High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
The Internet is under threat, mostly from governments. We need companies to help people stand up to government threats, but companies cannot solve the problems for us. This is what I told the audience on Thursday, at an event co-hosted by CIS and the Program on Liberation Technology.
Tomorrow, all five members of the Privacy and Civil Liberties Oversight Board (PCLOB) will testify before the Senate Judiciary Committee about their recent report concluding that the National Security Agency’s (NSA) bulk collection of phone records under section 215 is illegal and ill-advised. Meanwhile, the PCLOB is gearing up to report in a few months its conclusions regarding mass surveillance of the content of Internet transactions under section 702 of the FISA Amendments Act
Today, Stanford’s Center for Internet and Society joins Greenpeace, Mozilla, Electronic Frontier Foundation, the Libertarian Party, and an array of ideologically diverse groups in The Day We Fight Back against mass surveillance.
Yesterday, I wrote generally about the problems with section 702 of the FISA Amendments Act (FAA). Today I focus on categories of information—including content—that NSA collects under section 702 but maybe never minimizes—meaning one of the few safeguards for U.S. person privacy is non-existent. In short, since the thirteen-page 702 minimization procedures only apply to communications, and since today's NSA probably excludes unshared cloud-stored data from the definition of communications, it's possible no minimization rules apply to protect American privacy.
I've written a lot about the problems with the FISA Amendments Act and section 702, which is the legal basis for the PRISM surveillance program and involves warrantless collection of communications contents via targeting non-U.S. individuals or entities reasonably believed to be located abroad.
Right now, a battle is underway to reform the Computer Fraud and Abuse Act, a statute that can transform innocuous workplace behavior into a federal crime, simply because a computer is involved. The CFAA is a bludgeon that Big Business and the Department of Justice have willingly used against the American worker, and its time for that to stop.
The first part of this article outlined the mechanics of the Megaupload website, and the novel questions of criminal inducement on which the government's indictment is premised. Here, we explore two more extensions of existing law on which the indictment is based, and the impact this prosecution is likely to have on Internet innovators and users alike.
Days after anti-piracy legislation stalled in Congress, the U.S. Department of Justice coordinated an unprecedented raid on the Hong Kong-based website Megaupload.com. New Zealand law enforcement agents swooped in by helicopter to arrest founder Kim Dotcom at his home outside of Auckland, and seized millions of dollars worth of art, vehicles and real estate. Six other Megaupload employees were also arrested. Meanwhile, the Justice Department seized Megaupload's domain names and the data of at least 50 million users worldwide.
"“Courts and police are increasingly using software to make decisions in the criminal justice system about bail, sentencing, and probability-matching for DNA and other forensic tests,” said Jennifer Granick, a surveillance and cybersecurity lawyer with the American Civil Liberties Union’s Speech, Privacy and Technology Project who has studied the issue.
"“Its role in enabling a certain kind of technical innovation is unambiguous,” says Daphne Keller at Stanford Law School’s Center for Internet and Society. “It made it possible for investors to get behind companies who were in the business of transmitting so much speech and information that they couldn't possibly assess it all and figure what was legal or illegal.”
"Storing passwords in an encrypted format is “not just best practice, it’s something that industry should always do,” said Jennifer Granick, a lawyer with the American Civil Liberties Union. “Facebook’s failure to do that will really upset the FTC,” she said"
"Jennifer Granick, attorney with ACLU, points out that the arguments, or those engaging in them, are often paradoxical. The same people who don’t want Facebook to restrict job searches to people of certain age or housing by ethnicity may want Facebook to remove what they consider hateful speech. The social media companies also talk from both sides of their mouth, arguing like media companies that they need to cover both sides of, say, political issues, but then pooh-poohing calls for the kind of regulation media companies have.
"How long have you operated with that assumption?
Probably 20 years. I had an incident occur in my hotel room at Black Hat. My room was broken into, and my tech was compromised. They pulled the hard drive out of the wall safe, plugged it into my Linux laptop, booted it up off of a different drive, and then accessed files and copied it. Then they put the drive back in the safe.
Jennifer Granick, Director of Civil Liberties, will speaking at the ISSA-LA Summitt.
More information: https://issalasummit9.wpengine.com/?page_id=285/#Granick
Title: American Spies, Modern Surveillance, and You
Join Just Security for a fireside chat on the current state of U.S. surveillance and a celebration of Jennifer Granick‘s new book, American Spies: Modern Surveillance, Why You Should Care, And What to Do About It. Opening remarks by Senator Ron Wyden.
US intelligence agencies - the eponymous American spies - are exceedingly aggressive, pushing and sometimes bursting through the technological, legal and political boundaries of lawful surveillance. Written for a general audience by a surveillance law expert, this book educates readers about how the reality of modern surveillance differs from popular understanding.
Jennifer Granick talks about how notions of privacy have changed over the years and where she thinks things are headed in the future. She is a professor at the Stanford School of Law and Director of Civil Liberties at the Center for Internet and Society, where she specializes in the intersection of engineering, privacy and the law.
What kind of surveillance assistance can the U.S. government force companies to provide? This issue has entered the public consciousness due to the FBI's demand in February that Apple write software to help it access the San Bernardino shooter's encrypted iPhone. Technical assistance orders can go beyond the usual government requests for user data, requiring a company to actively participate in the government's monitoring of the targeted user(s).
In this week's feature interview we're chatting with Stanford's very own Jennifer Granick about a recent ruling in a Virginia court that appears to give the FBI permission to hack into any computer it wants, sans warrant. Well that's what the headlines are screaming, anyway. But as you'll hear, it's not quite that black and white.
""What was remarkable was that the public hadn't seen the argument surfaced," says Jennifer Granick at the Stanford Center for Internet and Society. She says Judge Orenstein was trying to stoke a public debate. "Judge Orenstein had concerns about whether the government's legal argument was a valid legal argument."