Posts

Is the CIA Spying on the Senate?

What happens when a spy agency spies on the Congressional body that was created to keep spying in check in the first place? What are the implications of the CIA spying on the Senate?

That is exactly what Sen. Dianne Feinstein, D-Calif., head of the Senate Intelligence Committee, asserts has happened.  In a scathing address to the Senate, Feinstein, who has been a strong advocate of the intelligence community in the past, accused the Central Intelligence Agency (CIA) of violating “the separation of powers principles embodied in the United States Constitution including the Speech and Debate clause”.

This accusation stems from an agreement between the committee and the agency to allow committee aides to review millions of confidential documents related to the post 9/11 Bush administration detention program for handling terror suspects.  In the process of reviewing these documents, staffers came across an internal review of the agency’s practices. When the CIA became aware of this, Feinstein claims they searched the network — including the committee’s internal network — and removed the documents.

Both sides have accused each other’s staffs of improper behavior and both sides are denying any wrongdoing.  Feinstein stressed that her staffers did not hack into the network to obtain them, but merely came across them in their review of the materials.  CIA Director John Brennan denied the allegations saying, “Nothing can be further [from] the truth, we wouldn’t do that. I mean that’s just beyond the scope of reason in terms of what we would do.”

I hope nothing is further from the truth, because the implications of spy agencies spying on those who oversee and contain their spying activities suggests that surveillance power has run amok and those wielding it consider themselves above the law. To me, if this turns out to be true, it is a bright red flag signaling the erosion of some of our most fundamental democratic principles. 

Perhaps Sen. Lindsey Graham, R-S.C., said it best: “Heads should roll, people should go to jail if it’s true.  If it is, the legislative branch should declare war on the CIA.” But first, we must figure out if there’s any truth behind the question: Is the CIA spying on the Senate?

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

NSA Angry Birds Help the Government Spy on Your Intimate Details

NSA Angry Birds are Stalking You

So you’ve had a rough day at the office.  You plop down on your couch with a cold beverage nearby, ready to let the day go.  You have twenty minutes until your chicken pot pie dings, and the thought of chicken reminds you of, well… Angry Birds. Harmless fun. NOT!

While you may be enjoying a mindless game, somewhere far off in cyber land others are just beginning to work very hard.  WHO THEY ARE: advertising companies and intelligence agencies alike. WHAT THEY ARE DOING TO YOU: gathering all of the most personal data off of your mobile device: everything from your name, age, sex, location, and perhaps even your political alignment or sexual orientation—and lots more!

All of this is according to documents provided by the former National Security Agency contractor and whistleblower Edward Snowden to the New York Times.  Snowden asserts that the NSA and Britain’s Government Communications Headquarters have been able to gather information from so-called “leaky apps” that give out all sorts of unintended intelligence.

Through these leaks, intelligence agencies and advertising groups are able to collect and store information on location and planning data through use of Google Maps, and access your address books, buddy lists, and telephone logs through use of posts to sites such as Facebook, Flickr, LinkedIn, and Twitter placed on mobile devices. 

It turns out that Big Brother is actually an NSA Angry Bird. I don’t know whether to be more upset with the NSA for scraping this information from Apps, or with the Apps themselves for scraping this information without even telling us!

This top secret NSA document (one of many released by Snowden) shows some of the activities that can be searched.

It’s pretty much understood and accepted that apps (especially older ones) track locations and gather other data to pass on to mobile ad companies.  And we’ve known for some time that the NSA has been pursuing our mobile information, but these documents show us many more details of the “mobile surge” and the ambitious plans the agency has for using the information they gather from apps on smartphones.

Every time you use a smartphone, you need to remember you’re also really using a computer- a highly-sophisticated, highly vulnerable computer.   According to Philippe Langlois, who has studied the vulnerabilities of mobile phone networks and is the founder of the Paris-based company Priority One Security, “By having these devices in our pockets and using them more and more, you’re somehow becoming a sensor for the world intelligence community.” In other words, we are all spies for anyone who has access to our mobile phones, which includes pretty much every app we have.

So what’t the solution? None, as of right now. Until there is legislation governing what can be captured from our mobile phones, we are open game, so to speak. And that makes me angry.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Digital Footprint: Exposing Your Secrets, Eroding Your Privacy

Does your digital footprint expose your secrets to the wrong people? 

National Public Radio and the Center for Investigative Reporting recently presented a four part series about privacy (online and off) called, Your Digital Trail. To get the gist of how little privacy you have as a result of the social media, credit cards and mobile technology you use, watch this accurate and eye-opening explanation of how you are constantly being tracked. 
Marketers, data aggregators, advertisers, the government and even criminals have access to a vivid picture of who you are. NPR calls it your digital trail; for years, I’ve referred to it as your digital footprint. Let’s take quick look of what makes up your digital footprint.

What is your digital footprint? 

Just like a car leaving exhaust as it runs, you leave digital traces of who you are without even knowing it. Here is a partial list of the ways that you are tracked daily: cookies on your computer, apps on your smartphone or tablet, your IP address, internet-enabled devices, search engine terms, mobile phone geo-location, license-plate scanners, email and phone record sniffing, facial recognition systems, online dating profiles, social networking profiles, posts, likes, and shares, mass-transit smart cards, credit card usage, loyalty cards, medical records, music preferences and talk shows you listen to on smartphone apps, ATM withdrawals, wire transfers and the ever-present, always rolling surveillance cameras that tell what subway you rode, what store you shopped in, what street you crossed and at what time. Is there anything, you might ask, that others don’t know about you? Not much.

What happens to your data that is tracked? 

According to NPR, a remarkable amount of your digital trail is available to local law enforcement officers, IRS investigators, the FBI and private attorneys. And in some cases, it can be used against you.

For example, many people don’t know their medical records are available to investigators and private attorneys. According to the NPR story, “Many Americans are under the impression that their medical records are protected by privacy laws, but investigators and private attorneys enjoy special access there.”  In some cases, they don’t even need a search warrant, just a subpoena. In fact, some states consider private attorneys to be officers of the court, so lawyers can issue subpoenas for your phone texts, credit card records, even your digital medical files, despite the HIPAA law.

Kevin Bankston, senior attorney with the nonpartisan Center for Democracy and Technology, explains that the laws that regulate the government regarding privacy were written back in the analog age, so the government often doesn’t have many legal restraints. When the Fourth Amendment guaranteeing our rights to certain privacies was written, our Founding Fathers weren’t thinking about computers and smartphones!

Specifically, the Fourth Amendment states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.”  In the “old days” police would have had to obtain a search warrant (showing probable cause) and search your home for evidence of criminal activity.

But since the 1960’s and 1970’s, the Supreme Court and other courts have consistently ruled that if you have already shared some piece of information with somebody else, a warrant is no longer needed.  So now when you buy something with a credit card (letting your credit card company know what you’ve purchased), or drive through an intersection with license plate scanners (telling law enforcement where you’ve been) or Like something on Facebook (letting the social network and everyone else know your preferences), you have, in essence, given the government (as well as corporations and criminals) the right to gather information about you, whether you are guilty of anything or not.  So much for probable cause.

In this age of cloud computing, the issue becomes even more, well, clouded.  Take the case of a protester arrested during an Occupy Wall Street Demonstration in New York City.  The New York DA subpoenaed all of his tweets over a three and a half month period.  Of course, his lawyer objected, but the judge in the case ruled that the proprietary interests of the tweets belonged to Twitter, Inc., not the defendant!

How can we defend our digital footprint against privacy violations? 

My takeaway from the NPR piece? We are so overwhelmed by the tsunami of privacy erosion going on, by the collection, use and abuse of our digital footprints, that the surveillance economy we have created will only be resolved by broad-stroke, legislative action. Until that happens, corporations, criminals and even our government will consume all of the data we allow them to. And so will we.

John Sileo is an expert on digital footprint and a highly engaging speaker on internet privacy, identity theft and technology. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Screen Shot 2013-10-11 at 2.11.21 PM

Welcome to the Surveillance Economy!

traffic camera3It seems I’ve spent a lot of time lately writing about the Surveillance Economy.  This may be a strange expression to some, so I’ll define it as the use and exploitation of our location information derived from traffic surveillance cameras, new technologies like Google Glass and cell phone GPS tracking, among others.  Recent topics we’ve covered include the NSA PRISM scandal, hacking Google Glass, Homeland Security’s seizures of electronic devices when crossing borders, and even drone use.  Some of those may seem to be out there in a world that doesn’t affect us directly, but here’s one that hits very close to home for anyone who owns a vehicle.

The American Civil Liberties Union released a report in July of 2013 entitled You Are Being Tracked that outlines the use of automatic license plate readers.  These devices, which can be mounted on police cars or on objects like road signs or overpasses, use small, high-speed cameras to photograph thousands of plates per minute.  They effectively collect and store information about not only vehicles of potential or known criminals, but everybody who drives a car!

The study shows that the number of license tag captures has reached the millions and that police departments can keep the records for several years or even indefinitely.  Unlike using GPS to track a car (for which a judge’s approval is needed according to a 2012 Supreme Court ruling), there are very few regulations in place governing license plate readers.  In fact, only five states have such laws.  Click here to see a map that lets you see how police in your state use license plate readers to track people’s movements.

Proponents assert that gathering such information aids in criminal investigations and is crucial sometimes in going back to solve a crime because the data can be used to place criminals at the scene.   It is also extremely efficient because officers can “maintain a normal patrol stance” while capturing up to 7,000 license plate images in a single eight-hour shift.  Harvey Eisenberg, assistant U.S. attorney in Maryland, said, “At a time of fiscal and budget constraints, we need better assistance for law enforcement.”

The program in Maryland read approximately 29 million plates in a five month period last year  and 1 in 500 of those were suspicious. Many of these were wanted for petty crimes such as having a suspended or revoked registration, or for violating the state’s emissions inspection program, but advocates stress the information could be used for aiding drug busts, finding abducted children and more.  It would even enable the IRS to verify tax deductible mileage claims against license plate scans.

The ACLU, however, argues that this “collect it all” approach that law enforcement seems to have has made it easier to create a “single, high-resolution image of our lives, whether we are guilty or not.  When you combine license surveillance with phone records, Google searches, drone images, street cameras, etc., is there really any way we can protect our privacy as innocent citizens?

The ACLU is calling for adoption of legislation and law enforcement policies that adheres to these principles:

  • License plate readers may be used by law enforcement agencies only to investigate hits and in other circumstances in which law enforcement agents reasonably believe that the plate data are relevant to an ongoing criminal investigation.
  • The government must not store data about innocent people for any lengthy period. Unless plate data has been flagged, retention periods should be measured in days or weeks, not months and certainly not years.
  • People should be able to find out if plate data of vehicles registered to them are contained in a law enforcement agency’s database.
  • Law enforcement agencies should not share license plate reader data with third parties that do not follow proper retention and access principles. They should also be transparent regarding with whom they share license plate reader data.
  • Any entity that uses license plate readers should be required to report its usage publicly on at least an annual basis.

History shows us that the mass collection of detailed citizen information (even if the purpose isn’t known at the time of the collection) generally ends up being used unethically by those in power. I was reminded of that recently when I visited the Dachau Concentration Camp. Those in power at the time surveillance begins aren’t necessarily those who will abuse it in the future. Consider yourself, as a voter, forewarned and forearmed. I’d let your Congressperson know your thoughts.

John Sileo is a keynote speaker and CEO of The Sileo Group, a privacy think tank that trains organizations to harness the power of their digital footprint. Sileo’s clients include the Pentagon, Visa, Homeland Security and businesses looking to protect the information that makes them profitable. 

Is Your Privacy Being Threatened by Drone Use?

usa dronesAnd in the latest installment of “breaking news” that shouldn’t surprise you at all…

…FBI Director Robert S. Mueller III admitted that the United States has used drones over US airspace.  It was the first time an FBI official publicly admitted such a program exists, but if you want to believe pop culture (the latest Bourne installment, a recent Castle episode, the Call of Duty video game), drone use is more common than we think.

What we know:

  • Drones (or unmanned, remotely piloted aircraft) have been used since the early 1900s, for various purposes, primarily military and law enforcement, though there are increasing demands for public use.
  • The Drug Enforcement Agency and the Bureau of Alcohol, Tobacco, Firearms and Explosives have both tested drones for use in investigations.
  • The Federal Aviation Administration has to approve all drone use in US airspace.
  • The FBI has requested this permission at least four times since 2010.

Mueller testified that the drone program “has been a contributing factor, one dot among many dots” to help track terrorist plots.  The other “dots” he was referring to include telephone logs and Internet records.  He continued, “You never know which dot is going to be the key…but you want as many dots as you can. And if you close down a program like this, there will be … fewer dots to connect.”

Members of Congress immediately began clamoring for “transparency” from Mueller as to how specifically drones have been used, which he declined to provide, stating, 
“There is a price to be paid for that transparency…I certainly think it would be educating our adversaries as to what our capabilities are.” He also noted that drone use is “very narrowly focused on particularized cases and particularized needs”.

Does it affect our privacy?

Senators sure seem to think so.  Sen. Dianne Feinstein, D-CA, inquired what kinds of protections the FBI has put in place in regards to how information is used by federal investigators.  She called drones “the greatest threat to the privacy of Americans.”

Another area of concern involves the policies about drone use.  The problem?  There really aren’t any firm policies yet.  Mueller said the FBI was in the “initial stages” of writing policies.  “We’re exploring not only the use but also the necessary guidelines for that use,” he added.

Sen. Mark Udall, D-CO supports the notion that drones can be helpful with law enforcement agencies, but stressed that Constitutional rights must be protected first.  Udall said, “I am concerned the FBI is deploying drone technology while only being in the ‘initial stages’ of developing guidelines to protect Americans’ privacy rights.”

Is the FBI putting the proverbial cart before the horse by implementing drone use before policies are in place?  Do we need to honor the need for “non-transparency” for our own safety?  Should we be afraid of drones and their threat to our privacy?  Ryan Calo, a law professor at the University of Washington, wrote in the Huffington Post that drones “could be just the visceral jolt society needs to drag privacy law into the 21st century.”  Maybe it will take the notion of truly being watched without our knowledge anywhere, anytime, to lead to real change.