Menu

Timesdelhi.com

March 19, 2019
Category archive

national security

ICE has a huge license plate database targeting immigrants, documents reveal

in california/Delhi/Government/India/law enforcement/mass surveillance/national security/Politics/privacy/Security/surveillance by

Newly released documents reveal Immigration and Customs Enforcement is tracking and targeting immigrants through a massive license plate reader database supplied with data from local police departments — in some cases violating sanctuary laws.

The documents, obtained by a Freedom of Information lawsuit filed by the American Civil Liberties Union and released Tuesday, reveal the vehicle surveillance system collects more than a hundred million license plates a month from some of the largest cities in the U.S., including New York and Los Angeles, both of which are covered under laws limiting police cooperation with immigration agencies.

More than 9,000 ICE agents have access to the database, run by Vigilant Solutions, feeding some six billion vehicle detection records into Thomson Reuters’ investigative platform LEARN, to which police departments can buy access.

“The public has a right to know when a government agency — especially an immoral and rogue agency such as ICE — is exploiting a mass surveillance database that is a threat to the privacy and safety of drivers across the United States,” said Vasudha Talla, staff attorney with the ACLU of Northern California, in an email to TechCrunch.

Talla, who sued ICE to release the documents, said the government “should not have unfettered access to information that reveals where we live, where we work, and our private habits.” Critics have noted several high-profile cases of police misusing and improperly accessing license plate data.

Automatic license plate readers (ALPR) scan and detect license plates, along with the time, date and location from thousands of cameras installed across the country to spot criminals and fugitives with warrants out for their arrest. The ACLU previously called it one of the new and emerging forms of mass surveillance in the United States. Companies like Vigilant feed data collected from ALPR cameras into databases accessible to law enforcement and federal agencies, which the ACLU accused ICE of using to find and deport immigrants.

ICE has a “hot list” of more than 1,100 license plates of suspects, felons or other subjects of interest, according to the documents released. Plates on the hot list trigger an alert to ICE that the vehicle has been spotted, including where and when.

“Hot lists are just one method by which ICE agents can track drivers with this system,” said Talla.

A spokesperson for ICE did not comment by our deadline on how many hot list detections led to deportations or removals from the U.S. Spokespeople for Thomson Reuters and Vigilant Solutions also did not comment.

It’s the third effort by ICE to secure access to the database in the past five years, after earlier attempts in 2014 over privacy concerns and 2015 over price negotiations failed. The agency rushed to secure the contract before a planned hike in cost by Thomson Reuters toward the end of 2017.

ICE spent $6.1 million on its latest contract in February 2018, gaining access to 80 law enforcement agencies covering almost two-thirds of the U.S. population. To allay fears of potential misuse, the agency was required to pass a revised privacy impact assessment explaining how ICE can and cannot use the license plate data. In one released email to an NPR reporter, ICE said agents “can only access data” uploaded by police departments if they elect to share it through the system.

But the ACLU found emails of ICE agents directly contacting local law enforcement officers to ask for license plate search data, circumventing the database.

Correspondence between ICE and a local police detective asking for license plate data outside of the ALPR database (Image: ACLU/supplied)

Over a years-long effort, one ICE agent — whose name was redacted by the government — sent several requests to a La Habra police detective by email asking for license plate data.

La Habra is one of 169 police departments in California, and is one of dozens of departments known to use ALPR. But the city’s police department is not on Vigilant’s list of law enforcement partners that supply license plate data to ICE, the documents show.

We asked La Habra Chief of Police Jerry Price if turning over records to ICE was in violation of California’s sanctuary status, but he would not comment.

“By going to local police informally, ICE is able to access locally collected driver location data without having to ask for formal access to the local system through the LEARN network, which could trigger local oversight or concern,” said Talla.

A list of local U.S. police departments contributing license plate data to the database, to which ICE has access (Image: ACLU/supplied)

Other police departments were named as partners that actively feed data into the ICE-accessible database, like Upland, Merced and Union City — three cities in California, which in 2018 passed state-wide laws that offer sanctuary to immigrants who might be in the country illegally or otherwise subject to deportation by ICE. The laws prohibit law enforcement in the state from sharing of license plate data with federal agencies, said Talla.

When reached, Union City Police Department chief Victor Derting did not comment. Spokespeople for Upland and Merced police departments did not respond to a request for comment.

The ACLU called on the immediate end to the license plate information sharing.

The documents also revealed how ICE initially considered trying to keep the database a secret, arguing that disclosing the capability would “almost immediately diminish its effectiveness as a law enforcement tool.”

Amid a controversial and questionable national emergency declared by the Trump administration, ICE remains a divisive agency more than ever. Last year, 19 of the top ICE investigators that investigate serious criminal cases, like drug smuggling and sex trafficking rings, called on the government to distance their work from ICE’s enforcement and removal operations unit, which investigates immigration violations and handles deportations.

In January, TechCrunch revealed dozens of ALPR cameras are still exposed on the internet — many of which are accessible without a password.

News Source = techcrunch.com

The responsibility for a sustainable digital future

in articles/Column/computer security/cryptography/cybercrime/Cyberwarfare/Delhi/e-commerce/Europe/Facebook/France/G7/Getty-Images/India/national security/Paris/Politics/Tim-berners lee by

On March 12, 2019, we celebrate the 30th anniversary of the “World Wide Web”, Tim Berners-Lee’s ground-breaking invention.

In just thirty years, this flagship application of the Internet has forever changed our lives, our habits, our way of thinking and seeing the world. Yet, this anniversary leaves a bittersweet taste in our mouth: the initial decentralized and open version of the Web, which was meant to allow users to connect with each other, has gradually evolved to a very different version, centralized in the hands of giants who capture our data and impose their standards.

We have poured our work, our hearts and a lot of our lives out on the internet. For better or for worse. Beyond business uses for Big Tech, our data has become an incredible resource for malicious actors, who use this windfall to hack, steal and threaten. Citizens, small and large companies, governments: online predators spare no one. This initial mine of information and knowledge has provided fertile ground for dangerous abuse: hate speech, cyber-bullying, manipulation of information or apology for terrorism – all of them amplified, relayed and disseminated across borders.

Laissez-faire or control: between Scylla and Charybdis

Faced with these excesses, some countries have decided to regain control over the Web and the Internet in general: by filtering information and communications, controlling the flow of data, using digital instruments for the sake of sovereignty and security. The outcome of this approach is widespread censorship and surveillance. A major threat to our values ​​and our vision of society, this project of “cyber-sovereignty” is also the antithesis of the initial purpose of the Web, which was built in a spirit of openness and emancipation. Imposing cyber-borders and permanent supervision would be fatal to the Web.

To avoid such an outcome, many democracies have favored laissez-faire and minimal intervention, preserving the virtuous circle of profit and innovation. Negative externalities remain, with self-regulation as the only barrier. But laissez-faire is no longer the best option to foster innovation: ​​data is monopolized by giants that have become systemic, users’ freedom of choice is limited by vertical integration and lack of interoperability. Ineffective competition threatens our economies’ ability to innovate.

In addition, laissez-faire means being vulnerable to those who have chosen a more interventionist or hostile stance. This question is particularly acute today for infrastructures: should we continue to remain agnostic, open and to choose a solution only based on its economic competitiveness? Or should we affirm the need to preserve our technological sovereignty and our security?

Internet of Things connecting in cloud over city scape.

Photo courtesy of Getty Images/chombosan

Paving a third way

To avoid these pitfalls, France, Europe and all democratic countries must take control of their digital future. This age of digital maturity involves both smart digital regulation and enhanced technological sovereignty.

Holding large actors accountable is a legitimate and necessary first step: “with great power comes great responsibility”.

Platforms that relay and amplify the audience of dangerous content must assume a stronger role in information and prevention. The same goes for e-commerce, when consumers’ health and safety is undermined by dangerous or counterfeit products, made available to them with one click. We should apply the same focus on systemic players in the field of competition: vertical integration should not hinder users’ choice of goods, services or content.

But for our action to be effective and leave room for innovation, we must design a “smart regulation”. Of course, our goal is not to impose on all digital actors an indiscriminate and disproportionate normative burden.

Rather, “smart regulation” relies on transparency, auditability and accountability of the largest players, in the framework of a close dialogue with public authorities. With this is mind, France has launched a six-month experiment with Facebook on the subject of hate content, the results of which will contribute to current and upcoming legislative work on this topic.

In the meantime, in order to maintain our influence and promote this vision, we will need to strengthen our technological sovereignty. In Europe, this sovereignty is already undermined by the prevalence of American and Asian actors. As our economies and societies become increasingly connected, the question becomes more urgent.

Investments in the most strategic disruptive technologies, construction of an innovative normative framework for the sharing of data of general interest: we have leverage to encourage the emergence of reliable and effective solutions. But we will not be able to avoid protective measures when the security of our infrastructure is likely to be endangered.

To build this sustainable digital future together, I invite my G7 counterparts to join me in Paris on May 16th. On the agenda, three priorities: the fight against online hate, a human-centric artificial intelligence, and ensuring trust in our digital economy, with the specific topics of 5G and data sharing.

Our goal? To take responsibility. Gone are the days when we could afford to wait and see.

Our leverage? If we join our wills and forces, our values can prevail.

We all have the responsibility to design a World Wide Web of Trust. It is still within our reach but the time has come to act.

News Source = techcrunch.com

What business leaders can learn from Jeff Bezos’ leaked texts

in Column/computing/cryptography/data protection/data security/Delhi/European Union/Facebook/General Data Protection Regulation/Google/human rights/India/jeff bezos/Microsoft/national security/online security/oregon/Politics/privacy/Ron Wyden/terms of service/United States/Wickr by

The ‘below the belt selfie’ media circus surrounding Jeff Bezos has made encrypted communications top of mind among nervous executive handlers. Their assumption is that a product with serious cryptography like Wickr – where I work – or Signal could have helped help Mr. Bezos and Amazon avoid this drama.

It’s a good assumption, but a troubling conclusion.

I worry that moments like these will drag serious cryptography down to the level of the National Enquirer. I’m concerned that this media cycle may lead people to view privacy and cryptography as a safety net for billionaires rather than a transformative solution for data minimization and privacy.

We live in the chapter of computing when data is mostly unprotected because of corporate indifference. The leaders of our new economy – like the vast majority of society – value convenience and short-term gratification over the security and privacy of consumer, employee and corporate data.  

We cannot let this media cycle pass without recognizing that when corporate executives take a laissez-faire approach to digital privacy, their employees and organizations will follow suit.

Two recent examples illustrate the privacy indifference of our leaders…

  • The most powerful executive in the world is either indifferent to, or unaware that, unencrypted online flirtations would be accessed by nation states and competitors.
  • 2016 presidential campaigns were either indifferent to, or unaware that, unencrypted online communications detailing “off-the-record” correspondence with media and payments to adult actor(s) would be accessed by nation states and competitors.

If our leaders do not respect and understand online security and privacy, then their organizations will not make data protection a priority. It’s no surprise that we see a constant stream of large corporations and federal agencies breached by nation states and competitors. Who then can we look to for leadership?

GDPR is an early attempt by regulators to lead. The European Union enacted GDPR to ensure individuals own their data and enforce penalties on companies who do not protect personal data. It applies to all data processors, but the EU is clearly focused on sending a message to the large US based data processors – Amazon, Facebook, Google, Microsoft, etc. In January, France’s National Data Protection Commission sent a message by fining Google $57 million for breaching GDPR rules. It was an unprecedented fine that garnered international attention. However, we must remember that in 2018 Google’s revenues were greater than $300 million … per day! GPDR is, at best, an annoying speed-bump in the monetization strategy of large data processors.

It is through this lens that Senator Ron Wyden’s (Oregon) idealistic call for billions of dollars in corporate fines and jail time for executives who enable privacy breaches can be seen as reasonable. When record financial penalties are inconsequential it is logical to pursue other avenues to protect our data.

Real change will come when our leaders understand that data privacy and security can increase profitability and reliability. For example, the Compliance, Governance and Oversight Council reports that an enterprise will spend as much as $50 million to protect 10 petabytes of data, and that $34.5 million of this is spent on protecting data that should be deleted. Serious efficiencies are waiting to be realized and serious cryptography can help.  

So, thank you Mr. Bezos for igniting corporate interest in secure communications. Let’s hope this news cycle convinces our corporate leaders and elected officials to embrace data privacy, protection and minimization because it responsible, profitable and efficient. We need leaders and elected officials to set an example and respect their own data and privacy if we have any hope of their organizations to protect ours.

News Source = techcrunch.com

With cybersecurity threats looming, the government shutdown is putting America at risk

in agriculture/America/China/Column/computer security/cybercrime/Cyberwarfare/Delhi/Department of Homeland Security/Federal government/Finance/Food/Government/India/Internal Revenue Service/Iran/national security/North Korea/Politics/presidential election/Russia/Security/United States by

Putting political divisions and affiliations aside, the government partially shutting down for the third time over the last year is extremely worrisome, particularly when considering its impact on the nation’s cybersecurity priorities. Unlike the government, our nation’s enemies don’t ‘shut down.’ When our nation’s cyber centers are not actively monitoring and protecting our most valuable assets and critical infrastructure, threats magnify and vulnerabilities become further exposed.

While Republicans and Democrats continue to butt heads over border security, the vital agencies tasked with properly safeguarding our nation from our adversaries are stuck in operational limbo. Without this protection in full force acting around the clock, serious extraneous threats to government agencies and private businesses can thrive. This shutdown, now into its fourth week, has crippled key U.S. agencies, most notably the Department of Homeland Security, imperiling our nation’s cybersecurity defenses.

Consider the Cybersecurity and Infrastructure Security Agency, which has seen nearly 37 percent of its staff furloughed. This agency leads efforts to protect and defend critical infrastructure, as it pertains to industries as varied as energy, finance, food and agriculture, transportation, and defense.

As defined in the 2001 Patriot Act, critical infrastructure is such that, “the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” In the interest of national security, we simply cannot tolerate prolonged vulnerability in these areas.

Employees who are considered “essential” are still on the job, but the loss of supporting staff could prove to be costly, in both the short and long term. More immediately, the shutdown places a greater burden on the employees deemed essential enough to stick around. These employees are tasked with both longer hours and expanded responsibilities, leading to a higher risk of critical oversight and mission failure, as weary agents find themselves increasingly stretched beyond their capabilities.

The long-term effects, however, are quite frankly, far more alarming. There’s a serious possibility our brightest minds in cybersecurity will consider moving to the private sector following a shutdown of this magnitude. Even ignoring that the private sector pays better, furloughed staff are likely to reconsider just how valued they are in their current roles. After the 2013 shutdown, a significant segment of the intelligence community left their posts for the relative stability of corporate America. The current shutdown bears those risks as well. A loss of critical personnel could result in institutional failure far beyond the present shutdown, leading to cascading security deterioration.

This shutdown has farther reaching effects for the federal government to attract talent in the form of recent college grads or those interested in transitioning from the private sector. The stability of government was once viewed as a guarantee compared to the private sector, but work could incentivize workers to take their talents to the private sector.

The IRS in particular is extremely vulnerable, putting America’s private sector and your average taxpayer directly in the crosshairs. The shutdown has come at the worst time of the year, as the holidays and the post-holiday season tend to have the highest rates for cybercrime. In 2018, the IRS reported a 60 percent increase in email scams. Meanwhile, as the IRS furloughed much of its staff as well, cyber criminals are likely to ramp up their activity even more.

Though the agency has stated it will recall a “significant portion” of its personnel to work without pay, it has also indicated there will be a lack of support for much beyond essential service. There’s no doubt cybercriminals will see this as a lucrative opportunity. With tax season on the horizon, the gap in oversight will feed directly into cyber criminals’ playing field, undoubtedly resulting in escalating financial losses due to tax identity theft and refund fraud.

Cyberwarfare is no longer some distant afterthought, practiced and discussed by a niche group of experts in a backroom. Cyberwarfare has taken center stage on the virtual battlefield. Geopolitical adversaries such as North Korea, Russia, Iran, and China rely on cyber as their most agile and dangerous weapon against the United States. These hostile nation-states salivate at the idea of a prolonged government shutdown.

From Russian interference in the 2016 presidential election to Chinese state cybercriminals breaching Marriott Hotels, the necessity  to protect our national cybersecurity has never been more explicit.

If our government doesn’t resolve this dilemma quickly, America’s cybersecurity will undoubtedly suffer serious deterioration, inevitably endangering the lives and safety of citizens across the nation. This issue goes far beyond partisan politics, yet needs both parties to come to a consensus immediately. Time is not on our side.

News Source = techcrunch.com

How Trump’s government shutdown is harming cyber and national security

in airline security/computer security/Delhi/funding/Government/Homeland Security/India/national security/Politics/president/Security/Trump/tsa/U.S. government/Washington by

It’s now 18 days since the U.S. government unceremoniously shut down because Congress couldn’t agree on a bill to fund a quarter of all federal departments — including paying their employees.

But federal workers are starting to feel the pinch after not getting paid for two weeks, and this will have a knock-on effect to U.S. national security. The longer the shutdown goes on, the greater the damage will be.

The “too long, didn’t read” version is that before Christmas, President Trump wanted $5 billion for a wall on the southern border with Mexico to fulfill a campaign promise. Despite the Republicans having a majority in both houses of Congress, they didn’t have the votes to pass the spending bill in the Senate, which would’ve kept the government going when existing funding expired on midnight on December 22. No vote was held, even after a successful vote in the House, and the government shut down. When the Democrats took the majority in the House last week following their midterm wins, they were ready to pass a funding bill — without the $5 billion (because they think it’s a gigantic waste of money) — and get the government going again. But Trump has said he won’t sign any bill that doesn’t have the border wall funding.

More than two weeks later, some 800,000 federal workers are still at home — yet, about half were told to stay and work without pay. Worse, there’s no guarantee that federal workers will get paid for the time the government was shut down unless lawmakers intervene.

Unless the Democrats get a veto-proof majority, the impasse looks set to continue.

A crew works replacing the old border fence along a section of the U.S.-Mexico border, as seen from Tijuana, in Baja California state, Mexico, on January 8, 2019. (Photo by GUILLERMO ARIAS/AFP/Getty Images)

Government shutdowns don’t happen very often — usually — or really at all outside the U.S., and yet this is the first time in four decades that the government has been closed three times in one year. That doesn’t mean cyber or national security threats conveniently stop. Granted, most of the government is functioning and ticking over. There are still boots on the ground, cops on the street, NSA analysts fighting hackers in cyberspace and criminals still facing justice.

But while most of the core government departments — State, Treasury, Justice and Defense — are still operational, others — like Homeland Security, which takes the bulk of the government’s cybersecurity responsibility — are suffering the most.

And the longer the shutdown goes on, the greater chance of tighter budgets and that more staff could be furloughed.

Here’s a breakdown:

Homeland Security’s new cybersecurity unit got off to a rough start: The newly established Cybersecurity and Infrastructure Security Agency, a division of Homeland Security, has only been operational since November 16, but about more than half of its staff have been furloughed, according to Homeland Security. The division is designed to lead the national effort to defend critical national infrastructure from current, ongoing threats. By our count at the time of writing, the CISA has been shut down for one in 10 days of its two-month tenure.

Threat intelligence sharing will take a hit: A little-known program inside Homeland Security, known as the Automated Indicator Sharing, has also sent home more than 80 percent of it staff, according to Duo Security. AIS allows private industry and government agencies to share threat intelligence, which is shared with Homeland Security’s government partners, to ensure that any detected attack can only ever be used once. The shutdown is going to heavily impact the data exchange program.

New NIST standards to face delays: More than 85 percent of National Institute of Standards and Technology employees have been sent home without pay, leaving just a handful of essential staff to keep NIST’s new advice and guidance work going. NIST is responsible for giving all government departments necessary and up-to-date security advice. It also means that FIPS testing, used to grant devices and new technologies security certifications to run on government networks, has completely stopped during the shutdown.

Underpaid TSA agents are now entirely unpaid: The TSA, found at every U.S. airport security screening area, is still working despite the shutdown. More than 90 percent of the TSA’s workforce of 60,078 employees will go unpaid — on top of already low pay, which has resulted in a high turnover rate. Despite Trump’s remarks to the contrary, several news agencies say TSA workers are calling out sick in droves. And that’s going to harm airport security. Many worry that the already low morale could put airline security at risk. One traveler/passenger at Minneapolis-Saint Paul International Airport tweeted this week: “I asked TSA agent if I should take out my laptop out of its case and she said, ‘I don’t care, I’m not getting paid’.”

Secret Service staff are working unpaid: And, whether you like them or not, keeping the president and senior lawmakers and politicians alive is a paramount national security concern, yet the vast majority of front-line and back office Secret Service agents currently protecting senior administration staff are going unpaid during the shutdown.

And that’s just some of the larger departments.

The shutdown isn’t only hampering short-term efforts, but could result in long-lasting damage.

“Cyber threats don’t operate on Washington’s political timetable, and they don’t stop because of a shutdown,” Lisa Monaco, former homeland security advisor to the president, told Axios on Wednesday. And security firm Duo said that trying to keep all of the cyber-plates spinning at once while not at full-strength is “risky,” especially given nobody knows how long the shutdown will last.

All this for a border wall that Trump says will prevent terrorists from pouring into the U.S.

Critics say that the cost-benefit to building the wall vis-à-vis the shutdown doesn’t add up. Experts say that there hasn’t been a single case of a known terrorist to have crossed illegally into the U.S. from the Mexican border. In fact, since the September 11 attacks, more than three-quarters of all designated acts of terror were carried out by far-right extremists and not Islamic violent extremists, according to a government watchdog. The vast majority of terrorist incidents were U.S. citizens or green card holders.

A border wall might keep some terrorists out, but it’s not going to stop the terrorists who are already in the U.S. Yet, right now it seems the White House wants the appearance of security rather than the security from a quarter of what the government already has at its disposal.

News Source = techcrunch.com

1 2 3 4
Go to Top