Because Personal Drones Aren't Subject To Enough Ridiculous Rules, A Graffiti Artist Uses His To Tag A Six-Story Billboard
Drones are a problem. The FAA has subjected private drone use to all sorts of ridiculous stipulations. Law enforcement agencies seem to feel drone operation should be left to the pros, and are suddenly sprouting privacy concerns whenever a citizen flies one over something of theirs. Our nation's three-letter agencies want to be able to deploy drones almost anywhere without oversight, even though they've proven to be much less efficient than boots on the ground. Then, of course, there are those piloted by the CIA -- the kind that kill foreigners (and the occasional American) with almost no oversight, and what oversight there is has "bought in."
So, with drone usage by citizens still being contested by a variety of federal agencies, this sort of thing doesn't help at all. KATSU, a well-known graffiti artist and vandal, used a hacked Phantom drone to paint a giant red scribble across Kendall Jenner’s face on one of New York City’s largest and most viewed billboards. By all accounts, it is the first time that a drone has been deployed for a major act of public vandalism.
This is KATSU's proof-of-concept. Last year, he managed to convert an off-the-shelf drone into a weaponized tagging machine by attaching a spray can to a DJI Phantom. It had previously only been deployed indoors to create art on the fly. Now, it appears to be the next step in graffiti/vandalism.
Previously unreachable areas can now be tagged by graffiti artists, although the technique is still far from artistic. An off-the-shelf drone is far more finicky than an average human's hands and wrists, especially considering the force of the aerosol spray can push a drone away from the "canvas."
As far as transgressive art/public statements of intent go, KATSU's tagging of this highly-visible, six-story billboard is, I suppose, appropriately juvenile. It's a "because it's there" statement -- an opportunity to deploy refashioned tech to hand out an old-school defacing. There's no underlying political statement, unless you consider the vandalization of an "unreachable" target to be some sort of clunky metaphor for the little people toppling the powers that be. Civil disobedience, this isn't.
What this will do is result in increased suspicion by any law enforcement officer who encounters someone piloting a drone. This isn't a positive development by any means, especially when the FAA seems more likely to let the government's (all bodies, from national to local) worst fears guide its future regulation. And this is piled on top of its pre-existing (and not entirely unreasonable) fears of airline flight interference. There are plenty of positive uses for personal drones, but most legislators and regulators won't be able to see past the spectacle of a six-story billboard being "owned" by a tiny drone and a cheap can of spray paint.
Permalink | Comments | Email This Story
- Some unconventional surgeons say a human head transplant will be possible in the near future. This sounds like a sci-fi movie -- because there is a movie coming out about transferring minds (not heads). The first real patient could be Valery Spiridonov -- a man with Werdnig-Hoffman disease -- who still needs a donor body and a medical facility to support the operation. [url]
- Xenotransplantations have been attempted for over a century, and there are still lots of problems with implanting an animal organ into a human body. Beyond the animal rights protests, the odds of success for an organ transplant are hindered by immune system rejection responses and possible disease transmission problems. Genetically engineering an animal for better results might be a promising approach, but the technology to grow organs might catch up. [url]
- Genetically modified piglet hearts have survived in the body of a baboon (in its abdomen) for more than a year now. The piglet hearts were designed to minimize organ rejection, and the next step is to try to replace a baboon heart with one of these pig hearts. [url]
Permalink | Comments | Email This Story
Virginia Governor Signs Warrant Requirement For Police Drone Use; Balks At Seven-Day Limit On ALPR Data Retention
Good news/bad news from the state of Virginia. Governor Terry McAuliffe had two bills land on his desk, both passed with overwhelming support, that would have assured additional privacy protections for the state's citizens. Unfortunately, he only signed one of them.
The one with his signature on it institutes a warrant requirement for law enforcement drone usage. McAuliffe originally sent this one back with a suggested "fixes" that would have rendered the proposed warrant requirement completely meaningless. Rather than require a warrant for all law enforcement use of drones, the governor's amendments only require warrants for “active criminal investigations,” leaving the door open for persistent, untargeted drone surveillance. Rather than ban the use of evidence collected without a warrant by drones, the governor's amendments created a procedural loophole where otherwise forbidden evidence could be introduced under a different set of legal standards. To their credits, the legislators who had passed the bill without massive loopholes refused to fold in the governor's suggested amendments. The second time it hit his desk, McAuliffe signed it. This passage can be added to the state's privacy "wins" column, which also includes a warrant requirement for Stingray use.
The bad news is that McAuliffe rejected a bill that would have placed a seven-day retention limit on data gathered by automatic license plate readers. McAuliffe argued -- correctly -- that this limit was significantly lower than any policy currently in place in Virginia. (And, most likely, anywhere in the nation.) Unfortunately, he used ALPR/law enforcement talking points to do so. Many localities in Virginia retain this data for 60 days to two years. Seven days is a substantial reduction. Additionally, law enforcement agencies demonstrate that crimes are often not reported until several weeks later. Under this bill, essential data would not be available at the time of those reports. This is particularly concerning when considering implications for the National Capitol Region, where cross-state collaboration and information-sharing are essential to responding to potential criminal or terrorist activity occurring near Virginia’s borders. Oh, "terrorism," you rascally, constantly useful justification! Where will you pop up next? (Probably not in areas actually loaded with terrorists, I would guess.)
Unlike drones and Stingrays, ALPRs weren't originally crafted for use by military personnel in war zones. But here we see the invocation of terrorism as a justification for passively scanning thousands-to-millions of license plates every day. Sure, any vehicle traveling in public areas can be observed, but multi-point collections of plate/location data gives anyone with access a very clear picture of someone's daily life. While we would expect people currently under investigation to be closely watched by police (and/or "tailed" by proxy by ALPR data), we don't expect everyone to be subject to the same level of scrutiny simply because the technology has liberated law enforcement officers from performing in-person surveillance.
The destruction of non-hit data within a short time frame shouldn't be a concern, no matter how much crime/terrorism is afoot in the Virginia area. The amount of plate/location data that can be hauled in by ALPRs is astounding. And the "cross-state collaborations" and "information-sharing" the governor points to only adds to the massive haul. If a potential suspect's information falls into the seven-day memory hole, there's a good chance it will return to the database within a matter of days.
As for the stated concern about the lag between criminal activity and its reporting? Well, what did officers do before they had historical ALPR data to rely on? Surely those investigative methods still exist. ALPRs may have made the job easier, but they didn't destroy previously-existent investigative techniques upon deployment.
On top of this, there's the fact that if McAuliffe doesn't pass this law with the limitation intact, state ALPR usage will continue to violate ANOTHER law. [M]cAuliffe fails to mention [that] law enforcement agencies are already breaking Virginia’s Data Act by storing ALPR data, as the Virginia Attorney General determined in a 2013 legal opinion [PDF]. If he decides to pass the bill with the limit in place, his state may also enjoy a more favorable outcome to the ALPR-related lawsuit filed against it. Five days after McAuliffe signed the bills, the [ACLU of Virginia] filed a lawsuit [PDF] against the Fairfax County Police Department, which, despite the Attorney General’s guidance, has been storing ALPR data for up to a year and sharing that data with other law enforcement agencies in the region. And then there's the fact that ALPRs have been abused by state police and no one in Virginia law enforcement seems to know whether the systems are actually helping apprehend more criminals.
McAuliffe has already sided with his constituents' privacy on two previous bills. There's a lot of ground for compromise between the seven days the bill asks for and the "up to a year" time limit law enforcement agencies already enjoy. That this bill also landed on his desk with overwhelming legislative support is a pretty good indication that Virginians would like the retention needle pushed closer to one week. Hopefully, he'll make the right call and continue to allow his state to lead the nation in privacy protections.
Permalink | Comments | Email This Story
The FBI's Stingray Secrecy May Be Aimed At Preventing Law Enforcement From Overusing A Key 'Exploit'
An interesting angle on the FBI's Stingray secrecy has emerged from -- of all places -- a Princeton gathering of cryptographers that included Edward Snowden via his "Snobot."
Generally speaking, the FBI is a very secretive agency, as can be readily gleaned from its tendency to answer FOIA requests with page after page of fully-redacted documents. That it has managed to rope so many law enforcement agencies -- including prosecutors and states' attorneys' offices -- into highly-restrictive non-disclosure agreements is somewhat of a surprise, considering its position as a partner in law enforcement, rather than an overseer of local agencies like the DOJ.
These NDAs keep almost all information about Stingray device usage out of our nation's courts. The desire to protect these specifics is all-encompassing, resulting in prosecutors and police departments cutting suspects loose (including those who have already pled guilty) rather than allowing information to make its way into the public domain.
But there could be more to it than just a naturally-secretive agency being secretive. It may be that it fears law enforcement agencies -- if left to their own devices -- will destroy the effectiveness of IMSI catchers by deploying the devices too often and with too little care.
In a discussion about the NSA's use of exploits, the following observations were made. FBI operations can be opaque because of the care they take with parallel construction; the Lavabit case was maybe an example. It could have been easy to steal the key, but then how would the intercepted content have been used in court? In practice, there are tons of convictions made on the basis of cargo manifests, travel plans, calendars and other such plaintext data about which a suitable story can be told. The FBI considers it to be good practice to just grab all traffic data and memorialise it forever.
The NSA is even more cautious than the FBI, and won’t use top exploits against clueful targets unless it really matters. Intelligence services are at least aware of the risk of losing a capability, unlike vanilla law enforcement, who once they have a tool will use it against absolutely everybody. IMSI catchers are "top exploits." While there's plenty of information out there on its capabilities, very little of it has been confirmed by the FBI or other law enforcement agencies. What makes the "exploit" better is that almost every deployment has been successfully hidden… from everyone. Parallel construction, abuse of pen register orders, dismissal of cases -- all of it works together to keep actual usage details out of the public's hands.
Because of this, there's very little anyone can do to avoid being swept up by Stingray devices other than avoid using cell phones. Most criminal enterprises require communication and cell phones are the cheapiest, easiest way to maintain contact. While spoofers can be sussed out with tools and apps, it requires the sort of proactive effort that often isn't present -- or practical -- in many criminal ventures. Yeah, you can sweep a hotel room for bugs, but you can't stop anyone from parking nearby and hoovering up call data and communications.
If this assessment is accurate, the FBI may be applying this intense pressure simply to prevent "vanilla" law enforcement agencies from using Stingrays as often and as carelessly as possible. Every deployment increases the risk of exposure. Tying cop shops up in NDA strings keeps dissemination to a minimum and encourages at least some form of risk analysis before deployment. It's the FBI saving law enforcement agencies from themselves, and protecting itself and its tool of choice at the same time.
[Or not. The Baltimore PD deploys its Stingrays around 600 times a year, so there are exceptions to this theory… or some agencies simply just don't care whether the effectiveness of this "exploit" suffers from diminishing returns.
And definitely click through to read the entire piece by Ross Anderson. It also discusses how intelligence agencies work around crypto they can't crack -- very germane to the discussion of the FBI's current decrypt-or-else complaints.]
Permalink | Comments | Email This Story