Subscribe: Privacy
http://www.reason.com/topics/topic/198.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
access  americans  foreign  government  information  law  nsa  officials  people  privacy  san francisco  surveillance  trump  twitter 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Privacy

Privacy



All Reason.com articles with the "Privacy" tag.



Published: Mon, 29 May 2017 00:00:00 -0400

Last Build Date: Mon, 29 May 2017 22:35:23 -0400

 



People Who Called Snowden a Traitor Shocked to Learn About All This Domestic Surveillance

Fri, 26 May 2017 13:00:00 -0400

There's this whole "Life comes at you fast" shtick that folks on Twitter use to point out people's hypocrisy. Suddenly Democrats care about federalism when it comes to immigration law enforcement! Suddenly Republicans don't care about federalism when it comes to immigration law enforcement! I try not to engage in the shtick too much, because it feels more like point-scoring than actual debate. But I can't help but bring it up right now. Yesterday, a story about federal surveillance abuses made the rounds in the conservative parts of Twitter I pay attention to, not the tech-security circles where I usually see such discussions. The story, via a media outlet called Circa, documents a recently released report from the Foreign Intelligence Surveillance Court (FISA Court). The report features examples of the FBI passing along private data it collected without warrants to people who should not be seeing it. It's an important story, and it's great that it's getting attention. But what it reveals is well-known to anybody who has been paying attention to the surveillance disclosures and FISA Court document releases that have slowly been surfacing since Edward Snowden started leaking. The federal government is accessing and spreading around more information about U.S. citizens than we realize. That's what Snowden's disclosures were about, right? So here's a March tweet from conservative TownHall.com contributor Kurt Schilchter calling Snowden a traitor: Fuck him. He's a traitor. @NehemiahGraham @Snowden @KamVTV — Kurt Schlichter (@KurtSchlichter) March 8, 2017 Here's an outraged Schlichter today, sharing a link to the Circa story: Tell me more about Trump https://t.co/WCVJf1RCXw — Kurt Schlichter (@KurtSchlichter) May 26, 2017 I selected Schlichter because he's pretty prominent (and isn't going to be bothered by me pointing this out), but I've seen several tweets of the "Why isn't the MSM covering this?" variety from other conservative tweeters, acting as though the press is giving former President Barack Obama cover for setting up a surveillance system that they now think is being used to attack President Donald Trump. The reality is that these surveillance problems do get reported to an American public that has largely, unfortunately, stopped paying much attention. (As a guy who has been covering surveillance for Reason for years, I can easily map out the decline in readership of these pieces, and I suspect other sites can as well.) If you think the intelligence community and the deep state is abusing its powers to go after Trump and his allies for political reasons, guess what: This is exactly the consequence that Snowden himself warned of! A major criticism of the expansive surveillance state has always, always, been its potential for abusive snooping on citizens, whether it's Black Lives Matter or a militia. The problem cuts across the political spectrum. Perhaps people shouldn't have been so quick to call Snowden a traitor. Perhaps they could have spent more time thinking about the actual consequences of the powerful surveillance state, and maybe all those previously reported FISA Court disclosures that helped inform the very story they're passing around now. But regardless of how folks like Schlichter got here, welcome to the surveillance skeptic club! Now that you're here, you should know that there's a very important congressional vote coming up. Section 702 of the FISA authorizations sunsets this year, and Congress has to act. Right now, tech companies are lobbying for changes that would provide more oversight on the National Security Agency and limit the feds' ability to collect information without warrants within in the U.S. One problem: The White House has said that it doesn't want any reforms to Section 702. They want to leave government's surveillance powers as they are. If you're a Trump supporter who believes that he's being targeted by the intelligence community for political reasons, well, here's a way to reduce the possibility that future Democratic administrations will behave the same way. Civil rights a[...]



San Francisco Officials Continue Attacks on Uber

Fri, 19 May 2017 00:01:00 -0400

The City of San Francisco filed suit last week against the ridesharing service Uber after the company filed a motion in court to block the release of a drivers' personal information. This sets up the latest battle between the city and one of the leading transportation network companies over an issue that has privacy implications beyond the ridesharing industry. San Francisco's tax collector wants the home addresses and other information of drivers to post on a web site that includes a map that pinpoints the exact location of registered business owners in the city. Because these drivers are independent contractors, most of them use their home addresses as their official business address. The web site is publicly searchable, which means that anyone can easily find where these drivers live. "We've asked the city to allow us to get the consent of drivers and to remove their personal information from the public web site, but they have refused," said Uber Northern California's general manager, in a statement last week. The city's treasurer, Jose Cisneros, portrayed Uber's actions as an effort to "circumvent the tax laws that apply to all businesses in San Francisco." He notes that 130,000 other businesses—ranging from big ones such as Pacific Gas & Electric to small hairdressers—must also provide the information. "San Francisco needs this information to determine whether Uber's drivers are complying with San Francisco's Business Registration Certificate requirement and paying annual registration fees," the city wrote in its legal brief filed in San Francisco Superior Court. In a statement, City Attorney Dennis Herrera referred to privacy concerns as a "red herring." But critics of the city's legal approach see it as its latest effort to hobble these increasingly popular ridesharing platforms. For instance, Cisneros seemed to suggest in a statement that the dispute goes beyond a simple business-registration request, as he ticked off a variety of unrelated complaints that he has with the company. "Once again Uber believes they are above the law," said Cisneros. "If Uber is so concerned about the financial well-being and privacy of their drivers, I recommend they raise wages, convert the contractors to employees, or push for their driver's inclusion in statewide licensing like limousine drivers." If this is a question of registration, then why bring up pay rates or drivers' independent-contractor status or unrelated licensing issues? The city attorney's office likewise brought up other issues. It alleges that Uber has engaged in a "pattern of obstruction" because it "has refused to share information with the San Francisco Municipal Transportation Agency about its operations, tested self-driving cars on the streets of San Francisco without a state permit, and has fought calls by the SFMTA and the San Francisco International Airport for stricter criminal background checks on its drivers." The city attorney's office also complained that, because ridesharing companies such as Uber are regulated by the California Public Utilities Commission, it has "limited the ability of cities to provide oversight." The statement criticizes Uber for its backing of Senate Bill 182, which "would prohibit local jurisdictions from requiring a transportation network company driver to obtain more than one business license, regardless of the number of jurisdictions in which they operate," according to the Senate bill analysis. That measure has passed two committees with little opposition. As the San Francisco Chronicle reported, drivers are concerned that myriad cities will require business licenses, which means they would have to register and pay fees in every city where they operate. There are dozens of cities in the Bay Area alone, and drivers frequently pick up passengers in, say, San Francisco and leave them off in Oakland or San Mateo. Only a handful of cities now require business licenses, but the requirement could easily spread across the region. As the ridesharing companies' defenders point out, these statements sug[...]



Another Reason to Thank Snowden: Increased Federal Surveillance Transparency

Wed, 03 May 2017 12:55:00 -0400

The National Security Agency (NSA) collected more than 150 million records about the phone calls of Americans in 2016. Believe it or not, this is almost grounds for celebration. That's because this massive number actually represents a scaling back in the amount of our communications data the NSA has access to. The passage of the USA Freedom Act in 2015 reduced the ability of the NSA to collect phone metadata records on their own, a direct result of Edward Snowden's whistleblowing. This new report from the Office of the Director of National Intelligence (ODNI) shows the impact. Instead of collecting and storing the phone call metadata records of nearly all Americans, the NSA requested and received 151 million records from providers. It's important to note that the number refers to the number of records, not individuals, and the circumstances of collecting the records means there may be many redundancies that are nevertheless counted separately. The actual number of Americans whose call records ended up in the custody of the NSA is much lower (and we don't know what it is). It's also important to note that this particular information and collection of Americans call records is completely separate and unrelated to the announcement from last week that the NSA was ending another type of surveillance that intercepted communications by Americans. The NSA monitored email communications looking for references to foreign individuals targeted for NSA surveillance. The result was that the NSA was able to access and scan the contents of communications by Americans originating domestically without a warrant, which it's not supposed to do. Furthermore it turned out the NSA was often unable to isolate just those particular emails and was incidentally collecting an unrevealed number of completely unrelated communications. The NSA announced it was ending that particular type of active surveillance. The 151 million number is a different form of data collection, accessing stored metadata records of phone calls. There are a lot of different ways the NSA and the federal government collects data and engages in surveillance, often making it a challenge to fully evaluate trends. This is particularly true given that this is only the fourth annual transparency report released by ODNI. These new transparency reports go all the way back to all of 2014. So it's sometimes challenging to really determine trends. The report shows that the number of National Security Letters (NSLs) sent by the FBI has declined. NSLs are demands that companies (typically telecoms and internet companies) provide records about targeted customers to assist FBI investigations. These NSLs also have legally enforced gag orders attached keeping the companies from informing the customers and the public. Over the past four years the number of NSLs administered has dropped from 19,212 to 12,150. But we can't truly say that's a decline in the amount of people having their records snooped on because an individual NSL may have multiple names on them and the FBI may send letters to multiple companies looking for the same records. So we know only how many letters were sent, not how many people were affected. The report does show that the number of foreign targets who are the subject of surveillance orders has increased over the past few years. More than 106,000 non-U.S. people have been the subject of "Section 702" orders in 2016. Section 702 of the Foreign Intelligence Surveillance Act has been implicated in the incidental surveillance of American citizens and plays a big role in the current political fight over the circumstances through which President Donald Trump's associates were dragged into surveillance of foreign officials. If a perfectly legal target of foreign surveillance communicates with an American citizen who is here on U.S. soil, it becomes a problem given our Fourth Amendment protections from unwarranted searches. The feds have "minimization" procedures to conceal identifying information when Americans get pulled in[...]



NSA Ends One Particular Type of Domestic Email Data Collection

Fri, 28 Apr 2017 15:45:00 -0400

Let's hear it for a little bit more communication privacy for Americans! Charlie Savage at The New York Times is reporting via sources that the National Security Agency (NSA) is ending a particular type of intrusive surveillance that scanned the contents of Americans' emails for key words. Specifically, the NSA monitors messages for references of foreign individuals under their surveillance, even when such communications originate here domestically from Americans. This is often referred to in shorthand as "about" searches, meaning they're looking for messages that are "about" people they're watching, not just from or to these people. The NSA argues that this is legal as part of its job to gather intelligence about potential foreign threats. But this happens without warrants and and the implication here is at the very least the scanning of the contents of Americans' communications without evidence of wrongdoing. Furthermore it appears as though NSA employees were not able to confine themselves to collecting just the communications that referenced the foreign target. This technical issue had been raised before in the Foreign Intelligence Surveillance Court (FISC): Through this process, the NSA was collecting and potentially getting access to all sorts of communications it wasn't supposed to be looking at, even if one were to accept that the "about" searches were legal. From Savage: The problem stemmed from certain bundled messages that internet companies sometimes packaged together and transmitted as a unit. If even one of them had a foreign target's email address somewhere in it, all were sucked in. After the N.S.A. brought that issue to the court's attention in 2011, a judge ruled that it violated the Fourth Amendment, which bars unreasonable searches. The agency then proposed putting the bundled messages in a special repository to which analysts, searching through intercepts to write intelligence reports, would generally not have access. The court permitted that type of collection to continue with that restriction. But last year, officials said, the N.S.A. discovered that analysts were querying the bundled messages in a way that did not comply with those rules. The agency brought the matter to the court's attention, resulting in a delay in reauthorizing the broader warrantless surveillance program until the agency proposed ceasing this collection practice. And now it looks like, at least for the time being, they're stopping these searches. This is potentially a significant change because of what's called "backdoor" searches. Once the NSA collects information from this warrantless surveillance, it can be used by other federal agencies to search for information about specific Americans in order to target domestic criminal behavior. And they're allowed to do so even though this private information was collected without warrants. So naturally reducing the amount of communications the NSA is collecting will reduce the potential for backdoor, warrantless searches. It won't eliminate the possibility of these backdoor searches, though, and this decision from the NSA might just be temporary until they figure out a way to resolve the problem of incidental collection of unrelated emails. Section 702 of the Foreign Intelligence Surveillance Act, which sets up some of the rules and authorization for this data collection, will sunset this year unless Congress renews it. Privacy and civil rights advocates would like to see reforms to 702 to better protect Americans from unwarranted snooping. This change helps a touch, but there's still going to be a push to try to stop those backdoor searches. More about Section 702 reforms and federal surveillance issues were discussed in a recent South by Southwest panel moderated by yours truly. Listen in on that lively talk here. LATE-BREAKING: Here's the NSA's official formal announcement confirming Savage's report.[...]



Australian Police Admit Illegally Snooping on Journalist

Fri, 28 Apr 2017 13:15:00 -0400

Today we have a reminder from Australia that when government collects massive amounts of private information abuse ultimately follows. The Australian Federal Police (AFP) admitted today that an officer illegally accessed a journalist's call records (metadata) in order to track down a source who was leaking confidential police information. Remarkably, the AFP commissioner then subsequently described the breach in a press conference as a result of "human error." Clearly it was not some sort of mistake that a police officer just happened to get his or her hands on this information. What he really meant was that the proper rules were not followed. Apparently the investigator "failed in their obligation to know the law," the commissioner stated, according to The Guardian. But he also laid some of the blame on "the system," the extremely familiar argument that this is all a "training issue." The timing is particularly interesting. In 2015 Australia passed a law mandating communication companies collect and store the metadata from their customers for two years so that authorities can access it. It was sold to Australians as a mechanism to fight terrorism and crime, just as similar mass surveillance authorities have been sold to citizens in other countries. Media companies and journalists were worried that police would access their data in precisely this way. So the law included a provision that required police to get a warrant to access the metadata of journalists. Mind you, the journalist would not be informed that the police had requested or received access to said metadata, but at least there would be an additional layer of oversight. But even that didn't happen here. The AFP official did not get a warrant. Furthermore, despite the breach of the law, they have not identified or told the journalist who was affected due to the ongoing investigation. The metadata has been destroyed, but the commissioner acknowledged that the officer who violated the law cannot unsee the information. He also said the officer would likely face no discipline because there was no "ill will or bad intent." While the law was passed two years ago, the full data retention orders were just formally implemented just weeks ago in order to give internet and telecom companies time to comply. Media and privacy advocates in the country are appalled. From The Guardian: The Human Rights Law Centre legal advocacy director, Emily Howie, told Guardian Australia the breach showed that the metadata powers were putting "press freedom at risk". "The fact that police can so easily access a honey pot of personal information at any time surely has a chilling effect on free speech," Howie said. "Let's not forget that it is not only journalists whose metadata might be accessed. "Australia's metadata regime is the most oppressive in the western world. It effectively allows law enforcement bodies to watch everybody, all of the time, without them knowing." It's also a reminder that metadata reveals an awful lot about who we are and what we're doing. Government officials who support this type of metadata collection are constantly reminding citizens that they're not eavesdropping on actual conversations or reading the content of emails. But in this case, just the government's access to a list of people who spoke to a journalist over a specific time frame has the potential to implicate them. Metadata is useful to the government entirely because it does actually reveal private behavior. Libertarian (technically Liberal Democratic) Australian Senator David Leyonhjelm had been warning about expanding the government's access to citizen metadata back in 2014 when he joined the Senate. In response to this latest breach he told the Australian Associated Press the laws were fundamentally wrong, and "Governments are supposed to serve the people, not treat them as presumptive criminals." Note that this sort of government snooping on journalists is one of the major reasons why or[...]



Hot Girls Wanted: Exploiting Sex Workers in the Name of Exposing Porn Exploitation?

Wed, 26 Apr 2017 13:45:00 -0400

Actress and porn-skeptic Rashida Jones has followed up her controversial 2015 documentary Hot Girls Wanted with a six-part docu-series on the same theme. The Netflix-original show—Hot Girls Wanted: Turned On—was released last week, earning high-profile coverage from entertainment and women's media and mostly glowing reviews. Yet in their rush to expose exploitation in adult entertainment, were Hot Girls Wanted producers indifferent to their own impact? In the past few days alone, a host of porn performers and producers have come forward with allegations of unethical practices, from using sex workers' images in the series without their consent to lying to them about the nature of the series and Jones' involvement in it. Several adult-film workers involved with the series claim they were mislead about who was behind the project. The original movie's moralizing, breathless, and often biased take on the porn industry made it anathema among adult entertainers, and these workers say they would not have participated in the series had they known it was from Rashida Jones or other producers of the original. "A few people in the adult industry have expressed disappointment in my facilitating their involvement in the Netflix docu-series project," author and porn performer Tyler Knight wrote in an Instagram post earlier this week. They were mainly upset that he did not "disclose the involvement of Rashida Jones." But Knight claims he didn't know that Jones was at all involved—in fact, he had specifically been told otherwise. I asked members [of] the production several times. The producers lied. Flat out. And "it was under this false pretense that they sought access to people and productions, from the top-level directors to new talent, who would otherwise have declined had they been informed," Knight wrote. Porn producer and performer Jay Taylor concurred with Knight. "They lied about the nature of the project to get us to sign releases," Taylor told me Tuesday on Twitter. "We ASKED if it was HGW, and they swore up and down it wasn't." "They said it wasn't even going to be hot girls wanted," chimed in porn star Gia Paige. "They just know how turned off we all were by that so it was a ploy." "To our studio they said, 'it doesn't have a name yet'" said the folks at lesbian porn company Filly Films yesterday. "Wondering if they knew the whole time?" I reached out to Herzog & Company, the group behind Hot Girls Wanted Turned On, for a comment but have not heard back. My outreach to series director/producers Jill Bauer and Ronna Gradus was also unsuccessful, as were attempts to communicate with the @HotGirlsWanted Twitter account or executive producer Peter Logreco. On Tuesday, I was able to reach the person listed on Hot Girls Wanted website as the official press contact. But he said that while he had worked on the original documentary he was not affiliated with the current series, and repeatedly demanded to know what why I was "trying to get all investigative." The image claims first surfaced on Twitter last weekend, when someone shared a screenshot from the series with users @effy_elizabeth ("Effs") and @_AutumnKayy. It showed both womens' faces visible in episode six, though neither had been part of the production. The footage was from a short clip they had posted with the video-streaming app Periscope. "Uh y'all better get royalties if that is real," one Twitter user responded. "It is real," Effs replied, "we weren't even told it was happening." When Effs and Autumn reached out to @HotGirlsWanted via Twitter, the account responded: "Hi, yes, happy to discuss further. We can put you in touch with our production company so they can explain fair use." That the content falls under copyright law's "fair use" doctrine is probably correct—it was posted publicly to Periscope, and the portion used in Hot Girls Wanted was short. And while courts are instructed to considered "whether the use could c[...]



Border Agents Misuse Customs Regs to Try to Unmask ‘Rogue’ Twitter Account (Update: Attempt Withdrawn!)

Fri, 07 Apr 2017 12:20:00 -0400

Agents from U.S. Customs and Border Protection (CBP) are attempting to force Twitter to reveal the real name of an account user. Twitter is taking them to court to try to stop them, and the American Civil Liberties Union (ACLU) has jumped on board to represent the user him or herself to protect their anonymity. Is this somebody accused of human trafficking? Maybe some violent drug smuggler? Some criminal CBP is responsible is trying to take down? No, it doesn't seem so. In fact, CBP doesn't seem to have provided any evidence at all of criminal wrongdoing when it faxed over to Twitter an order to turn over private info from an account. From all appearances they're trying to unmask a trouble-maker (or several of them) claiming to be rebellious immigration officials who oppose President Donald Trump's massive deportation and border control efforts. The account CBP is trying to get the goods on operates under the handle @ALT_uscis and the name "ALT Immigration." It is one of several Twitter accounts that popped up after Trump's inauguration claiming to represent officials at various federal agencies intending to resist Trump's agendas from within. To be clear, though: This doesn't mean these Twitter accounts actually are run by federal employees with inside information. Anybody can claim to be anything on the Internet. Many of these "rogue" accounts are likely to be totally fake. But in the event this Twitter user actually is real, at least two CBP agents are trying to find out who he is. According to a lawsuit filed yesterday in Northern California on behalf of Twitter, the agents didn't even bother to claim that the Twitter account was connected to criminal activity. Instead, they used what is obviously some boilerplate customs text used to examine import records. That's actually the federal regulation they invoke as well—according to the lawsuit, the CBP agent invoked a federal law designed to permit the feds to crack open a business's books to investigate data connected to importing goods as an authority to demand Twitter reveal an account user's name. So Twitter is both resisting to protect the anonymity of its users from unmasking that is tied to no criminal complaint whatsoever and also pointing out that this is not the federal code used when the government does have what it believes to be a legitimate reason. There is, given the circumstances, a desire to want to raise an eyebrow at the Trump administration right now because of its outrage that the identities of members of Trump's transition team may have been unmasked in intelligence reports connected to surveillance of foreign officials. Media coverage of this weird little fight is heavy on emphasizing that Twitter is suing the "Trump administration" in order to suppress the order to reveal the user's identity. But it would not and should not come as a surprise—given the general incompetence in how the demand was administered—if we were to discover that these CBP agents were acting on their own and that this whole effort doesn't actually go that far up the chain of authority. In the end, this feels more reminiscent of petty local government and police officials attempting to reveal the names of people who operate web sites or Twitter accounts that anonymously mock them. Remember how the mayor of Peoria, Illinois, sent out the police to arrest the guy who operated a parody Twitter account that made fun of him back in 2014? He refused to acknowledge he did anything wrong. He was just reelected mayor earlier in the week, incidentally. It wouldn't come as a surprise if a judge struck down the CBP agents demand for information here given the misapplied federal regulations. It also wouldn't come as a surprise if CBP quietly withdraws or drops the order. It is nevertheless a very important reminder of how petty government officials are and exactly why it's important that Americans protect their right to k[...]



You Don’t Have to Be a Foreigner to Have Privacy Violated by Trump’s ‘Extreme Vetting’

Tue, 04 Apr 2017 15:45:00 -0400

Lest we need a reminder that the Donald Trump administration's support for tech privacy seems limited to the members of the Trump administration, take note of how a proposed "extreme vetting" plan from the Department of Homeland Security (DHS) would blow back on U.S. citizens. A proposal has been referenced before, but a Wall Street Journal story today has DHS officials explaining more specifically that they want to try to force travelers to the United States to disclose the contacts and communications on their phones and provide access to their social media accounts and financial records in order to visit the United States. This is not a plan just for anybody trying to move here from a war-torn country or a refugee seeking sanctuary for long periods. The administration is considering demanding (or at least reserving the authority to demand) this information from any foreign travelers attempting to come to the United States, even for short visits and even from friendly countries. From the story: The goal is to "figure out who you are communicating with," the senior DHS official said. "What you can get on the average person's phone can be invaluable." A second change would ask applicants for their social-media handles and passwords so that officials could see information posted privately in addition to public posts. DHS has experimented with asking for people's handles so they can read public posts, but not those restricted to friends. This naturally would then also include potentially private communications with and private information about American citizens. A traveler from another country who happens to be a friend of yours could be required to pass along private information about communications with you to the government in order to gain entry. So at the exact same time that the Trump administration is complaining about the incidental collection of private communications data of his transition team earlier in the year, they're perfectly fine with implementing policies that would lead to dramatic increases in the amount of incidental collection of your personal data. Meanwhile, there's been a noted increase in attempts by federal officials to gain access to phones and tech devices of even American citizens traveling across the borders, not just foreign visitors. This trend preceded the Trump administration but shows no sign of stopping. Sen. Ron Wyden (D-Ore.) has previously said he wanted to introduce legislation that would stop the feds from searching the phones of Americans without warrants and to prohibit the government from demanding that Americans provide access to phones in order to regain entry. Wyden is now introducing that bill, assisted by Sen. Rand Paul (R-Kentucky) in the Senate, and Reps. Jared Polis (D-Colorado) and Blake Farenthold (R-Texas) in the House. From Buzzfeed: Wyden, Paul, Polis, and Farenthold say that some law enforcement agencies have asserted "broad authority to search or seize digital devices at the border without any level of suspicion" using an exception to the Fourth Amendment that covers border searches. They argue that searching devices — even after obtaining permission to do so — is a "massive invasion of privacy without physical analogs and should be strictly controlled." The bill would require law enforcement to establish probable cause before searching or seizing a phone belonging to an American. "Manual searches," in which a border agent flips through a person's stored pictures would be covered under the proposed law as well. But the bill does allow for broad emergency exceptions. "The government should not have the right to access your personal electronic devices without probable cause," Rep. Polis told BuzzFeed news in a statement. "Whether you are at home, walking down the street, or at the border, we must make it perfectly clear that our Fourth Amendment protections extend regar[...]



Sen. Rand Paul Wants to Use Fight over Trump Snooping to Pass Surveillance Reforms

Tue, 04 Apr 2017 12:45:00 -0400

Wouldn't it be wonderful if Reason, not beholden to either the Donald Trump administration or the previous Barack Obama administration, could tell you exactly what to take away from Eli Lake's Bloomberg report that former National Security Adviser Susan Rice requested the names of American citizens who showed up in foreign intelligence reports connected to the Trump transition team? The reality is, beyond the blustering politically motivated outrage from one side and the politically motivated cool dismissal from the other (you can guess which side is which), it's tough to interpret even basic facts here, and that's part of the problem. Lake has been careful with his reporting on the various controversies and agendas coming into play in this heavily politicized fight. Yet even he got tripped up when Rep. Devin Nunes misled him and said the White House was not the source of the classified info that the private communications between Trump's team and foreign officials had been incidentally collected. Subsequent reporting from The New York Times determined that the sources were indeed in the White House. What we can say is that, assuming that Rice did indeed request the names be unmasked, there are a number of potentially legitimate reasons for her to have done so (particularly if there's an investigation into potential criminal behavior by the foreign targets of surveillance) and it was likely legal. It also doesn't mean that she must have been responsible for leaking anything that she saw. This afternoon she denied leaking any information in an interview with MSNBC. But if there's distrust of Rice's motives here from Republicans, conservatives, libertarians or really anybody concerned about the nature of the surveillance state, Rice has certainly earned it. Rice most infamously, following the deadly attack on America's consulate in Benghazi, Libya, took to Sunday morning talk shows to lay the blame on an anti-Muslim YouTube video as an inciting factor to downplay the possibility that the U.S. had been caught unprepared for an attack. Her deliberately misleading comments should be seen as self-serving party hackery. To assume Rice's objectivity here is to ignore the full context of her record. Let's be clear though: It's entirely likely for Rice's unmasking request to be legal and commonplace and also partly politically motivated. A lot of this battle over intelligence community surveillance revolves around false choices driven before the public by people with agendas. It is possible to believe that it is absolutely legitimate for the intelligence community to be investigating whether there are ties between Trump's team and the Russian government in the breach of private Democratic Party communications last year and yet still be deeply concerned about politically driven leaks intended to influence domestic politics. Likewise it is possible to believe that what Rice did was legal—even commonplace—and question why that is or whether such practices should continue. If we are concerned at the ability of America's intelligence apparatus being misused for political purposes (and we should, because, you know, history), now is a good time to act. It just so happens that some of the foreign surveillance authorities that may have been misused here are scheduled to sunset this year unless Congress acts. And privacy advocates are hungering for reform to better protect Americans from having their information inappropriately collected and their identities "unmasked" for reasons that have nothing to do with national security or fighting terrorism. Among those advocates is Sen. Rand Paul (R-Kentucky) who has fought to try to keep the feds from engaging in unwarranted surveillance of Americans. Paul got media attention for golfing with President Trump over the weekend and yesterday had a short press conference to talk mos[...]



Guns, Privacy, and Freedom Benefit From New Tech Tools

Tue, 04 Apr 2017 00:01:00 -0400

As it turns out, if you want to be a successful subversive, you probably shouldn't take on the moniker "Dr. Death" as you publicly tout your establishment-challenging ways. That's what Daniel Crowninshield did with regard to the unfinished firearm receivers he sold, to be completed on computer numerically controlled (CNC) mills in his North Sacramento, California, machine shop. Theoretically, customers operated the mills themselves, making the finished firearms legal. But an undercover agent insisted that shop employees did the honors, and Crowninshield got three and a half years in prison. What's remarkable about this story isn't just Crowninshield's excessive enthusiasm in marketing his services, however. More important is what this story illustrates about the unenforceable nature of laws that people find oppressive—and the growing vulnerability of such restrictions. Strictly speaking, Crowninshield's act of defiance was old-school; while he apparently used computer-controlled machines, there's no reason trained machinists couldn't have cranked out those receivers using traditional tools and their own skills—except, that is, for the (not so, as it turned out) plausible deniability that they were being operated by untrained customers. There was enough demand for such services that there was sometimes a line outside Crowninshield's shop, according to an undercover agent. AR-15 receivers invisible to government scrutiny, "in the hundreds at a minimum," were supposedly cranked out at that one North Sacramento operation. But enthusiasts actually can and do personally operate Cody Wilson's push-button Ghost Gunner CNC mills—which Wired described as "absurdly easy to use." Again, there's enough demand for such services that hundreds of the high-tech machines have been sold, putting the manufacture of finished firearm receivers within reach of people who don't have machinists' skills. And there's no way of knowing how many finished receivers have been quietly knocked out on the devices after they're delivered. Which was the whole reason Wilson developed the Ghost Gunner, after demonstrating that a working, if simple, pistol could be created on a 3D printer. Of course, this isn't just about things that go bang. Several years ago, Wilson teamed up with fellow crypto-anarchist Amir Taaki to develop DarkWallet, a Bitcoin wallet intended to add an extra layer of anonymity to the virtual currency so that financial transactions could more effectively evade official scrutiny. Development of DarkWallet briefly stalled as Taaki disappeared for a while on a lower-tech mission to shoot at ISIS troops on behalf of the Rojava enclave in northern Syria. But with Taaki back (though under investigation by British authorities over his Syrian adventure), the software is now available in beta form. "I believe in the hacker ethic," Taaki said about not just DarkWallet, but his overall philosophy. "Empower the small guy, privacy and anonymity, mistrust authority, promote decentralized alternatives, freedom of information," he says. "These are good principles. The individual against power." For good reason, Wilson and Taaki play central roles in Adam Bhala Lough's The New Radical, a documentary about activists who push the boundaries of technology that empowers individuals against the state. The film received a mixed reception at the Sundance film festival, the Los Angeles Times noted in January—not because of its quality, but because comfortably liberal attendees who like to think of themselves as the good guys realized they were among the targets of anti-authoritarians who look "to create fundamental political change by pushing for one or more of the following: an eradication of intellectual-property laws, radical free speech, fierce encryption to protect that speech, anonymous money (basically, di[...]



TSA Punishes Boy Who Left a Laptop in His Backpack With a Prolonged Pat-Down

Wed, 29 Mar 2017 11:16:00 -0400

(image) Suppose you forget to remove your laptop from your carry-on bag while passing through security at a U.S. airport. How should the TSA "resolve" that issue?

You might think the resolution would involve sending the laptop through the scanner again, this time in its very own bin. It might also include swabbing the laptop to see if it tests positive for explosive residue, based on the dubious supposition that a terrorist with a bomb in his laptop would invite such scrutiny by flouting the well-known rule regarding portable computers. But even that extra measure seems downright sensible compared to what a TSA agent at the Dallas/Fort Worth International Airport did on Sunday after a 13-year-old boy mistakenly left his laptop in his backback: He repeatedly patted the boy down, paying extra attention to his thighs, buttocks, and waistband, even though the kid had passed through the body scanner without setting off any alarms.

In a Facebook post that has elicited considerable outrage, the boy's mother, Jennifer Williamson of Grapevine, Texas, says he has a sensory processing disorder that makes him especially sensitive to being touched. She therefore asked if he could be screened in some other way, which of course was simply not possible. Williamson's video of the pat-down suggests the boy reacted with more equanimity than his mother, who described the experience as "horrifying." It is especially puzzling that the agent seems to have completed the pat-down a couple of times, only to feel the same areas again. The TSA says the examination, which took about two minutes, was witnessed by two police officers "to mitigate the concerns of the mother."

Williamson evidently did not find the cops' presence reassuring. "We had two DFW police officers that were called and flanking him on each side," she says. "Somehow these power tripping TSA agents who are traumatizing children and doing whatever they feel like without any cause need to be reined in." Several hours later, she says, her son was still saying, "I don't know what I did. What did I do?"

In addition to the pat-down, the TSA screened "three carry-on items that required further inspection." Williamson says she and her son missed their flight because all the extra attention delayed them for about an hour. The TSA says it was more like 35 minutes. Or maybe 45. According to CBS News, "The TSA said the procedures performed by the officer in the video met new pat-down standards that went into effect earlier this month." The TSA told CNET "all approved procedures were followed to resolve an alarm of the passenger's laptop."

The problem, in other words, is not "power tripping TSA agents" who get their jollies by feeling up boys. The problem is the protocol, which makes no sense and, judging from most of the comments in response to Williamson's post, is not even effective as security theater.




Anti-Abortion Activists Face Dubious Eavesdropping Charges in California

Wed, 29 Mar 2017 09:15:00 -0400

Yesterday California Attorney General Xavier Becerra announced 15 felony charges against two anti-abortion activists, David Daleiden and Sandra Merritt, in connection with their hidden-camera recordings of conversations with Planned Parenthood employees they sought to implicate in the illegal sale of fetal tissue. "The right to privacy is a cornerstone of California's Constitution, and a right that is foundational in a free democratic society," Becerra declared. "We will not tolerate the criminal recording of confidential conversations." The right to freedom of the press, which Daleiden and Merritt claim they were exercising, is also foundational in a free democratic society, and it conflicts with California's dubious definition of the right to privacy. That conflict is especially troubling when law enforcement officials use privacy as a pretext to attack political opponents, which is what seems to be happening in this case. Federal law and the laws of 38 states (as well as the District of Columbia) allow any participant in a conversation to record it, with or without the consent of the other parties. California, by contrast, requires the consent of all parties. Recording a "confidential communication" without the consent of all parties is a crime that can be charged as a misdemeanor punishable by up to a year in jail or as a felony punishable by up to three years in prison. The felony charges against Daleiden and Merritt include 14 secretly recorded conversations, plus a conspiracy charge. Daleiden told The Washington Post he plans to argue that the conversations did not qualify as "confidential" because no party had a reasonable expectation that the discussion would not be overheard. On July 25, 2014, for instance, Daleiden and Merritt, posing as representatives of the fictitious Fetal Tissue Procurement Company, met with Deborah Nucatola, Planned Parenthood's senior director of medical services, over lunch at a Los Angeles restaurant. While testifying before the House Oversight and Government Reform Committee in September 2015, Planned Parenthood's president, Cecile Richards, said she had told Nucatola "it was inappropriate to have a clinical discussion in a nonconfidential, nonclinical setting." Other Planned Parenthood videos posted by Daleiden's Center for Medical Progress were also recorded in public settings, such as restaurants and conferences. In 1999 a California appeals court ruled that NBC News producers did not violate California's wiretapping law when they secretly recorded a lunch meeting at a Malibu restaurant, since the targets, executives of a company that allegedly sold fraudulent toll-free numbers, "had no objective expectation of privacy in their business lunch meeting." The court noted that one of the executives conceded he "did not say anything he thought was a secret," that the meeting involved a standard sales pitch, and that the executives showed no reticence around the restaurant's staff. According to the Digital Media Law Project's explanation of California's law, however, the setting of a conversation is not necessarily dispositive. "If you are recording someone without their knowledge in a public or semi-public place like a street or restaurant," it says, "the person whom you're recording may or may not have 'an objectively reasonable expectation that no one is listening in or overhearing the conversation,' and the reasonableness of the expectation would depend on the particular factual circumstances. Therefore, you cannot necessarily assume that you are in the clear simply because you are in a public place." Daleiden suggested another possible defense in an email to the Associated Press. "The public knows the real criminals are Planned Parenthood and their business partners," he said. Californi[...]



Another Terror Attack Leads to Yet Another Government Assault on Your Right to Tech Privacy

Mon, 27 Mar 2017 13:05:00 -0400

After Khalid Farood launched a terrorist attack in Westminster, England, last week, killing four before getting killed himself, officials made it clear that Farood was not on the government's radar as a potential threat. While the details of the case are still under investigation, the theory at the moment coming out of Scotland Yard and investigators was that he was a lone attacker that self-radicalized. Farood did have a previous criminal record, but he was not seen as a terrorist threat, and it's not even clear yet whether he should have been. In response to the attack, Prime Minister Theresa May gave a short speech talking about how the United Kingdom's commitment to Democracy, freedom, human rights, and rule of law made them targets, but "Any attempt to defeat those values through violence and terror is doomed to failure." Then, over the weekend, her own administration took to the media to demand that citizens abandon those freedoms and human rights to serve the government's interests. Specifically, Amber Rudd, home secretary (the leader of the U.K.'s various national security and policing agencies) went to the press to complain about encryption as a threat to national security, though there's absolutely no evidence that encryption played any role in the failure to predict or prevent this attack. The targets here are communication tools like WhatsApp, which has end-to-end encryption that has the potential to thwart investigators. Authorities are trying to determine whether Farood communicated with anybody through encrypted messaging, but this is after-the-fact research. Whether or not authorities could have penetrated Farood's encryption wouldn't have prevented the attack because, again, he wasn't considered a terror threat. Nevertheless, the fact that Farood might have had a way to communicate without the government being able to access it is again bringing up the decades-long fight by officials to try to prevent citizens from communicating secretly. Rudd is insisting that she wants these communication apps to assist the government in bypassing encryption on demand in order to assist government investigations. We've seen these arguments a lot, both out of the United Kingdom and in the United States. The leaders of both, May and President Donald Trump, are open supporters of mass surveillance and have shown very little respect for citizen privacy. Rudd, like many of these anti-encryption officials, insist that they don't want to totally destroy our tech privacy but simply demand that tech companies assist government to gain access to targeted people's communications when they have proper warrants. The problem remains—and Rudd, like other government officials, refuses to acknowledge or engage with it—that there's no such thing as an encryption back door or bypass that can only be used by the "proper" authorities. Any bypass can be cracked by hackers, be they criminals or foreign government officials who don't have the United Kingdom's commitment to "human rights." Fortunately, Rudd is getting pushback from privacy activists (and even other officials) in England. From The Guardian: Brian Paddick, the Liberal Democrat home affairs spokesman and a former deputy assistant commissioner in the Metropolitan police, said that giving the security services access to encrypted messages would be "neither a proportionate nor an effective response" to the Westminster attack. "These terrorists want to destroy our freedoms and undermine our democratic society," he said. "By implementing draconian laws that limit our civil liberties, we would be playing into their hands. The United Kingdom has, unfortunately, already recently implemented draconian surveillance laws in the Investigatory Powers Act, which doe[...]



Banks Flagging Frequent Pharmacy Trips, Bulk DVD Rentals, and Other Ordinary Activity to Turn Over Tips to Government Snoops

Mon, 27 Mar 2017 08:32:00 -0400

American and British banks are monitoring customers' contraception purchases, DVD-rental frequency, dining-out habits, and more in a misguided attempt to detect human traffickers, according to a new report from the British think-tank Royal United Services Institute (RUSI). Their intrusive and ineffective efforts come at the behest of government agencies, who have been eager to use asset-forfeiture powers against suspected human-trafficking rings. There are just a few problems: sophisticated trafficking operations are generally wise enough not to do suspicious business through U.S.- and U.K.-based consumer banks. And without any obvious or majorly suspicious activity to flag, bank executives have had to get creative, coming up with improbable or absurd metrics that might indicate labor- or sex-trafficking. This, in turn, exposes all sorts of innocent bank customers—including but certainly not limited to adults engaging in consensual sex work—to privacy invasions and potential involvement with the criminal justice system. The U.S. and U.K. banks RUSI researchers interviewed said they were happy to help law enforcement prosecute human traffickers and had little problems turning over financial records for people already arrested or under investigation. But proactively finding potential traffickers themselves proved more difficult. As RUSI explains, "the often unremarkable nature of transactions related to" human trafficking made finding criminals or victims via transaction monitoring a time-consuming and unfruitful endeavor. Yet financial institutions are boxed in by regulations that threaten to punish them severely should they participate in the flow of illegally begotten money, however unwittingly. The bind leaves banks and other financial services eager to cast as wide a net as possible, terminating relationships with "suspicious" customers, monitoring the bank accounts of people they know, or turning their records over to law enforcement rather than risk allegations of not doing enough to comply. Thus far, American and British regulators have given financial firms some guidance on the type of activity to flag, but this guidance has been vague and open to broad interpretation. Banks have carved out varied policies based on this, sometimes also soliciting tips and training from "modern-slavery"-awareness groups. The majority of financial firms RUSI communicated with were "from the Americas (the US in particular)," and had already taken "significant steps" to engage with the issue of human trafficking through monitoring and flagging customer accounts. In 2014, U.S. banks filed 820 suspicious-activity reports with the feds in which the phrase human trafficking appeared (accounting for 0.1 percent of all criminal-suspicion reports), but the Financial Crimes Enforcement Network (FinCEN) saw a "tremendous jump" following the release of a related advisory in fall 2015, according to Adam Szubin, former under secretary for terrorism and financial intelligence with the U.S. Treasury Department and now acting secretary of the Treasury. So what sorts of activity is being flagged? Cheap travel, online advertising, and large grocery bills: One U.S. bank told RUSI that they monitor frequent travel on cheap airlines; regular payments to classified-ad sites such as Backpage.com; and "unusual shopping patterns." As examples of suspicious shopping activity the bank implicated frequent large supermarket bills or bulk DVD rentals. Sure, such things could simply indicate large families, frequent entertaining, or lack of access to high-speed internet and streaming services—but bank staff said it could also indicate someone holding others in captivity and, as RUSI puts it, "endeavouring to o[...]



Reason at SXSW: What Can Americans Do About Government Snooping? (Podcast)

Fri, 24 Mar 2017 09:32:00 -0400

(image) Has Donald Trump's claim that Obama secretly wiretapped him at Trump Tower made government surveillance a hot topic again?

At this year's South by Southwest conference in Austin, Texas, Reason put together a panel of experts to discuss "Get a Warrant: The Fourth Amendment and Digital Data." The panel discussed important current surveillance and privacy issues in play right now and specifically focused on the role Congress plays in helping establish limits to authority and how citizens (and people attending the panel) can push for reforms.

I served as the moderator and was joined by Sean Vitka, director of the congressional Fourth Amendment Caucus' Advisory Committee, Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, and Mike Godwin, well-known media/Internet lawyer, Reason contributing editor, and inventor of Godwin's Law.

The topics of the hourlong discussion range from warrant protections for old emails, border searches of tech devices, continued unwarranted federal surveillance of Americans, and an explanation of what Trump's wiretap fears mean for the rest of us.

Click below to listen to the conversation—or subscribe to our podcast at iTunes and never miss an episode.

src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/314107222&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true" width="100%" height="450" frameborder="0">

Don't miss a single Reason podcast! (Archive here.) Subscribe, rate, and review!

Follow us at Soundcloud.

Subscribe to our video channel at iTunes.

Subscribe to our YouTube channel.

Like us on Facebook.

Follow us on Twitter.