Racial Bias & Policing: A Rundown of the Data

With protests in Charlotte and the shooter of Terence Crutcher in Tulsa being charged with manslaughter, the question of systemic racism and #BlackLivesMatter has risen again. The following is meant to be a helpful list of relevant data regarding the current state of police force and racial bias:

  • The Rarity of Force: According to the U.S. Department of Justice, it is “[k]nown with substantial confidence…that police use force infrequently. The data indicate that a small percentage of police-public encounters involve force. For example, about 1 percent of people who had face-to-face contacts with police said that officers used or threatened force, according to preliminary estimates based on the Bureau of Justice Statistics’ 1996 pretest of its Police-Public Contact Survey…In 7,512 adult custody arrests, another study…notes that fewer than one out of five arrests involved police use of physical force (defined as use of any weapon, use of any weaponless tactic, or use of severe restraints). That can be considered a low rate in view of the study’s broad definition of force” (pg. vii). By highlighting this first, “the intention is neither to minimize the problem nor to suggest that the issue can be dismissed as unworthy of serious attention. Society’s ends are best achieved peaceably, and we should strive to minimize the use of force by police as much as possible. However, it is important to put police use of force in context in order to understand the potential magnitude of use-of-force problems. Although estimates may not completely reassure everyone that police are doing everything they can to minimize the use of force, the data do not support the notion that we have a national epidemic of police violence” (pg. 3). In summary, the vast majority of civilian/police interactions involve no violence whatsoever.
  • Increase in Police Shootings: However, the above study was done in 1999. Both private and federal data since then suggest that the use of lethal force by police is increasing (see the graph below). Nonetheless, even with upticks in killings by police, the use of lethal force would still be exceedingly rare.

  • Lack of Prosecution: Very few officers have been prosecuted for fatal shootings since 2005 according to a 2015 analysis by The Washington Post. This could very well be for good reasons, but the point is that it is rare for an officer to face prosecution.
  • Police Officers Are Safer: Murders, assaults, and shootings of police officers have thankfully declined over the last few decades (for example, see the graph on assaults and injuries below). We should want to keep it that way.

  • Unreliable Data: Unfortunately, the data on use of force by police aren’t very helpful. Reporting on a 2013 survey conducted by the Justice Department, The New York Times stated, “But when the data was issued…the figures turned out to be almost useless. Nearly all departments said they kept track of their shootings, but in accounting for all uses of force, the figures varied widely. Some cities included episodes in which officers punched suspects or threw them to the ground. Others did not. Some counted the use of less lethal weapons, such as beanbag guns. Others did not. And many departments, including large ones such as those in New York, Houston, Baltimore and Detroit, either said they did not know how many times their officers had used force or simply refused to say. That made any meaningful analysis of the data impossible.” USA Today found similar problems. For example, University of Nebraska criminologist Samuel Walker said that the uptick in police shootings could simply be due to more departments reporting. The Washington Post‘s Radley Balko summarizes, “The point is, it’s nearly impossible to know all the details behind all of these shootings. We have to rely on reports filed by the officers themselves. We know more details about these particular cases because an attorney or a journalist took the time to investigate, file open records requests, and look beyond the police reports and press accounts (which, less face it, too often are too reliant on the police reports).”
  • Individual Racism: Rhetoric from critics of police sometimes gives the impression that police shootings of blacks stem from individual racism. According to a 2015 survey, 12.2% of all U.S. local police officers are black. Interestingly enough, one study found that black officers are 3.3 times more likely to discharge their weapon than white officers on the scene of the same incident. A 2015 study of the Philadelphia Police Department by the U.S. Justice Department found that black officers had a threat perception failure (TPF)[ref]”TPFs are what the law enforcement community commonly refers to as “mistake of fact” shootings. They occur when an officer perceives that a suspect is armed due to the misidentification of a nonthreatening object (e.g., a cell phone) or movement (e.g., tugging at the waistband)” (pg. 30).[/ref] rate of 11.4% with black suspects, while white officers’ TPF rate was only 6.8% with black suspects (see pg. 32). A Washington State University study found that “[p]articipants were…more likely to shoot unarmed white suspects than black or Hispanic ones and more likely to fail to fire at armed black suspects. “In other words,” wrote [Lois] James and her co-authors, “there was significant bias favoring blacks where decisions to shoot were concerned.” When confronted by an armed white person, participants took an average of 1.37 seconds to fire back. Confronted by an armed black person, they took 1.61 seconds to fire and were less likely to fire in error. The 240-millisecond difference may seem small, but it’s enough to be fatal in a shooting.” The reason may be “rooted in people’s concerns about the social and legal consequences of shooting a member of a historically oppressed racial or ethnic group.” The case for individual racism in a general sense is hard to make.
  • Systemic Racism: However, criticism from groups like Black Lives Matter and others are not so much focused on individual racism as they are on systemic racism. The claim is not that cops are individually racist (“some of those that work forces are the same that burn crosses“), but that the system in which they operate is biased against vulnerable black communities. For example, The New Jim Crow: Mass Incarceration in the Age of Colorblindness by Ohio State University law professor Michelle Alexander details how the War on Drugs disparately impacts black and poor communities more than white and prosperous ones. Blacks are far more likely to be charged with and convicted of drug crimes, yet blacks use drugs at roughly the same rates as whites while being less likely to sell. While this doesn’t address violent crimes–of which blacks commit a disproportionate amount–it’s worth noting that drug crimes “have been the predominant reason for new admissions into state and federal prisons in recent decades.” Nathaniel has an excellent review here, which covers the book’s claims regarding racially-disparate stops, arrests, convictions, and consequences that come with the scarlet-F of a felony conviction.
  • Black-on-Black Crime: This is a largely irrelevant talking point. According to the U.S. Department of Justice, 93% of black murder victims were killed by other blacks between 1980 and 2008. Similarly, 84% of white murder victims were killed by other whites (pg. 13; see graph below). In other words, most violent crime is intraracial. Furthermore, the Bureau of Justice Statistics found that–between 2008 and 2012–those “in poor households at or below the Federal Poverty Level (FPL) (39.8 per 1,000) had more than double the rate of violent victimization as persons in high-income households (16.9 per 1,000).” It turns out that “[p]oor urban blacks (51.3 per 1,000) had rates of violence similar to poor urban whites (56.4 per 1,000).” Between 2007 and 2011, the black poverty rate was 25.8 percent, while the white poverty rate was 11.6 percent. In short, poor whites and blacks commit violent crimes at about the same rate. There are just more poor blacks than poor whites. And considering that there is strong empirical support for poverty as a predictor of crime, lifting communities out of poverty may be one of the best crime prevention programs.

Image result for Homicides, by race of offender and victim, 1980–2008

  • Stops, Searches, Arrests: Numerous studies find that blacks are stopped and searched at far higher rates than whites. A July 2016 report on police practices in San Francisco found that statistics “suggest there are racial disparities regarding SFPD stops, searches, and arrests, particularly for Black people.” Black adults were 7 times more likely to be arrested than whites along with having higher rates of searches without consent after stops and lower hit rates (i.e., rate at which searches turn up contraband). The Justice Department’s 2015 investigation into Ferguson police behavior found that “African Americans are more than twice as likely as white drivers to be searched during vehicle stops even after controlling for non-race based variables such as the reason the vehicle stop was initiated, but are found in possession of contraband 26% less often than white drivers, suggesting officers are impermissibly considering race as a factor when determining whether to search” (pg. 4).[ref]See Radley Balko’s incredible article on the predatory practices of St. Louis’ municipalities for more.[/ref] A 2016 study of Chicago PD found that “black and Hispanic drivers were searched approximately four times as often as white drivers, yet CPD’s own data show that contraband was found on white drivers twice as often as black and Hispanic drivers” (pg. 9). A 2014 ACLU analysis of Illinois Department of Transportation data found that “African American and Latino drivers are nearly twice as likely as white drivers to be asked during a routine traffic stop for ‘consent’ to have their car searched. Yet white motorists are 49% more likely than African American motorists to have contraband discovered during a consent search by law enforcement, and 56% more likely when compared to Latinos.” A New York Times analysis found that officers in Greensboro, N.C. were “were more likely to stop black drivers for no discernible reason. And they were more likely to use force if the driver was black, even when they did not encounter physical resistance.” A 2016 Justice Department investigation of Baltimore PD found that “BPD engages in a pattern or practice of making stops, searches, and arrests in violation of the Fourth and Fourteenth Amendments and Section 14141. BPD frequently makes investigative stops without reasonable suspicion of people who are lawfully present on Baltimore streets. During stops, officers commonly conduct weapons frisks—or more invasive searches— despite lacking reasonable suspicion that the subject of the search is armed. These practices escalate street encounters and contribute to officers making arrests without probable cause, 36 often for discretionary misdemeanor offenses like disorderly conduct, resisting arrest, loitering, trespassing, and failure to obey” (pg. 24). It also found that “BPD disproportionately stops African Americans standing, walking, or driving on Baltimore streets. The Department’s data on all pedestrian stops from January 2010 to June 2015 shows that African Americans account for 84 percent of stops55 despite comprising only 63 percent of the City’s population. Expressed differently, BPD officers made 520 stops for every 1,000 black residents in Baltimore, but only 180 stops for every 1,000 Caucasian residents. The high rate of stopping African Americans persists across the City, even in districts where African Americans make up a small share of the population. Indeed, the proportion of African-American stops exceeds the share of African-American population in each of BPD’s nine police districts, despite significant variation in the districts’ racial, socioeconomic, and geographic composition” (pg. 48-49). This was true for traffic stops as well: “BPD likewise stops African-American drivers at disproportionate rates. From 2010–2015, African Americans made up 82 percent of people stopped by BPD officers for traffic violations, compared to only 60 percent of the City’s driving age population. As with pedestrian stops, BPD stopped a higher rate of African American drivers in each of the City’s districts, despite large differences in those districts’ demographic profiles and traffic patterns. For example, African Americans accounted for 80 percent of vehicle stops in the Northern District despite making up only 41 percent of the district’s population, and made up 56 percent of stops in the Southeast District compared to only 23 percent of the population living there” (pg. 52). And yet, BPD hit rate data “suggests that officers’ search decisions are biased against African Americans. Indeed, BPD’s data on all stops from 2010–2015 shows that searches of African Americans have significantly lower hit rates than other searches. During vehicle stops, BPD officers reported finding some type of contraband less than half as often when searching African Americans—in only 3.9 percent of searches of African Americans, compared to 8.5 percent of other searches” (pg. 53). A 2011 Justice Department report found, in 2008, that whites, blacks, and Hispanics were stopped at about the same rate, yet blacks were searched about 3 times more than whites (pg. 10). A 2016 study of North Carolina’s database found “that black drivers (men and women) are 75% more likely to be searched than whites, 5% less likely to be ticketed, and 43% more likely to be arrested…In 2002, black men were 70% more likely to be searched than whites and this disparity has grown steadily over the period of study. Beginning in 2007, black men were twice as likely to be searched and by 2013 this difference had grown to over 140%. Black men are also more likely to be arrested; however, this disparity has remained stable at about a 60% increased likelihood. We also see that black men are marginally less likely to receive citations and there is almost no variance; NC police are highly consistent over time in their relative treatment of whites and black men when it comes to ticketing…Compared to white men, black men are more likely to be searched and arrested for every type of stop, with the exception of driving while impaired” (pg. 10). According to the database, “[i]n 2002, officers were almost 125% more likely to search black men than white men using a probable cause search. By 2013, officers were almost 250% more likely to use probable cause as a justification for searching blacks – essentially doubling the disparity in the use of probable cause searches. Tracking the contraband hit rate associated with this type of search reveals that officers’ suspicions of wrongdoing have always been less accurate when engaging with black motorists; officers consistently find contraband on black males at modestly lower rates than white males. So the increased reliance on probable cause to search blacks is not associated with more accurate assessments of the likelihood of blacks engaging in criminal behavior. And the increased racial disparities in probable cause searches over time appear to be unjustified in terms of any increased likelihood of finding contraband” (pg. 13).
  • Driving Patterns and Traffic Violations: Are there alternative reasons for these stops besides racial bias and is there any evidence for them? The National Institute of Justice finds three potential reasons that blacks are pulled over at higher rates based on various studies: (1) “The representation of minority drivers among those stopped could differ greatly from their representation in the residential census. Naturally those driving on the road, particularly major thoroughfares, could differ from those who live in the neighborhood”; (2) “If minority drivers tend to drive in communities where there are more police patrols then the police will be more likely to notice any infractions the black drivers commit”; (3) Seatbelt usage is chronically lower among black drivers. If a law enforcement agency aggressively enforces seatbelt violations, police will stop more black drivers.” As a Washington Post article concludes, “Ethics aside, this is where the research leaves us: Black drivers certainly get more face-time with traffic cops. But to what extent that reflects discrimination, and whether that discrimination is based in racial prejudice, is more of an open question.”
  • Unarmed Shootings: A 2015 study found “the median probability across counties of being {black, unarmed, and shot by police} is 3.49 (PCI95: 1.77, 6.04) times the probability of being {white, unarmed, and shot by police}.” However, some are hesitant to declare racial bias due to the amount of violent crimes in black communities. Blacks are more likely to be stopped and therefore more likely to end up in a violent conflict with police due to heavier policing of these crime-ridden areas. Yet, the evidence seems to be against this line of reasoning. The study found “no evidence of an association between black-specific crime rates (neither in assault-related arrests nor in weapons-related arrests) and racial bias in police shootings, irrespective of whether or not other controls were included in the model. As such, the results of this study provide no empirical support for the idea that racial bias in police shootings (in the time period, 2011–2014, described in this study) is driven by race-specific crime rates (at least as measured by the proxies of assault- and weapons-related arrest rates in 2012).” Similarly, another 2015 analysis found that the levels of violent crime in US cities had no correlation with that area’s police killing rates. However, just because one is unarmed does not make one a non-threat or the intended target. Some unarmed shooting victims attempt to wrestle the officer’s gun away from them, while others are unfortunate and unintended collateral damage (e.g., caught in crossfire). How threatening blacks are–armed or unarmed–is one variable controlled for in a new study analyzing The Washington Post‘s 2015 database. The study “used multivariate regression models to determine whether the findings were attributable to race or another factor and found that, among the 990 civilians fatally shot[ref]It must be noted that non-fatal shootings were excluded from the analysis.[/ref] by the police last year, black civilians were more than twice as likely as white civilians to have been unarmed. This was true after controlling for threat level, the age and gender of the civilian, signs of mental illness, region of the United States, crime rate according to 2012 UCR data, size of the agency involved, and whether or not the agency operates its own basic training academy. In fact, the only other variable that was significant was, not surprisingly, threat level (meaning civilians in the “attack” category were far less likely to have been unarmed). In regards to the relationship between race and threat level, the data indicate that black civilians were not significantly more or less likely to have been attacking the police officer(s) or others than white civilians. However, Hispanic or Latino civilians and civilians from other minority groups were much less likely to have been attacking the police officers or others than white civilians. Again, these results held up after controlling for the influence of each of the other variables” (italics mine). However, it is paramount to note that the study found that the “majority of civilians shot and killed by the police in 2015 were male (96 percent), armed with a deadly weapon (82 percent), and attacking police officers or others (74 percent). Half of the civilians were white (50 percent). About one out of every four civilians fatally shot by police displayed signs of mental illness.” While bias in shootings is an extremely important issue and should be investigated, it is absolutely essential to remember that the majority of police shootings are due to legitimate threats. These are the kinds of incidents that provoke the #BlueLivesMatter counter. It is also worth acknowledging Harvard economist Roland Fryer’s recent study, which found no racial bias in police shootings across 10 major police departments in Texas, California, and Florida (check out The New York Times write-up and follow-up). However, there have been significant criticisms of Fryer’s study.
  • Non-Lethal Force: Yet, Fryer’s study also found that officers were far more likely to use non-lethal force on blacks than whites, including hands on civilians (e.g., slapping or grabbing), pushing into a wall, use of handcuffs, drawing weapons, pushing to the ground, pointing weapon, pepper spraying, and striking with a baton (see graph below). A July 2016 study found that the mean rate of use-of-force incidents “for Black residents was 273 per 100,000, which is 2.5 times as high as the overall rate and 3.6 times as high as the rate for White residents (76 per 100,000)” (pg. 15). It also concluded “that crime rates are an insufficient explanation for disparities in the application of police force” (pg. 18).

This material doesn’t even get into post-arrest injustices like harsher sentences for blacks or historical issues like redlining, but I think this list is a good starter. As you wade into the controversies and debates, try to be as accurate as possible. Know the numbers. Be rigorous. Be willing to admit it when the evidence doesn’t favor “your side.” Most of all, be charitable towards one another. These are people’s lives, both black and blue. We want a system that is just and serves all members of society fairly. And we want officers coming home safely to their families at the end of the day.

Image result for free hugs police

Easy Internet Privacy is a Snipe Hunt

2014-10-28 Anonabox

Earlier this month there were all kinds of stories about an infamous new product on Kickstarter: Anonabox. As Wired related, Anonabox was supposed to be a simple-to-use router that would let anyone easily use the Tor anonymity network. According to Wikipedia, “Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays[6] to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis.” The problem is that Tor–like a lot of techniques for anonymizing your Internet usage–requires a little bit of know-how to set up. The Anonabox was supposed to make it ultra-simple, and as a result it quickly raised hundreds of thousands of dollars.

Controversy quickly followed, however, starting with skepticism that Anonabox was built on a custom board and case; it turned out that the hardware was basically off-the-shelf. Even more serious criticisms soon followed, however:

But as the security community has taken notice of Anonabox over the last week, its analysts and penetration testers have found that the router’s software also has serious problems, ones that could punch holes in its Tor protections or even allow a user to be more easily tracked than if they were connecting to the unprotected Internet. “I’m seeing these really strange smells and poor practices in their pilot beta code,” says Justin Steven, a computer security analyst based in Brisbane, Australia. “It scares me if anyone is relying on this for their security.”

Eventually, Kickstarter decided to suspend the campaign. So the Anonabox itself is (at least for the time being) a non-issue. But here’s the bigger picture. Only three types of people are likely to create a new technology (hardware or software) to help people retain greater privacy online:

  1. Scammers
  2. The NSA
  3. Genuine privacy advocates

Scammers aren’t going to bother building serious, robust anonymity into their products and services. The NSA (or similar entities) probably would do a decent job, but obviously with a backdoor to allow them to have access when they wanted. Only genuine privacy advocates are even going to make an attempt to create a legitimately anonymous product or service, and there’s no guarantee that they would succeed. There are no shortcuts and there are no guarantees to online privacy and security.

In some ways, this isn’t news. Security (online or offline) is never actually about preventing loss, tampering, or theft. Whether it’s data or diamonds you’re trying to protect, the reality is that you can’t deny access to someone with the means and the motive to get at your stuff. All you can do is make it more expensive and hope that the expense turns out to be not worth the bother.

Still, it’s probably good to give people a dash of reality when it comes to security and privacy. Looking for easy and effective security solutions is a snipe hunt. They don’t exist. In the end you’re just gonna have to trust some software that you can’t read (because it’s closed source) or don’t have time to understand (if it’s open source). Remember Heartbleed? It was discovered in April 2014. It had been present since December 2011 and in widespread use since March 2012. That’s open-source software: anyone could read the code. For over two years, however, no one did. And this is code that was running on nearly 20% of the secure web servers on the Internet!

And Heartbleed isn’t the exception. It is, in many ways, the rule. Snapchat gained widespread fame and use because it was supposed to delete messages after they were read instead of keeping a permanent record. Great for privacy, right? Not so fast:

Snapchat has long marketed itself as a private and more secure alternative to services like Facebook and its subsidiary Instagram. The app lets users send photo and video messages that disappear once they are viewed. That self-destruct feature initially gave the app a reputation as a favorite tool for so-called sexters, or those who send sexually suggestive photos of themselves, but eventually it went mainstream…

But security researchers have long criticized Snapchat, saying it provides a false sense of security. They say the app’s disappearing act is illusory. Behind the scenes, Snapchat stores information about its users in a database, similar to data storage at other big Internet companies.

I’m not saying that you should just give up on securing your data online. But once you’ve taken the normal steps–strong passwords, 2-factor authentication, etc.–you should keep in mind that your security is not perfect. To the extent that your data remains secure it’s because you’re too boring and insignificant to attract anyone’s attention. Not because your security is so effective.

“We Kill People Based on Metadata”

2014-03-14 President ObamaWhen it comes to telephone calls… nobody is listening to your telephone calls. That’s not what this program is about. As was indicated, what the intelligence community is doing is looking at phone numbers, and durations of calls. They are not looking at people’s names, and they’re not looking at content. But by sifting through this so-called metadata, they may identify potential leads with respect to folks who might engage in terrorism. – President Barack Obama

It’s just metadata, folks. Not names or content. No big deal, right? On the other hand:

But metadata alone can provide an extremely detailed picture of a person’s most intimate associations and interests, and it’s actually much easier as a technological matter to search huge amounts of metadata than to listen to millions of phone calls. As NSA General Counsel Stewart Baker has said, “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.” When I quoted Baker at a recent debate at Johns Hopkins University, my opponent, General Michael Hayden, former director of the NSA and the CIA, called Baker’s comment “absolutely correct,” and raised him one, asserting, “We kill people based on metadata.”

So, yeah. Guess President Obama’s “it’s only metadata” comfort isn’t so comforting after all. The rest of the article from whence that quote came is a description of the USA Freedom Act: what’s good, and where it doesn’t go far enough. I’m not sure I really follow all of the arguments. I do agree with the author, David Cole, that we need to balance safety against civil liberties, and that merely saying “people will die if we don’t record everyone’s metadata” is not, all by itself, enough to justify recording everyone’s metadata. But they key word there is balance.

I’m not sure that effectively rolling the clock back to the 20th century and pretending that Big Data isn’t a thing is really the way forward, either. There is immense power in the aggregation and analysis of vast quantities of data, and this isn’t just about terrorism. It’s about tracking disease outbreaks, learning more about the economy, making traffic safer and more efficient, and applications we haven’t even thought of. The potential to make the world a better place or a worse place based on data analysis is too big to ignore and, quite frankly, too enticing to resist.

Just like the European Union and their sadly laughable “right to be forgotten,”[ref]I see no practical way for Google or anyone else to actually enforce this law[/ref] laws based on trying to pretend that the data isn’t there or force people to not use it are likely to only succeed in making sure that the folks who harness and use the data that is already there do so in the shadows. And that’s creepy, whether it’s the NSA deciding who to kill based on metadata or Target sending pregnancy-related advertisements to teenager girls. Rather than prohibition, what I think we need is more clarity about how to collect and use the data in a way that is transparent and commensurate with a new understanding of what privacy really means in the 21st century.

The one thing we can be sure of? It won’t mean what people are used to it meaning. That’s OK. After all, in Scandinavian countries like Sweden, Finland, and Norway, every citizens individual tax returns are published publicly every year. Very different from what we’re used to, sure, but no one really cares over there. I’m not saying we should move to that model. I’m just saying that what certain folks have in mind when they think of “privacy” as a civil liberty is actually a lot less like an inalienable right and a lot more like an individual cultural preference. But if we can’t have a conversation about radically new understandings of privacy to go along with our radically new capacity to aggregate and analyze data, then we can’t take a hand in choosing our own fate.

 

How Sensitive is Phone Metadata? Very.

2014-03-14 President Obama

President Obama, assuring people that NSA vacuuming up huge amounts of phone metadata isn’t as creepy as it sounds:

When it comes to telephone calls, nobody is listening to your telephone calls.  That’s not what this program is about.  As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls.  They are not looking at people’s names, and they’re not looking at content.  But by sifting through this so-called metadata, they may identify potential leads with respect to folks who might engage in terrorism.  If these folks — if the intelligence community then actually wants to listen to a phone call, they’ve got to go back to a federal judge, just like they would in a criminal investigation.

So I want to be very clear — some of the hype that we’ve been hearing over the last day or so — nobody is listening to the content of people’s phone calls.  This program, by the way, is fully overseen not just by Congress, but by the FISA Court — a court specially put together to evaluate classified programs to make sure that the executive branch, or government generally, is not abusing them, and that it’s being carried out consistent with the Constitution and rule of law.

And so, not only does that court authorize the initial gathering of data, but — I want to repeat — if anybody in government wanted to go further than just that top-line data and want to, for example, listen to Jackie Calmes’ phone call, they would have to go back to a federal judge and indicate why, in fact, they were doing further probing.

You got that? They are only getting metadata. No big deal, right? If they really want the juicy goods, then they’ve got to go back to a federal judge. This argument rests on the premise that phone metadata is not, in and of itself,  highly sensitive data. Which, when you think about it, is not really a hypothetical or philosophical question. It’s an empirical one. It’s something you could test. So… what kind of info can you glean from a person’s metadata?

The folks at Web Policy set out to answer the question. They used metadata gathered from a small number of volunteers over just a few months to see what they could learn about those volunteers looking only at metadta. Turns out, they could learn quite a lot.

The degree of sensitivity among contacts took us aback. Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more. This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale.

This, ladies and gentlemen, is the kind of information your government can collect on you without a warrant or notification or really any restriction of any kind. But that’s not all.

  • Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
  • Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
  • Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
  • In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
  • Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.

Nothing to worry about, right? It’s just metadata, after all. It’s not like they’re listening to your calls, or something.

Groklaw Follows Lavabit, Shuts Down to Avoid Betraying Users to NSA

2013-08-20 Groklaw

Gizmodo has a really ominous piece on the recent shutdown of Groklaw. It’s ominous because unlike Lavabit or Silent Cirlce which help users exchange secure emails, Groklaw is not primarily a platform for individual user communication. It is–or it was–“an award-winning website covering legal news of interest to the free and open source software community” (Wikipedia).

There’s no indication that the NSA was gunning for Groklaw in particular. Founder Pamela Jones simply explains that, in a world where emails are not private, there’s no way to carry on the collaborative communication necessary for the site to continue its 10-year tradition. She goes even farther, writing:

My personal decision is to get off of the Internet to the degree it’s possible. I’m just an ordinary person. But I really know, after all my research and some serious thinking things through, that I can’t stay online personally without losing my humanness [because] it’s not possible to be fully human if you are being surveilled 24/7.

An extreme reaction? Maybe. But Jones’s reaction underscores the simple reality that the Internet is first, foremost, and last about communication. The NSA’s snooping could never have been confined to only secure email providers even if that was their intent (not that it was). Shake the foundation, and the whole edifice trembles.

This Is Why You Can’t Have Nice Things, NSA

The Washington Post has a pretty simple graphic explaining one of the really fundamental problems with NSA spying:

2013-08-16 NSA Breaches

The excuses of politicians (both parties) about all the safeguards ring sort of hollow when it’s obvious that the NSA can’t follow it’s own rules. (To say nothing of sharing national defense intelligence with law enforcement agencies…)

Whoopsies: NSA Violated the Constitution

2013-06-13 Uncle Sam Broken

With a headline like that, you might expect a link to InfoWars or at least the DailyCaller. Nope, Business Insider is the one reporting:

Even before Glenn Greenwald published a top secret court order compelling Verizon to give the NSA information on all telephone calls in its systems and interviewed NSA whistleblower Eric Snowden, there were credible reports that the NSA was intercepting U.S. communications.

The most significant of those occurred in July, when the court that was established to “hear applications for and grant orders approving electronic surveillance,” called the Foreign Intelligence Surveillance Court (FISC), found that the NSA violated the Fourth Amendment’s restriction against unreasonable searches and seizures “on at least one occasion.”

Guess that answers John Oliver’s concern. (Can’t get embed to work, follow the link for a clip from the Daily Show.) He had said: “The problem here, Mr. President… No one is saying you broke any laws. We’re just saying it’s a little bit weird you didn’t have to.”

Turns out, he (or, rather, the NSA) did have to. They apparently sort of broke a big one we like to call the Fourth Amendment.

Does the NSA Use Backblaze Storage Pods? And Other Oddities…

There’s more information about government surveillance coming out of the woodwork than I can keep up with. One of the most interesting stories I’ve read since the news broke last week is a blog post from Backblaze about whether or not the NSA is using Backblaze storage pods to keep all that data they’re snooping. Backblaze is an online backup company offering unlimited, low-cost data backup. They keep costs down by building their own storage racks. They don’t sell the racks, but they do open-source all the designs. Version is 3.0 which stores 180TB of data for less than $2,000.

The post makes a very solid case that the NSA might be building their own Backblaze storage pods. There’s a lot of extra information about the intersection of IT and national intelligence that’s interesting as well, such as the fact that the NSA might be interested in the Backblaze pods because they are open-source, which makes it easier to keep the purchases secret.

2013-06-10 Backblaze Storage Pod 3.0

Other interesting stores: 

Read more

So Your Government Is Spying On You, Now What?

The Onion's take is also spot-on, as per usual.
The Onion’s take is spot-on, as per usual.

So last week we found out that the government has been routinely collecting all of the metadata from cell phone calls virtually all Americans make for years. Then we learned that the NSA has the capability to tap directly into the databases of Internet giants like Google, Microsoft, and Apple to collect search history, emails, file transfer history, and even live chats of individual users. Big news, eh? (Guardian, NYT)

Not to bestselling author and major blogger John Scalzi, who wrote about the revelations:

Apparently I was the only person in the US who assumed the government was already doing something very much like this? Because it was doing it under Bush, and if Obama had gotten around to stopping doing it, his administration would have made a big deal about it, no? And since the Obama Administration never said a single word about it that I can recall, it was probably still going on? So I guess what I would say is, yeah, seems not surprising in the least

Scalzi’s attitude is refreshing next to all the faux shock and muted outrage from the Left–who would have screamed bloody murder if this were going on under Bush–and the sudden remembrance of civil liberties from the Right–who notably didn’t make a fuss under Bush. In that spirit, I want to try and talk about the program itself: what it really entails in terms of privacy and civil liberties and what it really offers in terms of safety. FWIW, I’m a skeptic of the more extreme claims of the privacy movement (who often strike me as 21st century Luddites) and also of a lot of security measures in the wake of 9/11 (which are often best described as “security theater“).

Let’s start with the successes of the government program, such as they are, which is codenamed Stellar Wind.

Read more