MIT: In the News Again

January 18, 2021

I have used “high school science club management methods” to describe some of the decisions at Silicon Valley-type outfits. I have also mentioned that the esteemed Massachusetts Institute of Technology found itself in a bit of a management dither with regards to the infamous Jeffrey Epstein. If you are not familiar with the MIT Epstein adventure, check out “Jeffrey Epstein’s Money Bought a Coverup at the MIT Media Lab.” High school science club management in action.

I read a story dated January 14, 2021, with the fetching title “MIT Professor Charged with Hiding Work for China.” Yep, someone hired a person, failed to provide appropriate oversight, and created a side gig. I learned:

While working for MIT, Chen entered into undisclosed contracts and held appointments with Chinese entities, including acting as an “overseas expert” for the Chinese government at the request of the People’s Republic of China Consulate Office in New York, authorities said. Many of those roles were “expressly intended to further the PRC’s scientific and technological goals,” authorities said in court documents. Chen did not disclose his connections to China, as is required on federal grant applications, authorities said. He and his research group collected about $29 million in foreign dollars, including millions from a Chinese government funded university funded, while getting $19 million in grants from U.S federal agencies for his work at MIT since 2013, authorities said.

MIT is allegedly an institution with many bright people. Maybe that is part of the challenge. The high school science club mentality has ingrained itself into the unsophisticated techniques used to track donations and smart professors.

Harvard has a business school. Does it offer a discount for MIT administrative professionals?

Stephen E Arnold, January 18, 2021

How Will MindGeek Get Paid? Umm, Encrypted and Anonymous Digital Currencies Maybe

December 11, 2020

I have followed the strong MasterCard and Visa response to revelations about MindGeek’s less-than-pristine content offerings. The Gray Lady wrote about MindGeek and then other “real” news sites picked up the story. A good example is “Visa, MasterCard Dump Pornhub Over Abuse Video Claims.” The write ups appear to have sidestepped one question which seems obvious to me:

How will MindGeek collect money?

There are some online ad outfits which have been able to place ads on Dark Web sites and on some other sites offering specialized content, not very different from MindGeek’s glittering content array. Amped up advertising seems one play.

But what about MindGeek’s paying customers?

Perhaps MindGeek, nestled in the Euro-centric confines of Montréal, will come up with the idea to use a digital currency. Invoices can be disseminated in secret messaging systems like those favored by the Russian based Edward Snowden. The payments can flow via encrypted digital currencies. Now many transactions can be tracked by government authorities in a number of countries. Nevertheless, making this type of shift is likely to increase the burden on investigators.

Just as killing off Backpage created additional work for some law enforcement professionals. The MasterCard and Visa termination may have a similar effect. Yes, the backlog can be resolved. But that is likely to add friction to some enforcement activities. A failure by regulatory agencies to get a handle of payments systems (encrypted and unencrypted) is now evident to some.

Stephen E Arnold, December 11, 2020

DHS Turns to Commercial Cellphone Data Vendors for Tracking Intelligence

November 18, 2020

Color us completely unsurprised. BuzzFeed News reports, “DHS Authorities Are Buying Moment-By-Moment Geolocation Cellphone Data to Track People.” In what privacy advocates are calling a “surveillance partnership” between government and corporations, the Department of Homeland Security is buying cellphone data in order to track immigrants at the southern border. This is likely to go way beyond the enforcement of immigration laws—once precedent is set, agencies across the law enforcement spectrum are apt to follow suit.

Citing a memo that came into their possession, reporters Hamed Aleaziz and Caroline Haskins reveal DHS lead attorney Chad Mizelle believes ICE officials are free to access locations and cellphone data activity without the need to obtain a warrant and without violating the Fourth Amendment (protection against unreasonable search and seizure). His reasoning? The fact that such data is commercially available, originally meant for advertising purposes, means no warrant is required. Consider that loophole as you ponder how much personal information most citizens’ cell phones hold, from our daily movement patterns to appointments with doctors and other professionals, to our communications. Aleaziz and Haskins write:

“When DHS buys geolocation data, investigators only know that phones and devices visited certain places — meaning, they don’t automatically know the identities of people who visited those locations. Investigators have to match a person’s visited locations with, say, property records and other data sets in order to determine who a person is. But this also means that, technically, moment-by-moment location tracking could happen to anyone, not just people under investigation by DHS. In particular, lawyers, activists, nonprofit workers, and other essential workers could get swept up into investigations that start with geolocation data. DHS officials said they do not comment on alleged leaked documents. The agency is aware of potential legal vulnerabilities under the Fourth Amendment. Mizelle states in his memo that there are ways for CBP and ICE to ‘minimize the risk’ of possible constitutional violations, pointing out that they could limit their searches to defined periods, require supervisors to sign off on lengthy searches, only use the data when more ‘traditional’ techniques fail, and limit the tracking of one device to when there is ‘individualized suspicion’ or relevance to a ‘law enforcement investigation.’”

Earlier this year, The Wall Street Journal reported that DHS was purchasing this data for ICE and CBP. Federal records show both agencies have bought licenses and software from mobile-device-data-vendor Venntel. The House Committee on Oversight and Reform is now investigating the company for selling data to government agencies.

Interesting dynamics.

Cynthia Murrell, November 18, 2020

Size of the US Secret Service?

November 16, 2020

I read “Expansive White House Covid Outbreak Sidelines 10% of Secret Service.” If the headline is accurate, the US Secret service consists of 1,300 officers in the “uniformed division.” The key phrase is “uniformed division.” To the untrained eye, these officers appear in uniforms similar to those of other police. However, there are non-uniformed Secret Service officers. A list of USSS field offices is here. A year ago I learned at a law enforcement conference that there were more than 7,000 employees in the USSS. Net net: The USSS has a reasonably deep roster and can cooperate with the US Capitol Police to deal with events of interest. (The USCP is responsible for Congress; the USSS, the White House. When the vice president moves from the White House to Capitol Hill, the protective duties shift as well.) The article left me with the impression that Covid has impaired the USSS. In my opinion, the USSS is on duty and robust.

Stephen E Arnold, November 16, 2020

Germany Raids Spyware Firm FinFisher

November 3, 2020

Authorities in Germany have acted on suspicions that spyware firm FinFisher, based in Munich, illegally sold its software to the Turkish government. It is believed that regime used the tools to spy on anti-government protesters in 2017. The independent Turkish news site Ahval summarizes the raid and the accusations in, “Spyware Company that Allegedly Sold Spyware to Turkey Raided by German Police.” We’re told:

“Germany’s Customs Investigation Bureau (ZKA) searched 15 properties last week, both in Germany and other countries. Public prosecutors told German media that directors and employees of FinFisher and other companies were being investigated. The investigation follows complaints filed by NGOs Reporters Without Borders,, the Society for Civil Rights (Gesellschafft für Freiheitsrechte, GFF) and the European Center for Constitutional and Human Rights. The NGOs believe that a spyware product used in 2017 to target anti-government protesters in Turkey was FinFisher’s FinSpy. Germany’s Economy Ministry has issued no new permits for spyware since 2015, while the software in question was written in 2016, meaning that if it was used, it must have been exported in violation of government license restrictions.”

Activist group CitizenLab asserts the Turkish government spread the spyware to protesters through Twitter accounts. These accounts, we’re told, masqueraded as sources of information about upcoming protests. As far back as 2011, FinFisher was suspected of supplying regimes in the Middle East with spyware to track Arab Spring protestors. The software has since been found in use by several authoritarian governments, including Bahrain, Ethiopia, and he UAE. Just this September, Amnesty International reported FinFisher’s spyware was being used by Egypt. For its part, of course, the company denies making any sales to countries not approved by German law. We shall see what the investigation turns up.

Cynthia Murrell, November 3, 2020

Amazon Rekognition: Helping Make Work Safer

October 22, 2020

DarkCyber noted Amazon’s blog post “Automatically Detecting Personal Protective Equipment on Persons in Images Using Amazon Rekognition.” Amazon discloses:

With Amazon Rekognition PPE detection, you can analyze images from your on-premises cameras at scale to automatically detect if people are wearing the required protective equipment, such as face covers (surgical masks, N95 masks, cloth masks), head covers (hard hats or helmets), and hand covers (surgical gloves, safety gloves, cloth gloves). Using these results, you can trigger timely alarms or notifications to remind people to wear PPE before or during their presence in a hazardous area to help improve or maintain everyone’s safety.

The examples in the Amazon write up make sense. However, applications in law enforcement and security are also possible. For instance, consider saying, “Hands up” to a person of interest:

10 21 hands up

The system can detect objects held by an individual. You can get more information in the blog post. Policeware and intelware vendors working with Amazon at this time may generate other use cases.

Stephen E Arnold, October 22, 2020

Exclusive: Interview with DataWalk’s Chief Analytics Officer Chris Westphal, Who Guides an Analytics Rocket Ship

October 21, 2020

I spoke with Chris Westphal, Chief Analytics Officer for DataWalk about the company’s string of recent contract “wins.” These range from commercial engagements to heavy lifting for the US Department of Justice.

Chris Westphal, founder of Visual Analytics (acquired by Raytheon) brings his one-click approach to advanced analytics.

The firm provides what I have described as an intelware solution. DataWalk ingests data and outputs actionable reports. The company has leap-frogged a number of investigative solutions, including IBM’s Analyst’s Notebook and the much-hyped Palantir Technologies’ Gotham products. This interview took place in a Covid compliant way. In my previous Chris Westphal interviews, we met at intelligence or law enforcement conferences. Now the experience is virtual, but as interesting and information in July 2019. In my most recent interview with Mr. Westphal, I sought to get more information on what’s causing DataWalk to make some competitors take notice of the company and its use of smart software to deliver what customers want: Results, not PowerPoint presentations and promises. We spoke on October 8, 2020.

DataWalk is an advanced analytics tool with several important innovations. On one hand, the company’s information processing system performs IBM i2 Analyst’s Notebook and Palantir Gotham type functions — just with a more sophisticated and intuitive interface. On the other hand, Westphal’s vision for advanced analytics has moved past what he accomplished with his previous venture Visual Analytics. Raytheon bought that company in 2013. Mr. Westphal has turned his attention to DataWalk. The full text of our conversation appears below.

Read more

Facebook: Interesting Data If Accurate

October 16, 2020

DarkCyber spotted a factoid of interest to law enforcement professionals in “Facebook Responsible for 94% of 69 Million Child Sex Abuse Images Reported by US Tech Firms.”

Facebook has previously announced plans to fully encrypt communications in its Messenger app, as well as its Instagram Direct service – on top of WhatsApp, which is already encrypted – meaning no one apart from the sender and recipient can read or modify messages.

Now about Facebook’s content curation procedures? End-to-end encryption of ad supported private messaging services appears to benefit bad actors.

Stephen E Arnold, October 16, 2020

Facebook WhatsApp: Disappearing Media. Really? Gone for Good?

September 28, 2020

Facebook is endlessly entertaining. On one tentacle, the octopus company seeks to lessen the competitive threats from next generation social media like TikTok-type videos. On another tentacle, Facebook suggests that those in the European Union can do without Facebook. DarkCyber thinks of this as “the take my ball and go home” tactic. Ten year olds with minimal physical coordination but a stock of high end athletic equipment have been known to trot out this argumentative chestnut. Another tentacle semi cooperates with government officials. Another tentacle balances on a knife edge in order to keep employees happy with the wonderful social environment within the helpful company’s digital walled garden. There are other tentacles too, but I want to focus your attention on “WhatsApp Expiring Media Feature Details Tipped via New Beta Version.” Keep in mind that “beta” does not mean something a thumbtyper will be able to use.

The write up explains:

WhatsApp beta for Android has been released with further references for a new feature called “Expiring Media.” The feature, as its name suggests, would make media files such as images, videos, and GIFs sent to the recipient’s phone over WhatsApp disappear once they are viewed.

Interesting. Just one question:

If media are disappeared for users, are those data deleted from the Facebook servers?

One hopes not; otherwise, some investigations will be slowed or halted.

Stephen E Arnold, September 28, 2020

Predictive Policing: A Work in Progress or a Problem in Action?

September 2, 2020

Amid this year’s protests of police brutality, makers of crime-predicting software took the occasion to promote their products as a solution to racial bias in law enforcement. The Markup ponders, “Data-Informed Predictive Policing Was Heralded as Less Biased. Is It?” Writer Annie Gilbertson observes, as we did, that more than 1,400 mathematicians signed on to boycott predictive policing systems. She also describes problems discovered by researchers at New York University’s AI Now Institute:

“‘Police data is open to error by omission,’ [AI Now Director Rashida Richardson] said. Witnesses who distrust the police may be reluctant to report shots fired, and rape or domestic violence victims may never report their abusers. Because it is based on crime reports, the data fed into the software may be less an objective picture of crime than it is a mirror reflecting a given police department’s priorities. Law enforcement may crack down on minor property crime while hardly scratching the surface of white-collar criminal enterprises, for instance. Officers may intensify drug arrests around public housing while ignoring drug use on college campuses. Recently, Richardson and her colleagues Jason Schultz and Kate Crawford examined law enforcement agencies that use a variety of predictive programs. They looked at police departments, including in Chicago, New Orleans, and Maricopa County, Ariz., that have had problems with controversial policing practices, such as stop and frisk, or evidence of civil rights violations, including allegations of racial profiling. They found that since ‘these systems are built on data produced during documented periods of flawed, racially biased, and sometimes unlawful practices and policies,’ it raised ‘the risk of creating inaccurate, skewed, or systemically biased data.’”

The article also looks at a study from 2016 by the Royal Statistical Society. Researchers supplied PredPol’s algorithm with arrest data from Oakland California, a city where estimated drug use is spread fairly evenly throughout the city’s diverse areas. The software’s results would have had officers target Black neighborhoods at about twice the rate of white ones. The team emphasized the documented harm over-policing can cause. The write-up goes on to cover a few more studies on the subject, so navigate there for those details. Gilberston notes that concerns about these systems are so strong that police departments in at least two major cities, Chicago and Los Angeles, have decided against them. Will others follow suit?

Cynthia Murrell, September 2, 2020

Next Page »

  • Archives

  • Recent Posts

  • Meta