Category Archives: Civil Liberties

How Snowden Might Hurt Privacy

In addition to the good things Edward Snowden did by alerting us to the reality of NSA surveillance, there is one way in which I think his revelations may hurt privacy. This is not to say that on balance his revelations were unjustified, just that there’s a complexity about the long-run consequence of his disclosure that we should keep an eye on.

Before Snowden, the fact of NSA’s collection was a very highly protected secret. Consequently, there was only limited data sharing with law enforcement, and then only on condition that the fact of the NSA’s role never show up in court. Now that the cover is blown, so to speak, we should expect not only covert inter-agency data sharing to increase, but also a prohibition on letting it into court. Maybe not open court, but perhaps in a closed hearing, or secret brief. Likely beneficiaries are the DEA, the FBI, and maybe even some local cops in big target cities like New York or DC?

So, perversely, I expect Snowden’s revelations to have a limited negative consequence for privacy to balance against however we measure the positives.

Note: I could have sworn I posted something about this previously, but EPIC‘s Marc Rotenberg said he hadn’t seen it, and I couldn’t find it, so this one’s for you Marc.

Posted in Civil Liberties, Law: Criminal Law | Leave a comment

Speaking at 3 to National Academy Panel

I’m on the (token?) Privacy session for a day-long event organized by a panel of the National Academies of Science on “Improving Federal Statistics for Policy and Social Science Research Using Multiple Data Sources and State-of-the-Art Estimation Methods.” In other words, how to get the government in on the big data bandwagon.

My panel is moderated by EPIC’s Marc Rotenberg, and also features IBM’s Jeff Jonas. I’ve attached my slides for the talk on privacy issues with sensor data collection.

The event open to the public, and runs all day at the Keck Center, 500 Fifth St.NW, Room 100, Washington DC. Come along if you are in the neighborhood.

Posted in Surveillance, Talks & Conferences | Leave a comment

My New Paper May Make Some of My Friends Angry

Building Privacy into the Infrastructure: Towards a New Identity Management Architecture comes to what I fear some of my friends in the privacy community will find to be an unacceptable conclusion.

I’ll be presenting it at the Privacy Law Scholars Conference in Washington next week. Hopefully, since many attendees are in fact friends, they won’t bring brickbats.

Posted in Cryptography, Econ & Money, Law: Internet Law, Law: Privacy, Surveillance, Talks & Conferences | Leave a comment

Drone Debate

In a Wall Street Journal debate today I argue that drones should not be allowed to overfly private property without the inhabitant’s consent due to the privacy risks, the consequent erosion of the 4th Amendment, and other dangers. This echoes some of the arguments in Self-Defense Against Robots and Drones, the recent Connecticut Law Review article I wrote with Zak Colangelo.

Ryan Calo gives the other side, arguing that overflights should be allowed in order to spur innovation. I think the WSJ sees him as the Bolshevik here, as they sum up the debate like this:

A. Michael Froomkin, the Laurie Silvers and Mitchell Rubenstein distinguished professor of law at the University of Miami School of Law, says that drones pose a huge threat to security and privacy, and that property owners should be able to keep them from flying over their land. Ryan Calo, an assistant professor of law at the University of Washington, says decisions about where and when drones can fly should be made collectively, not by individual landowners.

Who would have imagined I’d be the right-winger in a debate on the pages of the Wall Street Journal? I suspect that my former boss, Judge Stephen F. Williams, would be quite amused, although he’d probably describe it as vindication.

Posted in Law: Privacy, Robots, Surveillance | Leave a comment

Microsoft Sues to Kill or Reduce ECPA Gag Orders

Microsoft filed suit today seeking a judicial declaration that 18 U.S.C. § 2705(b) violates its First Amendment Rights, and the Fourth Amendment rights of the subjects of the orders.

I think this lawsuit is a Big Deal, and Microsoft has the right of it on moral grounds. On legal grounds it has a good arguable case, although the law is not so clear that I can call it a slam dunk. This excellent article by Steve Lohr in the NYT gives the outline, and quotes a soi-disant expert.

Perhaps the most interesting, if disturbing, fact is this one:

From September 2014 to March 2016, Microsoft received 5,624 federal demands in the United States for customer information or data. Nearly half — 2,576 — were accompanied by secrecy orders.

And of those secrecy orders, more than two-thirds contained no fixed end date. I.e. unless Microsoft were to go to court later to challenge them in individual proceedings, they orders would on their own terms last forever.

The text of Microsoft’s complaint is worth reading as it is very well done. Here’s the first paragraph:

Microsoft brings this case because its customers have a right to know when the government obtains a warrant to read their emails, and because Microsoft has a right to tell them. Yet the Electronic Communications Privacy Act (“ECPA”) allows courts to order Microsoft to keep its customers in the dark when the government seeks their email content or other private information, based solely on a “reason to believe” that disclosure might hinder an investigation. Nothing in the statute requires that the “reason to believe” be grounded in the facts of the particular investigation, and the statute contains no limit on the length of time such secrecy orders may be kept in place. 18 U.S.C. § 2705(b). Consequently, as Microsoft’s customers increasingly store their most private and sensitive information in the cloud, the government increasingly seeks (and obtains) secrecy orders under Section 2705(b). This statute violates both the Fourth Amendment, which affords people and businesses the right to know if the government searches or seizes their property, and the First Amendment, which enshrines Microsoft’s rights to talk to its customers and to discuss how the government conducts its investigations—subject only to restraints narrowly tailored to serve compelling government interests. People do not give up their rights when they move their private information from physical storage to the cloud. Microsoft therefore asks the Court to declare that Section 2705(b) is unconstitutional on its face.

Update: For an argument that courts will deny Microsoft’s facial challenge on the grounds that the claims can only be asserted ‘as applied’ — very much an emphasis of recent Supreme Court decisions disfavoring as facial challenges to statutes, see Jennifer Daskal at Just Security, A New Lawsuit from Microsoft: No More Gag Orders!. It’s more pessimistic than I would be, but not implausible.

Update2: Microsoft’s statement.

Posted in Civil Liberties, Law: Constitutional Law, Law: Free Speech, Law: Internet Law, The Media | Leave a comment

Cory Nails It

A brief history of the surveillance debate:

2012: "Mass surveillance is fine — if it wasn’t, you’d see major corporations trying to court new business by building in crypto tools that kept out the surveillance agencies. The fact that they’re not doing this tells you that surveillance opponents are an out-of-touch, paranoid minority."

2016: "Mass surveillance is necessary — when companies use crypto tools as ‘marketing ploys,’ they’re getting in the way of something we all agree is proportionate and legitimate!"

Posted in Cryptography, Surveillance | Leave a comment

Foreseeable

Chicago data supports effectiveness of predictive policing. But maybe not how you expect:

[T]he number of complaints an officer receives in a certain year predicts whether and how many complaints he or she will have in the following year.1 Over multiple years, the signal becomes even stronger. Officers with a baseline history of one or two complaints in 2011-13 have a 30 percent to 37 percent chance of receiving a complaint in the following two years.2 But repeaters — those with 15 or 20 incidents in the first part of the data set — are almost certain to have a complaint against them in 2014-15.

… Even after controlling for neighborhood, however, individual officers with more complaints in 2011-13 remained more likely to have complaints filed against them in 2014-15.

… [C]omplaints were not only predictive of the number and type of future complaints — they also forecast whether the department would determine misconduct. Officers with 10 or more complaints in early years of the data set were about six times more likely to have a complaint from the last two years sustained against them.

… For all the complexity of policing, there is a clear signal in the data of who the bad actors are and, to a lesser extent, whether they are going to commit misconduct.

Posted in Civil Liberties, Law: Criminal Law | Leave a comment