Favorite Quotes

"Once you walk into a courtroom, you've already lost. The best way to win is to avoid it at all costs, because the justice system is anything but" Sydney Carton, Attorney. "There is no one in the criminal justice system who believes that system works well. Or if they are, they are for courts that are an embarrassment to the ideals of justice. The law of real people doesn't work" Lawrence Lessig, Harvard Law Professor.

Tuesday, August 19, 2014

DHS's Urban Shield program is responsibile for police militarization

Stop 'Urban Shield' conference: Say 'NO' to militarized police:

The militarized lockdown and brutal attack on Ferguson’s Black community is not an anomaly. Police repression is growing across the US and globally through coordinated efforts to militarize policing tactics and weapons.
Local police departments are now directly funded by the Departments of Homeland Security and Defense. From September 4th-8th, one such DHS-backed program, Urban Shield, will be hosted by Oakland’s Marriott Hotel. This weekend – including SWAT training, national and transnational police networking, and weaponry sales – is coordinated by the Urban Areas Security Intiative (UASI.) UASI is an initative in which the St. Louis area police actively participate. The military tanks, tear-gas, rubber bullets and SWAT armor attacking the people of Ferguson are there because of these programs: Resist the occupation of Ferguson by stopping Urban Shield.
Click here & here to find out more about the 2014 Urban Areas Security Initiative (UASI) Nonprofit Security Grant Program (NSGP)
People across the country are rising up to resist militarized policing. We cannot allow this engine of state repression to continue. Take a stand with WRL in Oakland to oppose Marriott’s profiteering from the militarized repression of our communities. Sign and share the petition.

Law enforcement agencies could hack your computer via YouTube videos

A new research report from the Citizen Lab by Morgan Marquis-Boire (perhaps better known as Morgan Mayhem), entitled Schrodinger’s Cat Video and the Death of Clear-Text. He's also written about it at the Intercept (where he now works), explaining how watching a cat video on YouTube could get you hacked (though not any more).

The key point was this: companies producing so-called "lawful intercept" technology, that was generally (but not always) sold to governments and law enforcement agencies had created hacking tools that took advantage of non-SSL'd sites to use a basic man-in-the-middle attack to hack into targeted computers.
Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner. 
Fortunately for their users, both Google and Microsoft were responsive when alerted that commercial tools were being used to exploit their services, and have taken steps to close the vulnerability by encrypting all targeted traffic. There are, however, many other vectors for companies like Hacking Team and FinFisher to exploit.  
Many large ad networks still refuse to support SSL -- which is also why so few media sites support SSL. In order to do so, you have to drop most ad networks. Between ad networks and popular media targets, it's likely that there are plenty of opportunities for network injection going on.
Provided that the attacker can persuade a sufficiently large carrier to install a network injection apparatus, they can be reasonably certain of the success of any attack. While an attacker would still need an exploit to escape from the context of the target’s browser, one of the browser plugins (such as flash, java, quicktime, etc.) or similar is likely to provide a low cost avenue for this. This type of capability obviates the need for spear-phishing or more clumsy attacks provided the target is in the attacker’s domain of influence.

This type of approach also allows for the ‘tasking’ of a specific target. Rather than performing a manual operation, a target can be entered into the system which will wait for them to browse to an appropriate website and then perform the required injection of malicious code into their traffic stream. As such, this could be described as ‘hacking on easy mode’.
The key point made by the new report is not about the ideas behind network injection. That's been well-known for a while, and the NSA's and GCHQ's "Quantum Insert" packet injection system has been talked about recently. The main revelation here is that there are commercial vendors selling this technology to all sorts of law enforcement folks, meaning that it's probably widely used with little oversight or transparency. And that should be a pretty big concern:
These so-called “lawful intercept” products sold by Hacking Team and FinFisher can be purchased for as little as $1 million (or less) by law enforcement and governments around the world. They have been used against political targets including Bahrain Watch, citizen journalists Mamfakinch in Morocco, human rights activist Ahmed Mansoor in the UAE, and ESAT, a U.S.-based news service focusing on Ethiopia. Both Hacking Team and FinFisher claim that they only sell to governments, but recently leaked documents appear to show that FinFisher has sold to at least one private security company.
With all the attention on NSA/GCHQ surveillance, it's good that people are recognizing just how powerful some of these tools are. But we ought to be quite concerned about how ordinary law enforcement around the globe is making use of these tools as well, often with much less oversight and even less accountability.

Monday, August 18, 2014

Boston Police used facial recognition software to spy on everyone attending a local music festival

Boston's police department apparently performed a dry run of its facial recognition software on attendees of a local music festival.
Nobody at either day of last year's debut Boston Calling partied with much expectation of privacy. With an army of media photographers, selfie takers, and videographers recording every angle of the massive concert on Government Center, it was inherently clear that music fans were in the middle of a massive photo opp.

What Boston Calling attendees (and promoters, for that matter) didn't know, however, was that they were all unwitting test subjects for a sophisticated new event monitoring platform. Namely, the city's software and equipment gave authorities a live and detailed birdseye view of concertgoers, pedestrians, and vehicles in the vicinity of City Hall on May 25 and 26 of 2013 (as well as during the two days of a subsequent Boston Calling in September). We're not talking about old school black and white surveillance cameras. More like technology that analyzes every passerby for height, clothing, and skin color.
While no one expects their public activities to carry an expectation of privacy, there's something a bit disturbing about being scanned and fed into a database maintained by a private contractor and accessible by an unknown number of entities. Then there's the problem with the technology itself which, while improving all the time, is still going to return a fair amount of false positives.

Ultimately, taking several thousand photos with dozens of surveillance cameras is no greater a violation of privacy than a single photographer taking shots of crowd members. The problem here is the cover-up and the carelessness with which the gathered data was (and is) handled.

First, the cover-up. Like many surveillance programs, this uses the assumed lack of an expectation of privacy as its starting point. But this assumption only works one way. The public can only expect a minimum of privacy protections in public, but law enforcement automatically assumes a maximum of secrecy in order to "protect" its investigative techniques.

In this particular situation, careless security dovetails directly into the cover-up. Boston's Dig website came across a ton of data, documents and captured video from this program just laying around the web.
Dig reporters picked up on a scent leading to correspondence detailing the Boston Calling campaign while searching the deep web for keywords related to surveillance in Boston. Shockingly, these sensitive documents have been left exposed online for more than a year. Among them are memos written by employees of IBM, the outside contractor involved, presenting plans to use "Face Capture" on "every person" at the 2013 concert. Another defines a party of interest "as anyone who walks through the door."
'Guilty until proven innocent" remains the mantra of mass surveillance. Here, a "person of interest" is also just an "attendee." They are inseparable until the software has done its sorting, and even then, the non-hit information is held onto for months or years before being discarded.

Beyond the documents, there's the captured video, much of which remains online and accessible by the general public.
More than 50 hours of recordings — samples of which are highlighted herein as examples — remain intact today.
Dig gathered up all of this info and confronted the Boston Police Department about its involvement in this project.
Reached for comment about “Face Capture” and intelligent video analysis, a Boston Police Department spokesperson wrote in an email, “BPD was not part of this initiative. We do not and have not used or possess this type of technology.”
A normal denial and generally solid… except for one thing.
The Boston Police Department denied having had anything to do with the initiative, but images provided to me by Kenneth Lipp, the journalist who uncovered the files, show Boston police within the monitoring station being instructed on its use by IBM staff.
The outing of these documents forced the city to acknowledge its participation.
In response to detailed questions, Kate Norton, the press secretary for Boston Mayor Marty Walsh, wrote in an email to the Dig: “The City of Boston engaged in a pilot program with IBM, testing situational awareness software for two events hosted on City Hall Plaza: Boston Calling in May 2013, and Boston Calling in September 2013. The purpose of the pilot was to evaluate software that could make it easier for the City to host large, public events, looking at challenges such as permitting, basic services, crowd and traffic management, public safety, and citizen engagement through social media and other channels. These were technology demonstrations utilizing pre-existing hardware (cameras) and data storage systems.”
The city claims it's not interested in pursuing this sort of surveillance at the moment, finding it to be lacking in "practical value." But it definitely is interested in all the aspects listed above, just not this particular iteration. It also claims it has no policies on hand governing the use of "situational awareness software," but only because it's not currently using any. Anyone want to take bets that the eventual roll out of situational awareness software will be far in advance of any guidance or policies?

Better security is also a must and Boston's -- despite recent events -- seems to be full of holes.
Similarly, [Dig's Kenneth Lipp] easily found his way into lightly secured reams of documents that include Boston parking permit info, including drivers’ licenses, addresses, and other data, kept online on unsecured FTP servers.

“If I were a different kind of actor, a malicious state actor, I could pose a significant threat to the people of Boston because of what I have in the folder.”
Government entities roll out pervasive surveillance programs, almost exclusively without consulting the public, and expect citizens to trust them with the data -- not only what they share and whom they share it with, but to keep it out of the hands of criminals and terrorists. But Boston (and IBM) have proven here that this trust is wholly undeserved.

When the Boston PD lied about its involvement, I'm sure it expected any damning info to be safely secured. Now that it knows that's not true, I wonder if it will be more careful in the future, both with the data it collects on its own as well as its partnerships with third parties.

Unfortunately, as with any mass surveillance, the ease of collecting it all turns everyone into a suspect until proven otherwise. Better targeting and stricter data minimization rules would mitigate this somewhat, but those deploying these programs usually feel it's better to have it all… just in case.


Thursday, August 14, 2014

90% of smartphones are at risk of password theft, stolen data & hackers taking full control of devices

Security researchers revealed two separate threats last week they say could put up to 90 percent of the world’s 2 billion plus smartphones at risk of password theft, stolen data and, in some cases, let hackers take full control of devices.
One vulnerability involves flaws in the way scores of manufacturers of Apple, Google Android and Blackberry devices, among others, have implemented an obscure industry standard that controls how everything from network connections to user identities are managed.

The threat could enable attackers to remotely wipe devices, install malicious software, access data and run applications on smartphones, Mathew Solnik, a mobile researcher with Denver-based cyber security firm Accuvant, said in a phone interview.

A separate threat specifically affecting up to three-quarters of devices running older Android software has been unearthed by researchers at Bluebox Security of San Francisco.

Dubbed “Fake ID”, the vulnerability allows malicious applications to trick trusted software from Adobe, Google and others on Android devices without any user notification, the company said on Wednesday.

“Essentially anything that relies on verified signature chains of an Android application is undermined by this vulnerability,” Bluebox said in a statement referring to devices built before Google updated its core software late last year.

Solnik stressed that the threat to smartphone management software identified by Accuvant remained remote to average users and said that only a few dozen mobile communications experts in the world would currently be able to replicate the technique. But by publicizing the risks, his company hopes to avert this becoming a danger on a global scale.

Christina Richmond, a security services analyst with research firm IDC said detecting these vulnerabilities is positive in that the phone industry has a chance to act on these findings before they can be exploited by bad actors.

“These security threats have become everyday issues for billions of smartphone users worldwide,” she said. “Mr. and Mrs. End User needs to understand the risk of not updating their phone’s software.”

Why you should secure your smartphone:

A new nationwide survey by Consumer Reports found that 34% of all smartphone owners do absolutely nothing, not even a simple code to lock the screen.

"This is one of the reasons why so many people's accounts get hacked when their mobile phone is lost or stolen," said security expert Robert Siciliano with BestIDTheftCompanys.com. "When the device is not password protected, anyone who finds or steals it has direct access to all of your accounts that automatically log-in as soon as an application is launched."

Consumer Reports found that only 36 percent of the smartphone users have set a 4-digit PIN to lock their phone.

"Four digits are better than nothing, but the strongest passcodes have at least eight digits in them and have a mix of letters, numbers and symbols," said Mike Gikas, a senior electronics editor at the magazine.

Even fewer people take more aggressive measures to protect the data on their phone, such as:
  • Install software that can find the phone if it's lost: 22 percent
  • Install an antivirus app: 14 percent
  • Use a PIN longer than 4 digits, a password or unlock pattern: 11 percent
  • Install software that can erase the data on the phone: 8 percent
  • Use security features other than screen lock, such as encryption: 7 percent
"I'm not surprised by these low numbers," said Timo Hirvonen, a senior researcher at the global security firm F-Secure. "Most people don't see the need for security on their mobile devices. This is very short-sighted considering the kinds of information people have on them and access with them."

"That smartphone is a computer, like any other, and there's just as much risk of being a victim if you don't take the proper security precautions," said Alphonse Pascual, a senior analyst for security, risk and fraud at Javelin Strategy & Research. "Criminals are targeting those devices and people need to understand that."

Malware is a very real threat, especially for Android devices. The same type of viruses and other malicious software that can infect your desktop or laptop—and spy on everything you do – are now being launched at mobile devices.

"They can record your user names and passwords, the websites you visit, the text messages or emails you send and receive—it's pretty scary," Siciliano said. "You need to protect your mobile devices with antivirus, anti-spyware and other security software."

Security tips for smartphone users:
  • Set the phone to lock after one minute or less.
  • Does your phone have a setting that will erase all the data if there are too many—typically more than 10—unsuccessful attempts to enter the password? If so, enable it.
  • Update the operating systems, apps and programs as soon as you are notified. These updates often contain security enhancements and patches for vulnerabilities.
  • Use a "find my phone" app that lets you locate the phone if it's lost or stolen and erase all the data remotely.
  • Stick with trusted app stores. This won't guarantee "clean" software, but it will greatly reduce the risk.
  • Don't click links in an email, text or social network on your mobile device. It could lead you down a rat hole.
8 more tips to protect your smartphone:
  1. Avoid public Wi-Fi such as at airports, hotels and coffee houses unless you are using a VPN from Hotspot Shield.
  2. Disable your GPS to keep your location hidden.
  3. Stay clear of unofficial versions of the popular applications. These are often found on 3rd party sites when you root or jailbreak your phone.
  4. Don’t save your passwords in your browser, use a password manager.
  5. Go through all of your apps make sure they don’t have access to personal information that you don’t want them to have access to.
  6. Never save a password in a very private application like that of your bank’s and always log out completely from your e-mail every time you’re done using it.
  7. Anti-theft software. Enable the remote wipe function. This kind of app will help you locate a lost or stolen smartphone, but don’t delay in setting this up.
  8. Keep a backup of all of your device’s data.

Wednesday, August 13, 2014

Warning: Women with PMS, police will soon have a stress-scanning camera

Chinese scientists are developing a mini-camera to scan crowds for highly stressed individuals, offering law-enforcement officers a potential tool to spot would-be suicide bombers.
So anyone that's stressed out like a woman on PMS or any male or female that is worried about bills, debts, bad relationships etc., will be targeted by law enforcement. What about the thousands of people on anti-depressants or anyone with Lyme tick disease, this is beyond ludicrous!
You can bet DHS, local police everywhere will soon want them.

Security officers deployed in a busy bus station would need to filter a tremendous amount of data and process it in a short amount of time. Such computing power is not available in smartphone-sized devices, so officers would need to send the information to analysts off-site, over a Wi-fi network, which introduces a new set of challenges.

But the technology has raised concerns over its implications for individual privacy and potential abuse by government agencies.

Stress has a range of effects on the body. It can register as changes in heart rate, facial expression and body temperature, which scientists can already monitor from a distance. But the readings are not always reliable. For example, with enough practice, a person can learn to control their heartbeat.

That's why Chen Tong , an associate professor of electronic information engineering at Southwest University in Chongqing looked at another indicator - the level of blood oxygenation. Using hyperspectral imaging, which examines information across the electromagnetic spectrum, Chen and his research team have developed a "stress sensor" that measures the amount of oxygen in blood across exposed areas of a body, such as the face. "The higher the mental stress, the higher the blood oxygenation," he said.
"They all looked and behaved as ordinary people but their level of mental stress must have been extremely high before they launched their attacks. Our technology can detect such people, so law enforcement officers can take precautions and prevent these tragedies," Chen said.

Officers looking through the device at a crowd would see a mental "stress bar" above each person's head, and the suspects highlighted with a red face.

But Li Jiancheng, a resident in Shanghai's Pudong district, said he worried the technology would be abused by the authorities. "The technology can be used on terrorists, but harmless people such as petitioners and protesters could be the target as well. I would feel uncomfortable and tense if a police officer stared at me through strange goggles," he said.
Really is this what the world is coming to? Cameras & police computers called predictive policing are in use today.  If you guessed a private corporation, (Rand) is behind predictive policing & profiting handsomely you get a gold star. 

Tech companies are furiously investing in wearable gadgetry that is primarily being marketed for health and fitness, but willingly records a user's information. Could these wearable devices become easily integrated into the pre-crime police grid once a large segment of the population wears them, similar to the pervasive use of other smart gadgets? On the other side, even if one chooses to opt out (while you still can) of these gadgets, could Google Glass-type devices also be modified to become remote stress sensors for police use? In fact, Google Glass already been modified to read brain waves.

The predictive policing model is deceptive and problematic because it presumes that data inputs and algorithms are neutral, and therefore that the information the computer spits out will present police officers with objective, discrimination-free leads on where to send officers or deploy other resources.

This couldn't be farther from the truth.

As Ronald Bailey wrote for Reason, "The accuracy of predictive policing programs depends on the accuracy of the information they are fed." Many crimes aren't reported at all, and when it comes to the drug war, we know for certain that police don't enforce the law equally. 

Monday, August 11, 2014

Pentagon training program claims dissension is a threat

A new version of a computer-based cyber-security training course from the Pentagon still classifies disillusionment with U.S. foreign policy as a "threat indicator" that a federal employee might be a spy. 

That training, available online and still being used as recently as last week, has been administered to millions of military and civilian employees throughout the federal government.

Little seems to have changed since HuffPost reported on an earlier version of the same training course last year -- even though a spokesman said then that the training was being "updated."

Back then it was "Hema" who was unhappy with foreign policy -- now it's the anglicized "Helen."

Back then she visited family in India -- now she just travels abroad. Either way, government employees are still dinged with a loss of points in a spy-catching game if they don't identify dissent and foreign travel as her threat "indicators."

Helen "speaks openly of unhappiness with U.S. foreign policy." Combined with her trips abroad and her money troubles, these clues get her labeled as a "high" threat.

The "CyberAwareness Challenge" training echoes many of the concepts in a 2012 "insider threat" policy produced by President Barack Obama's administration that treats people who leak to the press as security threats. The concern over insider threats has only intensified since the leaks from former NSA contractor Edward Snowden began.

One concerned federal employee, who took the training in an agency far removed from the Pentagon, told HuffPost that its goal seems to be "to encourage workers to identify individuals with critical opinions about our government and overtly consider them suspect."

"There is a message of intimidation here. If you express a concern about the government's functioning, you are a suspect," said the federal worker, who requested anonymity for fear of reprisal from his agency.

Heirloom seed proponents being labeled 'agri-terrorists' by our government:

For those who are not familiar with seed libraries, they permit consumers to walk in and take home Heirloom seeds or non GMO seeds -- for free. The "borrower" plants the seeds and then, when harvest time comes around, he/she saves seeds and then returns them to the library, where they can then be loaned out to others.

But apparently, Luther writes, that practice is in violation of the "Seed Act of 2004." Yes, America, there is actually a law that makes seed lending and replacement illegal.

"Agri-terrorism is a very, very real scenario," she said. "Protecting and maintaining the food sources of America is an overwhelming challenge ... so you've got agri-tourism on one side and agri-terrorism on the other."

In commenting on the ludicrous nature of the law, Luther wrote that, "luckily for the Cumberland County Library System, the state D of A [Department of Agriculture] decided that SWAT was not necessary and instead sent a high-ranking official and a team of lawyers to shut down the seed library."

Alas, another national emergency averted.

Luther noted that Jonelle Darr, the executive director of the library, said that 60 local residents had signed up to participate in the seed library. She added, however, that continuing the project is not possible now, due to the overly restrictive requirements from the state department of agriculture.

According to The Sentinel newspaper, prior to having its seed library shuttered, the library system had spent a great deal of time working in partnership with the Cumberland County Commission for Women and obtaining information from the local Penn State Ag Extension office in order to create the pilot seed library project.

"The effort was a new seed-gardening initiative that would allow for residents to 'borrow' seeds and replace them with new ones harvested at the end of the season," the paper said in its online version.

Mechanicsburg's effort was launched April 26 in conjunction with an Earth Day festival, however, a number of similar efforts had already begun across the state before that local initiative was launched.

The US has a Muslim blacklist, ACLU says:

The United States violates its own immigration laws through an under-the-radar "blacklist" that denies citizenship, green cards and political asylum to thousands of people, including innocent people placed a terrorist watch list, longtime legal-resident Muslims claim in Federal Court.
Lead plaintiff Reem Muhanna, et al. claim that the U.S. Citizenship and Immigration Service has consistently denied their applications for citizenship and lawful permanent residence after secretly blacklisting them as "'national security concerns,'" though they pose no threat to the United States.
The ACLU filed the lawsuit on July 31 against the USCIS, the Department of Homeland Security, and a slew of their national and regional officers.
The plaintiffs claim that the Citizenship and Immigration Service uses obscure rules, under a program known as the Controlled Application Review and Resolution Program (CARRP), to delay or deny applications. 
"Under this unfair and unconstitutional program, the government has blacklisted their applications without telling them why and barred them from upgrading their immigration status in violation of the immigration laws," ACLU attorney Jennie Pasquarella said in a statement.

  Center for constitutional rights takes animal rights "terrorism" law to supreme court
Last night, the Center for Constitutional Rights (CCR) asked the U.S. Supreme Court to review its case challenging the federal Animal Enterprise Terrorism Act (AETA) as a violation of the First Amendment. The law punishes causing lost profits to an animal enterprise, but makes no distinction between loss caused by criminal acts and loss caused by boycotts and other constitutionally-protected activity.  
The Animal Enterprise Terrorism Act punishes anyone found to have caused the loss of property or profits to a business or other institution that uses or sells animals or animal products, or to a “person or entity having a connection to, relationship with, or transactions with an animal enterprise.” CCR attorneys argued the law was unconstitutionally vague and overbroad, and that it cast a chill on legal First Amendment activity by the animal rights activists they represent.
The appellate court ruled that the activists were not permitted to sue because they did not reach the unprecedented threshold that their prosecution under the law was “certainly impending.”
“Courts have never required that a prosecution be imminent before a plaintiff can bring a pre-enforcement challenge to a criminal statute,” said CCR Senior Staff Attorney Shayana Kadidal. “And for good reason—the chilling effect of laws like the AETA causes people to silence themselves out of fear of prosecution. Yet, the First Circuit’s ruling requires that these individuals risk being charged as terrorists for speaking out before they can demonstrate that the law is unconstitutional.”

CNN Poll: Trust in government at all-time low:

Just 13% of Americans say the government can be trusted to do what is right always or most of the time, with just over three-quarters saying only some of the time and one in 10 saying they never trust the government, according to the poll.

"The number who trust the government all or most of the time has sunk so low that it is hard to remember that there was ever a time when Americans routinely trusted the government," CNN Polling Director Keating Holland said.

Only 17% of Americans believe that big business can be trusted to do what is right always or most of the time.

AMTRAK/DHS's fear mongering video: "Take flight, take cover, take action"

Thursday, August 7, 2014

DARPA's smartphone app implemented at the 2014 Boston Marathon

A smartphone system developed by the blue-sky research arm of the Pentagon was implemented at the 2014 Boston Marathon.

The Pentagon launched the Transformative Apps program under the DARPA umbrella. The TransApp mission, as stated on DARPA's website, is to "develop a diverse array of militarily-relevant software applications using an innovative new development and acquisition process." The hardware itself is basically the same as what everyday Americans are walking around with every day. The big difference comes in how they're connected. Since civilian networks can't be trusted, soldiers must constantly set up secure networks on the fly using a suite of radios and networking equipment.

So the Pentagon launched the Transformative Apps program under the DARPA umbrella. The TransApp mission, as stated on DARPA's website, is to "develop a diverse array of militarily-relevant software applications using an innovative new development and acquisition process." The hardware itself is basically the same as what everyday Americans are walking around with every day. The big difference comes in how they're connected. Since civilian networks can't be trusted, soldiers must constantly set up secure networks on the fly using a suite of radios and networking equipment.

Accordingly, TransApp developed a system that soldiers could plug smartphones into and gain basic connectivity. The corresponding apps are also designed to maintain functionality, even when they go offline.

The DARPA program manager responsible for TransApp, Doran Michels, told Gizmodo how the program developed and eventually came to be used in Boston:

Doran told Adam Clark Estes the history of TransApp the way a proud father talks about his family. The program started in 2010 with a budget of nearly $79 million over four years. (That's not a lot of money for a military with a total budget of over half a trillion dollars.) TransApps saw its first action in 2011, when 3,000 systems were deployed in Afghanistan, where Doran says the program received overwhelmingly positive feedback. The Army troops that were testing the apps used a variety of different devices depending on the specific tasks, but Doran told me the military settled on consumer-ready smartphones, rather than going through the rigamarole of designing their own proprietary technology. All of the devices Doran showed Estes in the TransApps office were Samsung.
In the years since, TransApps has been used for everything from training soldiers to improving security at the Boston Marathon and Presidential Inauguration. Doran's particularly proud of the integration in Boston a few months ago, since the high-profile event depends on the complicated coordination of several local and national agencies. Everyone from the FBI to the Boston Fire Department needed to know what everyone else is doing, and the same types of apps that keep soldiers organized in the battlefield worked perfectly there.
Everyone from the FBI to the Boston Fire Department needed to know what everyone else is doing, and the same types of apps that keep soldiers organized in the battlefield worked perfectly there. You can see from a screenshot of the app they were using, where the specific units and checkpoints are located and how an officer in the field could search and sort for more granular information.

One app that caught Estes eye is called WhoDat. Doran described it as "a soldier-driven picture book," but I like to think of it as Facebook for war. It lets soldiers study up on who's who both before they're deployed and while they're on the battlefield. "You can flip the pictures over, put notes on them, share content as a way for them to keep track," Doran explained. "And you can separate them into groups: good guys, bad guys, friends, targets for reconciliation, the UN team." It wasn't immediately clear to me if all of the units took their own pictures of locals and added them to a central database, but that makes the most sense based on how Doran described the app.

If a soldier or a police officer has an idea for an app that would make his job easier, he should also have a way to build it. And so as the TransApps nears the end of its funding, it's focusing on creating that workflow so that development of these types of apps can continue in different tactical communities, from the military to law enforcement.