Slashdot Mirror
FBI Admits It Uses Stingrays, Zero-Day Exploits (arstechnica.com)
An anonymous reader writes: Amy Hess, the head of the FBI's science and technology division has admitted that the FBI sometimes exploits zero-day vulnerabilities and uses stingrays to catch bad guys. Ars reports: "The admission came in a profile published Tuesday of Amy Hess, the FBI's executive assistant director for science and technology who oversees the bureau's Operational Technology Division. Besides touching on the use of zero-days—that is, attack code that exploits vulnerabilities that remain unpatched, and in most cases are unknown by the company or organization that designs the product—Tuesday's Washington Post article also makes passing mention of another hot-button controversy: the FBI's use of stingrays."
I guess they figure the ends justify the means.
Enjoy science fiction? "Turing Evolved" - AI, Mecha, Androids and rail-gun battles. What more could you want?
I'm sure they get the proper warrants and everything for doing this. After all, these things should be considered wiretaps.
I'm sure the FBI would never violate anyone's civil rights. *bleeding sarcasm intended*
"Amy Hess, the head of the FBI's science and technology division has admitted that the FBI sometimes exploits zero-day vulnerabilities and uses stingrays to catch bad guys"
That assumes they are guilty. Whole reason for the Bill of Rights is to stop the state from going on fishing expeditions through the drawers of the state's critics (remember Thomas Drake?) or people on the wrong side of powerful business interests (remember Citizens United?) So once you drop the presumption of guilt from OP's byline, it takes on a whole new meaning:
"Amy Hess, the head of the FBI's science and technology division has admitted that the FBI sometimes exploits zero-day vulnerabilities and uses stingrays to spy on citizens who may not have done anything wrong, because "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him""
The FBI has a long history of keeping an eye on bad guys. Martin Luther King, Jr., political protesters, Black Lives Matter, ...
Lacking <sarcasm> tags,
Your implication being that the next pres will uphold their campaign promises? Haha hahahahaha!
is here: https://www.washingtonpost.com...
"to catch guys and girls".
Thanks for telling us what we already knew.
Seriously, this is somewhat interesting but hardly qualifies as "news".
The only news in this admission is that they're admitting to doing it, not that they're doing it.
Just cruising through this digital world at 33 1/3 rpm...
The FBI acts purely locally. The overseas uses you mention are more within the realm of the NSA or CIA.
' there's a degree of aceptableness. '
Um, domestic use without a warrant is in no fucking way acceptable. It's a fucking crime and deserves as diligent a prosecution as they make. Licensed, authorized professionals need to be held to a higher standard or suffer stricker punishments. For shit sakes, how hard would it be to have a judge bless it, less they're just fishing.
Before calling "black-ass" best make sure your's is clean.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Your implication being that the next pres will uphold their campaign promises? Haha hahahahaha!
Your implication that Obama isn't WORSE than everyone that's come before? Haha hahahahaha!
Did you like your doctor?
Did you like your insurance plan?
How about that red line Syria? And how ISIS is the "JV"?
Isn't it great how we NOW have to send troops back into Iraq and now even Syria?
Gitmo closed yet?
Patriot Act repealed?
The reason that we do things a certain way is to ensure protection of people's rights. Things like standards of evidence exist in order to minimize the risk of an innocent person being found guilty. But it's not clear that eliminating parallel construction would serve any of the purposes that underpin our justice system. The process seems to be that DEA or police receive what is little more than an anonymous tip and then they investigate and find evidence of a crime. Imagine the local busybody who calls the police at every sign of suspicious behavior. We may not like that person. But there are often several of these in any jurisdiction. They even have reputations. The dispatchers know that if person X calls in a tip, it's probably just that they are upset that some kid accidentally stepped on their lawn but if person Y calls something in, it's worth investigating. Whenever the police receive an anonymous tip, it's entirely possible that the person making the call obtained their information in an illegal way. It's not necessary to vet the anonymous source in order to act on the information. What the opponents of parallel construction seem to be arguing is that anything that results from anonymous tips is fruit of the poison tree and should be inadmissible until proven otherwise. The reason that we don't allow warrantless search and seizure isn't to protect those engaging in illegal activity, it's to protect the rights of the innocent. The fact that some crime goes unpunished is an unfortunate side effect.
What the opponents of parallel construction seem to be arguing is that anything that results from anonymous tips is fruit of the poison tree and should be inadmissible until proven otherwise.
Not really. Courts have ruled that evidence gathered in violation of Constitutional protections is fruit of the poisoned tree. Acting on tips is a gray area and resulting evidence may or may not have been collected illegally. That's an issue for the court to decide on a case by case basis. But parallel construction is essentially lying to the court. It impedes the judiciaries ability to properly vet the evidence collected.
Have gnu, will travel.
-- Steve Irwin (RIP)
Have gnu, will travel.
I'd love to see a specific example here. The process seems to be that an agency tasked with gathering intelligence about overseas foreign nationals finds out about some garden variety crimes as part of their normal activities. They'd like for local law enforcement to be able to act on the information but run into two problems. They may not want to detail information about their surveillance technologies and they don't want to risk a surveillance target knowing that they are being actively monitored. So they have to either ignore the upcoming crime or compromise their own activities and maybe their agents in the field. Instead they alert the state police that 50kg of cocaine is going to be exchanged at a particular rest stop on I80 at 5:45pm Thursday. They know this because the local Taliban official is expecting to get paid by 6pm and then he can pay his arms supplier. It's in everybody's interest that the deal not go through. So the police increase patrols at that rest stop. Sure enough they see two cars pull into the rest stop and park in a remote area. First a briefcase is passed from one party to another and then some bricks are moved from one trunk to another. In the process of transloading one of bags breaks open and cocaine spills all over the ground. The police move in and make the arrest. None of the evidence is illegally gathered. The parallel construction part is that the police didn't just happen to be at the right place at the right time. They were there due to a tip. A defense attorney may ask if the police were there due to a tip or if it was just random good luck. In that case, the police may be forced to lie which is, admittedly, problematic. But the real solution is not to allow this type of question to be asked. The office can't tell the truth as it would compromise field agents working in national security. He can't lie because it's illegal. If he answers "I'm not at liberty to say" it's a dead giveaway that a tip was received. The question shouldn't be allowed. What difference does it make? The officer observed a crime in broad daylight. The reason that this question is allowed at all is that in *minor* cases it may be that a particular officer "has it in" for somebody and is looking for evidence of some very minor crime. The officers situation and motivation may be at issue and there may be harassment involved. Some lady turns you down for a date and you "just happen" to walk by the next day and smell marijuana and arrest her son. Yeah, toss out the conviction. The same situation happens and it turns out that the son is a hitman, the tables are kind of turned. There is an argument that the seriousness of the crime shouldn't weigh in these decisions but that ignores the fact that selective enforcement of minor crime can be used as a tool of oppression. Major crimes aren't subject to this problem because they aren't ubiquitous. Of course the best solution would be to decriminalize a lot of minor crimes. Opposing parallel construction is probably motivated by this goal. Increase standards of evidence in ways that make it almost impossible to prosecute minor crime but this is a circuitous solution.
Have the Feds ever discouraged tech companies from fixing software bugs, so their own exploits will continue to work?
Sure, but by allowing parallel construction, we are granting the FBI an unlimited bypass the constitution free card. The reason we throw out tainted evidence is to remove law enforcement's incentive to violate the rights of everyone in order to catch a few people they THINK might be guilty.
Consider, if we don't make tainted evidence useless, even where parallel construction is used, the police form two administratively separate divisions. One that ignores the constitution entirely and acts much like the Stasi and another that just waits on "anonymous" tips from the first group. Everybody gets their rights violated routinely.
Except that the first group isn't violating anybody's rights. The first set of evidence is essentially discarded. Then a new set of evidence is gathered. Remember, none of the first set of evidence is ever used in a court as evidence for a conviction. It's possible that the first set of evidence was gained in a way that violates somebody's rights. But even then it has to be obtained in a way that violates somebody's rights, it doesn't change the situation much. Imagine that you get arrested for running an illegal gambling ring. (Again whether that should be illegal is another question). The evidence that showed that you are guilty gets thrown out. That doesn't imply that you can never be prosecuted for running an illegal gambling ring in the future. That reminds me of a not-so funny scene in a movie where somebody is arrested and convicted for stealing a car. He goes out the next day and steals the same car and argues that you can't be tried for the same crime twice! What parallel construction does is use inadmissible information to find the admissible information. Imagine that I get arrested for murder, confess, and lead prosecutors to the body. It turns out that nobody read my rights. So now I argue that the confession should be thrown out. Sure, no problem. The fact that I lead them to the body should be thrown out. Okay there too. But what you are saying is that maybe the cops would never have found the body without my help. Therefore, the fact that my blood and semen is all over the body is also inadmissible. That's quite ridiculous. What if a tip comes in but something goes wrong with process and it's never received. You get caught doing the crime. Should the case then be thrown out even though you're caught red handed. People seem to misunderstand parallel construction as in the following scenario. Police violate my rights by entering my house without a warrant and finding a brick of cocaine. Then they claim that I left it outside on the porch and that's how they found it. In that case, there would be a huge issue. Here it's more the case that they search my garage looking for stolen cars. They accidentally bump into my tool shed and see cocaine in there. They know that the evidence isn't admissible since they can't reasonably look in the tool shed for a stolen car. They decide to drive around my block a bit more often. They notice that I have a stream of visitors. One of them has a vehicle with no tags. They decide to stop the vehicle for the traffic violation. They ask the driver why they were visiting me. The driver says it was to by cocaine. Your argument is that they can't use the evidence because, after all, they *probably* wouldn't have asked if they didn't already know I had cocaine in the garage. They can't use the presence of the cocaine in my garage during the search warrant to convict me. But they *can* use future gathered evidence. What you are saying is that once some evidence is gathered incorrectly, I should be free to continue to engage in the same crime ad infinitum and never be prosecuted. I don't think that's something that we want.
So you don't mind if we put cameras in your bed and bathroom as long as we pinkie swear we'll never use the video in court?
Your rights are violated the instant the cameras go in, even if you are never prosecuted for anything at all (because polishing your knob isn't a crime). Had parallel construction not been an option, there would be no incentive to illegally install the cameras (since it couldn't lead to any useful objective for law enforcement).
If the cops keep 24/7 tabs on you using stingray, your rights have been violated even if you never find out it is happening. Even if you discussed nothing more interesting than chicken or fish for dinner. Even if the most interesting place you went was the 7-11. If you don't want that to happen, then you must make perfectly clear that the tactic is not at all useful.
In broader terms, law enforcement must never be above the law. Any time they want to do anything that an ordinary citizen may not do, they need to have an exception carved out in a warrant or for a very specific set of circumstances. "Everyone, all the time, just because" doesn't fit the bill.
Therefore, the fact that my blood and semen is all over the body is also inadmissible.
Gee, I guess they should have read you your rights then! No excuses for stupid, sloppy work. People's lives are at stake. If we aren't THAT militant about it, tomorrow they'll grab some guy with an IQ of 75, "forget" to read him his rights and tell him all he has to do is say yes and he can go home. Then they ask again "did you kill Joe Blow?". Don't for a moment imagine they wouldn't do something that dirty and underhanded and then fry some innocent mentally challenged individual to avoid looking bad. It happens. So congrats, the cops are now the murderers.
As for your tool shed example, if they can plainly see it through the window while they are not trespassing (and they're not if they got the warrant to search your property for a car), it's not forbidden. They are welcome to tell a judge what they saw and get a warrant. What they may not do is skulk around in everybody's yard every night peeping through windows. That's not just creepy in the extreme, it's illegal. If you don't prevent that, you'll find cops "accidentally" stumbling through your locked door and "accidentally" dumping the contents of your dresser on the floor. How nice that there was nothing illegal to find, you'll still have a house that looks like a tornado went through. You'll still have that creepy feeling that people are pawing through your private stuff whenever you go to work. Is that really how you want to live?
How about this? We make all of that evidence admissible but also take it as the police involved personally confessing to a crime and sentence them appropriately. But no more anonymous tips, you have the right to face your accuser.
What parallel construction does is use inadmissible information to find the admissible information.
Posting as AC because I work for a federal law enforcement agency and have first-hand knowledge of what parallel construction actually is, and isn't.
Parallel construction is actually a method of protecting a source of information that a LE agency doesn't want to be compromised, like a confidential informant (CI). It's easiest to explain with an example. Let's say a CI tells the police about a previously unknown criminal operating in the area and gives his name and cell phone #. The CI also says that this new criminal is in contact with another criminal, who is already known and under investigation. If the police use the CI's statements in writing up affadavits or subpoenas or whatever, his/her identity will eventually become known once the criminals are arrested and things move to the courts. From the LE perspective, this is obviously bad. So instead, the police look at the call history of the already-known criminal who is already under investigation, see the phone # for the newly identified criminal, and use that connection as the basis for beginning an investigation of the new criminal.
Because the police don't usually have the resources to run down and positively identify every single user of every single phone # on every single known "bad guy's" phone records, a lot of potentially very useful and completely legally obtained information goes unexploited.
That is just an illustrative example. But that is what parallel construction actually is, not the complete bullshit you see people shrilly screaming about here on /. 99% of the time. An arguably more accurate term is "independent sourcing", but good luck convincing most of the people here of that.
Reading anything on /. regarding this issue or anything like it is a painful, daily reminder that expertise in one domain absolutely does not imply expertise in another. But again, good luck convincing all of the precious snowflakes here that they simply don't know what the fuck they're talking about. And just to clarify, I'm not referring to you. You're one of the few (maybe even only) people I've seen here trying to approach the subject rationally, and not default into histrionics.
I see your point. But in this case, the parallel construction isn't an issue, it's the underlying violation of rights. I'm not aware of this ever even being alleged in a parallel construction case. The known cases involve one are of law enforcement, acting legally, tipping off another area of law enforcement that also acts legally. The first set of legally obtained evidence is never used but people want the second set to be thrown out since it's not possible to challenge the first (unused) set. If the FBI decides to follow me around with a Stingray (maybe they are and that explains why my 4G data is so slow) violating my rights, letting a hardened criminal go in some other related case doesn't in any way make me whole. What would make me whole is for them to stop the practice and pay damages. You're suggestion about not throwing out the evidence but the police get in some kind of trouble is actually what happens in some places and seems to work. But it doesn't provide enough protection. Throwing out all of the fruit of the poison tree is actually a good policy. A parallel construction case where the first set of evidence is obtained illegally and the second through legal means creates a pretty interesting situation (and one very apt for debate here). There probably isn't a perfect answer. But that's much different than a parallel construction case where the first set is obtained legally (but either in a way that's not admissible or in which LE chooses not to use it for tactical reasons) and the second set is also obtained legally. In my stolen car / cocaine example, the evidence was obtained legally (assuming that bumping into the tool shed was truly accidental) and would *probably* be admissible (I'm not a lawyer. A defense attorney worth their salt would argue that it wasn't an accident and try to get it thrown owt) but LE may not want to take the chance on bringing that case. Everything is legal so far, though. Disallowing parallel construction would basically say that those officers have to lock the knowledge in their head, never divulge it, and not participate in any future investigations. In the dead body example, there is probably a challenge to throw out a confession due to the defendant's low IQ *even if* the Miranda rights were read. "My client didn't understand that he had the right to remain silent." This isn't bad police work. Just a legitimate defense. But the fact that they couldn't understand their Miranda rights shouldn't lead to exclusion of physical evidence found on the body. In most of the examples you provide, there is evidence of illegal police activity which might change the outcome. But parallel construction does not imply illegal activity and LE shouldn't have the burden of proof that parallel construction wasn't used. Defendants should have the burden of proof that it was used. It's almost impossible to prove a negative. Parallel construction as we know it represents a situation where the police believe that no rights were violated, there is no evidence that rights are violated and yet the defense wants to create a burden of proving a negative.
You're assuming an ideal scenario for your argument. Suppose that police were to illegally search someone's home, covering it up, and get a similar tip. You've just rewarded the police for an illegal search. Same thing, except that the police are more intrusive. Then they decide to search your house, because, hey, it worked before.
The idea behind "fruit of the poisoned tree" is to discourage police and other law enforcement officers from breaking the law, since other methods of restraining them (like trying them for violations) just don't work. It is not to make prosecution impossible, unless the authorities can only gather evidence illegally.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
If you're trying to tell me that any law enforcement function isn't misused, you're wasting your time.
You may be an upstanding LEO who'd never do anything particularly wrong. Not all of them are. The job attracts people who like abusing power.
Wiretapping requires a warrant. If you're tapping the guy's phone without a warrant, you're breaking the law and invading someone's privacy. Being confident that a person is criminal scum is neither grounds for a warrant nor grounds to do illegal surveillance. I believe it's legal to check phone company records without a warrant, so if you're pulling his call list that's presumably OK. If you use a stingray, you're potentially violating the privacy of a lot of people - and if you think all LEOs will refrain from looking at the other call you're delusional.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
If I had mod points, they would be yours. Nailed it.
*** *** You're just jealous 'cause the voices talk to me... ***
The problem with your example is that it is one of revealing related crimes being committed by people that law enforcement already has probable cause to watch. In reality, Stingrays pick up everything in an area. The vary rare major crime, plus a lot of minor stuff, like buying pot, untaxed booze and cigarettes from the reservation, etc. And for every Taliban finance deal, they uncover hundreds of minor incidents. And pretty soon, law enforcement figures that it makes more sense chasing the little stuff and getting good arrest statistics than they would just sitting on their hands, looking for the next San Bernardino. So they miss it.
The courts can work around revealing law enforcement tactics for major crimes. So parallel construction isn't needed. Law enforcement wasting time and expensive equipment running down small time criminals and then hiding their expenditures from prosecutors is not in the public's best interest.
Have gnu, will travel.
If the first evidence was obtained legally, then it isn't parallel construction at all. All they have to do is lay it out in court. Contrary to that, often even the prosecutor isn't told (and many prosecutors are getting steamed about that too).
But note, when anyone takes the stand, they are required to swear to tell the truth, THE WHOLE TRUTH, and nothing but the truth. If the tip-off came from stingray, they MUST say so or they have not told the whole truth, that is, they have perjured themselves. They routinely perjure themselves and demand that other LEOs do as well (suborning perjury). This also brings up issues for discovery.
Note that it has been ruled that use of stingray requires a warrant and must be limited to the named subject of that warrant. The ruling was quite clear that any information outside of the warrant MUST be discarded. Parallel construction is the LEO evidentiary equivalent of money laundering.
Exactly. That would be "following the rules". Just like it has been decided that it is better that some criminals get away with their crimes by shredding their documents in the safety of their home, rather than giving the police the right to barge into any house they want to and search for something illegal.
What's obnoxious is that the Justice dept has the idea that there is no legal rules for using a Stingray or the zero-days. That the only thing they have that can cover it's use is a "policy". Basically, it would be nice if you follow these rules, but you don't have to.
Sleep your way to a whiter smile...date a dentist!