High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
Over at Just Security, I have a post about the latest iteration of the USA Freedom Act. Basically, civil liberties groups are withdrawing support for the bill because it no longer clearly ends bulk collection of metadata and other information under Section 215 of the Patriot Act, the NSL statutes, and the intelligence pen/trap statute as the bill was supposed to do. I explain the language changes that gutted the bill, and lament the state of Congress. Read more here.
Yesterday I attended a conference at the Hoover Institution on “Intelligence Challenges.” I also spoke on a panel in the morning about Civil Liberties. A version of my prepared remarks is below. Ben Wittes has an interesting post on the event.
Over at Just Security I have an analysis of the USA Freedom Act as changed by a recent Manager's Amendment. Basically, I conclude that the Manager's Amendment fails to prohibit "back door searches" for US person information caught up in the NSA dragnet, which was supposedly one of the mail goals of the original bill.
Yesterday afternoon, the White House put out a statement describing its view of vulnerability disclosure: the contentious issue of whether and when government agencies should disclose their knowledge of computer vulnerabilities. Over at Just Security, I highlight some parts of the announcement for further thought.
Last week, we argued that the public discussion surrounding two of the government’s most controversial mass surveillance programs – PRISM and Upstream – has not sufficiently acknowledged the broad scope of collection under these programs, which take place under section 702 of the Foreign Intelligence Surveillance Act (FISA). In short, hiding behind the counterterrorism justifications for section 702 is a broad surveillance program that sucks up massive amounts of irrelevant private data.
The legal authority behind the controversial PRISM and Upstream surveillance programs used by the NSA to collect large swaths of private communications from leading Internet companies – Section 702 of the Foreign Intelligence Surveillance Act (FISA) – is scheduled to expire on December 31, 2017. In recent months, Congress began to review these programs to assess whether to renew, reform, or retire section 702. Unfortunately, it appears the debate has already been skewed by misconceptions about the true scope of surveillance conducted under the contentious provision.
Slides from the BlackHat 2016 presentation by Jennifer Granick and Riana Pfefferkorn titled "When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement."
To celebrate the one-year anniversary of the Stanford Cryptography Policy Project, we are holding an afternoon event highlighting our research and accomplishments over the past year. As our keynote speakers, it is our pleasure to welcome the Honorable Stephen W. Smith, Magistrate Judge of the Southern District of Texas, and Paul S. Grewal, former Magistrate Judge of the Northern District of California.
What kind of surveillance assistance can the U.S. government force companies to provide? This issue has entered the public consciousness due to the FBI's demand in February that Apple write software to help it access the San Bernardino shooter's encrypted iPhone. Technical assistance orders can go beyond the usual government requests for user data, requiring a company to actively participate in the government's monitoring of the targeted user(s).
On Wednesday, February 17, The Center on Democracy, Development and the Rule of Law at Stanford, The Center for International Governance Innovation, and the Research Advisory Network of the Global Commission on Internet Governance will present an all-day conference entitled "New Alliances in Cybersecurity, Human Rights and Internet Governance." The conference will discuss the challenges of creating a regime of internet governance that pays attention to security and human rights in the digital context.
Over the course of two days in February 2016, the Strauss Center at the University of Texas-Austin will host a unique and timely conference focused on the legal and policy dimensions of cybersecurity.