Tag Archive for Privacy

National Institute of Justice Body Cavity Screening Technology Assessment and Market Survey

body-cavity-scanner

Body scanners are used to screen for contraband in a variety of places. Airports, schools, government buildings, and corrections facilities are examples of the types of places that have employed body scanners. Different types of body scanners have different capabilities based on the imaging technologies used and the sophistication of the internal system analysis. Metal detection was one of the first technologies developed to identify metallic objects on a person, but contraband can take many other forms, such as powders (e.g., drugs), paper (e.g., money), and even ceramic or plastic weapons. Correctional facilities in particular are faced with various forms of contraband, and with elaborate methods of evading detection employed by the local population. Manufacturers have responded by producing scanners that are able to detect nonmetallic contraband, as well as systems that can detect contraband inside body cavities. This report identifies commercially available body scanners and discusses the technologies used by these products. Technological limitations pertaining to the type of materials detected and/or the ability to detect contraband inside body cavities are discussed.

International Biometrics and Identification Association Draft Privacy Best Practices for Commercial Biometrics

IBIA-PrivacyBestPractices

One fact should not be lost in this discussion. As has always been the case, new methods of authenticating identity, like biometric identification, are necessary to augment existing conventions and meet current needs. Biometric technologies do this and, as a major privacy‐enhancing technology, preserve privacy at the same time. The facial template itself, like other biometric templates, provides no personal information. Indeed, protecting the non‐biometric personal information is enhanced through the use of biometric verification of identity to limit data access to only authorized persons. Biometrics can provide a unique tool to protect and enhance both identity security and privacy and to protect against fraud and identity theft, especially as a factor in identity verification. When your personal data are protected by access mechanisms that include one or more biometric factors, it becomes much more difficult for someone else to gain access to your personal data and applications because no one else has your unique biometric attributes. This enables legitimate access and reduces the risk that a person can steal your identity and, posing as you, collect benefits; board an airplane; get a job; gain access to your personal data, etc.

National Counterterrorism Center Enhanced Safeguards Decision Matrix

ODNI-Safeguards

The DNI, D/NCTC and the Attorney General approved revised Attorney General Guidelines for NCTC’s handling of US Person (USP) information in March 2012. These revised NCTC Attorney General Guidelines (“NCTC’s AGGs”) govern NCTC’s access, retention, use, and dissemination of datasets identified as including non-terrorism information and information pertaining exclusively to domestic terrorism, and provide NCTC with the authority to retain USP information for up to five years (unless a shorter period is required by law, executive order, regulation, international agreement, etc.). During this temporary retention and assessment period, additional safeguards and protections are applied to this data, to include baseline (and potentially enhanced) safeguards, as well as additional compliance, auditing, reporting and oversight mechanisms.

National Institute of Justice Through-the-Wall Sensors Best Practices for Law Enforcement

NIJ-ThroughWallSensors

The National Institute of Justice (NIJ) Sensor, Surveillance, and Biometric Technologies (SSBT) Center of Excellence (CoE) has undertaken a best practices report of through-the-wall sensor (TTWS) devices for operation by law enforcement and first responder agencies in the United States. These devices use a form of radar to detect movement behind barriers. The ability to sense the presence of individuals through common building materials can be useful during rescue operations, law enforcement operations and other tactical scenarios. This report provides advice, tactics and information related to the use of TTWS in operational settings. The information provides law enforcement individuals and organizations with a better understanding of the capabilities and limitations of available TTWS equipment. When put into practice, an agency can make the most of the technology and improve the outcome and safety of operational scenarios in which it is deployed. The best practices report focuses on the use of commercially available TTWS devices suitable for law enforcement or emergency response applications.

Oakland Domain Awareness Center Draft Privacy and Data Retention Policy

Oakland-DAC-DraftPrivacyPolicy

The Joint City-Port Domain Awareness Center (interchangeably referred to in this document as “Joint City-Port Domain Awareness Center”, “Domain Awareness Center,” or “DAC”) was first proposed to the City Council’s Public Safety Committee on June 18, 2009, in an information report regarding the City of Oakland partnering with the Port of Oakland to apply for Port Security Grant funding under the American Recovery and Reinvestment Act, 2009. Under this grant program, funding was available for Maritime Domain Awareness (MDA) projects relative to “maritime” or “waterside”. The Port and City were encouraged to consider the development of a joint City Port Domain Awareness Center. The joint DAC would create a center that would bring together the technology, systems and processes that would provide for an effective understanding of anything associated with the City of Oakland boundaries as well as the Oakland maritime operations that could impact the security, safety, economy or environment.

Google Inferring Events Based on Mob Source Video Patent

GoogleMobVideoPatent

Methods and systems are disclosed for inferring that an event of interest (e.g., a public gathering, a performance, an accident, etc.) has likely occurred. In particular, when there are at least a given number of video clips with similar timestamps and geolocation stamps uploaded to a repository, it is inferred that an event of interest has likely occurred, and a notification signal is transmitted (e.g., to a law enforcement agency, to a news organization, to a publisher of a periodical, to a public blog, etc.).

(U//LES) Virginia Fusion Center Bulletin: TOR, Bitcoins, Silk Road and the Hidden Internet

VFC-Tor

The purpose of this bulletin is to provide awareness and a basic understanding of the “Hidden Internet” to investigators in the field, as well as provide some examples of how the Hidden Internet can be exploited by criminal elements. While the term “Hidden Internet” can be used in a broader context and refer to other internet terms such as the “Deep Web” or “Deepnet,” for the purpose of this bulletin the term “Hidden Internet” will refer to the hidden services provided by the TOR project to internet users, specifically relating to the Silk road website and use of Bitcoins.

Privacy and Civil Liberties Oversight Board NSA Bulk Telephone Records Collection Report

PCLOB-Report

Section 215 is designed to enable the FBI to acquire records that a business has in its possession, as part of an FBI investigation, when those records are relevant to the investigation. Yet the operation of the NSA’s bulk telephone records program bears almost no resemblance to that description. While the Board believes that this program has been conducted in good faith to vigorously pursue the government’s counterterrorism mission and appreciates the government’s efforts to bring the program under the oversight of the FISA court, the Board concludes that Section 215 does not provide an adequate legal basis to support the program. There are four grounds upon which we find that the telephone records program fails to comply with Section 215. First, the telephone records acquired under the program have no connection to any specific FBI investigation at the time of their collection. Second, because the records are collected in bulk — potentially encompassing all telephone calling records across the nation — they cannot be regarded as “relevant” to any FBI investigation as required by the statute without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law from analogous legal contexts involving the production of records. Third, the program operates by putting telephone companies under an obligation to furnish new calling records on a daily basis as they are generated (instead of turning over records already in their possession) — an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole. Fourth, the statute permits only the FBI to obtain items for use in its investigations; it does not authorize the NSA to collect anything.

DoJ Funded Study: Automated License Plate Recognition Systems Guidance for Law Enforcement

DoJ-IACP-ALPRs

Law enforcement officers are often searching for vehicles that have been reported stolen, are suspected of being involved in criminal or terrorist activities, are owned by persons who are wanted by authorities, have failed to pay parking violations or maintain current vehicle license registration, and any of a number of other factors. Law enforcement agencies throughout the nation are increasingly adopting automated license plate recognition (ALPR) technologies, which function to automatically capture an image of the vehicle’s license plate, transform that image into alphanumeric characters, compare the plate number acquired to one or more databases of vehicles of interest, and alert the officer when a vehicle of interest has been observed, all within a matter of seconds.

EU Parliament Report: Mass Surveillance of Personal Data in EU Member States

EU-MassSurveillance

In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this study makes an assessment of the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands. Given the large-scale nature of surveillance practices at stake, which represent a reconfiguration of traditional intelligence gathering, the study contends that an analysis of European surveillance programmes cannot be reduced to a question of balance between data protection versus national security, but has to be framed in terms of collective freedoms and democracy. It finds that four of the five EU member states selected for in-depth examination are engaging in some form of large-scale interception and surveillance of communication data, and identifies parallels and discrepancies between these programmes and the NSA-run operations. The study argues that these surveillance programmes do not stand outside the realm of EU intervention but can be engaged from an EU law perspective via (i) an understanding of national security in a democratic rule of law framework where fundamental human rights standards and judicial oversight constitute key standards; (ii) the risks presented to the internal security of the Union as a whole as well as the privacy of EU citizens as data owners, and (iii) the potential spillover into the activities and responsibilities of EU agencies. The study then presents a set of policy recommendations to the European Parliament.

The Nationwide Network Working to Bring Mobile Biometrics to Your Community

firstnet-surveillance

A federal law passed in February 2012 to help middle class families by creating jobs and cutting payroll taxes included a section mandating the creation of a nationwide interoperable broadband communications system for law enforcement and first responders. The system, which is being created under the direction of the First Responder Network Authority (FirstNet), seeks to create a nationwide broadband network capable of being used for a variety of law enforcement purposes including remote surveillance, mobile biometric applications like field fingerprint scanning and facial recognition, as well as automated license plate reading. The system is currently in a pilot phase with less than a dozen locations around the country participating in the initial rollout of the FirstNet network. However, comments from FirstNet board members indicate that the future goals of the system include an interoperable network operating in all 56 states and territories of the U.S. that is capable of integration at the state, local and federal level.

Russia Ministry of Communications and FSB Internet Monitoring Draft Order

RU-InternetMonitoring

A draft order from the Russian Ministry of Communications written in coordination with the FSB that, if implemented, will require Russian internet service providers to retain all internet traffic and provide the FSB with access for 12 hours after the data is collected, including stored data, phone numbers, IP addresses, account names, social network activity and e-mail addresses. The proposed rule changes have concerned Russian telecommunications providers who say that the requirements violate the Russian constitution.

Sandia National Laboratories Mobile Biometric Device Technology Study

Sandia-MobileBiometrics

Mobile biometric devices (MBDs) capable of both enrolling individuals in databases and performing identification checks of subjects in the field are seen as an important capability for military, law enforcement, and homeland security operations. The technology is advancing rapidly. The Department of Homeland Security Science and Technology Directorate through an Interagency Agreement with Sandia sponsored a series of pilot projects to obtain information for the first responder law enforcement community on further identification of requirements for mobile biometric device technology. Working with 62 different jurisdictions, including components of the Department of Homeland Security, Sandia delivered a series of reports on user operation of state-of-the-art mobile biometric devices. These reports included feedback information on MBD usage in both operational and exercise scenarios. The findings and conclusions of the project address both the limitations and possibilities of MBD technology to improve operations. Evidence of these possibilities can be found in the adoption of this technology by many agencies today and the cooperation of several law enforcement agencies in both participating in the pilot efforts and sharing of information about their own experiences in efforts undertaken separately.

Lavabit LLC Unsealed Court Filings

LavabitCourtDocuments_Page_036

Court documents related to the U.S. government’s efforts to force Lavabit LLC, an encrypted email provider used by Edward Snowden, to hand over encryption keys to decode all secure traffic flowing through the site. The documents were originally obtained and released by Kevin Poulsen of Wired.com after being unsealed by a judge on October 2, 2013.

DEA Hemisphere Project Call Detail Record Retention Presentation

HIDTA-Hemisphere_Page_01

The Hemisphere Project is coordinated from the Los Angeles Clearinghouse and is funded by ONDCP and DEA. Hemisphere provides electronic call detail records (CDRs) in response to federal, state, and local administrative/grand jury subpoenas. The Hemisphere database contains CDRs for any telephone carrier that uses an AT&T switch to process a telephone call. Hemisphere is an unclassified program. Hemisphere provides de-confliction within the Hemisphere database. 4 billion CDRs populate the Hemisphere database on a daily basis.

UN Human Rights Council Report: Impact of State Surveillance on Privacy and Freedom of Expression

UN-StateSurveillancePrivacy

The present report analyses the implications of States’ surveillance of communications for the exercise of the human rights to privacy and to freedom of opinion and expression. While considering the impact of significant technological advances in communications, the report underlines the urgent need to further study new modalities of surveillance and to revise national laws regulating these practices in line with human rights standards.