Read 2 remaining paragraphs | Comments

The TSA's PreCheck program also expedites security screening for "notorious convicted felons" and "former domestic terrorists." Who knew? From the sounds of its in-depth pre-screening efforts, you would think (unnamed) convicted felons wouldn't be able to sail past the checkpoint without even slowing down, but apparently, that's exactly what happened. And it's not just any former felon/domestic terrorist, but one who was previously convicted of murder and offenses involving explosives. (via Kevin Underhill/Lowering the Bar)

The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure alleging a sufficiently notorious convicted felon was improperly cleared for TSA Pre✓ screening, creating a significant aviation security breach. The disclosure identified this event as a possible error in the TSA Secure Flight program since the traveler’s boarding pass contained a TSA Pre✓ indicator and encrypted barcode.

The good news (such as it were) is that the TSA did not grant the unnamed felon/terrorist PreCheck approval through its laborious and intrusive application process. It also didn't wave him/her through because lines were backing up at the normal checkpoints. (This is called "Managed Inclusion" by the TSA, but it more resembles "For the Hell of It" in practice…) That ends the good news.

It did, however, use its "risk assessment rules" to determine the terrorist/felon to be of no threat. This might be encouraging news for former felons/domestic terrorists, perhaps signaling that government agencies may ultimately forgive some criminal acts and not subject former felons to additional security harassment in perpetuity. Then again, this may just be the TSA's excuse for waving someone with questionable PreCheck clearance through security because a checkmark -- and its own internal bureaucracy -- told it to.

We also determined the Transportation Security Officer (TSO) followed standard operating procedures, but did not feel empowered to redirect the traveler from TSA Pre✓ screening to standard lane screening.

The OIG recommends more "empowerment" for rank-and-file. Good luck with that. If officers don't feel empowered, it's because management has shown them that questioning the (broken and wildly inconsistent) system isn't an option. Neither is doing any independent thinking. When this officer attempted to push it up the line, he/she ran into a pretty predictable response.

[T]he TSO knew of the traveler's TSA Pre✓disqualifying criminal convictions. The TSO followed the standard operating procedures and reported this to the supervisory TSO who then directed the TSO to take no further action and allow the traveler through the TSA Pre✓ lane. As a result, TSA does not have an incident report for this event.

One of the TSA's Behavioral Detection Officers (highly-trained in the art of the mental coin toss) was also contacted by the concerned officer. And, again, no further action was taken/recommended.

In the end, a felon/terrorist boarded a plane because the TSA's bureaucratic process can't handle contradictory variables. The PreCheck approval said "yes," but the previous convictions said PreCheck approval should never have happened. The TSA deferred to the obviously incorrect checkmark on the boarding pass. And now we have the punchline to the joke that starts, "A murderer with explosives experience walks into a PreCheck lane…"

The OIG's mostly-redacted recommendation criticizing the TSA's over-reliance on fallible pre-screening processes was mostly ignored by the agency.

TSA officials did not concur with Recommendation 1. In its response, TSA said that with respect to individuals who may pose an elevated security risk to commercial aviation, theU.S. Government's approach to domestic aviation security relies heavily on the TSDB and its Selectee List and No Fly List subcomponents. TSA said, had the intelligence or national law enforcement communities felt that this traveler posed an elevated risk to commercial aviation, they would have nominated the traveler to one of these lists and prevented the traveler from being designated as lower-risk.

To which the OIG responded, "Well, that 's obviously not working because this traveler should have been automatically denied PreCheck approval."

We consider TSA's actions nonresponsive to the intent of Recommendation 1, which is unresolved and open. TSA said it relies on the U.S. Government watchlisting process to identify individuals that represent an elevated risk to commercial aviation. However, not all non-watchlisted passengers are lower-risk and eligible for TSA Pre✓. For example, TSA has established disqualifying criteria, in addition to the watchlisting process, for an applicant seeking TSA Pre✓ Application Program membership. TSA will deny membership to an applicant convicted of any of the 28 disqualifying criminal offenses or not a U.S. citizen or Lawful Permanent Resident. Even though the traveler is not watchlisted, the traveler would be permanently ineligible for TSA Pre✓.

And yet, a convicted murderer has been PreCheck approved. The TSA wants to blame the rest of the government. The OIG just wants someone to use common sense, rather than never questioning a boarding pass. The OIG has a good point. The TSA claims it's shifting to a smarter, more responsive travel security, like the PreCheck program and its many Behavioral Detection Officers. But when a situation involving both arose, it left the thinking to its brainstem -- unwavering faith in databases and policy -- rather than making any move indicative of higher thought processes.

Permalink | Comments | Email This Story

Your homeland has never been more secure. (h/t to Techdirt reader jupiterkansas)

“They came in and there were two guys” Honig said. “I asked one of them what size he needed and he showed me a badge and took me outside. They told me they were from Homeland Security and we were violating copyright laws.”

Peregrine Honig runs a lingerie shop in Kansas City. Not coincidentally, her shop was raided by DHS agents just as the World Series commenced. The target? "Boy shorts" sporting an approximation of the Kansas City Royals logo as well as the cheekily-applied phrase (yes, pun completely intended) "Take the crown."

For purely illustrative purposes, here's the last known photo of the item now in the temporary possession of the Dept. of Homeland Security.

They placed the underwear in an official Homeland Security bag and had Honig sign a statement saying she wouldn’t use the logo.

Which she technically didn't. It was her own drawing, but the DHS agents pointed out that "connecting the K and C" turned it into the protected property of a major league baseball franchise.

Up until the fortuitously-timed DHS raid, Honig had experienced no problems with law enforcement.

"We'd had so many cops come in and buy these," Peregrine Honig says.

The DHS has yet to comment on its pre-World Series panty raid. Neither has ICE, which is also usually fairly active in the days leading up to major sporting events. Neither agency has bothered to issue a press release about the hard work done in service to the multibillion-dollar entities currently attempting to "take the crown."

Honig, however, has provided plenty of color commentary, including the fact that these particular DHS agents didn't appear to be reveling in their petty IP enforcement efforts.

She says you could tell “they [DHS agents] felt like they were kicking a puppy.”

At least there's still a little shame left in overzealous trademark enforcement. This is part of what your $39 billion a year in mandatory contributions gets you: a few dozen pairs of underwear seized, most likely at a cost exceeding the retail value of the "counterfeit" goods.

Permalink | Comments | Email This Story

Apparently U2's deal with Apple goes further than taking a bunch of cash and dumping unwanted music files on hundreds of millions of iTunes users. The band has said that it's working on a brand new music format that "can't be pirated." Oh really? We've heard that before, many, many times. And every time someone claims that, whatever new DRM they created gets broken without hours. I imagine the same will be true of this. The format sounds like a rehash of other things that have been tried and failed before:

[The new format will be] an audiovisual interactive format for music that can’t be pirated and will bring back album artwork in the most powerful way, where you can play with the lyrics and get behind the songs when you’re sitting on the subway with your iPad or on these big flat screens. You can see photography like you’ve never seen it before.

Of course, we've been hearing this for years. Five years ago, the major labels were all going to team up to create "CMX", a new music format that had all those audiovisual components. Where's that now? Every few years we see startups claiming to have created a similar new music format that builds in all those audiovisual components... and no one cares. Is it possible that Apple with the help of U2 will suddenly figure it out? Sure. It's possible. But I wouldn't bet on it. Especially if it includes annoying DRM that no one wants.

Apple itself figured out long ago that DRMing its music was actually a bad deal since it made the music less valuable to consumers. Would the company really switch back in the other direction? While U2 claims that this magical new music format "will prove so irresistibly exciting to music fans that it will tempt them again into buying music — whole albums as well as individual tracks," it once again shows how little U2 understands about the way fans interact with music these days. The ability to share what you're listening to with others and to build on that experience is what excites people -- and that's true whether its unauthorized sharing or through streaming services like Spotify that allow users to share what they're listening to. Locking stuff up with fancy graphics isn't "irresistibly exciting." It's just something most people will ignore.

Besides, we already have an "audiovisual interactive format for music that can't be pirated," and it's called a concert.

Permalink | Comments | Email This Story

Tech industry trends follow a fairly predictable pattern: there's a rush of hype, an inevitable backlash, and then a long, tired slog towards a product that actually works. It eventually produces incredible things like the internal combustion engine or my Droid 4, but it can be hard to tell exactly where given technology is on the slow journey from bullshit to reality.

Continue reading…

Download video: http://www.theverge.com/rss/redirect.mp4?url=http://ak.c.ooyala.com/Vqa2JmbDpfnV2HxF1kv58gTyTDIS7qZ3/DOcJ-FxaFrRg4gtDEwOjFpaDowODE7jj

After NBC confirmed Ed Snowden's earlier claims that he had tried to make use of internal channels to question NSA surveillance programs, James Clapper released a single email from Snowden to the legal department at the NSA, which they claim shows he never actually raised these issues. Snowden quickly responded, noting that this is not the only email, that he raised the issue more directly with his supervisors... and, most importantly, that none of this really matters.

Oh yeah, also that the NSA lied before when it claimed no such thing existed.

The NSA’s new discovery of written contact between me and its lawyers - after more than a year of denying any such contact existed - raises serious concerns. It reveals as false the NSA’s claim to Barton Gellman of the Washington Post in December of last year, that “after extensive investigation, including interviews with his former NSA supervisors and co-workers, we have not found any evidence to support Mr. Snowden’s contention that he brought these matters to anyone’s attention.”

Today’s release is incomplete, and does not include my correspondence with the Signals Intelligence Directorate’s Office of Compliance, which believed that a classified executive order could take precedence over an act of Congress, contradicting what was just published. It also did not include concerns about how indefensible collection activities - such as breaking into the back-haul communications of major US internet companies - are sometimes concealed under E.O. 12333 to avoid Congressional reporting requirements and regulations.

More importantly, though, Snowden points out that none of this really matters:

Ultimately, whether my disclosures were justified does not depend on whether I raised these concerns previously. That’s because the system is designed to ensure that even the most valid concerns are suppressed and ignored, not acted upon. The fact that two powerful Democratic Senators - Ron Wyden and Mark Udall - knew of mass surveillance that they believed was abusive and felt constrained to do anything about it underscores how futile such internal action is -- and will remain -- until these processes are reformed.

Still, the fact is that I did raise such concerns both verbally and in writing, and on multiple, continuing occasions - as I have always said, and as NSA has always denied. Just as when the NSA claimed it followed German laws in Germany just weeks before it was revealed that they did not, or when NSA said they did not engage in economic espionage a few short months before it was revealed they actually did so on a regular and recurring basis, or even when they claimed they had “no domestic spying program” before we learned they collected the phone records of every American they could, so too are today’s claims that “this is only evidence we have of him reporting concerns” false.

Separately, after ODNI published the email, Tim Lee wrote a great piece over at Vox.com highlighting why it really doesn't matter at all if he did, or did not, raise the matter internally:

But the NSA's response to Snowden also has a deeper problem: it wouldn't have made a difference if Snowden had raised his concerns more forcefully through internal channels.

Remember, the NSA's position is that it hasn't done anything wrong. The agency claims that its domestic surveillance programs comply with the law, and that it gets plenty of oversight from both the courts and Congress. The NSA has stuck to this position despite a year of pressure from Congress and the public. Why would it have been any more receptive to the concerns of a lowly contractor?

Maybe Snowden should have brought his concerns to sympathetic members of Congress? That wouldn't have done any good either, because key members of Congress already knew about the program. And some of them were outraged about it!

And, of course, other whistleblowers had their lives completely destroyed. Still, this story is one worth paying attention to, because it demonstrates a serious problem with how the intelligence community handles anyone concerned about its programs. The idea that there are internal controls to handle such a thing is pretty clearly misleading, whether or not Snowden made full use of those channels.

Permalink | Comments | Email This Story