Mike Katz-Lacabe

Sep 072015
 

In 2013, the City of Piedmont, California, spent almost $600,000 to purchase 39 license plate readers covering most of its border with Oakland. With a population of less than 11,000 people, these 39 license plate readers collect photographs and license plates from more than 1,000,000 vehicles every month. The City of Piedmont sends this data to a regional license plate data warehouse at the Northern California Regional Intelligence Center (NCRIC), where it is stored for one year, even if the data does not generate a “hit” as a stolen vehicle, being registered to a wanted individual, etc.

The City of Oakland, with a population of more than 400,000 people, took three years to gather 4.6 million license plate reads and photographs (see We know where you’ve been: Ars acquires 4.6M license plate scans from the cops). In Piedmont, that same amount of data would be collected in less than 5 months.

Using the information gathered by Oakland’s license plate readers, Ars Technica was able to determine where Oakland City Councilmember Dan Kalb worked and lived with his vehicle captured just 51 times between May 2012 and May 2014. Data from license plate readers could reveal churchgoing habits, whether you visit a medical marijuana dispensary or a health clinic, and whether you spend the night with someone other than your spouse.

Until June 2014, NCRIC generated a report on total license plate reads submitted to it by each agency. Combined with the number of hits reported by the Piedmont Police Department, this data shows that 99.97% of the data collected by Piedmont’s license plate readers is useless – it is data collected about people who are not charged with or suspected of any crime. For example, in April 2014, Piedmont submitted 1,420,244 license plate reads and photographs to NCRIC and only generated 400 hits. That is a hit rate of 0.00028 or 0.028 percent. Below is a table showing this information from December 2013 to June 2014:

Month Total reads Hits Percentage
12/2013 1272871 532 0.042
1/2014 1201196 374 0.031
2/2014 1025771 276 0.027
3/2014 1189422 323 0.027
4/2014 1420244 400 0.028
5/2014 1462313 465 0.032
6/2014 1213121 391 0.032

 

Source documents:

 

Sep 012015
 

According to documents from the California Highway Patrol (CHP), it has purchased 216 Vigilant Video license plate readers between June 2011 and April 2015. In addition, an undated document on automated license plate reader statistics indicates that there were 86,899 alerts for 27,545,659 license plate reads, a hit percentage of 0.3%. In other words, 99.7% of the data gathered by the CHP’s license plate readers was essentially mass surveillance on people not suspected of or charged with a crime.

The license plate readers were purchased using homeland security funds in batches of 120 on June 30, 2011, 73 on February 13, 2012, and 23 on March 9, 2012. The bid specifications are dated June 27, 2011, and the contract was from February 6, 2012, to February 5, 2015. The total cost of the license plate readers was just over $2 million ($2,050,644.01).

Section 2413(b) of the California Vehicle Code states, “The Department of the California Highway Patrol may retain license plate data captured by a license plate reader (LPR) for no more than 60 days, except in circumstances when the data is being used as evidence or for all felonies being investigated, including, but not limited to, auto theft, homicides, kidnaping, burglaries, elder and juvenile abductions, Amber Alerts, and Blue Alerts.”

Here are some photos of the Vigilant Video license plate readers mounted on a CHP Ford Explorer:

CHP_ALPR_Explorer

CHP Ford Explorer with Vigilant Video license plate readers

CHP_ALPR1

CHP Ford Explorer with Vigilant Video license plate readers

CHP_ALPR_top

Top view of Vigilant Video license plate reader mounted on CHP Ford Explorer.

Source documents:

Aug 262015
 

California Vehicle Code 21455.5 (i) requires “A manufacturer or supplier that operates an automated traffic enforcement system” to submit an annual report to the Judicial Council. Below are reports from RedFlex, for the 43 California cities in which their red light cameras are deployed.

  1. Bakersfield
  2. Baldwin Park
  3. Beverly Hills
  4. Citrus Heights
  5. Commerce
  6. Culver City
  7. Daly City
  8. Del Mar
  9. Elk Grove
  10. Encinitas
  11. Fremont
  12. Garden Grove
  13. Hawthorne
  14. Highland
  15. Inglewood
  16. Laguna Woods
  17. Los Alamitos
  18. Lynwood
  19. Marysville
  20. Menlo Park
  21. Modesto
  22. Montebello
  23. Mountains Recreation and Conservation Authority (MRCA)
  24. Napa
  25. Newark
  26. Oakland
  27. Oceanside
  28. Oxnard
  29. Rancho Cordova
  30. Redding
  31. Riverside
  32. Sacramento
  33. San Leandro
  34. San Mateo
  35. San Rafael
  36. Santa Ana
  37. Santa Clarita
  38. Solana Beach
  39. Stockton
  40. Ventura
  41. Victorville
  42. Vista
  43. Walnut

 

Aug 012015
 

In a letter dated July 28, 2015, the FBI said it could neither confirm nor deny that it has contract J-FBI-09-211, which has to do with “Landshark” restricted software used with the Harris StingRay. This document is referenced in FBI letters to Harris Corporation in which the FBI notifies Harris of its approval of a law enforcement agency’s non-disclosure agreement. This non-disclosure agreement is required before the law enforcement agency can purchase a cell site simulator such as a StingRay, KingFish, or HailStorm from Harris Corporation.

The letter from the FBI states,

Please be advised that upon reviewing the substantive nature of your request, we can neither confirm nor deny the existence of records responsive to your request pursuant to FOIA exemption (b) (7) (E) [5 U.S.C.§552 (b)(7)(E)]. The mere acknowledgment of whether or not the FBI has any such records in and of itself would disclose techniques, procedures, and/or guidelines that could reasonably be expected to risk of circumvention of the law. Thus, the FBI neither confirms nor denies the existence of any records.

Contract J-FBI-09-211 is referenced in the following documents:

Jul 202015
 

On June 18, 2015, ShotSpotter issued a press release announcing the installation of its SecureCampus product at Newark Memorial High School in Newark, California. The contract was signed on December 16, 2014, by Bryan Richards, the Chief Business Official for the Newark Unified School District. Since the contract doesn’t cost anything in its first year (although the contract values it at $110,389), it did not go before the Newark School Board for approval, which means that the community and staff have not had an opportunity to discuss the privacy implications of the 35 microphones already installed throughout the campus.

The proposed locations of the 35 sensors/microphones are shown in the ShotSpotter proposal dated March 17, 2014:

shotspotter_newark_locations

Although Newark police Cmdr. Michael Carroll was quoted in a June 18, 2015, Bay Area Newspaper Group article stating that that ShotSpotter “doesn’t record conversations because they aren’t loud enough to trigger a recording,” that claim has proven to be false. ShotSpotter microphones recorded human voices in Oakland, California, in 2007 and New Bedford, Connecticut, in 2012 that were introduced as evidence in criminal cases.

In an August 19, 2014, email from ShotSpotter’s Charley Daly to members of the Newark Police Department, Newark police officer Vincent Kimbrough is given credit for bringing the Newark Unified School District to ShotSpotter: “Charley Daly here and I remember when you came through with the Newark School District folks also. I will give you a call tomorrow and set up a time when we can get together to discuss Newpark Mall.”


Documents:

March 17, 2014, ShotSpotter proposal to Newark Unified School District

December 16, 2014, ShotSpotter agreement with Newark Unified School District

Emails between ShotSpotter and Newark Police Department – part 1

Emails between ShotSpotter and Newark Police Department – part 2

Emails between ShotSpotter and Newark Police Department – part 3

Jun 182015
 

In a letter dated June 8, 2015, the FBI responded to my request for a copy of the April 6, 2010, agreement between the FBI an Harris Corporation. This April 6, 2010, agreement is referenced in the approval of law enforcement agency’s non-disclosure agreements that are required before the law enforcement agency can purchase a cell site simulator such as a StingRay, KingFish, or HailStorm from Harris Corporation.

The letter from the FBI states,

Please be advised that upon reviewing the substantive nature of your request, we can neither confirm nor deny the existence of records responsive to your request pursuant to FOIA exemption (b) (7) (E) [5 U.S.C.§552 (b)(7)(E)]. The mere acknowledgment of whether or not the FBI has any such records in and of itself would disclose techniques, procedures, and/or guidelines that could reasonably be expected to risk of circumvention of the law. Thus, the FBI neither confirms nor denies the existence of any records.

However, although the FBI will neither confirm nor deny the existence of the April 6, 2010, agreement, it is referenced in letters from the FBI to Harris Corporation dated June 14, 2012 and February 13, 2013. This refusal to confirm or deny the existence of a document or specific information is known as a Glomar response, named for the Central Intelligence Agency’s response to a FOIA request about its Global Marine front company and its attempt to salvage a Soviet submarine. A portion of the text from both letters states,

The Federal Bureau of Investigation (FBI) has an approved non-disclosure agreement (NDA) in place with the captioned law enforcement agency. In accordance with the cited restricted software agreement and the April 6, 2010 agreement between the FBI and the Harris Corporation, your notification to the FBI of the agency’s intent to purchase, and our execution of the NDA, meets the FBI’s advance coordination requirement. Therefore, the Harris Corporation is permitted to sell the state-and-local version of the Stingray product with the restricted software to the…

Jun 082015
 

In a response to a public records request from April 22, 2015, on June 1, the Pennsylvania State Police released a redacted administrative regulation for the use of “Telecommunication Identification Interception Devices” also known as cell site simulators, IMSI catchers or Stingrays. Administrative regulation AR 9-16 references Pennsylvania’s Wiretapping and Electronic Surveillance Control Act and specifically refers to interception of electronic communications.

The Pennsylvania State Police FAQ on cell site simulators (CSS) claims that the CSS “cannot intercept the content of voice calls or text messages” nor can it obtain “cellular telephone numbers…of any user of a cellular device.” While the specific technical details and capabilities of the two Harris HailStorm devices owned by the Pennsylvania State Police are not known, the claim that the Harris HailStorm cell site simulators cannot obtain the cellular telephone numbers of cellular devices appears to be incorrect. In fact, the name IMSI catcher refers to the devices’ ability to capture the International Mobile Subscriber Identity, which is the device’s phone number.

For more information about the Pennsylvania State Police cell site simulators, see the excellent work by Dustin Slaughter at The Declaration and the Pennsylvania Right to Know Act request at MuckRock.

Pennsylvania purchase orders for Harris StingRay II to HailStorm Upgrade

Update: 6/26/15 – Text was updated to correct a mistake. It can still be seen in strikeout.

Jun 072015
 

In a May 28, 2015, response to a public records request, the Minnesota Department of Public Safety, Bureau of Criminal Apprehension (BCA), released an unredacted non-disclosure agreement with the Federal Bureau of Investigation (FBI). Despite releasing the unredacted NDA, the BCA still claims that portions of the Harris Corporation Terms and Conditions, descriptions of what it purchased and their prices are still exempt from disclosure:

It should be noted that portions of these documents have been redacted pursuant to Minnesota Statute 13.82, subd. 25 as they would reveal deliberative processes or investigative techniques of this agency that would disclose the existence of and the capabilities provided by cellular exploitation equipment to the public. Disclosure of the redacted portions of the documents would reveal sensitive technological capabilities possessed by the law enforcement community and may allow individuals who are the subject of investigation to employ countermeasures to avoid detection by law enforcement.

Credit goes to Rich Neumeister and the Minneapolis Star Tribune for forcing the Minnesota BCA to release a redacted NDA between the BCA and FBI in November 2014.

In this latest release, the BCA included unredacted and redacted versions of the NDA, entitled “Re: Acquisition of Wireless Collection Equipment/Technology and Non-Disclosure Obligations” and dated June 5, 2012.

The BCA also released an email from the FBI, advising it on how to prevent the NDA from being publicly disclosed.  That email from a Supervisory Special Agent at the FBI states,

Hello Andrew,

(U/LES) Thank you for talking with me yesterday about your pending disclosure request. As stated in our conversation, the protection of cell site simulator (CSS) information is a concern for all law enforcement agencies in the U.S. In light of the importance of the lawful usage of the CSS gear, my unit would like to assist you in protecting the data associated with the CSS gear from exposure to counter measures in criminal, terrorism, and foreign intelligence investigations. The first layer of protection for the CSS gear is the Non Disclosure Agreement (NDA), which your agency has signed in order to receive the CSS gear. From our conversation yesterday, my understanding is that you are being asked to disclosure all or part of the NDA. In order to clarify our position, I have attached a letter that the FBI has created for the purpose of articulating the law enforcement and legal support for protecting the NDA. We can send a signed copy of the letter to a government official, if you believe that will assist you in protecting the NDA. Please note that the letter is marked (LES).

(U/LES) In addition, you mentioned that the requestor has claimed that other disseminations of CSS information have appeared in the public view, which classifies them as “public record” pursuant to Minnesota’s laws, and therefore are subject to disclosure by your agency. When possible, would you be willing to send a sample of such information as we may be able to clarify the circumstances of the dissemination? Some disseminations may have been conducted unlawfully and therefore should not be considered “public record” or be subject to further authentication. In addition, we would like to be in a position to assist you in determining the scope and type of your pending response, so if we could set up a meeting with our FBI legal counsel and your office, that would be greatly appreciated.

A comparison of the redacted and unredacted versions of the NDA shows that the information redacted had nothing to do with the technical details or capabilities of the Harris Corporation equipment, but were mostly about preventing disclosure to the public, news media, and judicial system. One heavily redacted paragraphs states that the BCA should seek dismissal of a case in order to prevent disclosure of information about the Harris Corporation equipment. The document also redacted portions of FBI addresses, the name and division of the Assistant Director at the FBI, and the other signatories from the BCA. Here is the remaining text that was redacted in the NDA:

in press releases, in court documents, during judicial hearings, or during other public forums or proceedings

for the sale of the equipment/technology.

met the operator training standards identified by the FBI and’ are certified to conduct operations.

coordinate with the FBI in advance of its use of the wireless collection equipment/technology

the wireless collection equipment/technology or any software, operating manuals, or related technical documentation (including its technical/engineering descriptions) and capabilities)

concerning the wireless collection equipment/technology or any software) operating manuals, or related technical documentation (including its technical/engineering description(s) and capabilities)

wireless collection equipment/technology or any software, manuals, or related technical documentation

in any civil or criminal proceeding, use or provide any information concerning the Harris Corporation wireless collection equipment/technology, its associated software, operating manuals, and any related documentation (including its technical/engineering description(s) and capabilities) beyond the evidentiary results obtained through the use of the equipment/technology including, but not limited to, during pre-trial matters, in search warrants and related affidavits, in discovery, in response to court ordered disclosure, in other affidavits, in grand jury hearings, in the State’s case-in-chief, rebuttal, or on appeal, or in testimony in any phase of civil or criminal trial, without the prior written approval of the FBI. If the Minnesota Bureau of Criminal Apprehension learns that a District Attorney, prosecutor, or a court is considering or intends to use or provide any information concerning the Harris Corporation wireless collection equipment/technology, its associated software, operating manuals, and any related documentation (including its technical/engineering description(s) and capabilities) beyond the evidentiary results obtained through the use of the equipment/technology in a manner that will cause law enforcement sensitive information relating to the technology to be made known to the public, the Minnesota Bureau of Criminal Apprehension will immediately notify the FBI in order to allow sufficient time for the FBI to intervene to protect the equipment/technology and information from disclosure and potential compromise.

at the request of the FBI, seek dismissal of the case in lieu of using or providing, or allowing others to use or provide, any information concerning the Harris Corporation wireless collection equipment/technology, its associated software, operating manuals, and any related documentation (beyond the evidentiary results obtained through the use of the equipment/technology), if using or providing such information would potentially or actually compromise the equipment/technology. This point supposes that the agency has some control or influence over the prosecutorial process. Where such is not the case, or is limited so as to be inconsequential, it is the FBI’s expectation that the law enforcement agency identify the applicable prosecuting agency, or agencies, for inclusion in this agreement.

equipment/technology and any associated software, operating manuals, or related documentation (including its technical/engineering description(s) and capabilities)

in any news or press releases, interviews, or direct or indirect statements to the media.

wireless collection equipment/technology, its associated software, operating manuals, and any related documentation (including its technical/engineering description(s) and capabilities)

UPDATE: June 18, 2015 – It turns out that the Minnesota BCA accidentally released the unredacted NDA. And I thought that someone there had come to their senses.

 

May 262015
 

In response to a January 28, 2015, public records request and after I sent $1.14 to cover the cost of copies, the Phoenix Police Department sent a copy of its February 11, 2013, non-disclosure agreement with the Federal Bureau of Investigation.

With other non-disclosure agreements from the Minnesota Bureau of Criminal Apprehension, Erie County Sheriff’s Office, San Bernardino County Sheriff’s Office, Baltimore Police Department, and Ventura County Sheriffs Office, we can readily determine what text was redacted from the NDA. Nearly all of the redactions are references to hiding information about the StingRay from the judicial system.

From the bottom of the first page, the words “to employ countermeasures” were redacted from the sentence “Disclosing the existence of and the capabilities provided by such equipment/technology to the public would reveal sensitive technological capabilities possessed by the law enforcement community and may allow individuals who are the subject of investigation wherein this equipment/technology is used to employ countermeasures to avoid detection by law enforcement.”

Near the top of the third page of the NDA, the words “during pre-trial matters, in search warrants and related affidavits, in discovery, in response to court ordered disclosure, in other affidavits, in grand jury hearings, in the State’s case-in-chief, rebuttal, or on appeal, or in testimony in any phase of civil or criminal trial,” were redacted from the sentence “The Phoenix Police Department shall not, in any civil or criminal proceeding, use or provide any information concerning the Harris Corporation wireless collection equipment/technology, its associated software, operating manuals, and any related documentation (including its technical/engineering description(s) and capabilities) beyond the evidentiary results obtained through the use of the equipment/technology including, but not limited to, during pre-trial matters, in search warrants and related affidavits, in discovery, in response to court ordered disclosure, in other affidavits, in grand jury hearings, in the State’s case-in-chief, rebuttal, or on appeal, or in testimony in any phase of civil or criminal trial, without the prior written approval of the FBI.”

At the bottom of the third page, the words “seek dismissal of the case in” were redacted from the sentence “In addition, the Phoenix Police Department will, at the request of the FBI, seek dismissal of the case in lieu of using or providing, or allowing others to use or provide, any information concerning the Harris Corporation wireless collection equipment/technology, its associated software, operating manuals, and any related documentation (beyond the evidentiary results obtained through the use of the equipment/technology), if using or providing such information would potentially or actually compromise the equipment/technology.”

Later in the same paragraph, the words “control or influence over the prosecutorial process” were redacted from the sentence “This point supposes that the agency has some control or influence over the prosecutorial process.”

Also in the same paragraph, the words “prosecuting agency, or agencies” were redacted from the sentence “Where such is not the case, or is limited so as to be inconsequential, it is the FBI’s expectation that the law enforcement agency identify the applicable prosecuting agency, or agencies, for inclusion in this agreement.”

At the bottom of the fourth page, the words “the civil or criminal discovery process” were redacted from the sentence “In the event that the Phoenix Police Department receives a request pursuant to the Freedom of Information Act (5 U.S.C. § 552) or an equivalent state or local law, the civil or criminal discovery process, or other judicial, legislative, or administrative process, to disclose information concerning the Harris Corporation wireless collection equipment/technology, its associated software, operating manuals, and any related documentation (including its technical/engineering description(s) and capabilities), the Erie County Sheriff’s Office will immediately notify the FBI of any such request telephonically and in writing in order to allow sufficient time for the FBI to seek to prevent disclosure through appropriate channels.”

Other less interesting redactions included the names of people in the Phoenix Police Department, the name of the Assistant Director of the FBI’s Operation Technology Division (Amy Hess), and the phone numbers for the Assistant Director of the FBI’s Operation Technology Division and the Unit Chief of the Tracking Technology Unit.

May 192015
 

On May 19, 2015, the Tacoma Police Department released a February 13, 2013, letter from the FBI to Harris Corporation permitting it “to sell the  state-and-local version of the Stingray product with the restricted [“Landshark”] software to the Tacoma Police Department.”

The complete text of the letter:

Attention: Patricia Sciandra

Re: Contract J-FBI-09-211 “Landshark” Restricted Software Request Approval – Tacoma Police Department

Dear Ms. Sciandra:

The Federal Bureau of Investigation (FBI) has an approved non-disclosure agreement (NDA) in place with the captioned law enforcement agency. In accordance with the cited restricted software agreement and the April 6, 2010 agreement between the FBI and the Harris Corporation, your notification to the FBI of the agency’s intent to purchase, and our execution of the NDA, meets the FBI’s advance coordination requirement. Therefore, the Harris Corporation is permitted to sell the state-and-local version of the Stingray product with the restricted software to the Tacoma Police Department.

W. L. Scott Bean, III
Chief, Technical Surveillance Section
Operational Technology Division