By Naazaneen Hodjat
The courts are redefining the hot topic of privacy law in today’s digital age. The most recent ruling, American Civil Liberties Union v. Clapper, came in the wake of a series of disclosures by Edward Snowden, a former National Security Agency (NSA) contractor. The Guardian revealed that the NSA had asked the Foreign Intelligence Surveillance Court to order Verizon to produce the telephone metadata for many of its subscribers. This order covered three months of information and included the numbers of both parties on a call, along with the location, time, and duration of the call. The Patriot Act classifies the contents as metadata, and the NSA can obtain the metadata without a warrant. The NSA network secured the telephone metadata indefinitely for its investigations.
The NSA Bulk Metadata Collection Program began shortly after the September 11th terrorist attacks. Section 215 of the Patriot Act permits the government “to make an application for an order requiring the production of any tangible things…for an investigation to obtain foreign intelligence information not concerning a US person or to protect against international terrorism….” The ACLU sought a preliminary injunction against the Government claiming that the bulk metadata collection program violates consumers’ First and Fourth Amendment rights. In response, the Government argued that bulk collection qualifies as business records and therefore falls within the ambit of Section 215 of the Patriot Act. Continue reading
Law enforcement use of IMSI catchers and their insidious efforts to hide it.
By Miriam Swedlow
Thanks to NPR’s radio program, Serial, thousands of Americans now know that a person’s movements can be verified by following the interaction between a cell phone and nearby cell phone towers. An International Mobile Subscriber Identity (IMSI) catcher, commonly referred to as a “StingRay,” takes this concept a step further. The device tricks cell phones to connect to it by masquerading as a cell phone tower. Once connected, the StingRay provides “real time” tracking of a phone’s location and is capable of obtaining data from the phone (including emails, photos, and contact files). Although Federal and local law enforcement increasingly use these devices as part of surveillance activities, they have been reluctant to disclose to judges and the public exactly how and when they use them. This is likely because IMSIs cast a broad net, gathering invasive data on scores of innocent people in the process of tracking a single suspect.
Law enforcement agencies have utilized a “smoke and mirrors” approach to keep their use of StingRay equipment a secret. After the 2001 Patriot Act, the Department of Justice declared that law enforcement would need a Pen/Trap order before using direct surveillance technology on communication systems, such as IMSI catchers. Almost fifteen years later, there have been only two published magistrate opinions on the use of IMSI catchers. The lack of judicial opinions is directly related to law enforcement’s pervasive practice of obfuscating the use of IMSI catchers in pen register applications without explicitly disclosing the nature of the technology. For example, officers in Sarasota, Florida referred to the StingRay as a “source” in official documents to obtain warrants. In Tacoma, Washington, judges learned that they had signed off on the use of IMSI catchers through local newspaper reporting. The result is that judges have unwittingly granted hundreds of orders to use IMSI catchers. Continue reading
By Juliya Ziskina
Should the FBI be permitted to impersonate the news media in order to nab criminals?
That is the question being raised after an American Civil Liberties Union analyst reviewed documents showing that the FBI created a fictitious online news story in 2007 under the guise of The Seattle Times. The FBI hoped that the story would entice a teen bomb-threat suspect to click on the link, and as a result implant spyware (known as CIPAV software) on his computer.
The tactic worked––the story appeared in the suspect’s MySpace feed, which lead to the arrest and conviction of a 15-year-old who had been sending bomb threats to Timberline High School in Lacey, Washington. However, The Seattle Times was unaware that the FBI created the counterfeit URL, or that it was using the Times’ brand to implant spyware on the suspect’s computer. Continue reading