ILI Student Blog

Month: March 2012

  • “Can You Track Me Now?…Good.” Do Police Need a Warrant for Cell Phone Location Data?

    Kevin Frick

    “Can You Track Me Now?…Good.” Do Police Need a Warrant for Cell Phone Location Data?

    Last week, the question of whether law enforcement officials required to get a warrant for cell-phone location took a step toward Supreme Court review, as the government appealed a magistrate judge’s denial of an order for such data absent probable cause to the Fifth Circuit. Many privacy organizations, including the ACLU and the Electronic Frontier Foundation, and the National Association of Criminal Defense Lawyers joined in submitting an amicus brief.

    Cell phone tracking data as an issue is heating up for a variety of reasons. First and foremost, the prevalence of cell phone use makes the issue palpable for almost every citizen. However, there are some lesser known legal reasons that make the issue a timely one. These include the following:

    • Law enforcement increasingly seek such data; judges are increasingly denying access: The first published decision on the issue emerged from Brooklyn in 2005, when Magistrate Judge Orenstein made public his denial of law enforcement’s request of cell phone location data. Since then, many judges have followed his lead.
    • It implicates the important “third-party doctrine”: Under the third-party doctrine, information that has been volunteered to a third-party no longer receives Fourth Amendment protection. However, the third-party doctrine has been developed in quite different contexts, like whether police can search garbage put out for collection. Justice Sotomayor has called “ill-suited to the digital age.”
    • The effect of the recent U.S. v. Jones on the issue isn’t clear: The majority opinion in Jones decided the case—concerning the installation of a GPS device on a suspect’s car—primarily on the principle of physical trespass, despite a concurrence by Justice Sotomayor recognizing that “physical intrusion is now unnecessary to many forms of surveillance.”

    For these reasons and more, the issue of law enforcement collection of cell phone location data is likely that moves quickly and publicly toward Supreme Court review.

     

    Update 4/2/12: Monday, the New York Times highlighted the issue, noting how many local police departments use location tracking data for routine investigations.

  • Rubinstein & Hirsch Comments to Department of Commerce RFC on Data Privacy Codes of Conduct

    From Prof. Rubinstein…

    BEFORE THE
    DEPARTMENT OF COMMERCE
    NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION

    Docket No. 120214135-2135-01
    Multistakeholder Process To Develop Consumer Data Privacy Codes of Conduct

    Request for Comments
    ________________________________________________________________________
    COMMENTS OF
    PROFESSOR IRA RUBINSTEIN, NEW YORK UNIVERSITY SCHOOL OF LAW
    AND
    PROFESSOR DENNIS HIRSCH, CAPITAL UNIVERSITY LAW SCHOOL

    (link to full document below the fold)
    (more…)

  • The National Counterterrorism Center Just Declared All of Us Domestic Terrorists…

    …or so says Marcy Wheeler at emptywheel.net:

    “NCTC turning NCTC’s authority to sometimes get domestic terrorism information into authority to get any dataset maintained by any executive agency that NCTC believes might include some information that might be terrorism information.

    Those of us in the US Government’s tax, social security, HHS, immigration, military, and other federal databases? We’ve all, by bureaucratic magic, been turned into domestic terrorists.”

    Read more here.

  • NYT – Justices Rule Against Pilot in Privacy Case

    Not a great outcome

    “The Supreme Court ruled on Wednesday that a private pilot whose H.I.V.-positive status was improperly shared between government agencies cannot collect damages for the emotional distress he suffered when he was punished for hiding his medical condition from the Federal Aviation Administration.

    In a case that pitted competing interests of public safety, personal privacy, and the broad immunity of the government from liability lawsuits, the court’s more conservative majority found that Congress had not allowed compensation for mental anguish when violations of the Privacy Act of 1974 inflicted no actual damage, like a loss of income.”

    (more…)

  • 9th Circuit: ECPA protects domestic communications of non-US citizens

    Mu-Chia Kao

    9th Circuit: ECPA protects domestic communications of non-US citizens

     

    In Suzlon Energy Ltd. v. Microsoft Corp., the U.S. Court of Appeals for the Ninth Circuit uphold a trial court’s quashing of a subpoena and concluded that even foreign citizens are entitled to the protection of the Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. §§ 2510-2522.

    In this case, the plaintiff, Suzlon Energy Ltd. (“Suzlon”) has demanded that the defendant, Microsoft Corp. (“Microsoft”) produce documents from its Hotmail email account of Rajagopalan Sridhar, an Indian citizen imprisoned abroad. Microsoft objected to the production and argued that production of the emails would violate the ECPA. The district court agreed and held that the plain terms of the statute applied the ECPA to all persons, and granted the motion to quash.

    The relevant provision of the ECPA states that “a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.” 18 U.S.C.§ 2702(a)(1) and it defines a “user” as “any person or entity who — (A) uses an electronic communication service; and (B) is duly authorized by the provider of such service to engage in such use.” 18 U.S.C. § 2510(13) The question at issue is whether the protections of the ECPA extend to the contents of communications of foreign citizens.

    According to the Court, just like the Freedom of Information Act, “the ECPA does not facially restrict its applicability to U.S. citizens.” The Court also recognized in O’Rourke that “Congress knows how to explicitly limit a statute to U.S. citizens when it intends to do so.” (O’Rourke v. U.S. Dept. of Justice, 684 F.Supp. 716 (D.D.C. 1988) Therefore, it affirms the district court’s finding that “the plain text of the ECPA applies its terms to ‘any person,’ without qualification, including foreign citizens.” 18 U.S.C. § 2510(13)

    Moreover, considering legislative history, the Court noted that “in order to fully protect American citizens, it might be necessary to extend the ECPA to all domestic communications, regardless of who sent them.” The Court also said, “Suzlon’s restrictive reading of the ECPA would put email service providers in an untenable position. By limiting the ECPA only to those people entitled to Fourth Amendment protection, as urged by Suzlon, an email service provider would need to assess whether a particular account holder was at all times a U.S. citizen, or later became a citizen, or was a resident alien with some Fourth Amendment protection, or if there were other reasons to provide Fourth Amendment rights. This would be a costly, fact-intensive, and difficult determination.” In sum, this ruling indicates that the ECPA at least applies whenever the requested documents are stored in the United States. But the Court specifically noted that it does not address whether the ECPA applies to documents stored or acts occurring outside of the United States.

    Although this case is a civil litigation involving discovery request, as the Court rejects the argument that the ECPA only applies to government law enforcement, we may reasonably concludes that this ruling applies to cases involving law enforcement issues as well. And since almost all major email servers are located in U.S., this ruling may impose a significant impact on email users all over the world for gaining protections from the ECPA.

     

    Full context of the court’s opinion: http://www.ca9.uscourts.gov/datastore/opinions/2011/10/03/10-35793.pdf

  • Facebook passwords

    See Catherine Crump (ACLU and PRG member) quoted in this article about employers and prospective employers asking for access to Facebook accounts:
    http://www.cnn.com/2012/03/22/tech/social-media/facebook-password-employers/index.html

  • US continues to receive wholesale financial data from EU banking org. without a warrant

    Hannah Bloch-Wehba

    US continues to receive wholesale financial data from EU banking org. without a warrant

    The Europol Joint Supervisory Body (JSB) recently released a report confirming that the U.S. continues to receive wholesale data from Belgian banking clearinghouse SWIFT under the auspices of what’s known as the “Terrorist Finance Tracking Program.” A little background: after September 11, Treasury began retrieving vast quantities of data from SWIFT’s U.S. servers–without a warrant. SWIFT, an international banking consortium, processes hundreds of millions of transactions a year, creating a rich source of financial data that was ripe for the mining. The program fell directly under the holdings in Smith and Miller that indicated that financial information shared with a third party was “knowingly exposed” and therefore not protected by the Fourth Amendment’s warrant requirement.  When the program came to light in 2006, it triggered a backlash from E.U. and Belgian data protection officials, who deemed it in violation of EU Directive 95/46/EC. To save itself, SWIFT pulled its servers from the U.S. and now stores all its information in Switzerland; to save the program, and the transatlantic relationship, the E.U. and U.S. concluded an agreement under which data could only be transferred to the US under certain conditions and with the JSB’s supervision.

    Yesterday’s JSB report indicates that not a single US request for information has been denied, and that the requests have covered a continuous time period–gutting the Program’s requirements that data-sharing be minimized. More to the point, it raises questions about Europol’s ability to oversee the Program at all–and about the commitment, on both sides of the Atlantic, to preserving financial privacy, due process, and accountability.

  • Supreme Court Ruling Prompts FBI to Turn Off 3,000 Tracking Devices

    Patrick McCarthy

     

    Supreme Court Ruling Prompts FBI to Turn Off 3,000 Tracking Devices

     

    The Federal Bureau of Investigation is scrambling to comply with the Supreme Court’s recent decision in U.S. v. Jones on warrantless GPS tracking.  According to FBI General Counsel Andrew Weissmann, the ruling has caused a “sea change” within the Justice Department, prompting the agency to turn off thousands of tracking devices.  The Bureau is also working to create new guidance for field agents on the use of these devices.  However, the questions left unanswered by the Court have made this task difficult.

     

    The implications of Justice Alito’s concurrence are particularly troublesome, says Weissmann.  The Court held in Jones that the attachment and use of GPS vehicle tracking devices constitutes a search within the meaning of the Fourth Amendment.  Unlike the majority, whose reasoning was based on property grounds, Alito focused heavily on the fact that the tracking occurred over the span of almost a month.  This indicates that members of the Court are concerned specifically with long-term surveillance.  Weissmann and others believe this could lead to questions about the constitutionality of other forms of tracking technology in addition to GPS.  Consequently, the Bureau is struggling with how best to advise its agents on compliance with what will likely become a changing area of law.

     

    http://abcnews.go.com/blogs/politics/2012/03/supreme-court-ruling-prompts-fbi-to-turn-off-3000-tracking-devices/

     

     

  • New Phones! Now With More Personal ID!

    Just in case anyone had trouble making the argument that our cell phones are actually personally identifying despite our ability to leave them at home, it looks like we might not have to worry about that much longer. Look, I’m all for pursuing whatever leads show up in science, but is there really no one at Nokia who realizes that this is a terrible idea?

  • Privacy Rights Groups Fight FAA on Use of Drones in U.S.

    Christian Oronsaye

    Privacy Rights Groups Fight FAA on Use of Drones in U.S.

    Reports have it that some privacy advocacy groups have petitioned the Federal Aviation Administration (FAA) in connection with the increase in the use of aerial drones in the United States. We understand that more than 30 organizations, including the American Civil Liberties Union (ACLU), the Bill of Rights Defense Committee, and the Electronic Privacy Information Center — which have also served as key opponents to the Transportation Security Administration and the Department of Homeland Security — have demanded that the FAA hold a rulemaking session to consider all the violations to American privacy and safety posed by the proposal.

    The ACLU Petition in part states as follows:

    Drones greatly increase the capacity for domestic surveillance. Gigapixel cameras used to outfit drones are among the highest definition cameras available, and can “provide real-time video streams at a rate of 10 frames a second.” On some drones, operators can track up to 65 different targets across a distance of 65 square miles. Drones may also carry infrared cameras, heat sensors, GPS, sensors that detect movement, and automated license plate readers. In the near future these cameras may include facial recognition technology that would make it possible to remotely identify individuals in parks, schools, and at political gatherings.

    The link to the site is set out below:

    http://www.thenewamerican.com/usnews/constitution/11033-privacy-rights-groups-fight-faa-on-use-of-drones-in-us