targeting – Techdirt (original) (raw)

Biden, DOJ Say No More Targeting Journalists, But Aren't Doing Anything To Keep It From Happening Again

from the first-step-toward-doing-better-is-actually-doing-something dept

The tail end of the Bill Barr/Donald Trump DOJ has been marred (I mean… more so…) by a quick succession of reports detailing its targeting of journalists’ communications in order to sniff out the source of leaks.

The Trump Administration was plagued by leaks and Trump suggested it would be cool if the FBI would go after some journalists. The FBI apparently also thought this was cool. And so the DOJ sent out subpoenas demanding information about phone calls and emails and pinned gag orders to them, keeping targeted journalists from being notified the government was trying to obtain these records.

The targets were journalists employed at the papers on the top of Trump’s shit list: the New York Times and the Washington Post. (The DOJ also targeted a CNN journalist.) And, in a weird twist loaded with the same First Amendment concerns, the FBI tried to obtain records pertaining to readers of a USA Today article about the killing of two FBI agents during a child porn raid.

After the first couple of revelations, President Joe Biden said the DOJ would no longer target journalists.

When asked if Biden would prevent his Justice Department from seeking reporters’ phone records, Biden responded: “I won’t let that happen.”

Unfortunately for Biden, the DOJ’s rules absolutely permit it to target journalists. It has done so for years and made quite the negative impression during the Obama years, assisting an administration nearly as interested in hunting down leakers and whistleblowers as Donald Trump’s.

Biden’s statement suggested his DOJ would do things differently, but the DOJ hadn’t actually said anything at that point, and was, in fact, carrying on with some of the Trump DOJ’s secretive targeting of journalists. As late as March of this year, the DOJ was still seeking New York Times’ journalists’ records while swearing the NYT’s legal counsel to secrecy.

The DOJ finally stated it wouldn’t target journalists a few days after Biden said he wouldn’t allow it. The DOJ’s spokesperson said the DOJ respected the First Amendment and the free press. But it’s apparently a newfound respect, rather than a respect the DOJ has always held.

All well and good except that neither the DOJ nor President Joe Biden have done anything other than say the things that have happened for years will no longer be happening. There hasn’t been much action. Margaret Sullivan of the Washington Post points out that all anyone’s been given are assurances that will remain empty until someone in the administration is willing to do something about it.

In an opinion piece published over the weekend, Washington Post Publisher Fred Ryan argued that the revelations of recent weeks demonstrate that the Biden administration actually intensified the assault on First Amendment rights before backing down.

He described how, after The Post learned of subpoenas to obtain email information and home, cell and office telephone records of three Post reporters from 2017, the paper’s leadership demanded answers and a meeting with the attorney general — and have so far received none.

Getting some face time with the DOJ would be a good start. But the DOJ isn’t going to ditch something it finds useful — or, at least, convenient — when engaging in leak investigations. It will continue to target journalists unless it makes it impossible to do so.

Sullivan says the DOJ’s Inspector General needs to look into this and publish the findings. More essential, though, is establishing solid deterrents. The DOJ may say it will no longer target journalists, but without meaningful consequences in place for those who violate this promise, it will continue to happen. Suspensions, firings, demotions: these should all be options when prosecutors and investigators cross the line.

Biden and his DOJ need to be better at this than their predecessors. But not just a little better. The DOJ should make this standard operating procedure going forward. And it needs to lock these rules in, preventing future administrations from deciding Constitutional rights are just privileges that can be waived whenever investigators are trying to figure out where the federal government has sprung a leak.

Filed Under: 1st amendment, 4th amendment, doj, journalists, targeting

Twitter About To Be Hit With A ~$250 Million Fine For Using Your Two Factor Authentication Phone Numbers/Emails For Marketing

from the good dept

There are many things that big internet companies do that the media have made out to be scandals that aren’t — but one misuse of data that I think received too little attention was how both Facebook and later Twitter were caught using the phone numbers people gave it for two factor authentication, and later used them for notification/marketing purposes.

In case you’re somehow unaware, two-factor authentication is how you should protect your most important accounts. I know many people are too lazy to set it up, but please do so. It’s not perfect (Twitter’s recent big hack routed around 2FA protections), but it is many times better than just relying on a username and password. In the early days of 2FA, one common way to implement it was to use text messaging as the second factor. That is, when you tried to login on a new machine (or after a certain interval of time), the service would have to text you a code that you would need to enter to prove that you were you.

Over time, people realized that this method was less secure. Many hacks involved people “SIM swapping” (using social engineering to have your phone number ported over to them), and then getting the 2FA code sent to the hacker. These days, good 2FA usually involves using an authenticator app, like Google Authenticator or Twilio’s Authy or even better a physical key such as the Yubikey or Google’s Titan Key. However, many services and users have stuck with text messaging for 2FA because it’s the least complex for users — and the issue with any security practice is that if it’s not user-friendly, no one will use it, and that doesn’t do any good either.

But using phone numbers given for 2FA purposes for notifications or marketing is really bad. First of all, it undermines trust — which is the last thing you want to do when dealing with a security mechanism. People handed over these phone numbers/emails for a very specific and delineated reason: to better protect their account. To then share that phone number or email with the marketing team is a massive violation in trust. And it serves to undermine the entire concept of two factor authentication, in that many users will become less willing to make use of 2FA, fearing how the numbers might be abused.

As we noted when Facebook received the mammoth $5 billion fine from the FTC a year ago, while the media focused almost entirely on the Cambridge Analytica situation as the reason for the fine, if you actually read the FTC’s settlement documents, it was other things that really caused the FTC to move, including Facebook’s use of 2FA phone numbers for marketing. We were glad that Facebook got punished for that.

And now it’s Twitter’s turn. Twitter has revealed that the FTC is preparing to fine the company 150millionto150 million to 150millionto250 million for this practice — noting that it violated the terms of an earlier consent decree with the FTC in 2011, where the company promised not to mislead users about how it handled personal information. Yet, for years, Twitter used the phone numbers and emails provided for 2FA to help target ads (basically using the phone number/email as an identifier for targeting).

There’s no explanation for this other than really bad handling of data at Twitter, and the company should be punished for it. There are many things I think Twitter gets unfairly blamed for, but a practice like this is both bad and dangerous, and I’m all for large fines from the FTC to convince companies to never do this kind of thing again.

Filed Under: 2fa, ftc, marketing, notifications, privacy, security, targeting, two factor authentication
Companies: twitter

How Most Of The Anti-Internet Crew Misread The News That The NY Times Is Getting Rid Of 3rd Party Advertisers

from the now-they're-doing-the-same-thing-as-facebook dept

One of the most frustrating aspects of discussing the internet, business models, and privacy is how many otherwise intelligent people continue to insist that Google and Facebook are “selling your data.” It’s a concept that is widely considered accurate, but has never been true. It’s so ridiculous that it leads to silly Congressional exchanges between elected officials who are sure the tech companies are selling data, and the people from those companies themselves. Doing targeted advertising is not selling data. There are many, many things you can reasonably and accurately complain about regarding big internet companies and their use of data, but “selling” the data is not one of them.

As a refresher: the way targeted advertising works is that an advertiser agrees to place an ad and uses whatever system to target those ads to particular groupings of people, as set up by the ad platform. So, if you want to advertise to grumpy bloggers in their mid-40s, you can find a way to have those ads show to that demographic. But the advertiser doesn’t get any data from the platform about anyone. The companies are selling access to highly targeted demographics, but it’s never been selling data.

That doesn’t mean there aren’t other companies that do sell private data. There are. Lots of them. Data brokers, telcos, some ISPs, and even your local DMV have been caught selling your actual data. But for some reason, everyone wants to keep insisting that Google and Facebook also sell data, when they never have, and have always only sold targeted advertising in which the data only goes in one direction, and not back to the advertiser.

Now, that’s all background to the very interesting news that the NY Times is now moving away from using 3rd party advertising services.

The New York Times will no longer use 3rd-party data to target ads come 2021, executives tell Axios, and it is building out a proprietary first-party data platform.

However, it is building out its own targeting platform:

Beginning in July, The Times will begin to offer clients 45 new proprietary first-party audience segments to target ads.

* Those segments are broken up into 6 categories: age (age ranges, generation), income (HHI, investable assets, etc.), business (level, industry, retirement, etc.), demo (gender, education, marital status, etc.) and interest (fashion, etc.) * By the second half of the year, The Times plans to introduce at least 30 more interest segments.

Now, if you understand the ad market, what’s happening here is that the NY Times is building its own version of what Facebook and Google do. This is probably smart for them, because it makes them less reliant on various partners. And, one of the reasons the NY Times is able to do that is because it’s such a large player in the space:

“This can only work because we have 6 million subscribers and millions more registered users that we can identify and because we have a breadth of content,” says Allison Murphy, Senior Vice President of Ad Innovation.

But what was odd is that the usual crew of people who regularly like to slam Facebook and Google… seemed to celebrate this move as if it was somehow antagonistic to Facebook and Google’s practices, and “more privacy protective.”

Yet, again, the NY Times is now doing the same thing that Facebook and Google have done. It’s collecting data on its users, and then using that data to sell access to advertisers. Why is that evil “selling data” when it comes to those other companies by “good” when it’s the NY Times? Look at the segmenting the NY Times already says it’s doing: how exactly is it getting “marital status”? Or income levels? Is that the sort of info you give up to get a NY Times subscription (and if so, who is actually giving that info away?) or is the NY Times collecting that information through other means?

Now, there are some reasonable arguments to be made that in making this move the NY Times will be sending less data back to 3rd party advertisers, but even that is only narrowly true. First of all, the data that flows back to ad networks via publishing partners is already a lot less significant than you might think. It’s just not that much — and unless the NY Times is also going to pull other things like the URL tracking it includes in its “share on Facebook” links, it’s still going to be sending data back to companies like Facebook.

None of this is to say what the NY Times is doing is bad. I think it is a good thing, but it’s more a statement on the terrible state of ad networks today than it is on any big “privacy” effort. Frankly, we’ve been discussing ditching 3rd party ads entirely ourselves over the last few months, but unlike the NY Times, we can’t then set up our own “targeting” operation (nor would we want to), and tragically, very few advertisers are left who will sponsor sites directly based on topic, and without targeting (trust us, we’ve tried for years to find them).

But it is quite silly for the people who have been hating on Facebook to now cheer on the NY Times doing the same thing that Facebook has done as if it’s somehow different.

Filed Under: 1st party advertising, 3rd party advertising, ads, market segmentation, privacy, selling data, targeting
Companies: facebook, google, ny times

Study Shows Facebook's Still Miles Away From Taking Privacy, Transparency Seriously

from the ill-communication dept

Fri, Sep 28th 2018 06:34am - Karl Bode

If the entire Cambridge Analytica scandal didn’t make that clear enough, Facebook keeps doubling down on behaviors that highlight how security and privacy routinely play second fiddle to user data monetization. Like the VPN service Facebook pitches users as a privacy and security solution, but is actually used to track online user behavior when they wander away from Facebook to other platforms. Or that time Facebook implemented two-factor authentication, only to use your provided (and purportedly private) number to spam users (a problem Facebook stated was an inadvertent bug).

This week, a new report highlighted how Facebook is letting advertisers market to Facebook users by using contact information collected in surprising ways that aren’t entirely clear to the end user, and, according to Facebook, aren’t supposed to work. That includes not only private two-factor authentication contact info users assume to be private, but data harvested from other users about you (like secondary e-mail addresses and phone numbers not directly provided to Facebook). The findings come via a new report (pdf) by Northeastern University’s Giridhari Venkatadri, Alan Mislove, and Piotr Sapiezynski and Princeton University’s Elena Lucherini.

In it, the researchers highlight how much of the personally identifying information (PII) data collected by Facebook still isn’t really explained by Facebook outside of painfully generic statements. This data in turn can be used to target you specifically with ads, and there’s virtually no transparency on Facebook’s part in terms of letting users see how this data is being used, or providing fully operational opt out systems:

“Worse, we found no privacy settings that directly let a user view or control which PII is used for advertising; indeed, we found that Facebook was using the above PII for advertising even if our control account user had set the existing PII-related privacy settings on to their most private configurations. Finally, some of these phone numbers that were usable to target users with did not even appear in Facebook?s ?Access Your Data? feature that allows users to download a copy of all of their Facebook data as a ZIP file.

Again, this includes the use of two-factor authentication (2FA) credentials that Facebook has previously stated aren’t supposed to be used for marketing purposes. It’s something that Facebook has repeatedly claimed doesn’t happen:

“Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it.

User efforts to glean more transparency from Facebook haven’t fared well either, even in the UK where the GDPR was supposed to have put an end to this kind of cavalier treatment of user data:

“I?ve been trying to get Facebook to disclose shadow contact information to users for almost a year now. But it has even refused to disclose these shadow details to users in Europe, where privacy law is stronger and explicitly requires companies to tell users what data it has on them. A UK resident named Rob Blackie has been asking Facebook to hand over his shadow contact information for months, but Facebook told him it?s part of ?confidential? algorithms, and ?we are not in a position to provide you the precise details of our algorithms.”

And again, this is a company in the wake of several major privacy scandals, attempting to avoid heavy-handed privacy regulations on both the state and federal level, making you wonder what it looks like when Facebook truly doesn’t give a damn.

Filed Under: ad targeting, privacy, targeting, transparency, two factor authentication
Companies: facebook

Court Catches ICE In A Lie As It Tries To Vanish A Mexican Journalist And Immigration Policy Critic

from the FOIA-to-the-rescue dept

A lot of talk about “bad hombres” and former “shithole” denizens raping, pillaging, and terrorizing their way through our country has led to a lot of beefed-up immigration enforcement. ICE, once just a post-9/11 also-ran relegated to counterfeit panty raids and seizing sites the RIAA didn’t like, is now front and center. It is the face of immigration enforcement and it’s the agency that’s decided a handful of executive orders outweigh the Constitutional rights we extend to asylum seekers and other entrants into this country.

Lots of rights go violated in the case of Mexican journalist Emilio Gutierrez-Soto. Gutierrez entered the country with his son, Oscar, in June 2008. He made credible claims his life would be in danger if he was returned to Mexico, stating that his house had already been raided at least once by Mexican military police, presumably in retaliation for his reporting. He was detained for seven months and separated from his son while asylum proceedings continued. After being released, he reunited with his son and other members of his family.

The proceedings dragged on. Gutierrez made a living operating a food truck while nothing much got adjudicated. He also criticized the US’s immigration policies and procedures as being unnecessarily punitive, especially considering the country’s history of welcoming immigrants. He noted the extremely odd handling of asylum cases like his, where people seeking refuge from persecution are tossed into a jail or detainment center for months or years while the courts slowly make their way through their case backlog.

Gutierrez didn’t receive a final decision on his asylum request for almost a decade. That’s when things started going very badly.

In July 2017, immigration judge Robert Hough finally ruled on his nine-year-old asylum claim. Hough ruled that Gutiérrez did not present sufficient evidence to prove that he was targeted for his journalistic work or that his life would be in danger if he returned to Mexico.

This meant Gutierrez would be sent back to Mexico despite building a life for nine years without incident on this side of the border. He could still appeal the decision but he would have to wait for ICE to make its own call on deportation. The bureaucracy requires a final determination from ICE before an asylum seeker can seek an emergency stay from the Bureau of Immigration Affairs. Before meeting with ICE to get its final decision, Gutierrez issued his own parting shot.

On October 4, 2017, Gutiérrez accepted the National Press Club’s prestigious John Aubuchon award on behalf of all Mexican journalists. During his acceptance speech at the club’s black-tie awards gala in Washington, D.C., Gutiérrez accused the U.S. government of hypocrisy for advocating for human rights abroad while denying them at home. Gutiérrez was particularly critical of the United States’ asylum policies.

“Those who seek political asylum in countries like the U.S. encounter the decisions of immigration authorities that barter away international laws,” he said.

ICE told Gutierrez and his legal rep it would consult with the BIA before making a decision. It never did this. In fact, it tossed him and his son into a vehicle and began driving them toward the border within moments of denying a stay to Gutierrez. Gutierrez had the right to stay in the country until the BIA made a final determination but ICE ignored this. It also decided to lock the two asylum seekers up after the BIA issued its emergency stay.

Before Gutiérrez could be handed over to the Mexican government, the BIA called [attorney Eduardo] Beckett back with good news — Gutiérrez and Oscar had been granted an emergency stay of deportation. Beckett immediately called ICE and told them to bring Gutiérrez and Oscar back. The agency refused. The BIA’s emergency order might have prevented ICE from deporting Gutiérrez and his son, but it did not prevent the agency from detaining them.

ICE agents took Gutiérrez and Oscar to an immigration detention facility. They would remain in ICE detention for nearly eight months, and Gutiérrez’s food truck would be stolen while he was still detained.

This is where things get even more fucked up. On top of the additional detention, FOIA’ed emails showed ICE targeted Gutierrez for deportment even before his case had received a final ruling from the court and while it was supposed to be targeting the “worst of the worst” for immediate ejection. The presiding judge noted ICE’s lie in his ruling.

“Respondents [ICE] contend that they detained Petitioners [Gutierrez-Soto and his son] based on a warrant issued after the removal order issued by the immigration judge became final in August 2017,” Guaderrama wrote in a July 10 decision. “However, the emails between ICE officials undermine Respondents’ argument. The emails show that ICE officials were already targeting Mr. Gutierrez-Soto in February 2017. … This is significant because it is before the immigration judge issued the removal order in July 2017, which became final in August 2017.”

The judge also found this to be “sufficient evidence” Gutierrez was targeted for his comments about immigration policies and ICE. Rather than continue to fight this lawsuit after stacking the deck against itself by lying to the court, ICE agreed to release Gutierrez and his son.

Unfortunately, ICE may still get another chance to deport a critic. Unbelievably, Gutierrez’s asylum case still isn’t completely resolved. His appeal has been granted given the new evidence ICE targeted him for removal prior to a final judicial decision and quite possibly because they didn’t like his exercising his First Amendment rights. If the judge decides Gutierrez can’t prove he’ll be persecuted by Mexican authorities if he’s forced to return to Mexico, his asylum request will be denied. ICE may still get what it wants even after violating the asylum seeker’s rights multiple times over the last several years.

ICE is an inordinately powerful agency. It has been for years, but it’s now the right arm of an administration obsessed with rooting foreigners out and closing our borders. Its excesses will be excused with garbled talking points and MS-13 infographics. This single incident shows it’s willing to ignore federal courts when not lying to them in order to punish a critic. If this is what it does during a publicized case, there are likely hundreds of similar abuses taking place that will go undiscovered.

Filed Under: asylum, critics, deportation, emilio gutierrez-soto, foia, free speech, ice, journalism, journalists, lies, targeting

How Facebook's Racial Segmentation Is Helping Trump Campaign Try To Suppress African American Voting

from the where-are-the-adults dept

Earlier this week, Bloomberg had a fairly revealing article about the internal digital efforts of the Donald Trump campaign, in which Bloomberg reporters embedded for a few days. The whole article is quite interesting, but one of the most stunning parts, frankly, was the Trump campaign staffers directly admitting how they are actively trying to suppress voting by African Americans. It’s no secret that a variety of new voter ID laws are designed to suppress voting — especially among minorities. When North Carolina’s voter ID law was struck down by the court, the judge pointed out how the legislators that had backed it had explicitly targeted rules that would suppress votes among African Americans. They had requested “racial data” concerning voter ID and then specifically targeted the types of ID more commonly used by African Americans.

In her remarkable opinion, Judge Motz strongly suggests that North Carolina?s law was indeed racist. The day following the release of Shelby County, she noted, a GOP leader in the state legislature announced his intention to write a law that the feds would have no authority to vet before it went into effect. Like laws in other Republican states, the North Carolina bill imposed a tough new photo-ID requirement. But it did much more: the law eliminated same-day voter registration and pre-registration for high-school students about to turn 18, curtailed early voting by one week and banned out-of-precinct voting.

Each of these new rules disproportionately impacted black voters seeking to exercise the franchise, as legislators in North Carolina were well aware. ?[P]rior to enactment? of the law, the Fourth Circuit explained, ?the legislature requested and received racial data as to usage of the practices changed by the proposed law.? Released from the obligation to clear their law with the Justice department and ?with race data in hand, the legislature amended the bill to exclude many of the alternative photo IDs used by African Americans.? Photo IDs used more often by black voters, including public assistance IDs, were removed from the list of acceptable identification, while IDs issued by the Department of Motor Vehicles?which blacks are less likely to have?were retained. Cutting the first week of early voting came in reaction to data showing that the first seven days were used by large numbers of black voters, nixing one Sunday on which churches would bus ?souls-to-the-polls?. Banning same-day registration, too, had an outsize effect on blacks, as did the prohibition on out-of-precinct voting: both changes made voting harder for people who had recently moved, and blacks are more itinerant than whites.

That, alone, was pretty stunning, but they still tried to pretend in public that the law wasn’t about suppressing the vote. However, when put with a Bloomberg reporter, the Trump campaign flat out brags about its efforts to suppress the vote among African Americans. And they’re using extreme targeting on Facebook to do so:

Instead of expanding the electorate, Bannon and his team are trying to shrink it. ?We have three major voter suppression operations under way,? says a senior official. They?re aimed at three groups Clinton needs to win overwhelmingly: idealistic white liberals, young women, and African Americans. Trump?s invocation at the debate of Clinton?s WikiLeaks e-mails and support for the Trans-Pacific Partnership was designed to turn off Sanders supporters. The parade of women who say they were sexually assaulted by Bill Clinton and harassed or threatened by Hillary is meant to undermine her appeal to young women. And her 1996 suggestion that some African American males are ?super predators? is the basis of a below-the-radar effort to discourage infrequent black voters from showing up at the polls?particularly in Florida.

On Oct. 24, Trump?s team began placing spots on select African American radio stations. In San Antonio, a young staffer showed off a South Park-style animation he?d created of Clinton delivering the ?super predator? line (using audio from her original 1996 sound bite), as cartoon text popped up around her: ?Hillary Thinks African Americans are Super Predators.? The animation will be delivered to certain African American voters through Facebook ?dark posts??nonpublic posts whose viewership the campaign controls so that, as Parscale puts it, ?only the people we want to see it, see it.? The aim is to depress Clinton?s vote total. ?We know because we?ve modeled this,? says the official. ?It will dramatically affect her ability to turn these people out.?

Now that’s… interesting (and ridiculous, but we’ll leave that aside for the moment). Of course, every election cycle involves a ton of targeted “negative advertising” that is designed to suppress overall interest in a candidate. But the two things newsworthy here are (1) the fact that the Trump campaign is directly admitting to the intention behind that strategy here, rather than hiding it and (2) the ability to use Facebook to target these kinds of campaigns to a level previously not available.

Facebook, somewhat famously, allows extraordinarily targeted advertising. We’ve played around with it ourselves, and it’s really quite incredible how granular you can go in trying to target your ads. Basically any trait or interest or demographic group that you can think of, you can put into an ad target group. At times, as you dig through the options, it almost feels like it’s just Facebook showing off just how much data and insight it has into its users. It’s a data nerd’s dream, where you can slice and dice billions of people by basically anything.

Of course, it’s somewhat ironic that the Trump campaign is using Facebook to suppress the vote, at the same time that Facebook is patting itself on the back for helping to get out the vote with its voter registration campaign, and, in the past has directly experimented with changing newsfeeds to encourage more voter turnout. Platforms like Facebook can be used for both good and evil.

Either way, sometimes the data nerds (and the advertising folks) have to be reminded of the law. Pro Publica has a pretty damning report out today about the fact that Facebook’s slicing and dicing of targeted advertising also means that you can exclude people by race. They don’t discuss the recent revelations about the Trump campaign’s targeting, but it’s pretty clear that this is how they’re doing that suppression campaign described above. But it also presents potentially serious legal problem in areas where it is illegal to discriminate based on race, such as hiring or housing. And yet, Facebook’s current set up allows users to do just that:

Propublica actually went ahead and bought a housing ad that discriminated based on race.

The Propbulica article quotes a civil rights lawyer who is reasonably horrified by this. But there are some big legal questions. From the data geek side of things, you can easily see how Facebook reached this point, continually slicing up data in more and more ways, without necessarily considering the consequences. But does that make Facebook legally liable for, say, violating the Fair Housing Act? That’s… a much tougher question.

Facebook argues (1) that it’s policies say that advertisers cannot discriminate in illegal ways, and anyone caught doing so will face punishment. (2) Facebook is likely protected by Section 230 of the CDA on this. I say “likely” instead of “definitely” because one of the few cases that cut through the CDA 230 protections is the famous Roommates.com case, which was explicitly about racial discrimination on housing based on Roommates.com ads that violated the Fair Housing Act. However, Facebook has a much stronger argument than Roommates in that case, because part of the issue is that Roommates directly asked users for a racial preference, making it content they had designed, rather than content that the user created. Facebook can (reasonably) argue that it was just offering up millions of ways to slice and dice the data, rather than explicitly calling out racial preference. (3) Facebook says the rules are not based on “race” but “racial affinity.” This is a dumb argument and Facebook should not say it ever again, and possibly apologize for even bringing up such a lame argument in the first place.

Separately, Facebook argues — correctly — that there are lots of cases where advertisers have perfectly legitimate reasons for targeting based on race.

Satterfield said it?s important for advertisers to have the ability to both include and exclude groups as they test how their marketing performs. For instance, he said, an advertiser ?might run one campaign in English that excludes the Hispanic affinity group to see how well the campaign performs against running that ad campaign in Spanish. This is a common practice in the industry.?

That said, there’s simply no reason that Facebook couldn’t put in a system to recognize ads that are in a protected category in which discrimination may be an issue, and either block such usage or at least put a strong warning for the user (and alert the Facebook team to review the ad more carefully — since all ads are reviewed before being put live). It’s not clear that there’s a legal mandate to do so, but it just seems like a good practice in general. I’ve seen lots of people commenting on this story in which they are rightfully horrified about the potential abuse of such a tool, and they’re quick to blame Facebook’s “negligence.” It does seem more like carelessness than negligence, in that you can see how the company got here, as it contined to alow greater and greater targeting attributes, which advertisers really appreciate.

Filed Under: advertising, donald trump, fair housing, racial profiling, section 230, targeting, voter suppression
Companies: facebook

Administration Officials Perform Some Very Public Handwringing Over Extrajudicial Drone Killing

from the the-eternal-martyrdom-of-the-executive-branch dept

The administration has sort of painted itself into a corner with its new rules on drone strikes. It’s apparently seeking to take out a US citizen who has joined al-Qaeda and is “actively plotting” against the US. Multiple issues have arisen, thanks to Obama’s better-late-than-never drone guidelines, which were issued last year to appease the many countries perturbed by the US government’s increasing reliance on drones to take out suspected terrorists.

The CIA drones watching him cannot strike because he’s a U.S. citizen and the Justice Department must build a case against him, a task it hasn’t completed

Four U.S. officials said the American suspected terrorist is in a country that refuses U.S. military action on its soil and that has proved unable to go after him. And President Barack Obama’s new policy says American suspected terrorists overseas can only be killed by the military, not the CIA, creating a policy conundrum for the White House.

Oddly, the DOJ hasn’t completed its case against the targeted American, despite officials (anonymous ones) claiming the man is a “facilitator” who has been “directly responsible” for attacks on Americans overseas. Flimsier cases have floated entire prosecutions (including many, many of the FBI’s homegrown terrorists). It must be the potential stripping of due process (no matter how meaningless that process has been in practice) holding the US back.

It may not even need a case. It may just need to offer sufficient justification for carrying out a death sentence without due process. That’s the sort of thing Rep. Mike Rogers seems to think the US should be doing anyway. His unwavering belief that the US is a country constantly besieged by attackers leaves no room for constitutional nuances like due process. This, along with “transparency” is referred to by Rogers as “red tape.”

Even as the “case” is being built, there are other concerns. As we just covered recently, the NSA aids in tracking down strike targets, but it’s doing so using (no big deal, it’s just) metadata, some of which is less than precise. Those who think they are targets are swapping SIM cards around as quickly as possible to thwart geolocation tracking, which ultimately means the target being killed may not be the person the NSA thinks he/she is.

But moving beyond Rogers’ histrionics and the NSA’s haystacks, these statements by anonymous government officials don’t look like much more than further appeasement. Rules were put in place to make other countries happier and this very public hand wringing looks for all the world like the administration stage-whispering “See how very complicated this is, and how restrained we’re being in response.” Admittedly, stagecraft is a large part of politics, but this particular incident is notable for its overacting.

The government has killed four Americans with drone strikes since 2009, so this open-air discussion has less to do with concerns about following proper steps than it does with letting unhappy foreign nations know how seriously we’re suddenly taking our targeted killing responsibilities. The limitations on drone strikes were a long time coming, and it has taken a sustained uproar over several years to get them implemented. The last time the administration spent any time considering the implications of its hands-off approach to extrajudicial killing was towards the end of Obama’s first term in 2012, when there was the momentary concern that The Bad Guys (the other party) might have the same unfettered access and authority.

As much as the unnamed American might be deserving of punishment for his attacks on Americans, the administration should stick to its self-imposed rules and follow the processes it implemented. And the least it could do is follow the rules without carrying on in public, trying to conjure up some sort of sympathy for the difficult decisions it faces.

Filed Under: barack obama, cia, doj, drones, targeting, us citizens, white house officials

New Whistleblower Reveals NSA Picking Drone Targets Based On Bad Data: 'Death By Unreliable Metadata'

from the but-it's-just-metadata dept

Late last night, the new publication from Laura Poitras, Glenn Greenwald and Jeremy Scahill launched. It’s called The Intercept, and I imagine that it’s going to be a must-follow for a variety of reasons. Its first major article digs deep into the NSA’s role in killing people with drones (often innocent people) based on questionable metadata. Remember how NSA defenders kept insisting that “it’s just metadata” as if that was no big deal? Well, what about when that metadata is being used to kill people?

Just last week, we wrote about Rep. Mike Rogers complaining about new “red tape” that was making it more difficult to indiscriminately kill people with drones. That “red tape” is actually just a new set of guidelines designed to try to prevent more killing of innocent people with drones. This new report highlights how the US government’s infatuation with drones, combined with the NSA’s obsessive collection of metadata, means that drones are frequently used to kill people based on very little evidence that the people being killed are actually terrorist threats.

One noteworthy point about this article: it relies on two new sources, one named, one kept secret, backed up by Snowden documents. That is, it appears that at least one other source (in this case, a recent member of JSOC’s High Value Targeting task force — the group that’s in charge of figuring out who to capture and kill) has come forward to Greenwald and others, calling foul on what the US government is doing. This person was privy to how targets are selected, and it’s pretty scary how little info they’re going on. The fact that the NSA was heavily involved in picking targets was revealed a while back, but this person explains how much those choosing targets rely on bad metadata from the NSA to kill people — often revealed later to be totally innocent.

In one tactic, the NSA “geolocates” the SIM card or handset of a suspected terrorist’s mobile phone, enabling the CIA and U.S. military to conduct night raids and drone strikes to kill or capture the individual in possession of the device.

The former JSOC drone operator is adamant that the technology has been responsible for taking out terrorists and networks of people facilitating improvised explosive device attacks against U.S. forces in Afghanistan. But he also states that innocent people have “absolutely” been killed as a result of the NSA’s increasing reliance on the surveillance tactic.

One problem, he explains, is that targets are increasingly aware of the NSA’s reliance on geolocating, and have moved to thwart the tactic. Some have as many as 16 different SIM cards associated with their identity within the High Value Target system. Others, unaware that their mobile phone is being targeted, lend their phone, with the SIM card in it, to friends, children, spouses and family members.

Some top Taliban leaders, knowing of the NSA’s targeting method, have purposely and randomly distributed SIM cards among their units in order to elude their trackers. “They would do things like go to meetings, take all their SIM cards out, put them in a bag, mix them up, and everybody gets a different SIM card when they leave,” the former drone operator says. “That’s how they confuse us.”

The guy also points out that the metadata is often somewhat questionable in itself:

What’s more, he adds, the NSA often locates drone targets by analyzing the activity of a SIM card, rather than the actual content of the calls. Based on his experience, he has come to believe that the drone program amounts to little more than death by unreliable metadata.

“People get hung up that there’s a targeted list of people,” he says. “It’s really like we’re targeting a cell phone. We’re not going after people – we’re going after their phones, in the hopes that the person on the other end of that missile is the bad guy.”

You would think that someone like Rep. Rogers would be happy that we were trying to improve our targeting and to stop killing innocent people, but apparently making sure the people we target are actually guilty is just too much “red tape.” But it hasn’t stopped these killings. The source in the article notes that the “overwhelming majority” of the strikes they’re doing these days are based almost entirely on the NSA’s signals intelligence.

The report also reveals that the NSA has a program in which the drone itself has what’s basically its own phone cell attached to the drone, in order to better target a particular phone (note: not person, but phone) when dropping a bomb. The report also reveals another program, this one from the CIA, called SHENANIGANS (really), that maps out WiFi networks from the sky and tries to suck up any data it can. When this program was used in Yemen, the mission was called (again, no joke) VICTORYDANCE.

There’s a lot more in the article, which is well worth reading. It’s good to see more sources who are uncomfortable with what the NSA, CIA and others are doing getting in touch with Greenwald and others. It’s also worth noting that this guy claims he tried to raise these issues through the “proper channels” and was rebuffed.

Filed Under: cia, drones, glenn greenwald, jsoc, metadata, nsa, targeting, the intercept

NSA Agents Told To Withhold Target Information From Those In Charge Of Oversight

from the and-the-hits-keep-coming dept

There’s so much information that’s coming out of last night’s Washington Post bombshell that just continues to yield incredible information about what defenders of these programs have been saying as compared to what’s actually happening. Here’s another one. One of the documents released with the report, via Ed Snowden, shows that NSA agents were directly told to give their overseers as little information as possible. The document explains to agents the process for justifying why they were requesting targeting (i.e., a more detailed look concerning an individual or group — not just at that person’s communications, but potentially anyone even remotely connected to them), and makes it clear that they are to give the bare minimum necessary to fulfill their reporting requirements, but not even the slightest bit beyond that. In fact, they’re told to give a single short sentence, and to make sure it includes no “extraneous information.”

The basic premise of this process is to memorialize why you the analyst have requested targeting. This rationale will be provided to our external FISA Amendment Act (FAA) overseers, the Department of Justice and Office of the Director of National Intelligence, for all FAA targeting.

While we do want to provide our FAA overseers with the information they need, we DO NOT want to give them any extraneous information…. This rationale can be no longer than one short sentence.

[….] Your rationale MUST NOT contain any additional information including: probable cause-like information (i.e., proof of your analytic judgment), how you came to your analytic conclusions, any RAGTIME information, classification marking or selector information.

The document goes on to list a variety of “example” rationale sentences, all pretty short and sweet, which basically demonstrate to NSA agents how to remove any pertinent information for oversight, while still giving a “reason” for targeting someone. It’s a lesson in stripping out information and, as the Washington Post notes, replacing it with “generic” info that will pass muster with the folks supposedly in charge of oversight. As an aside, while parts of them are redacted, there are a few “fake” names given, including “Mohammad Badguy” and “Muhammad Fake Name.” No profiling there.

Either way, this once again suggests that the “oversight” going on here is something of a joke. Analysts are directly being told to be careful not to explain very much at all, giving the briefest (“one short sentence, no extraneous information”) basis for getting access to all sorts of information concerning a “target” — which might include a variety of communications and metadata concerning a huge number of people very, very, very loosely connected with that target. It certainly suggests that this idea of “oversight” is pretty laughable. Concoct a one sentence “rationale” that sounds vaguely plausible, and it appears that no one’s going to ask any questions at all.

Filed Under: justification, nsa, nsa surveillance, oversight, targeting, withhold information

Latest NSA Leak: Rules On How They Use Data Without A Warrant

from the wow dept

Glenn Greenwald had promised that there were more incredible leaks concerning the NSA to come, and here’s the first big one. Greenwald has revealed the NSA’s rules that show the procedures for targeting non-US persons, and also how they “minimize” data collected on US persons when dealing with the “bulk” data records collection they do, such as with all of the data around every phone call made. These are two key parts to the NSA’s insistence that they’re staying within the law and not spying on people in the US. The details here, however, suggest a very different story. The FISA court has signed off on these rules that appear to grant incredibly wide latitude for the NSA to make use of data, rather than really “minimize” its usage. While President Obama and others have insisted that the rules make sure that the NSA really isn’t collecting data on Americans, the reality shows that FISC approved rules let the NSA:

* Keep data that could potentially contain details of US persons for up to five years; * Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; * Preserve “foreign intelligence information” contained within attorney-client communications; * Access the content of communications gathered from “U.S. based machine[s]” or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

The report from Greenwald also reveals that orders he has seen from the FISA court concerning broad data collection do not appear to include details or explanations, other than your basic rubber stamp that FISC says it’s okay.

One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.

But since those procedures have now been leaked, we can see that they’re not very carefully targeted at all. If the NSA doesn’t know where someone is located, it can assume the person is foreign:

In the absence of specific information regarding whether a target is a United States person, a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person.

That part about how the NSA can still keep data on US persons if they believe the data contains “evidence of a crime,” “technical data base information” or “information pertaining to a threat of serious harm to life or property” obviously give the NSA incredible powers to — contrary to what they’ve stated publicly — retain all sorts of info on Americans.

Once we and others have had a chance to dig deeper through these, I’m sure we’ll have more to say, but for now, it appears that, once again, the NSA and its defenders were less than fully forthcoming about how the NSA uses the data it collects and how it makes sure that Americans aren’t targeted.

Filed Under: fisa, fisa court, fisc, foreign persons, minimization, nsa, nsa surveillance, oversight, targeting, us persons, warrants