There are police "fusion centers" all over the US doing similar data acquisition. The DHS is not only militarizing local police forces, they are turning them into mini-intelligence agencies.
I highly recommend reading this investigation by a redditor into Fusion centers:
Fusion centers weren't put in place to militarize the civilian police forces or turn them into mini-intelligence agencies. The fusion centers (those that work -- many of them have communication "issues", according to congressional investigations IIRC) were designed to simplify collaboration between law enforcement agencies around the US.
There's a lot of interesting things that go on in the big (and little) cities in the country, but it's incredibly difficult for individual agencies to know what's going on in any of the others, except what they read in the newspaper. Using DHS as a service bus, they can better understand trends and collaborate on actions to deter or disable larger criminal networks.
Yes, Homeland Security gets easier access to local police intelligence and stats as well, but DHS and FBI I think have jurisdiction to get that anyways.
The point of these, though, is ultimately providing better information to police agencies so they can make better-informed decisions.
This document from Michigan talks somewhat about how the fusion centers interact with the Feds, and use a Federal-provided system (run by a private company?) to do their work.
I find this creepy, but I'm not sure I'm seeing what's so interesting about it. Various police departments within a discrete area of Virginia (and who, I'm sure, often coordinate in other totally legitimate ways) are simply sharing information that they have obtained through supposedly legal processes.
I for one am completely fine with law enforcement agencies sharing evidence that they have lawfully obtained (and they do this routinely with, e.g., the NCIS fingerprint database). That law enforcement agencies around the country do this with other information, including phone records, in so-called "fusion centers" was, I thought, already widely known. Is this somehow different?
Of course, here, there is good reason to be concerned about the way that many of the records have been obtained, and certainly this revelation provides further illustration of the unsettling ways that law enforcement can use phone records. Accordingly, it provides further reason to scrutinize the original collection of those records. But is there reason to think that this sharing is illegal in itself?
IANAL. Also I haven't read Virginia's code of law.
However, in most american states, "obtained legally" != "legal to archive" != "legal to look at whenever you want" != "legal to share" != "legal to use for any purpose other than that which it was originally obtained for".
Which means, while the gathering of the data may have been done legally, the archival and preservation of the data beyond their original purpose may be itself illegal, let alone sharing it, looking at it for reasons unrelated to the original cause, and using it for other purposes.
Ah! A very good point. Does anyone else know more about this than, apparently, I do?
Edit: After a bit of Googling, it looks like this may be OK under Virginia Law.
In short, it appears that the governing law is the Government Data Collection and Dissemination Practices Act, which provides an exception to retention and sharing restrictions for "criminal intelligence information."
Here is a somewhat off-topic but informative opinion from the Virginia AG about retention and sharing of license plate reader information. http://www.vachiefs.org/images/uploads/docs/AG_Opinion_LPR.p...
(On the topic of "passive", always-on License Plate Reader data collection that is archived without looking at it "in case it's useful later"):
> On these facts I conclude that the need for such data has not been "clearly established in advance,"
so as to conform to the applicable principle of information practice. [12] Its future value to any investigation
of criminal activity is wholly speculative. Therefore, with no exemption applicable to it, the collection of
LPR data in the passive manner does not comport with the Data Act's strictures and prohibitions, and may
not lawfully be done. [13]
To absorb this back into the whole phone records thing, here's the keypoints I gather from that:
1. Need to target specific data that is as constrained as possible given prior knowledge. E.g. If you already know someone spoke on the phone about a crime at X date and never spoke of it at any other date, you are only allowed to obtain and use the records of that date.
2. Need to be able to show reasonable belief _before collection_ that the collected data will be useful for an investigation and/or for intelligence on criminal activity. Knowing that a criminal uses a phone is not sufficient cause to collect phone records - it must be demonstrable before collection that those particular phone records might contain information useful for identifying criminal activity or for ongoing investigations.
3. Data that is mass-collected for purposes of finding a specific information (e.g. searching for a license plate by processing every car that passes through X intersection) may be kept and shared only until the target information is located and the objectives met.
4. Every data collection must have a specific purpose and clear boundaries. Collecting records "to find people who issue death threats"? NOT OKAY. Collecting records "to find this particular issuance of a death threat"? OKAY. In other, techier words, there must be a deliverable. If the goal of a data collection is open-ended, or could take decades, then you must have a specific warrant associated to that data collection, and the data must be discarded once the warrant expires and/or the investigation concludes.
This is pretty much my reading of it given cursory scanning of an abstract of the GDCDPA, prior knowledge on legal interpretations for "criminal intelligence information" (an extremely important phrase), and the A.G. advisory linked in parent.
I think this is all correct. But on my admittedly cursory reading of the Wired article, I didn't see any clear indication that the police departments involved have violated any of these restrictions. Of course, this is mostly for lack of detail. There are lots of areas where a violation could have occurred.
Talk to someone at the ACLU about ALPRs. There are currently no restrictions or policies around their usage or data retention or sharing. We as citizens have absolutely no way of knowing if these are being used in ways we don't approve of. It's a problem.
I'm not so sure about that. It's not unusual to hear of cases being solved through matches with a fingerprint or DNA database (obviously problematic for civil liberties), and I don't think there's a bright-line standard for sharing of legally obtained evidence. I would like it if there was, but are you sure that you're not projecting your view of how things should work onto how they actually do? Can you offer some support for your claim?
My claim is that the above terms and concepts, in a legal courtroom, are not automatically equal, and a judge may or may not rule completely differently on a case whenever any one of those factors change.
Notice, if you read correctly, that I didn't make any particular judgment as to whether or not I think it's legal or not, or whether I think it should be legal or not.
My intent was simply in pointing out that the commenter's assumptions and logical deductions were unsound as far as a judge looking at a court case might be concerned.
Reading correctly, the commenter you replied to posed a question rather than stating any assumptions. You said 'in most american states, "obtained legally" != "legal to archive" != "legal to look at whenever you want" != "legal to share" != "legal to use for any purpose other than that which it was originally obtained for".'
So you seem to be claiming that these are distinct legal categories which affect the admissibility of evidence at trial. I don't think this is true; as far as I am aware, prosecutors and police can freely share information collected in different cases as long as that evidence is all disclosed to the defendant prior to trial (and early enough for the defense to prepare or seek a continuance etc.).
For example, it's legal (per the Supreme Court) to take DNA swabs from arrestees without a warrant even if no charges are brought, and all such DNA evidence is by default loaded into a national database known as CODIS. Your DNA data, according to a majority of the Supreme Court can legally be archived, looked at whenever law enforcement wants, shared, and used for other purposes than that which it was originally obtained for.
So again I ask, do you have something to back up your claim about things being different in 'most american states' or were you just saying you didn't think it worked that way?
> So you seem to be claiming that these are distinct legal categories which affect the admissibility of evidence at trial.
Ah. There's the hiccup. It wasn't my intent to be communicating anything about admissibility of evidence. Archiving, sharing, obtaining, perusing, using for original purpose and using for a tertiary purposes are all different actions, and which of these actions were taken and in what contexts would be evaluated differently by a judge ruling on a "borderline" case that is up to legal interpretation.
The Supreme Court, to reuse your example, has effectively ruled that DNA collection is, upon arrest, legal for use in all above activities, if I understand correctly. To throw in what I did think, no, I didn't know it worked that way, and I'm pretty happy no government database currently has my DNA data (time to look up relevant Canadian laws to see if this is true here as well).
I don't have anything particularly solid to back up the claim that most states would not automatically grant all the actions above as "legal" if any given one of them is legal in a given situation (like the Supreme Court apparently did for DNA swabs). It just seemed particularly likely given my priors and whatever equivalent situations or contexts I could remember (I've read two US state codes of law (Ohio and Texas), and I'd estimate 20% of USA federal laws, that are available online on their respective public websites).
EDIT: To clarify first paragraph: I'm talking here mostly about situations such as someone suing a police force or suing the state over privacy breach or somesuch, not about whether a judge would use what police did with phone records and whether they shared it in a Fusion to dismiss a case about child pornography, for instance. That's a whole other (and more complicated) ball of yarn, IMO.
Let's say a criminal manages to dump all the emails from 2% of gmail accounts, the criminal is caught and the hard drives containing these emails are legally seized as evidence.
* Do the police have a right, legal or ethical, to read these emails?
* Do they have a right to share these emails?
* Should these emails be purged from police records after the case has gone to trial?
That's an interesting hypothetical, but I'm not sure I see how it bears too closely on this scenario which, as I understand it, deals only with the phone records of people actually under investigation. I get that these records will include certain information about third parties (namely, that they called or were called by person x), but this seems a far cry from "all the emails from 2% of gmail accounts."
Any data on any seized smartphones. Where could a seized smartphone, obtained completely legally, come from?
Well, for starters, let's say you've got a robbery ring of people snatching iPhones in public places. Police track them, raid their meeting point, and proclaim this glorious bust with 67 arrests related to the nefarious criminal snatcher ring. What happens to the phones present onsite during the raid? Seized.
So they now have 300 seized smartphones, acquired legally. What do you think they do with them? Open 'em up, check the data, put it on the Fusion, of course! I mean, it's intelligence on the kinds of data criminals keep with them, so it's fair game, right? (Hint: Nope. But some police officers really do think this way.)
What's more... maybe some of these phones were already "cleaned out" by the snatcher ring, and maybe some weren't. Time for a subpoena to the phone carriers to know which phones belonged to whom! And, well, while we're at it, it might be useful to know if any of these phones actually belonged to some of the snatchers themselves, maybe it'll lead us to their contacts and to more of their affiliates. This is still criminal activity intelligence, right? So let's also get all the phone records and contacts and calling history for all the previous numbers and owners of all of these phones.
See how quickly this stuff escalates? And how easy it is for any officer or investigator to get carried away and justify it to anyone who asks?
(Note: I'm not saying this happened. It's a thought experiment.)
The article doesn't say that the police are sharing "any data on seized smartphones." What it actually says is:
"In the case of the Virginia database, it’s unclear whether content from seized cellphones—such as text messages— is included in the database or if it just contains so-called metadata describing the phone numbers called, the calls received and their date and duration."
This is what I mean when I say that the Wired article does not have enough information for me to know whether anything shady is going on or not.
When they won't affirmatively state what's in the database, it's nowadays very safe to assume that the answer is 'everything they could get their hands on'.
> (...) so-called metadata describing the phone numbers called, the calls received and their date and duration."
Uhm. This already includes phone numbers called, calls received, dates, durations. Also, it's well-known among even amateurs and armchair intelligence analysts that "metadata" is usually more than sufficient to obtain a complete profile of an individual's private life, and it's been confirmed at least once by US Mil-related interests that they have killed foreign terrorist suspects based only on conclusions drawn from metadata.
So even if it "just contains so-called metadata", that's probably still enough data to know the exact time you use the toilet in the morning, and for how long. Literally. (ref: Dozens of recent papers on metadata profiling)
The problem with sharing such information in general, is that it becomes difficult or even impossible to restrict access or delete it in the future. Juvenile cases might be an example where you may want to do that.
Honestly, looking at my state's centers (as linked in another comment) they all look pretty benign. Like, just regular inter-agency communications. But after reading the WIRED article, it seems much worse than that. Assuming that you buy that the NSA needs to look at my texts to my wife about buying milk for national security, that the local cops need to beggars belief. Especially when they are elected officials and fellow citizens that are here to enforce laws and public safety. Are drug dealers and bored teenagers THAT big of a threat? How can I relate to the local constabulary at the PTA meeting when they know all my private medical issues and marital problems? The power differential is too great.
i somehow feel that all the attempts to legally regulate/restrict the data gathering by government is like an attempt to board a train that has already left the station - just a mental refusal to accept new reality. World has changed (or has been disrupted in SV lingo). We have to adapt to new conditions. Just like taxi cabs and regulators have to adapt to Uber/AirBnb, we have to adapt to NSA/Palantir.
> Just like taxi cabs and regulators have to adapt to Uber/AirBnb, we have to adapt to NSA/Palantir.
If only someone like you were around 200+ years ago to tell Washington, Jefferson, and Adams that they should accept new reality and adapt to the British seizing our ships, blockading our ports, burning our towns, and spilling our blood.
A lot of things around us are out of our control, so we have to adapt. Let's be honest, the political system is not within our control. Very, very little political change will come out of our complaints. Instead of repeatedly trying and failing to bring about meaningful change, we should adapt -- because that is the reasonable thing to do. We can't change the government's behavior, so let's change ours; something has to give.
>Instead of repeatedly trying and failing to bring about meaningful change, we should adapt -- because that is the reasonable thing to do.
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." --George Bernard Shaw
on the other side Native Americans didn't adapt to the fire weapons used by colonists and used bows/arrows and horse mounted front attack tactics far too long.
One can also argue that Washington et al. did accept the reality and thus didn't insist on some new laws/rules restricting British Crown power in the colonies.
The train has not left the station, because the legality of many of the behaviors and practices of the intelligence community is unsettled law. Furthermore, the what is legal can be changed through legislation.
Sharing information have with other agencies within the legal boundaries (warrants generally) and in a transparent way is fine.
What is not fine is:
1) encouraging the police to do illegal mass surveillance of citizens, too, with Stingrays and other methods
2) use information obtained in an illegal way (such as NSA spying on Americans) to do parallel construction by telling cops exactly who to stop at check points because they already know through illegal spying that he committed a crime, and then using that in Court, and saying they find out about his crime at a regular traffic stop.
"We believe that widespread and longstanding deficiencies in the FBI's operations and Counterterrorism Program caused the problems we described in this report," Fine's investigators wrote, including a shoddy analytical program, problems sharing intelligence information and "the lack of priority given to counterterrorism investigations by the FBI before September 11."
I highly recommend reading this investigation by a redditor into Fusion centers:
https://pay.reddit.com/r/technology/comments/1h3pc2/how_poli...