High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
Last Friday, a New York federal judge joined in the contentious current debate over whether tech companies should be forced to provide law enforcement the ability to decipher encrypted data stored on smartphones and in the cloud.
In two years, section 702 of the FISA Amendments Act will expire. It is essential the public to have confidence that any reforms to section 702 will actually address problems with PRISM and Upstream surveillance. To get that confidence, we have to know a lot more about how the intelligence community is using section 702. That understanding requires more investigation.
Today we sent a letter to lawmakers expressing security experts' opposition to the Cybersecurity Information Sharing Act (CISA) as well as two other pending bills that purport to be about security information sharing, the Protecting Cyber Networks Act (PCNA), and the National Cybersecurity Protection Advancement Act of 2015. These experts agree that the information sharing bills unnecessarily waive privacy rights because they focus on sharing information beyond that needed for cybersecurity.
Encryption helps human rights workers, activists, journalists, financial institutions, innovative businesses, and governments protect the confidentiality, integrity, and economic value of their activities. However, strong encryption may mean that governments cannot make sense of data they would otherwise be able to lawfully access in a criminal or intelligence investigation.
Arguing that a defendant’s conviction for website hacking should be overturned because legitimate, highly valuable security and privacy research commonly employs techniques that are essentially identical to what the defendant did and that such independent research is of great value to academics, government regulators and the public even when – often especially when — conducted without a website owner’s permission.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
After the Estate of James Joyce refused to allow a scholar to quote Joyce in her book, we successfully defended her right under the fair use doctrine to use the quotes she needed to illustrate her scholarship. After we prevailed in the case, the Estate paid $240,000 of our client’s legal fees.
Last week’s big cybersecurity news was that the FBI obtained a court order to force Apple to develop new software that would bypass several iPhone security features so the FBI can attempt to unlock the work phone of one of the San Bernardino shooters. Apple plans to challenge that order. (Full disclosure: I am planning on writing a technologists’ amicus brief on Apple’s side in that challenge.)
On Friday, Congress will vote on a mutated version of security threat sharing legislation that had previously passed through the House and Senate. These earlier versions would have permitted private companies to share with the federal government categories of data related to computer security threat signatures. Companies that did so would also receive legal immunity from liability under the Electronic Communications Privacy Act (ECPA) and other privacy laws.
Here’s the latest in the encryption case we’ve been writing about in which the Justice Department is asking Magistrate Judge James Orenstein to order Apple to unlock a criminal defendant’s passcode-protected iPhone. The government seized and has authority to search the phone pursuant to a search warrant.
Pending before federal magistrate judge James Orenstein is the government’s request for an order obligating Apple, Inc. to unlock an iPhone and thereby assist prosecutors in decrypting data the government has seized and is authorized to search pursuant to a warrant.
Last week, we wrote about an order from a federal magistrate judge in New York that questioned the government’s ability, under an ancient federal law called the All Writs Act, to compel Apple to decrypt a locked device which the government had seized and is authorized to search pursuant to a warrant.
"Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges. This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based.
"The Stanford Center for Internet and Society's Jennifer Granick, director of civil liberties, and Riana Pfefferkorn, cryptography fellow, said at Black Hat 2016 that companies are often under no legal obligation to comply with law enforcement data requests, because data requests are not orders and even court orders are not the law.
"“If you’re ever asked to do something like this, you have a lot of strong legal arguments to say no,” said Jennifer Granick, the Director of Civil Liberties at the Stanford Center for Internet and Society in a Black Hat talk on Thursday. Granick and her Stanford colleague Riana Pfefferkorn, a Cryptography Fellow, ran down relevant laws and what’s currently known about their parameters and limits. They suggested that companies should plan ahead and assume that law enforcement agencies will eventually send them some kind of technical request—if they haven’t already.
"In a session at the Black Hat conference in Las Vegas, Stanford Center for Internet and Society director of Civil Liberties Jennifer Granick and Cryptography Fellow Riana Pfefferkorn, acknowledged that there is more information about us than ever before, with sensors both on and offline. All encryption is doing, they said, is removing a fraction of law enforcement.
"Touching on cases like the Snowden or the Lavabit incidents, the duo strongly emphasized that companies should start asking themselves a couple of questions before law enforcement actually comes knocking at their door. Knowing what they collect, how they store it, for how long, why, what can it access, does it encrypt data and where are keys stored – are only a few of them.
Jennifer Granick, CIS Director of Civil Liberties will be a speaker at World Affairs 2014.
“The best venue for a timely, honest discussion about our world and where it is going.”
WorldAffairs offers fresh insights and new perspectives on current global topics. This year's program will spotlight the critical issues and countries poised to impact our world and affect our decision making.
Come meet CIS and hear about our exciting work and ways to get involved.
RSVP for the event here: https://www.facebook.com/events/520390394700141/
Come out to rally for your privacy and learn about surveillance from a distinguished group of speakers this Sunday afternoon at Embarcadero Plaza!
This Conference is cordially hosted by Stanford Law School and Peking University, and is sponsored by Tencent, China’s largest Internet company and one of the largest worldwide, and Microsoft, the largest software maker in the world. The main organizers include the China Guiding Cases Project, the Stanford Program in Law, Science, & Technology, the China Law and Policy Association, and the Stanford Law School Programs.
In the realm of big data, privacy is a significant, and often controversial, issue. In this clip, Jennifer Granick takes on the alleged trade-off between “privacy versus security,” and proposes an alternate framing. She is the Director of Civil Liberties at the Center for Internet and Society at Stanford Law School.
This video is a preview of Worldview Stanford's unique online and on-campus course, Behind and Beyond Big Data. We are currently accepting applications for the course. Learn more and apply here: worldview.stanford.edu/course/behind-and-beyond-big-data
The director of civil liberties for the Center for Internet and Society at Stanford Law School discusses net neutrality, privacy and the NSA.
"State of Surveillance" examines new technologies police departments are using to fight crime and the civil liberties concerns raised by these tools.
Law enforcement agencies say that many of the technologies make it easier to solve and, in some cases, even prevent crime. But privacy advocates warn that expanded databases could become dragnets that are increasingly populated with information about law-abiding citizens.
The following is audio of the conference last week in Austin hosted by the Intelligence Studies Project, a joint venture of the Strauss Center and Clements Center at the University of Texas at Austin. The conference was entitled, “The National Security Agency at the Crossroads.”
The Internet makes lives better, around the world, in ways people couldn't have imagined not even a decade ago. It sparks prosperity, inspires dissent, improves education, and encourages freedom. But all of the good it does is under threat, largely from governments. David Drummond will discuss where those threats are coming from, and the critical importance for us all that we overcome them. Drummond joined Google in 2002, initially as vice president of corporate development.