High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
Over at Just Security, I have a new piece on the Washington Post's interesting story about the increasingly aggressive role some federal magistrate judges are playing in policing criminal investigations involving digital media.
Today the Fourth Circuit refrained from deciding the first legal challenge to government seizure of the master encryption keys that secure our communications with web sites and email servers. Nevertheless, the Court upheld contempt of court sanctions, because of the Lavabit owner’s foot dragging during proceedings. Lavabit had failed to raise the substantive issues below, it decided, thus precluding appellate review.
Today I filed comments with the Privacy and Civil Liberties Oversight Board (PCLOB) in connection with its hearing on section 702 of the FISA Amendments Act. That law is the legal basis for the PRISM surveillance program and involves warrantless collection of communications contents via targeting non-U.S. individuals or entities reasonably believed to be located abroad. I've written previously about questions the PCLOB should investigate with regards to section 702.
Last week, the New York Times reported that the U.S. is spying on router company Huawei to get information about the Chinese government and to learn how to surveil our allies and other countries that might purchase Huawei routers. On Just Security, I refute the argument of some that it is not “in the public interest to reveal how democracies spy on dictatorships”.
Last week, we argued that the public discussion surrounding two of the government’s most controversial mass surveillance programs – PRISM and Upstream – has not sufficiently acknowledged the broad scope of collection under these programs, which take place under section 702 of the Foreign Intelligence Surveillance Act (FISA). In short, hiding behind the counterterrorism justifications for section 702 is a broad surveillance program that sucks up massive amounts of irrelevant private data.
The legal authority behind the controversial PRISM and Upstream surveillance programs used by the NSA to collect large swaths of private communications from leading Internet companies – Section 702 of the Foreign Intelligence Surveillance Act (FISA) – is scheduled to expire on December 31, 2017. In recent months, Congress began to review these programs to assess whether to renew, reform, or retire section 702. Unfortunately, it appears the debate has already been skewed by misconceptions about the true scope of surveillance conducted under the contentious provision.
Slides from the BlackHat 2016 presentation by Jennifer Granick and Riana Pfefferkorn titled "When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement."
"Even Hutchins’s defenders say if he’s guilty some punishment is in order, but his prosecution also sends a mixed message. Hutchins had been a model of public-private cooperation at a time when the government was having difficulty recruiting cybersecurity talent. (James Comey irritated the community in 2014 when he said the FBI struggled to hire people because “some of those kids want to smoke weed on the way to the interview.”) Some security researchers said they would stop sharing information with the government in protest.
"“The law is clearly targeted at economic activity and is being applied to an entirely different category to suppress speech,” said Jennifer Granick, an attorney with the American Civil Liberties Union."
"“This sanctions law, which was written for one purpose,” said Jennifer Stisa Granick, a staff attorney with the American Civil Liberties Union’s Speech, Privacy and Technology project, “is being used to suppress speech with little consideration of the free expression values and the special risks of blocking speech, as opposed to blocking commerce or funds as the sanctions was designed to do. That’s really problematic.”"
"Jennifer Granick, a lawyer with the ACLU’s technology division, said that abuses of power will become unavoidable if companies continue to face pressure to moderate their content.
“It's not a surprise that Twitter employees have this capability,” Granick said. “The public and Congress have been demanding that the platform companies create the ability to ban people from the platform or delete particular messages.”"
"“There’s always been employees who have misused the keys,” said ACLU surveillance and cybersecurity counsel Jennifer Granick. She pointed to the tension among some who would prefer that tech platforms censor users' content, whether that’s policing Russian-planted accounts and ads or kicking Trump off Twitter for what they perceive as hate speech. “They’re under extreme pressure from Congress,” she said."
To celebrate the one-year anniversary of the Stanford Cryptography Policy Project, we are holding an afternoon event highlighting our research and accomplishments over the past year. As our keynote speakers, it is our pleasure to welcome the Honorable Stephen W. Smith, Magistrate Judge of the Southern District of Texas, and Paul S. Grewal, former Magistrate Judge of the Northern District of California.
What kind of surveillance assistance can the U.S. government force companies to provide? This issue has entered the public consciousness due to the FBI's demand in February that Apple write software to help it access the San Bernardino shooter's encrypted iPhone. Technical assistance orders can go beyond the usual government requests for user data, requiring a company to actively participate in the government's monitoring of the targeted user(s).
On Wednesday, February 17, The Center on Democracy, Development and the Rule of Law at Stanford, The Center for International Governance Innovation, and the Research Advisory Network of the Global Commission on Internet Governance will present an all-day conference entitled "New Alliances in Cybersecurity, Human Rights and Internet Governance." The conference will discuss the challenges of creating a regime of internet governance that pays attention to security and human rights in the digital context.
Over the course of two days in February 2016, the Strauss Center at the University of Texas-Austin will host a unique and timely conference focused on the legal and policy dimensions of cybersecurity.