Month: April 2013

By Peter Van Valkenburgh

A Bill’s been floated in the Illinois State Senate that seeks to put an end to anonymous commenting on websites and blogs. The full text is here here: http://legiscan.com/IL/text/SB1614

But here’s the juicy part:

“Section 10. Anonymous internet poster; right to know. A web site administrator upon request shall remove any comments posted on his or her web site by an anonymous poster unless the anonymous poster agrees to attach his or her name to the post and confirms that his or her IP address, legal name, and home address are accurate. All web site administrators shall have a contact number or e-mail address posted for such removal requests clearly visible in any sections where comments are posted.”

The first thing to note is that the text of this bill is word-for-word identical to a bill floated last year in the NY State Legislature (more here: http://www.wired.com/threatlevel/2012/05/anonymous-online-speech-ban/). Is this just a case of copy-cat legislators or are some enterprising torts lawyers shopping a bill state-by-state? As we’ll see, the passage of such a bill would greatly increase a lawyer’s client-base should they just so happen to specialize in defamation and electronic communications.

This brings us to why these bills might be repeatedly cropping up. Given the present state of the law those harmed by online comments have absolutely no possibility of legal relief (damages or injunction) should they be unable to determine the identity of their virtual assailant. Section 230 of the Communications Decency Act provides near bullet-proof immunity to the interactive services (read: yelp, facebook, blogs) that solicit and display user-generated content (“UGC”) like blog comments. These sites are not required to remove and can’t themselves be sued for UGC that is defamatory (see Zeran v. AOL, 129 F.3d 327 (4th Cir. 1997)), or in violation of other state laws — like right to personality claims, right to privacy claims, state prohibitions on sexually explicit advertising (see Doe v. AOL, 783 So. 2d 1010, 1013-1017 (Fl. 2001)), false information (see Gentry v. eBay, 99 Cal. App. 4th 816, 830 (2002)), discriminatory housing ads (see Chicago Lawyers’ Committee v. Craigslist 519 F.3d 666 (7th Cir. 2008)), or threats (see Delfino v. Agilent Technologies, 145 Cal. App. 4th 790 (2006)).

Effectively, CDA 230 immunizes the electronic republishers and distributors of content from all liability stemming from UGC (except liability under federal criminal law (see 47 U.S.C. §§ 230(e)(1)) or federal copyright law (see id. at (e)(2))). So, if you are somehow harmed by UGC and the remedy for that harm would be under state law, your only option is to sue the original author of the content. Trouble is, most of the particularly offensive or damaging UGC out there is, for this very reason, anonymously posted.

With the full legal picture in mind, it is clear why some lawmakers (or the enterprising young defamation lawyers who probably drafted both of these bills) are trying to force UGC contributors to identify themselves. Moreover, to be clear, this wouldn’t just force the identification of comment trolls on blogs — this would “out” yelp reviewers, social networking posters, wikipedia editors, basically the whole kit-and-kaboodle of web 2.0 contributors. Accordingly, you could finally identify and sue the dissatisfied diner that wrote a scathing Yelp review about your restaurant, or the the unhappy couple who claims on Angie’s List that your plumbing company flooded their basement. Moreover, even if your defamation claim isn’t great, you could probably scare them into removing the content or settling by merely raising the spectre of costly litigation.

I can appreciate arguments that the CDA’s sweeping section 230 immunities need to be revisited in light of the complete inability of genuine UGC victims to legally compel intermediaries to remove truly damaging content. But these proposals don’t touch the CDA; instead, they strike at the core of our first amendment right to freely speak in the manner we so choose. Your choice to identify or not is a part of the content of your speech (see McIntyre v. Ohio Elections Commission, 514 U.S. 334 (1995)) . Requiring that all electronic speech include identification is no different than any other sort of content-based restriction on speech. It’s unconstitutional and antithetical to the preservation of a flourishing democracy and a flourishing online marketplace of ideas.

By: Amanda Levendowski

In January, the Department of Homeland Security (DHS) quietly published its long-awaited “Civil Rights/Civil Liberties Impact Assessment” of border searches of electronic devices. The actual impact may be an equally quiet erosion of Fourth Amendment rights.

As of 2009, DHS is lawfully allowed to both search and seize devices like smart phones, laptop computers, and other data storage devices (including disks and flash drives) at the border without reasonable suspicion that the devices were involved in a crime. Then-Secretary Napolitano explained that these searches struck “the balance between respecting the civil liberties of travelers while ensuring DHS can take the lawful actions necessary to secure our borders.”

The Impact Assessment executive summary is three pages long, and its treatment of the Fourth Amendment amounts to fewer than ten lines of text. The summary concludes that “current border policy searches comply with the Fourth Amendment,” and that “imposing a requirement that officers have reasonable suspicion in order to conduct a border search of an electronic device would be operationally harmful without concomitant civil rights/civil liberties benefits.” The executive summary points to “longstanding constitutional authority” permitting warrantless, suspicionless searches at the border, that authority being directives issued by Immigrations and Customs Enforcement (ICE) and Customs and Border Protection (CBP). While agency directives are persuasive, the summary relies on these directives as if agencies have the power to abridge Fourth Amendment rights.

As American Civil Liberties Union staff attorney Katie Hass explains, the summary “draws the highly questionable conclusion that the border search policy does not violate our Fourth Amendment right to privacy,” but fails to “explain any of the evidence or reasoning its conclusions are based on.”  The ACLU has filed a FOIA request seeking disclosure of the entire assessment, as well as records and data used to compile the report, but no additional information has yet been disclosed.

The DHS executive summary effects many more individuals than just those crossing into Canada or Mexico for holiday. According to 8 CFR § 287.1, the “border” extends 100 miles inland of any external boundary. The government’s definition of a border subjects more than 190 Americans to the possibility of warrantless, suspicionless searches of electronic devices, and more than 6,500 people had their electronic devices searched at the border since 2008.

Just after the DHS executive summary was released, the Ninth Circuit sitting en banc heralded United States v. Cotterman as a “watershed” case. Judge McKeown acknowledged that when American citizens travel now, we carry all manner of electronic devices, from company Blackberries and laptops to personal e-readers and iPhones. Any one of these devices reveals more sensitive, personal information than other items that may have been subject to border searches in the past, and the court noted that a persons “digital life ought not be hijacked simply by crossing a border.”  Because of the unique nature of electronic devices, the Ninth Circuit determined that “reasonable suspicion” is required for border searches. Cotterman is not the godsend case that many privacy advocates hoped for: the reasonable suspicion standard is only applicable to “forensic examinations,” only evocable along portions of the Mexico-US and US-Canada border, and the facts that established reasonable suspicion were frighteningly thin, Cotterman may be a step in the right direction, but the path towards protecting Fourth Amendment rights at the border remains a long one.

By: Bio Kim

Following 9/11 the U.S. government went through extensive reforms to improve the communication and coordination between intelligence officials and law enforcement authorities. The recent Boston Marathon bombing provides a small window into the inner workings of agencies involved in national security. Even though Judge Posner criticized the dual nature of the FBI in conducting both domestic intelligence investigations and criminal investigations, the FBI has evolved by assuming a greater role as a domestic-intelligence-gathering agency.

In tandem with the FBI wearing both hats, the FISA walls, which proved to be a great source of confusion before 9/11 in the sharing of information, have been largely dismantled. The agencies involved in national security now have at their disposal an expanded legal and technical resources. This course of development owes to the increased acceptance by the public of heightened government searches and seizures in the face of terrorism.

Nevertheless, there is also a valid concern that the government could be abusing its power at the cost of people’s privacy. Part of this fear comes from the fact that the Foreign Intelligence Surveillance Court’s (FISC) opinions are kept secret. It is worth noting that even though it is also true that the unique nature of FISC dictates that it “operates primarily in secret” to ensure the “proper functioning of the FISA process,” the FISA court has not definitively concluded that FISA meets the Fourth Amendment requirements. In re Sealed Case.

More information available at:

http://www.govexec.com/technology/2013/04/how-government-searches-boston-marathon-bomber/62613/

http://www.wired.com/threatlevel/2013/04/secret-surveillance-court/

By: Caitlyn Hall

Although Congress is currently contemplating revising the twenty-seven year-old Electronic Communications Privacy Act in response to privacy concerns, it is also considering other legislation that could pose significant threats to the privacy of internet users. In April 2012, the House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA). The bill, which has prompted widespread criticism from civil liberties groups, would allow private entities to share information relating to potential cyber-threats originating from foreign nations with the NSA and other members of the intelligence community.

CISPA’s proponents argue that it protects American business and intellectual property and ensures that government is adequately equipped to deal with web-based attacks from abroad, and that the bill provides adequate privacy protections, including prohibiting the government from forcing private entities to share information with the government and encouraging firms to minimize the information they share with the government. Critics, however, say that the bill does not contain adequate privacy safeguards, such as requiring service providers to remove irrelevant data before passing information along to the government, and add that CISPA in fact provides legal protections for entities that choose to cooperate with the NSA.

The House Select Committee on Intelligence, which is responsible for the bill, has made a number of amendments in response to concerns from privacy advocates, including adding a provision that limits the private sector’s use of cybersecurity information received to only cybersecurity uses, prohibiting private entities from “counter-hacking,” and removing language that would allow the government to use the data collected for “national security” purposes. But critics respond that the changes made have been mostly cosmetic, and warn that CISPA could permit government surveillance of email communications, and might allow private firms to share geolocation and other user data. The White House has threatened to veto CISPA, citing privacy and civil liberties issues raised by the bill.

http://bits.blogs.nytimes.com/2013/04/16/civil-liberties-fears-dooms-house-cybersecurity-bill/

http://www.cio.com.au/article/458812/critics_cispa_still_government_surveillance_bill/

http://dailycaller.com/2013/04/16/white-house-threatens-to-veto-cyber-bill/

http://www.govtrack.us/congress/bills/113/hr624

By: David Gold

Should police officers be required to obtain a warrant before searching an arrestee’s cell phone? Under the California Supreme Court’s 2011 opinion in People v. Diaz, the answer, at least under the Fourth Amendment, is no. That court held that the defendant’s cell phone was immediately associated with his person at the time of his arrest and, even without a warrant, was searchable incident to his lawful custodial arrest. In the decision, the court rejected the dissent and defendant’s argument that cell phones should not be searchable without a warrant because of the amount of sensitive personal data contained within the devices.

On March 19, 2013, the ACLU, together with the law firm Pillsbury Winthrop Shaw Pittman LLP, acting as pro bono assistant counsel, filed a complaint against the City and County of San Francisco claiming that a police officer’s warrantless search of the defendant’s cell phone, which was on the defendant’s person at the time of his lawful arrest, violated both the California Constitution and the First Amendment of the US Constitution. Through its complaint, the ACLU’s lawsuit seeks to circumvent the Diaz decision and require police officers to obtain warrants prior to searching the data content on cell phones on grounds other than Fourth Amendment search and seizure. Article 1, Section 1 of the California Constitution explicitly identifies a right to privacy, which, the ACLU argues, makes the state constitution more protective of privacy rights than the US Constitution, since the latter does not explicitly establish privacy rights. Article 1, Section 13 similarly is argued to offer greater protection than the Fourth Amendment against unreasonable searches and seizures. Finally, the ACLU argues that phones contain a great amount of communication, and that allowing for these searches will have a chilling effect on speech, which is not permissible under the First Amendment in this instance, because even though the information on phones is relevant, the search will only be permitted if it furthers a compelling interest.

The ACLU complaint is filled with a detailed factual record of the capacity for cell phones, and particularly smart phones. Not only does it describe in great detail the current ability of phones, but it also notes the expansion of data capacity on the horizon. Additionally, the ACLU argues that there is sensitive personal information of friends, family members, and co-workers contained on an individual’s cell phone, in addition to highly sensitive personal information, such as credit card information. Furthermore, the ACLU challenged that cell phones do not pose a physical threat to police officers and that police officers do not need to search the contents of the phone immediately because no evidence will be destroyed given that officers may use a Faraday Bag, which prevents third parties from accessing and deleting or changing information on the phone.

Since the California Supreme Court has already determined that such phone searches do not violate the Fourth Amendment, if the ACLU loses on these claims, there will be little room to challenge such searches in California, and only a ruling by the US Supreme Court would overrule such a holding. Perhaps, given that cell phones contain information in different applications, there is a workable middle ground approach, that officers may only access information in certain application without a warrant. Or, as the ACLU points out, perhaps Faraday Bags should become commonplace, allowing officers to seize control of an arrestee’s cell phone and prevent any evidence on it from being destroyed, but not search its contents until a warrant is issued. Discussion about these alternatives will only really be relevant if the California Court decides in favor of the ACLU, since a decision for San Francisco will allow officers to search the entire cell phone device of an arrestee without a warrant.

Fun fact from the ACLU complaint: early mobile phones used to weigh almost 90 pounds!

Articles:

http://www.aclu.org/technology-and-liberty/aclu-lawsuit-challenges-warrantless-searches-cell-phones

http://consumerist.com/2013/03/20/aclu-files-suit-to-stop-police-from-searching-cell-phones-without-warrant/

ACLU-Pillsbury Complaint

https://www.aclunc.org/news/press_releases/asset_upload_file321_12297.pdf

People v. Diaz Decision:

http://epic.org/privacy/devicesearch/People_v_Diaz.pdf

By: Josh Baker

Article: http://www.wired.com/threatlevel/2013/04/secret-surveillance-court/

Government’s brief: http://www.wired.com/images_blogs/threatlevel/2013/04/fisacourt.pdf

The Electric Frontier Foundation (EFF), a digital rights group in San Francisco, brought suit in the District Court for the District of Columbia after the government denied EFF’s Freedom of Information Act (FOIA) request to disclose a ruling of the Foreign Intelligence Surveillance Court (FISC).  FISC opinions are almost never disclosed to the public as a general matter.

In this case, the opinion was not revealed, but Sen. Ron Wyden was briefed on the ruling as a member of the Intelligence Committee.  Wyden was authorized to reveal that FISC had found an instance of surveillance that “circumvented the spirit of the law” and failed Fourth Amendment reasonableness scrutiny, violating the FISA Amendments Act.  The declassified statements also noted that “government has remedied these concerns and the FISC has continued to approve []

collection [pursuant to Section 702] as consistent with the statute and reasonable under the Fourth Amendment.”  The public would not have been aware of the ruling in this case were it not for Sen. Wyden’s authorized comments.

The Department of Justice (DOJ), in its brief, contends that FOIA exempts this information from disclosure.  It argues that the FISC Rules of Procedure prohibit the disclosure of the FISC opinions and Intelligence Committee briefings.  In the alternative, the DOJ declared that the information sought “necessarily implicates classified intelligence sources and methods” and is therefore exempted from FOIA disclosure.  Finally, the DOJ asserts that disclosure of the information sought by EFF “could result in exceptionally grave and serious damage to the national security,” and that the court should defer to the Department’s finding on this matter.

This exemplifies the government’s general rationale for maintaining secrecy as to FISC opinions.  The FISC was designed to have Article III judges rule on information collection/surveillance requests from intelligence agencies, while preserving the secrecy of the government’s investigations that could be jeopardized by public disclosure.  By declassifying certain statements regarding the FISC opinion, the government sought to balance the interest in government transparency with the protection of critical intelligence activities.

By: Ashley Belton

National security often comes at odds with privacy interests, as evidenced by the White House’s reaction to the latest cybersecurity bill currently being considered by the House. On April 16^th, the White House threatened to veto a House bill, which would permit private entities to share with the government and other private entities information pertaining to threats to computer networks. Additionally, the bill would grant private companies immunity from lawsuits if they engaged in such information sharing. The bill is a reflection of the fact that national security threats are increasingly taking the form of cyber attacks; and the government is struggling to combat such dangers while taking into account privacy concerns.

A spokesman for the National Security Council, Caitlin Hayden, identified the administration’s issue with the bill: under the current version of the bill, private companies are not required to remove irrelevant personal information before sharing such information with the government or with each other. Thus, there is no protection against private companies sharing data that could be used to identify ordinary citizens. This criticism is in line with the principle of minimization, that is, the government should only acquire information which is necessary to effectuate its interests, and it should minimize any interference with citizens’ right to privacy.

The House is to vote on the bill later this week. The bill has already faced much criticism from civil liberties groups, such as the American Civil Liberties Union and the Center for Democracy and Technology.

For more information:

Chris Strohm, Obama Threatens Veto of Revised House Cyber Measure, Bloomberg (Apr. 16, 2013, 4:12 PM), http://www.bloomberg.com/news/2013-04-16/obama-threatens-veto-of-revised-house-cyber-measure.html.

Somini Sengupta, Civil Liberties Fears Doom House Cybersecurity Bill, NYT (Apr. 16, 2013, 9:23 PM), http://bits.blogs.nytimes.com/2013/04/16/civil-liberties-fears-dooms-house-cybersecurity-bill/.

By: Michal Flombaum

In 2009, the Department of Homeland Security announced that it would assess the Civil Liberties Impact of suspicionless searches of computers and other electronic devices at the border. Initially, DHS said it would release its findings within 120 days of that announcement, but only in February of this year did DHS release any findings. Releasing only the two page executive summary dealing mostly with the possibility of ethnic or racial profiling, DHS writes that applying a reasonable suspicion requirement to searching electronic devices would be “operationally harmful” without any civil rights and civil liberties benefits.

I find it interesting that DHS relies on the notion that “courts have not treated searches of electronic devices any differently than searches,” given the cases we discussed in class on Monday. Just as we concluded in class, Wired’s coverage of the release takes care to note that, “electronic devices have become virtual extensions of ourselves housing everything from e-mail to instant-message chats to photos and our personal effects,” emphasizing the extremely invasive nature of these searches.

Note that Cotterman was decided just weeks after DHS released the executive summary earlier this year. It will be interesting to follow DHS’s response to Cotterman, and whether DHS will apply the reasonable suspicion standard to all borders or just to those under the jurisdiction of the Ninth Circuit that includes the controversial Arizona and California borders with Mexico

The ACLU filed a FOIA request to discover how DHS reached their conclusions because, as they write, “the reality is that allowing government agents to search through all of a traveler’s data without reasonable suspicion is completely incompatible with our fundamental rights: our Fourth Amendment right to privacy—and more specifically the right to be free from unreasonable searches—is implicated when the government can rummage through our computers and cell phones for no reason other than that we happen to have traveled abroad.” Though the ACLU seems to find the reasonable suspicion standard protective enough, the Electronic Frontier Foundation has advocated for a probable cause standard in its Amicus brief.

http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A%20wired%2Findex%20%28Wired%3A%20Top%20Stories%29

The full text of the executive summary is available here: http://www.dhs.gov/sites/default/files/publications/crcl-border-search-impact-assessment_01-29-13_1.pdf

For the ACLU’s explanation of their FOIA request, please see: http://www.aclu.org/blog/technology-and-liberty-immigrants-rights-national-security/aclu-files-foia-request-unreleased

For a more complete discussion on the matter, please see The Electronic Frontier Foundation: https://www.eff.org/deeplinks/2013/03/finally-some-limit-electronic-searches-border

By: Tom Gottheil

Last week, in a closed-door meeting, the House Intelligence Panel voted 18-2 to approve the Cyber Intelligence Sharing and Protection Act (CISPA), a controversial proposal to encourage information sharing between private companies and the federal government. It is expected to be brought to a full vote on the floor of the House as soon as Thursday, though President Obama has threatened to veto the bill without changes to its corporate liability rules.

The bill’s stated purpose is to investigate and deter cyber attacks against US information infrastructure. In order to facilitate data sharing between technology companies and the government, CISPA broadly limits civil and criminal corporate liability for good-faith compliance with its terms. These limits worry civil liberties groups and activists, who contend that the lack of protection for private information in the bill, combined with its immunity provisions, could result in companies disclosing vast quantities of personal information without legal recourse for those whose data is disclosed.

Despite broad corporate support for CISPA, it was defeated in the Senate last year. A slightly modified version will be coming to the floor of the House of Representatives in the coming days. However, with President Obama’s veto threat looming, the future of CISPA is once again uncertain.

By: Jenn Ebling

Article link: http://www.slate.com/blogs/future_tense/2013/02/26/fisa_supreme_court_says_americans_don_t_have_standing_to_challenge_surveillance.html

The article references a Supreme Court opinion, which can be accessed here: http://www.supremecourt.gov/opinions/12pdf/11-1025_ihdj.pdf

On February 26, 2013, the Supreme Court ruled in Clapper v. Amnesty International USA that American citizens who cannot prove they were subject to government surveillance because the government refuses to divulge details about its surveillance practices lack standing to challenge the constitutionality of the Foreign Intelligence Surveillance Act (FISA).

In 2009, the district court of the Southern District of New York rejected the plaintiffs’ claim that the 2008 amendments to FISA had authorized broad surveillance in violation of their constitutional rights on the grounds that the plaintiffs lacked standing because they could not show a particularized or concrete injury.  In 2011, the 2nd U.S. Circuit Court of Appeals overturned the district court’s opinion and concluded that plaintiffs had standing based on a “reasonable fear of future injury.”  The Supreme Court rejected the circuit court’s rationale on the basis that such fear of future injury is too speculative to support standing.

Though the court was careful to note that a plaintiff could establish standing to challenge the law by proving she had been the subject of surveillance, it is difficult to imagine how a plaintiff could do so in practice given the government’s secrecy about its surveillance practices.