Sunday, October 27, 2013

Cold justice, bad optics, junk science, cyber-security, and cocaine on your cash

Here are a few odds and ends that caught Grits attention last week but failed to make it into independent posts:

Are roadside 'contraband detectors' junk science?
The Liberty County Sheriff has purchased "contraband detectors" for use at traffic stops, but looking a bit more closely at the specs for the tech, Grits wonders if these devices would really provide probable cause sufficient to justify a search - particularly intrusive ones involving dismantling a vehicle. The device doesn't really identify "contraband" at all but is a "density meter" that ostensibly can be used to find hidden compartments. Does a "hit" really identify contraband if it's "triggered by an abrupt change in density"? That's a lot less precise than a dog sniff, which themselves are pretty error prone. Many things besides contraband can account for changes in density in various parts of a vehicle. This isn't "junk science" in the sense that density meters aren't accurate, but law enforcement interpreting their readings to imply contraband is present may justify the term.

Cold Justice, Bad Optics
The Houston Chronicle (Oct. 23) posted a story about a widow convicted of the cold-case murder of her husband in 1985, when she concocted a fantastic story about being raped twice in the same week by the same stranger, claiming the second time he murdered her invalid husband. Notably, "In 2008, police arrested the widow, who had been a civilian employee at the Houston Police Department as her two sons climbed the ranks as police officers." Then-Judge Kevin Fine threw out the case at the time, agreeing with her attorneys that too much time had passed to prosecute her. After an appellate court said that was wrong (there's no statute of limitations on murder), last week, Judge Ryan Patrick, son of Lt. Governor candidate and state senator Dan Patrick, sentenced the 71-year old defendant, who allegedly now suffers from "dementia and a host of other health issues," to six months in jail and ten years probation as part of a plea deal. One wonders to what extent her connections with Houston PD may have hindered or delayed the investigation and prosecution, or contributed to the lenient plea deal? Maybe not at all, but the episode suffers from "bad optics," as the politicians say.

What does it take to get a Houston cop fired?
Speaking of bad optics, on Tuesday, the Houston Chronicle editorialized, "What does it take to get a bad HPD officer fired? It's shockingly hard to do - even in a high-profile case." Citing a Texas Observer investigation over the summer (discussed on Grits here), the editorial concluded:
Inside HPD's labyrinthine appeals system, legitimate complaints can die in a dizzying number of procedural ways. And even those that the department deems legitimate can be overturned - as in the Holley case - by an independent arbitrator, sometimes a person who's spent only a couple of days on the case.
A few bad cops can wreck a community's trust in its department. HPD needs to do a better job of policing itself.
Ex-wife of Mexican president implicated by defense in money laundering trial
AP on Thursday (Oct. 24) published a story about an El Paso lawyer accused of money laundering for Mexican drug runners. Reportedly, "Delgado’s defense team has claimed that associates of Lilian De La Concha, the ex-wife of Mexico’s ex-president Vicente Fox, had asked him to help move the funds associated with the inheritance and the construction companies." The attorney says he didn't know the funds involved were drug money. UPDATE: This fellow was convicted. Evidence sounds flimsy, mostly based on an un-recorded and later recanted confession to federal agents about which the defendant denies key details. Another case where recording custodial interrogations would clear up a lot of uncertainty.

Cocaine on your cash
When drug sniffing dogs "alert" on cash at at traffic stop the money is generally seized and often later becomes the subject of asset forfeiture claims. Muckrock.com, an outfit that files voluminous freedom of information requests and publishes the results online, secured documents showing that "A study of Chicago Federal Reserve Bank cash found a third of randomly selected money samples of $50 and $100 bills in general circulation failed the test. Ultimately, the DEA recommended 'the project be terminated.'"

Warrants for cell-phone location data an easier call sans 'third-party doctrine'
The Jurist had an essay analyzing a case requiring warrants for police to access cell-phone location data from the New Jersey Supreme Court, which was the first state-level high court in the nation to do so. Unlike Texas and federal jurisprudence, New Jersey law does not recognize the "third party doctrine" which holds that people have no privacy interest in information shared with vendors or other third parties. I've wondered if it might be possible to similarly attack the third-party doctrine at the legislature on a statutory basis. That bad, judge-created exception to the Fourth Amendment from the 1970s (Smith v. Maryland) creates a lot of mischief in the internet age. The Texas House this year overwhelmingly passed legislation to require a warrant for cell-phone location data but a parliamentary maneuver prevented the Senate from voting on it. Two states so far, Maine and Montana, have passed laws requiring warrants for police to access that data.

Why NSA cyberspying makes Americans less safe
Since the NSA phone and cyberspying scandals aren't Texas-specific issues and have been widely covered elsewhere, this blog has largely ignored the subject (though personally I've watched it all unfold fairly closely). But for those keeping track, a pair of essays from IT security expert Bruce Schneier last week merit attention:
I'd also missed an excellent essay from earlier in the month in which Schneier explained why the NSA's tactics pose cyber-security risks to average Americans, arguing that "the NSA is subverting the Internet and turning it into a massive surveillance tool." Wrote Schneier:
Among IT security professionals, it has been long understood that the public disclosure of vulnerabilities is the only consistent way to improve security. That's why researchers publish information about vulnerabilities in computer software and operating systems, cryptographic algorithms, and consumer products like implantable medical devices, cars, and CCTV cameras.
It wasn't always like this. In the early years of computing, it was common for security researchers to quietly alert the product vendors about vulnerabilities, so they could fix them without the "bad guys" learning about them. The problem was that the vendors wouldn't bother fixing them, or took years before getting around to it. Without public pressure, there was no rush.

This all changed when researchers started publishing. Now vendors are under intense public pressure to patch vulnerabilities as quickly as possible. The majority of security improvements in the hardware and software we all use today is a result of this process. This is why Microsoft's Patch Tuesday process fixes so many vulnerabilities every month. This is why Apple's iPhone is designed so securely. This is why so many products push out security updates so often. And this is why mass-market cryptography has continually improved. Without public disclosure, you'd be much less secure against cybercriminals, hacktivists, and state-sponsored cyberattackers.

The NSA's actions turn that process on its head, which is why the security community is so incensed. The NSA not only develops and purchases vulnerabilities, but deliberately creates them through secret vendor agreements. These actions go against everything we know about improving security on the Internet.

It's folly to believe that any NSA hacking technique will remain secret for very long.

No comments: