Group items tagged

On January 17, a three-judge panel of the U.S. Court of Appeals for the Ninth Circuit ruled, as a matter of first impression, that First Amendment defamation rules apply equally to both the institutional press and individual speakers and writers, such as bloggers.

In reaching this conclusion, the Ninth Circuit analyzed two key prior Supreme Court precedents: New York Times v. Sullivan (public official seeking damages for defamation must show “actual malice” as defined as a showing thatthe defendant published the defamatory statement with knowledge that it was false, or with reckless disregard as to whether it was false or not) and Gertz v. Robert Welch, Inc. (First Amendment requires only a negligence standard for private defamation actions). Notably, Gertz involved an institutional media defendant, and the Gertz Court invoked the need to shield “the press and broadcast media from the rigors of strict liability for defamation.” Yet neither New York Times nor Gertz, as the Ninth Circuit noted, were expressly limited to the institutional press. Moreover,a number of other Supreme Court cases have rejected such a limitation: Bartnicki v. Vopper; Cohen v. Cowles Media Co.; First National Bank of Boston v. Bellotti; and Citizens United v. Federal Election Commission.

The United Nations’ top official for counter-terrorism and human rights (known as the “Special Rapporteur”) issued a formal report to the U.N. General Assembly today that condemns mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. “The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether,” the report concluded. Central to the Rapporteur’s findings is the distinction between “targeted surveillance” — which “depend[s] upon the existence of prior suspicion of the targeted individual or organization” — and “mass surveillance,” whereby “states with high levels of Internet penetration can [] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites.” In a system of “mass surveillance,” the report explained, “all of this is possible without any prior suspicion related to a specific individual or organization. The communications of literally every Internet user are potentially open for inspection by intelligence and law enforcement agencies in the States concerned.”

Mass surveillance thus “amounts to a systematic interference with the right to respect for the privacy of communications,” it declared. As a result, “it is incompatible with existing concepts of privacy for States to collect all communications or metadata all the time indiscriminately.” In concluding that mass surveillance impinges core privacy rights, the report was primarily focused on the International Covenant on Civil and Political Rights, a treaty enacted by the General Assembly in 1966, to which all of the members of the “Five Eyes” alliance are signatories. The U.S. ratified the treaty in 1992, albeit with various reservations that allowed for the continuation of the death penalty and which rendered its domestic law supreme. With the exception of the U.S.’s Persian Gulf allies (Saudi Arabia, UAE and Qatar), virtually every major country has signed the treaty. Article 17 of the Covenant guarantees the right of privacy, the defining protection of which, the report explained, is “that individuals have the right to share information and ideas with one another without interference by the State, secure in the knowledge that their communication will reach and be read by the intended recipients alone.”

The report’s key conclusion is that this core right is impinged by mass surveillance programs: “Bulk access technology is indiscriminately corrosive of online privacy and impinges on the very essence of the right guaranteed by article 17. In the absence of a formal derogation from States’ obligations under the Covenant, these programs pose a direct and ongoing challenge to an established norm of international law.” The report recognized that protecting citizens from terrorism attacks is a vital duty of every state, and that the right of privacy is not absolute, as it can be compromised when doing so is “necessary” to serve “compelling” purposes. It noted: “There may be a compelling counter-terrorism justification for the radical re-evaluation of Internet privacy rights that these practices necessitate. ” But the report was adamant that no such justifications have ever been demonstrated by any member state using mass surveillance: “The States engaging in mass surveillance have so far failed to provide a detailed and evidence-based public justification for its necessity, and almost no States have enacted explicit domestic legislation to authorize its use.”

Forcibly taking down websites deemed to be supportive of terrorism, or criminalizing speech deemed to “advocate” terrorism, is a major trend in both Europe and the West generally. Last month in Brussels, the European Union’s counter-terrorism coordinator issued a memo proclaiming that “Europe is facing an unprecedented, diverse and serious terrorist threat,” and argued that increased state control over the Internet is crucial to combating it. The memo noted that “the EU and its Member States have developed several initiatives related to countering radicalisation and terrorism on the Internet,” yet argued that more must be done. It argued that the focus should be on “working with the main players in the Internet industry [a]s the best way to limit the circulation of terrorist material online.” It specifically hailed the tactics of the U.K. Counter-Terrorism Internet Referral Unit (CTIRU), which has succeeded in causing the removal of large amounts of material it deems “extremist”:

In addition to recommending the dissemination of “counter-narratives” by governments, the memo also urged EU member states to “examine the legal and technical possibilities to remove illegal content.” Exploiting terrorism fears to control speech has been a common practice in the West since 9/11, but it is becoming increasingly popular even in countries that have experienced exceedingly few attacks. A new extremist bill advocated by the right-wing Harper government in Canada (also supported by Liberal Party leader Justin Trudeau even as he recognizes its dangers) would create new crimes for “advocating terrorism”; specifically: “every person who, by communicating statements, knowingly advocates or promotes the commission of terrorism offences in general” would be a guilty and can be sent to prison for five years for each offense. In justifying the new proposal, the Canadian government admits that “under the current criminal law, it is [already] a crime to counsel or actively encourage others to commit a specific terrorism offence.” This new proposal is about criminalizing ideas and opinions. In the government’s words, it “prohibits the intentional advocacy or promotion of terrorism, knowing or reckless as to whether it would result in terrorism.”

If someone argues that continuous Western violence and interference in the Muslim world for decades justifies violence being returned to the West, or even advocates that governments arm various insurgents considered by some to be “terrorists,” such speech could easily be viewed as constituting a crime. To calm concerns, Canadian authorities point out that “the proposed new offence is similar to one recently enacted by Australia, that prohibits advocating a terrorist act or the commission of a terrorism offence-all while being reckless as to whether another person will engage in this kind of activity.” Indeed, Australia enacted a new law late last year that indisputably targets political speech and ideas, as well as criminalizing journalism considered threatening by the government. Punishing people for their speech deemed extremist or dangerous has been a vibrant practice in both the U.K. and U.S. for some time now, as I detailed (coincidentally) just a couple days before free speech marches broke out in the West after the Charlie Hebdo attacks. Those criminalization-of-speech attacks overwhelmingly target Muslims, and have resulted in the punishment of such classic free speech activities as posting anti-war commentary on Facebook, tweeting links to “extremist” videos, translating and posting “radicalizing” videos to the Internet, writing scholarly articles in defense of Palestinian groups and expressing harsh criticism of Israel, and even including a Hezbollah channel in a cable package.

Today, 29 July 2014, WikiLeaks releases an unprecedented Australian censorship order concerning a multi-million dollar corruption case explicitly naming the current and past heads of state of Indonesia, Malaysia and Vietnam, their relatives and other senior officials. The super-injunction invokes “national security” grounds to prevent reporting about the case, by anyone, in order to “prevent damage to Australia's international relations”. The court-issued gag order follows the secret 19 June 2014 indictment of seven senior executives from subsidiaries of Australia's central bank, the Reserve Bank of Australia (RBA). The case concerns allegations of multi-million dollar inducements made by agents of the RBA subsidiaries Securency and Note Printing Australia in order to secure contracts for the supply of Australian-style polymer bank notes to the governments of Malaysia, Indonesia, Vietnam and other countries. Read the full press release here. Download the full Australia-wide censorship order for corruption case involving Malaysia, Indonesia and Vietnam.

This morning, the Second Circuit issued a follow-on ruling to its May decision in ACLU v. Clapper (which had held that the NSA’s bulk telephone records program was unlawful insofar as it had not properly been authorized by Congress). In a nutshell, today’s ruling rejects the ACLU’s request for an injunction against the continued operation of the program for the duration of the 180-day transitional period (which ends on November 29) from the old program to the quite different collection regime authorized by the USA Freedom Act. As the Second Circuit (in my view, quite correctly) concluded, “Regardless of whether the bulk telephone metadata program was illegal prior to May, as we have held, and whether it would be illegal after November 29, as Congress has now explicitly provided, it is clear that Congress intended to authorize it during the transitionary period.” So far, so good. But remember that the ACLU’s challenge to bulk collection was mounted on both statutory and constitutional grounds, the latter of which the Second Circuit was able to avoid in its earlier ruling because of its conclusion that, prior to the enactment of the USA Freedom Act, bulk collection was unauthorized by Congress. Now that it has held that it is authorized during the transitional period, that therefore tees up, quite unavoidably, whether bulk collection violates the Fourth Amendment. But rather than decide that (momentous) question, the Second Circuit ducked:

We agree with the government that we ought not meddle with Congress’s considered decision regarding the transition away from bulk telephone metadata collection, and also find that addressing these issues at this time would not be a prudent use of judicial authority. We need not, and should not, decide such momentous constitutional issues based on a request for such narrow and temporary relief. To do so would take more time than the brief transition period remaining for the telephone metadata program, at which point, any ruling on the constitutionality of the demised program would be fruitless. In other words, because any constitutional violation is short-lived, and because it results from the “considered decision” of Congress, it would be fruitless to actually resolve the constitutionality of bulk collection during the transitional period.

Hopefully, it won’t take a lot of convincing for folks to understand just how wrong-headed this is. For starters, if the plaintiffs are correct, they are currently being subjected to unconstitutional government surveillance for which they are entitled to a remedy. The fact that this surveillance has a limited shelf-life (and/or that Congress was complicit in it) doesn’t in any way ameliorate the constitutional violation — which is exactly why the Supreme Court has, for generations, recognized an exception to mootness doctrine for constitutional violations that, owing to their short duration, are “capable of repetition, yet evading review.” Indeed, in this very same opinion, the Second Circuit first held that the ACLU’s challenge isn’t moot, only to then invokes mootness-like principles to justify not resolving the constitutional claim. It can’t be both; either the constitutional challenge is moot, or it isn’t. But more generally, the notion that constitutional adjudication of a claim with a short shelf-life is “fruitless” utterly misses the significance of the establishment of forward-looking judicial precedent, especially in a day and age in which courts are allowed to (and routinely do) avoid resolving the merits of constitutional claims in cases in which the relevant precedent is not “clearly established.” Maybe, if this were the kind of constitutional question that was unlikely to recur, there’d be more to the Second Circuit’s avoidance of the issue in this case. But whether and to what extent the Fourth Amendment applies to information we voluntarily provide to third parties is hardly that kind of question, and the Second Circuit’s unconvincing refusal to answer that question in a context in which it is quite squarely presented is nothing short of feckless.

Until just last week, the U.S. government kept up the charade that its use of a stockpile of security vulnerabilities for hacking was a closely held secret.1 In fact, in response to EFF’s FOIA suit to get access to the official U.S. policy on zero days, the government redacted every single reference to “offensive” use of vulnerabilities. To add insult to injury, the government’s claim was that even admitting to offensive use would cause damage to national security. Now, in the face of EFF’s brief marshaling overwhelming evidence to the contrary, the charade is over. In response to EFF’s motion for summary judgment, the government has disclosed a new version of the Vulnerabilities Equities Process, minus many of the worst redactions. First and foremost, it now admits that the “discovery of vulnerabilities in commercial information technology may present competing ‘equities’ for the [government’s] offensive and defensive mission.” That might seem painfully obvious—a flaw or backdoor in a Juniper router is dangerous for anyone running a network, whether that network is in the U.S. or Iran. But the government’s failure to adequately weigh these “competing equities” was so severe that in 2013 a group of experts appointed by President Obama recommended that the policy favor disclosure “in almost all instances for widely used code.” [.pdf].

The newly disclosed version of the Vulnerabilities Equities Process (VEP) also officially confirms what everyone already knew: the use of zero days isn’t confined to the spies. Rather, the policy states that the “law enforcement community may want to use information pertaining to a vulnerability for similar offensive or defensive purposes but for the ultimate end of law enforcement.” Similarly it explains that “counterintelligence equities can be defensive, offensive, and/or law enforcement-related” and may “also have prosecutorial responsibilities.” Given that the government is currently prosecuting users for committing crimes over Tor hidden services, and that it identified these individuals using vulnerabilities called a “Network Investigative Technique”, this too doesn’t exactly come as a shocker. Just a few weeks ago, the government swore that even acknowledging the mere fact that it uses vulnerabilities offensively “could be expected to cause serious damage to the national security.” That’s a standard move in FOIA cases involving classified information, even though the government unnecessarily classifies documents at an astounding rate. In this case, the government relented only after nearly a year and a half of litigation by EFF. The government would be well advised to stop relying on such weak secrecy claims—it only risks undermining its own credibility.

The new version of the VEP also reveals significantly more information about the general process the government follows when a vulnerability is identified. In a nutshell, an agency that discovers a zero day is responsible for invoking the VEP, which then provides for centralized coordination and weighing of equities among all affected agencies. Along with a declaration from an official at the Office of the Director of National Intelligence, this new information provides more background on the reasons why the government decided to develop an overarching zero day policy in the first place: it “recognized that not all organizations see the entire picture of vulnerabilities, and each organization may have its own equities and concerns regarding the prioritization of patches and fixes, as well as its own distinct mission obligations.” We now know the VEP was finalized in February 2010, but the government apparently failed to implement it in any substantial way, prompting the presidential review group’s recommendation to prioritize disclosure over offensive hacking. We’re glad to have forced a little more transparency on this important issue, but the government is still foolishly holding on to a few last redactions, including refusing to name which agencies participate in the VEP. That’s just not supportable, and we’ll be in court next month to argue that the names of these agencies must be disclosed.