DHS & the NSA are working with private companies to increase domestic spying

A draft U.S. Senate bill aimed at making it easier for organizations to share cyberthreat information poses serious threats to personal privacy, several rights groups said in a letter to Congress.

A discussion draft of the Cybersecurity Information Sharing Act of 2014 (CISA) was released last week by Senate Intelligence Committee Chair Dianne Feinstein. The proposed bill would facilitate a vast flow of information to the National Security Agency at a time when the agency faces many questions about its surveillance practices, numerous privacy groups said in the letter.

The bill ignores many civil liberties protections incorporated into an earlier version, called the Cybersecurity Act of 2012, the letter said.

The CISA bill is designed to let companies more easily share, receive and use information about cyberthreats. It would also provide some protections for companies that engage in countermeasures to deal with attacks against their networks.

Backers of the legislation believe that such measures are needed to help private companies detect and respond to cyberthreats more efficiently. Sharing information about things such as bad IP addresses or malware can help companies more quickly respond to common threats, the supporters say.

Privacy groups contend that CISA would also authorize a free flow of real-time threat information between the private sector and U.S. government agencies, including the NSA and DHS.

The legislation would require the DHS to immediately disseminate any threat information it receives from private companies to other agencies, such as the Department of Defense and the U.S. Cyber Command, and that could lead to a unnecessary militarization of cybersecurity issues, the letter said.

"CISA requires that cyberthreat indicators shared from the private sector with DHS be immediately disseminated to the Department of Defense, which includes the NSA and U.S. Cyber Command."

"This new flow of private communications information to the NSA is deeply troubling given the past year's revelations of overbroad NSA surveillance," the groups said in their letter. "It would enhance the NSA's role in the civilian cybersecurity program, risking militarization of the program."

The bill is vague on the specific instances under which companies can share data or what type of information can be shared, the groups said. In addition, there are few clear restrictions on how government agencies can use threat data received from private companies, and inadequate controls for protecting personally identifiable data, they said.

John Pescatore, director of emerging security threats at the SANS Institute, said the CISA bill would be unlikely to spur any significant increase in information sharing.

"It does try to address liability and antitrust concerns, and demand that the government protect and not retain such data. But the reality is that there is still little to gain by private industry voluntarily forwarding more information to the federal government. There are existing forums, like the Information Sharing and Analysis Centers, where such sharing already takes place at the level which makes sense for businesses," Pescatore said.
http://www.computerworld.com/s/article/9249444/Groups_fear_bill_would_allow_free_flow_of_data_between_private_sector_and_NSA?taxonomyId=17

The NSA, CIA, FBI/DHS are conducting warrantless 'backdoor searches' on Americans:

James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free.

"Americans need to have enough information to make up their own minds about surveillance programs," Franken said in a statement. "The administration's report is a far cry from the kind of transparency that the American people demand and deserve."

While the report may be offered in good faith, it "still leaves Americans in the dark," Franken added.

It's not just the NSA doing these searches, but the CIA and FBI/DHS as well. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this:

The FBI does not track how many queries it conducts using U.S. person identifiers. The FBI is responsible for identifying and countering threats to the homeland, such as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its domestic mission, the FBI routinely deals with information about US persons and is expected to look for domestic connections to threats emanating from abroad, including threats involving Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within the information lawfully in its possession, the FBI does not distinguish between U.S. and non- U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI does not receive all of Section 702 collection; rather, the FBI only requests and receives a small percentage of total Section 702 collection and only for those selectors in which the FBI has an investigative interest.

Moreover, because the FBI stores Section 702 collection in the same database as its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section 702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to locate relevant information that is already in its possession when it opens new national security investigations and assessments. Therefore, the FBI believes the number of queries is substantial. However, only FBI personnel trained in the Section 702 minimization procedures are able to View any Section 702 collection that is responsive to any query.

Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight.

It's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on Americans (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:

In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of that total number approximately 40% were conducted as a result of requests for counterterrorism-related information from other U.S. intelligence agencies.  

Approximately 27% of the total number are duplicative or recurring queries conducted at different times using the same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702 collection. However, the CIA does not track the number of metadata-only queries using U.S. person identifiers.

So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place.

Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed:

When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed.

https://www.techdirt.com/articles/20140630/12101627734/fbi-cia-also-make-use-backdoor-searches-nsa-data-to-access-us-communications-without-warrant.shtml

Nationwide DHS surveillance grants allow police to use private security cameras to spy on the public:

Downtown businesses are giving area law enforcement agencies greater access to private video surveillance feeds under a new push to increase real-time monitoring capabilities in Grand Rapids.
Jack Stewart, Kent County emergency management coordinator, said the Grand Rapids Police and Kent County Sheriff’s departments are increasing access to the downtown surveillance apparatus under a new public-private partnership program.

The two agencies are tapping into private video feeds from existing cameras mounted on the exterior of private commercial buildings downtown, he said.

Previously, police would request video from private feeds during the course of a criminal investigation. Now, police will be able to monitor the feeds in real time from county and city dispatch centers.

“This is the same technology that helped catch the Boston Marathon bombers,” said Stewart. “This is not day-to-day monitoring. It’s just in the event of an emergency. There would have to be an event serious enough to trigger us to monitor the cameras.”

If that B.S. response sounds familiar it's the same load of crap NSA chief James Clapper tried to sell Congress last year, claiming they weren't spying on Americans.

Stewart said there are roughly 100 exterior video cameras right now that are or could be accessed under the program, many of them concentrated around government and critical infrastructure buildings.

Private businesses are working with DHS & police but you're not allowed to know! If you're going out to buy bread or beer your store could be spying on you. See the example below:

Non-disclosure agreements precluded Stewart from naming specific businesses participating in the program, but some were willing to disclose that on their own.

Stewart said the program is limited to outdoor surveillance only, and monitoring of public areas where “there’s no expectation of privacy.”

The program, which Stewart said is pursuing federal Dept. of Homeland Security grants to expand the surveillance capability downtown with new and upgraded equipment, has been in the works for several years.

“Some of the cameras are hooked-up already, but we’d like to offer to enhance and expand to other businesses and facilities that want to hook-up to the project,” said Stewart about uses for the possible grant money.

The program is a response to increasing activity in the downtown area, and disclosure of the project follows a pair of downtown shootings this month that have caused Grand Rapids police to step up their presence in the district.

Hospitals & the Feds are spying on you:

You may soon get a call from your doctor if you’ve let your gym membership lapse, made a habit of picking up candy bars at the check-out counter or begin shopping at plus-sized stores.

That’s because some hospitals are starting to use detailed consumer data to create profiles on current and potential patients to identify those most likely to get sick, so the hospitals can intervene before they do. 

They claim, its an intervention program, why didn't the NSA think of that? It's just another govt & corporate spying program designed to know & track your eating, drinking & fitness habits.

Massachusetts General Hospital plans to begin questioning all patients about their use of alcohol and illegal drugs starting this fall, even if they are at the hospital for a totally unrelated issue!

“We’re really trying to make this health condition like any other so just like we do diabetes screening or blood pressure screening or ask people about sunscreen, it just becomes one more component of health care that we ask about,” Wakeman explained.

Four questions will be posed, including “how often have you had six or more drinks on one occasion,” and “how often have you used an illegal drug in the past year?”

Enough “yes” answers could prompt a special team to conduct what’s being called a “bedside intervention” and possible treatment.

What is a "bedside intervention" you may ask? It's a patient "educational intervention" according to  NCBI.

Expect DHS the NSA and the FBI along with numerous police agencies to have access (spying) to your complete medical dossiers.

Information compiled by data brokers from public records and credit card transactions can reveal where a person shops, the food they buy, and whether they smoke. The largest hospital chain in the Carolinas is plugging data for 2 million people into algorithms designed to identify high-risk patients, while Pennsylvania’s biggest system uses household and demographic data. Patients and their advocates, meanwhile, say they’re concerned that big data’s expansion into medical care will hurt the doctor-patient relationship and threaten privacy.

Well of course it will hurt the doctor-patient relationship. No one is going to trust anything or anybody anymore!

Carolinas HealthCare System operates the largest group of medical centers in North Carolina and South Carolina, with more than 900 care centers, including hospitals, nursing homes, doctors’ offices and surgical centers. The health system is placing its data, which include purchases a patient has made using a credit card or store loyalty card, into predictive models that give a risk score to patients.

Within the next two years, Dulin plans for that score to be regularly passed to doctors and nurses who can reach out to high-risk patients to suggest interventions before patients fall ill.

For a patient with asthma, the hospital would be able to score how likely they are to arrive at the emergency room by looking at whether they’ve refilled their asthma medication at the pharmacy, been buying cigarettes at the grocery store and live in an area with a high pollen count, Dulin said.

“What we are looking to find are people before they end up in trouble,” said Dulin, who is also a practicing physician. “The idea is to use big data and predictive models to think about population health and drill down to the individual levels to find someone running into trouble that we can reach out to and try to help out.”

“The data is already used to market to people to get them to do things that might not always be in the best interest of the consumer, we are looking to apply this for something good,” Dulin said.

If the early steps are successful, though, Dulin said he would like to renegotiate to get the data provider to share more specific details on patient spending with doctors.

While all information would be bound by doctor-patient confidentiality, he said he’s aware some people may be uncomfortable with data going to doctors and hospitals. For these people, the system is considering an opt-out mechanism that will keep their data private, Dulin said.

The U.S. has begun levying fines against hospitals that have too many patients readmitted within a month, and rewarding hospitals that do well on a benchmark of clinical outcomes and patient surveys.
Hospitals and insurers need to be mindful about crossing the “creepiness line” on how much to pry into their patients’ lives with big data, he said. It could also interfere with the doctor-patient relationship.

The strategy “is very paternalistic toward individuals, inclined to see human beings as simply the sum of data points about them,” Irina Raicu, director of the Internet ethics program at the Markkula Center for Applied Ethics at Santa Clara University, said in a telephone interview.
http://www.bloomberg.com/news/2014-06-26/hospitals-soon-see-donuts-to-cigarette-charges-for-health.html