The Electronic Frontier Foundation's Cindy Cohn is on fire: "Let’s be clear: Under international human rights law, secret “law” doesn’t even qualify as 'law' at all."
Read the rest
Remember the secret memo explaining the legal justification for assassinating Americans with drones that the ACLU forced the Obama administration to release? Turns out that that memo relies on another secret memo that the Obama administration is also relying on. Obama is a no-fooling Constitutional scholar; you'd think that he'd be wise to the idea that secret law is not law at all.
Read the rest
Microsoft changes policy: won't read your Hotmail anymore to track down copyright infringement or theft without a court order
Microsoft read the email of Hotmail users without a warrant, in order to catch someone who'd leaked some Microsoft software. When they were caught out, the pointed out that they'd always reserved the right to read Hotmail users' email, and tried to reassure other Hotmail users by saying that they were beefing up the internal process by which they decided whose mail to read and when.
Now, citing the "'post-Snowden era' in which people rightly focus on the ways others use their personal information," the company has announced that it will not read its users' email anymore when investigating theft or copyright violations -- instead, it will refer this sort of thing to the police in future (they still reserve the right to read your Hotmail messages without a court order under other circumstances).
As Techdirt's Mike Masnick points out, this is a most welcome change. The message announcing the change by Brad Smith (General Counsel & Executive Vice President, Legal & Corporate Affairs) is thoughtful and forthright. It announces a future round-table on the questions raised by the company's snooping that the Electronic Frontier Foundation can participate in.
Smith asks a seemingly rhetorical question: "What is the best way to strike the balance in other circumstances that involve, on the one hand, consumer privacy interests, and on the other hand, protecting people and the security of Internet services they use?" That is indeed a fascinating question, but in the specific case of Hotmail, I feel like it has a pretty obvious answer: change your terms of service so that you promise not to read your customers' email without a court order. Then, if you think there's a situation that warrants invading your customers' privacy, get a court order. This is just basic rule-of-law stuff, and it's the kind of thing you'd hope Microsoft's General Counsel would find obvious.
The fact that the question is being raised casts more light on Microsoft's extensive "Scroogled" campaign, which (rightly) took Google to task for having a business-model that was predicated on harvesting titanic amounts of personal data. The takeaway here is that while Microsoft's business-model (at the moment) is less privacy-invading than Google's, that is not due to any inherent squeamishness about spying on people -- rather, it's just a practical upshot of its longstanding practices.
Read the rest
Read the rest
Despite the valiant efforts of the motley opposition in Ukraine, the tame Ukrainian Parliament has passed a brutal law that slides the country into full-on dictatorship. Forbidden under the new law on penalty of high fines and imprisonment: driving cars in columns that are more than five vehicles long; setting up an unauthorized sound system; distribution of "extremist opinion"; "mass disruptions" (10-15 years imprisonment!); collecting information on police or judges; and more.
The new law also demolishes the trappings of democracy: you can be convicted in absentia based on unsubstantiated hearsay; MPs can be arrested during plenary sessions; the state can order arbitrary Internet censorship; and legal service of documents now consists of signatures or "any other data."
Read the rest
Read the rest
UK Ministry of Defense can arrest you without warrant for taking pictures, grazing animals near NSA and drone outposts
The UK Ministry of Defense has introduced by-laws in the vicinity of bases in the UK, making it a detainable offense to take pictures or make any image of any person or thing; to graze livestock; or to fail to clean up your dog's turds. The rules also allow the MoD to put you in jail "without warrant" for setting up protest camps on MoD property.
These rules come into effect just as a recent Snowden leak revealed that one of the bases in the UK was used by the NSA and GCHQ to spy on Oxfam, Medecins Sans Frontiers, as well as Angela Merkel. Another one of the affected bases is reportedly used to pilot drones deployed in Yemen.
All in all, the rules effect 150 bases around the UK. The MoD the second-largest landowner in the UK.
Read the rest
Read the rest
Edward Snowden granted a 14-hour interview to the Washington Post, commenting on his relationship to the NSA, Russia, and the USA. It's a defiant, uncompromising, and principled interview. He says that his mission has been accomplished, because "I didn't want to change society. I wanted to give society a chance to determine if it should change itself," and that chance has arrived thanks to the sunlight he shone on the NSA's illegal spying activity.
He also says that he's still "working for the NSA" inasmuch as he's taking the only path he could identify to force the agency to conduct its affairs in accordance with the Constitution. And he defended leaking the documents he brought with, because "The oath of allegiance is not an oath of secrecy. That is an oath to the Constitution. That is the oath that I kept that Keith Alexander and James Clapper did not."
To those who say he overstepped ethical bounds by "electing himself" to disclose NSA wrongdoing, he counters that he was elected by the Congresspeople who were nominally overseeing the NSA, like Dianne Feinstein and Mike Rogers, as well as the judges of the FISA court -- that their dereliction of their duties left him with no alternative.
He vehemently denies that he did not attempt to raise the issues of mass spying internally at the NSA, and describes the "front page test" ("What do you think the public would do if this was on the front page?") that he routinely administered to his colleagues and superiors whenever they discussed the scope of spying.
Asked how the US should conduct its spying, he articulates an admirably simple principle: "As long as there's an individualized, articulable, probable cause for targeting these people as legitimate foreign intelligence, that's fine. I don't think it's imposing a ridiculous burden by asking for probable cause. Because, you have to understand, when you have access to the tools the NSA does, probable cause falls out of trees."
Snowden denies defecting to Russia: "If I defected at all, I defected from the government to the public."
Snowden denied having a "dead-man's switch" that would release the remaining leaks if he came to mischief, saying that this would be a "suicide switch" that would invite spies and criminals to torture him to learn its secrets and gain access to the documents themselves. The greatest irony of the interview is that Snowden reveals that the NSA refused to adopt his recommendation that two people should have to sign off on large data-transfers -- a measure that would have prevented him from smuggling so many documents out of the NSA last June.
Read the rest
Read the rest
Two legislators have introduced legislation that would require the President to disclose his secret interpretation of America's spying laws. This is especially relevant in the wake of yesterday's Snoweden leaks showing how the NSA uses a secret interpretation of the FISA spying law to spy on Americans.
The new bill in the house complements a similar bill introduced in the Senate last week.
"In order to have an informed public debate on the merits of these programs, it is important for the American people to know how such programs have been authorized, their limits and their scope," said Rep. Adam Schiff (D-CA) in a statement.
"Particularly now that the existence of these programs has been acknowledged, I believe there is much more that can be shared with the public about their legal basis," Schiff said. "It is my hope that this legislation will increase transparency and inform the national debate about the surveillance authorities provided to the Intelligence Community. I also believe that requiring additional disclosure would provide another valuable check on any potential expansion of surveillance under these authorities, whether by this or any future Administration.”
General Keith Alexander, who is in charge of the NSA, has asked Congress to pass legislation immunizing companies from liability if they break the law following NSA spying orders. While on its face this seems reasonable -- if the government orders you to do something, it seems unfair for its judicial branch to prosecute you -- it's really a tacit admission of NSA lawbreaking. Much more reassuring would be a promise from Alexander that his agency will limits its requests of companies to strictly lawful behavior, and a Congressional law immunizing companies that turn down NSA requests if they have a good faith basis for believing that the NSA is asking them to break the law.
Otherwise, as Mike Masnick points out, this is an invitation for companies and the NSA to conspire together for a campaign of lawless, criminal spying:
And, of course, rather than narrowly target this immunity, it appears that Alexander would like it as broad as possible.
One former White House aide told POLITICO that Alexander has been asking members of Congress for some time to adopt bill language on countermeasures that’s “as ill-defined as possible” — with the goal of giving the Pentagon great flexibility in taking action alongside Internet providers. Telecom companies, the former aide said, also have been asking Alexander for those very legal protections.
Given the revelations of the past few weeks, this seems like the exact wrong direction for Congress to be heading. We should want companies to push back against overaggressive demands from the government for information. Giving them blanket immunity would be a huge mistake and only enable greater privacy violations.
As we think about the postmortem on security procedures following from the Boston Marathon attack and plan on new procedures, Bruce Schneier has some crucial security design advice: don't forget transparency and accountability. Without these two crucial elements, security can't work:
Long ago, we realized that simply trusting people and government agencies to always do the right thing doesn't work, so we need to check up on them. In a democracy, transparency and accountability are how we do that. It's how we ensure that we get both effective and cost-effective government. It's how we prevent those we trust from abusing that trust, and protect ourselves when they do. And it's especially important when security is concerned.
First, we need to ensure that the stuff we're paying money for actually works and has a measureable impact. Law-enforcement organizations regularly invest in technologies that don't make us any safer. The TSA, for example, could devote an entire museum to expensive but ineffective systems: puffer machines, body scanners, FAST behavioral screening, and so on. Local police departments have been wasting lots of post-9/11 money on unnecessary high-tech weaponry and equipment. The occasional high-profile success aside, police surveillance cameras have been shown to be a largely ineffective police tool.
Sometimes honest mistakes led organizations to invest in these technologies. Sometimes there's self-deception and mismanagement -- and far too often lobbyists are involved. Given the enormous amount of security money post-9/11, you inevitably end up with an enormous amount of waste. Transparency and accountability are how we keep all of this in check.
Second, we need to ensure that law enforcement does what we expect it to do and nothing more. Police powers are invariably abused. Mission creep is inevitable, and it results in laws designed to combat one particular type of crime being used for an ever-widening array of crimes. Transparency is the only way we have of knowing when this is going on.
The entire current issue of the Columbia Human Rights Law Review is given over to the tragic wrongful execution of Carlos DeLuna, an almost certainly innocent man who was murdered by the state of Texas on 8 December 1989. DeLuna's case is one where "everything that could go wrong did go wrong" in the words of Columbia law Professor James Liebman, who, with 12 students, wrote the 436-page issue. None of the evidence that would have exonerated DeLuna was considered by police or the prosecution, and the likely culprit, a man who was also named Carlos, and who was frequently mistaken for DeLuna, went free. It's a nightmarish account of a man whom the authorities "knew" to be guilty, who was killed despite his innocence. It's a chilling reminder where laws like the UK's stop-and-search rules (which allow police to stop and search without suspicion, if they "just know" there's something wrong) and the no-fly list (which allows for the arbitrary removal of the right to travel without any public airing of evidence or charge, when authorities "just know" you're not safe to fly) will inevitably end up.
From a Guardian story by Ed Pilkington:
From the moment of his arrest until the day of his death by lethal injection six years later, DeLuna consistently protested he was innocent. He went further – he said that though he hadn't committed the murder, he knew who had. He even named the culprit: a notoriously violent criminal called Carlos Hernandez.
The two Carloses were not just namesakes – or tocayos in Spanish, as referenced in the title of the Columbia book. They were the same height and weight, and looked so alike that they were sometimes mistaken for twins. When Carlos Hernandez's lawyer saw pictures of the two men, he confused one for the other, as did DeLuna's sister Rose.
At his 1983 trial, Carlos DeLuna told the jury that on the day of the murder he'd run into Hernandez, who he'd known for the previous five years. The two men, who both lived in the southern Texas town of Corpus Christi, stopped off at a bar. Hernandez went over to a gas station, the Shamrock, to buy something, and when he didn't return DeLuna went over to see what was going on.
DeLuna told the jury that he saw Hernandez inside the Shamrock wrestling with a woman behind the counter. DeLuna said he was afraid and started to run. He had his own police record for sexual assault – though he had never been known to possess or use a weapon – and he feared getting into trouble again.