ILI Student Blog

Author: Ashley Jacques

  • Major Tech Companies Take Sides in Battle Over Update To ECPA

    Major Tech Companies Take Sides in Battle Over Update To ECPA

    By: Matthew Shore

    Panel 9

    Link: http://www.law360.com/articles/614439/google-others-renew-push-for-digital-privacy-law-reform

    From industry to civil rights groups, many sides are now lining up against the government in the fight to bolster the Electronic Communications Privacy Act. Google, Twitter and other tech companies recently sent a letter to House Judiciary Committee Chairman Robert Goodlatte and Ranking Member John Conyers, asking that Congress give consideration to the Email Privacy Act. The act, which would be an update to the Electronic Communications Privacy Act, “would make it clear that, excepting emergencies, the government needs a warrant to compel a service provider to disclose the content of emails, texts or other private user material stored in the cloud by the service provider.”

    In the Sixth Circuit opinion United States v. Warshak, Judge Boggs stated that “[t]he government may not compel a commercial ISP to turn over the contents of a subscriber’s emails without first obtaining a warrant based on probable cause.” This seems to line up with the goal of the Email Privacy Act. However, supporters note that there have also been conflicting rulings, which has left both the government and service providers in an uncertain position.

    While service providers may be looking for guidance in how to act, and protection of their customers, the government’s interest is in protecting its citizens. Advocates for digital privacy, in pushing for the Act, can point to the extent of our lives that now exist in our emails, texts and information in the cloud. Government actors have an argument that this is the very reason that the government needs the ability to access this information easily. Much of the planning by terrorists occurs outside of the old methods of surveillance and the government must be able to act quickly, if need be.

  • Has media coverage of Snowden’s NSA leaks conditioned Americans to have no subjective expectation of privacy in their virtual lives?

    By: Rose Dorvel

    February 19, 2015

    http://www.huffingtonpost.com/2015/02/13/david-carr-edward-snowden-death-interview_n_6677790.html

    Has media coverage of Snowden’s NSA leaks conditioned Americans to have no subjective expectation of privacy in their virtual lives?

    Earlier this week, New York Times columnist David Carr dropped dead mysteriously following a panel interview with Snowden discussing the film Citizenfour, which tracks the former-NSA-contractor-turned-whistleblower’s decision to leak National Security Agency’s documents on widespread, unchecked governmental spying on citizens to the media. Conspicuously absent from the article is mention of any privacy protection measures underway that were prompted by Snowden’s leaks.

    With each article that exposes the sweeping surveillance of American citizens—without mention of mitigation measures underway by public or private actors, the notion that one’s virtual life is always being watched and retained for potential future use, misuse or abuse is drilled into the public’s brain. After an avalanche of articles exposing relentless NSA spying on U.S. citizens, Americans are aware and on notice that the government is relentlessly capturing their personal data (via phones, computers, social media, etc.). Repetition of this idea, without consequential public or political backlash, has not accomplished protection against pervasive privacy invasion, presumably the objective of Snowden’s decision to leak NSA documents.

    Instead, Americans are told and again that the NSA tracks and records their every move, which is likely and, often necessarily, an electronic one in the modern day.

    An insidious consequence of the media’s Snowden coverage is that the people have been conditioned to accept the pervasive spying as normal, perhaps per a regime to protect American freedoms from threats of terror. This result is antithetical to Snowden’s pledged objective to curb widespread unchecked spying, and one that could actually lead to an acceptance of total surveillance, and consequent erosion of Fourth and First Amendment protections. After hearing Snowden’s story, many Americans may no longer subjectively expect any privacy when they use their smartphones, computers, and other ubiquitous digital devices.

    With the all the media coverage and a film in the public domain publicizing pervasive NSA surveillance, would an American citizen subjectively expect his electronic communications to be kept private? Would society consider such an expectation reasonable? What about in the name of national security?

    Carnivore, an FBI program capable of recording, searching and storing all contents of electronic communication, was the hotly debated subject of governmental initiatives to establish more stringent privacy protection measures. Then 9/11 promptly snuffed out the debate.

    Hitler, in Mein Kampf, said “The best way to take control over a people and control them utterly is to take a little of their freedom at a time, to erode rights by a thousand tiny and almost imperceptible reductions. In this way, the people will not see those rights and freedoms being removed until past the point at which these changes cannot be reversed.” Let’s examine whether Americans have exchanged some of their civil liberties for a promise of security from an external terror threat, how we can balance homeland security measures with the Fourth Amendment’s “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches,” and initiate means to protect information privacy until privacy as we know—or knew—it is gone for good.

     

  • Jewel v. NSA

    Jewel v. National Security Agency: Mass Surveillance

    By: Nireeti Gupta

    Panel 9

    Link 1: http://www.huffingtonpost.com/2015/02/10/nsa-warrantless-searches_n_6656314.html

    Link 2: http://www.theregister.co.uk/2015/02/11/eff_loses_nsa_wiretap_appeal_again/

    The case before the District Court of California, was filed in 2008 by Electronic Front Frontier on behalf of AT&T customer Carolyn Jewel. The case took on renewed importance in the wake of the Snowden leaks which exposed top-secret information about the National Security Agency’s (‘NSA’) surveillance of Internet communications.

    Judge Jeffrey White on February 10, 2015 ruled in favor of NSA in a lawsuit challenging the interception of Internet communications without a warrant.

    The Plaintiff had alleged that as part of a system of mass surveillance, the Government receives copies of their Internet communications, then filters the collected communications in an attempt to remove wholly domestic communications, and then search the remaining communications for potentially terrorist-related foreign intelligence information. Plaintiff contended that NSA taps into the fiber cables that make up the backbone of the Internet and gathers information about people’s online and phone communications (‘Upstream Program’).

    The Plaintiffs argued that the copying and searching of their private internet communications is conducted without a warrant or any individualized suspicion and, therefore, violates the Fourth Amendment. The Fourth Amendment prohibits the Government from intercepting, copying, or searching through communications without first obtaining a warrant based on probable cause, particularly describing the place to be searched and the things to be seized.

    The Government described the collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. Upon approval by the Foreign Intelligence Surveillance Court, NSA analysts identify non-U.S. persons located outside the United States who are reasonably believed to possess or receive, or are likely to communicate, foreign intelligence information.

    Once designated by the NSA as a target, the NSA tries to identify a specific means by which the target communicates, such as an e-mail address or telephone number. That identifier is referred to a “selector.” Selectors are only specific communications accounts, addresses, or identifiers. According to the Government’s admissions, an electronic communications service provider may then be compelled to provide the Government with all information necessary to acquire communications associated with the selector. However, it claimed that the information necessary to litigate Plaintiff’s claims is subject to and excluded from use by the “state secret privilege” and other related privileges and that their cases should be dismissed.

    Judge White found that Plaintiff had not established sufficient standing to sue under the Fourth Amendment, that is, they did not present enough evidence to prove that they had been directly harmed by NSA’s actions, and so had no grounds on which to sue. Judge White further added that a potential Fourth Amendment claim would have to be dismissed on the basis that any possible defenses would require impermissible disclosure of state secret information.

     

  • California Lawmaker Proposes Warrant Requirement for Digital Data Access

    February 19

    By: Colin Johnson, Panel 9

    California Lawmaker Proposes Warrant Requirement for Digital Data Access

    Article: http://arstechnica.com/tech-policy/2015/02/california-lawmaker-proposes-warrant-requirement-for-digital-data-access/

    Last Monday, a California state senator introduced the California Electronic Communications Privacy Act, a bill that would establish new requirements for law enforcement officials to access suspects’ digital information. If passed, this bill would be the most comprehensive state provision for the protection of digital privacy in the country.

    CalECPA, as the bill is known, would provide significantly greater digital privacy rights to individuals than the current federal requirements. While courts have issued rulings clarifying and strengthening the protections of the federal ECPA, the law itself has remained largely unchanged since its implementation in 1986. Until Congress successfully passes a bill to update existing ECPA, citizens must rely on state courts to protect their digital information.

    CalECPA would establish a warrant requirement not only for email but for all electronic communications, including contacts, GPS information, and metadata. However, the most interesting provision under the proposed law would allow for the appointment of special masters to ensure that the warrants are narrow and that any legally gathered information that turns out to be beyond the scope of the investigation is destroyed immediately.

    If passed, CalECPA would provide a significant victory for digital privacy advocates. The passage of this expansive bill would send a clear message to federal lawmakers that the outmoded ECPA needs to be updated immediately in order to reflect the rapidly changing digital landscape of the twenty-first century.

  • Sneaking Past Kyllo

    February 12th- Panel 10

    By: Joseph Gracely

    Sneaking Past Kyllo

    Link to article: http://www.usatoday.com/story/news/2015/01/19/police-radar-see-through-walls/22007615/

    In 2001 the Supreme Court held in Kyllo v. United States that police use of thermal imaging technology to detect heat signatures within a person’s home was unconstitutional.  In doing so, the Court noted that the device in that case was “not in general public use.”  The Court also indicated that radar-based systems then being developed would be covered by its ruling in Kyllo.

    Now those radar-based systems are here.  And contrary to the apparently clear holding in Kyllo, they are out on the streets providing officers with data about the presence and movements of suspects behind closed doors.

    As USA Today reports, the Range-R handheld radar sensor is currently being used by at least 50 U.S. law enforcement agencies, among them the FBI and U.S. Marshals Service.  While the detectors don’t display images of what’s behind a wall, they are highly sensitive and can pick up on movements as slight as breathing from more than 50 feet away.

    Until December 2014, when the use of the devices came to broader attention, police used the radar sensors secretly, without search warrants, presenting potentially great Fourth Amendment concerns.  This is particularly so given the difference in technology between radar and thermal imaging.  While thermal imaging arguably involves only the detection from outside the home of heat penetrating out through the walls – as the government actually argued in Kyllo – radar is something different.  With radar, there is – at some level – a penetration of the home by radar waves from the device.  Given the holding in Kyllo, it’s unclear how such warrantless radar use could survive constitutional scrutiny.

     

  • Smart TVs May Redefine Privacy in Our Home

    February 12th

    By: Bo Wang

    Smart TVs May Redefine Privacy in Our Home

    http://www.bbc.com/news/technology-31296188

     

    TV is getting smarter. Nowadays many smart TVs have voice activation feature. One could basically control the TV by giving oral command, without going through the pain of reaching for the remote. But the TV listens to more than what people would have expected. As Samsung is warning its customers, when the feature is on, whatever you say including “personal or other sensitive information” may be transmitted by the TV to Samsung or a third party.

    Putting aside the shock that this sounds similar to George Orwell’s book 1984, there are some interesting legal issues that concern privacy law. Take the reasonable expectation of privacy test as an example, do people who own smart TVs automatically fail the first prong because they have no actual expectation of privacy when they talk before the TV?

    After all, customers choose to buy these TVs. One could argue that people are not expecting to surrender their privacy in the living room because they don’t know their smart TV would “snitch”. But the counter argument could point to the Samsung warning or its privacy policy in the manual that comes with the TV and say “well, now you know it and it is your decision to turn on the voice feature.”

    Should the little button on the remote that controls the voice activation also control how much privacy I have in my home? I don’t think it should. But the reasonable expectation of privacy test seems to be of no help here. It is also hard to argue physical trespass since I bought the TV. So the traditional doctrine of physical trespass doesn’t help either. I would love to see how courts will reconcile the new technology with the privacy concerns here because surely I want my privacy protected and I don’t want to reach for my remote.

  • Article by the Center for Democracy & Technology

    February 12th

    By: Siyi Tian

    Article by the Center for Democracy & Technology 4 February 2015: Congress Moves Forward on Protecting Americans’ Digital Privacy

     

    The article, which appeared in the press & in the news section of the Center for Democracy & Technology, announced the introduction of bills in both the U.S. House and Senate to update the Electronic Communications Privacy Act (ECPA). The bills aim to update the ECPA of 1986 and to provide stronger privacy protections of information stored digitally in the cloud, including e-mails.

     

    Representatives Kevin Yoder and Jared Polis introduced the House version of the bill, the Email Privacy Act, and currently have 228 co-sponsors. Senators Mike Lee and Patrick Leahy introduced the Senate version, the Electronic Communications Privacy Act Amendments Act.

     

    Specifically, the new bills aim to update the Stored Communications Act, 18 U.S.C. §§2701-2711. Under the current 180-day rule, law enforcement can obtain content of e-mails 180-days or less with a subpoena, not a search warrant. Senators Patrick Leahy and Mike Lee write that the proposal they will soon introduce will add the new requirement for the government to obtain a search warrant, based on probable cause, before searching through the content of e-mails or other electronic communications stored with a service provider such as Google, Facebook, or Yahoo!. They reason that the same privacy protections should apply to online communications as phones and homes. Since the government is prohibited from tapping our phones or forcibly entering our homes to obtain private information without warrants, the government should also need a warrant for obtaining our online communications.

     

    The ECPA has not been significantly updated since it was enacted in 1986. The purpose of the ECPA was to protect our privacy, but it was enacted in a time before people heavily relied on e-mails, mobile location, cloud computing, social networking, and the Internet in general. Technology innovations have since outpaced the ECPA, and digital communications often do not have the same privacy protections as paper communications. Advocates and companies have long called for an update to the 1986 law, and support for ECPA reform has increased rapidly following revelations about government surveillance.

     

    It is true that an update to the ECPA is much needed and desired to correct the confusions arising from unclear and conflicting standards with regards to electronic content, such as when a document stored on a desktop computer is protected by the warrant requirement of the Fourth Amendment, but the same document stored on a service provider may not be subject to the warrant requirement by the ECPA. This article, along with the introduction of the amendment bills, is a good step into the direction of reform. However, many barriers remain before passing the reform. For example, the Securities and Exchange Commission demanded a special carve out for warrantless access to private communications that people entrust to Internet companies. It would require strong bipartisan support to successfully reform the ECPA to offer equal privacy protections for all private communications.

  • Metadata, and How You Feel

    February 12

    By: Paula Kift

    Metadata, and How You Feel

     http://www.newyorker.com/magazine/2015/01/19/know-feel

    In “We Know How You Feel,” an article published in the New Yorker on January 19th, 2015, Raffi Khatchadourian describes the work of a startup company called Affectiva, which develops emotion-sensing software. Affectiva was founded by Rana el Kaliouby, an Egyptian scientist, and Rosalind Picard, a professor at the MIT Media Lab, in 2009. The company’s signature software, Affdex, calculates the proportions between non-deformable facial features such as mouth, nose, eyes and eyebrows. Affdex then “scans for the shifting texture of skin – the distribution of wrinkles around an eye, or the furrow of a brow – and combines that information with the deformable points to build detailed models of the face as it reacts. The algorithm identifies an emotional expression by comparing it with countless others that it has previously analyzed.” The software was initially developed to help autistic children classify human emotions. However, the business world was quick to identify more lucrative applications of the software. For instance, “CBS uses the software at its Las Vegas laboratory, Television City, where it tests new shows. During the 2012 Presidential elections, Kaliouby’s team used Affdex to track more than two hundred people watching clips of the Obama-Romney debates, and concluded that the software was able to predict voting preference with seventy-three-per-cent accuracy.” Perhaps more problematically, Affectiva could also be used in videoconferencing “to determine what the person on the other end of the call is not telling you. ‘The technology will say, ‘O.K., Mr. Whatever is showing signs of engagement – or he just smirked, and that means he was not persuaded.’”

     

    Picard admits that some of the requests Affectiva received from corporations seemed unethical: “We had people come and say, ‘Can you spy on our employees without them knowing?’ or ‘Can you tell me how my customers are feeling?’ and I was like, ‘Well, here is why that is a bad idea.’ I can remember one wanted to put our stuff in these terminals and measure people, and we just went back to Affectiva and shook our heads. We told them, ‘We will not be a part of that – we have respect for the participant.’ But it’s tough when you are a little startup, and someone is willing to pay you, and you have to tell them to go away.” Picard eventually left Affectiva as the interest of the company shifted away from the medical to the corporate space.

     

    Kaliouby and her team demonstrated that, in the age of big data, “even emotions could be quantified, aggregated, leveraged.” As of today the company has “analyzed more than two million videos, of respondents in eighty countries.” Given the wealth of the data, Affdex is now sophisticated enough to “read nuances of smiles better than most people can.” Kaliouby could imagine that one day cookies might be installed on computers that turn on laptop cameras as soon as somebody watches a YouTube video to analyze the user’s emotional response in real time.

     

    Regulation is lagging. “In 2013, Representative Mike Capuano of Massachusetts, drafted the We Are Watching You Act, to compel companies to indicate when sensing begins, and to give consumers the right to disable it.” However, Capuano was unable to garner enough support for the bill as industry started lobbying against it. Meanwhile more and more companies are recognizing the financial potential of the Emotion Economy.

     

    The technology described in the article raises intriguing questions with regard to the nature of electronically transmitted information and the third party doctrine. What category of information does emotional communication fit into? In the beginning of the article, the author suggests that “by some estimates we transmit more data with our expressions than with what we say.” Could emotional communication be classified as metadata? If so this would have problematic consequences for the privacy in our emotions since metadata is the kind of information that is least protected by current law. Even though Kaliouby and her colleagues assert that they turned away government inquiries about the technology, it seems likely that national security agencies are already in the process of developing their own. What if emotion-sensing technology were added to CCTV cameras?

     

    Besides, if customers voluntarily allow third parties to collect information about their emotional communication, the government could easily gain access to that information by means of a subpoena. One could even imagine a time in which national security agencies collect emotional information on a grand scale and use it for predictive policing. For instance, national intelligence could determine that, based on an analysis of millions of emotional responses, a certain group of people is more likely to respond to certain information in a certain way. Everyone who reacts in a similar way would then be considered a part of that group and potentially threatening. In the age of big data, correlation trumps causation. Perhaps this scenario seems farfetched. But as Representative Capuano points out, “The most difficult part is getting people to realize that this is real. People were saying, ‘Come on. What are you, crazy, Capuano? What, do you have tinfoil wrapped around your head?’ And I was like, ‘Well, no. But if I did, it’s still real.”