Capitalist Lion Tamer’s Techdirt Profile

capitalisliontamer

About Capitalist Lion TamerTechdirt Insider

List of blogs started with enthusiasm, which now mostly lie dormant:

[reserved for future use]
http://5k500k.wordpress.com

[recently retired]
http://capitalistliontamer.wordpress.com

[various side projects]
http://cliftonltanager.wordpress.com/
http://bl0wbybl0w.wordpress.com/
http://thepenismadeoutofspam.wordpress.com/



Posted on Techdirt - 21 February 2018 @ 7:26pm

Research Paper Links Police Unions To Increased Officer Misconduct

from the more-rights,-more-problems dept

Some research [PDF] has emerged indicating handing officers extra rights results in more citizen complaints. This may seem to be of the "water is wet" research variety, but there's no reason to shrug this off. While most of us can infer that shielding officers from the consequences of their actions would naturally result in increased misconduct, almost all evidence to date has been anecdotal. (h/t Marginal Revolution)

University of Chicago researchers were given the perfect chance to weigh the addition of a collective bargaining agreement against year-to-year complaint totals. Thanks to a 2003 Florida state supreme court decision, Florida sheriff's deputies were allowed to unionize, finally joining their police department counterparts. This gave the researchers a dividing line for a before and after comparison. The results were unsurprising.

We construct a comprehensive panel dataset of Florida law enforcement agencies starting in 1997, and employ a difference-in-difference approach that compares sheriffs’ offices and police departments before and after Williams. Our primary result is that collective bargaining rights lead to about a 27% increase in complaints of officer misconduct for the typical sheriff’s office.

That's an impressive jump and it can be tied to the addition of a collective bargaining agreement. The union's bargaining power secured a lengthy list of extra rights for deputies. While due process should be afforded to everyone, the version of due process citizens make do with contains none of these perks and protections.

[F]lorida provides by statute a Law Enforcement Officer Bill of Rights (“LEOBOR”), which includes a variety of procedural protections for officers facing disciplinary investigations. One provision gives such an officer the right to “be informed of the nature of the investigation before any interrogation begins,” and to receive “all witness statements . . . and all other existing evidence, including, but not limited to, incident reports, GPS locator information, and audio or video recordings relating to the incident under investigation, . . . before the beginning of any investigative interview of that officer” (F.S.A§ 112.532(1)(d)). That is particularly generous given another requirement that “[a]ll identifiable witnesses shall be interviewed, whenever possible, prior to the beginning of the investigative interview of the accused officer” (id.).

And that's not even the whole list of additional "due process" goodies Florida deputies received.

[S]ome Florida CBAs give law enforcement officers the right to challenge any discipline the local government seeks to impose through arbitration or other administrative review, thus depriving the government of the power to make independent disciplinary decisions. Other rights include a time limitation on internal disciplinary investigations, expungement of old records even when the officer is found to have engaged in misconduct, and inspection of investigation files prior to a disciplinary hearing… [A]ll of these additional procedural rights raise the cost of terminating misbehaving officers and thereby lower deterrence.

The researchers note the conclusions aren't definitive. There's no control group to observe and it's tempting to let correlation infer causation. But the research is as thorough as it can be, given the limited dataset. Law enforcement agencies closely guard internal documents on police misconduct. In some states, public records laws make it illegal to release any of these files to the public, forcing researchers to work blind.

But this paper does show there's something wrong with union agreements and has the math to back up the seemingly obvious conclusions. When you give people with power more power and less accountability, abuse is usually the result. Whether the union agreements are responsible for all of the 27% jump in complaints is debatable, but the numbers show the agreements have made policing worse, rather than better.

Read More | 8 Comments | Leave a Comment..

Posted on Techdirt - 21 February 2018 @ 1:31pm

Inspector General For Intelligence Community Buried Report Showing Whistleblower Retaliation

from the to-end-career,-blow-whistle dept

A report by Kevin Poulsen for The Daily Beast shows, once again, that those suggesting Ed Snowden should have used the proper channels to voice his concerns about domestic surveillance are either ignorant or deliberately obtuse.

Just prior to the Snowden leaks, President Obama enacted Presidential Policy Directive 19, which was supposed to prevent retaliation for whistleblowing. It was issued in 2012 and went into force just months before Snowden left the NSA with a trove of documents. However, it did not protect contractors like Snowden. Those protections were added by Congress years later. Not that it really matters. It has been well established those protections are mostly worthless.

Over the past year, there's been a concerted effort to oust Dan Meyer -- the person Intelligence Community whistleblowers are supposed to take their complaints to. Meyer filed his own whistleblowing complaint against the Defense Department, claiming IC officials retaliated against him for exposing waste and misuse of funds. Those gunning for top-level positions in Trump's Intelligence Community have histories of retaliatory behavior against whistleblowers, which would further cement the reputation of the "official channels" as a good way to jettison your career.

According to The Daily Beast, the problem is larger than previously thought. The implementation of PPD-19 hasn't changed anything. Whistleblowers are still facing retaliation or being ignored completely.

The investigators looked into 190 cases of alleged reprisal in six agencies, and uncovered a shocking pattern. In only one case out of the 190 did the agencies find in favor of the whistleblower—and that case took 742 days to complete. Other cases remained open longer. One complaint from 2010 was still waiting for a ruling. But the framework was remarkably consistent: Over and over and over again, intelligence inspectors ruled that the agency was in the right, and the whistleblowers were almost always wrong.

This damning report has never been presented to intelligence oversight nor to the general public. It was buried by the new head of the IC Inspector General's office.

The report was near completion following a six-month-long inspection run out of the Intelligence Community Inspector General office. It was aborted in April by the new acting head of the office, Wayne Stone, following the discovery that one of the inspectors was himself a whistleblower in the middle of a federal lawsuit against the CIA, according to former IC IG officials.

Stone also sequestered the mountain of documents and data produced in the inspection, the product of three staff-years of work. The incident was never publicly disclosed by the office, and escaped mention in the unclassified version of the IC IG’s semiannual report to Congress.

In essence, the IC has no independent oversight. That's not going to prevent whistleblowers from losing their jobs or security clearances. If the oversight is burying reports and withholding findings from its Congressional oversight, then there's really no reason whistleblowers should stick to the proper channels. If the IC wanted to shut down leaks, this was completely the wrong way to handle it. If careers are on the line, IC employees may as well take their complaints to the press, where they'll get heard, rather than to their supervisors or the Inspector General's office.

The numbers quoted in the Daily Beast's report show there's scant chance the Inspector General's office will be of any help to whistleblowers. Even if whistleblowers aren't suffering direct retaliation, the office's ability to "wait it out" prevents whistleblowers from escalating complaints further than the office uninterested in investigating complaints. To move forward, there must be some form of ruling or determination from the Inspector General. Without it, complainants have almost zero chance to seek other remedies, including suing agency officials for workplace retaliation.

The burial of this report by the Inspector General shows the official channels have suffered a perverse form of regulatory capture. The IG is no longer independent. It's owned and operated by the Intelligence Community, highly-deferential to officials who have nothing to gain if whistleblower complaints are sustained. It was arguably worse when Snowden left for Hong Kong. The bad news is it hasn't gotten any better over the last five years.

7 Comments | Leave a Comment..

Posted on Techdirt - 21 February 2018 @ 10:41am

Trump, Nunes Accidentally Undo DOJ's Efforts To Keep Surveillance Docs Under Wraps

from the helluva-an-effort-there,-Trumpy dept

The government's antipathy towards FOIA requesters is well-documented. Our last president declared his White House to be the Openest Place on Earth. This was followed by a clampdown on FOIA responses, huge increases in withheld documents, and a war on whistleblowers. The Trump Administration has made no such promises. Good thing, too, as the uncontrollable mouth running the country would make these promises impossible to keep. We're living in a halcyon era of unprecedented, if inadvertent, government transparency. Whatever multitudinous leakers won't provide, the president will hand over himself via Twitter or televised interviews.

Late last year, Trump handed plaintiffs in two FOIA lawsuits a gift when he undercut an FBI Glomar response ("neither confirm nor deny") by confirming FBI investigations (and FISA court involvement) in domestic surveillance. Trump has done it again, thanks to approving the release of the Nunes memo. Again, FOIA requesters seeking information about FBI domestic surveillance have been handed a gift by the Commander in Chief, as Politico reports.

During a hearing on a bid by BuzzFeed to get more information about how a so-called dossier compiled by a former British spy was handled, U.S. District Court Judge Amit Mehta grew frustrated with a Justice Department lawyer who argued that Trump’s declassification order did not alter the contours of the legal dispute.

Mehta said the government would normally be entitled to deference in asserting the need to keep its investigative work under wraps, but perhaps no longer with respect to the dossier.

“This isn’t the ordinary case,” Mehta told a Justice Department lawyer, Anjali Motgi. “I don’t know of any time the president has declassified the fact of a counterintelligence investigation. That’s going to be a hard sell given what the president has done. … This is a new frontier and it has an impact.”

The DOJ tried to argue that Trump's declassification of the memo wasn't an endorsement of its contents. The judge found this assertion literally incredible, saying she found it impossible to believe the DOJ and the White House disagreed about the factual basis of the released memo. If the DOJ can't find a way to push this argument past the judge, Buzzfeed will likely gain access to documents it might need to defend itself from a libel lawsuit brought by someone mentioned in the Steele dossier. If nothing else, the declassification of the memo shows there's substantial public interest in the contents of the dossier, which would buttress Buzzfeed's claims that publishing it (without verifying the contents first) was "fair reporting" on government activities.

The DOJ, however, continues to insist the sought documents, even if released, change nothing for Buzzfeed. But to make this argument it has to sell its first argument -- that the facts disclosed by the Nunes memo are not actually facts. The DOJ will get to make this argument in person, behind closed doors with the judge, where it will argue that releasing documents to Buzzfeed would harm its ongoing investigation.

On top of this turn of events, the Nunes memo's release has also forced the DOJ to change its opacity stance in other FOIA lawsuits.

In one of those FOIA cases on Wednesday, government lawyers notified the court that the president’s declassification actions forced them to withdraw a refuse-to-confirm-or-deny response issued on requests that USA Today reporter Brad Heath and the pro-transparency James Madison Project made for surveillance warrants on Trump associates.

The DOJ may end up having to release documents it doesn't want to release, thanks to the president and legislators aligned with Nunes. All it can do right now is buy time. And it will be an indefinite amount of time, apparently.

“Given recent events, and the possibility of additional declassifications by the president,” the lawyers wrote, “the government is unable at this time to propose a timetable to conduct this review.”

The Forever War on Transparency continues, but it's being frustrated by self-serving acts of openness by the White House. I guess we're the beneficiaries of accidental largesse, although it may be outweighed by other damaging White House acts and policies. However, someone writing about issues like these should never wish to live in uninteresting times, so the remainder of the Trump presidency should provide plenty of transparency yin/yang moments like these, where the government's natural affinity for opacity is undone by the Commander in Chief's proclivity for outing company secrets whenever it seems it might serve his singular narrative.

15 Comments | Leave a Comment..

Posted on Free Speech - 21 February 2018 @ 8:32am

Germany's Speech Laws Continue To Be A Raging Dumpster Fire Of Censorial Stupidity

from the sandboxing-the-web,-one-country-at-a-time dept

Germany's new law, targeting hate speech and other unpleasantness online, is off to a roaring start. Instead of cleaning up the internet for German consumption, the law has been instrumental in targeting innocuous posts by politicians and taking down satirical content. The law is a bludgeon with hefty fines attached. This has forced American tech companies to be proactive, targeting innocuous content and satire before the German government comes around with its hand out.

It took only 72 hours for the new law (Netzwerkdurchsezungsgesetz, or NetzDG) to start censoring content that didn't violate the law. Some German officials have expressed concern, but the government as a whole seems content to let more censorship of lawful content occur before the law is given a second look. The things critics of the law said would happen have happened. And yet the law remains in full effect.

The spirit is willing but the body is weak, Sterling Jones says in the opening of his excellent post detailing more blundering attempts by the German government to enforce its terrible law.

While intended to stop the spread of disinformation and hateful rhetoric online, recently published “local law” complaints show that would-be censors are using NetzDG to target all variety of content, including mainstream news stories, sexual words and images, an anti-Nazi online forum, and criticism of German Chancellor Angela Merkel and of the NetzDG law itself.

So, that's how the law is working out. Sterling's post is filled with takedown notices forwarded to the Lumen Database -- all of them targeting speech that doesn't appear to be unlawful even under Germany's screwed up laws. It also appears there's a concerted effort being made to shut down criticism of Angela Merkel, targeting German author Martin Hilpert, who rarely has anything nice to say about the German Chancellor. The notices also target two German news publishers, with the attendant irony apparently lost on the censors issuing the notices.

The complaint against FAZ states that the newspaper engaged in “harmful or dangerous acts” for a story about NATO, while the complaint against Heise states that the tech website engaged in “hate speech or political extremism” for publishing concerns by the EU Commission that NetzDG could lead to “possible abuse by governments seeking to limit freedom of expression.”

Most ridiculously, an anti-Nazi group has been targeted by the government. Another takedown request declared the following picture to be "terrorist or unconstitutional content."

Last but not least, something the German government finds every bit as concerning as snowmen dressed like Hitler: SEX. Jones reports the government has asked for the removal of everything from semi-nude photos of a model to public invitations for sex. The takedown request for the last one appears to have been written by an offended elderly neighbor.

If you can't see/read the text, it says under "Explanation of Complaint"

Issue type: Sexual content
Google received a request to remove content from Google Plus based on the Netzwerkdurchsetzungsgesetz.
It's indecent

And it is! But no so much you'd think a government entity would need to be involved!

The only surprising thing about the post is that it received positive answers, which seems contrary to how the internet usually works.There's no telling the level of sincerity in the offers, but I would imagine they're at least as sincere as the original post.

Germany's attempt to control the internet is going to cause immense amounts of collateral damage. It's unknown if any citizens have been charged for putting Nazi armbands on snowmen or shouting "I need sex" into the void, but service providers are taking few chances. Since they face fines equivalent to 40 million pounds per infraction, they're obviously erring on the side of caution when dealing with these takedown demands. That's not good for the internet as a whole and it's downright catastrophic for German citizens who are pretty much assured they'll be targeted by government takedowns for expressing their displeasure with these laws.

27 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2018 @ 5:38pm

Court Sends Cop Back To Prison For Bogus 'Contempt Of Cop' Arrest

from the classic-seven-words-you-can't-say-to-cops-skit dept

It shouldn't take an appeals court to reach this conclusion, but that's the route taken most frequently by people challenging their convictions. Former sheriff's deputy Matthew Corder doesn't want to serve time after being convicted of depriving Derek Baize of his constitutional rights, and so we've ended up at the Sixth Circuit Court of Appeals. (h/t Sixth Circuit Blog)

This all stems from a "contempt of cop" incident. Baize returned home one night to find Deputy Corder parked in his parking spot in front of his home. Baize asked what was going on, only to be told to "mind his own business." Baize then asked the deputy to move his car so Baize could park in front of his house. The deputy said he'd move his car "when he was ready."

Nonplussed by the behavior of this supposed public servant, Baize told the deputy to "fuck off." Deputy Corder asked for clarification. Baize responded: "I did not stutter. I said 'fuck off.'" Baize then walked into his house. Corder claimed he yelled for Baize to stop. Baize said he didn't hear this. It really doesn't matter. Citizens are under no legal obligation to engage in conversations with law enforcement officers. The deputy's testimony indicates Baize wasn't committing any crime nor was he wanted for a suspected criminal act when he walked away from the yelling deputy.

Baize went into his house. The deputy followed. He banged on the door and told Baize to come outside. Baize refused, again well within his rights. Baize also pointed out Corder might want to get his paperwork in order if he wanted to set foot in the residence. The following was all caught on Corder's body camera:

Baize opened his front door but left his screen door closed. Defendant opened Baize’s screen door and told Baize to come outside “or there are going to be issues.” Baize repeatedly refused, saying that defendant needed a warrant, but defendant responded that he did not “need no warrant.” Defendant told Baize that “right now you’re out here hollering at me and you ran in there, which means there’s exigent circumstances.” Baize again refused to come outside. Defendant reached inside Baize’s home to grab Baize, who braced himself against his doorjamb and said “you are not allowed in my house.” Defendant then entered Baize’s home, grabbed Baize by the back of the neck, and began to arrest him. Defendant’s fellow deputy, Billy Allen, arrived and assisted with the arrest. Defendant tased Baize into submission and completed the arrest.

Corder was wrong multiple times during this interaction. He did need a warrant to enter the residence. Given the circumstances, it seems highly unlikely he could have obtained one, having only the probable cause of being disrespected while parked in someone else's driveway. He was also wrong about the circumstances. There's nothing "exigent" about someone entering the home where they live, even if there's a law enforcement officer on the lawn trying to find some way to regain control of the situation.

Nevertheless, Corder entered the home and arrested Baize, ringing him up on the two bullshit charges: fleeing (in the second degree) and resisting arrest. Baize was nailed with $1500 cash bond. The judge refused to allow an unsecured bond because Baize had been arrested for "evading" the deputy. Baize couldn't afford the full $1500 and spent two weeks in jail. During that stay, he lost his job.

On top of that, the prosecutor and Baize's public defender agreed on an order of dismissal (without Baize's knowledge) stipulating that he agreed there was probable cause to arrest him for these charges. This was presented to the judge as something Baize had agreed to, even though it obviously lacked Baize's signature.

Following all of this, Deputy Corder was indicted by a grand jury and convicted on both counts after a four-day trial. Corder appealed his conviction, raising questions about the sufficiency of evidence against him as well as jury instructions regarding the Fourth Amendment and the physical boundaries of residences protected under this amendment. Corder asserted Baize's decision to answer the door after he began knocking on it somehow generated probable cause for a fleeing/evading arrest. The Sixth Circuit Appeals Court [PDF] doesn't buy it.

[W]e reject defendant’s theory that the fifth element — “in fleeing or eluding the person is the cause of, or creates a substantial risk of, physical injury to any person” — was satisfied when Baize resisted arrest after returning to answer the door. For defendant to have had probable cause to arrest Baize for fleeing and evading, he must have had probable cause to believe that all of the elements of the crime were satisfied at the moment he sought the arrest. Wesley v. Campbell, 779 F.3d 421, 429 (6th Cir. 2015). By defendant’s own account, however, the fifth element — Baize’s creation of the risk — was not satisfied until after defendant initiated the arrest and Baize physically resisted. See Trial Tr. vol. II at 160:11-161:5 (defendant admits that he did not make the decision to arrest until “we were trying to bring [Baize] out [and] he resisted”) (PageID # 832-33); Def. Br. at 18 (“The substantial risk of injury occurred when Baize resisted arrest . . . .”). It is therefore impossible, under defendant’s theory, that defendant had probable cause to believe Baize had met all of the elements of fleeing and evading when defendant made the decision to arrest.

As for his argument that he did not cross the threshold to effect the arrest (or, conversely, that circumstances allowed him to enter the home without a warrant), the appeals court points to the deputy's own body camera footage as evidence of Corder's Fourth Amendment violations.

Defendant’s body camera shows Baize open his inner door, leaving the screen door shut. Defendant was unable to cross the threshold and touch Baize without opening the screen door himself (which he did), and all the while Baize remained several feet removed from his threshold, inside of his home. Baize was not exposed to the same degree of public view, speech, hearing, and touch as though he was on his porch.

As to the allegedly faulty jury instructions, the court has this to say:

Defendant’s proposed jury instruction is also legally flawed, as it incorrectly suggests that the hot-pursuit exception to the warrant requirement applies any time a suspect retreats into his home, no matter the circumstances…

Even if defendant’s proposed instruction contained a properly limited definition of the hot-pursuit exception, defendant fails to explain how the exception applied to his decision to enter Baize’s home. In Kentucky, second-degree disorderly conduct is a misdemeanor, Ky. Rev. Stat. § 525.060(2), and there was no physical evidence of disorderly conduct that Baize could have destroyed.

This isn't Corder's first outing as a defendant. He's faced lawsuits before for misconduct, excessive force, and other civil rights violations. This David Meyer Lindenberg post for the now-defunct FaultLines details 20 years of abusive behavior by Deputy Corder.

In 1997, when Corder was an officer with the Louisville PD, a man named John Dennis Wilson accused him of pepper-spraying him in the face as he sat handcuffed in the back of a police car. Notably, Corder’s police report didn’t mention any pepper spray, and he failed to file a use-of-force report in violation of department policy. After Wilson sued him in federal court, Corder admitted everything. The city settled with Wilson for $15,000 ($22,500 in 2016 money). Corder was not punished.

On New Year’s Day, 1998, Corder arrested Adrian Reynolds, 34, who was wanted on a domestic violence charge. When other officers arrived on the scene, they found Reynolds with a broken face and Corder’s uniform soaked in blood: Corder had repeatedly beaten Reynolds in the head with his fist and flashlight. An internal affairs investigation cleared Corder, though the arrest made the news when prison screws beat Reynolds to death six days later.

Also in January, 1998, Corder was sued by 36-year-old Gary Branham after Corder punched him in the face and pepper-sprayed him while moonlighting as security for an amateur boxing tournament. Although Corder hit Branham with a number of charges, including disorderly conduct, they were all dropped when Corder failed to appear at Branham’s preliminary hearing. Branham’s suit was resolved when a jury found in favor of Corder and the city. Corder was not punished.

In October, 2002, Corder pulled a gun on and arrested a man for trying to repossess Corder’s SUV. This earned him his first trip to criminal court. According to the Louisville chief of police, Robert White, who fired Corder in 2003, Corder tried to make a deal with the repo company: in exchange for releasing the arrested worker, they’d let him keep the car.

This history -- along with Corder's history of lying to police investigators about his misconduct -- forms the basis of Corder's Fifth Amendment argument. Corder believed the jury was unfairly prejudiced when his past lies to police departments he worked for were brought up during cross-examination. The court denies Corder on this one as well, pointing out jurors had every right to know whether the officer on the stand was a trustworthy person.

Defendant argues that permitting cross-examination concerning his lies to internal affairs investigators in 1991 and 1998 violated both his Fifth Amendment right against self-incrimination and Federal Rule of Evidence 608(b). (Def. Br. at 34.) Over defendant’s objection, however, the district court permitted the government to elicit defendant’s testimony admitting these lies. The district court based its ruling on Brown v. United States, 356 U.S. 148 (1958), concluding that defendant’s testimony about his own truthfulness had opened the door to such cross-examination.

[...]

On the record before us, as well as the authority offered by defendant, we conclude that the district court did not abuse its discretion in ruling that defendant waived his Fifth Amendment right as to his prior statements to police investigators. Defendant’s belief in the veracity of his charges against Baize was a chief issue in the case against him, and he voluntarily took the stand to vouch for that belief. Evidence of defendant’s willingness to lie to other police departments to protect himself from allegations of misconduct is relevant to, and probative of, whether he would lie to the Bullitt County Sheriff’s Office for the same general purpose.

Matthew Corder swings and misses on all arguments. This means he'll head back to prison to serve the remainder of his 27-month sentence. He should count himself lucky. He was facing a possible eleven years for both counts. With any luck, Corder's imprisonment will serve as a cautionary tale for officers who think they can arrest people just because they feel they haven't been shown the respect they think they deserve. If a cop wants to tell you to "mind your own business" when he's parked in your driveway, you should feel free to tell him to "fuck off" without worrying about losing your job and your freedom.

Read More | 37 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2018 @ 9:31am

Nunes Demands Copies Of FISA Docs About Steele Dossier Warrants; Court Suggests Taking It Up With The FBI

from the god-I-so-hope-Nunes-takes-it-up-with-the-FBI dept

Having already released the memo purportedly showing surveillance abuses committed by the FBI, the legislators behind the release are now getting around to asking for documents to back up the memo's assertions. Bob Goodlatte and Devin Nunes have both asked the FISA court for the paperwork they probably should have looked at before writing and releasing the memo.

Nunes has asked for "transcripts of relevant FISC hearings" related to the FISA warrants predicated largely on assertions made in Steele dossier. Goodlatte has asked applications and orders for the same warrants. The FISA court has replied with two letters stating basically the same thing: thanks for the weird (and inappropriate) question, but maybe take this up the FBI. (h/t Zoe Tillman)

From the letter [PDF] sent by Judge Rosemary Collyer to Devin Nunes:

The Court appreciates the interest of the House Intelligence Committee in its operations and public confidence therein. Before 2018, the Court had never received a request from Congress for documents related to any specific FISA application. Thus, your requests -- and others I have recently received from Congress -- present novel and significant questions. The considerations involve not only prerogatives of the Legislative Branch, but also interests of the Executive Branch, including its responsibility for national security and its need to maintain the integrity of any ongoing law enforcement investigations.

While this analysis is underway, you may note that the Department of Justice possesses (or can easily obtain) the same responsive information the Court might possess, and because of separation of powers considerations, is better positioned than the Court to respond quickly. (We have previously made clear to the Department, both formally and informally, that we do not object to any decision by the Executive Branch to convey to Congress any such information.)

The response [PDF] to Goodlatte pretty much says the same thing. Both letter close with a little bit of shade-throwing.

I expect that [the DOJ and FBI's] handling of your requests will inform the Court as to how the Executive Branch perceives its interests and will assist us in our consideration of the full range of issues…

This seems to suggest the FISA court has noticed (how could it not) the contentious relationship between the FBI and the White House and wants to see how the DOJ handles its end of the paperwork requested by the legislators before proceeding. It also implies the court thinks the White House will sidestep its obligations to preserve the integrity of national security-related obligations if it thinks it can score some political points. If the court really felt like laying on the snark, it might have mentioned the utility of viewing underlying documents before releasing a "damning" memo, rather than attempting to find justification for the memo's accusations after the fact.

Read More | 51 Comments | Leave a Comment..

Posted on Techdirt - 20 February 2018 @ 3:25am

NSA Exploit Now Powering Cryptocurrency Mining Malware

from the ETERNALDAMAGE dept

You may have been asked if you'd like to try your hand at mining cryptocurrency. You may have demurred, citing the shortage in graphics cards or perhaps wary you were being coaxed into an elaborate Ponzi scheme. So much for opting out. Thanks to the NSA, you may be involved in mining cryptocurrency, but you're likely not seeing any of the benefits.

A computer security exploit developed by the US National Security Agency and leaked by hackers last year is now being used to mine cryptocurrency, and according to cybersecurity experts the number of infections is rising.

The good news is you won't have to cough up ransom to retake control of your computer. The bad news is this doesn't guarantee you'll have a functioning computer.

This new attack—called WannaMine—may seem like less of a threat than WannaCry because it doesn’t lock users out of their computer. But CrowdStrike noted in a blog post laying out its findings on WannaMine that the company has observed the malware “rendering some companies unable to operate for days and weeks at a time.” WannaMine infections are also hard to detect because it doesn’t download any applications to an infected device.

This is the path the NSA's malware has taken: from worldwide ransomware to drive-by installations of mining software. The route to infection is still the normal route: malicious links. Once inside, the malware co-opts your processor for cryptocurrency mining. If your computer happens to be part of a network, the infection will spread to connected computers, turning entire businesses into someone else's side hustle.

The "fun" part is even patched systems can be infected. The NSA's EternalBlue exploit may no longer work, but an attached tool called Mimikatz can still root around for login passwords to continue spreading the malware. The damage isn't theoretical.

For companies hit by WannaMine at scale though, the cumulative effects can be disastrous, [Bryan] York [director of CrowdStrike] told me. He cited a client that recently came to CrowdStrike for help after their network was infected by WannaMine, which York said was using so much CPU power that it totally shut down their service.

“The implications of cryptocurrency mining aren't just, ‘Oh darn, I lost some of my CPU,’” York said. “It's actually getting in the way of how businesses conduct their operations and causing down time.”

While this isn't the first cryptominer based on NSA exploits to hijack users' computers, it's the hardest to track down and kill. It contains no application files, relying on Windows tools to perform the dirty work. No files written to disk make it all but invisible. And, unlike ransomware, there's no way to pay someone to stop using your CPU to mine Monero. You can't even buy your way out of the problem.

This won't be the last we'll see of malicious software built on NSA hacking tools. It will serve as a continual reminder of the government's untrustworthiness when it comes to secure computing, mass harvesting of data, and security tradeoffs performed without input of the majority of stakeholders.

(Counterpoint via @dril: maybe NSA-enabled cryptomining hijacking is the most patriotic thing there is.)

26 Comments | Leave a Comment..

Posted on Techdirt - 16 February 2018 @ 7:39pm

Appeals Court: Handcuffing A Compliant Ten-Year-Old Is Unreasonable But Deputy Had No Way Of Knowing That

from the those-without-common-sense-will-inherit-the-earth dept

Time and time again, courts remind officers of the law don't actually have to know the law to enforce the law. Yes, that's how it all works out for citizens, who are just as frequently reminded ignorance of the law is no excuse. This has lead to the prevalence of pretextual stops where minor traffic violations (that may not even be violations) are used to initiate long conversations with law enforcement officers with the end goal of obtaining consent for a search or to bring a drug dog onto the scene.

Qualified immunity, along with the good faith exception, have allowed an untold amount of law enforcement abuse. This has completely skewed judicial perception, turning law enforcement into noble fools and raising expectations of citizens' legal knowledge to that of seasoned criminal defense lawyers. Here's how occasional Techdirt contributor Andrew Norton breaks down the current state of judicial affairs:

2005, when [Tasers] were still being introduced to law enforcement at large, was a bad year for taser-victims, but not cops. In a California case, Bryan v. McPhearson, the court decided the officer’s actions qualified under the doctrine of qualified immunity (cops will only be responsible for excessive force if they act in a way that is so unreasonable any cop would have known such conduct was against the law – basically acting criminally) Since ‘the law on taser police brutality’ was still evolving when the incident happened in 2005 the cop should get a break from liability. You read that right, because no-one had told the cop, he didn’t have any notion of right and wrong. Ignorance is an excuse, if you wear the badge.

It’s this that characterizes many police brutality and excessive force cases. On one hand the police officers are professionals dedicated to knowing and enforcing the law, when they’re on the prosecuting side, their word is solid and their testimony is unquestionable. However if they’re a defendant, they’re amateurs who don’t know the law, can’t tell right from wrong, and whose training and instincts are so poor, that they can’t be held responsible for decisions made when doing their job because they have to do them quickly.

That's the ugly reality. Things that seem obvious to citizens are somehow inscrutable to police officers with years of legal training and, quite often, a degree in criminal law. Yet another "case in point" is this recent Fourth Circuit Appeals Court decision, in which something that seems obviously wrong is given a judicial hand-wave because the obvious wrong had not been "clearly established" by these judges in this circuit dealing with a carbon copy of these circumstances.

The civil rights lawsuit involves a minor who was in fourth grade at the time the violation occurred. E.W. is the minor suing. A bus surveillance camera caught her and another student fighting on the bus. Both were suspended by the school from riding the bus.

For whatever reason, the school didn't do anything about the altercation for 72 hours. Then they called in deputy sheriff Rosemary Dolgos, the school's resource officer. Dolgos questioned the other party in the fight and asked if she was injured. A.W. (the other minor in the altercation) showed the officer a couple of small bruises on her leg.

E.W. was summoned to the office. According to the deputy, E.W. didn't seem to care enough about the fight on the bus. From the opinion [PDF]:

Dolgos attempted to emphasize to E.W. the seriousness of the situation and the possible repercussions, telling her that adults could be jailed for such behavior. Still, in Dolgos’s opinion, “E.W. continued to act as if the situation simply was not a ‘big deal.’”

It wasn't a big deal. Or at least it wasn't something the school couldn't have handled without a law enforcement officer. But since a law enforcement officer was involved, law enforcement proceeded without any regard for the actual severity of the situation. Deputy Dolgos, presiding over an apathetic fourth grader, feared for her safety.

Dolgos placed E.W. in handcuffs from behind and reseated her. Dolgos inserted two fingers between the handcuffs and E.W.’s wrists to ensure that they were not too tight. In her affidavit, Dolgos stated that she was concerned about the physical safety of herself and the school administrators because of both the incident she observed in the surveillance video and E.W.’s apathy. Dolgos expressed concern in the affidavit that E.W. might act violently against her or someone else if she attempted to walk E.W. from the school to her patrol car.

Dolgos based these observations on her lack of knowledge.

Dolgos also admitted, however, that she had no idea whether E.W. had “any past or current behavioral issues or past involvements with law enforcement.”

She also likely could have controlled the situation without handcuffs, especially considering E.W.'s apparent compliance.

According to Dolgos, E.W. stood 4’4” and weighed about 95 pounds, while Dolgos stands 5’4” and weighs 155 pounds.

Once placed in handcuffs, E.W. began crying and apologized for the fight. She said she did not want to go to jail and promised she wouldn't hit A.W. again. Apparently this was the reaction Dolgos was looking for. Having been taken seriously enough as a law enforcement officer, Dolgos removed the cuffs and released E.W.

The school, however, remained unmoved. It contacted E.W.'s mother and told her they would refer the matter to juvenile services. E.W.'s mother responded with disbelief ("[s]o you're going to put my… daughter in the system when she's 10?") and came to the school to retrieve her daughter. The lawsuit followed.

The district court took a brief glance at Dolgos' motion to dismiss and sided with the deputy. The decision was, at best, perfunctory.

In a short paragraph, without citing any case law, the district court concluded that Dolgos’s actions did not amount to excessive force because E.W. was handcuffed for only two minutes and then released to her mother. The court further concluded that Dolgos was “at least” entitled to qualified immunity as to the § 1983 claim.

The appeals court disagrees with the will-this-do assessment of the lower court. It finds the use of force excessive, considering the surrounding circumstances. In doing so, it finds Dolgos' assertions ridiculous.

Here, Dolgos could not have reasonably believed that E.W. presented any immediate risk of harm to anyone. Like the adult suspect in Solomon, E.W. had no weapons and made no threats, see 389 F.3d at 174, and like the eleven-year-old in Sonora, she was calm and compliant as Dolgos spoke to her, see 769 F.3d at 1030. In fact, Dolgos recognized that E.W. appeared calm. See J.A. 23–24. Also similar to the suspects in Solomon and Sonora, E.W., at 4’4” and ninety-five pounds, was quite small relative to Dolgos, the arresting officer, who was a foot taller and sixty pounds heavier. See Sonora, 769 F.3d at 1030; Solomon, 389 F.3d at 174. Not to mention, E.W. was in a closed office and surrounded by two school administrators and a deputy sheriff. Given these facts, E.W. posed little threat even if she were to become aggressive.

The significant time that had elapsed—without incident—since the fight on the bus further negates any notion that E.W. posed an immediate threat. While the scuffle took place on Tuesday, January 6, East Salisbury Elementary School waited three days to even contact Dolgos. In the interim, E.W. was allowed to and did in fact attend school without incident, indicating that she did not pose a risk to the children around her, much less to the adults.

In addition, the ignorance of the underlying circumstances Dolgos admitted to (and likely hoped would weigh in her favor by making her unreasonable actions reasonable) only further adds to the factors weighing against handcuffing a compliant 10-year-old.

Moreover, Dolgos had no reason to think that the scuffle between E.W. and A.W. was anything but an isolated incident. E.W. had no prior behavioral issues or involvement with law enforcement, nor did Dolgos have any indication that she did. The use of force is an intrusion on Fourth Amendment rights, and an officer must have a reason for using or escalating force. See Graham, 490 U.S. at 396 (intrusions on Fourth Amendment rights must be reasonably necessary given countervailing governmental interests). Even as to the altercation on the school bus, E.W., while unjustified in retaliating, did not become violent without physical provocation by A.W. Indeed, even a child with a history of attacking school officials should not be handcuffed if, at the time of handcuffing, she did not present a danger.

The appeals court also points to plenty of precedent, finding that handcuffing children tends to be excessive force in almost any situation. It also notes that the use of handcuffs in a school setting tends to undermine the mission of schools and school personnel. Students who see other students handcuffed for behavior that could be addressed by parental or school discipline are far more likely to distrust school administration and will be less likely to bring disciplinary issues to their attention. In extreme cases, parents and students may decide to take their scholastic business elsewhere, leaving the school with fewer students.

The court finds Deputy Dolgos violated the Fourth Amendment.

Dolgos took a situation where there was no need for any physical force and used unreasonable force disproportionate to the circumstances presented. We therefore find that Dolgos’s actions amount to excessive force. As such, E.W. has demonstrated a violation of her constitutional rights under the Fourth Amendment.

But here's where it all goes haywire. The court lists numerous reasons -- including circuit precedent -- why Dolgos should have known handcuffing children (absent extreme circumstances) would result in Fourth Amendment violations. It holds that this handcuffing was a Fourth Amendment violation. And then it goes on to declare that Dolgos can rely on her ignorance and her complete lack of better judgment to escape liability.

Conversely, it was not obvious that Dolgos could not handcuff E.W. here. Although precedent supports the conclusion that Dolgos acted unreasonably and violated E.W.’s Fourth Amendment rights, it did not put Dolgos on sufficient notice that her conduct was unlawful. Indeed, this Court previously stated that the use of handcuffs would “rarely” be considered excessive force when the officer has probable cause for the underlying arrest. See Brown, 278 F.3d at 369. And the parties do not point us to any controlling authority sufficiently similar to the situation Dolgos confronted. In fact, E.W. chiefly relies on Graham to define the clearly established law. Without more, we cannot conclude that it would have necessarily been clear to a reasonable officer that handcuffing E.W. would give rise to a Fourth Amendment violation.

This will help handcuffed students in the future, but it does nothing for E.W. And this conclusion comes after a lengthy diversion in the opinion in which the concurring opinion is called out for its willingness to say that handcuffing children reasonable.

The concurrence seems to suggest that elementary school children like E.W. are so inherently unpredictable and uncontrollable that officers would be reasonable in restraining them for our collective safety. Unsurprisingly, the concurrence’s authorities do not actually support that position or apply to this case. The concurrence cites to Knox Cty. Educ. Ass’n v. Knox Cty. Bd. of Educ., 158 F.3d 361 (6th Cir. 1998), for the proposition that young children are “unpredictable, in need of constant attention and supervision,” such that “[e]ven momentary inattention or delay in dealing with a potentially dangerous or emergency situation could have grievous consequences.” Post at 41 (quoting Knox, 158 F.3d at 378). What the concurrence leaves out is that Knox was discussing whether teachers may be required to undergo drug-testing in order to protect young children, who “could cause harm to themselves or others while playing at recess, eating lunch in the cafeteria (if for example, they began choking), or simply horsing around with each other.” See 158 F.3d at 378–79. Unless the concurrence suggests that we handcuff children as a reasonable method of “supervision” to prevent choking and horseplay, Knox has little relevance to the case at hand.

So, the concurrence is only right so far as it agrees with the rest of the court that Deputy Dolgos can walk into a school office and slap handcuffs on a ten-year-old without having to worry about being held liable for violating the student's Fourth Amendment rights. On all other points, it's somehow wrong, but only because it chose the wrong standard of law enforcement ignorance to cite. The concurring opinion somehow manages to be worse than the majority opinion, because it wouldn't even go so far as to establish the handcuffing of compliant prepubescents as "unreasonable."

This is a good decision as far as establishing a baseline goes, but the cases cited suggest the baseline had already been set, but only as to eight-year-olds (James v. Frederick Cty. Pub. Sch.) and eleven-year-olds (Tekle v. United States). Ten-year-olds are apparently in need of their own separate precedent. This is how much the doctrine of qualified immunity has erased the word "justice" from the justice system. Anyone who suffers a Fourth Amendment violation had better hope someone in exactly the same circumstances landed a appellate unicorn with their lawsuit, or law enforcement skates away with another win and a very slight narrowing of the scope of civil rights violations officers can get away with.

Read More | 59 Comments | Leave a Comment..

Posted on Techdirt - 16 February 2018 @ 12:01pm

County Gov't Tries To Dodge Liability In Jailhouse Deaths By Intimidating The Journalist Who Exposed Them

from the step-aside,-Constitution! dept

To keep itself from being held liable for inmate deaths, San Diego County (CA) has decided to target the journalist who exposed them. Kelly Davis, along with the EFF's Dave Maass, used public records requests and investigative journalism to detail 60 deaths in the county's five jails, which occurred over the course of five years. The death rate in San Diego jails was consistently higher than those of comparably-sized systems. In fact, the death rate was higher than that of the 10 largest jail systems in the country. Documents showed almost a third of those were preventable.

But when a lawsuit was filed by the wife of an inmate who died in a San Diego County jail, the county argued there was no negligence. The presiding judge disagreed, citing Davis and Maass' journalism.

The Marine’s widow is suing the county, claiming the jail system didn’t protect Nesmith from himself despite multiple warning signs. A judge allowed the case to go forward, noting that news coverage could “plausibly” have given the county a heads-up of “a pattern of deliberate indifference” to suicidal inmates.

Ok, if that's the way you want to play this, said the county in its next filing. If these reports should have given us heads up on negligence in county jails, let's see if we can't dispute the accuracy of the reports. The county has asked the judge to force Kelly Davis to turn over everything she has on jail deaths, including documents and interviews that haven't been published.

Randy Dotinga of the Voice of San Diego explains what the county is really trying to do with this discovery demand:

Let’s dig beyond the legalese into what the county is actually saying here:

So you’re suggesting we should have known that we had a big problem with jail suicides because of those “60 Dead Inmates” headlines and done something? Maybe those stories were wrong, and we didn’t need to know about a problem we didn’t actually have! We can’t be bothered to run the numbers ourselves, so we’ll force the reporter to do it for us.

This part is unsaid: This will also suck up hours of depositions and cost everyone a bundle. Luckily, we’re taxpayer-funded! And hey, we’ll learn who squealed to the reporter too. Bonus!

This is an obvious attempt to intimidate a journalist who exposed misconduct and malfeasance. The county has plenty of previous reporting it could dig into, as well as unfettered access to jail records and jail employees. Instead, it's dragging the journalist to court and attempting to unmask sources. The county is trying to bypass First Amendment protections and the state's journalist shield laws to skirt liability in jailhouse deaths.

Fortunately, Davis has pro bono representation pushing back against the county's demands. It appears the county didn't think the journalist would stand up for her rights. So, it's changed its arguments. Instead of bypassing Constitutional protections, the government is hoping to get every damning piece of journalism booted from the ongoing civil rights lawsuit. The new "deal" proposed by the county would be to rescind its demands for sources and source material from Davis if the plaintiff agrees to never bring up Davis' reporting during the lawsuit. One way or another, the county is hoping to bury inconvenient facts. The widow bringing the lawsuit has refused this deal, meaning the reporting is still in play and the demand for Davis to reveal everything she's collected still an ongoing concern.

For now, Davis won't have to turn over anything. As Voice of San Diego reports, the judge has ruled against the county's request. The county may appeals this order, but for now, Davis won't have to produce documents or testify.

As Dotinga points out, this is nothing more than intimidation from government reps who think they can push their constituents around.

We’ve seen several recent cases of overreach by lawyers who work for taxpayers. The city attorney’s office slut-shamed a victim of a predatory cop and held an extensive jail term over the head of a man who protested a bank by writing slogans in chalk on a sidewalk. The district attorney’s office, meanwhile, targeted a rapper over his lyrics and tried to send a group of men to jail for having links to a gang involved in a fatal shooting.

This is how San Diego is handling problems with its law enforcement officers. It's punishing citizens for speaking up, protesting, engaging in journalism, or being the victims of sexual assault by people in positions of power. Every single aspect of this is shameful, but having a sense of shame means admitting the county has a problem (well, several of them). County reps aren't paid to admit fault. But they shouldn't be collecting paychecks for violating the US Constitution and state law, either.

37 Comments | Leave a Comment..

Posted on Techdirt - 15 February 2018 @ 12:00pm

Scholastic Wants To Help Young Creators Showcase Their Works By Stripping Them Of Their IP Rights

from the we'll-take-it-from-here,-kids! dept

The Scholastic Art & Writing Awards wants to help show youths the power of artistic creation… by taking away those artistic creations irrevocably for the next two years minimum.

Sasha Matthews, 13-year-old cartoonist, was the first to spot this bit of intellectual property land-grabbing late last year in the terms and conditions that must be followed by Scholastic Award entrants.

The student irrevocably grants an assignment transferring to the Alliance for Young Artists & Writers, Inc. (“Alliance”) all right, title, and interest (including all copyrights) in and to the submitted work (“Work”), such that the Work, and all rights relating to the Work, shall be the exclusive property of the Alliance, subject to (a) the student’s non-exclusive license, hereby granted, (i) to maintain and make limited display and distribution of a copy of the Work as part of the student’s portfolio solely for purposes of identification and reference to the student’s body of works, and (ii) to submit a copy of the Work for consideration for other scholarships, awards, and recognitions, and (b) such other licenses and authorizations as the Alliance may, in the exercise of its sole discretion, grant to the student upon the student’s written request.

To submit an entry is to capitulate to Scholastic and cede ownership of your creative work. Scholastic points out it's only for two years, as though that excuses this unneeded clause in the participation terms. There's no reason Scholastic needs an exclusive license to the creation of others to present artists' works to others. Setting it up this way controls how the creator gets to use their own work, allowing Scholastic to benefit exclusively from the works of others.

Yes, the contract (so to speak…) sunsets after two years, but even then there are stipulations. Scholastic is still allowed perpetual, royalty-free use of students' submissions. And this rollback of grabbed rights only comes into play if Scholastic can locate participants after the two-year exclusive license expires.

Alliance will return the Work upon the expiration of the two (2) year period commencing with the date of the national award notification. The Alliance will attempt to notify the student using the contact information provided on the Submission Form, (or, if applicable, such contact information as the Alliance shall have later received), prior to returning and shipping the Work to the home address provided. Students are obligated to notify the Alliance if their address or other contact information changes and will be solely responsible for any non-delivery or loss of, or damage to, the Work that may result from my failure to do so. If Work is returned to the Alliance for reasons including, but not limited to, refusal of delivery or failure to provide forwarding instructions, the student understands and agrees that the Alliance hold my work up to three (3) years from the date of the national award notification. If the Work is not retrieved by the student or on the student’s behalf once the three (3) year period has lapsed, the student understands and agrees that exclusive ownership of the physical Work will transfer to and fully vest in the Alliance automatically and immediately upon the expiration of this period, and that the Alliance, as the owner of the Work will have the right to continue to store, destroy, use or display the physical Work as it may choose in the exercise of its sole discretion. In such event, the student shall, and hereby does, assign to the Alliance and its successors all right, title and interest in and to the physical Work.

Miss the three-year cutoff (possibly through no fault of your own) and the work becomes the sole, indisputable property of Scholastic. Even if the artwork is retrieved in a timely fashion, it still won't belong solely to the creator but will forever be partially "licensed" to Scholastic for life+70.

The involvement of minors raises further questions about this boilerplate. Minors can't form contracts so it's likely Scholastic gets around this by sending participation sheets to educators and parents to obtain signatures, but likely without informing those signing on behalf of students of Scholastic's IP intentions.

Scholastic responded by saying it's been super-clear about the terms and conditions. But those reading Scholastic's tweet will notice the FAQ was published the same day as its cheerily-defensive tweet to Matthews, which means it has only recently been upfront about its two-year copyright claim.

Scholastic's participation terms aren't unusual. But that doesn't make them right. There's nothing about this sort of contest that demands full control of submitted works. A limited non-exclusive license would allow Scholastic to display creations and use them in promotional material without fear of a participant lawsuit. Or, for that matter, a Creatve Commons license could be applied with the terms set by particpants rather than Scholastic. But Scholastic obviously feels it's the creators who should give up their rights. The whole thing is ridiculous -- especially since it's standard operating procedure for entities seeking submissions from creators. It only serves to show creators copyright is a handy tool for bigger, more powerful entities but of little use to the creators themselves.

P.S. Matthews drew a little something to keep the pressure on Scholastic to change its submission terms:

29 Comments | Leave a Comment..

Posted on Techdirt - 14 February 2018 @ 11:49am

Georgia Senate Thinks It Can Fix Its Election Security Issues By Criminalizing Password Sharing, Security Research

from the if-you-can't-make-it-better,-at-least-stop-making-it-worse dept

When bad things happen, bad laws are sure to follow. The state of Georgia has been through some tumultuous times, electorally-speaking. After a presidential election plagued with hacking allegations, the Georgia Secretary of State plunged ahead with allegations of his own. He accused the DHS of performing ad hoc penetration testing on his office's firewall. At no point was he informed the DHS might try to breach his system and the DHS, for its part, was less than responsive when questioned about its activities. It promised to get back to the Secretary of State but did not confirm or deny hacking attempts the state had previously opted out of.

To make matter worse, there appeared to be evidence the state's voting systems had been compromised. A misconfigured server left voter records exposed, resulting in a lawsuit against state election officials. Somehow, due to malice or stupidity, a server containing key evidence needed in the lawsuit was mysteriously wiped clean, just days after the lawsuit was filed.

Rather than double down on efforts to secure state voting systems, the state legislature has decided to expand the definition of computer crime. A CFAA but for federalists has been introduced in the state Senate. And it could possibly lead to criminalizing a whole lot of benign computer use.

A new bill winding its way through the Georgia state senate has cybersecurity experts on alert. As Senate Bill 315 is currently written, academics and independent security researchers alike could be subject to prosecution in Georgia alongside malicious hackers.

The two-page bill aims to amend legislation governing computer crimes in the Peach State to criminalize “unauthorized computer access.” It would penalize violations as a “high and aggravated misdemeanor,” with up to a $5,000 fine and year in jail, “any person who accesses a computer or computer network with knowledge that such access is without authority.”

"Unauthorized computer access" is a phrase security researchers hate to see. Much of their valuable work depends on unauthorized access. Criminals and malicious hackers aren't going to knock politely and ask for permission before helping themselves to personally-identifiable information or financial documents. Neither are researchers, who hope to beat criminals at their own game while helping affected entities patch holes and harden existing systems.

But it gets even worse. It's not just security research being criminalized. State senators appear ready to slap cuffs on Netflix users.

The bill also criminalizes terms-of-service violations, which could include infractions as minor as using a pseudonym on Facebook or sharing a password, says a Georgia government lawyer who spoke on the condition of anonymity.

I can see how someone connected to this law might want to remain anonymous. I mean, these are the non-anonymous assertions of named prosecutors who support the bill -- and I'd definitely want to distance myself from those as well.

A representative for Georgia Attorney General Chris Carr declined to comment for this story. In a statement, Carr said Georgia is “one of only three states in the nation where it is not illegal to access a computer, so long as nothing is disrupted or stolen. This doesn’t make any sense. Unlawfully accessing any computer in Georgia should be a crime, and we must fix this loophole."

The AG makes unauthorized access sound so nefarious when, in many cases, it's perfectly harmless. Password sharing gives people technically unlawful access, but letting a few extra people log into an HBO Go account shouldn't be a criminal act. Running a script to scrape publicly-available info from a website may be annoying to the site's owner (and likely forbidden by the terms of service), but it's nothing anyone should be looking at jail time for committing.

The state is still stinging from its election security failures and has decided to take it out on its citizens. It received a second pass in the state Senate before passing but the amendments made were mostly useless. It granted exemptions for parents monitoring their kids' computer use and some badly-worded stuff about "legitimate business activity," but the bill remains a second-rate CFAA just waiting to be abused by zealous prosecutors. And it's going to harm local businesses, which definitely shouldn't have to pay the price for the government's security issues.

“Companies will move divisions elsewhere, and startups will go elsewhere. Likewise, students will search for jobs elsewhere,” Georgia-based independent security researcher Rob Graham says. “It’s insane for legislators wanting to pass legislation that will mess this up.”

This is lawmaking so short-sighted it won't even solve the problem it's supposedly designed to target. The state needs to fix its own security issues before it starts criminalizing security research and password sharing. If it has problems with its election machine vendors, it should take it up with them, rather than burdening constituents with an unnecessary law that lends itself to abuse.

22 Comments | Leave a Comment..

Posted on Free Speech - 14 February 2018 @ 3:26am

Activist Sues ICE For Its Unconstitutional Targeting Of Immigrants' First Amendment-Protected Activities

from the IF-YOU-DONT-LIKE-ICE-THAN-GO-BACK-TO-YR-COUNTRY-ETC dept

ICE has been instructed to make the nation safer by deporting the "worst of the worst." The nation will be made secure again, said the DHS, pointing to its report declaring three-quarters of those convicted for terrorism offenses were "foreign-born." Of course, to reach this ratio, the DHS had to count people the US government had extradited to the US to face trial for terrorism attacks committed in foreign countries, but whatever. The point is: foreigners are dangerous and ICE is going to remove them. An ongoing "challenge" for ICE has been finding enough dangerous immigrants to deport, so it's had to change its strategy a bit.

So, if we're trying to root out would-be terrorists and MS-13 gang members and undocumented immigrants with long domestic criminal rap sheets, why is ICE targeting people for their First Amendment activities? That's what one rights activist wants to know, and he's taking ICE to court to force it to explain itself. Kevin Gosztola of ShadowProof has more details.

Immigrant rights activist Ravi Ragbir, who recently had his deportation stayed by a federal court, the New Sanctuary Coalition of New York City, Casa de Maryland, Detention Watch Network, the New York Immigration Coalition and the National Immigration Project of the National Lawyers Guild are all plaintiffs pursuing the First Amendment lawsuit.

“Federal immigration authorities have specifically targeted prominent and outspoken immigrant rights activists across the country on the basis of their speech and political advocacy on behalf of immigrants’ rights and social justice,” the lawsuit declares [PDF]. “These activists have been surveilled, intimidated, harassed, and detained, their homes have been raided, many have been plucked off the street in broad daylight, and some have even been deported.”

“The ‘broad discretion exercised by immigration officials,’ has been abused in a cynical effort to punish those who disagree with [President Donald Trump’s] administration. To sweep away all opposition. The government’s targeting of activists on the basis of their core political speech is unfair, discriminatory, and un-American. And it violates the First Amendment.”

Ragbir isn't dangerous. Nor should he be anyone's idea of someone ICE should expend resources deporting. Ragbir has lived in the US for 25 years, has advocated for people like him, and has generally been all the things we want from US citizens. The only problem is that he isn't one. He's faced a "final order of removal" since 2007, but that has been extended time and time again because he's someone who's a credit to this country, even if he doesn't have the paperwork in to make it permanent.

Despite this, ICE arrested him and sent him from New York to a Miami detention facility. He was not given any of the courtesies one expects would be given to someone who's lived peacefully and productively in the United States for a quarter-century. Instead, he was treated like the "worst of the worst," and not even given a chance to get his personal affairs in order or say goodbye to the family he would be leaving behind.

This resulted in a scathing court order from a federal judge in New York. The full order [PDF] is worth reading but here are a few of the highlights. It opens with this devastating paragraph and the heat never lets up.

There is, and ought to be in this great country, the freedom to say goodbye. That is, the freedom to hug one's spouse and children, the freedom to organize the myriad of human affairs that collect over time. It ought not to be -- and it has never before been -- that those who have lived without incident in this country for years are subjected to treatment we associate with regimes we revile as unjust, regimes where those who have long lived in a country may be taken without notice from streets, home, and work. And sent away. We are not that country; and woe be the day that we become that country under a fiction that laws allow it. We have a law higher than any that may be so interpreted -- and that is our Constitution. The wisdom of our Founders is evident in the document that demands and requires more; before the deprivation of liberty, there is due process; and an aversion to acts that are unnecessarily cruel.

[...]

In sum, the Court finds that when this country allowed petitioner to become part of our community fabric, allowed him to build a life with and among us and to enjoy the liberties and freedoms that come with that, it committed itself to allowance of an orderly departure when the time came, and it committed itself to avoidance of unnecessary cruelty when the time came. By denying petitioner these rights, the Government has acted wrongly.

While the court agrees ICE has the statutory authority to enforce deportation actions, it does not have the authority to pursue them in this manner. Its treatment of Ragbir was unconstitutional, given Ragbir's extended stay in the US without incident and frequent timely renewals of his work permit and permission to stay. The tactics used by ICE were cruel and capricious. And, as argued by Ragbir in his lawsuit, likely the result of ICE's disagreement with his First Amendment activities. All of this is unconstitutional, even if technically legal under ICE's statutory guidance.

Here, instead, the process we have employed has also been unnecessarily cruel. And those who are not subjected to such measures must be shocked by it, and find it unusual. That is, that a man we have allowed to live among us for years, to build a family and participate in the life of the community, was detained, handcuffed, forcibly placed on an airplane, and today finds himself in a prison cell. All of this without any showing, or belief by ICE that there is any need to show, that he would not have left on his own if simply told to do so; there has been no showing or even intimation that he would have fled or hidden to avoid leaving as directed. And certainly there has been no showing that he has not conducted himself lawfully for years. Taking such a man, and there are many such men and women like him, and subjecting him to what is rightfully understood as no different or better than penal detention, is certainly cruel. We as a country need and must not act so. The Constitution commands better.

Ragbir isn't suing ICE simply because of its targeting of him. His lawsuit points out he's not the only activist ICE has taken action against, using similar unconstitutional tactics.

ICE agents arrested Jean Montrevil, a Haitian national immigrant rights activist, co-founder of the New Sanctuary Coalition, and green card holder, on January 3. It was mere days before Ragbir’s check-in, which led to his detention. Montrevil was deported to Haiti on January 9. Authorities forced him to leave his four children—all U.S. citizens.

According to the lawsuit, Montrevil’s lawyer asked Scott Mechkowski, the ICE Deputy Field Office Director for New York, why ICE agents were deployed to “apprehend” Montrevil at his home “months before his scheduled check-in.”

“We [ICE] war-gamed this over and over,” Mechkowski apparently replied. “[T]his was the best time and place to take him.”

Several more are listed in the lawsuit (and covered by Shadowproof). In each case, immigrants appear to have been targeted for their activism or engagement with entities providing shelter and care for other immigrants. None of those listed faced deportation for illegal acts and many of those had lived in the States for years, raising families and becoming positive additions to their communities.

ICE has been given free rein by the current administration which never misses an opportunity to portray undocumented immigrants as inherently dangerous. If this lawsuit goes far enough, it should lay bare ICE's forays into unconstitutional behavior.

Read More | 83 Comments | Leave a Comment..

Posted on Techdirt - 13 February 2018 @ 9:25am

White Paper Points Out Just How Irresponsible 'Responsible Encryption' Is

from the a-hole-for-one-is-a-hole-for-all dept

In recent months, both Deputy Attorney General Rod Rosenstein and FBI Director Christopher Wray have been calling for holes in encryption law enforcement can drive a warrant through. Both have no idea how this can be accomplished, but both are reasonably sure tech companies can figure it out for them. And if some sort of key escrow makes encryption less secure than it is now, so be it. Whatever minimal gains in access law enforcement obtains will apparently offset the damage done by key leaks or criminal exploitation of a deliberately-weakened system.

Cryptography expert Riana Pfefferkorn has released a white paper [PDF] examining the feasibility of the vague requests made by Rosenstein and Wray. Their preferred term is "responsible encryption" -- a term that allows them to step around landmines like "encryption backdoors" or "we're making encryption worse for everyone!" Her paper shows "responsible encryption" is anything but. And, even if implemented, it will result in far less access (and far more nefarious exploitation) than Rosenstein and Wray think.

The first thing the paper does is try to pin down exactly what it is these two officials want -- easier said than done because neither official has the technical chops to concisely describe their preferred solutions. Nor do they have any technical experts on board to help guide them to their envisioned solution. (The latter is easily explained by the fact that no expert on cryptography has ever promoted the idea that encryption can remain secure after drilling holes in it at the request of law enforcement.)

If you're going to respond to a terrible idea like "responsible encryption," you have to start somewhere. Pfefferkorn starts with an attempt to wrangle vague law enforcement official statements into a usable framework for a reality-based argument.

Rosenstein’s remarks focused more on data at rest than data in transit. For devices, he has not said whether his preferred legislation would cover a range of devices (such as laptop and desktop computers or Internet of Things-enabled appliances), or only smartphones, as in some recent state-level bills. His speeches also leave open whether his preferred legislation would include an exceptional-access mandate for data in transit. As some commentators have pointed out, his proposal is most coherent if read to be limited in scope to mobile device encryption and to exclude data in transit. This paper therefore makes the same assumption.

Wray, meanwhile, discussed both encrypted messaging and encrypted devices in his January 2018 speech. He mentioned “design[ing] devices that both provide data security and permit lawful access” and asked for “the ability to access the device once we’ve obtained a warrant.” Like Rosenstein, he did not specify whether his “responsible solution” would go beyond mobile devices. As to data in transit, he used a financial-sector messaging platform as a real-world example of what a “responsible solution” might look like. Similarly, though, he did not specify whether his “solution” would be restricted to only certain categories of data—for example, communications exchanged through messaging apps (e.g., iMessage, Signal, WhatsApp) but not web traffic (i.e., HTTPS). This paper assumes that Wray’s “solution” would, like Rosenstein’s, encompass encryption of mobile devices, and that it would also cover messaging apps, but not other forms of data in transit.

Either way, there's no one-size-fits-all approach. This is somewhat ironic given these officials' resistance to using other methods, like cellphone-cracking tools or approaching third parties for data and communications. According to the FBI (in particular), these solutions "don't scale." Well, neither do either of the approaches suggested by the Rosenstein and Wray, although Rosenstein limiting his arguments to data at rest on devices does suggest a somewhat more scalable approach.

The only concrete example given of how key escrow might work to access end-to-end encrypted communications is noted above: a messaging platform used for bank communications. An agreement reached with the New York state government altered the operation of the banking industry's "Symphony" messaging platform. Banks now hold encrypted communications for seven years but generate duplicate decryption keys which were held by independent parties (neither the banks nor the government). But this analogy doesn't apply as well as FBI Director Christopher Wray thinks it does.

That agreement was with the banks about changing their use of the platform, not with the developer about changing its design of the platform, which makes it a somewhat inapt example for illustrating how developers should behave “responsibly” when it comes to encryption.

Applied directly, it would be akin to asking cellphone owners to store a copy of a decryption key with an independent party in case law enforcement needed access to the contents of their phone. If several communication platform providers are also involved, then it becomes the generation of several duplicates. What this analogy does not suggest is what Wray and Rosenstein suggest: the duplication or development of decryption keys by manufacturers solely for the purpose of government access.

These officials think this solution scales. And it does. But scaling increases the possibility of the keys falling into the wrong hands, not to mention the increased abuse of law enforcement request portals by criminals to gain access to locked devices and accounts. As Pfefferkorn notes, these are problems Wray and Rosenstein have never addressed. Worse, they've never even admitted these problems exist.

What a quasi-escrow system would do is exponentially increase attack vectors for criminals and state-sponsored hacking. Implementing Rosenstein's suggestion would provide ample opportunities for misuse.

Rosenstein suggests that manufacturers could manage the exceptional-access decryption key the same way they manage the key used to sign software updates. However, that analogy does not hold up. The software update key is used relatively infrequently, by a small number of trusted individuals. Law enforcement’s unlocking demands would be far more frequent. The FBI alone supposedly has been unable to unlock around 7,800 encrypted devices in the space of the last fiscal year. State and local law enforcement agencies, plus those in other countries, up the tally further. There are thousands of local police departments in the United States, the largest of which already amass hundreds of locked smartphones in a year.

Wray's suggestion isn't any better. In fact, it's worse. His proposal (what there is of it) suggests it won't just be phone manufacturers providing key escrow but also any developer offering end-to-end encrypted communications. This vastly increases the number of key sources. In both cases, developers and manufacturers would need to take on more staff to handle law enforcement requests. This increases the number of people with access to keys, increasing the chances they'll be leaked, misused, sold, or stolen.

The large number of law enforcement requests headed to key holders poses more problems. Bogus requests are going to start making their way into the request stream, potentially handing access to criminals or other bad actors. While this can be mitigated with hardware storage, the attack vectors remain open.

[A]n attacker could still subvert the controls around the key in order to submit encrypted data to the HSM [hardware security module] for decryption. This is tantamount to having possession of the key itself, without any need to attack the tamper-resistant HSM directly. One way for an attacker to get an HSM to apply the key to its encrypted data input is to make the attacker’s request appear legitimate by subverting the authentication process for exceptional-access demands.

These are just the problems a key escrow system would produce on the supply side. The demand for robust encryption won't go away. Criminals and non-criminals alike will seek out truly secure platforms and products, taking their business to vendors out of the US government's reach. At best, forced escrow will be a short-term solution with a whole bunch of collateral damage attached. Domestic businesses will lose sales and other businesses will be harmed as deliberately-introduced holes in encryption allow attackers to exfiltrate intellectual property, trade secrets, conduct industrial espionage, and engage in identity theft.

Wray and Rosenstein tout "responsible encryption." But their arguments are completely irresponsible. Neither has fully acknowledged how much collateral damage would result from their demands. They've both suggested the damage is acceptable even if there is only a minimal gain in law enforcement access. And they've both made it clear every negative consequence will be borne by device and service providers -- from the additional costs of compliance to the sales lost to competitors still offering uncompromised encryption. There's nothing "responsible" about their actions or their public statements, but they both believe they're 100% on the right side of the argument. They aren't and they've made it clear the wants and needs of US citizens will always be secondary to the wants and needs of law enforcement.

22 Comments | Leave a Comment..

Posted on Techdirt - 13 February 2018 @ 3:23am

Camera Makers Still Showing Zero Interest In Protecting Users With Built-In Encryption

from the thanks-for-the-$$$-but-you're-on-your-own dept

Digital cameras can store a wealth of personal information and yet they're treated as unworthy of extra protection -- both by courts and the camera makers themselves. The encryption that comes baked in on cellphones hasn't even been offered as an option on cameras, despite camera owners being just as interested in protecting their private data as cellphone users are.

The Freedom of the Press Foundation sent a letter to major camera manufacturers in December 2016, letting them know filmmakers and journalists would appreciate a little assistance keeping their data out of governments' hands.

Documentary filmmakers and photojournalists work in some of the most dangerous parts of the world, often risking their lives to get footage of newsworthy events to the public. They face a variety of threats from border security guards, local police, intelligence agents, terrorists, and criminals when attempting to safely return their footage so that it can be edited and published. These threats are particularly heightened any time a bad actor can seize or steal their camera, and they are left unprotected by the lack of security features that would shield their footage from prying eyes.

The magnitude of this problem is hard to overstate: Filmmakers and photojournalists have their cameras and footage seized at a rate that is literally too high to count. The Committee to Protect Journalists, a leading organization that documents many such incidents, told us:

"Confiscating the cameras of photojournalists is a blatant attempt to silence and intimidate them, yet such attacks are so common that we could not realistically track all these incidents. The unfortunate truth is that photojournalists are regularly targeted and threatened as they seek to document and bear witness, but there is little they can do to protect their equipment and their photos." (emphasis added)

Cameras aren't that much different than phones, even if they lack direct connections to users' social media accounts or contact lists. We've covered many cases where police officers have seized phones/cameras and deleted footage captured by bystanders. The problem is the Supreme Court's Riley decision only protects cellphones from warrantless searches. (And only in the United States.) While one state supreme court has extended the warrant requirement to digital cameras, this only affects residents of Massachusetts. Everywhere else, cameras are just "pockets" or "containers" law enforcement can dig through without worrying too much about the Fourth Amendment.

Unfortunately, it doesn't look like camera manufacturers are considering offering encryption. The issue still doesn't even appear to be on their radar, more than a year after the Freedom of the Press Foundation's letter -- signed by 150 photographers and filmmakers -- indicated plenty of customers wanted better protection for their cameras. Zack Whittaker of ZDNet asked several manufacturers about their encryption plans and received noncommittal shrugs in response.

An Olympus spokesperson said the company will "in the next year... continue to review the request to implement encryption technology in our photographic and video products and will develop a plan for implementation where applicable in consideration to the Olympus product roadmap and the market requirements."

When reached, Canon said it was "not at liberty to comment on future products and/or innovation."

Sony also said it "isn't discussing product roadmaps relative to camera encryption."

A Nikon spokesperson said the company is "constantly listening to the needs of an evolving market and considering photographer feedback, and we will continue to evaluate product features to best suit the needs of our users."

And Fuji did not respond to several requests for comment by phone and email prior to publication.

The message appears to be that camera owners are on their own when it comes to keeping their photos and footage out of the hands of government agents. This is unfortunate considering how many journalists and documentarians do their work in countries with fewer civil liberties protections than the US. Even in the US, those civil liberties can be waived away if photographers wander too close to US borders. If a government can search something, it will. Encryption may not thwart all searches, but it will at least impede the most questionable ones.

59 Comments | Leave a Comment..

Posted on Techdirt - 12 February 2018 @ 10:37am

Man Sues Facebook For Moderating His Bigoted Posts, Wants Section 230 Declared Unconstitutional

from the asshole-seeks-open-platform-for-assholes dept

Eric Goldman has come across an amazing pro se lawsuit [PDF] being brought by Nicholas C. Georgalis, an aggrieved social media user who believes he's owed an open platform in perpetuity, no matter what awful things he dumps onto service providers' pages. Oh, and he wants Section 230 immunity declared unconstitutional.

Georgalis -- who sidelines as a "professional training professionals" when not filing stupid lawsuits -- is suing Facebook for periodically placing him in social media purgatory after removing posts of his. The lawsuit is heady stuff. And by "heady stuff," I mean we're going to be dealing with a lot of arguments about "sovereign rights" and "common law" and other related asshattery.

Here's the opening. And it only gets better/worse from there:

Now comes Plaintiff in suit in a court of law holding Facebook, Inc, Defendant, liable for willfully and with malice aforethought abrogating the priceless, God given, and thus inalienable right to free Speech, freedom of the press, freedom of religion, and the inalienable right to due process as guaranteed under the First and Fifth Amendment of the US Constitution respectively…

[...]

Plaintiff has standing through Defendant's repeated, prolonged, and unconstitutional blocking, and otherwise restricting with great aplomb, Plaintiff's ability to post his public comments which include, but are not limited to political opinions, philosophical observations, cultural observations, religious and scientific observations, and ideas on Defendant's publicly offered and universally available electronic platform. Such ideas and opinions are the private property of Plaintiff and not to be taken without due process by anyone including Defendant.

This is the first time I've seen it argued that a private corporation's moderation decisions are a Fifth Amendment violation. Nonetheless, that's what we're dealing with. Georgalis has been temp-banned repeatedly and had posts removed. Well, let's take a look at the value Georgalis is adding to the Facebook platform.

[O.J.] simpson - more proof that you can take a darkie out of the jungle but you can't take the jungle out of the darkie.

[...]

The Negroid evolved from lower animals while God created the Caucasoid and the Mongoloid evolved from the the Caucasoid. This find merely proves that the modern human visited Africa after the Creation.

[...]

I agree with the fact that this proposed union will taint the blood of the Royal Family. Miscegenation of this sort is akin to bestiality and thus an affront to God and to man. It is a threat to the survival of mankind. It must not stand.

That's just a taste of the stuff that's still live. The lawsuit provides no detail on the posts Facebook has found offensive enough to remove. Georgalis is a Trump fan (he often refers to Trump as a capital-K "King") and an obvious bigot. That he receives a lot of direct moderation from Facebook isn't surprising. But Georgalis somehow believes deep in his sovereign, bigoted heart that Facebook should never take action against his account or Facebook posts.

Here's how he explains it:

Defendant has repeatedly denied and thus silenced Plaintiff ability to express his opinion on Defendant's publicly and universally available electronic forums which said opinions or comments Defendant disagrees or finds otherwise objectionable. Indeed Defendant has had the audacity to remove content posted by Plaintiff that Defendant did not like and thus erasing his written words, which are his property, from the sight and memory of man and the eyes of posterity. In so doing Defendant promotes his political, cultural, religious, philosophical, and economic opinions and ideas above all others and at the expense of Plaintiff's before the voting public…

Good lord.

Georgalis' Section 230 argument is just as bad as everything proceeding it. To sum up (because direct quoting would eat up pages of text and valuable real estate in readers' brains), Georgalis argues the immunity provided to service providers by Section 230 means they should never have to practice moderation. If they're immune from civil liability for end users' posts and actions, they shouldn't take action ever against third-party content. Georgalis targets Section 230 (2)(A) specifically -- the part that states ISPs will not be held liable for voluntary moderation efforts. In Georgalis' eyes, this elevates Facebook, et al into proxy censors of unpopular speech and somehow confers sovereign status to social media platforms. Georgalis' twisted legal argument comes to the conclusion that Section 230 is a violation of the "separation of powers enshrined in the enumerated powers of the US Constitution." Therefore: unconstitutional.

And then the lawsuit goes on for another dozen pages, which deploy even more ridiculous arguments in an attempt to talk the court into viewing social media companies as extensions of the government. This becomes even more cognitively dissonant when Georgalis' favored political leader and party are running the country. His "king" is somehow using Section 230 to shut down opinions the government doesn't like, even if his opinions are probably of the sort the current government does like. Go figure.

Total damages requested are $1 billion. Because you can't put a price tag on free speech. But if you do have to come up with an estimate, be insanely ridiculous about it. This damage award is buttressed by arguments that government taxation and liberal social policies have stifled the US economy so much Georgalis would be almost 80 times as wealthy as he currently is. Or something.

The punitive damages are also supported by the fact that the statist and stoic philosophy and ideology and Keynesian economics promulgated by the Defendant as earnestly implemented by the US governance, education and other institutions since 1930 has led to tremendous economic losses. Exhibit 1 presents an analysis of the extent of the damage done to the US economy by the statist and stoic ideology espoused by Defendant wherein the 2016 GDP would have been almost 80 times larger in constant dollars.

To add the final inadvertent lol to Georgalis' stupid lawsuit, he's appended a copyright notice to every page of the filing claiming no one can copy or reproduce it without his written permission. You'll note the lawsuit is linked above and embedded below. It's also quoted as extensively as I could stomach. So... ball's in your common law court, Nick.

This suit won't go anywhere and it will add to the number of times the state has beaten Georgalis at his own game. Georgalis -- after losing a defamation lawsuit where he admitted the "libelous" statements made about him were factually true -- tried to have an Ohio court rule that summary judgment rulings were unconstitutional. Check this out:

Ohio Civil Rule 56, Summary Judgment is unconstitutional because it deprives litigants, in the instant case Plaintiffs/Appellants, the constitutional right to trial by jury. Accordingly it violates Article 1.05 of the Ohio Constitution which plainly and unequivocally states that "The right of trial by jury shall be inviolate... " Ohio Civil Rule 56 endows powers upon the court that were never intended by the authors of the Ohio Constitution and the people of the State of Ohio who ratified the constitution. Summary judgment usurps the constitutional power of the jury to decide the facts in a case and instead unconstitutionally endows the judge with these powers, powers that the judge was never intended to have.

Georgalis appears to believe he's continually being deprived of due process, even when he's engaged in civil litigation. The Fifth Amendment only covers criminal cases. He also believes the state should waste more money paying jurors, judges, and lawyers to ensure every ridiculous lawsuit gets presented to a jury. I can't see how he squares this with his small government assertions. (This filing probably has more to do with him being on the hook for appellate fees from his failed defamation lawsuit than any pure notion of constitutionality.)

Then there's Georgalis' multiple battles with public entities over the release of certain information. It appears Georgalis has asked several states to hand over info on registered engineers, including their email addresses. His appeal to the state of Delaware was denied by the attorney general, who pointed out Georgalis hardly has the public interest in mind when demanding info on licensed engineers.

Here, DAPE (Delaware Association of Professional Engineers) does not dispute that the right to privacy may be outweighed by the public interest in disclosure. Rather, DAPE argues that your request is a clear attempt to further your private commercial interest and in no way contributes to the public understanding of the activities of the government. DAPE notes that you are a developer and instructor of training courses, which you make available to professional engineers for a fee, and argues that you are using FOIA to obtain the email addresses of private citizens who meet the target audience of your product for sale.

This suit will be tossed and undoubtedly Georgalis will mark this up to the government protecting its own -- even if the current government is the government he desires and "its own" is a private corporation that provides a social media service it can moderate however it wants without troubling the Constitution.

Read More | 137 Comments | Leave a Comment..

Posted on Techdirt - 12 February 2018 @ 3:24am

Will Cy Vance's Anti-Encryption Pitch Change Now That The NYPD's Using iPhones?

from the or-will-encryption-only-be-an-option-for-the-protected-class? dept

For years, Manhattan DA Cy Vance has been warning us about the coming criminal apocalypse spurred on by cellphone encryption. "Evil geniuses" Apple introduced default encryption in a move likely meant to satiate lawmakers hollering about phone theft and do-nothing tech companies. In return, DA Cy Vance (and consecutive FBI directors) turned on Apple, calling device encryption a criminal's best friend.

Vance still makes annual pitches for law enforcement-friendly encryption -- something that means either backdoors or encryption so weak it can be cracked immediately. Both ideas would also be criminal-friendly, but Vance is fine with sacrificing personal security for law enforcement access. Frequently, these pitches are accompanied with piles of uncracked cellphones -- a gesture meant to wow journalists but ultimately indicative of nothing more than how much the NYPD can store in its evidence room. (How many are linked to active investigations? How many investigations continued to convictions without cellphone evidence? Were contempt charges ever considered to motivate cellphone owners into unlocking phones? So many questions. Absolutely zero answers.)

Will Vance be changing his pitch in the near future? Will he want weakened encryption safeguarding the NYPD's new tools? I guess we'll wait and see. (h/t Robyn Greene)

Announced last year, the shift will see some 36,000 Nokia handsets replaced over the coming weeks. Initially purchased in 2014 as part of a $160 million program to modernize police operations, the Nokia phones running Windows Phone will be collected, wiped and sold back to the company.

The move to iPhone 7 comes at no cost to the NYPD, as the handsets are considered upgrades under the agency's contract with AT&T.

NYPD's rollout began last month when officers patrolling the Bronx and Staten Island swapped their obsolete Nokia smartphones for Apple devices. The department is handing out about 600 iPhones per day, according to NYPD Deputy Commissioner for Information and Technology Jessica Tisch.

Let's get some crippled encryption for these guys. After all, their phones are manufactured by a company an FBI forensic detective called an "evil genius." Let's give malicious hackers an attack vector and street criminals more reasons to lift an iPhone off… well, anybody. By all means, let's give Vance what he wants and see if he hears anything back from his buddies in blue.

This upgrade puts Vance in a lose-lose situation. If he stops calling for weakened encryption, he's a hypocrite. If he keeps calling for it, he's an asshole. But it should drive home an important point: encryption doesn't just protect the bad guys. It protects the good guys as well.

36 Comments | Leave a Comment..

Posted on Techdirt - 9 February 2018 @ 10:40am

Cloud Communications Service Twilio Releases Two NSLs Sprung From Their Gag Order Cages

from the all-purpose-paperwork dept

Another communications platform has published National Security Letters it has received from the FBI. Twilio -- a San Francisco-based cloud communications platform -- has published two NSLs freed from the confines of their accompanying gag orders.

When Twilio receives requests that are issued without the review of a court, such as National Security Letters, Twilio will ask the agent to instead produce a court order or withdraw the nondisclosure component of the request.

Twilio requested judicial review of the nondisclosure requirement, and as a result, received permission from the U.S. Department of Justice to publish two National Security Letters, in addition to the letters authorizing Twilio to do so.

Twilio was also permitted to count the two National Security Letters in our semi-annual transparency report for the second half of 2017. Therefore, Twilio indicates receiving between 2 and 999 National Security Letters in the time range of July 1, 2017 through December 31, 2017.

Twilio says it will continue to challenge the gag orders attached by default to FBI NSLs, which should result in more published NSLs in the future. The two posted by Twilio are fairly recent. Both were received in May of last year. Both also contain the FBI's response letter letting Twilio know the gag orders had been lifted.

The first [PDF] of the two published lets Twilio know the FBI has agreed to lift the gag order. It also states the FBI is withdrawing its request for subscriber info. The second [PDF] is a little more interesting. The FBI agreed to lift the gag order, but requested Twilio give it a ring before notifying the affected customer.

Please be advised that the FBI has reviewed the nondisclosure requirement imposed in connection with the NSL at issue and determined that the facts and circumstances supporting nondislosure under 18 USC 2709(c) no longer continue to exist. Consequently, the government is lifting the nondisclosure requirement imposed in connection with the NSL at issue… [T]he FBI also asks that Twilio notify Special Agent [redacted] of the FBI Cincinnati Field Office, in the event Twilio chooses to inform the subscriber of the account at issue regarding the NSL request or any of the information set forth in that request…

This sounds like "assessment" stuff -- where the FBI rounds up everything it can obtain without a warrant to start building towards a preliminary investigation and possibly even the probable cause needed to continue pursuing a suspect. But the FBI office is seemingly willing to spook a subject in exchange for whatever minimal account info Twilio has on hand. That's a little strange, considering the gag order was lifted within a few months of the NSL being sent. The two published by Twilio are unlike the NSLs published elsewhere, some of which are closer to a decade old at this point.

Whatever the case, it's more transparency from another service provider, adding to the body of public knowledge on the FBI's use of NSLs.

Read More | Leave a Comment..

Posted on Techdirt - 9 February 2018 @ 9:38am

ICE Wants To Be Yet Another Federal Agency With Access To Unminimized Surveillance

from the get-some-backdoor-searches-to-go-with-the-front-door-raids dept

Officials at ICE are pitching a dangerous idea to an administration likely to give it some consideration. It wants a seat at the grown-up table where it can partake of unminimized intel directly.

Internal advocates for joining the America’s spy agencies—known as the Intelligence Community or the IC—focus on the potential benefits to the agency’s work on counterproliferation, money laundering, counterterror, and cybercrime. The official added that joining the IC could also be useful for the agency’s immigration enforcement work––in particular, their efforts to find and arrest undocumented immigrants with criminal arrest warrants (known in ICE as fugitive aliens).

At this point, no one other than a few ICE officials really wants this to happen. Privacy and accountability activists say the last thing the White House should do is give the agency access to warrantless surveillance. ICE is a domestic enforcement agency and has no need to root around in foreign-facing data collections. The agency, however, feels foreign intel -- along with the unmentioned backdoor searches of domestic communications -- could aid it in tracking down drug traffickers, money launders, and various cybercriminals.

But it shouldn't have direct access. Nor should it ever really need it. Information sharing has been expanded, thanks to the last president, which means ICE likely already receives second-hand info from other IC members like the DHS, FBI, and DEA. Former government officials are wary of the idea of direct intel access, noting that it would result in more complications, rather than better immigration and customs enforcement. Peter Vincent, ICE's general counsel under Obama, had this to say:

Unlike most intelligence agencies, which focus on gathering information about America’s adversaries, ICE’s agents and officers deal with federal courts every day. If they use classified material to generate leads, that information could be inadmissible in court. Both the FBI and the Drug Enforcement Administration, which are in the Intelligence Community, deal with this issue. Adjusting would be a challenge for ICE.

Vincent said this could create “many potential mission creep spectres, especially in this current climate,” and that he doesn’t think it would be necessary for ICE to join the Intelligence Community.

We've seen how well dips into NSA stores has worked for these two law enforcement agencies. Parallel construction becomes the rule, rather than the exception, and cases are far more likely to be dropped if defense lawyers and judges start asking too many questions about presented evidence.

Another former DHS intelligence official claims the added intel would do little more than "complicate the architecture," making it harder for ICE to do its job. If critical information needs to be shared with ICE, it could be done by bringing the head of ICE in on intel meetings, rather than adding ICE into the IC mix and adding yet another set of minimization rules to intel sharing.

Bad idea or not, the push for ICE to join the Intelligence Community comes at the right time. While Trump has been extremely critical of other IC components -- particularly the FBI -- he's very fond of his domestic immigration enforcers, having given them free rein to enforce the law in whatever way they see fit.

31 Comments | Leave a Comment..

Posted on Techdirt - 9 February 2018 @ 3:23am

Techdirt, Volokh Conspiracy Targeted With Bogus Defamation Claim For Publishing A Bunch Of Facts

from the please-sir,-may-I-have-some-more-shovel? dept

Last spring, Mike Masnick covered a completely fake court order that was served to Google to make some unflattering information disappear. The court order targeted some posts by a critic of a local politician.

Ken Haas, a member of the New Britain (CT) city commission got into an online argument with a few people. When things didn't go his way, Haas played a dubious trump card:

Several months ago, he got into a public controversy with local activist Robert Berriault — allegedly, when someone got in a Facebook political spat with Haas, he responded by writing, “You do know I have access to ALL city records, including criminal and civil, right???” Berriault took that to be a threat that Haas would misuse that access for political purposes and wrote about this on the New Britain Independent site, as well as in a not-much-noticed change.org petition calling for Haas’s removal.

Following this, a delisting request was sent to Google with a supposed Connecticut federal court order attached. But the judge who signed it (John W. Darrah) didn't exist, the word "state" was misspelled (as "Sate"), and the docket number had already been used for another, existing civil case.

Ironically, as Mike discovered, the docket number linked to an Illinois case (and there is a judge named "John W. Darrah" in Illinois) with some similar subject matter. It was a Prenda case and it involved, of all things, allegations of document forgery.

That was a crazy case for a whole bunch of reasons, but it also got a ton of public attention. If you're going to fake a court document, maybe don't take one that is on a widely known case that got a lot of attention and is partly about forging legal documents? It's like trying to pick a disguise to be inconspicuous in committing a crime, and dressing up like Hitler. People are going to notice, and they're going to remember.

Eugene Volokh, who first discovered the bogus takedown notice, obtained a copy of the police report linked to Haas' ill-advised social media foray. Apparently, Haas thought the police would hand him the online victory he had so miserably failed to obtain earlier. He reported Robert Berriault for harassment, only to be told nothing of the sort had taken place. Haas even admitted he had made the only threat -- the one where he implied he'd start dumping private records if his opponents didn't shut up.

The police told Haas something and it made him very sad.

I advised Haas that this was not a criminal act and that Berriault had every right to voice his opinion. I advised Haas that when you choose a career in politics that harsh criticism comes with the territory. Haas stated that he understood.

The sender of the takedown notice with the bogus court order is unknown, but the most direct beneficiary of the removal of these links would be none other than Ken Haas. It could be some sketchy rep management firm did the dirty work, but Haas was likely involved somehow.

Haas has apparently not let this go. Invaluable scourer of the Lumen database, Dean Jones, points out another bogus attempt to delist online content has been made -- targeting posts at both Techdirt and the Volokh Conspiracy.

Now it emerges that an anonymous complainant has sent Google a defamation complaint requesting the removal of the two articles from its search results, citing a 1979 Supreme Court case concerning the public disclosure of personal information.

Yes, this one is styled as a defamation takedown request, even though both articles are factual and contain receipts. The takedown notice cites a Supreme Court decision that has nothing to do with either post, despite the claims made in the notice.

In 1979, the U.S. Supreme Court recognized an individual interest in the “practical obscurity” of certain personal information. The case was DOJ v. Reporters Committee for a Free Press. As well, this information is harmful to me as it concerns unfounded information which never resulted in prosecution. Not only has the dissemination of this information never been legitimate, but its internet referencing is clearly harmful to my reputation as my professional and personal surroundings can access it by typing my first and last names on the Internet.

This case has to do with withheld documents and FOIA exemptions. It does not guarantee some right to "practical obscurity" for all Americans. In this case, the DOJ withheld rap sheets from release, arguing their release would be an "unwarranted invasion of privacy." The Supreme Court agreed, stating that the purpose of FOIA law was to permit examination of the government's inner workings, not subject private citizens' lives to greater scrutiny.

A police report, obtained and posted by a private citizen (or even a news agency), is not a violation of this ruling. And it sure as hell isn't defamation. Haas is welcome to litigate the issue, but he'd have to sue the police department for releasing it. If Eugene Volokh acquired it from the other party in the complaint (who has a right to obtain a copy of the police report), then Haas has no one he can bring legal action against. The other party involved in a police report can do whatever they want with their copy, including sharing it with blogs detailing a politician's incredibly stupid actions.

As Jones notes at Shooting the Messenger, Google was no more impressed with this latest attempt to vanish critical posts. The links remain live in Google's search engine results and Haas' reputation remains as mismanaged as ever.

26 Comments | Leave a Comment..

Posted on Techdirt - 8 February 2018 @ 10:40am

The Nunes Memo Has Effectively Destroyed Intelligence Oversight

from the WTG dept

The Nunes Memo, capitalized to give it far more gravitas that it actually possesses, was released late last week to mixed reviews. Nunes had built it up to be a mind-blowing damnation of a politically corrupt Federal Bureau of Investigation, more interested in destroying Trump than performing its appointed duties. The memo showed the FBI had relied on questionable evidence from the Steele dossier while securing FISA warrants to surveill former Trump adviser Carter Page. This memo was composed by the House intelligence oversight head -- one who had rarely expressed concern about domestic surveillance prior to investigations of Trump officials.

The memo showed the basis for the warrants may have been thin, but it didn't show it was nonexistent. In fact, the underlying warrants actually did inform the FISA court about the political background of Christopher Steele and his dossier. Nunes didn't know this because Nunes hadn't actually read the warrants. When he was finally apprised of this contradiction, he claimed the FBI disclosure didn't count because the disclosure was contained in a footnote.

The memo's release has had some serious side effects, however. But it will be Congressional oversight taking the damage, rather than the FBI. The memo's release showed the dumping of sensitive, classified info could be motivated by political whims, rather than as the result of a thoughtful, deliberative process. It showed oversight committee members were willing to jeopardize law enforcement sources and methods to score political points -- ironically the same claim Nunes was making about the FBI's motivations.

The damage will also be felt -- indirectly -- by the American public. Intelligence oversight is supposed to protect Americans from surveillance abuses. With this move, Nunes has destroyed its credibility, as Julian Sanchez points out.

It will be hard for anyone who has read the Nunes memo to regard the committee’s output as nonpartisan now. And by crying wolf about intelligence abuses with no serious evidence, Nunes and his enablers have made it far easier for America’s spy agencies to dismiss any future allegations, however meritorious, as yet another self-serving partisan distraction: at best, baseless conspiracy theorizing; at worst, an effort to obstruct legitimate investigations.

And that may not even be the worst of it. As Sanchez notes, the effectiveness of intelligence oversight will be blunted further. It's already mostly ineffective. Now, it may be completely broken.

[T]he committees are ultimately dependent on the intelligence community itself to direct their attention to areas that demand further scrutiny—whether in the form of official briefers, or whistleblowers who approach members with their concerns. Neither type is likely to repose much confidence in a committee that seems so enthusiastic to make a partisan circus of its grave task.

If the end game was to stop whistleblowing and give the nation's surveillance apparatus even more autonomy, well… mission accomplished. What was merely "dysfunctional" (according to the 9/11 Commission) will now be utterly useless.

And in the end, it won't matter to those who went along with Nunes' plan to own the libs (FBI Edition). For most committee members, intelligence oversight is a do-nearly-nothing job with zero political payoff. When things are fixed or further broken, the public is rarely informed. The few times the public is apprised of changes, it's handled obliquely with as many redactions as possible. Home state constituents waiting for their bridge to nowhere / vanity airport aren't going to be pouring funds into the re-election hoppers based on some shadowy, poorly-explained intelligence reforms. Everyone involved -- the overseers and the overseen -- would prefer as little interaction with each other as possible. By showing the House Oversight Committee is not above playing political football with FISA warrants, Nunes has virtually guaranteed the committee will be left alone.

201 Comments | Leave a Comment..

More posts from Capitalist Lion Tamer >>