High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
Today’s report from the President’s Review Group on Intelligence and Communications Technologies–”Liberty And Security In A Changing World”—is impressive in a number of ways. Importantly, it pushes consideration of the privacy and civil liberties rights of non-U.S. persons into the policy debate. Old-school national security wonks commonly express distain for the idea that the U.S.
Today, the federal District Court for the District of Columbia held that the NSA's bulk telephone metadata collection program under the USA PATRIOT Act violates the 4th Amendment. This is a tremendously important ruling--the first time a public court has had the chance to rule on programs revealed by former NSA contractor Edward Snowden. Given the program's constitutional infirmities, it is more important than ever that Congress end this misuse of the USA PATRIOT Act. However, Deputy Attorney General James Cole testified earlier this week before the Senate Judiciary Committee that the NSA might continue its bulk collection of nearly all domestic phone call records, even if Congress does just that. The USA FREEDOM ACT has bipartisan sponsorship from dozens of lawmakers, all of whom agree that the core purpose of the bill is to end NSA dragnet collection of Americans’ communication data. Yet, Cole said that the reform legislation wouldn’t necessarily inhibit the NSA’s surveillance capabilities because “it’s going to depend on how the court interprets any number of the provisions that are in [the legislation].” Comments like this betray a serious problem inside the Executive Branch. The Administration and the intelligence community believe they can do whatever they want, regardless of the laws Congress passes, so long they can convince one of the judges appointed to the secretive Foreign Intelligence Surveillance Court (FISC) to agree. This isn’t the rule of law. This is a coup d’etat. Read more.
In the latest news report based on documents revealed by Edward Snowden, we’ve learned that the NSA creates profiles of porn viewing, online sexual activity and more from its vast database of Internet content and transactional data as part of a plan to harm the reputations of those whom the agency believes are radicalizing others through speeches promoting disfavored—but not necessarily violent—political views.
In a new post over at Just Security, I look at the recently declassified Foreign Intelligence Surveillance Court (FISC) opinions on bulk collection of Internet "metadata". These opinions show that, once again, the NSA has conducted illegal spying. The new documents reveal the National Security Agency’s (NSA) systemic violation of rules for domestic collection and use of Internet metadata.
Last week’s big cybersecurity news was that the FBI obtained a court order to force Apple to develop new software that would bypass several iPhone security features so the FBI can attempt to unlock the work phone of one of the San Bernardino shooters. Apple plans to challenge that order. (Full disclosure: I am planning on writing a technologists’ amicus brief on Apple’s side in that challenge.)
On Friday, Congress will vote on a mutated version of security threat sharing legislation that had previously passed through the House and Senate. These earlier versions would have permitted private companies to share with the federal government categories of data related to computer security threat signatures. Companies that did so would also receive legal immunity from liability under the Electronic Communications Privacy Act (ECPA) and other privacy laws.
Here’s the latest in the encryption case we’ve been writing about in which the Justice Department is asking Magistrate Judge James Orenstein to order Apple to unlock a criminal defendant’s passcode-protected iPhone. The government seized and has authority to search the phone pursuant to a search warrant.
Pending before federal magistrate judge James Orenstein is the government’s request for an order obligating Apple, Inc. to unlock an iPhone and thereby assist prosecutors in decrypting data the government has seized and is authorized to search pursuant to a warrant.
Last week, we wrote about an order from a federal magistrate judge in New York that questioned the government’s ability, under an ancient federal law called the All Writs Act, to compel Apple to decrypt a locked device which the government had seized and is authorized to search pursuant to a warrant.
"Riana Pfefferkorn, associate director of surveillance and cybersecurity at Stanford University’s Center for Internet and Society, said the strategy provided a false choice. "There’s this fundamental gut-level disgust that basically everyone has for the abuse of children,” Pfefferkorn said. “So, you can paint people who are trying to protect security and enhance [digital] protections as unsympathetic to preventing child sex abuse. I think it’s extremely cynical.”
Concerns are growing around privacy and government surveillance in today’s hyper-connected world. Technology is smarter and faster than ever — and so are government strategies for listening in.
"“We are thinking very much about functionality. What happens if the box is taken? Then obviously, if the box is taken we have technological concerns about the contents escaping,” Granick said. She added, “if someone does either subpoena or hack their way into the box we need to make sure that they’re not going to be able to see anything, without any opportunity for us to get into court to challenge it."
"“YouTube as a private company is well within its rights,” said Jennifer Granick, a speech and technology expert at the American Civil Liberties Union. But “YouTube will make mistakes, and over-censor.”"
"Jennifer Granick, a surveillance and cybersecurity counsel with the ACLU, explains that the purpose of the law “isn’t necessarily to protect the tech companies, but to protect the American people in having a platform where you can post information and post our stories, because if the platforms were liable for information that their users publish, then they wouldn’t be able to publish that information. They would have to go through some kind of advanced review process.”"
Come meet CIS and hear about our exciting work and ways to get involved.
On January 19, 2012, Kim DotCom was arrested in a dramatic raid after being indicted on federal criminal charges that he knew that his website, MegaUpload, was a haven of piracy and counterfeiting. In the days that followed, the media commented on the presumed guilt of MegaUpload. In this debate, Jim argues that the law and evidence clearly point to MegaUpload's officers being found guilty, while Jennifer will argue that the MegaUpload case is built on unprecedented and wrongheaded interpretations of copyright law, and thus the principles should be found not guilty.
Prompted by the Google Street View WiFi sniffing scandal, the question of whether and how the law regulates interception of unencrypted wireless communications has become a hot topic in the courts, in the halls of the FCC, on Capitol Hill, and in the security community. Are open WiFi communications protected by federal wiretap law, unprotected, or some strange mix of the two? (Surprise: it may be the last one, so you'll want to come learn the line between what's probably illegal sniffing and what's probably not.)
Has it really been 15 years? Time really flies when keeping up with Moore's law is the measure. In 1997, Jeff Moss held the very first Black Hat. He gathered together some of the best hackers and security minds of the time to discuss the current state of the hack. A unique and neutral field was created in which the security community--private, public, and independent practitioners alike—could come together and exchange research, theories, and experiences with no vendor influences. That idea seems to have caught on. Jeff knew that Black Hat could serve the community best if it concentrated on finding research by some of the brightest minds of the day, and he had an uncanny knack for finding them.
Jennifer Granick, Director of Civil Liberties, is in this episode discussing Stingray technology.
"Truth and Power" highlights Daniel Rigmaiden, the young tech-genius who exposed STINGRAY - a secret government surveillance technology that hacks into your cell phones. All New Episodes - Fridays at 10 p.m. ET / PT on Pivot. Learn more at http://bit.ly/TruthAndPowerPivot.
ABOUT THE SHOW
""The phone companies may already have data retention obligations under the Communications Act, but there's no additional obligation as a result of USA Freedom having passed," says Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society.
"A year ago, a European Court said people had a right to demand Google take down certain search results about them. Theright to be forgotten was born.
“That idea is spreading in some areas,” says Jennifer Granick, Director of Civil Liberties for the Stanford Center for Internet and Society.
Jennifer Granick, Director of Civil Liberties, presented her work with the Stanford Center for Internet and Society, and the impacts of Edward Snowden.