Group items tagged

Softball Interview here. . I wasn't really expecting Obama to reach out to the ACLU and EFF for a good civil liberties lawyer recommendation, but this appointment is lame, the former Director of Privacy for Dept. of Homeland Security, those wonderful folk who keep the homeland safe from terra-ists. The airport gropers, secret no-fly listers, and masters of border protection, where all Constitutional privacy rights do not apply, per the Supreme Court., the coordinators of our glorious "fusion centers," the provisioners of funding for armored cars and surveillance equipment for local police, etc. A sample from her interview linked above that I transcribed (omitting all the umhs and ahs): "When you think about NSA, privacy there for them was privacy of its employees, about contractors, about the average person walking down the street - it was not as concentrated on, this is the big collection that we're getting through these means, and so what this job does is that it brings it up under direct reports to the director of NSA and it is just as a focal point, to bring all of those and -- I walked in the building and people were already asking questions so ..." Heaven help us; has this lassie's brain yet matured to the point of completing her first sentence? This is the lady who is going to keep Admiral Rogers on the straight and narrow path of respecting our civil liberties? I suspect not.  I may return to this inarticulate and non-assertive young lady in later posts. Let it suffice for now to observe that the Dept. of Homeland Security, whose raison d'etre is a virtually non-existent terrorist threat manufactured by the politics of fear, has not exactly been a champion of the People's civil liberties. Moreover, I've had recent occasion to dig rather deeply into exactly what it is that Privacy Officers do and don't do. Telling heads of agencies that they cannot lawfully do what they want to do is no

The Washington Post has reported that "on July 15 [2001], the secret surveillance court allowed the NSA to resume bulk collection under the court's own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as "pen register, trap and trace," that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line." .  The seminal case on pen registers is the Supreme Court's 1979 Smith v. Maryland decision, bookmarked here and the Clerk's syllabus highlighted, with the Court's discussion on the same web page. We will be hearing a lot about this case decision in the weeks and months to come.  Let it suffice for now to record a few points of what my antenna are telling me:  -- Both technology and the law have moved on since then. We are 34 years down the line from the Smith decision. Its pronouncements have been sliced and diced by subsequent decisions. Not a single Justice who sat on the Smith case is still on the High Bench.   -- In Smith, a single pen register was used to obtain calling information from a single telephone number by law enforcement officials. In the present circumstance, we face an Orwellian situation of a secret intelligence agency with no law enforcement authority forbidden by law from conducting domestic surveillance perusing and all digital communications of the entire citizenry. -- The NSA has been gathering not only information analogous to pen register results but also the communications of American citizens themselves. The communications themselves --- the contents --- are subject to the 4th Amendment warrant requirement. Consider the circuitous route of the records ordered to be disclosed in the Verizon FISA order. Verizon was ordered to disclose them to the FBI, not to the NSA. But then the FBI apparently forwards the records to the NSA, who has both the "pen register

I wound up joining this campaign at the urging of the ACLU after checking the Privacy Policy. The Reset the Net campaign seems to be endorsed by a lot of change-oriented groups, from the ACLU to Greenpeac to the Pirate Party. A fair number of groups with a Progressive agenda, but certainly not limited to them. The right answer to that situation is to urge other groups to endorse, not to avoid the campaign. Single-issue coalition-building is all about focusing on an area of agreement rather than worrying about who you are rubbing elbows with.  I have been looking for a a bipartisan group that's tackling government surveillance issues via mass actions but has no corporate sponsors. This might be the one. The reason: Corporate types like Google have no incentive to really butt heads with the government voyeurs. They are themselves engaged in massive surveillance of their users and certainly will not carry the battle for digital privacy over to the private sector. But this *is* a battle over digital privacy and legally defining user privacy rights in the private sector is just as important as cutting back on government surveillance. As we have learned through the Snowden disclosures, what the private internet companies have, the NSA can and does get.  The big internet services successfully pushed in the U.S. for authorization to publish more numbers about how many times they pass private data to the government, but went no farther. They wanted to be able to say they did something, but there's a revolving door of staffers between NSA and the big internet companies and the internet service companies' data is an open book to the NSA.   The big internet services are not champions of their users' privacy. If they were, they would be featuring end-to-end encryption with encryption keys unique to each user and unknown to the companies.  Like some startups in Europe are doing. E.g., the Wuala.com filesync service in Switzerland (first 5 GB of storage free). Compare tha

Woo-hoo! Go get'em, U.N.

A must-read. Ben Wizner discusses the current climate in the courts in government surveillance cases and how Edward Snowden's disclosures have affected that, and much more. Wizner is not only Edward Snowden's lawyer, he is also the coordinator of all ACLU litigation on electronic surveillance matters.

Another take on it from EFF: https://www.eff.org/deeplinks/2015/10/europes-court-justice-nsa-surveilance Expected since the Court's Advocate General released an opinion last week, presaging today's opinion.  Very big bucks involved behind the scenes because removing U.S.-based internet companies from the scene in the E.U. would pave the way for growth of E.U.-based companies.  The way forward for the U.S. companies is even more dicey because of a case now pending in the U.S.  The Second U.S. Circuit Court of Appeals is about to decide a related case in which Microsoft was ordered by the lower court to produce email records stored on a server in Ireland. . Should the Second Circuit uphold the order and the Supreme Court deny review, then under the principles announced today by the Court in the E.U., no U.S.-based company could ever be allowed to have "possession, custody, or control" of the data of E.U. citizens. You can bet that the E.U. case will weigh heavily in the Second Circuit's deliberations.  The E.U. decision is by far and away the largest legal event yet flowing out of the Edward Snowden disclosures, tectonic in scale. Up to now, Congress has succeeded in confining all NSA reforms to apply only to U.S. citizens. But now the large U.S. internet companies, Google, Facebook, Microsoft, Dropbox, etc., face the loss of all Europe as a market. Congress *will* be forced by their lobbying power to extend privacy protections to "non-U.S. persons."  Thank you again, Edward Snowden.

"'Failing Expectations: Fourth Amendment Doctrine in the Era of Total Surveillance' is a thought-provoking essay written by a Fordham University law professor about how the reasonable expectation test for privacy is failing to protect us. Add into our networked world the third-party doctrine and we have little protection against unreasonable searches and seizures."

It doesn't detract substantially from the essay's central thesis, but an important part of the learned professor's heartfelt desires were delivered in a Supreme Court decision just decided, after the essay was published, Reilly v. California, http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf The Court held in relevant part: "We also reject the United States' final suggestion that officers should always be able to search a phone's call log, as they did in Wurie's case. The Government relies on Smithv. Maryland, 442 U. S. 735 (1979), which held that no warrant was required to use a pen register at telephone company premises to identify numbers dialed by a particular caller. The Court in that case, however, concluded that the use of a pen register was not a "search" at all under the Fourth Amendment. See id., at 745-746. There is no dispute here that the officers engaged in a search of Wurie's cell phone. Moreover, call logs typically contain more than just phone numbers; they include any identifying information that an individual might add, such as the label "my house" in Wurie's case." The effect there was to confine Smith v. Maryland, the foundation of the third-party doctrine, to its particular facts. In other words, the third-party doctrine is now confined to connected telephone numbers, the connect time, and the duration of the call. If any other metadata is gathered, such as location data, the third-party doctrine no longer applies. When you read the rest of the Reilly decision, you see a unanimous Supreme Court shooting down one government defense after another that have been used in the NSA's defense to mass telecommunications surveillance. But most interestingly, the Court unmistakably has laid the groundwork for a later decision drastically cutting back on digital surveillance without a search warrant based on particularized probable cause to believe that evidence of a specific crime has occurred and that the requested sear

Another victory for civil libertarians against the surveillance state. Note that this is another decision drawing guidance from the Supreme Court's decision in U.S. v. Jones, shortly before the Edward Snowden leaks came to light, that called for re-examination of the Third Party Doctrine, an older doctrine that data given to or generated by third parties is not protected by the Fourth Amendment.   

The Vodafone disclosures will undoubtedly have a very large ripple effect. Note carefully that this is the first major telephone service in the world to break ranks with the others and come out swinging at secret government voyeur agencies. Will others follow. If you follow the links to the Vodafone report, you'll find a very handy big PDF providing an overview of the relevant laws in each of the customer nations. There's a cute Guardian table that shows the aggregate number of warrants for interception of content via Vodafone for each of those nations, broken down by content type. That table has white-on-black cells noting where disclosure of those types of surveillance statistics are prohibited by law. So it is far from a complete picture, but it's a heck of a good start.  But several of those customer nations are members of the E.U., where digital privacy rights are enshrined as human rights under an EU-wide treaty. So expect some heat to roll downhill on those nations from the European treaty organizations, particularly the European Court of Human Rights, staffed with civil libertarian judges, from which there is no appeal.     

A case to watch as it wends it way through the appellate process. A very big win for the ACLU, with major implications for federal intelligence gathering in general. 

NSA and crew decide to delay and try later with CISA. The Internet strikes back again.

Article includes more detail on individual EU nations' objections, Germany, Ireland, and Italy.  

This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.

Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later

Our system of government does not expect that every criminal will be apprehended and convicted. There are numerous values our society believes are more important. Some examples: [i] a presumption of innocence unless guilt is established beyond any reasonable doubt; [ii] the requirement that government officials convince a neutral magistrate that they have probable cause to believe that a search or seizure will produce evidence of a crime; [iii] many communications cannot be compelled to be disclosed and used in evidence, such as attorney-client communications, spousal communications, and priest-penitent communications; and [iv] etc. Moral of my story: the government needs a much stronger reason to justify interception of communications than saying, "some crooks will escape prosecution if we can't do that." We have a right to whisper to each other, concealing our communicatons from all others. Why does the right to whisper privately disappear if our whisperings are done electronically? The Supreme Court took its first step on a very slippery slope when it permitted wiretapping in Olmstead v. United States, 277 U.S. 438, 48 S. Ct. 564, 72 L. Ed. 944 (1928). https://goo.gl/LaZGHt It's been a long slide ever since. It's past time to revisit Olmstead and recognize that American citizens have the absolute right to communicate privately. "The President … recognizes that U.S. citizens and institutions should have a reasonable expectation of privacy from foreign or domestic intercept when using the public telephone system." - Brent Scowcroft, U.S. National Security Advisor, National Security Decision Memorandum 338 (1 September 1976) (Nixon administration), http://www.fas.org/irp/offdocs/nsdm-ford/nsdm-338.pdf   

The Privacy Act, 5 U.S.C. 552a, provides in relevant part: "(a)(4) the term "record" means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a finger or voice print or a photograph[.] ... "(b) Conditions of Disclosure.-No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record would be- ... "(7) to another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the agency which maintains the record specifying the particular portion desired and the law enforcement activity for which the record is sought[.]" So a separate written request for each "portion" of any individual record that describes the "law enforcement activity for which the record is sought[.]" That doesn't sound like the contemplated unfettered access to bulk raw data. And it gets even better, with a right to sue for any violation, attorney fees and expenses, and a statutory minimum of $1,000 damages per violation just for winning the case.