And yet, through all of this, it's still easier and takes less time for them to violate our privacy rights than it is for private citizens gather similar data about elected officials and information regarded as "public".
I've been trying to get Chicago's mayor's office's phone records for a while now. 1.5 years, 4 FOIAs to two different city departments, state's attorney FOIA request for review, redactions left and right, a fight for AG anonymity, and a lawsuit later, I got a list of phone numbers and created [0].
The amount of pushback and bad interpretation of FOIA that prevented me, or anyone else, in getting that data was shameful. And after all of that, the judge didn't give me the FOIA suit payout since the city eventually "complied".
It's no wonder nobody actually tries to make positive change - it's just so damn hard.
edit: cleaned up a wee. Also, that link's for the whole office suite, not just the room the mayor calls his office. Please don't try to come to any direct conclusions.
Wow nice work. I'm glad you persevered. What they finally gave you is hilarious.
The first design feature of the panopticon is that any inmate can be seen by the guards at any time without his knowledge. The second equally important design feature is that the inmate can never see the guard, can never see what he's up to or who he is looking at. Or even if he's around.
In the present context this manifests itself in the above hilarious obstructionism against FOIA and open government, and more ominously in Obama's war against whistle blowers.
Thanks :). What's absurd is that they released (redacted) numbers for phones outside of government, but claimed that even redacted government phones were exempt from release. Because of privacy reasons, and because they'd be interrupted at home. So, they essentially gave themselves FOIA privacy while giving strangers information on strangers.
The judge eventually just told them to just Google the phone numbers as a check if they're public numbers. They followed with other checks, and a longish list of numbers was the result. There was one government phone redacted, but we got the name of the person a bit later, with just a name, no number.
Great work, nice to see people exercise FOIA laws and show the results...but I do have to jump to one question...So these are calls from the mayor's office? You list one receiving number as belonging to "Aura - Prestige Club"...any more information on that call (e.g. the duration, the time of day, etc)?
Thanks! These are just outbound calls. I get the data from their billing system through their IT department, and I don't think they get charged for incoming.
I submitted two requests earlier to get that info and hopefully more. "Unduly burdensome" is a lame, so it has to be done in piecemeal. We'll see.
Thanks for the info, and hope it results in the full record being put out, although even going through the process and being able to document its failures is a big win for the civic sphere. And it seems Mayor Emanuel (from an outsider's perspective) is at a relatively high point of punch-bagginess after the alleged coverup of the Laquan McDonald shooting.
I was curious to see if your request (or anything to do with phone calls) was in the published FOIA log [0] by the mayor's office...maybe it is/isn't (I don't know who you are)...but it seems that they've been slow to update the log, with no new records since August 2015. Other FOIA logs, such as the 311 requests [1] (though not the police), seem to still be updated.
This kindle can't load socrata right, but that timeframe makes sense. After the initial request for the mayor's records directly, I did another to the FOIA officer to see if it was just the mayor without records.
I actually got the records by a request to their IT Dept for the mayor's office's VoIP logs. They ended up getting me info from the phone's billing system, but redacted. It took six months or so of waiting for AG to agree with my arguments to unredact the records.
Chicago's lawyer then swooped in and called a technical foul... since they don't use VoIP, so the request was invalidated.
A nearly identical request later (without "VoIP") and they sent me the exact same PDF as before along with a claim of unduly burdensome to discover if the numbers were releasable or not. So then we sued.
There's definitely a middle ground, though, and regulating FOIA to prevent abuse would do well in avoiding situations like /r/floridaman. It's not what the spirit of FOIA is for, so penalties (eg, requests are handled slower, as IL does) should definitely happen.
Chicago's FOIA officers seem to be pretty good with not giving too much information out, but they slip sometimes. Some other data I have includes all of Chicago's parking tickets, including license plates, but the only reason I was able to get that was because of a slipup that resulted in the tribune getting all red light camera ticket's license plate info.
If they'd followed foia properly there, I wouldn't have been able to get license plates. That, and it would've been within reason if they rejected my request for plate info, so I'd've just moved on.
Can we please stop calling these demands 'requests'? "n. the act of asking for something to be given or done, especially as a favor or courtesy; solicitation or petition". The connotation is really misleading.
I've held my tongue about this through dozens of stories, and I won't harp on it again, but after the third time in this article I'm sort of snapping.
A factor that I feel is more important but was sort of glossed over during the article is the fact that it is a competitive disadvantage NOT to do this.
The average person is becoming increasingly security conscious, and so are small and medium sized businesses. I seem to remember that Azure was having a really hard time selling to an international audience because foreigners thought the data would be vulnerable in the hands of the US government.
As someone who doesn't live in the US and works in consulting the few years post Snowden were quite curious, with clients who previously didn't mind using cloud solutions like Amazon S3 actively refusing any architecture choices which would lead to having their data stored in the US, even if it meant greater expense.
I really do believe that not taking an approach similar to this where we use End to End encryption and companies minimise their access over their customers data as much as humanly possible can and does lead to lost business.
This is one of the advantages to my employer's cloud product - you can architect your servers and networks entirely outside of the US. Choose only European datacenters, and your data stays in Europe. By the exact same token, if you have a requirement to keep your data in the USA, you can easily design your networks and services to comply.
It hardly matters. These liars are going to find some tenuous link between terrarism and the encryptions and scream about it at the top of their lungs.
ps -- remember the san bernardino attacks? The attackers destroyed their personal cells and left a work cell behind. It's pretty obvious there never was anything on it. And had the fbi found anything germane, they would have trumpeted it.
CNN and the Washington Post both reported that WhatsApp and Telegram were found on several of the Paris attackers' phones, but that the content wasn't able to be recovered.
When the German Verfassungsgericht (our equivalent of the US Supreme Court, I guess) struck down the data retention law on phone/Internet metadata, there was a sentence in the verdict that was just priceless - "Wo ein Trog ist, da kommen die Schweine" (Where there is a trough, the pigs will come).[1]
If more services start to avoid storing data altogether (or at least only encrypted in a way that prevents them from accessing the data), there will be less food so to speak for the various creatures that might gravitate towards the trough.
[1] NB that the choice of words is not mine - the irony of a supreme court judge calling law enforcement and intelligence agencies pigs is kind of nice, though. ;-)
When it comes to data privacy and security, it's hard to find a more saavy people than the Germans. I wish we had a chaos computer club out in America.
An effective barrier is making it IMPOSSIBLE for a government request for data to be fulfilled - such as end-to-end encryption where the intermediary never has the key, like Whatsapp has done. This is easiest if implemented into a new system from the beginning design of its architecture.
It completely removes the need to waste person-hours attempting to fulfill a "wiretrap" request, whether from a warrant or FISA-court type thing, if the request is impossible due to lack of crypto keys. And at least at present completely legal unless the US passes laws outlawing crypto.
What can be done? Building a new open-sourced layer on top of the current internet, from scratch, that's impervious to snooping and censorship by design?
There are precedents for that kind of thing here and there already, in Bittorrent, Bitcoin, Ethereum, Freenet, TOR... and as [1] said, SMTP.
TLS1.2 for SMTP end-to-end is obviously a good thing, but it has its own problems aside from all of the crap we've been piling on top of SMTP for 20+ years (SPF, DKIM, DMARC, TLS1.2, etc) for ISP mail server operational reasons.
At some point that mail has to go into storage somewhere so it can be accessed by a user/client via IMAP, and that's where the subpoena/national security letter/warrant/FISA court request will go. To whatever location the disk storage resides at.
There is a guy in Florida who is championing for more open government. The number of FOIA requests and lawsuits he has brought and won is pretty interesting. His work in general is very interesting and he is currently working on a pretty cool database idea for the state of Florida. His website is:
His name is Joel Chandler and he lives in Lakeland, FL. You can Google him for more details on some of the requests he has made and lawsuits he has filed to get information.
Keeping governments out of private data is a great goal. I wish the same emphasis were placed on Silicon Valley's own practices of tracking every bit of our lives. At anywhere between 75-200 billion of revenue, the largest Silicon Valley behemoths have more economic power than any of the poorest 122 countries in the world, including places like Ethiopia, Croatia or Uruguay.
The government has an easy answer to this, data retention laws, which are already common in many countries. The more companies start doing this, the quicker the laws will be passed, and the stricter they will be when they are. It's a temporary solution to a structural mismatch between government and startup incentives.
You would have to have a direct link to your counterparty. Otherwise you'd have to account for why your upstream ISP had record of traffic that you cannot produce any records for.
I've been trying to get Chicago's mayor's office's phone records for a while now. 1.5 years, 4 FOIAs to two different city departments, state's attorney FOIA request for review, redactions left and right, a fight for AG anonymity, and a lawsuit later, I got a list of phone numbers and created [0].
The amount of pushback and bad interpretation of FOIA that prevented me, or anyone else, in getting that data was shameful. And after all of that, the judge didn't give me the FOIA suit payout since the city eventually "complied".
It's no wonder nobody actually tries to make positive change - it's just so damn hard.
[0] https://docs.google.com/spreadsheets/d/1hgG79eIr8MbkjYrCvcTR...
edit: cleaned up a wee. Also, that link's for the whole office suite, not just the room the mayor calls his office. Please don't try to come to any direct conclusions.