Subscribe: Privacy
Added By: Feedage Forager Feedage Grade B rated
Language: English
access  court  data  department  encryption  government  information  justice department  privacy  supreme court  surveillance  warrant 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Privacy


All articles with the "Privacy" tag.

Published: Fri, 20 Oct 2017 00:00:00 -0400

Last Build Date: Fri, 20 Oct 2017 22:38:43 -0400


Federal Court Ponders Constitutionality of Prostitution Ban

Fri, 20 Oct 2017 13:22:00 -0400

A federal court heard arguments yesterday challenging California's criminalization of prostitution, in a case that could have implications for sex work laws across the nation. Brought by the Erotic Service Providers Legal, Education, and Research Project (ESPLERP), the constitutional challenge claims that California's prostitution laws violate residents' right to privacy, free speech, and free association. "Our hope is to see this bad law struck down," said ESPLERP President Maxine Doogan, "so that consenting adults who choose to be involved in prostitution are simply treated as private citizens again, and are afforded all the privacy and constitutional rights thereof." During oral arguments before Ninth Circuit Court of Appeals judges Thursday, ESPLERP attorney Louis Sirkin stressed that the case "is not about sex trafficking, it's not about the abuse of women, and it's not about the abuse of minors. It is about consenting adults that voluntary want to work in the sex for hire industry." Dozens of civil rights, public health, and LGBTQ groups have filed briefs in support of ESPLERP's challenge, including the American Civil Liberties Union of Southern and Northern California, the California Women's Law Center, the anti–sex trafficking group Children of the Night, the First Amendment Lawyers Association, the National Center for Transgender Equality, the San Francisco AIDS Foundation, the Woodhull Freedom Foundation, and Lambda Legal. "Lambda Legal's landmark Supreme Court victory in Lawrence v. Texas, the case that struck down laws that criminalized sex between same-sex partners, underscored that our right to liberty protects our decisions about adult, consensual sexual intimacy," says Kara Ingelhart, a Lambda Legal law fellow. "It is merely logical that Lawrence extend to the adult, consensual sexual intimacy that occurs between sex workers and their clients; the fact that money is exchanged shouldn't matter." The Ninth Circuit judges seemed at least somewhat sympathetic to that view. "Why should it be illegal to sell something that you can give away for free?" Judge Consuelo Callahan asked the state's attorney, Sharon O'Grady. She replied that it should be illegal because the legislature declared it so. Judge Carlos Bea suggested that the state's arguments for why it could ban prostitution also would allow California to ban one-night stands. But overall, it might be "a tough panel for petitioners," notes lawyer Amanda Goad, who livetweeted the oral arguments yesterday. Callahan and the other two judges are conservative appointees of George W. Bush and Ronald Reagan. Judge Callahan overtly skeptical from the very beginning of Sirkin's argument -- not a surprise. — Amanda C. Goad (@AGoadEsq) October 19, 2017 J.Callahan making generalizations about sex workers as drug addicts. I didn't think we would get there so fast! #sigh #SexWorkIsWork — Amanda C. Goad (@AGoadEsq) October 19, 2017 Much of the court's focus Thursday was on whether a ban on prostitution implicates adults' sexual liberty and privacy or their right to form intimate relationships as they see fit. The U.S. District Court that heard ESPLERP's challenge last year contended that only "intimate personal relationships," not purely sexual ones, were protected from state interference per the Supreme Court's 2003 ruling in Lawrence. Sirkin pointed out Thursday that, in fact, the men who had been arrested in Lawrence were not in an ongoing relationship. He said that the fundamental right implicated here, as in Lawrence, concerns sexual privacy. O'Grady concedes "you might have an as-applied challenge" if sex work happening "in the privacy of your own home." This is great! — Amanda C. Goad (@AGoadEsq) October 19, 2017 Judge Callahan agreed that a ruling for the right to engage in prostitution seemed like "a natural extension of Supreme Court precedent." At one point, the discussion veered into whether sex workers and their customers could be friends, with the state contending that friends don't pay each other for sex. But judges suggested that a relationshi[...]

Let Police Operate Drones for Emergencies—but with Full Transparency

Wed, 18 Oct 2017 12:30:00 -0400

The Los Angeles Police Department has been given permission by its civilian commission to start testing drone use in the city, despite significant opposition by citizen activists and civil rights groups. By a vote of 3-1 yesterday, with opponents protesting outside, the Los Angeles Police Commission approved a limited program to introduce drones (now often called Unmanned Aerial Systems) to the force. How limited? LAPD Chief Charlie Beck says they're going to purchase just two drones—one to operate and one for backup. Not exactly the start of a massive city surveillance system. The rules for using the drones at the moment are strict. Via the Los Angeles Times: Under those rules, only SWAT officers will be allowed to fly drones during a handful of specific, high-risk situations. They can also be used during search and rescue operations, or when looking for armed suspects who have "superior firepower," an "extraordinary tactical advantage" or who are suspected of shooting at an officer. Each flight must be approved by a high-ranking officer. Any request to fly a drone — whether approved or not — will be documented and reviewed. The Police Commission will also receive quarterly reports that will be made public. For the most part, there are no objections to the rules. Rather, groups like the Southern California chapter of the American Civil Liberties Union (ACLU) don't trust the drone operations will be as limited as the police say and mission creep is inevitable. Staff Attorney Mohammad Tajsar warned in a letter: [T]he LAPD's proposed drone policy does not sufficiently protect the privacy and civil rights of Los Angeles residents. Although the policy circumscribes the permissible uses of drones to eight different situations (including "active shooter incidents" and "perimeter searches of armed criminals"), it does not appropriately define these situations and does not specifically prohibit the department from using them in other circumstances. As a result, the Commission's approval of the draft policy likely opens the door to a broader range of permissible uses of drones at later dates—particularly when the policy does not require the LAPD to return to the Commission for subsequent approval of additional permissible uses. The overwhelming majority of the correspondence the commission received has been in opposition, which makes some sense. This opposition is very much a reflection of a lack of trust in the Los Angeles Police Department. Just this past fiscal year, the department paid out $81 million in settlements for negligent or criminal police behavior. The city borrowed $70 million to keep from having to dip into reserve funds to pay its litigation costs. Does mission creep justify a full ban? If using a drone could reduce risks to police and at the same time not put citizens at greater risk (which is what happens when we allow police to militarize their gear), it's worth doing. Technological solutions that help protect police officers are preferable to some other alternatives, like expanding hate crime laws that increase criminal penalties even further for people who target police. Rather than a ban, consider approaching police drone policy with full transparency. Treat them like body cameras and don't allow police departments to decide the rules for their use. When police break the rules, punish them and throw out any cases that involve inappropriate drone surveillance. The LAPD also has problems with transparency, which may be why the ACLU is unwilling to give them the benefit of the doubt. Beck has put into place a policy (and the city has defended it) refusing to consider police body camera footage to be public records unless a court ordered them to release it. The concern that the LAPD would expand drone use without the public ever knowing about or being able to respond to it is very real.[...]

Justice Department Calls for 'Responsible' Encryption, Which Means 'Bad' Encryption

Tue, 17 Oct 2017 16:15:00 -0400

When the government demands "back doors" that bypass computer and phone encryption, it's calling for measures that weaken citizens' privacy rights and render us vulnerable to hackers. So Deputy Attorney General Rod Rosenstein is trying to reword the demand. In a recent speech at the United States Naval Academy in Annapolis, Maryland, Rosenstein called for "responsible encryption." If you were expecting a new understanding of the importance of secure data privacy, prepare to be disappointed: Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization. Such encryption already exists. Examples include the central management of security keys and operating system updates; the scanning of content, like your e-mails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop. No one calls any of those functions a "back door." In fact, those capabilities are marketed and sought out by many users. It's not true that "no one" calls such functions a "back door." These are all mechanisms by which encryption is bypassed in order to access data. In fact, hackers used his first example in 2016 to demonstrate exactly the danger of encryption back doors. They got their hands on Microsoft's internal security keys for system updates and demonstrated the vulnerability it created, all for the purpose of warning the federal government of what could happen if the "keys" escaped control. In reality, Rosenstein is simply stubbornly demanding the same things the Justice Department, like its counterparts in some other governments, has been demanding all along: for tech companies to find ways to compromise customers' data privacy whenever the government demands their data. And like every government leader who has made this demand, he stubbornly refuses to care that the consequences will render Americans more susceptible to hacking. Remarkably, his same speech discusses ransomware threats that struck hospitals and others back in May without mentioning that this attack (he doesn't even say its name: WannaCry) was the direct result of the National Security Agency losing control of exploits it had stored to infiltrate online security. It was a prime example of the dangers of giving the government the tools to bypass in encryption. Rosenstein concludes his speech by insisting that Americans have no constitutional "right" to "warrant-proof encryption" and that businesses have no "right" to sell it. He gets the concept of citizen rights and government powers backwards. The Fourth Amendment grants the government the power to use warrants to access your private communications or data with cause; it has nothing to say about the limits of our abilities to keep our papers and communications secret. Warrants don't guarantee that the police or investigators will actually succeed. Do we have a constitutional "right" to a "warrant-proof" paper shredder? It's an absurd way to talk about the problem. Could the Justice Department demand that companies that manufacture paper shredders help the government put documents back together if they had a warrant for the contents of shredded documents? Could the Justice Department demand that fireplaces unburn important papers that were the target of a warrant? That toilets unflush any drugs that get dumped in them? Such absurd demands are essentially arguments against physics and chemistry. In this case, as Robyn Greene points out at Just Security, Rosenstein is blaming math: First, it is not true that we are newly experiencing the "advent of 'warrant-proof' encryption." Encryption was not recently invented or discovered, as Rosenstein suggests. Ciphers have been used to secure sensitive communications or information for millennia, including by our founding fathers. The use of full-disc and end-to-end encryption has certainly increased with the advent of the Internet and the adoptio[...]

Supreme Court to Decide if Data Stored Overseas Can Be Demanded with Warrants

Mon, 16 Oct 2017 12:30:00 -0400

(image) The Supreme Court agreed today to hear and rule whether the federal government can demand access to emails and other data files when they are stored in another country.

In United States v. Microsoft Corp., the Department of Justice has been trying since 2013 to get access to emails of a Microsoft customer, looking for evidence this person was involved in drug trafficking.

Some of the suspect's data was being stored on a server in Dublin, Ireland. Microsoft has turned over data stored within the United States, but argued, even with probable cause warrants, the feds did not have the authority to make them hand over foreign-stored info. Privacy advocacy groups, tech companies, and the U.S. Chamber of Commerce are on Microsoft's side here. The Department of Justice and 33 states (and Puerto Rico) are on the other.

Several court rulings have upheld Microsoft's argument, but the full 2nd Circuit Court ruling was split 4-4. This split keeps the ruling in Microsoft's favor, but there's a clear disagreement among judges about the limits of the authority of the Stored Communications Act—the 1986 federal law that oversees forced disclosures of data by third parties like tech companies.

The Justice Department, of course, went full 9/11, arguing limits to their warrant authorities would jeopardize terror investigations. Microsoft, meanwhile, worries about the reaction if the United States sets a bad example here. Via Reuters:

"If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what's to stop the government of another country from getting your emails even though they are located in the United States?" Brad Smith, Microsoft's president and chief legal officer, said in a blog post on Monday.

The Justice Department said in its appeal that the lower court ruling "gravely threatens public safety and national security" because it limits the government's ability to "ward off terrorism and similar national security threats and to investigate and prosecute crimes."

Reuters notes that tech companies are also concerned that customers may not trust the privacy cloud-based computing services if governments could seize their data.

The Justice Department, on the other hand, worries that companies would be able to deprive the government of access to domestic data and communications simply by storing it all overseas. That outcome, frankly, sounds kind of awesome.

This is a highly technical case that will probably produce a fairly specific ruling about Congress' intent with the Stored Communications Act and the limits of what that law authorizes. Do not expect a broad ruling about the either the limits of warrants under the Fourth Amendment nor a revised view of the limits of the Third-Party Doctrine that allows the government to access data about private citizens that is stored by tech companies and private firms.

Read the Justice Department's petition here.

Judge Won't Let Feds Have Full Access to Names of People on Anti-Trump Site

Wed, 11 Oct 2017 15:10:00 -0400

(image) A judge has added new limits to a warrant the Justice Department is using to try to track down the anti-Trump activists who disrupted Inauguration Day activities.

As part of an effort to identify any protester who did anything illegal in D.C. the day Donald Trump was sworn in as president, the Department of Justice served a warrant against the web host DreamHost. The warrant was absurdly broad, attempting to get private data on anybody who had so much as visited, a site used to organize anti-Trump protests. According to the company, the warrant as initially submitted would have required it to hand over the IP addresses of more than a million visitors to the site.

DreamHost announced it was resisting the warrant, calling it an overly broad fishing expedition and a threat to free speech. It certainly could cause a chilling effect if the government were able to simply demand the names of anyone who visited a website critical of the president. Just today, Trump was pretty clearly suggesting that he'd like to find some way to retaliate against media outlets whose reporting he dislikes.

The Department of Justice then retreated and said it would refine the request. Superior Court Judge Robert E. Moran approved a more limited warrant and ordered the Justice Department to put protocols in place to limit access to private information that had nothing to do with a criminal investigation.

Yesterday Judge Moran put out a final order that made it clear he's not going to let the Justice Department just wade through personally identifiable private information without any probable cause. DreamHost will be permitted to redact user information, and the Department of Justice won't be able to access it unless it can show that a particular user is suspected of criminal activity.

"While the government has the right to execute its warrant," Moran noted in his order, "it does not have the right to rummage through the information contained on DreamHost's website and discover the identity of, or access communications by, individuals not participating in alleged criminal activity, particularly those persons who were engaging in protected 1st Amendment activities."

Kudos to DreamHost for putting up a fight here. As a third party host, it's not the one being investigated for misconduct, but it's using the revenue it earns from its customers to help protect those customers' privacy from an overreaching government.

Are the Feds Using Backdoor Searches to Access Your Banking Data?

Fri, 06 Oct 2017 12:15:00 -0400

While civil rights and privacy advocates attempt to try to shut a federal surveillance "backdoor" used to snoop on Americans' communications without a warrant, today a BuzzFeed report warns of the existence of another one involving all our bank accounts. Jason Leopold and Jessica Garrison today report that citizens' banking and financial data are being searched and stored by federal organizations that do not have the authority to do so. For those who have been following the controversies over federal surveillance of Americans, the contours of these allegations will seem familiar: An organization who is supposed to be using its surveillance to track foreign activity is also using its access to snoop on Americans. BuzzFeed reports: At issue is the collection and dissemination of information from a vast database of mostly US citizens' banking and financial records that banks turn over to the government each day. Banks and other financial institutions are required, under the Bank Secrecy Act of 1970, to report suspicious transactions and cash transactions over $10,000. The database is maintained by the Financial Crimes Enforcement Network, or FinCEN, a bank regulator charged with combatting money laundering, terrorist financing, and other financial crimes. Under the law, it has unfettered powers to peruse and retain the data. In contrast to FinCEN, Treasury's intelligence division, known as the Office of Intelligence and Analysis, or OIA, is charged with monitoring suspicious financial activity that occurs outside the US. Under a seminal Reagan-era executive order, a line runs through the Treasury Department and all other federal agencies separating law enforcement, which targets domestic crimes, from intelligence agencies, which focus on foreign threats and can surveil US citizens only in limited ways and by following stringent guidelines. FinCEN officials have accused their counterparts at OIA, an intelligence unit, of violating this separation by illegally collecting and retaining domestic financial information from the banking database. Some sources have also charged that OIA analysts have, in a further legal breach, been calling up financial institutions to make inquiries about individual bank accounts and transactions involving US citizens. Sources said the banks have complied with the requests because they are under the impression they are giving the information to FinCEN, which they are required to do. And then, according to BuzzFeed, this information is getting accessed by CIA and defense officials in circumstances that are not supposed to be allowed. Much like the controversy of the misuse of Section 702 surveillance authorities, this is a case where a whole host of federal agencies are getting unwarranted, secret access to Americans' private data—financial information in this case. Contain your surprise: This behavior preceded President Donald Trump's administration and was happening while President Barack Obama was president. It's another reminder that despite campaigning on openness and transparency, Obama's administration oversaw and encouraged a massive, secretive surveillance apparatus. Read the BuzzFeed story here.[...]

Here's How Some Lawmakers Want to Reform Federal Surveillance. Prepare to Be Disappointed

Thu, 05 Oct 2017 11:50:00 -0400

A first look at a draft version of changes to Section 702 of the Foreign Intelligence Surveillance Act (FISA) reveals modest restrictions on how federal agencies can collect and access Americans' communications without a warrant. The revisions, dubbed the USA Liberty Act of 2017, would require a court order to get access to these communications, unless the requests for access involve investigating terrorism or espionage. That narrows the "backdoor" the government has used to snoop on Americans without warrants, but it doesn't close really close it. Civil rights and privacy rights groups have been fighting for changes, their efforts bolstered by Edward Snowden's revelations about the size and scope of domestic snooping. Neema Singh Guliani, legislative counsel for the American Civil Liberties Union (ACLU), responded to the draft that this revision still leaves open potential surveillance abuses against American citizens: "While the bill contains positive provisions that are an improvement over current practice, it falls short of what is needed to protect individuals from warrantless government surveillance under Section 702. Its most glaring deficiency is that it only partially closes the so-called 'backdoor search loophole.' "The bill would still allow the CIA, NSA, FBI, and other agencies to search through emails, text messages, and phone calls for information about people in the U.S. without a probable cause warrant from a judge. Those worried that current or future presidents will use Section 702 to spy on political opponents, surveil individuals based on false claims that their religion makes them a national security threat, or chill freedom of speech should be concerned that these reforms do not go far enough. One other positive reform in the bill: It would legislatively end the practice of drawing in communications that referenced or were "about" the subject of an investigation, rather than to or from a subject. The NSA had been accessing communications by Americans that mentioned a person they were investigating (without a warrant), even though they are not part of an investigation. Evidence shows they had been scooping up all sorts of communications to which they had no legal access. The NSA decided to end this type of surveillance earlier in the year. This bill would codify an end to the practice until 2023. Section 702 provides some of the authorizations the National Security Agency (NSA) and Central Intelligence Agency (CIA) use to snoop on foreign targets, be they potentially terrorists or other foreign agents. But Section 702 has also been used to secretly collect and snoop on communications by Americans, and the private information used for domestic crime-fighting, all without getting warrants. Section 702 also expires this year, so Congress must act if they want to preserve it. The version being released right now is being pitched by members of the House Judiciary Committee as a compromise between those who want firm Fourth Amendment protections and those who want to keep the federal agencies' broad surveillance authorities. As Dustin Volz at Reuters notes, this draft bill will not be the only proposal on the table. Sens. Rand Paul (R-Ky.) and Ron Wyden (D-Ore.) are expected to introduce a version that would be stricter about demanding warrants to access Americans' communications. Sens. John Cornyn (R-Texas) and Dianne Feinstein (D-Calif.) are expected to introduce a version that does even less than the one detailed here. The Trump administration wants no changes at all and wants Section 702 renewed permanently, even though President Donald Trump claims to have been inappropriately snooped on by the Obama administration. But it seems clear that Congress is not going to renew Section 702 as is, so we'll have to see which compromises win out. Or, perhaps Congressional dysfunction could cause Section 702 to expire entirely. ReasonTV suggested Co[...]

U.K. Official Wants You to Stop Sneering at Her for Trying to Destroy Your Privacy

Wed, 04 Oct 2017 14:00:00 -0400

I'll have to give U.K. Home Secretary Amber Rudd points for bluntly, openly making it clear that the battle between government officials and tech companies over data encryption and privacy is happening because people like her neither understand nor care about the implications of their demands. Rudd, Prime Minister Theresa May, and leaders in other countries have been fighting to force (or just convince) social media platforms, app makers, and other tech companies to make it easier for officials to access private conversations on demand. The aim, they say, is to fight crime and terrorism. At the same time, these companies have been strengthening their encryption in order to protect people from having their private data compromised. Tough-to-break encryption protects people from identity theft and fraud, and we've seen what happens when companies have poor data protection systems. But while everybody is shaking their heads at the terrible data-keeping revelations coming out about Equifax (the latest: Equifax stored consumer data in a non-encrypted format, so hackers who breached their systems were easily able to read the information), Rudd pretty much doesn't care. At an event this week, Rudd said she doesn't understand how encryption works but knows that it can keep the government from accessing data it wants, so Something Must Be Done. From the BBC: [Rudd] insisted she does not want "back doors" installed in encryption codes, something the industry has warned will weaken security for all users, nor did she want to ban encryption, just to allow easier access by police and the security services. Asked by an audience member if she understood how end-to-end encryption actually worked, she said: "It's so easy to be patronised in this business. We will do our best to understand it. "We will take advice from other people but I do feel that there is a sea of criticism for any of us who try and legislate in new areas, who will automatically be sneered at and laughed at for not getting it right." She added: "I don't need to understand how encryption works to understand how it's helping—end-to-end encryption—the criminals. "I will engage with the security services to find the best way to combat that." Rudd was subsequently "sneered at" yet again for not grasping the obvious: Allowing easier access by police and security services into encrypted data inherently involves creating "back doors." It's particularly telling that Rudd wants to make this a debate about how she's being mocked even as she yet again fails to show any actual concern about the security of citizen data. She's being mocked for a reason (as is Australian Prime Minister Malcolm Turnbull, who responded to the encryption debate by saying the laws of mathematics are subservient to the laws of Australia). The mockery is not because she's a rube who doesn't know all the ins and outs of how encryption works. Most people don't and probably never will, even as they depend on it to protect their private information. Rudd and others like her are being mocked because they're constantly, repeatedly refusing to consider or care about the dangers to private citizens when data are not secure. Any tool or mechanism that can be used to bypass cybersecurity can be used by anybody who has access to it (or is able to replicate it). There is no such thing as a tool to bypass data security that only the "right people" can use. Rudd wants to make every citizen of the United Kingdom—indeed, everyone around the world—give up privacy to help fight crime. But her policy would put all of us at a greater risk of crime, and would further expose us to surveillance from people with sinister intentions. Equifax, which failed so terribly to protect U.S. consumers' data, has now received a $7.5 million no-bid contract from the IRS to verify the identities of taxpayers and prevent fraud. Governments alre[...]

Would Data Breach Notification Laws Really Improve Cybersecurity?

Tue, 26 Sep 2017 08:30:00 -0400

Another month, another major hack. This time, the compromise of consumer credit reporting agency Equifax has exposed the personally identifiable information (PII) of roughly 143 million U.S. consumers (not customers!) to outside groups. People are understandably furious, and they want solutions. But we should be wary of quick legislative proposals that promise to easily fix our cybersecurity woes. Our problems with security are deep and hairy, and require lasting solutions rather than short-term Band-Aids. There is no question that Equifax royally botched its handling of the corporate catastrophe. People generally don't have good experiences with credit reporting companies as it is. As a kind of private surveillance body, they collect data on people without permission to determine what kinds of financial opportunities will be available to us. They often get things wrong, which creates unnecessary headaches for unfairly maligned parties who must prove their financial innocence to a large corporate bureaucracy. You'd think that a company whose sole purpose is to maintain credible, secure dossiers on people's financial profiles would make security one of their highest priorities and would have a strong mitigation plan in place for the horrible possibility that they did get hacked. You'd be wrong. While the details of what exactly went wrong at Equifax are still being fleshed out, their incident response leaves much to be desired, to say the least. (The fact that the company's Argentine website had a private username and password that were both simply "admin" does not inspire confidence.) Many people feel that Equifax waited too long to notify affected parties (but Equifax executives made sure to cash out just in time). Even then, Equifax didn't reach out to victims directly, but asked people to visit a sketchy domain and enter more PII to determine whether or not you might be affected, as yours truly apparently was. This kind of arrangement primes people to be vulnerable to phishing scams. Rather than setting up a website that clearly associated it with Equifax—say, ""—Equifax directed people to a separate domain called Illustrating the perils of such a poorly-thought arrangement, Equifax itself promoted a phishing scam in communications to customers, accidentally sending breach victims to a fake notification site called You just can't make this stuff up. There is no question that Equifax screwed up majorly and should be held accountable. Already, federal regulators tasked with overseeing consumer safety and credit—namely, the Federal Trade Commission (FTC) and Consumer Financial Protection Board (CFPB)—are hard at work determining how to proceed. But some feel that this is not enough. Legislators see the Equifax breach as an opportunity to promote data breach notification bills that had trouble getting passed in the past. Specifically, Rep. Jim Langevin (D-R.I.) is pushing forward a new version of 2015's failed Personal Data Notification and Protection Act (PDNPA). An updated version of the bill is not available on Congress' legislation website, but the earlier version would have required businesses that collect PII on at least 10,000 individuals to notify affected parties within 30 days of a security breach. The bill outlines what information and resources the companies should make available to victims and designates the FTC as the enforcer. There are a few exemptions, such as for incidents that would affect ongoing legal investigations or those that are determined to not be a reasonable harm risk to individuals. In terms of helping consumers pick up the pieces after a corporate hack, this kind of path forward seems reasonable. The sooner that people know they are affected by a hack, the sooner they can start changing [...]

Groups File Suit to Stop Warrantless Tech Searches at Borders

Wed, 13 Sep 2017 15:30:00 -0400

The Electronic Frontier Foundation (EFF) and American Civil Liberties Union (ACLU) are suing the federal government to stop warrantless searches of tech devices at border entry points. They're representing 10 United States citizens and one permanent resident. Each has faced demands by Department of Homeland Security officials to hand over or allow access to tech devices, such as phones or laptops, when returning to the country. The officials did not have warrants. None of these plaintiffs were accused of any illegal behavior. But officials nevertheless confiscated and/or attempted to access their devices. Some examples of what they dealt with, courtesy of EFF: Plaintiff Diane Maye, a college professor and former U.S. Air Force officer, was detained for two hours at Miami International Airport when coming home from a vacation in Europe in June. "I felt humiliated and violated. I worried that border officers would read my email messages and texts, and look at my photos," she said. "This was my life, and a border officer held it in the palm of his hand. I joined this lawsuit because I strongly believe the government shouldn't have the unfettered power to invade your privacy." Plaintiff Sidd Bikkannavar, an engineer for NASA's Jet Propulsion Laboratory in California, was detained at the Houston airport on the way home from vacation in Chile. A U.S. Customs and Border Protection (CPB) officer demanded that he reveal the password for his phone. The officer returned the phone a half-hour later, saying that it had been searched using "algorithms." Another plaintiff was subjected to violence. Akram Shibly, an independent filmmaker who lives in upstate New York, was crossing the U.S.-Canada border after a social outing in the Toronto area in January when a CBP officer ordered him to hand over his phone. CBP had just searched his phone three days earlier when he was returning from a work trip in Toronto, so Shibly declined. Officers then physically restrained him, with one choking him and another holding his legs, and took his phone from his pocket. They kept the phone, which was already unlocked, for over an hour before giving it back. Though this lawsuit covers only 11 people, we know that Customs and Border Patrol agents are actually searching thousands of phones and tech devices each month, all without warrants. The lawsuit argues these searches violate the defendants' First and Fourth Amendment rights. It asks the court to enjoin border officials from confiscating or searching anybody's tech devices absent a warrant based on probable cause, and to make them expunge any information they've collected from the plaintiffs' devices. The lawsuit leans on the Supreme Court's decision in Riley v. California in 2014 for support. In that case, the Supreme Court unanimously ruled that a warrant was needed to search a person's cellphone when that person is arrested. Historically, though, courts have given federal authorities much more leeway to engage in warrantless searches near the borders. Read the lawsuit, Alasaad v. Duke, here. Note that some members of Congress are trying to fix this problem legislatively by introducing a bill mandating that border officials get warrants before searching the tech devices of Americans crossing the border.[...]

Congress to Trump: Reform Surveillance Authorities or Lose Them

Wed, 13 Sep 2017 12:15:00 -0400

Federal surveillance authority reforms may be coming, whether the President Donald Trump's administration and the intelligence community likes it or not. To be clear, they do not, despite the Trump's vocal complaining that he was snooped on during the election campaign. Section 702 of the Foreign Intelligence Surveillance Act (FISA), which allows for unwarranted secret surveillance of foreign targets outside of American soil, is set to expire this year. It's a tool for keeping an eye out for terrorist plots as well as foreign espionage. But Section 702 gets messy because sometimes communications and information originating from American citizens gets scooped up in this surveillance. That's what happened to members of Trump's staff during and after his election. When communications from Americans gets caught up in the surveillance, there are procedures to "minimize" both access and exposure of the individuals' identities. But there are also procedures for unmasking and revealing this information, so domestic federal agencies like the FBI are frequently able to access this data and use it for crime-fighting other than foreign terrorism. All of this is happening secretly, without traditional warrants, conflicting with the Fourth Amendment. Reformers want changes to Section 702 before renewal to better protect the rights of American citizens. According to Charlie Savage at The New York Times, the reformers may be winning. A bipartisan group of senators is looking to add some limits to Section 702's authorities: The lawmakers — including the Republican representatives Robert W. Goodlatte of Virginia and Jim Sensenbrenner of Wisconsin, the current and former committee chairmen, and Representative John Conyers of Michigan, the ranking Democrat — have privately agreed to support extending the law, the FISA Amendments Act, through 2023, according to congressional officials who spoke on condition of anonymity to discuss the negotiations. It is set to expire at the end of December. As part of an extension, they also have agreed to push for restrictions on surveillance. Among them is a requirement that F.B.I. agents obtain warrants before searching the program's repository of intercepted messages for information about American criminal suspects. And they want to ban a disputed form of internet surveillance in which the agency collected emails that were about a foreign target of surveillance but neither to nor from that person; the N.S.A. voluntarily ceased that form of surveillance this year but wants to retain the flexibility to turn it back on again. Director of National Intelligence Dan Coats and Attorney General Jeff Sessions said they want Section 702 renewed permanently, without changes. Neither cares about the Fourth Amendment implications. But Goodlatte says the White House does not have the votes in the House of Representatives to get what it wants. And because of the sunset provision, the administration does not have a lot of leverage. All the reformers and the opponents of Section 702 have to do to win is refuse to pass new legislation. The House Freedom Caucus warned back in June they did not support a blanket renewal of Section 702. In that sense, what's happening to Section 702 seems similar to what happened with Section 215 of the Patriot Act. Edward Snowden revealed the abuse of this section and the authorization of the mass collection of metadata about the communications of millions of Americans here within the United States. When it came time for Section 215's renewal, however, Congress didn't have the votes. It expired and was replaced by the USA Freedom Act, which still allows for access to collected metadata from phone communications, but includes stricter search guidelines. So the Trump administration may have to go along with these ref[...]

India's Supreme Court Upholds Privacy As “Fundamental Right”

Thu, 24 Aug 2017 16:02:00 -0400

The Supreme Court of India declared privacy a "guaranteed fundamental right" of citizens Thursday. The landmark ruling, a unanimous 9-0 decision, overturns two previous Supreme Court opinions undermining Indian privacy rights, while its comprehensive language carries far-reaching implications for areas such as LGBT rights. The decision came in response to a lawsuit challenged the implementation of the Indian government's massive biometric data collection scheme, known as Aadhaar, Hindi for "foundation." Initially voluntary, the program was designed to help the government save money and combat corruption by reducing welfare and tax fraud. Over the past eight years, the program collected fingerprints and iris scans from more than a billion citizens, storing them in a high security data center, and issuing those participating citizens a unique 12 digit "UID" number. In recent years, however, Aadhaar faced criticism for becoming increasingly mandatory for citizens to gain access to welfare benefits and routine transactions. Indian citizens now need UIDs to secure certain loans, buy and sell property, file income tax returns, make purchases of $780 dollars or more, apply for railway jobs, or even receive welfare benefits like free midday meals and tuberculosis patient allowances. The program's security has come under fire after a provincial government accidentally leaked over 20,000 Aadhaar numbers. The leak came on the heels of several data breaches and accusations of individuals illegally storing biometric information. The ruling was high-stakes for the personal liberties of Indian citizens under their constitution. Citing previous precedents, the government argued against citizens' right to privacy and bodily autonomy, saying it was the state's prerogative to collect biometric data. Plaintiffs contended Aadhaar provided the Indian government with a detailed profile of citizens' spending habits and personal data, and that it would be all-too-easy for a government not committed to privacy to misuse the data. The Court's reasoning was firmly libertarian, invoking "life and personal liberty" as "inalienable rights" fundamentally "inseparable from a dignified human existence." The Court broadly defended privacy among "family, marriage procreation, and sexual orientation" as "important aspects of dignity." This last definition by the Court is a boon to advocates of decriminalizing homosexuality in India. The opinion left the door open to future legal challenges against existing laws, declaring "the right to privacy and the protection of sexual orientation lie at the core of the fundamental rights guaranteed by Articles 14, 15 and 21 of the [Indian] Constitution." Thursday's ruling represents a significant leap forward for the individual rights of 17 percent of the world's population, who live in the world's largest democracy. As it continues a decades-long process of economic liberalization with a sweeping tax reform, India, unlike China, appears positioned to join the developed world as a liberal nation respectful of personal liberties. That's cause for celebration.[...]

The Justice Department Wants to Know if You've Visited an Anti-Trump Resistance Site

Tue, 15 Aug 2017 11:15:00 -0400

If you've visited, a website that organized folks for the purpose of disrupting President Donald Trump's inauguration events in D.C., the Department of Justice (DOJ) wants to know about it. Whether you were even in D.C. on Inauguration Day is apparently not relevant. In an effort to track down anybody who rioted or engaged in violence on that day, the Justice Department has gotten a search warrant demanding that the site's host company, DreamHost, provide records related to their investigations. It's not unusual for law enforcement agencies try to get records about particular users of sites if they believe these users are engaged in criminal activities. And it's constitutional for them to use warrants to try to track down specific information from or about users suspected of a crime. But according to DreamHost, the warrant the Justice Department is asking for the IP addresses of anyone who has even just visited the site. So the company announced in a blog post yesterday that it's fighting the warrant: The request from the DOJ demands that DreamHost hand over 1.3 million visitor IP addresses—in addition to contact information, email content, and photos of thousands of people—in an effort to determine who simply visited the website. (Our customer has also been notified of the pending warrant on the account.) That information could be used to identify any individuals who used this site to exercise and express political speech protected under the Constitution's First Amendment. That should be enough to set alarm bells off in anyone's mind. DreamHost also argues that the overbroad demand violates the Fourth Amendment's requirement that search warrants identify specifically what the government wants to seize. The government appears to be essentially demanding all of DreamHost's data about, including everything that connects to the site or originates from the site. It's a fishing expedition to see if the feds can connect anybody to the site with any of the actual violence that took place Inauguration Day. Ken "Popehat" White, a former federal prosecutor, warns that this type of search indicates an overt hostility toward anti-government protests: The government has made no effort whatsoever to limit the warrant to actual evidence of any particular crime. If you visited the site, if you left a message, they want to know who and where you are—whether or not you did anything but watch TV on inauguration day. This is chilling, particularly when it comes from an administration that has expressed so much overt hostility to protesters, so relentlessly conflated all protesters with those who break the law, and so deliberately framed America as being at war with the administration's domestic enemies. There will be a hearing on the Justice Department's motion to compel DreamHost to comply with the warrant on Friday.[...]

Use a Cellphone, Void the Fourth Amendment?

Tue, 01 Aug 2017 12:00:00 -0400

In May, the Indiana Supreme Court tackled one of the most pressing questions in modern Fourth Amendment law: When the police decide to use someone's cellphone to track his location, do they need a search warrant to get the data from his cellular service provider?

In Zanders v. Indiana, cops obtained Marcus Zanders' cell site data without a warrant and used that information to trace back his whereabouts during the time periods in which several armed robberies were committed. Those records were later used against Zanders at trial.

Cellphones are "double-edged swords, increasing convenience at the expense of privacy," the Indiana Supreme Court observed. The justices then demonstrated just how expensive the costs to privacy can be. "Zanders presumptively knew that his phone makes and receives calls by sending signals to towers," the decision said, "and that Sprint keeps records of these signals for business purposes like billing and tracking tower usage." Because customers have no "reasonable expectation of privacy" in such records, the court ruled, the Fourth Amendment offers them no protection when the police obtain those records without a warrant.

The state Supreme Court claimed that its hands were tied and that it had no choice but to rule in favor of the police due to controlling U.S. Supreme Court precedents. In Katz v. United States (1967), for example, the Court held that "what a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection." Even more significantly, in Smith v. Maryland (1979), the Court ruled that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties."

This legal standard, also known as the "third-party doctrine," places the Fourth Amendment right to be free from unreasonable search and seizure in direct conflict with the vast warrantless powers that law enforcement agencies now routinely enjoy. Something has to give.

How many Fourth Amendment protections do we forfeit when we use a cellphone? The U.S. Supreme Court will eventually have to face that question. It's high time it gave the third-party doctrine a second look.

Nancy MacLean's Libertarian Conspiracy Theory [Podcast]

Mon, 24 Jul 2017 16:00:00 -0400

Duke University historian Nancy MacLean's new book, Democracy in Chains: The Deep History of the Radical Right's Stealth Plan for America, combines conspiracy theories, accusations of racism, and dire warnings about a libertarian plot to create an American oligarchy. It's a historical story that's a "product of [MacLean's] imagination," with a reading of sources that's "hostile and tendentious to the point of pure error," as Reason's Brian Doherty put in a review we published last week.

In today's podcast, Doherty joins Nick Gillespie, Katherine Mangu-Ward, and Andrew Heaton to discuss how MacLean fundamentally misunderstands her subject matter; this year's Freedom Fest (an annual convention for libertarians in Las Vegas that just wrapped up); conservative-leaning libertarians vs. left-leaning libertarians; the constitutional ramifications of Donald Trump potentially pardoning himself; and whether or not we're living in the panopticon.

Subscribe, rate, and review the Reason Podcast at iTunes. Listen at SoundCloud below:

src="" width="100%" height="450" frameborder="0">

Don't miss a single Reason podcast! (Archive here.)

Subscribe at iTunes.

Follow us at SoundCloud.

Subscribe at YouTube.

Like us on Facebook.

Follow us on Twitter.