• Buro Jansen & Janssen, gewoon inhoud!
    Jansen & Janssen is een onderzoeksburo dat politie, justitie, inlichtingendiensten, overheid in Nederland en de EU kritisch volgt. Een grond- rechten kollektief dat al 40 jaar, sinds 1984, publiceert over uitbreiding van repressieve wet- geving, publiek-private samenwerking, veiligheid in breedste zin, bevoegdheden, overheidsoptreden en andere staatsaangelegenheden.
    Buro Jansen & Janssen Postbus 10591, 1001EN Amsterdam, 020-6123202, 06-34339533, signal +31684065516, info@burojansen.nl (pgp)
    Steun Buro Jansen & Janssen. Word donateur, NL43 ASNB 0856 9868 52 of NL56 INGB 0000 6039 04 ten name van Stichting Res Publica, Postbus 11556, 1001 GN Amsterdam.
  • Publicaties

  • Migratie

  • Politieklachten

  • Police to apologise for using dead children’s identities

    Investigation into covert policing has found widespread use of the practice.

    Senior police leaders are set to make an unprecedented national apology after hundreds of names of dead children were used to create false identities for undercover officers.

    An investigation into covert policing has found widespread use of the practice.

    Undercover officers told The Times that they were trained to use names of the dead and it had become “standard practice”.

    Special branch units used the names while infiltrating criminal gangs, animal rights activists and football hooligan firms, it is claimed.

    Sir Bernard Hogan-Howe, the Metropolitan Police Commissioner, will be questioned about the method after it was revealed that officers were told to gather “dirt” on the family of Stephen Lawrence.

    Sources say that the practice may have been used in MI5 and MI6 and that several thousand identities of dead infants, children and teenagers may have been assumed by undercover officers.

    An apology will be made senior police in the coming days.

    Tom Foot
    Friday, 5 July 2013

    Find this story at 5 July 2013

    © independent.co.uk

    Scotland Yard to apologise for stealing dead children’s identities and giving them to undercover officers

    Police chiefs are expected to formally apologise for using the names of dead children to create fake identities for undercover officers.

    It had been thought that only officers in secret police units such as the Met Police’s Special Demonstration Squad, which was closed in 2008, had adopted dead children’s names as a new identity.

    But Operation Herne, an ongoing investigation into the conduct of undercover police, has revealed that the practice was more widespread than originally thought and used by forces across the country.

    Standard practice: It had been thought that the practice of using dead children’s names as identities for undercover officers was restricted to Scotland Yard’s Special Demonstrations Squad, but the practice is now said to have been more widespread

    According to sources, undercover police officers infiltrating criminal networks and violent gangs were given dead people’s identities as ‘standard practice’, reported The Times.

    The technique, which was regularly used in the 1960s and 1990s, is thought to have been last used in 2002.

    More…
    Why SHOULD we help find Maddie, ask Portugal’s police chiefs, as they ridicule Scotland Yard claims of new leads on missing girl
    Revealed: BBC boss who landed £866k payoff and walked straight into another public-sector job

    But it is thought that the technique was not restricted to police forces with other agencies such as HM Revenue & Customs said to have adopted the practice.

    The apology could come as early as this month but police are not expected to contact families of the dead people whose names were used through fear that it could put officers who have taken part in undercover operations in the past in danger.

    A way in: Dead children’s identities were used by undercover offices to infiltrate violent gangs and demonstration groups

    A source told The Times: ‘This wasn’t an anomaly, it wasn’t something that was used in isolation by just one unit.

    ‘If you are infiltrating a sophisticated crime group they are going to check who you are, so you need a backstop, a cover story that has real depth and won’t fall over at the first hurdle.

    Disapproving: Policing minister Damien Green has expressed his disappointment at the use of dead children’s names by police units

    ‘The way to do that was to build an identity that was based on a real person.’

    It was reported earlier this year that around 80 names were used by officers over a 30 year period.

    Set up in 2011, Operation Herne, which is expected to cost around £1.66million a year, will examine the conduct of all ranks of officers and even look at the actions of former Home Secretaries.

    Both The Home Affairs Committee and Police minister Damian Green have spoken of their ‘disappointment’ that dead children’s names were used in investigations.

    Back in may, Derbyshire Chief Constable Mick Creedon admitted that the practice had been widespread

    A raft of allegations have been made since former PC Mark Kennedy was unmasked in 2011 as an undercover officer who spied on environmental protesters as Mark ‘Flash’ Stone – and had at least one sexual relationship with a female activist.

    The revelation comes before Metropolitan Police Commissioner Sir Bernard Hogan Howe appears before MPs to answer questions over a number of controversies including claims last month that the family of murdered teenager Stephen Lawrence were targeted by undercover officers who were assigned to ‘get dirt’ on them.

    Quiz: Metropolitan Police Commissioner Sir Bernard Hogan-Howe will face questions from MPs over a number of controversies

    It also emerged that police admitted bugging meetings involving Duwayne Brooks, the friend who was with Stephen the night he was attacked.

    The claims affecting Mr Brooks came after former undercover officer Peter Francis alleged that he had been told to find information to use to smear the Lawrence family.

    Mr Francis, who worked with Scotland Yard’s former Special Demonstration Squad, spoke out about tactics that he said were used by the secretive unit in the 1980s and 1990s.

    Investigation: A raft of allegations have been made since former PC Mark Kennedy was unmasked in 2011 as an undercover officer who spied on environmental protesters as Mark ¿Flash¿ Stone ¿ and had at least one sexual relationship with a female activist

    By Steve Nolan

    PUBLISHED: 11:07 GMT, 6 July 2013 | UPDATED: 11:13 GMT, 6 July 2013

    Find this story at 6 July 2013

    © Associated Newspapers Ltd

    Discrimineert de politie?

    “Nee, artikel 1 van de Grondwet verbiedt dat!” Zo luidt kortweg de redenering van het Ministerie van Veiligheid en Justitie als antwoord op een informatieverzoek over onderzoek naar discriminatoir handelen van de politie-organisatie. “Artikel 1 Grondwet biedt een belangrijke basis voor de bestrijding van discriminatie. … Artikel 1 Grondwet formuleert daarmee een norm waaraan de overheid, en daarmee ook de politie-organisatie, zich jegens de burger dient te houden. Er zijn dan ook geen stukken voorhanden waaruit blijkt dat de politie bij de uitoefening van haar taken, deze uitoefent op een wijze waarop etnisch wordt geprofileerd c.q. gediscrimineerd,” schrijft de heer Schoof, directeur-generaal politie, in juli 2012. Schoof is op dit moment Nationaal Coördinator Terrorismebestrijding en Veiligheid. Het antwoord is opmerkelijk, want of alle functionarissen van het apparaat zich aan deze gouden regel houden is onbekend. Regiopolitie Gelderland Zuid verschaft informatie over enkele klachten over discriminatoir optreden van de politie. Een boa (buitengewoon opsporingsambtenaar) klaagt over een politiecollega die gezegd zou hebben: “We gaan een gesprek onder blanken voeren.” En bij de inbeslagname van een mini-bike ontstaat een discussie, waarbij een agent gezegd zou hebben: “kutmarokkanen, kruimelvriendje.” Zijn dit incidenten, is het structureel, bevordert het politie-apparaat zelf discriminatoir optreden, speelt de cultuur van de organisatie als zodanig een rol bij zowel incidenteel als mogelijk structureel discriminatoir optreden, allemaal vragen die je zou kunnen bedenken. Het antwoord van het ministerie is echter nee, wij discrimineren niet, omdat de Grondwet dat verbiedt. Einde discussie.

    artikel als pdf
    brief ministerie veiligheid en justitie
    nota raad van hoofdcommissarissen
    brief politie Rotterdam Rijnmond
    brief politie Haagland
    brief politie Brabant Zuid Oost
    brief politie Brabant Noord
    Brief politie Noord Nederland
    brief politie Gelderland Midden
    brief politie Gelderland Zuid
    brief politie Holands Midden
    brief politie IJsselland
    brief politie Kennemerland
    brief KLPD
    brief politie Limburg Noord
    brief politie Limburg Zuid
    brief politie Noord Holland Noord
    brief politie Noord Oost Gelderland
    brief politie Utrecht
    brief politie Twente
    brief politie Zaanstreek Waterland
    brief politie Zeeland
    discriminatie volgens SCP
    kerncijfers 2004
    kerncijfers 2005
    kerncijfers 2006
    kerncijfers 2007
    kerncijfers 2008
    kerncijfers 2009
    kerncijfers 2010
    kerncijfers 2011
    monitor racisme extremisme 5
    monitor racisme extremisme 6
    monitor racisme extremisme 7
    monitor racisme extremisme 8
    monitor racisme extremisme 9
    monitor rassendiscriminatie 2005
    monitor rassendiscriminatie 2009
    poldis criminaliteitsbeeld discriminatie 2008
    poldis criminaliteitsbeeld discriminatie 2009
    poldis criminaliteitsbeeld discriminatie 2010
    poldis criminaliteitsbeeld discriminatie 2011
    racisme antisemitisme discriminatie 2010 2011
    rapportage klachten meldingen discriminatie 2010

    ‘Common practice’ for cops to use dead kids IDs; Shocking … cops used dead children’s identities

    POLICE have admitted it was “common practice” for undercover officers to adopt the identities of dead children for aliases in the 1980s – but said they had no idea exactly how many times the sick tactic was used.

    Despite a number of requests from relatives of dead children, Chief Constable Mick Creedon said none of the people affected had been told yet.

    He also admitted no arrests had been made and no officers faced disciplinary proceedings.

    The Derbyshire police boss said: “No families of children whose identities have been used have been contacted and informed.

    “No answer either positive or negative has yet been given in relation to these inquiries from families.”

    Commenting on the continuing Operation Herne investigation, he said the issue is “very complicated and mistakes could put lives in jeopardy”.

    Keith Vaz MP, Home Affairs Select Committee chairman, has demanded all affected families be contacted immediately.

    Operation Herne – a probe into undercover policing by the Metropolitan Police’s Special Demonstrations Squad – was set up after PC Mark Kennedy posed as an environmental protestor and had a sexual relationship with an activist.

    A number of men and women are suing the Met over alleged intimate relationships with undercover cops.

    The investigation, which has 23 officers and ten police staff working on it, has so far cost £1.25million and is expected to cost a further £1.66million over the next year.

    By KAREN MORRISON
    Published: 17th May 2013

    Find this story at 17 May 201

    © News Group Newspapers Limited

     

     

    Act of Terror: arrested for filming police officers – video

    When police carried out a routine stop-and-search of her boyfriend on the London Underground, Gemma Atkinson filmed the incident. She was detained, handcuffed and threatened with arrest. She launched a legal battle, which ended with the police settling the case in 2010. With the money from the settlement she funded the production of this animated film, which she says shows how her story and highlights police misuse of counterterrorism powers to restrict photography.

    Find this story at 29 April 2013

    Secret mission? UK “homeland security” firms were in India three weeks before David Cameron’s February trade mission

    In late January, Conservative MP and Minister for Security James Brokenshire led a delegation of nearly 25 “homeland security” firms to India on a trip which, in sharp contrast to the trade mission to India undertaken by David Cameron in February, received no coverage in the press whatsoever.

    From 20 to 25 January multinational giants such as Agusta Westland, BAE Systems, G4S and Thales were taken to a number of Indian cities: Delhi, “for the government perspective”; Hyderabad, “the centre of the vast Naxal terrorism-troubled region and the home of a growing high tech industry base” where there was a “round table discussion with local security forces”; and Mumbai, “the focus of safer cities and coastal security initiatives” where attendees were treated to “a conference and round table discussion with local government security agencies and business.” [1]

    A number of lesser-known firms were present alongside the major corporations. Evidence Talks attended, which was founded in 1993 and describes itself as “one of the most highly regarded digital forensic consultancies in the UK.” The company supplies tools for the extraction and analysis of data from digital devices and boasts that its SPEKTOR tool is “used worldwide by police, military, government and commercial customers…[and] enables users with minimal skills to safely, quickly and forensicly [sic] review the contents of computers, removable media and even cell phones.” [2]

    Cunning Running also went on UKTI’s trip, and claims to provide “threat visualisation for the real world.” The firm say that they “develop high quality software solutions for the defence and homeland security markets,” supplying “direct to governments, law enforcement agencies, and militaries in the UK, USA, Europe and Australia.” [3]

    “The security sector in India is vast and desperate to modernise,” said UKTI’s flyer for the mission. “India has approximately 1.2 million police and 1.3 million paramilitary forces personnel. With this, the Central Reserve Police Force, at 350,000, is the largest paramilitary force in the world” – a vast number of personnel who could be equipped with the latest “homeland security” gadgets and expertise.

    The flyer for the mission seems to highlight the fact that backing the security industry as it moves into developing economies is seen as a national endeavour. “The [Indian] market is the subject of stiff competition from international competitors such as the US, Israel and France,” UKTI said, “but is simply too big to ignore.”

    UKTI highlighted that “the on-the-ground costs of this mission (receptions, ground transport, conference facilities, promotional literature) are being wholly subsidised on behalf of UK companies by UKTI and its partners/sponsors” (emphasis in original). Those partners and sponsors included the Indian Home Ministry and the Confederation of Indian Industries.

    Furthermore, companies were “able to avail a government-negotiated rate at the hotels being used throughout the programme.”

    The “only charge to companies” was for the UKTI Overseas Market Introduction Service (OMIS) – a “flexible business tool, letting you use the services of our trade teams, located in our embassies, high commissions and consulates across the world, to benefit your business.” [4]

    The government has recently made additional funding available in order to encourage wider use of OMIS by UK firms, with a 50% discount (up to a maximum of £750) available to “all eligible companies commissioning an order linked to a UKTI, Scottish Development International (SDI), Welsh Government (WG) or Invest Northern Ireland (INI) supported outward mission or Market Visit Support (MVS).” [5]

    While UKTI has clawed back some money from the firms who went on the trade mission to India, the department – described by Campaign Against Arms Trade (CAAT) as “a taxpayer-funded arms sales unit” [6] – initially spent over £35,000 subsidising companies. In its response to a freedom of information (FOI) request from Statewatch, UKTI said that “we have also generated income of £13,485 with another £1,170 expected. Therefore the net cost minus the expenses still to come is £20,997.98.”

    This amount pales in comparison to the total amount of subsidies it is estimated are awarded to defence and security firms by the UK government every year, but it also highlights the breadth of support given to a highly controversial industry.

    Research by the Stockholm International Peace Research Institute estimated that, between 2007 and 2010, total government subsidies for UK arms exports (including both defence and security firms) totalled at its highest £751.2 million, and at its lowest £668.3 million. [7]

    A spokesperson for CAAT criticised the mission to India, saying that: “Unfortunately the UK government continues to prioritise promoting corporate interests over promoting human rights and real security – and expects the UK public to subsidise this.”

    David Cameron’s February trade mission to India received heavy press coverage and saw the Prime Minister accompanied by a number of CEOs from defence and security firms, including Dick Oliver, the chairman of BAE Systems; Robin Southwell, the CEO of EADS UK; Steve Wadley, the UK managing director of the missile firm MBDA; and Victor Chavez, the chief executive of Thales UK. [8]

    Sources
    [1] UKTI DSO, UKTI homeland security trade mission to India
    [2] Evidence Talks, Company Profile
    [3] Cunning Running website
    [4] UKTI, OMIS – Overseas Market Introduction Service, 25 January 2012
    [5] UKTI, Response to FOI request, 22 March 2013
    [6] Campaign Against Arms Trade, UKTI: Armed & Dangerous, 8 July 2011
    [7] Susan T. Jackson, SIPRI assessment of UK arms export subsidies, 25 May 2011
    [8] Kaye Stearman, Cameron’s Indian odyssey – brickbats and cricket bats, fighter jets and on-message execs, CAATblog, 22 February 2013
    [9] Global Day of Action on Military Spending

    15.4.2013

    Find this story at 15 April 2013

    Home page | Statewatch News Online | In the News & News Digest | What’s New | Statewatch Journal
    © Statewatch ISSN 1756-851X. Personal usage as private individuals/”fair dealing” is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.

    G4S boss who oversaw botched Olympics contract lands bigger pay packet for 2012 despite firm’s £88m loss on London games

    G4S chief executive Nick Buckles paid £1.19m, up £170,000 on last year
    Company lost £88m in Olympics fiasco when they failed to provide security

    The chief executive of the company behind the security-scandal at the London Olympics last summer received a record pay packet in 2012, following million pound losses during the Games.

    G4S boss Nick Buckles was paid a total £1.19million in 2012, up £170,000 on his 2011 paycheck, despite the company nursing an £88million loss on the London 2012 contract.

    The security giant failed to provide the 10,400 guards needed during this summer’s main event and the military was forced to step in.

    Big Bucks: Nick Buckles, pictured defending his company in the Commons after G4S’s Olympics blunder, was paid an extra £170,000 in 2012 compared to the previous year

    As well as an £830,000 salary, Mr Buckles’ 2012 pay packet included £23,500 in benefits and £332,000 in payments in lieu of pension. Mr Buckles 2012 pay packet was boosted by bigger pension payments.

    However, neither he nor other executive directors earned a performance-related bonus.

    G4S said in its annual report Mr Buckles’ and other executives’ salaries were frozen in 2012 and will not increase this year – the fourth time in five years their salaries have been frozen.

    But it revealed plans to increase potential long-term share bonuses this year to ‘ensure that the directors continue to be incentivised and motivated’.

    Mr Buckles’ maximum shares bonus could rise to 2.5 times his salary from a maximum of two times in 2012 – meaning a potential £2.1 million in shares if he hits targets.

    Loss: G4S lost £88m in the London Olympics Games contract after they failed to provide all the security guards needed for the Games

    Performance-related bonuses will also now depend on factors including organic growth, cash generation, strategic execution and organisation, instead of being tied purely to profits.

    G4S’s Olympics failure saw Mr Buckles hauled before MPs, during which he admitted it was a ‘humiliating shambles for the company’. Extra military personnel had to be called in to fill the gap left by G4S’s failure to supply enough staff for the £284 million contract.

    Mr Buckles said in the annual report it marked ‘one of the toughest periods in the group’s history’.

    By Daily Mail Reporter

    PUBLISHED: 18:12 GMT, 15 April 2013 | UPDATED: 06:42 GMT, 16 April 2013

    Find this story at 15 April 2013

    © Associated Newspapers Ltd

    License plate-reading devices fuel privacy debate

    Technology helps police respond to crimes, violations, but broad use, lack of regulations raise privacy worries

    CHELSEA — The high-speed cameras mounted on Sergeant Robert Griffin’s cruiser trigger a beeping alarm every time they read another license plate, automatically checking to see if each car is unregistered, uninsured, or stolen. In a single hour of near-constant beeps, Griffin runs 786 plates on parked cars without lifting a finger.

    The plate-reading cameras were introduced for police use in Massachusetts in 2008, and quickly proved their worth. The one on Griffin’s Chelsea cruiser repaid its $24,000 price tag in its first 11 days on the road. “We located more uninsured vehicles in our first month . . . using [the camera] in one cruiser than the entire department did the whole year before,” said Griffin.

    Now, automated license plate recognition technology’s popularity is exploding — seven Boston-area police departments will add a combined 21 new license readers during the next month alone — and with that expanded use has come debate on whether the privacy of law-abiding citizens is being violated.

    These high-tech license readers, now mounted on 87 police cruisers statewide, scan literally millions of license plates in Massachusetts each year, not only checking the car and owner’s legal history, but also creating a precise record of where each vehicle was at a given moment.
    Related
    Video: The watchful lens of the police
    Graphic: How license plate readers work

    The records can be enormously helpful in solving crimes — for example, Fitchburg police used the technology to catch a serial flasher — but they increasingly make privacy advocates uneasy.

    Use of the technology is outstripping creation of rules to prevent abuses such as tracking the movements of private citizens, or monitoring who visits sensitive places such as strip clubs, union halls, or abortion clinics.

    A survey of police departments that use automated license readers found that fewer than a third — just 17 out of 53 — have written policies, leaving the rest with no formal standards for who can see the records or how long they will be preserved.

    “The worst-case scenario — vast databases with records of movements of massive numbers of people — is already happening,” warns Kade Crockford of the American Civil Liberties Union of Massachusetts, which is pushing for a state law to regulate use of license plate scanners and limit the time departments can routinely keep the electronic records to 48 hours.

    But police fear that zeal to protect privacy could stifle the use of a promising law enforcement tool, especially if they are prevented from preserving and pooling license plate scans for use in detective work. Currently, all of the police departments keep their plate scans longer than two days, with data storage ranging from 14 days in Somerville and Brookline to 90 days in Boston and up to a year in Leicester, Malden, Pittsfield, and Worcester.

    Sergeant Griffin, whose own department has no written policy, agrees that there should be rules to prevent abuse, but thinks that these should be set by local departments rather than at the State House. He said that rather than restrict use of the scanners, the Legislature should “trust law enforcement to do the right thing.”

    The usefulness of the automated license plate reader as an investigative tool springs from the astounding number of license plates the units can scan and record. With an array of high-speed cameras mounted on police cruisers snapping pictures, these systems are designed to capture up to 1,800 plates per minute, even at high speeds and in difficult driving conditions.

    “I’ve had my [license plater reader] correctly scan plates on cars parked bumper-to-bumper when I’m driving full speed,” said Griffin, who caught three scofflaws owing a combined $1,900 in parking tickets from the 786 license plates his reader checked on a recent one-hour patrol. The devices misidentify plates often enough that scans have to be confirmed by an officer on the scene before writing a ticket. In this case, after confirming the parking tickets, and the money owed, police initiated the collection process. Griffin called headquarters to confirm that the vehicles still had unpaid tickets, and then arranged for them to be towed.

    Boston’s four scanner-equipped cars do 3,500 scans a day and more than 1 million per year, according to police data. Even smaller departments such as Fitchburg scan 30,000 plates per month with just one license-reading system, easily 10 times more than an officer could manually check.

    Most of the departments that deploy license plate readers use them primarily for traffic enforcement. But the scanners — sometimes called by the acronym ALPR — are also used for missing persons, AMBER alerts, active warrants, and open cases.

    “Every once in a while our detectives will use the ALPR database for retrospective searches,” said Griffin, adding that the technology has proved useful to scan vehicles in neighborhoods surrounding crime scenes.

    Griffin’s counterpart in Fitchburg, Officer Paul McNamara, said license scanner data played a crucial role in solving a string of indecent exposure incidents at Fitchburg State University in April 2011. At the request of the university police, McNamara entered the alleged flasher’s plate into his license-scan database. The system indicated that a suspect’s vehicle had passed the scanner just 10 minutes earlier, leading to a suspect’s arrest and later guilty plea to charges of indecent exposure and lewdness.

    McNamara said that there is no formal process when another police department requests a license inquiry of this kind into his unit’s database.

    “It can’t be a fishing expedition, though,” he said. “We look at it as a form of mutual aid, so it has to be a serious criminal matter for us to share data.”

    While law enforcement officials are enthusiastic, critics can point to alleged abuses:

    ■ In 2004, police tracked Canadian reporter Kerry Diotte via automated license scans after he wrote articles critical of the local traffic division. A senior officer admitted to inappropriately searching for the reporter’s vehicle in a license scan database in an attempt to catch Diotte driving drunk.

    ■ Plainclothes NYPD officers used readers to scan license plates of worshipers at a mosque in 2006 and 2007, the Associated Press reported, under a program that was partially funded by a federal drug enforcement grant.

    ■ In December, the Minneapolis Police Department released a USB thumb drive with 2.1 million license plate scans and GPS vehicle location tags in response to a public records request, raising fears that such releases might help stalkers follow their victims. A few days later, the Minneapolis mayor asked the state to classify license scan data as nonpublic.

    ACLU attorney Fritz Mulhauser warned last summer that, within a few years, police will be able to use license scan records to determine whether a particular vehicle “has been spotted at a specific church, union hall, bar, political party headquarters, abortion clinic, strip club, or any number of other locations a driver might wish to keep private.”

    But many law enforcement officials say they are just starting to tap the potential of license plate scanners.

    “If anything, we’re not using ALPR enough,” said Medford’s Chief Leo Sacco, who would like to deploy the scanners 24 hours a day on all of his cruisers.

    Massachusetts public safety officials are trying to create a central repository of license scans similar to a system in Maryland where all 262 scanner-equipped cruisers feed data to the state. In 2011, the Executive Office of Public Safety and Security handed out $750,000 in federal grants for 43 police departments to buy scanners with the understanding that all scan results would be shared.

    The bill introduced on Beacon Hill by Senator Cynthia Creem and Representative Jonathan Hecht would allow police to share scan results for law enforcement purposes, but it would require every agency to develop formal policies that protect privacy. It would also set statewide standards for preserving camera scanner data and require regular reports to the state on how departments are using their scanners.

    Currently, even the state Executive Office of Public Safety lacks a formal policy governing the use of its planned database, while 36 police departments out of the 53 using automated license readers have no written policies, the survey found. The Massachusetts State Police are currently developing a policy for the department’s 20 camera scanners.

    Even departments that do have formal license-reading policies differ widely on specifics such as whether the collected data must be released to the public in response to a written request; Wakefield and Revere say no; many others use vague language that leaves it unclear.

    Likewise, the police differ widely on how long they can retain license scans not connected to an ongoing investigation or law enforcement action, ranging from as little as 14 days in Somerville and Brookline to indefinitely in Milford.

    The town of Brookline, police, and selectmen have worked with the ACLU to develop perhaps the most detailed policies in the state.

    This investigation was done for the Globe in collaboration with MuckRock, a Boston-based company that specializes in obtaining government documents through records requests. It was supported by a grant from the Fund for Investigative Journalism. Shawn Musgrave can be reached at shawn@muckrock.com.

    By Shawn Musgrave | Globe Correspondent April 09, 2013

    Find this story at 9 April 2013

    © 2013 The New York Times Company

    Hoeveel ANPR-camera’s zijn er eigenlijk?

    ANALYSE – Uw kenteken wordt straks vier weken bewaard als u langs een ANPR-camera rijdt. De Tweede Kamer is in grote lijnen akkoord met een wetsvoorstel dat dat regelt. Hoeveel van dit soort camera’s zijn er eigenlijk? En waar staan ze?

    In het politieke debat over de opslag van kentekengegevens en de bijbehorende rapporten en adviezen wordt uitgegaan van ongeveer driehonderd Automatic Number Plate Recognition (ANPR)-camera’s. Het doorgaans goed ingevoerde Webwereld sprak gisteren van tienduizenden camera’s. Beide aantallen kloppen niet.

    We kunnen met zekerheid zeggen dat er 1625 ANPR-camera’s langs de Nederlandse wegen staan. Maar ze zijn lang niet allemaal geschikt voor opsporing. Op dit moment worden al die gescande kentekens nauwelijks gebruikt voor opsporing en dat blijft ook wel even zo ondanks de nieuwe wet (daarover volgende week meer op Sargasso).

    Laten we eens gaan tellen.

    De meeste ANPR-camera’s worden ingezet voor verkeersmanagement en vallen onder het beheer van de Nationale Databank Wegverkeersgegevens (NDW). Met een beroep op de Wet openbaarheid van bestuur (Wob) hebben we een overzicht van al die camera’s gekregen. Het zijn er duizend en die staan vooral in steden en langs provinciale wegen in de Randstad en Noord-Brabant.

    Encryptie

    De camera’s meten de verkeersintensiteit. Wie bijvoorbeeld via de S112 in Amsterdam de stad binnenrijdt, wordt gescand. De data zijn niet herleidbaar tot een persoon (en in die zin geen persoonsgegevens), want via encryptie omgezet in een geanonimiseerde code. Bij het centrum wordt dezelfde auto weer gescand en herkend. Met die gegevens kan de NDW berekenen hoeveel tijd het kost om de stad in te komen en die informatie staat dan soms op matrixborden langs de weg.

    De NDW beheert deze camera’s niet zelf, maar bezweert dat ze niet voor opsporingsdoeleinden worden gebruikt en dat dat ook niet de bedoeling is. Toch moeten we het opsporingsdoel niet zomaar afschrijven. In Rotterdam maakte de politie dankbaar gebruik van verkeerscamera’s en werd daarbij niet gehinderd door encryptie. Het kan dus wel.

    Politie

    Daarnaast heeft de politie veel eigen ANPR-camera’s. Een aantal korpsen heeft vaste opstellingen en de meeste hebben auto’s die uitgerust zijn met ANPR-apparatuur. Het korps Rotterdam-Rijnmond is voorloper en heeft de meeste camera’s hangen: 64 vaste camera’s en 8 mobiele. Het KLPD heeft 36 vaste camera’s en 35 mobiele. 19 korpsen beheren in totaal 78 mobiele camera’s en 5 korpsen hebben in totaal 119 vaste camera’s (op 21 locaties). Tien korpsen gebruiken ANPR-camera’s van anderen.

    Amsterdam-Amstelland heeft er nog niet zoveel, maar wil zijn arsenaal flink uitbreiden door ook de milieucamera’s op het politiesysteem aan te sluiten. Dat is tot op heden echter nog niet gelukt wegens technische problemen.

    Ook private partijen maken steeds vaker gebruik van ANPR. Tankstations proberen er bijvoorbeeld het wegrijden zonder betalen mee te bestrijden. Het is onduidelijk hoeveel tankstations met dit type camera’s zijn uitgerust, daarom neem ik ze niet mee in de telling.

    Hardnekkige plannen

    Daarnaast zijn er al jaren hardnekkige plannen om alle camera’s van Rijkswaterstaat op een landelijk ANPR-net aan te sluiten. Dat zijn zeker 2000 camera’s. Ik zeg hardnekkig, omdat het technisch gezien erg lastig is om dit soort camera’s op een ANPR-netwerk aan te sluiten. De camera’s moeten bijvoorbeeld stabiel hangen en mogen niet zwenken. Bovendien wil je idealiter op iedere rijbaan een eigen camera hebben, anders mis je veel auto’s. De meeste Rijkswaterstaatcamera’s overzien complete rijrichtingen en niet individuele baanvakken.

    De camera’s van Trajectcontrole tellen ook mee in ons overzicht. We hebben alleen de locaties geteld en niet alle camera’s. Het afgelopen jaar is het aantal meetpunten flink uitgebreid, op de A4 en A2 bijvoorbeeld. Alleen al op het stukje Amsterdam-Utrecht hangen zeker tachtig camera’s, verspreid over acht meetpunten.

    Tot slot zijn er nog de beruchte @migo grenscamera’s. Voor meer dan twintig miljoen euro werden ANPR-camera’s bij de grensovergangen gemonteerd, maar die blijken volgens het Schengenverdrag helemaal niet continu te mogen scannen. Ze worden dus beperkt ingezet.

    Educated guess

    Het aantal ANPR-camera’s dat we documentair hebben kunnen staven bedraagt zeker 1625. Ik vermoed dat het ware aantal, en dat is een educated guess, rond de drieduizend ligt. Mocht het toch lukken om de Rijkswaterstaatcamera’s aan te sluiten, dan zitten we op vijfduizend.

    En waar staan ze dan? Hieronder vindt u twee kaarten met camera’s die bij ons bekend zijn. De eerste toont de camera’s waarvan we zeker weten dat ze er staan. De tweede toont het scenario als de Rijkswaterstaat-camera’s op een ANPR-netwerk worden aangesloten. Je kunt zoomen en (beperkt) zoeken.

    Volgende week hebben we een aantal achtergrondverhalen over (slim) cameratoezicht in Nederland en presenteren we een kaart met alle publiek gedocumenteerde camera’s in Nederland die we met enkele honderden Wob-verzoeken boven tafel hebben gekregen. Tips, vragen en aanvullingen graag in de comments.

    Door Dimitri Tokmetzis
    19:00 donderdag 21 maart 2013

    Find this story at 21 March 2013

    (cc) 2001-2013 Stichting Sargasso

    Landelijk opsporingsbericht: uw kenteken gezocht

    Als het aan de politie ligt, wordt uw kenteken straks overal gescand. Niet alleen kijkt de politie of u iets op uw kerfstok heeft, maar ook of u op basis van uw reisprofiel van plan bent om rottigheid uit te halen: een soort Minority Report op de weg dus. Daarbij worden kentekenscans mogelijk centraal opgeslagen en informatie en camerabeelden uitgewisseld tussen politie en de private sector.

    Dit scenario destilleer ik uit een aantal stukken dat ik met een beroep op de Wet openbaarheid van bestuur (Wob) van het KLPD heb ontvangen. Nu al maken verschillende korpsen gebruik van Automated Number Plate Recognition (ANPR), oftewel kentekenherkenning. ANPR wordt op dit moment vooral toegepast voor handhaving, bijvoorbeeld om mensen met openstaande boetes uit het verkeer te plukken. Maar ANPR kan veel meer, zeker als er een landelijk dekkend systeem is.

    De registraties geven een rijk beeld van waar auto’s zijn geweest. Die informatie kan toegepast worden in opsporingsonderzoeken en gebruikt worden voor intelligencedoeleinden. Een centrale stuurgroep onderzoekt de mogelijkheid van van zo’n landelijke toepassing en komt binnenkort – onbekend is wanneer – waarschijnlijk met een voorstel.

    Waarom is dit belangrijk?

    Uit een aantal openbaargemaakte stukken (waaronder een basisdocument van de landelijke werkgroep, Implementatie en Doorontwikkeling ANPR, IDA) blijkt wel waar de voorkeur van de politie naar uit gaat. Ook wordt gewerkt aan een communicatiestrategie. Uiteraard is het niet de bedoeling dat de burger nu al meepraat. Om te voorkomen dat we voor voldongen feiten worden gesteld, nu alvast een bijdrage aan de discussie. Hieronder vindt u enkele tekstfragmenten. Gezamenlijk geven ze een duidelijk beeld van de koers die men dreigt in te slaan. Alle openbare documenten staan onderaan. Een eerder, wat beperkter verhaal, staat hier.

    Tot slot nog even wat u niet mag weten van het KLPD (de zwartgemaakte stukken in de documenten):

    – Het KLPD werkt samen met het Eindhovense bedrijf Technet.

    – Verantwoordelijke bij de Raad van Hoofdcommissarissen (en auteur van het conceptrapport Beelden van de Samenleving is Pieter Jaap Aalbersberg, portefeuillehouder Publiek-Private Samenwerking en Intelligence van de Raad van Hoofdcommissarissen. Blijkbaar is dit ook al privacygevoelige informatie.

    – De locatie van de vaste ANPR-opstellingen worden niet prijsgegeven. Tips kunt u kwijt in de comments, dat werkt wellicht sneller dan een bezwaarschrift. Momenteel werk ik aan een overzichtskaart.

    Uit: ANPR Naar een landelijke toepassing

    Hotlists worden landelijk samengesteld als afgeleide van bestaande registers zoals het opsporingsregister of het kentekenregister. De kentekenverzameling kan naar eigen inzicht worden aangevuld met gegevens uit het korps dat ANPR inzet. Denk daarbij aan speciale doelgroepen en/of subjecten in onderzoeken van CIE (Criminele Inlichtingen Eenheid), TGO’s (teams grootschalig optreden) of BRT’s (bovenregionale recherche teams).

    Opsporing: gepleegde en te plegen strafbare feiten opsporen door balansverstoorders uit de anonimiteit van verkeersstromen te halen. Met ANPR kan bijvoorbeeld een overzicht gemaakt worden van voertuigen die op een bepaald tijdstip in de buurt van een plaats delict aanwezig waren. Een andere toepassingsmogelijkheid is om via ANPR inzicht te verkrijgen in verkeersstromen om vervolgens afwijkende patronen te herkennen.

    Wanneer een ongewoon reispatroon door middel van analyse van het politieregister ANPR aan het licht komt, kan dat voor de politie reden zijn om een onderzoek in te stellen. Zo kunnen potentiële criminele activiteiten tijdig worden onderkend.

    De meerwaarde die ANPR in de toekomst kan bieden is vooral gericht op (proactieve) informatieanalyse, datamining en het versterken van de informatiepositie van de politie. Doelstelling is het ontdekken van trends, patronen en profielen om daar passende interventiescenario’s voor te kunnen opstellen of zelfs ‘criminaliteitsvoorspellingen’ uit te kunnen destilleren. Dat vraagt om een andere soort van analyses, andere vakinhoudelijke kennis en vanwege de bijzondere verstrekkende zoekmogelijkheden om autorisaties van een zeer beperkte kring van politieambtenaren die de vereiste deskundigheid en ervaring bezitten.

    De effectiviteit van ANPR zal toenemen naarmate de inzet breder wordt. Nu wordt ANPR regionaal en periodiek ingezet. De ANPR-systemen kunnen echter ook structureel en landelijk worden ingezet. Te denken valt aan een koppeling van de ANPR-systemen aan de bestaande camera’s van Rijkswaterstaat die langs de snelweg hangen en aan een koppeling aan de camera’s van stadstoezicht. Zo kunnen (potentiële) wetsovertreders nationaal, regionaal en binnen de stad gesignaleerd en eventueel gevolgd worden.

    Een bredere inzet kan ook betekenen dat er meerdere hotlists worden gekoppeld aan de ANPR-camera. Op dit moment wordt vooral gecontroleerd met gegevens van de Rijksdienst voor het Wegverkeer, gegevens van het Centraal Justitieel Incassobureau, gegevens van Politie en gegevens van Justitie. Deze verzameling kan uitgebreid worden met hotlists van andere overheidsinstellingen.

    Samenwerking draagt bovendien bij aan het streven van het kabinet naar één controlerende overheid. Door (al dan niet structureel) samen te werken met eerdergenoemde partijen ontstaat een veel groter arsenaal aan bevoegdheden, interventiemogelijkheden en informatie die in samenhang kan worden ingezet. Deze samenwerking vindt al vaak plaats in het kader van het integrale veiligheidsbeleid, de bestuurlijke aanpak van de georganiseerde criminaliteit, de inzet van Bibob en de multidisciplinaire samenwerking met de Bijzondere Opsporingsdiensten.

    (…) Vanwege de identificerende en signalerende werking krijgt de politie een steeds beter beeld van (potentiële) balansverstoringen en (potentiële) balansverstoorders met een veiligere samenleving als gevolg. (…)

    Verder leren de ervaringen van de politie in Groot Brittannië dat de met ANPR verkregen informatie een grote bijdrage levert aan het oplossen of voorkomen van terroristische aanslagen en zware delicten [wat onzin is, in Engeland gaan er juist stemmen op om het aantal ANPR controles drastisch terug te brengen, dt.]. Wat dat aangaat kan ANPR dus ook gebruikt worden voor bewaken en beveiligen, het vergaren van informatie en intelligence of het tegenhouden van een aanslag. Dergelijke toepassingen zijn natuurlijk wel afhankelijk van de dichtheid van het cameranetwerk.

    Een voorbeeld van hoe de toepassing van ANPR de privacy van een burger kan raken is proactief onderzoek. In theorie is het mogelijk dat personen die niets met een specifiek delict te maken hebben maar die op het verkeerde moment op een verkeerde plaats verblijven in een ‘potentiële verdachten’ bestand terechtkomen. Van belang is dus om als politie goed uit te leggen wat proactief onderzoek inhoudt en dat voldoende wettelijke waarborgen bestaan om onterecht te worden bestempeld als een verdachte.

    Het uitgangspunt daarbij is de inzet van ANPR als handhavinginstrument. Die staat nauwelijks ter discussie en kan relatief eenvoudig worden gerealiseerd. De mogelijkheid om in de toekomst ANPR in te zetten voor opsporingsdoeleinden mag echter niet uit het oog verloren worden en dient meegenomen te worden in de doorontwikkeling van het instrument.

    Uitgangspunt voor verdere implementatie en doorontwikkeling van ANPR is een landelijke organisatie die de ANPR standaarden ontwikkelt en bewaakt en die aanspreekpunt is voor deelnemers en ketenpartners in de ANPR strategie. Daarnaast draagt deze organisatie de zorg voor het beheer van een landelijke database met landelijke hotlists. (…) Het voordeel van deze landelijke regie met regionale autonomie is dat een landelijke ANPR-dekking relatief snel bewerkstelligd kan worden.

    Uit Beelden van de Samenleving een visiedocument van de Raad van Hoofdcommissarissen, februari 2009

    Rol van informatiegestuurd cameratoezicht. Informatiegestuurd cameratoezicht richt zich (in tegenstelling tot andere vormen van cameratoezicht) niet alleen op het verzamelen en verwerken van informatie, maar ook op het analyseren (veredelen) en uitwisselen van deze informatie met publieke én private partners.

    Zo, dan bent u weer bij. Hieronder de documenten en daaronder een filmpje.

    De documenten:

    ANPR naar een landelijke toepassing

    Beelden van de samenleving

    Digitale surveillance op snelwegen

    bijlage 2 IDA (overzicht ANPR-initiatieven per korps)

    Beschrijving legitimiteitsvraagstukken

    Juridisch advies ANPR (hier een verhaal daarover)

    Proces Catch Ken Plan van uitvoering

    Opdracht juridische werkgroep

    Door Dimitri Tokmetzis
    09:00 donderdag 12 augustus 2010

    Find this story at 12 August 2010

    (cc) 2001-2013 Stichting Sargasso

    New Twist in British Spy’s Case Unravels in U.S.

    Mark Kennedy, a British police officer who spent seven years infiltrating environmental and activist groups while working undercover for the Metropolitan Police force in London, may have monitored an American computer scientist and spied on others while in the United States.

    The computer scientist, Harry Halpin, said that he was at a gathering of activists and academics in Manhattan in January 2008 that Mr. Kennedy — then using the pseudonym Mark Stone — also attended. He said Mr. Kennedy collected information about him and about a man and a woman who were accused later that year of associating with “a terrorist enterprise” and sabotaging high-speed train lines in France.

    In addition to Mr. Halpin’s assertions, documents connected to the case indicate that prosecutors in Paris looked to American officials to provide evidence about a handful of people in the United States and events that took place in New York in 2008.

    “Mark Kennedy spied upon myself on United States soil, as well as Julien Coupat and Yildune Levy,” Mr. Halpin wrote in an e-mail, naming two defendants in the group known in France as the Tarnac 10, after the small mountain village where several of them had lived in a commune.

    Mr. Halpin added that Mr. Coupat introduced him to Mr. Kennedy in the fall of 2007. “It appears that Mark Kennedy also passed information to the F.B.I. that I knew Julian Coupat,” he added.

    Reached via e-mail on Thursday, Mr. Kennedy, who now works with The Densus Group, a security consulting firm based in the United States, declined to comment on Mr. Halpin’s statements.

    In 2010, Mr. Halpin said that F.B.I. agents detained him for five hours after he arrived at John F. Kennedy International Airport from Europe, seizing his computer and threatening put him in jail if he did not agree to provide information about Mr. Coupat. Mr. Halpin said that he refused but the agents let him go when they were asked to explain the charges against him.

    A spokesman for the F.B.I. in New York, James Margolin, declined to comment on the encounter described by Mr. Halpin.

    The accounts of events in New York provided by Mr. Halpin and others added a new twist to two dramas that have received widespread attention in Europe, where they have slowly unraveled over the past few years.

    Mr. Kennedy’s actions while spying on political activists in Britain have brought embarrassment to Scotland Yard, as officials there have been forced to confront allegations of inappropriate behavior by some undercover operatives.

    As reported in The Guardian newspaper, Mr. Kennedy was said to have had sexual relationships with a number of women connected to groups he had infiltrated.

    In 2011, the trial of six people accused of planning to take over a coal-fired power plant collapsed amid claims, denied by Mr. Kennedy, that he had acted as an agent provocateur. Mr. Kennedy was also shown to have worked undercover in more than 20 other countries, including Iceland, Spain and Germany, where members of parliament have raised questions about his role.

    Eventually, 10 women, including three who said they had intimate relationships with Mr. Kennedy, sued the police in London saying that they had formed strong personal ties with undercover officers. Later, it was reported in British papers that Mr. Kennedy sued the police, saying that his superiors had failed to prevent him from sleeping with an activist and falling in love.

    In France, l’affaire de Tarnac, as it is known, has become a cause célèbre among civil libertarians who have criticized the use of terrorism statutes against people suspected of sabotage but not accused of harming anyone. The defendants have denied wrongdoing, but the authorities have portrayed them as dangerous subversives who plotted attacks against the state then “refused to answer questions, or gave whimsical answers” about their activities.

    An unusual element of the case involves a book called “The Coming Insurrection” by an anonymous group of authors called the Invisible Committee. The book advocates rebellion against capitalist culture, encourages readers to form self-sufficient communes and calls for “a diffuse, efficient guerrilla war to give us back our ungovernableness.” Prosecutors have said that Mr. Coupat and his comrades wrote the volume. The suspects denied authorship but Mr. Coupat told journalists in France that the book had merit.

    While the Tarnac case has moved slowly through the French legal system, documents have emerged showing that F.B.I. agents were posted outside the Manhattan building where the activists gathered in 2008, videotaping the arrival and departure of Mr. Halpin, Mr. Coupat and Ms. Levy, among others. Those tapes were later given to French prosecutors along with a detailed log compiled by the F.B.I. agents.

    As the French investigation continued, documents show that prosecutors in Paris asked officials in the United States about a “meeting of anarchists” in New York and about several people who could be connected to Mr. Coupat. They also asked for information about a low-grade explosive attack in March 2008 that damaged an armed forces recruitment center in Times Square.

    In 2012, letters show that Justice Department officials said they had not identified any connection between the people at the Manhattan gathering and the attack on the recruitment center. The officials also gave French prosecutors background information on some American citizens who appeared to have visited the commune in Tarnac and records of an interview that F.B.I. agents had conducted with an assistant professor and French philosophist at New York University who had translated “The Coming Insurrection.”

    The professor, Alexander Galloway, told the agents that he had taught the books in a class on political theory and French philosophy, but had never met Mr. Coupat.

    Official documents do not mention Mr. Kennedy but several people from New York said that he spent about a week there in early 2008 on his way to visit a brother in Cleveland. During that period, witnesses said Mr. Kennedy attended several informal gatherings, sometimes with Mr. Coupat and Ms. Levy.

    March 15, 2013, 3:06 pm
    By COLIN MOYNIHAN

    Find this story at 15 March 2013

    Copyright 2013 The New York Times Company

    Family of slain Spanish teen demand inquiry of far-right killer

    The family of a teenager whose murder by a far-right commando rocked Spain in 1980 called Friday for an official inquiry after a newspaper reported that her killer has worked for police as an advisor since his release from jail.

    Yolanda Gonzalez, a 19-year-old Socialist Party activist who had appeared in photographs at the head of student protest marches, was shot two times in the head at close range in a field near Madrid by a far-right commando who suspected her of belonging to the armed Basque separatist group ETA.

    Gonzalez’s murder shocked Spain, which at the time was going through a tumultuous transition to democracy following the death of right-wing dictator General Francisco Franco.

    The man who shot Gonzalez, Emilio Hellin Moro, a former member of the Grup 41 commando with ties to the far-right party Fuerza Nueva, changed his name to Luis Enrique Hellin after he was released from jail in 1996 after serving 14 years of a 43-year jail sentence, top-selling newspaper El Pais reported last month.

    According to the left-leaning paper, the 63-year-old expert on IT-related criminal investigations secured contracts under the changed name with Spain’s security forces, acting for years as an advisor to Spain’s top court and proving training courses to police on how to carry out electronic eavesdropping and comb computers and cellphones for evidence.

    Agence France-PresseMarch 8, 2013 17:30

    Find this story at 8 March 2013
    Copyright 2013 GlobalPost

    How Facebook could get you arrested

    Smart technology and the sort of big data available to social networking sites are helping police target crime before it happens. But is this ethical?

    Companies such as Facebook have begun using algorithms and historical data to predict which of their users might commit crimes. Illustration: Noma Bar

    The police have a very bright future ahead of them – and not just because they can now look up potential suspects on Google. As they embrace the latest technologies, their work is bound to become easier and more effective, raising thorny questions about privacy, civil liberties, and due process.

    For one, policing is in a good position to profit from “big data”. As the costs of recording devices keep falling, it’s now possible to spot and react to crimes in real time. Consider a city like Oakland in California. Like many other American cities, today it is covered with hundreds of hidden microphones and sensors, part of a system known as ShotSpotter, which not only alerts the police to the sound of gunshots but also triangulates their location. On verifying that the noises are actual gunshots, a human operator then informs the police.

    It’s not hard to imagine ways to improve a system like ShotSpotter. Gunshot-detection systems are, in principle, reactive; they might help to thwart or quickly respond to crime, but they won’t root it out. The decreasing costs of computing, considerable advances in sensor technology, and the ability to tap into vast online databases allow us to move from identifying crime as it happens – which is what the ShotSpotter does now – to predicting it before it happens.

    Instead of detecting gunshots, new and smarter systems can focus on detecting the sounds that have preceded gunshots in the past. This is where the techniques and ideologies of big data make another appearance, promising that a greater, deeper analysis of data about past crimes, combined with sophisticated algorithms, can predict – and prevent – future ones. This is a practice known as “predictive policing”, and even though it’s just a few years old, many tout it as a revolution in how police work is done. It’s the epitome of solutionism; there is hardly a better example of how technology and big data can be put to work to solve the problem of crime by simply eliminating crime altogether. It all seems too easy and logical; who wouldn’t want to prevent crime before it happens?

    Police in America are particularly excited about what predictive policing – one of Time magazine’s best inventions of 2011 – has to offer; Europeans are slowly catching up as well, with Britain in the lead. Take the Los Angeles Police Department (LAPD), which is using software called PredPol. The software analyses years of previously published statistics about property crimes such as burglary and automobile theft, breaks the patrol map into 500 sq ft zones, calculates the historical distribution and frequency of actual crimes across them, and then tells officers which zones to police more vigorously.

    It’s much better – and potentially cheaper – to prevent a crime before it happens than to come late and investigate it. So while patrolling officers might not catch a criminal in action, their presence in the right place at the right time still helps to deter criminal activity. Occasionally, though, the police might indeed disrupt an ongoing crime. In June 2012 the Associated Press reported on an LAPD captain who wasn’t so sure that sending officers into a grid zone on the edge of his coverage area – following PredPol’s recommendation – was such a good idea. His officers, as the captain expected, found nothing; however, when they returned several nights later, they caught someone breaking a window. Score one for PredPol?

    Trials of PredPol and similar software began too recently to speak of any conclusive results. Still, the intermediate results look quite impressive. In Los Angeles, five LAPD divisions that use it in patrolling territory populated by roughly 1.3m people have seen crime decline by 13%. The city of Santa Cruz, which now also uses PredPol, has seen its burglaries decline by nearly 30%. Similar uplifting statistics can be found in many other police departments across America.

    Other powerful systems that are currently being built can also be easily reconfigured to suit more predictive demands. Consider the New York Police Department’s latest innovation – the so-called Domain Awareness System – which syncs the city’s 3,000 closed-circuit camera feeds with arrest records, 911 calls, licence plate recognition technology, and radiation detectors. It can monitor a situation in real time and draw on a lot of data to understand what’s happening. The leap from here to predicting what might happen is not so great.

    If PredPol’s “prediction” sounds familiar, that’s because its methods were inspired by those of prominent internet companies. Writing in The Police Chief magazine in 2009, a senior LAPD officer lauded Amazon’s ability to “understand the unique groups in their customer base and to characterise their purchasing patterns”, which allows the company “not only to anticipate but also to promote or otherwise shape future behaviour”. Thus, just as Amazon’s algorithms make it possible to predict what books you are likely to buy next, similar algorithms might tell the police how often – and where – certain crimes might happen again. Ever stolen a bicycle? Then you might also be interested in robbing a grocery store.

    Here we run into the perennial problem of algorithms: their presumed objectivity and quite real lack of transparency. We can’t examine Amazon’s algorithms; they are completely opaque and have not been subject to outside scrutiny. Amazon claims, perhaps correctly, that secrecy allows it to stay competitive. But can the same logic be applied to policing? If no one can examine the algorithms – which is likely to be the case as predictive-policing software will be built by private companies – we won’t know what biases and discriminatory practices are built into them. And algorithms increasingly dominate many other parts of our legal system; for example, they are also used to predict how likely a certain criminal, once on parole or probation, is to kill or be killed. Developed by a University of Pennsylvania professor, this algorithm has been tested in Baltimore, Philadelphia and Washington DC. Such probabilistic information can then influence sentencing recommendations and bail amounts, so it’s hardly trivial.
    Los Angeles police arrest a man. The force is using predictive software to direct its patrols. Photograph: Robert Nickelsberg/Getty Images

    But how do we know that the algorithms used for prediction do not reflect the biases of their authors? For example, crime tends to happen in poor and racially diverse areas. Might algorithms – with their presumed objectivity – sanction even greater racial profiling? In most democratic regimes today, police need probable cause – some evidence and not just guesswork – to stop people in the street and search them. But armed with such software, can the police simply say that the algorithms told them to do it? And if so, how will the algorithms testify in court? Techno-utopians will probably overlook such questions and focus on the abstract benefits that algorithmic policing has to offer; techno-sceptics, who start with some basic knowledge of the problems, constraints and biases that already pervade modern policing, will likely be more critical.

    Legal scholar Andrew Guthrie Ferguson has studied predictive policing in detail. Ferguson cautions against putting too much faith in the algorithms and succumbing to information reductionism. “Predictive algorithms are not magic boxes that divine future crime, but instead probability models of future events based on current environmental vulnerabilities,” he notes.

    But why do they work? Ferguson points out that there will be future crime not because there was past crime but because “the environmental vulnerability that encouraged the first crime is still unaddressed”. When the police, having read their gloomy forecast about yet another planned car theft, see an individual carrying a screwdriver in one of the predicted zones, this might provide reasonable suspicion for a stop. But, as Ferguson notes, if the police arrested the gang responsible for prior crimes the day before, but the model does not yet reflect this information, then prediction should be irrelevant, and the police will need some other reasonable ground for stopping the individual. If they do make the stop, then they shouldn’t be able to say in court, “The model told us to.” This, however, may not be obvious to the person they have stopped, who has no familiarity with the software and its algorithms.

    Then there’s the problem of under-reported crimes. While most homicides are reported, many rapes and home break-ins are not. Even in the absence of such reports, local police still develop ways of knowing when something odd is happening in their neighbourhoods. Predictive policing, on the other hand, might replace such intuitive knowledge with a naive belief in the comprehensive power of statistics. If only data about reported crimes are used to predict future crimes and guide police work, some types of crime might be left unstudied – and thus unpursued.

    What to do about the algorithms then? It is a rare thing to say these days but there is much to learn from the financial sector in this regard. For example, after a couple of disasters caused by algorithmic trading in August 2012, financial authorities in Hong Kong and Australia drafted proposals to establish regular independent audits of the design, development and modification of the computer systems used for algorithmic trading. Thus, just as financial auditors could attest to a company’s balance sheet, algorithmic auditors could verify if its algorithms are in order.

    As algorithms are further incorporated into our daily lives – from Google’s Autocomplete to PredPol – it seems prudent to subject them to regular investigations by qualified and ideally public-spirited third parties. One advantage of the auditing solution is that it won’t require the audited companies publicly to disclose their trade secrets, which has been the principal objection – voiced, of course, by software companies – to increasing the transparency of their algorithms.

    The police are also finding powerful allies in Silicon Valley. Companies such as Facebook have begun using algorithms and historical data to predict which of their users might commit crimes using their services. Here is how it works: Facebook’s own predictive systems can flag certain users as suspicious by studying certain behavioural cues: the user only writes messages to others under 18; most of the user’s contacts are female; the user is typing keywords like “sex” or “date.” Staffers can then examine each case and report users to the police as necessary. Facebook’s concern with its own brand here is straightforward: no one should think that the platform is harbouring criminals.

    In 2011 Facebook began using PhotoDNA, a Microsoft service that allows it to scan every uploaded picture and compare it with child-porn images from the FBI’s National Crime Information Centre. Since then it has expanded its analysis beyond pictures as well. In mid-2012 Reuters reported on how Facebook, armed with its predictive algorithms, apprehended a middle-aged man chatting about sex with a 13-year-old girl, arranging to meet her the day after. The police contacted the teen, took over her computer, and caught the man.

    Facebook is at the cutting edge of algorithmic surveillance here: just like police departments that draw on earlier crime statistics, Facebook draws on archives of real chats that preceded real sex assaults. Curiously, Facebook justifies its use of algorithms by claiming that they tend to be less intrusive than humans. “We’ve never wanted to set up an environment where we have employees looking at private communications, so it’s really important that we use technology that has a very low false-positive rate,” Facebook’s chief of security told Reuters.

    It’s difficult to question the application of such methods to catching sexual predators who prey on children (not to mention that Facebook may have little choice here, as current US child-protection laws require online platforms used by teens to be vigilant about predators). But should Facebook be allowed to predict any other crimes? After all, it can easily engage in many other kinds of similar police work: detecting potential drug dealers, identifying potential copyright violators (Facebook already prevents its users from sharing links to many file-sharing sites), and, especially in the wake of the 2011 riots in the UK, predicting the next generation of troublemakers. And as such data becomes available, the temptation to use it becomes almost irresistible.

    That temptation was on full display following the rampage in a Colorado movie theatre in June 2012, when an isolated gunman went on a killing spree, murdering 12 people. A headline that appeared in the Wall Street Journal soon after the shooting says it all: “Can Data Mining Stop the Killing?” It won’t take long for this question to be answered in the affirmative.

    In many respects, internet companies are in a much better position to predict crime than police. Where the latter need a warrant to assess someone’s private data, the likes of Facebook can look up their users’ data whenever they want. From the perspective of police, it might actually be advantageous to have Facebook do all this dirty work, because Facebook’s own investigations don’t have to go through the court system.

    While Facebook probably feels too financially secure to turn this into a business – it would rather play up its role as a good citizen – smaller companies might not resist the temptation to make a quick buck. In 2011 TomTom, a Dutch satellite-navigation company that has now licensed some of its almighty technology to Apple, found itself in the middle of a privacy scandal when it emerged that it had been selling GPS driving data collected from customers to the police. Privacy advocate Chris Soghoian has likewise documented the easy-to-use “pay-and-wiretap” interfaces that various internet and mobile companies have established for law enforcement agencies.

    Publicly available information is up for grabs too. Thus, police are already studying social-networking sites for signs of unrest, often with the help of private companies. The title of a recent brochure from Accenture urges law enforcement agencies to “tap the power of social media to drive better policing outcomes”. Plenty of companies are eager to help. ECM Universe, a start-up from Virginia, US, touts its system, called Rapid Content Analysis for Law Enforcement, which is described as “a social media surveillance solution providing real-time monitoring of Twitter, Facebook, Google groups, and many other communities where users express themselves freely”.

    “The solution,” notes the ECM brochure, “employs text analytics to correlate threatening language to surveillance subjects, and alert investigators of warning signs.” What kind of warning signs? A recent article in the Washington Post notes that ECM Universe helped authorities in Fort Lupton, Colorado, identify a man who was tweeting such menacing things as “kill people” and “burn [expletive] school”. This seems straightforward enough but what if it was just “harm people” or “police suck”?

    As companies like ECM Universe accumulate extensive archives of tweets and Facebook updates sent by actual criminals, they will also be able to predict the kinds of non-threatening verbal cues that tend to precede criminal acts. Thus, even tweeting that you don’t like your yoghurt might bring police to your door, especially if someone who tweeted the same thing three years before ended up shooting someone in the face later in the day.

    However, unlike Facebook, neither police nor outside companies see the whole picture of what users do on social media platforms: private communications and “silent” actions – clicking links and opening pages – are invisible to them. But Facebook, Twitter, Google and similar companies surely know all of this – so their predictive power is much greater than the police’s. They can even rank users based on how likely they are to commit certain acts.

    An apt illustration of how such a system can be abused comes from The Silicon Jungle, ostensibly a work of fiction written by a Google data-mining engineer and published by Princeton University Press – not usually a fiction publisher – in 2010. The novel is set in the data-mining operation of Ubatoo – a search engine that bears a striking resemblance to Google – where a summer intern develops Terrorist-o-Meter, a sort of universal score of terrorism aptitude that the company could assign to all its users. Those unhappy with their scores would, of course, get a chance to correct them – by submitting even more details about themselves. This might seem like a crazy idea but – in perhaps another allusion to Google – Ubatoo’s corporate culture is so obsessed with innovation that its interns are allowed to roam free, so the project goes ahead.

    To build Terrorist-o-Meter, the intern takes a list of “interesting” books that indicate a potential interest in subversive activities and looks up the names of the customers who have bought them from one of Ubatoo’s online shops. Then he finds the websites that those customers frequent and uses the URLs to find even more people – and so on until he hits the magic number of 5,000. The intern soon finds himself pursued by both an al-Qaida-like terrorist group that wants those 5,000 names to boost its recruitment campaign, as well as various defence and intelligence agencies that can’t wait to preemptively ship those 5,000 people to Guantánamo.

    Evgeny Morozov
    The Observer, Saturday 9 March 2013 19.20 GMT

    Find this story at 9 March 2013

    © 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

    Police software mines social media

    Police scan your Facebook comments.Photo / File

    Police have developed a specialist software tool which mines social media for information.

    The Signal tool was developed for high-profile public events and emergencies and works by scanning public-facing material on social media networks such as Facebook and Twitter.

    Police director of intelligence Mark Evans said it was “not typically” used as an evidence gathering or investigative tool although it could be.

    Social media use by law enforcement around the world has grown with the International Association of Police Chiefs finding 77 per cent of agencies used it most commonly to investigate crime. The survey of 600 agencies across the United States found it had helped solve crimes.

    Mr Evans said the tool was developed as part of preparations for the Rugby World Cup because police “wanted the ability to scan social media comments in and around the stadiums in real time”.

    Since then, it had been used for royal visits, Waitangi Day and during the Auckland cyclone. Mr Evans said Signal was not used to crawl random postings. Instead, police would set a geographical area and put in key words.

    As an example, he said a large sporting event could see “protest”, “traffic”, “accident” or “delays”.

    He said the strength of Signal was its ability to help police “identify and analyse social media feeds relevant to crime and public safety” at a specific time and place.

    In doing so, Mr Evans said police were able to judge the impact of an event which had happened or stop a problem escalating. It also helped target people and resources where they were needed, he said.

    During the Rugby World Cup, it allowed police to detect a boy racer convoy heading from Auckland to Hamilton.

    The drivers “felt they would be able to get away with dangerous behaviour on the roads because they believed police resources would be busy elsewhere”, he said.

    Signal was developed as part of a $60,000 emergency management tool.

    Global police use of social media

    53 per cent – Created a fake profile or undercover identity
    48 per cent – Posted surveillance video or images
    86 per cent – Viewed profiles of suspects
    49 per cent – Viewed profiles of victims

    Source: IACP Social Media Survey 2012

    By David Fisher @@DFisherJourno
    5:30 AM Saturday Feb 23, 2013

    Find this story at 23 February 2013

    © Copyright 2013, APN Holdings NZ Limited

    Spam vom Staat

    Er gilt als der böseste Deutsche im Internet: Martin Münch liefert Polizei und Geheimdiensten Überwachungs-Software. Auch Diktatoren drangsalieren mit den Programmen ihre Bürger.

    Im Disney-Film “Mulan” ist alles so einfach. Die Heldin kämpft zusammen mit lauter Männern im chinesischen Militär gegen die Hunnen. Der Film zeichnet Mulans Gegner als schattige, gesichtslose Wesen. Die feindliche Reiterarmee verdunkelt den Horizont. Gut gegen Böse – ein Klassiker.

    Martin Münch lebt in einem Disney-Film. Er weiß, wer die Bösen sind. Er weiß, dass er zu den Guten gehört. Es gibt nur ein Problem: Alle anderen wissen es nicht. Für sie steht Münch auf der falschen Seite des arabischen Frühlings, auf der Seite der Unterdrücker. Menschenrechtler prangern an, er liefere Überwachungssoftware an Diktaturen, willentlich oder leichtfertig.

    Münch, 31, entwickelt Spähsoftware für Computer und Handys. Sie infiziert das digitale Gedächtnis, sie schnüffelt in der virtuellen Intimsphäre. Polizei und Geheimdienst können dank ihr sehen, welche Krankheitssymptome der Überwachte im Web googelt. Sie hören, was er mit der Mutter über das Internet-Telefon-Programm Skype bespricht. Sie lesen seinen Einkaufszettel auf dem Smartphone. Der Trojaner, der das alles kann, heißt Finfisher. Trojaner wird diese Art Software genannt, weil die Spionagefunktionen eingeschmuggelt werden in einer harmlosen Hülle.
    Bild vergrößern

    Martin Münchs Firma Gamma entwickelt den Trojaner Finfisher. (Foto: Robert Haas)

    Seit kurzem testet auch das Bundeskriminalamt, ob Finfisher als Bundestrojaner taugt. Auf sein Produkt ist Münch stolz. Zum ersten Mal zeigte er jetzt deutschen Journalisten, dem NDR und der Süddeutschen Zeitung, wie Finfisher funktioniert. Bisher durften Medien nicht in die Entwicklerbüros in Obersendling in München.

    Auf den Glastüren steht der Firmenname: Gamma Group. Ein Dutzend Mitarbeiter sitzt vor Bildschirmen, die Programmierer gleich vor mehreren. Hinter dem Bürostuhl des Chefs Münch hängt eine Aluminiumplatte mit dem Firmenlogo. Er teilt sich seinen Schreibtisch mit dem Kollegen, der den IT-Notruf betreut. Ihm gegenüber klingelt also das Telefon, wenn irgendwo auf der Welt die Strafverfolgung klemmt. Er ist also sehr nah dran an den Ermittlern, auch sprachlich. “Wenn wir Pädophile verhaften, haben wir ein Problem: Die sperren ihre Rechner automatisch”, sagt Münch, als fahre er bei den Einsätzen mit, und präsentiert schwungvoll die Lösung: einen USB-Stick von Gamma in den PC, und die Daten sind gerichtsfest gesichert.

    Münch kann so technisches Spielzeug gut erklären. Vielleicht, weil er sich das alles selbst beigebracht hat. Er hat keine Fachausbildung, er hat nicht Informatik studiert, nur drei Semester Jazzklavier und Gitarre. Er war mit einer Band auf Deutschlandtournee, trat als Bassist einer Casting-Girlband bei “Popstars” auf. Steht er dagegen heute auf der Bühne, zeigt er auf Sicherheitskonferenzen, wie man Rechner infiziert. Für die Ermittler ist Münch ein bisschen wie Mushu, der kleine Drache aus “Mulan”, dem Disney-Film von 1998. Er ist der coole Helfer, der Mulan bei der Armeeausbildung und im Kampf beisteht. Münch hat eine Firma, über die er 15 Prozent der Anteile der Gamma International GmbH hält. Er hat sie Mushun genannt, nach dem Drachen aus dem Film, nur mit einem zusätzlichen “n” am Ende, sagt er. Dann lacht er verlegen. Doch ist er nicht nur Miteigentümer, sondern auch Geschäftsführer bei Gamma.

    Mit Medien hat Münch noch nicht viel Erfahrung. Der Süddeutschen Zeitung und dem britischen Guardian liegen Dokumente vor, die zeigen, dass die Gamma-Gruppe eine Firma im Steuerparadies Britische Jungferninseln besitzt. Darauf angesprochen, bestritt Münch vor einigen Wochen erst vehement, dass die Gesellschaft überhaupt existiert. Als der Guardian dann Belege schickte, entschuldigte er sich. Er habe gedacht, dass die Tochter wirklich nicht existiert, schrieb er nach London. Auch nun beantwortet Geschäftsführer Münch Fragen zum Geschäft immer wieder ausweichend. Zahlen, Firmenpartner kenne er nicht. “Ich bin ein kleiner Techniker”, sagt Münch. Die strategischen Entscheidungen in der Firma treffe aber trotzdem er.
    Bild vergrößern

    So bewirbt der Gamma-Prospekt den Trojaner für Handys namens Finspy Mobile.

    Gammas Bestseller aus der Finfisher-Familie heißt Finspy. Münch beugt sich über den Apple-Laptop und zeigt, was das Programm kann. Er steckt das Internetkabel in den Rechner und tippt “mjm” in das Feld für den Benutzernamen, für Martin Johannes Münch. Zuerst wählt der Nutzer das Betriebssystem aus, das er angreifen will: ein iPhone von Apple, ein Handy mit Googles Betriebssystem Android oder einen PC mit Windows oder dem kostenlosen System Linux? Der Ermittler kann eingeben, über wie viele Server in verschiedenen Ländern der Trojaner Haken schlägt, bis auch technisch versierte Opfer nicht mehr nachvollziehen können, wer sie da eigentlich überwacht. Der Trojaner kann ein Sterbedatum bekommen, an dem er sich selbst löscht. Genehmigt ein Richter später eine längere Überwachung, kann das Datum nach hinten geschoben werden.

    Dann darf der Ermittler auswählen, wie fies der Trojaner werden soll, was er können darf: das Mikrofon als Wanze benutzen. Gespeicherte Dateien sichten und sichern, wenn sie gelöscht oder geändert werden. Mitlesen, welche Buchstaben der Nutzer auf der Tastatur drückt. Den Bildschirm abfilmen. Skype-Telefonate mitschneiden. Die Kamera des Rechners anschalten und sehen, wo das Gerät steht. Handys über die GPS-Ortungsfunktion zum Peilsender machen. Finspy präsentiert die überwachten Geräte als Liste. Flaggen zeigen, in welchem Land sich das Ziel befindet. Ein Doppelklick, und der Ermittler ist auf dem Rechner.

    Der Trojaner ist so mächtig, als würde jemand dem Computernutzer über die Schulter gucken. Deswegen kommen Ermittler so auch Verdächtigen auf die Schliche, die ihre Festplatte mit einem Passwort sichern und nur verschlüsselt kommunizieren. Der Trojaner liest einfach das Passwort mit. Doch die meisten Funktionen von Finspy sind in Deutschland illegal.

    Und Finspy kostet. Der Preis geht bei etwa 150.000 Euro los und kann ins siebenstellige gehen, sagt Münch. Denn Gamma baut für jeden Kunden eine eigene Version des Trojaners, die mit dem Recht des Landes konform sein soll. Für jeden überwachten Computer müssen Ermittler eine Lizenz von Gamma kaufen. Die meisten Behörden würden fünf Lizenzen erwerben, sagt Münch, manchmal vielleicht auch zwanzig. “Ziel sind einzelne Straftäter.” Ein “mutmaßlich” benutzt er nicht, im Gespräch verwendet er die Worte “Kriminelle” und “Straftäter”, als seien es Synonyme für “Verdächtige” und “Zielperson”.

    Alaa Shehabi ist so eine Zielperson. Ihr Vergehen: Sie kritisierte die Regierung ihres Landes. Die junge Frau ist in Bahrain geboren, einem Inselstaat im Persischen Golf, etwa so groß wie das Stadtgebiet von Hamburg. Ein Königreich – und ein Polizeistaat. Der sunnitische Regent Hamad Ben Isa al-Khalifa herrscht über eine schiitische Bevölkerungsmehrheit. Als der arabische Frühling vor zwei Jahren auch in sein Land schwappte und Shehabi mit Tausend anderen Reformen forderte, rief der König die Armee von Saudi-Arabien zur Hilfe. Fotos und Videos im Internet zeigen geschundene Körper, von Tränengas verätzte Augen und von Schrotkugeln durchlöcherte Leiber. Es sind die Bilder eines blutig niedergeschlagenen Protestes.
    Bild vergrößern

    Die Polizei greift mit Tränengas an: Bei Protesten starben Demonstranten (Foto: Getty Images)

    Die Formel-1-Veranstalter sahen darin kein Problem und luden vergangenen April zum Großen Preis von Manama, einem glitzernden Großereignis mitten in einem gebeutelten Land. König Khalifa wollte zeigen, wie weltoffen Bahrain sei. Die Opposition hingegen versuchte, zumindest einigen angereisten Journalisten die Wahrheit zu berichten. Auch Shehabi, die ihre dunklen Haare unter einem Schleier verbirgt, traf sich mit Reportern. Sie erzählte von der Polizeigewalt, von den Verletzten, den Toten. Sie brach ein Tabu.

    Shehabi war vorsichtig, achtete darauf, dass niemand sie beobachtete, schaltete während des Interviews ihr Handy aus. Trotzdem besuchten Polizisten sie wenig später. Sie fragten, was sie den Journalisten erzählt habe, und warnten sie, so etwas nie wieder zu tun. Die Beamten ließen sie laufen, doch dann kam die erste E-Mail. Im Betreff stand “torture report on Nabeel Rajab”, im Anhang angeblich Fotos des gefolterten Rajab. Er ist ein Freund Shehabis, ein Oppositioneller wie sie. Shehabi versuchte, die Datei zu öffnen. Es ging nicht. Gut für sie: Denn im Anhang war ein Trojaner von Gamma versteckt. Shehabis E-Mails sollten mitgelesen, ihre Telefonate abgehört werden. Der Polizeistaat Bahrain hatte sie im Visier, und Martin Münchs Software half dabei. Auch andere Oppositionelle berichten von ominösen E-Mails. Mal lockten sie ihre Opfer damit, dass der König zum Dialog bereit sei, mal mit vermeintlichen Folterfotos.

    Selbst im Ausland haben Exil-Bahrainer diesen Regierungs-Spam bekommen. Husain Abdulla etwa, der im US-Bundesstaat Alabama eine Tankstelle betreibt und in Washington Lobbyarbeit für Bahrains Opposition macht. Das Königshaus hat ihm deswegen die Staatsbürgerschaft entzogen, wollte ihn aber trotzdem überwachen und schickte ihm einen Trojaner. Die bahrainische Regierung versuchte also, auf US-Boden einen US-Bürger auszuspähen. Gamma macht’s möglich: “Wenn Finspy Mobile auf einem Handy installiert ist, kann es aus der Ferne überwacht werden, wo auch immer sich das Ziel in der Welt befindet”, heißt es dazu in einem Prospekt.

    Die Universität von Toronto in Kanada hat die EMails an Shehabi und Abdulla untersucht. An ihrem Forschungsinstitut Citizen Lab entschlüsselte Morgan Marquis-Boire, Software-Ingenieur bei Google, das Spähprogramm. Er baut einen virtuellen Sandkasten, setzt einen Computer in die Mitte und lässt den Trojaner auf das abgegrenzte Spielfeld. Dann protokolliert Marquis-Boire, wie das Programm den PC kapert, Passwörter kopiert, Skype-Gespräche aufzeichnet, den Bildschirm abfotografiert. Die gesammelten Daten funkt der Trojaner an einen Server in Bahrain. Marquis-Boire entdeckt im Programmcode das Kürzel “finspyv2” – die zweite Version von Finspy. Auch “Martin Muench” steht da. Münch schreibt seinen Namen seit Jahren mit “ue”.
    Citizen Lab fand Münchs Namen im Code des Trojaners. (Foto: Citizen Lab)

    Schnüffelsoftware für einen Polizeistaat? Auf die Vorwürfe reagiert Gamma merkwürdig. Münch verschickt eine Pressemitteilung, in der steht, dass eine Demoversion für Kunden gestohlen worden sei. Eine klare Aussage zu Bahrain gibt es nicht. Münch sagt nicht, wer Gammas Kunden sind. Er sagt auch nicht, wer nicht Kunde ist. Alles ganz geheim. So muss die Firma damit leben, dass Reporter ohne Grenzen und andere Menschenrechtsaktivisten in dieser Woche eine offizielle Beschwerde beim Bundeswirtschaftsministerium einlegten. Sie verlangen schärfere Kontrollen, wohin Gamma exportiert, und berufen sich dabei auf – allerdings freiwillige – Empfehlungen der Organisation für wirtschaftliche Zusammenarbeit und Entwicklung (OECD). Nimmt das Ministerium die Beschwerde an, könnten als nächster Schritt Gamma und die Aktivisten versuchen, hinter verschlossenen Türen im Ministerium eine Einigung zu finden.

    Münch wiederholt bei jeder Gelegenheit, dass seine Firma die Exportgesetze in Deutschland einhält. Das soll vorbildlich wirken, aber in Wirklichkeit werden aus München gar keine Finfisher-Produkte verschickt. Das geschieht von England aus. In Andover, nicht weit von Stonehenge, sitzt die Muttergesellschaft von Gamma International, die Gamma Group. Gründer und neben Münch Mehrheitseigentümer ist Louthean Nelson; die Gruppe beschäftigt 85 Mitarbeiter.

    In Großbritannien und Deutschland gilt allerdings dieselbe EU-Verordnung über den Export von Überwachungstechnik. Überwachungstechnologien sind im Sinne dieses Gesetzes keine Waffen, sondern Güter, die sowohl zivil als auch militärisch genutzt werden können. Fachwort: dual use. Dementsprechend sind die Auflagen deutlich harmloser als für Panzerverkäufe. Am Ende läuft es darauf hinaus, dass Gamma vom Kunden ein Zertifikat bekommt, demzufolge Finfisher wirklich beim richtigen Adressaten installiert wurde, gestempelt vom Staat selbst. Das Papier heftet Gamma ab. Wie oft und genau das Bundesamt für Ausfuhrkontrolle Gamma prüft, wollen weder Münch noch das dafür zuständige Bundeswirtschaftsministerium sagen.

    Wie viele Diktaturen Gamma-Kunden sind, ist nicht bekannt. Das Institut Citizen Lab aus Toronto hat in vielen Ländern Server mit Spuren von Finfisher gefunden. Brunei, Äthiopien, Turkmenistan, die Vereinigten Arabischen Emirate – klingt wie das Kellerduell im Demokratie-Ranking. Doch auch in Staaten wie Tschechien und den Niederlanden fanden die Informatiker Gamma-Server. All diese Länder müssen aber nicht Kunden sein. Jeder Geheimdienst könne schließlich die Daten seines Finfisher-Trojaners durch diese Staaten umleiten, um sich zu tarnen, erklärt Münch. Solche Aussagen können Externe technisch nicht überprüfen.

    In der ungeliebten Öffentlichkeit steht Gamma seit dem arabischen Frühling. Ägyptische Protestler fanden in einer Behörde ein Angebot der Firma an ihre gestürzte Regierung, einen Kostenvoranschlag für Software, Hardware, Training, 287.137 Euro. Eine Lieferung habe es nie gegeben, behauptet Münch.

    Für Andy Müller-Maguhn ist Gamma trotzdem ein “Software-Waffenlieferant”. Er hat eine Webseite zu dem Thema aufgesetzt mit dem Namen buggedplanet.info. Dort protokolliert er Unternehmensdaten, Presseberichte, verwickelte Personen. Müller-Maguhn war früher Sprecher des Chaos Computer Clubs. Ein Video auf Youtube zeigt, wie er sein Projekt 2011 auf der Jahreskonferenz des deutschen Hackervereins präsentiert. Müller-Maguhn ruft seine Seite über Münch auf; die erscheint auf einer Leinwand, mit Geburtsdatum, Privatadresse und Foto von Münch. Der steigt da gerade aus einer Cessna, mit Sonnenbrille und Fliegerjacke, und sieht ein bisschen proletenmäßig aus. Müller-Maguhns Zuschauer lachen.

    Seine Webseite ist auch ein Pranger. “Dass ihre privaten Details in der Öffentlichkeit diskutiert wurden, halte ich für sehr fair, wenn man sich anschaut, was die mit den Leben anderer gemacht haben”, sagt Müller-Maguhn auf der Bühne. “Ich glaube, das ist ein Weg, damit die Leute über Privatsphäre nachdenken.” Applaus und Jubel sind kurz lauter als seine Stimme. Er zuckt mit den Schultern. “Sie wollten nicht am öffentlichen Diskurs teilnehmen. Das wäre vielleicht die Alternative.”

    Seit seine Adresse bekannt ist, bekommt Münch Postkarten, auf denen nur steht: “Ich habe ein Recht auf Privatsphäre.” Kein Absender.

    Spricht Münch über seine Kritiker, klingt er ehrlich entrüstet: “Wir haben immer dieses Bad-Boy-Image. Ist aber kein schönes Gefühl.” Zumal es unverdient sei: “Manche Leute sagen: ,Das mag ich nicht, das geht ins Privatleben.’ Aber die Tatsache, dass sie es nicht mögen, heißt nicht, dass wir etwas Illegales machen.” Er selbst finde zum Beispiel die Fernsehsendung Deutschland sucht den Superstar “scheiße”, aber deswegen sei die nicht illegal.

    Quelle: SZ vom 09.02.2013/bbr

    9. Februar 2013 10:46 Finfisher-Entwickler Gamma
    Von Bastian Brinkmann, Jasmin Klofta und Frederik Obermaier

    Find this story at 9 February 2013

    Copyright: Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH

    << oudere artikelen  nieuwere artikelen >>