Tim Alloysius Cushing’s Techdirt Profile

capitalisliontamer

About Tim Alloysius Cushing Techdirt Insider




Posted on Techdirt - 15 March 2019 @ 10:44am

Appeals Court: Stored Communications Act Privacy Protections Cover Opened And Read Emails

from the shouldn't-have-needed-to-be-said,-but-at-least-it-was-said-forcefully dept

The Fourth Circuit Court of Appeals has handed down an important decision [PDF] bolstering privacy protections for stored email. As we're painfully aware, unopened email older than 180 days is granted zero privacy protections, treated like unopened snail mail left at the post office. Opened email, on the other hand, would seem to carry an expectation of privacy, but a district court ruling came to exactly the opposite conclusion, prompting this appeal.

A lawsuit involving a pair of affairs and one party's decision to read someone else's emails surfaced a question not often posed without a government party involved. Here's the court's summary of the convoluted backstory that led to accusations of federal law violations:

From August 2011 to February 2015, [Patrick] Hately had an intimate relationship with Nicole Torrenzano (“Nicole”), with whom Hately has two children. During their relationship, Hately and Nicole shared login and password information for their email accounts—including Hately’s Blue Ridge College email account. But when, about March 2015, Nicole informed Hately that she also was involved in an intimate relationship with [Dr. David] Watts, who was her co-worker and married to Audrey Hallinan Watts (“Audrey”), Hately and Nicole separated.

Pertinent to this action, Hately did not change the password that he shared with Nicole for his Blue Ridge College email account. Watts and Nicole continued their personal relationship, and during the fall of 2015, Watts and Audrey initiated divorce proceedings. In an effort to help Watts in his divorce proceedings, Nicole told Watts that Hately and Audrey were having an affair. Nicole said she knew of emails between Hately and Audrey that Watts could obtain by using the password that she had to Hately’s Blue Ridge College email account.

This certainly doesn't make what Watts did OK, but he seemed to feel it at least made his actions legal.

Watts stated that he used the password Nicole gave him to browse through Hately’s emails but contended that he “did not open or view any email that was unopened, marked as unread, previously deleted, or in the [student email account]’s ‘trash’ folder.”

This bizarre defense of invading someone else's privacy convinced the lower court that Watts' actions were legally in the clear, even if they were clearly morally wrong. It dismissed his Stored Communications Act claims against Watts, stating that the SCA did not protect opened email. According to the lower court, the only email protected by the SCA is email still in transit. Once it's been downloaded and opened, it's apparently cool for other people to access and read, even if it's not their email account.

With this bizarre take, the lower court basically stated spam email routed directly to the trash has more privacy protections than direct communications between living, breathing persons. The appeals court points out this interpretation is off base by a long distance. A lengthy discussion of the SCA and Congressional intent -- along with a revival of Hately's state law claims -- takes up a great deal of the opinion's 55 pages.

Dr. Watts -- the email interloper -- argued the SCA did not protect these communications because the Blue Ridge College email server was not an "electronic communication service," but rather a "remote computing device." This argument hinged on the email system's construction, which used Google's services for transmitting and storing email. But the university also stored a copy of all Blue Ridge email on its own servers as a backup for users. This crucial fact restores the expectation of privacy, according to the appeals court, which points out Blue Ridge's backup server actually makes it both.

The district court's reasoning rests on the premise that, for purposes of the emails in question, Blue Ridge College's email service could not simultaneously function as both an electronic communication service and a remote computing service. But nothing in the plain language of the definitions of electronic communication service and remote computing service precludes an entity from simultaneously functioning as both.

There is no logical or technological obstacle to an entity "provid[ing] to users thereof the ability to send or receive wire or electronic communications"—i.e., functioning as an electronic communication service—while, and as part of the same service, "provi[ding] the public [with] computer storage or processing services by means of an electronic communications system"—i.e., functioning as a remote computing service. And the relevant legislative history expressly contemplates as much, stating that "remote computing services may also provide electronic communication services." S. Rep. No. 99-541, at 14; see also H.R. Rep. No. 99-647, at 64 ("[T]o the extent that a remote computing service is provided through an Electronic Communication Service, then such service is also protected [under Section 2701(a)].").

As the appeals court notes, it makes no sense to suggest email users consider opened email worthy of less protection than others they've sent directly to the trash without reading. Servers like the one used by Blue Ridge to back up the Google-based email system are the end result of users' desires. Users want to store emails for later reading or use. And Congress -- even with its horribly-outdated Stored Communications Act -- recognized the privacy inherent to these personal communications. This covers delivered and opened email, no matter where the original or its backup resides.

To read the law otherwise is to upend the personal nature of email communications, allowing almost anyone to access anyone else's email without permission and face zero consequences (at least under federal law) for doing so.

The district court’s construction of Subsection (B)—that previously delivered and opened emails stored by a web-based email service are not in “electronic storage” and therefore not actionable under Section 2701(a)(1)—would materially undermine these objectives. Potential users of web-based-email services—like Blue Ridge College’s email service—would be deterred from using such services, knowing that unauthorized individuals and entities could access many, if not most, of the users’ most sensitive emails without running afoul of federal law. Likewise, without the prospect of liability under federal law, unauthorized entities will face minimal adverse consequences for accessing, and using for their own benefit, communications to which they are not a party. The legislative history establishes that Congress did not intend such a result.

The district court’s interpretation of Subsection (B)—which would protect only unread emails stored in by web-based email service—also leads to an arbitrary and untenable “gap” in the legal protection of electronic communications.

Back the case goes to the lower court, reversed and remanded with instructions to reach a less illogical conclusion. And in doing so, the appeals court sets an important precedent that clarifies what the SCA actually covers.

Read More | 9 Comments | Leave a Comment..

Posted on Techdirt - 15 March 2019 @ 9:51am

CBP Still Arresting Immigrants Trying To Stay In The Country By Furthering Their Education

from the bad-hombre,-ph.d. dept

Looks like ICE isn't finished protecting the nation from dangerous immigrants seeking to… attend local universities. A massive sting operation involving a fake college, fake accreditation, and hundreds of immigrants who paid for classes but received nothing more than an arrest in exchange for their cash is apparently still ongoing.

Federal immigration officials have arrested more students who were enrolled at a fake university in metro Detroit.

And many of the students who enrolled at the university created by the Department of Homeland Security (DHS) are now in the process of being removed from the U.S. as Indian-American advocates grapple with what they say is an unprecedented number of arrests of Indian students.

The U.S. Immigration and Customs Enforcement (ICE) has arrested 161 foreign students from the University of Farmington on civil immigration violations, ICE spokesman Khaalid Walls said this week.

To be clear, most of the students detained or arrested were doing exactly what the law allows them to do: stay in US while continuing their education. A (manufactured) shortage of H1-B visas made this the only legal option for many of these students. According to the lawyers representing the students, a majority of those arrested were enrolled in master's degree programs at the fake school. They had paid tuition and were fully expecting to be able to attend school while waiting for H1-B slots to open up.

It was ICE that arbitrarily decided attempting to follow the law was the equivalent of illegally overstaying their visas. The students thought they were dealing with a legit operation, which is exactly what ICE wanted them to think. It even secured accreditation for its fake school to better sell the false promise of students being able to do exactly what immigration law allowed them to do.

And for that, they're being arrested and deported. While ICE may have rounded up a few scammers selling students access to something they already rightfully had access to, the biggest scam was run by the government. The government created a fake school, took students' real money, and arrested them for trying to extend their stays legally.

Hopefully, this will see ICE hit with a number of lawsuits. It's difficult to imagine a court being OK with the details of this sting operation -- one that targeted immigrants and visitors trying to extend their stays lawfully. This is the kind of thing that "shocks the conscience," a legal term of art that leaves participating personnel and agencies with almost no legal defense for their actions and courts ready to step in and right the wrongs.

19 Comments | Leave a Comment..

Posted on Techdirt - 14 March 2019 @ 3:39pm

Arkansas Senate Unanimously Approves A Conviction Requirement For Asset Forfeiture

from the limited-good-news,-everyone! dept

Some more good news about asset forfeiture comes our way, courtesy of Lauren Krisai. It appears the Arkansas senate overwhelmingly agrees the abusive state of forfeiture it oversees cannot continue. The state senate unanimously passed an asset forfeiture reform bill that would institute a conviction requirement for seized assets, preventing law enforcement from policing for profit.

The bill would basically outlaw civil asset forfeiture in its current form, replacing it with criminal asset forfeiture. And it would prevent cops from using rinky-dink criminal charges to take property away from state residents.

There shall be no civil judgment under this subchapter and no property shall be forfeited unless the person from whom the property is seized is convicted of a felony offense that related to the property being seized and that permits the forfeiture of the property.

Unfortunately, it does contain a couple of loopholes. First, law enforcement can convert this back to civil asset forfeiture if it can show the person never responded to the civil complaint against their property. Tying this to a conviction requirement should make this tougher to exploit, seeing as a person dealing with a criminal complaint will probably be apprised of the state's desire to take their property.

Second, it still allows local law enforcement to take advantage of the federal government's equitable sharing program to bypass the new restrictions. The Tenth Amendment Center points out the state took a shot at closing this loophole with an earlier law. This is what the state's partially-closed loophole looks like:

(1) No state or local law enforcement agency may transfer any property seized by the state or local agency to any federal entity for forfeiture under federal law unless the circuit court having jurisdiction over the property enters an order, upon petition by the prosecuting attorney, authorizing the property to be transferred to the federal entity.

(2) The transfer shall not be approved unless it reasonably appears that the activity giving rise to the investigation or seizure involves more than one (1) state or the nature of the investigation or seizure would be better pursued under federal law.

Given that most seizures are performed by "drug interdiction units" or whatever, exploiting the federal loophole is as easy as claiming the property seized is part of a larger drug cartel's operations. Almost every state drug charge has a federal equivalent, so if local cops don't want to pursue a conviction, they can give the feds a cut of the seizure to bypass any state-level conviction requirements.

As the Institute for Justice notes, Arkansas has some of the country's worst forfeiture laws. And this legislative attempt to close the federal loophole has had zero negative effects on local law enforcement's ability to turn vague claims about drugs into cop shop petty cash.

Arkansas law enforcement received $27 million in DOJ equitable sharing proceeds between 2000 and 2013, which equates to roughly $1.9 million each calendar year. And these proceeds have been increasing steadily over the years, from a few hundred thousand dollars a year in the early 2000s to over $3 million in 2013.

If Arkansas legislators really want to end forfeiture abuse, they'll also need to address equitable sharing. Until that loophole undergoes further restrictions, it will be business as usual in the state. Cops would rather have 80% of something than 100% of the nothing they'll get if they feel they can't obtain a felony conviction.

18 Comments | Leave a Comment..

Posted on Techdirt - 14 March 2019 @ 1:32pm

Thai Government Uses Fake News Law To Lock Up Opposing Party Leaders

from the securing-a-nation-from-the-threat-of-free-and-open-elections dept

Thailand's government continues to make life miserable for its citizens. Pretending mass censorship and broken encryption are just the price citizens have to pay for a "secure" nation, the government has turned the internet into a minefield for critics and political opponents. This is all on top of a lese majeste law that criminalizes badmouthing the king, which would be horrible enough on its own.

Thanks to the leader of the free world, the term "fake news" is now being deployed to put people in real jails for sharing content of dubious origin or not in alignment with the official narrative. Shutting down criticism by deploying anti-fake news laws is a horrendous abuse of government power. But even legitimate uses of these laws are still troubling. Should the sharing of actually fake news be a criminal offense? The Thai government says yes.

A spokeswoman for the Future Forward party said on Tuesday that a representative of the ruling military junta had filed a police complaint accusing Pongsakorn Rodchompoo of violating the Computer Crime Act, which carries a penalty of up to five years in jail.

Pongsakorn has admitted sharing an article that accused a top junta official of buying cups of coffee for 12,000 baht ($377) each, but says he deleted the post within minutes after learning it originated from a website promoting fake news, Future Forward spokeswoman Pannika Wanich said.

Five other people were also arrested for sharing the fake story, but it's definitely a boon for the government in power when the law takes out a political opponent. Literally unbelievable, the government says the fake story -- which detailed government overspending that didn't actually happen -- posed a "threat to national security." Conveniently, the charges target the leaders of a political party current challenging recent election results.

If fake news is the new speech-damaging dodge, "national security" is the trusty standby -- one that's been used to increase censorship and surveillance all over the world, not just in nations run by hypersensitive authoritarians. The Thai government may be saying stuff about fake news and national security, but the real motivation is keeping its opponents quiet. Charges have also been filed against Future Forward party leader Thanathorn Juangroongruangkit for "putting false information online." The Guardian notes that Thanathorn is a "particularly articulate" critic of the Thai government and military.

And, because all of these new laws just aren't enough to keep every critic silent, the nation's criminal defamation law is still being used in particularly petty ways.

Thailand’s army chief, General Apirat Kongsompong, has ordered officials to file defamation charges against a former police chief who is running for prime minister after he made remarks regarding the many decorations on the general’s uniform...

Presumably, keeping the general's chest free from criticism will result in a more secure nation -- one run by some of the most insecure people in the country.

7 Comments | Leave a Comment..

Posted on Free Speech - 14 March 2019 @ 9:36am

Texas Senator Who's Experienced Some Press Criticism Introduces Bill To Gut State's Anti-SLAPP Law

from the fixer-here-with-the-fixes dept

Everything's bigger in Texas. Even the free speech protections. Texas has one of the strongest anti-SLAPP laws in the nation. These protections against bogus, speech-chilling lawsuits are so big they even covered a US President who complained libel laws in America were too restrictive, resulting in a swift dismissal of a defamation lawsuit brought against him over a fairly innocuous, if invective-loaded, tweet.

Some Texas legislators like the bigness of their home state, but not so much the anti-SLAPP law that deters bogus lawsuits filed to silence critics. The Reporters Committee for Freedom of the Press brings news that a bill that would gut a substantial amount of Texas' anti-SLAPP protections has been introduced into the state Senate.

House Bill 2730 and SB 2162 would allow the entity accused of filing a meritless lawsuit to drop their case just days before a hearing. This effectively allows an entity to sue a media company for defamation, receive a hearing date, and then drop the lawsuit days before a hearing to avoid a bad ruling and the cost of the defendant’s legal fees.

The bills would also remove clearly articulated categories of protected speech relating to matters of public concern from the Texas anti-SLAPP law. The legislation drops the definitions of those categories of public speech and deletes anti-SLAPP protections for communications between parties on matters of public concern.

In addition, the bill would weaken protections for anonymous parties by exempting online commenters from the law's anti-SLAPP protections, and would give defendants only three days to file an anti-SLAPP motion when hit with a defamation lawsuit.

Why would legislation like this be needed? There's no good answer. And by that, I mean anyone agitating for an increase in baseless lawsuits is up to no good. I'm sure there's a certain number of people with power or connections to power who are irritated they simply can't threaten critics into silence with a strong anti-SLAPP law in place. Getting their bluff called by defendants now costs them money and that's an unacceptable outcome.

It could be Angela Paxton -- the senator who introduced the bill -- finds it too difficult to target her critics under the current law. The rookie legislator is also the wife of state Attorney General Ken Paxton. Angela Paxton has only been in office since January 8 of this year and she's already generated a ton of negative press, thanks to her initial legislative effort which seemed crafted specifically to ease her husband's legal woes.

In what state Sen. Angela Paxton describes as an effort to safely expand Texas’ burgeoning financial tech industry, the freshman Republican from McKinney has filed a bill that would empower the office of her husband, Attorney General Ken Paxton, to exempt entrepreneurs from certain state regulations so they can market “innovative financial products or services.”

One of those exemptions would be working as an “investment adviser” without registering with the state board. Currently, doing so is a felony in Texas — one for which Ken Paxton was issued a civil penalty in 2014 and criminally charged in 2015.

I'm not saying Paxton wants to start silencing her critics. But I'm not not saying that either. Her excuse for the husband-pardoning bill was that her constituents in the tech-heavy sector of Texas were looking for easing of restrictive regulations. So far, she hasn't made a similar statement about her constituents in Richardson suddenly developing concerns about Texas' anti-SLAPP restricting their restrictions of speech. All anyone can do it speculate about her motivations while being mesmerized by the new senator's blase approach to bad optics.

20 Comments | Leave a Comment..

Posted on Techdirt - 13 March 2019 @ 7:31pm

New Florida Bill Seeks To Bury Recordings Of Mass Shootings

from the screwing-the-public-to-save-the-government dept

Florida legislators are thinking about handing some opacity back to Florida law enforcement agencies in the wake of the Parkland school shooting. The tragedy of the event was compounded by on-site law enforcement's response: that is, there wasn't any. Faced with increased scrutiny over a handful of mass shootings in the state, at least one legislator's response has been to bury the bad news under a new public records exemption. [h/t War on Privacy]

In less than three years, Florida has seen the second-deadliest mass shooting – Pulse nightclub – and the second-deadliest school shooting – Marjory Stoneman Douglas High School. One gunman killed five at the Fort Lauderdale-Hollywood International Airport. Another killed five at a Sebring bank.

Yet Senate Bill 186 would create an exemption to the state’s public records law for all photographs and audio and video recordings that relate to the “killing of a victim of mass violence.” The bill defines mass violence as the killing of at least three people, not including the perpetrator. Violation would be a third-degree felony, punishable by up to five years in prison.

Senator Tom Lee's bill is a gift to the government at large, even if law enforcement agencies and schools will be the most direct recipients of this largesse. If this "privacy protection" had been in place a few years ago, the public would have had no idea how badly the Broward County Sheriff's Department botched its response to the school shooting. Not only would that have kept the BCSD relatively free of criticism, it would have shielded its oversight -- state legislators -- from being asked what they were doing to prevent school shootings and/or ensure better response from those expected to serve and protect the public.

Supporters of bills like these claim it's all about protecting the privacy of crime victims and their families. But as the excellent Sun Sentinel op-ed points out, most requests to block release of recordings originates with governments and businesses rather than the victims and their loved ones. These requests have prevented the public from accessing key details in everything from Dale Earnhardt's Daytona crash to an inmate's death at the hands of jailers.

The law already blocks the release of recordings containing the death of a law enforcement officer. This addition could be read to cover any deadly incident in which more than one person is killed. Any whistleblower releasing recordings to show the public what really happened -- rather than the official narrative -- will now face felony criminal charges for doing the right thing. This isn't going to restore confidence in government agencies and their response to deadly incidents. All it will do is drive a wedge between them and the people they serve.

41 Comments | Leave a Comment..

Posted on Techdirt - 13 March 2019 @ 12:04pm

FOIA Documents Detail DHS/CBP's Rules-Free Rollout Of Biometric Scanning Program

from the where-we're-going-we-don't-need-rules dept

The push is on to implement biometric screening at major US airports. The DHS has been pushing this for awhile, telling concerned travelers all they need to do to opt out is not travel. The pilot programs don't seem to have produced anything in the way of actionable results, but the administration's insistence that the US is surrounded by terrorists has dropped a lead foot on the DHS's gas pedal, resulting in an accelerated process that ignores both concerns about biometric scanning tech and the concerns of the traveling public that will be subjected to it.

EPIC's numerous FOIAs have resulted in an impressive stash of documents detailing the DHS's biometric scanning surge.

According to 346 pages of documents obtained by the nonprofit research organization Electronic Privacy Information Center — shared exclusively with BuzzFeed News and made public on Monday as part of Sunshine Week — US Customs and Border Protection is scrambling to implement this “biometric entry-exit system,” with the goal of using facial recognition technology on travelers aboard 16,300 flights per week — or more than 100 million passengers traveling on international flights out of the United States — in as little as two years, to meet Trump's accelerated timeline for a biometric system that had initially been signed into law by the Obama administration. This, despite questionable biometric confirmation rates and few, if any, legal guardrails.

The documents contain little that suggests the DHS will be addressing the numerous concerns that have resulted from its biometric scanning rollout. Nothing delivered by the CBP shows any limits placed on partnerships with the private companies supplying the tech, including their use of the wealth of data supplied by travelers. Data-sharing appears to be part of the CBP's plan, and there's nothing in the paperwork suggesting the government will deter private companies from exploiting the biometric data their scanners collect.

What little the CBP did have to say about its biometric scanning program is that it's definitely going to happen and it's definitely going to keep expanding. And it's going to do this under the cover of darkness as the CBP moves forward with the program it sells as a "convenience for travelers."

The documents also suggest that CBP skipped portions of a critical “rulemaking process,” which requires the agency to solicit public feedback before adopting technology intended to be broadly used on civilians, something privacy advocates back up.

Minimal oversight meets minimal transparency. It's the sort of officious brushoff we've come to expect from terrorism-related government programs. The less the public knows, the less likely it is to express its concerns in actionable ways. The rollout also has the advantage of operating in a legal vacuum. There's not a lot of casework on the suspicionless gathering of biometric data. It could be argued someone's face has no privacy expectations when it's being worn out in public, but it doesn't necessarily follow that the government should be able to collect this data en masse and hold onto it for an indefinite period of time.

So far, data shows facial recognition tech isn't the miracle proponents believe it is. Deployed systems have tended to produce a large number of false positives. And if they're kicking out false positives on a regular basis, they're also likely missing the people the systems are supposed to identify and remove from circulation. The government's refusal to discuss the limitations and use of this tech publicly only adds to the problem. The public's best source of info comes from documents sued out of the agency's hands. Forced transparency isn't really transparency.

14 Comments | Leave a Comment..

Posted on Free Speech - 12 March 2019 @ 3:32pm

Appeals Court Upholds Dismissal Of Defamation Lawsuit Against Actor James Woods

from the an-obvious-conclusion,-but-one-that-needed-to-be-reached-anyway dept

James Woods -- saved from a defamation lawsuit by a question mark -- has just had his dismissal affirmed by the Sixth Circuit Court of Appeals. Whatever schadenfreude there was to be enjoyed by seeing Woods hoisted on his own litigious petard was swiftly dispelled by the ridiculousness of the lawsuit, which posited that Woods' careless question tying the plaintiff to [gasp!] Bernie Sanders' presidential campaign rose to the level of actual defamation. All we can hope is Woods handles this victory with a bit of grace, rather than gloating over his opponent's death, should she unfortunately precede him to the Great Beyond.

The lower court did take a couple of shots at Woods during its dismissal of the suit, pointing out he was as uncooperative as possible when the plaintiff, Portia Boulger, tried to serve him. Boulger was offended by Woods' tweet that portrayed her as a Bernie plant trying to sabotage Trump's impeccable reputation by flinging Nazi salutes during one of his rallies. Here's a quick summary of the supposed defamation, taken from the appeals court decision [PDF]:

On March 12, 2016, Twitter user @voxday posted the Nazi salute photograph, together with a photograph of Portia Boulger and a caption identifying Boulger as an “Organizer (Women for Bernie).” (Def. Mot. for J. on the Pleadings, R. 7, PageID 61.) The two photographs and caption were accompanied by the (false) statement, “The ‘Trump Nazi’ is Portia Boulger, who runs the Women for Bernie Sanders Twitter account. It’s another media plant.” (Id.) Shortly thereafter, Woods tweeted the same two pictures, along with a short biography of Boulger, and added: “So-called #Trump ‘Nazi’ is a #BernieSanders agitator/operative?” (Comp., R. 1, PageID 3.) At the time, Woods had more than 350,000 followers on Twitter.

After being notified by Boulger's lawyer that she was seeking to sue him, Woods issued a retraction and an apology. Boulger argued the damage had already been done. She had been the recipient of several unpleasant communications from Woods' followers, which apparently included death threats.

The Appeals Court also takes a shot at Woods for dodging service from Boulger, pointing out the ridiculousness of him attempting to dismiss a lawsuit he claimed he hadn't been properly served with yet.

As the district court noted, although Woods raised the defenses of insufficient service of process and lack of personal jurisdiction in his answer, he immediately filed a motion for judgment on the pleadings in which the defenses were not included. The motion for judgment on the pleadings was filed several months early—because Woods had not yet been served—and necessarily sought a decision on the merits. Woods’s motion was thus “inconsistent with the idea that the district court lacked personal jurisdiction over the defendant[].”

[...]

The filing of the motion for judgment on the pleadings therefore created a reasonable expectation that Woods would defend the suit on the merits. Any other holding would create a perverse outcome. One can imagine a litigant asking the court to proceed on the merits, and then, only if the court’s decision is unfavorable, seeking to re-assert jurisdictional defenses.

The decision then spends several pages diving into the thick weeds of Ohio defamation law. There's a four-prong test applied at the state level to determine whether or not a question is a "statement of fact." After a lot of discussion, the court finally gets to the point: the question mark -- coupled with the actor's opinionated Twitter feed -- makes it clear Woods was asking followers to make that call themselves, rather than directing them to arrive at a foregone conclusion. That many of them skipped the whole "decide for yourself" stage isn't Woods' fault, nor does it turn a question into a libelous statement of fact.

Here, the tweet at issue is reasonably susceptible to both a defamatory meaning—that Woods was asserting Boulger was the woman giving the Nazi salute—and an innocent meaning—that Woods was merely asking his followers a question. Because Woods’s tweet could reasonably be read to have an innocent meaning, under the innocent construction rule the tweet, as a matter of law, is not actionable.

There's also the matter of context. As the court sees it, the opinionated Woods could get away with posing a question like this. The New York Times perhaps not so much.

A review of Wood’s Twitter feed from March 12, 2016, shows that although he posted news articles, his tweets were frequently accompanied by his own colorful commentary. [...] These tweets illustrate that a reasonable reader of Woods’s tweets on March 12, 2016, likely knew that he made frequent use of sarcasm, exaggeration, and hyperbole—characteristics more likely seen in an opinion, rather than a statement of fact. See Scott, 496 N.E.2d at 708. Thus, the general context could lead a reasonable reader to believe the tweet at issue was not a statement of fact.

[...]

Twitter is a medium for users to express both opinions and disseminate news. For example, a Twitter user who tweets his or her thoughts on various celebrities is an account that is more analogous to an editorial section of a newspaper. Cf. Vail, 649 N.E.2d at 185–86 (finding that a column that appeared on the Forum page of the newspaper and titled “Commentary” gave a reader the message that the column would convey the personal opinion of the writer, as distinguished from a news story). But the Twitter account of an online news source, such as the New York Times, is not meaningfully distinguishable from a hard copy news story. Consequently, it is clear that Twitter can be used to disseminate both factual accounts and assertions, as well as commentary and opinion.

This breakdown of Twitter seems elementary and even a bit unnecessary, but the court is reminding readers (and plaintiffs) that context matters. It always does. Unfortunately, many plaintiffs in defamation lawsuits want the court to strip commentary of its context to make it easier for them to secure a victory. Fortunately, our courts have generally been very protective of speech and extremely hesitant to hand down rulings that could restrict the free exchange of commentary and opinion. It's unfortunate Woods' followers decided his somewhat disingenuous question granted them permission to harass and threaten Boulger. But those disgusting responses are the responsibility of the disgusting people making them. The court made the right call, ensuring Twitter in all its greatness and awfulness remains a freewheeling, often-horrifying marketplace of ideas.

Read More | 17 Comments | Leave a Comment..

Posted on Techdirt - 12 March 2019 @ 11:59am

Appeals Court Doesn't Buy Government's National Security Assertions; Says Lawsuit Against FBI Can Continue

from the 'we-can't-explain,'-they-explained dept

A lawsuit against the FBI for pervasive, unconstitutional surveillance of Muslims can continue after receiving a very key determination from the Ninth Circuit Court of Appeals. At the center of the case are three Muslims who claim the FBI's continuous surveillance -- assisted by an FBI informant -- violated a number of Constitutional protections.

The key victory here is the court's overturning of the lower court's ruling on the national security assertions raised by the government in hopes of avoiding having to litigate the alleged violations at all. The lower court granted the government's motion to dismiss, saying the government's secrecy matters far more than an unviolated Constitution. The appeals court reverses that, noting stating that the government can't dodge litigation simply by claiming the subject of the lawsuit is too sensitive to discuss in court. From the decision [PDF]:

Plaintiffs asserted eleven claims, which fell into two categories: claims alleging unconstitutional searches, and claims alleging unlawful religious discrimination. The district court dismissed all but one of plaintiffs’ claims on the basis of the state secrets privilege, and allowed only the Foreign Intelligence Surveillance Act (“FISA”) claim against the FBI Agent Defendants to proceed.

The panel held that some of the claims the district court dismissed on state secret grounds should not have been dismissed outright. The panel further held that the district court should have reviewed any state secrets evidence necessary for a determination of whether the alleged surveillance was unlawful following the secrecy-protective procedure set forth in FISA.

The lower court showed too much deference to the state secrets assertions. It must now reexamine the claims made by the government, as well as their application to the alleged harms. This is very helpful precedent -- one that forces lower courts to pay a lot more attention to the government's natsec hand-waving, rather than simply conclude the government knows best when it comes to state secrets.

There's more good stuff in the panel's opinion. Two FBI agents will have to defend themselves against claims of unlawful surveillance, like the following:

Plaintiffs offer sufficient well-pleaded facts to substantiate their allegation that some of the Agent Defendants—Allen and Armstrong—were responsible for planting devices in AbdelRahim’s house. Specifically, the complaint details one occasion on which Allen and Armstrong asked [FBI informant] Monteilh about something that had happened in AbdelRahim’s house that Monteilh had not yet communicated to them, and explained that they knew about it because they had audio surveillance in the house.

Plaintiffs also allege sufficient facts with regard to those two Agent Defendants in support of their allegation of electronic surveillance of Fazaga’s office in the OCIF mosque in Mission Viejo: Allen and Armstrong told Monteilh that electronic surveillance was “spread indiscriminately” across “at least eight area mosques including ICOI, and mosques in Tustin, Mission Viejo, Culver City, Lomita, West Covina, and Upland,” and that “they could get in a lot of trouble if people found out what surveillance they had in the mosques.”

The defenses raised by the sued agents forms part of the Ninth Circuit's state secrets decision. It was the agents that raised this defense, not the agency they worked for (which was also sued). As the court notes, the agents cannot possibly hope to prevail by raising a defense the government determined didn't apply to the situation.

The Agent Defendants—officials sued in their individual capacities—are not the protectors of the state secrets evidence; the Government is. Accordingly, and because the Agent Defendants have not identified a reason they specifically require dismissal to protect against the harmful disclosure of state secrets where the Government does not, we decline to accept their argument that the Government’s dismissal defense must be expanded beyond the religion claims.

What the government did do is invoke FISA's protections against open discussion of counter-terrorist surveillance programs. The court reminds the government that the law was created in response to abusive surveillance programs deployed by the government -- abuses much like those central to this case. While it did eventually lend its name to more surveillance abuses following the 9/11 attacks, it was actually more of a reform effort in its original state. Since the government appears to have forgotten FISA's original aim, the appeals court delivers this reminder.

The inference drawn from the text of § 1806 is bolstered by § 1810, which specifically creates a private right of action for an individual subjected to electronic surveillance in violation of FISA. FISA prohibits, for example, electronic surveillance of a U.S. person “solely upon the basis of activities protected by the first amendment to the Constitution of the United States.” 50 U.S.C. § 1805(a)(2)(A). Here, Plaintiffs allege they were surveilled solely on account of their religion. If true, such surveillance was necessarily unauthorized by FISA, and § 1810 subjects any persons who intentionally engaged in such surveillance to civil liability. It would make no sense for Congress to pass a comprehensive law concerning foreign intelligence surveillance, expressly enable aggrieved persons to sue for damages when that surveillance is unauthorized, see id. § 1810, and provide procedures deemed adequate for the review of national security-related evidence, see id. § 1806(f), but not intend for those very procedures to be used when an aggrieved person sues for damages under FISA’s civil enforcement mechanism. Permitting a § 1810 claim to be dismissed on the basis of the state secrets privilege because the § 1806(f) procedures are unavailable would dramatically undercut the utility of § 1810 in deterring FISA violations. Such a dismissal also would undermine the overarching goal of FISA more broadly—“curb[ing] the practice by which the Executive Branch may conduct warrantless electronic surveillance on its own unilateral determination that national security justifies it.”

To sum up, the appeals court isn't willing to let the government (or its agents) claim this apparently-illegal surveillance is too sensitive to discuss in open court. The government will still get to submit evidence and arguments to the court in ex parte hearings if it wants to argue certain elements of the case cannot be discussed publicly, but it will not be granted a blanket exception it can use to dodge the litigation in its entirety. The court ends its decision by noting the government can't have this much power if it's not willing to accept the responsibility that comes with it.

In holding, for the reasons stated, that the Government’s assertion of the state secrets privilege does not warrant dismissal of this litigation in its entirety, we, too, have recognized the need for balance, but also have heeded the conclusion at the heart of Congress’s enactment of FISA: the fundamental principles of liberty include devising means of forwarding accountability while assuring national security.

Which is exactly how it should be. Unfortunately, too many courts take the district court's path and give the government all the secrecy it asks for.

Read More | 10 Comments | Leave a Comment..

Posted on Techdirt - 11 March 2019 @ 1:50pm

Auto Finance Company Sues Massachusetts City Over Its Unconstitutional Sale Of Seized Vehicles

from the money-v-power dept

An opponent of asset forfeiture has arisen from an unexpected place. Honda's finance division has taken the city of Revere, Massachusetts to court over the seizure and sale of a vehicle it still technically owned.

American Honda Finance Corp., based in California, alleged in its lawsuit filed Feb. 12 in U.S. District Court for the District of Massachusetts that its constitutional rights were violated when a Honda Civic was seized in 2016 by Revere's police department.

"Plaintiff brings this action to remedy a deprivation of its long-settled and fundamental rights to be free from unreasonable seizures and to due process of law under the United States Constitution," American Honda Finance Corp. said in its 13-page complaint.

The complaint [PDF] makes it clear the company thinks this is some bullshit: seizing and selling a vehicle that still belongs to the company holding the lien. Until the vehicle is paid off, Honda still owns the car. But Massachusetts law enforcement doesn't appear to care who owns the car so long as they get to profit from its sale. The narrative detailed in the lawsuit makes it clear zero effort was made to make the car's real owner aware of the city's plans for the seized car.

On or about November 2, 2016, HONDA obtained a purchase money security interest and lien in The Subject Vehicle.

On November 28, 2016, The Subject Vehicle was officially titled in the State of New York with Shanasia Hackworth recorded as the owner and HONDA recorded as the first priority lienholder.

On or about December 30, 2016, REVERE took possession and custody of The Subject Vehicle pursuant to REVERE’s police officers acting in the course of their duties as law enforcement officers.

On or about December 30, 2016, REVERE, through its police officers acting in the cause of their duties as law enforcement officers, and pursuant to laws enacted to further official state interests, directed Mario’s Service Center, Inc. to tow and detain The Subject Vehicle.

On or about December 30, 2016, Mario’s Service Center, Inc. towed The Subject Vehicle and retained The Subject Vehicle on behalf of REVERE as part of an “investigation.”

REVERE did not notify HONDA that The Subject Vehicle had been seized.

REVERE thereafter concluded its investigation. REVERE did not, thereafter, return The Subject Vehicle to HONDA or anyone else. Instead, REVERE authorized its agent, Mario’s Towing Service Center, Inc., to detain and dispose of the vehicle pursuant to Massachusetts G.L.c. 255, §39A.

REVERE did not notify HONDA that after the investigation ended that REVERE authorized Mario’s Towing Service Center, Inc. to detain and dispose of The Subject Vehicle.

REVERE did not ensure that its agent, Mario’s Towing Service Center, Inc., notified HONDA that REVERE had authorized detention and disposal of the Subject Vehicle.

On or about May 18, 2017, REVERE’s agent, Mario’s Towing Service Center, Inc., sold The Subject Vehicle and The Subject Vehicle was retitled through the Massachusetts Department of Transportation with HONDA’s lien not recorded on said title.

Under Massachusetts law the sale pursuant to Massachusetts G.L.c 255, §39A and subsequent retitling extinguished HONDA’s property interest in The Subject Vehicle.

At no time prior to the sale or retitling of The Subject Vehicle did REVERE or any person provide any notice to HONDA relating to The Subject Vehicle.

There's a genuine question of property interest in a vehicle whose title still resides with the financing company. This can't be the first time a company has complained about a vehicle of theirs being auctioned off without notice, but this is the first federal complaint I've seen directly challenging a state's seizure of vehicles from drivers who don't actually own the vehicles they're driving.

This was filed ten days before the Supreme Court held that certain forms of asset forfeiture violate Constitutional protections against excessive fines. Honda's complaint seems to anticipate the high court's displeasure with abusive forfeitures and pulls no punches in its description of the program the city of Revere participate in. (Emphasis in the original.)

Massachusetts G.L.c. 255, §39A effectuates the Commonwealth’s interest in enforcing traffic laws and in protecting the public from hazardous street conditions. The statute provides a means for the state to compensate private parties who assist the state by towing and storing vehicles at the direction of police. The statute has, however, fallen out of step with modern developments in constitutional law which confirm that a duly perfected security interest and lien in a vehicle is a constitutionally protected property right.

A program that takes property away from the property's true owner -- an entity completely disconnected from the underlying criminal activity/accusations -- appears to be a violation of the company's Constitutional rights, if not the greater protections given to property owners by the state's constitution. The suit alleges a host of violated rights, as well as conversion under state law, arguing the sale of the vehicle without notifying the lien holder is basically theft of Honda's property.

Is it going to take the deep pockets of pissed off corporations to finally make a serious dent in abusive forfeiture programs? It might. This case may be more tow-and-sell than most forfeitures, but the principle behind it -- the state depriving companies of their property without notice -- is identical. If this case adds to the judicial dialog on forfeiture programs, I'm all for it.

Read More | 56 Comments | Leave a Comment..

Posted on Techdirt - 11 March 2019 @ 3:29am

Thailand Decides To Make Its Terrible Cybersecurity Law Even Worse

from the this-baby-can-hold-so-many-domestic-surveillance-programs dept

More censorship and encryption-breaking is on the way, thanks to the Thai government's broad interpretation of the term "cybersecurity." The government has been leaning heavily on American social media companies to disappear content critical of… you guessed it, the government. To keep the king from being insulted too often (or for too long), the government is also exploring undermining website encryption and holding service providers directly (and criminally) responsible for the words and deeds of their users.

Another round of amendments has made Thailand's cybersecurity law worse. It seems almost impossible, given its history. And yet here we are, watching as the government gives itself everything it wants, leaving citizens with the dubious privilege of generating tons of data the government can access at will.

The bill (available in Thai) was amended late last year following criticism over potential data access, but it passed the country’s parliament with 133 positives votes and no rejections, although there were 16 absentees.

There are concerns around a number of clauses, chiefly the potential for the government — which came to power via a military coup in 2014 — to search and seize data and equipment in cases that are deemed issues of national emergency. That could enable internet traffic monitoring and access to private data, including communications, without a court order.

Naturally, everyone but the government is concerned about these amendments. The Asia Internet Coalition has issued a statement expressing these concerns. All of its concerns are valid. And, considering the history of this law and this government, all are likely to be ignored.

The bugs listed in the AIC's statement are considered features by a government that has a long history of silencing dissent and jailing critics.

Protecting online security is a top priority; however, the Law’s ambiguously defined scope, vague language and lack of safeguards raises serious privacy concerns for both individuals and businesses, especially provisions that allow overreaching authority to search and seize data and electronic equipment without proper legal oversight. This would give the regime sweeping powers to monitor online traffic in the name of an emergency or as a preventive measure, potentially compromising private and corporate data.

Vague language and a lack of safeguards. Overreaching authority and lack of oversight. That's exactly what the Thai government wants. This is deliberate. This is what's wanted by governments all over the world. The US government wants this. So does the Australian government. The UK government has spent most of the past decade refining its overreach and scaling back its oversight.

This isn't just a Thai problem. It's a government problem. But the Thai problem is made worse by its disturbing (and ancient) lese majeste laws, which add some old school twists to its cyber pretensions. But the script is otherwise identical: the same ideas pushed by other governments, using the same "security" pitch to strip citizens of their protections and privacy.

36 Comments | Leave a Comment..

Posted on Techdirt - 8 March 2019 @ 7:39pm

Court Says Lawsuit Over Fake Subpoenas Issued By Louisiana DA's Office Can Proceed

from the fake-it-til-you-break-it dept

There's a very slim chance some New Orleans prosecutors might have to pay for their threats and lies. But a slim chance is better than none. The Orleans Parish DA's office was caught using fake subpoenas to coerce cooperation from witnesses and victims of crimes -- a practice it had engaged in for decades before being hit with multiple complaints and lawsuits.

Prosecutors sent out bogus subpoenas -- all bearing the threats of fines and imprisonment -- to hundreds of witnesses over the past several years. None of these were approved by courts overseeing ongoing prosecutions. None of the subpoenas were issued by the Clerk of Courts. The DA's office was simply cranking out fake subpoenas and hoping recipients would be too intimidated by the threat of jail time to question the veracity of the documents.

Lawsuits followed the public exposure of this underhanded tactic. One of the lawsuits, filed by a number of crime victims who'd been served the bogus subpoenas, has received the green light to proceed from a federal court in Louisiana. (h/t CJ Ciaramella)

Unfortunately, there's a ton of hurdles that need to be overcome by the plaintiffs. If you think qualified immunity shields too much official wrongdoing, just wait until you run up against absolute immunity, which tends to protect those operating above law enforcement's pay grade: prosecutors and judges.

Fortunately for the plaintiffs, the crap the DA's office pulled with its fake subpoenas is shady enough to strip away some of this protective layer. As the court notes in its opinion [PDF], the DA's office has never had the power to issue its own subpoenas. That it has been doing exactly this is a serious problem.

Allegations that the Individual Defendants purported to subpoena witnesses without court approval, therefore, describe more than a mere procedural error or expansion of authority. Rather, they describe the usurpation of the power of another branch of government.

"Ends justifies the means" is rarely a successful defense. But that's what the DA's office has offered. The judge rejects it:

Furthermore, that the alleged activity by the Individual Defendants took place as a means to a prosecutorial end is not dispositive of the issue. Under that logic, virtually all activity engaged in by a prosecutor would be absolutely immune from civil liability.

And with that, one layer of immunity disappears.

This Court finds that granting the Individual Defendants absolute immunity for allegations of systematic fraud that bypassed a court meant to check powerful prosecutors would not protect the proper functioning of a district attorney’s office. It would instead grant prosecutors a license to bypass the most basic legal checks on their authority. The law does not grant prosecutors such a license.

Unfortunately, the prosecutors are covered by absolute immunity for threatening witnesses with arrest to ensure they gave testimony or attended hearings. As screwed up as this sounds, victims of crimes can be thrown in jail to make sure prosecutors can speak to them. Totally legal. All just part of our judicial sympathy for zealous prosecutions. Threatening someone with jail time in person is perfectly fine. It's only the use of fake paperwork -- and bypassing the court system -- that's not protected.

Although the distinction is an admittedly fine one, threatening to imprison a witness to compel cooperation in a criminal prosecution while possessing the lawful means to follow through on that threat is not the same as manufacturing documents in violation of the lawful process for obtaining court-approved subpoenas for witnesses. Threatening witnesses—particularly verbally—with imprisonment to further witness cooperation in an active criminal prosecution seems to this Court to fall into the category of “pursuing a criminal prosecution” as an “advocate for the state.” Holding that such conduct fell outside the protections of absolute immunity would, in fact, potentially subject prosecutors to civil liability for exercising authority they lawfully possess under the law of Louisiana and many other states.

Just as unfortunately, the same behavior the court found couldn't be protected by absolute immunity can be shielded by qualified immunity, at least as far as the plaintiffs' violation of due process claims.

Plaintiffs’ allegations that prosecutors manufactured “subpoenas,” deliberately side-stepping judicial oversight of the subpoena process, appears to this Court to represent a breed of official misconduct. Claims that the practice was not only condoned but directed by top prosecutors and the DA himself only make the allegations more disturbing. This Court believes that Plaintiffs’ claims sufficiently shock the conscience such that they allege a constitutional violation.

Nevertheless, the Individual Defendants are entitled to qualified immunity on these claims. Plaintiffs fail to cite to any case law suggesting that the Defendants’ violated a clearly established right of Plaintiffs.

The court clearly thinks the manufacture of subpoenas is reprehensible, but can't find precedent to make it stick. And since it can't craft a bright line itself, prosecutors can continue to abuse subpoenas until a higher court decides enough abuse is enough.

A few more claims survive the layers of protective immunity. Four plaintiffs are able to show at this point that the DA's office also fudged the truth on "material witness" warrant affidavits. A few plaintiffs can also move ahead with First Amendment claims -- allegations that the combination of fake subpoenas and actual material witness arrest warrants resulted in compelled speech: testimony extracted by prosecutors using these tools as leverage. Those claims will move forward along with the narrowed allegations of abuse of process the court said can't be shielded by absolute immunity.

It's a very limited win for some of the plaintiffs. And it's not even a real victory yet. This opinion allows certain claims to move forward and removes a little immunity. It gives the plaintiffs a small chance to hold some of the Orleans Parish DA's Office personally responsible for abusing the court system and the public's trust for decades.

Read More | 38 Comments | Leave a Comment..

Posted on Techdirt - 8 March 2019 @ 3:29pm

California Supreme Court Rejects Second Attempt By Cops To Jump The Judicial Queue Over Police Misconduct Records

from the back-of-the-line,-buddy dept

California cops hoping to hide their past misdeeds from the public are going to have to get by without the help of the state's highest court. A new law went into effect January 1st, opening up police misconduct records to the public for the first time in the state's history.

With few exceptions, law enforcement's response has been to pretend the law's reach doesn't extend retroactively. This runs contrary to the intent of the law as clarified directly to the courts and the state attorney general's office by the law's author, Senator Nancy Skinner.

Several lawsuits have been filed -- some by records requesters and some by law enforcement agencies. Both are seeking a declaration from the courts that their side is the right side. So far, two state courts have sided with requesters, stating that the law is retroactive.

Just after the law took effect, the Sheriff's Employees' Benefit Association petitioned the state supreme court directly, asking for a ruling on the law's reach. This request was denied by the court without comment, suggesting the state's top court was happy to let the lower courts handle this determination.

For a second time, the state supreme court has rejected a premature examination of the law. Scott Shackford at Reason has more details:

After a Los Angeles Superior Court judge ruled against unions for the Los Angeles County Sheriff's Department and the Los Angeles Police Department, one union asked the state Supreme Court to weigh in. On Wednesday, the high court declined, leaving in place the lower court's decision.

The court rejected this request without comment, wordlessly reiterating its stance on the issue: let the court system do its work and stop trying to jump the turnstile. The next step for disappointed fans of opacity are the states' appeals courts, not the one at the top of the judicial food chain.

From what we've seen so far, it seems unlikely the uniformed anti-transparency activists will prevail. The two courts to return rulings have stated the law affects pre-2019 police misconduct records. The state attorney general's deliberate obtuseness hasn't budged the judicial needle. Eventually -- but hopefully sooner than later -- public records requesters will have a clear answer and complete access to records detailing the impropriety and abuse their tax dollars have paid for.

24 Comments | Leave a Comment..

Posted on Techdirt - 8 March 2019 @ 1:32pm

Clapper Continues To Pretend He Didn't Lie To Congress About Domestic Surveillance Programs

from the six-years-of-deflection dept

James Clapper is going to take his Section 215 lie to his grave. One day after the first Snowden leak exposed the breadth of the NSA's phone metadata program, Sen. Ron Wyden asked the then-Director of National Intelligence if the agency collected data on Americans. Despite published documents clearly showing otherwise, Clapper went with this answer:

Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

Clapper: No sir.

Wyden: It does not?

Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.

Since everyone clearly knew he was lying, Clapper spent the next several days claiming he wasn't. First, he said he meant the NSA wasn't "voyeurestically" reading everyone's emails. Good, but not what Wyden asked. Then he said it was the only response he could give to Wyden's "when did you stop beating your wife" question. Then he claimed he thought Wyden was asking about another collection entirely: the foreign-facing Section 702 program (which does, inadvertently, collect a lot of US person data/communications).

This is the legacy Clapper has secured for himself. He won't be remembered for his IC leadership or his post-IC career talking headmanship. Nope, it will be his super-weak, super-transparent lie, delivered to a US Senator against a backdrop of leaked documents showing the NSA did "wittingly" collect data on hundreds of millions of Americans.

Nearly six years later, Clapper is telling the same story to anyone who asks him about this hearing, ensuring the word "Clapper" and "lie" will remain inseparable. The Section 215 program Clapper was alluding to -- the program exposed in the first Snowden leak -- is back in the news, thanks to an unexpected early retirement.

In an interview with CNN about the surprise Section 215 shutdown, Clapper again pretended he didn't know what program he was being asked about.

“As far as the comment, the allegation about my lying, I didn’t lie, I made a big mistake and I just simply didn’t understand what I was being asked about. I thought of another surveillance program, Section 702 of the Foreign Intelligence Surveillance Act when I was being asked about Section 215 of the Patriot Act at the time, I just didn’t understand that...”

Clapper's repetition of this excuse hasn't made it any more believable. None other than Senator Ron Wyden popped up on Twitter to point out Clapper's lies about his lie.

If you can't see/read the tweet, it says:

James Clapper needs to stop making excuses for lying to the American people about mass surveillance. To be clear: I sent him the question in advance. I asked him to correct the record afterward. He chose to let the lie stand.

That's the face of IC leadership, as portrayed by James Clapper. Clapper managed to exit the public sector unscathed, turning over a limping surveillance ship to his successor while stepping into the private sector with no threat of punishment hanging over his head. He lied to Congress and got away with it. And he's going to spend the rest of his life pretending he didn't.

27 Comments | Leave a Comment..

Posted on Techdirt - 8 March 2019 @ 10:46am

Trump Administration Rolls Back Obama's Last-Minute Drone Strike Reporting Requirements

from the public-is-purchasing-civilian-deaths-and-the-gov't-won't-even-give-it-a dept

After years of increasing overseas drone strikes, the Obama administration briefly attempted to salvage its reputation. Having turned countries like Syria and Yemen into the Killingest Places on Earth, Obama drafted a few rules to rein in the use of drones. A charitable take was that he recognized the blowback caused by these strikes, which tended to result in the unintended killing of civilians. A less charitable take is he recognized he might be turning these powers over to the Republicans and wanted to tie them up with restrictions he would have never placed on his own administration.

One of the few positive steps Obama took was mandating periodic reporting on drone strikes to assess the amount of collateral damage caused by these attacks, presumably in hopes of further reducing civilian casualties. Obama's executive order instituted yearly reporting that would (eventually) be passed on to the public.

Report on Strikes Undertaken by the U.S. Government Against Terrorist Targets Outside Areas of Active Hostilities. (a) The Director of National Intelligence (DNI), or such other official as the President may designate, shall obtain from relevant agencies information about the number of strikes undertaken by the U.S. Government against terrorist targets outside areas of active hostilities from January 1, 2016, through December 31, 2016, as well as assessments of combatant and non-combatant deaths resulting from those strikes, and publicly release an unclassified summary of such information no later than May 1, 2017. By May 1 of each subsequent year, as consistent with the need to protect sources and methods, the DNI shall publicly release a report with the same information for the preceding calendar year.

The problem with instituting policies via executive orders is they can be undone using the same process. It appears the Trump Administration isn't willing to abide by the rules the previous administration left for it to deal. Trump's executive order rescinds Obama's directive, allowing this administration to operate with the same opacity the previous administration enjoyed for its duration.

And we can't even say Obama's reporting requirement was great while it lasted. It went into force July 1, 2016. By the time the first reporting period rolled around in 2018, a different president was in office. As Charlie Savage points out for the New York Times, the new order simply codifies this administration's failure to publish the first required report.

Mr. Trump’s revocation of the disclosure rule amounted to a belated acknowledgment that his administration had already changed the Obama policy in practice: The director of national intelligence never put out a report about bystander casualties in 2017, even though the Obama-era order requiring one remained on the books last year, when the report was due out.

Trump's order claims the reporting is redundant as there are other drone strike reports already mandated by law. But this revocation gives the CIA -- an agency that has "acquired a taste" for deadly drone strikes -- complete opacity. The reporting requirements left untouched by Trump's order only affects Defense Department drone operations. The CIA's operations -- often carried out away from areas declared war zones by the US government -- will continue to operate under the radar, safely shielded from the eyes of the public.

We don't know if the CIA's use of drone strikes has kept pace with the DoD's escalation. And we may never find out. But one thing's for certain: the Trump Administration will be deploying far more drone strikes than the drone-happy Obama Administration. This can be gleaned by the few strike numbers that have been made public by the Defense Department, as collated here by Steve Niva, the editor of the Middle East Report.

Trump promised during the campaign to “bomb the shit” out of ISIS and it appears to be one of the few promises he has kept. Trump inherited from Obama an escalating war against ISIS in Iraq and Syria, but both conventional bombing and drone strikes have significantly increased under Trump as a result of his new ISIS battle plan, whose strategy Defense Secretary James Mattis defines as “annihilation tactics.”

[...]

[I]n the past three years, the number of military drone strikes there has also climbed, from 304 in 2015, to 376 last year, to 362 through the first eight months of Trump’s presidency. At this pace, 2017 will exceed previous yearly tallies.

Increasing deployments while decreasing transparency: that's the Presidential way. It worked for Obama for all eight years he was in office. On the way out the door, he made a futile gesture in response to an escalation in civilian deaths -- one ignored by the CIA and now granted an executive erasure by the new boss. We, as a nation, kill people based on metadata. And no one at the top feels obligated to hand over any data at all on these killings to the public that's funding these deaths.

15 Comments | Leave a Comment..

Posted on Techdirt - 8 March 2019 @ 9:19am

California Attorney General Doubles Down On Threatening Journalists For Possessing Convicted Cops List

from the I-guess-the-Constitution-only-protects-bad-cops dept

California Attorney General Xavier Becerra has decided there's too much First Amendment in his state. First, he ignored clarification provided directly to him by the author of the state's new public records law to declare past police misconduct records off limits. Claiming the question of retroactivity was still open, Becerra denied public records requests seeking documents created prior to January 1, 2019.

His next potshot at the First Amendment occurred shortly thereafter. Journalists from UC Berkeley received a list of convicted California police officers in response to a records request. The list covered 10 years of convictions and contained 12,000 names. At this point, the journalists have not published the full list. But they have been vetting the list to prep for publication.

That's where AG Becerra stepped in. He told the journalists it was illegal for them to possess "confidential information" they obtained lawfully through a public records request. He's wrong, of course. It is not illegal to possess documents received via public records requests even if the government entity has mistakenly sent you the wrong documents.

As for the "confidential" claim, any convictions would already be public records, seeing as prosecutions are handled by the state's court system. What the list does is provide one-stop shopping for bad cops, which is what law enforcement agencies are doing when they run applicants against this list.

So far, only three officers' names have been published. AG Becerra is trying to ensure those three names are the only ones the public will ever see. If the First Amendment needs to be damaged to protect bad cops, that's a sacrifice he's willing to make.

In a statement provided to Freedom of the Press Foundation on Wednesday, a spokesman for the California Department of Justice doubled down on the contention that the journalists are breaking the law:

“The UC Berkeley Investigative Reporting Program is not an entity permitted to possess or use this confidential data. The UC Berkeley Investigative Reporting Program chose to publish the confidential information of Californians despite being alerted by the Department of Justice that doing so was prohibited by law.”

The AG's office is still threatening the reporters with criminal charges simply for possessing the list. But even if the journalists publish the list in full, it's unlikely any court will support Becerra's decision to pretend the First Amendment doesn't exist. Both the act of requesting public records and the publication of obtained records are protected speech. AG Becerra has nothing to work with here, but he's publicly demonstrating his willingness to do whatever it takes to protect the state's bad cops.

Worse, he's doubled down. When AG Becerra was asked for clarification by the Freedom of the Press Foundation, he had this to say:

“We always strive to balance the public’s right to know, the need to be transparent and an individual’s right to privacy. In this case, information from a database that’s required by law to be confidential was released erroneously, jeopardizing personal data of individuals across our state. No one wants to shield criminal behavior; we’re subject to the rule of law.”

If Becerra has a problem with "jeopardizing personal data," the only action he should be taking is against the government entity that (supposedly) breached the law by releasing it to reporters. Becerra's nod to "rule of law" is especially rich. The Constitution is part of the "law" Becerra professes allegiance to. But it's clear he'd rather cover up for his cop buddies than respect the parts of the law that restrain his ability to punish people for protected speech.

31 Comments | Leave a Comment..

Posted on Techdirt - 7 March 2019 @ 11:58am

CBP Put A Bunch Of Journalists, Immigration Lawyers, And Activists On A Secret Watchlist

from the fuck-the-Constitution-I-guess dept

Leaked documents obtained by an NBC affiliate show the government has taken a direct interest in journalists and activists covering the many, many happenings at our southern border. But the government isn't interested in keeping them safe or giving them the space to do their jobs. Nope, the CBP has been treating journalists like suspected criminals, hauling them in for hours of questioning and examining the contents of their phones and laptops.

Oh well. I guess the First Amendment had a good run.

Documents obtained by NBC 7 Investigates show the U.S. government created a secret database of activists, journalists, and social media influencers tied to the migrant caravan and in some cases, placed alerts on their passports.

[...]

One photojournalist said she was pulled into secondary inspections three times and asked questions about who she saw and photographed in Tijuana shelters. Another photojournalist said she spent 13 hours detained by Mexican authorities when she tried to cross the border into Mexico City. Eventually, she was denied entry into Mexico and sent back to the U.S.

The documents (which appear to be screenshots of the CBP database) show an extensive list of journalists and activists, along with notes stating whether or not the person was interviewed and/or placed on a CBP "alert" list. The surveillance of protected First Amendment activities is apparently part of the DHS's "Operation Secure Line," which monitored the caravan travelling through Mexico to the US border.

Here's who's on the list, according to NBC 7's investigation:

The individuals listed include ten journalists, seven of whom are U.S. citizens, a U.S. attorney, and 47 people from the U.S. and other countries, labeled as organizers, instigators or their roles “unknown.” The target list includes advocates from organizations like Border Angels and Pueblo Sin Frontera.

The CBP's first statement said this all just normal border-protecting stuff. According to its initial deflection, adding journalists and activists to watchlists that targeted them for enhanced screening and other unpleasantness is all part of the government's plan to address the multiple caravans headed for our borders. The CBP statement does not explain why targeting lawyers, activists, and journalists is considered an appropriate use of government resources. In fact, it doesn't attempt to address the database and its contents at all.

And it's not just secondary screenings and hours-long interviews of people engaging in protected speech. The DHS is apparently compiling entire dossiers about this group of targets -- none of which is suspected of participating in criminal behavior. According to a DHS source quoted in the article, the agency doesn't have the authority to compile information on people not suspected of criminal activity. As the unnamed person notes, DHS isn't an intelligence agency. It's a law enforcement agency.

CBP now appears to be in panic mode. An update added to the story indicates the agency is throwing any justification it can against the wall in hopes of something sticking.

Minutes after our story published and five days after a Customs and Border Protection spokesperson gave us the agency's statement above, CBP told our colleagues at NBC News that the names in the database are all people who were present during violence that broke out at the border in November. The agency also said journalists are being tracked so that the agency can learn more about what started that violence. CBP never clarified that point directly to NBC 7 Investigates.

Even this hasty course correction is a spectacular failure of logic. The CBP is investigating a confrontation at the border... by placing journalists, lawyers, and activists under surveillance? That makes no sense. The CBP can speak to these people without placing them on an alert list and subjecting them to enhanced screening and device searches. If the agency needs to interview witnesses, there are processes for that -- none of which look like an attempt to chill press freedom and pro-immigrant activism at the border.

41 Comments | Leave a Comment..

Posted on Techdirt - 7 March 2019 @ 9:43am

FBI Director Chris Wray Needs To Shut The Fuck Up About Encryption

from the SHOW-YOUR-WORK dept

FBI Director Chris Wray is still hoping to sell Americans on trading away their security for a little bit of law enforcement convenience. Wray believes the only way the FBI and other agencies will ever keep up with criminals is to do away with encryption. The "going dark" campaign may have started with Jim Comey, but Wray has proven to be every bit as obtusely tenacious as his predecessor.

Wray's latest anti-encryption pep talk occurred at the RSA Conference. CNET reports the FBI director delivered another misguided, but impassioned, speech in defense of making everything worse for everyone but the FBI.

Encryption should have limits. That's the message FBI Director Christopher Wray had for cybersecurity experts Tuesday. The technology that scrambles up information so only intended recipients can read it is useful, he said, but it shouldn't provide a playground for criminals where law enforcement can't reach them.

"It can't be a sustainable end state for there to be an entirely unfettered space that's utterly beyond law enforcement for criminals to hide," Wray said during a live interview at the RSA Conference, a major cybersecurity gathering in San Francisco.

Wray can't honestly define where encryption should stop and law enforcement access begin. All he can do is claim the status quo isn't working because sometimes the FBI can't get into a seized device. But how many times is encryption actually bringing an investigation to a halt? That's something Wray won't talk about, even though he has access to this information.

What CNET charitably calls a "back and forth" conversation between Chris Wray and tech companies is actually nothing more than Wray complaining about encryption and ignoring everything he hears back from the companies that would be affected.

Wray needs to take his anti-encryption ball and go home. Not because I disagree with him, but because the FBI has handled this "conversation" disingenuously since day one. The "going dark" narrative hasn't been backed by evidence or facts. The FBI misrepresented the number of uncrackable devices it had in its possession for more than three years. Once legislators started demanding proof, the FBI discovered it had no idea how many devices it had on hand.

No further details have been delivered by the FBI, but it's safe to assume the original estimate of 8-9,000 devices is actually less than a quarter of that. But we don't know what the actual count is because the FBI has yet to issue an updated number.

The FBI said it would recount the devices and get back to us. As of March 6th, it has been 281 days since the FBI started replacing statements of 8,000+ locked devices with asterisks and footnotes. This is why Wray needs to shut his mouth. Until his agency delivers the real number of locked devices, we don't need to entertain his anti-encryption dreams. If he and his agency are unwilling to have a real conversation about device encryption -- one containing actual facts about locked devices and their impact on investigations -- no one should grant him or his comments any credibility.

63 Comments | Leave a Comment..

Posted on Techdirt - 6 March 2019 @ 3:35pm

California Legislators Want To Make It More Difficult For Records Requesters To Get Documents From The Government

from the mandated-chain-yanking dept

The California legislature handed the public a win by making police misconduct records obtainable through records requests. The transparency very few law enforcement agencies are welcoming is still being litigated, but going forward it seems clear cops will no longer be able to hide their misconduct behind a wall of government-enabled opacity.

I guess California legislators believe some sort of transparency equilibrium must be maintained. They've introduced a bill that will make it more difficult for requesters to obtain documents. (via Dave Maass) The bill amends the state's public records law to create another hoop for requesters to jump through before they can get a hold of documents the law says are rightfully theirs.

Here's the key amendment:

Before instituting any proceeding for injunctive or declarative relief or writ of mandate in any court or competent jurisdiction, the person shall meet and confer in good faith with the agency in an attempt to informally resolve each issue. The person or their attorney shall file a declaration stating that this meet and confer process has occurred at the time that proceedings are instituted.

This may seem like a minimal imposition, but it really isn't. Only a small percentage of public records requesters live close to the agencies they're seeking to obtain documents from. Even if they are nearby, the law allows agencies to set the agenda. Agencies take as long as they want to set up a meeting, pushing rejected requests past the law's upper limits for responses.

Even if agencies allow these conferences to happen by phone, requesters are still at the mercy of agencies that are in no hurry to return responses. This is just another way for agencies to stonewall requesters in hopes of deterring them from following through on their requests.

The litigation option is being delayed for no discernible purpose. Few things motivate recalcitrant government agencies like lawsuits. This is a gift to uncooperative agencies, presented as a common sense solution to the costs of litigation. Sure, in a perfect world, these discussions could head off pricey lawsuits. But the world we actually live in requires litigation a great deal of the time because few government agencies are truly responsive to records requesters.

And it's all going to end up in court anyway. The court will now have to rule first on whether a good faith effort was made prior to the filing, which will result in more expenses incurred by both parties as they attempt to persuade a judge an attempt was or wasn't made by one party. There's nothing in the law that punishes agencies for screwing around with requesters and no time limit is placed on the mandated meetings.

Hopefully, this new requirement will never make its way into law. If it does, it should be challenged immediately on the grounds that it violates rights guaranteed by the state. If state legislators are truly concerned about the ever-escalating cost of public records litigation, they should focus their time and energy cracking down on agencies with track records of unresponsiveness, rather than just make it more difficult to force records out of these agencies' hands.

22 Comments | Leave a Comment..

Posted on Techdirt - 6 March 2019 @ 10:45am

The NSA Appears To Have Shut Down Its Bulk Collection Of Phone Records

from the program-so-valuable-no-one-could-find-a-use-for-it dept

The program considered so "essential" NSA defenders said it couldn't even be slightly modified is apparently no longer in use. During a recent Lawfare podcast, national security advisor Luke Murry dropped a bit of a bombshell. Charlie Savage summarizes Murry's comments:

The National Security Agency has quietly shut down a system that analyzes logs of Americans’ domestic calls and texts, according to a senior Republican congressional aide, halting a program that has touched off disputes about privacy and the rule of law since the Sept. 11 attacks.

[...]

Mr. Murry brought up the pending expiration of the Freedom Act, but then disclosed that the Trump administration “hasn’t actually been using it for the past six months.”

“I’m actually not certain that the administration will want to start that back up,” Mr. Murry said.

Murry is referring to the Section 215 bulk data collection. Exposed by the Snowden leaks, Section 215 was modified by the USA Freedom Act, which went into effect June 2015. The biggest modification was where the records were stored. The NSA could no longer collect all phone records from providers and search through the data at its leisure. Instead, it had to provide telcos with lists of targeted numbers. The data remained in the hands of service providers, with the NSA only having access to suspicion-supported phone records.

The alterations to the Section 215 program resulted in the NSA purging a bunch of records that didn't fit the new parameters. The NSA finally let go of a few of its haystacks, conveniently destroying records integral to multiple lawsuits against the agency. The USA Freedom Act modifications -- combined with the NSA's long history of abusing its collection authorities -- seem to have made it impossible for the NSA to continue utilizing its phone records collection program.

The bulk records collection is now in the hands of telcos, resulting in a slimmed-down dataset the NSA didn't seem particularly enthused to have. Apparently the program is as useless as critics have said it is. The NSA has gone at least six months without asking for data via this authority. This program is due for renewal at the end of this year, but the comments made to Lawfare suggest the NSA may be content to let it expire.

Marcy Wheeler suggests a few underlying motivations for the NSA's abandonment of the Section 215 collection -- and one might be the Supreme Court's extension of Fourth Amendment protections to cell site location info.

[This] suggests that the problem with the records may not be the volume or the content turned over, but some problem created either by the specific language of the law or (more likely) the House Report on it or by the Carpenter decision. Carpenter came out on June 22, so technically after the NSA claims to have started deleting records on May 23. It also may be that the the NSA realized something was non-compliant with its collection just as it was submitting the 6th set of 180-day applications, and didn’t want to admit to the FISC that it had been breaking the law (which is precisely what happened in 2011 when the government deleted all its PRTT records).

Wheeler says the NSA may have been asking for location data as well to better track the phones it targeted. The IC may have seen the writing on the third-party wall following the Supreme Court's oral arguments in November 2017. This may account for its plug-pulling a month ahead of the decision's release.

Or it may be something far less respectful of the Constitution. It could be the NSA has found another way to collect this same data without having to run it by the newly-adversarial FISA court. As Wheeler points out, Section 215 may have been restricted but the powers granted by Executive Order 12333 continue to expand.

Whatever the real motivation, it appears the domestic surveillance program that never prevented a terrorist attack will continue to never prevent terrorist attacks. The upside is we may not be throwing any more tax dollars at a national security program that adds nothing to our nation's security.

12 Comments | Leave a Comment..

More posts from Tim Alloysius Cushing >>