DHS reportedly seeking covert naked scanners

Computerworld is reporting that the Electronic Privacy Information Center has obtained documents under the Freedom of Information Act that suggest the Department of Homeland Security is on the hunt for portable body scanners. This is not surprising, but what is most chilling is the suggestion that they're seeking devices that can be deployed to covertly see through clothing of unsuspecting people.

See:

DHS seeks systems for covert body scans, documents show - Computerworld

Computerworld - Documents obtained Tuesday by the Electronic Privacy Information Center suggest that the U.S. Department of Homeland Security has signed contracts for the development of mobile and static systems that can be used scan pedestrians and people at rail and bus stations and special event venues -- apparently at times without their knowledge.

The documents indicate that DHS moved to develop the technology as part of an effort to bolster the ability of law enforcement personnel to quickly detect concealed bombs and other explosives on individuals.

EPIC obtained the documents from the DHS under a Freedom of Information Act request for data on mobile and static scanning systems it filed last year....

Washington Post on Monitoring America

The Washington Post has a monumental investigative report on "Top Secret America" focused on Monitoring America. Here's a summary:

Monitoring America | washingtonpost.com

Top Secret America is a project two years in the making that describes the huge security buildup in the United States after the Sept. 11, 2001, attacks. Today’s story is about those efforts at the local level, including law enforcement and homeland security agencies in every state and thousands of communities. View previous stories, explore relationships between government organizations and the types of work being done, and view top-secret geography on an interactive map.

---

Today's story, along with related material on The Post's Web site, examines how Top Secret America plays out at the local level. It describes a web of 4,058 federal, state and local organizations, each with its own counterterrorism responsibilities and jurisdictions. At least 935 of these organizations have been created since the 2001 attacks or became involved in counterterrorism for the first time after 9/11.

The months-long investigation, based on nearly 100 interviews and 1,000 documents, found that:

• Technologies and techniques honed for use on the battlefields of Iraq and Afghanistan have migrated into the hands of law enforcement agencies in America.
• The FBI is building a database with the names and certain personal information, such as employment history, of thousands of U.S. citizens and residents whom a local police officer or a fellow citizen believed to be acting suspiciously. It is accessible to an increasing number of local law enforcement and military criminal investigators, increasing concerns that it could somehow end up in the public domain.
• Seeking to learn more about Islam and terrorism, some law enforcement agencies have hired as trainers self-described experts whose extremist views on Islam and terrorism are considered inaccurate and counterproductive by the FBI and U.S. intelligence agencies.
• The Department of Homeland Security sends its state and local partners intelligence reports with little meaningful guidance, and state reports have sometimes inappropriately reported on lawful meetings.

Department of Homeland Security Privacy Office annual report

The DHS Privacy Office has released its annual report for 2009/2010. The latest and historical documents are available here: DHS | Privacy & FOIA Reports.

Laptop searches at airports infrequent, DHS privacy report says

Computerworld is reporting on the first report of the Department of Homeland Security Privacy Office since the changeover to the Obama administration. The report itself is interesting, but perhaps most interesting are the statistics related to the number of searches of laptops at border crossings. This has been a controversial practice since reports on it came to light some time ago. I was surprised to read that fewer than two thousand took place in the year under review, in light of the millions of people (and laptops) that have crossed the border during that time.

Here's Computerworld's coverage: Laptop searches at airports infrequent, DHS privacy report says.

Senators introduce bill to curb border crossing laptop searches

Two senators have introduced a bill to curb controversial laptop searches and seizures, limiting them to when there is a reasonable suspicion of illegal activity:

Techworld - Privacy groups praise bill curbing warrantless laptop searches

Feingold's bill spells out standards for search and seizures of electronic equipment belonging to US travelers at airports and other borders. The biggest condition is that such searches may be initiated only if the customs agent has "reasonable suspicion" that the traveler is carrying contraband or items otherwise prohibited in the country, or because the traveler is prohibited from entering the US. The equipment may be seized only if the DHS secretary, or a relevant federal or state law enforcement agency, obtains a probable-cause warrant on the belief that the equipment contains information that either violates a law, provides evidence of illegal activity or is foreign intelligence material.

US government tips on avoiding prying eyes of foreign governments

The US Department of Homeland Security is warning government types travelling internationally that their electronic devices may be subject to seizure or intereception. Oh noes! Imagine such a threat to privacy and security!

Thank goodness they've provided some tips on how to avoid the prying eyes of oppressive governments. Of course, these tips weren't provided to the unwashed masses, but wikileaks has a copy of the "FOR OFFICIAL USE ONLY" document. See: US DHS: Foreign Travel Threat Assessment: Electronic Communications Vulnerabilities 2008 - Wikileaks.

I suggest reading it before travelilng into, out of, through, around or over the United States. Or any other intrusive country.

Nomadic laptops can expect the rubber glove treatment

There's been a bit of a buzz lately about laptop inspections by the Department of Homeland Security (Crossing the border? Consider the possibility of laptop searches, Hands off my laptop, Your papers and laptops, please?, US Customs confiscating laptops). Today, the Washington Post is reporting on recently disclosed policies used by the DHS to take and inspect laptops:

Travelers' Laptops May Be Detained At Border (washingtonpost.com)

... The policies state that officers may "detain" laptops "for a reasonable period of time" to "review and analyze information." This may take place "absent individualized suspicion."

The policies cover "any device capable of storing information in digital or analog form," including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover "all papers and other written documentation," including books, pamphlets and "written materials commonly referred to as 'pocket trash' or 'pocket litter.' "

Reasonable measures must be taken to protect business information and attorney-client privileged material, the policies say, but there is no specific mention of the handling of personal data such as medical and financial records.

When a review is completed and no probable cause exists to keep the information, any copies of the data must be destroyed. Copies sent to non-federal entities must be returned to DHS. But the documents specify that there is no limitation on authorities keeping written notes or reports about the materials.

"They're saying they can rifle through all the information in a traveler's laptop without having a smidgen of evidence that the traveler is breaking the law," said Greg Nojeim, senior counsel at the Center for Democracy and Technology. Notably, he said, the policies "don't establish any criteria for whose computer can be searched." ...

If you want to take a look at the policy itself, it's here.

Thanks to Rob Hyndman for the tipoff.

The 2007 Security Hall of Shame

Another "year in review" ... this time the Computerworld nominees to the security hall of shame:

The 2007 Security Hall of Shame

A brace of breaches: 2007's five worst

In a league of its own: The TJX Companies Inc.

The U.K.'s VA: HMRC misplaces records on 25 million kids In November

The system was broken brokered: Fidelity National Information Services

Some honor among thieves: TD Ameritrade Holding Corp. Brokerage firm Ameritrade

Creatures from the hack lagoon: Monster.com

Ummm ... oops?

Notable meltdowns

Do you copy?: DHS's self-created DDoS attack

Bag that: Supervalu gets phished

Undiplomatic relations: Symantec in China

Hear me, see me: House outs whistle-blowers

Arrrrr! WGA sees pirate people

... and your 2007 poster boys

Consultant turns bot herder: John Schiefer

Exit strategy: Gary Min

Don't drop the soap: Ivory Dickerson

Unbirthday boy: Yung-Hsun Lin

Pick a hat already: Maxwell Butler

DHS collected more info on travelers than previously disclosed

Yesterday's Washington Post ran a front page story on the amount of information collected by the Department of Homeland Security as part of its Automated Targeting System.

Collecting of Details on Travelers Documented - washingtonpost.com

The U.S. government is collecting electronic records on the travel habits of millions of Americans who fly, drive or take cruises abroad, retaining data on the persons with whom they travel or plan to stay, the personal items they carry during their journeys, and even the books that travelers have carried, according to documents obtained by a group of civil liberties advocates and statements by government officials.

The personal travel records are meant to be stored for as long as 15 years, as part of the Department of Homeland Security's effort to assess the security threat posed by all travelers entering the country. Officials say the records, which are analyzed by the department's Automated Targeting System, help border officials distinguish potential terrorists from innocent people entering the country.

But new details about the information being retained suggest that the government is monitoring the personal habits of travelers more closely than it has previously acknowledged. The details were learned when a group of activists requested copies of official records on their own travel. Those records included a description of a book on marijuana that one of them carried and small flashlights bearing the symbol of a marijuana leaf....

House bill would boost power of DHS privacy chief

If a current bill introduced in the US Congress is passed, the chief privacy officer will have expanded powers, including the ability to issue subpoena and to report directly to Congress. See: House bill would boost power of DHS privacy chief (1/19/07).

DHS Privacy Officer to scrutinize programs

According to GovExec.com, the newly appointed privacy officer for the Department of Homeland Security has started more closely scrutinizing the Departments IT and other projects for privacy issues. See DHS privacy office steps up scrutiny of technology projects.

DHS Privacy Office Bashes RFID Technology To Track People

This is interesting (and unexpected):

DHS Privacy Office Bashes RFID Technology To Track People - Yahoo! News:

The Department of Homeland Security's Privacy Office has issued a draft report that strongly criticizes privacy and security risks of using radio frequency identification devices for human identification. Public comment on the paper is being taken until May 22.

The privacy office says the technology offers little performance benefit for identification purposes compared with other methods and could turn the government's identification system into a surveillance system.

Homeland Security inks deal to share passenger info with Centers for Disease Control

The Depatrment of Homeland Security and the Department of Health and Human Services have signed a deal to allow unprecedented data sharing to address pandemics and other travel-related health concerns. This goes far beyond the "Safe Traveler" deal previously worked out and critics say that it violates the US/EU pact related to passenger info. To make matters worse, the agencies involved did not publish a privacy impact assessment, though one is required for projects such as this.  See: http://www.govhealthit.com/article94159-04-24-06-Print

Posted on my Blackberry from Calgary, so my apologies for the formatting.

Privacy Security Homeland+Security DHS Personal+Information Health+Information

Homeland Security opening private mail

MSNBC is reporting that a retired professor in the US is shocked that a recent letter from a regular correspondent in the Phillipines was opened and examined by the Department of Homeland Security. The letter arrived with a piece of green tape on it, indicating that the letter was opened "by Border Protection." I don't think this is a new phenomenon, but is being reported on in the wake of the warrantless wiretap scandal in the US.

One thing I find interesting from the story is that the retired professor used to do the same sort of "mail inspection" during the war:

Goodman is no stranger to mail snooping; as an officer during World War II he was responsible for reading all outgoing mail of the men in his command and censoring any passages that might provide clues as to his unit’s position. “But we didn’t do it as clumsily as they’ve done it, I can tell you that,” Goodman noted, with no small amount of irony in his voice. “Isn’t it funny that this doesn’t appear to be any kind of surreptitious effort here,” he said.

Would he prefer that this be hidden?

Read the MSNBC article here: Homeland Security opening private mail - U.S. Security - MSNBC.com.

Privacy :: Homeland Security :: Mail :: National Security

Borrow the wrong book and get it personally delivered by the feds

One of the problems with widespread monitoring is the huge incidence of "false positives". This example from the University of Massachusetts is instructive and a bit chilling to those who have commented upon it.

A senior at UMass Dartmouth was doing a research paper on communism in a class on fascism and totalitarianism. As part of his research, he requested a copy of Chairman Mao's Little Red Book using the interlibrary loans system. (Why a major univeristy library does not have its own copy of the book raises completely different questions.) Instead of the book, he received a visit from officials from the Department of Homeland Security. The agents told the students that the book is on a "watch list". Actually, the agents brought the book with them, but did not leave it with him.

Privacy advocates aren't generally pleased with any watching of what people read, but the chilling effect of this is significant. The professor who teaches the class has decided against teaching a planned class on terrorism because he does not want to put his students at risk of this sort of surveillance and profiling.

Read the coverage here: Agents' visit chills UMass Dartmouth senior: 12/ 17/ 2005, Student Gets Surprise From Mao's Book. Some comment here: Gardistan in Vision: Political censorship in Bush's USA, The Dark Wraith Forums: Special Report: Feds Question Student for Requesting Book of Mao Tse-Tung Quotations, Villa Beausoleil: Fascism comes to New Bedford, David Farrar: Book Monitoring.

UPDATE: There is speculation at Boing Boing that this story is a hoax. Boing Boing: DHS agents visit student over Little Red Book - HOAX DEBATE. As I hear more, I'll post here.

UPDATE 2: The Canadian Privacy Law Blog: Story about feds visiting after request for Mao book is a hoax.

ChoicePoint in the spotlight again; seeking access to California drivers' records on behalf of DHS

The Los Angeles Times is reporting that the embattled ChoicePoint has garnered some additional publicity as it seeks to have access to the entire database maintained by the California Department of Motor Vehicles. It is seeking to have the usual DMV fees waived as it is seeking the records in order to serve its client, the Department of Homeland Security. A number of Californians are a little reluctant to have the state give access to the company that allowed identity thieves free rein in its other databases. The article also discusses some tussles with the Pennsylvania DMV. Check it out: Big Data Broker Eyes DMV Records - Los Angeles Times.

Thanks to Daniel Solove at Concurring Opinions for the link. Check out what he has to say as well: Concurring Opinions: ChoicePoint Wants Your Motor Vehicle Records.

Homeland Security rights chief urges Muslim fliers to register

I think we might see some backlash against the proposition that Muslims in the United States should pre-register with the Department of Homeland Security if they want to fly on a commercial aircraft. It is a bit ironic that it is coming from the head of Civil Rights for the DHS. And I would have thought that they would have spun this a little better. I'm not so sure that too many people will be comfortable with handing the DHS a completed "Passenger Identity Verification Form", including name, address, birth date, height, weight, eye and hair color, and attaching copies of three of the following documents: passport, visa, birth certificate, naturalization certificate, voter registration card, government identity card or military identity card. The more suspicious and cynical among us might think that law enforcement and intelligence folks may keep that information on hand and use it for other purposes. See: Homeland Security rights chief urges Muslim fliers to register (phillyBurbs.com) | New Jersey News.

DHS privacy officer to resign?

Ryan Singel at Secondary Screening is reporting that the privacy officer at the Department of Homeland Security is resigning unexpectedly. The DHS is the only US Federal Agency that is rquired by law to have a privacy officer: Secondary Screening: Privacy Czarina Resigns.

DHS spins RFID ... presto! Contactless integrated circuits!

The Department of Homeland Security is learning that RFID has negative connotations. According to Wired News, they're trying to rename them, at least in their cards:

Wired News: RFID Cards Get Spin Treatment:

"... The distinction is part of an effort by the Department of Homeland Security and one of its RFID suppliers, Philips Semiconductors, to brand RFID tags in identification documents as 'proximity chips,' 'contactless chips' or 'contactless integrated circuits' -- anything but 'RFID.' ..."

I suppose they didn't want to call them "auto id chips" or "spy chips".

Did TSA mislead the public on passengers' private data? DHS thinks so.

According to an investigation by the Department of Homeland Security, and reported on by Yahoo news (Report: TSA Misled Public on Personal Data), the Transportation Security Administration misled the public about its role in getting passenger information from airlines while testing its passenger profiling software.

CBS News has a strongly-worded headline for its coverage of the story: CBS News | Airline Passenger Privacy Betrayed