DHS funded 'FirstToSee Emergency Support System' being used to spy on social media

A social media monitoring tool developed last year by Pierce County, Wash., got its first real-world use last month during search and rescue efforts following the massive mudslide in Washington State.

Known as the FirstToSee Emergency Support System, the tool was used to search Twitter for the word “missing,” and relevant tweets were provided to emergency response officials.

Click here to read the FirstToSee Emergency Support System whitepaper.

According to a FirstToSee white paper, responders use the technology to view large amounts of data from popular social media sites. Data is then compiled and placed into filterable and editable categories. A tabular view lists abbreviated data in expandable columns and gives the status and priority of each listing while a map view provides a real-time overview of locations and incident types.

The monitoring (spying) system leverages existing social media technologies to "greatly improve emergency preparedness and management" in the Puget Sound region, according to the Piece County. Gerull said the idea for the FirstToSee system was developed by local emergency management professionals after noticing the public flocking to social media outlets to report incidents during times of crisis.

The portal was built using Usahidi's SwiftRiver and CrowdMap open source platforms. These technologies were chosen due to their proven ability to collect, analyze and filter real-time data from social media sources.

The new system is the result of a $550,000 DHS grant and was developed by staff from Pierce County and the nonprofit Pacific Northwest Economic Region Foundation.

The program was further supported by an advisory group that included the U.S. Coast Guard, Puget Sound Joint Harbor Operations Center, Washington State Fusion Center, Washington Department of Transporation, Washington Ports Association, Port of Everett, and Everett Emergency Management. This group provided feedback on the system's design, as well as recommendations on how FirstToSee could best meet the needs of Puget Sound responders. (What a surprise a DHS sponsored Fusion Center aided in it's development.)

FirstToSee was successfully tested in May 2013, but it was put into action for the first time in March during search and rescue efforts following the massive landslide in Oso, Wash., that killed as many as 33 people. The system was set to search Twitter for the word “missing” and relevant tweets were provided to emergency response officials.

Phase Two of the project is planned for 2014, the system will be upgraded to support video reports and a wider range of smartphone platforms.
http://www.govtech.com/internet/Using-Social-Media-to-Aid-in-the-Oso-Mudslide-.html

Police are using IBM'S 'Identity Insight, or i2' to spy on citizens relationships, public utility records & more:

NY - The smartphones Rochester Police officers carry are about to get a whole lot smarter.

The department has been using an IBM-created investigative software called Identity Insight, or i2, for a little more than a year "to help us understand the non-obvious relationship associations" between people they encounter on a relatively regular basis.

Most record management systems have the ability to tell officers who's been directly associated with a vehicle; the i2, Heroff explained, "takes that out to several degrees of separation.
"That's what sets us apart from others," he said. "It's easy to keep track of who's associated with that vehicle, but when you add that next layer or two on, it's possible to see other associations. "If we can map those connections, those associations, out a few layers, all of a sudden it makes sense that this guy would be out in that car" during any given crime, because he's linked with someone who's been linked with that vehicle in the past. Heroff isn't aware of any other agencies in the country using it, but the department's programmers took it a step further. "We actually wrote an Android app in-house that interfaced with the Identity Insight analytics," Heroff said. Every 10 seconds, i2 goes to the local dispatch system to look for any new information entered — things like license plate numbers, names or addresses, discovered from a traffic stop or other contact — and looks for associations with data already on hand. Then, Heroff said, "the in-house application takes the information and filters it to look for three things: the most problematic and prolific serious offenders, someone who has an active warrant or someone on probation. If any of those three conditions exist within the two degrees of association, then we send out an alert to the officer assigned to the call within 5 seconds. "What we're trying to do is provide our officers with a better understanding of the potential criminal environment that they're walking into," he said. "That's a pretty incredible accomplishment. We have some very talented folks here." Any information accessed comes only from what the local department has already documented, as well as from the Olmsted County Sheriff's Office, outstanding warrants databases, parole databases and public utility records. "We're not reaching out to other sources of information, or even to other policing agencies," Heroff said, but that may soon change. "We're looking at potential partnerships and opportunities to share and collaborate with the state of Minnesota, the (Bureau of Criminal Apprehension) and other regional law enforcement agencies," he said. "We just need to figure out the policy implications; and technologically, we need to make the right connections, which boils down to time and money."http://www.postbulletin.com/news/local/rochester-police-getting-safer-smarter/article_6a98cd7d-7d9b-59cf-b90a-16a2ca01bf16.html IBM: InfoSphere Identity Insight

"By examining relevant individuals, their relationships and their actions, InfoSphere Identity Insight V8.1 is designed to enable a comprehensive picture of who a person is, who the person knows, and what the person does.

Who is Who – Identity Resolution - By accumulating identity context over time, InfoSphere Identity Insight uses various enterprise sources of information to determine whether individuals really are who they say they are. IBM's proprietary Entity Resolution™ technology looks at these attributes across time to help ensure the most accurate identity, and determines if a previous assumption should be corrected based on new facts.

Who Knows Who – Relationship Resolution - Once accurate identity is established, complex relationships can be uncovered. InfoSphere Identity Insight processes resolved identity data to determine whether people are, or ever have been, related in any way.

Who Does What – Complex Event Processing -Having the knowledge of "who is who" and "who knows who" well established, Identity Insight then applies complex event processing to evaluate all transactions of the entity, and optionally, of associated entities. The capability to determine all occurrences of the same person across the information landscape is required to have a clear picture of how an individual is interacting with the organization. This sophistication allows the IBM solution to discover well-concealed fraudulent and criminal activities.

This process is designed to mine the overall information landscape in real time, bringing to light all of the associations and occurrences involving the same person or a group. If a questionable situation or pattern is detected, the system proactively generates alerts."
http://www-03.ibm.com/software/products/en/infosphere-identity-insight/

SEC searching our emails without a warrant:

Two stories popped up last week that raise serious concerns about the way that the SEC tramples on the Constitution. The first is that in a hearing, SEC boss Mary Jo White was asked why the SEC is so resistant to ECPA reform and what's wrong with getting a warrant, and more or less admitted that it's standard practice for the SEC to not get a warrant, but to rely on loopholes in ECPA to get access to emails. Prior to this, many had assumed that this was just a desire of the SEC, not that they were regularly doing it. But White's answer makes it clear that the SEC views this practice -- which seems like it should be a clear 4th Amendment violations -- as standard operating procedure.

Click here to view the video.

While she insists that the privacy issues aren't a huge deal, because the SEC tries to "give notice" to the subscriber whose email is being accessed, that still doesn't explain why paper documents require a warrant, and yet the SEC doesn't bother with the much higher standard (including judicial review) of a warrant for electronic documents.

Mark Cuban and his lawyer published an op-ed in the Wall Street Journal last week, discussing the SEC's totally bogus case against him for insider trading, which got tossed out by a lawyer. The key issue they discussed is how the SEC had exculpatory evidence that proved Cuban had done no wrong from back in 2004 -- and then did everything possible to avoid turning over that evidence, as is normally required in legal proceedings.

In a criminal trial, the federal government has long been obliged to promptly turn over to the defense any evidence that could show that the accused did not commit the offense of which he is accused. The Brady rule (announced in the 1963 Supreme Court case, Brady v. Maryland), prevents one-sided prosecutions in which the defendant is kept in the dark about information that might show that he is innocent.

The government's job as criminal prosecutor is not to obtain convictions, but "to do justice," according to the traditional legal maxim. It should be required to follow the Brady rule in civil trials as well. But the SEC does not, even when it accuses a citizen of fraud. Had the agency complied with this simple rule in its recent insider-trading case against one of us, Mark Cuban, it is unlikely that a lawsuit would even have been filed, let alone go to trial.

At issue were notes the SEC had concerning the details of Cuban's conversation with the CEO of Mamma.com, the search engine Cuban had invested in (and then sold all his shares in), which showed that, contrary to the SEC's claims in the case against him, Cuban had never made certain promises. When Cuban and his lawyer asked for these notes, the SEC resisted.

The SEC, however, resisted the disclosure of these notes for the next three years. Even up until the time Mr. Cuban took the stand, the SEC continued to fight to keep the notes from being shown to the jury by asking the judge to exclude them from evidence. Fortunately, the judge disagreed and the jury ultimately cleared Mr. Cuban of a charge of insider trading.

So, reading both of these stories, we see that the SEC feels that it is free to ignore both the 4th Amendment (against search and seizure without a warrant) and the 14th Amendment (concerning due process). Don't we think that agencies of the federal government should be required to follow the Constitution -- especially basic concepts like protecting the privacy of individuals and giving them basic due process?

For those of you who think this is no big deal, because it's the SEC, and the SEC just goes after big bad bankers and the like, recognize that the agency following right behind the SEC in fighting ECPA reform is the IRS. Do you feel it's similarly okay for the IRS to search your emails and electronic records without a warrant while also believing that it need not share any of the exculpatory evidence it finds, proving your innocence, while bringing a case against you for violating the law?