SEC Boss Can't Keep Her Story Straight On Whether Or Not SEC Snoops Through Your Emails Without A Warrant

from the let's-get-this-straight-now... dept

For many years now, we've been writing about the need for ECPA reform. ECPA is the Electronic Communications Privacy Act, written in the mid-1980s, which has some frankly bizarre definitions and rules concerning the privacy of electronic information. There are a lot of weird ones but the one we talk about most is that ECPA defines electronic communications that have been on a server for 180 days or more as "abandoned," allowing them to be examined without a warrant and without probable cause as required under the 4th Amendment. That may have made sense in the 1980s when electronic communications tended to be downloaded to local machines (and deleted), but make little sense in an era of cloud computing when the majority of people store their email forever on servers. For the past few years, Congress has proposed reforming ECPA to require an actual warrant for such emails, and there's tremendous Congressional support for this.

And yet... it never seems to pass. The story that we keep hearing is that two government agencies in particular really like ECPA's outdated system: the IRS and the SEC. Since both only have administrative subpoena power, and not the ability to issue warrants like law enforcement, the lower standards of ECPA make it much easier for them to snoop through your emails without having to show probable cause. Last year, in a Congressional hearing, the SEC's boss, Mary Jo White, was questioned about this by Congressman Kevin Yoder, who has been leading the charge on ECPA reform. As we reported at the time, in the conversation, White clearly said that the SEC needed this ability or it would lose "critical" information in its investigations. You can see the conversation from 2014 below, where White (starting around 2:30) explains how vital this process is to the SEC: Here's the key line:

"What concerns me, as the head of a... law enforcement agency, is that we not put out of reach of lawful process... what is often, sometimes the only, but critical evidence of a serious securities fraud.... And we use that authority quite judiciously, but it's extremely important to law enforcement."

What struck us as interesting last year was White admitting that the SEC appeared to regularly use this process, since she noted that it was "extremely important" and provided "critical evidence."

Fast forward to this week, and the same two players were involved in yet another Congressional hearing. You can see that conversation here as well, with the critical point being made after about four and a half minutes, where White says some of the same stuff, about the privacy protections, and how even if the SEC used this process it still notifies the subscribers to give them a due process right to protest the subpoena... but also, oddly, seems to claim that the SEC never actually makes use of this process: Here's the key line this time (the full response is a jumble of half sentences and unfinished thoughts, so it's a bit of a mess):

"While these discussions have been going on, to try to sufficiently balance the privacy and the law enforcement interests, we've not to date to my knowledge proceeded to subpoena the ISPs. But that, I think, is critical authority to be able to maintain -- done in the right way and with sufficient solicitousness and it's very important to the privacy interests which I do think can be balanced.

As I said, if you watch her entire response, it's a complete mess of half-finished thoughts, which seems rather typical of someone trying to sound like they're answering a question but not actually doing so. Later in the same answer, she insists that taking away this authority might take away an important tool.

So, we know that the SEC really wants to keep this tool. But last year it said it was "extremely important" and provided "critical evidence." This year, she's saying that the SEC isn't even using the tool. So, uh, which is it? Is this tool absolutely necessary for critical evidence, or is it not even being used by the SEC?

And, through all of this, the SEC still has not answered the most basic question: why can't it treat email the same way it has to treat paper documents under the 4th Amendment? That is, if it wants the document it can subpoena the end user for those documents. It does not get to route around the end user and subpoena a third party for those documents. So why can't it treat email in the same way?

Filed Under: ecpa, ecpa reform, emails, irs, kevin yoder, mary jo white, sec, subpoenas, warrants

California Legislators Pushing Warrant Requirement For All Access To Electronic Information, Including That Obtained By Stingrays

from the strong-nod-towards-long-ignored-rights dept

Good news from California: a bill requiring warrants for Stingray device usage (among other things) has passed out of a Senate committee and is headed for an assembly vote.

Among other sweeping new requirements to enhance digital privacy, the bill notably imposes a warrant requirement before police can access nearly any type of digital data produced by or contained within a device or service.

In other words, that would include any use of a stingray, also known as a cell-site simulator, which can not only used to determine a phone’s location, but can also intercept calls and text messages. During the act of locating a phone, stingrays also sweep up information about nearby phones—not just the target phone.

Despite similar bills being killed by governor vetoes in 2012 and 2013, California legislators are still looking to reform the state's privacy laws. For one thing, this new bill would put the state's Electronic Communication Privacy Act in compliance with the Supreme Court's recent Riley v. California decision (warrant requirement for cell phone searches incident to arrest), as Cyrus Farivar points out.

The committee passed it with a 6-1 vote, suggesting there's broader support for privacy and Fourth Amendment protections now than there were in the pre-Snowden days. Of course, the usual opposition was on hand to portray those pushing for a warrant requirement as being in favor of sexually abusing children.

[Marty] Vranicar [California District Attorneys Association] told the committee that the bill would "undermine efforts to find child exploitation," specifically child pornography.

"SB 178 threatens law enforcement’s ability to conduct undercover child porn investigation. the so-called peer-to-peer investigations," he said. "Officers, after creating online profiles—these e-mails provide metadata that is the key to providing information. This would effectively end online undercover investigations in California."

Vranicar failed to explain how an officer conducting an ongoing investigation would be unable to obtain a warrant for PTP user data… unless, of course, the "investigation" was nothing more than unfocused trolling or a sting running dangerously low on probable cause. Nothing in the bill forbids officers from using other methods -- Fourth Amendment-respecting methods -- to pursue those suspected of child exploitation. What it does do is make it more difficult to run stings and honeypots, both of which are already on shaky ground in terms of legality.

Additionally, the bill demands extensive reporting requirements pertaining to government requests for data, and makes an effort to strip away the secrecy surrounding search warrants.

1546.2 (a) Except as otherwise provided in this section, any government entity that executes a warrant or wiretap order or issues an emergency request pursuant to Section 1546.1 shall contemporaneously serve upon, or deliver by registered or first-class mail, electronic mail, or other means reasonably calculated to be effective, the identified targets of the warrant, order, or emergency request, a notice that informs the recipient that information about the recipient has been compelled or requested, and states with reasonable specificity the nature of the government investigation under which the information is sought. The notice shall include a copy of the warrant or order, or a written statement setting forth facts giving rise to the emergency.

(b) If there is no identified target of a warrant, wiretap order, or emergency request at the time of its issuance, the government entity shall take reasonable steps to provide the notice, within three days of the execution of the warrant, to all individuals about whom information was disclosed or obtained.

This isn't blanket coverage or without exceptions. Officers can still offer sworn affidavits in support of sealing to the court, which may then seal warrants on a rolling 90-day basis at its discretion.

Law enforcement will continue to fight this bill, but its opposition seemingly had no effect on the Public Safety Committee. This bill brings the government into a much tighter alignment with the wording and the intent of the Fourth Amendment. The arguments against it demonstrate that the law enforcement community continues to prize efficient policing over the public's (supposedly) guaranteed rights.

Filed Under: california, imsi catchers, stingrays, warrants

Judge John Facciola On Today's Law Enforcement: I'd Go Weeks Without Seeing A Warrant For Anything 'Tactile'

from the 'start-canvassing-the-neighborhood-for-unlocked-cellphones' dept

We lost one of the "good guys" when Magistrate Judge John Facciola retired late last year. Facciola was a leading figure in the small -- but important -- "Magistrates' Revolt" that emerged in the wake of the Snowden leaks. Multiple times the government approached Facciola for a signature on overly-broad warrants seeking the entire contents of a phone or an email account, only to find the judge unwilling to help it pack for its fishing trip.

More than once, the government was forced to rewrite its requests, and on one memorable occasion, it went "judge shopping" in hopes of obtaining the signature Facciola wouldn't give it, only to be rebuffed by the unamused judge on the opposite coast.

Zoe Tillman of the National Law Journal has a fascinating interview with the retired judge. Facciola was one of the few magistrates who actively attempted to understand the legal nuances inherent to today's interconnected world. According to Facciola, magistrate judges who allow technological advances to pass them by aren't doing the public any favors by not staying current. Law enforcement has moved on, and it's tough to act as a check against overreach if you don't understand the subject matter. The mental image of investigators dusting for fingerprints and tossing suspects' residences is completely outdated. Investigative work now involves -- almost exclusively -- more ethereal methods.

When asked how his job had changed since he took his post in 1997, Facciola responded:

[I]n March 2012, my criminal month, at the end of the month I realized something: I had not issued a warrant or an order for anything that was tactile. Everything I issued was for some form of electronically stored information. Whether it was a Facebook account or cell site information.

You almost look forward to the day when a guy will just want to break a door down and go in and get cocaine. Those days are gone forever apparently.

This would explain law enforcement's outspoken opposition to any form of electronic encryption. Today's law enforcement agencies seemingly have little stomach for old-fashioned police work. Searching something "tactile," like a suspect's residence, is almost always an afterthought. These agencies would rather dig through every communication they can obtain before they even think about utilizing methods that have worked for years. (And default mode for today's law enforcement has shifted the approach to physical searches as well. Increasingly, handling the "tactile" means going "tactical" with no-knock warrants, military rifles, full body armor, repurposed mine-resistant vehicles and a hell of a lot of guys shouting contradictory instructions/firing weapons in contradictory directions within moments of the "breach.")

This nearly-exclusive focus on digital searches poses a problem for the magistrates charged with vetting warrants for Constitutionality, not the least of which are the outdated laws and guidelines governing searches of citizens' communications and data. And this can't be fixed by the courts themselves.

[T]he problem is not a judicial one, the problem is Congress has not looked at the Stored Communications Act since 1986. My gosh. 1986. [...] If you look at the opinions about the Stored Communications Act, they are some of the most complicated opinions you will see because it's a classic example of the square peg not fitting in the round hole… There [is] out there a lot of wonderful thinking about how the act could be amended to bring it kicking and screaming into the 21st century. But no movement by Congress. That's deeply troubling.

Not that the judicial system hasn't tried. It's just that the conclusions are still unclear and mainly deal with warrantless searches. The Sixth Circuit Court ruled that email contents are covered by the Fourth Amendment, contrary to the claims of those who rely on the outdated SCA. The Supreme Court had a chance to weigh the SCA against the Fourth Amendment in 2010, but chose to carefully avoid the subject. So, if it's to be fixed, it's up to Congress, and there is only a very slim chance that it will be willing to alter a law so thoroughly exploited by law enforcement and intelligence agencies, even given the events of the past couple of years.

Particularization is what's needed in the digital realm, according to Facciola, but that's clearly not what the government wants. It wants to dump peoples' computers and devices on the metaphorical carpet and root through the pile until it finds what it's looking for. (Or, as has happened frequently, find something it wasn't looking for and pursue that angle instead/in addition, occasionally necessitating additional warrants.)

Particularized searches of ethereal contents is easier said than done, especially when one half of the parties involved has no interest in limiting its searches. Facciola has suggested searches of this type be handled by the third party that holds the data, but that has been shot down by other judges as "impractical." Facciola additionally suggests wholly separating the search team and the evidence review team (using a "Chinese wall") to help assure the search won't exceed the limitations provided by the warrant. The last resort is still the front line, however.

The third solution… is more careful supervision of the conduct of the search by the magistrate judge.

That's where Facciola fit in. He challenged the government on its broad search requests and forced it to reconsider its tactics. Unfortunately, there's usually been another judge willing to grant warrants that don't meet the standards of more demanding magistrates.

In his parting comment, Facciola points out that judges aren't the only technologically-resistant participants in the judicial system. Those on the other side of the bench have their issues as well.

We have to get across to lawyers that they really have to read outside of their fields. Every day I read the tech section of The New York Times. I find almost every article has to do with the law. And that's an important thing.

I learned from [a law professor] that — did you know this? — the telephone was in existence for 10 years before lawyers started to use it. They thought it was beneath their dignity. You wondered, did they use the elevator?

Filed Under: 4th amendment, john facciola, law enforcement, magistrate's revole, surveillance, warrants

Google Blasts DOJ's Request For Expanded Search Powers; Calls Proposal A Threat To The Fourth Amendment

from the to-keep-up-with-the-bad-guys,-we're-just-going-to-need-the...-EVERYTHING dept

The DOJ wants to amend Rule 41 (Search and Seizure) to grant its agencies unilateral powers to hack any computer in the world. This would expand its reach beyond the US, using warrants granted by magistrate judges to facilitate searches and seizures of remote data. This would obviously open up a whole diplomatic can of worms, what with the FBI hacking into computers whose locations it can't ascertain until after the fact.

Not that the DOJ is bothered by the implications of the amendment it's pushing. It argues that the law already has determined searches in known jurisdictions legal. What's left to be established is whether it's similarly legal to search computers whose true location is unknown, thanks to the use of proxies and VPNs. That operating extraterritorially might cause some diplomatic strain or possibly even be illegal in the country the search takes place doesn't seem to have crossed its mind. In its opinion, this is the natural progression of Rule 41, which must be updated to reflect the change in technology.

Google has fired back at the DOJ in its comments on the proposed wording change, pointing out not only the damage it could cause to international relationships, but also its further dismantling of Fourth Amendment protections.

Although the proposed amendment disclaims association with any constitutional questions, it invariably expands the scope of law enforcement searches, weakens the Fourth Amendment's particularity and notice requirements, opens the door to potentially unreasonable searches and seizures, and expands the practice of covert entry warrants.

Google then suggests that if the DOJ wishes to keep stripping away these protections, it should have the decency to do it the way it's usually been done: through acts of Congress.

The substantive changes offered by the proposed amendment, if they are to occur, should be the work of congressional lawmaking. Such was the case with a slew of legislation providing law enforcement with the ability to use technological means to conduct invasive searches on targets, including the Foreign Intelligence Surveillance Act, which provides law enforcement with the ability to legally surveil and collect foreign intelligence information; Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which provides law enforcement with the ability to legally intercept wire, oral, and electronic communications; the Stored Communications Act, which provides law enforcement with the ability to legally access electronically stored communications; and the Pen Registers and Trap and Trace Act and USA PATRIOT Act, both of which provide law enforcement with the ability to legally intercept real-time telephony metadata. In passing this legislation, Congress was able to openly debate and weigh the various constitutional issues at play.

This would seem to be the least the DOJ can do, rather than trying to sidestep the process it forces American citizens to use.

"I empathize that it is very hard to get a legislative change," Amie Stepanovich, senior policy counsel with Access, a digital-freedom group, told the judicial panel during a meeting called to review the proposal in November. "However, when you have us resorting to Congress to get increased privacy protections, we would also like to see the government turn to Congress to get increased surveillance authority."

Google also warns that the non-specific wording of the proposal lends itself to all sorts of shady tactics.

There are a myriad of serious concerns accompanying the government's use of NITs [Network Investigative Techniques]. These are outlined in detail in other comments submitted to the Committee and include, among other things, the creation of vulnerabilities in the target device thereby increasing the target's risk of exposure to compromise by other parties, actual damage to the target device, the creation of a market for zero-day exploits, and unintended targets' exposure to malware. Additionally, the remote facilities accessed by the government may in fact identify and disclose the 'hack' or take action to prevent it or retaliate against its use. These are serious concerns that are more appropriately considered and balanced by Congress than by the Committee.

Again, with the exception of the eventuality listed last, these are side effects the DOJ couldn't care less about. Collateral damage is almost always acceptable, and at this point -- considering what we've learned about the tactics deployed by the NSA and other intelligence agencies -- making things worse and less safe for the world's citizens is just another essential part of fighting Wars on Things.

The DOJ seems to view its proposal as a necessity in the race against technological advance, rather than a dangerous expansion of power that could result in some very negative repercussions. Unfortunately, the nation's prosecutors and magistrate judges seem to be very much aligned with the DOJ. Both refer to the Rule 41 change as "filling a significant gap" in existing law.

But it does far more than that. The DOJ argues it's just a needed tweak, but it gives its agencies unprecedented extraterritorial powers and encourages these investigators to view anonymous connections as inherently suspicious.

Filed Under: doj, fbi, hacking, overseas, rule 41, search powers, warrants
Companies: google

Supreme Court To Tackle LA Law Enforcement's Warrantless Access To Hotel Records

from the time-to-take-the-3rd-party-doctrine-'round-back-and-put-it-out-of-everyone&# dept

The question of whether law enforcement's warrantless (and subpoena-less) access to hotel records falls outside the confines of the Constitution will be answered by the Supreme Court. An en banc hearing by the Ninth Circuit Court found that Los Angeles' ordinance granting local law enforcement this power was unconstitutional. Not content with this finding, the city of Los Angeles has managed to bump it up to the highest judicial level.

Along the way, the city has argued that its access-on-demand doesn't constitute a search, much less violate hotel owners' (or their customers') civil liberties. It also argued that the end justifies the means, and that because the files were often electronic, there was no real intrusion. The city's arguments rely heavily on two oft-misused Fourth Amendment-related terms: "reasonable expectation of privacy" and the infamous "Third Party Doctrine."

The Cato Institute has entered a brief in support of the plaintiffs which points out that both of these go-to justifications for warrantless access to the papers of others are deeply flawed. (via Overlawyered)

As we’ve done in many prior briefs, we discourage the Court from applying the “reasonable expectation of privacy” test. “Reasonable expectations” doctrine is a contortion of the Fourth Amendment that springs from one concurrence in a 1967 case. Rather than estimating whether hoteliers have a “privacy expectation” in their records, we invite the Court to adhere to the Fourth Amendment’s language and determine whether the the right of Los Angeles hoteliers “to be secure in their persons, houses, papers, and effects” is protected by a statute that permits any search of their records law enforcement should want.

The same could be said for hotel guests, whose expectation that any info turned over in exchange for access to a room would be limited to them and the business owners -- and not forcibly "shared" with any law enforcement officer who happened to wander into the building.

The brief also argues that the court should revisit the Third Party Doctrine, as long as it has the eternally-ethereal "reasonable expectation of privacy" on its mind. This doctrine has been used to justify all sorts of warrantless demands for data, as well as forming the backbone of the NSA's most infamous domestic surveillance program, the Section 215 telephone metadata dragnet.

The argument frequently deployed by the government is that any information voluntarily turned over to a third party is fair game. But is the information gathered by hotel/motel operators, in any shape or form, voluntary? The answer should be obvious, but has rarely been given by federal judges. A hotel owner isn't going to give someone a room unless they give up a certain amount of personal information. It clearly isn't voluntary. It's a requirement -- one that's no different than AT&T refusing to give you cellphone service unless it can collect data on calls made and received, along with a certain amount of location data to ensure no roaming fees go uncollected. This "exchange" is no more "voluntary" than the hotel/customer exchange. But yet, the government continues to insist it is, and it is very rarely challenged on this assertion.

As Cato points out, to continue to rely on a barely-there precedent from nearly 50 years ago is absurd. After all, if this outdated view on "reasonable expectation of privacy" was weaponized to turn businesses into ad hoc informants for intelligence and law enforcement agencies, it would be pure madness.

There would be no end to it if the government were allowed to require businesses to perform surveillance on its behalf. Banks could be made to collect and turn over sensitive financial information about customers. The phone company could be made to turn over information about Americans’ calling behavior. The list goes on.

Ha. It's funny because IT'S EXACTLY WHAT HAS HAPPENED.

The government has no "right" to warrantless access to anything it decides is "voluntarily" being turned over to third parties. Or, at least, it shouldn't have this right, but the courts (and secret laws with secret interpretations) have turned warrantless acquisition into the default mode. If the end is law enforcement, then these agencies need to be forced to produce something resembling "probable cause" in exchange for the wealth of data being generated by citizens every minute of every day. But respecting the Fourth Amendment is often pitched to judges as an impediment to efficient law enforcement. There has been some very recent pushback from the judicial branch that calls into question the long-held assumption that the ends are self-justifying. The same needs to happen here at the highest court in the land.

Filed Under: 4th amendment, 9th circuit, hotel records, supreme court, third party doctrine, warrants

Police Union: You Can Have Safe Neighborhoods Or Be Free Of Flashbang-Burned Toddlers, But Not Both

from the the-maiming-of-toddlers-is-acceptable-collateral-damage,-apparently dept

A Georgia state senator has announced a bill to limit the use of no-knock warrants. These warrants have gone from the exception to the rule over the past several years, as our nation's drug warriors apparently labor under the assumption that drug dealers keep banker's hours.

Of course, no-knock raids have resulted in plenty of collateral damage -- both to cops and civilians -- as the element of surprise tends to be bullet-and-flashbang heavy. It's the use of flashbang grenades that has prompted this new legislation, which unfortunately puts it into the category of "Laws Named After Victims," most of which are written badly and hastily.

The incident prompting this bill involved a 19-month-old toddler who was badly burned by a flashbang that landed in his crib. The police claimed they had no idea children might be present in the home, despite nearly tripping over the toys scattered around the yard in their haste to raid a house over a $50 drug purchase from a person who didn't even live at the residence.

The law would forbid the use of no-knock warrants during nighttime hours… or so you would think before you read the exceptions.

House Bill 56, sponsored by Rep. Kevin Tanner, R-Dawsonville, would, in most cases, bar the use of no-knock warrants between 10 p.m. and 6 a.m.

It also requires law enforcement agencies to develop written policies and training for the use of the warrants, require a supervising officer to present when the warrant is executed, and requires police to swear that not using a no-knock warrant would pose “a significant and imminent danger to human life or imminent danger of evidence being destroyed.”

The last part of that sentence is the loophole. All it takes to acquire the "forbidden" no-knock warrant is for an officer to swear that "because reasons, most likely drugs/officer safety," no other type of warrant will do. If it passes the way it's written, it will end up preventing nearly nothing. Scott Greenfield sees this legislation as nothing more than a preemptive strike against further regulation of warrant service.

While one might applaud Tanner for doing anything, perhaps this is offered as a stop-gap measure to prevent more significant, more real, limitations on the execution of warrants that put citizens lives at risk for the sake of protecting cops.

Context:

Tanner spent 18 years as a Dawson County sheriff’s deputy and has executed no-knock warrants himself.

Considering the overall uselessness of this "ban" on no-knock warrants, you'd think the police union would just keep its mouth shut and just be grateful no one has pushed for real oversight and reform. But no, the reps just can't help themselves. Any additional requirements are unwelcome… always.

"I don't think any changes are needed because it is not easy now," Mills said.

Define "easy," International Brotherhood of Police Officers union rep Carrie Mills. There's practically no oversight as it is. Most magistrate judges -- with few exceptions -- are more than happy to sign off on anything a cop puts in front of them. And higher courts oblige this rubberstamping by carving up even more "good faith" territory when granting immunity to law enforcement officers who screw up (accidentally or intentionally) their warrant apps.

Then Mills delivers this unbelievable statement, which is supposed to make us feel bad for poor cops facing a very slim possibility of having to cut back on their no-knocking, flashbanging raids.

"You have to draw the line between your right as a citizen to privacy and a community's right to live in a crime-free environment. You can't have them both," Mills said.

Oh, the old "freedom or security, but not both" argument, but badly paraphrased to fit the current situation. The protection of a right that doesn't actually exist ("right to live in a crime-free environment") supersedes a right acknowledged (and protected) by the Fourth Amendment.

Or to put it even more graphically -- considering the impetus for this proposed legislation: "You can live in a safe neighborhood or live a life free of horrific flashbang injuries, but not both." Those are your options as long as there's a war on drugs. And at the rate that war is going, it will be forever before law enforcement agencies agree to limit their use of no-knock warrants.

Filed Under: carrie mills, kevin tanner, law enforcement, no knock raids, police, security, warrants

Feds Gagged Google Over Wikileaks Warrants Because They Were 'Upset By The Backlash' To Similar Twitter Warrants

from the that's-not-how-it-works dept

Earlier this week, we wrote about how the feds got a warrant demanding all email and other information about three Wikileaks-associated reporters. While the warrants issued in 2012, Wikileaks only found out about it a few weeks ago when Google told them, saying that an earlier gag order had been partially lifted. Wikileaks lashed out at Google for not letting them know earlier. However, in response, Google has noted that it fought the request and that it was gagged from saying anything until now.

Google says it challenged the secrecy from the beginning and was able to alert the customers only after the gag orders on those warrants were partly lifted, said Gidari, a partner at Perkins Coie.

“From January 2011 to the present, Google has continued to fight to lift the gag orders on any legal process it has received on WikiLeaks,” he said, adding that the firm’s policy is to challenge all gag orders that have indefinite time periods.

But, much more interesting was a separate point made by the lawyer, Albert Gidari, over why the feds demanded the gag order:

According to Gidari, whose firm has represented both firms, Google’s delay was not the result of foot-dragging but of opposition from prosecutors who were upset by the backlash that followed the disclosure of their court orders to Twitter.

[....]

“The U.S. attorney’s office thought the notice and the resulting publicity was a disaster for them,” Gidari said. “They were very upset” about the prosecutor’s name and phone number being disclosed, he said. “They went through the roof.”

Gidari also claims that "Google litigated up and down through the courts trying to get the orders modified so that notice could be given."

If you don't recall, the feds attempt to get information from Twitter made headlines back in 2011 for trying to get access to Icelandic politician (and Wikileaks supporter) Birgitta Jonsdottir's account.

If it's true that this was truly the reason for the gag order, that is equal parts ridiculous, pathetic and dangerous. There are legitimate reasons for limited gag orders in specific cases at specific times. But a general, unending, broad gag order "because we don't like the backlash" is not one of them. At all. But that's what you get when there's no real oversight or pushback to the surveillance state.

Filed Under: backlash, free speech, gag order, surveillance, warrants
Companies: google, twitter, wikileaks

Senators Leahy & Grassley Quiz DOJ & DHS About Secret Fake Phone Towers Intercepting Calls

from the good-for-them dept

We've written plenty about Stingrays and other "IMSI Catcher" devices that allow law enforcement to set up what are effectively fake cell phone towers, designed to intercept calls and locate certain individuals. These devices are deployed in near total secrecy, often by law enforcement who got them from the federal government. There is little to no oversight over how these are used (and abused). The attempts to keep the details a total secret represent really egregious behavior from all involved. As we've covered, police have claimed that non-disclosure agreements with the manufacturers (such as Harris Corp.) prevent them from getting a warrant to use the devices. The DOJ, somewhat famously, had a whole plan for how to mislead judges about the use of these devices, with official documentation telling DOJ officials to be "less than explicit" and "less than forthright" to judges about how the tech was being used. In some cases, the US Marshals have stepped in and seized documents from local police forces to block them from being released in response to FOIA requests.

In short, law enforcement really doesn't want how it uses these devices revealed. And yet, reporters and activists keep digging up more information, including the WSJ finding out that the US Marshals (them again!) have been putting airborne versions of these devices, called DRT boxes, on airplanes and flying them over cities, likely scooping up information on tons of innocent people with no warrant.

At least some in our government are concerned about this. Senators Patrick Leahy and Chuck Grassley have been pressing government officials on this, and before the holidays sent a letter to Attorney General Eric Holder and Homeland Security Boss Jeh Johnson demanding answers. One very interesting tidbit is that in response to some of this public disclosure, the FBI now, at least, gets warrants before using the technology -- but the Senators would like more details:

We wrote to FBI Director Comey in June seeking information about law enforcement use of cell-site simulators. Since then, our staff members have participated in two briefings with FBI officials, and at the most recent session they learned that the FBI recently changed its policy with respect to the type of legal process that it typically seeks before employing this type of technology. According to this new policy, the FBI now obtains a search warrant before deploying a cell-site simulator, although the policy contains a number of potentially broad exceptions and we continue to have questions about how it is being implemented in practice. Furthermore, it remains unclear how other agencies within the Department of Justice and Department of Homeland Security make use of cell-site simulators and what policies are in place to govern their use of that technology.

But, still, the Senators would like a few more details:

The Judiciary Committee needs a broader understanding of the full range of law enforcement agencies that use this technology, the policies in place to protect the privacy interests of those whose information might be collected using these devices, and the legal process that DOJ and DHS entities seek prior to using them.

For example, we understand that the FBI’s new policy requires FBI agents to obtain a search warrant whenever a cell-site simulator is used as part of a FBI investigation or operation, unless one of several exceptions apply, including (among others): (1) cases that pose an imminent danger to public safety, (2) cases that involve a fugitive, or (3) cases in which the technology is used in public places or other locations at which the FBI deems there is no reasonable expectation of privacy.

We have concerns about the scope of the exceptions. Specifically, we are concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests of other individuals who are not the targets of the interception, but whose information is nevertheless being collected when these devices are being used. We understand that the FBI believes that it can address these interests by maintaining that information for a short period of time and purging the information after it has been collected. But there is a question as to whether this sufficiently safeguards privacy interests.

The specific questions being asked:

1. Since the effective date of the FBI’s new policy:

a. How many times has the FBI used a cell-site simulator?
b. In how many of these instances was the use of the cell-site simulator authorized by a search warrant?
c. In how many of these instances was the use of the cell-site simulator authorized by some other form of legal process? Please identify the legal process used.
d. In how many of these instances was the cell-site simulator used without any legal process?
e. How many times has each of the exceptions to the search warrant policy, including those listed above, been used by the FBI?

2. From January 1, 2010, to the effective date of the FBI’s new policy:

a. How many times did the FBI use a cell-site simulator?
b. In how many of these instances was the use of a cell-site simulator authorized by a search warrant?
c. In how many of these instances was the use of the cell-site simulator authorized by some other form of legal process? Please identify the legal process used.
d. In how many of these instances was the cell-site simulator used without any legal process?
e. In how many of the instances referenced in Question 2(d) did the FBI use a cell-site simulator in a public place or other location in which the FBI deemed there is no reasonable expectation of privacy?

3. What is the FBI’s current policy on the retention and destruction of the information collected by cell-site simulators in all cases? How is that policy enforced?

4. What other DOJ and DHS agencies use cell-site simulators?

5. What is the policy of these agencies regarding the legal process needed for use of cell-site simulators?

a. Are these agencies seeking search warrants specific to the use of cell-site simulators?
b. If not, what legal authorities are they using?
c. Do these agencies make use of public place or other exceptions? If so, in what proportion of all instances in which the technology is used are exceptions relied upon?
d. What are these agencies’ policies on the retention and destruction of the information that is collected by cell-site simulators? How are those policies enforced?

6. What is the Department of Justice’s guidance to United States Attorneys’ Offices regarding the legal process required for the use of cell-site simulators?

7. Across all DOJ and DHS entities, what protections exist to safeguard the privacy interests of individuals who are not the targets of interception, but whose information is nevertheless being collected by cell-site simulators?

Anyone taking bets on how few of these questions will actually be answered?

Filed Under: chuck grassley, drt boxes, imsi catchers, patrick leahy, privacy, stingray, stingrays, us marshals, warrants
Companies: boeing, harris corp.

Failure To Obtain Warrants Results In Suppression Of Evidence In Two Child Porn Cases

from the if-you-don't-take-the-time-to-do-it-right,-you-don't-get-a-chance-to-do dept

When we fight crime, what do we fight? To hear those guarding the borders and all of the towns in between, it's generally a given that the Drug War is the top priority. Adding borders to the mix usually puts terrorism at a close second. The third? That's usually child porn/child molestation. It tends to shoot up the Public Enemy charts whenever someone drags social media or the internet into the discussion.

Considering that pretty much everyone agrees that child pornography is a bad thing, you'd think those in charge of busting possessors of this illegal content would be more careful. In two separate cases, child porn evidence has been thrown out by judges because officers failed to obtain warrants -- with both orders arriving within four days of each other.

The first comes from the Ninth Circuit Court of Appeals and deals with the illegal search of a border detainee's cellphone [pdf link].

Chad Camou was arrested by border patrol agents and his vehicle was searched. Camou invoked his right to remain silent at this point. While the search was ongoing, his cellphone was called several times by a number known to agents to be one of his accomplices. An agent began warrantlessly searching his phone -- originally for contact information but later took a look at Camou's saved photos. That's when he came across the child porn photos. He alerted his superiors to this fact. The search of the phone occurred 80 minutes after Camou's arrest. The warrant to search his phone wasn't obtained for another four days.

The court suppressed the evidence, stating several factors. First, it wasn't a search "incident to arrest" because too much time had elapsed since Camou's arrest and the agent's search of the phone. The court also pointed out that the "exigent circumstances" exception could not be deployed in this situation because the scope of the search exceeded the circumstances.

Most importantly, the court ruled that, in light of the recent Riley decision, that a cellphone does not fall under the "automobile exception," i.e., anything contained within the vehicle being searched can also be examined without a warrant.

Given the Court’s extensive analysis of cell phones as “containers” and cell phone searches in the vehicle context, we find no reason not to extend the reasoning in Riley from the search incident to arrest exception to the vehicle exception. Just as “[c]ell phones differ in both a quantitative and a qualitative sense from other objects that might be kept on an arrestee’s person,” so too do cell phones differ from any other object officers might find in a vehicle. Id. at 2489. Today’s cell phones are unlike any of the container examples the Supreme Court has provided in the vehicle context. Whereas luggage, boxes, bags, clothing, lunch buckets, orange crates, wrapped packages, glove compartments, and locked trunks are capable of physically “holding another object,” see Belton, 453 U.S. at 460 n.4, “[m]odern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse,” Riley, 134 S. Ct. at 2488–89. In fact, “a cell phone search would typically expose to the government far more than the most exhaustive search of a house.”

The court also refused to let the agent off the hook with the oft-used and abused "good faith exception."

The governing law at the time of the search made clear that a search incident to arrest had to be contemporaneous with the arrest. See, e.g., United States v. Hudson, 100 F.3d 409, 1419 (9th Cir. 1996). The government has not met its burden to prove that a reasonably well-trained officer in Agent Walla’s position could have believed that the search of Camou’s cell phone one hour and 20 minutes after Camou’s arrest was lawful…

The Supreme Court has never applied the good faith exception to excuse an officer who was negligent himself, and whose negligence directly led to the violation of the defendant’s constitutional rights. Here, the government fails to assert that Agent Walla relied on anyone or anything in conducting his search of Camou’s cell phone, let alone that any reliance was reasonable. The government instead only asserts that by searching the phone, Agent Walla was not acting “recklessly[,] or deliberately” misbehaving. In this case, the good faith exception cannot apply.

As Orin Kerr points out in his analysis of this decision, it's somewhat surprising that the government didn't introduce the "Constitution-Free Zone" border free-for-all into its arguments for the legitimacy of a warrantless cellphone search. Kerr speculates that it maybe had too many exceptions in play already and that adding this might have produced nothing more than confusion. In the end, it's the results that matter. An agent discovered child porn stored on a cellphone but government prosecutors are unable to do anything with that evidence because no warrant was obtained.

The same can be said for the next case, even though the underlying circumstances are different.

Homeland Security investigators set up a child porn sting in Brownsville, Texas. It tracked downloads to a residence via the IP address and set up surveillance. Although the IP address traced back to the house, there appeared to be no one living there. The agents then approached the house and spoke to the two residents. One of the residents, Miguel Beckes, had his laptop and external hard drives searched without a warrant. Beckes did sign a consent form but conflicting testimonies make it unclear as to whether he was ever clearly informed that he was giving agents permission to search his electronics.

The agents searched Beckes' devices and found over 800 child porn images. The next day, the agents filed a criminal complaint against Beckes for one count of possession. Nearly 10 days later, they finally acquired a warrant to search the electronics they had already searched.

The judge notes that the government has the burden of proof when it comes to voluntary consent. Beckes' testimony suggests the agents mislead him, referring to "suspicious activity" in his neighborhood, rather than what they were actually looking for. The judge also points out Beckes' mental status (a mental capacity below what's expected for someone his age, according to a psychiatric exam) as being part of the issue [pdf link].

Further, taking into account Beckes' diminished mental capacity, the effects of Agent Baker's actions are compounded, thus showing that Beckes merely acquiesced to Agent Baker's claims of lawful authority rather than voluntarily, freely consenting to the search.

The judge goes into much further detail of the investigator's wrongdoing towards the end of the decision.

[T]he Court is puzzled at the HSI agents failure to utilize the procedures available to legitimize or at least document this type of investigation and thus avoid the ensuing dispute regarding the validity of the search altogether. At least one year before Agent Baker visited Beckes' residence, he had evidence that child pornography was being downloaded to an IP address associated with that location; evidence he deemed sufficient to apply for and actually receive a warrant to search Beckes' home. Although this IP address was canceled before Agent Baker could execute the search warrant, in January of 2014 -- at least eight months before his visit to Beckes' residence -- Agent Baker discovered that child pornography was again being downloaded to an IP address associated with the same residence.

Despite this evidence, which obviously would have been sufficient to obtain a second search warrant… the agents instead chose to proceed without a warrant and rely on attempts to secure the suspects' voluntary consent to search their electronic devices. Then, having decided on this course of action, they did not even attempt to get a signed consent to search form to document this assent. These forms were obviously available in their own office. Although foregoing the necessary procedural safeguards may have seemed expedient at the time, there was no suggestion that time was of the essence or that any other reason existed for not getting a warrant, or at least proof that consent was given.

Further, the steps the agents took after securing the pornographic images from Beckes' laptop computer suggest that they too doubted the legitimacy of Beckes' consent to search. After arriving with Beckes at the HSI office, Agent Baker had him sign a consent to search form that included devices that had already been searched at Beckes' residence. Then, nine days after the complaint against Beckes was filed in federal court, Agent Baker applied for and received a warrant to search Beckes' electronic devices -- a warrant that included devices Baker had already searched twice. Had he considered Beckes' initial consent to search inarguably valid, Agent Baker likely would have deemed these subsequent actions unnecessarily redundant.

The final decision is much like the one above. The images found during the search at Beckes' home are suppressed, along with everything found past that point, including his confession. In the former, the government is pretty much left with pursuing trafficking charges. In the latter, the entire case against Beckes' is almost completely dismantled. Rather than abide by the processes and controls that ensure the usability of evidence as well as protect citizens' rights, agents under the DHS's large umbrella decided to improvise -- and, in doing so, managed to let two people with child porn in their possession off the hook.

Filed Under: 4th amendment, child porn, law enforcement, privacy, warrants

Canadian Supreme Court Says No Warrants Needed To Search Arrestees' Cell Phones

from the bucking-a-trend? dept

The US Supreme Court recently ruled -- despite panicky DOJ arguments otherwise -- that cell phones are unlike someone's pant pockets or little black book and can't be simply searched incident to arrest just because the arrestee (like nearly every American) happens to have one on their person. The decision noted that the capability and capacity of modern cell phones makes them incomparable to other items cited in previous decisions on warrantless searches.

One of the most notable distinguishing features of modern cell phones is their immense storage capacity. Before cell phones, a search of a person was limited by physical realities and tended as a general matter to constitute only a narrow intrusion on privacy.... Most people cannot lug around every piece of mail they have received for the past several months, every picture they have taken, or every book or article they have read—nor would they have any reason to attempt to do so. And if they did, they would have to drag behind them a trunk of the sort held to require a search warrant in Chadwick, supra, rather than a container the size of the cigarette package in Robinson.

This description of today's smartphones is universal. The leap in technological capability and storage capacity should give any judicial system pause when considering law enforcement's general assertion that they should be able to fully search anything carried by an arrestee. Unfortunately, Canada's Supreme Court has weighed the same factors and arrived at the opposite conclusion. (via Reason)

In a crime ruling that earned it rare praise from the federal government, the Supreme Court of Canada said police may search cellphones without a warrant when they make an arrest.

Much like in the US, the impetus for warrantless searches is (and has been for quite some time) the eternal War on Drugs.

Cellphones are the bread and butter of the drug trade, the majority said in a 4-3 ruling. It said police have been given the “extraordinary power” to do warrantless searches during an arrest, under common-law rules developed by judges over centuries, because of the importance of prompt police investigations.

"Prompt police investigations" that apparently would be derailed by the "rigors" of warrant approval. These words would carry more weight if the warrant approval process wasn't generally the epitome of ease and efficiency. This also seems to ignore a crucial aspect of the issue under discussion: the arrestees affected are detained, along with all their belongings, until law enforcement decides to free them. There's plenty of time to obtain a warrant because the person and his/her cell phone aren't going anywhere. (Not to mention the fact that cell phones are the "bread and butter" of pretty much everybody, not just those in the drug trade.)

The majority echoed law enforcement's narrative of forever being behind the technological curve.

“Prompt access by law enforcement to the contents of a cellphone may serve the purpose of identifying accomplices or locating and preserving evidence that might otherwise be lost or destroyed,” Justice Thomas Cromwell wrote for the majority, joined by Chief Justice Beverley McLachlin and Justices Richard Wagner and Michael Moldaver.

Law enforcement personnel act as though every arrestee's cell phone contains a self-destruct switch, even though there's been very little evidence produced that even suggests this is a common occurrence. Even if true, there are ways of circumventing this while obtaining a warrant. What law enforcement agencies really want (but never say in so many words) is the opportunity to image a phone's contents without a warrant -- something that gives them access to far more data and communications than any warrantless search performed previous to the ubiquity of smartphones. Because of this, rules should be stricter, not looser.

But the majority decision ignores this, handing out a small list of stipulations that will do next to nothing to prevent abuse.

The majority said the search must be tailored to its purpose, which will generally mean that only recent e-mails, texts, photos and the call log will be available.

Define "recent." Somebody needs to because the decision does not. It simply says that only "recent" documents should be accessed. Once again, the court defers to the judgement of law enforcement officials to follow the (loose) guidelines and only access what it's permitted to… whatever that time period actually is. It could be two weeks. It could be two months. It could be everything on the phone because it's only six months old.

This stipulation narrows things down a bit, but still leaves it in the hands of officers to perform warrantless searches in accordance with the spirit of the ruling. (Because the letter of the ruling doesn't actually exist.)

Finally, the police must take detailed notes of what they have examined on the device and how they examined it. The notes should generally include the applications searched, the extent of the search, the time of the search, its purpose and its duration. The record‑keeping requirement is important to the effectiveness of after‑the‑fact judicial review. It will also help police officers to focus on whether what they are doing in relation to the phone falls squarely within the parameters of a lawful search incident to arrest.

Again, this is a deferral to law enforcement. The decision simply asks officers to be honest about searches and record everything accessed. Like many rulings of this type, there is no deterrent, only a handful of post facto remedies to be pursued at the violated person's expense. At best, all someone can hope for is that evidence will be excluded without an extended legal battle. But that's a very slim hope. Even in the case being addressed here, the Supreme Court declared the search violated the appellant's rights, but still refused to exclude the evidence.

The only bright spot of the majority's decision -- which is at odds with last year's Supreme Court decision stating that additional warrants were required to search computers and cell phones found on searched premises -- is the following, as highlighted by Michael Geist:

I pause here for a moment to note that some courts have suggested that the protection s. 8 affords to individuals in the context of cell phone searches varies depending on whether an individual’s phone is password-protected. I would not give this factor very much weight in assessing either an individual’s subjective expectation of privacy or whether that expectation is reasonable. An individual’s decision not to password protect his or her cell phone does not indicate any sort of abandonment of the significant privacy interests one generally will have in the contents of the phone. Cell phones – locked or unlocked – engage significant privacy interests.

So, at least there's that -- the instruction that just because someone doesn't take active measures to protect their phone's contents from others isn't an implicit suggestion that law enforcement officers are welcome to page through phones at their leisure. Of course, the lack of a warrant requirement does that for them, just so long as they remember to only look at "recent" stuff when searching an arrestee's phone. And there's a certain amount of incongruity in demanding a warrant for a cell phone found at someone's home, rather than for the one found in their pocket.

A warrant requirement is far from onerous, especially considering the wealth of information contained in most smartphones. A warrant requirement is nothing more than a nod to the changing times. People carry personal computers in their pockets and the court needs to recognize that the old rules are no longer applicable. If you can't search a person's computers, personal files and other items without one, you shouldn't be able to do so just because these all reside in someone's pockets. As it stands now, Canada's Supreme Court stands in the awkward position of demanding warrants for access to ISP subscriber info, but not for an arrestee's cell phone contents.

Filed Under: canada, cell phones, mobile phones, privacy, searches, warrants