On Q Professional Investigations

The United States Attorney’s Office for the Middle District of Pennsylvania announced the filing of a criminal information in U.S. District Court in Scranton Wednesday charging Patricia A. Tokash, age 42, of Kingston, Pennsylvania, with bank embezzlement.

According to United States Attorney Peter J. Smith, Tokash was an employee of the M & T Bank branch located at 15 South Franklin Street, Wilkes-Barre, Pennsylvania. While employed at the bank, Tokash worked in the Government Loan Department and was responsible for administering and processing applications for M & T Bank loans to counties, townships, and municipalities. The criminal information alleges that between April 2011 and April 2012, Tokash embezzled approximately $62,995.66 in bank funds from fees paid in connection with loan applications, and/or from accounts at the M & T Bank, and converted the funds to her own use.

The case was investigated by the Federal Bureau of Investigation. Prosecution is assigned to Assistant United States Attorney John Gurganus.

Criminal informations are only allegations. All persons charged are presumed to be innocent unless and until found guilty in court.

A sentence following a finding of guilty is imposed by the Judge after consideration of the applicable federal sentencing statutes and the Federal Sentencing Guidelines.

In this particular case, the maximum penalty under the federal statute is 30 years of imprisonment, a term of supervised release following imprisonment, and a fine. Under the Federal Sentencing Guidelines, the judge is also required to consider and weigh a number of factors, including the nature, circumstances, and seriousness of the offense; the history and characteristics of the defendant; and the need to punish the defendant, protect the public, and provide for the defendant’s educational, vocational, and medical needs. For these reasons, the statutory maximum penalty for the offense is not an accurate indicator of the potential sentence for a specific defendant.

View Source

You’re trying to be a good parent. You’ve explained the importance of treating people with respect online as well as face-to-face and the permanence of online comments, photos and videos. And in the spirit of trust but verify, you may occasionally scroll through your kid’s email or Google+ account, or pick up their phone to glance at recent texts. One would think this behavior it protected by law. Surprisingly, wiretap laws don’t have carve outs for parental snooping.

Before diving into the law, allow me to explain in one word why the law and court cases on snooping in the home are so muddled: Divorce. In the cage match that is divorce and custody battles, snooping and taping are as much staples as roundhouse kicks and choke holds. If parents had unfettered access to their children’s communications, they then would have such access to those communications with the opposing parent. Because this is not always in the best interest of the child, courts cannot say as a rule that parental snooping is okay in all instances.

The law actually starts by saying that snooping is not okay. There are both Federal laws and state laws covering wiretapping. For Federal law, we look at the Electronic Communications Privacy Act (ECPA). The ECPA covers both the interception of electronic communications in transit (Title III of the ECPA) and unauthorized access of those communications while in storage (Title II of the ECPA, also known as the Stored Communications Act). Courts have found an expectation of privacy in electronic communications while in transit (Title III), but that expectation diminishes once the transmission is complete and the communication is stored (Title II). What this means is that looking through your kid’s email is going to be looked at more favorably than putting a tap on their phone line and recording calls.

Let’s take a closer look at the Stored Communications Act. It says: 18 USC § 2701 – Unlawful access to stored communications (a) Offense.— Except as provided in subsection (c) of this section whoever—

(1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or

(2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section.

Putting this into English, you can go to jail for up to 10 years if you intentionally access stored communications where you don’t have the authority to access them or you exceed your authority by accessing them. The question then becomes whether or not parents have the authority under the law to access their children’s stored communications. This is where courts come in.

The United States is a common law country. Common law means that the courts help make law by interpreting the laws written by the legislature. This is why you hear lawyers reciting case names when arguing for their clients. They are arguing what is called case law. The case law on snooping on kids centers on taping phone conversations rather than accessing stored communications, but the court would use the same logic in a stored communications case.

In a 1998 court case Pollock v. Pollock, the court used the concept of vicarious consent to justify the interception of a minor child’s conversation. Recording of conversation is permitted when one of the parties involved consents to the recording. Vicarious consent occurs in this context when a parent consents to wiretapping on behalf of their child and when the parent’s snooping is motivated by the genuine, good faith concern for the child’s welfare. Therefore, if a parent is acting in the best interest of the child, courts should find that snooping is justified and allowable by law because the parent is consenting to their own snooping.

It’s a good thing parents have legal protection via the courts for good faith snooping because a lot of parents do it. A new study from the Digital Future Project finds 70% of parents say they monitor their child’s online activity while on Facebook and other social media sites and 46% have password access to their children’s accounts. The author falls into both camps but not on a regular basis. There’s a balance to be stuck between trust and monitoring. At least now I know I won’t be spending 10 years in jail for doing a bit of looking if I feel it’s in the best interest of my child.

View Source

BERLIN (AP) — The U.S. National Security Agency is able to crack protective measures on iPhones, BlackBerry and Android devices, giving it access to users’ data on all major smartphones, according to a report Sunday in German news weekly Der Spiegel.

The magazine cited internal documents from the NSA and its British counterpart GCHQ in which the agencies describe setting up dedicated teams for each type of phone as part of their effort to gather intelligence on potential threats such as terrorists.

The data obtained this way includes contacts, call lists, SMS traffic, notes and location information, Der Spiegel reported. The documents don’t indicate that the NSA is conducting mass surveillance of phone users but rather that these techniques are used to eavesdrop on specific individuals, the magazine said.

The article doesn’t explain how the magazine obtained the documents, which are described as “secret.” But one of its authors is Laura Poitras, an American filmmaker with close contacts to NSA leaker Edward Snowden who has published several articles about the NSA in Der Spiegel in recent weeks.

The documents outline how, starting in May 2009, intelligence agents were unable to access some information on BlackBerry phones for about a year after the Canadian manufacturer began using a new method to compress the data. After GCHQ cracked that problem, too, analysts celebrated their achievement with the word “Champagne,” Der Spiegel reported.

The magazine printed several slides alleged to have come from an NSA presentation referencing the film “1984,” based on George Orwell’s book set in a totalitarian surveillance state. The slides — which show stills from the film, former Apple Inc. chairman Steve Jobs holding an iPhone, and iPhone buyers celebrating their purchase — are captioned: “Who knew in 1984…that this would be big brother…and the zombies would be paying customers?”

Snowden’s revelations have sparked a heated debate in Germany about the country’s cooperation with the United States in intelligence matters.

On Saturday, thousands of people in Berlin protested the NSA’s alleged mass surveillance of Internet users. Many held placards with slogans such as “Stop watching us.”

Separately, an incident in which a German police helicopter was used to photograph the roof of the American consulate in Frankfurt has caused a minor diplomatic incident between the two countries.

German magazine Focus reported Sunday that U.S. Ambassador John B. Emerson complained about the overflight, which German media reported was ordered by top officials after reports that the consulate housed a secret espionage site.

A U.S. embassy spokesman downplayed the story, saying “the helicopter incident was, naturally enough, the subject of embassy conversation with the Foreign Ministry, but no demarche or letter of complaint about the incident was sent to the German government.”

View Source

Human trafficking. Vice. Sexual and labor exploitation. No matter what you call it, the crimes and the people who commit them are among the worst of the worst—and most states, along with the federal government, have passed anti-trafficking laws. How does mobile forensics help investigators identify traffickers and rescue victims?

At the Crimes Against Children Conference last month, several thousand professionals from law enforcement, medical and mental health services, and advocacy centers converged on Dallas, Texas to learn the latest techniques in fighting child exploitation.

The crimes themselves can take many forms. Stalking, harassment and threats can be used against victims by pimps and pedophiles, as well as in dating and domestic violence. These perpetrators may also engage in sextortion, the manufacture of child pornography, and other forms of extreme degradation.

The professionals who come in contact with them can come from many walks, too. School resource officers, teachers and guidance counselors might encounter truant or runaway children who are working as prostitutes or in forced labor. Emergency room and pediatrician visits may bring victims in contact with medical and mental health professionals, who are mandated by law to report suspected crimes to police.

In turn, police need to know where and how to find evidence of these crimes. Physical evidence like bruising patterns, DNA and rape kits–among other signs and symptoms–paint only part of a picture. Very often in exploitation cases, mobile devices contain additional context. But to find it, police need to know what to look for.

Prostitution and human trafficking

A human trafficking network can be as small as a family or small street operation, have ties to large organized crime syndicates, or anywhere in between.

Pimps, labor traffickers and others communicate with both their victims and with one another via mobile device. Some of the communications–call logs, voicemails and text messages–may be business arrangements.

Others can show evidence of physical, sexual and emotional abuse and stalking, as well as drug abuse, all of which many pimps and traffickers use to intimidate and control their victims. Because traffickers may move their victims in an effort to avoid detection, GPS and other location-based data can be valuable. This evidence may be on both victims’ and suspects’ mobile devices.

Some of your evidence may be in another language. Be sure you have translators on hand if needed who can read the text messages or emails, and listen to the voicemail or other audio evidence.

Look to link data from multiple devices, whether among multiple victims or between victims and suspects. This can show important patterns, including trends in one-way communication and/or mutual links that may point to people in charge of the operation. Links that lead to more than one suspect can help police build conspiracy cases.

Child pornography and sextortion

Evidence of child sexual abuse may take many different forms, including video and still images; email, text and instant messages, both before, during and after the incident(s); GPS data, and so on. GPS data associated with images can be especially important. It can show that a victim and/or suspect was in a particular place at a particular time.

Even if GPS is not turned on, date and time stamps, along with other information contained within images’ EXIF data, can also be important. They can be correlated to other pieces of information on a mobile device, including communications, for a full timeline of events.

Again, look for links between multiple devices. Many child predators communicate with more than one victim, and sometimes with one another too. Their locations may coincide in multiple places at multiple times.

Cyberbullying and harassment

Multimedia text messaging (MMS), social media and images or video play key roles in these cases. Whether they are used in a larger human trafficking scheme, or occurred on their own–such as in the Steubenville, Ohio rape case, or bullying that is based in a single school–they can be vital in determining the case’s severity.

Incidentally, these types of evidence don’t just exist on the devices themselves. Look for it also in removable, concealable storage devices like SD (and microSD and nanoSD) cards, call detail records, cloud storage and device backups, wireless routers (including personal mobile routers such as the Novatel MiFi) and pocket-sized external hard drives. Know how to get evidence from each location, including how to write additional warrants or other paper if needed.

Special challenges

Knowing where and how to obtain evidence of exploitation from mobile devices is just a start. You may encounter challenges along the way, including uninformed prosecutors and judges, politics associated with “macro” cases in multiple jurisdictions, or even analytical requirements that go far beyond what your analysis tools can handle.

First, the evidence is likely to be used in other ways besides being presented as evidence at trial. It may help investigators to build intelligence about networks of human traffickers or child predators, locate victims who are trapped (literally or figuratively), or potentially may be introduced during victim interviews as a way to obtain information.

Regardless of how you envision this data being used, always be sure to use best practices, document your actions thoroughly and be prepared to present the information to multiple other investigators, supervisors, attorneys and others.

Second, while many prosecutors and judges have begun to educate themselves and some are quite savvy about high tech crime, others are not. Know your prosecutor’s strengths and limitations, and be prepared to explain digital evidence. If possible, learn how to help others relate to the evidence in ordinary, everyday language–for example, that cellular tower sectors are like pieces of pie. It will help you testify in front of a jury.

Finally, understand what mobile forensics, data analytics and other evidence-gathering tools are available to you, whether in-house or as part of a task force or other law enforcement organization. Know how to obtain access to those tools, and network with other investigators to learn how to leverage them to their best advantage. Enough agencies experiencing the same problem may be able to band together and share resources as a task force.

Human trafficking and child exploitation are evils that come in many different forms. Knowing that evidence of these crimes exists on mobile devices, and how to get the evidence, will help you rescue victims and build better cases against their traffickers.

View Source

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”

An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.

In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.

The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.

The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.

Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by leaders of Al Qaeda about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.

Read More

A company that markets video cameras designed to allow consumers to monitor their homes remotely has settled Federal Trade Commission charges that its lax security practices exposed the private lives of hundreds of consumers to public viewing on the Internet. This is the agency’s first action against a marketer of an everyday product with interconnectivity to the Internet and other mobile devices – commonly referred to as the “Internet of Things.”

The FTC’s complaint alleges that TRENDnet marketed its SecurView cameras for purposes ranging from home security to baby monitoring, and claimed in numerous product descriptions that they were “secure.” In fact, the cameras had faulty software that left them open to online viewing, and in some instances listening, by anyone with the cameras’ Internet address.

“The Internet of Things holds great promise for innovative consumer products and services. But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet,” said FTC Chairwoman Edith Ramirez.

In its complaint, the FTC alleges that, from at least April 2010, TRENDnet failed to use reasonable security to design and test its software, including a setting for the cameras’ password requirement. As a result of this failure, hundreds of consumers’ private camera feeds were made public on the Internet.

“…hackers posted links to the live feeds of nearly 700 of the cameras. The feeds displayed babies asleep in their cribs, young children playing, and adults going about their daily lives.”

According to the complaint, in January 2012, a hacker exploited this flaw and made it public, and, eventually, hackers posted links to the live feeds of nearly 700 of the cameras. The feeds displayed babies asleep in their cribs, young children playing, and adults going about their daily lives. Once TRENDnet learned of this flaw, it uploaded a software patch to its website and sought to alert its customers of the need to visit the website to update their cameras.

The FTC also alleged that, from at least April 2010, TRENDnet transmitted user login credentials in clear, readable text over the Internet, even though free software was available to secure such transmissions. In addition, the FTC alleged that TRENDnet’s mobile applications for the cameras stored consumers’ login information in clear, readable text on their mobile devices.

Under the terms of its settlement with the Commission, TRENDnet is prohibited from misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit. In addition, the company is barred from misrepresenting the extent to which a consumer can control the security of information the cameras or other devices store, capture, access, or transmit.

In addition, TRENDnet is required to establish a comprehensive information security program designed to address security risks that could result in unauthorized access to or use of the company’s devices, and to protect the security, confidentiality, and integrity of information that is stored, captured, accessed, or transmitted by its devices. The company also is required to obtain third-party assessments of its security programs every two years for the next 20 years.

The settlement also requires TRENDnet to notify customers about the security issues with the cameras and the availability of the software update to correct them, and to provide customers with free technical support for the next two years to assist them in updating or uninstalling their cameras.

View Source

George Clooney revealed details last week about “his” spy satellite over Sudan, which he funds to keep an eye on the Sudanese president Omar al-Bashir, who has been accused of war crimes.

The Satellite Sentinel Project (SSP), which Clooney co-founded, has been innovatively using information from satellites to help prevent humanitarian disasters before they happen—rather than reporting the aftermath of a conflict. Near real-time satellite data, provided free by one of the worlds biggest commercial satellite operators, DigitalGlobe, is used to deter atrocities and to monitor military movements along the troubled border of Sudan and South Sudan, enabling responses that avoid civilian casualties. As the SSP motto goes: “The world is watching because you are watching.”

Other advocacy groups like Amnesty International and Human Rights Watch also use satellite images to monitor human rights abuses. Images taken of Burma, Syria and Zimbabwe have shown the destruction of civilian areas, including razed villages and bomb damage. These can be quite powerful for those seeking to raise public awareness and pressure for political intervention, aid or sanctions. Their increasing value in this area is supported by the fact that the Office of the Prosecutor of the International Criminal Court now has its own in-house team with an expertise in satellite data.

Steep changes in satellite technologies, particularly the increased availability of data at scales which allow the identification of ground-based objects, are obviously providing exciting new opportunities for NGOs to monitor remotely. But they also raise questions about who else is using satellite images for monitoring purposes, and what they are using them for.

In practice, governments have used satellites for many years, especially to police extensive areas where ground inspections would be a burdensome logistical exercise with high associated costs. Within Europe they are used by regulatory bodies to monitor fraud for farming subsidy payments, to patrol borders for oil spills and boats carrying illegal immigrants, and to check compliance with legislation concerning the environment, deforestation, and water usage. There are also examples of the police using archives of satellite images to investigate crimes.

View Source

The distraught-sounding man told the 9-1-1 operator he shot a family member and might kill others in the house. A SWAT team was urgently dispatched to the address corresponding to the caller’s phone number. But when the tactical team arrived, ready for a possible violent encounter, they found only a surprised family panicked by the officers at their door.

It’s called “swatting”—making a hoax call to 9-1-1 to draw a response from law enforcement, usually a SWAT team. The individuals who engage in this activity use technology to make it appear that the emergency call is coming from the victim’s phone. Sometimes swatting is done for revenge, sometimes as a prank. Either way, it is a serious crime, and one that has potentially dangerous consequences.

Since we first warned about this phone hacking phenomenon in 2008, the FBI has arrested numerous individuals on federal charges stemming from swatting incidents, and some are currently in prison (see sidebar). Today, although most swatting cases are handled by local and state law enforcement agencies, the Bureau often provides resources and guidance in these investigations.

“The FBI looks at these crimes as a public safety issue,” said Kevin Kolbye, an assistant special agent in charge in our Dallas Division. “It’s only a matter of time before somebody gets seriously injured as a result of one of these incidents.”

There have already been close calls. A police officer was injured in a car accident during an emergency response that turned out to be a swatting incident, Kolbye said, and some unsuspecting victims—caught off guard when SWAT teams suddenly arrived on their doorstep—have suffered mild heart attacks.

“The victims are scared and taken by surprise,” he said. Law enforcement personnel, meanwhile, rush to the scene of a swatting incident on high alert. “They believe they have a violent subject to apprehend or an innocent victim to rescue,” Kolbye explained. “It’s a dangerous situation any way you look at it.”

It is also expensive. It can cost thousands of dollars every time a SWAT team is called out. And although there are no national statistics on how many swatting incidents occur annually, Kolbye guesses there are hundreds. A recent trend, he said, is so-called celebrity swatting, where the targeted victims are well-known actors and musicians.

“People who make these swatting calls are very credible,” he said. “They have no trouble convincing 9-1-1 operators they are telling the truth.” And thanks to “spoofing” technology—which enables callers to mask their own numbers while making the victims’ numbers appear—emergency operators are doubly tricked.

Most who engage in swatting are serial offenders also involved in other cyber crimes such as identity theft and credit card fraud, Kolbye said. They either want to brag about their swatting exploits or exact revenge on someone who angered them online.

Kolbye suggests making a police report about any swatting threats you receive online. Such threats typically come from the online gaming community, where competitors can play and interact anonymously. With a report on file, if a 9-1-1 incident does occur at your home, the police will be aware that it could be a hoax.

“The FBI takes swatting very seriously,” Kolbye said. “Working closely with industry and law enforcement partners, we continue to refine our technological capabilities and our investigative techniques to stop the thoughtless individuals who commit these crimes. The bottom line,” he added, “is that swatting puts innocent people at risk.”

Read More

A mother and daughter have been jailed for over a decade apiece after pleading guilty to money laundering for an internet dating scam that persuaded the gullible that they were helping US troops in search of love.

Karen Vasseur, 63, and daughter Tracy, 42, were part of a gang that spent three years searching dating sites and social networks for likely targets. Other collaborators posed as members of the US military overseas and persuaded dupes to send them money, supposedly for satellite phone calls, customs fees, and for travel so they could meet their imagined paramours.

For smaller amounts of cash, the scammers persuaded their victims to use Western Union or MoneyGram, but larger transfers would have attracted attention from the companies’ anti-fraud systems, so the Vasseurs were recruited to set up bank accounts to receive funds.

Posing as military agents, the two accepted over a million dollars (one British victim sent in $59,000) before funneling it to the scam’s organizers for around 10 per cent of the take.

The two set up 68 accounts in 19 different cities using 24 aliases to handle the transfer of funds and sent the bulk of the money to individuals in Nigeria, who set up the operation. Money was also wired to addresses in the UK, Ecuador, India, the United Arab Emirates, and the US, none of which has been recovered.

All the victims mentioned in the court papers were women, usually married, who had been conducting online dalliances with what they thought were male soldiers, usually claiming to be stationed in Afghanistan and with fake Army records to bolster their claims. Many of the women sent tens of thousands of dollars at a time to help these imaginary soldiers.

“Not only did this mother-daughter duo break the law, they broke hearts worldwide,” said Colorado attorney general John Suthers in a statement. “It is fitting that they received stiff sentences for their unconscionable crimes committed in the name of love and the United States military.”

Tracy Vasseur was sentenced to 15 years in prison for her part in the scheme. The authorities added an additional four years to her time in the Big House because she carried on transferring money even after being indicted, and also tried to influence a public official and take control of her children’s inheritance.

Her mother Karen was sent down for 12 years plus five years of parole. She will also serve a 10 years sentence for a separate fraud in which she convinced at-risk adults to pay fees to free up a bogus Nigerian inheritance, but that sentence will be served concurrently.

The case shows that one of the oldest internet scams in the book is still going strong, and that the ringleaders are getting away with it. The Vasseurs weren’t actually involved in duping the victims but were simply money mules, and the masterminds behind this operation are no doubt already finding new victims to fleece.

View Source

President Barack Obama’s hopes of comprehensive gun control legislation probably died in April, when the Manchin-Toomey bill failed to get the 60 votes it needed to overcome an expected filibuster in the Senate.

Obama can still, however, notch small victories in the gun control battle with two new “executive actions”:

1. Closing a loophole that lets people avoid the mandatory background check on buying certain weapons, such as machine guns and short-barreled shotguns, by registering them to a trust or corporation.

2. Banning military-grade weapons sold to other countries from being exported back to the United States, with a few exceptions for museums and other buyers.

Obama still needs congressional approval for his more ambitious goals, like extending background checks to gun shows and online sales. Vice President Joe Biden said as much when announcing the new actions at the White House.

“If Congress won’t act, we’ll fight for a new Congress,” he told reporters. “It’s that simple.”

But if Republicans maintain their control of the House in 2014, Obama and Biden might have to be satisfied with minor steps like these. So what exactly is an “executive action”?

It’s a little complicated. Executive actions are not “executive orders,” which, as NBC News’ Shawna Thomas pointed out, are presidential directives “with the force of law.”

New York’s Dan Amira described an executive action as “a vague term that can refer to anything done by the executive (the president).”

In January, Obama issued 23 of them related to gun control, including nominating a new ATF director and improving incentives for states to share background check information.

Three of those actions, however, were “presidential memoranda,” which Amira described as “executive orders in all but name.” Those included the requirements that:

1. Federal agencies make information available to the federal background check system.

2. The Centers for Disease Control and Prevention research the causes and prevention of gun violence.

3. Federal law enforcement trace all guns recovered in criminal investigations.

So, basically, an executive action is not an executive order, except that sometimes it kind of is — when it’s a presidential memorandum.

Regardless, President Obama doesn’t have the power to create new laws, as opponents of gun control might fear. But he can demand stricter enforcement of current laws or direct an agency to alter its focus or practices (a power that is poorly defined, sometimes controversial, and often confused by the media).

The latest actions, however, were not memoranda, but rather a proposal for a new rule on background checks and an administrative decision to stop accepting applications for new purchases of imported military-grade weapons.

Still, the National Rifle Association bristled at Obama’s modest attempts to strengthen gun laws.

“Requiring background checks for corporations and trusts does not keep firearms out of the hands of criminals,” said NRA spokesman Andrew Arulanandam. “Prohibiting the re-importation of firearms into the U.S. that were manufactured 50 or more years ago does not keep firearms out of the hands of criminals.”

View Source