Tag: privacy

Big Data Tool For Trump’s Big Government Immigration Plans

During his campaign President Trump made it clear that his administration would strictly enforce immigration law while also seeking to limit immigration. Trump’s executive orders so far are consistent with his campaign rhetoric, including a revitalization of the controversial 287(g) program, threats to withdraw grants from so-called “Sanctuary Cities,” the construction of a wall on the southern border, a temporary ban on immigration from six Muslim-majority countries, and the hiring of 10,000 more Immigration and Customs Enforcement (ICE) agents. Recent reporting reveals that these agents, tasked with implementing significant parts of Trump’s immigration policy agenda, will have access to an intelligence system that should concern all Americans who value civil liberties.

Earlier this month The Intercept reported on Investigative Case Management (ICM), designed by Palantir Technologies. ICE awarded Palantir a $41 million contract in 2014 to build ICM. ICM is scheduled to be fully operational by September of this year.

Here is The Intercept’s breakdown of how ICM works:

ICM funding documents analyzed by The Intercept make clear that the system is far from a passive administrator of ICE’s case flow. ICM allows ICE agents to access a vast “ecosystem” of data to facilitate immigration officials in both discovering targets and then creating and administering cases against them. The system provides its users access to intelligence platforms maintained by the Drug Enforcement Administration, the Bureau of Alcohol, Tobacco, Firearms and Explosives, the Federal Bureau of Investigation, and an array of other federal and private law enforcement entities. It can provide ICE agents access to information on a subject’s schooling, family relationships, employment information, phone records, immigration history, foreign exchange program status, personal connections, biometric traits, criminal records, and home and work addresses.

Nationwide E-Verify an Unwelcome Step Towards a National ID

Senate Judiciary Committee Chairman Chuck Grassley recently reintroduced an E-Verify bill that ought to concern privacy advocates. If enacted, the bill would implement the employment verification scheme nationwide, something President Trump called for during his campaign. Nationwide E-Verify would establish the framework for a national ID system that would undoubtedly come to be used for more than the enforcement of immigration laws.

E-Verify allows employers to check a new hire’s information against government databases to confirm legal status. It is an ineffective system. One reason why E-Verify suffers from inefficiency is because, as things stand, employers taking part in E-Verify use information from documents such as Social Security cards provided by employees. Because the E-Verify system matches employees’ names with a Social Security Number (SSN) it’s possible for an unauthorized worker using a fraudulent SSN to be cleared for employment. A 2009 audit commissioned by the United States Citizenship and Immigration Services estimated that 54 percent of unauthorized workers who submitted documents via E-Verify were erroneously cleared for employment thanks to fraud.

An effective E-Verify system would have to address this glaring loophole. One way of addressing E-Verify’s inadequacy is to include biometric information, such as a facial photograph. Such proposals are worrying.

The E-Verify system currently checks submitted data against Department of Homeland Security (DHS) and Social Security Administration databases. Section 11 of Grassley’s bill would allow the E-Verify system to include the “passport and visa record (including photographs) maintained by the Department of State” as well as driver’s license photos. Seven states voluntarily provide DHS with driver’s license data as part of the Records and Information from DMVs for E-Verify (RIDE) initiative. 

That Grassley’s bill explicitly mentions driver’s license photos is important. Allowing the DHS secretary to deem it necessary for the E-Verify system to confirm identity via driver’s license photos introduces biometric information that proponents believe will make the system more effective.

If the statute purports to require that 43 states provide DMV information that raises constitutional concerns, but as the recent debates surrounding REAL-ID show, the federal government could try to coerce states into compliance. DHS announced last month that residents in nine states will need an identifying document other than a state driver’s license to fly if their licenses are not REAL-ID compliant by January 22, 2018.

Even if the federal government fails to force states to submit DMV data under a nationwide E-Verify scheme, there is still the possibility of nationwide E-Verify leading to a de facto biometric national ID card.

Power Arrangements in Identity Systems

Since the launch of the Sovrin Foundation, Phil Windley has been blogging a lot (no, reallya lot and more, more, more, more, and more) about how self-sovereign identity works and can be used. His most interesting and accessible post for a liberty-minded identity-layperson might be “On Sovereignty,” in which he briefly lays out what it means to have a “self-sovereign” identity.

Sovereignty over your identity doesn’t mean having complete control over information about yourself, but it puts you in a peer relationship with others, including the larger organizations we deal with, such as governments. “The beauty of sovereignty,” Phil emphasizes, is the “balance of power that leads to negotiations about the nature of the relationships between various entities in the system.” I want to expand on this notion that there are power arrangements in identity systems.

In a centralized identity system, the identity provider (such as your Department of Motor Vehicles) determines whether you can assert information and what you can assert. Centralized systems also often share information about you, or facilitate such sharing, whether you want them to or not. Implementation of the REAL ID Act would essentially move these powers from state governments to the U.S. Department of Homeland Security.

A self-sovereign identity system, on the other hand, gives you power to assert information about yourself, which others may accept or reject. It also better positions you to decline to share information about yourself. Those powers are important.

“Power” is an elusive concept. We’re more familiar with talking about power in terms of political and legal arrangements, such as how the Constitution gives certain powers to the U.S. federal government or denies all U.S. governments other powers. But absent these rules, “pre-political” power is simply the ability to do something or act in a particular way, or the capacity to direct or influence the behavior of others or the course of events. Power comes down to what resources you can bring to bear in going after what you want.

The IRS Believes All Bitcoin Users are Tax Cheats

The Internal Revenue Service has filed a “John Doe” summons seeking to require U.S. Bitcoin exchange Coinbase to turn over records about every transaction of every user from 2013 to 2015. That demand is shocking in sweep, and it includes: “complete user profile, history of changes to user profile from account inception, complete user preferences, complete user security settings and history (including confirmed devices and account activity), complete user payment methods, and any other information related to the funding sources for the account/wallet/vault, regardless of date.” And every single transaction:

All records of account/wallet/vault activity including transaction logs or other records identifying the date, amount, and type of transaction (purchase/sale/exchange), the post transaction balance, the names or other identifiers of counterparties to the transaction; requests or instructions to send or receive bitcoin; and, where counterparties transact through their own Coinbase accounts/wallets/vaults, all available information identifying the users of such accounts and their contact information.

The demand is not limited to owners of large amounts of Bitcoin or to those who have transacted in large amounts. Everything about everyone.

Communications and Data Meet the Fourth Amendment

This week and last, the Cato Institute filed amicus briefs urging the Supreme Court to take up two cases dealing with the constitutional status of “cell site location information,” or “CSLI.” This data, collected of necessity by cellular communications providers, creates detailed records of their customers’ movements. The briefs invite the Court to accept these cases so it can revise Fourth Amendment practice to eschew doctrine and more closely adhere to the language of the Fourth Amendment.

The Fourth Amendment states that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” Presumably, when called upon to determine whether a Fourth Amendment violation has occurred, courts would analyze the elements of this language as follows: Was there a search? Was there a seizure? Was any such search or seizure of “their persons, houses, papers, [or] effects”? Was any such search or seizure reasonable?

And in cases involving familiar physical objects, courts usually do a sound textual analysis, at least implicitly. But in harder cases dealing with unfamiliar items such as communications and data, courts retreat to “reasonable expectation of privacy” doctrine that emerged from Katz v. United States in 1967, and offshoots of it like the “third-party doctrine.” The “reasonable expectation of privacy” test asks whether defendants’ feelings about things government agents accessed were reasonable. The corollary “third-party doctrine” cancels Fourth Amendment interests in information and things that are shared on the theory that expectations of privacy evaporate in that context.

The “reasonable expectation of privacy” test is the product of one non-essential concurrence in Katz, and the third-party doctrine was wrong when the Supreme Court created it in 1976 to ratify a law that deputized banks into financial surveillance. That doctrine grows further out of synch with each step forward our society takes in modern, connected living. Today, third-party service providers collect incredibly deep reservoirs of information about us: Cellular telephone networks, Internet service providers, search engines, and payment systems have data that can throw open windows onto our relationships, feelings, health conditions, business dealings, sexuality, emotions, and more.

Amazon Patents Police Traffic Stop Drone

Last July, Dallas police used a robot to kill the man who fatally shot five Dallas-area police officers. Shortly after the shooting I noted that new technologies, such as robots, should prompt lawmakers to find ways to make the face-to-face interactions citizens have with officers safer and less frequent. A recent Amazon patent reveals how new technologies can play a role in improving traffic stops, one of the most common citizen-police encounters.

Amazon Technologies, Inc. recently secured a patent for small shoulder-mounted police drones. The patent abstract explains that, “The techniques and systems can include routines to provide enhanced support for police during routine traffic stops.”

Drones like the one detailed in the Amazon patent could help improve traffic stops. Drones would allow police to examine a pulled-over vehicle before approaching in person. This increased situational awareness would help police officers, providing them with valuable information about how many people are in the car and whether the driver or any passengers have their hands in sight. As drone technology improves it’s likely that police will be able to use similar drones to issue commands. 

If appropriate accountability policies are enacted, these small drones could serve as useful tools in police misconduct investigations. Drone footage of the Philando Castile and Samuel DuBose shootings, for example, would have been helpful to investigators.

But despite the potential for these small drones being useful in misconduct investigations and helping police during traffic stops, citizens may be concerned about the impact such drones could have on their civil liberties. Having a small drone buzzing around your car during a traffic stop may be unnerving, but unless the drone is outfitted with sophisticated surveillance tools it’s unlikely that it will prompt a robust Constitutional challenge.

If these small Amazon drones are equipped with traditional cameras and don’t enter a car during a traffic stop, then they will only be capturing images of material in “plain view.” Nonetheless, citizens should be wary of small police drones being outfitted with surveillance technology that could raise constitutional issues, such as thermal scanners.

New technologies such as drones and body cameras will undoubtedly play an increasingly prominent role in law enforcement. Small drones like the one described in Amazon’s patent could help make routine traffic stops safer for officers and citizens. However, as the ongoing debates about body cameras have demonstrated, these new technologies can only serve as tools for worthwhile criminal justice reform if they’re governed by good policies. It’s not hard to see how small drones could help police and citizens during traffic stops. But as police drones become more common we shouldn’t forget that they can serve as platforms for a host of technologies that threaten civil liberties.

How Not to Think About Drone Policy

Today, The Oklahoman published an editorial that serves as a good example of how not to think about drone policy. According to The Oklahoman editorial board, a proposed drone weaponization ban was a solution in search of a problem, and concerns regarding privacy are based on unjustifiable fears. This attitude ignores the state of drone technology and disregards the fact that drones should prompt us to re-think privacy protections.

Weaponized drones are often thought of as tools of foreign policy, but technological advances mean that Americans should be keeping an eye out for armed drones on the home front. Yet, in the pages of The Oklahoman readers will find the following:

we know of no instance where Oklahoma law enforcement officers have used drones to shoot someone without justification. To ban the police from using weaponized drones appears a solution in search of a problem.

I’m not aware of police in Oklahoma using drones to shoot someone with justification, but that’s beside my main point. Oklahoman lawmakers shouldn’t have to wait for a citizen to be shot by a weaponized drone before considering regulations. It would be premature for legislators to consider teleport regulations or artificial intelligence citizenship bills. But weaponized drones are no longer reserved to the imagination of science fiction writers. They’re here.

Pages