Loss of Privacy

Last month, John Corbett posted a video showing how to get past the backscatter/x-ray and millimeter wave scanners. Now, he’s back with an interview from a TSA agent who says the scanners are worthless.

Transcript:

In the video I released last month, I showed the world that it’s trivial to beat the TSA’s nude body scanners; all it takes is simply strapping a metal object to your side. I referred to the program as a “giant fraud,” and I chose those words carefully: it was not an oversight, but rather the TSA knowingly imposed these virtual strip searches on us despite the fact that they don’t work.

Now how can I be so sure that the TSA knew that the scanners were broken? Well, in the first video I referred to other countries who take aviation security more seriously than we do had rejected the scanners years ago. Over the last year, we’ve also seen almost the entirety of Europe has backtracked on the body scanners. And there have been dozens of research studies that have shown vulnerabilities in the technology, of which the TSA must surely be aware.

But most importantly, I know because TSA employees have told me so. In the last year and a half since I filed my lawsuit against the scanners and the groping, I’ve received hundreds of e-mails and thousands of comments on my blog, and some from actual TSA employees who have seen the scanners fail first-hand. One of them was nice enough to sit down for an interview with me last week. “Jennifer” has been working with the Transportation Security Administration for the last 4 years as a screener, and had this to tell me:

[Video Interview Segment]

Jon: Were there specific times where this machine didn’t work, for either someone testing it, or a passenger went through and it was determined that they went through with…
Jennifer: Absolutely. Yes, absolutely.

Jon: Metal objects?
Jennifer: Metal, non-metal.

Jon: Big, small?
Jennifer: Both.

Jon: Things like wallets I think you mentioned to me?
Jennifer: Wallets.

Jon: So you’d send someone through the scanner and you’d see a bulge in their pocket, but the scanner would show nothing?
Jennifer: Mmhmm.

Jon: Things during training?
Jennifer: Absolutely.

Jon: What would you test it with when you were testing the machines?
Jennifer: There were different props: guns, knives, bags of powder that were supposed to resemble explosive material.

Jon: Sometimes these would just go through completely undetected?
Jennifer: Absolutely.

Now if it wasn’t scary enough that the TSA deployed these machines knowing they could take simulated bombs through them, Jennifer tells me that they were forcing screeners to run these radiation machines who hadn’t, according to the TSA’s own policies, been properly trained:

[Video Interview Segment]

Jon: They tried to send you to the machines, and you said, ‘Hold on, I’m not certified.’
Jennifer: Right.

Jon: And then in December I guess you tried the same thing and they said, ‘Too bad?’
Jennifer: We were forced to work on these machines. So basically, there were so few of us trained to work on the machines, they basically forced us.

Jon: So they didn’t care if you were certified or not?
Jennifer: No, I actually went to my supervisor — or a supervisor — the first day. I and another officer had this concern, that, you know, ‘Look, we’ve never worked on this particular machine, we don’t know what to do’ and his answer was, ‘Sorry, we don’t have enough staffing, you’re going to have to work on it.’

Jon: Certified or not, just get on the machine and make the best of it?
Jennifer: Yep, ‘just have your co-workers help you.’

After Jennifer was repeatedly ignored when she brought these serious issues up with management, she contacted her representatives in Congress for assistance… after which the TSA promptly began the process of firing her! A process, by the way, which took the TSA three months, during which Jennifer was forced to sit around on the taxpayer’s dime and do absolutely nothing. Fortunately, Jennifer turns in her uniform today.

[Video Interview Segment]

Jon: You wrote to Congress about the problems you saw in the TSA.
Jennifer: I did.

Jon: What happened?
Jennifer: I sent my letter on Jan. 1, and I came back from sick leave about a week later, and I was immediately removed from screening duties.

Jon: So you sent a letter to a Congressman — or to several — saying ‘Hey, there’s a problem with the TSA,’ and the TSA’s response was… retaliatory would you say?
Jennifer: Yes.

Jon: Was that the end of your screening duties… have you been back to screening since?
Jennifer: No.

This is why the TSA sucks. Because good employees who point out when the public is being put at risk aren’t listened to, they aren’t promoted – they’re fired! …and what’s left are the pizza-box employees that strip-search grannies, steal from your bags, throw hot coffee on pilots, and shoot up my neighborhood.

And every time another TSA employee is arrested – we’re up to at least 60 in the last 12 months – the TSA spouts off on their blog about the professionalism of their employees, just as when they’re caught on video molesting children at airports, they defend their employees’ fondlings as “by the book” – that book being the “Screening Checkpoint Standard Operating Procedures” or “SOP.” The SOP is the TSA’s secret guide as to how TSA employees are supposed to do screening as airports. The only problem is, TSA employees never actually read that book!

[Video Interview Segment]

Jennifer: Supposedly there is an SOP manual at every checkpoint. I’ve never seen it.
Jon: So you wouldn’t know where to go to find this book?
Jennifer: No, no.
Jon: *laughs*
Jennifer: I know, you can’t make this stuff up, you really can’t.
Jon: Did you read the SOP at any point, during training, or…
Jennifer: You mean initially…
Jon: Did you ever read the SOP from cover-to-cover?
Jennifer: Oh no, no… I’ve never read… no.

Absolutely stunning. I’d like to thank Jennifer for exposing this, and if you’re an attorney that would like to contact Jennifer, send me a message. I’d also like to encourage any of the few good TSA employees left who have seen abuse in the TSA to contact me – see the notes on this video for how to do so, anonymously if you’d prefer.

But there you have it. The TSA was aware of the fatal flaws in the nude body scanner program, yet knowingly defrauded the American taxpayer into buying these machines, as well as travellers from across the globe into posing naked “for their safety.” Well no more, guys — we’re done posing naked for the TSA. It’s time for the nude body scanner program to be immediately ended, for TSA Administrator John Pistole to be fired, and for the TSA to be dismantled as soon as possible. I encourage you to make this an election year issue and demand from your candidates a strong commitment to restoring our civil rights – and our sanity at airports. I also encourage anyone who’s asked to go through a body scanner to simply say, “I opt out,” and refuse to participate in this security theatre.

For those of you who still don’t know that this is happening, here’s a video from the Wall Street Journal that explains what’s going on.

A Wall Street Journal examination of 100 of the most popular Facebook apps found that some seek the email addresses, current location and sexual preference, among other details, not only of app users but also of their Facebook friends. One Yahoo service powered by Facebook requests access to a person’s religious and political leanings as a condition for using it. The popular Skype service for making online phone calls seeks the Facebook photos and birthdays of its users and their friends.

Much of the information that Facebook collects is illegal on a job application. It’s no wonder why employers now want to have access to that information. Read the Wall Street Journal article to find out more and be aware of just how much of your life you are sharing.

In the past few years, police departments have become obsessed with the ability to warrantlessly track cell phones. Cell phone companies have also been complicit in helping police departments with data dumps at set prices. All that is needed for the police to ask for the information. The ACLU has obtained documents detailing how widespread the surveillance is and how they are trying to silence officers from talking about it.

The documents were revealed by an ambitious ACLU project to use open-records laws to obtain a deeper understanding of police department practices with regard to cell phone surveillance around the country. ACLU affiliates submitted information requests to dozens of law enforcement agencies; while many refused to provide documents, the ACLU was able to assemble more than 5,500 pages of documents from numerous state and local agencies.

The documents paint a picture of a surveillance free-for-all.

Cato Institute privacy researcher (and Ars Technica alum) Julian Sanchez wrote on Monday that, until he read these documents, he had been aware of only one instance in which “tower dumps” had been used in an investigation. But the fact that all the major wireless companies have standard list prices for the service suggests that it has become a relatively routine investigative technique.

It’s not clear if the “activity” disclosed in a “tower dump” is limited to phone calls placed through that tower or whether it includes all phones that merely came within range of the tower during the requested time period. Either way, the practice raises serious constitutional issues.

A Nevada manual, for instance, states that cell phone tracing without a warrant “is only authorized for life-threatening emergencies!!” while others (such as those in Iowa) say to simply keep the matter hush-hush and out of police reports, whether it is warrantless or not.

The legal standards used for cell phone tracking requests vary widely by police department. Some law enforcement agencies do not track cell phones, or have concluded that the Fourth Amendment requires them to obtain a warrant in order to track user locations. But many more reported obtaining location information with a simple subpeona—which is available without meeting the Fourth Amendment’s “probable cause” standard. The ACLU says that “a number of law enforcement agencies report relying on cell phone providers to tell them what legal process is necessary to obtain location records.”

A New York Times report on the documents says that many departments keep their use of cell phone tracking capabilities secret, fearing the backlash that could be generated if the public learned how often they are used. For example, a document published by the Iowa City police department admonishes police officers not to “mention to the public or media the use of cell phone technology or equipment used to locate the targeted subject.” Officers are advised not to include “details of the methods and equipment used to locate the subject” in police reports.

The police are public servants. While it is not necessary to provide complete details as to their methods of tracking cell phone information, they should not be hiding the fact that they are, indeed doing it

The documents the ACLU obtained are quite telling.

Some specific examples from the internal documents include Gilbert, Arizona, which spent $244,000 on its own tracking equipment; Ogden, Utah, where the Sheriff’s Department leaves it up to the cell carrier to collect information on a cell phone; California, where state prosecutors suggested that local police get carriers to duplicate a phone and download the test messages when it is turned off, and certain cities in states like Nevada and North Carolina have managed to get carriers to track cell phone signals back to cell towers in non-emergency situations in an effort to determine which callers are using a specific tower.

“Some jurisdictions were forthcoming about the fact that they don’t seek warrants to track cell phone location,” said the ACLU. “Take for example, police in Lincoln, Neb., who obtain even GPS location data (which is more precise than cell tower location information) without demonstrating probable cause. Or police in Wilson County, N.C.who obtain historical cell tracking data where it is “relevant” to an ongoing investigation — a standard lower than probable cause.

Weber County, Utah, for example, informed us that “Each provider has a different system for authorizing police use of location information and we comply with whatever that cell phone provider requests.” I don’t know about you, but I don’t trust my cell phone provider to insist on a probable cause warrant — and with good reason: the cell phone companies’ manuals we received indicate that they don’t always demand a warrant.”

In many instances, the police and cell phone companies rely on the old adage of “think of the children.”

Some police departments have said that cell phone tracking is very valuable because it aids in finding a child that has been kidnapped or murder cases. However, the ACLU is concerned that the use of cell phone tracking has the potential to be abused, especially when police act without court consent. For instance, a Supreme Court ruling this past January found that a GPS device used on the car of a drug suspect violated Fourth Amendment rights. The ACLU worries that cell phone tracking could fall under that same violation against unreasonable searches.

While not all police departments are tracking in this manner, the fact that many are should be of concern. Individuals should also be worried that cell phone companies are so ready to give away their personal details with so much ease.

Some police departments have taken obtaining the data even further by erecting their own fake towers.

The stingray, made by Harris Wireless Products Group of Melbourne, Fla., lets users set up what amounts to a fake cellphone tower and trick all phones nearby into connecting with it. That data can then be used to track the physical location of anyone nearby carrying a powered-on cellphone — even if the citizen isn’t on a phone call. A stingray can also register other data, such as the phone numbers dialed by all phones while connected to it. The device reportedly cannot record or intercept the content of a phone call, so it does not act like a wiretap.

“I think when law enforcement starts purchasing technology that allows them to track cellphones in that manner, it raises a whole host of questions about how that technology is being used that are even more serious when they track people through carriers,” Crump said. “At least when a carrier is involved, there’s a third party that may raise concerns if the request is of questionable legality. But when a law enforcement agency can do on its own surveillance, that raises even more serious questions about whether there is appropriate oversight.”

No one in the ACLU report stated it used the Stingray and it appears as if the Gilbert, Arizona police department is the only one currently using the technology.

Still, privacy researcher Chris Soghoian – who has written extensively on law enforcement use of cellphone technology for surveillance – said police use of the stingray device is among the most troubling privacy developments in years. Some phone companies allow police officers to use a website to download customers’ GPS location data easily, “from the comfort of their own desks,” he said, and charge as little as $5 for the information. With phone company record access that easy and inexpensive, there’s no need for stingray, he argued

“The real issue is that this device is about allowing police to perform surveillance when the phone company would say no,” said Soghoian, who is Graduate Fellow at the Center for Applied Cybersecurity Research at Indiana University. “This is not about saving time and money … it’s about the fact that there’s no one to insist that the law be followed when a stingray is used.”

With little oversight, there’s no telling how far the police will push the constitutionality of monitoring cell phone data. It will, ultimately, take a lawsuit to reign in police powers because, historically, they have never erred on the side of caution. One thing we do know is that, if a law can be bent or stretched to the benefit of law enforcement, they will use it to the detriment of citizens’ rights.

I stumbled upon Operation Encrypt Everything and thought I’d share a couple of their cartoons about encryption and privacy.

Click the picture to make it bigger.

I also like the picture below.  It really hammers the point home on why encryption and privacy is so important.

You can find out more about Operation Encrypt Everything, how to protect yourself, and how to spread the word on their website.

Kimberly Hester, a teacher’s aide in Michigan denied the superintendent of schools access to her facebook account, resulting in suspension and a lawsuit brought by Hester. It began when Hester put a photo of herself on Facebook. A parent of a student, who was friends with Hester, notified the school.

The picture shows that co-worker’s pants around her ankles, and a pair of shoes.

Once the superintendent found out, he asked to see Hester’s Facebook account. She refused. That’s when her troubles began.

A few days later, Lewis Cass ISD superintendent Robert Colby called her into his office.

“He asked me three times if he could view my Facebook and I repeatedly said I was not OK with that,” Hester told WSBT.

In a letter to Hester from the Lewis Cass ISD Special Education Director, he wrote “…in the absence of you voluntarily granting Lewis Cass ISD administration access to you[r] Facebook page, we will assume the worst and act accordingly.”

You have the right to privacy. Hester posted a private picture, which, presumably, is locked down and private, only for her friends to see. The picture was not taken at work (in this case a school) and was not connected to Hester’s job in any way, yet the superintendent chose to “assume the worst” and penalize Hester.

Hester said Colby put her on paid administrative leave and eventually suspended her.

“I have the right to privacy,” she told WSBT.

Meanwhile, Hester chose to take unpaid leave and collect workman’s compensation while she fights a legal battle with the school district.  But she’s not backing down.

“I stand by it,” Hester said.  “I did nothing wrong.  And I would not, still to this day, let them in my Facebook.  And I don’t think it’s OK for an employer to ask you.”

According to Facebook’s TOS, you are in violation of their policies by giving out your password and letting other people view your account. While there aren’t yet any federal laws restricting this, you do risk losing your Facebook account or much worse.

Although it could be argued that Hester’s picture was tasteless and crass, it was posted privately and was never intended to be seen outside her private circle of Facebook friends. Again, the only lesson that can be learned here is to either delete your Facebook account or never post anything to it because your employer or the police will always find a way to twist things into your fault, resulting in a loss of employment.

The case is due to go to arbitration on May 8th and it will be curious to see if the 4th and 5th amendments come up during the course of the investigation and arbitration.