This post, written by Eva Galperin, was originally published on the Electronic Frontier Foundation website.
Recent years have seen a boom in the adoption of surveillance technology by governments around the world, including spyware that provides its purchasers the unchecked ability to target remote Internet users’ computers, to read their personal emails, listen in on private audio calls, record keystrokes and passwords, and remotely activate their computer’s camera or microphone. The Electronic Frontier Foundation, together with Amnesty International, Digitale Gesellschaft, and Privacy International have all had experience assisting journalists and activists who have faced the illegitimate use of such software in defiance of accepted international human rights law.
Software like this is designed to evade detection by its victims. That’s why we’ve joined together to support Detekt, a new malware detection tool developed by security researcher Claudio Guarnieri. Detekt is an easy-to-use, open source tool that allows users to check their Windows PCs for signs of infection by surveillance malware that we know is being used by government to spy on activists and journalists.
Some of the software used by states against innocent citizens is widely available on the Internet, while more sophisticated alternatives are made and sold by private companies and sold to governments everywhere from the United States and Europe to Ethiopia and Vietnam.
Detekt makes it easy for at-risk users to check their PCs for possible infection by this spyware, which often goes undetected by existing commercial anti-virus products.
Because Detekt is a best-effort tool and spyware companies make frequent changes to their software to avoid detection, users should keep in mind that Detekt cannot conclusively guarantee that your computer is not compromised by the spyware it aims to detect. However, we hope that the availability of this tool will help us to detect some ongoing infections, provide advice to infected users, and contribute to the debate around curbing the use of government spyware in countries where it is linked to human rights abuses.
How can the U.S. government possibly claim that its collection of the phone records of millions of innocent Americans is legal? It relies mainly on two arguments: first, that no one can have a reasonable expectation of privacy in their metadata; and second, that the outcome is controlled by the so-called “third-party doctrine,” which says that no one has an expectation of privacy in information they convey to a third party (such as telephone numbers dialed). The Electronic Frontier Foundation expects the government to press both of these arguments on Nov. 4 before the District of Columbia Circuit Court of Appeals. We look forward to responding.
Oral argument will take place at 9:30 a.m. at the District of Columbia Circuit Court at 333 Constitution Ave. NW in Courtroom 20 before Judges David Sentelle, Stephen Williams and Janice Rogers Brown. The public is welcome to attend.
A little context for EFF’s role in this case: EFF and the American Civil Liberties Union filed an amicus brief in Klayman v. Obama on Aug. 20. The case itself was first filed June 6, 2013, just one day after journalists began publishing information from the Edward Snowden leaks; and it was the first challenge to the government’s “telephony metadata” collection. Judge Richard Leon of the District Court for the District of Columbia granted a preliminary injunction. The government appealed, Klayman cross appealed some issues, and now the case is headed to the Court of Appeals.
Leon found that the government’s bulk collection of telephony metadata likely constitutes an unconstitutional search under the 4th Amendment. We agree. And since the issue is so important, we weighed in on the case along with the ACLU and the ACLU of the Nation’s Capital. We asked the court for the right to participate in the oral argument. The court agreed, giving us 10 minutes and also giving 10 minutes to another amicus, the Center for National Security Studies. Cindy Cohn will argue the case for EFF and ACLU.
Here’s what we’ll be saying on those two key points:
We want to ensure that the court recognizes that “the call records collected by the government are not just metadata — they are intimate portraits of the lives of millions of Americans.”
The argument that the bulk collection of private information from millions of Americans is no big deal because it’s “just metadata” is a tired one. It’s been disproven by research, and it doesn’t stand up to common sense. First, there’s no bright line. What is deemed “metadata” is often murky (such as subject lines and URLs), context-dependent and not clearly distinguishable from content, which everyone agrees is protected by the 4th Amendment.
Second, and more important, even without listening in on a conversation, metadata reveals private information — sometimes more than would be revealed by content.
We offer some examples where metadata is more revealing in our brief: People can “donate to charities by sending a text message…The metadata about these texts reveals that the subscriber has donated to a specific charity or cause, while the content of the message contains at most a donation amount.” Similarly, “an hour-long call at 3 a.m. to a suicide prevention hotline” could be very revealing. In fact, even a single piece of metadata could reflect an individual’s political or religious associations or mental health issues.
Consider a short-term study at Stanford that analyzed only a few months of telephony metadata from just 546 people focused partly on individual calls. The researchers found many calls that even in isolation could be revealing, such as a call to a political campaign, noting: “Many organizations have a narrow purpose, such that an individual call gives rise to sensitive inferences.” The study found “numerous calls within our dataset that give rise to these sorts of straightforward inferences.”
By contrast, the government is collecting huge amounts of metadata — by conservative estimates, at least billions of call records. And as the Stanford study showed, these records are exponentially revealing in the aggregate: “A pattern of calls will often, of course, reveal more than individual call records. During our analysis, we encountered a number of patterns that were highly indicative of sensitive activities or traits.”
As important as the sensitivity of the information here is the fact that the potential sensitivity is exactly why the government wants the information. The government has emphasized repeatedly in speeches and in legal briefs that it needs to collect so much metadata specifically so that it can analyze complete (or at least very big) datasets. That makes sense since, as we point out in our brief, this aggregation provides context and information to metadata and allows analysts to create “social graphs” that map webs of relationships between individuals and groups. In fact, aggregated metadata could allow an analyst to determine “the membership, structure, or participants in organizations and movements like the NAACP, the Tea Party, or Occupy Wall Street …”
To compound the privacy invasion, metadata is highly structured, making it ideal for the kind of analysis that reveals highly personal information. It’s easier to review than the content of communications. And since the government’s argument is that all metadata is unprotected, it’s important not to consider it in a vacuum. As we note, metadata “is truly ubiquitous, created through the innumerable and near-continuous digital transactions and interactions attendant to modern life.”
The ‘third-party doctrine’ is not controlling
After trying to convince the court that metadata just isn’t that revealing, the government says that the 4th Amendment also doesn’t apply because we “voluntarily” turn over the numbers we dial to telephone companies — as if this weren’t just an artifact of how the phones work and instead was some kind of individual choice we make. Because of this, the government argues, the situation is governed by the “third-party doctrine,” the idea that people have no expectation of privacy in information they entrust to others.
That argument is almost as tired as the metadata claim and ignores the realities of modern life. The third-party doctrine comes from a 1979 Supreme Court case, Smith v. Maryland, which involved the collection of the phone numbers dialed by a criminal suspect over the course of three days using a rudimentary pen register. And as Leon said in his opinion in the lower court:
[T]he Court in Smith was not confronted with the NSA’s Bulk Telephony Metadata Program. Nor could the Court in 1979 ever have imagined how the citizens of 2013 would interact with their phones.
Leon hits the nail on the head. As we point out, the issue in Klayman is not limited to collection of the numbers dialed by one individual suspected of criminal wrongdoing over a very short period of time. The issues here are bulk collection and sophisticated analysis of the detailed telephone records of millions of people suspected of nothing at all.
We emphasize five significant points of difference in our brief:
Scale: The program collects data for all or nearly all Americans, rather than one individual suspected of a serious crime.
Duration: The current program captures years of data, while the pen register in Smith captured data for only three days.
Changes in telephone use: Use of the telephone has changed dramatically since 1979, when telephones were largely stationary devices shared among a number of users, with one number per household or organization. Today, as landline usage dwindles, mobile phones have become personal, not shared, devices that many people carry constantly with them and use dozens, if not hundreds, of times per day.
Information collected: The phone records in this case include whether the call was completed, its duration, and other information rather than simply which numbers were being dialed, as in Smith.
Individualized suspicion: The program does not collect information based on individualized suspicion of any sort, much less individualized suspicion of a crime.
These differences mean that it’s just not credible to try to cram the government’s gigantic, revealing telephone records collection into the narrow box of the Smith line of cases. As our brief notes, that’s “a result unimaginable when Smith was decided and certainly not considered by the Court.”
In short, both the government’s metadata argument and its third-party doctrine argument are wrongly applied to massive telephone record collection. Moreover, both ask the court to ignore how we live today, with our “papers and effects” stored with third parties and metadata trailing our every move. Yet even with technological changes, we can and do have reasonable expectations that this information will remain private. We look forward to the court’s careful consideration of these and other points on Tuesday.
Washington, D.C. — The Electronic Frontier Foundation (EFF) will appear before a federal appeals court next week to argue the National Security Agency (NSA) should be barred from its mass collection of telephone records of million of Americans. The hearing in Klayman v. Obama is set for 9:30 a.m. on Tuesday, Nov. 4, in Washington, D.C.
Appearing as an amicus, EFF Legal Director Cindy Cohn will present oral argument at the U.S. Court of Appeals for the District of Columbia Circuit on behalf of EFF and the American Civil Liberties Union (ACLU), which submitted a joint brief in the case.
Conservative activist and lawyer Larry Klayman filed the suit in the aftermath of the first Edward Snowden disclosure, in which The Guardian revealed how the NSA was collecting telephone records on a massive scale from the telecommunications company Verizon. In December, District Court Judge Richard Leon issued a preliminary injunction in the case, declaring that the mass surveillance program was likely unconstitutional.
EFF argues that the call-records collection, which the NSA conducts with claimed authority under Section 215 of the USA PATRIOT Act, violates the 4th Amendment rights of millions of Americans. Separately, EFF is counsel in two other lawsuits against the program — Jewel v. NSA and First Unitarian Church of Los Angeles v. NSA — and is co-counsel with the ACLU in a third, Smith v. Obama.
It’s that time of year when people don sinister masks, spray themselves with fake blood and generally go all-out for a good fright. But at the Electronic Frontier Foundation, we think there are plenty of real-world ghouls to last year-round. Fortunately, we won’t let them hide under your bed. Sometimes our work sounds like science fiction, but the surveillance techniques and technology we fight are all too real. Here are some of the beasts hiding in your backyard that we’ve been fighting to expose.
Automated license plate readers
Automated license plate readers (ALPRs) are cameras that can either be mounted on squad cars or be stationary. They read license plates and record the time, date and location a particular car was encountered. And they’re paving the way for wholesale tracking of every driver’s movements. ALPRs can scan up to 1,800 license plates per minute and can collect data on vast numbers of vehicles. In Los Angeles, for example, the Los Angeles Police Department and Sheriff’s Department collect data on 3 million carsper week.
Much like metadata about phone calls, the information obtained from ALPRs reveals sensitive personal information. In fact, the International Association of Chiefs of Police issued a report in 2009 recognizing that “recording driving habits” could raise 1st Amendment concerns because cameras could record “vehicles parked at addiction-counseling meetings, doctors’ offices, health clinics, or even staging areas for political protests.”
Because of this potential for serious invasions of privacy, EFF and the American Civil Liberties Union teamed up to ask the city and county of Los Angeles for a week’s worth of ALPR data. The lower court sided with the government after it denied our request, but we’re appealing the ruling.
Fusion centers are information clearinghouses that enable unprecedented levels of bidirectional information sharing between state, local, tribal and territorial law enforcement agencies and federal agencies like the FBI and Department of Homeland Security. Bidirectional means that local law enforcement can share information with these agencies while also accessing federal information, through portals like the FBI’s eGuardian database.
Fusion centers are a serious threat to privacy. They magnify the impact of excessive spying by making sure that it gets shared through a vast network of agencies with almost no oversight.
And oversight is clearly needed. Fusion centers coordinate the National Suspicious Activity Reporting Initiative (NSI), an effort to implement suspicious activity reporting (SAR) nationwide. SAR are intelligence reports that, according to the government, document “behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity.” And while they do lead to law enforcement contact with innocent people, they do not meet legally cognizable standards for search or seizure under the 4th Amendment. Instead, they lead to racial and religious profiling and political repression. Public records act requests have shown that people of color often end up being the target of SARs.
And that’s not the only way fusion centers threaten privacy and civil liberties. Public records requests have also shown that fusion centers are used to record and share information about 1st Amendment-protected activities in a way that aids repressive police activity and chills freedom of association.
That’s why when the Privacy and Civil Liberties Oversight Board (PCLOB) announced that it was considering looking at the standards for SAR, EFF submitted a comment. We urged PCLOB not only to review SAR standards, but to conduct a thorough assessment of fusion centers in general. We believe that such a review will show what every other review by the government has shown: that fusion centers produce “predominantly useless information,” “a bunch of crap,” while “running afoul of departmental guidelines meant to guard against civil liberties” and are “possibly in violation of the Privacy Act.”
Last but not least, we’re keeping an eye on the spreading use of Stingrays. (Stingray is the brand name of an international mobile subscriber identity locator.) These are devices that are used by law enforcement to electronically search for a particular cellphone’s signal by capturing the international mobile subscriber identity of potentially thousands of people in a particular area. Small enough to fit in a van, they masquerade as a cellphone tower and trick your phone into connecting with them every 7 to 15 seconds. As a result, the government can surreptitiously figure out whom, when and to where you are calling and the precise location of every device within the range. With some devices, it can even capture the content of your conversations.
Part of what’s so concerning about Stingrays is that we know very little about how they are being used. In the first case to consider the constitutional implications of stingrays, U.S. v. Rigmaiden (in which we filed an amicus brief along with the ACLU) the court denied a motion to throw out evidence obtained using a Stingray. In our brief, we pointed out that the application for a warrant neither made it clear that law enforcement would be using a Stingray nor explained how the device worked. It’s that lack of explanation that we find so concerning.
But what we do know about Stingrays is chilling. They capture data from anybody who happens to be in an area where one is being used, regardless of whether they are suspected of a crime. And some models can even capture contents of communications.
The constitutionality of Stingrays is almost certain to be challenged again, especially after the Supreme Court’s decision requiring a warrant to search arrestee’s cellphones in Riley v. California. We’ll continue to keep an eye out for any cases addressing this technology. In the meantime, we’re doing public records act requests to police departments to learn more about who is using these devices and how.
We think this technology is scarier than any costume you’ll see on the streets this week. But don’t worry; we’re here to turn the lights on.
This post, written by EFF director for international freedom of expression Jillian York, was originally published on the foundation’s website.
The censorship or banning of books is a phenomenon that occurs in countries around the world. Books that are considered “scandalous” or inciteful in some way are often targets of censorship by governments, schools, libraries and other entities.
For individuals living in countries with high levels of censorship, the Internet has become a means for circumventing restrictions on book sales. Access to online bookstores and platforms like Kindle have, for example, helped people in China get around the infamous Great Firewall. New platforms like Oyster provide reading materials in English that might not be available for purchase, either due to censorship or lack of demand. And free platforms like Project Gutenberg create access where cost or censorship is an issue.
But for some, these workarounds have restrictions as well. Copyright and related licensing restrictions can curtail access to books in certain places; for example, a new book on atheism in the Arab world by journalist Brian Whitaker is unavailable for purchase in the Middle East and Africa, apparently due to international distribution issues. App stores sometimes restrict access to book platforms out of copyright or liability concerns, as well as when faced bygovernment pressure. And restrictions on international banking — not to mention the cost of e-books — can limit people in many countries from taking advantage of online book platforms.
In Sudan, books can be especially hard to come by. Not only does the government confiscate and ban books and harass authors, but high customs taxes have forced numerous bookstores to close over the past few years.
“Online access to books is so important for the new generation,” says Sudanese activist Dalia Haj Omar, but U.S. sanctions prevent individuals from accessing a number of sites and resources that would allow young Sudanese to circumvent restrictions on reading and learning. Among the sites that are unavailable to Sudanese are Khan Academy and the Google Play Store.
Despite the sanctions, which Haj Omar is working to reform, she says that young Sudanese are finding ways around the various restrictions, and points to an article in the New York Times detailing Khartoum’s literary revival. It describes the work of Abdullah Al-Zain, the man behind a monthly book swap event called Mafroush (“displayed”). “The Internet is not necessarily an enemy of books,” says Al-Zain. Indeed.
But the equipment we can see on the news isn’t the only thing flowing from our military to local cops. Alongside armored vehicles and guns, local police are getting surveillance technology with help from the federal government. And while we don’t know the full contours of that aid, what we do know is worrisome and should spur further scrutiny, both locally and nationally.
The risks of militarizing the local cops are easy to see — and they’re compounded by folding local law enforcement into homeland security. Military technology, and suspicionless mass surveillance, are based on a military mindset: Everyone is a possible enemy, and no one deserves privacy. While some lawmakers justify this shift by pointing to the “war on drugs” and “the war on terror,” the United States is not technically a war zone. This raises the specter of the Posse Comitatus Act, passed in the late 1800s to prevent use of the military in domestic law enforcement.
Congress is finally taking a look into the transfers of hardware
Each of these three programs has transferred millions of dollars of equipment and funding to local law enforcement, from bayonets to drones. This includes funding for fusion centers, the state and local criminal intelligence information clearinghouses that allow local law enforcement to access and input information into federal databases like the FBI’s eGuardian without even meeting a “probable cause” standard.
The hearing gave the committee a chance to hear direct testimony from representatives of these three programs, as well as other experts and stakeholders. Written statements from speakers are available here.
Senators closely questioned the representatives of each of the three programs, revealing some startling truths:
The DOD and DHS do not provide any training to departments that get equipment or money from them, including high tech surveillance equipment like drones and mine-resistant ambush-protected vehicles (MRAPs).
None of the agencies look into whether a state or local law enforcement agency is under active investigation or has a history of civil rights or civil liberties violations.
Prior to Ferguson, these three officials had never met, even though they were providing similar equipment and funding for equipment to the same police departments.
The total number of pieces of controlled property, such as weapons, currently in the possession of law enforcement agencies is approximately 460,000.
The questions that were not answered, or partially answered, were also revealing:
“What (is) the difference between a militarized and increasingly federalized police force and a standing army?”
“When was the last time you can recall that equipment from the 1033 program was used for counterterrorism?”
The overall picture that emerged was that the federal officials are willing to fund surveillance and military technologies to local law enforcement but provide little or no training to police officers — and have no policies in place to ensure this equipment isn’t misused. The White House is conducting a review of these programs; and while there is no clear timeline for completion, it’s a step in the right direction.
Surveillance deserves a look, too
Congress and the White House need to include surveillance technologies in their inquiries. The same money that funds MRAPs and night vision goggles also funds intelligence gathering at the local level. DHS’s Homeland Security Grant Program directly funds fusion centers. In fact, its 2014 grant announcement emphasized that funding fusion centers and integrating them nationally is a high priority. And DHS Urban Area Security Initiative money funds events like Urban Shield, a four-day-long event that featured “preparedness” exercises as well as a marketplace of military and surveillance technology.
Another possible avenue for review is the Privacy and Civil Liberties Oversight Board (PCLOB). PCLOB asked for public comments on its proposed mid- and long-term agenda, which includes an examination of the “functional standards” used for Suspicious Activity Reporting (SAR),” a program coordinated through fusion centers.1 EFF, along with others, submitted comments encouraging PCLOB to take a close look more generally at fusion centers. The comments emphasized that accountability for fusion centers, like all the programs reviewed in the Senate hearing, is a major problem:
The bidirectional flow of data in fusion centers, as well as interagency cooperation and jurisdictional blurriness, makes accountability and a clear understanding of the applicability of laws and regulations difficult… In the midst of this ambiguous and opaque environment, fusion centers have access to a staggering amount of data including the FBI’s eGuardian database and a variety of other federal databases. They may even potentially have access to unminimized NSA data. And as data gathered under the problematic SAR standards is entered into these databases, the lines of responsibility for unconstitutional invasions of privacy and civil liberties become ever more unclear.
Local cops, localaction
There is a silver lining to all of this, though. Unlike the onerous task of reforming the National Security Agency, the FBI and other federal agencies, addressing militarization of and surveillance by local law enforcement is much easier for grass-roots activists. Groups like the coalition that helped push the Urban Shield exercise out of Oakland, California, the coalition that stopped Berkeley, California from purchasing an armored vehicle, and the coalition that helped to stop the purchase of a drone in Alameda County, California, are springing up all over the country.
For those concerned about the use of military surveillance equipment domestically, it’s a good time to do some research into your own local government to find out not only whether they are obtaining the kinds of military equipment that you can see, but also whether they are obtaining surveillance technologies that you can’t. Public records act requests are a great way to find out whether your town or city has gotten any of these funds and how it has, or plans to, spend them. Let us know what you find out, and let your elected officials know what you think.
This post, written by Electronic Frontier Foundation legal fellow Andrew Crocker, was originally published on the foundation’s website.
Smith v. Obama, a challenge to the NSA’s warrantless collection of phone records, currently before the 9th U.S. Circuit Court of Appeals, has received some high-profile support. In six amicus briefs filed yesterday, a range of groups add depth to the Electronic Frontier Foundation’s argument that the NSA’s activities are an extraordinary invasion of the privacy of innocent Americans.
Powerfully, Senators Ron Wyden, Mark Udall, and Martin Heinrich — members of the committee charged with overseeing the NSA — write that they “have seen no evidence that the bulk collection of Americans’ phone records has provided any intelligence of value that could not have been gathered through means that caused far less harm to the privacy interests of millions of Americans.” This echoes statements made by numerous officials, including President Obama himself, and it is crucial to countering the arguments in this case about the national security importance of the NSA’s program.
Other briefs expand on the problems with the government’s legal arguments in Smith and discuss how bulk surveillance causes specific harms to privacy and other constitutional values. In a brief filed by the Electronic Privacy Information Center (EPIC), a group of leading legal and technical experts discuss the history of information generated by telephone calls and the rise of modern call records, the “metadata” collected by the NSA. The brief thoroughly debunks the government’s claims that 40-year-old legal rules allowing limited collection of records can justify the highly revealing program at issue here. Briefs by the Reporters Committee for the Freedom of the Press, the National Association of Criminal Defense Lawyers and the PEN American Center respectively explore the specific harms to reporter-source relationships, attorney-client communications and the 6th Amendment right to counsel, and the profound chilling effect on freedom of expression. Finally, a brief by the Center for National Security Studies explains that the statute used by the government, Section 215 of the USA PATRIOT Act, also cannot justify this program.
The court will consider these arguments as the briefing in Smith continues. A hearing is expected in November 2014.
This post, written by activist Nadia Kayyali, was originally published on the EFF website.
While all eyes are on the disturbing evidence of police militarization in Ferguson, are you paying attention to what’s happening with law enforcement in your own back yard?
In the San Francisco Bay Area, the answer is yes. A coalition of community groups has come together to call attention to Urban Shield, a four-day long “preparedness” exercise for law enforcement and other agencies that will take place from September 4-8. They’ve organized a week of education, including a march and demonstration outside of the event on Friday, September 5. To these community groups, Urban Shield represents state violence and political repression, not public safety.
The reasons for protesting Urban Shield are clear. It is one of the ways that local law enforcement gets access to, and romanced by, military and surveillance technologies like the ones we’ve seen turned against protesters in Ferguson, as well as low-level crimes, across the country.
Urban Shield is coordinated by the for-profit company Cytel Group, and in addition to training exercises, it also functions as a marketplace and testing site for new militarized technologies. The accompanying trade show includes exhibitors from armored vehicle manufacturers to a “counter-terrorism magazine.” In 2013, companies were encouraged “to place their products and technology directly into the hands of SWAT, Fire, EOD, and EMS professionals.” Vending at Urban Shield is touted as a way to get “invaluable real-time feedback for vendor product[s]” since “at the end of every scenario the teams are questioned concerning the benefits and drawbacks of each piece of technology used in that scenario.” It’s unsurprising that Urban Shield has a “try it out” component for law enforcement, since there is an incredible amount of profit to be made from such products, often with federal funds (i.e. taxpayer dollars) footing the bill.
The event is part of the federal Urban Areas Security Initiative (UASI). UASI is a grant program administered by the federal Department of Homeland Security’s Homeland Security Grant Program (the same program that funds fusion centers). In the San Francisco Bay Area, the grants are coordinated by the Bay Area UASI, a regional coordinating body. UASI grants are supposed to go to “planning, organization, equipment, training, and exercise needs of high-threat, high-density Urban Areas.” The grants have gone to law enforcement agencies all over the country— but the program has been the subject of scathing critique from grassroots groups and lawmakers.
Much of the criticism around UASI is that the grants enable purchases of equipment that no community should adopt without a public conversation. The obvious examples are armored vehicles and so-called “less-lethal” weapons like tear gas and rubber bullets, like those used to violently suppress demonstrators in Ferguson. But UASI funds can also be used to purchase sophisticated surveillance equipment that, absent safeguards, could allow local law enforcement to spy on activists before demonstrations ever take place, or to racially profile people of color in communities like Oakland. Senator Tom Coburn’s 2012 report “Safety at Any Price” lists some of the equipment that has been purchased with UASI money, and it reads like a laundry list of privacy advocates’ concerns: surveillance cameras, mobile fingerprinting devices, automated license plate readers, armored vehicles, and drones. To make matters worse, as Senator Coburn’s report points out, there is no evidence that these purchases make anyone safer.
It should also be noted that Urban Shield is not limited to the San Francisco area. Boston and Austin also participate in similar trainings, as has Jordan. And Jordan isn’t the only international connection. As the Urban Shield website boasts, “In 2014, teams from Singapore and South Korea will participate.” Teams in the past have included the French National Police and teams from Israel, Brazil, Jordan, and Bahrain. Police departments from across the country participate as well, including SWAT teams from Newark, Dallas, Chicago, and Travis County, Texas.
None of this has escaped the attention of organizers, who have made it clear that Urban Shield is linked to surveillance of activists and violence against communities of color across the country, but also to political repression internationally. In their words: “The line between police and military is blurring as parallel military tactics are being deployed globally to repress dissent and increase state control over people who are calling for freedom and justice.”
The USA FREEDOM Act is a good first step to rein in the NSA’s “Business Records” program, which collects Americans’ calling records using Section 215 of the Patriot Act. Since July, EFF has urged people to contact their senators to co-sponsor the bill. EFF even created a scorecard to help you figure out where your member of Congress stands.
On the other side is CISA, a privacy-invasive cybersecurity bill written by the Senate Intelligence Committee to facilitate the sharing of computer threats between companies and the government. The bill grants companies broad legal immunity to spy on users and share their information with government agencies like the NSA. This zombie bill — just like previous cybersecurity bills — must be killed.
One Step Forward And Two Steps Back
The USA FREEDOM Act is an important step forward for privacy. First, it would stop the government from sending court orders to phone companies for all of their customers’ calling records. The bill also introduces much-needed institutional changes to the secretive court, called the Foreign Intelligence Surveillance Court (FISA court), which is overseeing the spying. Lastly, the bill introduces transparency requirements by mandating the government report on the number of orders obtained by the FISA court and by allowing companies to report on the number of orders it receives. There are still problems with the bill, but it’s an important piece of legislation that starts to solve some of the problems revealed by the Edward Snowden disclosures.
The current version of CISA neglects much of what we’ve learned from Snowden, such as how information obtained using Section 702 of the Foreign Intelligence Surveillance Act is used for cybersecurity. The bill also suffers from some of the same exact faults as previous bills, which includes overly broad legal immunity for companies to share personal information with the government and with other private companies.
Congress Must Kill CISA And Pass USA FREEDOM
Both bills deal with important privacy issues, but are on completely opposite sides of the debate. Congress can do the right thing by pushing forward with the USA FREEDOM Act and passing much-needed NSA reform. Tweet your senator to support the USA FREEDOM Act. After that, send him an email asking him to not support CISA.
Note from the Editor: Under the Obama Administration, the NSA, the IRS, and the State and Justice departments are blatantly stepping on Americans’ privacy—and these are just the breaches we’re aware of. I’ve arranged for readers to get a free copy of The Ultimate Privacy Guide so you can be protected from any form of surveillance by anyone—government, corporate or criminal. Click here for your free copy.
It’s been more than a year since Aaron Swartz’s tragic death, and now Swartz’s life is the subject of a new documentary, “The Internet’s Own Boy,” directed by Brian Knappenberger. The documentary has received much acclaim and deservedly so. It tells the story of a political activist and innovator who put theory into practice, always experimenting and building new tools and methodologies to animate his theory of change.
Swartz fought for an Internet grounded in community, creativity and human rights. By co-creating platforms like RSS, reddit, Creative Commons and the technology that became SecureDrop, he helped make information accessible. Perhaps more than anything, Swartz helped hundreds of thousands of people participate in the political processes that determine the laws we have to live under every day.
There are so many things that Swartz accomplished by the age of 26 that we thought it may help to make a companion for the film, a guide for those who want to watch with a deeper understanding of the issues behind Aaron’s projects.
We begin with the projects discussed in the film and then examine the Computer Fraud and Abuse Act, the law that was used to indict him on 11 criminal charges before his tragic death.
Creative Commons And The Problem With Copyright
As a teenager, Swartz was a core member on the team of lawyers and copyright wonks that developed Creative Commons, a project that simplifies sharing with easy-to-use copyright licenses. Swartz helped to design the code behind Creative Commons licensing.
Creative Commons was a revolutionary project that remains significant today. It’s a suite of licenses that artists, writers and other creators can use to enable sharing, remixing and collaboration. Online, it’s incredibly easy to copy and paste, to edit, and to share instantaneously. Doing so can sometimes run smack in the face of copyright law, which requires explicit permissions to be granted in advance of sharing or using a creative work in many contexts.
Creative Commons is more compatible with the intensive sharing environment of the Internet. It allows for artists, makers, programmers, writers and everyone in between to only reserve some rights, not all rights. With a Creative Commons license, one can encourage the sharing of her work while still being attributed. One can choose not to allow others to monetize a work, but either invite remixing or block remixing while still encouraging distribution. Knappenberger has made “The Internet’s Own Boy” available under a Creative Commons license, and it can be downloaded and shared for free from the Internet Archive.
Open Access And Open Government
A large part of “The Internet’s Own Boy” traces Swartz’s various projects aimed at furthering the pursuit of information. He wanted to make it easier to learn about the laws that we have to live with every day, as well as ease access to the academic articles that form the building blocks of our knowledge about the world.
“The world’s entire scientific and cultural heritage, published over centuries in books and journals,” reads the Open Access Manifesto, which was written by Swartz and is quoted in the documentary, “is increasingly being digitized and locked up by a handful of private corporations.”
Swartz started projects like The Open Library, which seeks to make one Web page for every book published (imagine a future where we don’t link to Amazon when directing people to a book). And during his brief stint at Stanford, Swartz worked with a law student to download the entire Westlaw database of law review articles and found troubling connections between funders of research and favorable conclusions.
Swartz’s quest led him to the PACER system, the federal judiciary’s pay-walled public court record database. PACER charges per page to view U.S. court documents that are a matter of public record. Journalists, students, litigants, academics and all kinds of people need access to the details of the litigation that defines our laws in order to do their work. We shouldn’t have to pay to see the law.
Information activists like Carl Malamud have long been critical of PACER. And in 2009, when the system launched a project to allow free PACER access at 17 libraries nationwide, Malamud encouraged patrons to download PACER records and share them on an online repository. Swartz accepted the invitation and wrote a computer program that downloaded 20 million pages of federal court documents. In the process, scores of privacy violations were found in the PACER documents, which revealed Social Security numbers, Secret Service agents’ identities and the like, leading to stricter privacy enforcement in the courts.
For doing that, Swartz became the target of an FBI investigation that was later dropped. But as Malamud remembers in the documentary, “I’ll grant you that downloading 20 million pages had perhaps exceeded the expectations of the people running the pilot access [PACER] project, but surprising a bureaucrat isn’t illegal.”
Swartz played a central role in the fight to stop the censorious Stop Online Piracy Act (SOPA) that snowballed into the largest online campaign in history. SOPA was a poorly worded bill that would have allowed the Department of Justice to shut down entire Internet domains because content posted on a single website might be infringing copyright — and without a trial.
Swartz co-founded Demand Progress, a digital rights organization that the Electronic Frontier Foundation continues to work with closely today. Demand Progress was instrumental in organizing the grass-roots outcry; Demand Progress boiled down the bill into super simple language and asked that people take a quick action to stop it. Most people in Washington were trying to make slight improvements to a terrible bill, but Demand Progress, along with EFF, Fight for the Future, Public Knowledge and others mounted a campaign to stop it completely.
Wikipedia, Mozilla, Google and countless others blacked out websites and displayed banners over their logos, sending people to a petition to oppose the bill. It worked. SOPA didn’t pass, and today it remains one of the most important chapters in the history of the digital rights movement.
The prosecution of Swartz also reflected profound problems with the criminal justice system far beyond the Computer Fraud and Abuse Act (CFAA), including the incentives for prosecutors to pursue charges as aggressively as possible to try to make a defendant plead guilty.
Eleven of the 13 counts against Swartz were based on the CFAA, a law written in 1984 that makes it a crime to access a computer without “authorization” or in excess of authorized access. But these terms aren’t clear; and the Department of Justice in the past has argued the CFAA makes it a federal crime to violate a website’s terms of service, meaning that something like lying about your age or your height online could be counted as a federal crime.
Framing Aaron’s Law As A Good Start
“The Internet’s Own Boy” points viewers to Aaron’s Law, a bill proposed soon after Swartz’s passing that would partly fix the broken and outdated CFAA. EFF supports Aaron’s Law. If it passed, everyday computer users wouldn’t face criminal liability for violating a terms of service agreement. And Aaron’s Law would protect users who access information in ways that protect their anonymity. But unfortunately, the bill does not go far enough and does not — currently — have widespread support in Congress.
Aaron’s Law, as drafted, wouldn’t have protected Swartz from the excessive penalties mounted against him. The CFAA currently punishes low-level offenses as felonies that, in a saner world, would be classified as misdemeanors. Currently, the CFAA is structured so that the same behavior can often be double-counted as violations of multiple provisions of law, which prosecutors then combine to beef up the potential penalties to an absurd degree. We strongly believe that CFAA reform should eliminate this kind of double-counting.
The Fight Continues
Swartz sought to make the world a better place; he wanted to share access to knowledge and expose corruption. Our movement to defend digital rights is stronger because of him. And we can only imagine how Swartz would have contributed to the fight to protect our rights and expand our freedoms as more people come to depend on an open Internet.
We will continue to fight. Swartz’s story is one worth telling. That’s why we encourage everyone who has seen this documentary to show it to a friend, host a screening at work or on campus and encourage others to watch it.
When Sarah Palin placed crosshairs over political districts her political action committee was targeting in the 2010 midterm election, there was an outcry but she wasn’t arrested. Although some claimed the imagery was violent, no one believed Palin was actually intending to shoot anyone. But when Anthony Elonis posted some ugly speech on his Facebook account, fantasizing about killing his ex-wife and law enforcement agents, he was arrested, indicted for making Internet threats and sentenced to more than three and a half years in prison. Elonis claimed he was venting and that he didn’t mean what he said. The prosecutor explained to the jury that it didn’t matter what Elonis thought, and the Third Circuit Court of Appeals agreed, ruling the government only had to show a reasonable person felt threatened by the posts.
With Elonis’ case now before the Supreme Court, we’ve joined an amicus brief filed by the Student Press Law Center and the PEN American Center to explain why the unique nature of the Internet and the First Amendment require the government prove a person actually meant to make a threat before he can be prosecuted.
This is especially important for youth who communicate through social media. One of the great things about the Internet is its ability to spread speech far and wide. But that also means speech may be misunderstood when it is received by an unintended audience or without the original context in which it was published, creating the risk that fiery rhetoric is transformed into criminal liability. We’ve already seen how one 18 year old who posted some ugly trash talk on Facebook is now facing ten years in prison. Obviously, there is no room in our society for true threats of violence, whether spoken online or offline. So requiring a subjective intent to threaten is the best way to balance First Amendment values with public safety. Speech that appears threatening but is clearly parody or a joke is protected, while true, violent threats meant to be threatening are punished.
The rapid growth of social media has clearly benefited society, enhancing the ability to connect with other people far and wide and with those both within and outside of our communities. Hopefully, the Court will help preserve this public resource by not unnecessarily extending criminal liability in overbroad ways.
Sean D. Jordan, Kent C. Sullivan, Peter Ligh and Travis Mock of Sutherland LLP, wrote the brief for EFF, SPLC and PEN American Center.
Washington, D.C. — The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) on Wednesday filed an amicus brief in Klayman v. Obama, a high-profile lawsuit that challenges mass surveillance, arguing that Americans’ telephone metadata deserves the highest protection of the 4th Amendment.
Larry Klayman, conservative activist and founder of Judicial Watch and Freedom Watch, was among the first plaintiffs to sue the National Security Agency (NSA) over the collection of telephone metadata from Verizon customers that was detailed in documents released by Edward Snowden. In December 2013, Judge Richard Leon issued a preliminary ruling that the program was likely unconstitutional, and the case is currently on appeal before the U.S. Court of Appeals for the District of Columbia Circuit.
In the new amicus brief in Klayman v. Obama, the EFF and ACLU lawyers repudiate arguments by U.S. officials that the records are “just metadata” and, therefore, not as sensitive as the contents of phone calls. Using research and new case law, the civil liberties groups argue that metadata (such as who individuals called, when they called and how long they spoke) can be even more revealing than conversations when collected en masse.
“Metadata isn’t trivial,” EFF legal fellow Andrew Crocker said. “Collected on a massive scale over a broad time period, metadata can reveal your political and religious affiliations, your friends and relationships, even whether you have a health condition or own guns. This is exactly the kind of warrantless search the Fourth Amendment was intended to prevent.”
The brief explains that changes in technology, as well as the government’s move from targeted to mass surveillance, mean that the holding of the 1979 Supreme Court case Smith v. Maryland that the government relies on (often called the “third-party doctrine”) does not apply. Instead, EFF and the ACLU point to a series of recent key decisions — including the Supreme Court decisions in United States v. Jones in 2012 and Riley v. California in 2014 — in which judges ruled in favor of requiring a warrant for electronic search and seizure.
“Dragnet surveillance is and has always has been illegal in the United States,” said ACLU staff attorney Alex Abdo. “Our country’s founders rebelled against overbroad searches and seizures, and they would be aghast to see the liberties they fought hard to enshrine into our Constitution sacrificed in the name of security. As even the president himself has recognized, we can keep the nation safe without surrendering our privacy.”
EFF and the ACLU have each litigated numerous 1st and 4th Amendment lawsuits related to NSA surveillance and together represent Idaho nurse Anna Smith in a similar case currently on appeal in the Ninth U.S. Circuit Court of Appeals called Smith v. Obama. The ACLU is a plaintiff in a case currently pending before the Second Circuit Court of Appeals, ACLU v. Clapper, to be heard on Sept. 2. EFF has two cases — Jewel v. NSA and First Unitarian Church of Los Angeles v. NSA — before the U.S. District Court for Northern District of California.
The National Security Agency pulls no punches when it comes to the surveillance of innocent people in every corner of the world in its attempt to “collect it all.” Those in the U.S. prepared to vigorously oppose mass government spying need to fight back and hold our representatives to account for the routine human rights violations perpetrated by the NSA. And this activism needs to occur on all levels, from lobbying local and State officials to setting up meetings with Congress members.
That’s part of the inspiration behind StandAgainstSpying.org, a tool that grades members of Congress on their track record in the fight against unConstitutional mass surveillance and the protection of the basic human right to privacy. Congress is in recess for the month of August, so right now is an ideal time to schedule a visit in-district.
Yet elected officials rarely hear from the diverse communities of everyday people who live under the shadow of government surveillance — that includes every American. That’s why the Electronic Frontier Foundation is encouraging people to visit their Congressional office and local representatives to make sure they know beyond a shadow of a doubt that their constituents demand meaningful NSA reform. After all, our political leaders are supposed to be working for us.
Senator Patrick Leahy (D-Vt.) introduced the new USA FREEDOM Act S. 2685 in the Senate at the end of July. It’s likely to come up for a vote in September. That means that for the next month activists and concerned citizens need to flood the offices of our Senators and make sure they hear us loud and clear: Now is the time to pass this critically important bill that will work rein in the NSA’s illegal mass spying and help to restore justice in the secret FISA court.
To help with lobbying visits to local Congressional offices, EFF made a handy one-page guide on the USA FREEDOM Act that you can leave with the staff person you meet with at your elected representative’s office.
Lobby For Digital Rights
Lobbying — whether you’re a concerned citizen or a representative of an interest group — boils down to building relationships. Usually, these relationships are with staff members or, if at the local level, sometimes with elected officials directly.
Citizen lobbying can be a powerful tool for driving a vision for reform, especially when it comes to tech policy and digital rights issues, where elected officials often are non-experts.
What’s more, most expertise on technology issues too often comes from specialists hired by industry interests. So when constituents visit their representative to discuss how hard-to-approach technology issues affect voters back home, you’ll typically find policymakers ready to listen carefully.
Is there an issue that you think your member of Congress should consider more closely or change her stance on? Consider discussing the issue with your elected representative by attending a town-hall meeting or visiting the closest constituent office. Here are some tips for how to contact your representative — either Federal, State or local — to ensure a successful meeting.
Find Your Target Office
The first step is to locate which political office you wish to target. This is easier for Federal issues than State issues. For Federal issues, you may wish to target a particular Senate or House committee or subcommittee, which might take some searching on the Internet.
In local political matters — for example, if you want to investigate the purchase or use of drones by your local police department — you may start by scheduling a meeting with a staff person from your city council member’s office.
Senate: Every State is represented by two Senators. And every Senator has an office in Washington, D.C., and multiple offices in the States they represent.
Locate members in certain committees in the Senate.
House of Representatives: States are separated into numbered districts, and each district is represented by one representative in the House of Representatives. The number of districts in a State is adjusted after each census. Similar to Senators, Representatives have an office in Washington, D.C., and at least one office in their home States.
Locate members on certain committees in the House.
Mayors: You may wish to contact your mayor or city manager about issues in your city, like issues concerning the police department, municipal broadband initiatives or funding for technology education in your city. Find your mayor.
Governors: For statewide issues, contact your Governor’s office to share your views or set up a meeting.
State lawmakers and city council members: Local political arenas are sometimes the best places to achieve tangible political change. Do some Internet searching to find your representative.
City councils have a tremendous effect on populations, as they can pass resolutions, bring issues to mayoral offices and conduct studies to drive policy reform. Consider going to a meeting to raise concerns about a local fusion center, community fiber Internet or the need for more government transparency.
Set Up A Meeting
A phone call in favor of or against a particular action that an elected official can take is a great way to advocate for reform, but nothing beats a face-to-face meeting with a staff person or your representative.
Setting up a meeting is easy. On a Federal level, when Congress is not in session, members work out of their in-district offices; so try to set up meetings there at those times. Members also hold frequent “town-hall” meetings for constituents. Inquire at your local office about when they will be held. You can also track when your representative will be in town by looking at the Congressional calendars for the House and the Senate. Congress often designates “constituent weeks” in order to inform the public when they will be in their district. Elected representatives want to hear from voters back home.
You’ll most likely get a meeting with a staff person, and that’s great. Staffers usually know more about the specific details of issues than the representative does.
When you make the call and set up the meeting, be sure you say which organization you represent or if you’re a solo concerned citizen, where you live and the issue that you want to discuss.
Prepare For Your Meeting
Do your research and be prepared. You have the opportunity to be a local expert and help shape the thinking of your elected official.
Who are you representing? Try to bring a petition or a letter that has numerous signatories to the meeting. Show that you’re representing a community of people that will be affected by the change you’re calling for.
Bring research. Consider making a folder or an information packet with research, white papers, local stories and contact information. If your issue is a digital rights related issue, visit EFF.org for helpful resources.
Prepare stories. A fantastic way to communicate the need for reform is by sharing stories. Politicians often repeat stories to make a case, so be prepared to share yours.
Have a website and contact information ready to share. Try to have a website and business card ready in advance of your meeting. This will help the staff person find you, your community and your position in the future.
Consider organizing a small delegation. Bring a group of stakeholders that all have diverse stories to share. The more real people and constituent numbers that you can tie to an issue the better.
After your meeting, send a thank-you email to the person who met with you. In your email, be sure to include information and one or two links that you want your representative to consider. Try to set up another meeting if you feel that you didn’t get to finish making your case. Always be polite and gracious and don’t overload the staffer with more information than she’ll realistically read.
If your contact responds with questions, this is a good sign — and, by all means, answer them. This is a chance for you to become an expert that your representative contacts on digital rights issues. Remember that lobbying is all about building relationships, so try to keep the conversation going and meet again.
San Francisco — The Electronic Frontier Foundation (EFF) and a coalition of advocacy groups have asked a Federal appeals court to block record labels’ attempt to thwart Federal law in Capitol v. Vimeo — a case that could jeopardize free speech and innovation and the sites that host both.
In this lawsuit, the record labels sued online video site Vimeo, alleging that dozens of sound recordings were infringed in videos posted on the site. A ruling from a district court judge earlier this year found Vimeo could be responsible for copyright infringement, and in doing so imposed new, impossibly high standards for websites hosting user-generated content. In an amicus brief filed Wednesday, EFF argues that the decision undermines the safe harbors created by the Digital Millennium Copyright Act (DMCA), and the innovation and expression those safe harbors make possible.
“The safe harbors give websites a clear set of rules. If they follow the law in their response to complaints from copyright owners, then they can predict and manage their exposure to lawsuits and other legal challenges,” said EFF Intellectual Property Director Corynne McSherry. “The safe harbors are critical to the Internet’s success as a forum for innovative art, discussion, and expression of all kinds, forestalling crippling litigation that would force most websites to close their doors. Yet the district court created new liability, contrary to the law and the intent of Congress.”
At issue in Capitol v. Vimeo are videos that Vimeo employees viewed or interacted with, as well as pre-1972 sound recordings, which receive different copyright protection than post-1972 works. Essentially, the decision would seem to offer service providers an impossible choice: scour the website for any content that anyone could argue might include pre-1972 audio and thereby potentially lose safe harbor protections, or risk expensive copyright litigation.
“This is exactly the result that Congress was trying to avoid with the safe harbors — without them service providers unwilling to risk being sued may decide not to host videos and other works with audio at all,” said EFF Staff Attorney Vera Ranieri. “We hope the appeals court steps in to reinforce the law and protect free speech and innovation online.”
Also joining EFF’s brief are the Center for Democracy and Technology, New Media Rights, the Organization for Transformative Works, and Public Knowledge.
This article by activist Nadia Kayyali was published by the Electronic Frontier Foundation on July 29.
On Tuesday, Senator Patrick Leahy introduced a revised version of his USA FREEDOM legislation, the USA FREEDOM Act of 2014, which focuses on telephone record collection and FISA court reform. While this bill is not a comprehensive solution to overly broad and unConstitutional surveillance, it is a strong first step. The Electronic Frontier Foundation urges Congress to support passage of the bill without any amendments that will weaken it.
The USA FREEDOM Act Of 2014 Will End Bulk Collection Of Phone Records Under Section 215
EFF, along with other groups, made it clear that we would not support any legislation that did not effectively end bulk collection of call detail records. The Senate version of USA FREEDOM achieves this goal, by limiting collection to instances where there is reasonable suspicion that a “specific selection term” is associated with international terrorism.
The House version of USA FREEDOM used murky language around the phrase “specific selection term,” in particular, raising concerns that a “specific selection term” could include an entire ZIP code or other similarly broad terms. For purposes of collection of call detail records where there is reasonable suspicion, the Senate version continues to use the definition that a specific selection term is an “individual, account, or personal device.” However, for any other purpose, the term must narrowly limit the scope of a request for information and cannot include a broad geographic region or an entire electronic communications service provider.
The USA FREEDOM Act Of 2014 Makes Significant Improvements To The FISA Court
The new USA FREEDOM makes two key changes to the secretive FISA Court process. First, we were pleased to see that it creates a special advocate position that will serve as an amicus in the court and is intended to advocate for civil liberties and privacy.
Second, it directs the Office of the Director of National Intelligence, in consultation with the Attorney General, to declassify “significant” FISA Court opinions. EFF would have preferred that this process be overseen directly by the Attorney General, with input from the FISA Court itself. On the other hand, the new USA FREEDOM bill actually defines “significant” (the original USA FREEDOM bill did not), and this definition includes any novel interpretation of “specific selection term.”
The legislation also makes several other improvements. When USA FREEDOM was originally introduced, EFF was concerned that it would codify “about” searches — the practice of searching for any communication that references a target, in addition to communications to and from a target. EFF was deeply concerned that this controversial practice would be written into law, and glad that the Senate version removes any reference to that form of searching.
The new legislation also has some small improvements to the initiation and judicial review procedure for national security letters — secretive FBI orders for data that are accompanied by gag orders — as well as pen register and trap-and-trace devices. The bill creates new reporting requirements for the government — including a requirement that the government estimate how many citizens have been affected by backdoor warrantless searches of information collected under the authority of Section 702 of the FISA Amendments Act. And finally, the bill creates a new option for companies to report on national security requests.
What The USA FREEDOM Act Of 2014 Doesn’t Do
First and foremost, the USA FREEDOM Act of 2014 does not adequately address Section 702 of the FISA Amendments Act, the problematic 2008 law that the government argues gives it the right to engage in mass Internet surveillance. EFF remains committed to reform of Section 702. EFF intends to pursue further reforms to end the National Security Agency’s abuse of this authority.
The legislation also does not affect Executive Order 12333, which has been interpreted by the NSA to allow extensive spying both on foreigners and U.S. citizens abroad. Strictly speaking, we don’t need Congress to fix this — the President could do it himself — but legislation would ensure that a later President couldn’t reinstate 12333 on her own.
The legislation may not completely end suspicionless surveillance. With respect to call detail records, it allows the NSA to get a second set of records (a second “hop”) with an undefined “direct connection” to the first specific selection term. Because the “direct connection” standard is vague, the government may seek to construe that phrase to mean less than reasonable suspicion.
Finally, as with all legislation up to this point, the new USA FREEDOM continues to exclude meaningful protections for the rights of non-citizens.
A Meaningful First Step
The USA FREEDOM Act of 2014 is a real first step because it creates meaningful change to NSA surveillance right now, while paving the way for the public to get more information about what the NSA is doing. We believe that this legislation will help ensure that the NSA reform conversation in Congress continues, rather than shutting it down. That’s why we urge Congress to support the Senate version of USA FREEDOM and pass it without any changes that will weaken its provisions.
This story originally appeared Wednesday, July 16, 2014 at the website of the Electronic Frontier Foundation.
Court of Appeals Agrees to Expedite Case Over Telephone Records Collection
Coeur d’Alene, Idaho – The Electronic Freedom Foundation (EFF), the American Civil Liberties Union (ACLU) and the American Civil Liberties Union of Idaho have announced they will join Anna Smith’s legal team in her challenge of the government’s bulk collection of the telephone records of millions of innocent Americans.
Smith, an emergency neonatal nurse and pregnant mother of two, filed her suit against President Obama and several U.S. intelligence agencies shortly after the government confirmed revelations that the National Security Agency (NSA) was conducting bulk collection of telephone records under Section 215 of the Patriot Act. Smith, a customer of Verizon wireless, one of the companies that was ordered to disclose records to the NSA, argued the program violated her First and Fourth Amendment rights by collecting a wealth of detail about her familial, political, professional, religious and intimate associations.
“When I found out that the NSA was collecting records of my phone calls, I was shocked,” said Smith, who is also represented by her husband, Peter J Smith IV, and Idaho State Rep. Luke Malek. “I have heard of other governments spying indiscriminately on their own citizens, but I naively thought it did not happen in America. I believe who I call, when I call them, and how long we talk is not something the government should be able to get without a warrant. I sued because I believe the Constitution protects my calls from government searches. I am thrilled that the American Civil Liberties Union and Electronic Frontier Foundation agreed to assist us in this case. What Americans can reasonably expect to remain private is an issue of monumental importance.”
When U.S. District Judge Lynn Winmill dismissed Smith’s case, he expressed grave concerns about the privacy implications of the NSA’s surveillance but said that he believed that a 1979 Supreme Court case about targeted surveillance tied his hands. Smith is now appealing to the Ninth Circuit Court of Appeals.
EFF and the ACLU have each litigated numerous First and Fourth amendment lawsuits, including ongoing cases over this very NSA program. The ACLU is a plaintiff in a case currently pending before the Second Circuit Court of Appeals to be heard in early September. EFF has two cases before the Northern California Federal court. Smith v. Obama represents another opportunity to halt this mass surveillance.
“Anna Smith proves that a single citizen has the power to stand up for her rights and challenge the government when it tramples them,” EFF Legal Director Cindy Cohn said. “EFF is proud to lend our expertise in pursuing her appeal, which could very well be one of the cases that makes it to the Supreme Court.”
The court has granted Smith’s motion to expedite the case, with the opening brief due on Sept. 2, 2014.
“The call records program needlessly invades the privacy of millions of people,” said ACLU Deputy Legal Director Jameel Jaffer. “Even the President has acknowledged that the NSA does not need to collect information about every phone call in order to track the associations of suspected terrorists. Dragnet surveillance on this scale is both unconstitutional and unnecessary.”
This article first appeared July 11 on the website of the Electronic Frontier Foundation.
By Eva Galperin and Nadia Kayyali
Imagine that you watched a police officer in your neighborhood stop ten completely ordinary people every day just to take a look inside their vehicle or backpack. Now imagine that nine of those people are never even accused of a crime. They just happened to be in the wrong place at the wrong time. Even the most law-abiding person would eventually protest this treatment. In fact—they have.
Now replace police officers with the NSA. The scenario above is what the NSA is doing with our communications, under cover of its twisted interpretation of Section 702 of the FISA Amendments Act. The Washington Post has revealed that “Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets.” Additionally, “[n]early half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents.”
The thousands of pages of documents that provide that basis for the article are not raw content. Rather, as Barton Gellman, one of the authors of the article states in a follow up published several days later states: “Everything in the sample we analyzed had been evaluated by NSA analysts in Hawaii, pulled from the agency’s central repositories and minimized by hand after automated efforts to screen out U.S. identities.”
What that means is that if you’re on the Internet, you’re in the NSA’s neighborhood—whether you are in the U.S. or not. And like those who protest unjust policies like stop and frisk in their cities, you should be protesting this treatment.
This revelation is significant because it proves the point privacy and civil liberties advocates have been making for years: NSA surveillance is not narrowly targeted. EFF’s legal fight against the NSA’s warrantless mass surveillance program has been ongoing since 2006, but The Washington Post’s statistics about 160,000 intercepts they have analyzed from the Snowden files indicate that even what the NSA calls “targeted” surveillance is far from narrow in scope. In fact, it is so bloated that we should all be questioning its necessity and efficacy at this point. Taken hand in hand with The Intercept’s article outlining the targeting of five civil rights and political leaders from the Muslim-American community, our outrage should be palpable.
What’s more, the report comes on the heels of a debate specifically about Section 702 that has been brewing in Congress for months, as civil liberties champions like Senator Ron Wyden and Representative Zoe Lofgren question and work to address how the NSA uses this authority. This revelation should make it clear to the Senate when it considers the USA FREEDOM Act: Section 702 needs to be reformed. Cosmetic changes to NSA spying, or even substantive changes to Section 215 bulk telephone records collection, are insufficient. Unbridled, unconstitutional collection of the contents of communications needs to end.
The Washington Post article is based on a comprehensive review of thousands of pages of documents. In fact, as the article points out: “No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance Court, intelligence committees in Congress or the president’s Privacy and Civil Liberties Oversight Board, has delved into a comparably large sample of what the NSA actually collects.” What’s more, these are documents that government officials have repeatedly insisted Edward Snowden would never have been able to access.
Regardless of the government’s denials, Snowden did have these documents, and now we know at least some of what they contained. So does Congress. So there’s no excuse anymore for the type of maneuvering that led to the gutting of USA FREEDOM in the House. More importantly, there’s no excuse for the Senate to ignore Section 702 when it considers USA FREEDOM.
Real NSA reform from Congress will, among other things, shut the backdoor that allows the NSA to access American’s communications. It will also end collection of communications “about” a target.
Of course, none of this solves the problem of how NSA surveillance affects non-U.S. persons. One of the shocking things about The Washington Post’s article is its description of the communications intercepted:
Scores of pictures show infants and toddlers in bathtubs, on swings, sprawled on their backs and kissed by their mothers. In some photos, men show off their physiques. In others, women model lingerie, leaning suggestively into a webcam or striking risque poses in shorts and bikini tops.
We are no longer talking about statistics. We are talking about real people going about their daily lives. It is not surprising to learn that in the course of its investigations, the NSA gathers up a considerable number of communications that prove to be insignificant, irrelevant, or (as is the case with communications between US persons) outside the scope of their work. What is shocking is that the NSA keeps this enormous trove of personal data about people it should not be watching in the first place. It appears that the unspoken coda to General Alexander’s “collect it all” motto is “and never throw it away.”
The bottom line is this: The Internet is a global neighborhood. We shouldn’t feel unsafe there. But the NSA doesn’t seem to care.
The good news is, we can do something. Take action now. Go to https://www.standagainstspying.org and see how your elected representative stacks up when it comes to reforming the NSA, tweet at them, and send a letter to President Obama urging him to use his executive authority to reform the NSA now. You can also take action by contacting lawmakers here. If you are overseas, you can sign the letter to President Obama. You can also endorse the Necessary and Proportionate principles. Take back the Internet.
This post, written by EFF Global Policy Analyst Maria Sutton, was originally published on the foundation’s website July 8.
EFF is in Ottawa this week for the Trans-Pacific Partnership (TPP) negotiations, to influence the course of discussions over regressive digital policy provisions in this trade agreement that could lead to an increasingly restrictive Internet. But this round is different from the others—the secrecy around the talks is wholly unprecedented. The Canadian trade ministry, who is hosting this round of talks, has likely heightened the confidentiality due to the mass public opposition that is growing against this undemocratic, corporate-driven trade deal.
So for this negotiation, we had to rely on rumors and press reports to know when and where it was even happening. At first, there were confirmed reports that the next TPP meeting would take place at a certain luxury hotel in downtown Vancouver. So civil society began to mobilize, planning events in the area to engage users and members of the public about the dangers of TPP. Then seemingly out of the blue, the entire negotiating round was moved across the country to Ottawa. There’s no way to confirm whether this was a deliberate misdirection, but either way it felt very fishy.
Already given this level of secrecy, it goes without saying that there will be no room for members of civil society or the public to engage directly with TPP negotiators. Towards the beginning of TPP talks, we were given 15 minutes to present to stakeholders, in addition to a stakeholder event that allowed us to hang around a big room to meet and pass information to negotiators who walked by. Then it was cut down to ten minutes (after we made some noise that it was going to be cut down to a mere eight minutes). In the following rounds, the stakeholder event was completely removed from the schedules of the official rounds. These didn’t provide sufficient time to convey to negotiators about the major threats we saw in this agreement, so those events already seemed to be a superficial nod to public participation. But now, they don’t even pretend to give us their ear.
As we watch TPP crawl its way towards getting finalized, signed, and eventually taint our laws with its one-sided corporate agenda, we need to continue to remember this fact: laws made in secret, with no public oversight or input, are illegitimate. That is not how law is made in democracies. If we’re to defend the fundamental democratic rule that law is based on transparent, popular consensus, we need to fight back against an agreement that engages in such a secretive, corporate-captured process.
This post, written by technology projects director Peter Eckersley and staff technologist Jeremy Gillula, was originally published on the EFF website.
Do you own an Android device? Is it less than three years old? If so, then when your phone’s screen is off and it’s not connected to a Wi-Fi network, there’s a high risk that it is broadcasting your location history to anyone within Wi-Fi range who wants to listen.
This location history comes in the form of the names of wireless networks your phone has previously connected to. These frequently identify places you’ve been, including homes (“Tom’s Wi-Fi”), workplaces (“Company XYZ office net”), churches and political offices (“County Party HQ”), small businesses (“Toulouse Lautrec’s house of ill-repute”), and travel destinations (“Tehran Airport wifi”). This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you’ve spent enough time to use the Wi-Fi. Normally, eavesdroppers would need to spend some effort extracting this sort of information from the latititude/longitude history typically discussed in location privacy analysis. But even when networks seem less identifiable, there are ways to look them up.
The Electronic Frontier Foundation briefly mentioned this problem during our recent post about Apple deciding to randomize MAC addresses in iOS 8. As EFF pointed out there, Wi-Fi devices that are not actively connected to a network can send out messages that contain the names of networks they’ve joined in the past in an effort to speed up the connection process. But after writing that post, EFF became curious just how many phones actually exhibited that behavior, and if so, how much information they leaked. To our dismay, we discovered that many of the modern Android phones EFF tested leaked the names of the networks stored in their settings (up to a limit of 15). And when EFF looked at these network lists, we realized that they were, in fact, dangerously precise location histories.
Aside from Android, some other platforms also suffer from this problem and will need to be fixed, although for various reasons, Android devices appear to pose the greatest privacy risk at the moment.
In Android EFF traced this behavior to a feature introduced in Honeycomb (Android 3.1) called Preferred Network Offload (PNO). PNO is supposed to allow phones and tablets to establish and maintain Wi-Fi connections even when they’re in low-power mode (i.e. when the screen is turned off). The goal is to extend battery life and reduce mobile data usage, since Wi-Fi uses less power than cellular data. But for some reason, even though none of the Android phones EFF tested broadcast the names of networks they knew about when their screens were on, many of the phones running Honeycomb or later (and even one running Gingerbread) broadcast the names of networks they knew about when their screens were turned off.
Response From Google
When EFF brought this issue to Google’s attention, it responded:
We take the security of our users’ location data very seriously and we’re always happy to be made aware of potential issues ahead of time. Since changes to this behavior would potentially affect user connectivity to hidden access points, we are still investigating what changes are appropriate for a future release.
Additionally, yesterday a Google employee submitted a patch to wpa_supplicant that fixes this issue. While we are glad this problem is being addressed so quickly, it will still be some time before that fix gets integrated into the downstream Android code. And even then, Android fragmentation and the broken update process for non-Google Android devices could delay or even prevent many users from receiving the fix. (We hope Google can make progress on this problem, too.)
Protective Steps You Can Take Today
With that said, a workaround is available (for most devices) for users who want to protect their privacy right now: Go into your phone’s “Advanced Wi-Fi” settings and set the “Keep Wi-Fi on during sleep” option to “Never.” Unfortunately, this will cause a moderate increase in data usage and power consumption — something users shouldn’t have to do in order to keep their phone from telling everyone everywhere they’ve been.
Unfortunately, on at least one device we tested — a Motorola Droid 4 running Android 4.1.2 — even this wasn’t sufficient. On the Droid 4, and perhaps on other phones, the only practical way to prevent the phone from leaking location is to manually forget the networks you don’t want broadcast, or disable Wi-Fi entirely whenever you aren’t actively connecting to a known Wi-Fi network. You can also find apps that will do this automatically for you.
Location history is extremely sensitive information. We urge Google to ship their fix as soon as possible, and other Android distributors to offer prompt updates containing it.
San Francisco - The Electronic Frontier Foundation (EFF) today filed a Freedom of Information Act (FOIA) lawsuit against the NSA and the Office of the Director of National Intelligence (ODNI) to gain access to documents showing how intelligence agencies choose whether to disclose software security flaws known as “zero days.”
A zero day is a previously unknown security vulnerability in software or online services that a researcher has discovered, but the developers have not yet had a chance to patch. A thriving market has emerged for these zero days; in some cases governments—including the United States—will purchase these vulnerabilities, which they can use to gain access to targets’ computers.
In April 2014, Bloomberg News published a story alleging that the NSA had secretly exploited the “Heartbleed” bug in the OpenSSL cryptographic library for at least two years before the public learned of the devastating vulnerability. The government strongly denied the report, claiming it had a developed a new “Vulnerability Equities Process” for deciding when to share vulnerabilities with companies and the public. The White House’s cybersecurity coordinator further described in a blog post that the government had “established principles to guide agency decision-making” including “a disciplined, rigorous and high-level decision-making process for vulnerability disclosure.” But the substance of those principles has not been shared with the public.
EFF filed a FOIA request for records related to these processes on May 6 but has not yet received any documents, despite ODNI agreeing to expedite the request.
“This FOIA suit seeks transparency on one of the least understood elements of the U.S. intelligence community’s toolset: security vulnerabilities,” EFF Legal Fellow Andrew Crocker said. “These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country.”
Over the last year, U.S. intelligence-gathering techniques have come under great public scrutiny. One controversial element has been how agencies such as the NSA have undermined encryption protocols and used zero days. While an intelligence agency may use a zero day it has discovered or purchased to infiltrate targeted computers or devices, disclosing its existence may result in a patch that will help defend the public against other online adversaries, including identity thieves and foreign governments that may also be aware of the zero day.
“Since these vulnerabilities potentially affect the security of users all over the world, the public has a strong interest in knowing how these agencies are weighing the risks and benefits of using zero days instead of disclosing them to vendors,” Global Policy Analyst Eva Galperin said.
Unfortunately, it appears that the lure of bulk surveillance is not just a temptation for the Federal government. Last summer, about a month after new leaks exposed the NSA’s bulk content PRISM program, Cyrus Vance, Jr., the District Attorney for Manhattan, decided to go secretly fishing through 381 Facebook accounts, and wanted to ensure no one was allowed to stop him.
The DA was looking for evidence of disability fraud, and saw Facebook as a treasure trove. Many people put their lives online, sharing their daily ups and downs with a steady stream of photos, comments, and wall posts to friends and family. Perhaps some of them, after claiming a disability, would post a windsurfing selfie or write about their marathon training, and evidence their fraud.
So the DA put together nearly 400 search warrants, which ordered Facebook to provide near total access to the accounts, and gagged the social media giant from informing the users. Facebook reports that this “unprecedented request is by far the largest we’ve ever received — by a magnitude of more than ten.” According to Facebook’s appeals brief, the targets included a cross-section of America “from high schoolers to grandparents, … electricians, school teachers, and members of our armed services.”
Facebook’s brief explains that the warrants sought “information that cannot possibly be relevant to the crimes the Government presumably continues to investigate,” including what “Group” people belong to (and who else is in that group), chat messages, private messages, friends list (including removed friends) and even past and future events. And indeed, for the vast majority of the target, the information was not relevant to any crime. Only 62 people were ultimately charged.
Sometimes “come back with a warrant” is not enough. The warrant must also conform to constitutional limitations, narrowly seeking evidence of a crime with particularity, based on probable cause. It is not a license for the government to rifle through the private lives of anyone it suspects. As the Supreme Court recognized just yesterday, the Fourth Amendment was the founding generation’s response to the reviled “general warrants” and “writs of assistance” of the colonial era, which allowed British officers to rummage through homes in an unrestrained search for evidence of criminal activity.
Facebook rightly challenged this overboard pile of warrants. Indeed, it was the only entity that could. The gag order prevented Facebook from giving notice, so none of the users was in a position to assert their constitutional rights, or even know those rights were in danger.
Nevertheless, the DA disputed Facebook’s right to challenge the warrant in court, and the New York State trial court agreed, holding that “it is the Facebook subscribers who could assert an expectation of privacy in their posting, not the digital storage facility, or Facebook.” The court reasoned that this wouldn’t be a problem, because a criminal defendant could move to suppress the evidence before trial.
But what about the users who are never charged? The court never grapples with that issue, perhaps not realizing that ultimately 80% would not be the fraudsters the DA was looking for. Instead, the opinion moves on to justify the non-disclosure provisions by raising the specter of evidence tampering by the users.
Under this pair of holdings, no one is allowed to challenge the authority of the DA in court. Facebook is not allowed and the users don’t know. (Ironically, in an earlier case involving Twitter, the court had found that the user had no rights to challenge the NY DA’s data demand on Twitter). To paraphrase yesterday’s landmark Supreme Court ruling, the Founders did not fight a revolution to gain Fourth Amendment rights that no one can assert.
Facebook has appealed this dangerous precedent, seeking to “invalidate these sweeping warrants and to force the government to return the data it has seized and retained.” And, nearly a year after the warrants issued, the case has been unsealed. But, despite a temporary stay, Facebook was eventually forced to comply, and the DA continues to hold a digital dossier of the lives of over 300 people never charged with a crime.
Facebook’s appeal is well grounded. The Stored Communications Act, upon which the court relied to issue the warrants, specifically allows for service providers to challenge court orders. On the merits, the overly broad warrants go beyond what the Constitution permits by failing to identify with particularity the criminal evidence to be seized, and failing to put in place procedures to protect the privacy of the people whose lives were invaded by the government.
The information cannot be undisclosed, but the New York appeals court can still help right this wrong by overturning the erroneous criminal court decision, quashing the warrants and requiring the DA to destroy the ill-gotten evidence.
Claim The Ultimate Privacy Guide (a $79.95 value) FREE when you subscribe to Personal Liberty Digest™ today.
Thegovernment’s assault on your personal liberties, including transgressions by the NSA and IRS, proves NOTHING IS OFF-LIMITS! But they’re not your only enemy. In your FREE copy of The Ultimate Privacy Guide discover simple, effective strategies for making Big Business and Big Government BUTT OUT of your personal life!
We will not sell or rent your email address to anyone for any reason. You can un-subscribe at any time.
Look Inside The Ultimate Privacy Guide
The unconstitutional assault on America's civil liberties is continuing with fanatical vigor thanks to the government's gross misuse of power, including transgressions by the NSA and IRS. NOTHING IS OFF-LIMITS! Government SPYING and MANIPULATION is now becoming the American way. But they’re not your only enemy. In your FREE copy of The Ultimate Privacy Guide you'll discover how to:
Keep your home secure and private!
Avoid online identity theft!
Keep financial information secure and private!
Avoid harassing phone calls!
Keep snoops out of your personal communications including emails!