Category: Uncategorized

By: Jamaal Myers

In R v Telus Communications Co. police officers attempted to retrieve text messages stored in the computer database of Telus, a Canadian phone company, under a general warrant. Telus, in response to the request, argued that in order to produce the text messages, police must first acquire a wiretap authorization as opposed to a general warrant as required under Part VI of the Criminal Code of Canada. It reasoned that the production of text messages from its database constituted an “interception of private communications.” The Government, in response, countered that such a request was not an “interception of private communications” because the messages were not being transmitted on the Telus database, but rather they were just stored there. The Supreme Court rejected the Government’s reasoning.

Writing for the majority, Justice Abella held that:

“The only practical difference between text messaging and the traditional voice communications is the transmission process. This distinction should not take text messages outside the protection of private communications to which they are entitled in Part VI. Technical differences inherent in new technology should not determine the scope of protection afforded to private communications.”

This decision contrasts to actions concerning digital privacy currently underway in the United States. Currently, the Communications Assistance for Law Enforcement Act allows the government to force phone companies to install surveillance equipment on their networks. However, the Act does not compel phone companies and wireless providers to mandate surveillance of real-time communications such as Gmail chat. Andrew Weissman, FBI general counsel, has stated that gaining the power to wiretap all forms of Internet conversations and cloud storages is a “top priority” for the Bureau in 2013.

The full text of R v Telus Communications Co. can be found at:

http://scc.lexum.org/decisia-scc-csc/scc-csc/scc-csc/en/item/12936/index.do

Ryan Gallagher’s of Slate.com discusses the FBI’s plan in FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013. It can be found at:

http://www.slate.com/blogs/future_tense/2013/03/26/andrew_weissmann_fbi_wants_real_time_gmail_dropbox_spying_power.html

By: Peter Thompson

A recent study shows that individuals can be identified through their mobile phone location with only basic use (i.e. non-Smartphone basic use). By tracking human mobility, researchers have shown that with only four spatial-temporal points, mobile phone datasets can be combined with publicly available information to easily identify an individual.

Each time a phone accesses a network, it must send a signal to a carrier. For example, a phone may contact a network tower to send and receive calls or texts. The signal is picked up and serviced by the strongest carrier, typically the closest carrier, thereby enabling one to determine a spatial point for the origin of the signal. Whatever carrier is accessed must service or store the signal received, and thus create a log of the signal, which is time-stamped and provides a temporal data point. Using just four of these spatial-temporal points, randomly chosen, was enough to uniquely identify 95% of the 1.5 million person sample size. Of course, typical smart-phone use — e.g. push notification for email, location sharing, etc — create many more data-points, thereby increasing the uniqueness and identification capability of each mobility trace.

When these mobility traces are combined with publicly available data, such as home or work addresses, it is not difficult to identify the owner of each trace. Such identification can be used to determine potentially sensitive information about an individual; for example, religion based on churches attended, medical issues or addictions based on clinics visited or meetings attended, relationships based on location pairing, etc. The study offers no conclusion about the effects that human mobility tracing will have on privacy policy, but it acknowledges that mobility data must be taken into account in developing such policy going forward.

http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html

https://www.eff.org/vi/wp/locational-privacy

By: Brittni Reaser

The Canadian Government is restricting the data that is gathered when its citizens access government websites.

The Privacy Commissioner has been raising concerns about data mining for several years and has gotten new guidelines passed to restrict the Canadian federal government use of data gathered when their websites are visited.

The guidelines ‘prohibit the government from profiling an individual’s online activity by tracking their computer’s Internet protocol address’ and went into effect this January. Departments have to ensure that any 3rd party groups contracted to analyze online data to comply with the new rules.

While it is important to protect the information of citizens these new rules are not as comprehensive as they may seem.

First, they only apply to information gathered on government websites, not the information collected through the interaction with government on social media sites.

Second, the rules do not apply to private companies. These companies make a lucrative business data mining and can continue to do so.

Third, the B.C. Freedom of Information and Privacy Association, feels that the guidelines were changed without input from the public. Further, these rules (in combination with the consolidations of government websites) will leave Canadians less protected because the information is under tighter control and the government can still monitor who is accessing the page.

Although public companies are not prohibited by the guidelines it is more important that the government be limited in their data mining abilities. Because the government can restrict one’s freedom and cut people off from government benefits. According to Martin Abrams, President of  Centre for Information Policy Leadership.

This step taken by the Canadian is important to the future of information privacy online. Though everyone may not be satisfied with the rules, it is an important first step on this major issue. The next step could be restrictions on the private sector or not allowing government to use any data from citizens other than what is specifically given to them. If this rule becomes the norm worldwide, the US government will follow suite and makes changes to its data mining policy and afford Americans more privacy and our information more protection.

By: Michel Leclerc

The recent debate over the Canadian “Bill C-30” shows us how fierce the discussions surrounding governmental data mining can be. This bill, also known as the “Protecting Children from Internet Predators Act“ was abandoned in February 2013, one year after it was first introduced. As the name of the bill shows us, governmental efforts to increase security and improve law enforcement can often be at odds with basic individual privacy interests. And the debate can be loaded with emotions : Canadian Public Safety Minister Vic Toews did not hesitate to offer a blunt alternative to one of his political opponents : « He can either stand with us or stand with the child pornographers ». Another proof that the effort towards more efficient monitoring of criminal activity can seriously threaten basic privacy rights.

Two key provisions were indeed at stake in Bill C-30. First, it was allowing governmental authorities (such as the Canadian Security Intelligence Service or the Royal Canadian Mounted Police) to have access to Internet susbscriber information without any warrant. This information included name, address, telephone number, email address and Internet protocol (IP) address.

Second, Bill C-30 would put Internet providers under the obligation to have systems that allowed police to intercept and track online communications. This technological obligation

The entire bill can be found under the following link:

http://www.parl.gc.ca/HousePublications/Publication.aspx?DocId=5380965&File=19

The large public protest against this bill reflected in many blog posts caused Canadian Justice Minister Rob Nicholson to abandon this project. However, as an article points out (http://rt.com/news/canada-kills-surveillance-bill-992/), some future battlegrounds exist concerning the interaction of law enforcement and privacy rights. In Canada, Bill C-12 would allow Internet service providers, email hosts and social media sites to voluntarily share personal information about their clients with the police. It still stands on the parliamentary docket. In the United States, the Cyber Intelligence Sharing and Protection Bill (CISPA) is being reintroduced in the House of Representatives. Its key provisions are similar to those contained in Bill C-30 (http://rt.com/usa/cispa-cyber-bill-last-133/).

By: Matt Rotbart

Our reading on privacy and law enforcement focused on the tension between privacy and security and the roles of the Fourth and Fifth amendments. Among other things, we reviewed pursuant to 39 U.S.C. §3623(d) that sealed letters “shall not be opened except under authority of a search warrant authorized by law” (Casebook at 249).

On Tuesday, March 19^th, Senators Mike Lee (R-Utah) and Patrick Leahy introduced an amendment to the Electronic Communications Privacy Act (ECPA) that would require government officials and law enforcement officers to obtain a search warrant when accessing emails and other electronic messages. Currently, the ECPA allows law enforcement officials to obtain emails, and other electronic material, that has been in storage for more than 180 with only a subpoena. The ability of government officers to obtain private email correspondence after a period of time intuitively seems to conflict with the requirement of obtaining a warrant for sealed messages sent through U.S. Postal Service. It is also troublesome that material which has been in storage for less than 180 days requires a search warrant under the ECPA, but after the 181^st day, the Fourth Amendment appears not to apply.

What’s the difference between obtaining a subpoena and a search warrant? Subpoenas only require a showing that information sought by the government is relevant to an investigation. Search warrants, on the other hand, require a judge to determine that the police have “probable cause” under the Fourth Amendment to believe that the material sought will yield evidence of a crime.

Google and other digital rights activists are leading the charge for this amendment; they argue that the ECPA – which was passed in 1986 – is severely outdated. Google has had an ongoing struggle with law enforcement officials over which instances it is permissible to reveal private user information. In some cases Google has refused to turn over information that has been stored for longer than 180 days in direct violation with the ECPA. Google has based this decision in part on the Sixth Circuit’s 2010 ruling in U.S. v. Warshak. In that case, the court held that the Fourth Amendment requires law enforcement authorities to obtain search warrants to access people’s emails, notwithstanding the ECPA. This particular issue has not yet reached the Supreme Court, and may become a nonissue if the proposed amendment passes.

Attached is a link to the MediaPost article on this topic, as well as a link to the Sixth Circuit’s decision, and a link to Google’s Privacy Blog:

http://www.mediapost.com/publications/article/196206/new-law-would-boost-privacy-in-email-messages-clo.html#ixzz2OrmRrf4n

http://googlepublicpolicy.blogspot.com/2013/03/testifying-before-us-house-of.html

http://www.ca6.uscourts.gov/opinions.pdf/10a0377p-06.pdf

By: Stephen Elkind

When we are observed, we modify our behavior. Indeed, “merely hanging up posters of staring human eyes is enough to significantly change people’s behavior.” When you are observed, you act differently than when you are alone. You are more likely, when shopping for example, to purchase the more expensive brand if there are other customers in the store. But what happens when you are observed indirectly? What happens when you are observed by your government? And what happens when that observation tracks your location over an arbitrary time period and is never deleted?!?

Automatic License Plate Reader (ALPR) systems are cameras mounted on stationary objects or moving cars. The cameras are programmed to take photos of every license plate encountered, capturing the location and time data of thousands of cars per minute. Aggregated, the information collected by ALPR systems paints a clear picture of your daily conduct, and “can be used as a kind of mass, warrantless tracking system.” These systems are becoming cheaper and therefore more popular among law enforcement agencies. What’s worse is that limiting the retention time of the data seems to be the exception rather than the norm, meaning your local police will remember your trip to the store for years to come.

But people don’t just go to the grocery store and back. They stop at a bar (a gay bar?) they go to a place of worship, they visit with friends, lovers, family, and much more. In United States v. Jones, a case that went up before the Supreme Court in 2011, the Council on American-Islamic Relations (CAIR) filed an amicus brief. They argue, “[A]necdotal evidence demonstrates that surveillance of mosque attendance has significantly chilled Muslims’ willingness to congregate at their houses of worship” after 9/11.  Police cars, equipped with ALPR systems, driving through mosque parking lots is an increase in surveillance that would lead directly to a decrease in mosque attendance and even Muslim charitable donations. Simply put, ALPR surveillance chills associational activity, “particularly for those who are members of, or associate with members of, religious and political minority groups.”

If associational activity is valuable, which it most certainly is, and police insist on using ALPRs, which they most certainly do, then a balance must be struck. Police cars with high-powered cameras constantly capturing the comings and goings of each and every vehicle must adopt strict retention time limitations or somehow ensure that the harms articulated by CAIR aren’t further perpetrated. Otherwise, the icy gaze of big brother will continue to freeze important associational activity of law abiding citizens.

By: Christopher Clark

http://www.nytimes.com/2013/03/27/nyregion/police-perspective-to-be-presented-at-trial-on-stop-and-frisk-tactic.html?hp&_r=0:

This article is about New York’s “Stop and Frisk” police policy. The police and others contend the policy is permissible because it is done when only when police have observed suspicious behavior. However, opponents don’t like that these searches completely rely on the judgment of the police officer on the ground. In effect, this judgment is heavily influenced by racial and other stereotypes, as seen by the statistics on those stopped. Here, the Times reports on police officers’ perspective on the Stop and Frisk. Even if the police are being honest that they aren’t letting racial stereotypes enter into their decisions, these prejudices also operate on a subconscious level. The question becomes could this factor be vetted empirically and given an appropriate weight (Zocalo drug dealer case).

Related to Monday’s class, Stop-and-Frisk is a variant of pattern-based searching using government law-enforcement data legally collected (i.e. the police officer’s observations from roaming about in public). Instead of this data being run through an empirically-validated algorithm to see which data gives rise to a heightened suspicion, the data are simply analyzed by police who run their own algorithm in their head. This algorithm is going to be different for every police officer, and is also going to be intrusive for the people who are frisked—both red flags when it comes to data mining (although this data is not in a digital format). This might be one example where a more standardized, mechanized decision would create less problems than individual judgment.

Related to Wednesday’s class, the Supreme Court has ruled that this type of “Stop and Frisk” procedure is not a traditional “search” requiring a warrant, instead accepting a lesser showing of suspicion (Terry v. Ohio). This is one policy where the limitations of the 4^th Amendment in protecting against government intrusion are evident.

By Kenneth Alan Agee

Soon US spy agencies may have access to a large database of financial data, which includes a vast amount of US citizens’ financial data.  Earlier this month, Reuters was able to see a Treasury Department document that revealed that the Obama administration is planning on giving US spy agencies full access to Treasury’s Financial Crimes Enforcement Network (FinCEN).[1] FinCEN is a “massive database that contains financial data on American citizens and others who bank in the country.”[2] The database is used to fight terrorism and fraud. “Any transaction above $10,000 in value is documented, and over 25,000 financial institutions currently file reports to the network.”[3] Banks are also required to report “suspected incidents of money laundering, loan fraud, computer hacking or counterfeiting.”[4]

Currently, the FBI has full access to the database, but spy agencies like the CIA and NSA only have access to data on a case-by-case basis upon request. The proposal would give them full access to the database, which would allow them to use this data for data mining, which involves combining this financial data with other information they have collected and run it through complex algorithms in order to try to identify individuals whose information creates a suspicion of terrorism or other illegal activity.

This proposal carries with it some serious privacy concerns. First, there is the problem that arises anytime one uses computer-based analysis over human analysis: the possibility of being wrong. A false positive can potentially be of great inconvenience to the accused. Second, as it has become easier to obtain large amount of data, it has also become easy to store such data. This means it is unknown how long these agencies might have access to this data. Who knows what these agencies might be able to gleam from this data the future. Lastly, there is the concern over who else might be able to gain access to this information. The Internal Revenue Services? Other government agencies? Private actors hired by these spy agencies?

Nevertheless, maybe these concerns are worth the possibility for increased security. The US faces great national security threats, and it could be argued that these concerns are minimal compared to the increased safety citizens obtain by relinquishing this data. Regardless, this will likely make many people queasy. Although if you’ve survived the FBI going through your bank accounts so far, could the CIA really make things any worse?

By Lina Enriquez

Under the umbrella of the Privacy Act (1974), a provision expressed in 42 USC § 14135(a) allows agencies of the U.S. that arrest or detain or supervise individuals facing charges to collect DNA samples from them, even without their consent. The personal information, once collected, is stored and processed in the Combined DNA Index System (“CODIS”), which is a system of records as defined by the Privacy Act.

The broad terms used in 42 USC § 14135(a) have served as ground for a lot of state laws allowing for DNA testing of arrestees. One of those laws, enacted in Maryland in 2010, and as applied to the case of an arrestee that was subject to a warrantless DNA collection, is currently under analysis of the Supreme Court in Maryland v. King, a very significant case to define the scope of privacy interests against the law enforcement purposes that government seeks through different system of records as CODIS. In November 2012, the Supreme Court decided to hear Maryland v. King to decide whether the Maryland’s DNA Act is unconstitutional under the Fourth Amendment as applied to individuals arrested, but not convicted.

The State of Maryland argued in its brief that a DNA collection is just another mechanism of identification as fingerprint collection, that it serves to law enforcement purposes, and that the degree of intrusion upon the privacy of an arrestee is minimal because only the individual’s identity is compromised and arrestees “have a reduced expectation of privacy generally, and when it comes to identity specifically, no legitimate expectation of privacy.”

http://www.americanbar.org/content/dam/aba/publications/supreme_court_preview/briefs-v2/12-207_pet.authcheckdam.pdf

Arguing in favor of privacy rights, The Electronic Privacy Information Center (EPIC), a public interest research center, has filed a brief to alert that the collection of a DNA sample from an individual “raises a profound and far-reaching privacy concern. Genetic traits can identify family members and reveal predispositions to disease and mental illness. … DNA testing can also result in social stigma, discrimination in employment, barriers to health insurance, and other problems. As the Combined DNA Indexing System (CODIS) system has expanded, so too has the collection of this particularly sensitive personal information. Even after analyzing the sample to extract a CODIS profile, the government does not destroy it. … States indefinitely retain entire DNA samples after CODIS analysis is complete. Further, the dramatic expansion of CODIS underscores the likelihood that an increasing number of individuals will be subject to the collection of their DNA sample and its maintenance within the criminal justice system.”

http://epic.org/amicus/dna-act/maryland/EPIC-Amicus-Brief.pdf

This case, described by Justice Alito as “perhaps the most important criminal procedure case that this Court has heard in decades”, (http://www.genomicslawreport.com/index.php/2013/02/27/all-eyes-on-maryland-v-king-recapping-the-supreme-court-oral-argument/) will doubtless be a cornerstone to define whether government agencies are allowed to collect personal identification data for general law enforcement purposes and keep it stored to use it “within the scope of an authorized law enforcement activity” (See Becker v. Internal Revenue Service. 7^th Cir. 1994), or whether enforcement agencies are not allowed to collect personal information without reasonable suspicion just because it can prove to be useful at some later state.