Intelligence Oversight Tries Again With Zero-Reform Section 702 Bill, Criticizes Reform Efforts As Threats To Security

from the tireless-in-their-unquestioning-defense-of-the-agencies-they-'oversee' dept

The Congressional showdown on Section 702 reforms/renewal continues to generate little actual debate or reform -- but plenty of bad proposals. Both the House and Senate Intelligence Committees have decided there should be a renewal -- preferably an extended one -- with zero actual reform.

Members of the House offered up some tepid reforms in the USA Liberty Act, only to find this offering blocked by the House Permanent Select Committee on Intelligence (HPSCI), which offered a zero-reform package at the last minute. Fortunately, no one was able to tack a lousy non-reform bill to the tailend of the annual budget bill, thereby dodging reform discussions and giving the NSA a surveillance blank check for the next 5-10 years.

Having been stiff-armed for a few weeks, the HPSCI has put together another Section 702 "reform" bill that does nothing to change the status quo and actually has the possibility of making things worse.

Sharon Franklin discusses the many, many problems with the House Committee bill at Just Security. What the committee offers up as reforms is language that can (and will) be read as allowing the NSA (and other agencies) to conduct themselves as they have for years -- this time with the explicit statutory authority granted to them by their supposed oversight.

Proponents of the Intelligence Committee’s bill contend that it presents a compromise approach to addressing both of these privacy risks, and that recent modifications to the bill address the concerns of privacy advocates. In reality, the bill includes no meaningful reform on either issue – or any other real reforms to Section 702. Instead, the Intelligence Committee’s bill would codify these two practices and risk expanding the government’s surveillance authority.

Codification would include the NSA's abandoned "about" email collection. The NSA voluntarily ditched this program because it couldn't stop collecting US persons' communications with this untargeted collection. This bill would allow the NSA to turn the collection back on, provided no introduced legislation specifically demanding the permanent shutdown of this collection method within 30 days of the NSA's notice. Worse, it would possibly allow the NSA to expand the scope of an already vaguely-targeted collection.

First, it could be interpreted by the government to permit unintentional “about” collection, such as where the Intelligence Community knows a certain technique results in “about” collection, but since that technique is not specifically intended to collect “about” communications, it engages in that collection nonetheless. Second, because the bill defines an “abouts communication” as “a communication that contains a reference to, but is not to or from, a target,” there is a risk that the bill could be interpreted to allow the government to collect communications that merely reference a target, such as mentioning a target’s name. Currently, the government may only collect communications that include a target’s “selector,” such as a target’s email or phone number.

The bill would also leave the backdoor search loophole wide open. The FBI (and other agencies) query NSA collections for information not necessarily related to national security investigations through this backdoor search, allowing them to use ostensibly foreign-facing collections for domestic policework. The bill does add a warrant requirement for these sorts of non-national-security-related searches, but this would only apply to "predicated investigations." This would allow the FBI to make use of NSA databases in other forms of investigations, including preliminary investigations -- all of which are based on less probable cause than "predicated" investigations. In other words, the FBI would be required to get a warrant during the final stages of a criminal investigation but need nothing to engage in fishing expeditions using NSA collections.

The HPSCI is also on the attack, trying to prevent other reform legislation from gaining supporters. It has gone so far as to portray support for competing bills containing actual reforms as threats to national security. Ron Wyden's office has issued a debunking of the HPSCI's outlandish claims.

HPSCI Majority allegation: USA RIGHTS will recreate a pre-9/11 “wall” preventing the Intelligence Community and law enforcement from sharing terrorism information.

Fact: Nothing in the USA RIGHTS Act prevents sharing of terrorism information.

HPSCI Majority allegation: USA RIGHTS prevents the IC from “uncovering plots against the United States and saving potential hostages via limitations on the ability to conduct U.S. person queries…”

Fact: USA RIGHTS, which requires a warrant for U.S. person searches of 702 data, includes an exception to rescue hostages, as well as an emergency provision that allows the government to search first and seek a warrant later. In addition, the government has other FISA tools, such as Section 215, that would allow it to swiftly “connect the dots” between suspects and terrorists without a probable cause warrant.

HPSCI Majority allegation: USA RIGHTS limits the government’s ability to obtain terrorism information by “unnecessarily restricting when the Government may ask for technical assistance from electronic communication service providers.”

Fact: Recent statements from the government indicate that it interprets Section 702 to allow it to direct electronic communication service providers to alter encryption. Even supporters of government-mandated weakening of strong encryption have argued for court orders. USA RIGHTS merely requires that the FISA Court oversee any such directives and ensures that those directives are tailored to the surveillance at issue.

HPSCI Majority allegation: USA RIGHTS would prevent NSA from “understanding foreign threat networks by permanently ending NSA’s ‘abouts’ collection.”

Fact: The “abouts” collection, which could include communications to and from innocent Americans on whom there is no suspicion, was suspended by the government due to significant compliance problems. If the government wishes to resume the “abouts” collection, it can always seek those authorities from Congress.

HPSCI Majority allegation: USA RIGHTS allows terrorists and spies to sue the U.S. government.

Fact: It is a basic tenet of the rule of law that surveillance authorities can be challenged in court. USA RIGHTS merely ensures that the government cannot abuse the secrecy of Section 702 to keep it from ever being challenged by anyone.

This is only a small part of the many claims the HPSCI has made in hopes of heading off any real challenge to its zero-reform Section 702 legislation. It's pretty sickening this is coming from legislators charged with subjecting surveillance efforts to intense scrutiny. The HPSCI has never held up any of the NSA's dubious claims as examples of untrustworthy behavior or as a threat to Americans' privacy. Instead, it focuses its attention on those who won't grant the NSA a pass it hasn't earned.

Either way, this issue is coming to a head today. House leadership tried to "appease" those who actually support the 4th Amendment by allowing just one amendment to be voted on -- good amendment by Reps. Justin Amash and Zoe Lofgren. House leadership apparently expects the amendment to fail, and then their awful bill to squeak across the finish line. In response, there's been a pretty frantic effort on both sides to garner support -- leading to the HSPCI's misleading attacks on the amendment.

If enough Reps in the House actually grasp what's at stake, and vote for the Amash/Lofgren amendment, it would be a pretty big game changer, and perhaps push the Senate away from its own bad proposals. If not, it will mean that a majority of our elected officials think that the 4th Amendment and the privacy of Americans is not particularly important. So right about now might be a good time to contact your representative to see where they stand on this.

Filed Under: 4th amendment, devin nunes, house intelligence committee, justin amash, nsa, section 702, surveillance, zoe lofgren

The Strange Fight Over Who Should Take John Conyers Spot Atop The Judiciary Committee

from the there's-a-bit-more-to-look-at-than-that... dept

As you may have heard, Rep. John Conyers recently stepped down from his role as Ranking Member (basically top member of the minority party) on the powerful House Judiciary Committee, and this week has announced his retirement, in response to multiple accusations of sexual harassment. That has kicked off something of an interesting and important debate over who should replace him as ranking member on the Judiciary Committee.

The next in line by seniority is Rep. Jerry Nadler. But right behind him is Rep. Zoe Lofgren. By way of disclosure, I'll note that I've gotten to know Lofgren over the years, and have donated to her election campaign. But even before I'd ever spoken to her, I've noted how she remains one of the few people in Congress who seems to consistently do the right thing on basically all of the issues that we care about at Techdirt. You can see our past coverage of stories involving Lofgren. Most specifically on copyright and surveillance, she hasn't just been on the right side, she's been leading the way. She is, almost single-handedly, the person who stopped SOPA from passing. She has consistently raised important issues and introduced important bills and amendments concerning copyright, NSA surveillance and the CFAA among other things.

Obviously, I think she'd make a great ranking member for the Judiciary Committee (or the chair should the House flip sides in the future). So I was happy to see her recently announce her intention to run for the Ranking Member position against Nadler. Who knows if she'll actually get the position, but I found it odd that upon announcing it, she was immediately attacked by, of all places, The Intercept, which put forth a really strange article accusing Lofgren of being a Google shill. This was strange on multiple levels -- though, I get it. Lofgren gets called a "Google shill" for the same reasons that we do here at Techdirt. Because, even though we frequently disagree with Google on a variety of issues, on the whole we support many of the same policies that protect free speech and open innovation online.

That's also true of Lofgren. While she's supported key policies on copyright, online speech, innovation and surveillance, she's similarly pushed back against Google quite frequently as well. She's publicly criticized the company for its lack of diversity. She's voted against a bill to expand H1-B visas that Google supported. She voted against Trade Promotion Authority (which Google stupidly supported -- as noted in one of my links above) that paved the way to moving forward on TPP. On top of that, the tech industry has mostly pushed back on CFAA reform, such as Lofgren's Aaron's Law, because companies want to have it as a tool to use against employees at times. Just recently, Lofgren has started digging into competition inssues in Silicon Valley, warning about the lack of competition and how it's a problem -- a position that, more than likely, Google finds worrisome.

That's just part of why it's so odd that the Intercept, of all publications, would post this article suggesting that Lofgren doesn't belong as the ranking member on the Judiciary Committee just because she's "close" to Google. Even odder, is the fact that the authors of the piece -- two reporters whose work I've long respected, Ryan Grim and Lee Fang -- focus entirely on claiming that Lofgren is a product of Google, while ignoring anything about Nadler. Not only has Nadler been on the wrong side of many of these same key issues, if you consider Lofgren somehow tied to Google (again, incorrectly) then you would similarly have to conclude that Nadler is in the pocket of the legacy entertainment industry, and their ongoing quest to destroy the internet as we know it. If you start looking at Nadler's campaign finance situation, it sure looks like he's the MPAA and the RIAA's favorite Congressman.

In the last campaign cycle, the RIAA gave significantly more to Nadler than any other Democrat. Same with Disney. Same with Sony. Same with Time Warner. Same with Universal Music. Same with the Association of American Publishers. Same with ASCAP. While Viacom gave a bit more to three other members, Nadler was the 4th highest support on the Democratic side. Comcast gave a little more to Conyers, but again, Nadler is near the top of the list. The Grammys have given more to Nadler than any other Democrat, and he repays them by holding events with them all the time.

There's a pretty clear pattern here. If the legacy copyright players want something on the Democratic side, Nadler's their guy. And, maybe that doesn't matter to the Intercept. Maybe it doesn't matter that bad copyright policies that he promotes would have serious downsides to the way the internet works, to free speech and to privacy. Maybe, the Intercept has decided that any possible "connection" to Google is worse than everything else. But considering that the whole creation of The Intercept came about because of the Snowden revelations, and a key focus of The Intercept is to report on the evils of government surveillance, it's kind of surprising that it would publish an article promoting Nadler over Lofgren while ignoring that Nadler has not always been a close friend of surveillance reform. It's true that he's sponsored some reform efforts, including the USA Freedom Act, but just last month he was seen voting against an important amendment brought forth by Lofgren, to end backdoor searches in the ongoing effort to reform Section 702.

So it seems odd that the Intercept is effectively arguing that Nadler would make a better ranking member on Judiciary, even as Lofgren has a stronger record on stopping government surveillance, just because some (falsely) believe that Lofgren is "tied" to Google. And, at the very least, if they're going to tar Lofgren because her views sometimes align with Google's, it seems that it could at least treat Nadler equally by looking into his close connections with the legacy entertainment business.

Filed Under: cfaa, copyright, hollywood, house judiciary committee, jerry nadler, john conyers, surveillance, zoe lofgren
Companies: google, mpaa, riaa

Members Of Congress: Court Was Wrong To Say That Posting The Law Is Copyright Infringement

from the time-to-clarify-the-law dept

Back in February, we wrote about a disturbing court decision that said that standards that are "incorporated by reference" into law, could still be copyright infringing if posted to the internet. In that earlier post I go into much more background, but the short version is this: lots of laws point to standards put together by private standards bodies, and say, effectively, "to be legal, you must meet this standard." For example, fire codes may be required to meet certain standards put together by a private standards body. Carl Malamud has spent years trying to make the law more accessible, and he started posting such standards that are "incorporated by reference" into the law publicly. His reasoning: once the government incorporates the standard into the law, the standard must be publicly available. Otherwise, you have a ridiculous situation in which you can't even know what the law is that governs you unless you pay (often a lot) to access it.

Standards bodies weren't happy about this -- as some of them make a large chunk of money from selling access to the standards. But from a straight up "the law should be public" standpoint, the answer should be "too bad." Unfortunately, the district court didn't see it that way, and basically said it's okay to have parts of our laws blocked by copyright. We thought that ruling had some serious problems, and Malamud and his organization Public.Resource.Org appealed. A bunch of amicus briefs have been filed in the case -- which you can see at EFF's case page on the lawsuit. There's a good one from some law professors about how the lower court got it wrong, as well as a ton of library associations (and also other law professors and former gov't officials). Public Citizen also filed a good brief on the importance of having access to the law. It's worth reading them all.

However, I wanted to focus on a different amicus brief, filed by two sitting members of Congress, Reps. Zoe Lofgren and Darrell Issa. The brief was put together by Harvard's Cyberlaw Clinic, with help from lawyer Cathy Gellis (who has represented us from time to time, as well as written some posts for Techdirt). It's certainly not unheard of to have members of Congress file amicus briefs in cases, but it's not particularly common either. The fact that two members of Congress are worried about the due process implications of a court ruling should, hopefully, capture the court's attention.

For the law to govern and protect the people, the people must know what the law is. By offering an electronic platform for the publication of legal codes and standards, Public Resource helps the public by providing access to laws that might otherwise be functionally inaccessible. Without this access, the consequences are significant. First, those who inadvertently violate inaccessible regulations may be blindsided by civil and criminal penalties for violations they did not know to avoid. Second, those whose health and welfare depends on others’ compliance with these regulations may suffer damage to their life, liberty, and property, as a result of both others’ ignorance of the law and their own inability to access the law in order to pursue enforcement. This Court should not endorse a copyright regime that allows private SDOs to limit access to the legal rules that govern and protect the public.

Also:

As members of Congress, our job is to draft and enact laws that govern the United States. But mere passage of legislation is not enough; due process requires more. The Fifth and Fourteenth Amendments dictate that no person is to be “deprived of life, liberty, or property, without due process of law.” U.S. Const. amend. V; U.S. Const. amend. XIV. There can be no due process when people cannot remain informed of the laws by which they are bound. And they cannot remain informed when the law itself is not sufficiently communicated to the people it governs.

Lots of people could make those points -- but having it come from the people who actually make the laws seems to make the point that much more relevant. Hopefully the court agrees.

Filed Under: carl malamud, darrell issa, incorporated by reference, law, standards, zoe lofgren
Companies: public.resource.org

Why Is Congress In Such A Rush To Strip The Library Of Congress Of Oversight Powers On The Copyright Office?

from the what's-the-hurry? dept

In the past few weeks, we've written a few times about this weird urgency among some in Congress to rush through a pretty major change to Copyright Office oversight. I wrote a deep dive piece over at The Verge discussing the issues at play, but Congress is pushing a bill to stop the new Librarian of Congress, Carla Hayden, from appointing a new head of the Copyright Office. Instead, the Congressional plan is to make the position a political appointee, nominated by the President, and approved by Congress. In that Verge piece, we explained why it was a major change, and scratched our heads at the fact that there appears to be no reason for pushing for this change other than (1) the legacy copyright industries know that their lobbying power will mean that the appointment will be to their liking and (2) they fear who Hayden might appoint. But, what's really odd is how quickly Congress is trying to push this through. As if the matter is incredibly urgent. There have been no hearings on the matter. There's been no public discussion on the pros and cons of such a move. Just a mad dash by a bunch of people in Congress to make this change official before Hayden can appoint someone.

Rep. Zoe Lofgren -- who appears to be one of the few people in Congress questioning why this is happening -- has put out a statement highlighting why this move is so problematic. A key point: if there is such a rush to make the change, how does it make sense to put this appointment power in the hands of a President who has left hundreds of federal jobs completely empty without any nominations at all?

... this legislation will harm and delay much-needed modernization efforts by making the Register a Presidentially appointed position. Currently, there is a backlog of 495 Appointee positions that have not even been nominated. This not only will delay effective administration of the Copyright Office, but also puts the efficiency gains made by the Library at risk. Under current modernization plans, the Library believes it can speed up the modernization plan by almost two years and save significant amounts of money. Those plans depend on an active Register of Copyright who is compliant and accountable to the Librarian. The long delay created by this bill in needing Senate confirmation of a Register will only harm these efforts.

In other words, the arguments for "urgency" because the Copyright Register position is currently vacant are undermining their own argument. Considering the nearly 500 federal government positions that have no nominees yet, who actually thinks that Trump will quickly get around to nominating a new Copyright Register, let alone having that person confirmed by the Senate? The current Librarian of Congress, Carla Hayden, on the other hand, has been reviewing candidates for months now and is likely close to having someone in place.

Similarly, as noted above, if (as is the typical line) this move is necessary to "modernize the Copyright Office," this plan does the exact opposite of that. Hayden has already put forth a plan to modernize the Copyright Office (and has experience modernizing a massive library system). But if the Copyright Office boss has to be nominated by a President who doesn't seem to feel like nominating anyone, and then approved by the Senate, the modernization plan will almost certainly be delayed. So why are supporters of this bill in such a rush if it's going to undermine and delay the key reason they give for supporting this bill: the modernization of the Copyright Office? It's almost as if that's not the real reason.

Separately, Lofgren points out that it's crazy to provide less oversight to the Copyright Office right after it's been revealed that one reason why Hayden likely fired the the previous Copyright Register was because of incredible mismanagement by the previous Register, that included a modernization program that was budgeted for less than $2 million, but ended up spending nearly $12 million before being dumped with nothing to show for it (as we first revealed here on Techdirt).

Removing Dr. Hayden’s ability to appoint the Register of Copyrights means she will be unable to hold employees accountable, and it creates uncertainty and ambiguity in the chain of command between the Librarian and Register of Copyrights.

The previous Register of Copyrights was removed after a Library of Congress Inspector General report found the Copyright Office not only wasted six years and nearly $12 million but hid this information from Congress, falsified information in reports to the Library, and submitted fake budget numbers for annual appropriations requests.

Dr. Hayden took appropriate steps to remove the Register responsible for this mismanagement. This bill would prevent Dr. Hayden from removing or ensuring accountability in any future Register by making the Register answerable only to the President -- a fundamental change in the relationship between Librarian and Register.

Finally, Lofgren notes that it certainly is at least notable and unfortunate that this move to rush through this change certainly appears to be an attempt by Congress to undermine the authority of the first female and first African American Librarian of Congress.

Finally, the bill is a clear affront to the first female Librarian of Congress. Dr. Carla Hayden is not only one of the most highly qualified Librarians ever to serve, but has also worked aggressively and in good faith to pull the Library and Copyright office into the 21st century. I find it deeply disturbing that for the first time in history, a female and a person of color is the Librarian of Congress, and for the first time in history, Congress would take away her power in order to give it to Donald Trump. While this does not point to motive, it is a distressing fact nevertheless.

This bill is a vote of ‘no confidence’ in a Librarian who is aggressively pulling the Library and Copyright Office into the 21st century and, by all evidence, justifiably reassigned an ineffective and negligent Register. It will only serve to delay Copyright Office modernization, harm the public, harm content creators, increase tension between the Library and Copyright Office, and harm Copyright Office employees.

Indeed. There are certainly arguments to be made for changing things up, but no one pushing for this bill seems to be able to answer why this needs to be changed so quickly, when such a change clearly undermines their own stated reasons for supporting the bill. From that, the most logical conclusion is that they are pushing for the change because they are worried about who Hayden is likely to appoint, rather than because of any principled argument.

Filed Under: carla hayden, congress, copyright office, donald trump, library of congress, oversight, politics, zoe lofgren

Another Major Scandal At The Copyright Office: $25 Million 'Fake Budget' Line Item

from the oops dept

On Monday, we published documents we obtained that revealed a massive amount of incompetence and waste at the Copyright Office. They had officially asked for $1.9 million on a technology modernization program, then spent $11.6 million on it without telling anyone about the ever-growing money pit, only to cancel the contract with the vendor last October with nothing to show for it. Oh, and throughout the process, it appeared that the Copyright Register misled both Congress and the Library of Congress.

It would appear that this is not the only time that the former Register of Copyrights, Maria Pallante, was found to be misleading Congress and the Library of Congress concerning the Copyright Office's budget and monetary needs. In the recent markup for a bill in the House Judiciary Committee that would make change the Copyright Register position to be a Presidential appointment, rather than by the Librarian of Congress, Rep. Zoe Lofgren revealed that Pallante had apparently put in place a fake $25 million budget line item, asking the Librarian of Congress to testify under oath what it was for, despite it being made up. You can see the comments here or in the video below:

If you can't watch that, here's the relevant transcript, as stated by Lofgren. She was trying to add an amendment to the bill that would still allow the Librarian of Congress to fire the Register of Copyrights if necessary (under the bill presented, only the President can fire the Register).

This amendment allows the Librarian of Congress to remove the Register. This is an essential provision. How can you expect the Librarian -- as mandated by law -- properly supervise the Copyright Office when the Register is answerable to no one but the executive branch? And how do you truly supervise someone you can't fire?

Now, what can a Librarian do if a Register is acting insubordinately, or giving fake budget request numbers. Unfortunately, this is not a hypothetical. While preparing the fiscal year 18 appropriations request, the Library noticed that a $25 million line item in the Copyright Office's request didn't add up. When questioned about this, Register Pallante stated that this number "was no big deal" -- it was just a placeholder and they'd make adjustments after the money was appropriated.

In other words, the Copyright Office gave the Librarian fake budget numbers with the intention that she go testify in front of the Appropriations Committee to the need of these funds that was made up.

That's fairly astounding. As far as I can tell, the "corrected" 2018 Copyright Office budget justification hasn't been released yet, but the 2017 version shows that there were three line items that added up to a grand total of $74 million. A $25 million dollar "fake budget" item in the Copyright Office's budget justification would represent somewhere around a third of the Office's budget. That's... incredible.

Once again, the conspiracy theories claiming that Google somehow had Pallante forced out are looking sillier and sillier. This is twice in one week that we've now come across stories of what appear to be serious problems with how the Copyright Office is managed -- and these issues only came to light after the new Librarian of Congress started actually doing her job and looking into what was happening down at the Copyright Office, only to find it was a disaster of bad project management, wasted budgets and (apparently) "fake budget" line items.

And yet, for unclear reasons, Congress continues to rush quickly forward with this bill to block the Librarian of Congress from even appointing a new head of the Copyright Office. That bill was introduced just a couple of weeks ago and would drastically change how things have been done for over a century, with no clearly stated rationale. In fact, Congress had held no hearings on this bill. Instead, in a matter of a couple of weeks it is already trying to get the bill to the floor and voted on, perhaps without even knowing about these scandals at the Copyright Office that have remained hidden until now.

Given all of this, and the fact that this is only coming to light now that there's a competent Librarian of Congress who's actually doing her job, why does Congress want to take away the ability of the Library to actually oversee the Copyright Office? How does that make any sense at all?

Filed Under: appropriations, copyright office, copyright register, fake budget, library of congress, zoe lofgren

Disinformation Works: House Rejects Plan To Stop Backdoor Surveillance Searches Following Devin Nunes Lies

from the sad dept

Earlier this week, we wrote about a ridiculous misinformation campaign that was being sent around by House Intelligence Committee chair Rep. Devin Nunes against an amendment (sponsored by Reps. Thomas Massie and Zoe Lofgren) to a Defense appropriations bill that would block spending on two different kinds of surveillance "backdoors." First, ending backdoor searches, whereby tons of information on Americans that was collected "incidentally" as part of other searches, and then kept, could be scanned without requiring the showing of probable cause. Second, blocking the NSA from requiring backdoors into encryption technologies. A basically identical amendment easily passed in each of the last two years, but was stripped out before a final bill was approved.

With so much focus on things like iPhone encryption this year, some were wondering how the House would handle the amendment this year, and Nunes apparently decided to ramp up the pure FUD and lies against it, sending around a letter that exploited the Orlando shootings from this weekend, falsely claiming that the bill would block law enforcement/intelligence from scanning the 702 database for connections between the shooter and overseas individuals. This is wrong (never mind the fact that the CIA admitted yesterday that it can't find any connections at all). There are plenty of other tools available, including the ability to get a warrant, for officials to search for the relevant data. Nothing in the amendment would have stopped that at all. It only stops the random sniffing through the database, without cause.

But, apparently such disinformation works. The amendment was narrowly voted down by the house, 198 - 222. Massie has said that he thinks Nunes' propaganda campaign was partly to blame.

Rep. Thomas Massie... the sponsor of the amendment the last three years, said he thought there were two reasons the proposal failed on Thursday. "I think it was about Orlando and a stronger disinformation campaign from the committee," he said, referring to a letter from Intelligence Committee Chairman Devin Nunes... that criticized the amendment.

"We had a stiff headwind," Massie continued. "But I think the winds will eventually change, and we'll prevail one day."

And it appears that Nunes' lies worked so well they were parroted by others during the debate:

Rep. Chris Stewart... who said he rose "to oppose the Massie amendment and the inaccurate accusations that underly it," argued that if the proposal were in effect today, the intelligence community would be unable to search the Foreign Intelligence Surveillance Act database for information on the deceased Orlando shooter, Omar Mateen. FISA is a law used to collect data on foreigners, but the National Security Agency dragnet also catches information on U.S. citizens who interact with those foreigners.

"We should be focused on thwarting terrorist attacks," Stewart said Wednesday, "not on thwarting the ability of intelligence professionals to investigate and stop them."

The only inaccurate accusations, though, are the ones put forth by Stewart here. NOTHING in the amendment would have thwarted anyone's ability to investigate the Mateen shooting or any other attack.

Rep. Bob Goodlatte repeated the same false thing as well:

"This amendment prohibits the government from searching data already in its possession, collected lawfully under section 702 of FISA, to determine whether Omar Mateen was in contact with foreign terrorists overseas."

Except it doesn't.

It's disappointing, if not that surprising, that it appears that the blatant misinformation and lies succeed to convince Congress to sanction practices that appear to be in conflict with the 4th Amendment.

Filed Under: backdoor searches, bob goodlatte, chris stewart, devin nunes, encryption, fud, nsa, thomas massie, zoe lofgren

House Intel Boss, Rep. Devin Nunes, Lying To Congress About Attempt To Stop Encryption Backdoors

from the liar-liar dept

There are some in Congress who apparently have no problem deceiving both their colleagues and the American public in the pursuit of making Americans less safe and putting our country, economy and infrastructure at risk. This time, it's House Intelligence Committee chair Rep. Devin Nunes, along with Rep. Lynn Westmoreland, who chairs the NSA subcommittee. They've been sending around a letter that blatantly misrepresents a proposal designed to better protect Americans' privacy and security.

For the past two years, around this time, we've talked about the importance of an attempt by Reps. Thomas Massie and Zoe Lofgren to prevent two different kinds of "backdoor" surveillance -- the use of backdoor searches to the NSA's 702 collection and (perhaps more importantly) attempts to backdoor encryption. The Massie/Lofgren amendment has been overwhelmingly supported in the House the past couple of years, but the Senate (with help from surveillance state supporters in the House) keeps conspiring to strip it out of the final agreement.

The Massie/Lofgren amendment is back again this year, and it's pretty straightforward. First, it defunds gov't employees from doing "backdoor" searches (i.e., searching through massive databases of material on Americans that was collected "incidentally" but still kept anyway):

... none of the funds made available by this Act may be used by an officer or employee of the United States to query a collection of foreign intelligence information acquired under section 702 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a) using a United States person identifier.

But, more importantly, it blocks any funding for attempts to force anyone to backdoor encryption:

none of the funds made available by this Act may be used by the National Security Agency or the Central Intelligence Agency to mandate or request that a person (as defined in section 101(m) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(m))) alter its product or service to permit the electronic surveillance (as defined in section 101(f) of such Act (50 U.S.C. 1801(f))) of any user of such product or service for such agencies.

While that's a bit of a word jumble, in short, it says that the NSA and CIA cannot force companies to backdoor encryption to enable government surveillance. This point is especially important this year, following on the DOJ/FBI's flubbed attempt to force Apple to decrypt some iPhones earlier this year, combined with the dangerous Burr/Feinstein anti-encryption bill (thankfully dead for now), to offer Congress a clear attempt to say that it will not accept attempts to backdoor encryption.

In the past, those in Congress against this amendment have tried to stop it by totally misrepresenting what the amendment covers, and that appears to be the strategy of Nunes and Westmoreland this time around.

In the letter being sent around to other Representatives, they lay on a thick layer of misleading to downright false FUD (fear, uncertainty and doubt) -- and of course, they exploit the tragedy in Orlando to further their misleading claims.

The national security threats to the United States and its allies are greater today than at any point since 9/11. To keep Americans safe, our Intelligence Community needs to fully employ every tool available to it. We cannot be lulled into a false sense of security. As recent events in Orlando have made tragically clear, terrorists will continue to attack the U.S. homeland.

That seems like a somewhat misleading and self-serving description of what happened in Orlando. While there's still a variety of reports, it's clear that the shooter was an American, born in America, and it doesn't appear he had any connection whatsoever to overseas terrorist organizations. In short: this doesn't look like an issue that the intelligence community would have been able to figure anything out about. The shooter was already known to the FBI, who investigated him and found nothing. And then it appears that he did the shooting on his own, meaning there is little "communication" that the intel community would have needed to track. But even if there was, nothing in this amendment would stop law enforcement or the intelligence community from getting access to such information. Nothing.

But Nunes and Westmoreland are just warming up. It's the next part that is really extremely misleading.

Despite the threats that face us, Congressman Massie and Congresswoman Lofgren's amendment to the Department of Defense Appropriations Act (H.R. 5293) would end the use of a vital tool for identifying and disrupting terrorist plots at home and abroad. If this amendment were enacted, the Intelligence Community would not be able to look through information lawfully collected under FISA Section 702 to see if Omar Siddiqui Mateen, the Orlando nightclub attacker, was in contact with any terrorist groups outside the United Statets.

This is just blatantly false. It's true that outlawing backdoor searches would mean that law enforcement and intelligence wouldn't be able to do backdoor searches on Mateen's communications, but this falsely implies that's the only way in which Mateen's communications could be checked. That's just wrong. Law enforcement still can (and I'm sure already has) get access to Mateen's call records and lots of other communications information through a variety of third parties (and I'm sure would have no trouble getting warrants issued if necessary). Law enforcement and the intelligence community could still get a warrant to search through the information that has been collected. They just need to get a warrant -- which should be pretty damn easy. So there's nothing stopping law enforcement from figuring out if Mateen was in contact with people overseas. The bill just means that the intelligence community can't just go randomly sniffing through the massive database they've already collected of "incidental" information from other searches.

This is no way to legislate. To blatantly mislead their Congressional colleagues in order to protect programs that harm Americans' privacy and security is a pretty cowardly approach to handling these issues. It's fine to debate the relative merits (or lack of merits) of the Section 702 program or other surveillance techniques, but flat out lying to colleagues to block an amendment that they've overwhelmingly supported for the past two years just seems... dishonest and sleazy.

Filed Under: amendment, appropriations, backdoor searches, backdoors, devin nunes, encryption, house intelligence committee, lynn westmoreland, omar mateen, section 702, surveillance, thomas massie, zoe lofgren

Lawmakers Speak Out On Apple Being Forced To Create Backdoors; Some Wisely, Some Ignorantly

from the some-good,-some-bad dept

Everyone's talking about the big legal fight that magistrate judge Sheri Pym has kicked off by ordering Apple to build a backdoor into an iPhone to get around security tools that would block attempts to decrypt the contents of the phone. As some are noting, if the ruling is not overturned it could force Congress to change the law. Over the last year or so, it had become clear that Congress did not support laws that mandate backdoors. Yes, some in Congress -- including Senators Richard Burr, Dianne Feinstein and John McCain -- have been pushing for such legislation, but most have admitted that there aren't nearly enough votes in support of that, and there are many in Congress who recognize the ridiculousness of such a law. A year ago, a congressional hearing made it clear that there was a ton of skepticism in Congress about ordering backdoors.

And now we see Congress speaking out about the court order as well. Rep. Ted Lieu -- who, people always point out, has a computer science degree, and who a year ago noted that backoors were "technologically stupid" -- has told the DailyDot that this order creates a very dangerous slippery slope:

"Can courts compel Facebook to provide analytics of who might be a criminal?" Lieu said in an email to the Daily Dot. "Or Google to give a list of names of people who searched for the term ISIS? At what point does this stop?"

Rep. Zoe Lofgren put out a detailed statement saying that the order was "an astonishing overreach of authority by the Federal government," and warned that it appeared to go against the wishes of Congress and that even if the order is upheld, it will only result in stronger encryption that can't be backdoored:

Apple, as do other technology companies, complies with lawful orders and warrants. But they are unable to deliver to the government what they do not have – in this case, a key to break into their operating system in the manner the FBI desires. It is astonishing that a court would consider it lawful to order a private American company be commandeered for the creation of a new operating system in response.

The issue of mandating back doors in encryption has been a topic of vigorous discussion in the Congress. The emerging consensus has been that creating back doors for the use of law enforcement, important as law enforcement is, would endanger Americans by generally weakening security. These weaknesses will inevitably be exploited by criminal hackers or foreign opponents. That a single magistrate should substitute her judgment for that of the duly elected President and Congress – that was already thoroughly engaged in the subject – is wrong as a matter of policy and of law.

Finally, should this order not be overturned, technology companies will have no choice but to further deploy robust encryption that would prevent their engineers from creating any system that would effectively open up previously deployed security measures.

I urge the judicial branch to swiftly overturn this misguided ruling and further urge the Director of the FBI to refrain from seeking public policy decisions from the courts that are more properly decided by the Legislative branch of government.”

Senator Ron Wyden put out a statement as well, noting how this ruling will be interpreted around the globe:

I don't take a backseat to anyone when it comes to hunting down terrorists and protecting Americans from harm. However, this unprecedented reading of a nearly 230-year-old law would create a dangerous precedent that would put at risk the foundations of strong security for our people and privacy in the digital age. If upheld, this decision could force U.S. technology companies to actually build hacking tools for government against their will, while weakening cybersecurity for millions of Americans in the process.

Furthermore, this move by the FBI could snowball around the world. Why in the world would our government want to give repressive regimes in Russia and China a blueprint for forcing American companies to create a backdoor? Companies should comply with warrants to the extent they are able to do so, but no company should be forced to deliberately weaken its products. In the long run, the real loses will be Americans' online safety and security.

Of course, not all our lawmakers are so enlightened. Senator Feinstein, despite technically representing Apple, has shown for a long time now that she has no interest at all in representing the true interests of anyone in California if it goes against the desire of the surveillance state. She basically told Apple to shut up and do what the court says. After pretending it's about protecting Californians (because San Bernardino is in California) she warns that if Apple doesn't obey it will force her and Senator Burr to push for the legislation they've already been pushing for:

I would hope that bill would not be necessary. I would hope Apple understand the seriousness of this request. I have no doubt that to deny the request would likely bring on law to change law, so that this can be done. We're in jeopardy if you cannot -- through proper evidence submitted by a probable cause warrant -- be able to open these systems.

The PBS interviewer who asked Feinstein about this also asked (twice!) about Apple's statement that creating backdoors will create opportunities for those with malicious intent to break into the phones as well, and Feinstein displays her technological ignorance by stating:

Oh I don't believe that's necessarily true.

She's wrong about that. She's literally advocating for everyone to be made less safe just so we can get a little more information on some people who we already know committed a crime. That's crazy.

And, of course, Senator Burr made a similar statement -- first by lying and pretending that the order is not about creating a backdoor:

There are no decryption demands in this case, and Apple is in no way required to provide a so-called backdoor. The FBI needs access to the phone so the agency can better piece together information about the terrorists and whom they contacted.

This is technologically ignorant as well. This is exactly what a backdoor is. Apple is being told to create a bit of software that disables security measures in order to decrypt encrypted material. That's the very definition of a backdoor. Burr goes on, pretending that weakening the safety and security of basically everyone is somehow making them more secure:

The iPhone precedent in San Bernardino is important for our courts and our ability to protect innocent Americans and enforce the rule of law. While the national security implications of this situation are significant, the outcome of this dispute will also have a drastic effect on criminal cases across the country. The newest Apple operating systems allow device access only to users — even Apple itself can’t get in. Murderers, pedophiles, drug dealers and the others are already using this technology to cover their tracks.

Yup, always bring up the holy trinity of "murderers, pedophiles and drug dealers." I'm amazed he didn't say terrorists as well. Of course, as people keep pointing out, there have always been ways for people with ill-intent to hide their communications. There's nothing in the law that says we have to be able to track every communication ever made by everyone. That's a dystopian vision -- but one that apparently Senator Burr likes.

Even worse, Burr insists that because the law "protects" Apple in other cases, it should roll over for this. And also, ridiculously, he argues that this is more about Apple's business model than protecting the safety of Americans.

Apple’s position in the San Bernardino case affirms that it has wrongly chosen to prioritize its business model above compliance with a lawfully issued court order. While the company may have routinely complied with such court orders in the past, it now claims that it cannot comply as a result of security features it has built into its newest products. Apple exists as a corporate entity with the protections provided by U.S. laws, but it cannot be allowed to pick and choose when to abide by those laws as it sees fit. We are a country of laws, and this charade has gone on long enough. Apple needs to comply with the court’s order.

Hilariously, this is the very same Senator Burr who, just months ago, was going on and on in Congress about the importance of cybersecurity, and fearmongering about "cyberattacks." What he doesn't seem to recognize is that the only real way to protect against those attacks is encryption. The very encryption he now seeks to undermine.

Others in the Senate are making similarly ignorant statements, including Senator Tom Cotton, whose statement is so over-the-top ridiculous and wrong as to almost not be worth mentioning:

"Apple chose to protect a dead ISIS terrorist's p‎rivacy over the security of the American people. The Executive and Legislative Branches have been working with the private sector with the hope of resolving the 'Going Dark' problem. Regrettably, the position Tim Cook and Apple have taken shows that they are unwilling to compromise and that legislation is likely the only way to resolve this issue. The problem of end-to-end encryption isn't just a terrorism issue. It is also a drug-trafficking, kidnapping, and child pornography issue that impacts every state of the Union. It's unfortunate that the great company Apple is becoming the company of choice for terrorists, drug dealers, and sexual predators of all sorts."

I mean, come on. Apple is not "protecting a dead ISIS terrorists' privacy," it's talking about the very real issue of whether or not courts have the power to order companies to hack their customers on behalf of the government. That's a big deal that you would think would matter to politicians.

These statements are not unsurprising, but they continue to show a level of profound ignorance about basic technology issues. The fact that Feinstein and Burr, at least, are working on legislation around an issue they so clearly have no clue about is downright scary. One hopes that the others who actually understand the technical and legal issues -- such as those at the top of this article -- will prevail in Congress.

Filed Under: all writs act, dianne feinstein, encryption, going dark, precedent, richard burr, ron wyden, ted lieu, tom cotton, zoe lofgren
Companies: apple

House Votes To Block Backdoor Searches And To Block Backdooring Encryption

from the let's-do-this-once-again dept

Last night, we noted that an amendment from Reps. Thomas Massie and Zoe Lofgren was on the docket that had two provisions to stop two different kinds of surveillance: the first, taking away funding from "backdoor searches" which are a hugely problematic "loophole" that the NSA uses to do warrantless surveillance of Americans. In many ways, this is much worse than the bulk collection programs that were just hindered by the USA Freedom Act. The second part of the amendment was barring funds from being used to mandate "backdoors" into technology products -- another hugely important move. Thankfully, the amendment passed by a wide margin earlier today: 255 - to 174.

While this is great news, I'm somewhat surprised and disappointed that the margin of victory here was lower than a nearly identical amendment last year (which was approved 293 to 123. It's possible that some of last year's votes were in protest to the falling apart of the USA Freedom Act a year ago -- whereas since it passed this year, some felt it was okay to shift their vote here. Still, in many ways, this has the potential to be a much bigger deal and much more important than the USA Freedom Act, because those backdoor searches are a huge problem.

Of course, it's still a long way from making it into law. As we saw last year, this amendment was quietly dropped later in the year, as part of the giant "CRomnibus bill" that the government needed to pass. Still, we can hope that Congress finally recognizes how important this is.

Filed Under: backdoor searches, backdoors, congress, encryption, nsa, section 702, thomas massie, zoe lofgren