Subscribe: Privacy
http://reason.com/topics/topic/198.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
access  americans  bill  communications  data  encryption  federal  foreign  government  privacy  section  surveillance  warrant 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Privacy

Privacy



All Reason.com articles with the "Privacy" tag.



Published: Fri, 24 Nov 2017 00:00:00 -0500

Last Build Date: Fri, 24 Nov 2017 08:46:07 -0500

 



The Good, the Bad, and the Unspeakably Ugly: A Reason Surveillance Reform Bill Primer

Tue, 21 Nov 2017 09:30:00 -0500

Before the year's end Congress needs to decide what it's going to do about Section 702 of the Foreign Intelligence Surveillance Act (FISA), which permits the federal government to engage in surveillance of foreign targets that are not on U.S. soil, secretly and without warrants. Section 702 amendments sunset at the end of the year if Congress does not act to renew it. These amendments were originally passed in 2008 and renewed in 2012. These surveillance authorities have become a source of controversy because it has become increasingly clear to the public that Section 702 has drawn in domestic communications from Americans when they were speaking with (or even just talking about) targets of foreign surveillance. There are "minimization" procedures to limit the ability of intelligence agencies from reading private communications from and by Americans without a warrant, but civil rights groups and surveillance experts have warned FBI and NSA intelligence agents bend the rules with "back door searches" and "reverse targeting" in order to keep tabs of Americans or people on American soil. Intelligence agencies have also engaged in searches "about" a subject of foreign surveillance, in addition to communications to or from the target, futher drawing in communications of Americans. The top concerns here are that the surveillance is done without warrants and overseen by the deliberately secret FISA court. The secrecy is to protect intelligence investigations and anti-terror and anti-espionage efforts. Since the intended targets are not supposed to be American citizens and not on American soil, the Fourth Amendment protections against unwarranted searches are not compromised. But when the feds access and use data from Americans, there are problems. Privacy-minded groups and some supportive lawmakers are looking to reform Section 702 to provide stronger protections for American citizens against unwarranted surveillance. The White House, however, has said they do not want any changes in Section 702, even though President Donald Trump has complained about people in his 2016 presidential campaign having their conversations collected through such surveillance. Below is a useful primer on the three Section 702 bills floating around in Congress, what each bill hopes to accomplish and a subjective assessment of its chances. It's entirely possible all three fail and a renewal with no changes is added to a must-pass, end-of-year omnibus bill. It's also possible Congress will fail to get a renewal approved and Section 702 sunsets. The Electronic Frontier Foundation, among other groups, would love to see Section 702 surveillance authorities go away entirely. But there is little evidence lawmakers are willing to take that political risk at a time of public concern over mass violence or terrorist attack within the U.S. borders. USA Liberty Act of 2017 (H.R. 3989) This is an intended "compromise" bill that has been offered up to rein in the use of unwarranted use of Americans' communications to fight domestic crimes while still allowing some access intended to assist the FBI and NSA in fighting terrorism and espionage from foreign actors. What does it actually do about surveillance? The USA Liberty Act requires federal investigators to get a court order in order to access the content of domestic communications when looking for evidence of a crime. The information accessed must be directly related to an investigation. The bill provides exceptions for getting foreign intelligence information (which is the point of the surveillance authorization in the first place), if the subject qualifies under federal law for an emergency surveillance authorization, or if the target's life is directly threatened and the information may be used to assist them. The bill creates specific procedures to document requests for the "unmasking" of the identity of an American who is referenced in these collected communications. Is it any good? The USA Liberty Act doesn't actually stop a lot of "back door" access to unwarranted domestic surveillance. The restriction on a[...]



The Senate Intelligence Committee Really Wants to Secretly Snoop on Americans

Wed, 15 Nov 2017 13:30:00 -0500

A newly released report from the Senate's Select Committee on Intelligence shows how thoroughly its members are resisting any efforts to protect Americans from unwarranted surveillance. Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments is up for renewal this year, or it expires. Section 702 is intended to be used to authorize federal agencies to surveil communications for foreign targets for anti-terror, anti-espionage, and various national defense purposes. But Americans are increasingly aware that the FBI and National Security Agency (NSA) have been using this authority to engage in domestic surveillance against American citizens for purposes far outside the open intent of the law. They're doing so secretly and without warrants, and Americans have little recourse in the matter. As lawmakers consider renewing Section 702, there has been a big push by privacy activists and civil rights organizations to limit what the FBI and NSA may do and to reduce the amount of domestic communications the federal government is allowed to collect and access. But it looks like the Senate Intelligence Committee isn't having it. They're advancing a bill by Committee Chairman Richard Burr (R-N.C.) that does pretty much the opposite of what civil liberties and privacy-minded folks would like and fully codifies that these tools intended for foreign surveillance can and may be used to fight domestic crimes and snoop on American citizens without warrants. Elizabeth Nolan Brown noted in October how Burr's bill actually advanced the permission to use these snooping powers against Americans. The newly released report shows this is clearly the intent of Burr and the Senate committee. They voted down several amendments to attempt to make it clear that the law is not supposed to be used to snoop on Americans. To wit: The committee rejected a proposed amendment by Sens. Dianne Feinstein and Kamala Harris (both California Democrats) to require the government to get a probable cause warrant from the FISA court for domestic Section 702 search queries. The committee rejected a proposed amendment by Sen. Ron Wyden (D-Ore.) to prohibit using FISA to collect communications without a warrant that are known to be entirely domestic in origin. The committee rejected a proposed amendment by Wyden that would have codified a ban on using FISA to collect communications that are merely "about" a subject as opposed to communications that were to or from a subject. The use of "about" searches have currently been suspended because they resulted in the federal government getting unwarranted access to all sorts of communications they really had no authority to look at. The committee rejected a proposed amendment by Wyden to stop domestic "reverse targeting" via the FISA search authorities. This is a method where the feds target a foreigner for surveillance, but what they really want to do is hear what the people on the other end—including Americans—are saying. The committee rejected a proposed amendment by Wyden to further restrict the use of communications collected via Section 702 in legal proceedings. When the generally terrible Feinstein is the one warning that people's Fourth Amendment rights are being violated, there is definitely a problem. Unfortunately, her courage didn't extend to voting against Burr's bill. Wyden, Harris, and Sen. Martin Heinrich (D-N.M.) were the only "no" votes. Feinstein did include a minority statement (as did Wyden, Harris, and Heinrich) expressing her concerns about Burr's legislation. Feinstein notes that since the misuse of Section 702 against Americans has become public, there have been legal challenges. She thinks calling for a probable cause warrant "actually protects the program by preserving its core capability and putting it on more solid constitutional footing." While it would be amusing if the courts struck down this carefully planned expansion of warranted surveillance authorities as unconstitutional, it would be much better not to have to depend on them. We should also[...]



Locked Texas Shooter’s iPhone Reignites Encryption Debate

Tue, 14 Nov 2017 08:30:00 -0500

Well, here we go again: the FBI has once more found itself locked out of the smartphone of a dead mass shooter, this time Texas church massacre suspect Devin Kelley. Unless the feds find some kind of workaround to allow access without undermining the core encryption protections afforded by consumer devices, this incident could ignite another battle between the FBI and the tech community over the tensions between user security and law enforcement access. The issue is a tender one. In the spring of 2016, the FBI and Apple engaged in a fraught standoff over the encryption question following the 2015 terrorist attack at San Bernardino. The battle played out both in the public and the courts, with the FBI arguing that Apple had a duty to compel its engineers to intentionally break security features in order to access data on the locked devices of deceased shooters Syed Rizwan Farook and Tashfeen Malik. Apple stood firm, refusing to compromise any of its devices and instead seeking to find alternative means to assist law enforcement. This intense showdown did not present a cathartic ending. The legal issues underpinning the debacle were never resolved in court. Rather, the brouhaha was rendered moot when an outside party swooped in to hack the phone for the FBI for a cool $900,000. The most recent shooting at a Texas church contains all of the elements to create yet another battle royale between law enforcement and security professionals. The FBI agent in charge of the investigation, Christopher Combs, has already started grumbling about encryption, griping that "law enforcement is increasingly not able to get into these phones." In an interview with Politico Pro, Department of Justice Deputy Attorney General Rod Rosenstein, who has developed quite a reputation as an encryption critic, recently characterized the desire for strong, unbreakable encryption as "unreasonable." The agency has confirmed that the device is an iPhone. But officials reportedly have yet to reach out to Apple for assistance, preferring instead to explore alternative means to access the phone's data. That's problematic. The iPhone's security features are set up in such a way that the first 48 hours after an incident are critical. If the FBI had reached out to Apple within this time frame, its engineers could have assisted law enforcement to exploit this window of opportunities. But since the FBI neglected to reach out, they may have inadvertently foiled their own options. For example, Apple's Touch ID feature allows individuals to unlock their device by scanning their fingerprint. If Kelley's iPhone had the Apple Touch ID feature enabled, law enforcement could have used the dead man's fingerprints to easily open the phone. That is, unless the device has been powered off and restarted, or 48 hours have passed—in which case, the user's private passcode would be needed. And you can't exactly ask a dead man to tell you his passcode. If a feckless Android user like myself was one of the first in law enforcement to handle the device, they could easily seal off that route by immediately restarting the device. After all, it's a natural first step that frustrated smartphone users turn to when flummoxed by their technology. But in this case, it could mean the difference between easy access to critical clues, or a drawn-out legal battle that risks undermining the nation's data security. Even if they didn't turn off the device, the critical two-day window has come and gone. One really hopes that the FBI did not allow pride or prejudice to prevent a simple request for Apple's assistance. But it wouldn't be the first time the agency has flubbed such a route. Recall that during the San Bernardino debacle, the FBI instructed municipal officials to remotely reset Farook's iCloud password, thereby eliminating the option to access automatic iCloud backups. A quick call to a knowledgeable Apple representative could have swiftly cleared that all up. Hopefully, law enforcement will find some way to get the data they need [...]



Showdown Looming over Reform of Federal Surveillance Laws

Thu, 09 Nov 2017 13:10:00 -0500

The House Judiciary Committee has advanced a bill that would provide Americans modest protections from unwarranted surveillance, but falls far short of what civil liberties and privacy groups (and several legislators) demand. It's no surprise the USA Liberty Act passed out of the committee, 27-8, yesterday, having been hammered out by committee members and lawyers. But the committee resisted amendments that would make the privacy protections for Americans stronger. The USA Liberty Act is meant to address the pending sunset of Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments. Section 702 is one of several federal authorities for foreign surveillance by the National Security Agency (NSA) and FBI to keep tabs on potential spies and terrorists. But Section 702 has also been abused, allowing for "backdoor searches" of communications of American citizens. These communications are collected "incidentally" during the surveillance of foreign targets and are used by federal agencies in the investigation of domestic crimes. All of it happens without a warrant with the oversight of the secretive FISA court. After Edward Snowden helped Americans understand the full extent to which our communications and metadata were being collected by the federal government, there's been a concerted effort by civil rights groups and lawmakers, with strong support for the Fourth Amendment, to restrain the feds. The USA Liberty Act does modestly restrict the feds and requires that they seek court orders to view these communications when looking for evidence of a crime. But it doesn't do much about the collection of the data. And there are enough exceptions to worry that little will actually change. The Electronic Frontier Foundation warns: But the warrant requirement is limited due to a number of troubling carve-outs. First, this court oversight requirement won't be triggered except for those searches conducted to find evidence of a crime. No other searches for any other purposes will require court oversight, including when spy agencies search for foreign intelligence, and when law enforcement agencies explore whether a crime occurred at all. Metadata—how many communications are sent, to whom, at what times—won't require court oversight at all. In fact, the Liberty Act doesn't include the reforms to metadata queries the House had previously passed (which unfortunately did not pass the Senate). In the Massie-Lofgren Amendment, which passed the House twice, agents who conducted queries for metadata would be required to show the metadata was relevant to an investigation. That relevance standard is not in the Liberty Act. Reps. Zoe Lofgren (D-Calif.) and Ted Poe (R-Texas), co-founders of the House's Fourth Amendment Caucus, attempted to amend the Liberty Act to end these "backdoor searches" without a warrant. Their efforts were rejected. According to The Hill, leaders of the House would not continue supporting the bill with the increased restrictions. But it's not clear that rest of the House will support the USA Liberty Act without these reforms. Several civil rights groups, like the American Civil Liberties Union, are warning the bill needs these strong protections from searches. And members of the Republican Freedom Caucus have expressed opposition to a renewal that doesn't have strong protections for Americans against unwarranted snooping. Rep. Justin Amash (R-Mich.) tweeted that the Liberty Act, as it stands now, codifies Fourth Amendment violations in searches, so we explect a "no" vote from him. Members of the Senate have their own ideas. Sens. Rand Paul (R-Ky.) and Ron Wyden (D-Ore.) have teamed up on the USA RIGHTS Act, which more thoroughly restricts and allows fewer exceptions to unwarranted surveillance against Americans. There's also the absolutely terrible legislation Senate Intelligence Chairman Richard Burr (R-N.C.) introduced, codifying for federal intelligence agencies surveillance rules without warrant for a host of domestic[...]



IRS Rehired Employees Previously Fired as Security Risks

Fri, 27 Oct 2017 15:35:00 -0400

(image) Millions of Americans' personal information may be vulnerable to hackers, thanks to the Internal Revenue Service's carelessness.

Not only has the agency been using an outdated security system, but it has rehired hundreds of employees previously fired for wrongdoing or performance issues, according to testimony by J. Russell George, the Treasury's inspector general for tax administration.

According to an audit published this year by George's office, the IRS has been expanding online tools for taxpayer use without taking key steps to guarantee the safety of taxpayers' information. One out of three Americans files their taxes online on their own.

George said the IRS has not fully implemented monitoring tools to prevent and detect computer hacks, is not monitoring its computer networks effectively for suspicious activity, and operates outmoded computer systems.

This is particularly important, George said, in light of the recent Equifax breach, which exposed the Social Security information of 143 million Americans and could vastly increase the risk of identity theft.

The IRS it relies on a 50-year-old technology, called the Individual Master File, that runs on outdated code. A replacement system—the Customer Account Data Engine 2, or CADE 2—has been plagued with delays and has no "scheduled or planned completion date," George said.

Because of the highly sensitive nature of tax returns and the risk of identity theft, George's office also conducted an audit of the procedures the IRS takes when it hires employees. In the 15-month period from January 1, 2015, to March 31, 2016, the IRS hired 7,500 employees—of whom 2,000 had worked for the tax agency previously. Of those rehired employees, about 200, or 10 percent, had been previously fired for conduct or performance issues, including several who had willfully failed to file their own taxes and four who were under investigation for unauthorized access to taxpayer information.

IRS officials defended themselves by saying it would be "cost prohibitive" to check the performance of former employees. When challenged, George said, the agency could not document that checking would be expensive.




Rand Paul Worries Whether Surveillance Reform Will Even Be Debated in Senate

Wed, 25 Oct 2017 13:35:00 -0400

(image) Sen. Rand Paul (R-Ky.) is concerned his peers will attempt to reauthorize and possibly even expand the federal government's surveillance powers without any public debate at all.

Paul spoke with journalists this morning about the USA Rights Act, the bill he has introduced with Sen. Ron Wyden (D-Ore.) to reform the Foreign Intelligence Surveillance Act (FISA). Paul's goal, as when he has called for limits on government surveillance in the past, is compliance with the Fourth Amendment.

"What's most important to me is that, really, if we use less than a constitutional standard to gather information, that information should not be used to prosecute a crime," Paul said.

But yesterday afternoon, hours after Paul and Wyden unveiled their bill, the Senate Intelligence Committee voted to essentially maintain the rules as they are. The way Section 702 of FISA is currently being implemented allows the FBI and other federal agencies to use communications they collect during surveillance of foreign targets to prosecute domestic crimes, all without getting a warrant to access the information. Section 702 expires this year, so lawmakers must either pass something or allow it to expire entirely.

Paul hopes there will be debate on reforming the Section 702 surveillance laws, but he worries that's not going to happen.

"Our hope is that we'll actually get a vote on this," Paul told reporters. "It's disappointing that we may not get a debate or vote. Typically we wait until deadline and then stick it on spending bills."

But if Paul doesn't get a lot of support from his fellow senators, he has bipartisan support from a significant number of representatives in the House. He says that only a handful of GOP senators support his push for restrictions, but he calculates that somewhere between 60 and 100 conservatives in the House are receptive. The conservative House Freedom Caucus opposes renewing Section 702 without better protections for Americans against unwarranted surveillance.

Paul was also asked about his recent interactions with President Donald Trump and whether he pushed for Trump to embrace these reforms. Paul wouldn't get into specifics, but he confirmed that he had been "discussing privacy issues" with the president. The White House has said that it wants Section 702 reauthorized without changes.

Trump's concerns about surveillance privacy have primarily involved the unmasking of people in his orbit during the investigation of possible Russian meddling in the election, and leaks of information about those communications to the media. The line from the White House has typically been that the unmasking and the leaks were illegal and must be stopped. Paul agrees with that. But there's not much evidence that Trump shares Paul's broader concern about surveillance without warrants as an issue affecting everybody else.




Sens. Rand Paul and Ron Wyden Unveil Long-Awaited, Privacy-Protecting Surveillance Reform Bill

Tue, 24 Oct 2017 14:00:00 -0400

In this corner, Sen. Richard Burr (R–N.C.), head of the Senate Intelligence Committee, wants to expand the feds' ability to snoop on citizens without a warrant. In this corner, Sens. Rand Paul (R-Ky.) and Ron Wyden (D-Ore.) want to significantly restrain the federal government from accessing information collected without warrants. Let's fight it out. At issue is Section 702 of the Foreign Intelligence Surveillance Act, which establishes some of the rules for federal intelligence agencies when they snoop on the communications of foreign targets on foreign soil. This process has been subject to abuse: Surveillance of a foreign target can give investigators access to communications by American citizens, and the FBI has conducted "back door" searches of those stored communications to fight purely domestic crimes. All this happens without a warrant and without citizens even knowing their communications have been collected. Section 702 expires this year, so lawmakers now must either renew it or allow it to sunset entirely. Hence the dueling bills in the Senate. Burr's draft bill, which apparently will be debated behind closed doors today, not only renews Section 702's current set of federal powers for the next eight years; it expands them, and it formalizes some of activities that privacy and civil liberties groups are most concerned about. Burr's bill would formally authorize the FBI to use information from communications collected without a warrant for a list of wholly domestic crimes. These include various violent offenses, kidnapping, crimes against minors, pretty much anything related to "cybersecurity," any transnational organized crime, sex trafficking, and anything "related to the national security of the United States." Furthermore, if the attorney general determines that a crime qualifies as part of this list, the bill declares that this decision will not be subject to judicial review. Reason's Elizabeth Nolan Brown blogged earlier some of the concerns about how this surveillance will be used domestically. Burr's legislation would also restore what's known as "about" searches and communication collections. These have typically been described as allowing surveillance of communications to or from a foreign subject, but in fact the feds were also collecting communications that were simply "about" a foreign subject. (Hence the name.) This controversial practice was halted earlier in the year, as it was drawing in all sorts of communications that the FBI and National Security Agency (NSA) should not have had access to. Burr's bill would legally allow for these "about" searches unless Congress formally passes legislation forbidding it. In short, Burr's legislation would amp up the government's domestic surveillance powers with little oversight and would shred Americans' Fourth Amendment rights. The good news is that the bill is very unlikely to become law, thanks to a bipartisan push to restrain surveillance authorities. Paul and Wyden's bill would do pretty much the opposite of Burr's: It would roll back the NSA and FBI's ability to secretly, warrantlessly collect, access, and use communications from American citizens or from people on American soil. Their bill is titled the "Uniting and Strengthening America by Reforming and Improving the Government's High-Tech Surveillance Act of 2017"—the USA RIGHTS Act. It would restrain the feds' ability to acquire or access American citizens' communications and to use the information as evidence in court. It would prohibit "reverse targeting"—the practice of snooping on foreign targets as the law permits, but with the real motive of listening to the Americans communicating with them. The USA RIGHTS Act includes some exceptions to the demands for warrants, but unlike in Burr's bill they're limited to terrorism, espionage, or a threat to the government. The bill even gives citizens a foundation to claim injury in a c[...]



Federal Court Ponders Constitutionality of Prostitution Ban

Fri, 20 Oct 2017 13:22:00 -0400

A federal court heard arguments yesterday challenging California's criminalization of prostitution, in a case that could have implications for sex work laws across the nation. Brought by the Erotic Service Providers Legal, Education, and Research Project (ESPLERP), the constitutional challenge claims that California's prostitution laws violate residents' right to privacy, free speech, and free association. "Our hope is to see this bad law struck down," said ESPLERP President Maxine Doogan, "so that consenting adults who choose to be involved in prostitution are simply treated as private citizens again, and are afforded all the privacy and constitutional rights thereof." During oral arguments before Ninth Circuit Court of Appeals judges Thursday, ESPLERP attorney Louis Sirkin stressed that the case "is not about sex trafficking, it's not about the abuse of women, and it's not about the abuse of minors. It is about consenting adults that voluntary want to work in the sex for hire industry." Dozens of civil rights, public health, and LGBTQ groups have filed briefs in support of ESPLERP's challenge, including the American Civil Liberties Union of Southern and Northern California, the California Women's Law Center, the anti–sex trafficking group Children of the Night, the First Amendment Lawyers Association, the National Center for Transgender Equality, the San Francisco AIDS Foundation, the Woodhull Freedom Foundation, and Lambda Legal. "Lambda Legal's landmark Supreme Court victory in Lawrence v. Texas, the case that struck down laws that criminalized sex between same-sex partners, underscored that our right to liberty protects our decisions about adult, consensual sexual intimacy," says Kara Ingelhart, a Lambda Legal law fellow. "It is merely logical that Lawrence extend to the adult, consensual sexual intimacy that occurs between sex workers and their clients; the fact that money is exchanged shouldn't matter." The Ninth Circuit judges seemed at least somewhat sympathetic to that view. "Why should it be illegal to sell something that you can give away for free?" Judge Consuelo Callahan asked the state's attorney, Sharon O'Grady. She replied that it should be illegal because the legislature declared it so. Judge Carlos Bea suggested that the state's arguments for why it could ban prostitution also would allow California to ban one-night stands. But overall, it might be "a tough panel for petitioners," notes lawyer Amanda Goad, who livetweeted the oral arguments yesterday. Callahan and the other two judges are conservative appointees of George W. Bush and Ronald Reagan. Judge Callahan overtly skeptical from the very beginning of Sirkin's argument -- not a surprise. — Amanda C. Goad (@AGoadEsq) October 19, 2017 J.Callahan making generalizations about sex workers as drug addicts. I didn't think we would get there so fast! #sigh #SexWorkIsWork — Amanda C. Goad (@AGoadEsq) October 19, 2017 Much of the court's focus Thursday was on whether a ban on prostitution implicates adults' sexual liberty and privacy or their right to form intimate relationships as they see fit. The U.S. District Court that heard ESPLERP's challenge last year contended that only "intimate personal relationships," not purely sexual ones, were protected from state interference per the Supreme Court's 2003 ruling in Lawrence. Sirkin pointed out Thursday that, in fact, the men who had been arrested in Lawrence were not in an ongoing relationship. He said that the fundamental right implicated here, as in Lawrence, concerns sexual privacy. O'Grady concedes "you might have an as-applied challenge" if sex work happening "in the privacy of your own home." This is great! — Amanda C. Goad (@AGoadEsq) October 19, 2017 Judge Callahan agreed that a ruling for the right to engage in prostitution seemed like "a natural extension of Supreme Court precedent." At one point, t[...]



Let Police Operate Drones for Emergencies—but with Full Transparency

Wed, 18 Oct 2017 12:30:00 -0400

The Los Angeles Police Department has been given permission by its civilian commission to start testing drone use in the city, despite significant opposition by citizen activists and civil rights groups. By a vote of 3-1 yesterday, with opponents protesting outside, the Los Angeles Police Commission approved a limited program to introduce drones (now often called Unmanned Aerial Systems) to the force. How limited? LAPD Chief Charlie Beck says they're going to purchase just two drones—one to operate and one for backup. Not exactly the start of a massive city surveillance system. The rules for using the drones at the moment are strict. Via the Los Angeles Times: Under those rules, only SWAT officers will be allowed to fly drones during a handful of specific, high-risk situations. They can also be used during search and rescue operations, or when looking for armed suspects who have "superior firepower," an "extraordinary tactical advantage" or who are suspected of shooting at an officer. Each flight must be approved by a high-ranking officer. Any request to fly a drone — whether approved or not — will be documented and reviewed. The Police Commission will also receive quarterly reports that will be made public. For the most part, there are no objections to the rules. Rather, groups like the Southern California chapter of the American Civil Liberties Union (ACLU) don't trust the drone operations will be as limited as the police say and mission creep is inevitable. Staff Attorney Mohammad Tajsar warned in a letter: [T]he LAPD's proposed drone policy does not sufficiently protect the privacy and civil rights of Los Angeles residents. Although the policy circumscribes the permissible uses of drones to eight different situations (including "active shooter incidents" and "perimeter searches of armed criminals"), it does not appropriately define these situations and does not specifically prohibit the department from using them in other circumstances. As a result, the Commission's approval of the draft policy likely opens the door to a broader range of permissible uses of drones at later dates—particularly when the policy does not require the LAPD to return to the Commission for subsequent approval of additional permissible uses. The overwhelming majority of the correspondence the commission received has been in opposition, which makes some sense. This opposition is very much a reflection of a lack of trust in the Los Angeles Police Department. Just this past fiscal year, the department paid out $81 million in settlements for negligent or criminal police behavior. The city borrowed $70 million to keep from having to dip into reserve funds to pay its litigation costs. Does mission creep justify a full ban? If using a drone could reduce risks to police and at the same time not put citizens at greater risk (which is what happens when we allow police to militarize their gear), it's worth doing. Technological solutions that help protect police officers are preferable to some other alternatives, like expanding hate crime laws that increase criminal penalties even further for people who target police. Rather than a ban, consider approaching police drone policy with full transparency. Treat them like body cameras and don't allow police departments to decide the rules for their use. When police break the rules, punish them and throw out any cases that involve inappropriate drone surveillance. The LAPD also has problems with transparency, which may be why the ACLU is unwilling to give them the benefit of the doubt. Beck has put into place a policy (and the city has defended it) refusing to consider police body camera footage to be public records unless a court ordered them to release it. The concern that the LAPD would expand drone use without the public ever knowing about or being able to respond to it is very rea[...]



Justice Department Calls for 'Responsible' Encryption, Which Means 'Bad' Encryption

Tue, 17 Oct 2017 16:15:00 -0400

When the government demands "back doors" that bypass computer and phone encryption, it's calling for measures that weaken citizens' privacy rights and render us vulnerable to hackers. So Deputy Attorney General Rod Rosenstein is trying to reword the demand. In a recent speech at the United States Naval Academy in Annapolis, Maryland, Rosenstein called for "responsible encryption." If you were expecting a new understanding of the importance of secure data privacy, prepare to be disappointed: Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization. Such encryption already exists. Examples include the central management of security keys and operating system updates; the scanning of content, like your e-mails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop. No one calls any of those functions a "back door." In fact, those capabilities are marketed and sought out by many users. It's not true that "no one" calls such functions a "back door." These are all mechanisms by which encryption is bypassed in order to access data. In fact, hackers used his first example in 2016 to demonstrate exactly the danger of encryption back doors. They got their hands on Microsoft's internal security keys for system updates and demonstrated the vulnerability it created, all for the purpose of warning the federal government of what could happen if the "keys" escaped control. In reality, Rosenstein is simply stubbornly demanding the same things the Justice Department, like its counterparts in some other governments, has been demanding all along: for tech companies to find ways to compromise customers' data privacy whenever the government demands their data. And like every government leader who has made this demand, he stubbornly refuses to care that the consequences will render Americans more susceptible to hacking. Remarkably, his same speech discusses ransomware threats that struck hospitals and others back in May without mentioning that this attack (he doesn't even say its name: WannaCry) was the direct result of the National Security Agency losing control of exploits it had stored to infiltrate online security. It was a prime example of the dangers of giving the government the tools to bypass in encryption. Rosenstein concludes his speech by insisting that Americans have no constitutional "right" to "warrant-proof encryption" and that businesses have no "right" to sell it. He gets the concept of citizen rights and government powers backwards. The Fourth Amendment grants the government the power to use warrants to access your private communications or data with cause; it has nothing to say about the limits of our abilities to keep our papers and communications secret. Warrants don't guarantee that the police or investigators will actually succeed. Do we have a constitutional "right" to a "warrant-proof" paper shredder? It's an absurd way to talk about the problem. Could the Justice Department demand that companies that manufacture paper shredders help the government put documents back together if they had a warrant for the contents of shredded documents? Could the Justice Department demand that fireplaces unburn important papers that were the target of a warrant? That toilets unflush any drugs that get dumped in them? Such absurd demands are essentially arguments against physics and chemistry. In this case, as Robyn Greene points out at Just Security, Rosenstein is blaming math: First, it is not true that we are newly experiencing the "advent of 'warrant-proof' encryption." Encryption was not recently invented or discovered, as Rosenstein suggests. Ciphers have been used to secure sensitive communi[...]



Supreme Court to Decide if Data Stored Overseas Can Be Demanded with Warrants

Mon, 16 Oct 2017 12:30:00 -0400

The Supreme Court agreed today to hear and rule whether the federal government can demand access to emails and other data files when they are stored in another country. In United States v. Microsoft Corp., the Department of Justice has been trying since 2013 to get access to emails of a Microsoft customer, looking for evidence this person was involved in drug trafficking. Some of the suspect's data was being stored on a server in Dublin, Ireland. Microsoft has turned over data stored within the United States, but argued, even with probable cause warrants, the feds did not have the authority to make them hand over foreign-stored info. Privacy advocacy groups, tech companies, and the U.S. Chamber of Commerce are on Microsoft's side here. The Department of Justice and 33 states (and Puerto Rico) are on the other. Several court rulings have upheld Microsoft's argument, but the full 2nd Circuit Court ruling was split 4-4. This split keeps the ruling in Microsoft's favor, but there's a clear disagreement among judges about the limits of the authority of the Stored Communications Act—the 1986 federal law that oversees forced disclosures of data by third parties like tech companies. The Justice Department, of course, went full 9/11, arguing limits to their warrant authorities would jeopardize terror investigations. Microsoft, meanwhile, worries about the reaction if the United States sets a bad example here. Via Reuters: "If U.S. law enforcement can obtain the emails of foreigners stored outside the United States, what's to stop the government of another country from getting your emails even though they are located in the United States?" Brad Smith, Microsoft's president and chief legal officer, said in a blog post on Monday. The Justice Department said in its appeal that the lower court ruling "gravely threatens public safety and national security" because it limits the government's ability to "ward off terrorism and similar national security threats and to investigate and prosecute crimes." Reuters notes that tech companies are also concerned that customers may not trust the privacy cloud-based computing services if governments could seize their data. The Justice Department, on the other hand, worries that companies would be able to deprive the government of access to domestic data and communications simply by storing it all overseas. That outcome, frankly, sounds kind of awesome. This is a highly technical case that will probably produce a fairly specific ruling about Congress' intent with the Stored Communications Act and the limits of what that law authorizes. Do not expect a broad ruling about the either the limits of warrants under the Fourth Amendment nor a revised view of the limits of the Third-Party Doctrine that allows the government to access data about private citizens that is stored by tech companies and private firms. Read the Justice Department's petition here.[...]



Judge Won't Let Feds Have Full Access to Names of People on Anti-Trump Site

Wed, 11 Oct 2017 15:10:00 -0400

(image) A judge has added new limits to a warrant the Justice Department is using to try to track down the anti-Trump activists who disrupted Inauguration Day activities.

As part of an effort to identify any protester who did anything illegal in D.C. the day Donald Trump was sworn in as president, the Department of Justice served a warrant against the web host DreamHost. The warrant was absurdly broad, attempting to get private data on anybody who had so much as visited DisruptJ20.org, a site used to organize anti-Trump protests. According to the company, the warrant as initially submitted would have required it to hand over the IP addresses of more than a million visitors to the site.

DreamHost announced it was resisting the warrant, calling it an overly broad fishing expedition and a threat to free speech. It certainly could cause a chilling effect if the government were able to simply demand the names of anyone who visited a website critical of the president. Just today, Trump was pretty clearly suggesting that he'd like to find some way to retaliate against media outlets whose reporting he dislikes.

The Department of Justice then retreated and said it would refine the request. Superior Court Judge Robert E. Moran approved a more limited warrant and ordered the Justice Department to put protocols in place to limit access to private information that had nothing to do with a criminal investigation.

Yesterday Judge Moran put out a final order that made it clear he's not going to let the Justice Department just wade through personally identifiable private information without any probable cause. DreamHost will be permitted to redact user information, and the Department of Justice won't be able to access it unless it can show that a particular user is suspected of criminal activity.

"While the government has the right to execute its warrant," Moran noted in his order, "it does not have the right to rummage through the information contained on DreamHost's website and discover the identity of, or access communications by, individuals not participating in alleged criminal activity, particularly those persons who were engaging in protected 1st Amendment activities."

Kudos to DreamHost for putting up a fight here. As a third party host, it's not the one being investigated for misconduct, but it's using the revenue it earns from its customers to help protect those customers' privacy from an overreaching government.




Are the Feds Using Backdoor Searches to Access Your Banking Data?

Fri, 06 Oct 2017 12:15:00 -0400

While civil rights and privacy advocates attempt to try to shut a federal surveillance "backdoor" used to snoop on Americans' communications without a warrant, today a BuzzFeed report warns of the existence of another one involving all our bank accounts. Jason Leopold and Jessica Garrison today report that citizens' banking and financial data are being searched and stored by federal organizations that do not have the authority to do so. For those who have been following the controversies over federal surveillance of Americans, the contours of these allegations will seem familiar: An organization who is supposed to be using its surveillance to track foreign activity is also using its access to snoop on Americans. BuzzFeed reports: At issue is the collection and dissemination of information from a vast database of mostly US citizens' banking and financial records that banks turn over to the government each day. Banks and other financial institutions are required, under the Bank Secrecy Act of 1970, to report suspicious transactions and cash transactions over $10,000. The database is maintained by the Financial Crimes Enforcement Network, or FinCEN, a bank regulator charged with combatting money laundering, terrorist financing, and other financial crimes. Under the law, it has unfettered powers to peruse and retain the data. In contrast to FinCEN, Treasury's intelligence division, known as the Office of Intelligence and Analysis, or OIA, is charged with monitoring suspicious financial activity that occurs outside the US. Under a seminal Reagan-era executive order, a line runs through the Treasury Department and all other federal agencies separating law enforcement, which targets domestic crimes, from intelligence agencies, which focus on foreign threats and can surveil US citizens only in limited ways and by following stringent guidelines. FinCEN officials have accused their counterparts at OIA, an intelligence unit, of violating this separation by illegally collecting and retaining domestic financial information from the banking database. Some sources have also charged that OIA analysts have, in a further legal breach, been calling up financial institutions to make inquiries about individual bank accounts and transactions involving US citizens. Sources said the banks have complied with the requests because they are under the impression they are giving the information to FinCEN, which they are required to do. And then, according to BuzzFeed, this information is getting accessed by CIA and defense officials in circumstances that are not supposed to be allowed. Much like the controversy of the misuse of Section 702 surveillance authorities, this is a case where a whole host of federal agencies are getting unwarranted, secret access to Americans' private data—financial information in this case. Contain your surprise: This behavior preceded President Donald Trump's administration and was happening while President Barack Obama was president. It's another reminder that despite campaigning on openness and transparency, Obama's administration oversaw and encouraged a massive, secretive surveillance apparatus. Read the BuzzFeed story here.[...]



Here's How Some Lawmakers Want to Reform Federal Surveillance. Prepare to Be Disappointed

Thu, 05 Oct 2017 11:50:00 -0400

A first look at a draft version of changes to Section 702 of the Foreign Intelligence Surveillance Act (FISA) reveals modest restrictions on how federal agencies can collect and access Americans' communications without a warrant. The revisions, dubbed the USA Liberty Act of 2017, would require a court order to get access to these communications, unless the requests for access involve investigating terrorism or espionage. That narrows the "backdoor" the government has used to snoop on Americans without warrants, but it doesn't close really close it. Civil rights and privacy rights groups have been fighting for changes, their efforts bolstered by Edward Snowden's revelations about the size and scope of domestic snooping. Neema Singh Guliani, legislative counsel for the American Civil Liberties Union (ACLU), responded to the draft that this revision still leaves open potential surveillance abuses against American citizens: "While the bill contains positive provisions that are an improvement over current practice, it falls short of what is needed to protect individuals from warrantless government surveillance under Section 702. Its most glaring deficiency is that it only partially closes the so-called 'backdoor search loophole.' "The bill would still allow the CIA, NSA, FBI, and other agencies to search through emails, text messages, and phone calls for information about people in the U.S. without a probable cause warrant from a judge. Those worried that current or future presidents will use Section 702 to spy on political opponents, surveil individuals based on false claims that their religion makes them a national security threat, or chill freedom of speech should be concerned that these reforms do not go far enough. One other positive reform in the bill: It would legislatively end the practice of drawing in communications that referenced or were "about" the subject of an investigation, rather than to or from a subject. The NSA had been accessing communications by Americans that mentioned a person they were investigating (without a warrant), even though they are not part of an investigation. Evidence shows they had been scooping up all sorts of communications to which they had no legal access. The NSA decided to end this type of surveillance earlier in the year. This bill would codify an end to the practice until 2023. Section 702 provides some of the authorizations the National Security Agency (NSA) and Central Intelligence Agency (CIA) use to snoop on foreign targets, be they potentially terrorists or other foreign agents. But Section 702 has also been used to secretly collect and snoop on communications by Americans, and the private information used for domestic crime-fighting, all without getting warrants. Section 702 also expires this year, so Congress must act if they want to preserve it. The version being released right now is being pitched by members of the House Judiciary Committee as a compromise between those who want firm Fourth Amendment protections and those who want to keep the federal agencies' broad surveillance authorities. As Dustin Volz at Reuters notes, this draft bill will not be the only proposal on the table. Sens. Rand Paul (R-Ky.) and Ron Wyden (D-Ore.) are expected to introduce a version that would be stricter about demanding warrants to access Americans' communications. Sens. John Cornyn (R-Texas) and Dianne Feinstein (D-Calif.) are expected to introduce a version that does even less than the one detailed here. The Trump administration wants no changes at all and wants Section 702 renewed permanently, even though President Donald Trump claims to have been inappropriately snooped on by the Obama administration. But it seems clear that Congress i[...]



U.K. Official Wants You to Stop Sneering at Her for Trying to Destroy Your Privacy

Wed, 04 Oct 2017 14:00:00 -0400

I'll have to give U.K. Home Secretary Amber Rudd points for bluntly, openly making it clear that the battle between government officials and tech companies over data encryption and privacy is happening because people like her neither understand nor care about the implications of their demands. Rudd, Prime Minister Theresa May, and leaders in other countries have been fighting to force (or just convince) social media platforms, app makers, and other tech companies to make it easier for officials to access private conversations on demand. The aim, they say, is to fight crime and terrorism. At the same time, these companies have been strengthening their encryption in order to protect people from having their private data compromised. Tough-to-break encryption protects people from identity theft and fraud, and we've seen what happens when companies have poor data protection systems. But while everybody is shaking their heads at the terrible data-keeping revelations coming out about Equifax (the latest: Equifax stored consumer data in a non-encrypted format, so hackers who breached their systems were easily able to read the information), Rudd pretty much doesn't care. At an event this week, Rudd said she doesn't understand how encryption works but knows that it can keep the government from accessing data it wants, so Something Must Be Done. From the BBC: [Rudd] insisted she does not want "back doors" installed in encryption codes, something the industry has warned will weaken security for all users, nor did she want to ban encryption, just to allow easier access by police and the security services. Asked by an audience member if she understood how end-to-end encryption actually worked, she said: "It's so easy to be patronised in this business. We will do our best to understand it. "We will take advice from other people but I do feel that there is a sea of criticism for any of us who try and legislate in new areas, who will automatically be sneered at and laughed at for not getting it right." She added: "I don't need to understand how encryption works to understand how it's helping—end-to-end encryption—the criminals. "I will engage with the security services to find the best way to combat that." Rudd was subsequently "sneered at" yet again for not grasping the obvious: Allowing easier access by police and security services into encrypted data inherently involves creating "back doors." It's particularly telling that Rudd wants to make this a debate about how she's being mocked even as she yet again fails to show any actual concern about the security of citizen data. She's being mocked for a reason (as is Australian Prime Minister Malcolm Turnbull, who responded to the encryption debate by saying the laws of mathematics are subservient to the laws of Australia). The mockery is not because she's a rube who doesn't know all the ins and outs of how encryption works. Most people don't and probably never will, even as they depend on it to protect their private information. Rudd and others like her are being mocked because they're constantly, repeatedly refusing to consider or care about the dangers to private citizens when data are not secure. Any tool or mechanism that can be used to bypass cybersecurity can be used by anybody who has access to it (or is able to replicate it). There is no such thing as a tool to bypass data security that only the "right people" can use. Rudd wants to make every citizen of the United Kingdom—indeed, everyone around the world—give up privacy to help fight crime. But her policy would put all of us at a greater risk of crime, and would further expose us to surveillance from people with sinister intentions. Equifax, w[...]