Posted on Techdirt - 2 December 2016 @ 7:39pm
We've written plenty of posts about police body cameras -- how useful they can be and how useless they often are. What should result in additional law enforcement accountability has been turned into a mostly-optional documentation system. The new tech and its accompanying guidelines have done very little to increase accountability.
Body cameras are pretty much mainstream at this point, but when excessive force and/or misconduct are alleged, footage captured by police is often nonexistent. Officers disable recording equipment, delete footage, or simply claim the camera "malfunctioned." Some repeatedly "forget" to activate their cameras ahead of controversial arrests and interactions.
But what can be done about it? So far, law enforcement agencies have done little but promise to create more policies and guidelines -- ones that can continue to be ignored by officers who'd rather not create a permanent record of their actions. There's been some discipline, but what little of it there is hasn't been very severe. And stories of repeated tampering with recording devices in some agencies suggests what is in place isn't much of a deterrent.
The ACLU of Massachusetts has a suggestion: if missing/incomplete recordings are central to a prosecution or a civil rights lawsuit, a better deterrent might be to allow juries to impose evidentiary consequences for failures to record. From the ACLU's "No Tape, No Testimony" report [PDF]:
This instruction would tell the jury that, if it finds that the police unreasonably failed to create or preserve a video of a police-civilian encounter, it can devalue an officer’s testimony and infer that the video would have helped the civilian. If the jury finds that the case involves bad faith, such as the outright sabotage of body cameras, then it should be instructed to disregard officer testimony altogether.
This all tracks back to multiple lies told by officers that have been uncovered by cameras carried by citizens. In the Walter Scott shooting, the officer's narrative of a struggle over a Taser was rebutted by a cell phone recording that showed the officer shoot Scott in the back while he ran away from him and then dropping something that looked like the officer's Taser next to Scott's dead body. The ACLU's report lists several other shootings -- like Laquan McDonald's -- in which recordings directly contradicted official police reports.
While this instruction may encourage some officers to record more questionable arrests and stops, it may also encourage more law enforcement agencies to unofficially instruct officers to hold off on writing reports until after they've reviewed recordings. If there's no way of salvaging the incident, recordings will probably continue to disappear, but at least the officer's testimony will disappear right along with it, should the jury decided the missing/incomplete recording was a "bad faith" effort.
Officers have long relied on "our word against yours" to win testimonial battles. But if an officer cannot produce a recording of an encounter, lesser weight should be given to an "eyewitness" whose testimony could have easily been verified but who chose not to document the incident.
Read More | 1 Comments | Leave a Comment..
Posted on Techdirt - 2 December 2016 @ 11:49am
Thanks to the EFF's efforts, another set of National Security Letters have been published and their recipient freed to discuss them. CREDO Mobile received two NSLs in 2013 -- both accompanied with the usual indefinite gag order. The NSLs [PDF 1] [PDF 2] requested a wealth of data on three of CREDO's customers -- including all call records, financial information (credit cards used, etc.), and personal information (name, address, etc.) -- dating back to April 2008.
CREDO challenged the constitutionality of the indefinite gag orders as well as the constitutionality of the NSLs themselves.
“A founding principle of CREDO is to fight for progressive causes we believe in, and we believe that NSLs are unconstitutional. These letters, and the gag orders that came with them, infringed our free speech rights, blocking us from talking to our members about them or discussing our experience while lawmakers debated NSL reform,” said Ray Morris, CREDO CEO. “We were proud to fight these NSLs all these years, and now we are proud to publish the letters and take full part in the ensuing debate.”
CREDO's challenge to the gag order was upheld [PDF] by a federal judge in March, who struck it down when the FBI failed to show a need for the continued secrecy. This decision was held pending the FBI's appeal, but the government apparently decided this wasn't a battle it wanted to fight and dropped its appeal of the court's order.
The government's decision to drop the appeal highlights one of the (many) problems with NSLs. These are self-issued administrative orders subject to very little, if any, oversight. The FBI can issue as many of these as it wants without ever having to get a judge involved. Every one of these arrives with an indefinite gag order attached, forcing recipients to lawyer up if they want to challenge the government's demands for secrecy.
The government clearly felt it couldn't demonstrate why this gag order should still be in place. But the government doesn't have to justify its demands for secrecy at the point the NSL is issued. It only needs to do this if challenged in court. While some judges have expressed an interest in periodic reviews of NSLs to determine the need for ongoing secrecy, these conclusions are the exception rather than the rule.
That judges are the ones making this determination is another part of the problem. In response to the USA Freedom Act, the DOJ instituted a policy requiring a "periodic" review of issued NSLs. Unfortunately, that's all it does. There's no definition attached to "periodic," which means the review could happen every few years… or never.
The constitutionality of the orders themselves should still be actively challenged. While much of what is sought with these falls under the very generous definition of "third party records," the lack of any oversight or judicial review makes these the go-to tool for the FBI -- which has been known to issue NSLs when its warrant requests are turned down by federal courts. Throw an indefinite gag order on it, and the FBI can pretty much ensure complete compliance from recipients, whose only option is to fight an often-futile legal battle against the government.
Read More | 7 Comments | Leave a Comment..
Posted on Techdirt - 2 December 2016 @ 3:27am
The Ninth Circuit Court of Appeals has affirmed [PDF] the dismissal of a copyright infringement suit brought against Electronic Arts by Robin Antonick, a programmer who worked on the Apple II version of the game Madden back in the mid-80s.
Antonick was locked out of royalties for other versions of the game by the software company, but alleged Electronic Arts did nothing more than copy his code when porting it to other platforms -- creating a "derivative work" that he was supposedly entitled to collect royalties on. Antonick might have had a case. But while allegations are nice…
In 2011, Antonick brought this diversity action against EA, seeking contract damages in the form of unpaid royalties for Sega Madden and Super Nintendo Madden. [...] Antonick produced evidence that Park Place was rushed and inadequately staffed, and argued that it copied his code to meet the demanding deadline for the first Sega Madden. Antonick’s expert, Michael Barr, opined that Sega Madden was substantially similar to certain elements of Apple II Madden. In particular, Barr opined that the games had similar formations, plays, play numberings, and player ratings; a similar, disproportionately wide field; a similar eight-point directional system; and similar variable names, including variables that misspelled “scrimmage.”
…evidence is better.
But neither the source code for Apple II Madden—the “Work”— nor the source code of any allegedly infringing works were introduced into evidence. Nor were images of the games at issue introduced.
Not that evidence (or a lack thereof) apparently mattered to the jury. It found that EA had created a derivative work with its Sega version of Madden, but the court found (post-verdict) that Antonick had not produced any evidence clearly pointing to copyright infringement. Without that evidence, Antonick is out of luck when it comes to his contract/royalty claims.
Antonick tried to route around this obstacle by claiming EA had both the opportunity and the motive to copy his work. On top of that, he tried to pursue this as a "look and feel" case while still relying on the supposedly-copied code as the basis for his claims. The Ninth Circuit found these arguments -- and Antonick's witness -- unpersuasive.
[T]he lay testimony was about how the games appeared, not how they were coded—and Antonick does not assert a copyright interest in Apple II Madden’s audiovisual appearance, only in its coding.
Antonick argues that copying was shown by testimony of Michael Kawahara, an Apple II Madden assistant producer. When asked whether he recognized any of the plays in Sega Madden from Apple II Madden, Kawahara answered affirmatively, stating that “[it] was – well, since the interface was – well, it was the same as we used in the Apple II. It was very easy to look at all of the plays in the Genesis version and they looked identical . . . to the original Apple II version.” This comment, however, does not establish that the source code for the two games were substantially similar. Kawahara had no programming responsibilities for Apple II Madden; did not understand the Apple II Madden code; did not see the Sega Madden code; and admitted that he had no knowledge about differences in the games’ codes.
A statement entered into evidence by the plaintiff -- introduced to back up Antonick's claim about EA's motive/opportunity to copy the source code -- only made the case weaker.
Antonick also cites a statement by Richard Hilleman, an EA representative, that it was “possible” he had told an interviewer that “the Sega game took the system’s approach from Mr. Antonick’s game and just simply put a different aesthetic on top of it.”
This is an area that often trips up those deeply reliant on IP protections but surprisingly uninformed about what those protections actually cover. The Appeals Court straightens out this popular misconception.
But, an “approach” is an idea that cannot be copyrighted—only its expression in code is protectable—and Sega Madden could have used Apple II Madden’s “approach” to football video games without violating the copyright laws.
That's the minor failure of the suit -- mistaking ideas for expression. The ultimate failure is Antonick's inability to back up his assertions with actual evidence. Infringement claims with no evidence presented pushed Antonick into resorting to "look and feel" claims, which are notoriously difficult to turn into courtroom victories.
Read More | 7 Comments | Leave a Comment..
Posted on Techdirt - 1 December 2016 @ 2:40pm
The amendments to Rule 41 are now law, thanks to Sen. John Cornyn, who prevented bills opposing the immediate adoption of the changes from being debated.
Sens. Ron Wyden (D-Ore.), Steve Daines (R-Mont.) and Chris Coons (D-Del) took to the floor and unsuccessfully asked for unanimous consent to either pass or formally vote on three bills to delay or prevent updates to the process used by law enforcement to get a warrant to hack suspects' computers.
“We simply can’t give unlimited power for unlimited hacking,” Daines argued.
But the bid to prevent the imminent changes to Rule 41 ended quickly. After Wyden spoke, Majority Whip John Cornyn (R-Texas) immediately objected to all three bills, without waiting to hear from Coons and Daines.
But Cornyn alone can't be blamed for this outcome. A vast majority of senators did nothing to prevent the proposed changes from becoming law -- even though the decision has been in their hands since the Supreme Court's approval in April.
The FBI and others will be able to take advantage of the removal of jurisdictional limits to search computers anywhere in the world using a single warrant issued by a magistrate judge. It will also be granted the same power for use in the disruption of botnets -- in essence, searches/seizures of devices owned by US citizens suspected of no wrongdoing.
Cornyn, who prevented any debate over the "updates" to Rule 41, seems closely aligned with the DOJ's views -- that these changes will have "little effect" on civil liberties because the FBI, etc. "will still have to get a warrant."
Sure, warrants are still involved, but the scope of what can be accessed with a single warrant has been expanded greatly. And the DOJ has yet to explain how it's going to prevent law enforcement agencies from shopping around for the most compliant magistrates, now that they're not required to perform searches in the issuing court's jurisdiction. The DOJ also hasn't adequately explained what sort of notification process it will use when performing its botnet cleanups.
What it has done, however, is issue a statement saying the ends justify the means.
In an effort to address concerns, U.S. Assistant Attorney General Leslie Caldwell wrote a blog post this week arguing that the benefits given to authorities from the rule changes outweighed any potential for "unintended harm."
The DOJ wanted fewer restrictions, more power, and the opportunity to treat any appearance of anonymization software as an excuse to deploy these newly-granted powers. The Senate -- for the most part -- gave it everything it wanted by doing nothing at all to stop it.
26 Comments | Leave a Comment..
Posted on Techdirt - 1 December 2016 @ 11:52am
Albert Gidari of Just Security/Center for Internet and Society has been looking into the US Courts' wiretap reports for 2014 and 2015. The problem with these reports is that nothing adds up. As he wrote for Just Security last year, there's a huge discrepancy between the numbers reported by the US Courts Administrative Office and those reported by the service providers complying with the orders.
These numbers should be much closer than they are. If a wiretap is issued by a court, then the recipient service provider should report being served with one wiretap order. But that's not what has happened. The US Courts AO reported 3,554 federal and state wiretap orders in 2014. Service providers, however, reported receiving 10,712 wiretap orders for that same year.
As Gidari pointed out in 2015 (examining the 2014 wiretap report), there's not much that explains this discrepancy.
The Wiretap Report says “1,532 extensions were requested and authorized in 2014, a decrease of 28 percent.” So even if half of the carrier reported orders were extended once and then treated as separate orders in the carriers’ transparency reports (the Wiretap Report would treat an extended order a single order), the numbers are still off by more than twofold.
The same goes for orders that expired after the end of the reporting period. As Gidari notes, anything not counted by the courts the previous year would show up on next year's report and be negated by the lack of a new order on service providers' reports.
The 2015 Wiretap Report is no better. And the gap appears to be increasing.
The AO now reports that 4,148 wiretaps were authorized in 2015, a 17% increase over 2014. Twentysix of those authorized wiretaps apparently were never installed, and therefore probably do not appear in provider transparency reports. The four major carriers (AT&T, Sprint, Verizon and T-Mobile) reported a total of 11,633 wiretaps in 2015. Thus, provider numbers reflected an increase in surveillance as well, but only by about 8%. So the three-fold delta from 2014 remains while the actual number of wiretaps reported by providers only increased half as much as the percentage increase reported by the AO. That is hard to explain.
As transparency reports from carriers and service providers become even more detailed, the gap in reporting becomes even harder to explain. It could be that carriers count each wiretap installed as another instance, even if it's a dozen accounts targeted with a single order. It could be that, but it's highly unlikely. Facebook -- one of the more recent additions to wiretap reporting -- states it this way in its transparency report.
Facebook reported that it received 296 wiretap orders that affected 399 user accounts in 2015.
While companies are moving towards greater transparency, the US court system seems to be stuck in the same place. There's really only one way to explain this gap containing thousands of "missing" wiretap orders: underreporting by the those handing in numbers to the Administrative Office. Considering the huge potential for misuse and abuse, this apparent underreporting isn't acceptable. The Administrative Office is investigating, but so far has yet to report any results from its digging.
Once again, it seems a reporting process ordered by Congress but left to another agency to enforce (with zero consequences for noncompliance) is resulting in discrepancies between the "official" numbers and those reported by the private sector. It looks and feels just like the FBI's collection of officer-involved shootings: incomplete, inaccurate, and wholly dependent on government entities self-reporting data they'd rather not make public.
10 Comments | Leave a Comment..
Posted on Techdirt - 1 December 2016 @ 8:35am
If you're having trouble quelling dissent at ground zero, maybe the next move is to limit the coverage. We've already seen local authorities issue arrest warrants for journalists covering the Dakota Access Pipeline protests. Now, we're seeing something more proactive, courtesy of Customs and Border Protection.
Award-winning Canadian photojournalist Ed Ou has had plenty of scary border experiences while reporting from the Middle East for the past decade. But his most disturbing encounter was with U.S. Customs and Border Protection last month, he said.
On Oct. 1, customs agents detained Ou for more than six hours and briefly confiscated his mobile phones and other reporting materials before denying him entry to the United States, according to Ou. He was on his way to cover the protest against the Dakota Access Pipeline on behalf of the Canadian Broadcast Corporation.
Welcome to the Constitution-Free Zone, Canadians! Whatever protections you might have on your side of the border matter just as little as the protections we have on our side. You have to travel ~100 miles inland before your rights are respected. For Ed Ou, this meant a lengthy detention and an attempted strip search of his electronics -- all before being told he wasn't going any further than the Canadian border. From the letter the ACLU sent to the CBP demanding a few answers [PDF]:
After Mr. Ou applied for admission to the United States at the Vancouver airport, he was redirected to secondary inspection, where he clearly identified himself as a journalist. CBP officers nonetheless detained him for more than six hours and subjected him to four separate rounds of intrusive interrogation. The officers questioned him at length about his work as a journalist and his prior professional travel in the Middle East. They also questioned him extensively about dissidents and “extremists” whom he had encountered or interviewed as a journalist. Mr. Ou answered the agents’ questions fully and forthrightly and explained many times that he was a journalist whose credentials and background could be verified easily. The officers declined to inspect his press credentials.
CBP officers also conducted an unduly intrusive search of Mr. Ou’s belongings. In the course of this search, they made photocopies of his personal papers, including of pages from his handwritten personal diary. They also confiscated, examined, and searched—or at least attempted to search—his mobile phones. The CBP officers asked Mr. Ou to unlock the three mobile phones he carries to enable him to communicate in different locations worldwide. When Mr. Ou declined with an apology, citing his ethical obligation as a journalist to protect his newsgathering materials, including his confidential sources, the officers removed the phones from Mr. Ou’s presence. When the officers returned the phones to him several hours later, it was evident that their SIM cards had been temporarily removed because tamper tape covering the cards had been destroyed or altered.
The CBP's statement in response to journalists' questions is nothing more than the expected assertion that these actions were all within its rights. As it points out, anyone arriving in the US is subject to additional searches, which can encompass the contents of their electronic devices. The CBP generally has to have an articulable reason (but not anything rising to the level of "suspicion") to do this, but a large majority of these intrusive searches go unchallenged and chanting "national security" -- as the CBP does here -- tends to make most complaints evaporate.
“Keeping America safe and enforcing our nation's laws in an increasingly digital world depends on our ability to lawfully examine all materials entering the U.S.,” the statement said.
The CBP, however, seems less sure of its reasons for detaining the photojournalist. One agent said Ou was a "person of interest" wanted by an unnamed law enforcement agency, while another said his "person of interest" status had nothing to do with his detainment. That same officer also told Ou that his refusal to unlock his phones wasn't going to help convince the CBP that he should be let into the country.
It did, however, scare up some paperwork citing a nonexistent legal authority for its refusal to admit him into the US.
The officers did provide Mr. Ou with a Form I-275 Withdrawal of Application for Admission stating that he had been found inadmissible pursuant to Section 212(a)(7)(A)(I)(I) of the Immigration and Nationality Act (“INA”). However, that is not a valid citation to the INA; indeed, the cited subsection does not exist. Section 212(a)(7)(A), moreover, pertains to those who seek admission as “immigrants”—persons intending to reside permanently in the United States. Mr. Ou plainly was not seeking admission as an “immigrant,” and neither the Form I-275 nor the questions the CBP officers asked Mr. Ou suggested any basis for concluding otherwise.
The ACLU's letter goes on to point out that the CBP now has copies of data it perhaps acquired illegally and should make an immediate effort to destroy/purge anything it collected during its chilling little fishing expedition. It also asks that the CBP cough up the real reason it decided to detain Ou and search his devices, considering those performing the search couldn't be bothered to come up with a coherent legal theory or an applicable statute to justify the intrusion.
This Constitutionless free-for-all at the borders is already a concern for US citizens, especially as the term "border" includes anything 100 miles inland. It's even more of a concern for journalists -- whether US citizens or not -- who can be prevented from covering controversial events for apparently wholly imaginary reasons.
Read More | 71 Comments | Leave a Comment..
Posted on Techdirt - 1 December 2016 @ 3:25am
Contained in a long list of rights violations allegedly perpetrated on activist Matt Akins is a very interesting First Amendment claim. It's not that Akins' claim is particularly interesting. It's that the court's decision on that issue seems completely wrong.
Akins is no stranger to arrests and interactions with law enforcement.
Akins runs the Facebook page Citizens for Justice, which publishes videos of police on duty and often criticizes and scrutinizes police practices. He used to publish on a website.
Among Akins’ encounters with police in which he alleges his rights were violated is a driving while intoxicated checkpoint that led to a felony gun charge. At the checkpoint, Hughes ordered him out of the car and found a handgun in Akins’ waistband. Though it was legal for Akins to conceal the gun in his car, he had no concealed carry permit, and Hughes arrested him. The suit has alleged that Hughes created the crime by making Akins get out of the car. But the officers have argued at the district court level that Akins could have told Hughes about the gun before exiting the vehicle.
There also was a June 2010 traffic stop in which Schlude pulled Akins and two other men over and searched the car without consent, according to the brief. Akins had a rifle in the car he legally owned, and when Schlude put it back in the car, he told Akins “that having a 10/22 rifle in his car could result in his summary execution by an officer that felt concerned for his safety by a firearm being in the vehicle and that a jury would acquit the officer of his homicide due to officer safety concerns,” according to the brief.
His 80-page petition [PDF] to the Eighth Circuit Court of Appeals hopes to overturn summary judgment in favor of the defendants, who all saw Akins' claims dismissed under qualified immunity. But his First Amendment claims were also dismissed by Judge Nanette Laughrey, using some very dubious precedent.
Akins also argues that he was retaliated against when he was stopped from filming a citizen in the Police Department lobby in 2011; his links to the Citizens for Justice page were removed from the Police Department's Facebook page in the summer of 2011; and he was excluded from a Police Department Media Training Day in October 2015. None of the individual Defendants participated in these incidents, and as discussed above, the City cannot be liable under § 1983 on a respondeat superior theory. Moreover, Akins points to no unconstitutional municipal policy or custom. Further, he has no constitutional right to videotape any public proceedings he wishes to. See Rice v. Kempker, 374 F.3d 675, 678 (8 Cir. 2004) ("[N]either the public nor the media has a First Amendment right to videotape, photograph, or make audio recordings of government proceedings that are by law open to the public."), and Wis. Interscholastic Ath. Ass'n v. Gannett Co., 658 F.3d 614, 627-628 (7 Cir. 2011)
Two of the three claims have little legal merit. The Police Department is free to remove links from its official Facebook page without crossing the line into censorship and there's nothing in the First Amendment that forces the PD to open up its "media training day" to every member of the public. The second citation deals with Gannett News Service protesting a Wisconsin school's decision to provide coverage exclusivity to one of Gannett's competitors. As the court noted then, there's nothing in the First Amendment that prevents public institutions from entering into exclusive broadcast contracts.
Other courts considering exclusive broadcast agreements between a government entity and a private party have universally, as far as we can tell, reached the same conclusion. Gannett, at least, has shown us no case where an exclusive broadcast agreement has been invalidated on First Amendment grounds.
This handles the "Media Training Day" part of the complaint. But the last of three First Amendment claims -- that Akins was told to stop filming in the Police Department's lobby -- is handled much more questionably. The court cites Rice v. Kemper, asserting that there is no First Amendment right to record government proceedings in public areas. The precedent cited is apples-to-oranges, comparing an open lobby where the public is free to come and go with few restrictions to a death penalty execution, where the public's access to a "government proceeding" is considerably more limited.
Because we hold that neither the public nor the media has a First Amendment right to videotape, photograph, or make audio recordings of government proceedings that are by law open to the public, we find it unnecessary to decide whether executions must be open to the public. While Richmond mandates that criminal trials be open to the public, no court has ruled that videotaping or cameras are required to satisfy this right of access. Instead, courts have universally found that restrictions on videotaping and cameras do not implicate the First Amendment guarantee of public access.
Based on the overwhelming weight of existing authority, as well as on our general understanding of First Amendment principles, we hold that the Media Policy banning the use of video cameras and other cameras in the execution chamber does not burden any of New Life's First Amendment rights.
As Akins' filing points out, Judge Laughrey's reliance on a case involving the more limited First Amendment rights afforded to those attending criminal proceedings is misplaced. An open lobby of a police department is simply not comparable to a jury trial or an execution.
In Akins the CPD Lobby was open 24 hours a day, was the designated point where citizens were the file a misconduct complaint/petition the government for a redress of grievances. Contained a “Media Advisory” book on 24 hour arrest reports and information displays and handouts for the public. In addition, it contained a memorial to fallen Officer Molly Bowden. Memorials are designated points where people gather to remember and pay tribute to a particular person or event. Akins assisting Marlon Jordan by documenting his filing of a police misconduct complaint is consistent with the protections of the 1st Amendment. The order of the CPD employee acting pursuant to Chief Burton’s policy that the CPD Lobby was not a traditional public forum and filming not permitted is insufficient to change the nature of this traditional public forum into something else and violated Akins 1st Amendment Rights in the end of the summer 2011.
Citing the First Circuit's Glik decision, Akins points out that the filming of public officials in public areas is protected by the First Amendment.
The filming of government officials engaged in their duties in a public place, including police officers performing their responsibilities, fits comfortably within these principles. Gathering information about government officials in a form that can readily be disseminated to others serves a cardinal First Amendment interest in protecting and promoting “the free discussion of governmental affairs.
Filming another citizen filing a complaint may encroach on that person's privacy, but no more so than standing within hearing distance would. If the police were concerned about the complainant's privacy, officers always had the option to handle this interaction somewhere other than the lobby, rather than tell Akins to stop recording. The lobby of a police station is one of the only areas of the building truly open to the public and what happens within that area should be treated no differently than anything happening outside the door on the sidewalk. Applying a decision that invokes the more limited access afforded to attendees of criminal proceedings does no favors to the First Amendment and encourages public officials to deter citizens from recording in public areas.
If the Eighth Circuit Court does agree to review this case, it will be digging into a large number of potential rights violations. Whether or not it will find time to reaffirm citizens' right to record public officials in public places remains to be seen. It seems unlikely that the Appeals Court will overturn any immunity granted to the defendants, but it hopefully may take a second look at what appears to be an erroneous -- and potentially-damaging -- First Amendment conclusion.
Read More | 11 Comments | Leave a Comment..
Posted on Techdirt - 30 November 2016 @ 2:38pm
An interesting ruling [PDF] has been handed down by the Seventh Circuit Court of Appeals on the warrantless use of Stingray devices to locate individuals. Wisconsin police used an IMSI catcher to track down Damian Patrick for a parole violation. He was arrested while sitting in a car on a public street.
Multiple factors played into the court's decision, which found that using Stingrays without a warrant to locate people was not a Fourth Amendment violation. But it's not quite as simple as it might first appear to be. Complicating things were the circumstances of the arrest and arguments raised in Patrick's suppression request.
Patrick argued that the location tracking warrant (not a search warrant) was invalid. First, the tracking warrant made no mention of the Stingray the police used to locate him. Second, he argued that his personal location was not "contraband or the proceeds of a crime," making his location "off limits" to the Wisconsin PD's investigatory efforts. The court disagrees.
That sounds like an attempt to resurrect the “mere evidence” doctrine that the Supreme Court disapproved in Warden v. Hayden, 387 U.S. 294 (1967). Hayden authorized the use of warrants to get evidence to locate a wanted person. See also Steagald v. United States, 451 U.S. 204 (1981) (search warrant to enter house to look for person to arrest).
Police were entitled to use a warrant to obtain data that would help them track down Patrick’s location. Indeed, they were entitled to arrest him without a warrant of any kind, let alone the two warrants they had. United States v. Watson, 423 U.S. 411 (1976), holds that probable cause alone is enough for an arrest in a public place.
That statement, though, only refers to the arrest warrant. There's the matter of the location tracking warrant -- which only specified the use of "cell phone data," not a cell tower spoofer. That isn't addressed until later in the decision, but in terms of locating Patrick, the court feels his public location (parked on a city street) diminishes any expectation of privacy in his location. Once eliminated by the court's reasoning, it no longer matters what method the police used to locate him, at least according to the majority.
Probable cause to arrest Patrick predated the effort to locate him. From his perspective, it is all the same whether a paid informant, a jilted lover, police with binoculars, a bartender, a member of a rival gang, a spy trailing his car after it left his driveway, the phone company’s cell towers, or a device pretending to be a cell tower, provided location information. A fugitive cannot be picky about how he is run to ground. So it would be inappropriate to use the exclusionary rule, even if the police should have told the judge that they planned to use a cell-site simulator to execute the location warrant.
The appeals court never addresses whether or not the use of a Stingray constitutes a search. It weighs it against precedent in terms of call records and GPS tracking devices, and concludes that neither of those constitute a search either. (Although it does grant that the Supreme Court's Jones decision raises questions partially related to Stingray deployment -- like how long the device was in use and how precise the location data collected was.)
The government, however, conceded that it was a search ("for the purposes of this litigation"), but argued the lack of information about the device on the affidavit did not make the tracking warrant invalid. The court agrees and finds no reason to suppress the evidence. As it sees it, where Patrick was found is more important than how he was found. In the eyes of the majority, there was no privacy violation and Patrick doesn't have standing to challenge the government's search on these grounds.
We can imagine an argument that it will often be unreasonable to use a cell‐site simulator when phone company data could provide what’s needed, because simulators potentially reveal information about many persons other than the suspects. (The contrary argument is that data from simulators is current, while data relayed through phone companies’ bureaucracies may arrive after the suspect has gone elsewhere.) But if the problem with simulators is that they are too comprehensive, that would not lead to suppression—though it might create a right to damages by other persons whose interests were unreasonably invaded. Patrick is not entitled to invoke the rights of anyone else; suppression is proper only if the defendant’s own rights have been violated.
The court goes on to point out that no other appeals court has handled the issue of the constitutionality of Stingray searches… and that it's not interested in being the first to do so.
Questions about whether use of a simulator is a search, if so whether a warrant authorizing this method is essential, and whether in a particular situation a simulator is a reasonable means of executing a warrant, have yet to be addressed by any United States court of appeals. We think it best to withhold full analysis until these issues control the outcome of a concrete case.
The dissenting opinion, written by Chief Judge Diane Wood, runs far longer than the majority's opinion. Wood raises several questions about the assumptions made by the court. First, Wood points out the government has been willing to engage in very dubious practices just to keep the existence and use of Stingray devices secret.
This is the first court of appeals case to discuss the use of a cell‐site simulator, trade name “Stingray.” We know very little about the device, thanks mostly to the government’s refusal to divulge any information about it. Until recently, the government has gone so far as to dismiss cases and withdraw evidence rather than reveal that the technology was used.
Because of this, no one other than the law enforcement agents who deployed the device know exactly how it was operated and what it collected. The DOJ guidance quoted in the majority opinion does not provide any details on device usage or capabilities -- only that it has recommended the use of search warrants going forward by DOJ components. There is nothing in it that declares this guidance should be followed by local law enforcement agencies.
Wood points out that software packages for Stingray devices expand their capabilities significantly, allowing them to intercept communications as well as location data. Because the government on all levels refuses to discuss Stingray deployments, the court is left to assume all it did was scoop up location data. But that assumption may be incorrect, and if so, the government has zero interest in correcting the record.
In this case, the location warrant authorized only methods of fixing Patrick’s location that involved gathering information that would reveal his phone’s connection with cell‐ phone towers. The Supreme Court has recognized that a search of cellphone data requires a warrant. See Riley v. California, 134 S. Ct. 2473, 2494–95 (2014) The authorization of the collection of location data cannot be expanded to permit a search of the con‐ tents of Patrick’s cell phone. If the Stingray gathered information from the phone that went beyond his location, such a “search” of his phone would have been unauthorized, and suppression of the additional information (which might have pinpointed Patrick’s location) would likely be required.
Not only would the Supreme Court's Riley decision be implicated by this interception, but Title III (which controls wiretap use) would be as well. But, once again, the court is forced to assume the only thing collected was location data because that's all the government is willing to confirm. The government asserts that the Stingray collected nothing more than the same records it could have obtained without a warrant directly from service providers, albeit not in real time. However, there is seemingly no way to verify this as the government has refused to provide more details.
We are in all likelihood not looking at two interchangeable tools for gathering exactly the same information. If the facts ultimately show that the MPD had gathered the identical information in the same manner that Sprint would have used, I would concede that there is no problem. In such a case, the only difference between using the Stingray and obtaining the information from Sprint would be who gathered the information.
We do not know whether the warrant’s authorization of Sprint to “initiate a signal to determine the location of the subject’s mobile device on the service provider's network or with such other reference points as may be reasonable available” also describes the working of the Stingray that was used. If so, perhaps all is well. If the Stingray works in a different manner—for instance, by forcing the cell phone to transmit location data housed inside the cell phone rather than using a signal to locate the cell phone on the Sprint network—it might not.
The dissenting opinion also finds the majority's reasoning that the probable cause to arrest -- along with the defendant's public location -- excuses the lack of information in the warrant specifying the use of a Stingray device.
I recognize that Strieff contains language that could be stretched to suggest that a warrant’s existence, regardless of the actual causal chain, is sufficient attenuation. But elsewhere in the opinion the Court emphasized not only that the “warrant was valid” and “predated [the officer’s] investigation,” but also that it “was entirely unconnected with the stop,” and that the officer’s decision to arrest the defendant was “a ministerial act that was independently compelled by the pre‐existing warrant.”
Here, the use of the Stingray led to the arrest, and neither the arrest nor the search was a ministerial act. It oversimplifies Strieff to focus solely on whether an intervening circumstance can be identified. That is important, but it is not enough by itself. Strieff, like all attenuation cases, also rests on two other factors: (1) the “temporal proximity” between the potentially unlawful action and the “search,” and (2) the culpability of the police misconduct. Id. As in Strieff, the relative temporal proximity in our case between the potentially illegal conduct and the search weighs against attenuation. But unlike the situation in Strieff, the facts here do not permit us to say that the MPD’s conduct was merely negligent: the police knew what they were doing. Purposeful evasion of judicial oversight of potentially illegal searches is exactly the kind of “police misconduct … most in need of deterrence.”
This decision is mostly a punt by the appeals court. It routes around most of the Fourth Amendment implications by relying heavily on the arrest warrant rather than the location warrant. The majority raises few challenges to the government's assertions about its Stingray use and obviously feels the issues it avoided dealing with here would be better dealt with anywhere but in its courtroom. While it is true there were any number of ways the police could have located Patrick, the fact is it used a Stingray device -- one it didn't disclose in its warrant request -- to do so. The decision to give the government a pass only encourages the culture of secrecy surrounding the use of cell tower spoofers.
Read More | 13 Comments | Leave a Comment..
Posted on Techdirt - 30 November 2016 @ 10:42am
The reason there are so many controls and layers of oversight over wiretap warrants is because the potential for abuse is huge. The FBI abused its wiretap authority for years, which resulted in new restrictions for federal wiretap warrants. The DEA has found a way to route around these, but at the expense of its investigations.
At the state level, the vetting doesn't appear to be as thorough. An insider who knew the weaknesses in the system abused wiretap warrants to perform some very personal surveillance.
A high-ranking prosecutor in the Brooklyn district attorney’s office was arrested this week on charges that she used an illegal wiretap to spy on a police detective and one of her colleagues in what a law-enforcement official described as a love triangle gone wrong.
The prosecutor, Tara Lenich, was taken into custody on Monday and fired after investigators in the district attorney’s office learned over Thanksgiving weekend that she had conducted the illicit surveillance because of “a personal entanglement between her and the detective,” according to the law enforcement official, who spoke on the condition of anonymity because of the delicate nature of the case.
Give the wrong person enough power and they're sure to abuse it. Lenich forged judges' signatures repeatedly to extend her very personal wiretap warrant every 30 days. This allowed her to illegally eavesdrop on conversations for nearly a year. She ducked questions about her wiretap by claiming she was working on a sensititive investigation in conjunction with the NYPD Internal Affairs department.
As defense lawyer Wilson A. LaFaurie points out, a system heavily-reliant on signatures raises some questions about the trustworthiness of that system.
“The public should have a tangible fear of this,” Mr. LaFaurie said. If prosecutors were willing to forge a judge’s signature, he said, they could also potentially manipulate evidence for other cases by forging the signatures of witnesses, crime victims or police detectives.
At least in the cases of the judges whose signatures were forged, those can be verified by asking the judges themselves. In some of the hypothetical cases LaFaurie refers to, there may be no one to ask.
The most disheartening part of this mini-debacle is the responses from the district attorney's office. The spokesman for the office says an internal review of protocols and guidelines is underway, but says nothing about digging through Lenich's cases for other possible misconduct. The best protocols and procedures may already be in place, but that's not going to stop someone determined to abuse their power. And there's no way to confirm they haven't abused this power in the past if you're not willing to examine their body of work.
Lenich's lawyer's statement is even worse, although it can be partially forgiven as he's not acting as an agent of the state.
Gary Farrell, Ms. Lenich’s lawyer, said he did not believe there was “any merit to the claims that these charges somehow impugn wiretaps for other cases.”
Actually, it does impugn wiretaps for other cases, especially in cases overseen by his client. Her lawyer says there's nothing to see here, which is fine in terms of advocating for a client. But the DA's office seems to hold the same opinion, which is much more worrisome. Whenever abuse is uncovered, the usual response is to treat it like a unicorn, rather than possibly a leading indicator of malfeasance yet to be uncovered.
Then there's this:
Mr. Farrell said Ms. Lenich was well known and well liked in Brooklyn legal circles and had a reputation for fairness and professionalism.
Well, not so much now. All it takes is one severe, felonious abuse of the system to undo all of that goodwill and cause collateral damage to the reputation of the office she served.
Read More | 22 Comments | Leave a Comment..
Posted on Techdirt - 29 November 2016 @ 2:45pm
A public records request is seemingly behind the Mississippi state legislature's speed decision to make even more legislative documents exempt from public records laws.
Mississippi Today asked for copies of the state's already-signed contract with EdBuild. The nonprofit company was handed $250,000 to begin working on an overhaul of the state's "Adequate Education Program" [how inspiring!], which determines school funding. Seems like the sort of thing that would be of interest to the public.
The state legislature doesn't agree its constituents should have any background information on something affecting the schools they send their children to.
Faced with a public records request from Mississippi Today for the state’s contract with EdBuild, a legislative committee voted Tuesday to adopt a new policy mandating that all contracts it approves be confidential.
The House Management Committee, which approves contracts entered into by the House of Representatives, used a voice vote to pass the policy, which states “All contracts entered into by the House Management Committee shall be confidential and shall not be released to any person or entity, except as specifically directed by the House Management Committee only when the committee deems necessary for the execution of the contract.”
Apparently just knowing its money is being spent should be good enough for the state's residents. All other details are best left in the hands of those deciding how the public's money will be spent. The public is being thrown a belated bone with a comment period that arrives after the contract has already been approved. Comments at the one-hour meeting are limited to three minutes each and commenters will have zero information work with.
This wasn't the vote the committee was supposed to engage in. The session in which the new restriction was passed was originally supposed to be used to discuss whether or not the legislature would release the contract to Mississippi Today. Rather than decide the fate of a single set of documents, the legislature granted themselves a broad exception to public records law.
In Mississippi, that's something the legislature is allowed to do.
Before the policy was passed, the Legislature essentially controlled its own rules about which records are public and which are not. The Mississippi Public Records Law says nothing in the law “shall be construed as denying the Legislature the right to determine the rules of its own proceedings and to regulate public access to its records.”
So much for transparency and accountability. Instead, Mississippi residents are asked to blindly trust their representatives. According to one legislator quoted in the piece, the only thing the state's public records law actually can pry loose from representatives is travel records.
Many legislators seem to prefer an uninformed electorate. This allows them to push their own agendas, rather than those of their constituents. Every few years, an appearance of caring is projected as voters are courted, but as soon as they're back in office, the only input they appear to want is monetary.
Contract information -- especially on awarded contracts -- should not be considered a de facto secret. The public deserves to know how its money is being spent. As it stands in Mississippi, the public is only going to be told its money is being spent. Everything else is just none of their business.
25 Comments | Leave a Comment..
Posted on Techdirt - 29 November 2016 @ 11:53am
Trademark protection is use-it-or-lose-it. A company with a possibly-legitimate claim to the trademarked term "Dropbox" thought it could just sit idly by while another company put the term to use, hoping to capitalize on that company's success later. In the end, the lack of enforcement efforts cost it its infringement claims. Here's the backstory, from Tucker Chambers of DuetBlog. (h/t Rebecca Tushnet)
Dropbox filed a trademark application to register the DROPBOX mark in 2009, but was hit with a flurry of oppositions by other companies such as Officeware, the owner of the FilesAnywhere service, Yousendit, Inc. (which has changed its name to Hightail), and others. Dropbox was ultimately successful on those oppositions and obtained its trademark registration for DROPBOX in 2014. Thru did not file an opposition to Dropbox’s 2009 trademark application.
Last year, Dropbox filed a lawsuit against Thru, seeking declaratory relief that its use and registration of the DROPBOX trademark does not infringe upon Thru’s purported trademark rights. Thru counterclaimed for trademark infringement, alleging that it had priority to the DROPBOX mark based on use as early as May 2004, and that Dropbox did not start using its DROPBOX mark until 2008. Later in proceedings, Dropbox moved for summary judgment on Thru’s counterclaim. Dropbox argued that Thru’s claim was barred by the doctrine of laches because Thru unreasonably delayed in making its claim and this delay prejudiced Dropbox.
Thru's product -- and registered term -- "Thru Dropbox" might have kept Dropbox from being called Dropbox. But rather than move forward when it first became aware of Dropbox's entry into the market, Thru decided it might be more profitable to act as a trademark squatter.
Thru first tried to claim that it had no idea Dropbox was entering the market and remained unaware of this fact until 2011. It didn't even start moving to enforce its trademark until three years after that. The court found this claim unbelievable considering both businesses were operating in the same file-sharing market and Dropbox, by 2011, already had 40 million users.
The court found Thru's claims LITERALLY unbelievable once company emails discussing Dropbox were made public during discovery. The moral: if you refer to your trademark registration as a "lottery ticket" in corporate emails, you're likely going to find out it isn't a winning one. From the decision [PDF]:
In an interrogatory response verified by Thru CEO Lee Harrison, Thru stated that “Thru‟s directors and management first became aware of Dropbox, Inc., and its use of DROPBOX in mid- 2011” and that “Thru‟s directors and management is not aware of any employee that was aware of Dropbox, Inc. and its use of DROPBOX at any earlier date.” Ex. 40. Record evidence shows that this is not the case. On June 9, 2009, Thru‟s Chief Technology Officer sent an email to the Harrison, as well as other officers, informing them about Dropbox, which offered another service “to sync the files across computers.” Ex. 42. On June 15, 2009, the CTO wrote again, asking “[a]re we ok with web-only write only dropbox or we will need [sic] something like getdropbox.com2 ? They are very prominent in Mac community.” Ex. 43.
In a sworn deposition, Harrison nonetheless insisted again that he had never heard of Dropbox before the summer of 2011, at which point Dropbox had 40 million users. When confronted with the CTO‟s 2009 emails, however, Harrison conceded that his interrogatory response had been “false.” In light of this evidence, Harrison‟s continued assertion that “[Dropbox] did not get [his] attention until 2011” is simply not credible.
The evidence on the record shows Thru was discussing Dropbox's entry into the market as early as 2009. But it refused to move in opposition of Dropbox's use of the term because Thru execs thought delaying this action might be the more profitable move. Thru sat on its hands for four years, hoping for a bigger payout.
Finally, and perhaps most significantly, the record belies Thru‟s explanation for the reason behind its delay. Dropbox points to numerous documents that indicate that, in fact, Thru‟s delay was a deliberate attempt to maximize the value of its claims by leveraging an anticipated initial public offering from Dropbox. Thru had been explicitly contemplating a lawsuit concerning its trademark rights at least since February 2012, when Harrison wrote in an email to an investor: “New development turns out we own the term Dropbox . . . Our IP attorney is talking to Dropbox‟s attorney about buying the name from us . . . They raised 250M in October 2011 at 1B value. . . . An action could be had soon.” Ex. 47. Harrison repeatedly in emails described Thru‟s claim as a “lottery ticket.” Ex. 54 (discussing whether “a portion of the staff [had] no skin in DB lottery ticket game”); Ex. 62 (“Dropbox will be a lottery ticket.”).
In October 2013 Harrison wrote that “My call is [Dropbox] want[s] us to file a lawsuit and treat us like [Officeware] so they can quietly dispose of this matter anytime they want to . . . The best leverage we have is to sit tight and wait to the IPO announcement and be prepared to file suit that day and make as much noise as we can about it.” Ex. 51; see also Ex. 57 (“If we wanted to be the first to file we should have done that last year. Time is on our side not theirs. Slow walking this to [Dropbox‟s pre-IPO] S1 filing is all that is important.”). In his deposition, Harrison confirmed that he had felt that a pending IPO “was a leverage point,” that “it would be tough for them to file without clear title” to their trademark, and that accordingly Dropbox “would come to us eventually and settle with us.”
Yeah, you can't "slow walk" your IP protection. Thru thought it could get a cut of those sweet, sweet IPO dollars. Instead, it's on the receiving end of declaratory judgment, collecting a fat payment of $jack.
Read More | 10 Comments | Leave a Comment..
Posted on Techdirt - 29 November 2016 @ 9:37am
On the other hand, who needs to wait for the Rule 41 changes to kick in?
In January, Motherboard reported on the FBI's “unprecedented” hacking operation, in which the agency, using a single warrant, deployed malware to over one thousand alleged visitors of a dark web child pornography site. Now, it has emerged that the campaign was actually an order of magnitude larger.
In all, the FBI obtained over 8,000 IP addresses, and hacked computers in 120 different countries, according to a transcript from a recent evidentiary hearing in a related case.
No need to sit back and wait for the DOJ's proposed Rule 41 changes -- including the stripping of jurisdictional limitations for search warrants -- to default their way into adoption on December 1st. This worldwide search, performed under the authority of a single warrant issued by a single judge in Virginia, is just the FBI acting first and asking for
forgiveness codification later. From the day two transcript [PDF]:
Every time Your Honor grants a discovery request and we get new information, it's like -- to use an appropriate metaphor, like peeling an onion. There's just another layer of fact there that we did not know about. I mean, we did not know this was a truly global warrant before. There are 120 countries and territories listed outside the United States that the FBI hacked into, and they also hacked into something called a "satellite provider." So now we are into outer space as well.
It's not just the hacking of computers around the world. It's also the FBI's brief stint as perhaps the world's largest distributor of child porn. From the day one transcript [PDF]:
Your Honor, starting with Michaud, and what we know now is there was no discussion of trying to limit the distribution. There were no protocols for these agents for handling or limiting the distribution of child pornography. And the scale of the distribution now went out to at least 120 countries, at least 1 million images. And it is absolutely mind boggling, we have not seen something like this.
And for all the area covered by the investigation -- the number of computers scattered all over the world the FBI sent its NIT to -- there, so far, seems to be very little to show for the agency's efforts. Defense lawyer Colin Fieman:
We have never, in our nation's history as far as I can tell, seen a warrant so utterly sweeping. 100,000 potential targets. Something like 8700 IP addresses captured. At least 1152 open investigations. And now oddly enough only, about 214 arrests.
What's even more disturbing, even if they disagree about the efficacy of some of those methods, we now know from Agent Alfin's recent testimony which we cited, there was absolutely no discussion at the Department of Justice or the FBI about protocols in terms of handling this stuff or whether these methods of limiting, at least limiting the most egregious distribution were viable. Nobody cared.
Fieman quotes an earlier case dealing with the FBI's physical distribution of child porn in hopes of netting some arrests. The FBI actually created a child porn "catalog," mailed it to sting targets, and sent the targets the child porn they requested. The court in that case was not happy with the FBI's actions.
The Court took it upon itself to make these statements, because they were so troubled by it. So first they start "we are aware of the necessity of such tactics" -- in terms of undercover operations and baiting with contraband -- "we are aware of the necessity of such tactics in so-called victimless crimes such as drug offenses, but the use of these methods when victims are actually harmed" -- and they are talking about the children depicted in these images -- "is inexplicable."
And "moreover" -- this is again Sherman, continuing with the quote from 549 -- "the government's dissemination of the pornographic materials could hardly be described as a 'controlled' delivery." Well, if it's not a controlled delivery where they were able to send it to the defendant and it sat in his house, I think for a period of time, several weeks, and they recovered it ultimately, the scale of lack of control and heedless distribution in this case is mind boggling.
Fieman goes on to point out that on top of ignoring Rule 41 restrictions, on top of acting as child porn distribution kingpins, the FBI's prized NIT could have been delivered and executed without the collateral damage caused by the redistribution of illegal pornographic images.
One of the very troubling things here, as you know from the NIT warrant, the authorization allowed the FBI to deploy the NIT and complete their searches in a matter of a fraction of a second, at the time the targets landed on the home page. So they had authorization to collect all the information they wanted before anybody actually got the content…
Instead, the government kept the site live and not only distributed what was already hosted there, but allowed users to upload new images to be shared and redistributed.
[I] don't know the exact quantity, because all we know from the disclosure is 43 new series [of photos/videos]. But during just that window of time that the FBI was running this site, 43 new series. That means things that haven't been seen from the National Center for Missing & Exploited Children were launched onto, uploaded with the assistance of the FBI through their file hosting feature, onto the site, and have now circulated globally and will never be recovered.
So, not only was the FBI unconcerned about Rule 41, but it was also not that worried that it would be contributing to the world's child porn problem during its investigation. And, it should be pointed out that this is the second time the FBI has seized a child porn site only to keep it running. It did the same thing back in 2012, but that one flew almost entirely underneath the judicial radar.
Read More | 32 Comments | Leave a Comment..
Posted on Techdirt - 29 November 2016 @ 8:34am
Manhattan DA Cyrus Vance is still riding James Comey's anti-encryption coattails. Another year passes and Vance still comes to the same conclusions about phone encryption: it's bad for law enforcement and something (legislative) needs to be done to keep the criminal apocalypse at bay.
His opening remarks at a recent cybercrime symposium set the tone:
In my Office alone, 423 Apple iPhones and iPads lawfully seized since October 2014 remain inaccessible due to default device encryption. Approximately 10% of our warrant-proof devices pertain to homicide or attempted murder cases, and 9% to sex crimes. And while we’ve been locked out of approximately 34% of all Apple devices lawfully recovered since October 2014, that number jumped to approximately 42% of the devices recovered in the past three months.
With over 96% of all smartphones worldwide operated by Apple and Google, and with devices running older operating systems rapidly aging out, the trend is only poised to continue. In other words, the risks associated with warrant-proof encryption remain, and are growing.
This is all just Vance's pitch for the 2016 edition of his "Phone Encryption is Bad" report. It's available at the DA's website but you'll have to dig around for it. (Or simply download it using this link.) It's the same things Vance said last year, only with some added bold print surrounding his pitch for legislated backdoors. (All emphasis in the original.)
As illustrated by the San Bernardino domestic terrorist attack in December 2015, as well as by the ever-increasing number of smartphones lawfully seized by law enforcement that cannot be accessed by law enforcement or by Apple, the threat to public safety is increasing rapidly.
This isn't much of a pitch. The FBI fought a long battle seeking a favorable precedential ruling before turning the phone over to a foreign company. The FBI likely believed the phone was as useless as it ended up being (it was a work-issued phone -- hardly the sort of place someone stores incriminating communications), but it wanted something it could take to the next legal battle over encrypted data. The presumed increase to "public safety threats" is never more than a theory -- one that presumes every locked phone contains a wealth of usable evidence.
Vance's push for anti-encryption legislation continues, even as he notes there's very little in terms of precedent for what he's proposing.
Several foreign nations, often spurred by the fear of terrorism, have addressed the question of whether manufacturers and software providers can be compelled to extract data from smartphones that they manufacture or for which they provide software. These nations’ efforts in this endeavor have been halting.
The few legislative efforts he can name are all dead in the water, including a few state efforts that have seen little forward momentum. This leads Vance to the conclusion that the only way to fix this is to make it a federal effort, something that still seems to have little chance of success.
Federal legislation is required to address the problem of smartphones whose contents are impervious to search warrants. Two proposed bills, the Compliance with Court Orders Act, drafted by Senators Richard Burr and Dianne Feinstein, and a bill drafted by our Office, would adequately address the problem.
Elsewhere in the report, Vance details other law enforcement agencies' struggles with encrypted devices. Then he throws out this statement, which makes it clear those fighting device encryption are still unwilling to provide accurate numbers about how often locked phones thwart investigations.
These figures [number of locked devices] are almost certainly artificially low, because law enforcement agents who encounter a locked device in the field often do not have the time to make note of the device before moving on to the next investigative step.
You would think that law enforcement agencies -- those presumably interested in the possibility of legislated backdoors -- would be tracking each and every instance in which encryption is encountered. But Vance's speculation seems to indicate that other law enforcement agencies aren't nearly as troubled by encryption as he is... or that they're just generally kind of sloppy when handling potential evidence.
The entire report presents a world where ever-growing encrypted "darkness" is turning law enforcement agencies into useless extensions of the government. A world where even the best-funded agencies with the access to a variety of tech solutions can be beaten by a consumer communication product. It's not exactly apocalyptic, but it does present the situation as being wholly untenable without the federal government stepping in and kicking open a backdoor.
Vance -- like others who only see mandated backdoors/encryption bans as workable -- also claims tech and law enforcement should work together to create solutions -- a statement that really means tech companies should be more willing to compromise their principles for the greater good of the government.
Read More | 21 Comments | Leave a Comment..
Posted on Techdirt - 28 November 2016 @ 2:40pm
The most famous recording of Albuquerque police in action shows them shooting and killing a homeless man -- a shooting that began as a normal rousting for the crime of "illegal camping." From there, the police turned it into a "standoff" with a cooperative person unsure of which direction to move next out of the very justifiable fear of being shot.
This was just another in a long line of killings by APD officers, not many of which were captured on video. The DOJ issued a report stating that a "majority" of shootings by the city's police officers were "unreasonable and violated the Fourth Amendment."
The police department does have a variety of cameras in its possession, which should have generated a wealth of footage for examination by public records requesters, attorneys, and police supervisors -- just in case they wanted to get a handle on the PD's problematic deadly force usage. The Albuquerque Police Department has shot more citizens than the NYPD since 2010, despite policing a city sixteen times smaller.
The footage of use of force incidents is the PD's best-kept secret. A lawyer representing a family suing the city over the killing of Armand Martin by APD officers was given a copy of footage captured by the police. He was given password-protected files but not the password, despite repeated requests. In addition to representing the widow of Armand Martin, the law firm is now also engaged in an open records lawsuit against the city.
Apparently, the Albuquerque police department doesn't feel the city's doing enough to shield them from accountability. Sure, forcing records requesters to file lawsuits just to see public records is a good deterrent, but the only sure way to prevent incriminating recordings from ending up in the public's hands is to make sure said footage doesn't exist.
This goes far beyond simply tampering with devices or "forgetting" to activate them in crucial situations. According to an affidavit filed by a former police department employee, Albuquerque officers are tampering with the recordings that actually make their way back to the PD's cloud storage.
Three officers’ body camera videos that captured events surrounding the fatal shooting of 19-year-old suspected car thief Mary Hawkes in April 2014 were either altered or partially deleted, according to former police department employee Reynaldo Chavez’s nine-page affidavit.
Another allegation is that surveillance camera video from a salon showing Albuquerque police officers shooting Jeremy Robertson in June 2014 bore “the tell-tale signs that it has been altered and images that had been captured are now deleted. One of the deleted images captured the officers shooting Jeremy Robertson.” Robertson was a police informant and suspected probation violator.
The allegations contained in the affidavit [PDF] show APD officers aren't interested in the accountability that recordings could theoretically create. The former employee stated he had heard a police supervisor discussing making a camera's SD card "disappear." Supervisors also urged officers not to write reports until after viewing captured footage, and if the footage contained "problematic" uses of force, officers were told not to mention the recordings in the report or simply claim the equipment had malfunctioned.
No one from the department wants to go on record about these allegations. The only thing that has been confirmed is that anyone with admin privileges can alter or delete footage using the Evidence.com portal for its cloud storage services. Officers may have had little trouble erasing problematic footage or altering it into uselessness, but it's unlikely they've taken care to scrub Evidence.com activity logs. These are a key part of Chavez's claims and, unlike the recordings discussed here, they're likely still intact.
Chavez's affidavit also claims he was directed to stonewall requests and that city officials were more than happy to blow tax dollars on settlements, rather than turn over requested documents and footage.
In response to IPRA requests related to the deaths of James Matthew Boyd, Jeremy Robertson, and Mary Hawkes, Deputy City Attorney Kathy Levy, and/or a Deputy Chief, told me to deny, withhold, obstruct, conceal, or even destroy records from matters being produced in contravention of IPRA by:
A. telling me that records would not be released without any explanation other than "this won't be released" or words to that effect. Deputy City Attorney Kathy Levy frequently stated simply, "there are items we just will not release and we will just pay the fines or lawsuits."
B. Deputy City Attomey Levy told me to creatively identify an allowable exception to IPRA to withhold production of responsive public records in an effort to "baffle" or frustrate the requestor or otherwise burden them.
C. I was told to arbitrarily delay production of responsive public records without justification supporting such delay and to fabricate reasons to burden requestors with additional requirements when such requirements were not needed…
As we've seen far too often elsewhere, government entities believe transparency and accountability are forms of damage and actively search for ways to route around these obligations to the public. And given the allegations here, it appears the APD has no interest in cleaning itself up, not even with the DOJ looking over its shoulder.
Read More | 33 Comments | Leave a Comment..
Posted on Techdirt - 28 November 2016 @ 10:44am
As a result of a federal judge in Rhode Island taking a second look at an order he hastily granted earlier, Paul Alan Levy of Public Citizen has been able to confirm Richart Ruddie -- the head of an extremely-sketchy reputation management company -- signed off on the forged and fraudulent documents delivered to the court. The documents -- a bogus lawsuit featuring the forged signatures of both the plaintiff and the defendant -- are apparently just part of Profile Defenders' reputation management work.
Nice work if you can get [away with] it. File a bogus lawsuit. "Locate" a bogus defendant. Produce a signed admission of guilt and ask the judge to order search engines to delist the offending content. Cash checks. Repeat until caught.
Richart Ruddie has been caught.
While I was at the courthouse in Providence, I had the chance to talk to the clerk’s office and learned the identity of the process service that brought the forged litigation papers to court. The process server, in turn, when informed that he had filed forged papers, had no compunction about identifying the company which in turn had provided those papers and the company on whose account the check to pay the filing fee had been written. The check was from RIR1984 LLC, the very company with which Rescue One Financial had contracted for services to get Steve Rhode’s critical web pages removed from search engine indexes. The individual signer for RIR1984 on the contract is Richart Ruddie, who, as Eugene Volokh and I reported last month, is apparently responsible for dozens of fake lawsuits around the country. And the go-between was “Annuity Sold,” a company with which Richart Ruddie himself has self-identified.
Levy has now moved to vacate the court order and dismiss the complaint. He's also pursuing legal fees, but something about Ruddie's character (along with his cast of nonexistent libel lawsuit defendants) suggests this attempt may be fruitless. In any event, Ruddie will likely stop filing bogus lawsuits. But he may also find himself facing a federal investigation for his past misdeeds. From the hearing transcript [PDF]:
THE COURT: [...] I am going to have a transcript of this proceeding prepared, and I'm going to order the Clerk to send a copy of the file, all of your filings, as well as the transcript of this proceeding this afternoon to the United States Attorney's office for them to review because it does appear to me, as I said earlier, just at first blush, that there's potentially multiple crimes that have been committed, both fraud and potentially forgery. And various kinds of fraud, I think, are in play here, and so I think it is something that law enforcement should become aware of and investigate.
I'm embarrassed that this order, this consent order, was signed, but it shows you just how, you know, in a busy court, how something like this can happen. But I'm, frankly, if everything that's in here is true, which it appears to be, I'm pretty outraged about it.
That noise you hear in the background is popcorn producers stepping up production. There may be some very interesting developments in the near future. Not only that, but it appears Richart Ruddie isn't the only one engaging in this sort of fraudulent behavior. Pissed Consumer is also asking courts to take a closer look at some suspicious libel lawsuits that have resulted in delisting of its content -- lawsuits that follow the same M.O. as the ones spotted by Levy.
Read More | 14 Comments | Leave a Comment..
Posted on Techdirt - 28 November 2016 @ 3:23am
The DOJ has finally responded to questions posed by several senators about its interpretation of the proposed Rule 41 changes, due to go into effect on December 1st. Arriving shortly before the deadline -- and during the Thanksgiving holiday Black Friday news rush -- the DOJ's letter [PDF] contains a few explanations of its jurisdiction limitation-stripping and roving botnet warrants.
Unfortunately, not much is clarified other than that the DOJ still feels its proposal is nothing more than Rule 41 64-bit -- an update of existing law more in line with today's connected reality. (The DOJ offers no insight on its reluctance to update other outdated laws like the CFAA…) It also appears to believe the Fourth Amendment impact of its "one warrant, thousands of searches" proposal will be minimal and that it will maintain the same level of respect it has shown for privacy protections (also minimal) under the updated rule.
Needless to say, Sen. Wyden and co. aren't impressed by the DOJ's response.
Wyden and Coons were among 11 senators and 12 House members who queried DOJ about the hacking powers expansion last month. The department’s reply, which arrived today, should be “a big blinking warning sign about whether the government can be trusted to carry out these hacks without harming the security and privacy of innocent Americans’ phones, computers and other devices,” Wyden wrote.
The DOJ is still dodging a few questions. One question in particular was completely unaddressed in the DOJ's response. Wyden and his co-signers asked what the DOJ was going to do to prevent forum shopping for compliant judges -- something that would become far more common with jurisdictional limits removed.
The letter does not recount any specific department policies or training that would prevent forum shopping. It does stress police will only be able to seek warrants in districts where activity related to a crime has occurred and that the revised rule uses the same language as existing out-of-district warrant authorities for terrorism cases.
The DOJ either can't answer this or won't answer this. In either case, the lack of response indicates the DOJ isn't interested in preventing law enforcement agencies (like the FBI) from shopping for judges. If there's nothing in place now, it's highly unlikely any guidance will be in place by December 1st. If there is something in place, it's apparently nothing more than a suggestion that law enforcement seek warrants in their own jurisdictions. If the DOJ was truly interested in shutting down forum shopping, it would have begun putting policies in place at any point over the last couple of years while it pursued this "update" of Rule 41.
The letter does say law enforcement agencies won't be able to peek at private files while mucking about the insides of citizens' computers to shut down botnets. But the letter (and the Constitution) both say a lot of things that are great in theory, but less so in practice. Fourth Amendment violations can only be cured by visits to courtrooms, but it's something that's prohibitively expensive and subject to a large number of "GET OUT OF VIOLATION" cards (good faith, plain view, close-but-no-suppression, etc.) issued by presiding judges.
The redux of the changes is still this: if anonymization efforts are made by anyone targeted in a criminal investigation, the FBI, etc. can go find the most compliant judge available to sign off on a single warrant that can be used to search thousands of computers worldwide. It can also do this under the pretext of fighting botnets, performing the same sort of limited search for identifying info, even when all the hundreds or thousands of targets are not suspected of any wrongdoing.
Pretty much the only thing standing between the DOJ's proposal and the December 1st implementation is Congressional members' decision to "opt in" to a shutdown fight -- something the DOJ is clearly hoping won't happen. Wyden's recently-introduced bill would push the adoption back until the middle of next year, but it still requires representatives to express some sort of opinion (yes/no) on rule changes that could easily coast into existence while everyone in Congress is distracted by upcoming holidays and annual budget battles.
Read More | 21 Comments | Leave a Comment..
Posted on Techdirt - 23 November 2016 @ 12:59pm
Unless someone steps up to push this off course, the DOJ's proposed changes to Rule 41 will become law December 1. That's the key part: doing something. All that has to happen is nothing for the changes to become law. The December 1st date plays right into the DOJ's hands, arriving between two major holidays when legislators have other things on their minds, including the annual Congressional fisticuffs over the federal budget.
The DOJ says the changes are no big deal. Just an "update" on outdated laws. Oddly, it's never shown any interest in updating any other outdated laws (like the CFAA) or pushed for a reconsideration of the Third Party Doctrine, which traces back nearly four decades. When it comes to expansions of power, though, it's apparently time for some "updating."
The proposed changes would allow the FBI to hack thousands of computers around the world with a single warrant, much like it already did during two child porn investigations. Unfortunately for the FBI, its warrant is being met with successful challenges because the agency clearly violated Rule 41 jurisdictional limitations.
In addition, the DOJ wants permission to break into "compromised" computers and poke around inside them without the permission or knowledge of the owners of these computers. It also wants to treat anything that anonymizes internet users or hides their locations to be presumed acts of a guilty mind. The stripping of jurisdictional limits not only grants the FBI worldwide access for digital seizures and searches, but also encourages it to go venue shopping for judicial rubber stamps.
Earlier this year, Sen. Ron Wyden introduced a bill aimed at stopping the DOJ's Rule 41 push. Not much has been heard about this bill since, so Wyden (along with Sens. Coons, Lee, Franken, and Daines) has introduced another bill seeking to prevent a "do nothing" approval of expanding hacking/search powers. The "Review the Rule Act" [PDF] is about as succinct as legislation gets. Here's the complete summary of the proposed legislation (via Naked Security):
To delay the amendments to rule 41 of the Federal Rules of Criminal Procedure.
Wyden's earlier bill hasn't gained any traction and the hopes of a complete rejection before December 1st are nearly nonexistent. So, this bill just asks for a little more time to discuss the implications of the changes. This would move the default approval date back seven months to July 1, 2017.
This would allow representatives more time to fully consider the DOJ's proposal, freed from the time crunch of major holidays and annual federal budget discussions. There's far too much at stake to simply allow the DOJ to roll its Rule 41 ball downhill and past a distracted Congress. Many legislators like procrastination as much as they like not doing anything, so signing off on this proposal shouldn't require much effort, mental or otherwise.
Read More | 23 Comments | Leave a Comment..
Posted on Techdirt - 23 November 2016 @ 9:32am
At the beginning of this year, Tamara Fields -- whose husband was killed by ISIS terrorists -- sued Twitter for "providing material support" to the terrorist group. The actions underlying Fields' lawsuit were undeniably horrific and tragic, but by no means provided any sort of legal basis for holding Twitter responsible for actions or speech undertaken by users of its service.
The lawsuit was dismissed in August, with the court pointing to Twitter's Section 230 immunity and the lawsuit's general lack of argumentative coherence. Perhaps recognizing that Section 230 (and common sense) would prevent Twitter from being held responsible for ISIS's terrorist activities, Fields chose to approach the lawsuit from some novel angles. At some points, Twitter "provided material support" by allowing ISIS members to obtain accounts. At other points, it was Twitter's inability to stop the spread of ISIS propaganda that was the issue.
The court invited Fields to file an amended complaint, hoping to obtain a coherent argument it could address with equal clarity. It didn't get it. The amended complaint may be a bit more structured, but the court has again dismissed the lawsuit [PDF] on Section 230 grounds while also addressing the deficiencies of other arguments raised by Fields. (h/t Eric Goldman)
Fields tries to drill down the "provision of accounts" theory: that the ability of ISIS terrorists to obtain accounts somehow amounts to "material support" -- or, in any case, should result in the removal of Twitter's Section 230 immunity. The court says this argument makes no sense and, in fact, invites the court to engage in restriction of First Amendment-protected activity.
Plaintiffs’ provision of accounts theory is slightly different, in that it is based on Twitter’s decisions about whether particular third parties may have Twitter accounts, as opposed to what particular third-party content may be posted. Plaintiffs urge that Twitter’s decision to provide ISIS with Twitter accounts is not barred by section 230(c)(1) because a “content-neutral decision about whether to provide someone with a tool is not publishing activity.”
The court disagrees. There's no way Twitter can act in a "content-neutral" manner and still deny accounts to ISIS members like the plaintiff believes it should. The only way to discover whether an account holder might be a terrorist or terrorist sympathizer is by examining the content they post.
Although plaintiffs assert that the decision to provide an account to or withhold an account from ISIS is “content-neutral,” they offer no explanation for why this is so and I do not see how this is the case. A policy that selectively prohibits ISIS members from opening accounts would necessarily be content based as Twitter could not possibly identify ISIS members without analyzing some speech, idea or content expressed by the would-be account holder: i.e. “I am associated with ISIS.” The decision to furnish accounts would be content-neutral if Twitter made no attempt to distinguish between users based on content – for example if they prohibited everyone from obtaining an account, or they prohibited every fifth person from obtaining an account. But plaintiffs do not assert that Twitter should shut down its entire site or impose an arbitrary, content-neutral policy. Instead, they ask Twitter to specifically prohibit ISIS members and affiliates from acquiring accounts – a policy that necessarily targets the content, ideas, and affiliations of particular account holders. There is nothing content-neutral about such a policy.
The plaintiff, despite amending her complaint, still takes a cake-and-eat-it-too approach when trying to twist ISIS terrorism into a Twitter-enabled activity. The court notes that the new complaint tries to push Twitter's provision of accounts to terrorists as the linchpin of her case, but still spends far more time complaining about Twitter's alleged moderation failures.
As discussed above, the decision to furnish an account, or prohibit a particular user from obtaining an account, is itself publishing activity. Further, while plaintiffs urge me to focus exclusively on those five short paragraphs, I cannot ignore that the majority of the SAC still focuses on ISIS’s objectionable use of Twitter and Twitter’s failure to prevent ISIS from using the site, not its failure to prevent ISIS from obtaining accounts. For example, plaintiffs spend almost nine pages, more than half of the complaint, explaining that “Twitter Knew That ISIS Was Using Its Social Network But Did Nothing”; “ISIS Used Twitter to Recruit New Members”; “ISIS Used Twitter to Fundraise”; and “ISIS Used Twitter To Spread Propaganda.” These sections are riddled with detailed descriptions of ISIS-related messages, images, and videos disseminated through Twitter and the harms allegedly caused by the dissemination of that content.
It is no surprise that plaintiffs have struggled to excise their content-based allegations; their claims are inherently tied up with ISIS’s objectionable use of Twitter, not its mere acquisition of accounts. Though plaintiffs allege that Twitter should not have provided accounts to ISIS, the unspoken end to that allegation is the rationale behind it: namely, that Twitter should not have provided accounts to ISIS because ISIS would and has used those accounts to post objectionable content.
Because of Fields' inability to raise one (possibly) Section 230-dodging argument (provision of accounts) without relying heavily on one that specifically invokes Twitter's immunity, the lawsuit is doomed to fail no matter how many times the complaint is rewritten or how many levels up it's appealed.
In short, the theory of liability alleged in the [complaint] is not that Twitter provides material support to ISIS by providing it with Twitter accounts, but that Twitter does so by allowing ISIS to use Twitter “to send its propaganda and messaging out to the world and to draw in people vulnerable to radicalization.” SAC ¶ 41. Plaintiffs do not dispute that this theory seeks to treat Twitter as a publisher and is barred by section 230(c)(1).
Furthermore, there is nothing at all connecting Twitter to the murders committed by terrorists.
Even under plaintiffs’ proposed “substantial factor” test, see Oppo. at 11, the allegations in the SAC do not support a plausible inference of proximate causation between Twitter’s provision of accounts to ISIS and the deaths of Fields and Creach. Plaintiffs allege no connection between the shooter, Abu Zaid, and Twitter. There are no facts indicating that Abu Zaid’s attack was in any way impacted, helped by, or the result of ISIS’s presence on the social network. Instead they insist they have adequately pleaded proximate causation because they have alleged “(1) that Twitter provided fungible material support to ISIS, and (2) that ISIS was responsible for the attack in which Lloyd Fields, Jr. and James Damon Creach were killed.” Id. at 13. Under such an expansive proximate cause theory, any plaintiff could hold Twitter liable for any ISIS-related injury without alleging any connection between a particular terrorist act and Twitter’s provision of accounts. And, since plaintiffs allege that Twitter has already provided ISIS with material support, Twitter’s liability would theoretically persist indefinitely and attach to any and all future ISIS attacks. Such a standard cannot be and is not the law.
No doubt this decision will be appealed but it's unlikely to find a court willing to cede as much ground on Section 230 as Fields would like it to, even with the series of bad Section 230-related decisions that have recently plagued the California court system.
Read More | 18 Comments | Leave a Comment..
Posted on Techdirt - 23 November 2016 @ 6:27am
All this talk of fake news and the public's apparent inability to be trusted with the task of sorting the real from the bogus has now led to China introducing even more censorship. #MakeSuppressionGreatAgainAlso.
China's ambitions to tighten up regulation of the Internet have found a second wind in old fears - terrorism and fake news.
Chinese officials and business leaders speaking at the third World Internet Conference held in Wuzhen last week called for more rigid cyber governance, pointing to the ability of militants to organize online and the spread of false news items during the recent U.S. election as signs cyberspace had become dangerous and unwieldy.
As if China needed any more shoves in the direction of a more oppressive internet experience for its citizens. Following on the heels of a new "cybersecurity" law that did little to address anything more than the security of the government's self-image, China is now using the garbage-fire-on-wheels that was the 2016 presidential election to criminalize the dissemination of whatever news the government feels is "fake."
Ren [Xialing], number two at the Cyberspace Administration of China (CAC), recommended using identification systems for netizens who post fake news and rumors, so they could "reward and punish" them.
In the context of this sentence, "reward" and "punish" both sound like they have the same definition. Unless the government official is hinting that those spreading fake news stories more aligned with the government's aims will be given… something for their assistance in pushing the party line.
The United States has long been looked to as a free speech ideal, something other countries can strive for in their own governance. But countries opposed to those ideals are watching much more closely, looking for anything that belies the ideals the US government claims to hold dear. So, when President Obama suggests fake news is an actual threat to democracy, countries like China are going to use this to justify further control of citizens' communications and stricter regulation of news sources -- for the "good of the nation."
Fortunately, our own government seems extremely hesitant to get into the "fake news" regulation business, but that's not going to stop other governments from cherry picking dubious claims or statements originating from the "leader of the free world" to support their censorious actions.
34 Comments | Leave a Comment..
Posted on Techdirt - 22 November 2016 @ 2:42pm
Dataminr, the company whose Twitter firehose access has become somewhat of cause celebre on both sides of the privacy fence, is back in the news. After being told it couldn't sell this access to government agencies for surveillance purposes, Dataminr had to disconnect the CIA from its 500 million tweets-per-day faucet.
Twitter was pretty specific about what this buffed-up API could and could not be used for. The CIA's surveillance efforts were on the "Don't" list. This rejection of the CIA's access was linked to existing Twitter policies -- policies often enforced inconsistently or belatedly. What the CIA had access to was public tweets from public accounts -- something accessible to anyone on the web, albeit with a better front-end for managing the flow and an API roughly 100x more robust than those made available to the general public.
The question now is how Twitter defines surveillance.
The FBI will soon be able to search a vast repository of public tweets in real time for hints about potential terrorist attacks and other public-safety crises.
The bureau awarded a sole-source contract to Dataminr, a company that allows customers to churn through Twitter's "firehose," which includes more than 500 million 140-character messages posted daily. Twitter's public API only gives users access to about 1 percent of tweets, according to a FedBizOpps posting.
Now, the question is not whether or not the FBI should have access to publicly-available Tweets. It always will have that access, with or without Dataminr's assistance. The question is whether Twitter believes the FBI is not engaged in the sort of surveillance it disagrees with.
In the context of its Dataminr access, I'm sure the FBI would have preferred to be thought of as a law enforcement agency. Divorced from the API-access context, it has done much in recent years to place itself on the same level as the CIA. It honestly feels it should be given more foreign intelligence gathering powers -- more so than the CIA, which has traditionally handled only foreign-facing operations.
Likewise with the NSA. The NSA's bulk collection orders under Section 215 were obtained in the FBI's name, with the data going directly to the NSA and the intelligence agency "tipping" an unspecified amount of the haul back to the FBI for further examination.
What the FBI is going to engage in with this access will be a form of surveillance, albeit one with very few privacy implications. Twitter has yet to speak up about the recently-awarded contract. It may never do so. It may believe the FBI is primarily engaged in law enforcement, even though the agency rebranded in the midst of the Snowden leaks, emerging as the "national security" agency it apparently felt it always should have been.
The statement issued by Twitter suggests it's only the "surveillance" that bothers them, not so much what each government agency seeking access feels its core mission is. The policy says "government or intelligence agenc[ies]" will be forbidden from purchasing access for surveillance purposes and the FBI certainly can't deny it's a government agency.
It also shouldn't matter which hat the FBI wears when attaching the hose. Twitter yanked Geofeedia's API access after discovering it was selling access to law enforcement agencies all over the US for the purposes of tracking First Amendment-protected activity. Its policies also list "track" and "investigate" as problematic uses of its API -- two things the FBI does often.
Given the agency's long history of engaging in surveillance of protected political activity, it's not much of a stretch to believe the FBI will use Dataminr's tools for the same ends. Then again, Dataminr or no Dataminr, the tweets it's seeking to analyze are already out there where anyone can see them. All the agency is really buying is a hose and a funnel.
14 Comments | Leave a Comment..
More posts from Capitalist Lion Tamer >>