Group items matching

in title, tags, annotations or url

After months of deliberation, the Obama administration has made a long-awaited decision on the thorny issue of how to deal with encrypted communications: It will not — for now — call for legislation requiring companies to decode messages for law enforcement. Rather, the administration will continue trying to persuade companies that have moved to encrypt their customers’ data to create a way for the government to still peer into people’s data when needed for criminal or terrorism investigations. “The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI Director James B. Comey said at a Senate hearing Thursday of the Homeland Security and Governmental Affairs Committee.

The decision, which essentially maintains the status quo, underscores the bind the administration is in — balancing competing pressures to help law enforcement and protect consumer privacy. The FBI says it is facing an increasing challenge posed by the encryption of communications of criminals, terrorists and spies. A growing number of companies have begun to offer encryption in which the only people who can read a message, for instance, are the person who sent it and the person who received it. Or, in the case of a device, only the device owner has access to the data. In such cases, the companies themselves lack “backdoors” or keys to decrypt the data for government investigators, even when served with search warrants or intercept orders.

The decision was made at a Cabinet meeting Oct. 1. “As the president has said, the United States will work to ensure that malicious actors can be held to account — without weakening our commitment to strong encryption,” National Security Council spokesman Mark Stroh said. “As part of those efforts, we are actively engaged with private companies to ensure they understand the public safety and national security risks that result from malicious actors’ use of their encrypted products and services.” But privacy advocates are concerned that the administration’s definition of strong encryption also could include a system in which a company holds a decryption key or can retrieve unencrypted communications from its servers for law enforcement. “The government should not erode the security of our devices or applications, pressure companies to keep and allow government access to our data, mandate implementation of vulnerabilities or backdoors into products, or have disproportionate access to the keys to private data,” said Savecrypto.org, a coalition of industry and privacy groups that has launched a campaign to petition the Obama administration.

Europe is being overrun by refugees from American bombing campaigns in Libya and Syria, which created a failed state in Libya, and which threaten to do the same in Syria. Europe is thus being forced to separate itself from endorsing the U.S. bombing campaign that focuses against the Syrian government forces of the secular Shiite Syrian President Bashar al-Assad, instead of against his fundamentalist Sunni Islamic opponents, the jihadist groups (all of which are Sunni), such as ISIS, and Al Qaeda in Syria (al-Nusra).

Russia announced on October 2nd that their bombing campaign against America’s allies in Syria — ISIS and Al Nusra (the latter being Al Qaeda in Syria) — will intensify and will last “three or four months.” U.S. President Barack Obama is insisting upon excluding Russia from any peace talks on Syria; the U.S. will not move forward with peace talks unless Syria’s President Bashar al-Assad first steps down. But Russia is the only serious military power against the jihadists who are trying to defeat Assad, and Russia is now committing itself also to providing Lebanon with weapons against the jihadists, who are America’s allies in Lebanon too.

That’s hardly the only ‘legacy’ issue for Obama — his war against Russia, via overthrowing Gaddafi, then Yanukovych, and his still trying to overthrow Assad — which is now forcing the break-up of the Western Alliance, over the resulting refugee-crisis. An even bigger such conflict within the Alliance concerns Obama’s proposed treaty with European states, the TTIP, which would give international corporations rights to sue national governments in non-appealable global private arbitration panels, the dictates from which will stand above any member-nation’s laws. Elected government officials will have no control over them. This supra-national mega-corporate effort by Obama is also part of his similar effort in his proposed TPP treaty with Asian nations, both of which are additionally aimed to isolate from international trade not just Russia, but China, so as to leave America’s large international corporations controlling virtually the entire world. As things now stand regarding these ‘trade’ deals, Obama will either need to eliminate some of his demands, or else the European Commission won’t be able to muster enough of its members to support Obama’s proposed treaty with the EU, the TTIP (Transatlantic Trade and Investment Partnership). Also, some key European nations might reject Obama’s proposed treaty on regulations regarding financial and other services: TISA (Trade In Services Agreement). All three of Obama’s proposed ‘trade’ deals, including the TPP (Trans-Pacific Partnership) between the U.S. and Asian countries, are the actual culmination of Obama’s Presidency, and they’re all about far more than just trade and economics. The main proposed deal with Europe might now be dead.

When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.

The ambassador to Belgium, a big campaign bundler for President Obama, was accused of soliciting sex in a park near the U.S. Embassy in Brussels. Members of then-Secretary of State Hillary Clinton’s security detail were accused of hiring prostitutes, and a State Department security official in Beirut “engaged in sexual assaults” on foreign nationals, according to the complaints. The Diplomatic Security Service, a law enforcement branch of the State Department, tried to investigate the underlying charges but was blocked by top agency managers including Kennedy and Cheryl Mills, chief of staff to Hillary Clinton, according to whistleblower allegations that surfaced later.

DSS agents reported the interference to the inspector general’s office, which confirmed the pressure from the top. A draft IG report written in November 2012 described the underlying cases of misconduct and the strong-arm tactics used by top managers to block the DSS investigations. But that draft report was not made public. Instead, it was shown to top State Department officials who wanted it scrubbed of damaging information. “This is going to kill us,” one top agency official reportedly said upon seeing the draft report, according to CBS News. When the final IG report was issued in February 2013, it made no mention of the individual cases or of management pressure to kill the DSS probes. Instead, the IG report blandly stated that DSS “lacks a firewall” to prevent management interference with DSS investigations.

The more candid draft report was leaked by an investigator inside the IG’s office to the House Oversight and Government Reform Committee and to CBS News. Rep. Ed Royce, the California Republican who is chairman of the House Foreign Affairs Committee, demanded copies of the draft report and details about the specific cases of misconduct. The IG’s office refused to provide the information. “There is every indication that critical information was missing from the IG report submitted to Congress,” Royce told the Washington Examiner in a recent interview. “And whether it was State’s pressure to remove it or Geisel’s unwillingness to include it, the result is the same. We are not, as required by law, kept fully and currently informed. The bottom line is when federal agencies lack a Senate-confirmed, independent inspector general, the potential for malfeasance really abounds,” he said.

In the latest indication of a rolling government cover-up of the September 11, 2001, attacks, the Federal Bureau of Investigation (FBI) is disowning an explosive internal report that suggests high-level Saudi involvement. And Washington seems only too happy to accept this latest peculiar FBI apologia.The same FBI that attempted to hide its prior relationship with accused Boston Marathon bomber Tamerlan Tsarnaev—until that link was outed by the Russian FSB security service—is now rewriting its involvement in the worst terror attack on American soil.In this bizarre development, the Bureau claims that an internal FBI document indirectly tying the alleged Al Qaeda hijackers to a prominent Saudi prince was fabricated.If the FBI is telling the truth and its own agent simply made the whole thing up, that would in itself be a remarkable and essentially unprecedented development.But since we have reason to believe—as you shall see—that the FBI agent did not make it up, the Bureau’s claim is prima facie evidence of a cover-up: one that could only be authorized at the highest levels, for reasons which will become apparent.

It took a jury just over 11 hours to find Boston Marathon bomber Dzhokhar Tsarnaev guilty of 30 counts in connection with the worst terrorist attack on American soil since 9/11. Federal prosecutors argued Tsarnaev, 21, deliberately “shredded the bodies” of his victims and waged violent jihad to “punish Americans.”Assistant US Attorney Aloke Chakravarty portrayed Tsarnaev as a heartless terrorist who, along with his  brother Tamerlan, carried out the April 2013 attacks that killed three and injured 264 others.But while evidence of Tsarnaev’s culpability—including an admission of guilt from his own defense team—virtually guaranteed a guilty verdict, that wasn’t enough to stop prosecutors from twisting important facts to suit their own agenda.Referencing “bomb-making” paraphernalia seized from Tamerlan Tsarnaev’s apartment, Chakravarty told the court that, “there is evidence, at least in part, that the bombs were built at 410 Norfolk Street.”

What the jury didn’t know is that in May 2014, prosecutors said they had no evidence the bombs were constructed at Norfolk Street, and in October 2014, a year-and-a-half after the bombings, the FBI said it still had no idea where the bombs were built, or who actually built them.

European privacy regulators are putting U.S. surveillance practices under the microscope, this time with a crucial transatlantic data deal hanging in the balance.Legal and privacy advocates say European nations are poised to strike down the deal if they decide the U.S. hasn't done enough to reform its spying programs.The new test comes after the European Commission and the Commerce Department — after months of tense negotiations — reached a deal this week permitting Facebook, Google and thousands of other companies to continue legally handling Europeans’ personal data.ADVERTISEMENTCritics though have long warned that unless the U.S. overhauls its privacy and national security laws, there is no legal framework that can stand up in European court, where privacy is considered a fundamental right under the EU Charter.A working group of 28 EU nations’ data protection authorities — domestic entities separate from the Commission that will be in charge of enforcing the new agreement — may now cast the deciding vote.The group is spending the next few months picking through the so-called Privacy Shield agreement to determine if it adequately protects the personal data of European citizens.

“The Commission has said, ‘We’re satisfied. We believe them. We believe the U.S. has substantially changed its practices,’ and they are no longer going off the [Edward] Snowden revelations in the media,” said Susan Foster, a privacy attorney at Mintz Levin who works in both the EU and the U.S.“Whether the working group will go along with it is another question.”The privacy advocate whose complaint against Facebook brought down the Privacy Shield’s 15-year-old predecessor agreement is already questioning the new deal’s validity.“With all due respect ... a couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit U.S. law allowing mass surveillance,” Max Schrems of Austria said in a statement Tuesday.The United States has been fighting against the perception that it tramples on civil liberties after ex-National Security Agency contractor Edward Snowden revealed the breadth of the agency’s snooping.One sticking point in the Privacy Shield negotiations was over the scope of an exception allowing surveillance for national security purposes.

In announcing the deal, Commission officials insisted that the U.S. had provided “detailed written assurances” that surveillance of Europeans’ data by intelligence agencies would be subject to appropriate limitations.“The U.S. has clarified that they do not carry out indiscriminate surveillance of Europeans,” Andrus Ansip, Vice President for the Digital Single Market on the European Commission, said Tuesday.The U.S. has also agreed to create an office in the State Department, to address complaints from EU citizens who feel their data has been inappropriately accessed by intelligence authorities.Complicating the working group’s approval of the deal is the hodgepodge of competing regulators in Europe. Each nation has an agency in charge of its own country’s regulation. Some countries — such as Germany — are seen as tougher on privacy than others, like France or the U.K.While some countries consider U.S. privacy protections to be satisfactory, in others they are seen as woefully inadequate.

In a seminal decision updating and consolidating its previous jurisprudence on surveillance, the Grand Chamber of the European Court of Human Rights took a sideways swing at mass surveillance programs last week, reiterating the centrality of “reasonable suspicion” to the authorization process and the need to ensure interception warrants are targeted to an individual or premises. The decision in Zakharov v. Russia — coming on the heels of the European Court of Justice’s strongly-worded condemnation in Schrems of interception systems that provide States with “generalised access” to the content of communications — is another blow to governments across Europe and the United States that continue to argue for the legitimacy and lawfulness of bulk collection programs. It also provoked the ire of the Russian government, prompting an immediate legislative move to give the Russian constitution precedence over Strasbourg judgments. The Grand Chamber’s judgment in Zakharov is especially notable because its subject matter — the Russian SORM system of interception, which includes the installation of equipment on telecommunications networks that subsequently enables the State direct access to the communications transiting through those networks — is similar in many ways to the interception systems currently enjoying public and judicial scrutiny in the United States, France, and the United Kingdom. Zakharov also provides a timely opportunity to compare the differences between UK and Russian law: Namely, Russian law requires prior independent authorization of interception measures, whereas neither the proposed UK law nor the existing legislative framework do.

The decision is lengthy and comprises a useful restatement and harmonization of the Court’s approach to standing (which it calls “victim status”) in surveillance cases, which is markedly different from that taken by the US Supreme Court. (Indeed, Judge Dedov’s separate but concurring opinion notes the contrast with Clapper v. Amnesty International.) It also addresses at length issues of supervision and oversight, as well as the role played by notification in ensuring the effectiveness of remedies. (Marko Milanovic discusses many of these issues here.) For the purpose of the ongoing debate around the legitimacy of bulk surveillance regimes under international human rights law, however, three particular conclusions of the Court are critical.

The Court took issue with legislation permitting the interception of communications for broad national, military, or economic security purposes (as well as for “ecological security” in the Russian case), absent any indication of the particular circumstances under which an individual’s communications may be intercepted. It said that such broadly worded statutes confer an “almost unlimited degree of discretion in determining which events or acts constitute such a threat and whether that threat is serious enough to justify secret surveillance” (para. 248). Such discretion cannot be unbounded. It can be limited through the requirement for prior judicial authorization of interception measures (para. 249). Non-judicial authorities may also be competent to authorize interception, provided they are sufficiently independent from the executive (para. 258). What is important, the Court said, is that the entity authorizing interception must be “capable of verifying the existence of a reasonable suspicion against the person concerned, in particular, whether there are factual indications for suspecting that person of planning, committing or having committed criminal acts or other acts that may give rise to secret surveillance measures, such as, for example, acts endangering national security” (para. 260). This finding clearly constitutes a significant threshold which a number of existing and pending European surveillance laws would not meet. For example, the existence of individualized reasonable suspicion runs contrary to the premise of signals intelligence programs where communications are intercepted in bulk; by definition, those programs collect information without any consideration of individualized suspicion. Yet the Court was clearly articulating the principle with national security-driven surveillance in mind, and with the knowledge that interception of communications in Russia is conducted by Russian intelligence on behalf of law enforcement agencies.

There’s a lot that’s remarkable about last Tuesday’s Third Circuit decision in Hassan v. City of New York, which Faiza Patel cogently summarized in her post last week. In a nutshell, Hassan involves a challenge to secret intelligence operations carried out by the New York Police Department (NYPD) over the years since September 11 that allegedly targets Muslim communities “based on the false and stigmatizing premise that Muslim religious identity ‘is a permissible proxy for criminality, and that Muslim individuals, businesses, and institutions can therefore be subject to pervasive surveillance not visited upon individuals, businesses, and institutions of any other religious faith or the public at large.'” The district court had tersely granted the City’s motion to dismiss both because it concluded the plaintiffs lacked standing and because, in the alternative, it held that the plaintiffs had failed to overcome the pleading burden articulated by the Supreme Court in Iqbal. But the Third Circuit reversed on both fronts, holding that the plaintiffs’ allegations, if true, were more than enough to establish both that they had suffered an injury in fact sufficient to satisfy Article III standing, and that their equal protection and First Amendment claims were sufficiently plausible to satisfy Iqbal. To be sure, the Third Circuit’s decision is interlocutory — coming at a very preliminary stage in the litigation. But what I want to suggest in the post that follows is that, as much as any other post-September 11 judicial decision, Hassan represents the full-throated repudiation of the Supreme Court’s infamous World War II-era ruling in Korematsu v. United States that has been so long in coming — and so thoroughly overdue.

As I’ve written about before, Korematsu reflects two separate — but equally important — constitutional failures. The first failure was the internment policy itself, which we now know (and which the US government knew at the time) to have been a completely unnecessary — if not hysterical — overreaction to hyperbolic and (after Midway, at least) categorically overstated fears of a Japanese invasion of the West Coast. By itself, the camps were a dark stain on the history of civil liberties in the United States — albeit one of many, alas. But the second failure was, historically, the far more significant and unique one — the Supreme Court’s conscious constitutional rationalization of the internment policy, based upon a combination of naïveté on the Justices’ part and the affirmatively misleading (if not downright disingenuous) briefing by the federal government. As Justice Robert H. Jackson understood — and forcefully articulated — in his Korematsu dissent, the real violence to the “rule of law” resulting from the camps was thus not the underlying policy, but rather its validation by the Supreme Court. In his words, “a military commander may overstep the bounds of constitutionality, and it is an incident. But if we review and approve, that passing incident becomes the doctrine of the Constitution.”

But we’ve struggled somewhat with the second constitutional failure. The courts have repudiated Korematsu’s conviction; the Office of the Solicitor General has confessed error for its role in perpetuating the government’s misleading case before the Supreme Court; and scholars have suggested that Korematsu itself has become part of the “anti-canon” — the class of Supreme Court decisions so reviled that they are cited, if at all, in support of the wrongness of their holdings. But Korematsu itself remains on the books, as do broader concerns that courts are still vulnerable to Korematsu — style reasoning, i.e., that the need to protect national security might provide legal justification for government conduct that would otherwise be unjustifiable. Indeed, one need look no further than the ongoing debate over the SSCI’s torture report for evidence of the Korematsu mentality being alive and well.