Position / Title:
jennifer at law dot stanford dot edu
High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
Over at Just Security, I have a post about the latest iteration of the USA Freedom Act. Basically, civil liberties groups are withdrawing support for the bill because it no longer clearly ends bulk collection of metadata and other information under Section 215 of the Patriot Act, the NSL statutes, and the intelligence pen/trap statute as the bill was supposed to do. I explain the language changes that gutted the bill, and lament the state of Congress. Read more here.
Yesterday I attended a conference at the Hoover Institution on “Intelligence Challenges.” I also spoke on a panel in the morning about Civil Liberties. A version of my prepared remarks is below. Ben Wittes has an interesting post on the event.
Over at Just Security I have an analysis of the USA Freedom Act as changed by a recent Manager's Amendment. Basically, I conclude that the Manager's Amendment fails to prohibit "back door searches" for US person information caught up in the NSA dragnet, which was supposedly one of the mail goals of the original bill.
Yesterday afternoon, the White House put out a statement describing its view of vulnerability disclosure: the contentious issue of whether and when government agencies should disclose their knowledge of computer vulnerabilities. Over at Just Security, I highlight some parts of the announcement for further thought.
Last week’s big cybersecurity news was that the FBI obtained a court order to force Apple to develop new software that would bypass several iPhone security features so the FBI can attempt to unlock the work phone of one of the San Bernardino shooters. Apple plans to challenge that order. (Full disclosure: I am planning on writing a technologists’ amicus brief on Apple’s side in that challenge.)
On Friday, Congress will vote on a mutated version of security threat sharing legislation that had previously passed through the House and Senate. These earlier versions would have permitted private companies to share with the federal government categories of data related to computer security threat signatures. Companies that did so would also receive legal immunity from liability under the Electronic Communications Privacy Act (ECPA) and other privacy laws.
Here’s the latest in the encryption case we’ve been writing about in which the Justice Department is asking Magistrate Judge James Orenstein to order Apple to unlock a criminal defendant’s passcode-protected iPhone. The government seized and has authority to search the phone pursuant to a search warrant.
Pending before federal magistrate judge James Orenstein is the government’s request for an order obligating Apple, Inc. to unlock an iPhone and thereby assist prosecutors in decrypting data the government has seized and is authorized to search pursuant to a warrant.
Last week, we wrote about an order from a federal magistrate judge in New York that questioned the government’s ability, under an ancient federal law called the All Writs Act, to compel Apple to decrypt a locked device which the government had seized and is authorized to search pursuant to a warrant.
"Storing passwords in an encrypted format is “not just best practice, it’s something that industry should always do,” said Jennifer Granick, a lawyer with the American Civil Liberties Union. “Facebook’s failure to do that will really upset the FTC,” she said"
"Jennifer Granick, attorney with ACLU, points out that the arguments, or those engaging in them, are often paradoxical. The same people who don’t want Facebook to restrict job searches to people of certain age or housing by ethnicity may want Facebook to remove what they consider hateful speech. The social media companies also talk from both sides of their mouth, arguing like media companies that they need to cover both sides of, say, political issues, but then pooh-poohing calls for the kind of regulation media companies have.
"How long have you operated with that assumption?
Probably 20 years. I had an incident occur in my hotel room at Black Hat. My room was broken into, and my tech was compromised. They pulled the hard drive out of the wall safe, plugged it into my Linux laptop, booted it up off of a different drive, and then accessed files and copied it. Then they put the drive back in the safe.
"“There’s a secretive process with no real appeal where people are making extremely difficult subjective calls that have to do with politics, culture and religion,” said Jennifer Granick, an attorney with the American Civil Liberties Union. “This example shows why it is dangerous. If I want to find good information about vaccines, I can’t find it.”"
"Jen King, director of consumer privacy at Stanford’s Center for Internet and Society, thinks it's a sign Facebook may be ready to actually take privacy seriously. "It's possible that Facebook has finally gotten the memo and is really trying to make change," King told WIRED.
Come meet CIS and hear about our exciting work and ways to get involved.
On January 19, 2012, Kim DotCom was arrested in a dramatic raid after being indicted on federal criminal charges that he knew that his website, MegaUpload, was a haven of piracy and counterfeiting. In the days that followed, the media commented on the presumed guilt of MegaUpload. In this debate, Jim argues that the law and evidence clearly point to MegaUpload's officers being found guilty, while Jennifer will argue that the MegaUpload case is built on unprecedented and wrongheaded interpretations of copyright law, and thus the principles should be found not guilty.
Prompted by the Google Street View WiFi sniffing scandal, the question of whether and how the law regulates interception of unencrypted wireless communications has become a hot topic in the courts, in the halls of the FCC, on Capitol Hill, and in the security community. Are open WiFi communications protected by federal wiretap law, unprotected, or some strange mix of the two? (Surprise: it may be the last one, so you'll want to come learn the line between what's probably illegal sniffing and what's probably not.)
Has it really been 15 years? Time really flies when keeping up with Moore's law is the measure. In 1997, Jeff Moss held the very first Black Hat. He gathered together some of the best hackers and security minds of the time to discuss the current state of the hack. A unique and neutral field was created in which the security community--private, public, and independent practitioners alike—could come together and exchange research, theories, and experiences with no vendor influences. That idea seems to have caught on. Jeff knew that Black Hat could serve the community best if it concentrated on finding research by some of the brightest minds of the day, and he had an uncanny knack for finding them.
If you attended a recent march to protest, wrote a check to the ACLU, or recently visited a politically leaning website, consider yourself an activist, says Stanford legal scholar Granick. Not only might the government be watching you, but your digital footprint could end up being visible to people and organizations you never imagined would care. Know your risks and take safety precautions, advises Granick, or don’t be surprised at the troubling outcome.
In the post-Snowden era, we don't have to tell you how important it is to stay engaged with (and vigilant about) the surveillance state in America. Jennifer Granick is the Director of Civil Liberties at the Stanford Center for Internet and Society, and author of the new book American Spies — and this week she joins us for an in-depth discussion about the surveillance sta
Intelligence agencies in the U.S. (aka the American Spies) are exceedingly aggressive, pushing and sometimes bursting through the technological, legal and political boundaries of lawful surveillance.
The Snowden revelations, while dramatic, have done little to amp up public concern about personal surveillance.
After all, thanks to technology, electronic spying is cheap — so cheap the government can’t afford not to do it.
The internet makes access to information incredibly easy, and we normally see that as a good thing. But what if the information being accessed is details of our private lives? And what if the person accessing them is a government intelligence agency? This week we speak with Jennifer Granick, author of "American Spies" and director of civil liberties at the Stanford Center for Internet and Society, about the quest for privacy in the age of surveillance.