High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
The Librarian of Congress recently decided in their triennial DMCA exemption rule-making process to remove the existing exemption that allowed individuals to unlock their own mobile phones to use on the compatible network of their choice. As a result of this decision, individuals no longer have clear immunity to unlock new phones - thereby putting them in potential legal jeopardy.
In the face of efforts to reform the Computer Fraud and Abuse Act (CFAA), some buinesses have told lawmakers that the CFAA should be used to punish breach of contract where the breacher acted "for purposes of commercial advantage or private financial gain". Such a proposal does not fix the ability of prosecutors to go after people for disregarding terms of service.
Worse, the idea is unprecedented, dangerous and unacceptable.
The Hacker Manifesto lauds the world of the electron and the switch, where the talented are treated equally and the values of curiosity and exploration reign supreme. Yet studying computers, network security, and programming flaws can be a crime or civil offense. Just two examples: In Sony v. Hotz (2011), a case that eventually settled, Sony claimed that researchers who studied the way their own game consoles worked violated the CFAA.
Law professor and cybercrime expert Orin Kerr published a proposal to amend the Computer Fraud and Abuse Act (CFAA) to address the overcriminalization that he has been at the forefront of identifying and combatting. His current proposal, which very simply but comprehensively addresses a number of problems with the CFAA, is here.
By focusing purely on whether the service operator implements technological access barriers, the proposal risks a similar problem to the one that the current statute has, giving server owners plenary authority to criminalize the way members of the public interact with information made available online, but through “technological access barriers” rather than merely terms of service and employee agreements.
Yesterday, Representative Zoe Lofgren introduced on Reddit a bill to improve the Computer Fraud and Abuse Act in the wake of Aaron Swartz's suicide during the pendency of his prosecution for violating various provisions of that law and of the Wire Fraud Act. I've attached
Encryption helps human rights workers, activists, journalists, financial institutions, innovative businesses, and governments protect the confidentiality, integrity, and economic value of their activities. However, strong encryption may mean that governments cannot make sense of data they would otherwise be able to lawfully access in a criminal or intelligence investigation.
Arguing that a defendant’s conviction for website hacking should be overturned because legitimate, highly valuable security and privacy research commonly employs techniques that are essentially identical to what the defendant did and that such independent research is of great value to academics, government regulators and the public even when – often especially when — conducted without a website owner’s permission.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
After the Estate of James Joyce refused to allow a scholar to quote Joyce in her book, we successfully defended her right under the fair use doctrine to use the quotes she needed to illustrate her scholarship. After we prevailed in the case, the Estate paid $240,000 of our client’s legal fees.
Reply brief of Movants-Appellants EFF, ACLU, and Riana Pfefferkorn to the Ninth Circuit in our appeal from the district court's denial of our motion to unseal filings in a sealed case wherein the Department of Justice allegedly sought to compel Facebook to comply with a wiretap order for Facebook's end-to-end encrypted voice calling app, Messenger.
Opening brief of Movants-Appellants EFF, ACLU, and Riana Pfefferkorn to the Ninth Circuit in our appeal from the district court's denial of our motion to unseal filings in a sealed case wherein the Department of Justice allegedly sought to compel Facebook to comply with a wiretap order for Facebook's end-to-end encrypted voice calling app, Messenger.
Brief of amici curiae ACLU, ACLU of Georgia, and Riana Pfefferkorn in support of appellant Victor Mobley in Mobley v. State, a Georgia Supreme Court case presenting the question of whether the Fourth Amendment requires a warrant for the seizure of digital data stored by a vehicle -- specifically, a car's event data recorder (EDR).
Reply brief in support of January 2019 objections to magistrate judge's report and recommendation.
"“This sanctions law, which was written for one purpose,” said Jennifer Stisa Granick, a staff attorney with the American Civil Liberties Union’s Speech, Privacy and Technology project, “is being used to suppress speech with little consideration of the free expression values and the special risks of blocking speech, as opposed to blocking commerce or funds as the sanctions was designed to do. That’s really problematic.”"
"Jennifer Granick, a lawyer with the ACLU’s technology division, said that abuses of power will become unavoidable if companies continue to face pressure to moderate their content.
“It's not a surprise that Twitter employees have this capability,” Granick said. “The public and Congress have been demanding that the platform companies create the ability to ban people from the platform or delete particular messages.”"
"“There’s always been employees who have misused the keys,” said ACLU surveillance and cybersecurity counsel Jennifer Granick. She pointed to the tension among some who would prefer that tech platforms censor users' content, whether that’s policing Russian-planted accounts and ads or kicking Trump off Twitter for what they perceive as hate speech. “They’re under extreme pressure from Congress,” she said."
"“Congress has subpoena power, of course,” says Al Gidari, the director of privacy at Stanford Law School’s Center for Internet and Society, who previously represented several big tech companies in national security cases.
"Albert Gidari, Director of Privacy for the Center for Internet and Society at Stanford Law School, told us he agrees with the EFF’s argument:
Asking for metadata on everyone that visits a particular website implicates more than just the particularity required by the 4th Amendment. It implicates the 1st Amendment rights of anyone that visited the site.
To celebrate the one-year anniversary of the Stanford Cryptography Policy Project, we are holding an afternoon event highlighting our research and accomplishments over the past year. As our keynote speakers, it is our pleasure to welcome the Honorable Stephen W. Smith, Magistrate Judge of the Southern District of Texas, and Paul S. Grewal, former Magistrate Judge of the Northern District of California.
What kind of surveillance assistance can the U.S. government force companies to provide? This issue has entered the public consciousness due to the FBI's demand in February that Apple write software to help it access the San Bernardino shooter's encrypted iPhone. Technical assistance orders can go beyond the usual government requests for user data, requiring a company to actively participate in the government's monitoring of the targeted user(s).
On Wednesday, February 17, The Center on Democracy, Development and the Rule of Law at Stanford, The Center for International Governance Innovation, and the Research Advisory Network of the Global Commission on Internet Governance will present an all-day conference entitled "New Alliances in Cybersecurity, Human Rights and Internet Governance." The conference will discuss the challenges of creating a regime of internet governance that pays attention to security and human rights in the digital context.
Over the course of two days in February 2016, the Strauss Center at the University of Texas-Austin will host a unique and timely conference focused on the legal and policy dimensions of cybersecurity.
If you attended a recent march to protest, wrote a check to the ACLU, or recently visited a politically leaning website, consider yourself an activist, says Stanford legal scholar Granick. Not only might the government be watching you, but your digital footprint could end up being visible to people and organizations you never imagined would care. Know your risks and take safety precautions, advises Granick, or don’t be surprised at the troubling outcome.
In the post-Snowden era, we don't have to tell you how important it is to stay engaged with (and vigilant about) the surveillance state in America. Jennifer Granick is the Director of Civil Liberties at the Stanford Center for Internet and Society, and author of the new book American Spies — and this week she joins us for an in-depth discussion about the surveillance sta
Intelligence agencies in the U.S. (aka the American Spies) are exceedingly aggressive, pushing and sometimes bursting through the technological, legal and political boundaries of lawful surveillance.
The Snowden revelations, while dramatic, have done little to amp up public concern about personal surveillance.
After all, thanks to technology, electronic spying is cheap — so cheap the government can’t afford not to do it.
The internet makes access to information incredibly easy, and we normally see that as a good thing. But what if the information being accessed is details of our private lives? And what if the person accessing them is a government intelligence agency? This week we speak with Jennifer Granick, author of "American Spies" and director of civil liberties at the Stanford Center for Internet and Society, about the quest for privacy in the age of surveillance.