Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged privacy-v-security

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

2014 Press Release - NSA Announces New Civil Liberties and Privacy Officer" - 0 views

www.nsa.gov/...iberties_privacy_officer.shtml

surveillance state NSA Civil-Liberties-&-Privacy-Officer Rebecca-Richards

shared by Paul Merrell on 06 Apr 14 - No Cached
  • GEN Keith Alexander - Commander, U.S. Cyber Command/Director, NSA/Chief, CSS - announced today that well-known privacy expert Rebecca Richards will serve as the National Security Agency's new Civil Liberties and Privacy Officer. She most recently worked as the Senior Director for Privacy Compliance at the Department of Homeland Security.
  • Selected to lead the new NSA Civil Liberties and Privacy Office at the agency's Fort Meade headquarters, Ms. Richards' primary job will be to provide expert advice to the Director and oversight of NSA's civil liberties and privacy related activities. She will also develop measures to further strengthen NSA's privacy protections.
  • Paul Merrell on 06 Apr 14
     
    Softball Interview here. . I wasn't really expecting Obama to reach out to the ACLU and EFF for a good civil liberties lawyer recommendation, but this appointment is lame, the former Director of Privacy for Dept. of Homeland Security, those wonderful folk who keep the homeland safe from terra-ists. The airport gropers, secret no-fly listers, and masters of border protection, where all Constitutional privacy rights do not apply, per the Supreme Court., the coordinators of our glorious "fusion centers," the provisioners of funding for armored cars and surveillance equipment for local police, etc. A sample from her interview linked above that I transcribed (omitting all the umhs and ahs): "When you think about NSA, privacy there for them was privacy of its employees, about contractors, about the average person walking down the street - it was not as concentrated on, this is the big collection that we're getting through these means, and so what this job does is that it brings it up under direct reports to the director of NSA and it is just as a focal point, to bring all of those and -- I walked in the building and people were already asking questions so ..." Heaven help us; has this lassie's brain yet matured to the point of completing her first sentence? This is the lady who is going to keep Admiral Rogers on the straight and narrow path of respecting our civil liberties? I suspect not.  I may return to this inarticulate and non-assertive young lady in later posts. Let it suffice for now to observe that the Dept. of Homeland Security, whose raison d'etre is a virtually non-existent terrorist threat manufactured by the politics of fear, has not exactly been a champion of the People's civil liberties. Moreover, I've had recent occasion to dig rather deeply into exactly what it is that Privacy Officers do and don't do. Telling heads of agencies that they cannot lawfully do what they want to do is no
Paul Merrell

United States v. United States Dist. Court for Eastern Dist. of Mich., 407 US 297 - Sup... - 0 views

scholar.google.com/scholar_case

surveillance state 4th Amendment constitutional law

shared by Paul Merrell on 27 Dec 13 - No Cached
  • But a recognition of these elementary truths does not make the employment by Government of electronic surveillance a welcome development—even when employed with restraint and under judicial supervision. There is, understandably, a deep-seated uneasiness and apprehension that this capability will be used to intrude upon cherished privacy of law-abiding citizens.[13] We 313*313 look to the Bill of Rights to safeguard this privacy. Though physical entry of the home is the chief evil against which the wording of the Fourth Amendment is directed, its broader spirit now shields private speech from unreasonable surveillance. Katz v. United States, supra; Berger v. New York, supra; Silverman v. United States, 365 U. S. 505 (1961). Our decision in Katz refused to lock the Fourth Amendment into instances of actual physical trespass. Rather, the Amendment governs "not only the seizure of tangible items, but extends as well to the recording of oral statements . . . without any `technical trespass under . . . local property law.'" Katz, supra, at 353. That decision implicitly recognized that the broad and unsuspected governmental incursions into conversational privacy which electronic surveillance entails[14] necessitate the application of Fourth Amendment safeguards.
  • National security cases, moreover, often reflect a convergence of First and Fourth Amendment values not present in cases of "ordinary" crime. Though the investigative duty of the executive may be stronger in such cases, so also is there greater jeopardy to constitutionally protected speech. "Historically the struggle for freedom of speech and press in England was bound up with the issue of the scope of the search and seizure 314*314 power," Marcus v. Search Warrant, 367 U. S. 717, 724 (1961). History abundantly documents the tendency of Government—however benevolent and benign its motives —to view with suspicion those who most fervently dispute its policies. Fourth Amendment protections become the more necessary when the targets of official surveillance may be those suspected of unorthodoxy in their political beliefs. The danger to political dissent is acute where the Government attempts to act under so vague a concept as the power to protect "domestic security." Given the difficulty of defining the domestic security interest, the danger of abuse in acting to protect that interest becomes apparent. Senator Hart addressed this dilemma in the floor debate on § 2511 (3):
  • "As I read it—and this is my fear—we are saying that the President, on his motion, could declare— name your favorite poison—draft dodgers, Black Muslims, the Ku Klux Klan, or civil rights activists to be a clear and present danger to the structure or existence of the Government."[15] The price of lawful public dissent must not be a dread of subjection to an unchecked surveillance power. Nor must the fear of unauthorized official eavesdropping deter vigorous citizen dissent and discussion of Government action in private conversation. For private dissent, no less than open public discourse, is essential to our free society.
  • ...8 more annotations...
  • As the Fourth Amendment is not absolute in its terms, our task is to examine and balance the basic values at stake in this case: the duty of Government 315*315 to protect the domestic security, and the potential danger posed by unreasonable surveillance to individual privacy and free expression. If the legitimate need of Government to safeguard domestic security requires the use of electronic surveillance, the question is whether the needs of citizens for privacy and free expression may not be better protected by requiring a warrant before such surveillance is undertaken. We must also ask whether a warrant requirement would unduly frustrate the efforts of Government to protect itself from acts of subversion and overthrow directed against it. Though the Fourth Amendment speaks broadly of "unreasonable searches and seizures," the definition of "reasonableness" turns, at least in part, on the more specific commands of the warrant clause. Some have argued that "[t]he relevant test is not whether it is reasonable to procure a search warrant, but whether the search was reasonable," United States v. Rabinowitz, 339 U. S. 56, 66 (1950).[16] This view, however, overlooks the second clause of the Amendment. The warrant clause of the Fourth Amendment is not dead language. Rather, it has been
  • "a valued part of our constitutional law for decades, and it has determined the result in scores and scores of cases in courts all over this country. It is not an inconvenience to be somehow `weighed' against the claims of police efficiency. It is, or should 316*316 be, an important working part of our machinery of government, operating as a matter of course to check the `well-intentioned but mistakenly overzealous executive officers' who are a part of any system of law enforcement." Coolidge v. New Hampshire, 403 U. S., at 481. See also United States v. Rabinowitz, supra, at 68 (Frankfurter, J., dissenting); Davis v. United States, 328 U. S. 582, 604 (1946) (Frankfurter, J., dissenting). Over two centuries ago, Lord Mansfield held that common-law principles prohibited warrants that ordered the arrest of unnamed individuals who the officer might conclude were guilty of seditious libel. "It is not fit," said Mansfield, "that the receiving or judging of the information should be left to the discretion of the officer. The magistrate ought to judge; and should give certain directions to the officer." Leach v. Three of the King's Messengers, 19 How. St. Tr. 1001, 1027 (1765).
  • Lord Mansfield's formulation touches the very heart of the Fourth Amendment directive: that, where practical, a governmental search and seizure should represent both the efforts of the officer to gather evidence of wrongful acts and the judgment of the magistrate that the collected evidence is sufficient to justify invasion of a citizen's private premises or conversation. Inherent in the concept of a warrant is its issuance by a "neutral and detached magistrate." Coolidge v. New Hampshire, supra, at 453; Katz v. United States, supra, at 356. The further requirement of "probable cause" instructs the magistrate that baseless searches shall not proceed. These Fourth Amendment freedoms cannot properly be guaranteed if domestic security surveillances may be conducted solely within the discretion of the Executive 317*317 Branch. The Fourth Amendment does not contemplate the executive officers of Government as neutral and disinterested magistrates. Their duty and responsibility are to enforce the laws, to investigate, and to prosecute. Katz v. United States, supra, at 359-360 (DOUGLAS, J., concurring). But those charged with this investigative and prosecutorial duty should not be the sole judges of when to utilize constitutionally sensitive means in pursuing their tasks. The historical judgment, which the Fourth Amendment accepts, is that unreviewed executive discretion may yield too readily to pressures to obtain incriminating evidence and overlook potential invasions of privacy and protected speech.[17]
  • It may well be that, in the instant case, the Government's surveillance of Plamondon's conversations was a reasonable one which readily would have gained prior judicial approval. But this Court "has never sustained a search upon the sole ground that officers reasonably expected to find evidence of a particular crime and voluntarily confined their activities to the least intrusive means consistent with that end." Katz, supra, at 356-357. The Fourth Amendment contemplates a prior judicial judgment,[18] not the risk that executive discretion may be reasonably exercised. This judicial role accords with our basic constitutional doctrine that individual freedoms will best be preserved through a separation of powers and division of functions among the different branches and levels of Government. Harlan, Thoughts at a Dedication: Keeping the Judicial Function in Balance, 49 A. B. A. J. 943-944 (1963). The independent check upon executive discretion is not 318*318 satisfied, as the Government argues, by "extremely limited" post-surveillance judicial review.[19] Indeed, post-surveillance review would never reach the surveillances which failed to result in prosecutions. Prior review by a neutral and detached magistrate is the time-tested means of effectuating Fourth Amendment rights. Beck v. Ohio, 379 U. S. 89, 96 (1964).
  • But we do not think a case has been made for the requested departure from Fourth Amendment standards. The circumstances described do not justify complete exemption of domestic security surveillance from prior judicial scrutiny. Official surveillance, whether its purpose be criminal investigation or ongoing intelligence gathering, risks infringement of constitutionally protected privacy of speech. Security surveillances are especially sensitive because of the inherent vagueness of the domestic security concept, the necessarily broad and continuing nature of intelligence gathering, and the temptation to utilize such surveillances to oversee political dissent. We recognize, as we have before, the constitutional basis of the President's domestic security role, but we think it must be exercised in a manner compatible with the Fourth Amendment. In this case we hold that this requires an appropriate prior warrant procedure. We cannot accept the Government's argument that internal security matters are too subtle and complex for judicial evaluation. Courts regularly deal with the most difficult issues of our society. There is no reason to believe that federal judges will be insensitive to or uncomprehending of the issues involved in domestic security cases. Certainly courts can recognize that domestic security surveillance involves different considerations from the surveillance of "ordinary crime." If the threat is too subtle or complex for our senior law enforcement officers to convey its significance to a court, one may question whether there is probable cause for surveillance.
  • Nor do we believe prior judicial approval will fracture the secrecy essential to official intelligence gathering. The investigation of criminal activity has long 321*321 involved imparting sensitive information to judicial officers who have respected the confidentialities involved. Judges may be counted upon to be especially conscious of security requirements in national security cases. Title III of the Omnibus Crime Control and Safe Streets Act already has imposed this responsibility on the judiciary in connection with such crimes as espionage, sabotage, and treason, §§ 2516 (1) (a) and (c), each of which may involve domestic as well as foreign security threats. Moreover, a warrant application involves no public or adversary proceedings: it is an ex parte request before a magistrate or judge. Whatever security dangers clerical and secretarial personnel may pose can be minimized by proper administrative measures, possibly to the point of allowing the Government itself to provide the necessary clerical assistance.
  • Thus, we conclude that the Government's concerns do not justify departure in this case from the customary Fourth Amendment requirement of judicial approval prior to initiation of a search or surveillance. Although some added burden will be imposed upon the Attorney General, this inconvenience is justified in a free society to protect constitutional values. Nor do we think the Government's domestic surveillance powers will be impaired to any significant degree. A prior warrant establishes presumptive validity of the surveillance and will minimize the burden of justification in post-surveillance judicial review. By no means of least importance will be the reassurance of the public generally that indiscriminate wiretapping and bugging of law-abiding citizens cannot occur.
  • As the surveillance of Plamondon's conversations was unlawful, because conducted without prior judicial approval, the courts below correctly held that Alderman v. United States, 394 U. S. 165 (1969), is controlling and that it requires disclosure to the accused of his own impermissibly intercepted conversations. As stated in Alderman, "the trial court can and should, where appropriate, place a defendant and his counsel under enforceable orders against unwarranted disclosure of the materials which they may be entitled to inspect." 394 U. S., at 185.[21]
Paul Merrell

Cy Vance's Proposal to Backdoor Encrypted Devices Is Riddled With Vulnerabilities | Jus... - 0 views

www.justsecurity.org/...evices-riddled-vulnerabilities

surveillance state encryption-backdoors Vance tyranny right-to-whisper

shared by Paul Merrell on 11 Dec 15 - No Cached
  • Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.
  • Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.
  • Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.
  • ...8 more annotations...
  • In addition to his weak reasoning for why it would be feasible to create backdoors to encrypted devices without creating undue security risks or harming privacy, Vance makes several flawed policy-based arguments in favor of his proposal. He argues that criminals benefit from devices that are protected by strong encryption. That may be true, but strong encryption is also a critical tool used by billions of average people around the world every day to protect their transactions, communications, and private information. Lawyers, doctors, and journalists rely on encryption to protect their clients, patients, and sources. Government officials, from the President to the directors of the NSA and FBI, and members of Congress, depend on strong encryption for cybersecurity and data security. There are far more innocent Americans who benefit from strong encryption than there are criminals who exploit it. Encryption is also essential to our economy. Device manufacturers could suffer major economic losses if they are prohibited from competing with foreign manufacturers who offer more secure devices. Encryption also protects major companies from corporate and nation-state espionage. As more daily business activities are done on smartphones and other devices, they may now hold highly proprietary or sensitive information. Those devices could be targeted even more than they are now if all that has to be done to access that information is to steal an employee’s smartphone and exploit a vulnerability the manufacturer was required to create.
  • Privacy is another concern that Vance dismisses too easily. Despite Vance’s arguments otherwise, building backdoors into device encryption undermines privacy. Our government does not impose a similar requirement in any other context. Police can enter homes with warrants, but there is no requirement that people record their conversations and interactions just in case they someday become useful in an investigation. The conversations that we once had through disposable letters and in-person conversations now happen over the Internet and on phones. Just because the medium has changed does not mean our right to privacy has.
  • Vance attempts to downplay this serious risk by asserting that anyone can use the “Find My Phone” or Android Device Manager services that allow owners to delete the data on their phones if stolen. However, this does not stand up to scrutiny. These services are effective only when an owner realizes their phone is missing and can take swift action on another computer or device. This delay ensures some period of vulnerability. Encryption, on the other hand, protects everyone immediately and always. Additionally, Vance argues that it is safer to build backdoors into encrypted devices than it is to do so for encrypted communications in transit. It is true that there is a difference in the threats posed by the two types of encryption backdoors that are being debated. However, some manner of widespread vulnerability will inevitably result from a backdoor to encrypted devices. Indeed, the NSA and GCHQ reportedly hacked into a database to obtain cell phone SIM card encryption keys in order defeat the security protecting users’ communications and activities and to conduct surveillance. Clearly, the reality is that the threat of such a breach, whether from a hacker or a nation state actor, is very real. Even if companies go the extra mile and create a different means of access for every phone, such as a separate access key for each phone, significant vulnerabilities will be created. It would still be possible for a malicious actor to gain access to the database containing those keys, which would enable them to defeat the encryption on any smartphone they took possession of. Additionally, the cost of implementation and maintenance of such a complex system could be high.
  • Vance also suggests that the US would be justified in creating such a requirement since other Western nations are contemplating requiring encryption backdoors as well. Regardless of whether other countries are debating similar proposals, we cannot afford a race to the bottom on cybersecurity. Heads of the intelligence community regularly warn that cybersecurity is the top threat to our national security. Strong encryption is our best defense against cyber threats, and following in the footsteps of other countries by weakening that critical tool would do incalculable harm. Furthermore, even if the US or other countries did implement such a proposal, criminals could gain access to devices with strong encryption through the black market. Thus, only innocent people would be negatively affected, and some of those innocent people might even become criminals simply by trying to protect their privacy by securing their data and devices. Finally, Vance argues that David Kaye, UN Special Rapporteur for Freedom of Expression and Opinion, supported the idea that court-ordered decryption doesn’t violate human rights, provided certain criteria are met, in his report on the topic. However, in the context of Vance’s proposal, this seems to conflate the concepts of court-ordered decryption and of government-mandated encryption backdoors. The Kaye report was unequivocal about the importance of encryption for free speech and human rights. The report concluded that:
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. … States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. Additionally, the group of intelligence experts that was hand-picked by the President to issue a report and recommendations on surveillance and technology, concluded that: [R]egarding encryption, the U.S. Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
  • The clear consensus among human rights experts and several high-ranking intelligence experts, including the former directors of the NSA, Office of the Director of National Intelligence, and DHS, is that mandating encryption backdoors is dangerous. Unaddressed Concerns: Preventing Encrypted Devices from Entering the US and the Slippery Slope In addition to the significant faults in Vance’s arguments in favor of his proposal, he fails to address the question of how such a restriction would be effectively implemented. There is no effective mechanism for preventing code from becoming available for download online, even if it is illegal. One critical issue the Vance proposal fails to address is how the government would prevent, or even identify, encrypted smartphones when individuals bring them into the United States. DHS would have to train customs agents to search the contents of every person’s phone in order to identify whether it is encrypted, and then confiscate the phones that are. Legal and policy considerations aside, this kind of policy is, at the very least, impractical. Preventing strong encryption from entering the US is not like preventing guns or drugs from entering the country — encrypted phones aren’t immediately obvious as is contraband. Millions of people use encrypted devices, and tens of millions more devices are shipped to and sold in the US each year.
  • Finally, there is a real concern that if Vance’s proposal were accepted, it would be the first step down a slippery slope. Right now, his proposal only calls for access to smartphones and devices running mobile operating systems. While this policy in and of itself would cover a number of commonplace devices, it may eventually be expanded to cover laptop and desktop computers, as well as communications in transit. The expansion of this kind of policy is even more worrisome when taking into account the speed at which technology evolves and becomes widely adopted. Ten years ago, the iPhone did not even exist. Who is to say what technology will be commonplace in 10 or 20 years that is not even around today. There is a very real question about how far law enforcement will go to gain access to information. Things that once seemed like merely science fiction, such as wearable technology and artificial intelligence that could be implanted in and work with the human nervous system, are now available. If and when there comes a time when our “smart phone” is not really a device at all, but is rather an implant, surely we would not grant law enforcement access to our minds.
  • Policymakers should dismiss Vance’s proposal to prohibit the use of strong encryption to protect our smartphones and devices in order to ensure law enforcement access. Undermining encryption, regardless of whether it is protecting data in transit or at rest, would take us down a dangerous and harmful path. Instead, law enforcement and the intelligence community should be working to alter their skills and tactics in a fast-evolving technological world so that they are not so dependent on information that will increasingly be protected by encryption.
Paul Merrell

History of the Federal Judiciary - 0 views

www.fjc.gov/...tu_olmstead_doc_15.html

surveillance state wiretap litigation

shared by Paul Merrell on 26 May 14 - No Cached
  •  Olmstead v. United States: The Constitutional Challenges of Prohibition Enforcement Historical Documents Dissenting opinion of Justice Louis D. Brandeis in Olmstead v. United States Justice Brandeis’s dissenting opinion is one of the more notable dissents in Supreme Court history. He attempted to define a general right of privacy based on the Fourth and Fifth Amendments. Brandeis had long been interested in the problem of privacy in the modern age; years earlier he and his law partner, Samuel Warren, published what many consider the seminal article on the topic (Samuel Warren & Louis D. Brandeis, “The Right to Privacy,” 4 Harv. L. Rev. 193 (1890)). Brandeis’s opinion in Olmstead attempted to apply to the current era what he said were the principles of the Fourth and Fifth Amendments. Historians often overlook how much his approach draws on the dissenting opinion of Judge Rudkin in the circuit court, but Brandeis himself acknowledged his debt to Rudkin in the text. The quotation about “the form that evil had theretofore taken” referred to the Supreme Court decision in Weems v. United States, in which Justice Joseph McKenna wrote of the need for the Court to apply the general principles of the Constitution to new problems.
  • Moreover, “in the application of a constitution, our contemplation cannot be only of what has been but of what may be.” The progress of science in furnishing the Government with means of espionage is not likely to stop with wire-tapping. Ways may someday be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home. Advances in the psychic and related sciences may bring means of exploring unexpressed beliefs, thoughts and emotions. “That places the liberty of every man in the hands of every petty officer” was said by James Otis of much lesser intrusions than these. To Lord Camden, a far slighter intrusion seemed “subversive of all the comforts of society.” Can it be that the Constitution affords no protection against such invasions of individual security? . . .
  • In Ex parte Jackson, 96 U.S. 727, it was held that a sealed letter entrusted to the mail is protected by the Amendments. The mail is a public service furnished by the Government. The telephone is a public service furnished by its authority. There is, in essence, no difference between the sealed letter and the private telephone message. As Judge Rudkin said below: “True, the one is visible, the other invisible; the one is tangible, the other intangible; the one is sealed, and the other unsealed, but these are distinctions without a difference.” The evil incident to invasion of the privacy of the telephone is far greater than that involved in tampering with the mails. Whenever a telephone line is tapped, the privacy of the persons at both ends of the line is invaded and all conversations between them upon any subject, and, although proper, confidential and privileged, may be overheard. Moreover, the tapping of one man’s telephone line involves the tapping of the telephone of every other person whom he may call or who may call him. As a means of espionage, writs of assistance and general warrants are but puny instruments of tyranny and oppression when compared with wire-tapping.
  • ...2 more annotations...
  • Time and again, this Court in giving effect to the principle underlying the Fourth Amendment, has refused to place an unduly literal construction upon it. This was notably illustrated in the Boyd case itself. Taking language in its ordinary meaning, there is no “search” or “seizure” when a defendant is required to produce a document in the orderly process of a court’s procedure. “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures,” would not be violated, under any ordinary construction of language, by compelling obedience to a subpoena. But this Court holds the evidence inadmissible simply because the information leading to the issue of the subpoena has been unlawfully secured. . . . The provision against self-incrimination in the Fifth Amendment has been given an equally broad construction. . . .
  • Decisions of this Court applying the principle of the Boyd case have settled these things. Unjustified search and seizure violates the Fourth Amendment, whatever the character of the paper; whether the paper when taken by the federal officers was in the home, in an office, or elsewhere; whether the taking was effected by force, by fraud, or in the orderly process of a court’s procedure. From these decisions, it follows necessarily that the Amendment is violated by the officer’s reading the paper without a physical seizure, without his even touching it; and that use, in any criminal proceeding, of the contents of the paper so examined—as where they are testified to by a federal officer who thus saw the document, or where, through knowledge so obtained, a copy has been procured elsewhere—any such use constitutes a violation of the Fifth Amendment. The protection guaranteed by the Amendments is much broader in scope. The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness. They recognized the significance of man’s spiritual nature, of his feelings, and of his intellect. They knew that only a part of the pain, pleasure and satisfactions of life are to be found in material things. They sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations. They conferred, as against the Government, the right to be let alone—the most comprehensive of rights and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment. And the use, as evidence in a criminal proceeding, of facts ascertained by such intrusion must be deemed a violation of the Fifth.
  • Paul Merrell on 26 May 14
     
    The linked opinion is Justice Brandeis' dissent in Olmstead v. U.S., the first Supreme Court decision to approve the use of secret wiretap evidence in a criminal proceeding, even though gathered without a search warrant. The warrant requirement would later be imposed in 1967 by the decision in Katz v. U.S., which established that the Fourth Amendment the privacy of people, not places, reviving the Brandeis dissent to a large degree. Since Katz and the advent of broad government surveillance, Justice Brandeis' dissent is gaining still more attention. 
Paul Merrell

TGIF: The Phony Trade-off between Privacy and Security The Future of Freedom Foundation - 0 views

fff.org/...f-between-privacy-and-security

surveillance state Obama Obama-speech privacy-v-security

shared by Paul Merrell on 23 Jan 14 - No Cached
  • Most people take it for granted — because they’ve heard it so many times from politicians and pundits — that they must trade some privacy for security in this dangerous world. The challenge, we’re told, is to find the right “balance.” Let’s examine this.
  • In other words, in the freed market I would find the right “balance” for myself, and you would do the same. One size wouldn’t be deemed to fit all. The market would cater to people with a range of security/privacy concerns, striking the “balance” differently for different people. That’s as it should be. Actually, we can say that there would be no trade-off between privacy and security at all, because the information would be voluntarily disclosed by each individual on mutually acceptable terms. Under those circumstances, it wouldn’t be right to call what the firm does an “intrusion.” But that sort of situation is not what Barack Obama, Mike Rogers, Peter King, and their ilk mean when they tell us that “we” need to find the right balance between security and privacy. They mean they will dictate to us what the alleged balance will be. We will have no real say in the matter, and they can be counted on to find the balance on the “security” side of the spectrum as suits their interests. That’s how these things work.
  • where the state is concerned, you can’t trade off privacy against security because they’re exactly the same thing.
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

www.mintpressnews.com/...213028

surveillance state encryption NSA Comey

shared by Paul Merrell on 25 Jan 16 - No Cached
  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Paul Merrell

First Unitarian Church of Los Angeles v. NSA | Electronic Frontier Foundation - 0 views

www.eff.org/...arian-church-los-angeles-v-nsa

surveillance state NSA NSA-blowback litigation 1st Amendment EFF

shared by Paul Merrell on 13 Jan 14 - No Cached
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • The case challenges the mass telephone records collection that was confirmed by the FISA Order that was published on June 5, 2013 and confirmed by the Director of National Intelligence (DNI) on June 6, 2013. The DNI confirmed that the collection was “broad in scope” and conducted under the “business records” provision of the Foreign Intelligence Surveillance Act, also known as section 215 of the Patriot Act and 50 U.S.C. section 1861. The facts have long been part of EFF’s Jewel v. NSA case. The case does not include section 702 programs, which includes the recently made public and called the PRISM program or the fiber optic splitter program that is included (along with the telephone records program) in the Jewel v. NSA case. 
  • ...5 more annotations...
  • Our goal is to highlight one of the most important ways that the government collection of telephone records is unconstitutional: it violates the First Amendment right of association. When the government gets access to the phone records of political and activist organizations and their members, it knows who is talking to whom, when, and for how long. This so-called “metadata,” especially when collected in bulk and aggregated, tracks the associations of these organizations. After all, if the government knows that you call the Unitarian Church or Calguns or People for the American Way or Students for Sensible Drug Policy regularly, it has a very good indication that you are a member and it certainly knows that you associate regularly. The law has long recognized that government access to associations can create a chilling effect—people are less likely to associate with organizations when they know the government is watching and when the government can track their associations. 
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • The First Amendment right of association is a well established doctrine that prevents the government “interfering with the right to peaceably assemble or prohibit the petition for a governmental redress of grievances.” The most famous case embracing it is a 1958 Supreme Court Case from the Civil Rights era called  NAACP v. Alabama. In that case the Supreme Court held that it would violate the First Amendment for the NAACP to have to turn over its membership lists in litigation. The right stems from the simple fact that the First Amendment protects the freedom to associate and express political views as a group. This constitutional protection is critical because, as the court noted “[e]ffective advocacy of both public and private points of view, particularly controversial ones, is undeniably enhanced by group association[.]” NAACP v. Alabama, 357 U.S. at 460. As another court noted: the Constitution protects freedom of association to encourage the “advancing ideas and airing grievances” Bates v. City of Little Rock, 361 U.S. 516, 522-23 (1960).
  • The collection and analysis of telephone records give the government a broad window into our associations. The First Amendment protects against this because, as the Supreme Court has recognized, “it may induce members to withdraw from the association and dissuade others from joining it because of fear of exposure of their beliefs shown through their associations and of the consequences of their exposure.” NAACP v. Alabama, 357 U.S. at 462-63. See also Bates, 361 U.S. at 523; Gibson v. Florida Legislative Investigation Comm., 372 U.S. 539 (1963).  Privacy in one’s associational ties is also closely linked to freedom of association: “Inviolability of privacy in group association may in many circumstances be indispensable to preservation of freedom of association, particularly where a group espouses dissident beliefs.” NAACP v. Alabama, 357 U.S. at 462. 
  • The Supreme Court has made clear that infringements on freedom of association may survive constitutional scrutiny only when they “serve compelling state interests, unrelated to the suppression of ideas, that cannot be achieved through means significantly less restrictive of associational freedoms.” Roberts v. United States Jaycees, 468 U.S. 609, 623 (1984); see also NAACP v. Button, 371 U.S. at 341; Knox v. SEIU, Local 1000, 132 S. Ct. 2277, 2291 (2012)  Here, the wholesale collection of telephone records of millions of innocent Americans’ communications records, and thereby collection of their associations, is massively overbroad, regardless of the government’s interest. Thus, the NSA spying program fails under the basic First Amendment tests that have been in place for over fifty years.
  • Paul Merrell on 13 Jan 14
     
    This case is related to EFF's earlier pending case, Jewel v. NSA and has been assigned to Judge Whyte, the same judge who ruled earlier in Jewel that the State Secrets Privilege does not apply to NSA's call metadata "haystack." The plaintiffs are 22 different groups who would make strange bedfellows indeed, except in opposition to government surveillance and repression. 
Paul Merrell

CURIA - Documents - 0 views

curia.europa.eu/...document.jsf

surveillance state EU Court-of-Justice data-retention data privacy

shared by Paul Merrell on 19 Jul 14 - No Cached
  • 37      It must be stated that the interference caused by Directive 2006/24 with the fundamental rights laid down in Articles 7 and 8 of the Charter is, as the Advocate General has also pointed out, in particular, in paragraphs 77 and 80 of his Opinion, wide-ranging, and it must be considered to be particularly serious. Furthermore, as the Advocate General has pointed out in paragraphs 52 and 72 of his Opinion, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance.
  • 43      In this respect, it is apparent from recital 7 in the preamble to Directive 2006/24 that, because of the significant growth in the possibilities afforded by electronic communications, the Justice and Home Affairs Council of 19 December 2002 concluded that data relating to the use of electronic communications are particularly important and therefore a valuable tool in the prevention of offences and the fight against crime, in particular organised crime. 44      It must therefore be held that the retention of data for the purpose of allowing the competent national authorities to have possible access to those data, as required by Directive 2006/24, genuinely satisfies an objective of general interest.45      In those circumstances, it is necessary to verify the proportionality of the interference found to exist.46      In that regard, according to the settled case-law of the Court, the principle of proportionality requires that acts of the EU institutions be appropriate for attaining the legitimate objectives pursued by the legislation at issue and do not exceed the limits of what is appropriate and necessary in order to achieve those objectives (see, to that effect, Case C‑343/09 Afton Chemical EU:C:2010:419, paragraph 45; Volker und Markus Schecke and Eifert EU:C:2010:662, paragraph 74; Cases C‑581/10 and C‑629/10 Nelson and Others EU:C:2012:657, paragraph 71; Case C‑283/11 Sky Österreich EU:C:2013:28, paragraph 50; and Case C‑101/12 Schaible EU:C:2013:661, paragraph 29).
  • 67      Article 7 of Directive 2006/24, read in conjunction with Article 4(1) of Directive 2002/58 and the second subparagraph of Article 17(1) of Directive 95/46, does not ensure that a particularly high level of protection and security is applied by those providers by means of technical and organisational measures, but permits those providers in particular to have regard to economic considerations when determining the level of security which they apply, as regards the costs of implementing security measures. In particular, Directive 2006/24 does not ensure the irreversible destruction of the data at the end of the data retention period.68      In the second place, it should be added that that directive does not require the data in question to be retained within the European Union, with the result that it cannot be held that the control, explicitly required by Article 8(3) of the Charter, by an independent authority of compliance with the requirements of protection and security, as referred to in the two previous paragraphs, is fully ensured. Such a control, carried out on the basis of EU law, is an essential component of the protection of individuals with regard to the processing of personal data (see, to that effect, Case C‑614/10 Commission v Austria EU:C:2012:631, paragraph 37).69      Having regard to all the foregoing considerations, it must be held that, by adopting Directive 2006/24, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter.
  • ...13 more annotations...
  • 58      Directive 2006/24 affects, in a comprehensive manner, all persons using electronic communications services, but without the persons whose data are retained being, even indirectly, in a situation which is liable to give rise to criminal prosecutions. It therefore applies even to persons for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime. Furthermore, it does not provide for any exception, with the result that it applies even to persons whose communications are subject, according to rules of national law, to the obligation of professional secrecy. 59      Moreover, whilst seeking to contribute to the fight against serious crime, Directive 2006/24 does not require any relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or to a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection or prosecution of serious offences.
  • 1        These requests for a preliminary ruling concern the validity of Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ 2006 L 105, p. 54).
  • Digital Rights Ireland Ltd (C‑293/12)vMinister for Communications, Marine and Natural Resources,Minister for Justice, Equality and Law Reform,Commissioner of the Garda Síochána,Ireland,The Attorney General,intervener:Irish Human Rights Commission, andKärntner Landesregierung (C‑594/12),Michael Seitlinger,Christof Tschohl and others,
  • JUDGMENT OF THE COURT (Grand Chamber)8 April 2014 (*)(Electronic communications — Directive 2006/24/EC — Publicly available electronic communications services or public communications networks services — Retention of data generated or processed in connection with the provision of such services — Validity — Articles 7, 8 and 11 of the Charter of Fundamental Rights of the European Union)In Joined Cases C‑293/12 and C‑594/12,
  • 34      As a result, the obligation imposed by Articles 3 and 6 of Directive 2006/24 on providers of publicly available electronic communications services or of public communications networks to retain, for a certain period, data relating to a person’s private life and to his communications, such as those referred to in Article 5 of the directive, constitutes in itself an interference with the rights guaranteed by Article 7 of the Charter. 35      Furthermore, the access of the competent national authorities to the data constitutes a further interference with that fundamental right (see, as regards Article 8 of the ECHR, Eur. Court H.R., Leander v. Sweden, 26 March 1987, § 48, Series A no 116; Rotaru v. Romania [GC], no. 28341/95, § 46, ECHR 2000-V; and Weber and Saravia v. Germany (dec.), no. 54934/00, § 79, ECHR 2006-XI). Accordingly, Articles 4 and 8 of Directive 2006/24 laying down rules relating to the access of the competent national authorities to the data also constitute an interference with the rights guaranteed by Article 7 of the Charter. 36      Likewise, Directive 2006/24 constitutes an interference with the fundamental right to the protection of personal data guaranteed by Article 8 of the Charter because it provides for the processing of personal data.
  • 65      It follows from the above that Directive 2006/24 does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter. It must therefore be held that Directive 2006/24 entails a wide-ranging and particularly serious interference with those fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary.66      Moreover, as far as concerns the rules relating to the security and protection of data retained by providers of publicly available electronic communications services or of public communications networks, it must be held that Directive 2006/24 does not provide for sufficient safeguards, as required by Article 8 of the Charter, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of that data. In the first place, Article 7 of Directive 2006/24 does not lay down rules which are specific and adapted to (i) the vast quantity of data whose retention is required by that directive, (ii) the sensitive nature of that data and (iii) the risk of unlawful access to that data, rules which would serve, in particular, to govern the protection and security of the data in question in a clear and strict manner in order to ensure their full integrity and confidentiality. Furthermore, a specific obligation on Member States to establish such rules has also not been laid down.
  • 60      Secondly, not only is there a general absence of limits in Directive 2006/24 but Directive 2006/24 also fails to lay down any objective criterion by which to determine the limits of the access of the competent national authorities to the data and their subsequent use for the purposes of prevention, detection or criminal prosecutions concerning offences that, in view of the extent and seriousness of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter, may be considered to be sufficiently serious to justify such an interference. On the contrary, Directive 2006/24 simply refers, in Article 1(1), in a general manner to serious crime, as defined by each Member State in its national law.61      Furthermore, Directive 2006/24 does not contain substantive and procedural conditions relating to the access of the competent national authorities to the data and to their subsequent use. Article 4 of the directive, which governs the access of those authorities to the data retained, does not expressly provide that that access and the subsequent use of the data in question must be strictly restricted to the purpose of preventing and detecting precisely defined serious offences or of conducting criminal prosecutions relating thereto; it merely provides that each Member State is to define the procedures to be followed and the conditions to be fulfilled in order to gain access to the retained data in accordance with necessity and proportionality requirements.
  • 55      The need for such safeguards is all the greater where, as laid down in Directive 2006/24, personal data are subjected to automatic processing and where there is a significant risk of unlawful access to those data (see, by analogy, as regards Article 8 of the ECHR, S. and Marper v. the United Kingdom, § 103, and M. K. v. France, 18 April 2013, no. 19522/09, § 35).56      As for the question of whether the interference caused by Directive 2006/24 is limited to what is strictly necessary, it should be observed that, in accordance with Article 3 read in conjunction with Article 5(1) of that directive, the directive requires the retention of all traffic data concerning fixed telephony, mobile telephony, Internet access, Internet e-mail and Internet telephony. It therefore applies to all means of electronic communication, the use of which is very widespread and of growing importance in people’s everyday lives. Furthermore, in accordance with Article 3 of Directive 2006/24, the directive covers all subscribers and registered users. It therefore entails an interference with the fundamental rights of practically the entire European population. 57      In this respect, it must be noted, first, that Directive 2006/24 covers, in a generalised manner, all persons and all means of electronic communication as well as all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime.
  • 62      In particular, Directive 2006/24 does not lay down any objective criterion by which the number of persons authorised to access and subsequently use the data retained is limited to what is strictly necessary in the light of the objective pursued. Above all, the access by the competent national authorities to the data retained is not made dependent on a prior review carried out by a court or by an independent administrative body whose decision seeks to limit access to the data and their use to what is strictly necessary for the purpose of attaining the objective pursued and which intervenes following a reasoned request of those authorities submitted within the framework of procedures of prevention, detection or criminal prosecutions. Nor does it lay down a specific obligation on Member States designed to establish such limits. 63      Thirdly, so far as concerns the data retention period, Article 6 of Directive 2006/24 requires that those data be retained for a period of at least six months, without any distinction being made between the categories of data set out in Article 5 of that directive on the basis of their possible usefulness for the purposes of the objective pursued or according to the persons concerned.64      Furthermore, that period is set at between a minimum of 6 months and a maximum of 24 months, but it is not stated that the determination of the period of retention must be based on objective criteria in order to ensure that it is limited to what is strictly necessary.
  • 52      So far as concerns the right to respect for private life, the protection of that fundamental right requires, according to the Court’s settled case-law, in any event, that derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary (Case C‑473/12 IPI EU:C:2013:715, paragraph 39 and the case-law cited).53      In that regard, it should be noted that the protection of personal data resulting from the explicit obligation laid down in Article 8(1) of the Charter is especially important for the right to respect for private life enshrined in Article 7 of the Charter.54      Consequently, the EU legislation in question must lay down clear and precise rules governing the scope and application of the measure in question and imposing minimum safeguards so that the persons whose data have been retained have sufficient guarantees to effectively protect their personal data against the risk of abuse and against any unlawful access and use of that data (see, by analogy, as regards Article 8 of the ECHR, Eur. Court H.R., Liberty and Others v. the United Kingdom, 1 July 2008, no. 58243/00, § 62 and 63; Rotaru v. Romania, § 57 to 59, and S. and Marper v. the United Kingdom, § 99).
  • 26      In that regard, it should be observed that the data which providers of publicly available electronic communications services or of public communications networks must retain, pursuant to Articles 3 and 5 of Directive 2006/24, include data necessary to trace and identify the source of a communication and its destination, to identify the date, time, duration and type of a communication, to identify users’ communication equipment, and to identify the location of mobile communication equipment, data which consist, inter alia, of the name and address of the subscriber or registered user, the calling telephone number, the number called and an IP address for Internet services. Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. 27      Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them.
  • 32      By requiring the retention of the data listed in Article 5(1) of Directive 2006/24 and by allowing the competent national authorities to access those data, Directive 2006/24, as the Advocate General has pointed out, in particular, in paragraphs 39 and 40 of his Opinion, derogates from the system of protection of the right to privacy established by Directives 95/46 and 2002/58 with regard to the processing of personal data in the electronic communications sector, directives which provided for the confidentiality of communications and of traffic data as well as the obligation to erase or make those data anonymous where they are no longer needed for the purpose of the transmission of a communication, unless they are necessary for billing purposes and only for as long as so necessary.
  • On those grounds, the Court (Grand Chamber) hereby rules:Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC is invalid.
  • Paul Merrell on 19 Jul 14
     
    EU Court of Justice decision in regard to a Directive that required communications data retention by telcos/ISPs, finding the Directive invalid as a violation of the right of privacy in communications. Fairly read, paragraph 59 outlaws bulk collection of such records, i.e., it requires the equivalent of a judge-issued search warrant in the U.S. based on probable cause to believe that the particular individual's communications are a legitimate object of a search.  Note also that paragraph 67 effectively forbids transfer of any retained data outside the E.U. So a barrier for NSA sharing of data with GCHQ derived from communications NSA collects from EU communications traffic. Bye-bye, Big Data for GCHQ in the E.U. 
Paul Merrell

US v. Comprehensive Drug Testing, Inc., 621 F. 3d 1162 - Court of Appeals, 9th Circuit ... - 0 views

scholar.google.com/scholar_case

surveillance-state 4th Amendment bulk-collection future-investigations

shared by Paul Merrell on 05 Dec 14 - No Cached
  • Concluding Thoughts
  • This case well illustrates both the challenges faced by modern law enforcement in retrieving information it needs to pursue and prosecute wrongdoers, and the threat to the privacy of innocent parties from a vigorous criminal investigation. At the time of Tamura, most individuals and enterprises kept records in their file cabinets or similar physical facilities. Today, the same kind of data is usually stored electronically, often far from the premises. Electronic storage facilities intermingle data, making them difficult to retrieve without a thorough understanding of the filing and classification systems used—something that can often only be determined by closely analyzing the data in a controlled environment. Tamura involved a few dozen boxes and was considered a broad seizure; but even inexpensive electronic storage media today can store the equivalent of millions of pages of information. 1176*1176 Wrongdoers and their collaborators have obvious incentives to make data difficult to find, but parties involved in lawful activities may also encrypt or compress data for entirely legitimate reasons: protection of privacy, preservation of privileged communications, warding off industrial espionage or preventing general mischief such as identity theft. Law enforcement today thus has a far more difficult, exacting and sensitive task in pursuing evidence of criminal activities than even in the relatively recent past. The legitimate need to scoop up large quantities of data, and sift through it carefully for concealed or disguised pieces of evidence, is one we've often recognized. See, e.g., United States v. Hill, 459 F.3d 966 (9th Cir.2006).
  • This pressing need of law enforcement for broad authorization to examine electronic records, so persuasively demonstrated in the introduction to the original warrant in this case, see pp. 1167-68 supra, creates a serious risk that every warrant for electronic information will become, in effect, a general warrant, rendering the Fourth Amendment irrelevant. The problem can be stated very simply: There is no way to be sure exactly what an electronic file contains without somehow examining its contents—either by opening it and looking, using specialized forensic software, keyword searching or some other such technique. But electronic files are generally found on media that also contain thousands or millions of other files among which the sought-after data may be stored or concealed. By necessity, government efforts to locate particular files will require examining a great many other files to exclude the possibility that the sought-after data are concealed there. Once a file is examined, however, the government may claim (as it did in this case) that its contents are in plain view and, if incriminating, the government can keep it. Authorization to search some computer files therefore automatically becomes authorization to search all files in the same sub-directory, and all files in an enveloping directory, a neighboring hard drive, a nearby computer or nearby storage media. Where computers are not near each other, but are connected electronically, the original search might justify examining files in computers many miles away, on a theory that incriminating electronic data could have been shuttled and concealed there.
  • ...3 more annotations...
  • The advent of fast, cheap networking has made it possible to store information at remote third-party locations, where it is intermingled with that of other users. For example, many people no longer keep their email primarily on their personal computer, and instead use a web-based email provider, which stores their messages along with billions of messages from and to millions of other people. Similar services exist for photographs, slide shows, computer code and many other types of data. As a result, people now have personal data that are stored with that of innumerable strangers. Seizure of, for example, Google's email servers to look for a few incriminating messages could jeopardize the privacy of millions. It's no answer to suggest, as did the majority of the three-judge panel, that people can avoid these hazards by not storing their data electronically. To begin with, the choice about how information is stored is often made by someone other than the individuals whose privacy would be invaded by the search. Most people have no idea whether their doctor, lawyer or accountant maintains records in paper or electronic format, whether they are stored on the premises or on a server farm in Rancho Cucamonga, whether they are commingled with those of many other professionals 1177*1177 or kept entirely separate. Here, for example, the Tracey Directory contained a huge number of drug testing records, not only of the ten players for whom the government had probable cause but hundreds of other professional baseball players, thirteen other sports organizations, three unrelated sporting competitions, and a non-sports business entity—thousands of files in all, reflecting the test results of an unknown number of people, most having no relationship to professional baseball except that they had the bad luck of having their test results stored on the same computer as the baseball players.
  • Second, there are very important benefits to storing data electronically. Being able to back up the data and avoid the loss by fire, flood or earthquake is one of them. Ease of access from remote locations while traveling is another. The ability to swiftly share the data among professionals, such as sending MRIs for examination by a cancer specialist half-way around the world, can mean the difference between death and a full recovery. Electronic storage and transmission of data is no longer a peculiarity or a luxury of the very rich; it's a way of life. Government intrusions into large private databases thus have the potential to expose exceedingly sensitive information about countless individuals not implicated in any criminal activity, who might not even know that the information about them has been seized and thus can do nothing to protect their privacy. It is not surprising, then, that all three of the district judges below were severely troubled by the government's conduct in this case. Judge Mahan, for example, asked "what ever happened to the Fourth Amendment? Was it ... repealed somehow?" Judge Cooper referred to "the image of quickly and skillfully moving the cup so no one can find the pea." And Judge Illston regarded the government's tactics as "unreasonable" and found that they constituted "harassment." Judge Thomas, too, in his panel dissent, expressed frustration with the government's conduct and position, calling it a "breathtaking expansion of the `plain view' doctrine, which clearly has no application to intermingled private electronic data." Comprehensive Drug Testing, 513 F.3d at 1117.
  • Everyone's interests are best served if there are clear rules to follow that strike a fair balance between the legitimate needs of law enforcement and the right of individuals and enterprises to the privacy that is at the heart of the Fourth Amendment. Tamura has provided a workable framework for almost three decades, and might well have sufficed in this case had its teachings been followed. We have updated Tamura to apply to the daunting realities of electronic searches. We recognize the reality that over-seizing is an inherent part of the electronic search process and proceed on the assumption that, when it comes to the seizure of electronic records, this will be far more common than in the days of paper records. This calls for greater vigilance on the part of judicial officers in striking the right balance between the government's interest in law enforcement and the right of individuals to be free from unreasonable searches and seizures. The process of segregating electronic data that is seizable from that which is not must not become a vehicle for the government to gain access to data which it has no probable cause to collect.
  • Paul Merrell on 05 Dec 14
     
    From a Ninth U.S. Circuit Court of Appeals en banc ruling in 2010. The Court's holding was that federal investigators had vastly overstepped the boundaries of multiple subpoenas and a search warrant --- and the Fourth Amendment --- by seizing records of a testing laboratory and reviewing them for information not described in the warrant or the subpoenas. At issue in this particular case was the government's use of a warrant that found probable cause to believe that the records contained evidence that steroids had been found in the urine of ten major league baseball players but searched the seized records for urine tests of other baseball players. The Court upheld the lower courts' rulings that the government was required to return all records other than those relevant to the ten players identified in the warrant. (The government had instead used the records of other player's urine tests to issue subpoenas for evidence relevant to those players potential use of steroids.) This decision cuts very heavily against the notion that the Fourth Amendment allows the bulk collection of private information about millions of Americans with or without a warrantor court order on the theory that some of the records *may* later become relevant to a lawful investigation.   Or rephrased, here is the en banc decision of the largest federal court of appeals (as many judges as most other federal appellate courts combined), in direct disagreement with the FISA Court orders allowing bulk collection of telephone records and bulk "incidental" collection of Americans' telephone conversations on the theory that the records *might* become relevant to national security investigations. Yet none of the FISA judges in any of the FISA opinions published thus far even cited, let alone distinguished, this Ninth Circuit en banc decision. Which says a lot of the quality of the legal research performed by the FISA Court judges. However, this precedent is front and center in briefs filed with the Ni
Gary Edwards

Judge Rules: Obama Social Security Card Fraud May Finally Get Answers | - 1 views

dcclothesline.com/...-fraud-may-finally-get-answers

shared by Gary Edwards on 28 Dec 13 - No Cached
  • The reason for the judge’s amendment seems to be a procedural one. Taitz filed suit with the court prior to receiving word back from her Freedom of Information Act request, which she did receive on July 29, 2013 from Dawn S. Wiggins, a Fredom of Information Officer. Wiggins replied to Taitz: I have enclosed a copy of the SS-5s for Mr. Tsarnaev and Ms. Dunham. . . . We were unable to find any information for Mr. Bounel based on the information you provided to us. Mr. Bounel may not have applied for a Social Security number (SSN) or may have given different information on the application for a number.
  • The controversy over Barack Hussein Obama and his past, along with fraudulent documents continues to make headlines. Yet, the items needed to actually verify who Obama is continue to be kept from the public eye. Well, that all may be about to change. Attorney Orly Taitz may have just found a chink in the federal government’s armor in protecting Barack Obama from scrutiny, following a judge’s ruling over her Freedom of Information Act request from the Social Security Administration. Taitz has claimed that Obama uses the Social Security number of Harry Bounel and has submitted several Freedom of Information Act requests for the information from the Social Security Administration. Each time, she has been met with stonewalling by the Social Security Administration. However, Judge Ellen Lipton Hollander has ruled to give Taitz “an opportunity to file a second amended complaint and add allegations of SSA not doing a proper search and withholding records.”
  • Additionally, there is an increased tampering with the web site of Orly Taitz and with her ability to send mass -emails. It seems her private server is somehow affected and Taitz is unable to send mass e-mails on two different programs.
  • ...4 more annotations...
  • From Taitz’s Press Release: Judge Hollander in Maryland gives Attorney Orly Taitz 21 days to file a second amended complaint and add allegations in regards to an improper withholding by the Social Security Administration of records of Harry Bounel, whose Social security number is being illegally used by Barack Obama. When Taitz filed the complaint, SSA did not respond at all. After the law suit was filed, SSA responded by fraudulently claiming that the records were not found. Taitz responded that this is a fraudulent assertion, since the records were found before and denied to another petitioner due to privacy concerns, however Social Security has no right to claim privacy as according to their own 120 year rule they have a duty to release the records. The judge stated that the plaintiff Taitz might be correct, however at this time she cannot rule in her favor as her original complaint was filed before SSA responded, so the judge gave Taitz an opportunity to refile a second amended complaint and add new allegations, stating the SSA responded but improperly hidden the records . This is a great development. This all but assures that the judge will order the SSA to release the SS-5, Social Security application of resident of CT, Harrison (Harry) Bounel, whose CT SSN 042-68-4425 was stolen by Obama and used in Obama’s 2009 tax returns, which initially were posted on WhiteHouse.gov without proper redaction, without flattening of the file. Taitz will be very careful not to be Breitbarted or Fuddied in the next 21 days.
  • It’s interesting that Taitz points out that she will be “careful not to be Breitbarted or Fuddied,” indicating that she believes that both Andrew Breitbart and Andrew Breitbart and Loretta Fuddy were targeted by Obama for assassination.” Breitbart died on the very day that he said he would begin vetting Obama for the 2012 elections, which raised suspicions. Fuddy, best remembered as being instrumental in issuing the Hawaii long-form birth certificate, was the only person to die aboard a small plane that crashed off the coast of Hawaii last week. Already, there are questions surrounding the narrative of her death.
  • Taitz alleged that Mr. Bounel was born in 1890, and therefore, under the “’120 Year Rule’ implemented by the SSA in 2010,” pertaining to “‘extremely aged individuals,’” Bounel’s “Social Security applications have to be released under FOIA without proof of [his] death . . . .”
  • It appears that once the amendment is submitted, this may force the Social Security Administration to explain exactly what is going on with Barack Obama’s Social Security number. We should know something about the case by the second week in January 2014.
  • Paul Merrell on 29 Dec 13
     
    @ One passage in the article: "It appears that once the amendment is submitted, this may force the Social Security Administration to explain exactly what is going on with Barack Obama's Social Security number." That's far too optimistic, probably reflecting a lack of understanding of Freedom of Information Act and the processing of a FOIA complaint in federal court. I read the judge's opinion. After the amended complaint is filed, the government gets another shot at summary judgment, submitting a new affidavit about the scope of the search that meets the judge's criticism. (The judge did not rule that the search was inadequate, merely that it was inadequately described and might have been inadequate.) That shifts the burden to the plaintiff to prove that the search was inadequate. If she meets that burden, which isn't easy, the government has to do a new search, file a new motion for summary judgment with a new affidavit, rinse, lather, and repeat. So long as someone is willing to sign an affidavit describing the search and stating that nothing was found, the plaintiff will eventually be unable to prove that the search was inadequate and will lose the case. On the other hand, a new search may find the requested record and result in disclosure. But I'm not confident that this case will go very far. From the description of the complaint that the judge ruled on, it was fatally defective anyway, suggesting that the plaintiff doesn't know much about FOIA litigation. The complaint sought an order that the government be required to respond to her FOIA request letter. But once a FOIA request goes unanswered for 20 business days, the request is deemed denied and the plaintiff can file suit to compel disclosure of the records. The FOIA does not provide for lawsuits to compel the agency to answer a FOIA request. So the plaintiff apparenttly obviously does not understand the FOIA, probably making her easy pickings for an Assistant U.S. District Attorney whose specialty
Paul Merrell

Security Experts Oppose Government Access to Encrypted Communication - The New York Times - 0 views

www.nytimes.com/...o-encrypted-communication.html

encryption government-backdoors expert-report

shared by Paul Merrell on 08 Jul 15 - No Cached
  • An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.A new paper from the group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden’s revelations — with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds — encryption has emerged as a major issue in the debate over privacy rights.
  • That has put Silicon Valley at the center of a tug of war. Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers.
  • Yet law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government agency could use it alone.The encryption debate has left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their jobs.
  • ...2 more annotations...
  • The new paper is the first in-depth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the “R” in the widely used RSA public cryptography algorithm. In the report, the group said any effort to give the government “exceptional access” to encrypted communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power grid at risk. Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm — most recently at the United States Office of Personnel Management, the State Department and the White House — the security specialists said authorities could not be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, China and other governments in foreign markets would be spurred to do the same.
  • “Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” the report said. “The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable.”
  • Paul Merrell on 08 Jul 15
     
    Our system of government does not expect that every criminal will be apprehended and convicted. There are numerous values our society believes are more important. Some examples: [i] a presumption of innocence unless guilt is established beyond any reasonable doubt; [ii] the requirement that government officials convince a neutral magistrate that they have probable cause to believe that a search or seizure will produce evidence of a crime; [iii] many communications cannot be compelled to be disclosed and used in evidence, such as attorney-client communications, spousal communications, and priest-penitent communications; and [iv] etc. Moral of my story: the government needs a much stronger reason to justify interception of communications than saying, "some crooks will escape prosecution if we can't do that." We have a right to whisper to each other, concealing our communicatons from all others. Why does the right to whisper privately disappear if our whisperings are done electronically? The Supreme Court took its first step on a very slippery slope when it permitted wiretapping in Olmstead v. United States, 277 U.S. 438, 48 S. Ct. 564, 72 L. Ed. 944 (1928). https://goo.gl/LaZGHt It's been a long slide ever since. It's past time to revisit Olmstead and recognize that American citizens have the absolute right to communicate privately. "The President … recognizes that U.S. citizens and institutions should have a reasonable expectation of privacy from foreign or domestic intercept when using the public telephone system." - Brent Scowcroft, U.S. National Security Advisor, National Security Decision Memorandum 338 (1 September 1976) (Nixon administration), http://www.fas.org/irp/offdocs/nsdm-ford/nsdm-338.pdf   
Paul Merrell

The NSA is turning the internet into a total surveillance system | Alexander Abdo and P... - 0 views

www.theguardian.com/...sa-internet-surveillance-email

surveillance state NSA email lies

shared by Paul Merrell on 16 Aug 13 - No Cached
  • Another burst of sunlight permeated the National Security Agency's black box of domestic surveillance last week.According to the New York Times, the NSA is searching the content of virtually every email that comes into or goes out of the United States without a warrant. To accomplish this astonishing invasion of Americans' privacy, the NSA reportedly is making a copy of nearly every international email. It then searches that cloned data, keeping all of the emails containing certain keywords and deleting the rest – all in a matter of seconds.
  • The NSA appears to believe this general monitoring of our electronic communications is justified because the entire process takes, in one official's words, "a small number of seconds". Translation: the NSA thinks it can intercept and then read Americans' emails so long as the intrusion is swift, efficient and silent.That is not how the fourth amendment works.Whether the NSA inspects and retains these messages for years, or only searches through them once before moving on, the invasion of Americans' privacy is real and immediate. There is no "five-second rule" for fourth amendment violations: the US constitution does not excuse these bulk searches simply because they happen in the blink of an eye.The government claims that this program is authorized by a surveillance statute passed in 2008 that allows the government to target foreigners for surveillance. Although the government has frequently defended that law as a necessary tool in gathering foreign intelligence, the government has repeatedly misled the public about the extent to which the statute implicates Americans' communications.
  • There should no longer be any doubt: the US government has for years relied upon its authority to collect foreigners' communications as a useful cover for its sweeping surveillance of Americans' communications. The surveillance program revealed last week confirms that the interception of American communications under this law is neither "targeted" at foreigners (in any ordinary sense of that word) nor "inadvertent", as officials have repeatedly claimed.Last week's revelations are a disturbing harbinger of future surveillance. Two months ago, this newspaper reported that the US government has been forcing American telecommunications companies to turn over the call records of every one of their customers "on an ongoing daily basis", to allow the NSA to later search those records when it has a reason to do so. The government has since defended the program, in part on the theory that Americans' right to privacy is not implicated by the initial acquisition of their phone records, only by their later searching.That legal theory is extraordinarily dangerous because it would allow the NSA to acquire virtually all digital information today simply because it might possibly become relevant tomorrow. The surveillance program revealed by the New York Times report goes one step further still. No longer is the government simply collecting information now so that the data is available to search, should a reasonable suspicion arise at some point in the future; the NSA is searching everything now – in real time and without suspicion – merely on the chance that it finds something of interest.
  • ...1 more annotation...
  • That principle of pre-emptive surveillance threatens to subvert the most basic protections of the fourth amendment, which generally prohibit the government from conducting suspicion-less fishing expeditions through our private affairs. If the government is correct that it can search our every communication in case we say or type something suspicious, there is little to prevent the NSA from converting the internet into a tool of pervasive surveillance.
  • Paul Merrell on 16 Aug 13
     
    Obama was apparently technically accurate but materially misleading when he he said that no one is reading your email. But government computers are reading every email. "Although conduct by law enforcement officials prior to trial may ultimately impair that right, a constitutional violation occurs only at trial. Kastigar v. United States, 406 U. S. 441, 453 (1972). The Fourth Amendment functions differently. It prohibits 'unreasonable searches and seizures' whether or not the evidence is sought to be used in a criminal trial, and a violation of the Amendment is 'fully accomplished' at the time of an unreasonable governmental intrusion. United States v. Calandra, 414 U. S. 338, 354 (1974); United States v. Leon, 468 U. S. 897, 906 (1984)." United States v. Verdugo-Urquidez, 494 US 259, 265 (1990), http://scholar.google.com/scholar_case?case=10167007390100843851  
Paul Merrell

Bill Summary & Status - 113th Congress (2013 - 2014) - H.R.1852 - THOMAS (Library of Co... - 0 views

thomas.loc.gov/...z

surveillance state email digital-privacy legislation

shared by Paul Merrell on 28 Feb 14 - No Cached
  • H.R.1852 Latest Title: Email Privacy Act Sponsor: Rep Yoder, Kevin [KS-3] (introduced 5/7/2013)      Cosponsors (180) Related Bills: H.R.1847, H.R.3557, S.607 Latest Major Action: 6/14/2013 Referred to House subcommittee. Status: Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations.
  • Paul Merrell on 28 Feb 14
     
    Email Privacy Act, being heavily pushed by EFF and other digital privacy organizations. Ends the government's ability to obtain emails stored with a service provider without a court order. Congressional response to the Sixth Circuit's decision in U.S. v. Warshak holding that the 4th Amendment trumps the latitude granted to law enforcement to gather stored communications in the Stored Communications Act/Eelectronic Communications Privacy Act.   
Paul Merrell

Tomgram: Shamsi and Harwood, An Electronic Archipelago of Domestic Surveillance | TomDi... - 0 views

www.tomdispatch.com/...elago_of_domestic_surveillance

surveillance state civil-liberties shadow-ID watchlists

shared by Paul Merrell on 07 Nov 14 - No Cached
  • Uncle Sam’s Databases of Suspicion A Shadow Form of National ID
  • We do know that the nation’s domestic-intelligence network is massive, including at least 59 federal agencies, over 300 Defense Department units, and approximately 78 state-based fusion centers, as well as the multitude of law enforcement agencies they serve. We also know that local law enforcement agencies have themselves raised concerns about the system’s lack of privacy protections.
  • The SAR database is part of an ever-expanding domestic surveillance system established after 9/11 to gather intelligence on potential terrorism threats. At an abstract level, such a system may seem sensible: far better to prevent terrorism before it happens than to investigate and prosecute after a tragedy. Based on that reasoning, the government exhorts Americans to “see something, say something” -- the SAR program’s slogan. Indeed, just this week at a conference in New York City, FBI Director James Comey asked the public to report any suspicions they have to authorities. “When the hair on the back of your neck stands, listen to that instinct and just tell somebody,” said Comey. And seeking to reassure those who do not want to get their fellow Americans in trouble based on instinct alone, the FBI director added, “We investigate in secret for a very good reason, we don't want to smear innocent people.”
  • ...15 more annotations...
  • At a fundamental level, suspicious activity reporting, as well as the digital and physical infrastructure of networked computer servers and fusion centers built around it, depends on what the government defines as suspicious.  As it happens, this turns out to include innocuous, First Amendment-protected behavior. As a start, a little history: the Nationwide Suspicious Activity Reporting Initiative was established in 2008 as a way for federal agencies, law enforcement, and the public to report and share potential terrorism-related information. The federal government then developed a list of 16 behaviors that it considered “reasonably indicative of criminal activity associated with terrorism.” Nine of those 16 behaviors, as the government acknowledges, could have nothing to do with criminal activity and are constitutionally protected, including snapping photographs, taking notes, and “observation through binoculars.”
  • There are any number of problems with this approach, starting with its premise.  Predicting who exactly is a future threat before a person has done anything wrong is a perilous undertaking. That’s especially the case if the public is encouraged to report suspicions of neighbors, colleagues, and community members based on a “hair-on-the-back-of-your-neck” threshold. Nor is it any comfort that the FBI promises to protect the innocent by investigating “suspicious” people in secret. The civil liberties and privacy implications are, in fact, truly hair-raising, particularly when the Bureau engages in abusive and discriminatory sting operations and other rights violations.
  • A few months later, a scathing report from the Senate subcommittee on homeland security described similar intelligence problems in state-based fusion centers. It found that Department of Homeland Security (DHS) personnel assigned to the centers “forwarded ‘intelligence’ of uneven quality -- oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections... and more often than not unrelated to terrorism.”
  • Law enforcement officials, including the Los Angeles Police Department’s top counterterrorism officer, have themselves exhibited skepticism about suspicious activity reporting (out of concern with the possibility of overloading the system). In 2012, George Washington University’s Homeland Security Policy Institute surveyed counterterrorism personnel working in fusion centers and in a report generally accepting of SARs noted that the program had “flooded fusion centers, law enforcement, and other security outfits with white noise,” complicating “the intelligence process” and distorting “resource allocation and deployment decisions.” In other words, it was wasting time and sending personnel off on wild goose chases.
  • Under federal regulations, the government can only collect and maintain criminal intelligence information on an individual if there is a “reasonable suspicion” that he or she is “involved in criminal conduct or activity and the information is relevant to that criminal conduct or activity.” The SAR program officially lowered that bar significantly, violating the federal government’s own guidelines for maintaining a “criminal intelligence system.” There’s good reason for, at a minimum, using a reasonable suspicion standard. Anything less and it’s garbage in, garbage out, meaning counterterrorism “intelligence” databases become anything but intelligent.
  • yet another burgeoning secret database that the federal government calls its “consolidated terrorism watchlist.” Inclusion in this database -- and on government blacklists that are generated from it -- can bring more severe repercussions than unwarranted law enforcement attention. It can devastate lives.
  • There is hope, however. In August, four years after the ACLU filed a lawsuit on behalf of 13 people on the no-fly list, a judge ruled that the government’s redress system is unconstitutional. In early October, the government notified Mashal and six others that they were no longer on the list. Six of the ACLU’s clients remain unable to fly, but at least the government now has to disclose just why they have been put in that category, so that they can contest their blacklisting. Soon, others should have the same opportunity.
  • As of August 2013, there were approximately 47,000 people, including 800 U.S. citizens and legal permanent residents like Mashal, on that secretive no-fly list, all branded as “known or suspected terrorists.” All were barred from flying to, from, or over the United States without ever being given a reason why. On 9/11, just 16 names had been on the predecessor “no transport” list. The resulting increase of 293,650% -- perhaps more since 2013 -- isn’t an accurate gauge of danger, especially given that names are added to the list based on vague, broad, and error-prone standards.
  • The No Fly List is only the best known of the government’s web of terrorism watchlists. Many more exist, derived from the same master list.  Currently, there are more than one million names in the Terrorist Identities Datamart Environment, a database maintained by the National Counterterrorism Center. This classified source feeds the Terrorist Screening Database (TSDB), operated by the FBI’s Terrorist Screening Center. The TSDB is an unclassified but still secret list known as the “master watchlist.” containing what the government describes as “known or suspected terrorists,” or KSTs.
  • Nothing encapsulates the post-9/11, Alice-in-Wonderland inversion of American notions of due process more strikingly than this “blacklist first, innocence later... maybe” mindset. The Terrorist Screening Database is then used to fill other lists. In the context of aviation, this means the no-fly list, as well as the selectee and expanded selectee lists. Transportation security agents subject travelers on the latter two lists to extra screenings, which can include prolonged and invasive interrogation and searches of laptops, phones, and other electronic devices. Around the border, there’s the State Department’s Consular Lookout and Support System, which it uses to flag people it thinks shouldn’t get a visa, and the TECS System, which Customs and Border Protection uses to determine whether someone can enter the country.
  • According to documents recently leaked to the Intercept, as of August 2013 that master watchlist contained 680,000 people, including 5,000 U.S. citizens and legal permanent residents. The government can add people’s names to it according to a shaky “reasonable suspicion” standard. There is, however, growing evidence that what’s “reasonable” to the government may only remotely resemble what that word means in everyday usage. Information from a single source, even an uncorroborated Facebook post, can allow a government agent to watchlist an individual with virtually no outside scrutiny. Perhaps that’s why 40% of those on the master watchlist have “no recognized terrorist group affiliation,” according to the government’s own records.
  • This opens up the possibility of increased surveillance and tense encounters with the police, not to speak of outright harassment, for a large but undivulged number of people. When a police officer stops a person for a driving infraction, for instance, information about his or her KST status will pop up as soon a driver’s license is checked.  According to FBI documents, police officers who get a KST hit are warned to “approach with caution” and “ask probing questions.” When officers believe they’re about to go face to face with a terrorist, bad things can happen. It’s hardly a stretch of the imagination, particularly after a summer of police shootings of unarmed men, to suspect that an officer approaching a driver whom he believes to be a terrorist will be quicker to go for his gun. Meanwhile, the watchlisted person may never even know why his encounters with police have taken such a peculiar and menacing turn. According to the FBI's instructions, under no circumstances is a cop to tell a suspect that he or she is on a watchlist.
  • Inside the United States, no watchlist may be as consequential as the one that goes by the moniker of the Known or Appropriately Suspected Terrorist File. The names on this blacklist are shared with more than 17,000 state, local, and tribal police departments nationwide through the FBI’s National Crime Information Center (NCIC). Unlike any other information disseminated through the NCIC, the KST File reflects mere suspicion of involvement with criminal activity, so law enforcement personnel across the country are given access to a database of people who have secretly been labeled terrorism suspects with little or no actual evidence, based on virtually meaningless criteria.
  • And once someone is on this watchlist, good luck getting off it. According to the government’s watchlist rulebook, even a jury can’t help you. “An individual who is acquitted or against whom charges are dismissed for a crime related to terrorism,” it reads, “may nevertheless meet the reasonable standard and appropriately remain on, or be nominated to, the Terrorist Watchlist.” No matter the verdict, suspicion lasts forever.
  • The SARs program and the consolidated terrorism watchlist are just two domestic government databases of suspicion. Many more exist. Taken together, they should be seen as a new form of national ID for a growing group of people accused of no crime, who may have done nothing wrong, but are nevertheless secretly labeled by the government as suspicious or worse. Innocent until proven guilty has been replaced with suspicious until determined otherwise. Think of it as a new shadow system of national identification for a shadow government that is increasingly averse to operating in the light. It’s an ID its “owners” don’t carry around with them, yet it’s imposed on them whenever they interact with government agents or agencies. It can alter their lives in disastrous ways, often without their knowledge. And they could be you. If this sounds dystopian, that’s because it is.
Paul Merrell

Court Rules Feds Need Warrant to Access Drug Prescriptions Database | American Civil Li... - 0 views

www.aclu.org/...-feds-need-warrant-access-drug

surveillance state DEA prescriptions patient-records 4th Amendment warrant

shared by Paul Merrell on 14 Feb 14 - No Cached
  • In a significant win for the privacy rights of anyone who has ever gotten a drug prescription, a federal judge in Oregon ruled yesterday that the DEA needs a warrant to search confidential prescription records. Oregon, like 48 other states, has a Prescription Drug Monitoring Program (PDMP), which tracks patients’ prescriptions for medications used to treat a long list of sensitive medical conditions. Although Oregon law requires police to get a warrant from a judge before searching prescription records in the database, the DEA has been requesting records using administrative subpoenas, which do not involve judicial authorization or probable cause. After the State of Oregon sued the DEA over this practice, the ACLU and ACLU of Oregon joined the suit on behalf of four patients and a doctor in the state. Last month, we argued in court that the DEA is violating the Fourth Amendment by bypassing the Constitution’s warrant requirement when seeking private prescription records. Yesterday, the court agreed. The court’s ruling is the first time a judge has held that law enforcement must get a probable cause warrant to access confidential prescription records from a state database in a criminal investigation. The opinion is significant for several reasons.
  • First, the court soundly rejected the DEA’s extreme argument that people lose their Fourth Amendment privacy rights in their medical information when they engage in confidential discussions with their doctor and pharmacist about their illnesses and treatment decisions. The federal government had argued that the “third party doctrine” applied, comparing confidential prescription records to electricity consumption records, bank records, and other categories of information held by third-party companies, for which courts have said police don’t need a warrant. The judge batted this argument aside, explaining that prescription records are “more inherently personal or private than bank records, and are entitled to and treated with a heightened expectation of privacy.” As the court held: “Although there is not an absolute right to privacy in prescription information, as patients must expect that physicians, pharmacists, and other medical personnel can and must access their records, it is more than reasonable for patients to believe that law enforcement agencies will not have unfettered access to their records.” More importantly, this ruling fits into a series of recent opinions calling into question the continuing vitality of the third party doctrine in modern society. As Justice Sotomayor wrote in United States v. Jonestwo years ago, “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.” This sentiment was echoed by the federal judge who ruled last year that the NSA’s bulk telephone metadata program violates the Fourth Amendment. The Oregon case is another blow to the third party doctrine’s shaky foundation.
  • In addition, although yesterday’s ruling is only binding within Oregon, it will be persuasive precedent for courts evaluating law enforcement’s use of subpoenas to obtain private prescription records—and similar information—around the country. The case is a reminder to the DEA and other law enforcement agencies that they are not above the law, and that they must comply with the Fourth Amendment’s warrant requirement when seeking sensitive information in criminal investigations. Finally, the case should add momentum to a movement within state legislatures to amend PDMP statutes to require police to get a warrant for prescription records. Ten states currently require a warrant as a matter of state law (Rhode Island was the most recent state to add this requirement, last year). The Pennsylvania House has passed legislation creating a warrant requirement for that state’s PDMP, and is waiting for the state senate to act. The Florida legislature may update the privacy protections for its PDMP this year. Action by state legislatures will send a strong message to the DEA that it should be getting warrants everywhere, not just in Oregon.
  • Paul Merrell on 14 Feb 14
     
    A case to watch as it wends it way through the appellate process. A very big win for the ACLU, with major implications for federal intelligence gathering in general. 
Paul Merrell

FBI says search warrants not needed to use "stingrays" in public places | Ars Technica - 0 views

arstechnica.com/...se-stringrays-in-public-places

surveillance state stingrays DoJ privacy 4th Amendment

shared by Paul Merrell on 08 Jan 15 - No Cached
  • The Federal Bureau of Investigation is taking the position that court warrants are not required when deploying cell-site simulators in public places. Nicknamed "stingrays," the devices are decoy cell towers that capture locations and identities of mobile phone users and can intercept calls and texts. The FBI made its position known during private briefings with staff members of Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Sen. Chuck Grassley (R-Iowa). In response, the two lawmakers wrote Attorney General Eric Holder and Homeland Security chief Jeh Johnson, maintaining they were "concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests" of Americans. According to the letter, which was released last week: For example, we understand that the FBI’s new policy requires FBI agents to obtain a search warrant whenever a cell-site simulator is used as part of a FBI investigation or operation, unless one of several exceptions apply, including (among others): (1) cases that pose an imminent danger to public safety, (2) cases that involve a fugitive, or (3) cases in which the technology is used in public places or other locations at which the FBI deems there is no reasonable expectation of privacy.
  • The letter was prompted in part by a Wall Street Journal report in November that said the Justice Department was deploying small airplanes equipped with cell-site simulators that enabled "investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location." The bureau's position on Americans' privacy isn't surprising. The Obama Administration has repeatedly maintained that the public has no privacy in public places. It began making that argument as early as 2010, when it told a federal appeals court that the authorities should be allowed to affix GPS devices on vehicles and track a suspect's every move without court authorization. The Supreme Court, however, eventually ruled that warrants are required. What's more, the administration has argued that placing a webcam with pan-and-zoom capabilities on a utility pole to spy on a suspect at his or her residence was no different from a police officer's observation from the public right-of-way. A federal judge last month disagreed with the government's position, tossing evidence gathered by the webcam that was operated from afar.
  • In their letter, Leahy and Grassley complained that little is known about how stingrays, also known as ISMI catchers, are used by law enforcement agencies. The Harris Corp., a maker of the devices from Florida, includes non-disclosure clauses with buyers. Baltimore authorities cited a non-disclosure agreement to a judge in November as their grounds for refusing to say how they tracked a suspect's mobile phone. They eventually dropped charges rather than disclose their techniques. Further, sometimes the authorities simply lie to judges about their use or undertake other underhanded methods to prevent the public from knowing that the cell-site simulators are being used.
  • ...1 more annotation...
  • Hanni Fakhoury, an attorney for the Electronic Frontier Foundation, said some states and judges are pushing back against stingrays. "In Tacoma, judges now require police (to) specifically note they plan to use an IMSI catcher and promise not to store data collected from people who are not investigation targets," he said. "The Florida and Massachusetts state supreme courts ruled warrants were necessary for real-time cell phone tracking. Nine states—Colorado, Illinois, Indiana, Maryland, Minnesota, Tennessee, Utah, Virginia, and Wisconsin—passed laws specifically requiring police to use a warrant to track a cell phone in real time."
  • Paul Merrell on 08 Jan 15
     
    Is there any problem here that couldn't be cured by discharge and public flogging for any government official caught using information derived from a stingray?
Paul Merrell

Spy Chief James Clapper Wins Rosemary Award - 0 views

www2.gwu.edu/...20140324

surveillance state NSA Rosemary-Award Obama Clapper Alexander

shared by Paul Merrell on 24 Mar 14 - No Cached
  • Director of National Intelligence James Clapper has won the infamous Rosemary Award for worst open government performance in 2013, according to the citation published today by the National Security Archive at www.nsarchive.org. Despite heavy competition, Clapper's "No, sir" lie to Senator Ron Wyden's question: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" sealed his receipt of the dubious achievement award, which cites the vastly excessive secrecy of the entire U.S. surveillance establishment. The Rosemary Award citation leads with what Clapper later called the "least untruthful" answer possible to congressional questions about the secret bulk collection of Americans' phone call data. It further cites other Clapper claims later proved false, such as his 2012 statement that "we don't hold data on U.S. citizens." But the Award also recognizes Clapper's fellow secrecy fetishists and enablers, including:
  • Gen. Keith Alexander, director of the NSA, for multiple Rose Mary Woods-type stretches, such as (1) claiming that the secret bulk collection prevented 54 terrorist plots against the U.S. when the actual number, according to the congressionally-established Privacy and Civil Liberties Oversight Board (PCLOB) investigation (pp. 145-153), is zero; (2) his 2009 declaration to the wiretap court that multiple NSA violations of the court's orders arose from differences over "terminology," an explanation which the chief judge said "strains credulity;" and (3) public statements by the NSA about its programs that had to be taken down from its website for inaccuracies (see Documents 78, 85, 87 in The Snowden Affair), along with public statements by other top NSA officials now known to be untrue (see "Remarks of Rajesh De," NSA General Counsel, Document 53 in The Snowden Affair).
  • Robert Mueller, former FBI director, for suggesting (as have Gen. Alexander and many others) that the secret bulk collection program might have been able to prevent the 9/11 attacks, when the 9/11 Commission found explicitly the problem was not lack of data points, but failing to connect the many dots the intelligence community already had about the would-be hijackers living in San Diego. The National Security Division lawyers at the Justice Department, for misleading their own Solicitor General (Donald Verrilli) who then misled (inadvertently) the U.S. Supreme Court over whether Justice let defendants know that bulk collection had contributed to their prosecutions. The same National Security Division lawyers who swore under oath in the Electronic Frontier Foundation's Freedom of Information Act lawsuit for a key wiretap court opinion that the entire text of the opinion was appropriately classified Top Secret/Sensitive Compartmented Information (release of which would cause "exceptionally grave damage" to U.S. national security). Only after the Edward Snowden leaks and the embarrassed governmental declassification of the opinion did we find that one key part of the opinion's text simply reproduced the actual language of the 4th Amendment to the U.S. Constitution, and the only "grave damage" was to the government's false claims.
  • ...9 more annotations...
  • President Obama for his repeated misrepresentations about the bulk collection program (calling the wiretap court "transparent" and saying "all of Congress" knew "exactly how this program works") while in effect acknowledging the public value of the Edward Snowden leaks by ordering the long-overdue declassification of key documents about the NSA's activities, and investigations both by a special panel and by the Privacy and Civil Liberties Oversight Board. The PCLOB directly contradicted the President, pointing out that "when the only means through which legislators can try to understand a prior interpretation of the law is to read a short description of an operational program, prepared by executive branch officials, made available only at certain times and locations, which cannot be discussed with others except in classified briefings conducted by those same executive branch officials, legislators are denied a meaningful opportunity to gauge the legitimacy and implications of the legal interpretation in question. Under such circumstances, it is not a legitimate method of statutory construction to presume that these legislators, when reenacting the statute, intended to adopt a prior interpretation that they had no fair means of evaluating." (p. 101)
  • Even an author of the Patriot Act, Rep. Jim Sensenbrenner (R-WI), was broadsided by the revelation of the telephone metadata dragnet. After learning of the extent of spying on Americans that his Act unleashed, he wrote that the National Security Agency "ignored restrictions painstakingly crafted by lawmakers and assumed plenary authority never imagined by Congress" by cloaking its actions behind the "thick cloud of secrecy" that even our elected representatives could not breech. Clapper recently conceded to the Daily Beast, "I probably shouldn't say this, but I will. Had we been transparent about this [phone metadata collection] from the outset … we wouldn't have had the problem we had." The NSA's former deputy director, John "Chris" Inglis, said the same when NPR asked him if he thought the metadata dragnet should have been disclosed before Snowden. "In hindsight, yes. In hindsight, yes." Speaking about potential (relatively minimal) changes to the National Security Agency even the president acknowledged, "And all too often new authorities were instituted without adequate public debate," and "Given the unique power of the state, it is not enough for leaders to say: Trust us. We won't abuse the data we collect. For history has too many examples when that trust has been breached." (Exhibit A, of course, is the NSA "watchlist" in the 1960's and 1970's that targeted not only antiwar and civil rights activists, but also journalists and even members of Congress.)
  • The Archive established the not-so-coveted Rosemary Award in 2005, named after President Nixon's secretary, Rose Mary Woods, who testified she had erased 18-and-a-half minutes of a crucial Watergate tape — stretching, as she showed photographers, to answer the phone with her foot still on the transcription pedal. Bestowed annually to highlight the lowlights of government secrecy, the Rosemary Award has recognized a rogue's gallery of open government scofflaws, including the CIA, the Treasury Department, the Air Force, the FBI, the Federal Chief Information Officers' Council, and the career Rosemary leader — the Justice Department — for the last two years. Rosemary-winner James Clapper has offered several explanations for his untruthful disavowal of the National Security Agency's phone metadata dragnet. After his lie was exposed by the Edward Snowden revelations, Clapper first complained to NBC's Andrea Mitchell that the question about the NSA's surveillance of Americans was unfair, a — in his words — "When are you going to stop beating your wife kind of question." So, he responded "in what I thought was the most truthful, or least untruthful, manner by saying 'no.'"
  • After continuing criticism for his lie, Clapper wrote a letter to Chairman of the Senate Select Committee on Intelligence Dianne Feinstein, now explaining that he misunderstood Wyden's question and thought it was about the PRISM program (under Section 702 of the Foreign Intelligence Surveillance Act) rather than the telephone metadata collection program (under Section 215 of the Patriot Act). Clapper wrote that his staff "acknowledged the error" to Senator Wyden soon after — yet he chose to reject Wyden's offer to amend his answer. Former NSA senior counsel Joel Brenner blamed Congress for even asking the question, claiming that Wyden "sandbagged" Clapper by the "vicious tactic" of asking "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" Meanwhile, Steve Aftergood of the Federation of American Scientists countered that "it is of course wrong for officials to make false statements, as DNI Clapper did," and that in fact the Senate Intelligence Committee "became complicit in public deception" for failing to rebut or correct Clapper's statement, which they knew to be untruthful. Clapper described his unclassified testimony as a game of "stump the chump." But when it came to oversight of the National Security Agency, it appears that senators and representatives were the chumps being stumped. According to Representative Justin Amash (R-Mich), the House Intelligence Committee "decided it wasn't worthwhile to share this information" about telephone metadata surveillance with other members of Congress. Classified briefings open to the whole House were a "farce," Amash contended, often consisting of information found in newspapers and public statutes.
  • The Emmy and George Polk Award-winning National Security Archive, based at the George Washington University, has carried out thirteen government-wide audits of FOIA performance, filed more than 50,000 Freedom of Information Act requests over the past 28 years, opened historic government secrets ranging from the CIA's "Family Jewels" to documents about the testing of stealth aircraft at Area 51, and won a series of historic lawsuits that saved hundreds of millions of White House e-mails from the Reagan through Obama presidencies, among many other achievements.
  • Director Clapper joins an undistinguished list of previous Rosemary Award winners: 2012 - the Justice Department (in a repeat performance, for failure to update FOIA regulations for compliance with the law, undermining congressional intent, and hyping its open government statistics) 2011- the Justice Department (for doing more than any other agency to eviscerate President Obama's Day One transparency pledge, through pit-bull whistleblower prosecutions, recycled secrecy arguments in court cases, retrograde FOIA regulations, and mixed FOIA responsiveness) 2010 - the Federal Chief Information Officers' Council (for "lifetime failure" to address the crisis in government e-mail preservation) 2009 - the FBI (for having a record-setting rate of "no records" responses to FOIA requests) 2008 - the Treasury Department (for shredding FOIA requests and delaying responses for decades) 2007 - the Air Force (for disappearing its FOIA requests and having "failed miserably" to meet its FOIA obligations, according to a federal court ruling) 2006 - the Central Intelligence Agency (for the biggest one-year drop-off in responsiveness to FOIA requests yet recorded).   ALSO-RANS The Rosemary Award competition in 2013 was fierce, with a host of government contenders threatening to surpass the Clapper "least untruthful" standard. These secrecy over-achievers included the following FOI delinquents:
  • Admiral William McRaven, head of the Special Operations Command for the raid that killed Osama Bin Laden, who purged his command's computers and file cabinets of all records on the raid, sent any remaining copies over to CIA where they would be effectively immune from the FOIA, and then masterminded a "no records" response to the Associated Press when the AP reporters filed FOIA requests for raid-related materials and photos. If not for a one-sentence mention in a leaked draft inspector general report — which the IG deleted for the final version — no one would have been the wiser about McRaven's shell game. Subsequently, a FOIA lawsuit by Judicial Watch uncovered the sole remaining e-mail from McRaven ordering the evidence destruction, in apparent violation of federal records laws, a felony for which the Admiral seems to have paid no price. Department of Defense classification reviewers who censored from a 1962 document on the Cuban Missile Crisis direct quotes from public statements by Soviet Premier Nikita Khrushchev. The quotes referred to the U.S. Jupiter missiles in Turkey that would ultimately (and secretly) be pulled out in exchange for Soviet withdrawal of its missiles in Cuba. The denials even occurred after an appeal by the National Security Archive, which provided as supporting material the text of the Khrushchev statements and multiple other officially declassified documents (and photographs!) describing the Jupiters in Turkey. Such absurd classification decisions call into question all of the standards used by the Pentagon and the National Declassification Center to review historical documents.
  • Admiral William McRaven memo from May 13, 2011, ordering the destruction of evidence relating to the Osama bin Laden raid. (From Judicial Watch)
  • The Department of Justice Office of Information Policy, which continues to misrepresent to Congress the government's FOIA performance, while enabling dramatic increases in the number of times government agencies invoke the purely discretionary "deliberative process" exemption. Five years after President Obama declared a "presumption of openness" for FOIA requests, Justice lawyers still cannot show a single case of FOIA litigation in which the purported new standards (including orders from their own boss, Attorney General Eric Holder) have caused the Department to change its position in favor of disclosure.
Paul Merrell

If the Supreme Court tackles the NSA in 2015, it'll be one of these five cases | Ars Te... - 0 views

arstechnica.com/...tll-be-one-of-these-five-cases

surveillance state NSA pending-litigation

shared by Paul Merrell on 18 Jan 15 - No Cached
  • Roughly a year and a half since the first Snowden disclosures, there's already been a judicial order to shut down the National Security Agency's bulk metadata collection program. The lawsuit filed by Larry Klayman, a veteran conservative activist, would essentially put a stop to unchecked NSA surveillance. And at the start of 2015, he remains the only plaintiff whose case has won when fighting for privacy against the newly understood government monitoring. However, it's currently a victory in name only—the judicial order in Klayman was stayed pending the government’s appeal.
  • Klayman v. Obama is only one of a number of notable national security and surveillance-related civil and criminal cases stemming fully or partially from the Snowden documents. In 2014, a handful of these advanced far enough through the legal system that 2015 is likely to be a big year for privacy policy. One or more could even end up before the Supreme Court. "I think it's impossible to tell which case will be the one that does it, but I believe that, ultimately, the Supreme Court will have to step in and decide the constitutionality of some of the NSA's practices," Mark Rumold, an attorney with the Electronic Frontier Foundation, told Ars. Rumold is one of the attorneys in First Unitarian Church, a case that is challenging government surveillance much like Klayman. Along with that pair, headline watchers should set alerts for cases such as American Civil Liberties Union (ACLU) v. Clapper, United States v. Moalin, and United States v. Muhtorov. Not only are there several other related cases that will likely be influenced by these decisions, but those five cases represent the strongest and most direct legal challenges to the current NSA surveillance state.
  • Before outlining the relevant cases, it's important to note the government's general justification for the legality of bulk metadata collection: the third-party doctrine. This theory was codified most recently from a 1979 Supreme Court decision in Smith v. Maryland. In the case, the court found that individuals do not have an inherent privacy right to data that has already been disclosed to a third party. So with telecom data for instance, the government has posited that because a call from one person to another forcibly transits Verizon’s network, those two parties have already shared that data with Verizon. Therefore, the government argues, such data can't be private, and it’s OK to collect it. But legal experts say that recent surveillance and privacy Supreme Court decisions could lead the courts to reconsider. The first Snowden revelation (published in June 2013) was that Verizon (and presumably other telecom firms) are routinely handing over all call records to the NSA. The metadata records include the date, times, and lengths of the calls.
  • Paul Merrell on 18 Jan 15
     
    Joe Mullins does an excellent job of outlining the major pending cases that challenge NSA surveillance of U.S. citizens and the state of relevant case law.  At least one of those cases is likely to arrive in the Supreme Court during 2015. 
Paul Merrell

Information Awareness Office - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Information_Awareness_Office

surveillance state NSA DARPA Poindexter lies

shared by Paul Merrell on 23 Jun 13 - No Cached
  • The Information Awareness Office (IAO) was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to U.S. national security, by achieving Total Information Awareness (TIA). This would be achieved by creating enormous computer databases to gather and store the personal information of everyone in the United States, including personal e-mails, social networks, credit card records, phone calls, medical records, and numerous other sources, without any requirement for a search warrant.[1] This information would then be analyzed to look for suspicious activities, connections between individuals, and "threats".[2] Additionally, the program included funding for biometric surveillance technologies that could identify and track individuals using surveillance cameras, and other methods.[2] Following public criticism that the development and deployment of this technology could potentially lead to a mass surveillance system, the IAO was defunded by Congress in 2003. However, several IAO projects continued to be funded, and merely run under different names.[3][4][5][6]
  • The IAO was established after Admiral John Poindexter, former United States National Security Advisor to President Ronald Reagan, and SAIC executive Brian Hicks approached the US Department of Defense with the idea for an information awareness program after the attacks of September 11, 2001.[5] Poindexter and Hicks had previously worked together on intelligence-technology programs for the Defense Advanced Research Projects Agency. DARPA agreed to host the program and appointed Poindexter to run it in 2002. The IAO began funding research and development of the Total Information Awareness (TIA) Program in February 2003 but renamed the program the Terrorism Information Awareness Program in May that year after an adverse media reaction to the program's implications for public surveillance. Although TIA was only one of several IAO projects, many critics and news reports conflated TIA with other related research projects of the IAO, with the result that TIA came in popular usage to stand for an entire subset of IAO programs. The TIA program itself was the "systems-level" program of the IAO that intended to integrate information technologies into a prototype system to provide tools to better detect, classify, and identify potential foreign terrorists with the goal to increase the probability that authorized agencies of the United States could preempt adverse actions. As a systems-level program of programs, TIA's goal was the creation of a "counterterrorism information architecture" that integrated technologies from other IAO programs (and elsewhere, as appropriate). The TIA program was researching, developing, and integrating technologies to virtually aggregate data, to follow subject-oriented link analysis, to develop descriptive and predictive models through data mining or human hypothesis, and to apply such models to additional datasets to identify terrorists and terrorist groups.
  • Among the other IAO programs that were intended to provide TIA with component data aggregation and automated analysis technologies were the Genisys, Genisys Privacy Protection, Evidence Extraction and Link Discovery, and Scalable Social Network Analysis programs. On August 2, 2002, Dr. Poindexter gave a speech at DARPAtech 2002 entitled "Overview of the Information Awareness Office"[7] in which he described the TIA program. In addition to the program itself, the involvement of Poindexter as director of the IAO also raised concerns among some, since he had been earlier convicted of lying to Congress and altering and destroying documents pertaining to the Iran-Contra Affair, although those convictions were later overturned on the grounds that the testimony used against him was protected.
  • ...1 more annotation...
  • On January 16, 2003, Senator Russ Feingold introduced legislation to suspend the activity of the IAO and the Total Information Awareness program pending a Congressional review of privacy issues involved.[8] A similar measure introduced by Senator Ron Wyden would have prohibited the IAO from operating within the United States unless specifically authorized to do so by Congress, and would have shut the IAO down entirely 60 days after passage unless either the Pentagon prepared a report to Congress assessing the impact of IAO activities on individual privacy and civil liberties or the President certified the program's research as vital to national security interests. In February 2003, Congress passed legislation suspending activities of the IAO pending a Congressional report of the office's activities (Consolidated Appropriations Resolution, 2003, No.108–7, Division M, §111(b) [signed Feb. 20, 2003]). In response to this legislation, DARPA provided Congress on May 20, 2003 with a report on its activities.[9] In this report, IAO changed the name of the program to the Terrorism Information Awareness Program and emphasized that the program was not designed to compile dossiers on US citizens, but rather to research and develop the tools that would allow authorized agencies to gather information on terrorist networks. Despite the name change and these assurances, the critics continued to see the system as prone to potential misuse or abuse. As a result House and Senate negotiators moved to prohibit further funding for the TIA program by adding provisions to the Department of Defense Appropriations Act, 2004[10] (signed into law by President Bush on October 1, 2003). Further, the Joint Explanatory Statement included in the conference committee report specifically directed that the IAO as program manager for TIA be terminated immediately.[11]
  • Paul Merrell on 23 Jun 13
     
    What became today's NSA programs of public concern were the brain child of Admiral John Poindexter and a private sector compadre. U.S. v. Poindexter, 951 F.2d 369, 390 (D.C. Cir. 1991). Poindexter had previously been convicted on five criminal counts involving lying to Congress and destruction and alteration of evidence.  His convictions were overturned on appeal on grounds that some of the testimony against him had been immunized from use in prosecution by Congress. There was no claim on appeal that any such evidence had been false.  86 U.S. v. Poindexter, 951 F.2d 369, 390 (D.C. Cir. 1991), . For far more detail of the evidence against Poindexter, see the August 4, 1993 final report by independent prosecutor Lawrence Walsh, Vol 1, Part 4 section 3, .  So one might say that today's controversial NSA activities were the idea of and conceived by a government official more than willing to lie to Congress and  to destroy and alter evidence. 
Paul Merrell

European Human Rights Court Deals a Heavy Blow to the Lawfulness of Bulk Surveillance |... - 0 views

www.justsecurity.org/...w-lawfulness-bulk-surveillance

surveillance state bulk-collection ECHR litigation

shared by Paul Merrell on 11 Dec 15 - No Cached
  • In a seminal decision updating and consolidating its previous jurisprudence on surveillance, the Grand Chamber of the European Court of Human Rights took a sideways swing at mass surveillance programs last week, reiterating the centrality of “reasonable suspicion” to the authorization process and the need to ensure interception warrants are targeted to an individual or premises. The decision in Zakharov v. Russia — coming on the heels of the European Court of Justice’s strongly-worded condemnation in Schrems of interception systems that provide States with “generalised access” to the content of communications — is another blow to governments across Europe and the United States that continue to argue for the legitimacy and lawfulness of bulk collection programs. It also provoked the ire of the Russian government, prompting an immediate legislative move to give the Russian constitution precedence over Strasbourg judgments. The Grand Chamber’s judgment in Zakharov is especially notable because its subject matter — the Russian SORM system of interception, which includes the installation of equipment on telecommunications networks that subsequently enables the State direct access to the communications transiting through those networks — is similar in many ways to the interception systems currently enjoying public and judicial scrutiny in the United States, France, and the United Kingdom. Zakharov also provides a timely opportunity to compare the differences between UK and Russian law: Namely, Russian law requires prior independent authorization of interception measures, whereas neither the proposed UK law nor the existing legislative framework do.
  • The decision is lengthy and comprises a useful restatement and harmonization of the Court’s approach to standing (which it calls “victim status”) in surveillance cases, which is markedly different from that taken by the US Supreme Court. (Indeed, Judge Dedov’s separate but concurring opinion notes the contrast with Clapper v. Amnesty International.) It also addresses at length issues of supervision and oversight, as well as the role played by notification in ensuring the effectiveness of remedies. (Marko Milanovic discusses many of these issues here.) For the purpose of the ongoing debate around the legitimacy of bulk surveillance regimes under international human rights law, however, three particular conclusions of the Court are critical.
  • The Court took issue with legislation permitting the interception of communications for broad national, military, or economic security purposes (as well as for “ecological security” in the Russian case), absent any indication of the particular circumstances under which an individual’s communications may be intercepted. It said that such broadly worded statutes confer an “almost unlimited degree of discretion in determining which events or acts constitute such a threat and whether that threat is serious enough to justify secret surveillance” (para. 248). Such discretion cannot be unbounded. It can be limited through the requirement for prior judicial authorization of interception measures (para. 249). Non-judicial authorities may also be competent to authorize interception, provided they are sufficiently independent from the executive (para. 258). What is important, the Court said, is that the entity authorizing interception must be “capable of verifying the existence of a reasonable suspicion against the person concerned, in particular, whether there are factual indications for suspecting that person of planning, committing or having committed criminal acts or other acts that may give rise to secret surveillance measures, such as, for example, acts endangering national security” (para. 260). This finding clearly constitutes a significant threshold which a number of existing and pending European surveillance laws would not meet. For example, the existence of individualized reasonable suspicion runs contrary to the premise of signals intelligence programs where communications are intercepted in bulk; by definition, those programs collect information without any consideration of individualized suspicion. Yet the Court was clearly articulating the principle with national security-driven surveillance in mind, and with the knowledge that interception of communications in Russia is conducted by Russian intelligence on behalf of law enforcement agencies.
  • ...6 more annotations...
  • This element of the Grand Chamber’s decision distinguishes it from prior jurisprudence of the Court, namely the decisions of the Third Section in Weber and Saravia v. Germany (2006) and of the Fourth Section in Liberty and Ors v. United Kingdom (2008). In both cases, the Court considered legislative frameworks which enable bulk interception of communications. (In the German case, the Court used the term “strategic monitoring,” while it referred to “more general programmes of surveillance” in Liberty.) In the latter case, the Fourth Section sought to depart from earlier European Commission of Human Rights — the court of first instance until 1998 — decisions which developed the requirements of the law in the context of surveillance measures targeted at specific individuals or addresses. It took note of the Weber decision which “was itself concerned with generalized ‘strategic monitoring’, rather than the monitoring of individuals” and concluded that there was no “ground to apply different principles concerning the accessibility and clarity of the rules governing the interception of individual communications, on the one hand, and more general programmes of surveillance, on the other” (para. 63). The Court in Liberty made no mention of any need for any prior or reasonable suspicion at all.
  • In Weber, reasonable suspicion was addressed only at the post-interception stage; that is, under the German system, bulk intercepted data could be transmitted from the German Federal Intelligence Service (BND) to law enforcement authorities without any prior suspicion. The Court found that the transmission of personal data without any specific prior suspicion, “in order to allow the institution of criminal proceedings against those being monitored” constituted a fairly serious interference with individuals’ privacy rights that could only be remedied by safeguards and protections limiting the extent to which such data could be used (para. 125). (In the context of that case, the Court found that Germany’s protections and restrictions were sufficient.) When you compare the language from these three cases, it would appear that the Grand Chamber in Zakharov is reasserting the requirement for individualized reasonable suspicion, including in national security cases, with full knowledge of the nature of surveillance considered by the Court in its two recent bulk interception cases.
  • The requirement of reasonable suspicion is bolstered by the Grand Chamber’s subsequent finding in Zakharov that the interception authorization (e.g., the court order or warrant) “must clearly identify a specific person to be placed under surveillance or a single set of premises as the premises in respect of which the authorisation is ordered. Such identification may be made by names, addresses, telephone numbers or other relevant information” (para. 264). In making this finding, it references paragraphs from Liberty describing the broad nature of the bulk interception warrants under British law. In that case, it was this description that led the Court to find the British legislation possessed insufficient clarity on the scope or manner of exercise of the State’s discretion to intercept communications. In one sense, therefore, the Grand Chamber seems to be retroactively annotating the Fourth Section’s Liberty decision so that it might become consistent with its decision in Zakharov. Without this revision, the Court would otherwise appear to depart to some extent — arguably, purposefully — from both Liberty and Weber.
  • Finally, the Grand Chamber took issue with the direct nature of the access enjoyed by Russian intelligence under the SORM system. The Court noted that this contributed to rendering oversight ineffective, despite the existence of a requirement for prior judicial authorization. Absent an obligation to demonstrate such prior authorization to the communications service provider, the likelihood that the system would be abused through “improper action by a dishonest, negligent or overly zealous official” was quite high (para. 270). Accordingly, “the requirement to show an interception authorisation to the communications service provider before obtaining access to a person’s communications is one of the important safeguards against abuse by the law-enforcement authorities” (para. 269). Again, this requirement arguably creates an unconquerable barrier for a number of modern bulk interception systems, which rely on the use of broad warrants to authorize the installation of, for example, fiber optic cable taps that facilitate the interception of all communications that cross those cables. In the United Kingdom, the Independent Reviewer of Terrorism Legislation David Anderson revealed in his essential inquiry into British surveillance in 2015, there are only 20 such warrants in existence at any time. Even if these 20 warrants are served on the relevant communications service providers upon the installation of cable taps, the nature of bulk interception deprives this of any genuine meaning, making the safeguard an empty one. Once a tap is installed for the purposes of bulk interception, the provider is cut out of the equation and can no longer play the role the Court found so crucial in Zakharov.
  • The Zakharov case not only levels a serious blow at bulk, untargeted surveillance regimes, it suggests the Grand Chamber’s intention to actively craft European Court of Human Rights jurisprudence in a manner that curtails such regimes. Any suggestion that the Grand Chamber’s decision was issued in ignorance of the technical capabilities or intentions of States and the continued preference for bulk interception systems should be dispelled; the oral argument in the case took place in September 2014, at a time when the Court had already indicated its intention to accord priority to cases arising out of the Snowden revelations. Indeed, the Court referenced such forthcoming cases in the fact sheet it issued after the Zakharov judgment was released. Any remaining doubt is eradicated through an inspection of the multiple references to the Snowden revelations in the judgment itself. In the main judgment, the Court excerpted text from the Director of the European Union Agency for Human Rights discussing Snowden, and in the separate opinion issued by Judge Dedov, he goes so far as to quote Edward Snowden: “With each court victory, with every change in the law, we demonstrate facts are more convincing than fear. As a society, we rediscover that the value of the right is not in what it hides, but in what it protects.”
  • The full implications of the Zakharov decision remain to be seen. However, it is likely we will not have to wait long to know whether the Grand Chamber intends to see the demise of bulk collection schemes; the three UK cases (Big Brother Watch & Ors v. United Kingdom, Bureau of Investigative Journalism & Alice Ross v. United Kingdom, and 10 Human Rights Organisations v. United Kingdom) pending before the Court have been fast-tracked, indicating the Court’s willingness to continue to confront the compliance of bulk collection schemes with human rights law. It is my hope that the approach in Zakharov hints at the Court’s conviction that bulk collection schemes lie beyond the bounds of permissible State surveillance.
1 - 20 of 38 Next ›
Showing 20 items per page