Government No-Fly List Includes the Dead: Via Threat Level.

You may be dying, figuratively, to get off the government’s no-fly list, but death won’t guarantee removal.

The government’s no-fly list includes the names of dead suspects, according to government officials who spoke with the Associated Press, to help catch people who may try to assume the suspect’s identity.

The no-fly list has been shrouded in mystery since it was first developed after the 9/11 attacks. How people get on the list or get off it has been a closely guarded secret, with only bits of information made public during congressional hearings.

The AP has pieced together the broad steps it takes for someone to get on the list, and some of the changes the list has undergone since it was first created nine years ago. [ Read more ... ]

U.S. Declassifies Part of Secret Cybersecurity Plan: Via Threat Level.

The Obama administration declassified part of the government’s cybersecurity plan Tuesday, publishing parts of it that discuss intrusion detection systems for federal computer networks and the government’s role in securing critical infrastructure.

The declassification announcement was made by Howard A. Schmidt, a former Microsoft security executive who in December was appointed cybersecurity coordinator by President Barack Obama. Schmidt was speaking at the RSA Security Conference in San Francisco, an annual industry conference for computer security professionals.

The government’s Comprehensive National Cybersecurity Initiative was launched in 2008 by President George W. Bush under a shroud of secrecy. The plan has 12 directives that cover the government’s strategy to protect U.S. networks — including military, civilian,  government networks and critical infrastructure systems — as well as the government’s offensive strategy to combat cyber warfare.

Civil libertarians criticized the Bush administration for failing to disclose the contents of the plan or allowing independent oversight of its implementation. Schmidt said that Obama recognized the need for some transparency. [ Read more ... ]

FBI wants records kept of Web sites visited: Via Politics and Law - CNET News.

WASHINGTON--The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.

FBI Director Robert Mueller supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

The FBI is not alone in renewing its push for data retention. As CNET reported earlier this week, a survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. Matt Dunn, an Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting. [ Read more ... ]

No Warrant Necessary to Seize Your Laptop: Via Freedom to Tinker.

The U.S. Customs may search your laptop and copy your hard drive when you cross the border, according to their policy. They may do this even if they have no particularized suspicion of wrongdoing on your part. They claim that the Fourth Amendment protection against warrantless search and seizure does not apply. The Customs justifies this policy on the grounds that "examinations of documents and electronic devices are a crucial tool for detecting information concerning" all sorts of bad things, including terrorism, drug smuggling, contraband, and so on.

Historically the job of Customs was to control the flow of physical goods into the country, and their authority to search you for physical goods is well established. I am certainly not a constitutional lawyer, but to me a Customs exemption from Fourth Amendment restrictions is more clearly justified for physical contraband than for generalized searches of information. [ Read more ... ]

Mikey Hicks, 8, Can’t Get Off U.S. Terror Watch List: Via NYTimes.com .

The Transportation Security Administration, under scrutiny after last month’s bombing attempt, has on its Web site a “mythbuster” that tries to reassure the public.

Myth: The No-Fly list includes an 8-year-old boy.

Buster: No 8-year-old is on a T.S.A. watch list.

“Meet Mikey Hicks,” said Najlah Feanny Hicks, introducing her 8-year-old son, a New Jersey Cub Scout and frequent traveler who has seldom boarded a plane without a hassle because he shares the name of a suspicious person. “It’s not a myth.” [ Read more ... ]

Suricata Beta Available for Download!!: Via The Open Information Security Foundation.

It's been about three years in the making, but the day has finally come! We have the first release of the Suricata Engine! The engine is an Open Source Next Generation Intrusion Detection and Prevention Tool, not intended to just replace or emulate the existing tools in the industry, but to bring new ideas and technologies to the field.

The OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members. 

The Suricata Engine and the HTP Library are available to use under the GPLv2. 

The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. [ Read more ... ]

TSA Threatens Blogger Who Posted New Screening Directive: Via Threat Level.

Two bloggers received home visits from Transportation Security Administration agents Tuesday after they published a new TSA directive that revises screening procedures and puts new restrictions on passengers in the wake of a recent bombing attempt by the so-called underwear bomber.

Special agents from the TSA’s Office of Inspection interrogated two U.S. bloggers, one of them an established travel columnist, and served them each with a civil subpoena demanding information on the anonymous source that provided the TSA document.

The document, which the two bloggers published within minutes of each other Dec. 27, was sent by TSA to airlines and airports around the world and described temporary new requirements for screening passengers through Dec. 30, including conducting “pat-downs” of legs and torsos. The document, which was not classified, was posted by numerous bloggers. Information from it was also published on some airline websites. [ Read more ... ]

FBI Linguist Guilty of Leaking Classified Documents to Blog: Via Threat Level.

An Israeli-American lawyer who worked as an FBI linguist pleaded guilty Thursday to providing an unidentified blogger with classified documents derived from U.S. communications intelligence.

Shamai Kedem Leibowitz, 39, of Silver Spring, Maryland, pleaded to one felony count of disclosing to an unauthorized party five documents that were classified “secret” that he obtained through his work with the FBI.

Leibowitz leaked the documents to the unnamed blogger in April 2009. The blogger — identified as “Recipient A in court filings — then wrote a post based on the classified documents.

“As a trusted member of the FBI ranks, Leibowitz abused the trust of the FBI and the American public by using his access to classified information for his own purposes,” said FBI Special Agent in Charge Richard A. McFeely in a press release. [ Read more ... ]

Newly-released documents show flaws in domestic intelligence collection and oversight: Via CDT - Center for Democracy & Technology.

Last Wednesday several U.S. intelligence agencies released previously classified documents in response to FOIA litigation from EFF & ACLU. Among these was a document reporting that the Department of Homeland Security had improperly investigated the Nation of Islam in 2007. DHS retracted the intelligence report on the black Muslim group hours after its release – but not before the report was disseminated widely to hundreds of other government agencies, private organizations and individuals. While it is a positive sign that DHS’ intelligence oversight managed to catch and retract the Nation of Islam report, the fact that the report was written at all suggests continuing confusion, at the working level, about what is the proper focus of domestic intelligence activity.

The government has spied on the Nation of Islam and its leaders for decades, but never obtained evidence that the organization was a terrorist outfit. So why was it under investigation yet again? Not because new evidence of violence or illegality surfaced, but because the group’s leader was sick.

Read Original Article:(Via CDT - Center for Democracy & Technology.)

Intelligence Agencies Release Docs Describing Misconduct in Response to EFF Lawsuit: Via EFF.org Updates.

Today the Department of Homeland Security, the Department of State, the Office of the Director of National Intelligence and the National Security Agency released 162 pages of intelligence oversight reporting in response to a Freedom of Information Act lawsuit filed by EFF in July.

The reports, made to a presidential advisory committee called the Intelligence Oversight Board, detail intelligence activities that the agencies "have reason to believe may be unlawful."

EFF is reviewing the documents now and has posted them on our website. Some of our initial finds include reports that: [ Read more ... ]

Fusion Centers Get New Privacy Orders Via DHS Grants: Via Untitled Source.

Last Tuesday, the Department of Homeland Security (DHS) announced the release of guidance for awarding grants for 2010. That Friday, the DHS Privacy Office publicly highlighted a provision of the guidance for the Federal Emergency Management Agency’s (FEMA) grant program that relates to fusion centers. The grant program requires fusion centers to certify compliance with the privacy and civil liberties guidelines of the Information Sharing Environment (ISE). [ Read more ... ]

Move to National ID Cards Delayed: Via Threat Level.

The United States’ quest for a national identification database associated with driver’s licenses won’t be finished by year’s end.

The deadline was Dec. 31 for the states to have created what would be the largest identification database of its kind under the auspices of the Real ID program. The law also mandates uniform anti-counterfeiting standards for state driver’s licenses.

None of the states are in full compliance with the law, first adopted in 2005, requiring the states’ motor vehicle bureaus to obtain and internally scan and store personal information like Social Security cards and birth certificates for a national database, according to the American Civil Liberties Union. About half the states oppose the mandate, or have said they would never comply.

Beginning Jan.1, the law was supposed to have blocked anybody from boarding a plane using their driver’s license as ID if their resident state did not comport with the Real ID program. But the Department of Homeland Security is set to extend, for at least a year, the deadline of the Real ID program that has raised the ire of privacy advocates. [ Read more ... ]

Real ID Follies Continue with PASS ID Waiting in the Wings: Via EFF.org Updates.

As 2009 draws to a close, we're inching ever deeper into the corner that Congress painted us into by passing Real ID under the table in 2005. (Recall that Real ID is the failed, Bush-era attempt to turn state drivers licenses into national ID cards by forcing states to collect and store licensee data in databases, and refusing to accept non-compliant IDs for federal purposes, like boarding a plane or entering a federal building.)

The official deadline for states to comply with the Department of Homeland Security's (DHS) final Real ID rule is December 31, 2009, and an estimated 36 states will not be in compliance by then, leading to some ambiguity for many citizens. For example, will residents of Montana be able to board planes in January 2010 with only a driver’s license (a state-supplied, technically non-compliant document) and without a passport (an identity document issued by the federal government)?

Past history strongly suggests that DHS will issue last-minute waivers to states that have not amped up their drivers licenses to adhere to Real ID. [ Read more ... ]

FBI: 19,000 Matches to Terrorist Screening List in 2009: Via Threat Level.

United States law enforcement agents and partners reported “encounters” with suspected terrorists 55,000 times in the last year; a check against the terrorist watchlist found a match 19,000 times, according to testimony presented to the Senate on Wednesday.

The figure includes multiple hits on the same people, according to an FBI spokesman, who didn’t know how many unique individuals were counted in the 19,000 hits.

The statistics appeared in testimony by the FBI’s Timothy Healy, director of the Terrorist Screening Center, or TSC, to the Senate Homeland Security and Government Affairs Committee.

Established in 2003, the TSC is a multi-agency clearinghouse for tips and other information about known and suspected terrorists that is shared with federal, state and local law enforcement agencies, as well as intelligence agencies and 17 foreign partners.

The center maintains the terrorist watchlist, which currently has about 400,000 individuals on it, most of them non-U.S. citizens, and includes those suspected of providing financial assistance or aid to terrorists. A subset of this list, the No Fly list, includes people considered a threat to aviation or national security and contains about 3,400 names, of which about 170 are U.S. persons. [ Read more ... ]

Lawmakers Want to Bar Sites From Posting Sensitive Government Docs: Via Threat Level.

Three Republican lawmakers have asked the Department of Homeland Security what can be done to bar or criminally penalize whistleblower sites that reposted a sensitive airport-screening manual that was published on the internet by a government worker.

They also asked about enacting regulations that would bar such publication in the future.

The congressmen are outraged that sites like Cryptome and Wikileaks republished the manual after it was posted online by a government contractor working for the Transportation Security Administration. The manual was posted last March on a government procurement site and was discovered Sunday by a blogger.

In their letter to Homeland Security Secretary Janet Napolitano (.pdf) on Wednesday, Reps. Peter T. King (R - New York), Charles Dent (R - Pennsylvania) and Gus Bilirakis (R - Florida) asked, “How has the Department of Homeland Security and the Transportation Security Administration addressed the repeated reposting of this security manual to other websites, and what legal action, if any, can be taken to compel its removal?” [ Read more ... ]

A court decision that reflects what type of country the U.S. is: Via Salon: Glenn Greenwald.

It's not often that an appellate court decision reflects so vividly what a country has become, but such is the case with yesterday's ruling by the Second Circuit Court of Appeals in Arar v. Ashcroft (.pdf).  Maher Arar is both a Canadian and Syrian citizen of Syrian descent.  A telecommunications engineer and graduate of Montreal's McGill University, he has lived in Canada since he's 17 years old.  In 2002, he was returning home to Canada from vacation when, on a stopover at JFK Airport, he was (a) detained by U.S. officials, (b) accused of being a Terrorist, (c) held for two weeks incommunicado and without access to counsel while he was abusively interrogated, and then (d) was "rendered" -- despite his pleas that he would be tortured -- to Syria, to be interrogated and tortured.  He remained in Syria for the next 10 months under the most brutal and inhumane conditions imaginable, where he was repeatedly tortured.  Everyone acknowledges that Arar was never involved with Terrorism and was guilty of nothing.  I've appended to the end of this post the graphic description from a dissenting judge of what was done to Arar while in American custody and then in Syria. [ Read more ... ]

TSA Successfully Defends Itself: Via Schneier on Security.

Story here. Basically, a woman posts a horrible story of how she was mistreated by the TSA, and the TSA responds by releasing the video showing that she was lying.

There was a similar story in 2007. Then, I wrote:

Why is it that we all -- myself included -- believe these stories? Why are we so quick to assume that the TSA is a bunch of jack-booted thugs, officious and arbitrary and drunk with power?

It's because everything seems so arbitrary, because there's no accountability or transparency in the DHS. Rules and regulations change all the time, without any explanation or justification. Of course this kind of thing induces paranoia. It's the sort of thing you read about in history books about East Germany and other police states. It's not what we expect out of 21st century America. [ Read more ... ]

Bookmark/Search this post with:

• Twitter
• Digg
• StumbleUpon
• Technorati
• del.icio.us
• Facebook
• Furl
• LinkedIn
• Yahoo

What Does DHS Know About You?: Via philosecurity.

Here’s a real copy of an American citizen’s DHS Travel Record retrieved from the U.S. Customs and Border Patrol’s Automated Targeting System (ATS). This was obtained through a FOIA/Privacy Act request and sent in by an anonymous reader (thanks!)

The document reveals that the DHS is storing the reader’s:

Read Original Article:(Via philosecurity.)

Homeland Security to hire 1,000 cybersecurity experts: Via computerworld.

The Department of Homeland Security wants to hire 1,000 cybersecurity professionals in the next three years, according to agency Secretary Janet Napolitano.

The department has the authority to recruit and hire cybersecurity professionals across DHS over the next three years in order to help fulfill its mission to protect the nation’s cyber infrastructure, systems and networks, she said.

“This new hiring authority will enable DHS to recruit the best cyber analysts, developers and engineers in the world to serve their country by leading the nation’s defenses against cyber threats,” Napolitano stated. [ Read more ... ]

Secure Flight Comes to Southwest Airlines, Six Years Later: Via Threat Level.

Six years ago the federal government proposed taking over the job of comparing passenger names against the terrorist watch lists. Just this week, Southwest Airlines frequent fliers are being asked to update their profiles with name, gender and date of birth information in order to let the feds try that system out.

In an e-mail to its frequent fliers, Southwest says it has been working with the government to “introduce” Secure Flight, the long-delayed successor to the current system of having airlines compare passenger names against the tens of thousands of names on the government’s No-Fly and Selectee lists. Southwest frequent fliers are being asked to provide:

1. A full name, exactly as it appears on the current (non-expired) government-issued photo ID that you will be traveling with
2. Date of birth
3. Gender
4. The TSA-issued Redress Number** (if applicable)

For those wary of turning over such info, Southwest suggests they just do it. [ Read more ... ]

Ass Bomber: Via Schneier on Security.

Nobody tell the TSA, but last month someone tried to assassinate a Saudi prince by exploding a bomb stuffed in his rectum. He pretended to be a repentant militant, when in fact he was a Trojan horse:

The resulting explosion ripped al-Asiri to shreds but only lightly injured the shocked prince -- the target of al-Asiri's unsuccessful assassination attempt. [ Read more ... ]

Rein In Government Spying: Via EFF.org Updates.

Last week, ten US Senators introduced the perfect vehicle for reform of the surveillance powers in the PATRIOT Act, as well as the much broader and more dangerous FISA Amendments Act (FAA), the warrantless surveillance law that was passed by Congress last summer.

The new bill, called the JUSTICE Act, would add essential new checks and balances to a broad range of surveillance powers. In particular, it would reform the notorious National Security Letter power that allows the FBI, without court supervision, to secretly demand that companies hand over your private phone and internet records. [ Read more ... ]

Laptop searches at airports infrequent, DHS privacy report says: Via Computerworld.

Social media, airport image-screening technology also examined in annual report to Congress

The U.S. Department of Homeland Security's annual privacy report card revealed more details on the agency's controversial policy involving searches of electronic devices at U.S. borders.

The 99-page report, which was released Thursday, also offered details on the agency's efforts to address privacy risks in social media and the use of imaging technologies that produce whole-body scans at airport security checkpoints.

The report is the first DHS privacy assessment released to Congress since the new administration took office. It covers the activities of the DHS Privacy Office between July 2008 and June 2009. [ Read more ... ]

Obama Issues Limits on ‘State Secrets Privilege’: Via Threat Level.

The Obama administration announced new limits Wednesday on the so-called state secrets privilege used by the government to scuttle lawsuits that involve classified information, adding layers of oversight to a power that both the Bush and Obama administration has used to kill off lawsuits challenging anti-terrorism programs.

Under the new guidelines (.pdf) issued by Attorney General Eric Holder, set to take effect October 1, government lawyers will only invoke the privilege when there’s a possibility of “significant harm” to the country, and won’t use it to hide embarrassing or illegal government programs.

The states secrets privilege lets the government tell a judge that a matter in a lawsuit, or the very subject of a lawsuit, is so sensitive that national security trumps justice.  Asserting the privilege all but forces a judge to ban critical evidence or toss an entire case, no matter how egregious the government conduct might have been. [ Read more ... ]

FBI’s Data-Mining System Sifts Airline, Hotel, Car-Rental Records: Via Threat Level.

A fast-growing FBI data-mining system billed as a tool for hunting terrorists is being used in hacker and domestic criminal investigations, and now contains tens of thousands of records from private corporate databases, including car-rental companies, large hotel chains and at least one national department store, declassified documents obtained by Wired.com show.

Headquartered in Crystal City, Virginia, just outside Washington, the FBI’s National Security Branch Analysis Center (NSAC) maintains a hodgepodge of data sets packed with more than 1.5 billion government and private-sector records about citizens and foreigners, the documents show, bringing the government closer than ever to implementing the “Total Information Awareness” system first dreamed up by the Pentagon in the days following the Sept. 11 attacks.

Such a system, if successful, would correlate data from scores of different sources to automatically identify terrorists and other threats before they could strike. The FBI is seeking to quadruple the known staff of the program.

But the proposal has long been criticized by privacy groups as ineffective and invasive. Critics say the new documents show that the government is proceeding with the plan in private, and without sufficient oversight. [ Read more ... ]