a nerve-wracking encounter. All of this can happen even when you’re not violating any laws at all, and that’s reason enough to refuse a search.

The police, and the laws themselves, should work for us, and if we don’t require their help, then that should usually be for us to decide. Flex Your Rights is here to help you do so. They’ve just launched a revamped website, which looks great, and they also have a new film in production titled 10 Rules for Dealing with Police. I look forward to seeing it!

Cheye Calvo Reflects on SWAT Shooting

Cheye Calvo is the DC-area small-town mayor who had his two pet dogs shot and killed by a botched drug raid about a year ago.  In an article to be published in this Sunday’s Washington Post, Calvo reflects upon his experience – not just the raid itself, but on the actions of the police department afterward.  Excerpt:

I remain captured by the broader implications of the incident. Namely, that my initial take was wrong: It was no accident but rather business as usual that brought the police to – and through – our front door.

In the words of Prince George’s County Sheriff Michael Jackson, whose deputies carried out the assault, “the guys did what they were supposed to do” – acknowledging, almost as an afterthought, that terrorizing innocent citizens in Prince George’s [County] is standard fare. The only difference this time seems to be that the victim was a clean-cut white mayor with community support, resources, and a story to tell the media.

What confounds me is the unmitigated refusal of county leaders to challenge law enforcement and to demand better – as if civil rights are somehow rendered secondary by the war on drugs.

Mr. Calvo has been a super advocate for reform – he has given up countless hours of his spare time to study and speak on this subject so that fewer people will be victimized the same way his family was.  He spoke at a Cato Hill Briefing over the summer.

Calvo told his story at Cato last year.

For related Cato research, go here and here.

A Chance to Fix the PATRIOT Act?

As Tim Lynch noted earlier this week, Barack Obama’s justice department has come out in favor of renewing three controversial PATRIOT Act provisions—on face another in a train of disappointments for anyone who’d hoped some of those broad executive branch surveillance powers might depart with the Bush administration.

But there is a potential silver lining: In the letter to Sen. Patrick Leahy (D-VT) making the case for renewal, the Justice Department also declares its openness to “modifications” of those provisions designed to provide checks and balances, provided they don’t undermine investigations. While the popular press has always framed the fight as being “supporters” and “opponents” of the PATRIOT Act, the problem with many of the law’s provisions is not that the powers they grant are inherently awful, but that they lack necessary constraints and oversight mechanisms.

Consider the much-contested “roving wiretap” provision allowing warrants under the Foreign Intelligence Surveillance Act to cover all the communications devices a target might use without specifying the facilities to be monitored in advance—at least in cases where there are specific facts supporting the belief that a target is likely to take measures to thwart traditional surveillance. The objection to this provision is not that intelligence officers should never be allowed to obtain roving warrants, which also exist in the law governing ordinary law enforcement wiretaps. The issue is that FISA is fairly loosey-goosey about the specification of “targets”—they can be described rather than identified. That flexibility may make some sense in the foreign intel context, but when you combine it with similar flexibility in the specification of the facility to be monitored, you get something that looks a heck of a lot like a general warrant. It’s one thing to say “we have evidence this particular phone line and e-mail account are being used by terrorists, though we don’t know who they are” or “we have evidence this person is a terrorist, but he keeps changing phones.” It’s another—and should not be possible—to mock traditional particularity requirements by obtaining a warrant to tap someone on some line, to be determined. FISA warrants should “rove” over persons or facilities, but never both.

The DOJ letter describes the so-called “Lone Wolf” amendment to FISA as simply allowing surveillance of targets who are agents of foreign powers without having identified which foreign power (i.e. which particular terrorist group) they’re working for. They say they’ve never invoked this ability, but want to keep it in reserve. If that description were accurate, I’d say let them. But as currently written, the “lone wolf” language potentially covers people who are really conventional domestic threats with only the most tenuous international ties—the DOJ letter alludes to people who “self-radicalize” by reading online propaganda, but are not actually agents of a foreign group at all.

Finally, there’s the “business records” provision, which actually covers the seizure of any “tangible thing.”  The problems with this one probably deserve their own post, and ideally you’d just go through the ordinary warrant procedure for this. But at the very, very least there should be some more specific nexus to a particular foreign target than “relevance” to a ongoing investigation before an order issues. The gag orders that automatically accompany these document requests also require more robust judicial scrutiny.

Some of these fixes—and quite a few other salutary reforms besides—appear to be part of the JUSTICE Act which I see that Sen. Russ Feingold (D-WI) introduced earlier this afternoon.  I’ll take a closer look at the provisions of that bill in a post tomorrow.