
Virginia Police Have Been Stockpiling Private Phone Records - driverdan
http://www.wired.com/2014/10/virginia-police-secretively-stockpiling-private-phone-records
======
dmix
There are police "fusion centers" all over the US doing similar data
acquisition. The DHS is not only militarizing local police forces, they are
turning them into mini-intelligence agencies.

I highly recommend reading this investigation by a redditor into Fusion
centers:

[https://pay.reddit.com/r/technology/comments/1h3pc2/how_poli...](https://pay.reddit.com/r/technology/comments/1h3pc2/how_police_track_your_driving_police_agencies/caqnx3c)

~~~
MichaelApproved
You no longer need to link to pay.reddit.com to use their secure website.
Reddit now has security implemented on the main domain
[https://reddit.com](https://reddit.com)

------
pdabbadabba
I find this creepy, but I'm not sure I'm seeing what's so interesting about
it. Various police departments within a discrete area of Virginia (and who,
I'm sure, often coordinate in other totally legitimate ways) are simply
sharing information that they have obtained through supposedly legal
processes.

I for one am completely fine with law enforcement agencies sharing evidence
that they have lawfully obtained (and they do this routinely with, e.g., the
NCIS fingerprint database). That law enforcement agencies around the country
do this with other information, including phone records, in so-called "fusion
centers" was, I thought, already widely known. Is this somehow different?

Of course, here, there is good reason to be concerned about the way that many
of the records have been obtained, and certainly this revelation provides
further illustration of the unsettling ways that law enforcement can use phone
records. Accordingly, it provides further reason to scrutinize the original
collection of those records. But is there reason to think that this sharing is
illegal in itself?

~~~
DaFranker
IANAL. Also I haven't read Virginia's code of law.

However, in most american states, "obtained legally" != "legal to archive" !=
"legal to look at whenever you want" != "legal to share" != "legal to use for
any purpose other than that which it was originally obtained for".

Which means, while the gathering of the data may have been done legally, the
archival and preservation of the data beyond their original purpose may be
itself illegal, let alone sharing it, looking at it for reasons unrelated to
the original cause, and using it for other purposes.

~~~
pdabbadabba
Ah! A very good point. Does anyone else know more about this than, apparently,
I do?

Edit: After a bit of Googling, it looks like this _may_ be OK under Virginia
Law. In short, it appears that the governing law is the Government Data
Collection and Dissemination Practices Act, which provides an exception to
retention and sharing restrictions for "criminal intelligence information."
Here is a somewhat off-topic but informative opinion from the Virginia AG
about retention and sharing of license plate reader information.
[http://www.vachiefs.org/images/uploads/docs/AG_Opinion_LPR.p...](http://www.vachiefs.org/images/uploads/docs/AG_Opinion_LPR.pdf)

~~~
DaFranker
Regarding the edit: Yes, but...

(On the topic of "passive", always-on License Plate Reader data collection
that is archived without looking at it "in case it's useful later"):

> On these facts I conclude that the need for such data has not been "clearly
> established in advance," so as to conform to the applicable principle of
> information practice. [12] Its future value to any investigation of criminal
> activity is wholly speculative. Therefore, with no exemption applicable to
> it, the collection of LPR data in the passive manner does not comport with
> the Data Act's strictures and prohibitions, and may not lawfully be done.
> [13]

To absorb this back into the whole phone records thing, here's the keypoints I
gather from that:

1\. Need to target specific data that is as constrained as possible given
prior knowledge. E.g. If you already know someone spoke on the phone about a
crime at X date and never spoke of it at any other date, you are only allowed
to obtain and use the records of that date.

2\. Need to be able to show reasonable belief _before collection_ that the
collected data will be useful for an investigation and/or for intelligence on
criminal activity. Knowing that a criminal uses a phone is not sufficient
cause to collect phone records - it must be demonstrable before collection
that those particular phone records might contain information useful for
identifying criminal activity or for ongoing investigations.

3\. Data that is mass-collected for purposes of finding a specific information
(e.g. searching for a license plate by processing every car that passes
through X intersection) may be kept and shared only until the target
information is located and the objectives met.

4\. Every data collection must have a specific purpose and clear boundaries.
Collecting records "to find people who issue death threats"? NOT OKAY.
Collecting records "to find this particular issuance of a death threat"? OKAY.
In other, techier words, there _must be a deliverable_. If the goal of a data
collection is open-ended, or could take decades, then you must have a specific
warrant associated to that data collection, and the data must be discarded
once the warrant expires and/or the investigation concludes.

This is pretty much my reading of it given cursory scanning of an abstract of
the GDCDPA, prior knowledge on legal interpretations for "criminal
intelligence information" (an extremely important phrase), and the A.G.
advisory linked in parent.

~~~
pdabbadabba
I think this is all correct. But on my admittedly cursory reading of the Wired
article, I didn't see any clear indication that the police departments
involved have violated any of these restrictions. Of course, this is mostly
for lack of detail. There are lots of areas where a violation _could_ have
occurred.

~~~
jeangenie
Talk to someone at the ACLU about ALPRs. There are currently no restrictions
or policies around their usage or data retention or sharing. We as citizens
have absolutely no way of knowing if these are being used in ways we don't
approve of. It's a problem.

------
Balgair
Honestly, looking at my state's centers (as linked in another comment) they
all look pretty benign. Like, just regular inter-agency communications. But
after reading the WIRED article, it seems much worse than that. Assuming that
you buy that the NSA needs to look at my texts to my wife about buying milk
for national security, that the local cops need to beggars belief. Especially
when they are elected officials and fellow citizens that are here to enforce
laws and public safety. Are drug dealers and bored teenagers THAT big of a
threat? How can I relate to the local constabulary at the PTA meeting when
they know all my private medical issues and marital problems? The power
differential is too great.

------
room505
The Washington Post has detailed information on the States. Here's Virginia:
[http://projects.washingtonpost.com/top-secret-
america/states...](http://projects.washingtonpost.com/top-secret-
america/states/virginia/)

------
trhway
i somehow feel that all the attempts to legally regulate/restrict the data
gathering by government is like an attempt to board a train that has already
left the station - just a mental refusal to accept new reality. World has
changed (or has been disrupted in SV lingo). We have to adapt to new
conditions. Just like taxi cabs and regulators have to adapt to Uber/AirBnb,
we have to adapt to NSA/Palantir.

~~~
frostmatthew
> Just like taxi cabs and regulators have to adapt to Uber/AirBnb, we have to
> adapt to NSA/Palantir.

If only someone like you were around 200+ years ago to tell Washington,
Jefferson, and Adams that they should accept new reality and adapt to the
British seizing our ships, blockading our ports, burning our towns, and
spilling our blood.

~~~
shitlord
Don't be hyperbolic. trhway has a valid point.

A lot of things around us are out of our control, so we have to adapt. Let's
be honest, the political system is not within our control. Very, very little
political change will come out of our complaints. Instead of repeatedly trying
and failing to bring about meaningful change, we should adapt -- because that
is the _reasonable_ thing to do. We can't change the government's behavior, so
let's change ours; something has to give.

~~~
eurleif
>Instead of repeatedly trying and failing to bring about meaningful change, we
should adapt -- because that is the _reasonable_ thing to do.

"The reasonable man adapts himself to the world; the unreasonable one persists
in trying to adapt the world to himself. Therefore all progress depends on the
unreasonable man." \--George Bernard Shaw

------
higherpurpose
Even the police is becoming a mini-NSA now. The worst part is they are
_encouraged_ to do this from the top-down (DHS, FBI, DOJ).

~~~
res0nat0r
Wasn't one of the major findings after 9/11 and big complaint that law
enforcement wasn't communicating enough and purposefully too siloed?

~~~
pstuart
I thought the major finding was that law enforcement was failing to do the job
with the information that they already had, e.g.,
[http://www.washingtonpost.com/wp-
dyn/content/article/2005/06...](http://www.washingtonpost.com/wp-
dyn/content/article/2005/06/09/AR2005060902000.html)

~~~
res0nat0r
Exactly.

"We believe that widespread and longstanding deficiencies in the FBI's
operations and Counterterrorism Program caused the problems we described in
this report," Fine's investigators wrote, including a shoddy analytical
program, ___problems sharing intelligence information_ __and "the lack of
priority given to counterterrorism investigations by the FBI before September
11."

~~~
wooter
\- Glenn Fine, Dept. of Justice Inspector General

...seems like there could be some bias with that source.

~~~
res0nat0r
Not really.

