States Complying with DOJ/FBI Facial Recognition Database

 

 

GAO: The Department of Justice’s (DOJ) Federal Bureau of Investigation (FBI) operates the Next Generation Identification-Interstate Photo System (NGI-IPS)— a face recognition service that allows law enforcement agencies to search a database of over 30 million photos to support criminal investigations. NGI-IPS users include the FBI and selected state and local law enforcement agencies, which can submit search requests to help identify an unknown person using, for example, a photo from a surveillance camera. When a state or local agency submits such a photo, NGI-IPS uses an automated process to return a list of 2 to 50 possible candidate photos from the database, depending on the user’s specification. As of December 2015, the FBI has agreements with 7 states to search NGI-IPS, and is working with more states to grant access. In addition to the NGI-IPS, the FBI has an internal unit called Facial Analysis, Comparison and Evaluation (FACE) Services that provides face recognition capabilities, among other things, to support active FBI investigations. FACE Services not only has access to NGI-IPS, but can search or request to search databases owned by the Departments of State and Defense and 16 states, which use their own face recognition systems. Biometric analysts manually review photos before returning at most the top 1 or 2 photos as investigative leads to FBI agents.

DOJ developed a privacy impact assessment (PIA) of NGI-IPS in 2008, as required under the E-Government Act whenever agencies develop technologies that collect personal information. However, the FBI did not update the NGI-IPS PIA in a timely manner when the system underwent significant changes or publish a PIA for FACE Services before that unit began supporting FBI agents. DOJ ultimately approved PIAs for NGI-IPS and FACE Services in September and May 2015, respectively. The timely publishing of PIAs would provide the public with greater assurance that the FBI is evaluating risks to privacy when implementing systems. Similarly, NGI-IPS has been in place since 2011, but DOJ did not publish a System of Records Notice (SORN) that addresses the FBI’s use of face recognition capabilities, as required by law, until May 5, 2016, after completion of GAO’s review. The timely publishing of a SORN would improve the public’s understanding of how NGI uses and protects personal information.

Prior to deploying NGI-IPS, the FBI conducted limited testing to evaluate whether face recognition searches returned matches to persons in the database (the detection rate) within a candidate list of 50, but has not assessed how often errors occur. FBI officials stated that they do not know, and have not tested, the detection rate for candidate list sizes smaller than 50, which users sometimes request from the FBI. By conducting tests to verify that NGI-IPS is accurate for all allowable candidate list sizes, the FBI would have more reasonable assurance that NGI-IPS provides leads that help enhance, rather than hinder, criminal investigations. Additionally, the FBI has not taken steps to determine whether the face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate for use by FACE Services to support FBI investigations. By taking such steps, the FBI could better ensure the data received from external partners is sufficiently accurate and do not unnecessarily include photos of innocent people as investigative leads.

*** The Privacy Act of 1974 places limitations on agencies’ collection, disclosure, and use of personal information maintained in systems of records.3 The Privacy Act requires agencies to publish a notice—known as a System of Records Notice (SORN)—in the Federal Register identifying, among other things, the categories of individuals whose information is in the system of records, and the type of data collected.4 Also, the E-Government Act of 2002 requires agencies to conduct Privacy Impact Assessments (PIA) that analyze how personal information is collected, stored, shared, and managed in a federal system.5 Agencies are required to make their PIAs publicly available if practicable.  See the entire report here from the General Accounting Office.

 

Trump Has Lawyers to Ensure this Does Not Happen

It must be noted, the FBI does have investigators on the Clinton Foundation as well as several others that are performing comprehensive financial forensics on individuals associated with the Clintons.

 

Sadly, we do have to know these facts. It does hurt the presidential election process for both parties but worse, it could be a real coming crisis for America and her future. One may be worse than the other, but as reported, a violation of law(s), is still a violation when both presumptive nominees are lawyer heavy.  

Donald Trump Accused of Using His Charity as a Political Slush Fund

DailyBeast: When the presumptive GOP nominee doled out money to veterans’ groups over the past few months, he did so using the Trump Foundation—which, according to FEC and IRS rules, should not be engaged in political activity.

The Trump Foundation, Donald Trump’s nonprofit organization, is under fire for allegedly operating as more of a political slush fund than a charity. The foundation is accused of violating rules prohibiting it from engaging in politics—prompting ethics watchdogs to call for public investigations.

On numerous occasions this year, Trump’s campaign work and his foundation work have overlapped—putting himself at risk for penalties and his charity at risk of being shut down.

It’s the latest example of Trump courting controversy: not merely through inflammatory rhetoric, but also through private dealings that raise serious legal questions—all of which indicate how he might govern if elected president of the United States.

Trump is listed as the president of the foundation in the charity’s annual disclosures, and his children Donald Trump Jr., Eric Trump, and Ivanka Trump are all listed as directors. Foundations like theirs are exempt from paying taxes, and as such are barred from engaging in political causes.

“A 501(c)(3) [nonprofit organization], like the Trump Foundation, is strictly prohibited from engaging in political activity. On its tax forms, the Foundation told the IRS that it does not,” said Jordan Libowitz, a spokesman for Citizens for Responsibility and Ethics in Washington (CREW).

But in key early primary states this year, Trump handed out Foundation checks to charities at campaign rallies. This also calls into question “whether the foundation provided the campaign with an illegal in-kind contribution by providing services for what was a campaign event. Under the campaign finance laws… providing anything of value to a campaign for free or at less than fair market value is a contribution to the campaign,” said Larry Noble, the general counsel at the Campaign Legal Center.

And in 2013, the Trump Foundation donated $25,000 to a political organization supporting Florida Attorney General Pam Bondi—an action the foundation is prohibited from taking, and which it failed to report on its disclosures.

The Trump campaign blamed this failure on clerical mistakes, but legal experts are sounding the alarm because at the time Bondi was reviewing complaints surrounding the businessman’s controversial Trump University project.

Both the contribution to Bondi and the overlap between the Trump campaign and his charity should be publicly examined, government watchdogs said.

“This should be investigated. There are troubling legal issues posed in both circumstances,” said Richard Skinner, a money-in-politics policy analyst at the Sunlight Foundation. “There is definitely [use of] a charitable foundation in an inappropriate way.”

Noble, the general counsel at the Campaign Legal Center, added that the Federal Election Commission and the IRS should both open an investigation into whether any laws were broken.

Notably, Donald Trump has legal expertise at his disposal that would allow him to know better than to put himself at risk for these violations. Donald F. McGahn, a Trump lawyer who works for the firm Jones Day, is a former FEC chairman. McGahn did not respond to The Daily Beast’s requests for comment.

Trump decided to skip the January Fox News GOP debate in protest of Megyn Kelly, whose question at a debate in August prompted an onslaught of criticism from Trump and his supporters. He held a charity event for veterans instead, during which he claimed to have raised $6 million. (After much prodding from reporters, and months of delay, he accounted for $5.6 million of the original figure.)

This money was disbursed gradually, and the involvement of the foundation was clear. At multiple campaign rallies this year, the businessman handed out Trump Foundation checks to veterans’ charities.

“It would be one thing to raise money for the charity and send it to them. But if receiving the contribution was dependent on attending the campaign event, it looks like the purpose of the whole thing was to support the campaign,” Noble said. “It raises serious questions when you make a charity part of your campaign event. It could create legal problems for both the campaign and the charity.”

On Jan. 30, with Liberty University President Jerry Falwell Jr. by his side at a campaign rally in Davenport, Iowa, Trump presented a $100,000 Trump Foundation check to Puppy Jake, a charity which supports veterans by providing service dogs.

Puppy Jake’s executive director, Becky Beach, told The Daily Beast that the Trump campaign had been in touch with her about the Trump Foundation’s contributions.

“They called me on the phone,” Beach said, but she could not remember who on the campaign her organization had coordinated with to organize their rally appearance. It was likely an “advance guy” from the Trump campaign, she said.

The next day, the day before the Iowa caucuses, the founder of Support Siouxland Soldiers, another vets charity, appeared on stage with Trump at a Sioux City campaign rally to accept a $100,000 Trump Foundation check.

Support Siouxland Soldiers executive director Sarah Petersen told The Daily Beast that she had been in touch with a Trump staffer named Hope, and provided the phone number they used in order to discuss the donation. The phone number matches up with the campaign’s listed number for Hope Hicks, the Trump campaign’s spokeswoman.

In New Hampshire, those in Trump’s orbit tried to organize a similar rally. They reached out to Keith Howard, the executive director of a local vets charity called Liberty House.

Earlier this year, Howard told The Daily Beast he received a call from a figure affiliated with the Trump campaign, who said that Trump would like to present them with a six-figure check at a Londonderry, New Hampshire, rally right before the Granite State’s primary.

Howard, concerned that being presented with money by a political candidate at a political rally might jeopardize his charity’s nonprofit status, called an expert in the state’s attorney general’s office, who confirmed his suspicions.

Howard declined to attend the rally, and Trump instead presented the check to a New Hampshire state representative who advised him on veterans issues. The state representative ultimately passed those funds along to Howard’s group, without the fanfare.

More recently, following pressure from the press to account for the $6 million he supposedly raised, the Trump campaign announced donations to 20 additional charities. Nine of them, all of which received checks from the Trump Foundation, responded to The Daily Beast’s inquiries. Representatives for each organization said they were neither in contact with the Trump campaign nor were asked to appear at campaign rallies.

The Daily Beast’s attempts to contact the Trump Foundation suggest that the charity exists largely on paper. A phone call to the number listed on the Trump Foundation’s annual disclosures led to a staffer for the Trump Organization, the umbrella group for Trump’s business dealings. Multiple phone calls to the organization failed to yield contact with a foundation staffer.

At one point, a Daily Beast reporter was told that Hicks, Trump’s campaign spokesperson, was responsible for media inquiries related to the foundation. During a second phone call, the reporter was told to contact Justin McConney, who supposedly handles the foundation’s account and donations. Calls and emails to McConney—whose official title is director of new media for the Trump Organization—went unreturned.

McConney also works on the Trump campaign—a January report questioned whether he was being paid fair market value for his work, as he split time between the Trump Organization and the Trump campaign.

The Trump campaign and the Trump Organization did not respond to a request for comment.

The Trump Foundation is already under a microscope.

CREW has filed a complaint against the Trump Foundation over the contribution to Bondi in March, claiming that the charity made an illegal political donation and failed to disclose it to the IRS; and Florida State Sen. Dwight Bullard has written to U.S. Attorney General Loretta Lynch, asking for the Justice Department to investigate the donation.

“Trump apparently does not understand either [the Federal Election Campaign Act] or the tax code and seems to have encouraged both organizations to cross the line,” said Craig Holman, a government affairs lobbyist at the consumer rights group Public Citizen.

When the foundation’s activity crosses over into politics, Holman said, it poses a potential violation of the FECA, which prohibits campaign coordination with outside groups that are not subject to political contribution limits and disclosure requirements.

Philip Hackney, a law professor who spent five years working for the IRS’s chief counsel, said the apparent coordination between the foundation and the campaign was “unwise” because it could put his foundation—and its tax-exempt status—in jeopardy.

The Bondi donation is probably sufficient evidence for the IRS to open an audit into the Trump Foundation, Hackney told The Daily Beast, adding that Trump himself could be subjected to extra taxes.

“I don’t know that they’ll even audit him,” Hackney said. “I think it’s dangerous, particularly politically for them right now, to audit in this realm. That bothers me, given what I see in this particular case, but I don’t know that the IRS has another choice in some ways.”

 

How Terrorists use Encryption

 

How Terrorists Use Encryption

June 16, 2016

CTC: Abstract: As powerful encryption increasingly becomes embedded in electronic devices and online messaging apps, Islamist terrorists are exploiting the technology to communicate securely and store information. Legislative efforts to help law enforcement agencies wrestle with the phenomenon of “going dark” will never lead to a return to the status quo ante, however. With the code underlying end-to-end encryption now widely available, unbreakable encryption is here to stay. However, the picture is not wholly bleak. While end-to-end encryption itself often cannot be broken, intelligence agencies have been able to hack the software on the ends and take advantage of users’ mistakes.

Counterterrorism officials have grown increasingly concerned about terrorist groups using encryption in order to communicate securely. As encryption increasingly becomes a part of electronic devices and online messaging apps, a range of criminal actors including Islamist terrorists are exploiting the technology to communicate and store information, thus avoiding detection and incrimination, a phenomenon law enforcement officials refer to as “going dark.”

Despite a vociferous public debate on both sides of the Atlantic that has pitted government agencies against tech companies, civil liberties advocates, and even senior figures in the national security establishment who have argued that creation of “backdoors”[1] for law enforcement agencies to retrieve communications would do more harm than good, there remains widespread confusion about how encryption actually works.[a]

Technologists have long understood that regulatory measures stand little chance of rolling back the tide. Besides software being written in other countries (and beyond local laws), what has not been fully understood in the public debate is that the “source code” itself behind end-to-end encryption is now widely available online, which means that short of shutting down the internet, there is nothing that can be done to stop individuals, including terrorists, from creating and customizing their own encryption software.

The first part of this article provides a primer on the various forms of encryption, including end-to-end encryption, full device encryption, anonymization, and various secure communication (operational security or opsec) methods that are used on top of or instead of encryption. Part two then looks at some examples of how terrorist actors are using these methods.

Part 1: Encryption 101 

End-to-End Encryption
A cell phone already uses encryption to talk to the nearest cell tower. This is because hackers could otherwise eavesdrop on radio waves to listen in on phone calls. However, after the cell tower, phone calls are not encrypted as they traverse copper wires and fiber optic cables. It is considered too hard for nefarious actors to dig up these cables and tap into them.

In a similar manner, older chat apps only encrypted messages as far as the servers, using what is known as SSL.[b] That was to defeat hackers who would be able to eavesdrop on internet traffic to the servers going over the Wi-Fi at public places. But once the messages reached the servers, they were stored in an unencrypted format because at that point they were considered “safe” from hackers. Law enforcement could still obtain the messages with a court order.

Newer chat apps, instead of encrypting the messages only as far as the server, encrypt the message all the way to the other end, to the recipient’s phone. Only the recipients, with a private key, are able to decrypt the message. Service providers can still provide the “metadata” to police (who sent messages to whom), but they no longer have access to the content of the messages.

The online messaging app Telegram was one of the earliest systems to support end-to-end encryption, and terrorists groups such as the Islamic State took advantage.[2] These days, the feature has been added to most messaging apps, such as Signal, Wickr, and even Apple’s own iMessage. Recently, Facebook’s WhatsApp[3] and Google[4] announced they will be supporting Signal’s end-to-end encryption protocol.

On personal computers, the software known as PGP,[c] first created in the mid-1990s, reigns supreme for end-to-end encryption. It converts a message (or even entire files) into encrypted text that can be copy/pasted anywhere, such as email messages, Facebook posts, or forum posts. There is no difference between “military grade encryption” and the “consumer encryption” that is seen in PGP. That means individuals can post these encrypted messages publicly and even the NSA is unable to access them. There is a misconception that intelligence agencies like the NSA are able to crack any encryption. This is not true. Most encryption that is done correctly cannot be overcome unless the user makes a mistake.

Such end-to-end encryption relies upon something called public-key cryptography. Two mathematically related keys are created, such that a message encrypted by one key can only be decrypted by the other. This allows one key to be made public so that one’s interlocutor can use it to encrypt messages that the intended recipient can decrypt through the private-key.[d] Al-Qa`ida’s Inspire magazine, for example, publishes its public-key[5] so that anyone using PGP can use it to encrypt a message that only the publishers of the magazine can read.

Full Device Encryption
If an individual loses his iPhone, for example, his data should be safe from criminals.[e] Only governments are likely to have the resources to crack the phone by finding some strange vulnerability. The FBI reportedly paid a private contractor close to $1 million to unlock the iPhone of San Bernardino terrorist Syed Rizwan Farook.[6]

The reason an iPhone is secure from criminals is because of full device encryption, also full disk encryption. Not only is all of the data encrypted, it is done in a way that is combined or entangled[7] with the hardware. Thus, the police cannot clone the encrypted data, then crack it offline using supercomputers to “brute-force” guess all possible combinations of the passcode. Instead, they effectively have to ask the phone to decrypt itself, which it will do but slowly, defeating cracking.[f]

Android phones work in much the same manner. However, most manufacturers put less effort into securing their phones than Apple. Exceptions are companies like Blackphone, which explicitly took extra care to secure their devices.

Full disk encryption is also a feature of personal computers. Microsoft Windows comes with BitLocker, Macintosh comes with FileVault, and Linux comes with LUKS. The well-known disk encryption software TrueCrypt works with all three operating systems as does a variation of PGP called PGPdisk. Some computers come with a chip called a TPM[g] that can protect the password from cracking, but most owners do not use a TPM. This means that unless they use long/complex passwords, adversaries will be able to crack their passwords.

CIA Brennan’s Chilling Statements in Testimony

Update, Jo Cox died of her injuries from the terror attack. See below.

NYPost: CIA Director John Brennan told Congress on Thursday that the Islamic State remains “formidable” and “resilient,” is training and attempting to deploy operatives for further attacks on the West and will rely more on guerrilla-style tactics to compensate for its territorial losses in the Middle East.

Giving the Senate intelligence committee an update on the threat from extremists, Brennan said IS has been working to build an apparatus to direct and inspire attacks against its foreign enemies, as in the recent attacks in Paris and Brussels — ones the CIA believes were directed by IS leaders.

“ISIL has a large cadre of Western fighters who could potentially serve as operatives for attacks in the West,” Brennan said, using another acronym for the group. He said IS probably is working to smuggle them into countries, perhaps among refugee flows or through legitimate means of travel.

Brennan also noted the group’s call for followers to conduct so-called lone-wolf attacks in their home countries. He called the attack in Orlando a “heinous act of wanton violence” and an “assault on the values of openness and tolerance” that define the United States as a nation.

Brennan said the CIA is sharing intelligence with the FBI to help identify potential lone-wolf attackers, but the CIA’s responsibility is to gather information about operations overseas.

More Islamic State fighters worldwide than al Qaeda at its height: CIA director

Reuters: The director of the U.S. Central Intelligence Agency, John Brennan, said on Thursday there were tens of thousands of Islamic State fighters around the world, more than al Qaeda at its height.

He also told a Senate Intelligence Committee hearing that the agency was concerned about the growth of Libya as a base of operations for Islamic State militants, who had 5,000-8,000 fighters there, although the group’s fighters in Iraq and Syria had dropped to 18,000 to 22,000 from 19,000 to 25,000.

“I am concerned about the growth of Libya as another area that could serve as the basis for ISIL to carry out attacks inside of Europe… that is very concerning,” Brennan said, using an alternative acronym for the Islamic State militant group.

Questioned about the broader crisis, Brennan told lawmakers he believed the government of Syrian President Bashar al-Assad had been strengthened with Russia’s support.

“A year ago, (Assad) was on his back foot as the opposition forces were carrying out operations that were really degrading the Syrian military. He is in a stronger position than he was in June of last year” as a result of Russian support, Brennan said.

Just two days ago, Obama held a national security team meeting and then a presser stating the major gains being made against Islamic State. When the same day, MSNBC questions that statement from an on the ground in Turkey, we know we are being oversold on this national security threat.

***** Meanwhile, during this ridiculous gun control debate as a solution to terrorists, it seems that a knife and a gun was used in an attack on a member of the UK Parliament. Europe has exceptionally tight gun control laws.

Labour MP Jo Cox in critical condition after being shot and stabbed

Guardian: Jo Cox, the MP for Batley and Spen, is in a critical condition after being shot and stabbed multiple times in her West Yorkshire constituency.

Armed officers responded to the attack near a library in Birstall on Thursday afternoon, and a 52-year-old man was arrested in the area, police confirmed.

Jo Cox, the Labour MP for Batley and Spen.

They added that the Labour politician had suffered “serious injuries and is in a critical condition”. She has been taken by helicopter to Leeds general infirmary.

Police also confirmed a man in his late 40s to early 50s nearby suffered slight injuries in the incident.

Witnesses said the attack was launched after the MP became involved in an altercation involving two men near her weekly advice surgery. A Labour source confirmed Cox was shot and stabbed after she had concluded the drop-in session for constituents at around 1pm.

The scene pictures in Birstall, West Yorkshire.

The shopkeeper in a greengrocer opposite Birstall Library, Golden D’Licious, told the Guardian that he believed the attacker had been waiting for the MP outside the library.

“I was inside the shop and all I heard was a scream and then the gunshot,” he said, without giving his name. “I went out and everyone was dispersing. I couldn’t see because it happened behind a car.”

But witness Hithem Ben Abdallah, 56, who was in the cafe next door to the library shortly after 1pm, said he the MP involved in an altercation between two arguing men.

He told PA a man in a baseball cap “suddenly pulled a gun from his bag” and after a brief scuffle with another man the MP became involved.

He added: “He was fighting with her and wrestling with her and then the gun went off twice and then she fell between two cars and I came and saw her bleeding on the floor.”

 

Police close to the scene in Birstall, Yorkshire.

Belgium Warnings of Imminent Terror Attacks

      FBL-EURO-2016-SECURITY-FAN-ZONE

By AFP Belgium, France face ‘imminent’ terror attacks — report

A Belgian soldier patrols the shopping centre City2 in central Brussels, Belgium, on Wednesday (Reuters photo)

JordanTimes: BRUSSELS — A fresh wave of Daesh terror group’s militants has left Syria and could commit attacks imminently in France and Belgium, Belgian police have been warned, according to media reports on Wednesday.

“Fighters traveling without passports left Syria about a week and a half  ago in order to reach Europe by boat via Turkey and Greece,” a memo sent to police and security services across Belgium said, according to La Derniere Heure newspaper.

The militants were traveling armed and plan to carry out attacks in groups of two the memo is reported to have said.

Their action is imminent,” the memo added, without giving the total of suspected attackers.

Belgium’s OCAM national crisis centre in a statement did not deny the report, but said the information needed to be looked at further.

The information reported by the media “is non-contextualised and, as such, has not made a direct impact on the current level of threat” in Belgium.

Belgium’s terror alert is currently at the second-highest level of three, which means a threat is possible and likely.

Belgium is still reeling from Daesh suicide bombings at Brussels airport and on the city’s metro on March 22 which killed 32 people and wounded hundreds more.

They came five months after militants, many of them from Brussels, carried out gun and bombing attacks in Paris on November 13, killing 130 people and wounding hundreds more.

France, which is hosting the Euro 2016 football championships, is on maximum alert after an assailant previously convicted for jihadism killed a police officer and his partner on Monday.

The attacker told police negotiators before being gunned down that he had sworn loyalty to Daesh three weeks earlier.

It was not immediately clear how seriously French and Belgian authorities were treating the threat. French authorities told local newspapers that such warnings are relatively common.

“According to the information received, these people could already in be in possession of the necessary weapons and their action could be imminent,” the alert said, according to the Belgian Dernière Heure newspaper.

The attackers were expected to split into two groups, one heading toward France and the other toward Belgium, and to conduct attacks in pairs, the alert said. It offered no details on the basis of the information.

Belgian counterterrorism police declined to comment. Belgium’s security threat coordination center has not raised its threat level, which is currently set at three out of four levels, with the fourth being the expectation of an imminent attack.

The group was planning to travel from Syria into Europe via boat from Turkey to Greece, without passports, according to the alert.

Possible Belgian targets include a Brussels shopping center, an American fast-food chain and a police station, the newspaper reported.

On Monday, an attacker claiming loyalty to the Islamic State killed a police captain and his partner, who worked at a police department outside Paris. The assailant was killed in a police raid.

Amid numerous public memorials for the slain couple, President François Hollande called for international unity to face a “long war” against terrorism.

This battle, he said in an address at the Elysee Palace, is “not just in a few countries but in the world. Everyone can be concerned.”

In an interview on France Inter radio, French Prime Minister Manuel Valls predicted the fight could take decades.

“Other innocent people will die,” Valls said. “It is very hard to say. People can accuse me — and I completely understand — of making the society even more fearful than it already is today with these events. But, unfortunately, this is the reality. It will take a generation.”

Officials added that it was unclear whether there was any link to the murder of a senior policeman and his partner on Monday by a man who pledged allegiance to IS.