Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged privacy-litigation

Rss Feed Group items tagged

Paul Merrell

How Edward Snowden Changed Everything | The Nation - 0 views

  • Ben Wizner, who is perhaps best known as Edward Snowden’s lawyer, directs the American Civil Liberties Union’s Speech, Privacy & Technology Project. Wizner, who joined the ACLU in August 2001, one month before the 9/11 attacks, has been a force in the legal battles against torture, watch lists, and extraordinary rendition since the beginning of the global “war on terror.” Ad Policy On October 15, we met with Wizner in an upstate New York pub to discuss the state of privacy advocacy today. In sometimes sardonic tones, he talked about the transition from litigating on issues of torture to privacy advocacy, differences between corporate and state-sponsored surveillance, recent developments in state legislatures and the federal government, and some of the obstacles impeding civil liberties litigation. The interview has been edited and abridged for publication.
  • en Wizner, who is perhaps best known as Edward Snowden’s lawyer, directs the American Civil Liberties Union’s Speech, Privacy & Technology Project. Wizner, who joined the ACLU in August 2001, one month before the 9/11 attacks, has been a force in the legal battles against torture, watch lists, and extraordinary rendition since the beginning of the global “war on terror.” Ad Policy On October 15, we met with Wizner in an upstate New York pub to discuss the state of privacy advocacy today. In sometimes sardonic tones, he talked about the transition from litigating on issues of torture to privacy advocacy, differences between corporate and state-sponsored surveillance, recent developments in state legislatures and the federal government, and some of the obstacles impeding civil liberties litigation. The interview has been edited and abridged for publication.
  • Many of the technologies, both military technologies and surveillance technologies, that are developed for purposes of policing the empire find their way back home and get repurposed. You saw this in Ferguson, where we had military equipment in the streets to police nonviolent civil unrest, and we’re seeing this with surveillance technologies, where things that are deployed for use in war zones are now commonly in the arsenals of local police departments. For example, a cellphone surveillance tool that we call the StingRay—which mimics a cellphone tower and communicates with all the phones around—was really developed as a military technology to help identify targets. Now, because it’s so inexpensive, and because there is a surplus of these things that are being developed, it ends up getting pushed down into local communities without local democratic consent or control.
  • ...4 more annotations...
  • SG & TP: How do you see the current state of the right to privacy? BW: I joked when I took this job that I was relieved that I was going to be working on the Fourth Amendment, because finally I’d have a chance to win. That was intended as gallows humor; the Fourth Amendment had been a dishrag for the last several decades, largely because of the war on drugs. The joke in civil liberties circles was, “What amendment?” But I was able to make this joke because I was coming to Fourth Amendment litigation from something even worse, which was trying to sue the CIA for torture, or targeted killings, or various things where the invariable outcome was some kind of non-justiciability ruling. We weren’t even reaching the merits at all. It turns out that my gallows humor joke was prescient.
  • The truth is that over the last few years, we’ve seen some of the most important Fourth Amendment decisions from the Supreme Court in perhaps half a century. Certainly, I think the Jones decision in 2012 [U.S. v. Jones], which held that GPS tracking was a Fourth Amendment search, was the most important Fourth Amendment decision since Katz in 1967 [Katz v. United States], in terms of starting a revolution in Fourth Amendment jurisprudence signifying that changes in technology were not just differences in degree, but they were differences in kind, and require the Court to grapple with it in a different way. Just two years later, you saw the Court holding that police can’t search your phone incident to an arrest without getting a warrant [Riley v. California]. Since 2012, at the level of Supreme Court jurisprudence, we’re seeing a recognition that technology has required a rethinking of the Fourth Amendment at the state and local level. We’re seeing a wave of privacy legislation that’s really passing beneath the radar for people who are not paying close attention. It’s not just happening in liberal states like California; it’s happening in red states like Montana, Utah, and Wyoming. And purple states like Colorado and Maine. You see as many libertarians and conservatives pushing these new rules as you see liberals. It really has cut across at least party lines, if not ideologies. My overall point here is that with respect to constraints on government surveillance—I should be more specific—law-enforcement government surveillance—momentum has been on our side in a way that has surprised even me.
  • Do you think that increased privacy protections will happen on the state level before they happen on the federal level? BW: I think so. For example, look at what occurred with the death penalty and the Supreme Court’s recent Eighth Amendment jurisprudence. The question under the Eighth Amendment is, “Is the practice cruel and unusual?” The Court has looked at what it calls “evolving standards of decency” [Trop v. Dulles, 1958]. It matters to the Court, when it’s deciding whether a juvenile can be executed or if a juvenile can get life without parole, what’s going on in the states. It was important to the litigants in those cases to be able to show that even if most states allowed the bad practice, the momentum was in the other direction. The states that were legislating on this most recently were liberalizing their rules, were making it harder to execute people under 18 or to lock them up without the possibility of parole. I think you’re going to see the same thing with Fourth Amendment and privacy jurisprudence, even though the Court doesn’t have a specific doctrine like “evolving standards of decency.” The Court uses this much-maligned test, “Do individuals have a reasonable expectation of privacy?” We’ll advance the argument, I think successfully, that part of what the Court should look at in considering whether an expectation of privacy is reasonable is showing what’s going on in the states. If we can show that a dozen or eighteen state legislatures have enacted a constitutional protection that doesn’t exist in federal constitutional law, I think that that will influence the Supreme Court.
  • The question is will it also influence Congress. I think there the answer is also “yes.” If you’re a member of the House or the Senate from Montana, and you see that your state legislature and your Republican governor have enacted privacy legislation, you’re not going to be worried about voting in that direction. I think this is one of those places where, unlike civil rights, where you saw most of the action at the federal level and then getting forced down to the states, we’re going to see more action at the state level getting funneled up to the federal government.
  •  
    A must-read. Ben Wizner discusses the current climate in the courts in government surveillance cases and how Edward Snowden's disclosures have affected that, and much more. Wizner is not only Edward Snowden's lawyer, he is also the coordinator of all ACLU litigation on electronic surveillance matters.
Paul Merrell

Reset The Net - Privacy Pack - 0 views

  • This June 5th, I pledge to take strong steps to protect my freedom from government mass surveillance. I expect the services I use to do the same.
  • Fight for the Future and Center for Rights will contact you about future campaigns. Privacy Policy
  •  
    I wound up joining this campaign at the urging of the ACLU after checking the Privacy Policy. The Reset the Net campaign seems to be endorsed by a lot of change-oriented groups, from the ACLU to Greenpeac to the Pirate Party. A fair number of groups with a Progressive agenda, but certainly not limited to them. The right answer to that situation is to urge other groups to endorse, not to avoid the campaign. Single-issue coalition-building is all about focusing on an area of agreement rather than worrying about who you are rubbing elbows with.  I have been looking for a a bipartisan group that's tackling government surveillance issues via mass actions but has no corporate sponsors. This might be the one. The reason: Corporate types like Google have no incentive to really butt heads with the government voyeurs. They are themselves engaged in massive surveillance of their users and certainly will not carry the battle for digital privacy over to the private sector. But this *is* a battle over digital privacy and legally defining user privacy rights in the private sector is just as important as cutting back on government surveillance. As we have learned through the Snowden disclosures, what the private internet companies have, the NSA can and does get.  The big internet services successfully pushed in the U.S. for authorization to publish more numbers about how many times they pass private data to the government, but went no farther. They wanted to be able to say they did something, but there's a revolving door of staffers between NSA and the big internet companies and the internet service companies' data is an open book to the NSA.   The big internet services are not champions of their users' privacy. If they were, they would be featuring end-to-end encryption with encryption keys unique to each user and unknown to the companies.  Like some startups in Europe are doing. E.g., the Wuala.com filesync service in Switzerland (first 5 GB of storage free). Compare tha
Paul Merrell

Mass Surveillance and the Right to Privacy: Adding Nuance to the Schrems Case | Just Se... - 0 views

  • Last week’s post by Megan Graham is certainly a welcome contribution in explaining the implications of the Max Schrems case by the European Union Court of Justice, and specifically how it relates to the Safe Harbor arrangement between the US and the EU. Let me add a different perspective: Irrespective of its consequences for Safe Harbor, last week’s ruling is hugely important on a more general level, namely for the understanding of what the right to privacy entails in Europe and what this means for mass surveillance. Through its ruling in Max Schrems the EU’s highest court has established that: Mere access by public authorities to confidential or group-specific communications data constitutes an intrusion into the right to privacy, even without any further processing of that data; and While indiscriminate intrusion into “metadata” may constitute a particularly serious intrusion into the right to privacy, access to “content” data will affect the essence of the right to privacy.
  • These findings were made under Article 7 of the EU Charter of Fundamental Rights, a broad provision on the right to respect for one’s private life. This provision of the EU Charter, which is a part of the foundational treaty framework of the European Union, is almost identical to Article 8 of the European Convention on Human Rights, a treaty legally binding for broader Europe and routinely a part of domestic legal orders. It remains to be seen whether the guardian of the latter framework, the European Court of Human Rights, will also be courageous enough to determine that indiscriminate mass surveillance that provides access to “content” data breaches the essential core of the right to privacy. The highest EU court already took that bold step. One of the most important implications of identifying government access to content as breaching the essence of the right to privacy, is that it negates the need for a proportionality assessment. Measures that compromise the essence of privacy have already crossed a red line, and there is no need for any further “balancing” between privacy and security. Therefore, the Max Schrems ruling is a huge blow to many of the current methods of electronic mass surveillance, including those practiced by the US and several European countries (including the United Kingdom).
  • Several additional points from my earlier post in Verfassungsblog about this case are also worth noting. First, the EU court did not really dwell on the separate Article 8 provision of the EU Charter on Fundamental Rights, concerning the right to the protection of personal data. This was perhaps because that provision is triggered by the “processing” of data, while the general privacy (Article 7) impact comes into play through mere “access.” Another point is that while it was easy to establish the jurisdiction of the EU court over data transfers from Europe to Facebook’s servers in the US, it may be much harder to bring a case before that court concerning “upstream” methods of mass surveillance, such as the NSA’s tapping of transatlantic fiber optic telecommunications cables. Perhaps most importantly, the substantive ruling in the Schrems case is formulated in a way that it would apply to any method of mass surveillance that gives public authorities access to the content of ordinary people’s private communications, including communications intended for a group of people but not for the authorities. Hence, the ruling is a major contribution as to what the right to privacy substantively means in Europe.
Paul Merrell

Data Transfer Pact Between U.S. and Europe Is Ruled Invalid - The New York Times - 0 views

  • Europe’s highest court on Tuesday struck down an international agreement that allowed companies to move digital information like people’s web search histories and social media updates between the European Union and the United States. The decision left the international operations of companies like Google and Facebook in a sort of legal limbo even as their services continued working as usual.The ruling, by the European Court of Justice, said the so-called safe harbor agreement was flawed because it allowed American government authorities to gain routine access to Europeans’ online information. The court said leaks from Edward J. Snowden, the former contractor for the National Security Agency, made it clear that American intelligence agencies had almost unfettered access to the data, infringing on Europeans’ rights to privacy. The court said data protection regulators in each of the European Union’s 28 countries should have oversight over how companies collect and use online information of their countries’ citizens. European countries have widely varying stances towards privacy.
  • Data protection advocates hailed the ruling. Industry executives and trade groups, though, said the decision left a huge amount of uncertainty for big companies, many of which rely on the easy flow of data for lucrative businesses like online advertising. They called on the European Commission to complete a new safe harbor agreement with the United States, a deal that has been negotiated for more than two years and could limit the fallout from the court’s decision.
  • Some European officials and many of the big technology companies, including Facebook and Microsoft, tried to play down the impact of the ruling. The companies kept their services running, saying that other agreements with the European Union should provide an adequate legal foundation.But those other agreements are now expected to be examined and questioned by some of Europe’s national privacy watchdogs. The potential inquiries could make it hard for companies to transfer Europeans’ information overseas under the current data arrangements. And the ruling appeared to leave smaller companies with fewer legal resources vulnerable to potential privacy violations.
  • ...3 more annotations...
  • “We can’t assume that anything is now safe,” Brian Hengesbaugh, a privacy lawyer with Baker & McKenzie in Chicago who helped to negotiate the original safe harbor agreement. “The ruling is so sweepingly broad that any mechanism used to transfer data from Europe could be under threat.”At issue is the sort of personal data that people create when they post something on Facebook or other social media; when they do web searches on Google; or when they order products or buy movies from Amazon or Apple. Such data is hugely valuable to companies, which use it in a broad range of ways, including tailoring advertisements to individuals and promoting products or services based on users’ online activities.The data-transfer ruling does not apply solely to tech companies. It also affects any organization with international operations, such as when a company has employees in more than one region and needs to transfer payroll information or allow workers to manage their employee benefits online.
  • But it was unclear how bulletproof those treaties would be under the new ruling, which cannot be appealed and went into effect immediately. Europe’s privacy watchdogs, for example, remain divided over how to police American tech companies.France and Germany, where companies like Facebook and Google have huge numbers of users and have already been subject to other privacy rulings, are among the countries that have sought more aggressive protections for their citizens’ personal data. Britain and Ireland, among others, have been supportive of Safe Harbor, and many large American tech companies have set up overseas headquarters in Ireland.
  • “For those who are willing to take on big companies, this ruling will have empowered them to act,” said Ot van Daalen, a Dutch privacy lawyer at Project Moore, who has been a vocal advocate for stricter data protection rules. The safe harbor agreement has been in place since 2000, enabling American tech companies to compile data generated by their European clients in web searches, social media posts and other online activities.
  •  
    Another take on it from EFF: https://www.eff.org/deeplinks/2015/10/europes-court-justice-nsa-surveilance Expected since the Court's Advocate General released an opinion last week, presaging today's opinion.  Very big bucks involved behind the scenes because removing U.S.-based internet companies from the scene in the E.U. would pave the way for growth of E.U.-based companies.  The way forward for the U.S. companies is even more dicey because of a case now pending in the U.S.  The Second U.S. Circuit Court of Appeals is about to decide a related case in which Microsoft was ordered by the lower court to produce email records stored on a server in Ireland. . Should the Second Circuit uphold the order and the Supreme Court deny review, then under the principles announced today by the Court in the E.U., no U.S.-based company could ever be allowed to have "possession, custody, or control" of the data of E.U. citizens. You can bet that the E.U. case will weigh heavily in the Second Circuit's deliberations.  The E.U. decision is by far and away the largest legal event yet flowing out of the Edward Snowden disclosures, tectonic in scale. Up to now, Congress has succeeded in confining all NSA reforms to apply only to U.S. citizens. But now the large U.S. internet companies, Google, Facebook, Microsoft, Dropbox, etc., face the loss of all Europe as a market. Congress *will* be forced by their lobbying power to extend privacy protections to "non-U.S. persons."  Thank you again, Edward Snowden.
Paul Merrell

EU-US Personal Data Privacy Deal 'Cracked Beyond Repair' - 0 views

  • Privacy Shield is the proposed new deal between the EU and the US that is supposed to safeguard all personal data on EU citizens held on computer systems in the US from being subject to mass surveillance by the US National Security Agency. The data can refer to any transaction — web purchases, cars or clothing — involving an EU citizen whose data is held on US servers. Privacy groups say Privacy Shield — which replaces the Safe Harbor agreement ruled unlawful in October 2015 — does not meet strict EU standard on the use of personal data. Monique Goyens, Director General of the European Consumer Organization (BEUC) told Sputnik: “We consider that the shield is cracked beyond repair and is unlikely to stand scrutiny by the European Court of Justice. A fundamental problem remains that the US side of the shield is made of clay, not iron.”
  • The agreement has been under negotiation for months ever since the because the European Court of Justice ruled in October 2015 that the previous EU-US data agreement — Safe Harbor — was invalid. The issue arises from the strict EU laws — enshrined in the Charter of Fundamental Rights of the European Union — to the privacy of their personal data.
  • The Safe Harbor agreement was a quasi-judicial understanding that the US undertook to agree that it would ensure that EU citizens’ data on US servers would be held and protected under the same restrictions as it would be under EU law and directives. The data covers a huge array of information — from Internet and communications usage, to sales transactions, import and exports.
  • ...1 more annotation...
  • The case arose when Maximillian Schrems, a Facebook user, lodged a complaint with the Irish Data Protection Commissioner, arguing that — in the light of the revelations by ex-CIA contractor Edward Snowden of mass surveillance by the US National Security Agency (NSA) — the transfer of data from Facebook’s Irish subsidiary onto the company’s servers in the US does not provide sufficient protection of his personal data. The court ruled that: “the Safe Harbor Decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals.”
  •  
    Off we go for another trip to the European Court of Justice.
Paul Merrell

Snowden document shows Canada set up spy posts for NSA - Politics - CBC News - 0 views

  • A top secret document retrieved by American whistleblower Edward Snowden reveals Canada has set up covert spying posts around the world and conducted espionage against trading partners at the request of the U.S. National Security Agency. The leaked NSA document being reported exclusively by CBC News reveals Canada is involved with the huge American intelligence agency in clandestine surveillance activities in “approximately 20 high-priority countries."
  • Sections of the document with the highest classification make it clear in some instances why American spymasters are particularly keen about enlisting their Canadian counterparts, the Communications Security Establishment Canada. "CSEC shares with the NSA their unique geographic access to areas unavailable to the U.S," the document says. The briefing paper describes a "close co-operative relationship" between the NSA and its Canadian counterpart, the Communications Security Establishment Canada, or CSEC — a relationship "both sides would like to see expanded and strengthened. "The intelligence exchange with CSEC covers worldwide national and transnational targets."
  • The briefing notes make it clear that Canada plays a very robust role in intelligence-gathering around the world in a way that has won respect from its American equivalents.
  • ...5 more annotations...
  • The intimate Canada-U.S. electronic intelligence relationship dates back more than 60 years. Most recently, another Snowden document reported by CBC News showed the two agencies co-operated to allow the NSA to spy on the G20 summit of international leaders in Toronto in 2010. But what the latest secret document reveals for the first time is just how expansive Canada's international espionage activities have become.
  • The NSA document depicts CSEC as a sophisticated, capable and highly respected intelligence partner involved in all manner of joint spying missions, including setting up listening posts at the request of the Americans. "CSEC offers resources for advanced collection, processing and analysis, and has opened covert sites at the request of NSA," the document states.
  • Aside from compromising the actual intelligence operation, Wark says, an exposed spy mission can imperil Canada's other diplomatic operations — "the political contacts, the trade contacts, the generation of goodwill between the countries and any sense of co-operation." Wark says if a country feels targeted by a Canadian embassy, it can put everyone working there under a cloud of suspicion: “Are they really diplomats or are they spies?” As a result of those risks, Wark says, approval for CSEC to establish a covert spying post at the request of the NSA would have to come from the ministerial level of the Canadian government — or even from the prime minister himself.
  • Canada and the U.S. have long shared security intelligence with sister agencies in the U.K., Australia and New Zealand – the so-called "Five Eyes" partnership. But the latest secret Snowden missive shows CSEC and the NSA becoming physically intertwined. "Co-operative efforts include the exchange of liaison officers and integrees," the document reveals, a reference to CSEC operatives working inside the NSA, and vice-versa. It notes the NSA also supplies much of the computer hardware and software CSEC uses for encryption, decoding and other state-of-the-art essentials of electronic spying needed for "collection, processing and analytic efforts."
  • CSEC employs about 2,000 people, has an annual budget of roughly $450 million and will soon move into an architecturally spectacular new Ottawa headquarters costing Canadian taxpayers almost $1.2 billion. By comparison, the NSA employs an estimated 40,000 people plus thousands of private contractors, and spends over $40 billion a year NSA whistleblower Drake says the problem is that both CSEC and the NSA lack proper oversight, and without it, they have morphed into runaway surveillance. "There is a clear and compelling danger to democracy in Canada by virtue of how far these secret surveillance operations have gone."
  •  
    "'Co-operative efforts include the exchange of liaison officers and integrees,'the document reveals, a reference to CSEC operatives working inside the NSA, and vice-versa." And that fact raises potential U.S. Privacy Act issues. Under the Privacy Act, all U.S. agencies are prohibited from sharing information containing personal identifiers of U.S. citizens with any foreign government and requires that agencies make full disclosure to all persons  whose rights are thus violated. The Act also creates a cause of action for redress by the federal courts, with a minimum $1,500 damages plus attorney's fees and litigation expenses. Note that the other NSA documents show that NSA is sharing U.S. citizens' information that includes personal identifiers with Israeli intelligence. The NSA has been by another statute excused from compliance with some portions of the Privacy Act but not those discussed above.
Paul Merrell

The Government Can No Longer Track Your Cell Phone Without a Warrant | Motherboard - 0 views

  • The government and police regularly use location data pulled off of cell phone towers to put criminals at the scenes of crimes—often without a warrant. Well, an appeals court ruled today that the practice is unconstitutional, in one of the strongest judicial defenses of technology privacy rights we've seen in a while.  The United States Court of Appeals for the Eleventh Circuit ruled that the government illegally obtained and used Quartavious Davis's cell phone location data to help convict him in a string of armed robberies in Miami and unequivocally stated that cell phone location information is protected by the Fourth Amendment. "In short, we hold that cell site location information is within the subscriber’s reasonable expectation of privacy," the court ruled in an opinion written by Judge David Sentelle. "The obtaining of that data without a warrant is a Fourth Amendment violation."
  • In Davis's case, police used his cell phone's call history against him to put him at the scene of several armed robberies. They obtained a court order—which does not require the government to show probable cause—not a warrant, to do so. From now on, that'll be illegal. The decision applies only in the Eleventh Circuit, but sets a strong precedent for future cases.
  • Indeed, the decision alone is a huge privacy win, but Sentelle's strong language supporting cell phone users' privacy rights is perhaps the most important part of the opinion. Sentelle pushed back against several of the federal government's arguments, including one that suggested that, because cell phone location data based on a caller's closest cell tower isn't precise, it should be readily collectable.  "The United States further argues that cell site location information is less protected than GPS data because it is less precise. We are not sure why this should be significant. We do not doubt that there may be a difference in precision, but that is not to say that the difference in precision has constitutional significance," Sentelle wrote. "That information obtained by an invasion of privacy may not be entirely precise does not change the calculus as to whether obtaining it was in fact an invasion of privacy." The court also cited the infamous US v. Jones Supreme Court decision that held that attaching a GPS to a suspect's car is a "search" under the Fourth Amendment. Sentelle suggested a cell phone user has an even greater expectation of location privacy with his or her cell phone use than a driver does with his or her car. A car, Sentelle wrote, isn't always with a person, while a cell phone, these days, usually is.
  • ...2 more annotations...
  • "One’s cell phone, unlike an automobile, can accompany its owner anywhere. Thus, the exposure of the cell site location information can convert what would otherwise be a private event into a public one," he wrote. "In that sense, cell site data is more like communications data than it is like GPS information. That is, it is private in nature rather than being public data that warrants privacy protection only when its collection creates a sufficient mosaic to expose that which would otherwise be private." Finally, the government argued that, because Davis made outgoing calls, he "voluntarily" gave up his location data. Sentelle rejected that, too, citing a prior decision by a Third Circuit Court. "The Third Circuit went on to observe that 'a cell phone customer has not ‘voluntarily’ shared his location information with a cellular provider in any meaningful way.' That circuit further noted that 'it is unlikely that cell phone customers are aware that their cell phone providers collect and store historical location information,'” Sentelle wrote.
  • "Therefore, as the Third Circuit concluded, 'when a cell phone user makes a call, the only information that is voluntarily and knowingly conveyed to the phone company is the number that is dialed, and there is no indication to the user that making that call will also locate the caller,'" he continued.
  •  
    Another victory for civil libertarians against the surveillance state. Note that this is another decision drawing guidance from the Supreme Court's decision in U.S. v. Jones, shortly before the Edward Snowden leaks came to light, that called for re-examination of the Third Party Doctrine, an older doctrine that data given to or generated by third parties is not protected by the Fourth Amendment.   
Paul Merrell

History of the Federal Judiciary - 0 views

  •  Olmstead v. United States: The Constitutional Challenges of Prohibition Enforcement Historical Documents Dissenting opinion of Justice Louis D. Brandeis in Olmstead v. United States Justice Brandeis’s dissenting opinion is one of the more notable dissents in Supreme Court history. He attempted to define a general right of privacy based on the Fourth and Fifth Amendments. Brandeis had long been interested in the problem of privacy in the modern age; years earlier he and his law partner, Samuel Warren, published what many consider the seminal article on the topic (Samuel Warren & Louis D. Brandeis, “The Right to Privacy,” 4 Harv. L. Rev. 193 (1890)). Brandeis’s opinion in Olmstead attempted to apply to the current era what he said were the principles of the Fourth and Fifth Amendments. Historians often overlook how much his approach draws on the dissenting opinion of Judge Rudkin in the circuit court, but Brandeis himself acknowledged his debt to Rudkin in the text. The quotation about “the form that evil had theretofore taken” referred to the Supreme Court decision in Weems v. United States, in which Justice Joseph McKenna wrote of the need for the Court to apply the general principles of the Constitution to new problems.
  • Moreover, “in the application of a constitution, our contemplation cannot be only of what has been but of what may be.” The progress of science in furnishing the Government with means of espionage is not likely to stop with wire-tapping. Ways may someday be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home. Advances in the psychic and related sciences may bring means of exploring unexpressed beliefs, thoughts and emotions. “That places the liberty of every man in the hands of every petty officer” was said by James Otis of much lesser intrusions than these. To Lord Camden, a far slighter intrusion seemed “subversive of all the comforts of society.” Can it be that the Constitution affords no protection against such invasions of individual security? . . .
  • In Ex parte Jackson, 96 U.S. 727, it was held that a sealed letter entrusted to the mail is protected by the Amendments. The mail is a public service furnished by the Government. The telephone is a public service furnished by its authority. There is, in essence, no difference between the sealed letter and the private telephone message. As Judge Rudkin said below: “True, the one is visible, the other invisible; the one is tangible, the other intangible; the one is sealed, and the other unsealed, but these are distinctions without a difference.” The evil incident to invasion of the privacy of the telephone is far greater than that involved in tampering with the mails. Whenever a telephone line is tapped, the privacy of the persons at both ends of the line is invaded and all conversations between them upon any subject, and, although proper, confidential and privileged, may be overheard. Moreover, the tapping of one man’s telephone line involves the tapping of the telephone of every other person whom he may call or who may call him. As a means of espionage, writs of assistance and general warrants are but puny instruments of tyranny and oppression when compared with wire-tapping.
  • ...2 more annotations...
  • Time and again, this Court in giving effect to the principle underlying the Fourth Amendment, has refused to place an unduly literal construction upon it. This was notably illustrated in the Boyd case itself. Taking language in its ordinary meaning, there is no “search” or “seizure” when a defendant is required to produce a document in the orderly process of a court’s procedure. “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures,” would not be violated, under any ordinary construction of language, by compelling obedience to a subpoena. But this Court holds the evidence inadmissible simply because the information leading to the issue of the subpoena has been unlawfully secured. . . . The provision against self-incrimination in the Fifth Amendment has been given an equally broad construction. . . .
  • Decisions of this Court applying the principle of the Boyd case have settled these things. Unjustified search and seizure violates the Fourth Amendment, whatever the character of the paper; whether the paper when taken by the federal officers was in the home, in an office, or elsewhere; whether the taking was effected by force, by fraud, or in the orderly process of a court’s procedure. From these decisions, it follows necessarily that the Amendment is violated by the officer’s reading the paper without a physical seizure, without his even touching it; and that use, in any criminal proceeding, of the contents of the paper so examined—as where they are testified to by a federal officer who thus saw the document, or where, through knowledge so obtained, a copy has been procured elsewhere—any such use constitutes a violation of the Fifth Amendment. The protection guaranteed by the Amendments is much broader in scope. The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness. They recognized the significance of man’s spiritual nature, of his feelings, and of his intellect. They knew that only a part of the pain, pleasure and satisfactions of life are to be found in material things. They sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations. They conferred, as against the Government, the right to be let alone—the most comprehensive of rights and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment. And the use, as evidence in a criminal proceeding, of facts ascertained by such intrusion must be deemed a violation of the Fifth.
  •  
    The linked opinion is Justice Brandeis' dissent in Olmstead v. U.S., the first Supreme Court decision to approve the use of secret wiretap evidence in a criminal proceeding, even though gathered without a search warrant. The warrant requirement would later be imposed in 1967 by the decision in Katz v. U.S., which established that the Fourth Amendment the privacy of people, not places, reviving the Brandeis dissent to a large degree. Since Katz and the advent of broad government surveillance, Justice Brandeis' dissent is gaining still more attention. 
Paul Merrell

Court Rebukes White House Over "Secret Law" - Secrecy News - 1 views

  • DC District Judge Ellen Segal Huvelle yesterday ordered the Obama Administration to release a copy of an unclassified presidential directive, and she said the attempt to withhold it represented an improper exercise of “secret law.” The Obama White House has a “limitless” view of its authority to withhold presidential communications from the public, she wrote, but that view is wrong. “The government appears to adopt the cavalier attitude that the President should be permitted to convey orders throughout the Executive Branch without public oversight– to engage in what is in effect governance by ‘secret law’,” Judge Huvelle wrote in her December 17 opinion. “The Court finds equally troubling the government’s complementary suggestion that ‘effective’ governance requires that a President’s substantive and non-classified directives to Executive Branch agencies remain concealed from public scrutiny,” she wrote.
  • The directive in question, Presidential Policy Directive (PPD) 6, “is a widely-publicized, non-classified Presidential Policy Directive on issues of foreign aid and development that has been distributed broadly within the Executive Branch and used by recipient agencies to guide decision-making,” the Judge noted. “Even though issued as a directive, the PPD-6 carries the force of law as policy guidance to be implemented by recipient agencies, and it is the functional equivalent of an Executive Order.” “Never before has a court had to consider whether the [presidential communications] privilege protects from disclosure under FOIA a final, non-classified, presidential directive.”
  • Several significant points emerge from this episode. First, President Obama’s declared commitment to “creating an unprecedented level of openness in Government” has not been internalized even by the President’s own staff. This latest case of “unbounded” secrecy cannot be blamed on the CIA or an overzealous Justice Department attorney. It is entirely an Obama White House production, based on a White House policy choice. Second, and relatedly, it has proved to be an error to expect the executive branch to unilaterally impose transparency on itself. To do so is to ignore, or to wish away, the Administration’s own conflicting interests in secrecy and disclosure.  Instead, it is the role of the other branches of government to check the executive and to compel appropriate disclosure.
  • ...3 more annotations...
  • Significantly, Judge Huvelle insisted on examining the document herself in camera instead of simply relying on the Administration’s characterization of the document.  Having done so, she found that it “is not ‘revelatory of the President’s deliberations’ such that its public disclosure would undermine future decision-making.” She criticized the government for “the unbounded nature” of its claim. “In the government’s view, it can shield from disclosure under FOIA any presidential communication, even those — like the PPD-6 — that carry the force of law, simply because the communication originated with the President…. The Court rejects the government’s limitless approach….”
  • An official Fact Sheet on PPD-6 (which has not yet been released) is available here. The Electronic Privacy Information Center is currently pursuing release of another presidential directive, the Bush Administration’s NSPD-54 on cyber security. In October, Judge Beryl Howell unexpectedly ruled that that directive was exempt from disclosure because, she said, it was not an “agency record” that would be subject to the FOIA.  Her opinion came as a surprise and was not persuasive to everyone. In a footnote in yesterday’s ruling, Judge Huvelle said that the arguments over the two directives were sufficiently distinguishable that “this Court need not decide if it will follow Judge Howell’s rationale”– suggesting that if pressed, she might not have done so.  Yesterday, EPIC filed a notice of its intent to appeal the decision.
  • DC District Judge Ellen Segal Huvelle yesterday ordered the Obama Administration to release a copy of an unclassified presidential directive, and she said the attempt to withhold it represented an improper exercise of “secret law.” The Obama White House has a “limitless” view of its authority to withhold presidential communications from the public, she wrote, but that view is wrong. “The government appears to adopt the cavalier attitude that the President should be permitted to convey orders throughout the Executive Branch without public oversight– to engage in what is in effect governance by ‘secret law’,” Judge Huvelle wrote in her December 17 opinion. “The Court finds equally troubling the government’s complementary suggestion that ‘effective’ governance requires that a President’s substantive and non-classified directives to Executive Branch agencies remain concealed from public scrutiny,” she wrote.
  •  
    Outrageous. I read the court's opinion. This happened only because: [i] federal judges are reluctant to impose sanctions on government attorneys; and [ii] government attorneys know that. In all my years of legal practice, I read only one court opinion where an assistant U.S. attorney was sanctioned and instead of the normal sanction of paying the other side's attorney fees and expenses of litigation, the judge just awarded a $500 sanction. That is also why litigating against the Feds is such a chore; you spend half your time shooting down blatantly implausible arguments. That's far less of a problem when facing attorneys who are in private practice. But so much for Obama's "transparency" platform; this was the result of the Obama Administration itself asserting a preposterous privilege claim supported only by ridiculous arguments, no more than a delaying action.  
Paul Merrell

Belgium sues Facebook over illegal Privacy Violations of Users and Non-Users | nsnbc in... - 0 views

  • The Belgian government will be suing Facebook. The Commission for the Protection of Privacy states that Facebook violates Belgian and EU law by tracking systems that target both Facebook users as well as non-Facebook users. Facebook is known for cooperating with the U.S.’ National Security Agency. 
  • The Belgian privacy watchdog’s case against the internet giant Facebook will be heard at a court in Brussels on Thursday. The Commission has repeatedly requested that Facebook should comply with Belgian and EU law. Facebook failed to comply, and the Commission has no power to enforce the law; hence the decision to sue Facebook to attain a a court ruling. The President of the Commission for the Protection of Privacy, Willem Debeuckelaere, told the press that: “Facebook treats its users’ private lives without respect and that needs tackling. It’s not because we want to start a lawsuit over this, but we cannot continue to negotiate through other means. .. We want a judge to impose our recommendations. These recommendations are chiefly aimed at protecting internet users who are not Facebook members.”
  • The Belgian privacy watchdog alleges that Facebook tracks the web browsing of all visitors, including those who have specifically turned the tracking function off; This gathering of private information allegedly also includes those who do not have a Facebook account. Moreover, the Commission claims that Facebook has the capability to surveil computers without consent, even when users are logged out; and Facebook can monitor every PC of users that use websites with Facebook plugins. The capability to monitor both Facebook users and non-Facebook users allegedly functions via Cookies that store information about user’s internet activities, including preferential settings of websites and which websites internet users have visited. The Commission claims that Facebook installs these Cookies on all computers that visit websites that for example have a Facebook plugin to share internet content. That includes the computers of persons who do not make use of Facebook’s “share” or “like” button.
  • ...1 more annotation...
  • In other words, Facebook has the capacity to monitor your browser settings as well as which websites you have visited if you have read this article or any other article on any website that contains a Facebook “share” button, whether you “like” it or not. The Commissions lawsuit against Facebook is or particular importance due to the fact that the corporation is known for its cooperation with the United States’ National Security Agency (NSA). While the lawsuit is of particular interest for Belgian and EU citizens, it also sheds light on Facebook’s monitoring of U.S. citizens.
Paul Merrell

Thousands Join Legal Fight Against UK Surveillance - And You Can, Too - The Intercept - 0 views

  • Thousands of people are signing up to join an unprecedented legal campaign against the United Kingdom’s leading electronic surveillance agency. On Monday, London-based human rights group Privacy International launched an initiative enabling anyone across the world to challenge covert spying operations involving Government Communications Headquarters, or GCHQ, the National Security Agency’s British counterpart. The campaign was made possible following a historic court ruling earlier this month that deemed intelligence sharing between GCHQ and the NSA to have been unlawful because of the extreme secrecy shrouding it.
  • Consequently, members of the public now have a rare opportunity to take part in a lawsuit against the spying in the Investigatory Powers Tribunal, a special British court that handles complaints about surveillance operations conducted by law enforcement and intelligence agencies. Privacy International is allowing anyone who wants to participate to submit their name, email address and phone number through a page on its website. The group plans to use the details to lodge a case with GCHQ and the court that will seek to discover whether each participant’s emails or phone calls have been covertly obtained by the agency in violation of the privacy and freedom of expression provisions of the European Convention on Human Rights. If it is established that any of the communications have been unlawfully collected, the court could force GCHQ to delete them from its vast repositories of intercepted data.
  • By Tuesday evening, more than 10,000 people had already signed up to the campaign, a spokesman for Privacy International told The Intercept. In a statement announcing the campaign on Monday, Eric King, deputy director of Privacy International, said: “The public have a right to know if they were illegally spied on, and GCHQ must come clean on whose records they hold that they should never have had in the first place. “We have known for some time that the NSA and GCHQ have been engaged in mass surveillance, but never before could anyone explicitly find out if their phone calls, emails, or location histories were unlawfully shared between the U.S. and U.K. “There are few chances that people have to directly challenge the seemingly unrestrained surveillance state, but individuals now have a historic opportunity finally hold GCHQ accountable for their unlawful actions.”
Paul Merrell

WASHINGTON: Americans' personal data shared with CIA, IRS, others in security probe | N... - 0 views

  • WASHINGTON — U.S. agencies collected and shared the personal information of thousands of Americans in an attempt to root out untrustworthy federal workers that ended up scrutinizing people who had no direct ties to the U.S. government and simply had purchased certain books.Federal officials gathered the information from the customer records of two men who were under criminal investigation for purportedly teaching people how to pass lie detector tests. The officials then distributed a list of 4,904 people – along with many of their Social Security numbers, addresses and professions – to nearly 30 federal agencies, including the Internal Revenue Service, the CIA, the National Security Agency and the Food and Drug Administration.
  • The unprecedented creation of such a list and decision to disseminate it widely demonstrate the ease with which the federal government can collect and share Americans’ personal information, even when there’s no clear reason for doing so. The case comes to light amid revelations that the NSA, in an effort to track foreign terrorists, has for years been stockpiling the data of the daily telephone and Internet communications of tens of millions of ordinary Americans. Though nowhere near as massive as the NSA programs, the polygraph inquiry is another example of the federal government’s vast appetite for Americans’ personal information and the sweeping legal authority it wields in the name of national security. “This is increasingly happening – data is being collected by the federal government for one use and then being entirely repurposed for other uses and shared,” said Fred Cate, an Indiana University-Bloomington law professor who specializes in information privacy and national security. “Yet there is no constitutional protection for sharing data within the government.”
  • While the collection of the information likely passes constitutional muster, the federal agencies involved may have violated their own privacy policies by sharing the personal information of people who aren’t government employees, several legal experts agreed.
  •  
    The inter-agency sharing of information described in this article sounds like a straightforward violation of several different sections of the federal Privacy Act. That Act places severe restrictions on inter-agency sharing of information that includes personal identifiers of members of the public, including the requirement of notifying the victims when a violation is discovered. The Act also provides a private right of action for anyone whose rights under the Act are violated with a statutory minimum damages award of $1,500 plus attorney fees and expenses of litigation.   
Paul Merrell

Supreme Court blocks challenge to NSA phone tracking - RT USA - 0 views

  • The Supreme Court announced Monday morning that it would not be considering at this time a complaint filed months earlier that challenged the legality of the National Security Agency’s dragnet telephone surveillance program. The high court issued a notice early Monday without comment acknowledging that it would not be weighing in on a matter introduced this past June by a privacy watchdog group after NSA leaker Edward Snowden revealed evidence showing that the United States intelligence agency was collecting metadata pertaining to the phone calls of millions of American customers of the telecommunications company Verizon on a regular basis. That disclosure — the first of many NSA documents leaked by Mr. Snowden — prompted the Washington, DC-based Electronic Privacy Information Center, or EPIC, to ask the Supreme Court to consider taking action that would end the collection of phone records on a major scale.
  • When EPIC filed their petition in June, they wrote, “We believe that the NSA’s collection of domestic communications contravenes the First and Fourth Amendments to the United States Constitution, and violates several federal privacy laws, including the Privacy Act of 1974 and the Foreign Intelligence Surveillance Act of 1978 as amended.” “We ask the NSA to immediately suspend collection of solely domestic communications pending the competition of a public rulemaking as required by law. We intend to renew our request each week until we receive your response,” EPIC said. Five months later, though, the Supreme Court said this week that it would not be hearing EPIC’s plea. A document began circulating early Monday in which the high court listed the petition filed by the privacy advocates as denied. With other cases still pending, however, alternative routes may eventually lead to reform of the NSA’s habits on some level. Lower courts are still in the midst of deciding what action they will take with regards to similar lawsuits filed by other groups in response to the Snowden leaks and the revelations they made possible. The American Civil Liberties Union, the Electronic Frontier Foundation and conservative legal activist Larry Klayman have filed separate civil lawsuits in various US District Courts challenging the NSA’s program, all of which are still pending.
  • Cindy Cohn, the legal director of the EFF, told the Washington Post only weeks after the first Snowden leak appeared that the disclosures had been a “tremendous boon” to other matters being litigated, and pointed to no fewer than five previously-filed complaints challenging various government-led surveillance programs. "Now that this secret surveillance program has been disclosed, and now that Congressional leaders and legal scholars agree it is unlawful, we have a chance for the Supreme Court to weigh in,” EPIC lead counsel Alan Butler told The Verge on Monday.
Paul Merrell

Supreme Court Says Phones Can't Be Searched Without a Warrant - NYTimes.com - 0 views

  • In a sweeping victory for privacy rights in the digital age, the Supreme Court on Wednesday unanimously ruled that the police need warrants to search the cellphones of people they arrest.While the decision will offer protection to the 12 million people arrested every year, many for minor crimes, its impact will most likely be much broader. The ruling almost certainly also applies to searches of tablet and laptop computers, and its reasoning may apply to searches of homes and businesses and of information held by third parties like phone companies.“This is a bold opinion,” said Orin S. Kerr, a law professor at George Washington University. “It is the first computer-search case, and it says we are in a new digital age. You can’t apply the old rules anymore.”
  •  
    It is now beyond doubt that the Supreme Court is declining to authorize an Orwellian government surveillance future for the U.S. This sweeping, unanimous ruling definitely has broad application beyond cellphones, in no small part because the court recognized that cellphones of today are more like desktop computers and a host of other computerized devices than they are like the telephones of yesteryear. Hence, almost everything the court said afterward about the privacy rights in cellphones applies equally to all personal use computers. 
Paul Merrell

Facebook's Deepface Software Has Gotten Them in Deep Trouble | nsnbc international - 0 views

  • In a Chicago court, several Facebook users filed a class-action lawsuit against the social media giant for allegedly violating its users’ privacy rights to acquire the largest privately held stash of biometric face-recognition data in the world. The court documents reveal claims that “Facebook began violating the Illinois Biometric Information Privacy Act (IBIPA) of 2008 in 2010, in a purported attempt to make the process of tagging friends easier.”
  • This would be a violation of the IBIPA which states it is “unlawful to collect biometric data without written notice to the subject stating the purpose and length of the data collection, and without obtaining the subject’s written release.” Because all users are automatically part of the “faceprint’ facial recognition program, this is an illegal act in the state of Illinois, according to the complaint. Jay Edelson, attorney for the plaintiffs, asserts the opt-out ability to prevent other Facebook users from tagging them in photos is “insufficient”.
  • This was accomplished through the “tag suggestions” feature provided by Facebook which “scans all pictures uploaded by users and identifies any Facebook friends they may want to tag.” The Facebook users maintain that this feature is a “form of data mining [that] violates user’s privacy”. One plaintiff said this is a “brazen disregard for its users’ privacy rights,” through which Facebook has “secretly amassed the world’s largest privately held database of consumer biometrics data.” Because “Facebook actively conceals” their protocol using “faceprint databases” to identify Facebook users in photos, and “doesn’t disclose its wholesale biometrics data collection practices in its privacy policies, nor does it even ask users to acknowledge them.”
  • ...1 more annotation...
  • Deepface is the name of the new technology researchers at Facebook created in order to identify people in pictures; mimicking the way humans recognize the differences in each other’s faces. Facebook has already implemented facial recognition software (FRS) to suggest names for tagging photos; however Deepface can “identify faces from a side view” as well as when the person is directly facing the camera in the picture. In 2013, Erin Egan, chief privacy officer for Facebook, said that this upgrade “would give users better control over their personal information, by making it easier to identify posted photos in which they appear.” Egan explained: “Our goal is to facilitate tagging so that people know when there are photos of them on our service.” Facebook has stated that they retain information from their users that is syphoned from all across the web. This data is used to increase Facebook’s profits with the information being sold for marketing purposes. This is the impressive feature of Deepface; as previous FRS can only decipher faces in images that are frontal views of people. Shockingly, Deepface displays 97.25% accuracy in identifying faces in photos. That is quite a feat considering humans have a 97.53% accuracy rate. In order to ensure accuracy, Deepface “conducts its analysis based on more than 120 million different parameters.”
Paul Merrell

Today is a great victory against GCHQ, the NSA and the surveillance state | Carly Nyst ... - 0 views

  • It is a rare thing to bring truth to bear on the most powerful and secretive arm of the state. Never before has the Investigatory Powers Tribunal – the British court tasked with reviewing complaints against the security services – ruled against the government. Not once have the spooks been taken to task for overstepping the lawful boundaries of their conduct. Not a single British spy has been held accountable for mass surveillance, unlawful spying or snooping on private emails and phone calls. Until today. Privacy International has spent the past 25 years fighting back against the ever-expanding British surveillance state. Together with our allies, we’ve resisted the snooper’s charter (multiple times), mandatory ID cards and the provision of passenger name records. Yet in June 2013 we were as shocked as everyone else to learn that GCHQ, in collaboration with the NSA, had acquired the capabilities to completely control, monitor, copy, read and analyse the world’s private communications. It was, until that point, unfathomable that the security services could have so audaciously stretched the boundaries of democratic legitimacy – and could have so severely violated the civil liberties and human rights of not only Britons, but of hundreds of millions of innocent people across the globe.
  • Thanks to Edward Snowden, we learned that GCHQ has access to emails and messages that the NSA siphons off directly and en masse from Google, Skype and Facebook. We discovered that the NSA collects 194m text messages and 5bn location records every day – and GCHQ can read them too. And, of course, we learned that GCHQ is operating a mass surveillance system that, combined with its access to the NSA’s own mass surveillance architecture, means it can read almost anyone’s communications, at any time, without judicial authorisation or any meaningful oversight. In July 2013, the Intelligence and Security Committee assured us that GCHQ access to NSA surveillance material, in particular through the Prism programme, was entirely lawful. Unsurprisingly, we did not find the reassurances of a body that has consistently and blindly backed the services that it is meant to scrutinise comforting.
  • That’s why we decided to take GCHQ to court. Alongside Liberty, Amnesty International and human rights organisations from around the world, we argued that mass surveillance is not an acceptable activity of a democratic government, and that the cosy dealings between GCHQ and the NSA, conducted under a veil of secrecy that was only lifted by a whistleblower’s bravery, had to be brought within public control and scrutiny. The evidence was overwhelming and the history of human rights law was in our favour, but the tribunal – which at that point had never before found that the surveillance activities of GCHQ broke the law – disagreed. Mass surveillance, it found in its decision of December 2014, was legitimate under British law. GCHQ’s access to NSA mass surveillance was also acceptable, it said, given that the government had disclosed details of its relationship with the US during the course of our case.
  • ...2 more annotations...
  • The decision was a disappointing one, and we’ll soon appeal to the European court of human rights. But it left us with a small glimmer of hope. The tribunal said that it was lawful for GCHQ and the NSA to swap and share surveillance material only because GCHQ has secret internal policies that it reluctantly disclosed in response to Privacy International’s case. Now that those secret policies are no longer secret, the court reasoned, the British public know what’s going on, and that in itself must make those activities lawful. It must follow, therefore, that before those policies were public – prior to Edward Snowden’s disclosures, and our case in the IPT – GCHQ was acting outside the law. Complicated reasoning aside, this finding was a genuine – and rare – success. The tribunal agreed, and we today have a firm statement that the intelligence services were acting completely out of bounds. It is not the judgment we would have liked – that we still hope to get from the European court of human rights in Strasbourg later this year – but it is a significant victory against an arm of the state that has rarely been forced to account for its wrongdoings.
  • It is a vindication of Snowden, and all those who put their careers – and even their lives – on the line to ensure the truth was told. It is a huge encouragement to civil society organisations like Privacy International, which often spend years locked in David and Goliath battles, depleting their funds and their morale to perform the essential role of holding truth to power. In years to come we will look back on today as an essential victory against the surveillance state. Here at Privacy International, we humbly hope that perhaps we will also look back at this day as a turning of the tide; the day when the seemingly uncontrollable advancement of state intrusion into individuals’ lives was halted, and when internet users reclaimed some of the power in their fight for privacy, security and free expression.
Paul Merrell

European Lawmakers Demand Answers on Phone Key Theft - The Intercept - 0 views

  • European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday. The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys. The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.” “Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal. Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
  • “If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday. The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said. Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request. Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.
  • According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year. The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.
  • ...4 more annotations...
  • While Gemalto was indeed another casualty in Western governments’ sweeping effort to gather as much global intelligence advantage as possible, the leaked documents make clear that the company was specifically targeted. According to the materials published Thursday, GCHQ used a specific codename — DAPINO GAMMA — to refer to the operations against Gemalto. The spies also actively penetrated the email and social media accounts of Gemalto employees across the world in an effort to steal the company’s encryption keys. Evidence of the Gemalto breach rattled the digital security community. “Almost everyone in the world carries cell phones and this is an unprecedented mass attack on the privacy of citizens worldwide,” said Greg Nojeim, senior counsel at the Center for Democracy & Technology, a non-profit that advocates for digital privacy and free online expression. “While there is certainly value in targeted surveillance of cell phone communications, this coordinated subversion of the trusted technical security infrastructure of cell phones means the US and British governments now have easy access to our mobile communications.”
  • For Gemalto, evidence that their vaunted security systems and the privacy of customers had been compromised by the world’s top spy agencies made an immediate financial impact. The company’s shares took a dive on the Paris bourse Friday, falling $500 million. In the U.S., Gemalto’s shares fell as much 10 percent Friday morning. They had recovered somewhat — down 4 percent — by the close of trading on the Euronext stock exchange. Analysts at Dutch financial services company Rabobank speculated in a research note that Gemalto could be forced to recall “a large number” of SIM cards. The French daily L’Express noted today that Gemalto board member Alex Mandl was a founding trustee of the CIA-funded venture capital firm In-Q-Tel. Mandl resigned from In-Q-Tel’s board in 2002, when he was appointed CEO of Gemplus, which later merged with another company to become Gemalto. But the CIA connection still dogged Mandl, with the French press regularly insinuating that American spies could infiltrate the company. In 2003, a group of French lawmakers tried unsuccessfully to create a commission to investigate Gemplus’s ties to the CIA and its implications for the security of SIM cards. Mandl, an Austrian-American businessman who was once a top executive at AT&T, has denied that he had any relationship with the CIA beyond In-Q-Tel. In 2002, he said he did not even have a security clearance.
  • AT&T, T-Mobile and Verizon could not be reached for comment Friday. Sprint declined to comment. Vodafone, the world’s second largest telecom provider by subscribers and a customer of Gemalto, said in a statement, “[W]e have no further details of these allegations which are industrywide in nature and are not focused on any one mobile operator. We will support industry bodies and Gemalto in their investigations.” Deutsche Telekom AG, a German company, said it has changed encryption algorithms in its Gemalto SIM cards. “We currently have no knowledge that this additional protection mechanism has been compromised,” the company said in a statement. “However, we cannot rule out this completely.”
  • Update: Asked about the SIM card heist, White House press secretary Josh Earnest said he did not expect the news would hurt relations with the tech industry: “It’s hard for me to imagine that there are a lot of technology executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their technology to do so. So, I do think in fact that there are opportunities for the private sector and the federal government to coordinate and to cooperate on these efforts, both to keep the country safe, but also to protect our civil liberties.”
  •  
    Watch for massive class action product defect litigation to be filed against the phone companies.and mobile device manufacturers.  In most U.S. jurisdictions, proof that the vendors/manufacturers  knew of the product defect is not required, only proof of the defect. Also, this is a golden opportunity for anyone who wants to get out of a pricey cellphone contract, since providing a compromised cellphone is a material breach of warranty, whether explicit or implied..   
Paul Merrell

Bulk Collection Under Section 215 Has Ended… What's Next? | Just Security - 0 views

  • The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”
  • But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.
  • There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.
  • ...2 more annotations...
  • The US intelligence community’s broadest surveillance authorities are enshrined in Executive Order 12333, which primarily covers the interception of electronic communications overseas. The Order authorizes the collection, retention, and dissemination of “foreign intelligence” information, which includes information “relating to the capabilities, intentions or activities of foreign powers, organizations or persons.” In other words, so long as they are operating outside the US, intelligence agencies are authorized to collect information about any foreign person — and, of course, any Americans with whom they communicate. The NSA has conceded that EO 12333 is the basis of most of its surveillance. While public information about these programs is limited, a few highlights give a sense of the breadth of EO 12333 operations: The NSA gathers information about every cell phone call made to, from, and within the Bahamas, Mexico, Kenya, the Philippines, and Afghanistan, and possibly other countries. A joint US-UK program tapped into the cables connecting internal Yahoo and Google networks to gather e-mail address books and contact lists from their customers. Another US-UK collaboration collected images from video chats among Yahoo users and possibly other webcam services. The NSA collects both the content and metadata of hundreds of millions of text messages from around the world. By tapping into the cables that connect global networks, the NSA has created a database of the location of hundreds of millions of mobile phones outside the US.
  • Given its scope, EO 12333 is clearly critical to those seeking serious surveillance reform. The path to reform is, however, less clear. There is no sunset provision that requires action by Congress and creates an opportunity for exposing privacy risks. Even in the unlikely event that Congress was inclined to intervene, it would have to address questions about the extent of its constitutional authority to regulate overseas surveillance. To the best of my knowledge, there is no litigation challenging EO 12333 and the government doesn’t give notice to criminal defendants when it uses evidence derived from surveillance under the order, so the likelihood of a court ruling is slim. The Privacy and Civil Liberties Oversight Board is currently reviewing two programs under EO 12333, but it is anticipated that much of its report will be classified (although it has promised a less detailed unclassified version as well). While the short-term outlook for additional surveillance reform is challenging, from a longer-term perspective, the distinctions that our law makes between Americans and non-Americans and between domestic and foreign collection cannot stand indefinitely. If the Fourth Amendment is to meaningfully protect Americans’ privacy, the courts and Congress must come to grips with this reality.
Gary Edwards

Judge Rules: Obama Social Security Card Fraud May Finally Get Answers | - 1 views

  • The reason for the judge’s amendment seems to be a procedural one. Taitz filed suit with the court prior to receiving word back from her Freedom of Information Act request, which she did receive on July 29, 2013 from Dawn S. Wiggins, a Fredom of Information Officer. Wiggins replied to Taitz: I have enclosed a copy of the SS-5s for Mr. Tsarnaev and Ms. Dunham. . . . We were unable to find any information for Mr. Bounel based on the information you provided to us. Mr. Bounel may not have applied for a Social Security number (SSN) or may have given different information on the application for a number.
  • The controversy over Barack Hussein Obama and his past, along with fraudulent documents continues to make headlines. Yet, the items needed to actually verify who Obama is continue to be kept from the public eye. Well, that all may be about to change. Attorney Orly Taitz may have just found a chink in the federal government’s armor in protecting Barack Obama from scrutiny, following a judge’s ruling over her Freedom of Information Act request from the Social Security Administration. Taitz has claimed that Obama uses the Social Security number of Harry Bounel and has submitted several Freedom of Information Act requests for the information from the Social Security Administration. Each time, she has been met with stonewalling by the Social Security Administration. However, Judge Ellen Lipton Hollander has ruled to give Taitz “an opportunity to file a second amended complaint and add allegations of SSA not doing a proper search and withholding records.”
  • Additionally, there is an increased tampering with the web site of Orly Taitz and with her ability to send mass -emails. It seems her private server is somehow affected and Taitz is unable to send mass e-mails on two different programs.
  • ...4 more annotations...
  • From Taitz’s Press Release: Judge Hollander in Maryland gives Attorney Orly Taitz 21 days to file a second amended complaint and add allegations in regards to an improper withholding by the Social Security Administration of records of Harry Bounel, whose Social security number is being illegally used by Barack Obama. When Taitz filed the complaint, SSA did not respond at all. After the law suit was filed, SSA responded by fraudulently claiming that the records were not found. Taitz responded that this is a fraudulent assertion, since the records were found before and denied to another petitioner due to privacy concerns, however Social Security has no right to claim privacy as according to their own 120 year rule they have a duty to release the records. The judge stated that the plaintiff Taitz might be correct, however at this time she cannot rule in her favor as her original complaint was filed before SSA responded, so the judge gave Taitz an opportunity to refile a second amended complaint and add new allegations, stating the SSA responded but improperly hidden the records . This is a great development. This all but assures that the judge will order the SSA to release the SS-5, Social Security application of resident of CT, Harrison (Harry) Bounel, whose CT SSN 042-68-4425 was stolen by Obama and used in Obama’s 2009 tax returns, which initially were posted on WhiteHouse.gov without proper redaction, without flattening of the file. Taitz will be very careful not to be Breitbarted or Fuddied in the next 21 days.
  • It’s interesting that Taitz points out that she will be “careful not to be Breitbarted or Fuddied,” indicating that she believes that both Andrew Breitbart and Andrew Breitbart and Loretta Fuddy were targeted by Obama for assassination.” Breitbart died on the very day that he said he would begin vetting Obama for the 2012 elections, which raised suspicions. Fuddy, best remembered as being instrumental in issuing the Hawaii long-form birth certificate, was the only person to die aboard a small plane that crashed off the coast of Hawaii last week. Already, there are questions surrounding the narrative of her death.
  • Taitz alleged that Mr. Bounel was born in 1890, and therefore, under the “’120 Year Rule’ implemented by the SSA in 2010,” pertaining to “‘extremely aged individuals,’” Bounel’s “Social Security applications have to be released under FOIA without proof of [his] death . . . .”
  • It appears that once the amendment is submitted, this may force the Social Security Administration to explain exactly what is going on with Barack Obama’s Social Security number. We should know something about the case by the second week in January 2014.
  •  
    @ One passage in the article: "It appears that once the amendment is submitted, this may force the Social Security Administration to explain exactly what is going on with Barack Obama's Social Security number." That's far too optimistic, probably reflecting a lack of understanding of Freedom of Information Act and the processing of a FOIA complaint in federal court. I read the judge's opinion. After the amended complaint is filed, the government gets another shot at summary judgment, submitting a new affidavit about the scope of the search that meets the judge's criticism. (The judge did not rule that the search was inadequate, merely that it was inadequately described and might have been inadequate.) That shifts the burden to the plaintiff to prove that the search was inadequate. If she meets that burden, which isn't easy, the government has to do a new search, file a new motion for summary judgment with a new affidavit, rinse, lather, and repeat. So long as someone is willing to sign an affidavit describing the search and stating that nothing was found, the plaintiff will eventually be unable to prove that the search was inadequate and will lose the case. On the other hand, a new search may find the requested record and result in disclosure. But I'm not confident that this case will go very far. From the description of the complaint that the judge ruled on, it was fatally defective anyway, suggesting that the plaintiff doesn't know much about FOIA litigation. The complaint sought an order that the government be required to respond to her FOIA request letter. But once a FOIA request goes unanswered for 20 business days, the request is deemed denied and the plaintiff can file suit to compel disclosure of the records. The FOIA does not provide for lawsuits to compel the agency to answer a FOIA request. So the plaintiff apparenttly obviously does not understand the FOIA, probably making her easy pickings for an Assistant U.S. District Attorney whose specialty
Paul Merrell

NSA phone surveillance program likely unconstitutional, federal judge rules | World new... - 0 views

  • A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.
  • In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.
  • Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.
  • ...5 more annotations...
  • In a statement, Snowden said the ruling justified his disclosures. “I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts," he said in comments released through Glenn Greenwald, the former Guardian journalist who received leaked documents from Snowden. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”
  • In his ruling, Judge Leon expressly rejected the government’s claim that the 1979 supreme court case, Smith v Maryland, which the NSA and the Obama administration often cite to argue that there is no reasonable expectation of privacy over metadata, applies in the NSA’s bulk-metadata collection. The mass surveillance program differs so much from the one-time request dealt with by the 1979 case that it was of “little value” in assessing whether the metadata dragnet constitutes a fourth amendment search.
  • In a decision likely to influence other federal courts hearing similar arguments from the ACLU, Leon wrote that the Guardian’s disclosure of the NSA’s bulk telephone records collection means that citizens now have standing to challenge it in court, since they can demonstrate for the first time that the government is collecting their phone data.
  • Leon also struck a blow for judicial review of government surveillance practices even when Congress explicitly restricts the ability of citizens to sue for relief. “While Congress has great latitude to create statutory schemes like Fisa,” he wrote, referring to the seminal 1978 surveillance law, “it may not hang a cloak of secrecy over the constitution.”
  • In his ruling on Monday, Judge Leon predicted the process would take six months. He urged the government to take that time to prepare for an eventual defeat. “I fully expect that during the appellate process, which will consume at least the next six months, the government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld,” wrote Leon in his opinion. “Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.”
  •  
    This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.
  •  
    Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later
1 - 20 of 74 Next › Last »
Showing 20 items per page