Tag Archives: eff

Friday on AxXiom For Liberty Live! Miles Kinard, Author, American Stasi: Fusion Centers and Domestic Spying.

a4l 55

Kaye Beach

****Show Notes Posted Below*************

March, 21, 2013

This Friday on AxXiom For Liberty with Kaye Beach and Howard Houchen 6-8pm Central – Miles Kinard author of the magazine exposé, American Stasi: Fusion Centers and Domestic Spying.

Listen Live-LogosRadioNetwork.com  click ‘Listen’ then choose your Internet speed.  Logos Radio Network is a listener supported, free speech radio network and your contributions are vital but you do not have to be a subscriber in order to hear the show.
american stasi

“This is no longer just a ‘surveillance state.’  We are on the fast track to a police state.” -Miles Kinard, interview with the Spingola Files, Dec. 2012

We are very excited to introduce you to Miles Kinard, researcher and author of the magazine exposé, American Stasi: Fusion Centers and Domestic Spying.

What is a Fusion Center?

The principal role of the fusion center is to compile, analyze, and disseminate criminal/terrorist information and intelligence and other information (including, but not limited to, threat, public safety, law enforcement, public health, social services, and public works) to support efforts to anticipate, identify, prevent, and/or monitor criminal/terrorist activity.   http://www.scribd.com/doc/19251638/Fusion-Center-Guidelines-Law-Enforcement

I jumped on Mr. Kinard’s work on fusion centers last year when it was released and found his writing on the subject to be extremely lucid and his research, impeccable.  You can get it for a song and instant download at Amazon.com

http://www.amazon.com/American-Stasi-Centers-Domesitc-ebook/dp/B006YZQFL8/ref=sr_1_1?ie=UTF8&qid=1327104356&sr=8-1

Miles Kinard’s work explores these secretive 9/11 domestic intelligence units that are considered key by the Department of Homeland Security in its quest to know everything about everybody all the time.

There is at least one of these relatively new intelligence centers located in every state (74 78 total) and precious little attention has been given to them by the mainstream media.

Secrecy, the waste of taxpayer dollars and especially the potential civil liberties violations were highlighted by Kinard’s work.  All of this and more was subsequently confirmed by a two-year bipartisan investigation by the U. S. Senate Permanent Subcommittee on Investigations which released a 107 page report last October.

Tonight we will get a chance to talk to Miles about the state fusion centers as part of what he refers to as the “Surveillance Industrial Complex” in general and discuss the implications of these state-based (but federally controlled) spy centers that he identified in his exposé .

Join us – Your questions or comments are always welcome!

CALL IN LINE 512-646-1984

 *******************SHOW NOTES**************************

Events:

common core not ok

Restore Oklahoma Public Education (R.O.P.E.)

Common Core is NOT OK!” Events

  • Wed., March 27th:   Common Core is NOT OK! Rally State Capitol, 2nd floor rotunda (Supreme Court hallway), Noon  Click here for rally info.
  • Thurs., March 28th:  State Board of Education meeting Oliver Hodge Educ. Bldg., room I-20, 9:30 a.m., Meeting instructions.

“The Common Core State Standards present a takeover of public education by a small group of individuals. This takeover will change the way that teachers teach, parents interact with their schools due to loss of local control, and present students with a narrow range of studies and increased standardized testing. Oklahomans must maintain local control over public education, therefore, we reject the Common Core State Standards.”  Read More from ROPE

FERPA, Amendemnts

rosakoare

April 5 & 6, 2013, Tulsa 9.12 will host a symposium on “Understanding Agenda 21.” Rosa Koire, author of “Behind the Green Mask” and founding member of Democrats Against Agenda 21, will be one of our many speakers. If you would like to learn more about Agenda 21 and how it affects you, please plan on joining us.

Understanding Agenda 21 – A Symposium  (You can RSVP on Facebook but Registration must be received by April 1st  REGISTER HERE

Referenced:

Testimony of Jennifer Lynch,  Electronic Frontier Foundation(EFF), Senate Committee on the Judiciary Subcommittee on Privacy, Technology, and the Law, July 18, 2012

What Facial Recognition Technology Means for Privacy and Civil Liberties 

The Militarization of U.S. Domestic Policing

 Abigail R. Hall and Christopher J. Coyne
Abstract
This paper develops the political economy of the militarization of domestic policing.
We analyze the mechanisms through which the “protective state”—where the government utilizes its monopoly on force to protect citizens’ rights—devolves into a “predatory state” which undermines the rights of the populace. We apply our theory to the U.S.,where we trace the(failed) historical attempts to establish constraints nto separate the military functions and policing functions of government.
In doing so we emphasize the role of crises in the form of perpetual wars—the “War on Drugs” and the “War on Terror”—in the accelerated militarization of domestic policing.

Miss a show?  Get the Podcast!  Archives here

Other ways to listen;

Listen to Logos Radio Network on SHOUTcast

iTunes-AxXiom For Liberty and other great Logos Radio Network shows can be accessed by iPhone and iPad on iTunes!  Just search iTunes for “AxXiom For Liberty” or “Logos Radio Network”

Advertisements

Next Gen ID-pulling it ALL together

Link

Kaye Beach

July 19, 2011

Back in 2008 some were raising concerns about the FBI’s Next Gen ID Database

FBI’s Next-Gen ID Databank to Store Face Scans A Good Idea?
Lockheed Martin is building a massive digital warehouse of criminal information, set tobring facial recognition and eye scans to local law enforcement within 10 years. The FBImay use biometric technology to bolster mug shots, fingerprints and DNA to catchcrooks²but privacy advocates say there’s reason for law-abiding citizens to worry.

The FBI has already begun gathering iris scans, and says it will need to expand its photograph database to ramp up inputs for the NGI system growth that could be the basis for our facial recognition,´ says an agency official. (Image Courtesy of Lockheed Martin)

The Electronic Freedom Foundation updates us on the progress of NGI, linking to Freedom of Information Act acquired documents that show the how biometric data is being gathered and consolidated. The slides that you see are from NGI presentations I have collected.  As you can see from slide 24 (below)  the NGI program is progressing exactly as promised.  (the powerpoint that these slides are from was produced in 2009 if my memory serves)

The Electronic Freedom Foundation lists a few of the major problems with the collection, sharing and consolidation of biometric information but, to me, number three says it all-

The third reason for concern is at the heart of much of our work at EFF. Once the collection of biometrics becomes standardized, it becomes much easier to locate and track someone across all aspects of their life. As we said in 2003, “EFF believes that perfect tracking is inimical to a free society. A society in which everyone’s actions are tracked is not, in principle, free. It may be a livable society, but would not be our society.”

It is worth highlighting the fact that this system is NOT limited to identification data of criminals.

The FBI’s Next Generation Identification: Bigger and Faster but Much Worse for Privacy

July 8th, 2011

This week, the Center for Constitutional Rights (CCR) and several other organizations released documents from a FOIA lawsuit that expose the concerted efforts of the FBI and DHS to build a massive database of personal and biometric information. This database, called “Next Generation Identification” (NGI), has been in the works for several years now. However, the documents CCR posted show for the first time how FBI has taken advantage of the DHS Secure Communities program and both DHS and the State Department’s civil biometric data collection programs to build out this $1 billion database.

. . .Currently, the FBI and DHS have separate databases (called IAFIS and IDENT, respectively) that each have the capacity to store an extensive amount of information—including names, addresses, social security numbers, telephone numbers, e-mail addresses, fingerprints, booking photos, unique identifying numbers, gender, race, and date of birth. Within the last few years, DHS and FBI have made their data easily searchable between the agencies. However, both databases remained independent, and were only “unimodal,” meaning they only had one biometric means of identifying someone—usually a fingerprint.

LINK

In contrast, as CCR’s FOIA documents reveal, FBI’s NGI database will be populated with data from both FBI and DHS records. Further, NGI will be “multimodal.” This means NGI is designed to allow the collection and storage of the now-standard 10-print fingerprint scan in addition to iris scans, palm prints, and voice data. It is also designed to expand to include other biometric identifiers in the future. NGI will also allow much greater storage of photos, including crime scene security camera photos, and, with its facial recognition and sophisticated search capabilities, it will have the “increased ability to locate potentially related photos (and other records associated with the photos) that might not otherwise be discovered as quickly or efficiently, or might never be discovered at all.”

Read More

LINK

Newly Released Documents Detail FBI’s Plan to Expand Federal Surveillance Laws

Kaye Beach

Feb 21, 2011

Jeremy Bentham developed a prison design he called the “Panopticon”. It had a central tower for the jailers, with a circular building around it divided into cells. The guards could see the cells without being seen. The inmates could not know when, or whether, they were being watched.

Bentham spent a great deal of time perfecting its design to achieve the greatest possible visibility of the inmates, and complete concealment for the guards. He argued that the prison could employ very few guards, since the prisoners could not know when they were being watched. The project’s key concept, however, wasn’t about architecture or economics; it was about the psychology of control.

This is why surveillance cameras and other measures from the arsenal of Big Brother are so dangerous.

The eye that is watching you is also within you.

The modern panopticon is not limited to an institution such as a prison, it is being constructed all around us.

From the Electronic Freedom Foundation:

EFF just received documents in response to a 2-year old FOIA request for information on the FBI’s “Going Dark” program, an initiative to increase the FBI’s authority in response to problems the FBI says it’s having implementing wiretap and pen register/trap and trace orders on new communications technologies. The documents detail a fully-formed and well-coordinated plan to expand existing surveillance laws and develop new ones. And although they represent only a small fraction of the documents we expect to receive in response to this and a more recent FOIA request, they were released just in time to provide important background information for the House Judiciary Committee’s hearing tomorrow on the Going Dark program.

We first heard about the FBI’s Going Dark program in 2009, when the agency’s Congressional budget request included an additional $9 million to fund the program (on top of the $233.9 million it already received). Late last year, the New York Times linked the program to a plan to expand federal surveillance laws like the Communications Assistance to Law Enforcement Act (CALEA). We issued FOIA requests to the FBI in 2009 for information on Going Dark and in 2010 for information on the agency’s plans to update CALEA. These are the first documents we’ve received since we filed our lawsuit against the agency late last year. The documents provide rare insight into the agency’s multi-year strategy to increase its power to surveil our communications.

Here’s What the Documents Show:

What is the “Going Dark” Program?

The name “Going Dark” is cryptic, and the FBI’s public statements about the program are even more so. Nevertheless, FBI’s Operational Technology Division states that the program is one of the FBI’s “top initiatives” and has “gotten attention so far from high ranking officials in other federal, state, and local agencies and from industry.” (GD4, p. 110).1 The FBI has told reporters in emails that Going Dark is:

the program name given to the FBI’s efforts to utilize innovative technology; foster cooperation with industry; and assist our state, local, and tribal law enforcement partners in a collaborative effort to close the growing gap between lawful interception requirements and our capabilities.

(GD2, p1). The FBI has also said that the term “Going Dark” does not refer to a specific capability, but is a program name for the part of the FBI, Operational Technology Division’s (OTD) lawful interception program which is shared with other law enforcement agencies. The term applies to the research and development of new tools, technical support and training initiatives.

(GD2, p 8). Behind this rhetoric, the documents detail a program set up to address the FBI’s allegations that communications providers’ technologies prevent the agency from implementing wiretap and pen register/trap and trace orders – essentially, the FBI alleges it is “‘in the dark’ by the loss of evidence, that [it] would be lawfully entitled to, due to advances in technology, antiquated ELSUR laws, and or lack of resources, training, [and] personnel,” (GD4, p. 120), and the FBI needs new laws and new tools to bring this evidence into the light.

The FBI’s “Five-Prong” Going Dark Strategy

The FBI states the Going Dark program is a “five-prong strategic approach to address the lawful ‘Intercept capability gap'” (GD3, p. 10). These five prongs are:

  1. modernization /amendment of existing laws,
  2. enhancing authorities to protect industry proprietary and [law enforcement] sensitive lawful intercept information, equipment and techniques,
  3. enhancing [law enforcement] agencies’ coordination leveraging technical expertise of FBI with other [law enforcement] entities,
  4. enhancing lawful intercept cooperation between the communications industry and [law enforcement agencies] with a “One Voice” approach, and
  5. seeking new federal funding to bolster lawful intercept capabilities.

(GD3, p. 10). Originally it seemed the FBI was focused on just updating CALEA (which could be bad enough if it included some of the things we wrote about here), but now it appears the FBI plans to seek changes to the Electronic Communications Privacy Act (ECPA) and other laws, and may also propose new laws. For example, another document we received notes under Prong 1 that “Existing lawful intercept laws (e.g., Title III of the Omnibus Crime Control and Safe Streets Act, Electronic Communications Privacy Act [ECPA], and the Communications Assistance for Law Enforcement Act [CALEA]) require modernization as a result of advancements in communications services and technologies.” (GD1, pp. 38-40). And another document breaks the FBI’s legislative strategy down into two categories:

  1. modernizing the Federal ELSUR [electronic surveillance] assistance mandates and Federal ELSUR laws and
  2. enacting new ELSUR-enhancing statutory authorities.

(GD1, p. 13). This is the first hard evidence we’ve seen that the FBI is pushing to update ECPA in addition to CALEA, and it is concerning to learn that the agency is trying to convince Congress that these two laws should be expanded at the same time to give the FBI even broader power to conduct “lawful” surveillance. Unfortunately, we don’t know much more about the specifics of the FBI’s plan because crucial information in the documents has been withheld or blocked out.

The FBI Has Been Working on “Going Dark” Since at Least 2006 and Has Lobbied Congress and the White House to Support the Program with More Money and Stronger Laws

The FBI and DOJ have been working on amendments to CALEA since at least 2006, though their efforts to lobby Congress and the White House have steadily ramped up within the last few years. (GD1, p. 34). The FBI has met with important Congressional committees and with the White House about Going Dark many times since January 2008 and has specific plans to “socialize [its] Strategy with key Congressional members and staff (e.g., Judiciary, Intelligence, Appropriations).” (GD1, pp. 38-30).

For example, in January 2008, the FBI director testified before the House and Senate at the annual threat assessment hearing and included a Q&A handout on Going Dark for the briefing book. (GD1, p.7). Although the hearings were held in both open and closed sessions (and so this handout should be available to the public), the version we received is heavily redacted. (GD1, p. 22).

In March 2008, staff from the Senate Subcommittee on Commerce, Justice, and Science visited the FBI’s Operational Technology Division and had a briefing on Going Dark with Kerry Haynes, the Assistant Director of the Investigative Technologies Division. Topics discussed included “unfunded requirements, level of cooperation/understanding/assistance from DNI, level of sharing and cooperation with IC/telecom and [international] partners, consolidation of tech efforts across industry, working groups/detailees [sic] to consolidate efforts, the ‘data coordination center’ concept.” (GD1, p. 32).

The FBI focused much of its lobbying efforts on the Senate Commerce, Justice, Science (CJS) Appropriations Subcommittee, and met with met with Senator Mikulski, the committee chair, and her staffers several times over the last few years in both open and closed sessions, including in April 2008, June 2008, May 2009, and June 2009. In fact, according to the FBI, Senator Mikulski stated during the June 2008 meeting: “The FBI and the CJS have had a very productive working relationship and the FBI can count on the CJS for whatever it needs to fulfill the mission of the FBI.” (GD1, p. 30).

The FBI also met or communicated with key members of the current administration and other agencies, including meeting with the Obama transition team in November 2008, (GD3, p. 8-9). The agency discussed Going Dark with the Department of Commerce in May 2009, (GD4, p. 26), and met with ODNI on Going Dark in October 2008. (GD4, p. 80) The FBI also worked directly with the DEA to try to collect information detailing agents’ inability to conduct electronic surveillance, to provide support for the agency’s claim that it needed new and better tools and laws. (GD4, pp. 24-25). And the agency planned to vet its 5-prong strategy with both the Office of Management and Budget (OMB) and Department of Justice (DOJ). (GD1, pp. 38-30).

The FBI Has Also Worked With State and Local Law Enforcement and Private Government Contractors to Develop and Implement its Strategy

Several of the documents we received detail the FBI’s holistic approach to implementing Going Dark. For example, the agency sought input from state and local law enforcement leadership such as “IACP, Major Cities Chiefs, Major County Sheriffs’ Association,” (GD1, pp. 38-40), and asked state and local law enforcement to provide it with examples of electronic surveillance failures. The agency also reached out to the communications industry, including “IP-based communications service providers and manufacturers” and “third-party lawful intercept solution providers.” (GD1, pp. 38-40, 2-3). And the agency contracted with private government consultants at RAND Corporation and Booz, Allen & Hamilton to study the problem and help devise solutions. (GD3, p. 28; GD4, pp. 6-7; GD4, p. 112)

What Does This Mean for our FOIA Lawsuit and for the FBI’s Hopes to Implement Changes to Federal Surveillance Laws?

The interesting thing about all this is that the DOJ has argued in response to our motion seeking documents that because there’s no draft legislation being publicly bandied about right now, there can be no urgency to our FOIA request. For this reason, the agency won’t agree to any deadline to produce its documents. We’ll be arguing this point in the court hearing on our motion tomorrow and hope to convince the court that the Going Dark documents, combined with the House Judiciary Committee hearing, show that the DOJ is serious about pushing through changes to communications surveillance laws as soon as possible. We’ll be urging the court to order the DOJ to produce the rest of the documents in response to our FOIA requests while there’s still time to influence the debate.

  1. 1. The citations refer to the documents posted at the end of this deeplink. Page numbers refer to the pages in each pdf document.
Attachment Size
FBI Going Dark Release Part 1 (GD1) 772.45 KB
FBI Going Dark Release Part 2 (GD2) 862.85 KB
FBI Going Dark Release Part 3 (GD3) 1.6 MB
FBI Going Dark Release Part 4 (GD4) 2.29 MB

Related Issues: CALEAFOIA Litigation for Accountable GovernmentFree SpeechPrivacyTransparency

Related Cases: FOIA: Expanding CALEA and Electronic Surveillance Laws

[Permalink]

Donate to EFF

Defend Your Digital Rights

Buy EFF Swag

Shirts, hats and more in the EFF shop

BREAKING: “The Armed Citizen” Closes – Site Named in Infringement Suit

On July 21st, The Armed Citizen received an indirect and informal notice of a lawsuit against this website and its owners, David Burnett and Clayton Cramer.

The suit, reportedly filed in US District Court on July 20th, alleges that The Armed Citizen and its owners “willfully copied” and infringed on original source content from the Las Vegas Review-Journal.

According to news reports, Righthaven LLC has filed lawsuits against no less than 80 other political websites and individual blogs for “infringement.”

Read More

From EFF legal and liability issues for bloggers

What is good enough for Communist China is good enough for Oklahoma

May 16, 2010

by Kaye Beach

Why was HB 2569, a good bill that would have protected Oklahoma residents from the risks and insecurities  of RFID technology being embedded in required identification documents such as state driver’s licenses and state ID cards vetoed?

It appears as though the same industry lobbyists that are helping China to enslave its citizens are also involved in killing HB 2569.  Here is the letter Richard Chace, the CEO of the Security Industry Association,  wrote to Oklahoma Gov. Brad Henry urging him to veto the bill.  And here is SIA’s press release bragging about their successful intervention in state politics to further their cause.

SIA Letter Brad Henry

Why do I have trouble believing that the SIA, a powerful industry lobbying group, is concerned about the privacy and security of Oklahoma residents?


Robin Huang, the chief operating officer of China Public Security says;

“We have a very good relationship with U.S. companies like I.B.M., Cisco, H.P., Dell,” said Robin Huang, the chief operating officer of China Public Security.

“All of these U.S. companies work with us to build our system together.”


Besides mucking about in state government to secure corporate financial interests to the detriment or our personal security,  Richard Chace plies his skills on an international level helping the Chinese government implement the tools of technological tyranny.

“This report underscores that the Olympic Games not only showcase world-class athletes, they showcase world-class security technologies and services from our industry,” says Richard Chace, SIA executive director and CEO. “People across the globe will be wondering how one of the world’s premier events will deal with security threats and issues. SIA’s China Olympic Security Update goes a long way toward answering those questions.”

The Olympic Update is a companion piece to SIA’s China Security Market Report, the definitive analysis of China’s electronic security market. That report provides an in-depth analysis of the social and economic factors driving demand; the size and growth of the Chinese security industry, including a forecast through 2010; and the size and growth of 11 vertical markets. In December 2007, SIA will release an additional update on the 2010 World Expo in Shanghai.
Read more;

http://securitysolutions.com/news/olympic-games-security/

Our Governor finds Mr. Chace’s rational about the necessity of RFID in our ID documents more compelling than all of the security experts, civil liberty and privacy advocates, industry insiders, government officials and agencyklahoma Representatives and their constituency. commissions not to mention the O

I am completely disgusted.

Here are a couple of stories that give us an idea of how techno-repression appears in the modern police state;

China’s All Seeing Eye

With the help of U.S. defense contractors, China is
building the prototype for a high-tech police state.

It is ready for export.

China Enacting a High-Tech Plan to Track People

2007

By KEITH BRADSHER

SHENZHEN, China, Aug. 9 — At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity.

Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens.

Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included, for enforcement of China’s controversial “one child” policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card.

Security experts describe China’s plans as the world’s largest effort to meld cutting-edge computer technology with police work to track the activities of a population and fight crime. But they say the technology can be used to violate civil rights.

What companies are helping China realize the dreams of despots?

Seven “Corporations of Interest” in Selling Surveillance Tools to China

Commentary by Danny O’Brien

[. . .] many U.S. (and multinational) technology companies may be knowingly selling Chinese authorities the surveillance equipment used to commit or facilitate human rights abuses. We think it’s high time to pay attention to them as well.

The “Corporations of Interest”

Drawing from published news articles, EFF has compiled a list of seven corporations that are reportedly selling surveillance technology to the Chinese government and related entities. We’re designating them “corporations of interest”.

Of course, news articles alone are not absolute evidence that these companies are indeed fostering repression in China. But it’s clear that China uses technology to employ rampant censorship, invasive data collection and intimidation. Learning exactly what is going on, especially in the Chinese environment of state secrecy and propaganda, is difficult. But news reports, especially those that include admissions of some level of involvement from company officials, are a sufficient basis to begin asking further questions.

  1. Cisco: Cisco’s deep involvement in the building of China’s Golden Shield Project has been admitted by the company. Cisco’s involvement has even already been raised before Congress, including the fact that Cisco engineers gave a presentation acknowledging the repressive uses for their technology that quoted their Chinese government buyers as saying that Cisco’s products could be used to “combat ‘Falun Gong’ evil religion and other hostiles.” The UK’s Guardian reports that Cisco provides over 60% of all routers, switches, and network gear to China and estimates that Cisco makes $500 million annually from China.
  2. Nortel: Rolling Stone and The Guardian report that Nortel has sold hardware to aid the Golden Shield Project for surveillance and censorship purposes, including working with Tsinghua University to develop speech recognition software to monitor telephone conversations.
  3. Oracle: Business Week reports that Oracle has sold software to the Chinese Ministry of Public Security for criminal and ideological investigations. Oracle admits that one-third of its business in China is with the government.
  4. Motorola: Business Week also reports that Motorola sold the Chinese authorities handheld devices for street cops to tap into “sophisticated data repositories” on Chinese citizens.
  5. EMC: Business Week also reports that EMC sold “sophisticated data repositories” to the Chinese public security authorities. The top EMC executive in Beijing is quoted as saying, “We can expect big revenue from public security agencies” in China.
  6. Sybase: Business Week also reports that Sybase sells database programs to the Shanghai police.
  7. L-1 Identity Solutions: Rolling Stone reports that this Connecticut-based biometrics company sold software to Chinese companies that aids government officials in identifying individuals for purposes of criminal investigations.

The question of which companies have assisted in Chinese surveillance is just a small piece of a very large puzzle and we’re quite confident that there are more than just these seven. And obviously many countries other than China are engaged in Internet surveillance — from Iran’s infamous repression of political dissent, to censorship efforts across the globe, to the USA’s own domestic surveillance architecture. Corporate complicity in these efforts is equally deserving of scrutiny.

It’s also worth keeping in mind that surveillance is only part of the equation. Other technologies created or sold by companies may also be misused by the Chinese authorities. For instance, Internet censorship systems curtail civil liberties almost as severely as Internet surveillance systems. Research by the OpenNet Initiative has shown that censorship systems in many repressive countries have been outsourced to U.S. corporations.

Read more;

http://www.eff.org/deeplinks/2010/01/selling-china-surveillance

Surveillance Shocker: Sprint Received 8 MILLION Law Enforcement Requests for GPS Location Data in the Past Year

December 1st, 2009

News Update by Kevin Bankston

This October, Chris Soghoian — computer security researcher, oft-times journalist, and current technical consultant for the FTC’s privacy protection office — attended a closed-door conference called “ISS World”. ISS World — the “ISS” is for “Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering” — is where law enforcement and intelligence agencies consult with telco representatives and surveillance equipment manufacturers about the state of electronic surveillance technology and practice. Armed with a tape recorder, Soghoian went to the conference looking for information about the scope of the government’s surveillance practices in the US. What Soghoian uncovered, as he reported on his blog this morning, is more shocking and frightening than anyone could have ever expected

At the ISS conference, Soghoian taped astonishing comments by Paul Taylor, Sprint/Nextel’s Manager of Electronic Surveillance. In complaining about the volume of requests that Sprint receives from law enforcement, Taylor noted a shocking number of requests that Sprint had received in the past year for precise GPS (Global Positioning System) location data revealing the location and movements of Sprint’s customers. That number?

EIGHT MILLION.

Sprint received over 8 million requests for its customers’ information in the past 13 months. That doesn’t count requests for basic identification and billing information, or wiretapping requests, or requests to monitor who is calling who, or even requests for less-precise location data based on which cell phone towers a cell phone was in contact with. That’s just GPS. And, that’s not including legal requests from civil litigants, or from foreign intelligence investigators. That’s just law enforcement. And, that’s not counting the few other major cell phone carriers like AT&T, Verizon and T-Mobile. That’s just Sprint.

Here’s what Taylor had to say; the audio clip is here and we are also mirroring a zip file from Soghoian containing other related mp3 recordings and documents.

[M]y major concern is the volume of requests. We have a lot of things that are automated but that’s just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don’t know how we’ll handle the millions and millions of requests that are going to come in.

Eight million would have been a shocking number even if it had included every single legal request to every single carrier for every single type of customer information; that Sprint alone received eight million requests just from law enforcement only for GPS data is absolutely mind-boggling. We have long warned that cell phone tracking poses a threat to locational privacy, and EFF has been fighting in the courts for years to ensure that the government only tracks a cell phone’s location when it has a search warrant based on probable cause. EFF has also complained before that a dangerous level of secrecy surrounds law enforcement’s communications surveillance practices like a dense fog, and that without stronger laws requiring detailed reporting about how the government is using its surveillance powers, the lack of accountability when it comes to the government’s access to information through third-party phone and Internet service providers will necessarily breed abuse. But we never expected such huge numbers to be lurking in that fog.

Now that the fact is out that law enforcement is rooting through such vast amounts of location data, it raises profoundly important questions that law enforcement and the telcos must answer:

  • How many innocent Americans have had their cell phone data handed over to law enforcement?
  • How can the government justify obtaining so much information on so many people, and how can the telcos justify handing it over?
  • How did the number get so large? Is the government doing massive dragnet sweeps to identify every single cell phone that was in a particular area at a particular time? Is the government getting location information for entire “communities of interest” by asking not only for their target’s location, but also for the location of every person who talked to the target, and every person who talked to them?
  • Does the number only include requests to track phones in real-time, or does it include requests for historical GPS data, and if so, why did the telcos have that incredibly sensitive data sitting around in the first place? Exactly when and how are they logging their users’ GPS data, and how long are they keeping that data?
  • What legal process was used to obtain this information? Search warrants? Other court orders? Mere subpoenas issued by prosecutors without any court involvement? How many times was this information handed over without any legal process at all, based on government claims of an urgent emergency situation?
  • Looking beyond Sprint and GPS, how many Americans have had their private communications data handed over to law enforcement by their phone and Internet service providers?
  • What exactly has the government done with all of that information? Is it all sitting in an FBI database somewhere?
  • Do you really think that this Orwellian level of surveillance is consistent with a free society and American values? Really?

These questions urgently need to be asked — by journalists, and civil liberties groups like EFF, and by every cell phone user and citizen concerned about privacy. Most importantly, though, they must be asked by Congress, which has failed in its duty to provide oversight and accountability when it comes to law enforcement surveillance. Congress should hold hearings as soon as possible to demand answers from the government and the telcos under oath, and clear the fog so that the American people will finally have an accurate picture of just how far the government has reached into the private particulars of their digital lives.

Even without hearings, though, the need for Congress to update the law is clear. At the very least, Congress absolutely must stem the government’s abuse of its power by:

  • Requiring detailed reporting about law enforcement’s access to communications data using the Electronic Communications Privacy Act (ECPA), just as it already requires for law enforcement wiretapping under the Wiretap Act, and make sure that the government actually fulfills its obligations rather than ignore the law for years on end.
  • Requiring that the government “minimize” the communications data it collects under ECPA rather than keep it all forever, just like it is supposed to do with wiretaps.
  • Prohibiting the government from using in a criminal trial any electronic communications content or data that it obtains in violation of ECPA, just as the government is prohibited by the Wiretap Act from using illegally acquired telephone intercepts.
  • Clarifying that ECPA can only be used to get specific data about particular individuals and cannot be used for broad sweeps, whether to identify everyone in a particular geographic area or to identify every person that visits a particular web site.

It’s time for Congress to pull the curtain back on the vast, shadowy world of law enforcement surveillance and shine a light on these abuses. In the meantime, we give our thanks to those like Chris Soghoian who are doing important work to uncover the truth about government spying in America.

UPDATE: Sprint has responded to Soghoian’s report:

The comments made by a Sprint corporate security officer during a recent conference have been taken out of context by this blogger. Specifically, the “8 million” figure, which the blogger highlights in his email and blog post, has been grossly misrepresented. The figure does not represent the number of customers whose location information was provided to law enforcement, as this blogger suggests.

Instead, the figure represents the number of individual “pings” for specific location information, made to the Sprint network as part of a series of law enforcement investigations and public safety assistance requests during the past year. It’s critical to note that a single case or investigation may generate thousands of individual pings to the network as the law enforcement or public safety agency attempts to track or locate an individual.

Instances where law enforcement agencies seek customer location information include exigent or emergency circumstances such as Amber Alert events, criminal investigations, or cases where a Sprint customer consents to sharing location information.

Sprint takes our customers’ privacy extremely seriously and all law enforcement and public safety requests for customer location information are processed in accordance with applicable state and federal laws.

This response provides some important answers, while raising even more questions. First off, Sprint has confirmed that it received 8 million requests, while denying a charge that no one has made: that 8 million individual customers’ data was handed over. Sprint’s denial also begs the question: how many individual customers have been affected?

As for Sprint’s claim that in some instances a single case or investigation may generate thousands of location “pings”, that is certainly possible, but that doesn’t make the 8 million number any less of a concern, or moot any of the important questions raised by Soghoian in his report or by EFF in its post regarding the lack of effective oversight and transparency in this area.

Even assuming that Sprint’s statement about “pings” is true, 8 million — or, in other words, 8,000 thousands — is still an astronomical number and more than enough to raise serious concerns that Congress should investigate and address. Moreover, the statement raises additional questions: exactly what legal process is being used to authorize the multiple-ping surveillance over time that Sprint is cooperating in? Is Sprint demanding search warrants in those cases? How secure is this automated interface that law enforcement is using to “ping” for GPS data? How does Sprint insure that only law enforcement has access to that data, and only when they have appropriate legal process? How many times has Sprint disclosed information in “exigent or emergency circumstances” without any legal process at all? And most worrisome and intriguing: what customers does Sprint think have “consent[ed] to the sharing [of] location data” with the government? Does Sprint think it is free to hand over the information of anyone who has turned on their GPS functionality and shared information with Sprint for location-based services? Or even the data of anyone who has agreed to their terms of service? What exactly are they talking about?

These questions are only the beginning, and Sprint’s statement doesn’t come close to answering all of them. Of course, we appreciate that Sprint has begun a public dialogue about this issue. But this should be only the beginning of that discussion, not the end. Ultimately, the need for Congress to investigate the true scope of law enforcement’s communications surveillance practices remains. Congress can and should dig deeper to get the hard facts for the American people, rather than forcing us to rely solely on Sprint’s public relations office for information on these critical privacy issues.

Related Issues: Cell TrackingLocational Privacy

http://www.eff.org/deeplinks/2009/12/surveillance-shocker-sprint-received-8-million-law

Real ID Follies Continue with PASS ID Waiting in the Wings

The Electronic Frontier Foundation Reports;

December 11th, 2009

News Update by Richard Esguerra

As 2009 draws to a close, we’re inching ever deeper into the corner that Congress painted us into by passing Real ID under the table in 2005. (Recall that Real ID is the failed, Bush-era attempt to turn state drivers licenses into national ID cards by forcing states to collect and store licensee data in databases, and refusing to accept non-compliant IDs for federal purposes, like boarding a plane or entering a federal building.)

The official deadline for states to comply with the Department of Homeland Security’s (DHS) final Real ID rule is December 31, 2009, and an estimated 36 states will not be in compliance by then, leading to some ambiguity for many citizens. For example, will residents of Montana be able to board planes in January 2010 with only a driver’s license (a state-supplied, technically non-compliant document) and without a passport (an identity document issued by the federal government)?

Past history strongly suggests that DHS will issue last-minute waivers to states that have not amped up their drivers licenses to adhere to Real ID. Early in 2008, states that actively opposed Real ID received waivers from DHS, nominally marking the states as “compliant” despite strongly-stated opposition to ever implementing Real ID.

But waiting in the wings is PASS ID, a bill that attempts to grease the wheels by offering money to the states to implement ID changes. Despite having the appearances of reform, PASS ID essentially echoes Real ID in threatening citizens’ personal privacy without actually justifying its impact on improving security. For this reason, PASS ID is not popular — privacy advocates refuse to support the bill because it still creates a national ID system. It still mandates the scanning and storage of applicants’ critical identity documents (birth certificates, visas, etc.), which will be stored in databases that will become leaky honeypots of sensitive personal data — prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. And on the other side, short-sighted surveillance hawks are unhappy with the bill because they support the privacy violations architected into the provisions of the original Real ID Act.

As such, advocates of PASS ID are publicly wringing their hands over the deadline in order to encourage Congress to approve the PASS ID Act before the end of the year. But the fracas over health reform is suffocating any chance for meaningful debate about the merits of PASS ID before the Dec. 31st deadline.

A pragmatic analysis should show that Real ID is dead. To date, 24 states have enacted resolutions or binding legislation prohibiting participation in Real ID, and the varied, desperate efforts to reanimate it are misguided. Whether the states or the federal government signs the invoice, the cost ultimately falls to taxpayers, who should be troubled that neither Real ID nor PASS ID is likely to fulfill the stated goal of stopping terrorists from obtaining identity documents. (Just this week, noted security expert Bruce Schneier linked to a report about government investigators successfully using fake identity documents to obtain high-tech “e-passports,” which were then used to buy plane tickets, and board flights — the point being that a fancy, “secure” identity document doesn’t stop individuals from exploiting a weak bureaucracy.)

On the other hand, the resulting databases filled with scanned identity documents will create tantalizing targets for identity thieves and headaches for people whose digital documents are pilfered; and a national ID system will invite mission creep from the government as well as private entities like credit reporting agencies and advertisers. It’s high time for reason to replace the reflexive defense of a failed scheme. Congress should repeal Real ID for real and seek more inspired, protective solutions to identity document security.

http://www.eff.org/deeplinks/2009/12/real-id-follies-continue-pass-id-waiting-wings

Report on the FBI’s Investigative Data Warehouse 2009


Report on the Investigative Data Warehouse

April 2009

Table Of Contents

  1. Overview of the IDW
  2. IDW Systems Architecture
  3. Privacy Impact Assessment
  4. The Future of the IDW is Data Mining

In August 2006, the Electronic Frontier Foundation (EFF) sought government records concerning the Federal Bureau of Investigation (FBI)’s Investigative Data Warehouse (IDW) pursuant to the Freedom of Information Act (FOIA). After the FBI failed to respond to EFF’s requests within the timeline provided by the FOIA, EFF filed a lawsuit on October 17, 2006. Records began to arrive in September 2007. On April 14, 2009, the government filed a brief stating that no more documents were going to be provided, despite the Obama Administration’s new guidelines on FOIA.

The following report is based upon the records provided by the FBI, along with public information about the IDW and the datasets included in the data warehouse.

I. Overview of the Investigative Data Warehouse

The Investigative Data Warehouse is a massive data warehouse, which the Bureau describes as “the FBI’s single largest repository of operational and intelligence information.” As described by FBI Section Chief Michael Morehart in 2005, the “IDW is a centralized, web-enabled, closed system repository for intelligence and investigative data.” Unidentified FBI agents have described it “one-stop shopping” for FBI agents and an “uber-Google.According to the FBI, “[t]he IDW system provides data storage, database management, search, information presentation, and security services.”

Documents show that the FBI began spending funds on the IDW in fiscal year 2002, “and system implementation was completed in FY 2005.” “IDW 1.1 was released in July 2004 with enhanced functionality, including batch processing capabilities.” The FBI worked with Science Applications International Corporation (SAIC), Convera and Chilliad to develop the project, among other contractors. As of January 2005, the IDW contained “more than 47 sources of counterterrorism data, including information from FBI files, other government agency data, and open source news feeds.” A chart in the FBI documents shows IDW growing rapidly, breaking the half-billion mark in 2005. By March 2006, the IDW had 53 data sources and over half a billion (587,186,453) documents. By September 2008, the IDW had grown to nearly one billion (997,368,450) unique documents. The Library of Congress, by way of comparison, has about 138 million (138,313,427) items in its collection.

In addition to storing vast quantities of data, the IDW provides a content management and data mining system that is designed to permit a wide range of FBI personnel (investigative, analytical, administrative, and intelligence) to access and analyze aggregated data from over fifty previously separate datasets included in the warehouse. Moving forward, the FBI intends to increase its use of the IDW for “link analysis” (looking for links between suspects and other people – i.e. the Kevin Bacon game) and to start “pattern analysis” (defining a “predictive pattern of behavior” and searching for that pattern in the IDW’s datasets before any criminal offence is committed – i.e. pre-crime).

II. IDW Systems Architecture

According to an FBI project description, “The IDW system environment consists of a collection of UNIX and NT servers that provide secure access to a family of very large-scale storage devices. The servers provide application, web servers, relational database servers, and security filtering servers. User desktop units that have access to FBINet can access the IDW web application. This provides browser-based access to the central databases and their access control units. The environment is designed to allow the FBI analytic and investigative users to access any of the data sources and analytic capabilities of the system for which they are authorized. The entire configuration is designed to be scalable to enable expansion as more data sources and capabilities are added.”

A DOJ Inspector General report explained: “Data processing is conducted by a combination of Commercial-Off-the-Shelf (COTS) applications, interpreted scripts, and open-source software applications. Data storage is provided by several Oracle Relational Database Management Systems (DBMS) and in proprietary data formats. Physical storage is contained in Network Attached Storage (NAS) devices and component hard disks. Ethernet switches provide connectivity between components and to FBI LAN/WAN. An integrated firewall appliance in the switch provides network filtering.”

  1. IDW Subsystems

    Pursuant to the IDW Concept of Operations, the IDW has two main subsystems, the IDW-Secret (IDW-S) and IDW-Special Projects Team (IDW-SPT). It also has a development platform (IDW-D) and a subsystem for maintenance and testing (IDW-I).

    1. IDW-Secret

      The IDW-S system is the main subsystem of the IDW, which is authorized to process classified national security data up to, and including, information designated Secret. However, IDW-S is not authorized to process any Top Secret data nor any Sensitive Compartmented Information (SCI). The addition of IDW-TS/SCI, a Top Secret/Sensitive Compartmented Information level data mart, appears to remain in the planning stages. The IDW-S system is the successor of the Secure Counter-Terrorism/Collaboration Operational Prototype Environment (SCOPE).

    2. IDW-Special Projects Team

      According to an Inspector General report, “[i]n November 2003, the Counterterrorism Division, along with the Terrorist Financing Operations Section (TFOS), in the FBI began a special project to augment the existing IDW system with new capabilities for use by FBI and non-FBI agents on the JTTFs. The FBI Office of Intelligence is the executive sponsor of the IDW. The IDW Special Projects Team was originally initiated for the 2004 Threat Task Force.” By May 2006, the “Special Project Team provided services to 5 task forces or operations.”

      As described by the FBI:

      Special Projects Team (SPT) Subsystem
      The Special Projects Team (SPT) Subsystem allows for the rapid import of new specialized data sources. These data sources are not made available to the general IDW users but instead are provided to a small group of users who have a demonstrated “need-to-know”. The SPT System is similar in function to the IDW-S system. With the main difference is a different set of data sources. The SPT System allows its users to access not only the standard IDW Data Store but the specialized SPT Data Store.

  2. IDW Features

    In 2004, the Willie Hulon, then the Deputy Assistant Director for the Counterterrorism Division, said that the FBI was “introducing advanced analytical tools to help us make the most of the data stored in the IDW. These tools allow FBI agents and analysts to look across multiple cases and multiple data sources to identify relationships and other pieces of information that were not readily available using older FBI systems. These tools 1) make database searches simple and effective; 2) give analysts new visualization, geo-mapping, link-chart capabilities and reporting capabilities; and 3) allow analysts to request automatic updates to their query results whenever new, relevant data is downloaded into the database.”

    Deputy Assistant Director Hulon also asserted that “[w]hen the IDW is complete, Agents, JTTF [Joint Terrorism Task Force] members and analysts, using new analytical tools, will be able to search rapidly for pictures of known terrorists and match or compare the pictures with other individuals in minutes rather than days. They will be able to extract subjects’ addresses, phone numbers, and other data in seconds, rather than searching for it manually. They will have the ability to identify relationships across cases. They will be able to search up to 100 million pages of international terrorism-related documents in seconds.” (Since then, the number of records has grown nearly ten-fold).

    At the FBI National Security Branch’s “request, the FBI’s Office of the Chief Technology Officer (OCTO) has developed an ‘alert capability’ that allows users of IDW to create up to 10 queries of the system and be automatically notified when a new document is uploaded to the database that meets their search criteria.”

    Users can search for terms within a defined parameter of one another. For example, the search: ‘flight school’ NEAR/10 ‘lessons’ would return all documents where the phrase ‘flight school’ occurred within 10 words of the word “lessons.” Users can also specify whether they want exact searches, or if they want the search tool to include other synonyms and spelling variants for words and names.”

    “IDW includes the ability to search across spelling variants for common words, synonyms and meaning variants for words, as well as common misspellings of words. If a user misspells a common word, IDW will run the search as specified, but will prompt the user to ask if they intended to run the search with the correct spelling.”

    In its 2004 report to the 9-11 Commission, the FBI used an example (shown on the right) to illustrate the planned use of the IDW for data mining and link analysis, showing i2’s Analyst’s Notebook. i2 described the program as “the world’s most powerful visual investigative analysis software,” which is able to analyze “vast amounts of raw, multi-format data gathered from a wide variety of sources.”

    By 2006, the IDW was processing between 40,000 and 60,000 “interactive transactions” in any given week, along with between 50 and 150 batch jobs. An example of a batch process is where “the complete set of Suspicious Activity Reports is compared to the complete set of FBI terrorism files to identify individuals in common between them.”

  3. Datasets in the IDW

    According to various
    FBI
    documents, the following 38 data soures were included in the IDW on or before August 2004. Of these, IDW-S included at least the first six items.

    1. Automated Case System (ACS), Electronic Case File (ECF). This dataset contains ASCII flat files (metadata and document text) and WordPerfect documents consisting of the ECs, FD-302s, Facsimiles, FD-542s, Inserts, Transcriptions, Teletypes, Letter Head Memorandums (LHM), Memorandums and other FBI documents contained within ACS. The ACS system, which came on-line in October 1995, is the FBI’s centralized electronic case management system. It consists of the following components:
      1. Investigative Case Management — used to open a case and assign a unique 9-digit case number, called the Universal Case File Number, which consists of the FBI crime classification number; a two-letter alpha code designating the field office that opened the case; and a consecutive, numerical designator generated by the system.
      2. Electronic Case File — used to maintain investigative documentation, such as interview transcripts. Upon approval of a paper document, an electronic copy of the completed document is uploaded to the electronic case file.
      3. Universal Index — used to maintain index records for a case and allows the searching of records in a variety of ways.

      [NOTE: While ACS is the current FBI case file system, it may soon be replaced. The FBI originally intended to replace ACS with the “Virtual Case File” system. After what the Office of the Inspector General called “FBI’s failed $170 million VCF project,” the FBI now “plans to replace the ACS system with the Sentinel Case Management System. The projected implementation date is 2009.” “When up and running, Sentinel will provide more current case information, audio, video, pictures and multimedia into the IDW system.”]

    2. Secure Automated Messaging Network (SAMNet) — ASCII files in standard cable traffic message format (all capitals with specific header), consisting of all messaging traffic sent either from the FBI to other government agencies, or sent from other government agencies to the FBI through the Automated Digital Information Network (AutoDIN), including Intelligence Information Reports (IIRs) and Technical Disseminations (TD) from the FBI, Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), and others from November of 2002 to present. IDW receives copies of these classified messages up to Secret with no SCI caveats.
    3. Joint Intelligence Committee Inquiry (JICI) Documents — Scanned copies (TIFF images and ASCII OCR text) of “all FBI documents related to extremist Islamic terrorism between 1993 and 2002.” These are counterterrorism files that were scanned into a database to accommodate the JICI’s investigation into the attacks of September 11th.
    4. Open Source News — Includes various foreign news sources that have been translated into English, as well as a few large U.S. publications. The open source data collected for the FBI comes from the MiTAP system run by San Diego State University. MiTAP is a system that collects raw data from the internet, standardizes the format, extracts named entities, and routes documents into appropriate newsgroups. This dataset is part of the Defense Advanced Research Projects Agency (DARPA) Translingual Information Detection, Extraction and Summarization (TIDES) Open Source Data project.
    5. Violent Gang and Terrorist Organization File (VGTOF) — Lists of individuals and organizations who the FBI believes to be associated with violent gangs and terrorism, provided by the FBI National Crime Information Center (NCIC). It includes biographical data and photos pertaining to members of the identified groups in the form of ASCII flat files (data/metadata) and JPEG image binaries (none, one or multiple per subject). The biographical data includes the “individual’s name, sex, race, and group affiliation, and, if possible, such optional information as height and weight; eye and hair colors; date and place of birth; and marks, scars, and tattoos.”
    6. CIA Intelligence Information Reports (IIR) and Technical Disseminations (TD) — A copy of all IIRs and TDs at the Secret security classification or below that were sent to the FBI from 1978 to at least May 2004. Intelligence Information Reports are designed to provide the FBI with the specific results of classified intelligence collected on internationally-based terrorist suspects and activities, chiefly abroad.
    7. Eleven (11) IntelPlus scanned document libraries — Copies of millions of scanned TIFF format documents and their corresponding OCR ASCII text related to FBI’s major terrorism-related cases. IntelPlus is an application that allows the users to view “Table of Contents” lists from large collections of records. The user is able to display the document whether it is in text form or one of several graphic formats and then print, copy or store the information. The application allows tracking associated documents on related topics and provides a search capability.
    8. Eleven (11) Financial Crimes Enforcement Network (FinCEN) Databases — Data related to terrorist financing. “FinCEN requires financial institutions to preserve financial paper trails behind transactions and to report suspicious transactions to FinCEN for its database. FinCEN matches its database with commercial databases such as Lexis/Nexis and the government’s law enforcement databases, allowing it to search for links among individuals, banks, and bank accounts.” At least one of these databases includes all currency transaction report (CTR) forms on bank customers’ cash transactions of more than $10,000: “In 2004, FinCEN first provided the FBI with bulk transfer of [CTRs]” Over 37 million CTRs were filed between 2004-2006.
    9. Two (2) Terrorist Financing Operations Section Databases — Biographical and financial reports on terrorism-related individuals. According to Dennis Lormel, Section Chief of the Terrorist Financing Operations Section, TFOS has a “centralized terrorist financial database which the TFOS developed in connection with its coordination of financial investigation of individuals and groups who are suspects of FBI terrorism investigations. The TFOS has cataloged and reviewed financial documents obtained as a result of numerous financial subpoenas pertaining to individuals and accounts. These documents have been verified as being of investigatory interest and have been entered into the terrorist financial database for linkage analysis. The TFOS has obtained financial information from FBI Field Divisions and Legal Attache Offices, and has reviewed and documented financial transactions. These records include foreign bank accounts and foreign wire transfers.”
    10. Foreign Financial List — Copies of information concerning terrorism-related persons, addresses, and other biographical data submitted to U.S. financial institutions from foreign financial institutions.
    11. Selectee List — Copies of a Transportation Security Administration (TSA) list of individuals that the TSA believes warrant additional security attention prior to boarding a commercial airliner. According to Michael Chertoff, “fewer than” 16,000 people were designated “selectees” as of October 2008.
    12. Terrorist Watch List (TWL) — The FBI Terrorist Watch and Warning Unit (TWWU) list of names, aliases, and biographical information regarding individuals submitted to the Terrorist Screening Center (TSC) for inclusion into VGTOF and TIPOFF watch lists. Also called the Terrorist Screening Database (TSDB), the database “contained a total of 724,442 records as of April 30, 2007.”
    13. No Fly List — A copy of a TSA list of individuals barred from boarding a commercial airplane. According to Michael Chertoff, 2,500 people were on the “no fly” list as of October 2008.
    14. Universal Name Index (UNI) Mains — A copy of index records for all main subjects on FBI investigations, except certain records that might reveal people in witness protection or informants. “A main file name is that of an individual who is, himself/herself, the subject of an FBI investigation.”
    15. Universal Name Index (UNI) Refs — A copy of index records for all individuals referenced in FBI investigations, except certain records that might reveal people in witness protection or informants. A “reference is someone whose name appears in an FBI investigation. References may be associates, conspirators, or witnesses.”
    16. Department of State Lost and Stolen Passports — A copy of records pertaining to lost and stolen passports. “The Consular Lost and Stolen Passports (CLASP) database includes over 1.3 million records concerning U.S. passports. All passport applications are checked against CLASP, PIERS [Passport Information Electronic Records System], the Social Security Administration’s database, and the Consular Lookout and Support System (CLASS), which includes information provided by the Department of Health and Human Services (HHS) and law enforcement agencies such as the Federal Bureau of Investigations (FBI) and U.S. Marshals Service.” “The overall CLASS database of names has risen to over 20 million records in recent years, including millions of names of criminals from FBI records provided to the State Department under the terms of the USA PATRIOT Act.” “The Online Passport Lost & Stolen System permits citizens to report a lost or stolen passport.” It includes “Name, date of birth (DOB), social security number (SSN), address, telephone number, and e-mail address,” as reported by the citizen.
    17. Department of State Diplomatic Security Service — A copy of past and current passport fraud investigations from the “DOS DDS RAMS database.” The Records Analysis Management System (RAMS) Database “allows all Field Offices, Resident Agent Offices (RAO) and the Bureau of Diplomatic Security to track, maintain, and efficiently share law enforcement investigative case information. RAMS contains CLASSIFIED information.” By September 2005, the Department of States was “developing a ‘Knowledge Base’ on-line library that will be a ‘gateway’ to passport information, anti-fraud information, and relevant databases. All passport field agencies and centers can use this system to submit anti-fraud information such as exemplars of genuine and malafide documents, fraud trends in their respective regions, and other information that will be instantly available throughout the department.”

    In August 2004, the FBI was considering adding several more datasets: the “FBI’s Telephone Application, DHS data sources such as US-VISIT and SEVIS, Department of State data sources such as the Consular Consolidated Database (CCD), and Treasury Enforcement Communication System (TECS).” A later document shows that at least “most” of the Telephone Application is now in the IDW.

    The Telephone Application (TA) “provides a central repository for telephone data obtained from investigations.” “The TA is an investigative tool that also serves as the central repository for all telephone data collected during the course of FBI investigations. Included are pen register data, toll records, trap/trace, tape-edits, dialed digits, airnet (pager intercepts), cellular activity, push-to-talk, and corresponding subscriber information.” Records obtained through National Security Letters are placed in the Telephone Application, as well as the IDW by way of the ACS system.

    “The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program is an integrated, automated biometric entry-exit system that records the arrival and departure of aliens; conducts certain terrorist, criminal, and immigration violation checks on aliens; and compares biometric identifiers to those collected on previous encounters to verify identity.”

    The Consular Consolidated Database (CCD) is a set of databases that includes “current and archived data from all of the Department of State’s Consular Affairs post databases around the world. This includes the data from the Automated Biometric Identification System (ABIS), ARCS, Automated Cash Register System (ACS), Consular Lookout and Support System (CLASS), Consular Shared Tables (CST), DataShare, Diversity Visa Information System (DVIS), Immigrant Visa Information System (IVIS), Immigrant Visa Overseas (IVO), Non-Immigrant Visa (NIV), Visa Opinion Information Service (VOIS), and Waiver Review System (WRS) applications. The CCD also provides access to passport data in the Travel Document Information System (TDIS), Passport Lookout and Tracking System (PLOTS), and Passport Information Electronic Records System (PIERS). In addition to Consular Affairs data, other data from external agencies is integrated into the CCD, such as the ‘Master Death Database from the Social Security Administration.”

    The Student and Exchange Visitor Information System (SEVIS) “maintains information on nonimmigrant students and exchange visitors (F, M and J Visas) and their dependents, and also on their associated schools and sponsors.”

    The Treasury Enforcement Communication System (TECS) “is a computerized information system designed to identify individuals and businesses suspected of, or involved in violation of federal law. The TECS is also a communications system permitting message transmittal between Treasury law enforcement offices and other Federal, national, state, and local law enforcement agencies.”

    Unidentified Additional Data Sources Added to IDW

    The FBI set up an Information Sharing Policy Group (ISPG), chaired by the Executive Assistant Directors of Administration and Intelligence, to review requests to ingest additional datasets into the IDW, in response to Congressional “privacy concerns that may arise from FBI engaging in ‘data mining.'” In February 2005, the Counterterrorism Division asked for 8 more data sources. While the names of the data sources are redacted, items 1, 2 and 4 came from the Department of Homeland Security, and items 6, 7 and 8 were additional IntelPlus file rooms. The February 2005 email chain also refers to “2 data sets approved at the meeting yesterday” and “2 data set under consideration.” In context, it appears that one of the two approved datasets was IntelPlus, which contained three file rooms. The FBI would “get all of the DHS data from the FTTTF [Foreign Terrorist Tracking Task Force] including the [Redacted].” In March 2005, the Information Sharing Policy Group approved seven more unidentified datasets for the Special Projects Team version of the IDW. In May 2005, ISPG approved an additional seven unidentified datasets for the IDW-SPT. The IDW Special Projects Team “ingested and published a new telephone-type data source” on two dates: February 18, 2005, and March 18, 2005. In August 2005, the “[Redacted] Reports Collection” was moved from the limited access IDW-SPT to the more widely available IDW-S. “This [Redacted] dataset contains copies of reports regarding [Redacted].”

    Data Retention

    As of March 2005:

    There is no current Disposition Schedule for IDW. We have looked at the system and it is on our list of systems to be scheduled. With no Disposition Schedule, there is really no limitation on importing data, at least not from a records management standpoint. But, they will not be able to delete or destroy any of that information until a Disposition Schedule is approved.

    Nevertheless, the IDW has a process to delete files: “it can occur that data for which IDW-S is not authorized is ingested into IDW-S. When such data is discovered on IDW-S it is necessary to delete this data and to update the Document Tracking Database with the appropriate “DEL” status for the file.” The IDW also has a “secure delete” function.

III. Privacy Impact Assessment

The E-Government Act of 2002, Section 208, establishes a requirement for agencies to conduct privacy impact assessments (PIAs) for electronic information systems and collections.

A May 12, 2005 email from an unidentified employee in the FBI’s Office of the General Counsel to FBI General Counsel Valerie Caproni notes that the author was “nervous about mentioning PIA in context of national security systems.” The author admitted that “It is true the FBI currently requires PlAs for NS [national security] systems as well as non-NS systems.” However, the author thought that the policy might change. Accordingly the author “recommend[ed] against raising congressional consciousness levels and expectations re NS PlAs.” Caproni’s response is short: “ok.”


This email was in reply to a May 11 email from Caproni expressing her desire “slide something in about PIA” to a give a “sense that we really do worry about the privacy interests of uninvolved people whose data we slurp up.”


However, this strategy failed. Congressional consciousness levels were raised by an August 30, 2006 Washington Post article on the IDW, in which EFF Senior Counsel David Sobel raised the issue of the IDW’s lack of a formally published PIA.

The day the Post article ran, several FBI emails discussed the privacy concerns raised by the IDW. One Office of the General Counsel employee (only identified as Bill) explained the FBI’s desire to play down the concerns: “I’m with [Redacted] in view that if everyone ([Redacted]) starts running around with their hair on fire on this, they will just be pouring gas on something that quite possibly would just fade away if we just shrug it off.”


After these discussions, the FBI released the following response to the article:

Federal Bureau of Investigation
Response to Investigative Data Warehouse (IDW) Press Article for Senate Appropriations Committee
September 7, 2006

There are two concerns being expressed about IDW in the article. One deals with whether the FBI has complied with the Privacy Act’s requirement to publish a “systems notice” in the Federal Register and the other is whether the FBI has complied with the privacy impact analysis requirements of the “E-Government Act.”

The answer to the first question is “yes.” We consider IDW to be part of the FBI’s Central Record System, an “umbrella” system that is comprised of all of the FBI’s investigative files. While it is true that “IDW” isn’t specifically mentioned in the CRS Privacy Act System Notice, we don’t believe that is necessary. The system notice does state: “In recent years … the FBI has been confronted with increasingly complicated cases, which require more intricate information processing capabilities. Since these complicated investigations frequently involve massive volumes of evidence and other investigative information, the FBI uses its computers, when necessary to collate, analyze, and retrieve investigative information in the most accurate and expeditious manner possible.” The system notice describes in reasonable detail what information we obtain, what routine uses we make of it, the authorities for maintaining the system and so forth. This notice is published in the Federal Register and is publicly available. In our view, we are compliant with both the letter and spirit of the Privacy Act in this regard.

The answer to the second question is also “yes.” In fact, since IDW has been categorized as a “national security system,” the E-Government Act does not require it to undergo a privacy impact analysis (PIA) at all. Even so, FBI and DOJ policy requires a PIA to be conducted. For IDW, the FBI has done several PIA’s. We did one for the original system and did others as significant datasets were added to IDW. None of these systems were published since the law does not require them to be conducted in the first place. The point is that we have done far more to analyze the privacy implications of IDW than the law requires. Yes, the analyses have not been conducted in the public domain but Congress weighed the costs and benefits of conducting such an analysis in public and chose to exclude national security systems from that requirement when it passed the E- Government act.

For purposes of the E-Government Act, a National Security System is “an information system operated by the federal government, the function, operation or use of which involves: (a) intelligence activities, (b) cryptologic activities related to national security, (c) command and control of military forces, (d) equipment that is an integral part of a weapon or weapons systems, or (e) systems critical to the direct fulfillment of military or intelligence missions.”

A heavily redacted March 2005 FBI Electronic Communication enclosed a completely redacted Privacy Impact Assessment about the IDW. In August 2007, the Office of the Inspector General conducted an audit of “all major Department [of Justice] information technology (IT) systems and planned initiatives.” The OIG noted that it “did not obtain PIAs or explanations for the FBI’s IDW.”

IV. The Future of the IDW is Data Mining

When the FBI explained the IDW to Congress in 2004, it noted that when FBI Director Mueller testified about the IDW in 2003, he “used the term ‘data mining’ to be synonymous with ‘advanced analysis.’ The FBI does not conduct ‘data mining’ in accordance with the GAO definition, which means mining through large volumes of data with the intention of automatically predicting future activities.”

Nevertheless, in March 2003, the FBI issued its Fiscal Year 2004 (Oct. 2003 – Sep. 2004) budget, in which the Bureau had requested a new “Communications Application”:

The FBI requests $4,600,000 to obtain a software application that is capable of conducting sophisticated link analysis on extremely high volumes of telephone toll call data and other relational data. This software would enable the FBI to leverage modern technology to expeditiously conduct analyses of large collections of relational data.

By 2005, the FBI was still trying to minimize Congressional concerns over data mining. The FBI was concerned that the “distinction between a data mart and a data mining vehicle will be lost on those who just think we are looking into citizens’ lives too much.” On March 1, 2005, an unidentified Office of Congressional Affairs (OCA) employee noted in an email (emphasis original):

We had agreed on the following sentence as a way of avoiding some of the intricacies of data mining policy: “Where permitted by law, and appropriate to an authorized work activity, information gleaned from searching non-FBI databases may be included in FBI systems and, once there, may be accessed by employees conducting searches in furtherance of other authorized activities.”

Unfortunately, I couldn’t get that to fly, since that was the crux of the Senator’s inquiry.

In October 2005 FBI emails discuss the response to the August 2005 GAO report on data mining by the Foreign Terrorist Tracking Task Force (FTTTF). “In 2001, Homeland Security Presidential Directive-2 established the Foreign Terrorist Tracking Task Force (FTTTF) to provide actionable intelligence to law enforcement to assist in the location and detention and ultimate removal of terrorists and their supporters from the US.” The FTTTF “operates two information systems—one unclassified and one classified—that form the basis of its data mining activities,” using tools such as i2 Analyst Notebook application, Query Tracking and Initiation Program (QTIP), and Wareman. In addition to the FBI, “the participants in the FTTTF include the Department of Defense, the Department of Homeland Security’s Bureaus of Immigration and Customs Enforcement and the Customs and Border Protection, the State Department, the Social Security Administration, the Office of Personnel Management, the Department of Energy, and the Central Intelligence Agency.”

In these 2005 emails, an OCA employee suggested a limitation on the scope of the FBI’s response to Congress: “Maybe we say that ‘FTTTF refers to an operational task force. We understand the question to ask about data mining initiatives of FTTTF.'”

Around the same time, an unidentified Office of the General Counsel employee wrote:

Finally – I’m concerned about the statement that we only have 3 data mining projects in the FBI. In the cover letter, you make the point that our definition of data mining only includes large sets of data but I still think the definition is very broad and could include other systems. For example, what about STAS systems? I am not familiar with those systems -(but we are starting work on a PIA so I will be in the near future) but my sense is that they collect and sift through a lot of data. What about EDMS and some of the other systems that collect tech cut data from FISAs and allow analysts to search through the data for relevant info? I would think that could be considered data mining under your definition – but I’ll defer to the CIO’s office on this issue. We just need to make sure we can distinguish these other projects.

A few years later, however, the FBI became less circumspect about marrying the data sets of the IDW with the data mining capabilities of the FTTTF. For the FBI’s FY2007 War Supplemental budget request, the FBI requested $10 million to consolidate the IDW and the FTTTF “and to develop and deploy a robust infrastructure capable of receiving, processing, and managing the quality of substantially increased amounts of additional data.

In its FY2008 “budget justification,” the FBI explained that “[t]he Investigative Data Warehouse (IDW), combined with FTTTF’s existing applications and business processes, will form the backbone of the NSB’s data exploitation system.” The FBI also requested “$11,969,000 … for the National Security Branch Analysis Center (NSAC).” It explains:

Once operational, the NSAC will be tasked to satisfy unmet analytical and technical needs of the NSB, particularly in the areas of bulk data analysis, pattern analysis, and trend analysis. … The NSAC will provide subject-based “link analysis” through the utilization of the FBI’s collection datasets, combined with public records on predicated subjects. “Link analysis” uses datasets to find links between subjects, suspects, and addresses or other pieces of relevant information, and other persons, places, and things. This technique is currently being used on a limited basis by the FBI; the NSAC will provide improved processes and greater access to this technique to all NSB components. The NSAC will also pursue “pattern analysis” as part of its service to the NSB. “Pattern analysis” queries take a predictive model or pattern of behavior and search for that pattern in datasets. The FBI’s efforts to define predictive models and patterns of behavior will improve efforts to identify “sleeper cells.”

“The National Security Analysis Center (NSAC) would bring together nearly 1.5 billion records created or collected by the FBI and other government agencies, a figure the FBI expects to quadruple in coming years.” In June 2007, after seeing this budget request and noting that “[d]ocuments predict the NSAC will include six billion records by FY2012,” the House Science and Technology Committee asked the Government Accountability Office to investigate the National Security Branch Analysis Center.

In 2008, the non-partisan National Research Council issued a 352-page study concluding that data mining is not an effective tool in the fight against terrorism. The report noted the poor quality of the data, the inevitability of false positives, the preliminary nature of the scientific evidence and individual privacy concerns in concluding that “automated identification of terrorists through data mining or any other mechanism is neither feasible as an objective nor desirable as a goal of technology development efforts.”


Acronyms

ABIS

Automated Biometric Identification System

ACS

Automated Case System

ASCII

American Standard Code for Information Interchange

CCD

Consular Consolidated Database

CLASP

Consular Lost and Stolen Passports

CLASS

Consular Lookout and Support System

CIA

Central Intelligence Agency

COTS

Commercial-Off-the-Shelf

CRS

Central Record System

CST

Consular Shared Tables

DARPA

Defense Advanced Research Projects Agency

DHS

Department of Homeland Security

DOJ

Department of Justice

DOS

Department of State

DBMS

Oracle Relational Database Management Systems

DVIS

Diversity Visa Information System

EC

Electronic Communication

ECF

Electronic Case File

EDMS

Electronic Surveillance Data Management System

FBI

Federal Bureau of Investigation

FinCEN

Financial Crimes Enforcement Network

FISA

Foreign Intelligence Surveillance Act

FOIA

Freedom of Information Act

FTTTF

Foreign Terrorist Tracking Task Force

GAO

Government Accountability Office

IDW

Investigative Data Warehouse

IIR

Intelligence Information Reports

ISPG

Information Sharing Policy Group

JICI

Joint Intelligence Committee Inquiry

JTTF

Joint Terrorism Task Force

NAS

Network Attached Storage

NCIC

National Crime Information Center

NSAC

National Security Analysis Center

NSB

National Security Branch of the FBI

NSL

National Security Letter

OCA

Office of Congressional Affairs of the FBI

OCR

Optical Character Recognition

OGC

Office of the General Counsel

OIG

Office of the Inspector General

OPLSS

Online Passport Lost & Stolen System

PIA

Privacy Impact Assessment

PIERS

Passport Information Electronic Records System

QTIP

Query Tracking and Initiation Program

RAMS

Records Analysis Management System

SCOPE

Secure Counter-Terrorism/Collaboration Operational Prototype Environment

SCI

Sensitive Compartmented Information

SEVIS

Student and Exchange Visitor Information System

SPT

Special Projects Team

STAS

Special Technologies and Applications Section

TA

Telephone Application

TECS

Treasury Enforcement Communication System

TFOS

Terrorist Financing Operations Section

TIDES

Translingual Information Detection, Extraction and Summarization

TIFF

Tagged Image File Format

TSA

Transportation Security Administration

TSC

Terrorist Screening Center

TSDB

Terrorist Screening Database

TWL

Terrorist Watch List

TWWU

Terrorist Watch and Warning Unit

UNI

Universal Name Index

US-VISIT

United States Visitor and Immigrant Status Indicator Technology

USA PATRIOT

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism

VCF

Virtual Case File

VGTOF

Violent Gang and Terrorist Organization File

VOIS

Visa Opinion Information Service

WRS

Waiver Review System

FBI Data Mart-One Stop Shopping for All Your Snooping Needs!

Top of Form

Bottom of Form

Report on the Investigative Data Warehouse

April 2009

Table Of Contents

  1. I.       Overview of the IDW
  2. II.       IDW Systems Architecture
  3. III.       Privacy Impact Assessment
  4. IV.       The Future of the IDW is Data Mining

In August 2006, the Electronic Frontier Foundation (EFF) sought government records concerning the Federal Bureau of Investigation (FBI)’s Investigative Data Warehouse (IDW) pursuant to the Freedom of Information Act (FOIA). After the FBI failed to respond to EFF’s requests within the timeline provided by the FOIA, EFF filed a lawsuit on October 17, 2006. Records began to arrive in September 2007. On April 14, 2009, the government filed a brief stating that no more documents were going to be provided, despite the Obama Administration’s new guidelines on FOIA.

The following report is based upon the records provided by the FBI, along with public information about the IDW and the datasets included in the data warehouse.

I. Overview of the Investigative Data Warehouse

The Investigative Data Warehouse is a massive data warehouse, which the Bureau describes as “the FBI’s single largest repository of operational and intelligence information.” As described by FBI Section Chief Michael Morehart in 2005, the “IDW is a centralized, web-enabled, closed system repository for intelligence and investigative data.” Unidentified FBI agents have described it “one-stop shopping” for FBI agents and an “uber-Google.According to the FBI, “[t]he IDW system provides data storage, database management, search, information presentation, and security services.”

Documents show that the FBI began spending funds on the IDW in fiscal year 2002, “and system implementation was completed in FY 2005.” “IDW 1.1 was released in July 2004 with enhanced functionality, including batch processing capabilities.” The FBI worked with Science Applications International Corporation (SAIC), Convera and Chilliad to develop the project, among other contractors. As of January 2005, the IDW contained “more than 47 sources of counterterrorism data, including information from FBI files, other government agency data, and open source news feeds.” A chart in the FBI documents shows IDW growing rapidly, breaking the half-billion mark in 2005. By March 2006, the IDW had 53 data sources and over half a billion (587,186,453) documents. By September 2008, the IDW had grown to nearly one billion (997,368,450) unique documents. The Library of Congress, by way of comparison, has about 138 million (138,313,427) items in its collection.

In addition to storing vast quantities of data, the IDW provides a content management and data mining system that is designed to permit a wide range of FBI personnel (investigative, analytical, administrative, and intelligence) to access and analyze aggregated data from over fifty previously separate datasets included in the warehouse. Moving forward, the FBI intends to increase its use of the IDW for “link analysis” (looking for links between suspects and other people – i.e. the Kevin Bacon game) and to start “pattern analysis” (defining a “predictive pattern of behavior” and searching for that pattern in the IDW’s datasets before any criminal offence is committed – i.e. pre-crime).

II. IDW Systems Architecture

According to an FBI project description, “The IDW system environment consists of a collection of UNIX and NT servers that provide secure access to a family of very large-scale storage devices. The servers provide application, web servers, relational database servers, and security filtering servers. User desktop units that have access to FBINet can access the IDW web application. This provides browser-based access to the central databases and their access control units. The environment is designed to allow the FBI analytic and investigative users to access any of the data sources and analytic capabilities of the system for which they are authorized. The entire configuration is designed to be scalable to enable expansion as more data sources and capabilities are added.”

A DOJ Inspector General report explained: “Data processing is conducted by a combination of Commercial-Off-the-Shelf (COTS) applications, interpreted scripts, and open-source software applications. Data storage is provided by several Oracle Relational Database Management Systems (DBMS) and in proprietary data formats. Physical storage is contained in Network Attached Storage (NAS) devices and component hard disks. Ethernet switches provide connectivity between components and to FBI LAN/WAN. An integrated firewall appliance in the switch provides network filtering.”

  1. A. IDW Subsystems

Pursuant to the IDW Concept of Operations, the IDW has two main subsystems, the IDW-Secret (IDW-S) and IDW-Special Projects Team (IDW-SPT). It also has a development platform (IDW-D) and a subsystem for maintenance and testing (IDW-I).

  1. IDW-Secret

The IDW-S system is the main subsystem of the IDW, which is authorized to process classified national security data up to, and including, information designated Secret. However, IDW-S is not authorized to process any Top Secret data nor any Sensitive Compartmented Information (SCI). The addition of IDW-TS/SCI, a Top Secret/Sensitive Compartmented Information level data mart, appears to remain in the planning stages. The IDW-S system is the successor of the Secure Counter-Terrorism/Collaboration Operational Prototype Environment (SCOPE).

  1. IDW-Special Projects Team

According to an Inspector General report, “[i]n November 2003, the Counterterrorism Division, along with the Terrorist Financing Operations Section (TFOS), in the FBI began a special project to augment the existing IDW system with new capabilities for use by FBI and non-FBI agents on the JTTFs. The FBI Office of Intelligence is the executive sponsor of the IDW. The IDW Special Projects Team was originally initiated for the 2004 Threat Task Force.” By May 2006, the “Special Project Team provided services to 5 task forces or operations.”

As described by the FBI:

Special Projects Team (SPT) Subsystem
The Special Projects Team (SPT) Subsystem allows for the rapid import of new specialized data sources. These data sources are not made available to the general IDW users but instead are provided to a small group of users who have a demonstrated “need-to-know”. The SPT System is similar in function to the IDW-S system. With the main difference is a different set of data sources. The SPT System allows its users to access not only the standard IDW Data Store but the specialized SPT Data Store.

  1. B. IDW Features

In 2004, the Willie Hulon, then the Deputy Assistant Director for the Counterterrorism Division, said that the FBI was “introducing advanced analytical tools to help us make the most of the data stored in the IDW. These tools allow FBI agents and analysts to look across multiple cases and multiple data sources to identify relationships and other pieces of information that were not readily available using older FBI systems. These tools 1) make database searches simple and effective; 2) give analysts new visualization, geo-mapping, link-chart capabilities and reporting capabilities; and 3) allow analysts to request automatic updates to their query results whenever new, relevant data is downloaded into the database.”

Deputy Assistant Director Hulon also asserted that “[w]hen the IDW is complete, Agents, JTTF [Joint Terrorism Task Force] members and analysts, using new analytical tools, will be able to search rapidly for pictures of known terrorists and match or compare the pictures with other individuals in minutes rather than days. They will be able to extract subjects’ addresses, phone numbers, and other data in seconds, rather than searching for it manually. They will have the ability to identify relationships across cases. They will be able to search up to 100 million pages of international terrorism-related documents in seconds.” (Since then, the number of records has grown nearly ten-fold).

At the FBI National Security Branch’s “request, the FBI’s Office of the Chief Technology Officer (OCTO) has developed an ‘alert capability’ that allows users of IDW to create up to 10 queries of the system and be automatically notified when a new document is uploaded to the database that meets their search criteria.”

Users can search for terms within a defined parameter of one another. For example, the search: ‘flight school’ NEAR/10 ‘lessons’ would return all documents where the phrase ‘flight school’ occurred within 10 words of the word “lessons.” Users can also specify whether they want exact searches, or if they want the search tool to include other synonyms and spelling variants for words and names.”

“IDW includes the ability to search across spelling variants for common words, synonyms and meaning variants for words, as well as common misspellings of words. If a user misspells a common word, IDW will run the search as specified, but will prompt the user to ask if they intended to run the search with the correct spelling.”

In its 2004 report to the 9-11 Commission, the FBI used an example (shown on the right) to illustrate the planned use of the IDW for data mining and link analysis, showing i2’s Analyst’s Notebook. i2 described the program as “the world’s most powerful visual investigative analysis software,” which is able to analyze “vast amounts of raw, multi-format data gathered from a wide variety of sources.”

By 2006, the IDW was processing between 40,000 and 60,000 “interactive transactions” in any given week, along with between 50 and 150 batch jobs. An example of a batch process is where “the complete set of Suspicious Activity Reports is compared to the complete set of FBI terrorism files to identify individuals in common between them.”

  1. C. Datasets in the IDW

According to various FBI documents, the following 38 data soures were included in the IDW on or before August 2004. Of these, IDW-S included at least the first six items.

  1. Automated Case System (ACS), Electronic Case File (ECF). This dataset contains ASCII flat files (metadata and document text) and WordPerfect documents consisting of the ECs, FD-302s, Facsimiles, FD-542s, Inserts, Transcriptions, Teletypes, Letter Head Memorandums (LHM), Memorandums and other FBI documents contained within ACS. The ACS system, which came on-line in October 1995, is the FBI’s centralized electronic case management system. It consists of the following components:
    1. Investigative Case Management — used to open a case and assign a unique 9-digit case number, called the Universal Case File Number, which consists of the FBI crime classification number; a two-letter alpha code designating the field office that opened the case; and a consecutive, numerical designator generated by the system.
    2. Electronic Case File — used to maintain investigative documentation, such as interview transcripts. Upon approval of a paper document, an electronic copy of the completed document is uploaded to the electronic case file.
    3. Universal Index — used to maintain index records for a case and allows the searching of records in a variety of ways.

[NOTE: While ACS is the current FBI case file system, it may soon be replaced. The FBI originally intended to replace ACS with the “Virtual Case File” system. After what the Office of the Inspector General called “FBI’s failed $170 million VCF project,” the FBI now “plans to replace the ACS system with the Sentinel Case Management System. The projected implementation date is 2009.” “When up and running, Sentinel will provide more current case information, audio, video, pictures and multimedia into the IDW system.”]

  1. Secure Automated Messaging Network (SAMNet) — ASCII files in standard cable traffic message format (all capitals with specific header), consisting of all messaging traffic sent either from the FBI to other government agencies, or sent from other government agencies to the FBI through the Automated Digital Information Network (AutoDIN), including Intelligence Information Reports (IIRs) and Technical Disseminations (TD) from the FBI, Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), and others from November of 2002 to present. IDW receives copies of these classified messages up to Secret with no SCI caveats.
  2. Joint Intelligence Committee Inquiry (JICI) Documents — Scanned copies (TIFF images and ASCII OCR text) of “all FBI documents related to extremist Islamic terrorism between 1993 and 2002.” These are counterterrorism files that were scanned into a database to accommodate the JICI’s investigation into the attacks of September 11th.
  3. Open Source News — Includes various foreign news sources that have been translated into English, as well as a few large U.S. publications. The open source data collected for the FBI comes from the MiTAP system run by San Diego State University. MiTAP is a system that collects raw data from the internet, standardizes the format, extracts named entities, and routes documents into appropriate newsgroups. This dataset is part of the Defense Advanced Research Projects Agency (DARPA) Translingual Information Detection, Extraction and Summarization (TIDES) Open Source Data project.
  4. Violent Gang and Terrorist Organization File (VGTOF) — Lists of individuals and organizations who the FBI believes to be associated with violent gangs and terrorism, provided by the FBI National Crime Information Center (NCIC). It includes biographical data and photos pertaining to members of the identified groups in the form of ASCII flat files (data/metadata) and JPEG image binaries (none, one or multiple per subject). The biographical data includes the “individual’s name, sex, race, and group affiliation, and, if possible, such optional information as height and weight; eye and hair colors; date and place of birth; and marks, scars, and tattoos.”
  5. CIA Intelligence Information Reports (IIR) and Technical Disseminations (TD) — A copy of all IIRs and TDs at the Secret security classification or below that were sent to the FBI from 1978 to at least May 2004. Intelligence Information Reports are designed to provide the FBI with the specific results of classified intelligence collected on internationally-based terrorist suspects and activities, chiefly abroad.
  6. Eleven (11) IntelPlus scanned document libraries — Copies of millions of scanned TIFF format documents and their corresponding OCR ASCII text related to FBI’s major terrorism-related cases. IntelPlus is an application that allows the users to view “Table of Contents” lists from large collections of records. The user is able to display the document whether it is in text form or one of several graphic formats and then print, copy or store the information. The application allows tracking associated documents on related topics and provides a search capability.
  7. Eleven (11) Financial Crimes Enforcement Network (FinCEN) Databases — Data related to terrorist financing. “FinCEN requires financial institutions to preserve financial paper trails behind transactions and to report suspicious transactions to FinCEN for its database. FinCEN matches its database with commercial databases such as Lexis/Nexis and the government’s law enforcement databases, allowing it to search for links among individuals, banks, and bank accounts.” At least one of these databases includes all currency transaction report (CTR) forms on bank customers’ cash transactions of more than $10,000: “In 2004, FinCEN first provided the FBI with bulk transfer of [CTRs]” Over 37 million CTRs were filed between 2004-2006.
  8. Two (2) Terrorist Financing Operations Section Databases — Biographical and financial reports on terrorism-related individuals. According to Dennis Lormel, Section Chief of the Terrorist Financing Operations Section, TFOS has a “centralized terrorist financial database which the TFOS developed in connection with its coordination of financial investigation of individuals and groups who are suspects of FBI terrorism investigations. The TFOS has cataloged and reviewed financial documents obtained as a result of numerous financial subpoenas pertaining to individuals and accounts. These documents have been verified as being of investigatory interest and have been entered into the terrorist financial database for linkage analysis. The TFOS has obtained financial information from FBI Field Divisions and Legal Attache Offices, and has reviewed and documented financial transactions. These records include foreign bank accounts and foreign wire transfers.”

10.  Foreign Financial List — Copies of information concerning terrorism-related persons, addresses, and other biographical data submitted to U.S. financial institutions from foreign financial institutions.

11.  Selectee List — Copies of a Transportation Security Administration (TSA) list of individuals that the TSA believes warrant additional security attention prior to boarding a commercial airliner. According to Michael Chertoff, “fewer than” 16,000 people were designated “selectees” as of October 2008.

12.  Terrorist Watch List (TWL) — The FBI Terrorist Watch and Warning Unit (TWWU) list of names, aliases, and biographical information regarding individuals submitted to the Terrorist Screening Center (TSC) for inclusion into VGTOF and TIPOFF watch lists. Also called the Terrorist Screening Database (TSDB), the database “contained a total of 724,442 records as of April 30, 2007.”

13.  No Fly List — A copy of a TSA list of individuals barred from boarding a commercial airplane. According to Michael Chertoff, 2,500 people were on the “no fly” list as of October 2008.

14.  Universal Name Index (UNI) Mains — A copy of index records for all main subjects on FBI investigations, except certain records that might reveal people in witness protection or informants. “A main file name is that of an individual who is, himself/herself, the subject of an FBI investigation.”

15.  Universal Name Index (UNI) Refs — A copy of index records for all individuals referenced in FBI investigations, except certain records that might reveal people in witness protection or informants. A “reference is someone whose name appears in an FBI investigation. References may be associates, conspirators, or witnesses.”

16.  Department of State Lost and Stolen Passports — A copy of records pertaining to lost and stolen passports. “The Consular Lost and Stolen Passports (CLASP) database includes over 1.3 million records concerning U.S. passports. All passport applications are checked against CLASP, PIERS [Passport Information Electronic Records System], the Social Security Administration’s database, and the Consular Lookout and Support System (CLASS), which includes information provided by the Department of Health and Human Services (HHS) and law enforcement agencies such as the Federal Bureau of Investigations (FBI) and U.S. Marshals Service.” “The overall CLASS database of names has risen to over 20 million records in recent years, including millions of names of criminals from FBI records provided to the State Department under the terms of the USA PATRIOT Act.” “The Online Passport Lost & Stolen System permits citizens to report a lost or stolen passport.” It includes “Name, date of birth (DOB), social security number (SSN), address, telephone number, and e-mail address,” as reported by the citizen.

17.  Department of State Diplomatic Security Service — A copy of past and current passport fraud investigations from the “DOS DDS RAMS database.” The Records Analysis Management System (RAMS) Database “allows all Field Offices, Resident Agent Offices (RAO) and the Bureau of Diplomatic Security to track, maintain, and efficiently share law enforcement investigative case information. RAMS contains CLASSIFIED information.” By September 2005, the Department of States was “developing a ‘Knowledge Base’ on-line library that will be a ‘gateway’ to passport information, anti-fraud information, and relevant databases. All passport field agencies and centers can use this system to submit anti-fraud information such as exemplars of genuine and malafide documents, fraud trends in their respective regions, and other information that will be instantly available throughout the department.”

In August 2004, the FBI was considering adding several more datasets: the “FBI’s Telephone Application, DHS data sources such as US-VISIT and SEVIS, Department of State data sources such as the Consular Consolidated Database (CCD), and Treasury Enforcement Communication System (TECS).” A later document shows that at least “most” of the Telephone Application is now in the IDW.

The Telephone Application (TA) “provides a central repository for telephone data obtained from investigations.” “The TA is an investigative tool that also serves as the central repository for all telephone data collected during the course of FBI investigations. Included are pen register data, toll records, trap/trace, tape-edits, dialed digits, airnet (pager intercepts), cellular activity, push-to-talk, and corresponding subscriber information.” Records obtained through National Security Letters are placed in the Telephone Application, as well as the IDW by way of the ACS system.

“The United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program is an integrated, automated biometric entry-exit system that records the arrival and departure of aliens; conducts certain terrorist, criminal, and immigration violation checks on aliens; and compares biometric identifiers to those collected on previous encounters to verify identity.”

The Consular Consolidated Database (CCD) is a set of databases that includes “current and archived data from all of the Department of State’s Consular Affairs post databases around the world. This includes the data from the Automated Biometric Identification System (ABIS), ARCS, Automated Cash Register System (ACS), Consular Lookout and Support System (CLASS), Consular Shared Tables (CST), DataShare, Diversity Visa Information System (DVIS), Immigrant Visa Information System (IVIS), Immigrant Visa Overseas (IVO), Non-Immigrant Visa (NIV), Visa Opinion Information Service (VOIS), and Waiver Review System (WRS) applications. The CCD also provides access to passport data in the Travel Document Information System (TDIS), Passport Lookout and Tracking System (PLOTS), and Passport Information Electronic Records System (PIERS). In addition to Consular Affairs data, other data from external agencies is integrated into the CCD, such as the ‘Master Death Database from the Social Security Administration.”

The Student and Exchange Visitor Information System (SEVIS) “maintains information on nonimmigrant students and exchange visitors (F, M and J Visas) and their dependents, and also on their associated schools and sponsors.”

The Treasury Enforcement Communication System (TECS) “is a computerized information system designed to identify individuals and businesses suspected of, or involved in violation of federal law. The TECS is also a communications system permitting message transmittal between Treasury law enforcement offices and other Federal, national, state, and local law enforcement agencies.”

Unidentified Additional Data Sources Added to IDW

The FBI set up an Information Sharing Policy Group (ISPG), chaired by the Executive Assistant Directors of Administration and Intelligence, to review requests to ingest additional datasets into the IDW, in response to Congressional “privacy concerns that may arise from FBI engaging in ‘data mining.'” In February 2005, the Counterterrorism Division asked for 8 more data sources. While the names of the data sources are redacted, items 1, 2 and 4 came from the Department of Homeland Security, and items 6, 7 and 8 were additional IntelPlus file rooms. The February 2005 email chain also refers to “2 data sets approved at the meeting yesterday” and “2 data set under consideration.” In context, it appears that one of the two approved datasets was IntelPlus, which contained three file rooms. The FBI would “get all of the DHS data from the FTTTF [Foreign Terrorist Tracking Task Force] including the [Redacted].” In March 2005, the Information Sharing Policy Group approved seven more unidentified datasets for the Special Projects Team version of the IDW. In May 2005, ISPG approved an additional seven unidentified datasets for the IDW-SPT. The IDW Special Projects Team “ingested and published a new telephone-type data source” on two dates: February 18, 2005, and March 18, 2005. In August 2005, the “[Redacted] Reports Collection” was moved from the limited access IDW-SPT to the more widely available IDW-S. “This [Redacted] dataset contains copies of reports regarding [Redacted].”

Data Retention

As of March 2005:

There is no current Disposition Schedule for IDW. We have looked at the system and it is on our list of systems to be scheduled. With no Disposition Schedule, there is really no limitation on importing data, at least not from a records management standpoint. But, they will not be able to delete or destroy any of that information until a Disposition Schedule is approved.

Nevertheless, the IDW has a process to delete files: “it can occur that data for which IDW-S is not authorized is ingested into IDW-S. When such data is discovered on IDW-S it is necessary to delete this data and to update the Document Tracking Database with the appropriate “DEL” status for the file.” The IDW also has a “secure delete” function.

III. Privacy Impact Assessment

The E-Government Act of 2002, Section 208, establishes a requirement for agencies to conduct privacy impact assessments (PIAs) for electronic information systems and collections.

A May 12, 2005 email from an unidentified employee in the FBI’s Office of the General Counsel to FBI General Counsel Valerie Caproni notes that the author was “nervous about mentioning PIA in context of national security systems.” The author admitted that “It is true the FBI currently requires PlAs for NS [national security] systems as well as non-NS systems.” However, the author thought that the policy might change. Accordingly the author “recommend[ed] against raising congressional consciousness levels and expectations re NS PlAs.” Caproni’s response is short: “ok.”

This email was in reply to a May 11 email from Caproni expressing her desire “slide something in about PIA” to a give a “sense that we really do worry about the privacy interests of uninvolved people whose data we slurp up.”

However, this strategy failed. Congressional consciousness levels were raised by an August 30, 2006 Washington Post article on the IDW, in which EFF Senior Counsel David Sobel raised the issue of the IDW’s lack of a formally published PIA.

The day the Post article ran, several FBI emails discussed the privacy concerns raised by the IDW. One Office of the General Counsel employee (only identified as Bill) explained the FBI’s desire to play down the concerns: “I’m with [Redacted] in view that if everyone ([Redacted]) starts running around with their hair on fire on this, they will just be pouring gas on something that quite possibly would just fade away if we just shrug it off.”

After these discussions, the FBI released the following response to the article:

Federal Bureau of Investigation
Response to Investigative Data Warehouse (IDW) Press Article for Senate Appropriations Committee
September 7, 2006

There are two concerns being expressed about IDW in the article. One deals with whether the FBI has complied with the Privacy Act’s requirement to publish a “systems notice” in the Federal Register and the other is whether the FBI has complied with the privacy impact analysis requirements of the “E-Government Act.”

The answer to the first question is “yes.” We consider IDW to be part of the FBI’s Central Record System, an “umbrella” system that is comprised of all of the FBI’s investigative files. While it is true that “IDW” isn’t specifically mentioned in the CRS Privacy Act System Notice, we don’t believe that is necessary. The system notice does state: “In recent years … the FBI has been confronted with increasingly complicated cases, which require more intricate information processing capabilities. Since these complicated investigations frequently involve massive volumes of evidence and other investigative information, the FBI uses its computers, when necessary to collate, analyze, and retrieve investigative information in the most accurate and expeditious manner possible.” The system notice describes in reasonable detail what information we obtain, what routine uses we make of it, the authorities for maintaining the system and so forth. This notice is published in the Federal Register and is publicly available. In our view, we are compliant with both the letter and spirit of the Privacy Act in this regard.

The answer to the second question is also “yes.” In fact, since IDW has been categorized as a “national security system,” the E-Government Act does not require it to undergo a privacy impact analysis (PIA) at all. Even so, FBI and DOJ policy requires a PIA to be conducted. For IDW, the FBI has done several PIA’s. We did one for the original system and did others as significant datasets were added to IDW. None of these systems were published since the law does not require them to be conducted in the first place. The point is that we have done far more to analyze the privacy implications of IDW than the law requires. Yes, the analyses have not been conducted in the public domain but Congress weighed the costs and benefits of conducting such an analysis in public and chose to exclude national security systems from that requirement when it passed the E- Government act.

For purposes of the E-Government Act, a National Security System is “an information system operated by the federal government, the function, operation or use of which involves: (a) intelligence activities, (b) cryptologic activities related to national security, (c) command and control of military forces, (d) equipment that is an integral part of a weapon or weapons systems, or (e) systems critical to the direct fulfillment of military or intelligence missions.”

A heavily redacted March 2005 FBI Electronic Communication enclosed a completely redacted Privacy Impact Assessment about the IDW. In August 2007, the Office of the Inspector General conducted an audit of “all major Department [of Justice] information technology (IT) systems and planned initiatives.” The OIG noted that it “did not obtain PIAs or explanations for the FBI’s IDW.”

IV. The Future of the IDW is Data Mining

When the FBI explained the IDW to Congress in 2004, it noted that when FBI Director Mueller testified about the IDW in 2003, he “used the term ‘data mining’ to be synonymous with ‘advanced analysis.’ The FBI does not conduct ‘data mining’ in accordance with the GAO definition, which means mining through large volumes of data with the intention of automatically predicting future activities.”

Nevertheless, in March 2003, the FBI issued its Fiscal Year 2004 (Oct. 2003 – Sep. 2004) budget, in which the Bureau had requested a new “Communications Application”:

The FBI requests $4,600,000 to obtain a software application that is capable of conducting sophisticated link analysis on extremely high volumes of telephone toll call data and other relational data. This software would enable the FBI to leverage modern technology to expeditiously conduct analyses of large collections of relational data.

By 2005, the FBI was still trying to minimize Congressional concerns over data mining. The FBI was concerned that the “distinction between a data mart and a data mining vehicle will be lost on those who just think we are looking into citizens’ lives too much.” On March 1, 2005, an unidentified Office of Congressional Affairs (OCA) employee noted in an email (emphasis original):

We had agreed on the following sentence as a way of avoiding some of the intricacies of data mining policy: “Where permitted by law, and appropriate to an authorized work activity, information gleaned from searching non-FBI databases may be included in FBI systems and, once there, may be accessed by employees conducting searches in furtherance of other authorized activities.”

Unfortunately, I couldn’t get that to fly, since that was the crux of the Senator’s inquiry.

In October 2005 FBI emails discuss the response to the August 2005 GAO report on data mining by the Foreign Terrorist Tracking Task Force (FTTTF). “In 2001, Homeland Security Presidential Directive-2 established the Foreign Terrorist Tracking Task Force (FTTTF) to provide actionable intelligence to law enforcement to assist in the location and detention and ultimate removal of terrorists and their supporters from the US.” The FTTTF “operates two information systems—one unclassified and one classified—that form the basis of its data mining activities,” using tools such as i2 Analyst Notebook application, Query Tracking and Initiation Program (QTIP), and Wareman. In addition to the FBI, “the participants in the FTTTF include the Department of Defense, the Department of Homeland Security’s Bureaus of Immigration and Customs Enforcement and the Customs and Border Protection, the State Department, the Social Security Administration, the Office of Personnel Management, the Department of Energy, and the Central Intelligence Agency.”

In these 2005 emails, an OCA employee suggested a limitation on the scope of the FBI’s response to Congress: “Maybe we say that ‘FTTTF refers to an operational task force. We understand the question to ask about data mining initiatives of FTTTF.'”

Around the same time, an unidentified Office of the General Counsel employee wrote:

Finally – I’m concerned about the statement that we only have 3 data mining projects in the FBI. In the cover letter, you make the point that our definition of data mining only includes large sets of data but I still think the definition is very broad and could include other systems. For example, what about STAS systems? I am not familiar with those systems -(but we are starting work on a PIA so I will be in the near future) but my sense is that they collect and sift through a lot of data. What about EDMS and some of the other systems that collect tech cut data from FISAs and allow analysts to search through the data for relevant info? I would think that could be considered data mining under your definition – but I’ll defer to the CIO’s office on this issue. We just need to make sure we can distinguish these other projects.

A few years later, however, the FBI became less circumspect about marrying the data sets of the IDW with the data mining capabilities of the FTTTF. For the FBI’s FY2007 War Supplemental budget request, the FBI requested $10 million to consolidate the IDW and the FTTTF “and to develop and deploy a robust infrastructure capable of receiving, processing, and managing the quality of substantially increased amounts of additional data.

In its FY2008 “budget justification,” the FBI explained that “[t]he Investigative Data Warehouse (IDW), combined with FTTTF’s existing applications and business processes, will form the backbone of the NSB’s data exploitation system.” The FBI also requested “$11,969,000 … for the National Security Branch Analysis Center (NSAC).” It explains:

Once operational, the NSAC will be tasked to satisfy unmet analytical and technical needs of the NSB, particularly in the areas of bulk data analysis, pattern analysis, and trend analysis. … The NSAC will provide subject-based “link analysis” through the utilization of the FBI’s collection datasets, combined with public records on predicated subjects. “Link analysis” uses datasets to find links between subjects, suspects, and addresses or other pieces of relevant information, and other persons, places, and things. This technique is currently being used on a limited basis by the FBI; the NSAC will provide improved processes and greater access to this technique to all NSB components. The NSAC will also pursue “pattern analysis” as part of its service to the NSB. “Pattern analysis” queries take a predictive model or pattern of behavior and search for that pattern in datasets. The FBI’s efforts to define predictive models and patterns of behavior will improve efforts to identify “sleeper cells.”

“The National Security Analysis Center (NSAC) would bring together nearly 1.5 billion records created or collected by the FBI and other government agencies, a figure the FBI expects to quadruple in coming years.” In June 2007, after seeing this budget request and noting that “[d]ocuments predict the NSAC will include six billion records by FY2012,” the House Science and Technology Committee asked the Government Accountability Office to investigate the National Security Branch Analysis Center.

In 2008, the non-partisan National Research Council issued a 352-page study concluding that data mining is not an effective tool in the fight against terrorism. The report noted the poor quality of the data, the inevitability of false positives, the preliminary nature of the scientific evidence and individual privacy concerns in concluding that “automated identification of terrorists through data mining or any other mechanism is neither feasible as an objective nor desirable as a goal of technology development efforts.”


Acronyms

ABIS

Automated Biometric Identification System

ACS

Automated Case System

ASCII

American Standard Code for Information Interchange

CCD

Consular Consolidated Database

CLASP

Consular Lost and Stolen Passports

CLASS

Consular Lookout and Support System

CIA

Central Intelligence Agency

COTS

Commercial-Off-the-Shelf

CRS

Central Record System

CST

Consular Shared Tables

DARPA

Defense Advanced Research Projects Agency

DHS

Department of Homeland Security

DOJ

Department of Justice

DOS

Department of State

DBMS

Oracle Relational Database Management Systems

DVIS

Diversity Visa Information System

EC

Electronic Communication

ECF

Electronic Case File

EDMS

Electronic Surveillance Data Management System

FBI

Federal Bureau of Investigation

FinCEN

Financial Crimes Enforcement Network

FISA

Foreign Intelligence Surveillance Act

FOIA

Freedom of Information Act

FTTTF

Foreign Terrorist Tracking Task Force

GAO

Government Accountability Office

IDW

Investigative Data Warehouse

IIR

Intelligence Information Reports

ISPG

Information Sharing Policy Group

JICI

Joint Intelligence Committee Inquiry

JTTF

Joint Terrorism Task Force

NAS

Network Attached Storage

NCIC

National Crime Information Center

NSAC

National Security Analysis Center

NSB

National Security Branch of the FBI

NSL

National Security Letter

OCA

Office of Congressional Affairs of the FBI

OCR

Optical Character Recognition

OGC

Office of the General Counsel

OIG

Office of the Inspector General

OPLSS

Online Passport Lost & Stolen System

PIA

Privacy Impact Assessment

PIERS

Passport Information Electronic Records System

QTIP

Query Tracking and Initiation Program

RAMS

Records Analysis Management System

SCOPE

Secure Counter-Terrorism/Collaboration Operational Prototype Environment

SCI

Sensitive Compartmented Information

SEVIS

Student and Exchange Visitor Information System

SPT

Special Projects Team

STAS

Special Technologies and Applications Section

TA

Telephone Application

TECS

Treasury Enforcement Communication System

TFOS

Terrorist Financing Operations Section

TIDES

Translingual Information Detection, Extraction and Summarization

TIFF

Tagged Image File Format

TSA

Transportation Security Administration

TSC

Terrorist Screening Center

TSDB

Terrorist Screening Database

TWL

Terrorist Watch List

TWWU

Terrorist Watch and Warning Unit

UNI

Universal Name Index

US-VISIT

United States Visitor and Immigrant Status Indicator Technology

USA PATRIOT

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism

VCF

Virtual Case File

VGTOF

Violent Gang and Terrorist Organization File

VOIS

Visa Opinion Information Service

WRS

Waiver Review System

***

Subscribe to EFFector

» EFFector Archive

Any and all original material on the EFF website may be freely distributed at will under the Creative Commons Attribution License, unless otherwise noted

GNC Lab Review-HP Printer has a “bonus” spy program included.

Very interesting review of the HP Color LaserJet CM3530.

Ax

GCN LAB REVIEW

PROS: Fast print times; great graphics.
CONS: Slightly yellow spots appear on all text documents.

HP Color LaserJet CM3530

Our biggest problem with the CM3530 is that “invisible” dots used to track users’ documents are clearly visible on all text printouts. We found the dots accidentally while using a 2x magnifying glass, which is not as strong as some prescription eyeglass lenses, when examining output for text quality. Every page is covered in yellow dots. Once you’re aware of them, it’s easy to spot them without magnification.

We did a quick Internet search and learned that the dots are part of a government program to track documents — and, presumably, counterfeit money — back to the originators. The Electronic Frontier Foundation, which was the first to discover the spots, figured out how to read the codes. For an explanation of the program and how to read the secret codes, go to w2.eff.org/Privacy/printers/docucolor.

I will refrain from commenting on the logic or appropriateness of a private company letting the government set up a secret spy program on its printers, but as a reviewer, I have to object when a secret program harms the quality of the printer’s output, which it does in this case. Whether or not you agree with the program, if you don’t want yellow dots on your printouts, don’t buy a CM3530.

Incidentally, we searched for the same dots on printouts from every other MFP in the roundup and couldn’t find them, not even on documents from the second HP unit we reviewed. Either the other printers don’t participate in the program or their secret codes are hidden better.

http://gcn.com/Articles/2009/01/12/HP-Color-LaserJet-CM3530.aspx?Page=2

SEEING YELLOW CAMPAIGN

So far, 16386 people have contacted their printer manufacturers to complain. Follow our instructions and be the next.

Our work is having an effect! This request by European Parliament member Satu Hassi has resulted in a response by the European Commission that suggests that tracking dots may be a human rights violation. The initial request references and builds off the work of people who have responded to this site. Join us, call your printer manufacturer, and help today!

When you print on a color laser printer, it’s likely that you are also printing a pattern of invisible yellow dots. These marks exist to allow the printer companies and governments to track and identify you — presumably as a way to combat money counterfeiting. When one person asked his printer manufacturer about turning off the tracking dots, Secret Service agents showed up at his door several days later.

Upset? You should be!

Let’s stand up to silent tracking and government bullying and send a strong message to printer manufacturers. Our privacy and our control over our own technology is far too important to give up over trumped up fears of photocopied money.

Here’s what you can do:

  • Get informed about the issue!
  • Spread the word. Tell your friends and coworkers.
  • Follow our instructions and call up your printer maker. Ask them to stop using tracking codes and demand that they tell you how to turn it off. The Secret Service can’t come and question all of us!
  • Support groups like the EFF working to expose and oppose printer tracking dots.

More;

http://www.seeingyellow.com/

SEEING YELLOW CAMPAIGN

https://axiomamuse.wordpress.com/2009/01/31/government-spy-printers-and-upadate-from-eff/