Group items matching

in title, tags, annotations or url

Ben Wizner, who is perhaps best known as Edward Snowden’s lawyer, directs the American Civil Liberties Union’s Speech, Privacy & Technology Project. Wizner, who joined the ACLU in August 2001, one month before the 9/11 attacks, has been a force in the legal battles against torture, watch lists, and extraordinary rendition since the beginning of the global “war on terror.” Ad Policy On October 15, we met with Wizner in an upstate New York pub to discuss the state of privacy advocacy today. In sometimes sardonic tones, he talked about the transition from litigating on issues of torture to privacy advocacy, differences between corporate and state-sponsored surveillance, recent developments in state legislatures and the federal government, and some of the obstacles impeding civil liberties litigation. The interview has been edited and abridged for publication.

en Wizner, who is perhaps best known as Edward Snowden’s lawyer, directs the American Civil Liberties Union’s Speech, Privacy & Technology Project. Wizner, who joined the ACLU in August 2001, one month before the 9/11 attacks, has been a force in the legal battles against torture, watch lists, and extraordinary rendition since the beginning of the global “war on terror.” Ad Policy On October 15, we met with Wizner in an upstate New York pub to discuss the state of privacy advocacy today. In sometimes sardonic tones, he talked about the transition from litigating on issues of torture to privacy advocacy, differences between corporate and state-sponsored surveillance, recent developments in state legislatures and the federal government, and some of the obstacles impeding civil liberties litigation. The interview has been edited and abridged for publication.

Many of the technologies, both military technologies and surveillance technologies, that are developed for purposes of policing the empire find their way back home and get repurposed. You saw this in Ferguson, where we had military equipment in the streets to police nonviolent civil unrest, and we’re seeing this with surveillance technologies, where things that are deployed for use in war zones are now commonly in the arsenals of local police departments. For example, a cellphone surveillance tool that we call the StingRay—which mimics a cellphone tower and communicates with all the phones around—was really developed as a military technology to help identify targets. Now, because it’s so inexpensive, and because there is a surplus of these things that are being developed, it ends up getting pushed down into local communities without local democratic consent or control.

In the summer of 2007, excitement regarding the criticality of map data (specifically turn-by-turn navigation data) reached a fever pitch.  On July 23, 2007, TomTom, the leading portable GPS device maker, agreed to buy Tele Atlas for US$2.7 billion. Shortly thereafter, on October 1, Nokia agreed to buy NavTeq for a cool US$8.1 billion. Meanwhile Google was still evolving its strategy and no longer wanted to be limited by the terms of its two contracts. As such, they informed Tele Atlas and NavTeq that they wanted to modify their license terms to allow more liberty with respect to syndication and proliferation. NavTeq balked, and in September of 2008 Google quietly dropped NavTeq, moving to just one partner for its core mapping data. Tele Atlas eventually agreed to the term modifications, but perhaps they should have sensed something bigger at play.

Rumors abound about just how many cars Google has on the roads building it own turn-by-turn mapping data as well as its unique “Google Streetview” database. Whatever it is, it must be huge. This October 13th, just over one year after dropping NavTeq, the other shoe dropped as well. Google disconnected from Tele Atlas and began to offer maps that were free and clear of either license. These maps are based on a combination of their own data as well as freely available data. Two weeks after this, Google announces free turn-by-turn directions for all Android phones. This couldn’t have been a great day for the deal teams that worked on the respective Tele Atlas and NavTeq acquisitions.

Google’s free navigation feature announcement dealt a crushing blow to the GPS stocks. Garmin fell 16%. TomTom fell 21%. Imagine trying to maintain high royalty rates against this strategic move by Google. Android is not only a phone OS, it’s a CE OS. If Ford or BMW want to build an in-dash Android GPS, guess what? Google will give it to them for free.

Now the processing power is in the cloud, and very sophisticated applications, from e-mail to tools you need to run a business, can be run by logging onto a Web site, not from pre-installed software. In addition, the way we work (and play) has shifted from P.C.’s to mobile devices—where Android and Apple’s iOS each outsell Windows by more than 10 to 1. Why develop software to run on Windows if no one is using Windows? Why use Windows if nothing you want can run on it? The virtuous circle has turned vicious.

“WE APPRECIATE THAT there are times when secrecy around a government warrant is needed,” Microsoft President Brad Smith wrote in a blog post on Thursday. “But based on the many secrecy orders we have received, we question whether these orders are grounded in specific facts that truly demand secrecy. To the contrary, it appears that the issuance of secrecy orders has become too routine.” With those words, Smith announced that Microsoft was suing the Department of Justice for the right to inform its customers when the government is reading their emails. The last big fight between the Justice Department and Silicon Valley was started by law enforcement, when the FBI demanded that Apple unlock a phone used by San Bernardino killer Syed Rizwan Farook. This time, Microsoft is going on the offensive. The move is welcomed by privacy activists as a step forward for transparency — though it’s also for business reasons.

Secret government searches are eroding people’s trust in the cloud, Smith wrote — including large and small businesses now keeping massive amounts of records online. “The transition to the cloud does not alter people’s expectations of privacy and should not alter the fundamental constitutional requirement that the government must — with few exceptions — give notice when it searches and seizes private information or communications,” he wrote. According to the complaint, Microsoft received 5,624 federal demands for customer information or data in the past 18 months. Almost half — 2,576 — came with gag orders, and almost half of those — 1,752 — had “no fixed end date” by which Microsoft would no longer be sworn to secrecy. These requests, though signed off on by a judge, qualify as unconstitutional searches, the attorneys argue. It “violates both the Fourth Amendment, which affords people and businesses the right to know if the government searches or seizes their property, and the First Amendment, which enshrines Microsoft’s rights to talk to its customers and to discuss how the government conducts its investigations — subject only to restraints narrowly tailored to serve compelling government interests,” they wrote.

It finally happened. The feds forced an Apple iPhone X owner to unlock their device with their face.A child abuse investigation unearthed by Forbes includes the first known case in which law enforcement used Apple Face ID facial recognition technology to open a suspect's iPhone. That's by any police agency anywhere in the world, not just in America.It happened on August 10, when the FBI searched the house of 28-year-old Grant Michalski, a Columbus, Ohio, resident who would later that month be charged with receiving and possessing child pornography. With a search warrant in hand, a federal investigator told Michalski to put his face in front of the phone, which he duly did. That allowed the agent to pick through the suspect's online chats, photos and whatever else he deemed worthy of investigation.The case marks another significant moment in the ongoing battle between law enforcement and tech providers, with the former trying to break the myriad security protections put in place by the latter. Since the fight between the world's most valuable company and the FBI in San Bernardino over access to an iPhone in 2016, Forbes has been tracking the various ways cops have been trying to break Apple's protections.

WASHINGTON (AP) -- The Obama administration has been quietly advising local police not to disclose details about surveillance technology they are using to sweep up basic cellphone data from entire neighborhoods, The Associated Press has learned. Citing security reasons, the U.S. has intervened in routine state public records cases and criminal trials regarding use of the technology. This has resulted in police departments withholding materials or heavily censoring documents in rare instances when they disclose any about the purchase and use of such powerful surveillance equipment. Federal involvement in local open records proceedings is unusual. It comes at a time when President Barack Obama has said he welcomes a debate on government surveillance and called for more transparency about spying in the wake of disclosures about classified federal surveillance programs.

One well-known type of this surveillance equipment is known as a Stingray, an innovative way for law enforcement to track cellphones used by suspects and gather evidence. The equipment tricks cellphones into identifying some of their owners' account information, like a unique subscriber number, and transmitting data to police as if it were a phone company's tower. That allows police to obtain cellphone information without having to ask for help from service providers, such as Verizon or AT&T, and can locate a phone without the user even making a call or sending a text message. But without more details about how the technology works and under what circumstances it's used, it's unclear whether the technology might violate a person's constitutional rights or whether it's a good investment of taxpayer dollars. Interviews, court records and public-records requests show the Obama administration is asking agencies to withhold common information about the equipment, such as how the technology is used and how to turn it on. That pushback has come in the form of FBI affidavits and consultation in local criminal cases.

"These extreme secrecy efforts are in relation to very controversial, local government surveillance practices using highly invasive technology," said Nathan Freed Wessler, a staff attorney with the American Civil Liberties Union, which has fought for the release of these types of records. "If public participation means anything, people should have the facts about what the government is doing to them." Harris Corp., a key manufacturer of this equipment, built a secrecy element into its authorization agreement with the Federal Communications Commission in 2011. That authorization has an unusual requirement: that local law enforcement "coordinate with the FBI the acquisition and use of the equipment." Companies like Harris need FCC authorization in order to sell wireless equipment that could interfere with radio frequencies. A spokesman from Harris Corp. said the company will not discuss its products for the Defense Department and law enforcement agencies, although public filings showed government sales of communications systems such as the Stingray accounted for nearly one-third of its $5 billion in revenue. "As a government contractor, our solutions are regulated and their use is restricted," spokesman Jim Burke said.

The head of the National Security Agency on Thursday told Senate lawmakers that preventing his agency from collecting Americans’ information in bulk would make it harder to do its job.Under questioning before the Senate Intelligence Committee, Adm. Michael Rogers agreed that ending bulk collection would “significantly reduce [his] operational capabilities.”ADVERTISEMENT“Right now, bulk collection gives us the ability ... to generate insights as to what’s going on,” Rogers told the committee.The NSA head also referenced a January report from the National Academy of Sciences that concluded there is “no software technique that will fully substitute for bulk collection” because of the ability to search through the storehouse of old information. “That independent, impartial, scientifically-founded body came back and said no, under the current structure there is no real replacement,” Rogers said.Rogers was questioned on Thursday by Sen. Ron Wyden (D-Ore.), a member of the Intelligence Committee who has become its most vocal privacy hawk.

In response to the NSA head’s comments, Wyden pointed to a 2013 White House review group, which found that one controversial NSA bulk collection program “was not essential to preventing attacks” and that the information obtained by the NSA “could readily have been obtained in a timely manner using” other means.The debate follows on a congressional clash earlier this year over the NSA’s bulk collection of records about the phone calls of millions of Americans. The records contained information about whom people called and when but not what they talked about.

After a brief lapsing of some portions of the Patriot Act, Congress eventually reined in the NSA by forcing it to go through the courts to search private phone companies’ records for a narrower set of records. Many privacy advocates treated the new law, called the USA Freedom Act, as a significant victory, through national security hawks worried that it would make it harder for the NSA to track terrorists.Under the new system — which has not gone into effect yet — the amount of time it takes to obtain those records “is probably going to be longer I suspect,” Rogers said.Though the phone records database has been the NSA’s most prominent bulk collection program, it is not the only one. The agency’s collection of vast amounts of Internet data has alarmed many privacy advocates and is the target of a current lawsuit from Wikipedia and the American Civil Liberties Union. 

One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps. The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens  all without a court order or judicial warrant.

The power of KARMA POLICE was illustrated in 2009, when GCHQ launched a top-secret operation to collect intelligence about people using the Internet to listen to radio shows. The agency used a sample of nearly 7 million metadata records, gathered over a period of three months, to observe the listening habits of more than 200,000 people across 185 countries, including the U.S., the U.K., Ireland, Canada, Mexico, Spain, the Netherlands, France, and Germany.

GCHQ’s documents indicate that the plans for KARMA POLICE were drawn up between 2007 and 2008. The system was designed to provide the agency with “either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.” The origin of the surveillance system’s name is not discussed in the documents. But KARMA POLICE is also the name of a popular song released in 1997 by the Grammy Award-winning British band Radiohead, suggesting the spies may have been fans. A verse repeated throughout the hit song includes the lyric, “This is what you’ll get, when you mess with us.”

While the Justice Department wages a public fight with Apple over access to a locked iPhone, government officials are privately debating how to resolve a prolonged standoff with another technology company, WhatsApp, over access to its popular instant messaging application, officials and others involved in the case said. No decision has been made, but a court fight with WhatsApp, the world’s largest mobile messaging service, would open a new front in the Obama administration’s dispute with Silicon Valley over encryption, security and privacy.WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge’s wiretap order.

As recently as this past week, officials said, the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp’s encryption.The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear.

To understand the battle lines, consider this imperfect analogy from the predigital world: If the Apple dispute is akin to whether the F.B.I. can unlock your front door and search your house, the issue with WhatsApp is whether it can listen to your phone calls. In the era of encryption, neither question has a clear answer.Some investigators view the WhatsApp issue as even more significant than the one over locked phones because it goes to the heart of the future of wiretapping. They say the Justice Department should ask a judge to force WhatsApp to help the government get information that has been encrypted. Others are reluctant to escalate the dispute, particularly with senators saying they will soon introduce legislation to help the government get data in a format it can read.

The Obama administration has asked a secret surveillance court to ignore a federal court that found bulk surveillance illegal and to once again grant the National Security Agency the power to collect the phone records of millions of Americans for six months. The legal request, filed nearly four hours after Barack Obama vowed to sign a new law banning precisely the bulk collection he asks the secret court to approve, also suggests that the administration may not necessarily comply with any potential court order demanding that the collection stop.

But Carlin asked the Fisa court to set aside a landmark declaration by the second circuit court of appeals. Decided on 7 May, the appeals court ruled that the government had erroneously interpreted the Patriot Act’s authorization of data collection as “relevant” to an ongoing investigation to permit bulk collection. Carlin, in his filing, wrote that the Patriot Act provision remained “in effect” during the transition period. “This court may certainly consider ACLU v Clapper as part of its evaluation of the government’s application, but second circuit rulings do not constitute controlling precedent for this court,” Carlin wrote in the 2 June application. Instead, the government asked the court to rely on its own body of once-secret precedent stretching back to 2006, which Carlin called “the better interpretation of the statute”.

But the Fisa court must first decide whether the new bulk-surveillance request is lawful. On Friday, the conservative group FreedomWorks filed a rare motion before the Fisa court, asking it to reject the government’s surveillance request as a violation of the fourth amendment’s prohibition on unreasonable searches and seizures. Fisa court judge Michael Moseman gave the justice department until this coming Friday to respond – and explicitly barred the government from arguing that FreedomWorks lacks the standing to petition the secret court.

Help strengthen Oregon's privacy protections and limit the use of dragnet surveillance. We are advocating for:•    SB 339 - Strict guidelines for the use of automatic license plate readers (ALPR) •    SB 640 - A warrant requirement to access email, phone, and location records •    SB 641 - A warrant requirement to search cell phones Advances in technology have made it too easy for law enforcement to track where you go, what you do, and who you are with. Most of the data the government collects is about innocent people who are not suspected of any crimes. Yet the government collects that personal information - or accesses it directly from your internet or cell phone provider – and can keep it for years on end.  Technology has changed but your rights haven't.

Montreal (AFP) - A Canadian charged for refusing to give border agents his smartphone passcode was expected Thursday to become the first to test whether border inspections can include information stored on devices.Alain Philippon, 38, risks up to a year in prison and a fine of up to Can$25,000 (US$20,000) if convicted of obstruction.He told local media that he refused to provide the passcode because he considered information on his smartphone to be "personal."Philippon was transiting through the port city of Halifax on his way home from a Caribbean vacation on Monday when he was selected for an in-depth exam.

"Philippon refused to divulge the passcode for his cell phone, preventing border services officers from their duties," Canada Border Services Agency said in an email.The agency insists that the Customs Act authorizes its officers to examine "all goods and conveyances including electronic devices, such as cell phones and laptops."But, according to legal experts, the issue of whether a traveler must reveal the password for an electronic device at a border crossing has not been tested in court. "(It's) one thing for them to inspect it, another thing for them to compel you to help them," Rob Currie, director of the Law and Technology Institute at Dalhousie University, told public broadcaster CBC.Philippon is scheduled to appear in court on May 12.

HE INTERCEPT HAS OBTAINED a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

The Intercept obtained the catalogue from a source within the intelligence community concerned about the militarization of domestic law enforcement. (The original is here.) A few of the devices can house a “target list” of as many as 10,000 unique phone identifiers. Most can be used to geolocate people, but the documents indicate that some have more advanced capabilities, like eavesdropping on calls and spying on SMS messages. Two systems, apparently designed for use on captured phones, are touted as having the ability to extract media files, address books, and notes, and one can retrieve deleted text messages. Above all, the catalogue represents a trove of details on surveillance devices developed for military and intelligence purposes but increasingly used by law enforcement agencies to spy on people and convict them of crimes. The mass shooting earlier this month in San Bernardino, California, which President Barack Obama has called “an act of terrorism,” prompted calls for state and local police forces to beef up their counterterrorism capabilities, a process that has historically involved adapting military technologies to civilian use. Meanwhile, civil liberties advocates and others are increasingly alarmed about how cellphone surveillance devices are used domestically and have called for a more open and informed debate about the trade-off between security and privacy — despite a virtual blackout by the federal government on any information about the specific capabilities of the gear.

“We’ve seen a trend in the years since 9/11 to bring sophisticated surveillance technologies that were originally designed for military use — like Stingrays or drones or biometrics — back home to the United States,” said Jennifer Lynch, a senior staff attorney at the Electronic Frontier Foundation, which has waged a legal battle challenging the use of cellphone surveillance devices domestically. “But using these technologies for domestic law enforcement purposes raises a host of issues that are different from a military context.”

Pending before federal magistrate judge James Orenstein is the government’s request for an order obligating Apple, Inc. to unlock an iPhone and thereby assist prosecutors in decrypting data the government has seized and is authorized to search pursuant to a warrant. In an order questioning the government’s purported legal basis for this request, the All Writs Act of 1789 (AWA), Judge Orenstein asked Apple for a brief informing the court whether the request would be technically feasible and/or burdensome. After Apple filed, the court asked it to file a brief discussing whether the government had legal grounds under the AWA to compel Apple’s assistance. Apple filed that brief and the government filed a reply brief last week in the lead-up to a hearing this morning.

We’ve long been concerned about whether end users own software under the law. Software owners have rights of adaptation and first sale enshrined in copyright law. But software publishers have claimed that end users are merely licensees, and our rights under copyright law can be waived by mass-market end user license agreements, or EULAs. Over the years, Granick has argued that users should retain their rights even if mass-market licenses purport to take them away. The government’s brief takes advantage of Apple’s EULA for iOS to argue that Apple, the software publisher, is responsible for iPhones around the world. Apple’s EULA states that when you buy an iPhone, you’re not buying the iOS software it runs, you’re just licensing it from Apple. The government argues that having designed a passcode feature into a copy of software which it owns and licenses rather than sells, Apple can be compelled under the All Writs Act to bypass the passcode on a defendant’s iPhone pursuant to a search warrant and thereby access the software owned by Apple. Apple’s supplemental brief argues that in defining its users’ contractual rights vis-à-vis Apple with regard to Apple’s intellectual property, Apple in no way waived its own due process rights vis-à-vis the government with regard to users’ devices. Apple’s brief compares this argument to forcing a car manufacturer to “provide law enforcement with access to the vehicle or to alter its functionality at the government’s request” merely because the car contains licensed software. 

This is an interesting twist on the decades-long EULA versus users’ rights fight. As far as we know, this is the first time that the government has piggybacked on EULAs to try to compel software companies to provide assistance to law enforcement. Under the government’s interpretation of the All Writs Act, anyone who makes software could be dragooned into assisting the government in investigating users of the software. If the court adopts this view, it would give investigators immense power. The quotidian aspects of our lives increasingly involve software (from our cars to our TVs to our health to our home appliances), and most of that software is arguably licensed, not bought. Conscripting software makers to collect information on us would afford the government access to the most intimate information about us, on the strength of some words in some license agreements that people never read. (And no wonder: The iPhone’s EULA came to over 300 pages when the government filed it as an exhibit to its brief.)

In but the latest in a continuing saga of big tech tracking and surveillance stories which should serve to convince us all we are living in the beginning phases of a Minority Report style tracking and pansophical "pre-crime" system, it's now confirmed that the world's most powerful tech company and search tool will always find a way to keep your location data. The Associated Press sought the help of Princeton researchers to prove that while Google is clear and upfront about giving App users the ability to turn off or "pause" Location History on their devices, there are other hidden means through which it retains the data.

According to the AP report: Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.” That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking. For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude — accurate to the square foot — and save it to your Google account. The issue directly affects around two billion people using Google's Android operating software and iPhone users relying on Google maps or a simple search. Among the computer science researchers at Princeton conducting the tests is Jonathan Mayer, who told the AP, “If you’re going to allow users to turn off something called ‘Location History,’ then all the places where you maintain location history should be turned off,” and added, “That seems like a pretty straightforward position to have.”

The nation’s top technology firms and a coalition of privacy groups are urging Congress to place curbs on government surveillance in the face of a fast-approaching deadline for legislative action. A set of key Patriot Act surveillance authorities expire June 1, but the effective date is May 21 — the last day before Congress breaks for a Memorial Day recess. In a letter to be sent Wednesday to the Obama administration and senior lawmakers, the coalition vowed to oppose any legislation that, among other things, does not ban the “bulk collection” of Americans’ phone records and other data.

We know that there are some in Congress who think that they can get away with reauthorizing the expiring provisions of the Patriot Act without any reforms at all,” said Kevin Bankston, policy director of New America Foundation’s Open Technology Institute, a privacy group that organized the effort. “This letter draws a line in the sand that makes clear that the privacy community and the Internet industry do not intend to let that happen without a fight.” At issue is the bulk collection of Americans’ data by intelligence agencies such as the National Security Agency. The NSA’s daily gathering of millions of records logging phone call times, lengths and other “metadata” stirred controversy when it was revealed in June 2013 by former NSA contractor Edward Snowden. The records are placed in a database that can, with a judge’s permission, be searched for links to foreign terrorists.They do not include the content of conversations.

That program, placed under federal surveillance court oversight in 2006, was authorized by the court in secret under Section 215 of the Patriot Act — one of the expiring provisions. The public outcry that ensued after the program was disclosed forced President Obama in January 2014 to call for an end to the NSA’s storage of the data. He also appealed to Congress to find a way to preserve the agency’s access to the data for counterterrorism information.

Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the targets of censorship efforts, so they have the choice of either standing up to the censors or capitulating in order to maximize their business. Today’s internet largely reflects the dominance of a handful of companies behind the cloud services, search engines and mobile platforms that underpin the technology landscape. This new centralization radically tips the balance between those who want to censor parts of the internet and those trying to evade censorship. When the profitable answer is for a software giant to acquiesce to censors' demands, how long can internet freedom last? The recent battle between the Russian government and the Telegram messaging app illustrates one way this might play out. Russia has been trying to block Telegram since April, when a Moscow court banned it after the company refused to give Russian authorities access to user messages. Telegram, which is widely used in Russia, works on both iPhone and Android, and there are Windows and Mac desktop versions available. The app offers optional end-to-end encryption, meaning that all messages are encrypted on the sender's phone and decrypted on the receiver's phone; no part of the network can eavesdrop on the messages. Since then, Telegram has been playing cat-and-mouse with the Russian telecom regulator Roskomnadzor by varying the IP address the app uses to communicate. Because Telegram isn't a fixed website, it doesn't need a fixed IP address. Telegram bought tens of thousands of IP addresses and has been quickly rotating through them, staying a step ahead of censors. Cleverly, this tactic is invisible to users. The app never sees the change, or the entire list of IP addresses, and the censor has no clear way to block them all. A week after the court ban, Roskomnadzor countered with an unprecedented move of its own: blocking 19 million IP addresses, many on Amazon Web Services and Google Cloud. The collateral damage was widespread: The action inadvertently broke many other web services that use those platforms, and Roskomnadzor scaled back after it became clear that its action had affected services critical for Russian business. Even so, the censor is still blocking millions of IP addresses.

A divided Fourth Circuit has ruled, in United States v. Graham, that “the government conducts a search under the Fourth Amendment when it obtains and inspects a cell phone user’s historical [cell-site location information] for an extended period of time” and that obtaining such records requires a warrant. The new case creates multiple circuit splits, which may lead to Supreme Court review. Specifically, the decision creates a clear circuit split with the Fifth and Eleventh Circuits on whether acquiring cell-site records is a search. It also creates an additional clear circuit split with the Eleventh Circuit on whether, if cell-site records are protected, a warrant is required. Finally, it also appears to deepen an existing split between the Fifth and Third Circuits on whether the Stored Communications Act allows the government to choose whether to obtain an intermediate court order or a warrant for cell-site records. This post will cover the reasoning of the new case in detail.