US Spies, under Obama, seek to recast Constitutional privacy rights

Via Reuters:

Yahoo Inc’s secret scanning of customer emails at the behest of a U.S. spy agency is part of a growing push by officials to loosen constitutional protections Americans have against arbitrary governmental searches, according to legal documents and people briefed on closed court hearings.

The order on Yahoo from the secret Foreign Intelligence Surveillance Court (FISC) last year resulted from the government’s drive to change decades of interpretation of the U.S. Constitution’s Fourth Amendment right of people to be secure against “unreasonable searches and seizures,” intelligence officials and others familiar with the strategy told Reuters.

The unifying idea, they said, is to move the focus of U.S. courts away from what makes something a distinct search and toward what is “reasonable” overall.

The basis of the argument for change is that people are making much more digital data available about themselves to businesses, and that data can contain clues that would lead to authorities disrupting attacks in the United States or on U.S. interests abroad.

While it might technically count as a search if an automated program trawls through all the data, the thinking goes, there is no unreasonable harm unless a human being looks at the result of that search and orders more intrusive measures or an arrest, which even then could be reasonable.

Civil liberties groups and some other legal experts said the attempt to expand the ability of law enforcement agencies and intelligence services to sift through vast amounts of online data, in some cases without a court order, was in conflict with the Fourth Amendment because many innocent messages are included in the initial sweep.

“A lot of it is unrecognizable from a Fourth Amendment perspective,” said Orin Kerr, a former federal prosecutor and George Washington University Law School expert on surveillance. “It’s not where the traditional Fourth Amendment law is.”

But the general counsel of the Office of the Director of National Intelligence (ODNI), Robert Litt, said in an interview with Reuters on Tuesday that the legal interpretation needed to be adjusted because of technological changes.

“Computerized scanning of communications in the same way that your email service provider scans looking for viruses – that should not be considered a search requiring a warrant for Fourth Amendment purposes,” said Litt. He said he is leaving his post on Dec. 31 as the end of President Barack Obama’s administration nears.

This is outrageous. And it does highlight how the Obama Administration has worked, and continues to work, against the privacy rights of US citizens.

Much more here.

ACLU seeks access to 23 secret surveillance laws

Via The Intercept:

THE ACLU HAS identified 23 legal opinions that contain new or significant interpretations of surveillance law — affecting the government’s use of malware, its attempts to compel technology companies to circumvent encryption, and the CIA’s bulk collection of financial records under the Patriot Act — all of which remain secret to this day, despite an ostensible push for greater transparency following Edward Snowden’s disclosures.

The opinions were written by the Foreign Intelligence Surveillance Court. On Wednesday, the ACLU and the Yale Law School Media Freedom Clinic filed a motion with the court requesting that those opinions be released.

“The people of this country can’t hold the government accountable for its surveillance activities unless they know what our laws allow,” said Patrick Toomey, a staff attorney with the ACLU’s National Security Project. “These secret court opinions define the limits of the government’s spying powers. Their disclosure is essential for meaningful public oversight in our democracy.”

Some of the opinions identified by the ACLU offer interpretations of Section 702 of the Foreign Intelligence Surveillance Act, a controversial provision that allows the government to conduct mass surveillance on American’s transnational communications. The authority is set to expire in December 2017.

Disclosure of the opinions would shed light on how the government understands the boundaries of its spying power. Earlier this month, for example, after Reuters reported that Yahoo is secretly scanning every customer’s incoming email, anonymous officials told the New York Times that that action was based on an individualized order from the secret court. Disclosure of the order would offer insight into why the government thinks that is legal. Yahoo, for its part, on Wednesday urged the Director of National Intelligence to release and explain the court order in question.

The ACLU identified the 23 still-secret opinions by combing through press clippings and publicly released opinions. A report released Tuesday by the Brennan Center for Justice, which was based on documents obtained under the Freedom of Information Act, similarly found that the government has kept classified 25 to 30 significant court opinions and orders dating from 2003 to 2013.

Citizens should be entitled to read the law. Secret laws have no place in a civilized society.

Pardon Edward Snowden

Via The New York Times:

Edward J. Snowden, the American who has probably left the biggest mark on public policy debates during the Obama years, is today an outlaw. Mr. Snowden, a former National Security Agency contractor who disclosed to journalists secret documents detailing the United States’ mass surveillance programs, faces potential espionage charges, even though the president has acknowledged the important public debate his revelations provoked.

Mr. Snowden’s whistle-blowing prompted reactions across the government. Courts found the government wrong to use Section 215 of the Patriot Act to justify mass phone data collection. Congress replaced that law with the USA Freedom Act, improving transparency about government surveillance and limiting government power to collect certain records. The president appointed an independent review board, which produced important reform recommendations.

That’s just in the American government. Newspapers that published Mr. Snowden’s revelations won the Pulitzer Prize. The United Nations issued resolutions on protecting digital privacy and created a mandate to promote the right to privacy. Many technology companies, facing outrage at their apparent complicity in mass surveillance, began providing end-to-end encryption by default. Three years on, the news media still refer to Mr. Snowden and his revelations every day. His actions have brought about a dramatic increase in our awareness of the risks to our privacy in the digital age — and to the many rights that depend on privacy.

Yet President Obama and the candidates to succeed him have emphasized not Mr. Snowden’s public service but the importance of prosecuting him. Hillary Clinton has said Mr. Snowden shouldn’t be brought home “without facing the music.” Donald J. Trump has said, “I think he’s a total traitor and I would deal with him harshly.”

Eric H. Holder Jr. struck a more measured tone in May, upon leaving office as Mr. Obama’s attorney general. He recognized that while Mr. Snowden broke the law, “he actually performed a public service” by raising the national debate on surveillance practices.

The law the Obama administration wants to use to prosecute him takes no account of whether revealing this information was a public service. Under the antiquated Espionage Act of 1917, the only issue is whether “national defense” information was given to someone not authorized to receive it. It doesn’t matter if the secrets revealed wrongdoing or if they endangered the national defense, whether they were passed to an American journalist or to a foreign enemy.

The full essay is worth a careful read. Our privacy rights are always at risk when spying on average Americans is considered.

Obama administration works with foreign governments allowing them to serve warrant on US firms

Via The Wall Street Journal:

The Obama administration is working on a series of agreements with foreign governments that would allow them for the first time to serve U.S. technology companies with warrants for email searches and wiretaps—a move that is already stirring debates over privacy, security, crime and terrorism.

Brad Wiegmann, a senior official at the Justice Department, discussed the administration’s efforts during a public forum on Friday at a congressional office building in Washington, D.C. The first such agreement is being assembled with the U.K., he said.

Word of the plans came one day after a federal appeals court ruled that federal warrants couldn’t be used to search data held overseas by Microsoft Corp., dealing the agency a major legal defeat.

* * *

Under the proposed agreements described by Mr. Wiegmann, foreign investigators would be able to serve a warrant directly on a U.S. firm to see a suspect’s stored emails or intercept their messages in real time, as long as the surveillance didn’t involve U.S. citizens or residents.

Such deals would also give U.S. investigators reciprocal authority to search data in other countries.

“They wouldn’t be going to the U.S. government, they’d be going directly to the providers,’’ said Mr. Wiegmann. Any such arrangement would require that Congress pass new legislation, and lawmakers have been slow to update electronic privacy laws.

* * *

Greg Nojeim, a privacy advocate at the Center for Democracy and Technology, criticized the plan. He said it would be “swapping out the U.S. law for foreign law’’ and argued that U.K. search warrants have less stringent judicial protections than U.S. law.

British diplomat Kevin Adams disputed that, saying the proposal calls for careful judicial scrutiny of such warrants. Privacy concerns over creating new legal authorities are overblown, he added.

“What is really unprecedented is that law enforcement is not able to access the data they need,’’ Mr. Adams said. The ability to monitor a suspect’s communications in real time “is really an absolutely vital tool to protect the public.’’

This is simply outrageous and continues a very disappointing Obama administration effort to breach privacy around the world.

Narrow vote blocks (for now) warrant-free FBI attempt to collect American’s email, browser history

Via ZDNet:

An amendment designed to allow the government warrantless access to internet browsing histories has been narrowly defeated in the Senate.

The amendment fell two votes short of the required 60 votes to advance.

But the effort is far from dead. Majority leader Sen. Mitch McConnell (R-KY), who switched his vote at the last minute, submitted a motion to reconsider the vote following the defeat.

Sen. John McCain (R-AZ) introduced the amendment as an add-on to the commerce, justice, and science appropriations bill earlier this week. McCain said in a statement on Monday that the amendment would “track lone wolves” in the wake of the Orlando massacre, in which Omar Mateen, who authorities say radicalized himself online, killed 49 people at a gay nightclub in the Florida city.

The amendment aims to broaden the rules governing national security letters, which don’t require court approval. These letters allow the FBI to demand records associated with Americans’ online communications.

If the amendment becomes law, federal agents won’t need a court order to access phone logs, email records, cell-site data used to pinpoint locations, as well as browsing histories of recently visited websites.

It is outrageous that mass surveillance of such user information without a warrant came so close to success. And it may still pass. How is it that warrants are viewed as unnecessary to breach the privacy of American citizens?

Here are some Twitter reactions:

Some good news on the privacy front

Reuters is reporting that the  Burr/Feinstein draft legislation to require backdoors in otherwise strong encryption will not proceed.

After a rampage that left 14 people dead in San Bernardino, key U.S. lawmakers pledged to seek a law requiring technology companies to give law enforcement agencies a “back door” to encrypted communications and electronic devices, such as the iPhone used by one of the shooters.

Now, only months later, much of the support is gone, and the push for legislation dead, according to sources in congressional offices, the administration and the tech sector.

Draft legislation that Senators Richard Burr and Dianne Feinstein, the Republican and Democratic leaders of the Intelligence Committee, had circulated weeks ago likely will not be introduced this year and, even if it were, would stand no chance of advancing, the sources said.

Key among the problems was the lack of White House support for legislation in spite of a high-profile court showdown between the Justice Department and Apple Inc over the suspect iPhone, according to Congressional and Obama Administration officials and outside observers.

“They’ve dropped anchor and taken down the sail,” former NSA and CIA director Michael Hayden said.

FBI will not share how it hacked iPhone

Via The Wall Street Journal:

The Federal Bureau of Investigation doesn’t plan to tell Apple Inc. how it cracked a San Bernardino, Calif., terrorist’s phone, said people familiar with the matter, leaving the company in the dark on a security vulnerability on some iPhone models.

The FBI knows how to use the phone-hacking tool it bought to open the iPhone 5c but doesn’t specifically knows how it works, allowing the tool to avoid a White House review, the people said, The FBI plans to notify the White House of this conclusion in the coming days, they added.

Any decision to not share details of the vulnerability with Apple is likely to anger privacy advocates who contend the FBI’s approach to encryption weakens data security for many smartphone and computer owners in order to preserve options for federal investigators to open locked devices.

Generally, a White House review is required when a vulnerability in security is discovered by a Federal agency so it can be shared with the manufacturer. Apparently, at least for now, the FBI is trying to avoid such sharing. The agency continues to damage information security for all.
By the way, the FBI did share a vulnerability to Apple on April 24. However, this was no big deal as Apple had already fixed the issue months ago.

Wall Street Journal calls out the FBI

The FBI has been tying itself in knots with Apple, first by trying to force Apple to break its own encryption, and then acknowledging that the agency was able to access at least two iPhones without Apple’s help.

The Wall Street Journal claims that the FBI has travelled into the zone of farce:

If history repeats itself first as tragedy and then as farce, what does the FBI have in store next for its encryption war with Apple? After withdrawing its demands in San Bernardino and then reopening hostilities with a drug prosecution in Brooklyn, the G-men abruptly dumped the second case over the weekend too. Is anyone in charge at the Justice Department, or are junior prosecutors running the joint?

* * *

Yet while Justice argued in Brooklyn that Apple’s help was essential, it also argued the FBI had no obligation to pursue a non-Apple work-around. The remarkable claim was that prosecutors need not exhaust all possible alternatives before conscripting a private company, such as consulting with other U.S. agencies, hiring an outside digital forensics outfit or even interrogating Feng again.

Such assertions were as false in Brooklyn as in San Bernardino. Two hours and a half before a deadline on Friday night, the government withdrew the case after “an individual provided the passcode to the iPhone,” according to legal filings. This second immaculate conception in as many months further undermines the FBI’s credibility about its technological capabilities. Judges ought to exercise far more scrutiny in future decryption cases even as Mr. Comey continues to pose as helpless.

* * *

Meanwhile, the White House has taken the profile-in-courage stand of refusing to endorse or oppose any encryption bill that Congress may propose. If the Obama team won’t start adjusting to the technological realities of strong and legal encryption, they could at least exercise some adult supervision at Main Justice.

The FBI cannot be trusted to protect privacy and security for our citizens, especially given their keystone cops behavior.

Former national security officials support Apple and end-to-end encryption

The New York Times is reporting on the support for strong end-to-end encryption provided by former intelligence officials.

In their years together as top national security officials, Michael V. Hayden and Michael Chertoff were fierce advocates of using the government’s spying powers to pry into sensitive intelligence data.

Mr. Hayden directed a secret domestic eavesdropping program at the National Security Agency that captured billions of phone records after the attacks of Sept. 11, 2001. Mr. Chertoff pushed for additional wiretapping and surveillance powers from Congress both as a top prosecutor and as Homeland Security secretary.

But today, their jobs have changed, and so, apparently, have their views on privacy. Both former officials now work with technology companies like Apple at a corporate consulting firm that Mr. Chertoff founded, and both are now backing Apple — and not the F.B.I., with which they once worked — in its fight to keep its iPhones encrypted and private.

They are among more than a half-dozen prominent former national security officials who, to varying degrees, have supported Apple and the idea of impenetrable “end-to-end encryption” during a furious national debate over the balance between privacy and security in the digital age.

* * *

Among those who have voiced support for Apple’s position are Mike McConnell, a former director of national intelligence; David H. Petraeus, a former director of the Central Intelligence Agency; R. James Woolsey, another former C.I.A. director; and Richard A. Clarke, a former top White House counterterrorism official. Like Mr. Chertoff and Mr. Hayden, they all now work with firms that have ties to the technology sector, records show.

The fact of the matter is that without end-to-end data encryption, no one can be sure that their private data is in fact private. Any back doors are unacceptable. And it is a good thing that such officials support companies that are providing strong encryption.

EFF files suit against Justice Department

The Electronic Frontier Foundation has announced it filed a suit against the Justice Department over whether the Department ever required private companies to decrypt consumer’s private information.

The Electronic Frontier Foundation (EFF) filed a Freedom of Information (FOIA) lawsuit today against the Justice Department to shed light on whether the government has ever used secret court orders to force technology companies to decrypt their customers’ private communications, a practice that could undermine the safety and security of devices used by millions of people.

The lawsuit argues that the DOJ must disclose if the government has ever sought or obtained an order from the Foreign Intelligence Surveillance Court (FISC) requiring third parties—like Apple or Google—to provide technical assistance to carry out surveillance.

The suit separately alleges that the agency has failed to turn over other significant FISC opinions that must be declassified as part of surveillance reforms that Congress enacted with the USA FREEDOM Act.

EFF filed its FOIA requests in October and March amid increasing government pressure on technology companies to provide access to customers’ devices and encrypted communications for investigations. Although the FBI has sought orders from public federal courts to create a backdoor to an iPhone, it is unclear to what extent the government has sought or obtained similar orders from the FISC. The FISC operates mostly in secret and grants nearly every government surveillance request it receives.

You can read the full complaint here.

The EFF is a terrific organization that deserves support. You can support their efforts on civil liberties by contributing here.

Microsoft challenges Justice Department over digital gag orders

Microsoft is filing a challenge to the current rules that prohibit technology firms from notifying their customers when the government seeks users’ records and communications.

Via The New York Times:

The software giant is suing the Justice Department, challenging its frequent use of secrecy orders that prevent Microsoft from telling people when the government obtains a warrant to read their emails.

In its suit, filed Thursday morning in Federal District Court in Seattle, Microsoft’s home turf, the company asserts that the gag order statute in the Electronic Communications Privacy Act of 1986 — as employed today by federal prosecutors and the courts — is unconstitutional.

The statute, according to Microsoft, violates the Fourth Amendment right of its customers to know if the government searches or seizes their property, and it breaches the company’s First Amendment right to speak to its customers.

* * *

Seizing information from file drawers or personal computers used to require entering a building to examine paper or a hard drive. Typically, the target of an investigation knew about it.

Not so in the cloud computing era, when investigators can bypass an individual and go straight to the company that hosts that information. And when courts issue secrecy orders, often with no time limit, a target may never know that information was taken.

Microsoft, in its suit, contends that the government has “exploited the transition to cloud computing as a means of expanding its power to conduct secret investigations.”

You can read the full lawsuit here.

Good on Microsoft.

The DOJ is pushing Apple again

Via The New York Times:

With the legal battle over one iPhone now behind them, lawyers for the Justice Department and Apple resumed their sparring in another case on Friday, as prosecutors told a federal judge in Brooklyn that they still needed the company’s help to unlock a drug dealer’s iPhone.

While prosecutors described the demand in the Brooklyn case as routine, Apple said it reflected an attempt by the government to establish a precedent that could help unlock dozens or even hundreds of other phones.

* * *

In a stinging rebuke five weeks ago, however, Magistrate Judge James Orenstein said in a 50-page ruling that the Justice Department had overstepped its authority in trying to use a 1789 statute called the All Writs Act to compel Apple’s cooperation.

* * *

A ruling in the government’s favor in the Federal District Court in Brooklyn would not be binding in other cases, but if it were appealed to the United States Court of Appeals for the Second Circuit and upheld there, it would become precedent for other federal courts in the region.

So here we go again.

Senators Richard Burr and Dianne Feinstein release draft anti-encryption bill

Writing in TechDirt, Mike Masnick reviews the horrible and actually crazy, implications of the legislation.

The basics of the bill are exactly what you’d expect. It says that any “device manufacturer, software manufacturer, electronic communication service, remote computing service, provider of wire or electronic or any person who provides a product or method to facilitate communication or the processing or storage of data” must respond to legal orders demanding access to said information. First off, this actually covers a hell of a lot more than was originally expected. By my reading, anyone providing PGP email is breaking the law — because it’s not just about device encryption, but encryption of communications in transit as well. I wonder how they expect to put that genie back in the bottle.

* * *

The second this bill becomes law, the US loses a massive economic advantage. Basically all of our technology becomes suspect globally, and the entire cybersecurity industry moves off shore. It will devastate American businesses outside of the US. Burr and Feinstein are basically offering a bill that completely undermines the economic prosperity of the American tech industry. This is especially insane coming from Feinstein, given that she supposedly represents so many tech companies in California.

The article, as well as the bill itself, can be found here.