Category Archives: DETECTIVES INVESTIGATORS

Around AU$200m later, data retention mostly used for chasing drugs, not terror

The Attorney-General’s Department has exposed a report outlining the opening months of Australia’s data retention scheme.

Australia’s telecommunications companies have been left with a funding hole of over AU$70 million to cover the capital costs of Australia’s data retention scheme, according to the Telecommunications Interception And Access Act 1979 Annual Report 2015-16 [PDF], while data authorisations for terrorism ranked below those for illicit drug offences.

www.policesearch.net

Despite handing out AU$128 million in grants last year, the report, released on Monday, states that the capital cost to industry will total AU$198 million by the end of the 2016-17 financial year.

“Information collected from industry through the Data Retention Industry Grants Programme indicates that the estimated capital cost of implementing data retention obligations over the period between 30 October 2014 and 13 April 2017 is AU$198,527,354,” the report said.

“[Costs] relate to the anticipated direct upfront capital costs and not the recurring or indirect costs associated with compliance.”

In 2015, Attorney-General George Brandis said he expected the average ongoing cost for telcos to run their data retention system would be around AU$4 per month.

The report said the Attorney-General’s Department (AGD) received 210 applications for funding, of which 10 were withdrawn, and 180 telecommunications providers were found to be eligible for funding. Of that 180, “most” were awarded a grant to cover 80 percent of their costs.

It was also detailed that during the implementation period for the data retention scheme, AGD received 402 data retention implementation plans from 310 providers.

Under Australia’s data retention laws, passed by both major parties in March 2015, telecommunications carriers must store customer call records, location information, IP addresses, billing information, and other data for two years, accessible without a warrant by law-enforcement agencies.

Over the period from October 13, 2015 to June 30, 2016, the report said the offence for which the highest number of authorisations to telco data was made was illicit drug offences, with 57,166. This was followed in ranking by miscellaneous, homicide, robbery, fraud, theft, and abduction.

Terrorism offences ranked below property damage and cybercrime, with 4,454 authorisations made.

As part of the data retention laws, the spirit of the legislation was to restrict access to stored metadata to a list of approved enforcement agencies, with those agencies not on the list theoretically having access removed on October 12, 2015.

Overall, the report said 63 enforcement agencies made 333,980 authorisations for retained data, of which 326,373 related to criminal law.

“In 2015-16, law enforcement agencies made 366 arrests, conducted 485 proceedings, and obtained 195 convictions based on evidence obtained under stored communications warrants,” the report said.

During 2015-16, 3,857 telecommunication interception warrants were issued, with interception data used in 3,019 arrests, 3,726 prosecutions, and 1,812 convictions. Total cost for interception warrants was AU$70.3 million, at an average cost of AU$619,200 per warrant.

Australia Post accounted for 64 authorisations between June 30 and October 12, 2015, compared to none the year before; and the Victorian Department of Economic Development, Jobs, Transport and Resources made 173 authorisations in 3.5 months compared to 226 the entire financial year prior.

It was also noted that on six occasions, warrants were exercised by people not authorised to; in three instances, the Ombudsman could not determine whether stored communications related to the person named on a warrant; and in one instance, it could not determine who had received stored communications from a carrier.

It was also revealed that during the 2015-16 year, the Western Australia Police had received a pair of journalist warrants, which saw 33 authorisations of data made.

“These authorisations were for the purpose of enforcing the criminal law,” the report said.

In April, the Australian Federal Police (AFP) revealed that it had “mistakenly” accessed a journalist’s call records without a warrant in breach of the data retention legislation.

It was subsequently learned that AGD had advised government departments to skirt metadata laws and rely on coercive powers.

In May, the Commonwealth Ombudsman found the AFP to be handling metadata in a compliant manner, but noted a number of exceptions.

“We identified two instances where a stored communications warrant had been applied for and subsequently issued in respect of multiple persons, which is not provided for under the Act,” the report said.

In response, the AFP said its warrant templates were not clear enough.

www.druglinks.info

Henry Sapiecha

With just one wiretap order, US authorities listened in on 3.3 million phone calls

The order was carried out in 2016 as part of a federal narcotics investigation.

NEW YORK, NY — US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation.

The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015.

The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania.

The wiretap cost the authorities $335,000 to conduct and led to a dozen arrests.

But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted.

The revelation was buried in the US Courts’ annual wiretap report, published earlier this week but largely overlooked.

“The federal wiretap with the most intercepts occurred during a narcotics investigation in the Middle District of Pennsylvania and resulted in the interception of 3,292,385 cell phone conversations or messages over 60 days,” said the report.

Details of the case remain largely unknown, likely in part because the wiretap order and several motions that have been filed in relation to the case are thought to be under seal.

It’s understood to be one of the largest number of calls intercepted by a single wiretap in years, though it’s not known the exact number of Americans whose communications were caught up by the order.

We contacted the US Attorney’s Office for the Middle District of Pennsylvania, where the wiretap application was filed, but did not hear back.

Albert Gidari, a former privacy lawyer who now serves as director of privacy at Stanford Law School’s Center for Internet and Society, criticized the investigation.

“They spent a fortune tracking 26 people and recording three million conversations and apparently got nothing,” said Gidari. “I’d love to see the probable cause affidavit for that one and wonder what the court thought on its 10 day reviews when zip came in.”

“I’m not surprised by the results because on average, a very very low percentage of conversations are incriminating, and a very very low percent results in conviction,” he added.

When reached, a spokesperson for the Justice Department did not comment

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

If you see something, leak something. Telling the world holds people in office accountable, no matter how big or small it may be.

There are a number of ways to contact me securely, in ranking order.

Encrypted calls and texts

I use both Signal and WhatsApp for end-to-end encrypted calling and messaging. The apps are available for iPhones and Android devices.

You can reach me at +1 646-755–8849 on Signal or WhatsApp.

I will get back to you as soon as possible if I don’t immediately respond.

Encrypted instant messaging

You can also contact me using “Off The Record” messaging, which allows you to talk to me in real time on your computer. It’s easy to use once you get started. This helpful guide will show you how to get set up.

You will need a Jabber instant messaging account. There are many options to choose from. For anonymity, you should create an account through the Tor browser.

You can reach me at: zackwhittaker@jabber.at during working hours.

When you verify my fingerprint, it’s this: 914F503C 03771A5F A9E2AC91 95861FDA 9B3A7EAD.

Send me PGP email

My email address is zack.whittaker@gmail.com (remove the dot for PGP).

PGP, or “Pretty Good Privacy,” is a great (but tricky-to-use) way of emailing someone encrypted files or messages. PGP works on almost every email account and computer, but using it on your work or home email address won’t hide who you are, or the fact that you sent a reporter an email.

If you want to remain anonymous, go somewhere that isn’t your home or work network. Then, you should use the Tor browser, which hides your location, to access a free email service (like this one or this one).

The EFF has a set of easy-to-use tutorials on how to get started.

You will need my public PGP key to email me securely, available here.

You can also verify my PGP fingerprint to be sure it’s me: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

You can also get this information on my Keybase profile.

When all else fails…

You can always send me things through the mail. My work address is:

Zack Whittaker c/o CBS,
28 E. 28th Street,
New York, NY 10016,
United States of America.

(Updated: January 14 with additional Keybase details.)
(Updated: April 30 with new Jabber fingerprint.)

Henry Sapiecha

Justice Dept. Pressing for Changes to Computer Crime Law

In this June 17. 2009, file photo, former Hollywood private eye Anthony Pellicano is shown in court in Los Angeles. It’s clearly illegal to hack into someone else’s computer network and steal information from it. But what about a police officer who uses his own department’s computer database to look up women from his past? Or employees who use their log-in credentials to download confidential information from their employer? The issue surfaced in August 2105 when the California-based 9th U.S. Circuit Court of Appeals threw out computer access charges against Anthony Pellicano, a Hollywood private eye who wiretapped phones for celebrity clients to dig up dirt on rivals, and several of his alleged conspirators. The court upheld most of the convictions in the case but found that the jury had been given improper instructions on the law. (AP Photo/Nick Ut)

FILE - Int his June 17. 2009, file photo, former Hollywood private eye Anthony Pellicano is shown in court in Los Angeles. It’s clearly illegal to hack into someone else’s computer network and steal information from it. But what about a police officer who uses his own department’s computer database to look up women from his past? Or employees who use their log-in credentials to download confidential information from their employer? The issue surfaced in August 2105 when the California-based 9th U.S. Circuit Court of Appeals threw out computer access charges against Anthony Pellicano, a Hollywood private eye who wiretapped phones for celebrity clients to dig up dirt on rivals, and several of his alleged conspirators. The court upheld most of the convictions in the case but found that the jury had been given improper instructions on the law. (AP Photo/Nick Ut, File)

It’s clearly illegal to hack into someone else’s computer network and steal information from it. But what about a police officer who uses his own department’s computer database to look up women from his past? Or an employee who uses his log-in credentials to download confidential information from his employer?

These are questions that for years have vexed the courts, which have struggled to define the difference between permissible and illegal computer use.

Stung by recent court decisions that have gone against them, Justice Department lawyers are making a fresh push to clarify a computer trespass law that critics malign as overly broad. The 1986 law was intended to punish hackers, but the government has had difficulty applying it to company employees and other insiders who have permission to access a computer – but abuse that right by using the machine in ways they don’t have authorization for.

While the concerns aren’t new, they attracted attention this year after President Barack Obama suggested changes to the Computer Fraud and Abuse Act as part of broader cybersecurity legislation. The Justice Department also has appealed to Congress, which is expected to take up other cybersecurity measures in the coming weeks.

“These are really hard issues of what should the law cover and what should it not cover,” said George Washington University law professor Orin Kerr. “It’s totally understandable that we’re having this discussion and not sure what the answer should be, because this is a new kind of technological problem.”

Critics, including judges, have long expressed concern that people could be prosecuted under the anti-fraud law for computer use that while technically unauthorized is nonetheless benign. An appeals court recently raised the prospect that checking sports scores at work could theoretically lead to prosecution, though the Justice Department says it’s never had any interest in going after that kind of behavior.

Justice Department lawyers have sought to allay those fears by proposing to narrow the standards for prosecution. They’ve proposed limiting the law’s use to circumstances including misuse of a government database, the theft of $5,000 or more, or when the computer access was part of another felony such as blackmailing a co-worker.

“What we need is a law that makes clear that if you exceed authorized access for nefarious purposes … that that’s a violation of the law,” said Assistant Attorney General Leslie Caldwell.

Sens. Lindsey Graham, R-S.C., and Sheldon Whitehouse, D-R.I., have drafted legislation similar to the Justice Department proposal that aides say could be introduced soon. In the meantime Whitehouse has attached an amendment that would punish by up to 20 years damage to a “critical infrastructure computer,” such as one that controls the electric power grid, to a broader cyber bill expected to be considered soon by the Senate.

Yet even some critics of the existing law say they believe the government already has enough tools to punish computer crime, without making changes.

“All of this is a solution in search of a problem,” said Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, a privacy group.

Though the Justice Department has successfully used the existing statute many times, its proposal comes amid recent decisions in appeals courts – including in a lawsuit involving trade secrets – that have interpreted the law in ways prosecutors didn’t like.

The issue surfaced last month when the California-based 9th U.S. Circuit Court of Appeals threw out computer access charges against Anthony Pellicano, a Hollywood private eye who wiretapped phones for celebrity clients to dig up dirt on rivals, and several alleged conspirators. The court upheld most of the convictions but found that the jury was given improper instructions on the law.

The same court in 2012 rejected computer access charges against a former employee of an executive search firm who had been accused of encouraging some of his ex-colleagues to help him start a competing business by using their log-in credentials to download trade secrets. The court said the government’s view created a slippery slope.

“Basing criminal liability on violations of private computer-use (policies) can transform whole categories of otherwise innocuous behavior into federal crimes simply because a computer is involved,” wrote Judge Alex Kozinski. “Employees who call family members from their work phones will become criminals if they send an email instead. Employees can sneak in the sports section of The New York Times to read at work, but they’d better not visit ESPN.com.”

A federal appeals court in New York is weighing the issue in the case of Gilberto Valle, a former New York City police detective dubbed the “cannibal cop” for his online exchanges about kidnapping and eating women. Though a judge dismissed most of the case, Valle is appealing his conviction for using an NYPD database to look up women he targeted. His supporters say that action could not have been a crime because, as an officer, he was entitled to access the database.

It’s not clear what action Congress will take, but it’s also not clear that it needs to do anything, said Kerr, the law professor.

“It’s a hard set of problems for Congress to try to figure out, because you have courts disagreeing on what the rules should be,” Kerr said. “And one option is to just wait for the Supreme Court to say what the rules actually are.”

Source: Associated Press

ooo

Henry Sapiecha

Uber exec Emil Michael threatens to dig dirt on company critics, unleashing torrent of criticism

UBER EXEC SAYS HIS COMPANY TO SPEND $1M ON PRIVATE INVESTIGATORS GETTING DIRT ON REPORTERS

An executive of a car hire service which has risen from tech start-up to $US17 billion international giant in four years has declared to a dinner table that the company should spend a million dollars hiring private investigators to dig up dirt on journalists to silence them. Nick O’Malley reports.

Emil Michael, senior vice president for Business for Uber.image www.intelagencies.com

n the gun: Emil Michael, senior vice president for Business for Uber. Photo: Bloomberg

It was a truly spectacular own goal scored by one of the most senior executives of one of the tech world’s hottest companies in the presence of two famous journalists in a semi-private club owned by the Vanity Fair editor, Graydon Carter.

At the dinner on Friday night the executive, Emil Michael, a senior vice president at Uber, the car hire tech that has risen from start-up to $US17 billion international giant in four years, declared to the table that the company should spend a million dollars hiring private investigators to dig up dirt on journalists to silence them.

The group, gathered the Waverley Inn in Manhattan’s West Village, included the actor, Ed Norton, and the Huffington Post publisher, Ariana Huffington, as well as the journalists Michael Wolff and Buzzfeed’s Ben Smith. Michael’s own boss was there too, the Uber chief executive and founder, Travis Kalanick. The host was Ian Osborne, a former adviser to British Prime Minister David Cameron as well as an Uber consultant.

Some time in the course of the meal Michael began to vent his frustration at journalists who had dared to criticise Uber, a company that has grown from unknown start-up to a giant  and struck fear into the heart of the taxi industry around the world.

Michael, Buzzfeed reported, was particularly frustrated by one female journalist, Sarah Lacy, who runs the popular Silicon Valley website PandoDaily. She has criticised Uber for having an allegedly sexist culture and for putting female passengers at risk by not vetting its drivers thoroughly enough.

Recently she wrote that she was deleting her Uber app as a result.

At the dinner Michael was outraged and, according to Buzzfeed, said that Uber’s dirt diggers could be used to “prove a particular and very specific claim about her personal life”.

After the dinner Michael said in a statement:  “The remarks attributed to me at a private dinner — borne out of frustration during an informal debate over what I feel is sensationalistic media coverage of the company I am proud to work for — do not reflect my actual views and have no relation to the company’s views or approach. They were wrong no matter the circumstance and I regret them.”

But the comments are attracting significant attention, in part because they appear to confirm the growing popular notion that Uber is becoming recklessly aggressive.

The founder, Travis Kalanick, has never been one to back down from a fight. In 2012 he explained to Fairfax Media that in each city Uber began operating in it met the same regulatory resistance from entrenched taxi monopolies or oligopolies with the same cosy relationship with city or state governments.

Uber – and Kalanick – appeared to take delight in combating these opponents and Uber’s users cheered him on.

Once you have signed up for the Uber app you can summon a car at the press of a button and know with certainty that it will come, when it will come and that it will wait for you. Uber users commonly report better, cheaper, more reliable service in cleaner cars by friendlier drivers than they get from taxi companies. And with the domineering old players like CabCharge cut out of the loop, drivers often reported earning more with Uber than they had a taxi drivers.

Recently the New York Times wrote that Uber was changing the very fabric of life in Los Angeles because it was allowing people to return to the public transport starved downtown areas. A Washington Post blog noted that Uber had become the transport method of choice for US politicians and their staff, a sure sign the company was not going to be regulated out of existence.

But there is a growing sense that its aggression in combating regulators has become part of Uber’s posture towards critics, media, its drivers and its competition.

The Verge website reported that Uber was using teams of agents with disposable mobile phones accounts and credit cards to disrupt competitors like Lyft by making false calls for rides.

Last month Uber’s drivers in New York went on strike saying their pay had shrunk 25 per cent as Uber sought to undercut its rivals. “Uber makes billions on the backs of drivers. We own the cars, we pay for gas, we pay for maintenance, we suffer the depreciation and we take all of the risks,” one protest flier proclaimed, the New York Post reported.

In a series of tweets since the Buzzfeed report Kalanick has apologised for Michael’s remarks at dinner, saying they showed a “showed a lack of leadership, a lack of humanity and a departure from our values and ideals” and that they “do not represent the company”. He noted that Michael’s “duties here at Uber do not involve communications strategy or plans and are not representative in any way of the company approach”.

There was no suggestion that Michael might be looking for a new job, nor is there any sense that his comments will have any long-term impact on the company. But it has added to a general perception that the young company, flushed with extraordinary success, has a cultural problem.

Perhaps the news site Vox captured it best with a comment piece called “Uber has an a__hole problem.”

“Uber is a major company,” wrote Vox. “And it’s time to start acting like it. Not all rules are made to be broken. The fact that Michael is getting a kind of verbal scolding rather than suffering real consequences suggests that maybe the company’s board and CEO still don’t get that.”

Henry Sapiecha

DETECTIVE AGENCY TO USE SATELLITES & DRONES FOR GETTING INTELLIGENCE FOR CLIENTS & COURT CASES

Air and Space Evidence’s aerial imagery was used in an insurance case following Hurricane Katrina image www.intelagencies.com

Air and Space Evidence will use satellites and drones to detect insurance fraud

World first  a space detective agency will use drones and satellites to uncover insurance fraud image www.intelagencies.com

TWO British academics have opened the world’s first space detective agency, using drones and satellites to uncover insurance fraud, search for freshly dug graves or to monitor how foreign aid money is spent.

World first … a space detective agency will use drones and satellites to uncover insurance fraud. Picture: AP Source: AP

TWO British academics have opened the world’s first space detective agency, using drones and satellites to uncover insurance fraud, search for freshly dug graves or to monitor how foreign aid money is spent.

 Knowing how to search Air and Space Evidence says most people have no idea how to source archived images.www.intelagencies.com

Critical … Air and Space Evidence’s aerial imagery was used in an insurance case following Hurricane Katrina.

Professor Ray Harris (pictured) and Ray Purdy will deliver aerial imagery in criminal and civil cases.image www.intelagencies.com

Founder Ray Purdy, a lawyer who specialised in satellite law at the University College of London, has teamed up with geographer colleague Professor Ray Harris in a private firm that will use before and after aerial imagery in criminal and civil cases.

Finding evidence … Professor Ray Harris (pictured) and Ray Purdy will deliver aerial imagery in criminal and civil cases. 

As an example of the work that Air and Space Evidence is undertaking, Mr Purdy pointed to a case following Hurricane Katrina, where a couple claimed their New Orleans home was severely damaged by wind and water.

Aerial photos showed the house had survived Katrina intact.

Mr Purdy has also worked in Australia where he was able to show illegal vegetation clearing on a NSW property.

The technology is not new, but individuals and companies will be able to employ the experts to hunt through troves of archival data from “nearly any location on earth” and then deploy drones or satellites to provide evidence of changes on the ground.

“As the resolution gets better we will be able to do things like search fields for graves (recently dug earth) in cases of abduction, or trace where certain pollutants came from before they entered watercourses,” Mr Purdy told News Corp in an email exchange.

GOOGLE SKYBOX: Monitors, updates global images with 24 satellites

3arrows_blue

www.spy-drones.net

www.ispysite.com

He said his firm would not be investigating adultery cases but said it was only a matter of time before suspicious partners hired private investigators to use spy drones.

“Unmanned aerial vehicles are good enough to catch anyone cheating if certain interactions (hugging, kissing) take place outdoors.”

satellite image taken before the aftermath of Hurricane Katrina. image www.intelagencies

A satellite image … taken before the aftermath of Hurricane Katrina. Picture: AP Source: AP

Air and Space Evidence said most people had no idea how to source archived images, or how to go about deploying a satellite or drone to get up-to-date comparisons.

The firms expects to be used as expert witnesses in cases that could involve insurance fraud, neighbourhood disputes, environmental investigations, border and boundary disputes, human rights investigations, disaster monitoring and foreign aid auditing.

Air and Space Evidence’s aerial imagery was used in an insurance case following Hurricane Katrina image www.intelagencies.com

Knowing how to search … Air and Space Evidence says most people have no idea how to source archived images. Picture: AP Source: News Limited

Henry Sapiecha