Flawed oversight Board report endorses general warrants (EFF, 1 July 2014) – The Privacy and Civil Liberties Oversight Board (PCLOB) issued a legally flawed and factually incomplete report late Tuesday that endorses Section 702 surveillance. Hiding behind the “complexity” of the technology, it gives short shrift to the very serious privacy concerns that the surveillance has rightly raised for millions of Americans. The board also deferred considering whether the surveillance infringed the privacy of many millions more foreigners abroad. The board skips over the essential privacy problem with the 702 “upstream” program: that the government has access to or is acquiring nearly all communications that travel over the Internet. The board focuses only on the government’s methods for searching and filtering out unwanted information. This ignores the fact that the government is collecting and searching through the content of millions of emails, social networking posts, and other Internet communications, steps that occur before the PCLOB analysis starts. This content collection is the centerpiece of EFF’s Jewel v. NSA case, a lawsuit battling government spying filed back in 2008. The board’s constitutional analysis is also flawed. The Fourth Amendment requires a warrant for searching the content of communication. Under Section 702, the government searches through content without a warrant. Nevertheless, PCLOB’s analysis incorrectly assumes that no warrant is required. The report simply says that it “takes no position” on an exception to the warrant requirement when the government seeks foreign intelligence. The Supreme Court has never found this exception. PCLOB findings rely heavily on the existence of government procedures. But, as Chief Justice Roberts recently noted: “the Founders did not fight a revolution to gain the right to government agency protocols.” Justice Roberts’ thoughts are on point when it comes to NSA spying-mass collection is a general warrant that cannot be cured by government’s procedures. The PCLOB’s proposed reforms for Section 702 are an anemic set of recommendations that will do little to stop excessive surveillance. For example, rather than rein in government communications searches, the PCLOB simply asks the NSA to study the issue. The PCLOB report provides the public with much needed information about how the 702 program works. But the legal analysis is incorrect and the report fails to offer effective reforms.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

US privacy panel backs NSA’s Internet tapping (NYT, 2 July 2014) – The federal privacy board that sharply criticized the collection of the phone records of Americans by the National Security Agency has come to a starkly different conclusion about the agency’s exploitation of Internet connections in the United States to monitor foreigners communicating with one another abroad. That program, according to the Privacy and Civil Liberties Oversight Board, is largely in compliance with both the Constitution and a surveillance law that Congress passed six years ago. [T]he most recent report, adopted by the board on Wednesday, deals with what the agency calls “702 collection,” a reference to Section 702 of the Foreign Intelligence Surveillance Act, which was amended in 2008 after The New York Times revealed a program of warrantless wiretapping that the Bush administration started after the Sept. 11, 2001, attacks. “The Section 702 program has enabled the government to acquire a greater range of foreign intelligence than it otherwise would have been able to obtain – and to do so quickly and effectively,” the report said. While it found little value in the bulk collection of Americans’ telephone data, the board said that the 702 program, aimed at foreigners, “has proven valuable in the government’s efforts to combat terrorism as well as in other areas of foreign intelligence.” The program is also used to track nuclear proliferation and to monitor the calls and emails of foreign governments and their leaders. The report concluded that “monitoring terrorist networks under Section 702 has enabled the government to learn how they operate, and to understand their priorities, strategies and tactics.” In a sign of the Obama administration’s relief about the report’s conclusion, it was praised by James R. Clapper Jr., the director of national intelligence, who refused to talk publicly about the 702 programs before the Snowden disclosures. Mr. Clapper cited a section of the report that said the board was “impressed with the rigor of the government’s efforts to ensure that it acquires only those communications it is authorized to collect, and that it targets only those persons it is authorized to target.”

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Freelart.

What legal protections apply to e-mail stored outside the US? (Orin Kerr on Volokh Conspiracy, 7 July 2014) – A federal magistrate judge in New York recently handed down an opinion on an important and novel question: If the government serves a warrant for a customer’s e-mails on a U.S.-based Internet provider, but the e-mails happen to be located on a server outside the U.S., does the provider have to comply with the warrant? The magistrate judge held that the answer is “yes.” The provider, Microsoft, recently filed objections to the magistrate’s decision in the District Court. A slew of major Internet providers filed amicus briefs in support of Microsoft: Apple/Cisco’s is here , AT&T’s is here , and Verizon’s is here . EFF filed a brief in support of Microsoft, too. The case is now pending before Chief Judge Loretta Preska of the Southern District of New York. In this post, I wanted to run through the complicated legal issues raised by the challenges. As I emphasized in a recent article, the Stored Communications Act just wasn’t drafted with the problem of territoriality in mind. It assumed a U.S. Internet with U.S. servers and U.S. users. However the Microsoft challenges goes, Congress needs to amend the statute to deal expressly with the complex problems raised by the global Internet. In this post, though, I’ll take the current statute as a given, and I’ll run through the constitutional and statutory issues raised by access to e-mail located abroad under current law. My bottom line: I don’t think Microsoft can challenge the warrant on Fourth Amendment grounds, and I think it’s a close call on whether the warrant is valid on statutory grounds. If Microsoft wins, though, I think the DOJ may be able to get foreign e-mails with a U.S. subpoena, which wouldn’t be much of a victory for privacy or sovereignty.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

Phones are giving away your location, regardless of your privacy settings (Quartz, 28 April 2014) – Sensors in your phone that collect seemingly harmless data could leave you vulnerable to cyber attack, according to new research. And saying no to apps that ask for your location is not enough to prevent the tracking of your device. A new study has found evidence that accelerometers-which sense motion in your smartphone and are used for applications from pedometers to gaming-leave “unique, trackable fingerprints” that can be used to identify you and monitor your phone. Here’s how it works, according to University of Illinois electrical and computer engineering professor Romit Roy Choudhury and his team: Tiny imperfections during the manufacturing process make a unique fingerprint on your accelerometer data. The researchers compared it to cutting out sugar cookies with a cookie cutter-they may look the same, but each one is slightly, imperceptibly different. When that data is sent to the cloud for processing, your phone’s particular signal can be used to identify you. In other words, the same data that helps you control Flappy Bird can be used to pinpoint your location. Choudhury’s team was able to identify individual phones with 96% accuracy. “Even if you erase the app in the phone, or even erase and reinstall all software,” Choudhury said in a press release, “the fingerprint still stays inherent. That’s a serious threat.” Moreover, Choudhury suggested that other sensors might be just as vulnerable: Cameras, microphones, and gyroscopes could be leaving their smudgy prints all over the cloud as well, making it even easier for crooks to identify a phone.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/KROMKRATHOG.

Public officials in a wired world: How much privacy should they get? (LA Times editorial, 15 April 2014) – New technology often challenges society’s long-standing assumptions and standards, but sometimes courts – and others – lose sight of common sense as they grapple with the changes. That’s the case in a recent decision of California’s 6th Appellate District, which found that text messages and emails between public officials are beyond the reach of the Public Records Act if they are sent on private devices rather than ones owned by public agencies. The three-judge panel said that electronic communications between council members and the mayor of San Jose, even those regarding city business, should not be considered “public” records if they are not “used” or “retained” by the city government (the language cited comes from California’s Public Records Act, written long before smartphones existed). Accordingly, the 6th Circuit overturned the decision of the trial court judge and ruled that the city need not turn over the communications to interested members of the public, even though both sides conceded that they involved official business. That decision hews to the narrow language of the act, but it distorts the act’s larger purpose, which is to ensure that the public can scrutinize the actions of its employees when they are doing public work.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/basketman.

Texas appeals court says police can’t search your phone after you’re jailed (ArsTechnica, 27 Feb 2014) – On Wednesday, the Texas Court of Criminal Appeals ruled that law enforcement officials do need a warrant to search an arrested person’s cell phone after they’ve been jailed. The ruling did not decide whether it is legal or not for police to search a suspect’s phone at the incidence of arrest, which is currently a hotly contested subject. The Supreme Court is set to decide that matter later this year. For now, however, seven Texas appeals court judgeshave ruled that a person has a legitimate expectation of privacy over the contents of their cell phone while the phone is being stored in the jail property room. An eighth judge wrote a dissenting opinion. The case, Texas v. Granville , involved Anthony Granville, a student who was arrested for causing a disturbance on a school bus. After Granville was arrested, his cell phone was placed in the booking room. Later, a “School Resources Officer” was told that Granville had taken a photo of another student urinating in the boys’ bathroom prior to his arrest. The officer, who had not been involved in the arrest of Granville, went down to the booking room, obtained Granville’s phone, turned it on, found the photo, and printed out a copy of it. The officer then kept the phone as evidence and charged Granville with Improper Photography, a state felony. Granville’s lawyers moved to suppressthe evidence against him, but the prosecution maintained that an officer can search anything in the jail’s booking room if there is probable cause. The trial judge disagreed, and the state appealed. But Texas authorities did not find much more support in the Court of Appeals either. Although the ruling does not prohibit all warrantless searches of cell phones, the ruling is still very important, perhaps for less obvious reasons. “[T]he court recognizes that just because you’ve surrendered something to someone else (especially when that surrender is involuntary), that you can still maintain an expectation of privacy in the data and the item,” wrote Hanni Fakhoury, an attorney for the Electronic Frontier Foundation. “That has implications beyond this case and really is the heart of the issue in the NSA litigation (which the court itself acknowledges toward the end of the opinion, even citing from Klayman v. Obama) as well as other issues surrounding law enforcement use of new technologies like cell site data.”

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.