Richard W. Painter on Comey abuse of process

Richard W. Painter, the chief White House ethics lawyer from 2005 to 2007, the S. Walter Richey Professor of Corporate Law, University of Minnesota Law School, and a member of the Federalist Society, writing in the New York Times:

The F.B.I. is currently investigating the hacking of Americans’ computers by foreign governments. Russia is a prime suspect.

Imagine a possible connection between a candidate for president in the United States and the Russian computer hacking. Imagine the candidate has business dealings in Russia, and has publicly encouraged the Russians to hack the email of his opponent and her associates.

It would not be surprising for the F.B.I. to include this candidate and his campaign staff in its confidential investigation of Russian computer hacking.

But it would be highly improper, and an abuse of power, for the F.B.I. to conduct such an investigation in the public eye, particularly on the eve of the election. It would be an abuse of power for the director of the F.B.I., absent compelling circumstances, to notify members of Congress from the party opposing the candidate that the candidate or his associates were under investigation. It would be an abuse of power if F.B.I. agents went so far as to obtain a search warrant and raid the candidate’s office tower, hauling out boxes of documents and computers in front of television cameras.

The F.B.I.’s job is to investigate, not to influence the outcome of an election.

Such acts could also be prohibited under the Hatch Act, which bars the use of an official position to influence an election. That is why the F.B.I. presumably would keep those aspects of an investigation confidential until after the election.

And that is why, on Saturday, I filed a complaint against the F.B.I. with the Office of Special Counsel, which investigates Hatch Act violations, and with the Office of Government Ethics. I have spent much of my career working on government ethics and lawyers’ ethics, including two and a half years as the chief White House ethics lawyer for President George W. Bush, and I never thought that the F.B.I. could be dragged into a political circus surrounding one of its investigations. Until this week.

(For the sake of full disclosure, in this election I have supported Jeb Bush, Marco Rubio, John Kasich and Hillary Clinton for president, in that order.)

On Friday, the director of the F.B.I., James B. Comey, sent to members of Congress a letter updating them on developments in the agency’s investigation of Mrs. Clinton’s emails, an investigation which supposedly was closed months ago. This letter, which was quickly posted on the internet, made highly unusual public statements about an F.B.I. investigation concerning a candidate in the election. The letter was sent in violation of a longstanding Justice Department policy of not discussing specifics about pending investigations with others, including members of Congress. According to some news reports on Saturday, the letter was sent before the F.B.I. had even obtained the search warrant that it needed to look at the newly discovered emails. And it was sent days before the election, at a time when many Americans are already voting.

Violations of the Hatch Act and of government ethics rules on misuse of official positions are not permissible in any circumstances, including in the case of an executive branch official acting under pressure from politically motivated members of Congress. Such violations are of even greater concern when the agency is the F.B.I.

It is not clear whether Mr. Comey personally wanted to influence the outcome of the election, although his letter — which cast suspicion on Mrs. Clinton without revealing specifics — was concerning. Also concerning is the fact that Mr. Comey has already made highly unusual public statements expressing his personal opinion about Mrs. Clinton’s actions, calling her handling of classified information “extremely careless,” when he announced this summer that the F.B.I. was concluding its investigation of her email without filing any charges.

But an official doesn’t need to have a specific intent — or desire — to influence an election to be in violation of the Hatch Act or government ethics rules. The rules are violated if it is obvious that the official’s actions could influence the election, there is no other good reason for taking those actions, and the official is acting under pressure from persons who obviously do want to influence the election.

Absent extraordinary circumstances that might justify it, a public communication about a pending F.B.I. investigation involving a candidate for public office that is made on the eve of an election is thus very likely to be a violation of the Hatch Act and a misuse of an official position. Serious questions also arise under lawyers’ professional conduct rules that require prosecutors to avoid excessive publicity and unnecessary statements that could cause public condemnation even of people who have been accused of a crime, not to mention people like Mrs. Clinton, who have never been charged with a crime.

This is no trivial matter. We cannot allow F.B.I. or Justice Department officials to unnecessarily publicize pending investigations concerning candidates of either party while an election is underway. That is an abuse of power. Allowing such a precedent to stand will invite more, and even worse, abuses of power in the future.

Excellent approach. Bringing the Hatch Act into play is the correct approach to stem the misbehavior of James B. Comey. Loretta Lynch, as Attorney General, should also be included in any such filings.

Mr. Painter is also a member of the American Law Institute and is an advisor for the new ALI Principles of Government Ethics. He has also been active in the Professional Responsibility Section of the American Bar Association. More of his biographical information is here.

One other pertinent point: as of the time of this reading the FBI still does not have a warrant to read the emails that he, without reading, called “pertinent.”

Narrow vote blocks (for now) warrant-free FBI attempt to collect American’s email, browser history

Via ZDNet:

An amendment designed to allow the government warrantless access to internet browsing histories has been narrowly defeated in the Senate.

The amendment fell two votes short of the required 60 votes to advance.

But the effort is far from dead. Majority leader Sen. Mitch McConnell (R-KY), who switched his vote at the last minute, submitted a motion to reconsider the vote following the defeat.

Sen. John McCain (R-AZ) introduced the amendment as an add-on to the commerce, justice, and science appropriations bill earlier this week. McCain said in a statement on Monday that the amendment would “track lone wolves” in the wake of the Orlando massacre, in which Omar Mateen, who authorities say radicalized himself online, killed 49 people at a gay nightclub in the Florida city.

The amendment aims to broaden the rules governing national security letters, which don’t require court approval. These letters allow the FBI to demand records associated with Americans’ online communications.

If the amendment becomes law, federal agents won’t need a court order to access phone logs, email records, cell-site data used to pinpoint locations, as well as browsing histories of recently visited websites.

It is outrageous that mass surveillance of such user information without a warrant came so close to success. And it may still pass. How is it that warrants are viewed as unnecessary to breach the privacy of American citizens?

Here are some Twitter reactions:

FBI seeks warrant-free access to your email communications

Via The Intercept:

A PROVISION SNUCK INTO the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy.

If passed, the change would expand the reach of the FBI’s already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs — most commonly, information about the name, address, and call data associated with a phone number or details about a bank account.

Since a 2008 Justice Department legal opinion, the FBI has not been allowed to use NSLs to demand “electronic communication transactional records,” such as email subject lines and other metadata, or URLs visited.

The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., whowrote in a statement that one of the bill’s provisions “would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers.”

How is it that the FBI can drive through such proposals with only a single legislator voting no? Should this survive, the surveillance state will reach an all-time high.

Wall Street Journal calls out the FBI

The FBI has been tying itself in knots with Apple, first by trying to force Apple to break its own encryption, and then acknowledging that the agency was able to access at least two iPhones without Apple’s help.

The Wall Street Journal claims that the FBI has travelled into the zone of farce:

If history repeats itself first as tragedy and then as farce, what does the FBI have in store next for its encryption war with Apple? After withdrawing its demands in San Bernardino and then reopening hostilities with a drug prosecution in Brooklyn, the G-men abruptly dumped the second case over the weekend too. Is anyone in charge at the Justice Department, or are junior prosecutors running the joint?

* * *

Yet while Justice argued in Brooklyn that Apple’s help was essential, it also argued the FBI had no obligation to pursue a non-Apple work-around. The remarkable claim was that prosecutors need not exhaust all possible alternatives before conscripting a private company, such as consulting with other U.S. agencies, hiring an outside digital forensics outfit or even interrogating Feng again.

Such assertions were as false in Brooklyn as in San Bernardino. Two hours and a half before a deadline on Friday night, the government withdrew the case after “an individual provided the passcode to the iPhone,” according to legal filings. This second immaculate conception in as many months further undermines the FBI’s credibility about its technological capabilities. Judges ought to exercise far more scrutiny in future decryption cases even as Mr. Comey continues to pose as helpless.

* * *

Meanwhile, the White House has taken the profile-in-courage stand of refusing to endorse or oppose any encryption bill that Congress may propose. If the Obama team won’t start adjusting to the technological realities of strong and legal encryption, they could at least exercise some adult supervision at Main Justice.

The FBI cannot be trusted to protect privacy and security for our citizens, especially given their keystone cops behavior.

Senators Richard Burr and Dianne Feinstein release draft anti-encryption bill

Writing in TechDirt, Mike Masnick reviews the horrible and actually crazy, implications of the legislation.

The basics of the bill are exactly what you’d expect. It says that any “device manufacturer, software manufacturer, electronic communication service, remote computing service, provider of wire or electronic or any person who provides a product or method to facilitate communication or the processing or storage of data” must respond to legal orders demanding access to said information. First off, this actually covers a hell of a lot more than was originally expected. By my reading, anyone providing PGP email is breaking the law — because it’s not just about device encryption, but encryption of communications in transit as well. I wonder how they expect to put that genie back in the bottle.

* * *

The second this bill becomes law, the US loses a massive economic advantage. Basically all of our technology becomes suspect globally, and the entire cybersecurity industry moves off shore. It will devastate American businesses outside of the US. Burr and Feinstein are basically offering a bill that completely undermines the economic prosperity of the American tech industry. This is especially insane coming from Feinstein, given that she supposedly represents so many tech companies in California.

The article, as well as the bill itself, can be found here.


Sucks to be the FBI (and the NSA)

Facebook‘s WhatsApp texting service is now fully end-to-end encrypted. And the encryption is automatically turned on for all of its one billion users.

Via the Wall Street Journal:

Many Internet companies encrypt messages before they are stored on their servers, but they are typically able to decrypt them when necessary—for example, in the case of a court order. With Open Whisper’s technology, WhatsApp won’t be able to read its customers’ messages under any circumstances, a feature known as “end-to-end” encryption.

That will make it much harder for anyone—including criminals, intelligence agencies and law enforcement—to read WhatsApp messages without permission, said Moxie Marlinspike, founder of Open Whisper Systems. “End-to-end encryption ensures that the messages you send can only be read by their intended recipients,” he said.

The encryption technology will be turned on by default, so WhatsApp users won’t have to change any settings to enable it, Mr. Marlinspike said.

Susan Crawford essay on Apple/FBI fight

Susan Crawford, a prominent Harvard legal scholar and Barack Obama’s former Special Assistant for Science, Technology, and Innovation Policy, has written an important essay that deftly shows that the FBI has no legal authority whatsoever  to force any phone manufacturer to make any changes at all to the manufacturer’s software and hardware.

The problem for the president is that when it comes to the specific battle going on right now between Apple and the FBI, the law is clear: twenty years ago, Congress passed a statute, the Communications Assistance for Law Enforcement Act (CALEA) that does not allow the government to tell manufacturers how to design or configure a phone or software used by that phone — including security software used by that phone.

CALEA was the subject of intense negotiation — a deal, in other words. The government won an extensive, specific list of wiretapping assistance requirements in connection with digital communications. But in exchange, in Section 1002 of that act, the Feds gave up authority to “require any specific design of equipment, facilities, services, features or system configurations” from any phone manufacturer. The government can’t require companies that build phones to come to it for clearance in advance of launching a new device. Nor can the authorities ask a manufacturer to design something new — like a back door — once that device is out.

The full article is worth a read.

The tide may be turning in favor of Apple over FBI

This is an interesting survey that seems to show people coming around to supporting strong encryption.

As the FBI and Apple continue to fight in court over whether the tech giant should help unlock a San Bernardino shooter’s iPhone, a new NBC News/Wall Street Journal poll shows Americans about evenly divided, with a slightly greater number backing the iThing maker.

Forty-seven percent of respondents said that Apple should not cooperate with a Justice Department request to build a piece of software that would bypass security features on Syed Farook’s iPhone 5C. Forty-two percent of those interviewed said Apple should cooperate with the request in the ongoing case.

The poll was conducted between March 3 and 6, and interviewed 1,200 registered voters. The margin or error was 2.83 percent.

And the New York Times reports the following:

Officials had hoped the Apple case involving a terrorist’s iPhone would rally the public behind what they see as the need to have some access to information on smartphones. But many in the administration have begun to suspect that the F.B.I. and the Justice Department may have made a major strategic error by pushing the case into the public consciousness.

Many senior officials say an open conflict between Silicon Valley and Washington is exactly what they have been trying to avoid, especially when the Pentagon and intelligence agencies are trying to woo technology companies to come back into the government’s fold, and join the fight against the Islamic State. But it appears it is too late to confine the discussion to the back rooms in Washington or Silicon Valley.

The fact that Apple is a major consumer company “takes the debate out of a very narrow environment — the universe of technologists and policy wonks — into the realm of consumers where barriers like the specific language of Washington or the technology industry begins to fall away,” said Malkia Cyril, the executive director of the Center for Media Justice, a grass-roots activist network.

* * *

Ms. Cyril says the public angst about the iPhone case feels more urgent than did the discussion about government surveillance three years ago.

“This is one of those moments that defines what’s next,” she said. “Will technology companies protect the privacy of their users or will they do work for the U.S. government? You can’t do both.”

And now the DOJ comes for WhatsApp

Via the New York Times:

WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge’s wiretap order.

As recently as this past week, officials said, the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp’s encryption.

The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear.

* * *

In a twist, the government helped develop the technology behind WhatsApp’s encryption. To promote civil rights in countries with repressive governments, the Open Technology Fund,  which promotes open societies by supporting technology that allows people to communicate without the fear of surveillance, provided $2.2 million to help develop Open Whisper Systems, the encryption backbone behind WhatsApp.

Because of such support for encryption, Obama administration officials disagree over how far they should push companies to accommodate the requests of law enforcement.

DOJ mad at WhatsApp for using crypto, but US gov paid to develop the crypto WhatsApp uses.

— Christopher Soghoian (@csoghoian) March 12, 2016

Apple secures litigation support from many tech firms

Yesterday, several tech firms filed a brief in support of Apple. The firms included, Box, Cisco Systems, Dropbox, Evernote, Facebook, Google, Microsoft, Mazilla, Nest, Pinterest, Slack, SnapChat, WhatsApp, and Yahoo. It is an amazing coalition of support, given the competition between the firms. It is clear that Apple and its supporters are ready to go the distance to stop the application of the All Writs Act to impair strong data encryption.

The full text of the brief can be found here.

And other tech firms joined in with their own briefs. In all over 40 companies and individuals filed more than a dozen briefs in support.


And more support for Apple comes from the top human rights official of the United Nations.

The top human rights official at the United Nations, Zeid Ra’ad al-Hussein, the United Nations high commissioner for human rights, warned the United States authorities on Friday that their efforts to force Apple to unlock an iPhone belonging to a gunman risked helping authoritarian governments and jeopardizing the security of millions around the world.

* * *

Mr. al-Hussein said that American law enforcement agencies, in seeking trying to break the encryption protecting one phone, “risk unlocking a Pandora’s box,” and that there were “extremely damaging implications” for the rights of many millions of people, with possible effects on their physical and financial security.

“A successful case against Apple in the U.S. will set a precedent that may make it impossible for Apple or any other major international I.T. company to safeguard their clients’ privacy anywhere in the world,” Mr. al-Hussein said in a statement. “It is potentially a gift to authoritarian regimes, as well as to criminal hackers.”

50 days

On December 5, at 2:46 am, the FBI first contacted Apple regarding the San Bernardino phone. This was the day before the FBI changed the iCloud password on the device. Not until 50 days later, on January 22, did the FBI again contact Apple.

As emptywheel writes:

And yet the FBI wants us to believe they think this phone will have important information about the attack.