terrorists – Techdirt (original) (raw)

Apparently Suing Non-Profits That Highlight Terrible Shit On ExTwitter Isn’t Scaring Off More Non-Profits From Reporting On Terrible Shit On ExTwitter

from the gosh-having-a-trust-and-safety-team-sure-would-have-been-handy dept

Last summer Elon Musk sued the Center for Countering Digital Hate (CCDH) over its report about a rise in hate speech on ExTwitter. A few months ago, he sued Media Matters for their report about how ads can appear next to neoNazi content on the site. If he thought those two SLAPP suits would intimidate other groups pointing out the sketchiness of ExTwitter these days, it appears he was mistaken.

As I’ve highlighted in the past I’m not a huge fan of CCDH (or, really, Media Matters), as I think they both tend to exaggerate and remove context. CCDH’s research can be downright shoddy. But that doesn’t mean they should be sued for their speech. Of course, the intent was to scare off researchers from looking too closely at ExTwitter.

It doesn’t appear to be working, as the Tech Transparency Project (TTP — another non-profit I find to be pretty awful, and which falsely calls us a Google shill because Google sponsored a few of our events years ago, even as we regularly call out Google for being awful) has now released a report that highlights that ExTwitter may have violated US anti-terrorism laws in doing business with US-sanctioned entities, in that it found multiple paid for “verified” accounts on ExTwitter associated with terrorist-designated or sanctioned entities.

The accounts identified by TTP include two that apparently belong to the top leaders of Lebanon-based Hezbollah and others belonging to Iranian and Russian state-run media. The fact that X requires users to pay a monthly or annual fee for premium service suggests that X is engaging in financial transactions with these accounts, a potential violation of U.S. sanctions.

A blue checkmark account that bears the name and profile image of Hassan Nasrallah, the secretary-general of Hezbollah, also indicates it is “ID verified,” a service that X offers to premium subscribers as a way to prevent impersonation. X requires users to submit a government-issued ID and a selfie to get verified in this way, though it is unclear if Nasrallah did so. X says these accounts get “prioritized support.”

Two other accounts for U.S.-sanctioned entities, Iran’s Press TV and Russia’s Tinkoff Bank, had gold checkmarks. A gold checkmark indicates the account is a “Verified Organization,” and at the time of TTP’s research, cost $1,000 per month. (X has since introduced a Basic tier that costs 200permonth.)GoldcheckmarkaccountsgetallthebenefitsofX’sPremium+tierplusa200 per month.) Gold checkmark accounts get all the benefits of X’s Premium+ tier plus a 200permonth.)GoldcheckmarkaccountsgetallthebenefitsofX’sPremium+tierplusa1,000 ad credit per month.

Yikes? Yikes!

There isn’t much of a way to twist this one. Even as I have my issues with TTP, this one seems pretty straightforward. It sure looks like ExTwitter conducted financial transactions with sanctioned entities. And, also, kudos to TTP for not being chilled by Musk’s bogus lawsuits against those other orgs.

This is the kind of thing that a functioning trust & safety team prevents. Maybe Elon shouldn’t have fired all of them.

Anyway, ExTwitter tried to defend this by… removing the checkmarks from the individuals (though not the $1000/month media orgs) and trying to insist there was nothing to see here:

If you can’t see that, it says:

X has a robust and secure approach in place for our monetization features, adhering to legal obligations, along with independent screening by our payments providers. Several of the accounts listed in the Tech Transparency Report are not directly named on sanction lists, while some others may have visible account check marks without receiving any services that would be subject to sanctions. Our teams have reviewed the report and will take action if necessary. We’re always committed to ensuring that we maintain a safe, secure and compliant platform.

Yeah, but if they weren’t named on sanction lists, why did you now suddenly take away their checks after they were called out? TTP also pointed out in response that it’s not at all clear what the claim that “some others may have visible account check marks without receiving any services that would be subject to sanctions” even means, given that since nearly a year ago, to get a checkmark, ExTwitter now requires you to purchase a subscription, which would be a transaction that is likely barred by the sanctions. TTP also points out that some of the orgs are clearly listed as sanctioned by OFAC.

I mean, all of this could have been avoided, as tons of experts had suggested early on, if Elon didn’t mix up verification (which means a specific thing) with premium subscriptions, which are very different. But, of course, Elon didn’t bother listening to any experts. Instead he fired them.

There’s a separate issue in all of this as well. As you may recall, just a year ago, the Supreme Court heard a case that dated back to pre-Elon Twitter, about claims that Twitter should be held liable under anti-terrorism laws for providing accounts to those associated with terrorists, and filed by the family of a victim of terrorist attacks. As the Supreme Court correctly found last May, this was clearly way too attenuated a connection. The ruling, written by Clarence Thomas is pretty clear why simply having an account isn’t enough to trigger liability.

But… also, it leaves open the possibility that doing more could very much trigger liability under anti-terrorism laws.

Because plaintiffs’ complaint rests so heavily on defendants’ failure to act, their claims might have more purchase if they could identify some independent duty in tort that would have required defendants to remove ISIS’ content. See Woodward, 522 F. 2d, at 97, 100. But plaintiffs identify no duty that would require defendants or other communication-providing services to terminate customers after discovering that the customers were using the service for illicit ends. See Doe, 347 F. 3d, at 659; People v. Brophy, 49 Cal. App. 2d 15, 33–34 (1942).14 To be sure, there may be situations where some such duty exists, and we need not resolve the issue today.

It seems pretty easy to read that paragraph to read the laws against engaging in economic transactions with sanctioned entities as triggering just that sort of duty…

You see, sometimes, trust & safety isn’t just about stopping idiots from harassing people on your site. Sometimes it’s there to help you avoid violating laws about aiding terrorists.

Filed Under: iran, ofac, russia, sanctions, terrorists, verified accounts
Companies: tech transparency project, twitter, x

from the these-things-might-be-connected dept

Everything is bigger in Texas, even the act of unconstitutional spitting on the 1st Amendment. We’ve already talked about the blatantly unconstitutional bill, HB20, that picks up where Florida’s already-declared-unconstitutional bill leaves off, and makes it even worse. Well, that bill was voted on Friday and Texas Republicans approved it by a vote of 76 to 44.

But, as Adam Kovacevich noted on Twitter, some Democratic legislators wanted to make sure that the Republicans supporting such a gross infringement of the 1st Amendment were on the record for what they supported. So they introduced amendments to carve out the “must carry” rules for Holocaust denialism, terrorist content, and vaccine disinformation. And Republicans made sure to reject all three amendments, thereby explicitly admitting that with their bill they want to make sure that websites are forced to carry vaccine disinformation, terrorist content, and Holocaust denialism.

Now, to be clear, all three of those things are (mostly) protected under the 1st Amendment. But so is the right for a website to remove them and not be associated with them. Anyway, 73 Texas legislators said that websites should not be able to takedown “vaccine misinformation.” Literally, that’s what they voted against:

And, reading the amendment on terrorist content, it appears that no website will be allowed to remove ISIS-promoting content any more, which is an interesting choice by Texas Republicans.

And then there’s the Holocaust denialism bit. Social media sites will have to include it as well. I’m kind of surprised that the legislators introducing this amendment didn’t also do one explicitly about “critical race theory.” Now that really would have tested things. After all, this very same Texas legislature that, earlier this year, passed an equally unconstitutional bill that says teachers in Texas can’t openly talk about America’s racist past.

And, I guess that is at least consistent. You must post stuff denying the holocaust, but suggesting that there is systemic bigotry? Well, that’s beyond the pale.

Filed Under: 1st amendment, content moderation, critical race theory, free speech, hb20, holocaust denial, racism, social media, terrorists, texas

European Law Enforcement Officials Upset Facebook Is Warning Users Their Devices May Have Been Hacked

from the screw-the-little-people,-we've-got-bad-guys-to-hack dept

Oh boy. Facebook has just added fuel to the anti-encryption fire. And by doing nothing more than something it should be doing: notifying users that their device may have been compromised by malware.

The Wall Street Journal article covering this standard notification is full of quotes from government officials who aren’t happy a suspected terrorist was informed his phone had possibly been infected by targeted malware. [Non-paywalled version here.]

A team of European law-enforcement officials was hot on the trail of a potential terror plot in October, fearing an attack during Christmas season, when their keyhole into a suspect’s phone went dark.

WhatsApp, Facebook Inc. ’s popular messaging tool, had just notified about 1,400 users—among them the suspected terrorist—that their phones had been hacked by an “advanced cyber actor.” An elite surveillance team was using spyware from NSO Group, an Israeli company, to track the suspect, according to a law-enforcement official overseeing the investigation.

Facebook is no fan of NSO Group. In fact, very few people are fans of NSO Group, other than their customers, which have included UN-blacklisted countries and a number of governments that rank pretty high on the Most Human Rights Violated charts. Facebook sued NSO back in November, making very questionable allegations about CFAA violations. Facebook’s servers were never targeted by NSO’s malware. Only end users were, which makes it pretty difficult for Facebook to claim it has been personally (so to speak) injured by NSO’s actions.

Back to the matter at hand, Facebook didn’t just warn suspected terrorists about detected malware.

WhatsApp’s Oct. 29 message to users warned journalists, activists and government officials that their phones had been compromised, Facebook said. But it also had the unintended consequence of potentially jeopardizing multiple national-security investigations in Western Europe about which Facebook hadn’t been alerted—and about which government agencies can’t formally complain, given their secret nature.

Would these government officials rather have not been warned about threats? Were any of these government officials receiving warnings the same ones now complaining the warning allowed a terrorism suspect to vanish? Maybe so. The one quoted in the article seems very short-sighted.

On the day WhatsApp sent its alert, the official overseeing the terror investigation in Western Europe said, he was stuck in traffic on his way to work when a call came in from Israel. “Have you seen the news? We’ve got a problem,” he said he was told. WhatsApp was notifying suspects whom his team was tracking that their phones had been hacked. “No, that can’t be right. Why would they do that?” the official said he asked his contact, thinking it a joke.

“Why would they do that” indeed. Maybe to protect their users from cybercriminals and state-sponsored hackers. It’s not about allowing suspected criminals to dodge law enforcement, even though it will undoubtedly have that effect. It’s about keeping users and their communications protected — users that include journalists, activists, and government officials.

This response indicates the investigators pursuing the suspected terrorist would rather hundreds of innocent people be harmed than someone suspected of terrorism go free. But it really doesn’t matter what unnamed officials think about Facebook’s “you may have been compromised” notifications or the harm these might do to ongoing investigations. Facebook’s voluntary warnings will soon be mandatory in Europe. By the end of 2020, all service providers and telcos will be obligated to warn customers of security threats.

That fact — and the apparent willingness to allow innocent people to be victimized by targeted attacks — makes the article’s closing statement all the more ridiculous.

Gilles de Kerchove, the European Union’s counterterrorism coordinator, says encryption shouldn’t allow criminals to be “less accountable online than in real life.”

I have no idea what that means. I know what the official thinks it’s supposed to mean — that “online” is bad because sometimes criminals get away — but even that interpretation doesn’t make sense. Criminals discover their phones have been tapped and stop using those lines. Criminals talk to each other in person to avoid creating records of conversations. Criminals get tips from other criminals they’re under surveillance. This stuff just happens. Investigations don’t always run smoothly.

A standard warning about possibly-compromised devices and services is just good business — something that protects everyone who uses the service, not just the people governments think are OK to protect. These warnings are essential and they benefit everyone, not just the people governments want to lock up.

Filed Under: disclosure, europe, hacking, law enforcement, malware, terrorists
Companies: facebook, nso group, whatsapp

from the twelve-straight-losses-to-open-the-season dept

According to Eric Goldman’s count (and he would know), this is the 12th ridiculous “blame Twitter for terrorism” lawsuit to be tossed by a federal court. The dubious legal theory — one so dubious it has yet to find any judicial takers — is that Twitter and other social media platforms “allow” terrorists to converse and radicalize and do other terrorist things. What no one has successfully alleged is that Twitter, Facebook, etc. are directly or indirectly responsible for terrorist attacks.

This lawsuit was one of the dumbest. The brain geniuses at Excolo Law convinced a client this would be a winning strategy: claim the shooting of some cops by a shooter in Dallas was Twitter’s fault because possibly the shooter thought terrorist group Hamas was pretty cool. 96 pages of lawsuit and this was the tenuous allegation plaintiffs Jesus Retana and Andrew Moss thought might finally prove social media companies are providing material support to terrorists.

Micah Johnson was radicalized by HAMAS’ use of social media. This was the stated goal of HAMAS. Johnson then carried out the deadly attacks in Dallas. Conducting terrorist acts in the United States via radicalized individuals is a stated goal of HAMAS.

Not only did the lawsuit fail to include anything linking Twitter to the killing of Dallas police officers, it failed to include anything linking the shooter to Hamas. That didn’t stop Excolo Law from claiming that the only thing propelling the shooter to start killing Dallas police officers was Hamas’ social media presence, aided and abetted by Twitter.

As Goldman points out, the court “expressly does not reach the Section 230 defense.” That’s not because it’s not a good defense. It’s because the lawsuit — and the law firm shoveling as many of these into federal courts as possible — is so awful.

The court opens its dismissal [PDF] by noting the string of courtroom failures Excolo Law (and 1-800-LAW-FIRM) doesn’t seem to be interested in discussing when pursuing another lost cause in a federal court.

This case is the latest in a string of lawsuits that Plaintiffs’ lawyers have brought in an attempt to hold social media platforms responsible for tragic shootings and attacks across this country—by alleging that the platforms enabled international terrorist organizations to radicalize the attacks’ perpetrators. In fact, Plaintiffs’ lawyers brought a suit in the Northern District of California, Pennie v. Twitter, Inc., 281 F. Supp. 3d 874 (N.D. Cal. 2017), concerning the same Dallas shooting this Court is confronted with here, albeit with different plaintiffs. The court in that case dismissed the claims with prejudice, finding that there was no connection between the shooting and Hamas, the terrorist organization at issue. Id. at 892. Yet, Plaintiffs’ counsel made no mention of that case in their briefing; counsel discussed the case only after the Court questioned about it at oral argument.

The court then notes it can do its own research if the law firm isn’t willing to discuss past work that hews super-closely to the case at hand. GTFO, says the Texas federal court.

The Court dismisses this lawsuit with prejudice. Although the complaint here alleges additional facts not found in Pennie, the complaint nonetheless suffers from many of the same deficiencies discussed in Pennie. Plaintiffs here have not and after multiple attempts, clearly cannot connect Hamas to the Dallas shooting.

Need more? No link between the cop killer and Hamas:

Simply put, the SAC does not allege any facts that show that Hamas radicalized Johnson to commit the Dallas attack, not to mention by using Defendants’ websites. Plaintiffs’ injuries,therefore, were not “by reason of” Hamas, or Defendants’ alleged support of Hamas.

No link between the claimed violation of the ATA (Anti-Terrorism Act) and the Dallas shooting, either:

Plaintiffs’ secondary liability claims fail for an additional, yet similar, reason: Plaintiffs do not allege that the Dallas shooting was an act of international terrorism.

[…]

[T]he SAC is devoid of allegations connecting Hamas to the shooting, even after it occurred. There is no transnational component to Johnson’s planning and execution of the shooting. Instead, this tragic shooting appears to be an act of domestic terrorism.

The case is dismissed with prejudice, continuing Excolo Law’s losing streak. This obviously won’t keep the firm from trying again, not as long as it can convince victims of violence they have a shot at extracting a large settlement from social media companies. Sure, it hasn’t worked yet. But that can only mean Excolo, et al are due for a win! Right?

Filed Under: andrew moss, intermediary liability, jesus retana, material support, section 230, social media, terrorists
Companies: 1-800-lawfirm, excolo law, twitter

When In Doubt, Blame Terrorists: Patent Attorney Claims Terrorists Are Infringing And Killing Jobs

from the oh-really-now? dept

For many years now we’ve had fun pointing out the ridiculous claims of the legacy copyright industry execs insisting that copyright infringement funds terrorism. Of course, the evidence for this was seriously lacking. Back in 2011 there was an incredibly detailed, evidence-rich debunking of the claim by Joe Karaganis, showing basically no connection between terrorism and infringement.

But, alas, it’s a topic that never seems to go away. And now it appears that a design patent lawyer has updated the talking points to now claim that terrorists are infringing on design patents to fund their terroristic activity. First, as a quick refresher: when we talk about patents, we’re usually talking about utility patents, which are a monopoly for a new invention or process. Design patents, on the other hand, are really more akin to trademarks, in that they grant a monopoly on the look of something. The idea that ISIS is out there infringing on, say, the look of someone’s fancy belt buckle or a new planter is just sort of ludicrous on its face. But it certainly didn’t stop big shot patent lawyer Robert Katz from making the claim at a recent event held by the US Patent and Trademark Office (who, really, should know better).

The event was the USPTO’s “Design Day” held a few weeks ago, in which there were a series of discussions on design patents and such. If you go to the Livestream of the event, about an hour in Katz starts out by playing up how crafty infringers are getting, saying that they’re getting smarter about how they avoid getting caught:

This is followed up by the other favorite concept that the copyright folks loved to use for years: totally and completely bogus numbers about losses of money and jobs. Notice, first that the “losses” in money lumps in all kinds of infringement, and almost certainly counts every infringement as a lost sale, even though that’s clearly not the case. And job loss reports like this have been debunked so many times that it’s almost embarrassing that anyone still uses those claims.

Katz goes one better in talking about how “dangerous” products were introduced into the market, he gets to claim that knockoff makeup products were causing people to break out in rashes because they had “feces” in them. Indeed, there was just a seizure by the LAPD of some supposedly counterfeit makeup products, and the whole “feces” claim made a bunch of headlines (though, it’s odd that half the stories call it “animal waste” and the other half call it “human feces.”) There don’t seem to be many details beyond a tweet from the LAPD — an organization never known for exaggerating anything or making statements that are inaccurate.

He also claims that sex traffickers are using infringement to fund their efforts (I thought they were using the trafficking to fund it, but… who knows?) But that’s just the lead in to the really nutty claim. It all comes back to… TERRORISM!

If you can’t see that, the slide notes that infringers are “tied to terrorism” and he provides three “real life examples.” From the slide:

* Charlie Hebdo shootings: There’s a direct link between counterfeits and terrorism… “The sale of counterfeit goods went into buying these guns.” * 2004 Madrid train bombings: Terrorists sold counterfeit CDs to support their activities. * 1993 World Trade Center bombing: Terrorists raising money by selling counterfeit goods.

Let’s leave aside that if this is such a big deal, why do we need to go back a quarter of a century to find three examples (and almost 15 years just to find a second example). Even the supposedly recent claim of the Charlie Hebdo attacks being a “direct” result of counterfeit sales is pretty suspect. You can find lots of headlines claiming this, but when you dig deep into the examples, no one provides any evidence. It’s often cited by a trade group advocating for cracking down on counterfeits. After reading through many, many reports, the earliest reporting I can find on the claims about the Charlie Hebdo attackers relying on counterfeits comes from the LA Times story about intelligence lapses that allowed the attackers to go unnoticed. It mentions, in passing, that after getting out of jail for an earlier run-in with the law over possible terrorism, one of the attackers “seemed to be moving into less sinister pursuits, reportedly including trafficking in counterfeit clothing and shoes.”

That report also suggests that this counterfeiting activity had basically nothing to do with buying the weapons for the Charlie Hebdo attack. Instead, you get:

U.S. intelligence officials have confirmed that at least one of the brothers traveled to Yemen in summer 2011, received training from Al Qaeda in the Arabian Peninsula and returned with about $20,000 in cash provided by the terrorist group. News reports have indicated that both brothers may have ventured to Yemen.

Right. So, which is it. One of the attackers selling some counterfeit shoes… or getting trained by Al Qaeda and being handed $20,000. I think the latter seems just a bit more likely.

But not to design patent lawyers like Katz. He concludes this slide by saying with a totally straight face:

“It’s not like it’s something where people just got a little too close. **Most of the time, when people are using design patents, it’s to stop activities like this.**”

Whaaaaaaaaaaaat? Most of the time that people are using design patents, it’s to stop terrorist attacks like this? What the hell is Katz saying?

No one is saying that counterfeiting of whatever things that are covered by design patents is okay — though reports by both the GAO and the OECD have shown that claims of losses due to counterfeiting are highly exaggerated, and that in many cases there’s little to no real harm, as buyers know they’re buying counterfeit products, and it’s an aspirational purchase (i.e., they can’t afford the authentic version). Other reports have shown that those who buy counterfeits often by the real version when they can afford it.

But, nope. According to Katz, “most of the time” design patents need to be used to stop terrorists such as those involved in the Charlie Hebdo shootings (never mind the cash from Al Qaeda).

I don’t know if people like Katz think the points he’s spewing are accurate. He might. But if that’s true, it just goes to show how silly confirmation bias can become. Design patents aren’t protecting anyone against terrorism, let alone “most of the time.” Saying things like that don’t show how important design patents are. They show how silly people get when they get all wrapped up in artificial monopolies.

Filed Under: charlie hebdo, design day, design patents, infringement, patents, robert katz, terrorists, uspto

Known Terrorists Under Witness Protection Roaming The Country Pretty Much Unattended

from the natsec-above-all-else,-except-when-it-comes-to-paperwork dept

The FBI loves its counterterrorism work. Loves it so much, it’s pretty much abandoned all pretense of being a law enforcement agency. It acts as though it’s somewhere between the NSA and the ATF: interested mostly in picking through surveillance dragnets and running sting operations that turn people who have trouble with basic skills like holding down jobs into national security threats.

But it can’t score anti-terrorism goals on unguarded nets without a crew of informants. It works with immigration authorities to coerce visiting foreigners into providing the agency with intel. It goes further than that, though. It also operates a witness protection program for informants/witnesses actually involved in actual terrorist activity.

Considering the danger inherent to letting these informants run on a long leash, you’d think the FBI would keep close tabs on some of its more dangerous helpers. But that isn’t the case. The DOJ’s Inspector General has released a heavily-redacted report [PDF] on the government’s use of known suspected terrorists (KSTs) as temporary allies in the greater War on Terrorism. These are handled by the US Marshals Service, with the FBI acting as an intermediary. More government agencies are involved as well — or at least should be. But one of the many problems the OIG found was a lack of communication.

We found several deficiencies in the process OEO [the DOJ’s Office of Enforcement Operations] followed in analyzing these case files and in sharing information with the FBI. Specifically, we believe, and the FBI agrees, that OEO should have shared the information with national security stakeholders for all [redacted] individuals identified by the USMS, rather than conducting its own secondary review. If OEO had passed along all of the case file information that the USMS identified from its case file review, the FBI’s counterterrorism experts – not just OEO – would have had the opportunity to evaluate whether any of the [redacted] individuals were KSTs. Under the process used, that did not happen for a majority of the individuals. We also found that neither OEO nor the FBI was able to provide evidence of a consistent application of the criteria each used for its reviews, and both lacked adequate support for their respective determinations.

In addition, OEO’s sharing of information with the FBI was often marked by delay and the FBI’s assessments of that information were inadequately documented. Of particular concern, we found that although the USMS began identifying to OEO individuals it believed had a potential nexus to terrorism in November 2013, OEO did not begin sending that information to the FBI for possible watchlisting until March 2014, and we found delays of weeks or months in OEO’s handling of many of the individuals the USMS identified in late 2013 and early 2014.

This lack of info sharing combined with the agencies’ inadequate documentation to create some horrifying problems. Known suspected terrorists were allowed to board planes on multiple occasions. Some continued to commit criminal acts. And in some cases, no one had any clue where their KST informants had vanished to.

As of November 2016, counting those KSTs identified during our May 2013 report, the FBI, OEO, and USMS have identified [redacted] KSTs who were previously admitted into the WITSEC Program. As of November 2016, the FBI had located [redacted] of these [redacted] KSTs, and were in the process of verifying the location of the remaining [redacted] individuals.

In one case, two KSTs were already watchlisted by the National Joint Terrorism Task Force. Nonetheless, they continued to engage in criminal activities for five months before they were arrested. They weren’t the only ones. Other KSTs engaged in criminal activity without being terminated from the WITSEC program.

[D]espite four termination requests in 9 months from the USMS, OEO delayed the termination of a WITSEC Program participant who had allegedly sexually assaulted five individuals in an 8 year period, including three minors.

Other WITSEC participants used the system’s lack of oversight and flawed interagency communications to their own advantage. One KST used both his real identity, along with the new one provided to him in the WITSEC program, to game the system. Once terminated from the program, the KST was asked to return the new-name documents. Apparently, he never did. And no one followed up until the OIG got involved

By retaining these documents, KST 70 was able to use both identities for years. For example, KST 70 was receiving [redacted] benefits in KST 70’s new name while receiving [redacted] retirement benefits in KST 70’s true name. […] We also found that KST 70 was able to use KST 70’s new name, including a [redacted] driver’s license. In fact, KST 70 checked into a hotel the night before the [redacted] with that [redacted] driver’s license. We find it very concerning that KST 70 was allowed to use both identities for so long.

The OIG has a long list of recommendations to fix the ongoing KST/WITSEC issues. Unfortunately, you won’t be reading them. They’re 100% redacted. But we can assume it means a lot of changes in a system of utmost importance — as is the case with anything national security-related — that’s treated like an afterthought by its many participants.

Filed Under: fbi, informants, terrorists, witness protection

Trump's Latest Nonsensical Announcement About Censoring The Internet

from the want-to-try-that-again? dept

While many of President Trump’s strongest supporters still insist that he’s “bringing free speech back,” the truth is that Trump has been advocating for censoring the internet since very early in his campaign for the Presidency. Of course, his position on this has never been entirely coherent — and he sometimes swings wildly around with his emotional ideas of what he likes, often with little basis into legal, political or technical realities. His latest is a bit like that as well. In a speech in Reno he suddenly burst out with a barely comprehensible policy position on keeping ISIS off the internet:

“I will tell you, we are going to start working very hard on the Internet because they are using the Internet at a level that they should not be allowed to use the Internet,” Trump said during a bill-signing event with the American Legion in Reno, Nev. “They’re recruiting from the Internet and we are going to work under my administration very hard so that doesn’t happen.”

Now, it’s one thing to argue for working on ways to disrupt ISIS recruitment online. I’m all for doing counter-programing, education and the like around that. But that’s a far cry from “they should not be allowed to use the internet.” That statement packs quite a wallop. And it’s easy to chalk it up to “Trump being Trump” and saying things without understanding the impact of what he’s saying (and without him really understanding the details behind these issues), but considering the attacks on free speech and on the ability to use the internet these days, we should be pretty vigilant about this stuff. And, somewhat ironically, you’d think that some of Trump’s most vocal supporters would be against him on this. After all, they’re the ones who keep getting kicked off various online platforms and complaining about how that shouldn’t be allowed. But if Trump actually comes up with a plan that says ISIS people can’t use the internet, that’s a clear recipe for excluding anyone you dislike from using the internet at all.

And, of course, all of this is a lot more complicated than people seem to think. Just in the last week, we’ve had two separate stories showing how YouTube’s attempts to stop terrorists and Nazis from using its platforms, both backfired badly — with the company actually taking down people calling out terrorists and Nazis.

There’s a larger point here beyond our President being unwilling or unable to deal with the nuances of his proclamations on who should and shouldn’t be able to use the internet: and it’s that these things are a slippery slope that involve a lot of tricky problems and many, many serious unintended consequences, even when done with care and thoughtfulness. Rushing into internet censorship because “terrorists bad” is going to be a hell of a lot more destructive to the free speech and free association rights of the public than it would be for actual ISIS members.

Filed Under: censorship, donald trump, free speech, internet, isis, terrorists

Appeals Court Says Government Doesn't Have To Disclose Contents Of Its Secret Terrorist Organization List

from the terrorist-farm-teams-or-something dept

An attempt to force the government to reveal its secret list of terrorist groups has been shot down by the Seventh Circuit Court of Appeals [PDF]. The Heartland Alliance Immigrant Justice Center’s FOIA request for “Tier III” terrorist groups can remain unfulfilled. [h/t Brad Heath]

Without giving too much away (and neither the court nor the government does), “Tier III” is apparently more nebulous and fluid than tiers I and II.

Tier I and Tier II organizations are publicly identified terrorist groups such as ISIS and al?Qaeda. Tier III organizations are defined in 8 U.S.C. § 1182(a)(3)(B)(vi)(III) as any group of two or more people that engages in terrorist activity (as defined in 8 U.S.C. § 1182(a)(3)(B)(iv)), even if their terrorist activity is conducted exclusively against regimes that are enemies of the United States. Tier III organizations tend to have a lower profile than Tier I’s or Tier II’s, not only because the government does not publish their names but also because they tend to be groups about which the U.S. government does not have good intelligence, making it essential that the Department be able to obtain information about them during screening interviews that are as focused and complete as possible.

The government withheld this info under FOIA 7(E), which covers “techniques and procedures for law enforcement investigations or prosecutions.” As the government argued, divulging these “groups” of two or more possible terrorists would likely allow screened immigrants to hide their involvement in these groups.

[A]s explained in the government’s brief, “an alien who becomes aware that a particular organi?zation has been found to fall within the definition of a Tier III organization will have a very strong incentive to falsify or misrepresent any and all encounters, activities, or associations that he or she may have had with that organization.” If the alien doesn’t know that a terrorist organization that he has belonged to, been affiliated with, or maybe simply has provided supplies or money to, has been identified by our government as a terrorist organization, he is likely to be less guarded in answering questions about his activities in or associations with the organization. But if he knows that the organization he belonged to or was associated with is deemed a terrorist organization, he is likely to deny having ever had any connection to it or even having ever heard of it.

The Justice Center pointed out that the government’s fear of slippery foreigners might be overstated. After all, members of terrorist groups — whether publicly acknowledged by the government or not — would be just as likely to lie about their affiliation even if privy to the contents of the Tier III list.

The Appeals Court doesn’t think much of the Justice Center’s counterargument, positing that any interrogation predicated on the Center’s assumptions would be a “dumb interrogation.” In the eyes of the court, the government’s secrets allow it to more gracefully handle questionings, allowing it to tease out affiliations detainees would otherwise be unwilling to disclose.

The court isn’t much kinder to the Justice Center’s speculations about the contents of the Tier III list.

We learn in the Center’s reply brief that its primary concern is not with names but with the Tier III category itself, for it says for example that “the designation of Tier III organizations is often doubtful.” It hopes that if it can obtain the names of all the organizations—its goal in this litigation—it will be able to discredit some or perhaps many of them. Deeply distrustful of the U.S. government, by the tone and content of its briefs the Center signals its disbelief that the government has secrets worth keeping from asylum seekers and their helpers (such as the Center), but it does not explain what the government would gain by pretending that harmless organizations are actually terrorist groups.

The court does give the government a bit more credit than it deserves. It’s not so much that the government would try to gain something by designating harmless groups as terrorist organizations. It’s that government agencies have shown a willingness in the past to designate political groups they don’t like as enemies or criminals, subjecting them to unlawful surveillance and other rights violations.

The concurring opinion raises another concern — one that the court finds bolsters the government’s secrecy assertions, but one that could also be read as a call for more scrutiny of this particular list.

At oral argument, the government noted plausible foreign relations grounds for the government withholding this information under other FOIA exemptions. Specifically, it noted that U.S. government relations with Tier III organizations might change on short notice, and that revealing certain Tier III organizations might have foreign policy ramifications. What one day might be an allied Christian militia fighting against the Islamic State (ISIS) might the next day be our nation’s enemy, and while not rising to the level of a Tier I or II organization, might fall under Tier III. All of this suggests that the government has, in our nation’s FOIA law, adequate alternative claims for exemption that it chose to avoid, so there is no need to broadly construe 7(E).

The unasked question is this: if alliances shift, does the government immediately release detainees affiliated with groups the government has arbitrarily decided are now the nation’s allies? Or do they just sit around forgotten in detention centers while the government moves organization names on and off the list? Who knows. The opinion suggests this is a problem for Congress to solve — either by scaling back the scope of the FOIA exemption or by actually using its oversight powers to periodically review the Tier III list.

Filed Under: doj, foia, terrorists, tier iii, watch list

Donald Trump Says He'll Turn Off The Internet For Terrorists

from the uh,-how? dept

This isn’t the first time he’s said this, but on Monday, Presidential candidate Donald Trump once again insisted that part of his plan to “Make America Great Again” is to stop bad people from using the internet:

My Administration will aggressively pursue joint and coalition military operations to crush and destroy ISIS, international cooperation to cutoff their funding, expanded intelligence sharing, and cyberwarfare to disrupt and disable their propaganda and recruiting. We cannot allow the internet to be used as a recruiting tool, and for other purposes, by our enemy ? we must shut down their access to this form of communication, and we must do so immediately.

Almost no one covered this because everyone was focused on other stuff in the speech about his new “tests” for letting foreigners into the country. But this still remains a pretty big concern, in part because of just how technically clueless this is. Sure, we’ve seen some others suggest similarly dumb ideas, but no one seems to bother to think through how this might be done and what a mess it would create.

There’s no way you can “disrupt” or block them from using the internet without also cutting off millions of innocent people — many of whom almost certainly rely on the internet for all sorts of important things. And, on top of that, any solution would be of only limited effectiveness in the long run anyway. There are increasingly new ways and new paths to get online — whether through wireless mesh networks or, eventually, from things like drones and satellites. Thinking that you can magically take an entire group of people off the internet is profoundly silly.

At the same time, as we’ve noted, the most ridiculous part in this idea that we should kick terrorists off the internet is the fact that the intelligence community has said that tracking what they’re saying online has been tremendously beneficial in tracking terrorists, their views and their plans. Why would you want to cut off such a source of intelligence gathering?

The whole thing, like so much of this Presidential campaign, seems to be yet another example of a candidate saying what people want to hear with little to no thought about what it actually means, whether it would do any good or how to implement the plan.

Filed Under: donald trump, free speech, internet, isis, open internet, terrorists

Another Terrorist Watchlist Leaks, This One Compiled By Thomson Reuters

from the and-by-their-lists-you-shall-know-them dept

Another terrorism-related database has leaked — this one produced by an entity best known for its news agency. Security researcher Chris Vickery first unveiled it on Reddit.

A few years ago, Thomson Reuters purchased a company for $530 million. Part of this deal included a global database of “heightened-risk individuals” called World-Check that Thomson Reuters maintains to this day. According to Vice.com, World-Check is used by over 300 government and intelligence agencies, 49 of the 50 biggest banks, and 9 of the top 10 global law firms. The current-day version of the database contains, among other categories, a blacklist of 93,000 individuals suspected of having ties to terrorism.

I have obtained a copy of the World-Check database from mid-2014.

No hacking was involved in my acquisition of this data. I would call it more of a leak than anything, although not directly from Thomson Reuters. The exact details behind that can be shared at a later time.

Thomson Reuters’ “global screening solution” pulls from hundreds of other databases, including sanctions lists, law enforcement lists, and compiled data from regulatory agencies. The collection doesn’t cause too many problems in the United States, but as Joseph Cox of Motherboard points out, it’s a bit more a problem when deployed in Europe.

Although World-Check is based on public information, European privacy laws impose strong restrictions on the collection, storage, and publication of information about individuals. For that reason, the database can only be used for screening purposes by customers vetted by Thomson Reuters.

The end result of all this data is a blacklist of 93,000 individuals with suspected ties to terrorism. Like other terrorism-related databases, the Thomson Reuters list also draws some interesting conclusions about certain organizations.

However, World-Check can sometimes flag those not involved in crime. As VICE News previously found, the database has listed major charities, activists, and mainstream religious institutions under the label of “terrorism.” Those include the Council on American-Islamic Relations’ (CAIR) executive director Nihad Awad; Liberal Democrat politician Maajid Nawaz, who founded the counter-extremism organisation Quilliam, and former World Bank and Bank of England advisor Mohamed Iqbal Asaria. None of these people have ever faced terrorism charges, VICE News adds.

Thomson Reuters has now closed the leak — which, according to a statement released to Motherboard, appears to have originated outside of the company, possibly by one its contractors.

After the publication of this article, a spokesperson from Thomson Reuters wrote in an email that the company had contacted the third party responsible for the leak and that they had taken down the information. “We have also spoken to the third party to ensure there will be no repetition of this unacceptable incident,” the spokesperson added.

It also spoke to Vickery, raising the somewhat dubious defense that everyone else is doing it, why not us?

One important point that they would like to highlight (and something I’ll agree with): Thomson Reuters is not the only company gathering this kind of data and putting together this type of database. They may be a leader in the industry, but it’s not fair to vilify them as if they were the only company in the market.

That statement of collective guilt doesn’t do much to answer Vickery’s question raised during deliberations about leaking the list publicly:

At the very least, this should jump-start a little online conversation regarding the appropriateness of having private entities maintain lists utilized by government agencies and banks.

As we’ve seen from other terrorism blacklists, the US government is no better at drawing conclusions or checking its lists for false positives on a regular basis. The fact that Thomson Reuters database pulls from hundreds of sources is probably better than the FBI/DHS method of shrugging people onto terrorist watchlists based on hunches, surnames, or camera ownership. It’s still disturbing that a private entity can control access to various services around the world by selling a watchlist to corporate customers, but there’s no reason to believe this private blacklist is any worse than those compiled by various governments.

Filed Under: leaks, terrorist watch lists, terrorists, watchlists
Companies: thomson reuters