Tag Archive for Privacy

U.S. House Encryption Working Group Year-End Report 2016

The law enforcement community often refers to their challenge in this context as “going dark.” In essence, “going dark” refers to advancements in technology that leave law enforcement and the national security community unable to obtain certain forms of evidence. In recent years, it has become synonymous with the growing use of strong default encryption available to consumers that makes it increasingly difficult for law enforcement agencies to access both real-time communications and stored information. The FBI has been a leading critic of this trend, arguing that law enforcement may no longer be able “to access the evidence we need to prosecute crime and prevent terrorism, even with lawful authority.” As a result, the law enforcement community has historically advocated for legislation to “ensure that we can continue to obtain electronic information and evidence pursuant to the legal authority that Congress has provided to keep America safe.”

House Oversight Committee Report on Law Enforcement Use of Cell-Site Simulation Technologies

Advances in emerging surveillance technologies like cell-site simulators – devices which transform a cell phone into a real-time tracking device – require careful evaluation to ensure their use is consistent with the protections afforded under the First and Fourth Amendments to the U.S. Constitution. The United States’ military and intelligence agencies have developed robust and sophisticated surveillance technologies for deployment in defense against threats from foreign actors. These technologies are essential to keeping America safe. Increasingly though, domestic law enforcement at the federal, state, and local levels are using surveillance technologies in their every-day crime-fighting activities. In the case of cell-site simulators, this technology is being used to investigate a wide range of criminal activity, from human trafficking to narcotics trafficking, as well as kidnapping, and to assist in the apprehension of dangerous and violent fugitives.

DoD Online Privacy and Operational Security Smart Cards: Smartphone EXIF Removal

EXIF (Exchangeable image File Format) is a standard format for storing and exchanging image metadata. Image metadata is included in a captured image file and provides a broad range of supplemental information. Some social networks and photo-sharing sites, such as Flickr, Google+, and Instagram, have features that share EXIF data alongside images. Others, including Facebook and Twitter, do not share EXIF data but my utilize the information internally. EXIF data is stored as tags, some of which reveal unique identifying information.

DoD Online Privacy and Operational Security Smart Cards: LinkedIn

LinkedIn is a professional networking service that allows you to establish connections with co-workers, customers, business contacts, and potential employees and employers. You can post and share information about current and previous employment, education, military activities, specialties, and interests. To limit exposure of your personal information, you can manage who can view your profile and activities.

DoD Online Privacy and Operational Security Smart Cards: Facebook Mobile

As of January 2015, Facebook Mobile hosts 745 million daily mobile active users who accounts for over 60% of all mobile posts published to any online social networking service. Though privacy can still be achieved, mobile users place their personal identity data at a greater risk when compared to users logging in via desktop computer. This is in large part due to the fact that mobile devices provide Facebook with a means to access additional location information, contact lists, photos, and other forms of personal data. Use the following recommendations to best protect yourself against oversharing.

DoD Online Privacy and Operational Security Smart Cards: Opting Out of Public Records Aggregators

To locate your presence on the web, search for your name, names of family members, email addresses, phone numbers, home addresses, and social media usernames using Google. Once you have located information that you want removed, record your findings to keep track of the removal process. Please note that the information presented here about how to remove personal details from data aggregators is subject to change.

EU Cybercrime Committee: Criminal Justice Access to Data in the Cloud for Foreign Providers

The purpose of the present background paper is to provide a snapshot of policies and practices of some major US service providers regarding their “voluntary” disclosure of information to law enforcement authorities in foreign jurisdictions, and thus to facilitate discussion of future options regarding criminal justice access to electronic evidence in the cloud.

UN Human Rights Report on the Protection of Whistleblowers and Confidential Sources

In the report, submitted in accordance with Human Rights Council resolution 25/2, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression addresses the protection of sources of information and whistle-blowers. Everyone enjoys the right to access to information, an essential tool for the public’s participation in political affairs, democratic governance and accountability. In many situations, sources of information and whistle-blowers make access to information possible, for which they deserve the strongest protection in law and in practice. Drawing on international and national law and practice, the Special Rapporteur highlights the key elements of a framework for the protection of sources and whistle-blowers.

UN Human Rights Report: The Role of Encryption and Anonymity in Protecting Privacy and Freedom of Expression

In the present report, submitted in accordance with Human Rights Council resolution 25/2, the Special Rapporteur addresses the use of encryption and anonymity in digital communications. Drawing from research on international and national norms and jurisprudence, and the input of States and civil society, the report concludes that encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection.

Department of Justice Inspector General Report on FBI Section 215 Orders 2007-2009

This Executive Summary provides a brief overview of the results of the Department of Justice (Department or DOJ) Office of the Inspector General’s (OIG) third review of the Federal Bureau of Investigation’s (FBI) use of the investigative authority granted by Section 215 of the Patriot Act. Section 215 is often referred to as the “business record” provision. The OIG’s first report, A Review of the Federal Bureau of Investigation’s Use of Section 215 Orders for Business Records, was issued in March 2007 and covered calendar years 2002 through 2005. The OIG’s second report, A Review of the FBI’s Use of Section 215 Orders for Business Records in 2006, was issued in March 2008 and covered calendar year 2006. This third review was initiated to examine the progress the Department and the FBI have made in addressing the OIG recommendations which were included in our second report. We also reviewed the FBI’s use of Section 215 authority in calendar years 2007, 2008, and 2009.

DHS Acquisition of License Plate Reader Data from a Commercial Service Privacy Impact Assessment

U.S. Immigration and Customs Enforcement (ICE) uses information obtained from license plate readers (LPR) as one investigatory tool in support of its criminal investigations and civil immigration enforcement actions. Because LPR information can be combined with other data to identify individuals and therefore meets the definition of personally identifiable information (PII), ICE is conducting this Privacy Impact Assessment (PIA) to describe how it intends to procure the services of a commercial vendor of LPR information in order to expand the availability of this information to its law enforcement personnel. ICE is neither seeking to build nor contribute to a national public or private LPR database.

National Institute of Justice Body Cavity Screening Technology Assessment and Market Survey

Body scanners are used to screen for contraband in a variety of places. Airports, schools, government buildings, and corrections facilities are examples of the types of places that have employed body scanners. Different types of body scanners have different capabilities based on the imaging technologies used and the sophistication of the internal system analysis. Metal detection was one of the first technologies developed to identify metallic objects on a person, but contraband can take many other forms, such as powders (e.g., drugs), paper (e.g., money), and even ceramic or plastic weapons. Correctional facilities in particular are faced with various forms of contraband, and with elaborate methods of evading detection employed by the local population. Manufacturers have responded by producing scanners that are able to detect nonmetallic contraband, as well as systems that can detect contraband inside body cavities. This report identifies commercially available body scanners and discusses the technologies used by these products. Technological limitations pertaining to the type of materials detected and/or the ability to detect contraband inside body cavities are discussed.

International Biometrics and Identification Association Draft Privacy Best Practices for Commercial Biometrics

One fact should not be lost in this discussion. As has always been the case, new methods of authenticating identity, like biometric identification, are necessary to augment existing conventions and meet current needs. Biometric technologies do this and, as a major privacy‐enhancing technology, preserve privacy at the same time. The facial template itself, like other biometric templates, provides no personal information. Indeed, protecting the non‐biometric personal information is enhanced through the use of biometric verification of identity to limit data access to only authorized persons. Biometrics can provide a unique tool to protect and enhance both identity security and privacy and to protect against fraud and identity theft, especially as a factor in identity verification. When your personal data are protected by access mechanisms that include one or more biometric factors, it becomes much more difficult for someone else to gain access to your personal data and applications because no one else has your unique biometric attributes. This enables legitimate access and reduces the risk that a person can steal your identity and, posing as you, collect benefits; board an airplane; get a job; gain access to your personal data, etc.

National Counterterrorism Center Enhanced Safeguards Decision Matrix

The DNI, D/NCTC and the Attorney General approved revised Attorney General Guidelines for NCTC’s handling of US Person (USP) information in March 2012. These revised NCTC Attorney General Guidelines (“NCTC’s AGGs”) govern NCTC’s access, retention, use, and dissemination of datasets identified as including non-terrorism information and information pertaining exclusively to domestic terrorism, and provide NCTC with the authority to retain USP information for up to five years (unless a shorter period is required by law, executive order, regulation, international agreement, etc.). During this temporary retention and assessment period, additional safeguards and protections are applied to this data, to include baseline (and potentially enhanced) safeguards, as well as additional compliance, auditing, reporting and oversight mechanisms.

National Institute of Justice Through-the-Wall Sensors Best Practices for Law Enforcement

The National Institute of Justice (NIJ) Sensor, Surveillance, and Biometric Technologies (SSBT) Center of Excellence (CoE) has undertaken a best practices report of through-the-wall sensor (TTWS) devices for operation by law enforcement and first responder agencies in the United States. These devices use a form of radar to detect movement behind barriers. The ability to sense the presence of individuals through common building materials can be useful during rescue operations, law enforcement operations and other tactical scenarios. This report provides advice, tactics and information related to the use of TTWS in operational settings. The information provides law enforcement individuals and organizations with a better understanding of the capabilities and limitations of available TTWS equipment. When put into practice, an agency can make the most of the technology and improve the outcome and safety of operational scenarios in which it is deployed. The best practices report focuses on the use of commercially available TTWS devices suitable for law enforcement or emergency response applications.

Oakland Domain Awareness Center Draft Privacy and Data Retention Policy

The Joint City-Port Domain Awareness Center (interchangeably referred to in this document as “Joint City-Port Domain Awareness Center”, “Domain Awareness Center,” or “DAC”) was first proposed to the City Council’s Public Safety Committee on June 18, 2009, in an information report regarding the City of Oakland partnering with the Port of Oakland to apply for Port Security Grant funding under the American Recovery and Reinvestment Act, 2009. Under this grant program, funding was available for Maritime Domain Awareness (MDA) projects relative to “maritime” or “waterside”. The Port and City were encouraged to consider the development of a joint City Port Domain Awareness Center. The joint DAC would create a center that would bring together the technology, systems and processes that would provide for an effective understanding of anything associated with the City of Oakland boundaries as well as the Oakland maritime operations that could impact the security, safety, economy or environment.

Google Inferring Events Based on Mob Source Video Patent

Methods and systems are disclosed for inferring that an event of interest (e.g., a public gathering, a performance, an accident, etc.) has likely occurred. In particular, when there are at least a given number of video clips with similar timestamps and geolocation stamps uploaded to a repository, it is inferred that an event of interest has likely occurred, and a notification signal is transmitted (e.g., to a law enforcement agency, to a news organization, to a publisher of a periodical, to a public blog, etc.).

(U//LES) Virginia Fusion Center Bulletin: TOR, Bitcoins, Silk Road and the Hidden Internet

The purpose of this bulletin is to provide awareness and a basic understanding of the “Hidden Internet” to investigators in the field, as well as provide some examples of how the Hidden Internet can be exploited by criminal elements. While the term “Hidden Internet” can be used in a broader context and refer to other internet terms such as the “Deep Web” or “Deepnet,” for the purpose of this bulletin the term “Hidden Internet” will refer to the hidden services provided by the TOR project to internet users, specifically relating to the Silk road website and use of Bitcoins.