High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
Over at Just Security, I have a post about the latest iteration of the USA Freedom Act. Basically, civil liberties groups are withdrawing support for the bill because it no longer clearly ends bulk collection of metadata and other information under Section 215 of the Patriot Act, the NSL statutes, and the intelligence pen/trap statute as the bill was supposed to do. I explain the language changes that gutted the bill, and lament the state of Congress. Read more here.
Yesterday I attended a conference at the Hoover Institution on “Intelligence Challenges.” I also spoke on a panel in the morning about Civil Liberties. A version of my prepared remarks is below. Ben Wittes has an interesting post on the event.
Over at Just Security I have an analysis of the USA Freedom Act as changed by a recent Manager's Amendment. Basically, I conclude that the Manager's Amendment fails to prohibit "back door searches" for US person information caught up in the NSA dragnet, which was supposedly one of the mail goals of the original bill.
Yesterday afternoon, the White House put out a statement describing its view of vulnerability disclosure: the contentious issue of whether and when government agencies should disclose their knowledge of computer vulnerabilities. Over at Just Security, I highlight some parts of the announcement for further thought.
Last week, the Justice Department filed criminal charges against a North Korean operative for a malware attack that endangered hospital systems and crippled the computers of businesses, governments, and individuals around the world. Americans might be surprised to learn that the software used for this 2017 attack — known as “WannaCry” — was based on a hacking tool created by the U.S. government itself.
Included in this PDF are:
- Petitioners' Notice of Motion and Motion for Leave to file Motion for Reconsideration
- Exhibit A Petitioners' [Proposed] Notice of Motion and Motion for Reconsideration of the May 1, 2018 Order
- Declaration of Jennifer Stisa Granick in Support of Petitioners' Motion for Leave to File a Motion for Reconsideration
- [Proposed] Order Granting Petitioners' Motion for Leave to File Motion for Reconsideration Pursuant to Local Rule 7-9.
For decades, U.S. policies on international data sharing have balanced privacy, principles of comity (respect for the jurisdiction of other countries), and respect for Congress’ power to regulate foreign affairs. Foreign countries seeking data held by U.S. companies generally must follow a process laid out in Mutual Legal Assistance Treaties, or MLATs, which are agreements between governments that facilitate cooperation in investigations. Increasingly, however, countries have complained that the MLAT process in the U.S. is slow and that it allows the U.S.
"Jennifer Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union (ACLU), noted that “increasingly, modern surveillance is mass surveillance” which can be facilitated by new technologies and the internet.
Secretive large scale surveillance differs from warrant-directed searches by the volume and depth of data and could be abetted by the ease of converting in-home appliances with microphones and cameras into “surveillance machines”, she said."
"Even Hutchins’s defenders say if he’s guilty some punishment is in order, but his prosecution also sends a mixed message. Hutchins had been a model of public-private cooperation at a time when the government was having difficulty recruiting cybersecurity talent. (James Comey irritated the community in 2014 when he said the FBI struggled to hire people because “some of those kids want to smoke weed on the way to the interview.”) Some security researchers said they would stop sharing information with the government in protest.
"“The law is clearly targeted at economic activity and is being applied to an entirely different category to suppress speech,” said Jennifer Granick, an attorney with the American Civil Liberties Union."
"“This sanctions law, which was written for one purpose,” said Jennifer Stisa Granick, a staff attorney with the American Civil Liberties Union’s Speech, Privacy and Technology project, “is being used to suppress speech with little consideration of the free expression values and the special risks of blocking speech, as opposed to blocking commerce or funds as the sanctions was designed to do. That’s really problematic.”"
"Jennifer Granick, a lawyer with the ACLU’s technology division, said that abuses of power will become unavoidable if companies continue to face pressure to moderate their content.
“It's not a surprise that Twitter employees have this capability,” Granick said. “The public and Congress have been demanding that the platform companies create the ability to ban people from the platform or delete particular messages.”"
Come meet CIS and hear about our exciting work and ways to get involved.
On January 19, 2012, Kim DotCom was arrested in a dramatic raid after being indicted on federal criminal charges that he knew that his website, MegaUpload, was a haven of piracy and counterfeiting. In the days that followed, the media commented on the presumed guilt of MegaUpload. In this debate, Jim argues that the law and evidence clearly point to MegaUpload's officers being found guilty, while Jennifer will argue that the MegaUpload case is built on unprecedented and wrongheaded interpretations of copyright law, and thus the principles should be found not guilty.
Prompted by the Google Street View WiFi sniffing scandal, the question of whether and how the law regulates interception of unencrypted wireless communications has become a hot topic in the courts, in the halls of the FCC, on Capitol Hill, and in the security community. Are open WiFi communications protected by federal wiretap law, unprotected, or some strange mix of the two? (Surprise: it may be the last one, so you'll want to come learn the line between what's probably illegal sniffing and what's probably not.)
Has it really been 15 years? Time really flies when keeping up with Moore's law is the measure. In 1997, Jeff Moss held the very first Black Hat. He gathered together some of the best hackers and security minds of the time to discuss the current state of the hack. A unique and neutral field was created in which the security community--private, public, and independent practitioners alike—could come together and exchange research, theories, and experiences with no vendor influences. That idea seems to have caught on. Jeff knew that Black Hat could serve the community best if it concentrated on finding research by some of the brightest minds of the day, and he had an uncanny knack for finding them.