Tag Archive for: They

DOJ Seizes Domains, Claiming They Pushed Iranian Disinformation; Should Raise 1st Amendment Concerns

For about a decade now we’ve been questioning why the government is allowed to seize domains over claims of illegal behavior happening on a website. It seems to us that seizing a website is the equivalent of seizing a printing press or books — both of which would be deemed clear 1st Amendment violations. Unfortunately, even when those seizures have proven to be for made up reasons, no one has been able to challenge the underlying ability of the government to seize domains. And now it seems to happen all the time. And even if you believe the websites in question are doing something bad, seizing the websites is problematic.

The latest such case is the Justice Department announcing that it had seized a bunch of domains pushing disinformation on behalf of Iran’s Islamic Revolutionary Guard Corps.

The United States has seized 92 domain names that were unlawfully used by Iran’s Islamic Revolutionary Guard Corps (IRGC) to engage in a global disinformation campaign, announced the Department of Justice.

According to the seizure documents, four of the domains purported to be genuine news outlets but were actually controlled by the IRGC and targeted the United States for the spread of Iranian propaganda to influence United States domestic and foreign policy in violation of the Foreign Agents Registration Act (FARA), and the remainder spread Iranian propaganda to other parts of the world. In addition, the seizure documents describe how all 92 domains were being used in violation of U.S. sanctions targeting both the Government of Iran and the IRGC.

According to reporter Kevin Collier, who used the Wayback Machine to check out some of these sites, they seemed like mostly junk with little US social media presence.

Even so, and even if we’re concerned about foreign disinformation campaigns targeting the US, it still makes me nervous when the US government feels that it can just go in and seize entire domains. It strikes me as the thing that can create blowback as well. The US has certainly been involved in foreign propaganda as well — and would we want foreign governments seizing the assets of, say, Voice of America?

Techdirt.

Prosecutor Says It’s OK That Deputies Faked Evidence Reports Because They Didn’t Know It Was A Crime

Orange County (CA) sheriff’s deputies are the worst at law stuff. If the goal was to hire the stupidest, most plausibly-deniable candidates, the OCSD has hit the mark.

Deputies for this department have managed to achieve the impossible: turn local prosecutors against them by continuously mishandling evidence. Evidence must be managed carefully since it’s the thing prosecutors use to secure convictions. In the hands of deputies, evidence is just something that must be handled, however haphazardly, at whatever point they get around to it.

Since they can’t handle the job of correctly booking evidence, deputies have been faking reports, claiming evidence is booked in when it actually isn’t to avoid getting reprimanded for taking too long to process seized property. One deputy, Bryce Simpson, never did the job correctly. In 74 cases audited, 56 had no evidence booked at all and the other 18 only had some of the evidence booked.

Now, Deputy Bryce Simpson — along with Deputy Joseph Atkinson Jr. — are being given a pass by the special prosecutor presiding over the grand jury convened to decide whether these two slackers/liars should face criminal charges. According to the prosecutor, the deputies did nothing wrong because — wait for it — they didn’t know falsifying official documents was wrong.

Atkinson and Simpson told grand jurors during Mora’s hearing that they had never been trained on a Penal Code section making it illegal to falsely write in their reports that they had booked evidence — typically guns, drugs, money and photos.

Special prosecutor Patrick K. O’Toole told grand jurors that he gave the plea deal to Atkinson and Simpson partially because they had not been informed of the Penal Code section for lying on a official report.

“So I let them plead to the less serious charge because I thought it was justified under the circumstances,” O’Toole told the jurors. “And I think you will recall also their testimony that, not that ignorance of the law is any excuse, but they had never heard of this government code section before, or I don’t think any of these people ever thought the Penal Code section applies to them in what they are doing.”

You have got to be fucking kidding me. Even if we believe the deputies — and there’s no reason we should — there has never been a case ever in any situation where falsifying official documents has been considered the right thing to do. That the deputies may have been unaware these actions could result in criminal charges is beside the point. The mens rea is the knowing falsification of documents, which has never been considered OK under any circumstances. And that’s even when the threat of criminal prosecution isn’t readily apparent.

And their testimony contradicts the Sheriff’s Department spokesperson, who says both deputies received training on the filing of evidence — training that presumably included the warning that faking these documents could result in criminal charges. If they didn’t pay attention to the criminal charge part of the training, that’s hardly an excuse. Ignorance of the law doesn’t help civilians. It shouldn’t aid and abet criminal actions committed by law enforcement officers.

But this is just more in the sad, stupid history of this department, which has abused tax dollars to mold an abusive, moronic thin blue line that can’t even keep crime in check inside of its own department. A few years ago, the sheriff actually claimed deputies were unaware it was wrong (not to mention criminal) to lie in court. The deputies claimed they didn’t know what they could testify about regarding a criminal database, but rather than seek advice from the city’s lawyers, they chose to lie about their knowledge of the system.

No one is being served and/or protected by this group of deliberately obtuse officers. And they’ll continue to be underserved if this is how illegal misconduct is handled by those who are supposed to be seeking justice, rather than shielding officers from the consequences of their actions.

Techdirt.

If A College Is Going To Make COVID-19 Contact Tracing Apps Mandatory, They Should At Least Be Secure

One of the more frustrating aspects of the ongoing COVID-19 pandemic has been the frankly haphazard manner in which too many folks are tossing around ideas for bringing it all under control without fully thinking things through. I’m as guilty of this as anyone, desperate as I am for life to return to normal. “Give me the option to get a vaccine candidate even though it’s in phase 3 trials,” I have found myself saying more than once, each time immediately realizing how stupid and selfish it would be to not let the scientific community do its work and do it right. Challenge trials, some people say, should be considered. There’s a reason we don’t do that, actually.

And contact tracing. While contact tracing can be a key part of siloing the spread of a virus as infectious as COVID-19, how we contact trace is immensely important. Like many problems we encounter these days, there is this sense that we should just throw technology at the problem. We can contract trace through our connected phones, after all. Except there are privacy concerns. We can use dedicated apps on our phones for this as well, except this is all happening so fast that it’s a damn-near certainty that there are going to be mistakes made in those apps.

This is what Albion College in Michigan found out recently. Albion told students two weeks prior to on-campus classes resuming that they would be required to use Aura, a contact tracing app. The app collects a ton of real-time and personal data on students in order to pull off the tracing.

Aura, however, goes all in on real-time location-tracking instead, as TechCrunch reports. The app collects students’ names, location, and COVID-19 status, then generates a QR code containing that information. The code either comes up “certified” if the data indicates a student has tested negative, or “denied” if the student has a positive test or no test data. In addition to tracking students’ COVID-19 status, the app will also lock a student’s ID card and revoke access to campus buildings if it detects that a student has left campus “without permission.”

TechCrunch used a network analysis tool to discover that the code was not generated on a device but rather on a hidden Aura website—and that TechCrunch could then easily change the account number in the URL to generate new QR codes for other accounts and receive access to other individuals’ personal data.

It gets worse. One Albion student was able to discover that the app’s source code also included security keys for Albion’s servers. Using those, other researchers into the app found that they could gain access to all kinds of data from the app’s users, including test results and personal identifying information.

Now, Aura’s developers fixed these security flaws…after the researchers brought them to light and after the school had made the use of the app mandatory. If anyone would like to place a bet that these are the only two privacy and security flaws in this app, then they must certainly not like having money very much.

To be clear, plenty of other schools are trying to figure out how to use technology to contact trace as well. And there’s probably a use for technology in all of this, with an acceptable level of risk versus the benefit of bringing this awful pandemic under control.

But going off half-cocked isn’t going to help. In fact, it’s only going to make the public less trustful of contact tracing attempts in the future, which is the last thing we need.

Techdirt.

Insecure IoT devices could be banned and destroyed if they fail to meet UK security standards

IoT devices could be banned from sale and destroyed if they fail to meet basic security standards, according to proposals put forward by the UK Government.

Read more in my article on the Bitdefender BOX blog.

Graham Cluley