High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
The Librarian of Congress recently decided in their triennial DMCA exemption rule-making process to remove the existing exemption that allowed individuals to unlock their own mobile phones to use on the compatible network of their choice. As a result of this decision, individuals no longer have clear immunity to unlock new phones - thereby putting them in potential legal jeopardy.
In the face of efforts to reform the Computer Fraud and Abuse Act (CFAA), some buinesses have told lawmakers that the CFAA should be used to punish breach of contract where the breacher acted "for purposes of commercial advantage or private financial gain". Such a proposal does not fix the ability of prosecutors to go after people for disregarding terms of service.
Worse, the idea is unprecedented, dangerous and unacceptable.
The Hacker Manifesto lauds the world of the electron and the switch, where the talented are treated equally and the values of curiosity and exploration reign supreme. Yet studying computers, network security, and programming flaws can be a crime or civil offense. Just two examples: In Sony v. Hotz (2011), a case that eventually settled, Sony claimed that researchers who studied the way their own game consoles worked violated the CFAA.
Law professor and cybercrime expert Orin Kerr published a proposal to amend the Computer Fraud and Abuse Act (CFAA) to address the overcriminalization that he has been at the forefront of identifying and combatting. His current proposal, which very simply but comprehensively addresses a number of problems with the CFAA, is here.
By focusing purely on whether the service operator implements technological access barriers, the proposal risks a similar problem to the one that the current statute has, giving server owners plenary authority to criminalize the way members of the public interact with information made available online, but through “technological access barriers” rather than merely terms of service and employee agreements.
Yesterday, Representative Zoe Lofgren introduced on Reddit a bill to improve the Computer Fraud and Abuse Act in the wake of Aaron Swartz's suicide during the pendency of his prosecution for violating various provisions of that law and of the Wire Fraud Act. I've attached
Reply brief of Movants-Appellants EFF, ACLU, and Riana Pfefferkorn to the Ninth Circuit in our appeal from the district court's denial of our motion to unseal filings in a sealed case wherein the Department of Justice allegedly sought to compel Facebook to comply with a wiretap order for Facebook's end-to-end encrypted voice calling app, Messenger.
Opening brief of Movants-Appellants EFF, ACLU, and Riana Pfefferkorn to the Ninth Circuit in our appeal from the district court's denial of our motion to unseal filings in a sealed case wherein the Department of Justice allegedly sought to compel Facebook to comply with a wiretap order for Facebook's end-to-end encrypted voice calling app, Messenger.
Brief of amici curiae ACLU, ACLU of Georgia, and Riana Pfefferkorn in support of appellant Victor Mobley in Mobley v. State, a Georgia Supreme Court case presenting the question of whether the Fourth Amendment requires a warrant for the seizure of digital data stored by a vehicle -- specifically, a car's event data recorder (EDR).
Reply brief in support of January 2019 objections to magistrate judge's report and recommendation.
"“Normally we think of the judiciary as being the overseer, but as the technology has gotten more complex, courts have had a harder and harder time playing that role,” said Jennifer Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union. “We’re depending on companies to be the intermediary between people and the government.”"
"“Courts and police are increasingly using software to make decisions in the criminal justice system about bail, sentencing, and probability-matching for DNA and other forensic tests,” said Jennifer Granick, a surveillance and cybersecurity lawyer with the American Civil Liberties Union’s Speech, Privacy and Technology Project who has studied the issue.
"“Its role in enabling a certain kind of technical innovation is unambiguous,” says Daphne Keller at Stanford Law School’s Center for Internet and Society. “It made it possible for investors to get behind companies who were in the business of transmitting so much speech and information that they couldn't possibly assess it all and figure what was legal or illegal.”
"Storing passwords in an encrypted format is “not just best practice, it’s something that industry should always do,” said Jennifer Granick, a lawyer with the American Civil Liberties Union. “Facebook’s failure to do that will really upset the FTC,” she said"
"Jennifer Granick, attorney with ACLU, points out that the arguments, or those engaging in them, are often paradoxical. The same people who don’t want Facebook to restrict job searches to people of certain age or housing by ethnicity may want Facebook to remove what they consider hateful speech. The social media companies also talk from both sides of their mouth, arguing like media companies that they need to cover both sides of, say, political issues, but then pooh-poohing calls for the kind of regulation media companies have.
Eight years ago, Barack Obama arrived in Washington pledging to reverse the dramatic expansion of state surveillance his predecessor had presided over in the name of fighting terrorism. Instead, the Obama administration saw the Bush era’s “collect it all” approach to surveillance become still more firmly entrenched. Meanwhile, the advanced spying technologies once limited to intelligence agencies have been gradually trickling down to local police departments.
Join Mozilla and Stanford CIS for the second installment in a series of conversations about government hacking. Information from our first event, discussing the upcoming changes to Federal Rule of Criminal Procedure 41, are available at that event’s page here.
On December 1, 2016, significant and controversial changes to Federal Rule of Criminal Procedure 41 are scheduled go into effect. Today, Rule 41 prohibits a federal judge from issuing a search warrant outside of the judge’s district, with some exceptions.Traditionally, federal judges may only issue warrants that will be executed within their own districts. The revised Rule 41 would permit judges to issue search and seizure warrants for computers outside their jurisdictions, in two circumstances: if the computer’s true location has been hidden through technological means (such as Tor), or, in a computer-hacking investigation under the CFAA, if the affected computers are located in five or more districts.
Stanford CIS brings together scholars, academics, legislators, students, programmers, security researchers, and scientists to study the interaction of new technologies and the law and to examine how the synergy between the two can either promote or harm public goods like free speech, innovation, privacy, public commons, diversity, and scientific inquiry. Come hear CIS Directors Jennifer Granick + Daphne Keller and Resident Fellows Riana Pfefferkorn + Luiz Fernando Marrey Moncau talk about our work, and the assistance CIS provides to students in learning about these issues, selecting courses, identifying job opportunities, and making professional connections.