When Congress heads home, head to your elected representatives’ office or town hall

This article by legislative analyst Mark M. Jaycox and activist Nadia Kayyali originally appeared on the website of the Electronic Frontier Foundation

When your elected representatives are in their home districts, it’s a chance for you to hear — in person — what they have to say about surveillance. Even while in session, Congress takes recesses. The House majority leader schedule and the Senate calendar can help you figure out when those recesses are taking place.

Now is an especially important time to talk to lawmakers. It’s been nearly two years since the first disclosure from Edward Snowden. And one of the laws being used to spy on everyday Americans — Section 215 of the Patriot Act — is set to expire in June. But some lawmakers want to prevent any NSA reform. Senate Majority Leader Mitch McConnell has introduced a piece of legislation that would reauthorize Section 215 of the USA Patriot Act — the provision used by the NSA to collect the call records of innocent Americans in bulk — until 2020.

We urge you to set up a meeting with your lawmaker, or visit his town hall meeting (often displayed on his website), and demand answers about NSA spying.

Here are some suggested questions, which we’ve also provided as a printable pdf:

  1. It’s been almost two years since the Guardian published the first Snowden leak, but Congress hasn’t done anything to fix the NSA. Section 215 of the Patriot Act is expiring on June 1. What do you plan to do this Congress to reform the Patriot Act? Have you done anything to support NSA reform so far?
  2. We keep hearing that national security justifies the NSA’s intrusive surveillance, especially the bulk collection of everyone’s calling records. But the Privacy and Civil Liberties Oversight Board, the President’s Review Group and senators who are familiar with how bulk phone records collection works have all said we don’t need the program and that it isn’t essential in keeping us safe. Do you think we need Section 215 of the Patriot Act? If so, why?
  3. Congress intended Section 702 of the FISA Amendments Act to be used to surveil suspected foreign targets. But because of leaks, we know that Section 702 is used to collect totally domestic American communications. That seems a far cry from foreign intelligence collection. How can we fix Section 702?
  4. Director of National Intelligence James Clapper admitted that the NSA collects and searches Americans’ private communications without a warrant. Do you think it’s right for the NSA to exploit the so-called Section 702 “backdoor” to Americans’ phone calls and emails simply because they were captured incidentally?
  5. Executive Order 12333 is an order signed by President Ronald Reagan that outlines the roles and conduct of intelligence agencies. We know hardly anything about how the government uses this document, although the NSA has admitted that it uses the order for bulk collection. What role does, and should, Congress play in overseeing the use of Executive Order 12333?
  6. In 2014, security vulnerability Heartbleed and others got widespread attention. These security weaknesses were disclosed by researchers, not the government. In fact, the government has admitted that if it sees a “national security or law enforcement need” it may hide vulnerabilities, implying that the government exploits these vulnerabilities for intelligence purposes. We don’t know how the government decides when to let the public know about these dangerous vulnerabilities. What kind of oversight does Congress have over these matters?
  7. Both the FBI and NSA directors have urged companies to install security “backdoors” into hardware or software. They claim that these backdoors would only be accessible to the U.S. government. But tech companies and security experts have retorted that this is impossible and dangerous; security backdoors make products and services, and by extension the Internet, less secure for everyone. There have also been several legislative efforts to prohibit the NSA from mandating security backdoors in products and services. Have you supported these efforts? If not, why not?
  8. The New York Times has reported that U.S. companies suffered reputational harm overseas, and even lost business, in the wake of revelations about the extent of NSA spying. This is especially troubling, considering the economic troubles the U.S. has faced in recent years. What do you say to companies and their employees who are concerned that NSA spying is making U.S. tech companies less competitive?
  9. Considering that we’ve been told that there are many levels of oversight, it’s outrageous that most of Congress didn’t know that the government was vacuuming up ordinary people’s information. In fact, we seem to learn about a new spying program every week, though only through unauthorized leaks. It seems that the NSA wants to keep everything classified. And that prevents even you, a member of Congress, from knowing what’s going on or telling us what you know. Do you agree that too much secrecy is part of the problem here? How would you fix that?

In addition to asking lawmakers questions in person, you can also take action now by calling Congress at Fight215.org.

Automakers say you don’t really own your car

This article by staff attorney Kit Walsh originally appeared on the website of the Electronic Frontier Foundation

The Electronic Frontier Foundation is fighting for vehicle owners’ rights to inspect the code that runs their vehicles and to repair and modify their vehicles, or have a mechanic of their choice do the work. At the moment, the anti-circumvention prohibition in the Digital Millennium Copyright Act arguably restricts vehicle inspection, repair and modification. If EFF is successful, then vehicle owners will be free to inspect and tinker, as long as they don’t run afoul of other regulations, such as those governing vehicle emissions, safety or copyright law.

You can support EFF’s exemption requests by adding your name to the petition we’ll submit in the rulemaking.

Most of the automakers operating in the U.S. filed opposition comments through trade associations, along with a couple of other vehicle manufacturers. They warn that owners with the freedom to inspect and modify code will be capable of violating a wide range of laws and harming themselves and others. They say you shouldn’t be allowed to repair your own car because you might not do it right. They say you shouldn’t be allowed to modify the code in your car because you might defraud a used car purchaser by changing the mileage. They say no one should be allowed to even look at the code without the manufacturer’s permission because letting the public learn how cars work could help malicious hackers, “third-party software developers” (the horror!), and competitors.

John Deere even argued that letting people modify car computer systems will result in them pirating music through the on-board entertainment system, which would be one of the more convoluted ways to copy media (and the exemption process doesn’t authorize copyright infringement, anyway).

The parade of horribles makes it clear that it is an extraordinary stretch to apply the DMCA to the code that runs vehicles. The vast majority of manufacturers’ concerns have absolutely nothing to do with copyright law. And, as the automakers repeatedly point out, vehicles are subject to regulation by other government agencies with subject matter expertise, which issue rules about what vehicles are and are not lawful to operate on public roadways.

The DMCA essentially blundered into this space and called all tinkering and code inspection into question, even acts that are otherwise lawful like repairing your car, making it work better at high altitude, inspecting the code to find security and safety issues, or even souping it up for use in races on a private course. We’re presenting the Copyright Office with the opportunity to undo this collateral damage and leave regulating auto safety to specialized agencies, who understandably have not seen fit to issue a blanket prohibition against vehicle owners’ doing their own repairs and safety research.

Here’s how you can help. The opponents of the vehicle exemptions say that no one really cares about the restrictions they place on access to vehicle code, so the Copyright Office should deny the exemptions. Now, we cited a number of projects, and thousands of people wrote to the office to support the exemptions, but we are confident there are even more projects, businesses and individuals out there who need these exemptions and it would be a shame if the Copyright Office didn’t know it.

If you have had problems with vehicle repair or tinkering because you were locked out of your vehicle’s computers, if you would have engaged in a vehicle-related project but didn’t because of the legal risk posed by the DMCA, or if you or your mechanic had to deal with obstacles in getting access to diagnostic information, then we want to hear from you — and the Copyright Office should hear from you, too.

Email us at 1201cars@eff.org to let us know. It will help strengthen our case for the Copyright Office. We can also incorporate your comments anonymously, if you’d prefer.

Fast track bill would legitimize White House secrecy and clear the way for anti-user trade deals

This article by senior global policy analyst Jeremy Malcolm and global policy analyst Maira Sutton originally appeared on the website of the Electronic Frontier Foundation. 

Following months of protest, Congress finally put forth bicameral Fast Track legislation on April 16 to rush trade agreements like the Trans-Pacific Partnership (TPP) and the Transatlantic Trade and Investment Partnership (TTIP) through Congress. Sens. Orrin Hatch and Ron Wyden, and Rep. Paul Ryan, respectively, introduced the bill, titled the Bipartisan Congressional Trade Priorities and Accountability Act of 2015. With Fast Track, lawmakers will be shirking their constitutional authority over trade policy, letting the White House and the U.S. trade representative pass Internet rules in backroom meetings with corporate industry groups. If this passes, lawmakers would have only a small window of time to conduct hearings over trade provisions and give a yea-or-nay vote on ratification of the agreement without any ability to amend it before they bind the United States to its terms.

The Fast Track bill contains some minor procedural improvements from the version of the bill introduced last year. However, these fixes will do little to nothing to address the threats of restrictive digital regulations on users’ rights in the TPP or TTIP. The biggest of these changes is language that would create a new position of chief transparency officer that would supposedly have the authority to “consult with Congress on transparency policy, coordinate transparency in trade negotiations, engage and assist the public, and advise the United States Trade Representative on transparency policy.”

However, given the strict rules of confidentiality of existing, almost completed trade deals and those outlined in the Fast Track bill itself, we have no reason to believe that this officer would have much power to do anything meaningful to improve trade transparency, such as releasing the text of the agreement to the public prior to the completion of negotiations. As it stands, the text has to be released to the public only 60 days before it is signed, at which time the text is already locked down from any further amendments.

There is also a new “consultation and compliance” procedure, about which Public Citizen writes [pdf]:

The bill’s only new feature in this respect is a new “consultation and compliance” procedure that would only be usable after an agreement was already signed and entered into, at which point changes to the pact could be made only if all other negotiating parties agreed to reopen negotiations and then agreed to the changes (likely after extracting further concessions from the United States). That process would require approval by 60 Senators to take a pact off of Fast Track consideration, even though a simple majority “no” vote in the Senate would have the same effect on an agreement.

Thus, essentially the Fast Track bill does the same as it ever did: tying the hands of Congress so that it is unable to give meaningful input into the agreement during its drafting or to thoroughly review the agreement once it is completed.

A main feature of the bill is its negotiation objectives, which set the parameters within which the president is authorized to negotiate the agreement. If Congress considers that the text ultimately deviates from these objectives, it can vote down the agreement. Some of these negotiation objectives have been added or changed since the previous Fast Track bill, but none of these provide any comfort to us on the troubling issues from the “Intellectual Property,” “E-Commerce” and “Investment” chapters of the TPP. Indeed, some of the new text raises concerns. For example:

  • Governments are to “refrain from implementing trade-related measures that impede digital trade in goods and services, restrict cross-border data flows, or require local storage or processing of data”. Data flows and the location of the processing of data aren’t solely or even primarily trade issues; they are human rights issues that can affect privacy, free expression and more. The discussion about whether laws that require local storage and processing of certain kinds of sensitive personal data are protective of user rights, for instance, cannot take place in the secret enclaves of a trade negotiation. The bill does allow for exceptions as required to further “legitimate policy objectives”, but only where these “are the least restrictive on trade” and “promote an open market environment”.
  • Trade secrets collected by governments are to be protected against disclosure except in “exceptional circumstances to protect the public, or where such information is effectively protected against unfair competition”. But there are other cases in which there may be an important public interest in the disclosure of such trade secrets, such as where they reveal past misdeeds, or throw transparency onto the activities of corporations executing public functions.

But more troubling than what has been included in the negotiating objectives, is what has been excluded. There is literally nothing to require balance in copyright, such as the fair use right. On the contrary; if a country’s adoption of a fair use style right causes loss to a foreign investor, it could even be challenged as a breach of the agreement, under the investor-state dispute settlement (ISDS) provisions. Further, the “Intellectual Property” section of today’s bill is virtually identical to the version introduced in 2002, and what minor changes there are do not change the previous text’s evident antipathy for fair use. So while the new bill has added, as an objective, “to ensure that trade agreements foster innovation and promote access to medicines,” an unchanged objective is “providing strong enforcement of intellectual property rights.” What happens if those two objectives are in conflict? For example, in many industries, thin copyright and patent restrictions have proven to be more conducive to innovation than the thick, “strong” measures the bill requires. Some of our most innovative industries have been built on fair use and other exceptions to copyright — and that’s even more obvious now than it was in 2002. The unchanged language suggests the underlying assumption of the drafters is that more IP restrictions mean more innovation and access, and that’s an assumption that’s plainly false.

All in all, we do not see anything in this bill that would truly remedy the secretive, undemocratic process of trade agreements. Therefore, EFF stands alongside the huge coalition public interest groups, professors, lawmakers and individuals who are opposed to Fast Track legislation that would legitimize the White House’s corporate-captured, backroom trade negotiations. The Fast Track bill will likely come to a vote by next week — and stopping it is one surefire way to block the passage of these secret, anti-user deals.

Read the text of the Bipartisan Congressional Trade Priorities and Accountability Act of 2015 here.

Digital freedom group offers tips for recording cops

This post, written by EFF activist Nadia Kayyali, originally appeared on the foundation’s website.

There are some very disturbing videos circulating the Internet right now, depicting the deaths of unarmed civilians at the hands of trained, armed men. Many of these videos even show individuals being shot in the back, or as they try to flee.

These are videos of police officers in America killing unarmed black men like Oscar Grant and Eric Garner. And, as the most recent case shows, without these recordings, much of America might not have any idea exactly how much of a problem this is.

Citizen videos of law enforcement encounters are more valuable than ever. And for those who are wondering— it is legal to record the police.

The police don’t always seem aware of this. There have been incidents across the country of police telling people to stop filming, and sometimes seizing their camera or smartphone, or even arresting them, when they don’t comply.

In the most recent citizen-filmed incident to gain widespread media attention, on April 4, white police officer Michael Slager shot and killed 50-year-old black man Walter Scott in the back as he ran away in North Charleston, South Carolina. Bystander Feiden Santana filmed the encounter, which started with a traffic stop. After Santana’s video surfaced, the officer was arrested and charged with murder. Santana said that he is scared of what might happen to him. He also considered deleting the video, and doing nothing with it. And Santana is not the only person who may be intimidated by the prospect of filming the police, with good reason.

That’s why, in addition to EFF Attorney Sophia Cope’s legal analysis highlighting some of the recent case law establishing the right to film police officers, we’re sharing some basic information cop watchers should know.

What courts have said

Courts across the country have held that there is a First Amendment right to openly record the police. Courts have also held, however, that individuals cannot interfere with police operations, and that wiretapping statutes that prohibit secretly recording may apply to recording the police. But underlying these decisions is the understanding that recording the police is constitutionally protected.

Know your rights and be safe

While it has been established that individuals have the right to record the police, what happens on the street frequently does not match the law. Also, if you’re thinking about filming the police, it’s likely you’ll have more police encounters than you otherwise would.

The National Lawyers Guild (NLG) is a bar association that does police accountability work. The National Lawyers Guild Legal Observer program is focused on watching the police at protests. CopBlock and Cop Watch are loosely organized groups that have chapters across the country, and provide resources on filming the police everyday.

Here are the most essential things to keep in mind:

  • Stay calm and courteous, even though the situation may be stressful. Remember—if you get arrested or get into an altercation with the police, you won’t be able to keep filming them!
  • Be sure that you are not interfering with police operations, and stand at a safe distance from any encounter you film.
  • Your right to record audio surreptitiously of police carrying out their duties in public may vary from state to state. You should check your state law to know the fullest extent of your rights, but the lowest risk way to record is to hold your device in plain view of the officers.
  • Do not lie to police officers. If they ask whether you are recording, answer honestly.
  • If the police start interacting with you, treat the encounter as you would any encounter with law enforcement — in fact, you may want to be extra careful, since as the repeated incidents of police seizing cameras and smartphones demonstrate, it may make you more of a target.
  • If you are at a demonstration, police will often issue a dispersal order — in general, they will declare a protest an unlawful assembly and tell people to leave. Unless you are granted permission to stay, that order applies to you, too. If you do not comply, you should expect to be arrested.
  • While it is not legal for an officer to order you to move because you are recording, they may still order you to move. If you do not comply you could be arrested. If you do want to comply, consider complying with the smallest movement possible, and verbally confirming that you are complying with their orders. For example, if you are standing five feet from an officer, and they say “You need to move back,” you might want to consider calmly saying “yes, officer, I am moving back” while taking a few steps back.

Below are some helpful resources and tips related to interacting with and filming the police from these groups and EFF:

  • The National Lawyers Guild (NLG) “Know Your Rights” pamphlet (available in multiple languages) provides basic information you should know for interacting with the police.
  • The NLG Legal Observer Program training manual has tips for filming the police at protests, many of which are useful for filming any encounter.
  • Cop Watch has resources and examples here.
  • EFF’s Know Your Rights guide provides information on what you need to know if the police want to search your electronic devices.

Why focus on citizen recording when departments are implementing bodycams? 

As the conversation about police accountability continues to take place across the country, body cameras are often proposed as a solution, and they are getting a lot of attention in the news right now. “Bodycam” recordings have made a difference in some cases. But many transparency and accountability advocates including EFF, have expressed reasonable doubts about their efficacy.  States are trying to grapple with the many privacy issues they raise, mostly by considering exempting the footage from public records act requests. And while “bodycams” may be a contentious subject, there’s little doubt that it is citizen footage of law enforcement encounters that has really fueled the current debate about police accountability.

Keep taping

As North Charleston Pastor Nelson Rivers said: “If not for the video, we would still be following the narrative from the officer. If not for this video, the story would be entirely different.” Scott’s family agrees. After watching the video, his brother stated: “I think that if that man never showed the video we would not be at the point that we’re at right now.” And North Charleston Councilwoman Dorothy Williams had this to say: “I’m asking all the citizens of North Charleston to continue taping.”

You don’t have to live in North Charleston to know why that’s a good idea.

Disclosure: Nadia Kayyali serves as the Vice-President for the National Lawyers Guild SF Bay Area Chapter, has served on the NLG’s national board, and has been involved with the NLG legal observer program nationally for over four years.

Tech companies and privacy advocates to Congress: End mass spying now

This post, written by Electronic Frontier Foundation legislative analyst Mark Jaycox, originally appeared on the foundation’s website.

A letter sent from major tech companies and civil society groups demanded Congress end the mass collection of calling records under Section 215 of the Patriot Act before an upcoming June 1 expiration date. The letter was signed by the Reform Government Surveillance coalition; which represents major tech companies like Google, Microsoft, and Yahoo; and, privacy groups like ACLU and EFF.

Specifically, the letter urges:

a clear, strong, and effective end to bulk collection practices under the USA PATRIOT Act, including under the Section 215 records authority and the Section 214 authority regarding pen registers and trap & trace devices.  Any collection that does occur under those authorities should have appropriate safeguards in place to protect privacy and users’ rights.

Even though the Attorney General and Director of National Intelligence have said the USA Freedom Act retains operational capabilities, the commitment by companies to end bulk collection is an important step in a Republican-led Congress that has increasingly used national security threats to stave off Section 215 reform.

The letter sends Congress a clear message: any bill to reform Section 215 must end mass collection, provide transparency requirements, and avoid adding any data retention or technology mandates. In the past we’ve defined ending bulk collection as a simple ban on mass spying. Similarly, groups like the Center for Democracy and Technology have noted that ending bulk collection means prohibiting the large-scale government collection and retention of non-public records about persons who are not connected to national security threats. Other groups, like the Open Technology Institute, have included the use of “an exclusive list of ‘unique’ identifiers” as a way to successfully end mass collection under Section 215.

EFF: Congress Must Pass FOIA Reform Legislation

This post by staff attorney Sophia Cope originally appeared on the website of the Electronic Frontier Foundation.

This week is Sunshine Week, an annual celebration to promote government transparency and access to information. As a public interest organization dedicated to these ideals, the Electronic Frontier Foundation continues to call on Congress to update the Freedom of Information Act, a key tool for citizens to obtain federal government records and to hold federal agencies accountable.

Two FOIA reform bills are pending in Congress. The Senate bill is the FOIA Improvement Act of 2015 (S. 337), which the Senate Judiciary Committee passed in February. The House bill, the FOIA Oversight and Implementation Act of 2015 (H.R. 653), has yet to be considered by the House Committee on Oversight and Government Reform.

An important aspect of both bills is that they narrow Exemption 5, which permits an agency to withhold inter-agency or intra-agency “pre-decisional” memos and other documents that reflect the agency’s “deliberative process” in reaching a final decision. Congress’ legitimate policy goal in enacting Exemption 5 was to permit some level of confidentiality in order to promote candor among agency employees.

Both bills create a time limit for documents withheld under Exemption 5, meaning that even if Exemption 5 technically applies to records, if the records are older than 25 years from the date of the FOIA request, the agency cannot withhold them from disclosure. The House bill goes a step further and requires disclosure of “records that embody the working law, effective policy, or the final decision of the agency.”

These reforms are important, particularly the language in the House bill, because Exemption 5 has been inappropriately used by many federal agencies to withhold documents that are arguably final decisions. The exemption has been used by the Justice Department, in particular, to withhold opinions by the Office of Legal Counsel (OLC), which is considered the authoritative source on how the executive branch interprets the law.

EFF lost a FOIA lawsuit last year that sought to obtain an OLC opinion that authorized the FBI’s use of “National Security Letters” to obtain citizens’ call logs without legal process and contrary to existing law. The ACLU and The New York Times won a similar lawsuit to obtain the OLC opinion authorizing the “targeted killing” of Americans only because the government had voided its ability to invoke Exemption 5 when it made various public statements about the targeted killing program.

One disappointing aspect of the FOIA reform bills is that they do not include a public interest balancing test for Exemption 5. Such language was originally included in the Senate bill last Congress, but it was stripped out at the last minute and not included in either bill this Congress. A public interest balancing test would require the disclosure of records if the public interest in doing so outweighs the agency’s interest in withholding the documents. This would give federal judges the power to order disclosure even if the agency appropriately invokes Exemption 5. The House bill does include language that directs the agencies to generally consider “whether the release of the records would be in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government.”

If FOIA made clear that agencies cannot withhold documents that reflect the “working law, effective policy, or the final decision of the agency” and agencies and judges must consider the public interest in disclosure even if Exemption 5 technically applies, perhaps EFF would have won its lawsuit and the ACLU and New York Times would not have had to rely on unique facts to win their case. Without public access to OLC opinions, which have also authorized torture and warrantless wiretapping, the federal government creates a body of secret law, which is antithetical to a democratic society.

Notwithstanding the importance of narrowing the scope of Exemption 5, it is important to note that FOIA exemptions are generally discretionary, meaning that even if an exemption technically applies to a request, an agency has the discretion to disclose the records anyway. The FOIA reform bills would force greater transparency by codifying the Obama administration’s policy that agencies should implement FOIA under a presumption of openness and that records should only be withheld if the agencies can “reasonably foresee” harm from disclosure, not merely because an exemption technically applies. This would prohibit future administrations from shifting to a less transparent FOIA policy, which was the case with the last Bush administration.

The FOIA reform bills also strengthen the Office of Government Information Services (OGIS), also known as the FOIA ombudsman, that works with requesters and agencies to resolve FOIA disputes in order to avoid costly litigation. Both bills clarify that OGIS can issue its annual report (with recommendations for how agencies can improve FOIA implementation) without obtaining prior approval from any other Executive Branch agency or office, which has been a problem in the past. The Senate bill also provides that OGIS can issue advisory opinions on disputes between requesters and agencies at any time, either pursuant to its own discretion or a request from a party (current law only authorizes advisory opinions pursuant to OGIS’s discretion and after mediation fails).

Finally, both bills mandate the creation of a “consolidated online request portal” to provide the public with a “one-stop shop” for submitting FOIA requests to federal agencies, which is already underway by a few select agencies at FOIAonline.

While the FOIA reform bills could go further in improving FOIA implementation, they both offer meaningful changes that would enhance government transparency and advance the public’s right to know. EFF urges Congress to be true to the spirit of Sunshine Week and pass FOIA reform legislation as soon as possible.

Guess who wasn’t invited to the CIA’s Hacker Jamboree?


This post, written by Electronic Frontier Foundation staff attorney Nate Cardozo and legal fellow Andrew Crocker, originally appeared on the foundation’s website.

Apple, that’s who. Or Microsoft, or any of the other vendors whose products U.S. government contractors have successfully exploited according to a recent report in the Intercept. While we’re not surprised that the Intelligence Community is actively attempting to develop new spycraft tools and capabilities — that’s their job — we expect them to follow the administration’s rules of engagement. Those rules require an evaluation under what’s known as the “Vulnerabilities Equities Process.” In the White House’s own words, the process should usually result in disclosing software vulnerabilities to vendors, because “in the majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest.”

Nevertheless, the Intercept article describes an annual CIA conference known as the Trusted Computing Base (TCB) Jamboree at which members of the intelligence community present extensively on software vulnerabilities and exploits to be used in spying operations. At the 2012 TCB Jamboree, presenters from Sandia National Laboratories, which is a contractor for the Department of Energy, described an attack on Xcode, the Apple software used to compile applications in Mac OS X and iOS. The “whacked” Xcode exploit, called Strawhorse, enables intelligence agents to implant a version of Xcode on developers’ computers which, unbeknownst to the developers, would cause software they compile to include a backdoor or other compromise. If successful, the attack could enable a range of surveillance-friendly applications to be covertly made available to the public. The report suggests that the Sandia team discovered and employed a number additional of vulnerabilities in Apple’s hardware and software, including a vulnerability in Apple’s secure element that enabled them to extract a secret key, and one that allowed modification of the OS X updater to install a keylogger. Finally, the report describes similar presentations on Microsoft’s BitLocker software and others.

The vulnerabilities involved in these exploits were almost certainly unknown to Apple itself, and the documents released by the Intercept do not indicate that the CIA or its contractors ever considered disclosing them to the company. Yet this is what the administration’s Vulnerabilities Equities Process requires—a balancing test that weighs the risk to average users of leaving unpatched vulnerabilities against the needs of the intelligence community.

EFF has sued under the Freedom of Information Act (FOIA) to uncover more about the Vulnerabilities Equities Process, which the White House characterized as a set principles that inform “a disciplined, rigorous and high-level decision-making process for vulnerability disclosure.” Naturally, the Office of the Director of National Intelligence and the NSA have been less than forthcoming in response to our FOIA suit, producing only a handful of highly-redacted documents to date. Given the scanty information we’ve received, and the freedom with which the Jamboree attendees seem to stockpile vulnerabilities, we have doubts that the Equities Process is really as “disciplined and rigorous” as the administration claims.

When asked for comment, an unnamed intelligence official told CNBC: “There’s a whole world of devices out there, and that’s what we’re going to do…It is what it is.”

EFF: The 4th Amendment covers DNA collection

This was originally published on the website of the Electronic Frontier Foundation

San Francisco — People have a 4th Amendment right to privacy when it comes to their genetic material, the Electronic Frontier Foundation (EFF) argued in an amicus brief filed last week with the U.S. Supreme Court.

EFF is asking the Supreme Court to hear arguments in Raynor v. State of Maryland, a case that examines whether police should be allowed to collect and analyze “inadvertently shed” DNA without a warrant or consent, such as swabbing cells from a drinking glass or a chair. EFF argues that genetic material contains a vast amount of personal information that should receive the full protection of the Constitution against unreasonable searches and seizures.

“As human beings, we shed hundreds of thousands of skin and hair cells daily, with each cell containing information about who we are, where we come from, and who we will be,” EFF Senior Staff Attorney Jennifer Lynch said. “The court must recognize that allowing police the limitless ability to collect and search genetic material will usher in a future where DNA may be collected from any person at any time, entered into and checked against DNA databases, and used to conduct pervasive surveillance.”

Glenn Raynor’s genetic material was collected and tested without his knowledge or consent after he agreed to an interview at a police station as part of a criminal investigation. The police didn’t have probable cause to arrest Raynor, and he refused to provide a DNA sample. After he left the station, police swabbed the armrest of the chair where he had been sitting to collect his skin cells without his knowledge. The police then extracted a DNA profile from the cells and used it to connect him to the crime. The Maryland Court of Appeals ruled that this collection was lawful, and Raynor petitioned the Supreme Court for review. EFF’s brief supports Raynor’s petition.

The sophistication and speed of DNA analysis technology is advancing exponentially as the costs of the technology drop. These advances, EFF argues, raise significant questions for privacy and civil liberties. DNA can reveal sensitive personal health information and can allow police to identify a person’s relatives, turning family members into inadvertent “genetic informants” on each other. Some researchers have also postulated that DNA can determine race, sexual orientation, intelligence and even political predispositions.

“Law enforcement should not be able to amass giant databases of genetic material they find lying around,” EFF Senior Staff Attorney Hanni Fakhoury said. “The Supreme Court should review this case and consider it within the context of emerging technologies that could significantly affect the privacy rights of every American.”

For EFF’s amicus brief:


EFF: Making sense of a disappointing decision on mass surveillance

This article by senior staff attorney David Greene appeared on the website of the Electronic Frontier Foundation.

Feb. 10 marked a frustrating juncture in the Electronic Frontier Foundation’s long-running lawsuit against mass surveillance, Jewel v. NSA, filed on behalf of AT&T customers whose communications and telephone records are being vacuumed by the National Security Agency.

A federal court in San Francisco sided with the U.S. Department of Justice, ruling that the plaintiffs could not win a significant portion of the case — a 4th Amendment challenge to the NSA’s tapping of the Internet backbone — without disclosure of classified information that would harm national security. In other words, Judge Jeffrey White found that “state secrets” can trump the judicial process and held that EFF’s clients could not prove they have standing.

To be perfectly clear: This decision does not end EFF’s case. The judge did not find that it is legal for the NSA to tap into the Internet backbone. Nor does the ruling apply to the portion of case that covers the NSA’s capture of telephone records on a massive scale. EFF will continue to fight in court, both in Jewel, as well as our two other ongoing lawsuits challenging NSA surveillance.

We disagree with the court’s decision, and it will not be the last word on the constitutionality of the government’s mass surveillance of the communications of ordinary Americans.

The Jewel backstory

Jewel was filed in 2008 on behalf of ordinary Americans. The case is based on a wide range of NSA mass surveillance disclosed to the public in a series of newspaper articles starting in 2005 and bolstered by a former AT&T technician whistle-blower who revealed a tap on AT&Ts fiber optic “Internet backbone.” The public learned that the NSA was copying Internet traffic as it traversed the backbone, also known as Upstream collection, as well as that it was collecting telephone call detail records in bulk. EFF’s clients alleged that these practices violate the 1st and 4th Amendments to the Constitution and several other laws related to electronic surveillance.

Over the past seven years, both the district court and the 9th U.S. Circuit Court of Appeals have considered a variety of legal issues in the case. Last year, EFF appeared before the court during an emergency hearing over the NSA continual destruction of evidence.

This most recent ruling was in response to the motion for partial summary judgment EFF filed in July 2014 arguing that the NSA’s backbone surveillance violates the 4th Amendment. The government responded with its own motion for partial summary judgment, asserting several defenses, including the “state secrets” privilege, which permits judges to disregard evidence that would endanger national security if publicly released. In support of its motion, the government filed secret declarations by NSA officials that were available to White, but not to us or the public; and the judge relied on this evidence in his order.

Standing and state secrets

White did not rule on the legality or constitutionality of the NSA mass Internet surveillance we challenged. Rather, the court explained that the publicly available information did not paint a complete picture of how the NSA collects Internet traffic, so the court could not rule on the program without looking at information that could constitute “state secrets.”

“Because a fair and full adjudication of the Government Defendants’ defenses would require harmful disclosures of national security information that is protected by the state secrets privilege, the Court must exclude such evidence from the case,” White writes in the decision. “Addressing any defenses involves a significant risk of potentially harmful effects any disclosures could have on national security.”

Agreeing with the government, the court found that the plaintiffs lacked “standing” to challenge the constitutionality of the program because they could not prove that the surveillance occurred as plaintiffs’ alleged. Despite the judge’s finding that he could not adjudicate the standing issue without “risking exceptionally grave damage to national security,” he expressed frustration that he could not fully explain his analysis and reasoning because of the state secrets issue.

“The Court is frustrated by the prospect of deciding the current motions without full public disclosure of the Court’s analysis and reasoning,” he writes. “However, it is a necessary by-product of the types of concerns raised by this case. Although partially not accessible to the Plaintiffs or the public, the record contains the full materials reviewed by the Court. The Court is persuaded that its decision is correct both legally and factually and furthermore is required by the interests of national security.”

We disagree. Notably, White did not mention the statutory procedure available for considering classified information. The Foreign Intelligence Surveillance Act (FISA) allows courts to examine secret evidence that is necessary to determine whether surveillance conducted by the government was done legally. In a decision in 2013, White correctly ruled that this FISA procedure preempts the state secrets privilege; and we believe that the government’s use of the privilege here was improper.

The decision does not fully resolve the case. Again, the court considered only a part of our case — the NSA’s copying of Internet traffic from the Internet backbone — based on the publicly available evidence, primarily the report published by the president’s Civil Liberties Oversight Board report and information provided by whistle-blower Mark Klein. Our motion did not place at issue any of the other surveillance programs that are part of the lawsuit, such as the mass surveillance of telephone call records.

Those other claims remain, and we intend to pursue them.

EFF: Secure Our Borders First Act would ensure proliferation of drones at the border

This article by activist Nadia Kayyali originally appeared on the website of the Electronic Frontier Foundation.

Security shouldn’t be a synonym for giving up civil liberties. But bills like HR 399 show that lawmakers think it is. The Secure Our Borders First Act is an ugly piece of legislation that’s clearly intended to strong-arm the Department of Homeland Security into dealing with the border in a very particular way: with drones and other surveillance technology.

The bill appears to have stalled in the House. It was on the calendar for last week but wasn’t voted on, and it’s not on the schedule for this week. But it’s not dead yet. And even if it does die, this isn’t the first time Congress has tried to increase the use of drones at the border. In 2013, the Senate passed S.744, the Border Security, Economic Opportunity and Immigration Modernization Act. The bill called for the use of drones “24 hours per day and for 7 days per week.” The House of Representatives did not pass the legislation, but the drone mandate in HR 399 is eerily similar. And it demonstrates that the idea that drones should be used at the border is persistent.

The 72-page piece of legislation, authored by Rep. Michael McCaul (R-Texas), gives the Department of Homeland Security (DHS) an incredibly specific mandate. It requires DHS to gain “operational control” of high traffic areas within 2 years, and the entire southern border within 5 years. Operational control means “the prevention of all unlawful entries into the United States.” It prescribes exactly how that should be done and even includes penalties for failure to do so, including pay freezes for government officials.

The bill also prescribes how operational control should be obtained. It does this by prescribing what equipment 11 specific border points should use. At several of the points, that equipment includes drones. Additionally, the bill includes the following mandate:

The Office of Air and Marine of U.S. Customs and Border Protection [CBP] shall operate unmanned aerial systems not less than 16 hours per day, seven days per week.

As the ACLU notes, it’s a little shocking that the bill includes such mandates only “weeks after a damning DHS Inspector General (DHS IG) report titled ‘CBP Drones are Dubious Achievers.’” And that’s just the most recent report. In June 2012, the Electronic Frontier Foundation called attention to another DHS IG report that faulted the DHS for wasting time, money and resources using drones that were ineffective and lacked oversight. To put it in perspective, Predator drones cost $3,000 per hour to fly. That’s certainly part of the reason that HR 399 authorizes $1 billion in appropriations.

Of course, the waste of money in this bill pales in comparison to its potential negative impact on civil liberties. Drones pose a multitude of privacy concerns. Drones can be equipped with, among other capabilities, facial-recognition technology; live-feed video cameras; thermal imaging: fake cellphone towers to intercept phone calls, texts and GPS locations; as well as back-end software tools like license-plate recognition, GPS tracking and facial recognition. They are capable of highly advanced and near-constant surveillance and can amass large amounts of data on private citizens, which can then be linked to data collected by the government and private companies in other contexts.

Lest it seem that this will affect only communities directly adjacent to the border, or individuals being investigated or pursued by CBP, it’s important to note that the government considers the border to extend 100 miles in, and CBP has certain powers to conduct activities like searches that would be unconstitutional elsewhere. Furthermore, according to documents obtained by the EFF as part of a Freedom of Information Act lawsuit against the agency, CBP appears to be flying drones well within the Southern and Northern U.S. borders for a wide variety of non-border patrol reasons. In fact, the documents showed that between 2010 and 2012, the number of missions CBP flew for state, local and non-CBP federal agencies increased eightfold.

The silver lining? The legislation hasn’t passed yet. There’s still time to contact your elected representatives and tell them to vote no.

EFF: New report on bulk collection shows that there’s no magical solution to bad policy

This article by activist Nadia Kayyali originally appeared on the website of the Electronic Frontier Foundation.

The National Academy of Sciences has released “Bulk Collection of Signals Intelligence: Technical Options,” a report on technical solutions to the problem of bulk collection. The report, which was made public on Jan. 15, was the result of Barack Obama’s Presidential Policy Directive 28 (PPD 28). PPD 28 mandated an assessment of “the feasibility of creating software that would allow the Intelligence Community more easily to conduct targeted information acquisition rather than bulk collection.”

PPD 28 asked for a limited technical assessment. And that’s the substance of the report. Some analyses of the report from the media seem to misunderstand this, emphasizing that the report finds “no effective alternative to the government’s ‘bulk collection.’” But the report makes it clear that it does not address “policy questions and tried to avoid making judgments about them.” In fact, as the report aptly (and repeatedly) points out:

Other groups, such as the President’s Review Group on Intelligence and Communications Technologies and the Privacy and Civil Liberties Oversight Board (in its Section 215 report) have said that bulk collection of telephone metadata is not justified. These were policy and legal judgments that are not in conflict with the committee’s conclusion that there is no software technique that will fully substitute for bulk collection; there is no technological magic.

That’s right. There’s no software magic that can recreate the past in the same way that bulk collection of the phone records of millions of innocent people can. That’s all the report (unsurprisingly) concludes about bulk collection.

While our current lack of a software time-machine may be a disappointment, it does not mean there is no alternative to bulk collection. Alternatives abound. Indeed, in the context of Section 215 and the bulk collection of Americans’ phone records, after just six months of public debate and deliberation, an alternative was proposed that would ensure that the intelligence community has the “necessary and appropriate tools to help keep us safe,” while “end[ing] the dragnet collection of phone records under Section 215 of the PATRIOT Act.”

But the government hasn’t made it easy to have an honest debate about bulk surveillance, since as the report notes, Very little has been made public about actual cases where U.S. SIGINT has contributed to counterterrorism… The selection of the cases that were made public, the details of the accounts, and their significance have all been controversial.” Compounding these shortcomings, officials have made trumped-up claims about the effectiveness of bulk collection — claims that have been criticized by the President’s Review Board and the Privacy and Civil Liberties Oversight Board, among others. It’s impossible to have an honest debate without access to facts.

Ultimately, as the report points out, “whether the gain in privacy is worth the loss [of bulk collection] is a policy question that the committee does not address” — and it’s one we might not even need to answer. We’re confident that alternatives to bulk collection exist — alternatives that can be created through honest and full public debate, alternatives that preserve important national security functions without compromising the privacy of millions.

So there may be no technological magic bullet. And there may not even be a political magic bullet. But that doesn’t mean there aren’t solutions.

EFF: In wake of Charlie Hebdo attack, let’s not sacrifice even more rights

This article by Sophia Cope and Jillian York originally appeared on the website of the Electronic Frontier Foundation

The Electronic Frontier Foundation is stunned and deeply saddened by the attack on Charlie Hebdo, a French satirical newspaper. As free speech advocates, we mourn the use of violence against individuals who used creativity and free expression to engage in cultural and political criticism. Murder is the ultimate form of censorship.

The journalists and cartoonists at Charlie Hebdo have long used satire to engage in cultural critique, a form of expression strongly protected by international norms and with deep historical roots in prompting societal change and igniting discussions on controversial issues (see, for example, Jonathan Swift’s Modest Proposal and Voltaire’s Candide). In the age of the Internet, satire is finding fecund ground on video-sharing sites, social media and across the blogosphere as a way of engaging in discussion on political issues, social ideas, economic theory and even poking fun at celebrities. While satire has a long history in France, it has become commonplace in many countries, including in the Middle East, where satirists such as Bassem Youssef (“Egypt’s Jon Stewart”) have faced pressure to go silent. In the face of tragedy and extremism, humor can be a way of reclaiming power.

Often in the wake of a terrorist attack, we see governments move swiftly to adopt new laws without consideration of the privacy rights being sacrificed in the process. Even as we mourn the losses at Charlie Hebdo, we must be wary of any attempt to rush through new surveillance and law enforcement powers, which are likely to disproportionately affect Muslims and other minorities.

The attack on Charlie Hebdo was an attack on individuals exercising their free expression rights. But we must not sacrifice some rights in a rush to protect others.

There are numerous instances in which countries enacted sweeping new laws in the wake of an attack or in response to a threat, when grief and fear outweighed commitments to freedom of expression and privacy. The consequences can be far reaching. In the United Kingdom, the government swiftly revised police powers with the Terrorist Act of 2006 in the wake of bombings in London. In Australia, new legislative measures were introduced in response to a foiled terrorism plot. In 2012, Iraq tried to quickly push through a set of strict “cybercrime” laws in the wake of the Arab Spring uprisings. And in the U.S., the 9/11 attacks were used to justify poorly considered legislation that significantly broadened surveillance authorities. Already, U.S. senators are using the Paris attacks to justify mass surveillance programs by the National Security Agency.

Let us defend freedom of expression by committing to uphold all rights.

EFF: What we learned about NSA spying in 2014 and what we’re fighting to expose in 2015

This story by activist Nadia Kayyali and staff attorney Mark Rumold originally appeared on the website of the Electronic Frontier Foundation.

After a banner year for shedding light on the NSA’s secret surveillance programs in 2013, the pace of disclosures in 2014 — both from whistleblowers and through Freedom of Information Act (FOIA) lawsuits — slowed significantly.

But that’s not because all the secrets of NSA surveillance have been revealed.

In fact, some of the most significant information about the NSA’s surveillance programs still remain secret. Despite one of the most significant leaks in American history and despite a promise to declassify as much information as possible about the programs, nearly two years later the government still refuses to provide the public with the information it needs. For example, government officials still have not answered a simple, yet vitally important, question: What type of information does the NSA collect about millions, or hundreds of millions, of Americans (or the citizens of any other country, for that matter)? And the government still refuses to release some of the most significant decisions of the Foreign Intelligence Surveillance Court — the secret court tasked with monitoring the government’s surveillance programs.

Despite the slowdown, in 2014, we learned still more about the NSA’s surveillance programs than we knew before. We learned that:

  • Through the NSA’s Mystic program, the agency records every single cellphone conversation in the Bahamas and Afghanistan, storing those conversations for up to 30 days.
  • The NSA specifically targets systems administrators — the people who are often charged with keeping networks safe and secure.
  • The NSA and its partners exploit mobile apps, such as the popular Angry Birds game, to access users’ private information such as location, home address, gender and more.
  • The NSA sought to develop capabilities to infect millions of computers with malware implants as part of its TURBINE program.
  • The NSA’s Dishfire operation collects 200 million text messages daily from users around the globe.
  • The NSA “intercepts ‘millions of images per day’ — including about 55,000 ‘facial recognition quality images’” and processes them with powerful facial recognition software.
  • The NSA spies on civic leaders and model citizens. The Intercept put a face to NSA spying, publishing a profile of five American Muslim leaders who have been targeted for surveillance. They including an attorney, two professors, a former member of the Bush administration and the founder of the Council on American-Islamic Relations.

Despite all this additional information, too much still remains secret.

But there’s reason to hope for 2015. For one, in response to an EFF FOIA lawsuit, a federal court has ordered the government to release some of the remaining, significant, and still-secret FISC opinions in the early part of 2015. We also launched a campaign to reform Executive Order 12333; and, as part of that campaign, we’re urging the government to come clean about the types of information in collects on millions of people around the world. Whether it’s in federal court or the court of public opinion, in 2015, we’ll keep fighting for the public’s right to know.

This article is part of our Year In Review series; read other articles about the fight for digital rights in 2014. Like what you’re reading? EFF is a member-supported nonprofit, powered by donations from individuals around the world. Join us today and defend free speech, privacy, and innovation.

EFF’s 2014 holiday wish list

This article, by global policy analyst Eva Galperin, was published on website of the Electronic Frontier Foundation on Dec. 18.

For the past three years, the Electronic Frontier Foundation has greeted the holiday season by publishing a list of things we’d like to see happen in the coming year. Sometimes these are actions we’d like to see taken by companies, and sometimes our wishes are aimed at governments, but we also include actions everyday people can take to advance our digital civil liberties. This year has seen great progress in areas such as transparency reports and encrypting digital communications. We want to build on that progress in 2015.

Here are some of the things we’re wishing for this holiday:

  • News organizations and individual journalists should make it easy to securely accept documents from anonymous sources by setting up their own instances of SecureDrop.
  • President Obama should stand up for the privacy rights of people all over the world and amend Executive Order 12333 to prohibit mass surveillance. Most people have never heard of it, but Executive Order 12333 is “the primary authority under which the country’s intelligence agencies conduct the majority of their operations.” So while the U.S. Congress is considering bills to curtail mass telephone surveillance, the NSA’s primary surveillance authority will be left unchallenged. Let’s change that in 2015.
  • Congress should pass meaningful reform to the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act.
  • Companies that provide digital communications services should enable real end-to-end encryption for users, without backdoors for law enforcement (We’re looking at you, Verizon!). There have been some great steps in this direction already, but we want to see a race to the top.
  • Websites should honor Do Not Track.
  • Facebook should follow the lead of Google+ and drop its harmful “real names” policy.
  • Congress should defend users and refuse to put secret trade agreements like the Trans-Pacific Partnership (TPP) agreement on the fast track to ratification. Deals like TPP include provisions that threaten digital rights for Internet users everywhere in the name of intellectual property protection.
  • U.S. policymakers should strongly advocate for the benefits of a flexible fair use system. When they are involved in international policymaking, they should propose safeguards for users to counteract extreme copyright restrictions. They should start by supporting a legally binding treaty for copyright exceptions and limitations for libraries and archives.
  • All Internet sites should adopt cryptographic best practices for every connection, every time, including PFS, STARTTLS, HSTS and encrypted traffic between data centers.
  • Companies should offer clear guidelines and a path for the disclosure of vulnerabilities that will not get security researchers sued.
  • The NSA and the Office of the Director of National Intelligence should disclose its Vulnerability Equities Process. All that they’ve told us so far is that this process is used to determine whether to disclose software security flaws known as “zero days” or to keep them secret for their own use, but we’ve had to file a FOIA lawsuit to get the details.

EFF: Copyright law as a tool for state censorship of the Internet

This story by global policy analyst Maira Sutton originally appeared on the website of the Electronic Frontier Foundation

When state officials seek to censor online speech, they’re going to use the quickest and easiest method available. For many, copyright takedown notices do the trick. After years of lobbying and increasing pressure from content industries on policymakers and tech companies, sending copyright notices to take media offline is easier than ever.

The copyright law that state actors most often invoke is the Digital Millennium Copyright Act (DMCA). The DMCA was the first major digital copyright law passed in the United States, creating strict procedural rules for how and when a copyright holder can claim that uploaded content infringes on their copyright. U.S.-based tech companies that receive these infringement notices must comply with these rules to receive their safe harbor — the protection they have from being liable for hosting unlawful user content.

The DMCA has become a global tool for censorship, precisely because it was designed to facilitate the removal of online media. The law carries provisions on intermediary liability, among many other strict copyright enforcement rules, which induce websites, Internet service providers and other such “intermediaries” to remove content that is alleged to be a copyright infringement.

If the DMCA is U.S. law, how can governments around the world use it to censor speech? The DMCA has become the default template for tech companies to respond to copyright infringement notices. Since many major tech companies have offices in the U.S., they must comply with U.S. law. But even if they don’t operate in this jurisdiction, most major companies have implemented a DMCA-style takedown procedure anyway because it has become a de facto legal norm.

It’s a norm that is reinforced and exported abroad by dozens of trade agreements that carry provisions that mirror, and further entrench, restrictive interpretations of the DMCA. The South Korea-U.S. free trade agreement (aka KORUS) and the Australia-U.S. free trade agreement (aka AUSFTA) are just two examples. The language in those agreements was actually a lot like the DMCA. But the negotiators abstracted the language just enough so that U.S. law could still be compliant with it, while the other countries could be pressured to enact even harsher domestic restrictions. Following their trade agreements with the U.S., South Korea enacted a three-strikes takedown regime, and Australia was pushed into enacting policies requiring intermediaries to terminate the accounts of repeat infringers.

Now we’re seeing a disturbing trend where governments and state-friendly agencies are abusing DMCA takedowns to silence political criticism. Here are the cases we know about where governments have misused U.S. copyright law to censor the Internet.

DMCA and State Censorship Around the World: A Timeline of Case Studies

  • United States: YouTube removed a 30-second Air Force recruitment ad after lawyers for the Air Force’s Cyber Command sent a DMCA notice demanding it take it down. The notice was likely invalid, since U.S. government works are in the public domain. (March 2008)
  • Saudi Arabia: A satirical show on Youtube called “Fitnah” was censored when the primary, state-funded Saudi TV channel, Rotana, sent DCMA notices to take down several of their videos. Later, a Lebanese TV show did a report about the takedown, and then another DMCA notice was sent and it was also removed from Youtube. All of the videos were later restored. (September 2014)

There are likely many more notices that state actors have used to censor users. Rightsholders are sending more and more DMCA takedowns by the year, and a telling sign of this is that some companies have begun to quantify this abuse in their transparency reports. As companies are increasingly being forced to be complicit in this censorship, it’s now more important as ever for them to be transparent about the notices they receive, and for them to take advantage of the flexibility they have under the DMCA to do what they can to protect users’ speech.

If you know of any cases of state-mandated Internet censorship carried out through the DMCA or other copyright laws’ takedown procedures, please send them to maira@eff.org. The Electronic Frontier Foundation already tracks general DMCA takedowns with our Takedown Hall of Shame. Now EFF is looking for more cases where governments and their agencies have directly sought to censor the Internet via their own takedown requests.

Censoring the Web isn’t the solution to terrorism or counterfeiting; it’s the problem

This story by Senior Global Policy Analyst Jeremy Malcolm appeared on the website of the Electronic Frontier Foundation.

In politics, as with Internet memes, ideas don’t spread because they are good; they spread because they are good at spreading. One of the most virulent ideas in Internet regulation in recent years has been the idea that if a social problem manifests on the Web, the best thing that you can do to address that problem is to censor the Web.

It’s an attractive idea because if you don’t think too hard, it appears to be a political no-brainer. It allows governments to avoid addressing the underlying social problem — a long and costly process — and instead simply pass the buck to Internet providers, who can quickly make whatever content has raised rankles “go away.” Problem solved! Except, of course, that it isn’t.

Among the difficult social problems that Web censorship is often expected to solve are terrorism, child abuse, and copyright and trademark infringement. In recent weeks, some further cases of this tactic being vainly employed against such problems have emerged from the United Kingdom, France and Australia.

U.K. court orders ISPs to block websites for trademark infringement

In a victory for luxury brands and a loss for Internet users, the British High Court last month ordered five of the country’s largest ISPs to block websites selling fake counterfeit goods. While alarming enough, this was merely a test case, leading the way for a reported 290,000 websites to be potentially targeted in future legal proceedings.

Do we imagine for a moment that, out of a quarter-million websites, none of them are false positives that actually sell non-infringing products? (If websites blocked for copyright infringement or pornography are any example, we know the answer.) Do we consider it a wise investment to tie up the justice system in blocking websites that could very easily be moved under a different domain within minutes?

The reason this ruling concerns us is not that we support counterfeiting of manufactured goods. It concerns us because it further normalizes the Band-Aid solution of content blocking, and de-emphasises more permanent and effective solutions that would target those who actually produce the counterfeit or illegal products being promoted on the Web.

Britain and France call on ISPs to censor extremist content

Not content with enlisting major British ISPs as copyright and trademark police, they have also recently been called upon to block extremist content on the Web and to provide a button that users can use to report supposed extremist material. Usual suspects Google, Facebook and Twitter have also been roped by the government to carry out blocking of their own. Yet to date, no details have been released about how these extrajudicial blocking procedures would work or under what safeguards of transparency and accountability, if any, they would operate.

This fixation on solving terrorism by blocking websites is not limited to the United Kingdom. Across the channel in France, a new “anti-terrorism” law that the Electronic Frontier Foundation reported on earlier was finally passed this month. The law allows websites to be blocked if they “condone terrorism.” “Terrorism” is as slippery a concept in France as anywhere else. Indeed, France’s broad definition of a terrorist act has drawn criticism from Human Rights Watch for its legal imprecision.

Australian plans to block copyright infringing sites

Finally (though, sadly, probably not), reports last week suggest that Australia will be next to follow the example of the U.K. and Spain in blocking websites that host or link to allegedly copyright material, following on from a July discussion paper that mooted this as a possible measure to combat copyright infringement.

How did this become the new normal? When did politicians around the world lose the will to tackle social problems head-on, and instead decide to sweep them under the rug by blocking evidence of them from the Web? It certainly isn’t due to any evidence that these policies actually work. Anyone who wants to access blocked content can trivially do so, using software like Tor.

Rather, it seems to be that it’s politically better for governments to be seen as doing something to address such problems, no matter how token and ineffectual, than to do nothing — and website blocking is the easiest “something” they can do. But not only is blocking not effective, it is actively harmful — both at its point of application due to the risk of over-blocking, but also for the Internet as a whole, in the legitimization that it offers to repressive regimes to censor and control content online.

Like an overused Internet meme that deserves to fade away, so too it is time that courts and regulators moved on from website blocking as a cure for society’s ills. If we wish to reduce political extremism, cut off the production of counterfeits or prevent children from being abused, then we should be addressing those problems directly — rather than by merely covering up the evidence and pretending they have gone away.

New malware detection tool can expose illegitimate state surveillance

This post, written by Eva Galperin, was originally published on the Electronic Frontier Foundation website.

Recent years have seen a boom in the adoption of surveillance technology by governments around the world, including spyware that provides its purchasers the unchecked ability to target remote Internet users’ computers, to read their personal emails, listen in on private audio calls, record keystrokes and passwords, and remotely activate their computer’s camera or microphone. The Electronic Frontier Foundation, together with Amnesty International, Digitale Gesellschaft, and Privacy International have all had experience assisting journalists and activists who have faced the illegitimate use of such software in defiance of accepted international human rights law.

Software like this is designed to evade detection by its victims. That’s why we’ve joined together to support Detekt, a new malware detection tool developed by security researcher Claudio Guarnieri. Detekt is an easy-to-use, open source tool that allows users to check their Windows PCs for signs of infection by surveillance malware that we know is being used by government to spy on activists and journalists.

Some of the software used by states against innocent citizens is widely available on the Internet, while more sophisticated alternatives are made and sold by private companies and sold to governments everywhere from the United States and Europe to Ethiopia and Vietnam.

Detekt makes it easy for at-risk users to check their PCs for possible infection by this spyware, which often goes undetected by existing commercial anti-virus products.

Because Detekt is a best-effort tool and spyware companies make frequent changes to their software to avoid detection, users should keep in mind that Detekt cannot conclusively guarantee that your computer is not compromised by the spyware it aims to detect. However, we hope that the availability of this tool will help us to detect some ongoing infections, provide advice to infected users, and contribute to the debate around curbing the use of government spyware in countries where it is linked to human rights abuses.

EFF: Why metadata matters and the third-party doctrine doesn’t

This piece, written by activist Nadia Kayyali, first appeared on the Electronic Frontier Foundation’s website.

How can the U.S. government possibly claim that its collection of the phone records of millions of innocent Americans is legal? It relies mainly on two arguments: first, that no one can have a reasonable expectation of privacy in their metadata; and second, that the outcome is controlled by the so-called “third-party doctrine,” which says that no one has an expectation of privacy in information they convey to a third party (such as telephone numbers dialed). The Electronic Frontier Foundation expects the government to press both of these arguments on Nov. 4 before the District of Columbia Circuit Court of Appeals. We look forward to responding.

Oral argument will take place at 9:30 a.m. at the District of Columbia Circuit Court at 333 Constitution Ave. NW in Courtroom 20 before Judges David Sentelle, Stephen Williams and Janice Rogers Brown. The public is welcome to attend.

A little context for EFF’s role in this case: EFF and the American Civil Liberties Union filed an amicus brief in Klayman v. Obama on Aug. 20. The case itself was first filed June 6, 2013, just one day after journalists began publishing information from the Edward Snowden leaks; and it was the first challenge to the government’s “telephony metadata” collection. Judge Richard Leon of the District Court for the District of Columbia granted a preliminary injunction. The government appealed, Klayman cross appealed some issues, and now the case is headed to the Court of Appeals.

Leon found that the government’s bulk collection of telephony metadata likely constitutes an unconstitutional search under the 4th Amendment. We agree. And since the issue is so important, we weighed in on the case along with the ACLU and the ACLU of the Nation’s Capital. We asked the court for the right to participate in the oral argument. The court agreed, giving us 10 minutes and also giving 10 minutes to another amicus, the Center for National Security Studies. Cindy Cohn will argue the case for EFF and ACLU.

Here’s what we’ll be saying on those two key points:

Metadata matters

We want to ensure that the court recognizes that “the call records collected by the government are not just metadata — they are intimate portraits of the lives of millions of Americans.”

The argument that the bulk collection of private information from millions of Americans is no big deal because it’s “just metadata” is a tired one. It’s been disproven by research, and it doesn’t stand up to common sense. First, there’s no bright line. What is deemed “metadata” is often murky (such as subject lines and URLs), context-dependent and not clearly distinguishable from content, which everyone agrees is protected by the 4th Amendment.

Second, and more important, even without listening in on a conversation, metadata reveals private information — sometimes more than would be revealed by content.

We offer some examples where metadata is more revealing in our brief: People can “donate to charities by sending a text message…The metadata about these texts reveals that the subscriber has donated to a specific charity or cause, while the content of the message contains at most a donation amount.” Similarly, “an hour-long call at 3 a.m. to a suicide prevention hotline” could be very revealing. In fact, even a single piece of metadata could reflect an individual’s political or religious associations or mental health issues.

Consider a short-term study at Stanford that analyzed only a few months of telephony metadata from just 546 people focused partly on individual calls. The researchers found many calls that even in isolation could be revealing, such as a call to a political campaign, noting: “Many organizations have a narrow purpose, such that an individual call gives rise to sensitive inferences.” The study found “numerous calls within our dataset that give rise to these sorts of straightforward inferences.”

By contrast, the government is collecting huge amounts of metadata — by conservative estimates, at least billions of call records. And as the Stanford study showed, these records are exponentially revealing in the aggregate: “A pattern of calls will often, of course, reveal more than individual call records. During our analysis, we encountered a number of patterns that were highly indicative of sensitive activities or traits.”

As important as the sensitivity of the information here is the fact that the potential sensitivity is exactly why the government wants the information. The government has emphasized repeatedly in speeches and in legal briefs that it needs to collect so much metadata specifically so that it can analyze complete (or at least very big) datasets. That makes sense since, as we point out in our brief, this aggregation provides context and information to metadata and allows analysts to create “social graphs” that map webs of relationships between individuals and groups. In fact, aggregated metadata could allow an analyst to determine “the membership, structure, or participants in organizations and movements like the NAACP, the Tea Party, or Occupy Wall Street …”

To compound the privacy invasion, metadata is highly structured, making it ideal for the kind of analysis that reveals highly personal information. It’s easier to review than the content of communications. And since the government’s argument is that all metadata is unprotected, it’s important not to consider it in a vacuum. As we note, metadata “is truly ubiquitous, created through the innumerable and near-continuous digital transactions and interactions attendant to modern life.”

The ‘third-party doctrine’ is not controlling

After trying to convince the court that metadata just isn’t that revealing, the government says that the 4th Amendment also doesn’t apply because we “voluntarily” turn over the numbers we dial to telephone companies — as if this weren’t just an artifact of how the phones work and instead was some kind of individual choice we make. Because of this, the government argues, the situation is governed by the “third-party doctrine,” the idea that people have no expectation of privacy in information they entrust to others.

That argument is almost as tired as the metadata claim and ignores the realities of modern life. The third-party doctrine comes from a 1979 Supreme Court case, Smith v. Maryland, which involved the collection of the phone numbers dialed by a criminal suspect over the course of three days using a rudimentary pen register. And as Leon said in his opinion in the lower court:

[T]he Court in Smith was not confronted with the NSA’s Bulk Telephony Metadata Program. Nor could the Court in 1979 ever have imagined how the citizens of 2013 would interact with their phones.

Leon hits the nail on the head. As we point out, the issue in Klayman is not limited to collection of the numbers dialed by one individual suspected of criminal wrongdoing over a very short period of time. The issues here are bulk collection and sophisticated analysis of the detailed telephone records of millions of people suspected of nothing at all.

We emphasize five significant points of difference in our brief:

  • Scale: The program collects data for all or nearly all Americans, rather than one individual suspected of a serious crime.
  • Duration: The current program captures years of data, while the pen register in Smith captured data for only three days.
  • Changes in telephone use: Use of the telephone has changed dramatically since 1979, when telephones were largely stationary devices shared among a number of users, with one number per household or organization. Today, as landline usage dwindles, mobile phones have become personal, not shared, devices that many people carry constantly with them and use dozens, if not hundreds, of times per day.
  • Information collected: The phone records in this case include whether the call was completed, its duration, and other information rather than simply which numbers were being dialed, as in Smith.
  • Individualized suspicion: The program does not collect information based on individualized suspicion of any sort, much less individualized suspicion of a crime.

These differences mean that it’s just not credible to try to cram the government’s gigantic, revealing telephone records collection into the narrow box of the Smith line of cases. As our brief notes, that’s “a result unimaginable when Smith was decided and certainly not considered by the Court.”

In short, both the government’s metadata argument and its third-party doctrine argument are wrongly applied to massive telephone record collection. Moreover, both ask the court to ignore how we live today, with our “papers and effects” stored with third parties and metadata trailing our every move. Yet even with technological changes, we can and do have reasonable expectations that this information will remain private. We look forward to the court’s careful consideration of these and other points on Tuesday.

EFF, ACLU to present oral argument in NSA spying case on Nov. 4

This originally appeared on the website of the Electronic Frontier Foundation.

Washington, D.C. — The Electronic Frontier Foundation (EFF) will appear before a federal appeals court next week to argue the National Security Agency (NSA) should be barred from its mass collection of telephone records of million of Americans. The hearing in Klayman v. Obama is set for 9:30 a.m. on Tuesday, Nov. 4, in Washington, D.C.

Appearing as an amicus, EFF Legal Director Cindy Cohn will present oral argument at the U.S. Court of Appeals for the District of Columbia Circuit on behalf of EFF and the American Civil Liberties Union (ACLU), which submitted a joint brief in the case.

Conservative activist and lawyer Larry Klayman filed the suit in the aftermath of the first Edward Snowden disclosure, in which The Guardian revealed how the NSA was collecting telephone records on a massive scale from the telecommunications company Verizon. In December, District Court Judge Richard Leon issued a preliminary injunction in the case, declaring that the mass surveillance program was likely unconstitutional.

EFF argues that the call-records collection, which the NSA conducts with claimed authority under Section 215 of the USA PATRIOT Act, violates the 4th Amendment rights of millions of Americans. Separately, EFF is counsel in two other lawsuits against the program — Jewel v. NSA and First Unitarian Church of Los Angeles v. NSA — and is co-counsel with the ACLU in a third, Smith v. Obama.

EFF: Three spooky ways you’re being spied on this Halloween

This piece, written by activist Nadia Kayyali, first appeared on the Electronic Frontier Foundation’s website.

It’s that time of year when people don sinister masks, spray themselves with fake blood and generally go all-out for a good fright. But at the Electronic Frontier Foundation, we think there are plenty of real-world ghouls to last year-round. Fortunately, we won’t let them hide under your bed. Sometimes our work sounds like science fiction, but the surveillance techniques and technology we fight are all too real. Here are some of the beasts hiding in your backyard that we’ve been fighting to expose.

Automated license plate readers

Automated license plate readers (ALPRs) are cameras that can either be mounted on squad cars or be stationary. They read license plates and record the time, date and location a particular car was encountered. And they’re paving the way for wholesale tracking of every driver’s movements. ALPRs can scan up to 1,800 license plates per minute and can collect data on vast numbers of vehicles. In Los Angeles, for example, the Los Angeles Police Department and Sheriff’s Department collect data on 3 million cars per week.

Much like metadata about phone calls, the information obtained from ALPRs reveals sensitive personal information. In fact, the International Association of Chiefs of Police issued a report in 2009 recognizing that “recording driving habits” could raise 1st Amendment concerns because cameras could record “vehicles parked at addiction-counseling meetings, doctors’ offices, health clinics, or even staging areas for political protests.”

Because of this potential for serious invasions of privacy, EFF and the American Civil Liberties Union teamed up to ask the city and county of Los Angeles for a week’s worth of ALPR data. The lower court sided with the government after it denied our request, but we’re appealing the ruling.

Fusion centers

Fusion centers  are information clearinghouses that enable unprecedented levels of bidirectional information sharing between state, local, tribal and territorial law enforcement agencies and federal agencies like the FBI and Department of Homeland Security. Bidirectional means that local law enforcement can share information with these agencies while also accessing federal information, through portals like the FBI’s eGuardian database.

Fusion centers are a serious threat to privacy. They magnify the impact of excessive spying by making sure that it gets shared through a vast network of agencies with almost no oversight.

And oversight is clearly needed. Fusion centers coordinate the National Suspicious Activity Reporting Initiative (NSI), an effort to implement suspicious activity reporting (SAR) nationwide. SAR are intelligence reports that, according to the government, document “behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity.” And while they do lead to law enforcement contact with innocent people, they do not meet legally cognizable standards for search or seizure under the 4th Amendment. Instead, they lead to racial and religious profiling and political repression. Public records act requests have shown that people of color often end up being the target of SARs.

And that’s not the only way fusion centers threaten privacy and civil liberties. Public records requests have also shown that fusion centers are used to record and share information about 1st Amendment-protected activities in a way that aids repressive police activity and chills freedom of association.

That’s why when the Privacy and Civil Liberties Oversight Board (PCLOB) announced that it was considering looking at the standards for SAR, EFF submitted a comment.  We urged PCLOB not only to review SAR standards, but to conduct a thorough assessment of fusion centers in general. We believe that such a review will show what every other review by the government has shown: that fusion centers produce “predominantly useless information,” “a bunch of crap,” while “running afoul of departmental guidelines meant to guard against civil liberties” and are “possibly in violation of the Privacy Act.”


Last but not least, we’re keeping an eye on the spreading use of Stingrays. (Stingray is the brand name of an international mobile subscriber identity locator.) These are devices that are used by law enforcement to electronically search for a particular cellphone’s signal by capturing the international mobile subscriber identity of potentially thousands of people in a particular area. Small enough to fit in a van, they masquerade as a cellphone tower and trick your phone into connecting with them every 7 to 15 seconds. As a result, the government can surreptitiously figure out whom, when and to where you are calling and the precise location of every device within the range. With some devices, it can even capture the content of your conversations.

Part of what’s so concerning about Stingrays is that we know very little about how they are being used. In the first case to consider the constitutional implications of stingrays, U.S. v. Rigmaiden (in which we filed an amicus brief along with the ACLU) the court denied a motion to throw out evidence obtained using a Stingray. In our brief, we pointed out that the application for a warrant neither made it clear that law enforcement would be using a Stingray nor explained how the device worked. It’s that lack of explanation that we find so concerning.

But what we do know about Stingrays is chilling. They capture data from anybody who happens to be in an area where one is being used, regardless of whether they are suspected of a crime. And some models can even capture contents of communications.

The constitutionality of Stingrays is almost certain to be challenged again, especially after the Supreme Court’s decision requiring a warrant to search arrestee’s cellphones in Riley v. California. We’ll continue to keep an eye out for any cases addressing this technology. In the meantime, we’re doing public records act requests to police departments to learn more about who is using these devices and how.

We think this technology is scarier than any costume you’ll see on the streets this week. But don’t worry; we’re here to turn the lights on.

Where books are banned, the Internet is a game changer

This post, written by EFF director for international freedom of expression Jillian York, was originally published on the foundation’s website.

The censorship or banning of books is a phenomenon that occurs in countries around the world. Books that are considered “scandalous” or inciteful in some way are often targets of censorship by governments, schools, libraries and other entities.

In the United States, as NPR explains, books have historically been banned for violence and sexual content, as well as profanity, and continue to be banned by individual school districts. In Australia, the sale of certain books — such as Bret Easton Ellis’ “American Psycho” — is restricted to readers 18 and over. In Egypt, books challenging the political status quo are often targets of censorship. Amazon maintains a list of countries where particular books cannot be shipped. And the list goes on.

For individuals living in countries with high levels of censorship, the Internet has become a means for circumventing restrictions on book sales. Access to online bookstores and platforms like Kindle have, for example, helped people in China get around the infamous Great Firewall. New platforms like Oyster provide reading materials in English that might not be available for purchase, either due to censorship or lack of demand. And free platforms like Project Gutenberg create access where cost or censorship is an issue.

But for some, these workarounds have restrictions as well. Copyright and related licensing restrictions can curtail access to books in certain places; for example, a new book on atheism in the Arab world by journalist Brian Whitaker is unavailable for purchase in the Middle East and Africa, apparently due to international distribution issues. App stores sometimes restrict access to book platforms out of copyright or liability concerns, as well as when faced by government pressure. And restrictions on international banking — not to mention the cost of e-books — can limit people in many countries from taking advantage of online book platforms.

In Sudan, books can be especially hard to come by. Not only does the government confiscate and ban books and harass authors, but high customs taxes have forced numerous bookstores to close over the past few years.

“Online access to books is so important for the new generation,” says Sudanese activist Dalia Haj Omar, but U.S. sanctions prevent individuals from accessing a number of sites and resources that would allow young Sudanese to circumvent restrictions on reading and learning. Among the sites that are unavailable to Sudanese are Khan Academy and the Google Play Store.

Despite the sanctions, which Haj Omar is working to reform, she says that young Sudanese are finding ways around the various restrictions, and points to an article in the New York Times detailing Khartoum’s literary revival. It describes the work of Abdullah Al-Zain, the man behind a monthly book swap event called Mafroush (“displayed”). “The Internet is not necessarily an enemy of books,” says Al-Zain. Indeed.

EFF: Local use of surveillance equipment deserves same scrutiny as militarized police


This piece, written by activist Nadia Kayyali, first appeared on the Electronic Frontier Foundation’s website.

Since the police shooting of Michael Brown and the response in the streets, militarization of the police, especially with surplus military hardware like armored vehicles, has been a hot topic, both in the news and in Congress. And that’s a good thing.

But the equipment we can see on the news isn’t the only thing flowing from our military to local cops. Alongside armored vehicles and guns, local police are getting surveillance technology with help from the federal government. And while we don’t know the full contours of that aid, what we do know is worrisome and should spur further scrutiny, both locally and nationally.

The risks of militarizing the local cops are easy to see — and they’re compounded by folding local law enforcement into homeland security. Military technology, and suspicionless mass surveillance, are based on a military mindset: Everyone is a possible enemy, and no one deserves privacy. While some lawmakers justify this shift by pointing to the “war on drugs” and “the war on terror,” the United States is not technically a war zone. This raises the specter of the Posse Comitatus Act, passed in the late 1800s to prevent use of the military in domestic law enforcement.

Congress is finally taking a look into the transfers of hardware

Fortunately, Congress is starting to take seriously some parts of this transformation of local law enforcement. On Sept. 9, spurred on by the horrifying use of military technology on the streets of Ferguson, the Homeland Security and Governmental Affairs Committee held a hearing on “the effectiveness of federal programs that provide state and local police with surplus military equipment and grant funding for exercises and for training.” The hearing looked at the Department of Defense (DOD) 1033 program, which allows the DOD to give away for free surplus equipment to local law enforcement, the Department of Homeland Security’s (DHS) Homeland Security Grant Programs and the Department of Justice’s Justice Assistance Grant (JAG) program.

Each of these three programs has transferred millions of dollars of equipment and funding to local law enforcement, from bayonets to drones. This includes funding for fusion centers, the state and local criminal intelligence information clearinghouses that allow local law enforcement to access and input information into federal databases like the FBI’s eGuardian without even meeting a “probable cause” standard.

The hearing gave the committee a chance to hear direct testimony from representatives of these three programs, as well as other experts and stakeholders. Written statements from speakers are available here.

Senators closely questioned the representatives of each of the three programs, revealing some startling truths:

The DOD and DHS do not provide any training to departments that get equipment or money from them, including high tech surveillance equipment like drones and mine-resistant ambush-protected vehicles (MRAPs).

None of the agencies look into whether a state or local law enforcement agency is under active investigation or has a history of civil rights or civil liberties violations.

Prior to Ferguson, these three officials had never met, even though they were providing similar equipment and funding for equipment to the same police departments.

The total number of pieces of controlled property, such as weapons, currently in the possession of law enforcement agencies is approximately 460,000.

The questions that were not answered, or partially answered, were also revealing:

“What (is) the difference between a militarized and increasingly federalized police force and a standing army?”

“When was the last time you can recall that equipment from the 1033 program was used for counterterrorism?”

The overall picture that emerged was that the federal officials are willing to fund surveillance and military technologies to local law enforcement but provide little or no training to police officers — and have no policies in place to ensure this equipment isn’t misused. The White House is conducting a review of these programs; and while there is no clear timeline for completion, it’s a step in the right direction.

Surveillance deserves a look, too

Congress and the White House need to include surveillance technologies in their inquiries. The same money that funds MRAPs and night vision goggles also funds intelligence gathering at the local level. DHS’s Homeland Security Grant Program directly funds fusion centers. In fact, its 2014 grant announcement emphasized that funding fusion centers and integrating them nationally is a high priority. And DHS Urban Area Security Initiative money funds events like Urban Shield, a four-day-long event that featured “preparedness” exercises as well as a marketplace of military and surveillance technology.

Another possible avenue for review is the Privacy and Civil Liberties Oversight Board (PCLOB). PCLOB asked for public comments on its proposed mid- and long-term agenda, which includes an examination of the “functional standards” used for Suspicious Activity Reporting (SAR),” a program coordinated through fusion centers.1 EFF, along with others, submitted comments encouraging PCLOB to take a close look more generally at fusion centers. The comments emphasized that accountability for fusion centers, like all the programs reviewed in the Senate hearing, is a major problem:

The bidirectional flow of data in fusion centers, as well as interagency cooperation and jurisdictional blurriness, makes accountability and a clear understanding of the applicability of laws and regulations difficult… In the midst of this ambiguous and opaque environment, fusion centers have access to a staggering amount of data including the FBI’s eGuardian database and a variety of other federal databases. They may even potentially have access to unminimized NSA data. And as data gathered under the problematic SAR standards is entered into these databases, the lines of responsibility for unconstitutional invasions of privacy and civil liberties become ever more unclear.

Local cops, local action

There is a silver lining to all of this, though. Unlike the onerous task of reforming the National Security Agency, the FBI and other federal agencies, addressing militarization of and surveillance by local law enforcement is much easier for grass-roots activists. Groups like the coalition that helped push the Urban Shield exercise out of Oakland, California, the coalition that stopped Berkeley, California from purchasing an armored vehicle, and the coalition that helped to stop the purchase of a drone in Alameda County, California, are springing up all over the country.

For those concerned about the use of military surveillance equipment domestically, it’s a good time to do some research into your own local government to find out not only whether they are obtaining the kinds of military equipment that you can see, but also whether they are obtaining surveillance technologies that you can’t. Public records act requests are a great way to find out whether your town or city has gotten any of these funds and how it has, or plans to, spend them. Let us know what you find out, and let your elected officials know what you think.

Senators Tasked With NSA Oversight Urge Appeals Court To End Call Records Collection

This post, written by Electronic Frontier Foundation legal fellow Andrew Crocker, was originally published on the foundation’s website.

Smith v. Obama, a challenge to the NSA’s warrantless collection of phone records, currently before the 9th U.S. Circuit Court of Appeals, has received some high-profile support. In six amicus briefs filed yesterday, a range of groups add depth to the Electronic Frontier Foundation’s argument that the NSA’s activities are an extraordinary invasion of the privacy of innocent Americans.

Powerfully, Senators Ron Wyden, Mark Udall, and Martin Heinrich — members of the committee charged with overseeing the NSA — write that they “have seen no evidence that the bulk collection of Americans’ phone records has provided any intelligence of value that could not have been gathered through means that caused far less harm to the privacy interests of millions of Americans.” This echoes statements made by numerous officials, including President Obama himself, and it is crucial to countering the arguments in this case about the national security importance of the NSA’s program.

Other briefs expand on the problems with the government’s legal arguments in Smith and discuss how bulk surveillance causes specific harms to privacy and other constitutional values. In a brief filed by the Electronic Privacy Information Center (EPIC), a group of leading legal and technical experts discuss the history of information generated by telephone calls and the rise of modern call records, the “metadata” collected by the NSA. The brief thoroughly debunks the government’s claims that 40-year-old legal rules allowing limited collection of records can justify the highly revealing program at issue here. Briefs by the Reporters Committee for the Freedom of the Press, the National Association of Criminal Defense Lawyers and the PEN American Center respectively explore the specific harms to reporter-source relationships, attorney-client communications and the 6th Amendment right to counsel, and the profound chilling effect on freedom of expression. Finally, a brief by the Center for National Security Studies explains that the statute used by the government, Section 215 of the USA PATRIOT Act, also cannot justify this program.

The court will consider these arguments as the briefing in Smith continues. A hearing is expected in November 2014.