High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
The Librarian of Congress recently decided in their triennial DMCA exemption rule-making process to remove the existing exemption that allowed individuals to unlock their own mobile phones to use on the compatible network of their choice. As a result of this decision, individuals no longer have clear immunity to unlock new phones - thereby putting them in potential legal jeopardy.
In the face of efforts to reform the Computer Fraud and Abuse Act (CFAA), some buinesses have told lawmakers that the CFAA should be used to punish breach of contract where the breacher acted "for purposes of commercial advantage or private financial gain". Such a proposal does not fix the ability of prosecutors to go after people for disregarding terms of service.
Worse, the idea is unprecedented, dangerous and unacceptable.
The Hacker Manifesto lauds the world of the electron and the switch, where the talented are treated equally and the values of curiosity and exploration reign supreme. Yet studying computers, network security, and programming flaws can be a crime or civil offense. Just two examples: In Sony v. Hotz (2011), a case that eventually settled, Sony claimed that researchers who studied the way their own game consoles worked violated the CFAA.
Law professor and cybercrime expert Orin Kerr published a proposal to amend the Computer Fraud and Abuse Act (CFAA) to address the overcriminalization that he has been at the forefront of identifying and combatting. His current proposal, which very simply but comprehensively addresses a number of problems with the CFAA, is here.
By focusing purely on whether the service operator implements technological access barriers, the proposal risks a similar problem to the one that the current statute has, giving server owners plenary authority to criminalize the way members of the public interact with information made available online, but through “technological access barriers” rather than merely terms of service and employee agreements.
Yesterday, Representative Zoe Lofgren introduced on Reddit a bill to improve the Computer Fraud and Abuse Act in the wake of Aaron Swartz's suicide during the pendency of his prosecution for violating various provisions of that law and of the Wire Fraud Act. I've attached
Last week’s big cybersecurity news was that the FBI obtained a court order to force Apple to develop new software that would bypass several iPhone security features so the FBI can attempt to unlock the work phone of one of the San Bernardino shooters. Apple plans to challenge that order. (Full disclosure: I am planning on writing a technologists’ amicus brief on Apple’s side in that challenge.)
On Friday, Congress will vote on a mutated version of security threat sharing legislation that had previously passed through the House and Senate. These earlier versions would have permitted private companies to share with the federal government categories of data related to computer security threat signatures. Companies that did so would also receive legal immunity from liability under the Electronic Communications Privacy Act (ECPA) and other privacy laws.
Here’s the latest in the encryption case we’ve been writing about in which the Justice Department is asking Magistrate Judge James Orenstein to order Apple to unlock a criminal defendant’s passcode-protected iPhone. The government seized and has authority to search the phone pursuant to a search warrant.
Pending before federal magistrate judge James Orenstein is the government’s request for an order obligating Apple, Inc. to unlock an iPhone and thereby assist prosecutors in decrypting data the government has seized and is authorized to search pursuant to a warrant.
Last week, we wrote about an order from a federal magistrate judge in New York that questioned the government’s ability, under an ancient federal law called the All Writs Act, to compel Apple to decrypt a locked device which the government had seized and is authorized to search pursuant to a warrant.
"“This sanctions law, which was written for one purpose,” said Jennifer Stisa Granick, a staff attorney with the American Civil Liberties Union’s Speech, Privacy and Technology project, “is being used to suppress speech with little consideration of the free expression values and the special risks of blocking speech, as opposed to blocking commerce or funds as the sanctions was designed to do. That’s really problematic.”"
"Jennifer Granick, a lawyer with the ACLU’s technology division, said that abuses of power will become unavoidable if companies continue to face pressure to moderate their content.
“It's not a surprise that Twitter employees have this capability,” Granick said. “The public and Congress have been demanding that the platform companies create the ability to ban people from the platform or delete particular messages.”"
"“There’s always been employees who have misused the keys,” said ACLU surveillance and cybersecurity counsel Jennifer Granick. She pointed to the tension among some who would prefer that tech platforms censor users' content, whether that’s policing Russian-planted accounts and ads or kicking Trump off Twitter for what they perceive as hate speech. “They’re under extreme pressure from Congress,” she said."
"“Congress has subpoena power, of course,” says Al Gidari, the director of privacy at Stanford Law School’s Center for Internet and Society, who previously represented several big tech companies in national security cases.
"Albert Gidari, Director of Privacy for the Center for Internet and Society at Stanford Law School, told us he agrees with the EFF’s argument:
Asking for metadata on everyone that visits a particular website implicates more than just the particularity required by the 4th Amendment. It implicates the 1st Amendment rights of anyone that visited the site.
Jennifer Granick, Director of Civil Liberties, will speaking at the ISSA-LA Summitt.
More information: https://issalasummit9.wpengine.com/?page_id=285/#Granick
Title: American Spies, Modern Surveillance, and You
Join Just Security for a fireside chat on the current state of U.S. surveillance and a celebration of Jennifer Granick‘s new book, American Spies: Modern Surveillance, Why You Should Care, And What to Do About It. Opening remarks by Senator Ron Wyden.
US intelligence agencies - the eponymous American spies - are exceedingly aggressive, pushing and sometimes bursting through the technological, legal and political boundaries of lawful surveillance. Written for a general audience by a surveillance law expert, this book educates readers about how the reality of modern surveillance differs from popular understanding.