Group items tagged

Justice Department agreed to issue "2511 letters" immunizing AT&T and other companies participating in a cybersecurity program from criminal prosecution under the Wiretap Act, according to new documents obtained by the Electronic Privacy Information Center.

The head of the FBI on Wednesday defended putting a piece of tape over his personal laptop's webcam, claiming the security step was a common sense one that most should take.  “There’s some sensible things you should be doing, and that’s one of them,” Director James Comey said during a conference at the Center for Strategic and International Studies.ADVERTISEMENT“You go into any government office and we all have the little camera things that sit on top of the screen,” he added. “They all have a little lid that closes down on them.“You do that so that people who don’t have authority don’t look at you. I think that’s a good thing.”Comey was pilloried online earlier this year, after he revealed that he puts a piece of tape over his laptop camera to keep away prying eyes. The precaution is a common one among security advocates, given the relative ease of hacking laptop cameras.  

But many found it ironic for Comey, who this year launched a high profile battle against Apple to gain access to data locked inside of the iPhone used by one of the San Bernardino, Calif., terrorists. Many viewed that fight as a referendum on digital privacy.Comey was “much mocked for that,” he acknowledged on Wednesday.But he still uses the tape on his laptop.“I hope people lock their cars,” he said. “Lock your doors at night… if you have an alarm system, you should use it.”“It’s not crazy that the FBI director cares about personal security as well,” the FBI director added. “So I think people ought to take responsibility for their own safety and security.”

EU-U.S. Privacy Shield Program Overview The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. On July 12, the European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law (see the adequacy determination). The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join the Privacy Shield Framework in order to benefit from the adequacy determination. To join the Privacy Shield Framework, a U.S.-based organization will be required to self-certify to the Department of Commerce (via this website) and publicly commit to comply with the Framework’s requirements. While joining the Privacy Shield Framework is voluntary, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law. All organizations interested in joining the Privacy Shield Framework should review its requirements in their entirety. To assist in that effort, Commerce’s Privacy Shield Team has compiled resources and addressed frequently asked questions below. ResourcesKey New Requirements for Participating Organizations How to Join the Privacy ShieldPrivacy Policy FAQs Frequently Asked Questions

The Senate Judiciary Committee held an open hearing today on the FISA Amendments Act, the law that ostensibly authorizes the digital surveillance of hundreds of millions of people both in the United States and around the world. Section 702 of the law, scheduled to expire next year, is designed to allow U.S. intelligence services to collect signals intelligence on foreign targets related to our national security interests. However—thanks to the leaks of many whistleblowers including Edward Snowden, the work of investigative journalists, and statements by public officials—we now know that the FISA Amendments Act has been used to sweep up data on hundreds of millions of people who have no connection to a terrorist investigation, including countless Americans. What do we mean by “countless”? As became increasingly clear in the hearing today, the exact number of Americans impacted by this surveillance is unknown. Senator Franken asked the panel of witnesses, “Is it possible for the government to provide an exact count of how many United States persons have been swept up in Section 702 surveillance? And if not the exact count, then what about an estimate?”

The lack of information makes rigorous oversight of the programs all but impossible. As Senator Franken put it in the hearing today, “When the public lacks even a rough sense of the scope of the government’s surveillance program, they have no way of knowing if the government is striking the right balance, whether we are safeguarding our national security without trampling on our citizens’ fundamental privacy rights. But the public can’t know if we succeed in striking that balance if they don’t even have the most basic information about our major surveillance programs."  Senator Patrick Leahy also questioned the panel about the “minimization procedures” associated with this type of surveillance, the privacy safeguard that is intended to ensure that irrelevant data and data on American citizens is swiftly deleted. Senator Leahy asked the panel: “Do you believe the current minimization procedures ensure that data about innocent Americans is deleted? Is that enough?”  David Medine, who recently announced his pending retirement from the Privacy and Civil Liberties Oversight Board, answered unequivocally:

Elizabeth Goitein, the Brennan Center director whose articulate and thought-provoking testimony was the highlight of the hearing, noted that at this time an exact number would be difficult to provide. However, she asserted that an estimate should be possible for most if not all of the government’s surveillance programs. None of the other panel participants—which included David Medine and Rachel Brand of the Privacy and Civil Liberties Oversight Board as well as Matthew Olsen of IronNet Cybersecurity and attorney Kenneth Wainstein—offered an estimate. Today’s hearing reaffirmed that it is not only the American people who are left in the dark about how many people or accounts are impacted by the NSA’s dragnet surveillance of the Internet. Even vital oversight committees in Congress like the Senate Judiciary Committee are left to speculate about just how far-reaching this surveillance is. It's part of the reason why we urged the House Judiciary Committee to demand that the Intelligence Community provide the public with a number. 

Last month, at the request of the Department of Justice, the Courts approved changes to the obscure Rule 41 of the Federal Rules of Criminal Procedure, which governs search and seizure. By the nature of this obscure bureaucratic process, these rules become law unless Congress rejects the changes before December 1, 2016.Today I, along with my colleagues Senators Paul from Kentucky, Baldwin from Wisconsin, and Daines and Tester from Montana, am introducing the Stopping Mass Hacking (SMH) Act (bill, summary), a bill to protect millions of law-abiding Americans from a massive expansion of government hacking and surveillance. Join the conversation with #SMHact.

For law enforcement to conduct a remote electronic search, they generally need to plant malware in — i.e. hack — a device. These rule changes will allow the government to search millions of computers with the warrant of a single judge. To me, that’s clearly a policy change that’s outside the scope of an “administrative change,” and it is something that Congress should consider. An agency with the record of the Justice Department shouldn’t be able to wave its arms and grant itself entirely new powers.

These changes say that if law enforcement doesn’t know where an electronic device is located, a magistrate judge will now have the the authority to issue a warrant to remotely search the device, anywhere in the world. While it may be appropriate to address the issue of allowing a remote electronic search for a device at an unknown location, Congress needs to consider what protections must be in place to protect Americans’ digital security and privacy. This is a new and uncertain area of law, so there needs to be full and careful debate. The ACLU has a thorough discussion of the Fourth Amendment ramifications and the technological questions at issue with these kinds of searches.The second part of the change to Rule 41 would give a magistrate judge the authority to issue a single warrant that would authorize the search of an unlimited number — potentially thousands or millions — of devices, located anywhere in the world. These changes would dramatically expand the government’s hacking and surveillance authority. The American public should understand that these changes won’t just affect criminals: computer security experts and civil liberties advocates say the amendments would also dramatically expand the government’s ability to hack the electronic devices of law-abiding Americans if their devices were affected by a computer attack. Devices will be subject to search if their owners were victims of a botnet attack — so the government will be treating victims of hacking the same way they treat the perpetrators.

An uncontested vote by the Beverly Hills City Council could guarantee a chauffeur for all residents in the near future. However, instead of a driver, the newly adopted program foresees municipally-owned driverless cars ready to order via a smartphone app. Also known as autonomous vehicles, or AV, driverless cars would appear to be the next big thing not only for people, but local governments as well – if the Beverly Hills City Council can get its AV development program past a few more hurdles, that is. The technology itself has some challenges ahead as well.

In the meantime, the conceptual shuttle service, which was unanimously approved at an April 5 city council meeting, is being celebrated.

Naming Google and Tesla in its press release, Beverly Hills must first develop a partnership with a manufacturer that can build it a fleet of unmanned cars. There will also be a need to bring in policy experts. All of these outside parties will have a chance to explore the program’s potential together at an upcoming community event.The Wallis Annenberg Center for the Performing Arts will host a summit this fall that will include expert lectures, discussions, and test drives. Er, test rides.Already in the works for Beverly Hills is a fiber optics cable network that will, in addition to providing high-speed internet access to all residents and businesses, one day be an integral part of a public transit system that runs on its users’ spontaneous desires.Obviously, Beverly Hills has some money on hand for the project, and it is also an ideal testing space as the city takes up an area of less than six square miles. Another positive factor is the quality of the city’s roads, which exceeds that of most in the greater Los Angeles area, not to mention California and the whole United States.“It can’t find the lane markings!” Volvo’s North American CEO, Lex Kerssemakers, complained to Los Angeles Mayor Eric Garcetti last month, according to Reuters. “You need to paint the bloody roads here!”Whether lanes are marked or signs are clear has made a big difference in how successfully the new technology works.Unfortunately, the US Department of Transportation considers 65 percent of US roads to be in poor condition, so AV cars may not be in the works for many Americans living outside of Beverly Hills quite as soon.

Does publishing a hyperlink to freely available content amount to an illegal communication to the public and therefore a breach of creator's copyrights under European law? After examining a case referred to it by Sweden's Court of Appeal, the Court of Justice of the European Union has ruled today that no, it does not.

One such case, referred to the CJEU by Sweden’s Court of Appeal, is of particular interest to Internet users as it concerns the very mechanism that holds the web together. The dispute centers on a company called Retriever Sverige AB, an Internet-based subscription service that indexes links to articles that can be found elsewhere online for free. The problem came when Retriever published links to articles published on a newspaper’s website that were written by Swedish journalists. The company felt that it did not have to compensate the journalists for simply linking to their articles, nor did it believe that embedding them within its site amounted to copyright infringement. The journalists, on the other hand, felt that by linking to their articles Retriever had “communicated” their works to the public without permission. In the belief they should be paid, the journalists took their case to the Stockholm District Court. They lost their case in 2010 and decided to take the case to appeal. From there the Svea Court of Appeal sought advice from the EU Court. Today the Court of Justice published its lengthy decision and it’s largely good news for the Internet.

Static blocks of text like the one you’re looking at now are an antiquated and inefficient way to get words into your head. That’s the contention of Boston-based startup Spritz, which has developed a speed-reading text box that shows no more than 13 characters at a time. The Spritz box flashes words at you in quick succession so you don’t have to move your eyes around a page, and in my very quick testing it allowed me to read at more than double my usual reading pace. Spritz has teamed up with Samsung to integrate its speed reading functionality with the upcoming Galaxy S5 smartphone. The written word, after 8,000 or so years, is still an extremely effective way to get a message from one mind into the minds of others. But even with the advent of the digital age and decades of usability work, font and layout development, we’re still nowhere near optimal efficiency with it yet.

The United States and its key intelligence allies are quietly working behind the scenes to kneecap a mounting movement in the United Nations to promote a universal human right to online privacy, according to diplomatic sources and an internal American government document obtained by The Cable. The diplomatic battle is playing out in an obscure U.N. General Assembly committee that is considering a proposal by Brazil and Germany to place constraints on unchecked internet surveillance by the National Security Agency and other foreign intelligence services. American representatives have made it clear that they won't tolerate such checks on their global surveillance network. The stakes are high, particularly in Washington -- which is seeking to contain an international backlash against NSA spying -- and in Brasilia, where Brazilian President Dilma Roussef is personally involved in monitoring the U.N. negotiations.

The Brazilian and German initiative seeks to apply the right to privacy, which is enshrined in the International Covenant on Civil and Political Rights (ICCPR), to online communications. Their proposal, first revealed by The Cable, affirms a "right to privacy that is not to be subjected to arbitrary or unlawful interference with their privacy, family, home, or correspondence." It notes that while public safety may "justify the gathering and protection of certain sensitive information," nations "must ensure full compliance" with international human rights laws. A final version the text is scheduled to be presented to U.N. members on Wednesday evening and the resolution is expected to be adopted next week. A draft of the resolution, which was obtained by The Cable, calls on states to "to respect and protect the right to privacy," asserting that the "same rights that people have offline must also be protected online, including the right to privacy." It also requests the U.N. high commissioner for human rights, Navi Pillay, present the U.N. General Assembly next year with a report on the protection and promotion of the right to privacy, a provision that will ensure the issue remains on the front burner.

Publicly, U.S. representatives say they're open to an affirmation of privacy rights. "The United States takes very seriously our international legal obligations, including those under the International Covenant on Civil and Political Rights," Kurtis Cooper, a spokesman for the U.S. mission to the United Nations, said in an email. "We have been actively and constructively negotiating to ensure that the resolution promotes human rights and is consistent with those obligations." But privately, American diplomats are pushing hard to kill a provision of the Brazilian and German draft which states that "extraterritorial surveillance" and mass interception of communications, personal information, and metadata may constitute a violation of human rights. The United States and its allies, according to diplomats, outside observers, and documents, contend that the Covenant on Civil and Political Rights does not apply to foreign espionage.

WASHINGTON (AP) -- The Obama administration has been quietly advising local police not to disclose details about surveillance technology they are using to sweep up basic cellphone data from entire neighborhoods, The Associated Press has learned. Citing security reasons, the U.S. has intervened in routine state public records cases and criminal trials regarding use of the technology. This has resulted in police departments withholding materials or heavily censoring documents in rare instances when they disclose any about the purchase and use of such powerful surveillance equipment. Federal involvement in local open records proceedings is unusual. It comes at a time when President Barack Obama has said he welcomes a debate on government surveillance and called for more transparency about spying in the wake of disclosures about classified federal surveillance programs.

One well-known type of this surveillance equipment is known as a Stingray, an innovative way for law enforcement to track cellphones used by suspects and gather evidence. The equipment tricks cellphones into identifying some of their owners' account information, like a unique subscriber number, and transmitting data to police as if it were a phone company's tower. That allows police to obtain cellphone information without having to ask for help from service providers, such as Verizon or AT&T, and can locate a phone without the user even making a call or sending a text message. But without more details about how the technology works and under what circumstances it's used, it's unclear whether the technology might violate a person's constitutional rights or whether it's a good investment of taxpayer dollars. Interviews, court records and public-records requests show the Obama administration is asking agencies to withhold common information about the equipment, such as how the technology is used and how to turn it on. That pushback has come in the form of FBI affidavits and consultation in local criminal cases.

"These extreme secrecy efforts are in relation to very controversial, local government surveillance practices using highly invasive technology," said Nathan Freed Wessler, a staff attorney with the American Civil Liberties Union, which has fought for the release of these types of records. "If public participation means anything, people should have the facts about what the government is doing to them." Harris Corp., a key manufacturer of this equipment, built a secrecy element into its authorization agreement with the Federal Communications Commission in 2011. That authorization has an unusual requirement: that local law enforcement "coordinate with the FBI the acquisition and use of the equipment." Companies like Harris need FCC authorization in order to sell wireless equipment that could interfere with radio frequencies. A spokesman from Harris Corp. said the company will not discuss its products for the Defense Department and law enforcement agencies, although public filings showed government sales of communications systems such as the Stingray accounted for nearly one-third of its $5 billion in revenue. "As a government contractor, our solutions are regulated and their use is restricted," spokesman Jim Burke said.

After only one hour of floor debate, and no allowed amendments, the House of Representatives today passed legislation that opponents believe may give brand new authorization to the U.S. government to conduct domestic dragnets. The USA Freedom Act was approved in a 338-88 vote, with approximately equal numbers of Democrats and Republicans voting against. The bill’s supporters say it will disallow bulk collection of domestic telephone metadata, in which the Foreign Intelligence Surveillance Court has regularly ordered phone companies to turn over such data. The Obama administration claims such collection is authorized by Section 215 of the USA Patriot Act, which is set to expire June 1. However, the U.S. Court of Appeals for the Second Circuit recently held that Section 215 does not provide such authorization. Today’s legislation would prevent the government from issuing such orders for bulk collection and instead rely on telephone companies to store all their metadata — some of which the government could then demand using a “specific selection term” related to foreign terrorism. Bill supporters maintain this would prevent indiscriminate collection.

However, the legislation may not end bulk surveillance and in fact could codify the ability of the government to conduct dragnet data collection. “We’re taking something that was not permitted under regular section 215 … and now we’re creating a whole apparatus to provide for it,” Rep. Justin Amash, R-Mich., said on Tuesday night during a House Rules Committee proceeding. “The language does limit the amount of bulk collection, it doesn’t end bulk collection,” Rep. Amash said, arguing that the problematic “specific selection term” allows for “very large data collection, potentially in the hundreds of thousands of people, maybe even millions.” In a statement posted to Facebook ahead of the vote, Rep. Amash said the legislation “falls woefully short of reining in the mass collection of Americans’ data, and it takes us a step in the wrong direction by specifically authorizing such collection in violation of the Fourth Amendment to the Constitution.”

“While I appreciate a number of the reforms in the bill and understand the need for secure counter-espionage and terrorism investigations, I believe our nation is better served by allowing Section 215 to expire completely and replacing it with a measure that finds a better balance between national security interests and protecting the civil liberties of Americans,” Congressman Ted Lieu, D-Calif., said in a statement explaining his vote against the bill.

Third in a series. Part 1 here; Part 2 here. When it comes to the National Security Agency’s recently disclosed use of automated speech recognition technology to search, index and transcribe voice communications, people in the United States may well be asking: But are they transcribing my phone calls? The answer is maybe. A clear-cut answer is elusive because documents in the Snowden archive describe the capability to turn speech into text, but not the extent of its use — and the U.S. intelligence community refuses to answer even the most basic questions on the topic.

thanks to previous explorations of the Snowden archive and some documents released by the Obama administration, we know there are four major methods the NSA uses to get access to phone calls involving Americans — and only one of them technically precludes the use of speech recognition.

The foundation behind Wikipedia is suing the U.S. government over spying that it says violates core provisions of the Constitution.The Wikimedia Foundation joined forces on Tuesday with a slew of human rights groups, The Nation magazine and other organizations in a lawsuit accusing the National Security Agency (NSA) and Justice Department of violating the constitutional protections for freedom of speech and privacy.

If successful, the lawsuit could land a crippling blow to the web of secretive spying powers wielded by the NSA and exposed by Edward Snowden nearly two years ago. Despite initial outrage after Snowden’s leaks, Congress has yet to make any serious reforms to the NSA, and many of the programs continue largely unchanged.The lawsuit targets the NSA’s “upstream” surveillance program, which taps into the fiber cables that make up the backbone of the global Internet and allows the agency to collect vast amounts of information about people on the Web.“As a result, whenever someone overseas views or edits a Wikipedia page, it’s likely that the N.S.A. is tracking that activity — including the content of what was read or typed, as well as other information that can be linked to the person’s physical location and possible identity,” Tretikov and Wikipedia founder Jimmy Wales wrote in a joint New York Times op-ed announcing the lawsuit. Because the operations are largely overseen solely by the secretive Foreign Intelligence Surveillance Court — which operates out of the public eye and has been accused of acting as a rubber stamp for intelligence agencies — the foundation accused the NSA of violating the guarantees of a fair legal system.In addition to the Wikimedia Foundation and The Nation, the other groups joining the lawsuit are the National Association of Criminal Defense Lawyers, Human Rights Watch, Amnesty International, the Pen American Center, the Global Fund for Women, the Rutherford Institute and the Washington Office on Latin America. The groups are being represented by the American Civil Liberties Union.

In 2013, a lawsuit against similar surveillance powers brought by Amnesty International was tossed out by the Supreme Court on the grounds that the organization was not affected by the spying and had no standing to sue. That decision came before Snowden’s leaks later that summer, however, which included a slide featuring Wikipedia’s logo alongside those of Facebook, Yahoo, Google and other top websites. That should be more than enough grounds for a successful suit, the foundation said. In addition to the new suit, there are also a handful of other outstanding legal challenges to the NSA’s bulk collection of Americans’ phone records, a different program that has inspired some of the most heated antipathy. Those suits are all pending in appeals courts around the country.

Much to the disappointment of the digital advertising establishment, Mozilla is going ahead with plans to automatically block third-party cookie tracking in its Firefox browser. Mozilla first announced its Do Not Track browser in February, only to back off in May saying it needed to do more testing. But that didn't stop a growing chorus of loud protests from the advertising community, which argued that the browser would choke off the ad-supported Internet. The Interactive Advertising Bureau's general counsel Mike Zaneis called Mozilla's browser nothing less than a "nuclear first strike" against the ad community. No date has been set for when Firefox will turn on the feature, but advertisers, which have been regularly meeting with Mozilla and were hopeful for a compromise, are already lashing back at Mozilla.

"It's troubling," said Lou Mastria, the managing director for the Digital Advertising Alliance, which manages an online self-regulatory program called Ad Choices that provides consumers with the choice to opt-out of targeted ads. "They're putting this under the cloak of privacy, but it's disrupting a business model," Mastria said. Advertisers are worried that Mozilla's plans could be the death knell to thousands of small Web publishers that depend on third-party targeted ads to stay in business. Nearly 1,000 signed a petition urging Mozilla to change its plans.  "One publisher said that 20 percent of their business would go away. That's huge," said Mastria. "Mozilla is really picking business model winners and losers."

Not all cookies will be blocked under Mozilla's latest plans for its proposed browser; there will be exceptions. Through a partnership with the Center for Internet and Society at Stanford Law School, the two are launching a Cookie Clearinghouse. Overseen by a six-person panel, it will determine a list of undesirable cookies and then block those. "The Cookie Clearinghouse will create, maintain and publish objective information," Aleecia McDonald, director of privacy at CIS, said in a statement. "Web browser companies will be able to choose to adopt the lists we publish to provide new privacy options to their users." But others say the approach is far from objective. "What these organizations and the privacy groups that back them are really saying is 'let us choose for you because we know best,' " said Daniel Castro, a senior analyst with the Information Technology and Innovation Foundation. "The proponents of this model have claimed they are empowering users. ... This is basically Sarah Palin's 'Death Panels' but for the Internet."