Subscribe: Privacy
http://www.reason.com/topics/topic/198.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
amendment  court  government  information  law  new  officials  people  privacy  public  surveillance  tech  trump  twitter 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Privacy

Privacy



All Reason.com articles with the "Privacy" tag.



Published: Tue, 25 Apr 2017 00:00:00 -0400

Last Build Date: Tue, 25 Apr 2017 18:27:59 -0400

 



Border Agents Misuse Customs Regs to Try to Unmask ‘Rogue’ Twitter Account (Update: Attempt Withdrawn!)

Fri, 07 Apr 2017 12:20:00 -0400

Agents from U.S. Customs and Border Protection (CBP) are attempting to force Twitter to reveal the real name of an account user. Twitter is taking them to court to try to stop them, and the American Civil Liberties Union (ACLU) has jumped on board to represent the user him or herself to protect their anonymity. Is this somebody accused of human trafficking? Maybe some violent drug smuggler? Some criminal CBP is responsible is trying to take down? No, it doesn't seem so. In fact, CBP doesn't seem to have provided any evidence at all of criminal wrongdoing when it faxed over to Twitter an order to turn over private info from an account. From all appearances they're trying to unmask a trouble-maker (or several of them) claiming to be rebellious immigration officials who oppose President Donald Trump's massive deportation and border control efforts. The account CBP is trying to get the goods on operates under the handle @ALT_uscis and the name "ALT Immigration." It is one of several Twitter accounts that popped up after Trump's inauguration claiming to represent officials at various federal agencies intending to resist Trump's agendas from within. To be clear, though: This doesn't mean these Twitter accounts actually are run by federal employees with inside information. Anybody can claim to be anything on the Internet. Many of these "rogue" accounts are likely to be totally fake. But in the event this Twitter user actually is real, at least two CBP agents are trying to find out who he is. According to a lawsuit filed yesterday in Northern California on behalf of Twitter, the agents didn't even bother to claim that the Twitter account was connected to criminal activity. Instead, they used what is obviously some boilerplate customs text used to examine import records. That's actually the federal regulation they invoke as well—according to the lawsuit, the CBP agent invoked a federal law designed to permit the feds to crack open a business's books to investigate data connected to importing goods as an authority to demand Twitter reveal an account user's name. So Twitter is both resisting to protect the anonymity of its users from unmasking that is tied to no criminal complaint whatsoever and also pointing out that this is not the federal code used when the government does have what it believes to be a legitimate reason. There is, given the circumstances, a desire to want to raise an eyebrow at the Trump administration right now because of its outrage that the identities of members of Trump's transition team may have been unmasked in intelligence reports connected to surveillance of foreign officials. Media coverage of this weird little fight is heavy on emphasizing that Twitter is suing the "Trump administration" in order to suppress the order to reveal the user's identity. But it would not and should not come as a surprise—given the general incompetence in how the demand was administered—if we were to discover that these CBP agents were acting on their own and that this whole effort doesn't actually go that far up the chain of authority. In the end, this feels more reminiscent of petty local government and police officials attempting to reveal the names of people who operate web sites or Twitter accounts that anonymously mock them. Remember how the mayor of Peoria, Illinois, sent out the police to arrest the guy who operated a parody Twitter account that made fun of him back in 2014? He refused to acknowledge he did anything wrong. He was just reelected mayor earlier in the week, incidentally. It wouldn't come as a surprise if a judge struck down the CBP agents demand for information here given the misapplied federal regulations. It also wouldn't come as a surprise if CBP quietly withdraws or drops the order. It is nevertheless a very important reminder of how petty government officials are and exactly why it's important that Americans protect their right to keep their personal information and data private and protected from unwarranted government surveillance. Read the Twitter suit here. Oh, and in typical "Streisand ef[...]



You Don’t Have to Be a Foreigner to Have Privacy Violated by Trump’s ‘Extreme Vetting’

Tue, 04 Apr 2017 15:45:00 -0400

Lest we need a reminder that the Donald Trump administration's support for tech privacy seems limited to the members of the Trump administration, take note of how a proposed "extreme vetting" plan from the Department of Homeland Security (DHS) would blow back on U.S. citizens. A proposal has been referenced before, but a Wall Street Journal story today has DHS officials explaining more specifically that they want to try to force travelers to the United States to disclose the contacts and communications on their phones and provide access to their social media accounts and financial records in order to visit the United States. This is not a plan just for anybody trying to move here from a war-torn country or a refugee seeking sanctuary for long periods. The administration is considering demanding (or at least reserving the authority to demand) this information from any foreign travelers attempting to come to the United States, even for short visits and even from friendly countries. From the story: The goal is to "figure out who you are communicating with," the senior DHS official said. "What you can get on the average person's phone can be invaluable." A second change would ask applicants for their social-media handles and passwords so that officials could see information posted privately in addition to public posts. DHS has experimented with asking for people's handles so they can read public posts, but not those restricted to friends. This naturally would then also include potentially private communications with and private information about American citizens. A traveler from another country who happens to be a friend of yours could be required to pass along private information about communications with you to the government in order to gain entry. So at the exact same time that the Trump administration is complaining about the incidental collection of private communications data of his transition team earlier in the year, they're perfectly fine with implementing policies that would lead to dramatic increases in the amount of incidental collection of your personal data. Meanwhile, there's been a noted increase in attempts by federal officials to gain access to phones and tech devices of even American citizens traveling across the borders, not just foreign visitors. This trend preceded the Trump administration but shows no sign of stopping. Sen. Ron Wyden (D-Ore.) has previously said he wanted to introduce legislation that would stop the feds from searching the phones of Americans without warrants and to prohibit the government from demanding that Americans provide access to phones in order to regain entry. Wyden is now introducing that bill, assisted by Sen. Rand Paul (R-Kentucky) in the Senate, and Reps. Jared Polis (D-Colorado) and Blake Farenthold (R-Texas) in the House. From Buzzfeed: Wyden, Paul, Polis, and Farenthold say that some law enforcement agencies have asserted "broad authority to search or seize digital devices at the border without any level of suspicion" using an exception to the Fourth Amendment that covers border searches. They argue that searching devices — even after obtaining permission to do so — is a "massive invasion of privacy without physical analogs and should be strictly controlled." The bill would require law enforcement to establish probable cause before searching or seizing a phone belonging to an American. "Manual searches," in which a border agent flips through a person's stored pictures would be covered under the proposed law as well. But the bill does allow for broad emergency exceptions. "The government should not have the right to access your personal electronic devices without probable cause," Rep. Polis told BuzzFeed news in a statement. "Whether you are at home, walking down the street, or at the border, we must make it perfectly clear that our Fourth Amendment protections extend regardless of location. This bill is overdue, and I am glad we can come together in a bicameral, bipartisan manner to ensure that Customs and Border Patrol agents don't [...]



Sen. Rand Paul Wants to Use Fight over Trump Snooping to Pass Surveillance Reforms

Tue, 04 Apr 2017 12:45:00 -0400

Wouldn't it be wonderful if Reason, not beholden to either the Donald Trump administration or the previous Barack Obama administration, could tell you exactly what to take away from Eli Lake's Bloomberg report that former National Security Adviser Susan Rice requested the names of American citizens who showed up in foreign intelligence reports connected to the Trump transition team? The reality is, beyond the blustering politically motivated outrage from one side and the politically motivated cool dismissal from the other (you can guess which side is which), it's tough to interpret even basic facts here, and that's part of the problem. Lake has been careful with his reporting on the various controversies and agendas coming into play in this heavily politicized fight. Yet even he got tripped up when Rep. Devin Nunes misled him and said the White House was not the source of the classified info that the private communications between Trump's team and foreign officials had been incidentally collected. Subsequent reporting from The New York Times determined that the sources were indeed in the White House. What we can say is that, assuming that Rice did indeed request the names be unmasked, there are a number of potentially legitimate reasons for her to have done so (particularly if there's an investigation into potential criminal behavior by the foreign targets of surveillance) and it was likely legal. It also doesn't mean that she must have been responsible for leaking anything that she saw. This afternoon she denied leaking any information in an interview with MSNBC. But if there's distrust of Rice's motives here from Republicans, conservatives, libertarians or really anybody concerned about the nature of the surveillance state, Rice has certainly earned it. Rice most infamously, following the deadly attack on America's consulate in Benghazi, Libya, took to Sunday morning talk shows to lay the blame on an anti-Muslim YouTube video as an inciting factor to downplay the possibility that the U.S. had been caught unprepared for an attack. Her deliberately misleading comments should be seen as self-serving party hackery. To assume Rice's objectivity here is to ignore the full context of her record. Let's be clear though: It's entirely likely for Rice's unmasking request to be legal and commonplace and also partly politically motivated. A lot of this battle over intelligence community surveillance revolves around false choices driven before the public by people with agendas. It is possible to believe that it is absolutely legitimate for the intelligence community to be investigating whether there are ties between Trump's team and the Russian government in the breach of private Democratic Party communications last year and yet still be deeply concerned about politically driven leaks intended to influence domestic politics. Likewise it is possible to believe that what Rice did was legal—even commonplace—and question why that is or whether such practices should continue. If we are concerned at the ability of America's intelligence apparatus being misused for political purposes (and we should, because, you know, history), now is a good time to act. It just so happens that some of the foreign surveillance authorities that may have been misused here are scheduled to sunset this year unless Congress acts. And privacy advocates are hungering for reform to better protect Americans from having their information inappropriately collected and their identities "unmasked" for reasons that have nothing to do with national security or fighting terrorism. Among those advocates is Sen. Rand Paul (R-Kentucky) who has fought to try to keep the feds from engaging in unwarranted surveillance of Americans. Paul got media attention for golfing with President Trump over the weekend and yesterday had a short press conference to talk mostly about health care reform but also potential surveillance reform in the wake of Lake's news story yesterday. "It is an enormous deal," Paul said about the prosp[...]



Guns, Privacy, and Freedom Benefit From New Tech Tools

Tue, 04 Apr 2017 00:01:00 -0400

As it turns out, if you want to be a successful subversive, you probably shouldn't take on the moniker "Dr. Death" as you publicly tout your establishment-challenging ways. That's what Daniel Crowninshield did with regard to the unfinished firearm receivers he sold, to be completed on computer numerically controlled (CNC) mills in his North Sacramento, California, machine shop. Theoretically, customers operated the mills themselves, making the finished firearms legal. But an undercover agent insisted that shop employees did the honors, and Crowninshield got three and a half years in prison. What's remarkable about this story isn't just Crowninshield's excessive enthusiasm in marketing his services, however. More important is what this story illustrates about the unenforceable nature of laws that people find oppressive—and the growing vulnerability of such restrictions. Strictly speaking, Crowninshield's act of defiance was old-school; while he apparently used computer-controlled machines, there's no reason trained machinists couldn't have cranked out those receivers using traditional tools and their own skills—except, that is, for the (not so, as it turned out) plausible deniability that they were being operated by untrained customers. There was enough demand for such services that there was sometimes a line outside Crowninshield's shop, according to an undercover agent. AR-15 receivers invisible to government scrutiny, "in the hundreds at a minimum," were supposedly cranked out at that one North Sacramento operation. But enthusiasts actually can and do personally operate Cody Wilson's push-button Ghost Gunner CNC mills—which Wired described as "absurdly easy to use." Again, there's enough demand for such services that hundreds of the high-tech machines have been sold, putting the manufacture of finished firearm receivers within reach of people who don't have machinists' skills. And there's no way of knowing how many finished receivers have been quietly knocked out on the devices after they're delivered. Which was the whole reason Wilson developed the Ghost Gunner, after demonstrating that a working, if simple, pistol could be created on a 3D printer. Of course, this isn't just about things that go bang. Several years ago, Wilson teamed up with fellow crypto-anarchist Amir Taaki to develop DarkWallet, a Bitcoin wallet intended to add an extra layer of anonymity to the virtual currency so that financial transactions could more effectively evade official scrutiny. Development of DarkWallet briefly stalled as Taaki disappeared for a while on a lower-tech mission to shoot at ISIS troops on behalf of the Rojava enclave in northern Syria. But with Taaki back (though under investigation by British authorities over his Syrian adventure), the software is now available in beta form. "I believe in the hacker ethic," Taaki said about not just DarkWallet, but his overall philosophy. "Empower the small guy, privacy and anonymity, mistrust authority, promote decentralized alternatives, freedom of information," he says. "These are good principles. The individual against power." For good reason, Wilson and Taaki play central roles in Adam Bhala Lough's The New Radical, a documentary about activists who push the boundaries of technology that empowers individuals against the state. The film received a mixed reception at the Sundance film festival, the Los Angeles Times noted in January—not because of its quality, but because comfortably liberal attendees who like to think of themselves as the good guys realized they were among the targets of anti-authoritarians who look "to create fundamental political change by pushing for one or more of the following: an eradication of intellectual-property laws, radical free speech, fierce encryption to protect that speech, anonymous money (basically, digital currency not controlled or monitored by any government) and a general disdain for traditional legislative structures." And easily available weapons, of course[...]



TSA Punishes Boy Who Left a Laptop in His Backpack With a Prolonged Pat-Down

Wed, 29 Mar 2017 11:16:00 -0400

(image) Suppose you forget to remove your laptop from your carry-on bag while passing through security at a U.S. airport. How should the TSA "resolve" that issue?

You might think the resolution would involve sending the laptop through the scanner again, this time in its very own bin. It might also include swabbing the laptop to see if it tests positive for explosive residue, based on the dubious supposition that a terrorist with a bomb in his laptop would invite such scrutiny by flouting the well-known rule regarding portable computers. But even that extra measure seems downright sensible compared to what a TSA agent at the Dallas/Fort Worth International Airport did on Sunday after a 13-year-old boy mistakenly left his laptop in his backback: He repeatedly patted the boy down, paying extra attention to his thighs, buttocks, and waistband, even though the kid had passed through the body scanner without setting off any alarms.

In a Facebook post that has elicited considerable outrage, the boy's mother, Jennifer Williamson of Grapevine, Texas, says he has a sensory processing disorder that makes him especially sensitive to being touched. She therefore asked if he could be screened in some other way, which of course was simply not possible. Williamson's video of the pat-down suggests the boy reacted with more equanimity than his mother, who described the experience as "horrifying." It is especially puzzling that the agent seems to have completed the pat-down a couple of times, only to feel the same areas again. The TSA says the examination, which took about two minutes, was witnessed by two police officers "to mitigate the concerns of the mother."

Williamson evidently did not find the cops' presence reassuring. "We had two DFW police officers that were called and flanking him on each side," she says. "Somehow these power tripping TSA agents who are traumatizing children and doing whatever they feel like without any cause need to be reined in." Several hours later, she says, her son was still saying, "I don't know what I did. What did I do?"

In addition to the pat-down, the TSA screened "three carry-on items that required further inspection." Williamson says she and her son missed their flight because all the extra attention delayed them for about an hour. The TSA says it was more like 35 minutes. Or maybe 45. According to CBS News, "The TSA said the procedures performed by the officer in the video met new pat-down standards that went into effect earlier this month." The TSA told CNET "all approved procedures were followed to resolve an alarm of the passenger's laptop."

The problem, in other words, is not "power tripping TSA agents" who get their jollies by feeling up boys. The problem is the protocol, which makes no sense and, judging from most of the comments in response to Williamson's post, is not even effective as security theater.




Anti-Abortion Activists Face Dubious Eavesdropping Charges in California

Wed, 29 Mar 2017 09:15:00 -0400

Yesterday California Attorney General Xavier Becerra announced 15 felony charges against two anti-abortion activists, David Daleiden and Sandra Merritt, in connection with their hidden-camera recordings of conversations with Planned Parenthood employees they sought to implicate in the illegal sale of fetal tissue. "The right to privacy is a cornerstone of California's Constitution, and a right that is foundational in a free democratic society," Becerra declared. "We will not tolerate the criminal recording of confidential conversations." The right to freedom of the press, which Daleiden and Merritt claim they were exercising, is also foundational in a free democratic society, and it conflicts with California's dubious definition of the right to privacy. That conflict is especially troubling when law enforcement officials use privacy as a pretext to attack political opponents, which is what seems to be happening in this case. Federal law and the laws of 38 states (as well as the District of Columbia) allow any participant in a conversation to record it, with or without the consent of the other parties. California, by contrast, requires the consent of all parties. Recording a "confidential communication" without the consent of all parties is a crime that can be charged as a misdemeanor punishable by up to a year in jail or as a felony punishable by up to three years in prison. The felony charges against Daleiden and Merritt include 14 secretly recorded conversations, plus a conspiracy charge. Daleiden told The Washington Post he plans to argue that the conversations did not qualify as "confidential" because no party had a reasonable expectation that the discussion would not be overheard. On July 25, 2014, for instance, Daleiden and Merritt, posing as representatives of the fictitious Fetal Tissue Procurement Company, met with Deborah Nucatola, Planned Parenthood's senior director of medical services, over lunch at a Los Angeles restaurant. While testifying before the House Oversight and Government Reform Committee in September 2015, Planned Parenthood's president, Cecile Richards, said she had told Nucatola "it was inappropriate to have a clinical discussion in a nonconfidential, nonclinical setting." Other Planned Parenthood videos posted by Daleiden's Center for Medical Progress were also recorded in public settings, such as restaurants and conferences. In 1999 a California appeals court ruled that NBC News producers did not violate California's wiretapping law when they secretly recorded a lunch meeting at a Malibu restaurant, since the targets, executives of a company that allegedly sold fraudulent toll-free numbers, "had no objective expectation of privacy in their business lunch meeting." The court noted that one of the executives conceded he "did not say anything he thought was a secret," that the meeting involved a standard sales pitch, and that the executives showed no reticence around the restaurant's staff. According to the Digital Media Law Project's explanation of California's law, however, the setting of a conversation is not necessarily dispositive. "If you are recording someone without their knowledge in a public or semi-public place like a street or restaurant," it says, "the person whom you're recording may or may not have 'an objectively reasonable expectation that no one is listening in or overhearing the conversation,' and the reasonableness of the expectation would depend on the particular factual circumstances. Therefore, you cannot necessarily assume that you are in the clear simply because you are in a public place." Daleiden suggested another possible defense in an email to the Associated Press. "The public knows the real criminals are Planned Parenthood and their business partners," he said. California's eavesdropping law allows the recording of a confidential communication "for the purpose of obtaining evidence reasonably believed to relate to the commission by[...]



Another Terror Attack Leads to Yet Another Government Assault on Your Right to Tech Privacy

Mon, 27 Mar 2017 13:05:00 -0400

After Khalid Farood launched a terrorist attack in Westminster, England, last week, killing four before getting killed himself, officials made it clear that Farood was not on the government's radar as a potential threat. While the details of the case are still under investigation, the theory at the moment coming out of Scotland Yard and investigators was that he was a lone attacker that self-radicalized. Farood did have a previous criminal record, but he was not seen as a terrorist threat, and it's not even clear yet whether he should have been. In response to the attack, Prime Minister Theresa May gave a short speech talking about how the United Kingdom's commitment to Democracy, freedom, human rights, and rule of law made them targets, but "Any attempt to defeat those values through violence and terror is doomed to failure." Then, over the weekend, her own administration took to the media to demand that citizens abandon those freedoms and human rights to serve the government's interests. Specifically, Amber Rudd, home secretary (the leader of the U.K.'s various national security and policing agencies) went to the press to complain about encryption as a threat to national security, though there's absolutely no evidence that encryption played any role in the failure to predict or prevent this attack. The targets here are communication tools like WhatsApp, which has end-to-end encryption that has the potential to thwart investigators. Authorities are trying to determine whether Farood communicated with anybody through encrypted messaging, but this is after-the-fact research. Whether or not authorities could have penetrated Farood's encryption wouldn't have prevented the attack because, again, he wasn't considered a terror threat. Nevertheless, the fact that Farood might have had a way to communicate without the government being able to access it is again bringing up the decades-long fight by officials to try to prevent citizens from communicating secretly. Rudd is insisting that she wants these communication apps to assist the government in bypassing encryption on demand in order to assist government investigations. We've seen these arguments a lot, both out of the United Kingdom and in the United States. The leaders of both, May and President Donald Trump, are open supporters of mass surveillance and have shown very little respect for citizen privacy. Rudd, like many of these anti-encryption officials, insist that they don't want to totally destroy our tech privacy but simply demand that tech companies assist government to gain access to targeted people's communications when they have proper warrants. The problem remains—and Rudd, like other government officials, refuses to acknowledge or engage with it—that there's no such thing as an encryption back door or bypass that can only be used by the "proper" authorities. Any bypass can be cracked by hackers, be they criminals or foreign government officials who don't have the United Kingdom's commitment to "human rights." Fortunately, Rudd is getting pushback from privacy activists (and even other officials) in England. From The Guardian: Brian Paddick, the Liberal Democrat home affairs spokesman and a former deputy assistant commissioner in the Metropolitan police, said that giving the security services access to encrypted messages would be "neither a proportionate nor an effective response" to the Westminster attack. "These terrorists want to destroy our freedoms and undermine our democratic society," he said. "By implementing draconian laws that limit our civil liberties, we would be playing into their hands. The United Kingdom has, unfortunately, already recently implemented draconian surveillance laws in the Investigatory Powers Act, which does have the potential to allow the government to try to force encryption back doors in software or devices produced by companies with offices in England. I explained[...]



Banks Flagging Frequent Pharmacy Trips, Bulk DVD Rentals, and Other Ordinary Activity to Turn Over Tips to Government Snoops

Mon, 27 Mar 2017 08:32:00 -0400

American and British banks are monitoring customers' contraception purchases, DVD-rental frequency, dining-out habits, and more in a misguided attempt to detect human traffickers, according to a new report from the British think-tank Royal United Services Institute (RUSI). Their intrusive and ineffective efforts come at the behest of government agencies, who have been eager to use asset-forfeiture powers against suspected human-trafficking rings. There are just a few problems: sophisticated trafficking operations are generally wise enough not to do suspicious business through U.S.- and U.K.-based consumer banks. And without any obvious or majorly suspicious activity to flag, bank executives have had to get creative, coming up with improbable or absurd metrics that might indicate labor- or sex-trafficking. This, in turn, exposes all sorts of innocent bank customers—including but certainly not limited to adults engaging in consensual sex work—to privacy invasions and potential involvement with the criminal justice system. The U.S. and U.K. banks RUSI researchers interviewed said they were happy to help law enforcement prosecute human traffickers and had little problems turning over financial records for people already arrested or under investigation. But proactively finding potential traffickers themselves proved more difficult. As RUSI explains, "the often unremarkable nature of transactions related to" human trafficking made finding criminals or victims via transaction monitoring a time-consuming and unfruitful endeavor. Yet financial institutions are boxed in by regulations that threaten to punish them severely should they participate in the flow of illegally begotten money, however unwittingly. The bind leaves banks and other financial services eager to cast as wide a net as possible, terminating relationships with "suspicious" customers, monitoring the bank accounts of people they know, or turning their records over to law enforcement rather than risk allegations of not doing enough to comply. Thus far, American and British regulators have given financial firms some guidance on the type of activity to flag, but this guidance has been vague and open to broad interpretation. Banks have carved out varied policies based on this, sometimes also soliciting tips and training from "modern-slavery"-awareness groups. The majority of financial firms RUSI communicated with were "from the Americas (the US in particular)," and had already taken "significant steps" to engage with the issue of human trafficking through monitoring and flagging customer accounts. In 2014, U.S. banks filed 820 suspicious-activity reports with the feds in which the phrase human trafficking appeared (accounting for 0.1 percent of all criminal-suspicion reports), but the Financial Crimes Enforcement Network (FinCEN) saw a "tremendous jump" following the release of a related advisory in fall 2015, according to Adam Szubin, former under secretary for terrorism and financial intelligence with the U.S. Treasury Department and now acting secretary of the Treasury. So what sorts of activity is being flagged? Cheap travel, online advertising, and large grocery bills: One U.S. bank told RUSI that they monitor frequent travel on cheap airlines; regular payments to classified-ad sites such as Backpage.com; and "unusual shopping patterns." As examples of suspicious shopping activity the bank implicated frequent large supermarket bills or bulk DVD rentals. Sure, such things could simply indicate large families, frequent entertaining, or lack of access to high-speed internet and streaming services—but bank staff said it could also indicate someone holding others in captivity and, as RUSI puts it, "endeavouring to occupy groups held for exploitation when they are not working." (You know, when you're an evil international slaver but don't want your forced-sex harems to get bor[...]



Reason at SXSW: What Can Americans Do About Government Snooping? (Podcast)

Fri, 24 Mar 2017 09:32:00 -0400

(image) Has Donald Trump's claim that Obama secretly wiretapped him at Trump Tower made government surveillance a hot topic again?

At this year's South by Southwest conference in Austin, Texas, Reason put together a panel of experts to discuss "Get a Warrant: The Fourth Amendment and Digital Data." The panel discussed important current surveillance and privacy issues in play right now and specifically focused on the role Congress plays in helping establish limits to authority and how citizens (and people attending the panel) can push for reforms.

I served as the moderator and was joined by Sean Vitka, director of the congressional Fourth Amendment Caucus' Advisory Committee, Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, and Mike Godwin, well-known media/Internet lawyer, Reason contributing editor, and inventor of Godwin's Law.

The topics of the hourlong discussion range from warrant protections for old emails, border searches of tech devices, continued unwarranted federal surveillance of Americans, and an explanation of what Trump's wiretap fears mean for the rest of us.

Click below to listen to the conversation—or subscribe to our podcast at iTunes and never miss an episode.

src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/314107222&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true" width="100%" height="450" frameborder="0">

Don't miss a single Reason podcast! (Archive here.) Subscribe, rate, and review!

Follow us at Soundcloud.

Subscribe to our video channel at iTunes.

Subscribe to our YouTube channel.

Like us on Facebook.

Follow us on Twitter.




Will the Prospect of Taking Trump Down Ruin Chances for Surveillance Reform?

Thu, 23 Mar 2017 13:15:00 -0400

It looks like whatever House Intel Committee Chair Rep. Devin Nunes (R-California) might have been attempting to accomplish yesterday when he held a press conference to reveal some post-election surveillance of Trump's transition team may have backfired. Nunes, a Trump ally, was clearly attempting to draw attention to the argument that the intelligence community was violating the privacy of the incoming Trump administration in its data and information collection. He said the information he had received showed that the surveillance and data collection of Trump team communications was "incidental," meaning they likely were not surveillance targets themselves. But Nunes running to the press and not actually informing the rest of his peers in the House Committee first subsequently made the story about Nunes and what he was trying to accomplish instead. Trump's critics, both on the left and the right, worry that Nunes' behavior is an attempt to interfere with a congressional investigation of any possible ties between Trump and the Russian government and whether anything possibly illegal has happened. Was this all about trying to help Trump? Trump himself immediately jumped on Nunes' comments in a Time interview to defend his wiretap conspiracy tweets, which at least suggests some interesting timing. Nunes has since apologized to his Democratic counterparts in the House for not telling them first before going to the press. There is likely a very noncontroversial explanation for the data collection that implicates nobody in particular and helps inform Americans about how federal surveillance actually works if people are willing to—for however briefly—set aside their feelings about Trump. Folks may recall that prior to taking office, Trump and his transition team decided to start contacting and communicating with world leaders. In all likelihood the National Security Agency (NSA) had active permission to engage in surveillance of such people. It's not necessarily an indicator of a criminal investigation; it's the business of international intelligence. So members of Trump's team may have ended up dragged into "incidental" surveillance because of the people they were talking to. As such, what happened with Trump's folks is a perfect opportunity for Americans to understand how "incidental" surveillance of citizens' works, what happened to the data, and the inherit risks of this level of collection for all of our privacy so at least we're all informed about how all of this works. Privacy and civil liberties activists are calling for reforms to surveillance authorities in order to reduce the likelihood that private data or communications get retained and exposed the way it might have happened with Trump's team. Also of interest: Nunes has said that actually, some of the names in these reports were still "masked" (redacted), but he was able to tell who the reports were talking about based on the context. In the wake of Edward Snowden's revelations about mass collection of data from Americans' phone and online communications, government officials (all the way up to President Barack Obama himself) attempted to assure people that nobody was reading through all of our emails or listening in to all of our phone calls. But they were collecting loads of metadata (where and who we were communicating with, for how long, when and how frequently, et cetera), and experiments have shown that enough metadata is available out there to extrapolate a lot about our private behavior. But as long as this is a fight only over the behavior of Trump and his team, it's going to be tough to have a discussion or call for reform of these tools. As I noted yesterday, even vocal Democratic critics of the extent of federal surveillance are using all this to try to attack Trump's administration as potentially breaking [...]



Neil Gorsuch to Senate Judiciary Committee: 'Yes, the Constitution Definitely Contains Privacy Rights'

Tue, 21 Mar 2017 19:15:00 -0400

In his 2006 book The Future of Assisted Suicide and Euthanasia, Neil Gorsuch expressed significant doubts about the propriety of the U.S. Supreme Court recognizing and defending unenumerated constitutional rights under the Due Process Clause of the 14th Amendment. Citing the work of the late conservative legal scholar Robert Bork, Gorsuch wrote that the Due Process Clause has been stretched "beyond recognition" by the Supreme Court when the Court interpreted it to be "the repository of other substantive rights not expressly enumerated in the text of the Constitution or its amendments." Today Gorsuch was asked about that part of his book during his SCOTUS confirmation hearings before the Senate Judiciary Committee. "I'm interested in your view of privacy," said Sen. Chris Coons (D-Del.). As every con-law aficionado watching immediately understood, Coons was referring to the fact that the right to privacy appears nowhere in the text of the Constitution. Indeed, it is precisely the sort of thing that Gorsuch meant when he referred to (and criticized) "substantive rights not expressly enumerated in the text of the Constitution or its amendments." Coons wanted to know what Gorsuch had to say about the matter now. "Do you believe the Constitution contains a right to privacy?" he asked the nominee. "Yes, Senator, I do," Gorsuch responded. "Privacy is in a variety of places in the Constitution," he said, such in the Fourth Amendment right to be free from unreasonable searches and seizures, as well as in the Third Amendment's prohibition on the quartering of troops in private homes during peacetime. And the Supreme Court has said for decades that the "Due Process Clause protects privacy in a variety of ways," Gorsuch added. "So Senator, yes, the Constitution definitely contains privacy rights." That is a very noteworthy answer. The idea that "the Constitution definitely contains privacy rights" is the exact opposite of what Robert Bork thought about this issue. Indeed, Bork was famous for castigating the Supreme Court for its 1965 decision in Griswold v. Connecticut, in which the Court first recognized a constitutional right to privacy in the course of striking down a state law prohibiting married couples from obtaining birth control devices. The problem with Griswold, Bork wrote in the Indiana Law Journal, was that the Court invented "a new constitutional right" out of thin air. "When the Constitution has not spoken," Bork declared, "the only course for a principled Court is to let the majority have its way." In other words, because the Constitution does not expressly list the right to privacy, the Supreme Court has no business enforcing that unwritten right against legislative enactments. Under the Bork-ian view, only enumerated rights are entitled to judicial protection. Neil Gorsuch certainly seemed to take the Bork-ian view in his 2006 book. But today at his SCOTUS confirmation hearings, Gorsuch seemed to take a different view. In fact, Gorsuch's argument today that "privacy is in a variety of places in the Constitution" sounds a whole lot like the Griswold case's well-known argument that a "zone of privacy" can be found among the "penumbras" and "emanations" of the Constitution's explicit guarantees. Does Gorsuch now reject the Bork-ian view of unenumerated rights? Or was he simply summarizing existing legal doctrine and keeping his own views to himself? I encourage other members of the Senate Judiciary Committee to press Gorsuch with follow-up questions about this fundamental matter of constitutional law and interpretation.[...]



Vault 7 Versus Snowden: Why Was One Such a Bigger Story?

Thu, 16 Mar 2017 15:00:00 -0400

Last week Wikileaks finally released its much-hyped "Vault 7" data detailing the CIA's arsenal of hacking tools. The first tranche, consisting of 8,761 documents and attachments from an "isolated, high-security network" in the CIA's Center for Cyber Intelligence, reveals important information about the federal spy body's intrusion techniques, alliances with other government bodies, and internal culture from 2013 to 2016. These new details alone would be explosive. But the media's relative lack of interest in these major revelations makes this story even more curious. The CIA's hacking toolkit, while not surprising to those in the security community, should be downright paranoia-inducing for most Americans. Big Brother Really Is Watching According to the Vault 7 documents, the CIA can hack into most consumer devices, rendering even the strongest encryption techniques useless. Some of the CIA's techniques have been diabolical. For example, one exploit of Samsung smart TVs would surreptitiously spy on owners even though the device appeared to be turned off. Another, more chilling technique could be used to hack a smart car and send its driver careening into a fiery death on the road. Furthermore, the CIA's "UMBRAGE" library of foreign "fingerprints" can make it falsely appear as if other governments are behind its dirty deeds. Most of the conversation so far has revolved around the CIA's trove of "zero day vulnerabilities," computer bugs that are known only to the discoverer (which means that the software industry would have had "zero days" to patch them—get it?). Wikileaks itself has emphasized this dimension of the story: the first batch of documents was called "Year Zero," a title that might refer to the CIA's need to re-build its cyber-arsenal. While the data dump stops short of releasing the full code, the leak describes enough about the CIA's hacking techniques to render them functionally impotent. This is because software providers scrambled to patch up the vulnerabilities soon after they were made public. Assuming that most of the CIA hacks were in the leak, America's top international spy agency could be effectively powerless for the time being, at least in terms of hacking capability. This does not mean we should celebrate. The Wikileaks press release suggests that they were not the first body to get their hands on this cyber-arsenal, reporting that "the archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner." It is possible that hostile groups got their hands on these weapons first, which means that both our "enemies" and our "protectors" could have been hacking and spying on us with these methods for the past few years. Since Wikileaks has not released the entire database to the public yet, some of these vulnerabilities likely remain unpatched. As others have noted, the Vault 7 debacle serves as yet another reminder of the inherent folly in building government-mandated backdoors into secure systems or hoarding zero days to circumvent security. If powerful and capable groups like the CIA and NSA can't protect their cyber-arsenals, why should we expect others to manage it? A Tale of Two Leaks What has been most striking to me about this episode is the amazing lack of interest in the broader dimensions of the story. Compare reactions to the Wikileaks-enabled CIA leaks with reactions to the National Security Agency (NSA) leaks provided by Edward Snowden in 2013. In both cases, a notoriously secretive and powerful U.S. intelligence agency was unmasked before the world, expansive surveillance or intrusion techniques were laid bare, and the public learned of serious vulnerabilities in their privacy or their security (or both). Civil libertarians simultaneousl[...]



First Amendment Lawyers Ask New Calif. Attorney General to Drop 'Abusive' Crusade Against Backpage and User-Info Dragnet

Thu, 16 Mar 2017 08:15:00 -0400

The First Amendment Lawyers Association (FALA) is asking new Attorney General of California Xavier Becerra to end the "abuse of governmental power" perpetuated by predecessor Kamala Harris against current and former executives of the classified-ad site Backpage. On March 14, FALA—a nonprofit membership association launched in the late '60s that has boasted some of the country's top constitutional lawyers—sent a letter to Becerra condemning "the abusive prosecution of individuals associated with the online classified advertising website Backpage.com, and also the use of expansive search warrants seeking vast amounts of constitutionally-protected material, including personally identifiable information about all of the website's users." In the letter, FALA President Marc Randazza says he can identify "no theory under the First Amendment that would countenance such an abusive use of prosecutorial discretion or such a dragnet demand for information." Kamala Harris' crusade against Backpage began last fall, when she had current chief executive Carl Ferrer and former owners Michael Lacey and Jim Larson arrested for pimping and conspiracy. The premise of the charges was that Backpage—a user-generated advertising site much like Craigslist—received payment for "escort" ads that eventually resulted in prostitution, thereby making Ferrer, Lacey, and Larkin the "pimps." But it's an argument that California Judge Michael Bowman rejected, on the grounds that Section 230 of the Communications Decency Act (CDA) prohibits the criminal prosecution of web publishers for content posted by users. "The protections afforded by the First Amendment were the motivating factors behind the enactment of the CDA," noted Bowman, whose decision to dismiss the indictments is consistent with numerous other cases against classified ad sites like Backpage. As the FALA letter points out, "at least seven other courts have expressly rejected the assumption underlying the California indictment that ads for escorts or those posted in an adult services section involve illegal speech, and none have concluded otherwise." Given this, and the fact that Harris previously signed a letter acknowledging Section 230's limit on Backpage prosecutions, "it is alarming that the State sought to bring a prosecution in the first place," writes Randazza. But it didn't stop there: after Bowman's ruling, Harris' office filed another criminal complaint against Backpage, this time asserting the same pimping and conspiracy charges and adding a few counts of money laundering, too. The new complaint simply restates the previously rejected arguments for why Ferrer, Lacey, and Larkin are guilty of criminal activity. Note that the normal process would have been for the state to appeal Bowman's final ruling, but instead, Harris—who is now in the U.S. Senate—and her office tried to simply bring the same failed criminal case in another court. This sort of "forum shopping" is "a gross abuse of prosecutorial discretion and a serious violation fo the First Amendment," FALA alleges. And that's still not all: Beyond the fact of the prosecution itself, the methods employed by the prosecutors also exhibit an utter disregard for established First Amendment limits. We have learned that a subpoena was served on Backpage.com that calls for the production of massive amounts of information for a several-year period, including copies of all advertisements posted (in all content categories), all billing records, the identities of all of the website's users and their account histories, all internal communications, and even the source code for the operation of the website. This goes beyond the despised "General Warrants" that prompted the Constitution's Framer's to adopt the[...]



‘Right to Be Forgotten’ Legislation Attempts Foothold in New York

Wed, 15 Mar 2017 13:09:00 -0400

The state of New York wants to tell you what's appropriate to post online and what should be removed. The concept behind the European Union's "right to be forgotten" has crossed the Atlantic, and two state lawmakers in New York want to attempt to institute it here. The "right to be forgotten" in the European Union originated from a court ruling demanding Google and search engines remove links to a story that embarrassed a Spanish man because it detailed a previous home repossession. The story was not factually inaccurate. He insisted it was no longer relevant and that it embarrassed him, and the court agreed he had the right to have the information censored from search engines. Since 2014, search engines like Google have received hundreds of thousands of requests to have links to news reports removed and not because there's anything factually incorrect about them, but because the people within them are embarrassed by having the information public. Now, in New York, Assemblyman David Weprin and State Sen. Tony Avella (both Democrats) are attempting to implement such a law in the United States. The bill (readable here) appears remarkably far-reaching. It would allow people to demand that identifying information and articles about them to be removed from search engines or publishers if the content is "inaccurate," "irrelevant," inadequate," or "excessive." And yes, there are potentially fines involved ($250 dollars a day plus attorney's fees) for those who don't comply. Here's how the legislation defines the rather vague justifications for removal: [C]ontent, which after a significant lapse in time from its first publication, is no longer material to current public debate or discourse, especially when considered in the light of the financial, reputational and/or demonstrable other harm that the information, article or other content is causing to the requester's professional, financial, reputational or other interest, with the exception of content related to convicted felonies, legal matters relating to violence, or a matter that is of significant current public interest, and as to which the requester's role in regard to the matter is central and substantial. This would put the courts in the position of having the authority to declare what is or isn't relevant for the public to know. Reason asked First Amendment attorney Ken White of Brown, White & Osborn (and also of Popehat fame) for his analysis of the bill. He did not hold back in an emailed statement: This bill is a constitutional and policy disaster that shows no sign that the drafters made any attempt whatsoever to conform to the requirements of the constitution. It purports to punish both speakers and search engines for publishing—or indexing—truthful information protected by the First Amendment. There's no First Amendment exception for speech deemed "irrelevant" or "inadequate" or "excessive," and the rules for punishing "inaccurate" speech are already well-established and not followed by this bill. The bill is hopelessly vague, requiring speakers to guess at what some fact-finder will decide is "irrelevant" or "no longer material to current public debate," or how a fact-finder will balance (in defiance of the First Amendment) the harm of the speech and its relevance. The exceptions are haphazard and poorly defined, and the role of the New York Secretary of State in administering the law is unclear. This would be a bonanza for anyone who wanted to harass reporters, bloggers, search engines, and web sites to take down negative information, and would incentivize such harassment and inflict massive legal costs on anyone who wanted to stand up to a vexatious litigant. Also of relevance: The law extends the statute[...]



Tech Privacy a Top Concern in Early SXSW Government Panels

Fri, 10 Mar 2017 20:50:00 -0500

South by Southwest attendees may not be able to recite the Fourth Amendment on command (unlike yours truly), but two early panels on technology, privacy, and surveillance indicate that protecting this right is important to quite a few of them. Today officially launches the start of this year's South by Southwest conference here in Austin. Peter Suderman blogged earlier the opening address by Sen. Cory Booker (D-New Jersey). His piece launched the "government" track segment of the conference, running up through Monday. Reason is represented here not just as journalists covering the conference: Suderman, Jacob Sullum, and I are also moderating panels on important policy issues. Conider my panel, "Get a Warrant: The Fourth Amendment and Digital Data" as a sort of table-setter for tech privacy and surveillance issues that are going to be popping up at several other panels over the next few days. That's how we decided to approach it anyway. Assisted by Sean Vitka of Demand Progress and the advisory committee of Congress' Fourth Amendment Caucus, Neema Singh Guliani, of the American Civil Liberties Union, and Mike Godwin, the media/internet lawyer who helped start the Electronic Frontier Foundation (and also has a famous law you may have heard of), we offered up a sampler platter of top tech surveillance issues in America today. Our ultimate goal, though, was to help people attending the conference understand that legislators play a key role in helping restrain the surveillance and data collection authorities law enforcement and federal intelligence services have brought to bear against America's own citizens. Of course, those who read Reason regularly could have nodded along at the information passed along by our panelists. We only touched on each issue for a few minutes, but you can read more about why President Donald Trump's claims of being illegally wiretapped matter about more than just Trump lashing out or some sort of power play over who controls the government (though that does matter, too). An important provision that gives the intelligence community a significant amount of surveillance authority needs to be renewed this year or it will expire. Congress has a vote coming, and Trump's administration has said they don't want anything changed. But civil liberties and privacy groups are calling for reforms. We touched on border tech searches and the attempts by federal officials to try to essentially intimidate travelers—both foreign visitors and Americans—into granting access to their tech devices. Vitka noted in the panel encryption plays an important role of trying to restrain the government here and likened it to vaccinations and herd immunity. These searches happen because the possibility of access remains. If more or most Americans used tougher encryption to access devices, they'd be denied enough to stop trying. Sen. Ron Wyden (D-Oregon) is trying to get a law passed to require warrants for these border tech searches. And we used the Email Privacy Act to help highlight some of the challenges facing privacy supporters in Congress. The Email Privacy Act, which would close an old legislative loophole that allows warrantless access to old emails, passed unanimously in the House of Representatives, but has not been able to get through the Senate. Established Senate leaders (and not just Republicans) have stood in the way of reforming the law, even when it has massive bipartisan support. (And when we polled the audience, many people who followed Edward Snowden's leak coverage nevertheless had no idea that this act even existed.) Following on the heels of my panel was "Are Biometrics the New Face of Surveillance?" The panel drew a large crow[...]