Wednesday, July 13, 2011

The Year in Wiretapping and the FBI's Next Generation of Biometrics

I've written a lot in recent months about the FBI's insatiable appetite for power and our apparent willingness to give it to them. In my recent Patriot Act op-ed I detailed ALL THE WAYS in which the FBI has violated the civil liberties of American citizens for all kinds of purposes OTHER than "protecting" us from terrorism.

I also discussed the use of what are called National Security Letters (NSLs) – which allow the FBI, without a court order, to obtain telecommunication, financial and credit records deemed “relevant” to a government investigation. The FBI issues about 50,000 a year and an internal watchdog has repeatedly found the flagrant misuse of this power.

And, I have discussed new guidelines from the Justice Department will allow FBI agents to investigate people and organizations "proactively" without firm evidence for suspecting criminal activity. The new rules will free up agents to infiltrate organizations, search household trash, use surveillance teams, search databases, and conduct lie detector tests, even without suspicion of any wrongdoing.

All in all, its a pretty dismal report card for the health of the US Bill of Rights. Sadly, there's more to report.

Let me begin quickly with the latest op-ed from Julian Sanchez detailing what he termed The Year in Wiretapping. Essentially, it updates a lot of the data I cited in my article. So let's get to the piece to see how our phone line privacy fared last year.

Sanchez writes:

....the annual Wiretap Report was finally released by the Administrative Office of the U.S. Courts, fully two months behind schedule (the first time in over a decade it’s been so late). While we often focus on the growth of the surveillance state in the context of national security and the War on Terror—such as foreign intelligence wiretaps, which aren’t counted in this report—it’s clear that surveillance is on the rise for ordinary law enforcement purposes as well. State and federal investigators obtained 3,194 wiretap orders in 2010, an increase of 34 percent over the previous year, and a whopping 168 percent increase over 2000. Only one wiretap application was denied—which you can choose to take as evidence that law enforcement is extremely scrupulous in seeking applications, or that judges tend to rubber stamp them, according to your preferred level of paranoia....

The average wiretap order swept up the communications of 118 people
(since, of course, each individual target converses with many people, including many innocent people). If there were no overlap between wiretap orders, that would imply 376,892 people affected. Since it’s common for multiple orders to be sought as part of a single investigation, however, many of the same people are presumably being counted as having been caught under more than one wiretap order.  Even on the wildly charitable assumption that only a third of those were unique individuals, though, that  would still be well over 125,000 people spied upon, many innocent of any wrongdoing. 

Though such criminal intercepts are supposed to be “minimized” in realtime, to prevent the recording of innocent conversations, only 26 percent of intercepted communications contained incriminating material—which is to say, nearly three-quarters were innocent communications unrelated to criminal activity. (It’s possible some of these were partial intercepts discontinued once investigators realized the communication wasn’t pertinent—the report doesn’t make that clear.)

It’s worth bearing in mind here that the nature of wiretaps, as opposed to conventional physical searches, is that they always involve invading the privacy of somebody other than the target named in the warrant—indeed, as the numbers show, very many people. You have to wonder what we’d think if traditional physical search warrants permitted police to rifle through the belongings of dozens of innocent people for each genuine criminal.

Still, this invasive technique is still reserved for investigating the most serious violent crimes, right? Alas, no: For 84 percent of wiretap applications (2,675 wiretaps), the most serious offense under investigation involved illegal drugs. Further proof, if proof were needed, that privacy suffers enormous collateral damage in our failed drug war. Drugs have long been the reason for the vast majority of wiretaps, but that trend, too, is on the upswing: Drug cases accounted for “just” 75 percent of intercept orders in 2000.

In other words, as I wrote in my op-ed in describing Patriot Act abuses and the FBI, "Monitoring political groups and activities deemed “threatening” (i.e. environmentalists, peace activists), expanding the already disastrous and wasteful war on drugs, and spying on journalists isn’t about fighting terrorism, it’s about stifling dissent and consolidating power – at the expense of civil liberties. How ironic that the very “tool” hailed as our nation’s protector has instead been used to violate the very Constitutional protections we are allegedly defending from “attack” by outside threats. What was promised as a “temporary”, targeted law to keep us safe from terror has morphed into a rewriting of the Bill of Rights."

But wait...I'm STILL not finished. Now comes word, with special thanks to the Electronic Frontier Foundation's Jennifer Lynch, the FBI is pursuing what can only be called the next generation of Biometrics.

Before I get to some choice clips to Jennifer's article, let me refresh everyone on the concept of biometric identifiers - like fingerprints, facial, and/or iris scans. These essentially match an individual’s personal characteristics against an image or database of images. Initially, the system captures a fingerprint, picture, or some other personal characteristic, and transforms it into a small computer file (often called a template).

The next time someone interacts with the system, it creates another computer file
There are a number of reasons why such technological identifiers should concerns us.

So let's be real clear, creating a database with millions of facial scans and thumbprints raises a host of surveillance, tracking and security question - never mind the cost.

Privacy expert Bruce Schneier recently pointed out some of pro's and con's of a biometrics:

On the strength side, biometrics are hard to forge. It's hard to affix a fake fingerprint to your finger or make your retina look like someone else's. Some people can mimic voices, and make-up artists can change people's faces, but these are specialized skills.

On the other hand, biometrics are easy to steal. You leave your fingerprints everywhere you touch, your iris scan everywhere you look. Regularly, hackers have copied the prints of officials from objects they've touched, and posted them on the Internet. We haven't yet had an example of a large biometric database being hacked into, but the possibility is there. Biometrics are unique identifiers, but they're not secrets.

With that, let's get to the article by EFF. Lynch writes:

Last week, the Center for Constitutional Rights (CCR) and several other organizations released documents from a FOIA lawsuit that expose the concerted efforts of the FBI and DHS to build a massive database of personal and biometric information. This database, called “Next Generation Identification” (NGI), has been in the works for several years now. However, the documents CCR posted show for the first time how FBI has taken advantage of the DHS Secure Communities program and both DHS and the State Department’s civil biometric data collection programs to build out this $1 billion database.

Unlike some government initiatives, NGI has not been a secret program. The FBI brags about it on its website (describing NGI as “bigger, faster, and better”), and both DHS and FBI have, over the past 10+ years, slowly and carefully laid the groundwork for extensive data sharing and database interoperability through publicly-available privacy impact assessments and other records. However, the fact that NGI is not secret does not make it OK. Currently, the FBI and DHS have separate databases (called IAFIS and IDENT, respectively) that each have the capacity to store an extensive amount of information—including names, addresses, social security numbers, telephone numbers, e-mail addresses, fingerprints, booking photos, unique identifying numbers, gender, race, and date of birth. Within the last few years, DHS and FBI have made their data easily searchable between the agencies. However, both databases remained independent, and were only “unimodal,” meaning they only had one biometric means of identifying someone—usually a fingerprint.


So why should we be worried about a program like NGI, which the FBI argues will “reduce terrorist and criminal activities”? Well, the first reason is the sheer size of the database. Both DHS and FBI claim that their current biometrics databases (IDENT and IAFIS, respectively) are the each the “largest biometric database in the world.” IAFIS contains 66 million criminal records and 25 million civil records, while IDENT has over 91 million individual fingerprint records.

Once these records are combined into one database and once that database becomes multimodal, as we discussed in our 2003 white paper on biometrics, there are several additional reasons for concern. Three of the biggest are the expanded linking and tracking capabilities associated with robust and standardized biometrics collection systems and the potential for data compromise.

Already, the National Institute for Standards and Technology, along with other standards setting bodies, has developed standards for the exchange of biometric data. FBI, DHS and DoD’s current fingerprint databases are interoperable, indicating their systems have been designed (or re-designed) to read each others’ data. NGI will most certainly improve on this standardization. While this is good if you want to check to see if someone applying for a visa is a criminal, it has the potential to be very bad for society. Once data is standardized, it becomes much easier to use as a linking identifier, not just in interactions with the government but also across disparate databases and throughout society. This could mean that instead of being asked for your social security number the next time you apply for insurance, see your doctor, or fill out an apartment rental application, you could be asked for your thumbprint or your iris scan.

This is a big problem if your records are ever compromised because you can’t change your biometric information like you can a unique identifying number such as an SSN. And the many recent security breaches show that we can never fully protect against these kinds of data losses.

The third reason for concern is at the heart of much of our work at EFF. Once the collection of biometrics becomes standardized, it becomes much easier to locate and track someone across all aspects of their life. As we said in 2003, “EFF believes that perfect tracking is inimical to a free society. A society in which everyone's actions are tracked is not, in principle, free. It may be a livable society, but would not be our society.”

Click here to read more.

As Bruce Schneier noted, "One more problem with biometrics: they don't fail well. Passwords can be changed, but if someone copies your thumbprint, you're out of luck: you can't update your thumb. Passwords can be backed up, but if you alter your thumbprint in an accident, you're stuck. The failures don't have to be this spectacular: a voiceprint reader might not recognize someone with a sore throat, or a fingerprint reader might fail outside in freezing weather. Biometric systems need to be analyzed in light of these possibilities."

Let's hope that none of this leads to the requirement that ALL AMERICANS carry biometric ID'S at some point, particularly with the fingerprint or the iris as the biometric identifier.

The ACLU put together an excellent fact sheet on a variety of the privacy implications associated with biometric identifiers, including whether biometric images should be collected, which images should be collected (i.e. facial v. thumbprint scan), who has access to those images, and for what purposes being the preliminary privacy questions that should addressed to protect individuals’ constitutional right to privacy.

Similarly, as noted by Lynch, the ACLU also warns (now becoming a reality obviously), of the creation of dossiers about individuals and their activities in which a biometric identifier is used as a unique identifier to catalogue personal information about an individual - which would enable monitoring, tracking and surveillance of individuals. This concern applies to both the government and databrokers/private industry using the same biometric to gather information.

Also noted by the ACLU:

Threat to Anonymity and Anonymous Speech: likelihood rises of using facial recognition to identify and surveil innocent people just walking down the street or engaged in First Amendment protected speech on political or labor issues.

The Supreme Court has found that compelling an individual to disclose his or her political ideas or affiliations to the government deters the exercise of First Amendment rights. The right to anonymous speech, protest and leafleting are critical to our democracy.

o Perceived Infallibility and Inaccuracy: The concept that each of us is unique does not always translate into accurate biometric identification. Computer “matches” must be reviewed visually by people to confirm the accuracy. And, even then, errors are made.

Brandon Mayfield, the Oregon Attorney, was erroneously linked to the 2004 Madrid train bombings after his prints were misidentified and he was held by the FBI for two weeks, though he was never charged. His prints were “identified” through the Integrated Automated Fingerprint Identification System (IAFIS). IAFIS identified a few potential matches that were then reviewed by a fingerprint examiner and an outside experienced fingerprint expert.

Certainly more to come on this issue....

No comments: