On Q Professional Investigations

Apple is expected to unveil its next iPhone at a special event on Sept. 10, sources told AllThingsD.

The launch comes at an important time for Apple, which continues to make a lot of money from the iPhone but has seen its global market share dip amid a growing wave of lower-cost Android devices, as well as an intense battle with archrival Samsung.

One of the key questions is whether Apple adopts a new tactic to address the midrange of the smartphone market. Historically, Apple has gone after those customers by offering its year-old and two-year-old models for $100 and $200 less than a new iPhone. However, there has been a great deal of talk that the company will debut a new lower-cost iPhone alongside whatever update it has in store for the current iPhone 5.

Much of the speculation there has centered on the usual kinds of camera and processor enhancements, as well as the likelihood of a fingerprint sensor.

That has been expected ever since Apple acquired Authentec last year.

Naturally, any new phones will be running iOS 7, which has been in testing since its announcement at Apple’s developer conference in June. The new software includes a radical redesign of the overall look of the iPhone’s menus and icons, but the other new features are largely incremental updates, such as improved notifications, better photo-organizing abilities and additional capabilities for developers.

This has become something of a pattern for Apple, which typically debuts its software update at its June developer conference, tests it for a couple months, then shows the new hardware a couple weeks ahead of the new phone’s availability. The iOS update is also available for older models. Apple has already said that iOS 7 will work on many recent iPhones, iPads and iPod touch devices.

Apple is also expected to formally launch the next version of Mac OS X, known as Mavericks, in the coming weeks, though that is not expected at the Sept. 10 event.

An Apple representative declined to comment on the timing of any upcoming events.

Consumers, investors (and reportedly board members, as well) have been pressing Apple for a more rapid pace of innovation.

The company has long been rumored to also be working on television and watch projects, though there is no indication either of those are close to debuting.

View Source

SAN FRANCISCO — Google on Tuesday acknowledged to state officials that it had violated people’s privacy during its Street View mapping project when it casually scooped up passwords, e-mail and other personal information from unsuspecting computer users.

In agreeing to settle a case brought by 38 states involving the project, the search company for the first time is required to aggressively police its own employees on privacy issues and to explicitly tell the public how to fend off privacy violations like this one.

While the settlement also included a tiny — for Google — fine of $7 million, privacy advocates and Google critics characterized the overall agreement as a breakthrough for a company they say has become a serial violator of privacy.

Complaints have led to multiple enforcement actions in recent years and a spate of worldwide investigations into the way the mapping project also collected the personal data of private computer users.

“Google puts innovation ahead of everything and resists asking permission,” said Scott Cleland, a consultant for Google’s competitors and a consumer watchdog whose blog maintains a close watch on Google’s privacy issues. “But the states are throwing down a marker that they are watching and there is a line the company shouldn’t cross.”

The agreement paves the way for a major privacy battle over Google Glass, the heavily promoted wearable computer in the form of glasses, Mr. Cleland said. “If you use Google Glass to record a couple whispering to each other in Starbucks, have you violated their privacy?” he asked. “Well, 38 states just said they have a problem with the unauthorized collection of people’s data.”

George Jepsen, the Connecticut attorney general who led the states’ investigation, said that he was hopeful the settlement would produce a new Google.

“This is the industry giant,” he said. “It is committing to change its corporate culture to encourage sensitivity to issues of personal data privacy.”

The applause was not universal, however. Consumer Watchdog, another privacy monitor and frequent Google critic, said that “asking Google to educate consumers about privacy is like asking the fox to teach the chickens how to ensure the security of their coop.”

Niki Fenwick, a Google spokeswoman, said on Tuesday that “we work hard to get privacy right at Google, but in this case we didn’t, which is why we quickly tightened up our systems to address the issue.”

Last summer, the Federal Trade Commission fined Google $22.5 million for bypassing privacy settings in the Safari browser, the largest civil penalty ever levied by the F.T.C. In 2011, Google agreed to be audited for 20 years by the F.T.C. after it admitted to using deceptive tactics when starting its Buzz social network. That agreement included several rather vague privacy provisions.

The new settlement, which requires Google to set up a privacy program within six months, is more specific. Among its requirements, Google must hold an annual privacy week event for employees. It also must make privacy certification programs available to select employees, provide refresher training for its lawyers overseeing new products and train its employees who deal with privacy matters.

Several provisions involve outreach. Google must create a video for YouTube explaining how people can easily encrypt their data on their wireless networks and run a daily online ad promoting it for two years. It must run educational ads in the biggest newspapers in the 38 participating states, which besides Connecticut also include New York, New Jersey, Massachusetts, California, Ohio and Texas.

“There are minimum benchmarks Google has to meet,” said Matthew Fitzsimmons, an assistant Connecticut attorney general who negotiated with the company. “This will impact how Google rolls out products and services in the future.”

Marc Rotenberg of the Electronic Privacy Information Center said the agreement was “a significant privacy decision by the state attorneys general,” adding that “it shows the ongoing importance of the states’ A.G.’s in protecting the privacy rights of Internet users.”

Read More

Scam artists in the U.S. and around the world defraud millions of people each year. They use the phone, email, postal mail, and the internet to trick you into sending money or giving out personal information.

Here are 10 things you can do — or not — to stop a scam.

What to Do

Know who you’re dealing with.
Try to find a seller’s physical address (not a P.O. Box) and phone number. With internet phone services and other web-based technologies, it’s tough to tell where someone is calling from. Do an online search for the company name and website, and look for reviews. If people report negative experiences, you’ll have to decide if the offer is worth the risk. After all, a deal is good only if you get a product that actually works as promised.

Know that wiring money is like sending cash.
Con artists often insist that people wire money, especially overseas, because it’s nearly impossible to reverse the transaction or trace the money. Don’t wire money to strangers, to sellers who insist on wire transfers for payment, or to anyone who claims to be a relative or friend in an emergency and wants to keep the request a secret.

Read your monthly statements.
Scammers steal account information and then run up charges or commit crimes in your name. Dishonest merchants bill you for monthly “membership fees” and other goods or services without your authorization. If you see charges you don’t recognize or didn’t okay, contact your bank, card issuer, or other creditor immediately.

After a disaster, give only to established charities.
In the aftermath of a disaster, give to an established charity, rather than one that has sprung up overnight. Pop-up charities probably don’t have the infrastructure to get help to the affected areas or people, and they could be collecting the money to finance illegal activity. For more donating tips, check out ftc.gov/charityfraud.

Talk to your doctor before you buy health products or treatments.
Ask about research that supports a product’s claims — and possible risks or side effects. In addition, buy prescription drugs only from licensed U.S. pharmacies. Otherwise, you could end up with products that are fake, expired, or mislabeled — in short, products that could be dangerous to your health. Learn more about buying health products online.

Remember there’s no sure thing in investing.
If someone contacts you with low-risk, high-return investment opportunities, stay away. When you hear pitches that insist you act now, that guarantee big profits, that promise little or no financial risk, or that demand that you send cash immediately, report them at ftc.gov.

What Not to Do

Don’t send money to someone you don’t know.
Not to an online seller you’ve never heard of — or an online love interest who asks for money. It’s best to do business with sites you know and trust. If you buy items through an online auction, consider using a payment option that provides protection, like a credit card.

If you think you’ve found a good deal, but you aren’t familiar with the company, check it out. Type the company or product name into your favorite search engine with terms like “review,” “complaint,” or “scam.” See what comes up — on the first page of results as well as on the later pages.

Never pay fees first for the promise of a big pay-off later — whether it’s for a loan, a job, a grant or a so-called prize.

Don’t agree to deposit a check and wire money back.
By law, banks have to make funds from deposited checks available within days, but uncovering a fake check can take weeks. You’re responsible for the checks you deposit: If a check turns out to be a fake, you’re responsible for paying back the bank. No matter how convincing the story, someone who overpays with a check is almost certainly a scam artist.

Don’t reply to messages asking for personal or financial information.
It doesn’t matter whether the message comes as an email, a phone call, a text message, or an ad. Don’t click on links or call phone numbers included in the message, either. It’s called phishing. The crooks behind these messages are trying to trick you into revealing sensitive information. If you got a message like this and you are concerned about your account status, call the number on your credit or debit card — or your statement — and check on it.

Don’t play a foreign lottery.
It’s illegal to play a foreign lottery. And yet messages that tout your chances of winning a foreign lottery, or messages that claim you’ve already won, can be tempting. Inevitably, you have to pay “taxes,” “fees,” or “customs duties” to collect your prize. If you must send money to collect, you haven’t won anything. And if you send any money, you will lose it. You won’t get any money back, either, regardless of promises or guarantees.

Report Scams

If you think you may have been scammed:

-File a complaint with the Federal Trade Commission. If you are outside the U.S., file a complaint at econsumer.gov.

-Visit ftc.gov/idtheft, where you’ll find out how to minimize your risk of identity theft.

-Report scams to your state Attorney General.

If you get unsolicited email offers or spam, send the messages to spam@uce.gov.

If you get what looks like lottery material from a foreign country through the postal mail, take it to your local postmaster.

View Source

Twitter’s warning about hackers is another reminder about the importance of password protection.

Here’s a guide to creating a strong password and keeping out of the clutches of those who would do your computer and personal information harm.

A strong password is one that cannot be easily guessed or broken by a brute force attack in a reasonable amount of time. It should contain numbers, punctuation, and upper- and lower-case letters. It also shouldn’t include anything likely to be found in a dictionary or a common name.

And as Twitter pointed out as the microblogging site announced that hackers may have gained access to data regarding 250,000 of its users including user names, email addresses and encrypted passwords, longer is better. A 15-character password may be 90 times harder to crack than a 14-character one.

That said, it needs to be something you can remember, and there are tricks to creating passwords that are not only seemingly random but also easy to recall.

“Create a formula that you’ll remember but no one else could guess. For instance, you could use the name of your alma mater, spelled backwards, capitalizing every letter that rhymes with the word tree, followed by your phone number typed while holding down SHIFT (to get punctuation), and ending with the year you were born, squared,” writes PCWorld’s Lincoln Spector.

Keep in mind your passwords should never include any personal information, because any novice hacker can easily find out your full name, the names of your spouse or children, your pets, or your favorite sports teams. It’s also important to use a different password for various sites — never use the same password twice.

If all that sounds like too much trouble, there are options.

You can use a password manager such as Password Safe (available as a download on PCWorld). It’s free, open source and uses strong twofish encryption. It can generate truly random passwords for you, following rules that you set. It can insert a login name and password into a Web form. And you can organize your passwords into groups.

Also consider two-factor authentication. You can set Google and Facebook to send you a temporary PIN to your cell phone whenever you log in from an unfamiliar machine (this PIN must be provided along with your password the first time you attempt to log in via that new machine).

For even more password creation tips, check out Password Management: Idiot-Proof Tips.

Twitter isn’t alone in being a victim. The New York Times, The Wall Street Journal and The Washington Post are other high-profile companies that have recently been hacked.

Twitter emailed affected users Friday, telling them to reset their passwords, and the site offered some helpful advice about passwords in a blog post written by Bob Lord, director of information security for Twitter.

View Source

How debit card consumers choose and use their personal passwords and PIN numbers may well affect their risk of being victimized by financial fraud.

It’s an appropriate topic given that June is ATM & Debit Card Safety Awareness Month, an issue your grandparents didn’t see coming 30 years ago, but some law enforcement authorities sure did.

Consumers who give debit card fraud short shrift do so at their own risk. According to Javelin Research, debit card fraud accounted for 36% of all payment card fraud in 2010, up from 27% in 2009. Debit card fraud is more vexing for consumers than credit card fraud, as debit card fraud is rarely insured, and the losses come straight out the consumer’s bank account and can’t easily be tracked.

“Debit cards aren’t monitored as thoroughly as credit cards,” says Javelin in its 2011 Identity Fraud Survey Report. “Visa and MasterCard networks have more thorough histories on individuals and can spot suspicious transactions faster. The debit card network, however, relies on the consumer’s transaction history with a specific financial institution, not the entire Visa and MasterCard system, according to the Identity Theft Resource Center, a nonprofit consumer education organization in California.”

Javelin says the average debit card fraud amount was $2,529 in 2010.

One key contributor to debit card theft may be self-inflicted. A new study from PULSE, a Houston-based debit/ATM network, says that consumer personal identification numbers (PINs) — at least, how they’re used — may well set the stage for debit card fraud.

“It’s no secret that weak PINs such as a birthday or repeating or sequential numbers contribute to card fraud,” Eric Lillard, the director of fraud operations at PULSE, said in a statement.

Lillard points to a recent report from Cambridge University Computer Laboratory in West Cambridge, U.K., showing that one of every 11 debit cards has “easily discovered PINs.” (Post continues below.)

What’s a debit card consumer to do?

PULSE says consumers and financial institutions should discourage the use of birthdays as PINs — they’re too easy for thieves to crack. In fact, any “easily guessed pin” such as a wedding anniversary or numbers from your zip code should be dropped like a hot potato.

Here are some other tips from PULSE:

Monitor your financial account statements: Track your bank accounts online daily so that any suspicious activity is spotted quickly. Switch from postal delivery of statements to online access or ensure that mailed statements are sent to locked boxes and not left available to fraudsters.

Protect your wallet, purse and PIN: Don’t carry items with private information such as your Social Security number in your pocketbook or wallet. Also, PULSE says not to share your PIN with anyone. That means don’t write it down and don’t give it to a clerk or anyone else to enter for you.

Be extra alert at ATMs: Don’t use an ATM if it is in an unlit or hidden area. Block the keypad while entering your PIN so you can’t be observed. If an ATM looks phony or has a suspicious card reader that is loose or not part of the main body of the machine, do not use it.

Protect your online shopping: Update computer anti-virus software, anti-spyware and firewalls. New attacks come frequently, and your software provider will frequently send updates to stop them. Use only secure sites and network connections when shopping online.

Protect personal information online: Limit social media access to friends only and don’t “friend” people you don’t know. Fraudsters use personal information such as birth dates, family and pet names, high schools and birth cities to “verify” your identity.

Debit card fraud is serious business, with the potential to separate you from thousands of dollars drained right out of your checking account. Don’t give bank fraud thieves a bigger edge by going lax on your debit card security.

If you do, expect to pay a stiff price.

Read more

The Immigration Policy Center (IPC) and the Electronic Frontier Foundation (EFF) have released “From Fingerprints to DNA: Biometric Data Collection in U.S. Immigrant Communities and Beyond.” The paper outlines the current state of U.S. government collection of biometric information and the problems that could arise from these growing databases of records. It also points out how immigrant communities are immediately affected by the way this data is collected, stored and shared.

There is a growing push to link biometric collection with immigration enforcement. The U.S. Department of Homeland Security (DHS) takes approximately 300,000 fingerprints per day from non-U.S. citizens crossing the border into the United States, and it collects biometrics from noncitizens applying for immigration benefits and from immigrants who have been detained. In addition, state and local law enforcement officers regularly collect fingerprints and DNA, as well as face prints and even iris scans. All of these government databases are growing and are being increasingly interconnected. For example, the Secure Communities program takes the fingerprints of people booked into local jails, matches them to prints contained in large federal immigration databases, and then uses this information to deport people.

“Some people believe biometrics and databases are the silver-bullets that will solve the immigrant enforcement dilemma. But biometrics are not infallible, and databases contain errors. These problems can result in huge negative consequences for U.S. citizens and legal immigrants mistakenly identified,” said Michele Waslin, Senior Policy Analyst at the IPC.

“Biometric data collection can lead to racial profiling and can disproportionately affect immigrants,” said EFF Staff Attorney Jennifer Lynch. “It also gives the government a new way to find and track people throughout the United States. The government needs to act now to limit unnecessary biometric collection and address the serious privacy issues regarding the amount and type of data collected, as well as what triggers that data collection, with whom the data is shared, and the security of that data.”

Read more

How out-of-hand has the “war on terror” become? So much so that now, the Department of Homeland Security has taken to monitoring social media Web sites trolling for would-be terrorists, as if the world’s most dangerous killers were Tweeting their plans.

Only, DHS isn’t just trolling for terrorists by monitoring Twitter and Facebook. No, the department – which at least one presidential contender, Rep. Ron Paul, believes is out of control – is wasting valuable and limited assets evaluating media reports, organizations and news sites like The Drudge Report for anti-government attitudes and social unrest.

But wait, you ask. What does monitoring American-based Web sites and social media applications have to do with the war on terror? Probably nothing, but you may remember that the Department of Homeland Security was born out of legislation passed immediately after the 9/11 attacks to protect “the American people from terrorist threats.”

First Amendment, anyone?

You’re not the only one who isn’t buying the spying. The Electronic Privacy Information Center, a watchdog organization looking to protect civil liberties, privacy, the First Amendment and constitutional values in an increasingly interconnected world, has convinced a House subcommittee that the DHS activity is suspicious enough to warrant closer examination. The hearings come on the heels of the group’s acquisition of some 300 pages of DHS documents resulting from a Freedom of Information Act request which lay bare the agency’s “intelligence gathering” activities online.

“The Department of Homeland Security’s monitoring of political dissent has no legal basis and is contrary to core First Amendment principles,” says EPIC’s director, Ginger McCall, who says a government agency that monitors what ordinary Americans are saying about federal policies goes too far, and has direct implications on freedom of speech.

“The language in the documents makes it quite clear that they are looking for media reports that are critical of the agency and the U.S. government more broadly,” she said. “This is entirely outside of the bounds of the agency’s statutory duties.”

EPIC says documents it has obtained show that DHS has used contractors to monitor Twitter, Facebook, Hulu, Wikileaks, Drudge and other news sites including the Huffington Post. The documents reveal that the contractors were required to provide DHS with reaction regarding potential “threats and hazards,” as well as any media reports that reflect adversely on the U.S. Government and the Department of Homeland Security (D.H.S.) ability to prevent, protect and respond, to recovery efforts or activities related to any crisis or events which impact National Planning Scenarios.”

The program should also highlight “both positive and negative reports on FEMA, C.I.A., C.B.P., ICE, etc., as well as organizations outside of D.H.S.,” the documents said.

Looking over your shoulder

Now, DHS officials admit that, yes, the agency was monitoring the Web for any negative opinion of the government. But they said the operation was only undertaken as a one-and-done test, then quickly dropped, because it didn’t meet “operational requirements or privacy standards” which “expressly prohibit reporting on individuals’ First Amendment activities.”

EPIC says that, based on what it has discovered that explanation doesn’t ring true. Rather, the organization says DHS believes the monitoring program is one that should be repeated.

“They are completely out of bounds here. The idea that the government is constantly peering over your shoulder and listening to what you are saying creates a very chilling effect to legitimate dissent,” says McCall.

The public will soon know.

Read more

The price of gas continues to fall. AAA says the national average for regular has fallen to $3.73, down 21 cents in the past six weeks. But if you pay at the pump, thieves may be waiting for you, ready to skim the information off your bank card and siphon the money out of your account.

It’s a scam called “skimming” and it costs the financial industry more than $350,000 a day, as CBS News correspondent Sharyl Attkisson reports.

Volunteer fireman Mark Young recently got out of the hospital after neck surgery, only to be dealt another blow when he checked his bank balance.

“I had $2,300 in the bank, and it said I only had $1,000 in there,” Young said.

Surveillance video shows a man that police say is suspected of stealing Young’s debit card number and going on a shopping spree. He allegedly used it four times in two days at Target, Wal-Mart and Macy’s.

Detective Eric Landamia of the Lower Southampton Township Police says the trick was finding out how the thief had gotten Young’s and other victims’ numbers without actually stealing their cards. Police zeroed in on gas stations, where many people pay with their cards right at the pump.

So-called “skimming devices” can be bought legally online for around $200 dollars. They record card numbers on a memory chip.

Hacker and ex-convict Greg Evans, who owns his own security firm, showed CBS News how a crook can use a popsicle stick and superglue to attach the skimmer.

“The first thing we have to do is to make sure we’re lining up the skimmer up here with the credit card so that it goes in evenly,” Evans said. “See, this way the person doesn’t even know when they’re sliding their card in.”

The customer thinks he’s pumping his gas and everything is fine. In actuality, somebody just stole his credit card, Evans said.

Evans demonstrated how to install a rudimentary skimmer in a matter of minutes. The real scam artists can make the skimmer seamless and undetectable to customers. The skimmer can hold about 1,000 credit card numbers, Evans said.

The thief retrieves the skimmer and then downloads the data.

“I was really angry,” Young said. “Very, very angry.”

Police caught the suspect in Young’s case, and are working to get his cooperation to help catch other alleged thieves.

There’s no foolproof way to identify a gas pump that’s been rigged with a skimmer. It’s up to consumers to discover the theft and report it to police and the bank. If it’s proven to be fraud, and reported quickly, all banks have a policy of refunding the money to you.

That’s why Young tells others to check their accounts often. Even if your card’s still in your wallet, someone could be enjoying a shopping spree at your expense.

Read more

Documents just released by US Immigration & Customs Enforcement (ICE) in response to one of EFF’s Freedom of Information Act requests show that DHS is considering collecting DNA from kids ages 14 and up—and is exploring expanding its regulations to allow collection from kids younger than that.

The proposal appears to be working its way through DHS in the wake of regulations from the Department of Justice that require all federal agencies—including DHS and its components such as ICE—to collect DNA from individuals arrested for federal crimes as well as “from non-United States persons who are detained under the authority of the United States,” whether or not they have been involved in criminal activity. While the law specifically exempts a few classes of “aliens,” the documents we received show DHS may start DNA collection from anyone it fingerprints. Currently, that’s any child over 14 who’s detained, but we also found records that show ICE could lower that age even more.

DHS estimates that as many as 1 million people who are subject to administrative detention or arrest annually could now be subject to DNA collection. But it’s important to note that many of these people are not involved in criminal activity. Collecting DNA from anyone detained by the government for any number of non-criminal reasons—especially juveniles—seems to be yet another step on the slippery slope to collecting DNA from everyone in the United States, no matter their status.

ICE is the first component within DHS to collect DNA under the new DOJ regulations. ICE’s Homeland Security Investigations (HSI) offices in San Diego, St. Paul, and San Juan, Puerto Rico are part of a 6-month pilot program to test out the new procedures and were set to start collecting DNA around July 2010. After the pilot program, the rest of HSI’s offices (more than 200 throughout the US and abroad) will start collecting DNA and presumably all other DHS components will follow suit shortly thereafter.

When the DOJ expanded its DNA collection regulations in 2009, it specifically required agencies to collect DNA from all populations they fingerprint. DHS regulations allow the agency to collect biometrics from aliens coming into the US who are 14 and older, so DHS can currently collect DNA from kids this age as well. However, the agency may also be considering collecting biometrics from kids younger than 14. A slide presentation from March 2011, titled “Working Group on Expanding the Biometric Age Range” notes that some DHS programs are already collecting biometrics from kids younger than 14 and proposes expanding the age range for more DHS entities (including ICE). Because of the DOJ regulations, this would mean that DHS could collect DNA even from very young kids.

It turns out that DHS is not the first federal or even state agency to collect DNA from juveniles. The records ICE released show that the US Marshals are required to collect DNA from juveniles whenever the Marshals collect fingerprints. And the Drug Enforcement Agency’s (DEA) internal regulations make clear that “Both adults and juveniles who are fingerprinted are subject to DNA sample collection.” Its agents may also collect DNA from non-United States persons who are merely detained (not formally arrested). And according to the Council for Responsible Genetics, twenty-eight states already collect DNA from juvenile offenders, as well.

However, a DNA collection program run by DHS feels very different because it could affect so many people who have no involvement with the criminal justice system. EFF has strongly criticized warrantless DNA collection in criminal contexts, as we’ve discussed here, here and here. The DOJ argues that collecting DNA from all people arrested and non-US persons detained will allow it to find and identify more criminals, solve more crimes, and “prevent and deter subsequent criminal conduct.” but it is hard to see how that argument couldn’t be extended to apply with equal force to mandated DNA collection from everyone.

DNA reveals an extraordinary amount of private information about you, including family background, medical history, predisposition for disease, and possibly even behavioral tendencies and sexual orientation. Once the federal government collects a DNA sample—no matter which agency does the collection—the sample is sent to the FBI for storage, and the extracted profile is incorporated into the FBI’s massive CODIS database, which already contains over 10.5 million “offender” profiles. It is next to impossible to have your DNA expunged from the database once it’s already in there, and once it’s in CODIS it is subject to repeated warrantless searches from all levels of state and federal law enforcement.

For the short term, DHS’s DNA collection program may be quite limited. ICE has redacted most concrete information about the timetable for implementation, but it is not clear that DHS has begun collecting any DNA. The documents ICE released indicate some agency infighting between the DOJ (which requires the DNA collection) and DHS (which considers this requirement to be an expensive unfunded mandate), and it is not clear if the two agencies have yet worked this out.

DHS also appears to recognize the political costs of collecting DNA from people outside the criminal justice system. In a March 22, 2010 letter from DHS Secretary Napolitano to Attorney General Holder, Napolitano sought an exemption to DNA collection from juveniles under 18. Hidden text within one of the documents1 recognizes that collecting DNA from juveniles could increase “ICE’s exposure to criticism” and notes:

[t]here is a high likelihood that ICE would face litigation and other opposition from community and nongovernmental organizations (NGOs) if ICE were to sample all juvenile detainees.

Further, it appears DHS is trying to avoid publicizing the roll out. Hidden text on another page of the documents notes that “OCR and OPA [ICE's Office of Congressional Relations and Office of Public Affairs] intend to respond to inquiries, rather than making announcements of the DNA sampling pilot program.”

DHS’s stalling is good for privacy in the short run. However, given the hard line the DOJ has taken in past court cases challenging DNA collection, the expansion of DNA collection from an ever-broader array of Americans and immigrants appears imminent.

Follow these link to view documents from ICE:

• ICE DNA Collection Documents – pages 1-92
• ICE DNA Collection Documents – pages 93-201
• ICE DNA Collection Documents – pages 202-297
• ICE DNA Collection Documents – pages 298-353

Read more

A new feature story in this month’s Wired blows the lid off plans for a massive new National Security Agency data center in Utah that represents the resurrection of a program that Congress killed in 2003, known as “Total Information Awareness,” targeting literally all electronic communications all over the world — including those made by American citizens.

The proposal was to build computing systems that could suck up every electronic communication on the planet and filter them through a smart super-computer that would flag certain conversations, emails, transactions and other items of interest for further review. It was a program so monstrous in scope that after a brief legislative battle, Congress imposed strict regulations on the type of technology that could accomplish those ends, prohibiting it from ever being used against Americans.

But if well sourced intelligence reporter James Bamford is to be believed, as of this year, their efforts to stop it are moot.

According to Bamford, the NSA’s new data center in Utah will be the most all-encompassing spy machine ever conceived, capable of breaking almost any encryption, reading any email and recording any phone call anywhere in the world, even if it’s not made over the Internet. A network of ultra-sensitive satellites enhance the center’s intelligence-finding capabilities with the unique ability to sniff electronic communications from a massive distance.

More troubling still, Bamford’s three covert sources who worked for the NSA reportedly claim that the agency is dumping Americans’ communications into the mix, knowingly violating the U.S. Constitution in pursuit of a modern-day Manhattan Project.

When Congress struck down the Pentagon’s “Total Information Awareness” program, they did, however, authorize funding for ”processing, analysis, and collaboration tools for counter terrorism foreign intelligence,” which is precisely how the NSA describes this data center. Just a year after that authorization, Bamford notes that the Department of Energy founded a computing facility where scientists developed technology that was secretly being funneled to the NSA for the data center currently under construction.

Bamford’s sources are not the first to come forward with claims of dubious activity at the NSA. The Obama Administration prosecuted NSA whistleblower Thomas Drake for funneling secret data to a nameless reporter, and former NSA analyst Russell Tice came forward with other revelations in 2005, and again in 2009. Even back then he was warning that the NSA had access to all Americans’ communications and even private credit card information. That message was heard, and heard well, by lawmakers like Sen. Jay Rockefeller (D-WV), who said he would not be surprised to learn that the NSA was even spying on him.

In these latest revelations, one of Bamford’s covert sources claims that the NSA is on the verge of a massive coup, putting the U.S. inches away from “a turnkey totalitarian state.” A much smaller spying program that targeted top Democrats and reporters, uncovered amid an investigation into a burglary, was the impetus for impeachment proceedings against former President Richard M. Nixon, which caused him to resign part-way through his second term. At the time, Congress was concerned that such power would be wielded for political purposes.

Read more