Group items tagged

After months of deliberation, the Obama administration has made a long-awaited decision on the thorny issue of how to deal with encrypted communications: It will not — for now — call for legislation requiring companies to decode messages for law enforcement. Rather, the administration will continue trying to persuade companies that have moved to encrypt their customers’ data to create a way for the government to still peer into people’s data when needed for criminal or terrorism investigations. “The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI Director James B. Comey said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.

The decision, which essentially maintains the status quo, underscores the bind the administration is in — balancing competing pressures to help law enforcement and protect consumer privacy. The FBI says it is facing an increasing challenge posed by the encryption of communications of criminals, terrorists and spies. A growing number of companies have begun to offer encryption in which the only people who can read a message, for instance, are the person who sent it and the person who received it. Or, in the case of a device, only the device owner has access to the data. In such cases, the companies themselves lack “backdoors” or keys to decrypt the data for government investigators, even when served with search warrants or intercept orders.

The decision was made at a Cabinet meeting Oct. 1. “As the president has said, the United States will work to ensure that malicious actors can be held to account — without weakening our commitment to strong encryption,” National Security Council spokesman Mark Stroh said. “As part of those efforts, we are actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services.” But privacy advocates are concerned that the administration’s definition of strong encryption also could include a system in which a company holds a decryption key or can retrieve unencrypted communications from its servers for law enforcement. “The government should not erode the security of our devices or applications, pressure companies to keep and allow government access to our data, mandate implementation of vulnerabilities or backdoors into products, or have disproportionate access to the keys to private data,” said Savecrypto.org, a coalition of industry and privacy groups that has launched a campaign to petition the Obama administration.

While a letter is in the mail, the police may not intercept it and examine its contents unless they first obtain a warrant based on probable cause. Ibid. This is true despite the fact that sealed letters are handed over to perhaps dozens of mail carriers, any one of whom could tear open the thin paper envelopes that separate the private words from the world outside. Put another way, trusting a letter to an intermediary does not necessarily defeat a reasonable expectation that the letter will remain private. See Katz, 389 U.S. at 351, 88 S.Ct. 507 ("[W]hat [a person] seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected."). Given the fundamental similarities between email and traditional forms of communication, it would defy common sense 286*286 to afford emails lesser Fourth Amendment protection. See Patricia L. Bellia & Susan Freiwald, Fourth Amendment Protection for Stored E-Mail, 2008 U. Chi. Legal F. 121, 135 (2008) (recognizing the need to "eliminate the strangely disparate treatment of mailed and telephonic communications on the one hand and electronic communications on the other"); City of Ontario v. Quon, ___ U.S. ___, 130 S.Ct. 2619, 2631, 177 L.Ed.2d 216 (2010) (implying that "a search of [an individual's] personal e-mail account" would be just as intrusive as "a wiretap on his home phone line"); United States v. Forrester, 512 F.3d 500, 511 (9th Cir.2008) (holding that "[t]he privacy interests in [mail and email] are identical"). Email is the technological scion of tangible mail, and it plays an indispensable part in the Information Age.

Over the last decade, email has become "so pervasive that some persons may consider [it] to be [an] essential means or necessary instrument[] for self-expression, even self-identification." Quon, 130 S.Ct. at 2630. It follows that email requires strong protection under the Fourth Amendment; otherwise, the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve. See U.S. Dist. Court, 407 U.S. at 313, 92 S.Ct. 2125; United States v. Waller, 581 F.2d 585, 587 (6th Cir.1978) (noting the Fourth Amendment's role in protecting "private communications"). As some forms of communication begin to diminish, the Fourth Amendment must recognize and protect nascent ones that arise. See Warshak I, 490 F.3d at 473 ("It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in the past.").

If we accept that an email is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel a commercial ISP to turn over the contents of an email without triggering the Fourth Amendment. An ISP is the intermediary that makes email communication possible. Emails must pass through an ISP's servers to reach their intended recipient. Thus, the ISP is the functional equivalent of a post office or a telephone company. As we have discussed above, the police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call—unless they get a warrant, that is. See Jacobsen, 466 U.S. at 114, 104 S.Ct. 1652; Katz, 389 U.S. at 353, 88 S.Ct. 507. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber's emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement absent some exception. In Warshak I, the government argued that this conclusion was improper, pointing to the fact that NuVox contractually reserved the right to access Warshak's emails for certain purposes. While we acknowledge that a subscriber agreement might, in some cases, be sweeping enough to defeat a reasonable expectation of privacy in the contents of an email account, see Warshak I, 490 F.3d at 473; Warshak II, 532 F.3d at 526-27, we doubt that will be the case in most situations, and it is certainly not the case here.

More than a month after Sen. Ron Wyden (D-Ore.) requested information about US Customs and Border Protection's practice of searching cell phones at US borders and airports, he's still waiting for answers—but he's not waiting to introduce legislation to end the practice. "It's very concerning that [the Department of Homeland Security] hasn't managed to answer my questions about the number of digital searches at the border, five weeks after I requested that basic information," Wyden, a leading congressional advocate for civil liberties and privacy, told Mother Jones on Tuesday through a spokesman. "If CBP were to undertake a system of indiscriminate digital searches, that would distract CBP from its core mission, dragging time and attention away from catching the bad guys." Wyden's request to DHS and CBP came on the heels of a February 18 report from the Associated Press of a "fivefold increase" in electronic media searches in fiscal year 2016 over the previous year, from fewer than 5,000 to nearly 24,000. It also followed Homeland Security Secretary John Kelly's suggestion that visitors from a select group of countries, mainly Muslim, might be required to hand over passwords to their social media accounts as a condition of entry. (That comment came a week after President Donald Trump first unveiled his executive order⁠ banning travel from seven majority-Muslim countries.) The Knight First Amendment Institute, which advocates for freedom of speech, sued DHS on Monday for records relating to the seizure of electronic devices at border checkpoints. Wyden requested similar data on CBP device searches and demands for travelers' passwords. "There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers," Wyden wrote in the February 20 letter to DHS and CBP. "By requesting a traveler's credentials and then directly accessing their data, CBP would be short-circuiting the vital checks and balances that exist in our current system." The senator wrote that the searches not only violate civil liberties but could reduce international business travel or force companies to outfit employees with "burner" laptops and mobile devices, "which some firms already use when employees visit nations like China."

"Folks are going to be less likely to travel freely to the US with the devices they need if they don't feel their sensitive business information is going to be safe at the border," Wyden said Tuesday, noting that CBP can copy the information it views on a device. "Then they can store that information and search it without a warrant." Wyden will soon introduce legislation to force law enforcement to obtain warrants before searching devices at the border. His bill would also prevent CBP from compelling travelers to reveal passwords to their accounts. A DHS spokesman said in a statement that "all travelers arriving to the US are subject to CBP inspection," which includes inspection of any electronic devices they may be carrying. Access to these devices, the spokesman said, helps CBP agents ascertain the identity and admissibility of people from other countries and "deter the entry of possible terrorists, terrorist weapons, controlled substances," and other prohibited items. "CBP electronic media searches," the spokesman said, "have resulted in arrests for child pornography, evidence helpful in combating terrorist activity, violations of export controls, convictions for intellectual property rights violations, and visa fraud discoveries." In a March 27 USA Today op-ed, Joseph B. Maher, DHS acting general counsel, compared device searches to searching luggage. "Just as Customs is charged with inspecting luggage, vehicles and cargo containers upon arrival to the USA, there are circumstances in this digital age when we must inspect an electronic device for violations of the law," Maher wrote.

But in a unanimous 2014 ruling, the Supreme Court found that police need warrants to search cell phones. Chief Justice John Roberts wrote in the opinion that cell phones are "such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy." In response to a Justice Department argument that cell phones were akin to wallets, purses, and address books, Roberts wrote: "That is like saying a ride on horseback is materially indistinguishable from a flight to the moon." The law, however, applies differently at the border because of the "border search doctrine," which has traditionally given law enforcement wider latitude under the Fourth Amendment to perform searches at borders and international airports. CBP says it keeps tight controls on its searches and is sensitive to personal privacy. Wyden isn't convinced. "Given Trump's worrying track record so far, and the ease with which CBP could change its guidelines, it's important we create common-sense statutory protections for Americans' liberty and security," he says.

Though the NSA says its mass surveillance of Americans targets only “terrorists,” the spying may turn up evidence of other illegal acts that can get passed on to law enforcement which hides the secret source through a ruse called “parallel construction,” writes ex-CIA analyst Ray McGovern. By Ray McGovern Rarely do you get a chance to ask a just-retired FBI director whether he had “any legal qualms” about what, in football, is called “illegal procedure,” but at the Justice Department is called “parallel construction.” Government wordsmiths have given us this pleasant euphemism to describe the use of the National Security Agency’s illegal eavesdropping on Americans as an investigative tool to pass on tips to law enforcement agencies which then hide the source of the original suspicion and “construct” a case using “parallel” evidence to prosecute the likes of you and me.

For those interested in “quaint” things like the protections that used to be afforded us by the Fourth and Fifth Amendments to the Constitution, information about this “parallel construction” has been in the public domain, including the “mainstream media,” for at least a year or so. So, I welcomed the chance to expose this artful practice to still more people with cameras rolling at a large conference on “Ethos & Profession of Intelligence” at Georgetown University on Wednesday, during the Q & A after former FBI Director Robert Mueller spoke. Mueller ducked my question regarding whether he had any “legal qualms” about this “parallel construction” arrangement. He launched into a discursive reply in which he described the various ”authorities” enjoyed by the FBI (and the CIA), which left the clear impression not only that he was without qualms but that he considered the practice of concealing the provenance of illegally acquired tip-off information somehow within those professed “authorities.”

Bottom line? Beware, those of you who think you have “nothing to hide” when the NSA scoops up your personal information. You may think that the targets of these searches are just potential “terrorists.” But the FBI, Internal Revenue Service, Drug Enforcement Administration and countless other law enforcement bodies are dipping their cursors into the huge pool of mass surveillance.

The drive to end the bulk collection of phone records by the National Security Agency is gaining strength, as Senate Democrats said Sunday that Congress will change the law to ban the practice if President Obama does not do it first. “It’s time to have real reform, not a veneer of reform,” said Sen. Mark Udall (D-Colo.), a longtime critic of the NSA. “We have got to rebuild the American people’s trust in our intelligence community so we can be safe,” he said on ABC’s "This Week." “But we don’t do that by bulk data collection that violates the privacy of Americans. That’s unconstitutional, and has shown to not be effective.” Last week, a federal judge said the routine collection of the dialing records is probably unconstitutional, and a panel appointed by President Obama recommended a major change. “We believe the government shouldn’t hold this data any longer,” Michael Morrell, a former acting director of the CIA and a panel member, said on CBS’ "Face the Nation." He said the phone records could be held by the phone companies or by another private group. Then, the government would “need a court order every time they wanted to query that data,” he said. Despite the need for reforms, Morrell said the original purpose of the program still makes sense. He said it is crucial the NSA and the FBI can move quickly if there is reason to believe that a “terrorist overseas is talking to someone in the United States.”

But the government does not need to collect and store all of these dialing records, he said, so long as they are held in private hands. Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.) said he will press ahead in January to pass a bill that forbids the NSA from collecting phone records. He is sponsoring the USA Freedom Act with former House Judiciary Committee Chairman F. James Sensenbrenner (R-Wis.) to close what they now see as a loophole in the law.

Our series on the NSA documents now being complete, I thought I would collect all of the posts together in one place. Here are the documents themselves. And here are our seven posts commenting on them: The Introduction Summary of the October 2011 FISC Opinion Summary of the November 2011 FISC Opinion Summary of the September 2012 FISC Opinion Summary of Statements to Congress Summary of the Minimization Procedures Summary of the Semi-Annual Compliance Report Now that the series is done, I will turn to the question of

House Speaker John Boehner and his cronies removed North Carolina Congressman Walter Jones from the House Financial Services Committee in late 2012, as part of a purge that removed Republicans who were not all in for Wall Street -- and for Boehner's brand of "service" to the industries that are supposed to be regulated by Congress -- from the one panel with the power to hold bankers and brokers to account. But Jones, who had opposed bank bailouts and favored Wall Street regulation, did not go quietly. He spoke up about the purge and made little secret of his sense that -- though he had split with Boehner on a number of issues -- his biggest "sin" in the eyes of the party leadership was his refusal to bow to the demands of big campaign donors. “This whole place is all about money. Money is more important than policy,” complained Jones, who has in recent years co-sponsored most major pieces of campaign-finance reform legislation in the House -- including a call for a constitutional amendment designed to restore the ability of federal, state and local officials to regulate campaign spending.

The congressman's bluntness did not go over well with the masters of the universe on Wall Street. So, this spring, they set out to purge Walter Jones from Congress altogether. They found a consummate DC insider with close ties to the financial-services industry, Taylor Griffin, and filled the challenger's campaign treasury with PAC checks from J.P. Morgan, Wells Fargo and Bank of America, as well as political powerbrokers like former Republican National Committee chairman Haley Barbour and Wayne Berman of the Blackstone Group. It did not stop there. Jones' independence extended far beyond debates over Wall Street bailouts and regulation. The Republican is a social and economic conservative -- make that a social and economic very conservative -- but he has repeatedly broken with the party establishment on issues of war and peace, privacy rights, trade policy and budgets. He even voted against proposals by the darling of Wall Street and the party establishment, Congressman Paul Ryan

Bush administration aides and apologists rushed in with public statements and "independent" expenditures to attack Jones for his opposition to wars in Iraq and Afghanistan, and for his refusal to go along with moves that might lead to wars with Iran and other countries. Former Bush White House spokesman Ari Fleischer gave his enthusiastic backing to Griffin, as did former national security adviser Juan Zarate. Sarah Palin, one of the party's most consistent militarists, came in big for Griffin, who hailed her as an "old friend." A neo-conservative group, the Emergency Committee For Israel, spent at least $250,000 on ads that claimed Jones "preaches American decline." What Jones actually said was that, “Lyndon Johnson’s probably rotting in hell right now because of the Vietnam War, and he probably needs to move over for Dick Cheney.” At the same time, the wealthy champions of Ryan's crony-capitalist approach to budgeting were in with big money for TV ads and direct mail from the "Ending Spending Action Fund" -- a super PAC backed by billionaire businessman Joe Ricketts. By a lot of DC measures, Jones should have been doomed.

As the Obama administration campaign to stop the commercialization of strong encryption heats up, National Security Agency whistleblower Edward Snowden is firing back on behalf of the companies like Apple and Google that are finding themselves under attack. “Technologists and companies working to protect ordinary citizens should be applauded, not sued or prosecuted,” Snowden wrote in an email through his lawyer. Snowden was asked by The Intercept to respond to the contentious suggestion — made Thursday on a blog that frequently promotes the interests of the national security establishment — that companies like Apple and Google might in certain cases be found legally liable for providing material aid to a terrorist organization because they provide encryption services to their users.

In his email, Snowden explained how law enforcement officials who are demanding that U.S. companies build some sort of window into unbreakable end-to-end encryption — he calls that an “insecurity mandate” — haven’t thought things through. “The central problem with insecurity mandates has never been addressed by its proponents: if one government can demand access to private communications, all governments can,” Snowden wrote. “No matter how good the reason, if the U.S. sets the precedent that Apple has to compromise the security of a customer in response to a piece of government paper, what can they do when the government is China and the customer is the Dalai Lama?”

Weakened encryption would only drive people away from the American technology industry, Snowden wrote. “Putting the most important driver of our economy in a position where they have to deal with the devil or lose access to international markets is public policy that makes us less competitive and less safe.”

Earlier today, President Obama announced a series of reforms to address abuses by the National Security Agency. We were heartened to see Obama recognized that the NSA has gone too far in trampling the privacy rights of people worldwide. In his speech, the President ensured that National Security Letters would not come with perpetual gag orders, brought new levels of transparency and fairness to the FISA court, and ended bulk collection of telephone records by the NSA. However, there is still much more to be done. We’ve put together a scorecard showing how Obama’s announcements stack up against 12 common sense fixes that should be a minimum for reforming NSA surveillance. Each necessary reform was worth 1 point, and we were willing to award partial credit for steps in the right direction. On that scale, President Obama racked up 3.5 points out of a possible 12.