Leak Shows Crime Prediction Software Targets Black and Latino Neighborhoods

Here’s some news from the beginning of the month that I missed. Gizmodo and The Markup analyzed PredPol, a crime prediction software used in the U.S.

Residents of neighborhoods where PredPol suggested few patrols tended to be Whiter and more middle- to upper-income. Many of these areas went years without a single crime prediction.

By contrast, neighborhoods the software targeted for increased patrols were more likely to be home to Blacks, Latinos, and families that would qualify for the federal free and reduced lunch program.

Qualcomm's New Snapdragon Chip Aims to Defeat Cops and Robbers

A report from PCMag today discusses Qualcomm’s latest chip, the Snapdragon 8 Gen 1. It has anti-spoofing technology to protect against Stingrays.

Spoof cell sites can now be run on small, widely available boxes that pass bad data and phishing messages, Qualcomm said at its Snapdragon Summit today. Otherwise known as “Stingrays,” these faux cells can be run by criminals, law enforcement, or security agencies to collect your personal data without your permission.

Police Called on Parents Who Built an Open Source School App

Parents in Stockholm built an open source version of a school app that didn’t work properly. The school called the cops on them.

The work started at the end of November 2020, just days after Stockholm’s Board of Education was hit with a 4 million SEK GDPR fine for “serious shortcomings” in the Skolplattform. Integritetsskyddsmyndigheten, Sweden’s data regulator, had found serious flaws in the platform that had exposed the data of hundreds of thousands of parents, children, and teachers. In some cases, people’s personal information could be accessed from Google searches.

'ShadowDragon' Helps Michigan State Police Surveil its Citizens

An investigation on Thursday shows how Michigan State Police use software called ShadowDragon to collect online data. This helps them identify “persons of interest.”

By providing powerful searches of more than 120 different online platforms and a decade’s worth of archives, the company claims to speed up profiling work from months to minutes. ShadowDragon even claims its software can automatically adjust its monitoring and help predict violence and unrest. Michigan police acquired the software through a contract with another obscure online policing company named Kaseware for an “MSP Enterprise Criminal Intelligence System.”

Ukraine Authorities Seize Unencrypted Windscribe VPN Servers

VPN provider Windscribe said its servers were not encrypted, enabling authorities to create decoy servers and snoop on web traffic.

The Ontario, Canada-based company said earlier this month that two servers hosted in Ukraine were seized as part of an investigation into activity that had occurred a year earlier. The servers, which ran the OpenVPN virtual private network software, were also configured to use a setting that was deprecated in 2018 after security research revealed vulnerabilities that could allow adversaries to decrypt data.

Oh come on, VPN servers that weren’t encrypted?

Hartford Man Bought Apple Watch Using Fraudulent Credit Cards

Bankole Awosika of Hartford, Connecticut, used fraudulent credit cards to purchase an Apple Watch, two iPhones, and five other “cheaper phones”. He was charged with forgery and identity theft.

The man, Bankole Awosika, 34, was arrested by local police Dec. 11 and charged with four counts of first-degree forgery, five counts of third-degree identity theft, five counts of criminal impersonation, three counts of illegal use of a payment card, three counts of receiving goods from the illegal use of a payment card, third-degree larceny, first-degree attempt to commit forgery, third-degree attempt to commit identity theft, attempt to commit criminal impersonation, and second-degree breach of peace.

LAPD Bans Commercial Facial Recognition Technology

The Los Angeles police department has banned the use of commercial facial recognition like Clearview AI by its officers.

The LAPD, the third-largest police department in the United States, issued a moratorium on the use of third-party facial recognition software on Nov. 13, after it was told that documents seen by BuzzFeed News showed more than 25 LAPD employees had performed nearly 475 searches using Clearview AI as of earlier this year. Department officials have made conflicting statements in the past about their use of facial recognition technology, including claims that they deploy it sparingly.

Michigan Prop 2 Passes; Police Need a Warrant to Search Your Devices

Voters in Michigan overwhelmingly passed Proposition 2 which adds “electronic data and electronic communications” to the state’s search and seizure laws.

The person, houses, papers, possessions, and electronic data and electronic communications of every person shall be secure from unreasonable searches and seizures. No warrant to search any place or to seize any person or things or to access electronic data or electronic communications shall issue without describing them, nor without probable cause, supported by oath or affirmation.

Translation: Michigan police need a warrant to search your electronic devices. And as a Michigander myself I definitely voted in favor of this.

Thousands of Law Enforcement Agencies Use Phone Cracking Tools

Upturn, a non-profit focused on the use of technology by police, used over 110 public records filed with law enforcement departments across the country to figure out how many of them use phone cracking tools, or mobile device forensic tools (MDFTs).

Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant.

Kelly and I will definitely share our thoughts in this week’s Security Friday.

Apple Wants to Store Your ID Digitally. What Could Go Wrong?

William Gallagher writes how Apple is working on methods to store your ID digitally in Wallet, like credit cards. But I found this part concerning:

This all presumes that we are able to present our ID. There are situations, such as when we’re incapacitated, when we need to be identified yet we cannot personally do anything about that. In this case, Apple proposes that under the right circumstances, our devices could “automatically transmit the user’s identity credential.”

Apple gives the example of a first responder, “such as police officer, firefighter, etc,” who could legitimately possess a device that would automatically request ID like this.

I bet law enforcement would love a Stingray-like device that can automatically harvest IDs when they walk through a protest.

FBI Worries That Doorbell Cameras Could Give Early Warning of Police Searches

A leaked FBI bulletin reveals that doorbell cameras like Ring are being used to alert people when police show up for searches. It’s a funny turn of events since law enforcement agencies actively encourage people to install these cameras.

Subjects likely use IoT devices to hinder LE [law enforcement] investigations and possibly monitor LE activity. If used during the execution of a search, potential subjects could learn of LE’s presence nearby, and LE personnel could have their images captured, thereby presenting a risk to their present and future safety.

Electronic Frontier Foundation Unveils ‘Atlas of Surveillance’

The EFF unveiled the Atlas of Surveillance today. It’s a database of surveillance tech used by law enforcement across the country. Anyone can use it to see what spying technology their state’s LE uses. You can download datasets, too.

We specifically focused on the most pervasive technologies, including drones, body-worn cameras, face recognition, cell-site simulators, automated license plate readers, predictive policing, camera registries, and gunshot detection. Although we have amassed more than 5,000 datapoints in 3,000 jurisdictions, our research only reveals the tip of the iceberg and underlines the need for journalists and members of the public to continue demanding transparency from criminal justice agencies.