Looking for the audio? It's coming! This week has been wild.
April 26, 2021 | The New York Times by Charlie Savage | ~1070 words
The Foreign Intelligence Surveillance Court (FISC) released a ruling last Monday that chastised the FBI for overreaching its authority granted to them by a warrantless surveillance program, yet the court renewed the program anyway. To be fair, the program is for the National Security Agency to which the FBI is only a tangential benefactor. As explained by the Times the program gives the NSA the ability to warrantlessly gather the calls and messages of non-US citizens with the help of American corporations.
The Times explains why the FBI's access is particularly concerning:
" . . .the C.I.A., the National Counterterrorism Center and the F.B.I. — also receive access to streams of 'raw' messages intercepted without a warrant for their analysts to use. Of those, the F.B.I. is the only one that also has a law enforcement mission, heightening the stakes."
Only 3.6% of the data collected through the program is passed onto the FBI.
The majority of the backlash received by the FBI from the FISC was for overly broad searches of these streams. One example provided showed an analyst searching among 16,000 individuals when only seven were relevant to an FBI investigation.
The Bureau has apparently put better training and safeguards in place to prevent this in the future but claims the pandemic has prevented them from measuring their effectiveness.
April 27, 2021 | The Markup by Alfred Ng | ~1358 words
Have you installed your state or country's COVID contact tracing app? The one that uses your phone's Bluetooth to see what other Bluetooth devices it has been near. If the owner of any of those devices uses the app to say they've tested positive for COVID-19, you'll receive an alert. While not perfect, the framework, collaborated on and built by both Apple and Google, is a semi-decent way to do that while preserving privacy as the connections your phone has seen aren't uploaded to any servers and never leaves your phone.
Well, the Markup reported on the finding of a security researcher who found that the implementation on Android phones wasn't as private as originally thought. Apparently Android was writing the logs of those connections in such a way that made them accessible to dozens of other pre-installed apps on the phone. When the researcher made Google aware of the problem, Google did not respond seriously until contacted by the Markup for comment.
However, it does appear that Google did fix the error and began rolling out the changes in a timely manner. As such, this seems to be an innocent yet unforunate oversight.
April 27, 2021 | Gizmodo by Lucas Ropek | ~792 words
Attorneys around the world are moving to throw out evidence obtained by popular police phone cracking tool Cellebrite. Moxie Marlinspike, creator of the encrypted messaging app Signal, published a blog post documenting dozens of vulnerabilities in Cellebrite along with a video of him exploiting at least one of the vulnerabilities. The tool is often used by law enforcement to gather evidence from those suspected of committing a crime.
In the post, Marlinspike claims that it would be possible to install an app on the phone that could then modify the output of Cellebrite, essentially fabricating evidence. While there is not proof of this actually happening, it was enough for Roman Rozas to challenge the conviction of one of his clients, according to Gizmodo. The same questions are raising legal concerns in Australia as well.
Gizmodo notes that at this point, it's hard to know what will happen in cases such as Rozas'.
April 29, 2021 | Wired UK by Matt Burgess | ~1451 words
Once again, more organizations and businesses are expressing concern over Google's proposed FLoC implementation previously discussed in surveil-links #77, #134, and #138. Burgess cites the concerns previously noted in surveil-links -- such as those from DuckDuckGo, Vivaldi, Brave, and WordPress -- but he also quotes several European data regulators -- namely those of France, Belgium, and Ireland -- voicing worry over the new program.
While Burgess notes that Google seems to be making an effort to make the rollout at least somewhat transparent and address concerns seriously, it really is a question of "how much will Google really change" or will it leverage its power to force the adoption of FLoC? The worry if perhaps best summarized by this paragraph from the article:
"[Google] owns the world’s largest browser, biggest search engine, a huge advertising network, and can collect huge swathes of data. For many people, Google's services are the internet. Nine of its apps are used by more than a billion people each. That’s an awful lot of data and an awful lot of power. Google’s historic abuse of people’s information has led many not to trust it – and that includes competitors and regulators, as well as consumers."
April 30, 2021 | The New York Times by Charlie Savage | ~1184 words
Not only is this Savage's first time featured in surveil-links, but he's the first reporter to make the list twice in one week, writing about the same agency no less!
In his reporting of the Office of the Director of National Intelligence's transparency report released on Friday, Savage notes that the number of wiretaps and search warrants obtained by the FBI from the FISC dropped for the second year in a row. In 2018, the number was 1,833, followed by 1,059 in 2019, and dropping even more sharply to 451 in 2020.
Don't confuse these warrants with FBI targets surveilled as part of the NSA program discussed in surviel-link #148 above. As explained, that program does not require a warrant and only affects US citizens communicating with others abroad. The numbers in the above paragraph are the times the FISC approved an FBI search warrant in the name of national security.
That said, the report does also give insight into the warrantless NSA program as well, showing that the number of foreign targets slightly dropped from 204,968 in 2019 to 202,703 in 2020.