High Res Photo of Jennifer Granick
Photo credit: Michael Sugrue
Over at Just Security, I have a new piece on the Washington Post's interesting story about the increasingly aggressive role some federal magistrate judges are playing in policing criminal investigations involving digital media.
Today the Fourth Circuit refrained from deciding the first legal challenge to government seizure of the master encryption keys that secure our communications with web sites and email servers. Nevertheless, the Court upheld contempt of court sanctions, because of the Lavabit owner’s foot dragging during proceedings. Lavabit had failed to raise the substantive issues below, it decided, thus precluding appellate review.
Today I filed comments with the Privacy and Civil Liberties Oversight Board (PCLOB) in connection with its hearing on section 702 of the FISA Amendments Act. That law is the legal basis for the PRISM surveillance program and involves warrantless collection of communications contents via targeting non-U.S. individuals or entities reasonably believed to be located abroad. I've written previously about questions the PCLOB should investigate with regards to section 702.
Last week, the New York Times reported that the U.S. is spying on router company Huawei to get information about the Chinese government and to learn how to surveil our allies and other countries that might purchase Huawei routers. On Just Security, I refute the argument of some that it is not “in the public interest to reveal how democracies spy on dictatorships”.
Right now, a battle is underway to reform the Computer Fraud and Abuse Act, a statute that can transform innocuous workplace behavior into a federal crime, simply because a computer is involved. The CFAA is a bludgeon that Big Business and the Department of Justice have willingly used against the American worker, and its time for that to stop.
The first part of this article outlined the mechanics of the Megaupload website, and the novel questions of criminal inducement on which the government's indictment is premised. Here, we explore two more extensions of existing law on which the indictment is based, and the impact this prosecution is likely to have on Internet innovators and users alike.
Days after anti-piracy legislation stalled in Congress, the U.S. Department of Justice coordinated an unprecedented raid on the Hong Kong-based website Megaupload.com. New Zealand law enforcement agents swooped in by helicopter to arrest founder Kim Dotcom at his home outside of Auckland, and seized millions of dollars worth of art, vehicles and real estate. Six other Megaupload employees were also arrested. Meanwhile, the Justice Department seized Megaupload's domain names and the data of at least 50 million users worldwide.
"Storing passwords in an encrypted format is “not just best practice, it’s something that industry should always do,” said Jennifer Granick, a lawyer with the American Civil Liberties Union. “Facebook’s failure to do that will really upset the FTC,” she said"
"Jennifer Granick, attorney with ACLU, points out that the arguments, or those engaging in them, are often paradoxical. The same people who don’t want Facebook to restrict job searches to people of certain age or housing by ethnicity may want Facebook to remove what they consider hateful speech. The social media companies also talk from both sides of their mouth, arguing like media companies that they need to cover both sides of, say, political issues, but then pooh-poohing calls for the kind of regulation media companies have.
"How long have you operated with that assumption?
Probably 20 years. I had an incident occur in my hotel room at Black Hat. My room was broken into, and my tech was compromised. They pulled the hard drive out of the wall safe, plugged it into my Linux laptop, booted it up off of a different drive, and then accessed files and copied it. Then they put the drive back in the safe.
"“There’s a secretive process with no real appeal where people are making extremely difficult subjective calls that have to do with politics, culture and religion,” said Jennifer Granick, an attorney with the American Civil Liberties Union. “This example shows why it is dangerous. If I want to find good information about vaccines, I can’t find it.”"
"Jen King, director of consumer privacy at Stanford’s Center for Internet and Society, thinks it's a sign Facebook may be ready to actually take privacy seriously. "It's possible that Facebook has finally gotten the memo and is really trying to make change," King told WIRED.
Come meet CIS and hear about our exciting work and ways to get involved.
On January 19, 2012, Kim DotCom was arrested in a dramatic raid after being indicted on federal criminal charges that he knew that his website, MegaUpload, was a haven of piracy and counterfeiting. In the days that followed, the media commented on the presumed guilt of MegaUpload. In this debate, Jim argues that the law and evidence clearly point to MegaUpload's officers being found guilty, while Jennifer will argue that the MegaUpload case is built on unprecedented and wrongheaded interpretations of copyright law, and thus the principles should be found not guilty.
Prompted by the Google Street View WiFi sniffing scandal, the question of whether and how the law regulates interception of unencrypted wireless communications has become a hot topic in the courts, in the halls of the FCC, on Capitol Hill, and in the security community. Are open WiFi communications protected by federal wiretap law, unprotected, or some strange mix of the two? (Surprise: it may be the last one, so you'll want to come learn the line between what's probably illegal sniffing and what's probably not.)
Has it really been 15 years? Time really flies when keeping up with Moore's law is the measure. In 1997, Jeff Moss held the very first Black Hat. He gathered together some of the best hackers and security minds of the time to discuss the current state of the hack. A unique and neutral field was created in which the security community--private, public, and independent practitioners alike—could come together and exchange research, theories, and experiences with no vendor influences. That idea seems to have caught on. Jeff knew that Black Hat could serve the community best if it concentrated on finding research by some of the brightest minds of the day, and he had an uncanny knack for finding them.