After the prosecution of a California doctor revealed the FBI’s ties to a Best Buy Geek Squad computer repair facility in Kentucky, new documents released to EFF show that the relationship goes back years. The records also confirm that the FBI has paid Geek Squad employees as informants.
Defenders of civil liberties and privacy advocates expressed their discontent on Thursday after the U.S. Senate passed a bill that reauthorizes and expands the ability of the goverment to spy on the digital communications without a warrant.
With a final vote of 65-34 vote in favor, the passage of the FISA Amendments Reauthorization Act of 2017—now headed to President Donald Trump’s desk for a signature—will extend for six years a provision known as Section 702 of the Foreign Intelligence Surveillance Act (FISA) which allows for call the “unconstitutional spying” on emails, text messages, and other digital communications of both Americans and foreign nationals without a warrant. Continue reading →
Imagine you are in the middle of your typical day-to-day activities. Maybe you are driving, spending time with family, or working. If you are like most people, your phone is at your side on a daily basis. Little do you know that, at any time, police and law enforcement could be looking at information stored on your phone. You haven’t done anything wrong. You haven’t been asked for permission. You aren’t suspected of any crime.
Police have the power to collect your location along with the numbers of your incoming and outgoing calls and intercept the content of call and text communication. They can do all of this without you ever knowing about it.
How? They use a shoebox-sized device called a StingRay. This device (also called an IMSI catcher) mimics cell phone towers, prompting all the phones in the area to connect to it even if the phones aren’t in use.
The police use StingRays to track down and implicate perpetrators of mainly domestic crimes. The devices can be mounted in vehicles, drones, helicopters, and airplanes, allowing police to gain highly specific information on the location of any particular phone, down to a particular apartment complex or hotel room.
Quietly, StingRay use is growing throughout local and federal law enforcement with little to no oversight. The ACLU has discovered that at least 68 agencies in 23 different states own StingRays, but says that this “dramatically underrepresents the actual use of StingRays by law enforcement agencies nationwide.”
Information from potentially thousands of phones is being collected every time a StingRay is used. Signals are sent into the homes, bags, and pockets of innocent individuals. The Electronic Frontier Foundation likens this to the Pre-Revolutionary War practice of soldiers going door-to-door, searching without suspicion.
Richard Tynan, a technologist with Privacy International notes that, “there really isn’t any place for innocent people to hide from a device such as this.”
The Fourth Amendment of the Constitution states that, “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
The StingRay clearly violates these standards. The drafters of the Constitution recognized that restricting the government from violating privacy is essential for a free society. That’s why the Fourth Amendment exists. The StingRay is creating a dangerous precedent that tells the government that it’s okay for them to violate our rights. Because of this, freedom is quietly slipping out the window.
Law Enforcement is using StingRays without a warrant in most cases. For example, the San Bernardino Police Department used their StingRay 300 times without a warrant in a little over a year.
In 2010, the Tallahassee Police Department used a StingRay in a warrantless search to track down the suspect of a crime. A testimony from an unsealed hearing transcript talks about how police went about finding their target. The ACLU sums it up well:
“Police drove through the area using the vehicle-based device until they found the apartment complex in which the target phone was located, and then they walked around with the handheld device and stood ‘at every door and every window in that complex’ until they figured out which apartment the phone was located in. In other words, police were lurking outside people’s windows and sending powerful electronic signals into their private homes in order to collect information from within.”
A handful of states have passed laws requiring police and federal agents to get a warrant before using a StingRay. They must show probable cause for one of the thousands of phones that they are actually searching. This is far from enough.
Additionally, there are many concerns that agents are withholding information from federal judges to monitor subjects without approval – bypassing the probable cause standard laid out in the Constitution. They even go as far as to let criminals go to avoid disclosing information about these devices to the courts.
If the public doesn’t become aware of this issue, the police will continue to use StingRays to infringe on our rights in secret and with impunity.
In a Supreme Court case beginning Wednesday, the ACLU is arguing that Americans should not be expected to give up privacy rights every time they use a cell phone that pings phone towers nearby, as analog-era legal arguments would hold. (Photo: Mike Mozart/Flickr/cc)
The Supreme Court will hear the first arguments in a landmark case regarding digital privacy rights on Wednesday as civil liberties advocates, joined by tech companies and journalists, argue the court must acknowledge that privacy rights and free speech protections should align with the reality of 21st century technology.
The case, known as Carpenter vs. United States centers around Timothy Carpenter, who was convicted in 2011 of several robberies after the police, without a probable cause warrant, gathered data from his cell phone company. Months of records were turned over, showing that he had been near cell towers close to the sites of the robberies when they took place. Continue reading →
Though outrage over mass surveillance swept the United States after Edward Snowden’s revelations in 2013, there is little discussion of these invasive practices just four years later
This apathy comes despite former President Barack Obama’s move to expand to information sharing between agencies just days before Trump took office and after the Trump administration signaled its desire to continue widespread surveillance.
Amid this lack of attention toward the NSA, the president recently nominated a staunch advocate of mass surveillance to chair one of the few barriers standing between intrusive government spying and the American people’s privacy. The Privacy and Civil Liberties Oversight Board (PCLOB) was created in 2004 at the recommendation of the 9/11 Commission and was intended “to help the executive branch balance national security priorities with individual rights,” the Interceptreported earlier this year. Continue reading →
Washington, D.C. — In a case that’s drawn criticism from multiple angles, last week federal prosecutors in Washington state dropped all charges against a man who allegedly downloaded child pornography from a website that was infiltrated, taken over, and allegedly even improved by the FBI.
The site, Playpen, operated on a platform designed to mask the real identities of its users, as Gizmodo explained Monday:
“The site in question operated on the Tor network, a system used to anonymize web activity. The network makes use of a special web browser that conceals people’s identities and location by routing their internet connections through a complex series of computers and encrypting data in the process.”Continue reading →
One Police Plaza- NYPD headquarters. Photo: Youngking11 (Own work) [CC BY-SA 3.0], via Wikimedia Commons
New York, NY — A business owner in Manhattan is suing the city after being forced to waive his fourth amendment rights and potentially forfeit his business because an NYPD officer sold illegal goods at his store.
You read that right.According to a lawsuit filed this month by the Institute for Justice, a libertarian legal advocacy group, an undercover NYPD detective attempted to sell stolen electronics to customers at Sung Cho’s laundromat in Inwood, which located near the northern tip of Manhattan, in 2013. After the officer successfully sold stolen goods to two people — one inside the store and one outside — the city threatened Cho with eviction “merely because a ‘stolen property’ offense had happened at his business,” the legal organization’s website explained. Continue reading →
Fear of hackers reading private emails in cloud-based systems like Microsoft Outlook, Gmail or Yahoo has recently sent regular people and public officials scrambling to delete entire accounts full of messages dating back years. What we don’t expect is our own government to hack our email – but it’s happening. Federal court cases going on right now are revealing that federal officials can read all your email without your knowledge.
The federal government is getting access to the contents of entire email accounts by using an ancient procedure – the search warrant – with a new, sinister twist: secret court proceedings.
The earliest search warrants had a very limited purpose – authorizing entry to private premises to find and recover stolen goods. During the era of the American Revolution, British authorities abused this power to conduct dragnet searches of colonial homes and to seize people’s private papers looking for evidence of political resistance.
To prevent the new federal government from engaging in that sort of tyranny, special controls over search warrants were written into the Fourth Amendment to the Constitution. But these constitutional provisions are failing to protect our personal documents if they are stored in the cloud or on our smartphones.
Fortunately, the government’s efforts are finally being made public, thanks to legal battles taken up by Apple, Microsoft and other major companies. But the feds are fighting back, using even more subversive legal tactics.
Searching in secret
To get these warrants in the first place, the feds are using the Electronic Communications Privacy Act, passed in 1986 – long before widespread use of cloud-based email and smartphones. That law allows the government to use a warrant to get electronic communications from the company providing the service – rather than the true owner of the email account, the person who uses it.
But relatively little notice has come to a similar Microsoft effort on behalf of customers that began in April 2016. The company’s suit argued that search warrants delivered to Microsoft for customers’ emails are violating regular people’s constitutional rights. (It also argued that being gagged violates Microsoft’s own First Amendment rights.)
It’s very difficult to get a copy of one of these search warrants, thanks to orders sealing files and gagging companies. But in another Microsoft lawsuit against the government a redacted warrant was made part of the court record. It shows how the government asks for – and receives – the power to look at all of a person’s email.
On the first page of the warrant, the cloud-based email account is clearly treated as “premises” controlled by Microsoft, not by the email account’s owner:
“An application by a federal law enforcement officer or an attorney for the government requests the search of the following … property located in the Western District of Washington, the premises known and described as the email account [REDACTED]@MSN.COM, which is controlled by Microsoft Corporation.”
The Fourth Amendment requires that a search warrant must “particularly describe the things to be seized” and there must be “probable cause” based on sworn testimony that those particular things are evidence of a crime. But this warrant orders Microsoft to turn over “the contents of all e-mails stored in the account, including copies of e-mails sent from the account.” From the day the account was opened to the date of the warrant, everything must be handed over to the feds.
Reading all of it
In warrants like this, the government is deliberately not limiting itself to the constitutionally required “particular description” of the messages it’s looking for. To get away with this, it tells judges that incriminating emails can be hard to find – maybe even hidden with misleading names, dates and file attachments – so their computer forensic experts need access to the whole data base to work their magic.
If the government were serious about obeying the Constitution, when it asks for an entire email account, at least it would write into the warrant limits on its forensic analysis so only emails that are evidence of a crime could be viewed. But this Microsoft warrant says an unspecified “variety of techniques may be employed to search the seized emails,“ including “email by email review.”
If Microsoft wins, then citizens will have the chance to see these search warrants and challenge the ways they violate the Constitution. But the government has come up with a clever – and sinister – argument for throwing the case out of court before it even gets started.
The government has asked the judge in the case to rule that Microsoft has no legal right to raise the Constitutional rights of its customers. Anticipating this move, the American Civil Liberties Union asked to join the lawsuit, saying it uses Outlook and wants notice if Microsoft were served with a warrant for its email.
The government’s response? The ACLU has no right to sue because it can’t prove that there has been or will be a search warrant for its email. Of course the point of the lawsuit is to protect citizens who can’t prove they are subject to a search warrant because of the secrecy of the whole process. The government’s position is that no one in America has the legal right to challenge the way prosecutors are using this law.
Far from the only risk
The government is taking a similar approch to smartphone data.
Where does this all leave us now? The judge in Ravelo is expected to issue a preliminary ruling on the feds’ arguments sometime in October. The government will be filing a final brief on its motion to dismiss the Microsoft case September 23. All Americans should be watching carefully to what happens next in these cases – the government may be already watching you without your knowledge.
File this under Another Unsettling Development: People who want to travel to the United States may soon have their Facebook profiles and other social media accounts “vetted” by the Department of Homeland Security (DHS) before entering.
A proposed change to the Electronic System for Travel Authorization (ESTA) and to Form I-94W posted to the government’s Federal Register last week suggests adding the following question: “Please enter information associated with your online presence—Provider/Platform—Social media identifier.” Continue reading →
The Supreme Court ruled 5-3 that evidence collected during an illegal stop can be used in court if the search was conducted after the discovery of an arrest warrant. (Photo: Mark Fischer/flickr/cc)
The U.S. Supreme Court on Monday ruled that evidence recovered during illegal stops may still be used in court, if police officers conducted their searches after learning that a defendant had an outstanding arrest warrant.
In a 5-3 ruling (pdf), the Supreme Court said such searches do not violate the Fourth Amendment, which protects against “unreasonable searches and seizures.” Justice Sonia Sotomayor, who dissented, slammed the decision, writing in a sharp rebuke that the case “tells everyone, white and black, guilty and innocent…that your body is subject to invasion while courts excuse the violation of your rights.” Continue reading →