wiretaps – Techdirt (original) (raw)

Wyden: CALEA Hack Proves Dangers Of Government-Mandated Backdoors

from the backdoors-are-bad,-full-stop dept

When Congress passed the Communications Assistance for Law Enforcement Act (CALEA) in 1994, they were assured by then-FBI Director Louis Freeh that the mandated wiretap backdoors posed no security risks. Fast forward to today, following the news of a massive CALEA hack and Senator Ron Wyden is reminding the DOJ of that history, while urging the Attorney General to better protect Americans’ security, in part by no longer demanding backdoors in encryption systems.

Last week, we wrote about the bombshell story of the Chinese hacking group Salt Typhoon apparently having “months or longer” access to the mandated wiretapping system found within our phone system. We noted how this story should put an end to the idea — often pushed by lawmakers and law enforcement — that surely we can put similar “backdoors” into encrypted communications.

Senator Ron Wyden has now sent a letter to the FCC and the DOJ highlighting a bit of the history behind CALEA, the statute that mandated wiretapping of the phone lines. In particular, Wyden points out that cybersecurity professionals warned Congress at the time that CALEA would lead to massive vulnerabilities in our phone system and could put everyone’s communications at risk.

These telecommunications companies are responsible for their lax cybersecurity and their failure to secure their own systems, but the government shares much of the blame. The surveillance systems reportedly hacked were mandated by federal law, through the Communications Assistance for Law Enforcement Act (CALEA). CALEA, which was enacted in 1994 at the urging of the Federal Bureau of Investigations (FBI), forced phone companies to install wiretapping technology into then-emerging digital phone networks. In 2006, acting on a request from the FBI, the Federal Communications Commission (FCC) expanded this backdoor mandate to broadband internet companies.

During the Congressional hearings for CALEA, cybersecurity experts warned that these backdoors would be prime targets for hackers and foreign intelligence services. However, these concerns were dismissed by then-FBI Director Louis J. Freeh, who testified to Congress that experts’ fears of increased vulnerability were “unfounded and misplaced.” Congress, relying on the FBI Director’s assurances that the security risks experts warned about could be addressed, passed the law mandating backdoors. The Department of Justice (DOJ) received $1 billion in today’s dollars to provide industry grants for the development and purchase of new wiretapping technology.

The letter suggests that the DOJ should use this to start pushing back on efforts to backdoor encryption:

DOJ must stop pushing for policies that harm Americans’ privacy and security by championing surveillance backdoors in other communications technologies, like encrypted messaging apps. There is, and has long been, broad consensus among cybersecurity experts that wiretapping capabilities undermine the security of communications technology and create an irresistible target for hackers and spies. Even so, law enforcement officials, including your predecessor, as well as the current and former FBI Directors, have denied this reality, spread disinformation about non-existent secure backdoors, and sought to pressure companies to weaken the security of their products.

The letter also asks the FCC to issue rules regarding security on CALEA wiretaps. The FCC has had the ability to do this for decades, but has mostly chosen to stay out of it:

Chairwoman Rosenworcel, your agency has the authority to require strong cybersecurity defenses in these systems today. The FCC should initiate a rulemaking process to update the CALEA regulations to fully implement the system security requirements in the law. At a minimum, these updated regulations should establish baseline cybersecurity standards for telecommunications carriers, enforced by steep fines; require independent, annual third-party cybersecurity audits; require board-level cybersecurity expertise; and require senior executives annually sign certifications of compliance with the cybersecurity standards.

Overall, this is a good letter. It would be nice if the DOJ, at least, started pushing back on backdooring encryption, rather than (as it has done for years) pushing for such a security disaster.

Filed Under: backdoors, calea, doj, encryption, fcc, ron wyden, salt typhoon, wiretaps

Chinese Access To AT&T/Verizon Wiretap System Shows Why We Cannot Backdoor Encryption

from the backdoors-can-be-opened-by-spies-too dept

Creating surveillance backdoors for law enforcement is just asking for trouble. They inevitably become targets for hackers and foreign adversaries. Case in point: the US just discovered its wiretapping system has been compromised for who knows how long. This should end the encryption backdoor debate once and for all.

The law enforcement world has been pushing for backdoors to encryption for quite some time now, using their preferred term for it: “lawful access.” Whenever experts point out that backdooring encryption breaks the encryption entirely and makes everyone less safe and less secure, you’ll often hear law enforcement say that it’s really no different than wiretapping phones, and note that that hasn’t been a problem.

Leaving aside the fact that it’s not even that much like wiretapping phones, this story should be thrown back in the faces of all of law enforcement folks believing that backdooring “lawful access” into encryption is nothing to worry about. Chinese hackers have apparently had access to the major US wiretapping system “for months or longer.”

A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said.

According to the reporting, the hackers, known as “Salt Typhoon,” a known Chinese state-sponsored hacking effort, were able to breach the networks of telco giants Verizon and AT&T.

The Wall Street Journal says that officials are freaking out about this, saying that the “widespread compromise is considered a potentially catastrophic security breach.”

Here’s the thing: whenever you set up a system that allows law enforcement to spy on private communications, it’s going to become a massive target for all sorts of sophisticated players, from organized crime to nation states. So, this shouldn’t be a huge surprise.

But it should also make it clear why backdoors to encryption should never, ever be considered a rational decision. Supporters say it’s necessary for law enforcement to get access to certain information, but as we keep seeing, law enforcement has more ways than ever to get access to all sorts of information useful for solving crimes.

Putting backdoors into encryption, though, makes us all less safe. It opens up so many private communications to the risk of hackers getting in and accessing them.

And again, for all the times that law enforcement has argued for backdoors to encryption being just like wiretaps, it seems like this paragraph should destroy that argument forever.

The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.

It’s also worth highlighting how this breach was only just discovered and has been in place for months “or longer” (meaning years, I assume). Can we not learn from this, and decide not to make encryption systems vulnerable to such an attack by effectively granting a backdoor that hackers will figure out a way to get into?

On an unrelated note, for all the talk of how TikTok is a “threat from China,” it seems like maybe we should have been more focused on stopping these kinds of actual hacks?

Filed Under: breach, china, encryption, lawful access, security, wiretaps
Companies: at&t, verizon

French Government Says Citizens Should Be Forced To Sacrifice Freedom For Safety Because Crime

from the looking-back-I-saw-a-second-set-of-digital-footprints dept

With every government in Europe pitching their own version of “acceptable” intrusion, it’s hardly surprising France’s government wants in on the action. Amid calls to criminalize end-to-end encryption, to mandate client-side scanning, and to otherwise interfere directly with content moderation efforts, the French government’s latest move is nothing more than the sort of thing we’ve come to expect as politicians edge closer to returning to the heyday of general warrants and autocracy-adjacent power moves.

Because criminal activity and terrorism remain a thing, the French government has decided it’s time to amp up its domestic surveillance programs. Here’s the latest, as reported by Le Monde, via TechRadar.

French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5.

Oh, really? Would this be a wiretap equivalent or just a standard warrant that compels service providers to permit this sort of access to devices owned by their customers?

These questions can’t be answered. Yet. It appears it would go down the regular warrant path though, given its focus on geolocation, which can often be achieved with other devices (cell site simulators) or the results of normal day-to-day business of cell service providers/app creators/search engine providers (cell tower dumps, data brokers, reverse warrants).

But there’s more to it than just the passive tracking via location data. The proposal makes it clear the police should be allowed to engage in active tracking by remotely accessing targets’ devices.

Covering laptops, cars and other connected objects as well as phones, the measure would allow the geolocation of suspects in crimes punishable by at least five years’ jail. Devices could also be remotely activated to record sound and images of people suspected of terror offenses, as well as delinquency and organized crime.

It’s somewhat refreshing to hear a government openly acknowledge it’s not interested in limiting intrusive surveillance to the “worst of the worst” criminal suspects. Proponents aren’t offering up empty defensive phrases referring to child molesters or terrorists as justifications for greater government intrusion. Instead, they’re openly admitting police will use these powers to go after anyone suspected of engaging in an offense that might be punishable by five years in prison.

Adding this caveat doesn’t really change anything:

During a debate on Wednesday, MPs in President Emmanuel Macron’s camp inserted an amendment limiting the use of remote spying to “when justified by the nature and seriousness of the crime” and “for a strictly proportional duration.”

None of that means anything. If a law enforcement officer tells a court the intrusion is justified, it will likely be deemed justified. The law would “limit” constant surveillance to six months (presumably open for renewal with a new court order), but six months of always-on surveillance is six months of always-on government eavesdropping, which can hardly be justified by vague wording about “nature and seriousness.”

On the plus side, there’s a carveout for doctors, journalists, lawyers, judges, and (of course) French Parliament members. These people will apparently never be considered acceptable targets for this intrusive surveillance. But I’m sure when push comes to shove in the investigatory arena, French citizens will soon discover it’s only MPs who are truly exempt for this snooping.

Adding to the idiocy of it all is the statement made by Justice Minister Eric Dupond-Moretti. According to the Minister, there’s nothing Orwellian about constant, highly intrusive surveillance. “We’re far away from the totalitarianism of 1984,” claims Dupond-Moretti. How so? Well, because the ends justify the means.

“People’s lives will be saved” by the law, he added.

Thanks. That’s very reassuring. There’s nothing like a government figure nudging a nation towards totalitarianism telling those being forced towards this end of the governance spectrum that their fears are unfounded. And even if their fears are well-founded, fuck it: we’re gonna solve more crimes so it’s all good.

Filed Under: crime, france, geolocation, remote access, surveillance, wiretaps

New Jersey Supreme Court: If Cops Are Going To Digitally Wiretap A Facebook Account, They Need A Wiretap Order

from the your-analog-analogies-are-only-hurting-your-digital-arguments dept

Gathering evidence has never been easier than it is now. So much is created so easily and so often. And there are so many access points for law enforcement.

Sure, a few outliers (and outright liars [cough] Chris Wray [cough]) may claim everything is “going dark,” but never before in history have there been this many communication options facilitated by this many services. And most of those communications can be accessed without much difficulty, despite the occasional encryption roadblock.

Law enforcement entities are definitely taking advantage of the opportunities created by always-on(line) existences so many of us lead. But they often forget they still have an obligation to respect constitutional protections put in place years before so many of their investigative targets turned their lives into open books.

And that brings us to this case recently decided by the top court in New Jersey. Investigators in that state decided to use a very creative definition of the word “stored” to a constitutional fight. And they’ve lost. (h/t FourthAmendment.com)

In this criminal case, investigators served Facebook with a standard Communications Data Warrant (CDW). In other words, it was a regular search warrant authorizing a search of Facebook’s stored data for information related to suspected criminal activity.

But what the warrant demanded was far from the norm for search warrants. It didn’t ask Facebook to hand over whatever it already had. Instead, it demanded Facebook ride shotgun on the targeted account and turn over any new content created by the user every 15 minutes for the next 30 days.

My friends, that is not a search. That is a wiretap. And a regular warrant cannot possibly justify this sort of ongoing, near-real time intrusion. That’s the ruling [PDF] of the state’s top court, which overturns the appellate court’s inexplicable decision to pretend content retrieved every 15 minutes (which is as fast as Facebook can produce them) have somehow been “stored” long enough to lower constitutional protections against government eavesdropping. It did limit this sort of “search” to a ten-day window, but otherwise decided that future communications were also “stored” communications during this time frame.

The government made the same pitch to the state Supreme Court. It said 15-minute intervals were the same thing as “stored,” that nothing in any statutory text said otherwise, and — on top of all that — claimed being limited to ten-days of eavesdropping using a regular warrant was where the appellate court actually went wrong.

Facebook — and a ton of amici — disagree:

Facebook argues that neither federal nor state statutory law authorizes the use of a search warrant to compel disclosure of the contents of prospective communications. Facebook instead maintains that the challenged searches are governed by the enhanced privacy protections of the wiretap acts.

Facebook also contends that the Appellate Division’s decision contravenes the Federal and State Constitutions, which bar multiple intrusions based on a single warrant. Facebook argues as well that the CDWs are not anticipatory warrants and cannot be justified under the reasonable continuation doctrine.

[…]

Amici all support Facebook’s position. The ACLU emphasizes that “data surveillance” today is “far more invasive” than “wiretaps of old.” As a result, the ACLU urges the Court to apply wiretap-like protections, as does the NJSBA [New Jersey State Bar Association].

Microsoft and Google represent that no other jurisdiction has sought ongoing, prospective surveillance of electronic communications based on a warrant. The companies state that when law enforcement agencies outside of New Jersey have made similar requests, they have presented wiretap orders.

After a detailed discussion of both federal (Stored Communications Act) and state laws, including wiretap provisions built into both sets of electronic surveillance laws, the court puts in plain English the state’s desired outcome: the elimination of wiretap warrants (along with their safeguards and restrictions) entirely so long as the communications being targeted occur online.

Imagine instead an attempt by law enforcement to gain broad access to future electronic communications, including private messages, within 15 minutes, the earliest possible moment they are available, for 30 days — the very situation this case presents. A strict contemporaneity rule adopted before the advent of the Internet would not be a good fit to address that or other situations technology presents today. Nor would such a rule be consistent with the underlying purpose of the wiretap statutes — to protect individual privacy.

In addition, from a practical standpoint, if a strict contemporaneity approach applied, law enforcement today would never need to apply for a wiretap order to obtain future electronic communications from Facebook users’ accounts on an ongoing basis. With either a wiretap order or a CDW, the State today cannot receive information from Facebook any sooner than 15 minutes after a communication has been transmitted. In light of that reality, it would be only natural for law enforcement to apply for a CDW [Communications Data Warrant], which is easier to obtain but has fewer safeguards for individual privacy.

The State’s argument raises yet other, similar concerns. In time, as technology improves, today’s unavoidable 15-minute delay may well get shorter and shorter. The logical extension of the State’s position is that law enforcement could avoid the requirements and protections of the wiretap acts by simply asking Facebook to wait a few minutes, while data is stored, before providing electronic communications on an ongoing, future basis. That cannot be right given the underlying aim of the statutes.

The state’s arguments all fail. The intrusion the state wants the court to bless with a ruling in its favor is even more intrusive than normal wiretaps, in which irrelevant or privileged conversations cannot be legally captured or listened to by investigators. The state Supreme Court isn’t having it.

[N]early contemporaneous access to a wide array of prospective electronic communications, every 15 minutes for a full month into the future, is highly intrusive.

There are no limits to the content the State seeks here. In addition to public posts by Facebook users, the proposed orders encompass private communications of all sorts, including any messages to one’s spouse, cleric, doctor, or lawyer. Yet the CDW orders have no minimization requirements.

In essence, the State seeks the functional equivalent of a wiretap — but without the added safeguards the wiretap acts require.

Nope. Wrong. Not going to happen.

As a result, we find that a warrant based on probable cause is not enough to monitor prospective electronic communications in nearly real time, on an ongoing basis, under the constitution. The principles set forth in Berger and its progeny require the State to make a heightened showing and adhere to the additional safeguards provided in the wiretap acts. Our conclusion is grounded in the privacy protections the State Constitution guarantees.

Down goes the warrant. Up goes the precedent. And none of this should have come as a surprise to law enforcement. If you want to eavesdrop, you need more than a regular warrant. That it’s Facebook, rather than phone companies, being targeted doesn’t change the underlying constitutional equation. The state tried to pull a fast one and Facebook called it out on its bullshit. And everyone in New Jersey is better protected thanks to its refusal to comply with an obviously unlawful order.

Filed Under: 4th amendment, new jersey, police, stored communication, surveillance, warrant, wiretaps
Companies: facebook

California Court Says Wiretap Target Should Have Access To Wiretap Documents

from the seems-fair dept

The EFF — representing former California Highway Patrol officer Miguel Guerrero — has achieved a significant legal victory. The California Appeals Court has given citizens a better shot at demanding law enforcement transparency about intrusive surveillance efforts.

It’s incredibly difficult to unseal documents the government wants to keep hidden, especially when the government raises arguments about preserving the secrecy of law enforcement tactics and techniques. This case deals with one of the hundreds of wiretaps approved by a single county judge in California. Officer Guerrero was one target of surveillance. The government insisted the application, along with information about what communications were intercepted, must remain secret even though Guerrero was never charged with any crime.

Guerrero learned from family members that his phone number was the subject of a wiretap order in 2015. Guerrero, a former law enforcement officer, has no criminal record, and was never arrested or charged with any crime in relation to the wiretap. And, although the law requires that targets of wiretaps receive notice within 90 days of the wiretap’s conclusion, he never received any such notice. He wanted to see the records both to inform the public and to assess whether to bring an action challenging the legality of the wiretap.

Unfortunately for Guerrero, law enforcement’s habitual abuse of a particularly amenable judge somehow didn’t provide enough “good cause” for unsealing the documents. That was the lower court’s determination. The state Appeals Court disagrees. Its ruling [PDF] says the judicial math for compelling disclosure is greatly altered when it’s the target of a wiretap seeking disclosure.

There is significantly less need to safeguard a person’s privacy when the person seeking wiretap materials was the target of that wiretap. The target, in seeking to inspect the wiretap materials, obviously consents to the disclosure being made (to himself or herself), and the inspection does not necessarily disclose private information to a third party. The intercepted conversations typically involve the target as a participant. It is possible that the application and orders could contain private information about others (such as, for example, information obtained from another wiretap needed to show necessity for the target’s wiretap). But this is neither invariably the case nor is it likely that other individuals’ private information would pervade a target’s wiretap documents. Consequently, the privacy concerns underlying Title III and the California wiretap statutes are diminished when the person seeking access is one whose conversations were being recorded.

The government argued the law says wiretap materials “shall be sealed.” The court rejects this limited view of the situation, pointing out that this statutory requirement is meaningless in the context of this request.

The fact that wiretap materials “shall be sealed” in and of itself has no bearing on what standard one must satisfy to access them; it simply means that the materials do not start out as publicly available documents.

Furthermore, the fact that Guerrero isn’t under investigation weighs against any of the government’s secrecy demands.

Here, we observe that the District Attorney has not relied on the existence of an ongoing investigation or grand jury proceeding before the trial court or on appeal. To the contrary, the District Attorney has conceded that there are “no criminal charges pending” against Guerrero. Similarly, the District Attorney has not claimed that there is any sensitive information in the wiretap materials, such as the identity of an informant, or information related to another open investigation, such that disclosure could jeopardize current or future investigations.

The court also says there’s a public interest angle to this, prompted by the Riverside County Court’s unusual amount of wiretap activity.

As noted above, the anomalous number of wiretaps approved by judges in Riverside County in 2014 and 2015 has elicited scrutiny from judges and journalists.

In addition, public confidence in the criminal justice system and the appearance of fairness can be damaged not only by actual impropriety, but the possibility of impropriety as well.

All of these weigh in favor of disclosure and the former officer — along with his EFF representation — has secured that. He’ll get to see documents very few people have seen, even years after being charged and the corresponding investigations closed. This is a win for Guerrero but it possibly extends to others targeted by the “anomalous number” of wiretaps approved by the Riverside County Court — wiretaps even the US DOJ felt possibly violated the law.

Filed Under: california, evidence, miguel guerrero, wiretaps

Wiretap Report Says Courts Are Seeing Fewer Wiretap Requests, Fewer Convictions Linked To Wiretaps

from the sure-it's-cool-to-listen-in-on-convos,-but-it-is-helping-win-a-drug-war? dept

It’s time to shed a tear for federal investigative agencies. The United States Court System has announced wiretap warrants ain’t what they used to be.

Federal and state courts reported a combined 23 percent decrease in authorized wiretaps in 2018, compared with 2017, according to the Judiciary’s 2018 Wiretap report. Convictions in cases involving electronic surveillance also fell sharply.

I’m not sure if this is supposed to be bad news or good news. Should we feel anything about it? Maybe dismay, because law enforcement just isn’t working as well as it used to? Some sort of disappointment that wiretaps aren’t turning into convictions as often as they used to in the past? A general malaise about the sheer number of inscrutable stats that government thrusts at us in an attempt to believe it actually cares about transparency?

Maybe what we should feel is some sort of gratitude the system isn’t being abused quite as frequently. This gratitude shouldn’t be directed towards the court system, which has been a willing enabler of law enforcement abuse. It shouldn’t be directed towards law enforcement, which has repeatedly shown an ability to abuse any system it works with.

No, if there’s anything that’s a positive sign in this report, all gratitude for this needs to go to journalists like Brad Heath, who uncovered abuse of wiretap authorities on a massive scale in his investigation for USA Today.

For years, the DEA ran wiretap warrants through state courts in southern California. A majority of these warrants landed in front of a single judge. The DEA had California courts acting as enablers, allowing agents to bypass restrictions the DOJ places on seeking and deploying wiretaps. Having found an easy source for warrant approval, the DEA went back to the well time and time again, even as other federal law enforcement agencies expressed their concerns about the legality of this tactic.

A single courthouse in California was issuing 250-300 wiretap warrants a year until a new DA took over and put an end to this abuse. Other prolific issuers of wiretap warrants likely started paying a bit more attention when the DEA approached them, given what had been exposed in California. As Heath points out, the number of wiretaps approved in California has dropped 90% since its 2014 peak — the year before Brad Heath and Brett Kelman’s reporting ripped the lid off the DEA’s wiretap warrant mill.

Despite this, California still leads the nation in wiretap warrant approvals. This is due to its proximity to the Mexican border which means most drug trafficking investigations originate there.

Applications in six states (California, New York, Nevada, Pennsylvania, Colorado and New Jersey) accounted for 82 percent of all state wiretap applications. California alone accounted for 24 percent of all applications approved by state judges.

And wiretaps are still primarily for drug warriors:

46 percent of all wiretaps cited narcotics as the most serious offense under investigation, compared with 53 percent in 2017. Conspiracy investigations accounted for 13 percent, and homicide investigations accounted for 4 percent.

In other words, it’s more of the same. What’s supposed to be a last resort for law enforcement — the interception of communications — is still used routinely in the most routine investigations.

This information is useful but it doesn’t do anything to improve government accountability. That’s left up to journalists and FOIA warriors since the police are never going to police themselves.

Filed Under: 4th amendment, wiretaps

Gov't Intercepted Millions Of Conversations In Single Drug Investigation, Netted Zero Convictions

from the Title:-III,-Privacy:-0 dept

The most intrusive of your tax dollars hard at work:

US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation.

The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015.

This detail, contained in the US Courts’ latest wiretap report, shows how much the government can get with a single wiretap order. Using assertions of “training and expertise,” US drug warriors intercepted millions of phone calls, ringing up a $335,000 third-party phone bill in the process.

But hey, the Drug War can’t be won without casting a wide dragnet. Drug conspiracies are vast and far-reaching, often leading law enforcement to bigger fish further down the line. Or so the affidavit assertions say…

But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted.

To recap:

1 wiretap warrant

$335,000 spent

3.3 million communications intercepted

0 convictions

The statutes governing wiretap warrants designate they should only be used when all other, less-intrusive investigative methods have failed. The fact that these 3.3 million communications failed to add up to a single conviction suggests other investigative methods weren’t fully explored before a judge autographed this warrant request. To be fair to the judge, the requesting agency probably wasn’t forthcoming about its previous investigative ventures.

But that’s enough being fair to judges: Marcy Wheeler notes courts approving wiretap orders are even more of a rubberstamp than the FISA court.

The FISC report showed that that court denied in full 8 of 1485 individual US based applications, at a rate of .5%, along with partially denying or modifying a significant number of others.

The Article III report showed that out of 3170 requests, state and federal courts denied just 2 requests.

[…]

That’s a denial rate of .06%.

If there’s good news to be gleaned from this report, it’s that the number of wiretap orders obtained has dropped dramatically over the last year.

A total of 3,168 wiretaps were reported as authorized in 2016, compared with 4,148 the previous year. Of those, 1,551 were authorized by federal judges, compared with 1,403 in 2015. A total of 1,617 wiretaps were authorized by state judges, compared with 2,745 in 2015.

There’s been a slight uptick in federal court approvals, but a dramatic downturn in state court approvals. Most of this drop can likely be linked to 0 being under the direction of a new District Attorney, who has stepped up to curb the wiretap abuses by his predecessor. For several years, the DEA — which should be running its wiretap requests through federal courts — was running its wiretap affidavits past an absentee DA and a very compliant (and efficient) state court judge.

Nearly all of that surveillance was authorized by a single state court judge in Riverside County, who last year signed off on almost five times as many wiretaps as any other judge in the United States. The judge’s orders allowed investigators — usually from the U.S. Drug Enforcement Administration — to intercept more than 2 million conversations involving 44,000 people, federal court records show.

As USA Today’s Brad Heath discovered, state court judge Helios Hernandez was a regular wiretap warrant printing press, which led to the DEA funneling a great deal of its requests through his courtroom.

Officials approved another 607 wiretaps in 2015, according to the figures released by the district attorney’s office. Most were approved in the first half of the year, before [new DA Mike] Hestrin said he installed a “stricter” standard that required every new wiretap application to have a “strong investigatory nexus” to Riverside County.

Taps have dwindled since then. So far this year [2016], Hestrin has approved only 14. In the first two months of last year, his office approved 126.

As Heath’s report notes, this single DA’s office and single state court judge were once responsible for 20% of the nation’s state court-approved wiretaps. This no longer is the case, and the DEA’s recent legal troubles associated with these questionable wiretaps has probably pushed it towards seeking more federal judges’ signatures last year — something it should have been doing all along.

Filed Under: drugs, intercepted calls, phone calls, warrants, wiretaps

More Prosecutors Abusing Their Access And Power To Illegally Eavesdrop On Conversations

from the give-'em-enough-leash dept

Last time we checked in with (former) Brooklyn prosecutor Tara Lenich, she was facing state charges for abusing wiretap warrants to listen in on conversations between a police detective and one of her colleagues. This stemmed from what was termed a “personal entanglement” between her and the detective.

The wiretap warrants couldn’t be obtained without a judge’s signature. Since there was no probable cause for the warrant, no judge would sign them. Lenich had a solution. She just forged the judge’s signature on the warrant. And then she kept forging judges’ signatures, stretching out her illicit surveillance for more than a year, with a faked signature on every 30-day renewal.

Lenich is now facing federal charges. An indictment handed down by DOJ pretty much repeats the allegation of the state charges, detailing Lenich’s long-running, extremely-personal wiretap operation.

As alleged in the indictment, for nearly 16 months between approximately June 2015 and November 2016, Lenich created fraudulent judicial orders as part of her illegal wiretapping scheme. Specifically, she forged the signatures of multiple New York State judges onto the illicitly created judicial orders — orders that purportedly authorized the KCDA to intercept communications occurring over two cellular telephones. Lenich then misappropriated KCDA equipment to intercept, monitor, and record the communications to and from the two cellular telephones. In furtherance of her scheme, Lenich also created fraudulent search warrants, which she then used to unlawfully obtain text messages relating to the two cellular telephones.

Prosecutors have plenty of power and plenty of tools at their disposal. At some point, they’ll be abused. Sometimes the damage is minimal and goes unnoticed. Other times, the abuse is discovered inadvertently. Inevitably, when the discovery is made, it’s always something that’s been happening for months or years, rather than a recent one-off where someone just made a very poor decision.

This time it’s federal prosecutors who may be facing charges for illegal eavesdropping. It’s not just a few prosecutors and a few isolated cases of misconduct. As Justin Glawe reports for The Daily Beast, it’s an entire prosecutors’ office and a whole lot of illegal activity.

A court-appointed investigator has found that the United States Attorney’s Office for Kansas is in possession of hundreds of phone and video recordings of communications between attorneys and their clients, inmates at a privately run prison facility in Leavenworth.

At least 700 attorneys are believed to have been recorded without their knowledge, the investigator’s report submitted to a federal court said. Last week Special Master David Cohen asked to expand his probe to determine whether prosecutors regularly listened to and compiled attorney-client conversations. Already, 227 phone call recordings and at least 30 videos of attorney-client meetings have been discovered in the U.S. Attorney’s Office in Kansas City.

These recordings, captured by Securus equipment and obtained by prosecutors from private prison company CoreCivic, contained privileged conversations between inmates and their legal representatives. The US Attorney’s dirty little eavesdropping secret was exposed when it hauled in a defense lawyer to accuse her of wrongdoing.

Jackie Rokusek told The Daily Beast she was called to the U.S. Attorney’s office in Kansas City last August, where she said she was told by prosecutors that they had video evidence of her providing her client with confidential information about a drug ring case. Rokusek was given a computer and she watched the video, then she says she accidentally clicked on another file. A window opened, and a video showing another attorney meeting with their client at Leavenworth played. Stunned, Rokusek immediately went to the Federal Public Defender’s office in Kansas City and told them what she’d found.

Prosecutors were hoping to push Rokusek towards recusing herself from a case with this supposedly-damning recording. Instead, it showed federal prosecutors had been listening in on discussions between defense attorneys and their clients and possibly using these to stack the prosecution deck.

It’s common knowledge prison phone calls and personal visits are recorded. Signs are posted prominently in prisons informing inmates and visitors of this fact. But just because recordings exist doesn’t mean prosecutors can avail themselves of privileged conversations between lawyers and clients. Everything else is fair game.

But the recordings do exist. Securus and CoreCivic aren’t going to shut off cameras and mics simply because there’s a lawyer involved. And if the recordings exist, sooner or later someone’s going to abuse this access. The only side that has this access is the prosecution. The side with the most power can eavesdrop with the willing assistance of those in the incarceration business. If they’re careful, this abuse could go on indefinitely. If not, they’ll enjoy a good run of slanted prosecutions before the hammer falls.

Filed Under: abuse of power, district attorneys, eavesdropping, forgeries, prison conversations, prosecutors, tara lenich, wiretaps

Gap Between Wiretaps Reported By US Courts And Recipient Service Providers Continues To Grow

from the time-for-some-depressing-Venn-diagrams dept

Albert Gidari of Just Security/Center for Internet and Society has been looking into the US Courts’ wiretap reports for 2014 and 2015. The problem with these reports is that nothing adds up. As he wrote for Just Security last year, there’s a huge discrepancy between the numbers reported by the US Courts Administrative Office and those reported by the service providers complying with the orders.

These numbers should be much closer than they are. If a wiretap is issued by a court, then the recipient service provider should report being served with one wiretap order. But that’s not what has happened. The US Courts AO reported 3,554 federal and state wiretap orders in 2014. Service providers, however, reported receiving 10,712 wiretap orders for that same year.

As Gidari pointed out in 2015 (examining the 2014 wiretap report), there’s not much that explains this discrepancy.

The Wiretap Report says “1,532 extensions were requested and authorized in 2014, a decrease of 28 percent.” So even if half of the carrier reported orders were extended once and then treated as separate orders in the carriers’ transparency reports (the Wiretap Report would treat an extended order a single order), the numbers are still off by more than two­fold.

The same goes for orders that expired after the end of the reporting period. As Gidari notes, anything not counted by the courts the previous year would show up on next year’s report and be negated by the lack of a new order on service providers’ reports.

The 2015 Wiretap Report is no better. And the gap appears to be increasing.

The AO now reports that 4,148 wiretaps were authorized in 2015, a 17% increase over 2014. Twentysix of those authorized wiretaps apparently were never installed, and therefore probably do not appear in provider transparency reports. The four major carriers (AT&T, Sprint, Verizon and T-Mobile) reported a total of 11,633 wiretaps in 2015. Thus, provider numbers reflected an increase in surveillance as well, but only by about 8%. So the three-fold delta from 2014 remains while the actual number of wiretaps reported by providers only increased half as much as the percentage increase reported by the AO. That is hard to explain.

As transparency reports from carriers and service providers become even more detailed, the gap in reporting becomes even harder to explain. It could be that carriers count each wiretap installed as another instance, even if it’s a dozen accounts targeted with a single order. It could be that, but it’s highly unlikely. Facebook — one of the more recent additions to wiretap reporting — states it this way in its transparency report.

Facebook reported that it received 296 wiretap orders that affected 399 user accounts in 2015.

While companies are moving towards greater transparency, the US court system seems to be stuck in the same place. There’s really only one way to explain this gap containing thousands of “missing” wiretap orders: underreporting by the those handing in numbers to the Administrative Office. Considering the huge potential for misuse and abuse, this apparent underreporting isn’t acceptable. The Administrative Office is investigating, but so far has yet to report any results from its digging.

Once again, it seems a reporting process ordered by Congress but left to another agency to enforce (with zero consequences for noncompliance) is resulting in discrepancies between the “official” numbers and those reported by the private sector. It looks and feels just like the FBI’s collection of officer-involved shootings: incomplete, inaccurate, and wholly dependent on government entities self-reporting data they’d rather not make public.

Filed Under: numbers, surveillance, telcos, wiretap report, wiretaps

Brooklyn Prosecutor Forged Judges' Signatures On Wiretap Warrants To Eavesdrop On A 'Love Interest'

from the rules-are-for-other-people dept

The reason there are so many controls and layers of oversight over wiretap warrants is because the potential for abuse is huge. The FBI abused its wiretap authority for years, which resulted in new restrictions for federal wiretap warrants. The DEA has found a way to route around these, but at the expense of its investigations.

At the state level, the vetting doesn’t appear to be as thorough. An insider who knew the weaknesses in the system abused wiretap warrants to perform some very personal surveillance.

A high-ranking prosecutor in the Brooklyn district attorney’s office was arrested this week on charges that she used an illegal wiretap to spy on a police detective and one of her colleagues in what a law-enforcement official described as a love triangle gone wrong.

The prosecutor, Tara Lenich, was taken into custody on Monday and fired after investigators in the district attorney’s office learned over Thanksgiving weekend that she had conducted the illicit surveillance because of “a personal entanglement between her and the detective,” according to the law enforcement official, who spoke on the condition of anonymity because of the delicate nature of the case.

Give the wrong person enough power and they’re sure to abuse it. Lenich forged judges’ signatures repeatedly to extend her very personal wiretap warrant every 30 days. This allowed her to illegally eavesdrop on conversations for nearly a year. She ducked questions about her wiretap by claiming she was working on a sensititive investigation in conjunction with the NYPD Internal Affairs department.

As defense lawyer Wilson A. LaFaurie points out, a system heavily-reliant on signatures raises some questions about the trustworthiness of that system.

“The public should have a tangible fear of this,” Mr. LaFaurie said. If prosecutors were willing to forge a judge’s signature, he said, they could also potentially manipulate evidence for other cases by forging the signatures of witnesses, crime victims or police detectives.

At least in the cases of the judges whose signatures were forged, those can be verified by asking the judges themselves. In some of the hypothetical cases LaFaurie refers to, there may be no one to ask.

The most disheartening part of this mini-debacle is the responses from the district attorney’s office. The spokesman for the office says an internal review of protocols and guidelines is underway, but says nothing about digging through Lenich’s cases for other possible misconduct. The best protocols and procedures may already be in place, but that’s not going to stop someone determined to abuse their power. And there’s no way to confirm they haven’t abused this power in the past if you’re not willing to examine their body of work.

Lenich’s lawyer’s statement is even worse, although it can be partially forgiven as he’s not acting as an agent of the state.

Gary Farrell, Ms. Lenich’s lawyer, said he did not believe there was “any merit to the claims that these charges somehow impugn wiretaps for other cases.”

Actually, it does impugn wiretaps for other cases, especially in cases overseen by his client. Her lawyer says there’s nothing to see here, which is fine in terms of advocating for a client. But the DA’s office seems to hold the same opinion, which is much more worrisome. Whenever abuse is uncovered, the usual response is to treat it like a unicorn, rather than possibly a leading indicator of malfeasance yet to be uncovered.

Then there’s this:

Mr. Farrell said Ms. Lenich was well known and well liked in Brooklyn legal circles and had a reputation for fairness and professionalism.

Well, not so much now. All it takes is one severe, felonious abuse of the system to undo all of that goodwill and cause collateral damage to the reputation of the office she served.

Filed Under: brooklyn, lovint, surveillance, tara lenich, wiretaps