Tag Archive for Privacy

DoD Online Privacy and Operational Security Smart Cards: Smartphone EXIF Removal

DoD-RemoveEXIF

EXIF (Exchangeable image File Format) is a standard format for storing and exchanging image metadata. Image metadata is included in a captured image file and provides a broad range of supplemental information. Some social networks and photo-sharing sites, such as Flickr, Google+, and Instagram, have features that share EXIF data alongside images. Others, including Facebook and Twitter, do not share EXIF data but my utilize the information internally. EXIF data is stored as tags, some of which reveal unique identifying information.

DoD Online Privacy and Operational Security Smart Cards: LinkedIn

DoD-LinkedInPrivacy

LinkedIn is a professional networking service that allows you to establish connections with co-workers, customers, business contacts, and potential employees and employers. You can post and share information about current and previous employment, education, military activities, specialties, and interests. To limit exposure of your personal information, you can manage who can view your profile and activities.

DoD Online Privacy and Operational Security Smart Cards: Facebook Mobile

DoD-FacebookMobilePrivacy

As of January 2015, Facebook Mobile hosts 745 million daily mobile active users who accounts for over 60% of all mobile posts published to any online social networking service. Though privacy can still be achieved, mobile users place their personal identity data at a greater risk when compared to users logging in via desktop computer. This is in large part due to the fact that mobile devices provide Facebook with a means to access additional location information, contact lists, photos, and other forms of personal data. Use the following recommendations to best protect yourself against oversharing.

DoD Online Privacy and Operational Security Smart Cards: Opting Out of Public Records Aggregators

DoD-PublicRecordsOptOut

To locate your presence on the web, search for your name, names of family members, email addresses, phone numbers, home addresses, and social media usernames using Google. Once you have located information that you want removed, record your findings to keep track of the removal process. Please note that the information presented here about how to remove personal details from data aggregators is subject to change.

EU Cybercrime Committee: Criminal Justice Access to Data in the Cloud for Foreign Providers

EU-CloudAccess_Page_01

The purpose of the present background paper is to provide a snapshot of policies and practices of some major US service providers regarding their “voluntary” disclosure of information to law enforcement authorities in foreign jurisdictions, and thus to facilitate discussion of future options regarding criminal justice access to electronic evidence in the cloud.

UN Human Rights Report on the Protection of Whistleblowers and Confidential Sources

UN-WhistleblowerProtections

In the report, submitted in accordance with Human Rights Council resolution 25/2, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression addresses the protection of sources of information and whistle-blowers. Everyone enjoys the right to access to information, an essential tool for the public’s participation in political affairs, democratic governance and accountability. In many situations, sources of information and whistle-blowers make access to information possible, for which they deserve the strongest protection in law and in practice. Drawing on international and national law and practice, the Special Rapporteur highlights the key elements of a framework for the protection of sources and whistle-blowers.

UN Human Rights Report: The Role of Encryption and Anonymity in Protecting Privacy and Freedom of Expression

UN-EncryptionPrivacyAnonymity

In the present report, submitted in accordance with Human Rights Council resolution 25/2, the Special Rapporteur addresses the use of encryption and anonymity in digital communications. Drawing from research on international and national norms and jurisprudence, and the input of States and civil society, the report concludes that encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection.

Department of Justice Inspector General Report on FBI Section 215 Orders 2007-2009

DoJ-FBI-Section215-2007-2009

This Executive Summary provides a brief overview of the results of the Department of Justice (Department or DOJ) Office of the Inspector General’s (OIG) third review of the Federal Bureau of Investigation’s (FBI) use of the investigative authority granted by Section 215 of the Patriot Act. Section 215 is often referred to as the “business record” provision. The OIG’s first report, A Review of the Federal Bureau of Investigation’s Use of Section 215 Orders for Business Records, was issued in March 2007 and covered calendar years 2002 through 2005. The OIG’s second report, A Review of the FBI’s Use of Section 215 Orders for Business Records in 2006, was issued in March 2008 and covered calendar year 2006. This third review was initiated to examine the progress the Department and the FBI have made in addressing the OIG recommendations which were included in our second report. We also reviewed the FBI’s use of Section 215 authority in calendar years 2007, 2008, and 2009.

DHS Acquisition of License Plate Reader Data from a Commercial Service Privacy Impact Assessment

DHS-CommercialLPR

U.S. Immigration and Customs Enforcement (ICE) uses information obtained from license plate readers (LPR) as one investigatory tool in support of its criminal investigations and civil immigration enforcement actions. Because LPR information can be combined with other data to identify individuals and therefore meets the definition of personally identifiable information (PII), ICE is conducting this Privacy Impact Assessment (PIA) to describe how it intends to procure the services of a commercial vendor of LPR information in order to expand the availability of this information to its law enforcement personnel. ICE is neither seeking to build nor contribute to a national public or private LPR database.

National Institute of Justice Body Cavity Screening Technology Assessment and Market Survey

body-cavity-scanner

Body scanners are used to screen for contraband in a variety of places. Airports, schools, government buildings, and corrections facilities are examples of the types of places that have employed body scanners. Different types of body scanners have different capabilities based on the imaging technologies used and the sophistication of the internal system analysis. Metal detection was one of the first technologies developed to identify metallic objects on a person, but contraband can take many other forms, such as powders (e.g., drugs), paper (e.g., money), and even ceramic or plastic weapons. Correctional facilities in particular are faced with various forms of contraband, and with elaborate methods of evading detection employed by the local population. Manufacturers have responded by producing scanners that are able to detect nonmetallic contraband, as well as systems that can detect contraband inside body cavities. This report identifies commercially available body scanners and discusses the technologies used by these products. Technological limitations pertaining to the type of materials detected and/or the ability to detect contraband inside body cavities are discussed.

International Biometrics and Identification Association Draft Privacy Best Practices for Commercial Biometrics

IBIA-PrivacyBestPractices

One fact should not be lost in this discussion. As has always been the case, new methods of authenticating identity, like biometric identification, are necessary to augment existing conventions and meet current needs. Biometric technologies do this and, as a major privacy‐enhancing technology, preserve privacy at the same time. The facial template itself, like other biometric templates, provides no personal information. Indeed, protecting the non‐biometric personal information is enhanced through the use of biometric verification of identity to limit data access to only authorized persons. Biometrics can provide a unique tool to protect and enhance both identity security and privacy and to protect against fraud and identity theft, especially as a factor in identity verification. When your personal data are protected by access mechanisms that include one or more biometric factors, it becomes much more difficult for someone else to gain access to your personal data and applications because no one else has your unique biometric attributes. This enables legitimate access and reduces the risk that a person can steal your identity and, posing as you, collect benefits; board an airplane; get a job; gain access to your personal data, etc.

National Counterterrorism Center Enhanced Safeguards Decision Matrix

ODNI-Safeguards

The DNI, D/NCTC and the Attorney General approved revised Attorney General Guidelines for NCTC’s handling of US Person (USP) information in March 2012. These revised NCTC Attorney General Guidelines (“NCTC’s AGGs”) govern NCTC’s access, retention, use, and dissemination of datasets identified as including non-terrorism information and information pertaining exclusively to domestic terrorism, and provide NCTC with the authority to retain USP information for up to five years (unless a shorter period is required by law, executive order, regulation, international agreement, etc.). During this temporary retention and assessment period, additional safeguards and protections are applied to this data, to include baseline (and potentially enhanced) safeguards, as well as additional compliance, auditing, reporting and oversight mechanisms.

National Institute of Justice Through-the-Wall Sensors Best Practices for Law Enforcement

NIJ-ThroughWallSensors

The National Institute of Justice (NIJ) Sensor, Surveillance, and Biometric Technologies (SSBT) Center of Excellence (CoE) has undertaken a best practices report of through-the-wall sensor (TTWS) devices for operation by law enforcement and first responder agencies in the United States. These devices use a form of radar to detect movement behind barriers. The ability to sense the presence of individuals through common building materials can be useful during rescue operations, law enforcement operations and other tactical scenarios. This report provides advice, tactics and information related to the use of TTWS in operational settings. The information provides law enforcement individuals and organizations with a better understanding of the capabilities and limitations of available TTWS equipment. When put into practice, an agency can make the most of the technology and improve the outcome and safety of operational scenarios in which it is deployed. The best practices report focuses on the use of commercially available TTWS devices suitable for law enforcement or emergency response applications.

Oakland Domain Awareness Center Draft Privacy and Data Retention Policy

Oakland-DAC-DraftPrivacyPolicy

The Joint City-Port Domain Awareness Center (interchangeably referred to in this document as “Joint City-Port Domain Awareness Center”, “Domain Awareness Center,” or “DAC”) was first proposed to the City Council’s Public Safety Committee on June 18, 2009, in an information report regarding the City of Oakland partnering with the Port of Oakland to apply for Port Security Grant funding under the American Recovery and Reinvestment Act, 2009. Under this grant program, funding was available for Maritime Domain Awareness (MDA) projects relative to “maritime” or “waterside”. The Port and City were encouraged to consider the development of a joint City Port Domain Awareness Center. The joint DAC would create a center that would bring together the technology, systems and processes that would provide for an effective understanding of anything associated with the City of Oakland boundaries as well as the Oakland maritime operations that could impact the security, safety, economy or environment.

Google Inferring Events Based on Mob Source Video Patent

GoogleMobVideoPatent

Methods and systems are disclosed for inferring that an event of interest (e.g., a public gathering, a performance, an accident, etc.) has likely occurred. In particular, when there are at least a given number of video clips with similar timestamps and geolocation stamps uploaded to a repository, it is inferred that an event of interest has likely occurred, and a notification signal is transmitted (e.g., to a law enforcement agency, to a news organization, to a publisher of a periodical, to a public blog, etc.).

(U//LES) Virginia Fusion Center Bulletin: TOR, Bitcoins, Silk Road and the Hidden Internet

VFC-Tor

The purpose of this bulletin is to provide awareness and a basic understanding of the “Hidden Internet” to investigators in the field, as well as provide some examples of how the Hidden Internet can be exploited by criminal elements. While the term “Hidden Internet” can be used in a broader context and refer to other internet terms such as the “Deep Web” or “Deepnet,” for the purpose of this bulletin the term “Hidden Internet” will refer to the hidden services provided by the TOR project to internet users, specifically relating to the Silk road website and use of Bitcoins.

Privacy and Civil Liberties Oversight Board NSA Bulk Telephone Records Collection Report

PCLOB-Report

Section 215 is designed to enable the FBI to acquire records that a business has in its possession, as part of an FBI investigation, when those records are relevant to the investigation. Yet the operation of the NSA’s bulk telephone records program bears almost no resemblance to that description. While the Board believes that this program has been conducted in good faith to vigorously pursue the government’s counterterrorism mission and appreciates the government’s efforts to bring the program under the oversight of the FISA court, the Board concludes that Section 215 does not provide an adequate legal basis to support the program. There are four grounds upon which we find that the telephone records program fails to comply with Section 215. First, the telephone records acquired under the program have no connection to any specific FBI investigation at the time of their collection. Second, because the records are collected in bulk — potentially encompassing all telephone calling records across the nation — they cannot be regarded as “relevant” to any FBI investigation as required by the statute without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law from analogous legal contexts involving the production of records. Third, the program operates by putting telephone companies under an obligation to furnish new calling records on a daily basis as they are generated (instead of turning over records already in their possession) — an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole. Fourth, the statute permits only the FBI to obtain items for use in its investigations; it does not authorize the NSA to collect anything.

DoJ Funded Study: Automated License Plate Recognition Systems Guidance for Law Enforcement

DoJ-IACP-ALPRs

Law enforcement officers are often searching for vehicles that have been reported stolen, are suspected of being involved in criminal or terrorist activities, are owned by persons who are wanted by authorities, have failed to pay parking violations or maintain current vehicle license registration, and any of a number of other factors. Law enforcement agencies throughout the nation are increasingly adopting automated license plate recognition (ALPR) technologies, which function to automatically capture an image of the vehicle’s license plate, transform that image into alphanumeric characters, compare the plate number acquired to one or more databases of vehicles of interest, and alert the officer when a vehicle of interest has been observed, all within a matter of seconds.