J.R.McHale

The 2nd Circuit Opinion (pdf; 43 pages)

Background:

Microsoft Corporation v. United States of America – Wikipedia

The Microsoft Ireland Case: A Brief Summary (July 15, 2016) – LawFare

News Reports:

Microsoft Wins Appeal on Overseas Data Searches (July 14, 2016) – New York Times

Analysis and Criticism:

Reactions to the Microsoft Warrant Case (July 15, 2016) – LawFare

Second Circuit: Warrants Cannot be Used to Compel Disclosure of Emails Stored Outside the United States (July 14, 2016) and Does It Matter Who Wins the Microsoft Ireland Warrant Case? (July 23, 2016) – Orin Kerr in The Washington Post

Microsoft Just Won a Big Victory Against Government Surveillance — Why It Matters (July 15, 2016) – Daniel Solove at TeachPrivacy

The Microsoft Ireland Case and the Future of Digital Privacy (July 18, 2016) – Jennifer Granick at JustSecurity

Three Key Takeaways: The 2d Circuit Ruling in The Microsoft Warrant Case (July 14, 2016) – Jennifer Daskal at JustSecurity

Microsoft v. USA: A Win for Privacy, or Is It? (July 14, 2016) – Omer Tene at IAPP

Microsoft Case Shows the Limits of a Data Privacy Law (July 18, 2016) – New York Times

Related:

Microsoft’s President Explains the Company’s Quiet Legal War for User Privacy (July 22, 2016) – The Washington Post

U.S. Government Presents Draft Legislation for Cross-Border Data Requests (July 16, 2016) – David Kris at LawFare

From the ever interesting Maciej Ceglowski at his Idle Words:

“The proximate reasons for the culture of total surveillance are clear. Storage is cheap enough that we can keep everything. Computers are fast enough to examine this information, both in real time and retrospectively. Our daily activities are mediated with software that can easily be configured to record and report everything it sees upstream. But to fix surveillance, we have to address the underlying reasons that it exists. These are no mystery either. State surveillance is driven by fear. And corporate surveillance is driven by money.”

Read the whole thing, including details of his six, sensible, suggested fixes: (1) the right of users of an online site or service to download data (in usable format) that was provided to or collected by the online site or service; (2) the right at any time to delete one’s account (and all associated personal information) from an online service; (3) a ban on selling or sharing behavioral data, as well as relatively short limits on its storage (e.g., 90 days); (4) physical turn-internet-connectivity-off switches for IoT connected devices (which should be required to remain functioning in the off state); (5) a ban on third-party ad tracking (with sites only able to target ads based on page content itself and information the site has about the visitor), and (6) legally enforceable privacy promises with significant penalties that act as meaningful deterrents.

Also: Watch his presentation on “The Website Obesity Crisis” at Vimeo (53 minutes)

Academic Paper: “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice” (pdf; 13 pages), published earlier this year, but presented at a recent conference

General Explanation (by two of the fourteen co-authors of the academic paper): How is NSA Breaking So Much Crypto? – Freedom to Tinker

EFF’s Two Part Explainer: Logjam, Part 1: “Why the Internet is Broken Again” and Logjam, Part 2: “Did the NSA Know the Internet Was Broken”

EFF’s Practical Advice: How to Protect Yourself from NSA Attacks on 1024-bit DH

Bruce Schneier: Breaking Diffie-Hellman with Massive Precomputation (Again) and his previous post The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange

The Wiretap Report:

The 2014 Wiretap Report (summary and links to several pdfs) released by the Administrative Office of the United States Courts.

News Coverage:

Federal Wiretaps Down Slightly, Encryption Impact Decreases; California and Arizona Lead Nation in Authorized Wiretaps – NetworkWorld

Data Shows Little Evidence for FBI’s Concerns About Criminals ‘Going Dark’ – Motherboard/VICE

“Usability is critical. Lots of good crypto never got widely adopted as it was too hard to use; think of PGP. On the other hand, Tails is horrifically vulnerable to traditional endpoint attacks, but you can give it as a package to journalists to use so they won’t make so many mistakes. The source has to think ‘How can I protect myself?’ which makes it really hard, especially for a source without a crypto and security background. You just can’t trust random journalists to be clueful about everything from scripting to airgaps. Come to think of it, a naive source shouldn’t trust their life to securedrop; he should use gpg before he sends stuff to it but he won’t figure out that it’s a good idea to suppress key IDs. Engineers who design stuff for whistleblowers and journalists must be really thoughtful and careful if they want to ensure their users won’t die when they screw up. The goal should be that no single error should be fatal, and so long as their failures aren’t compounded the users will stay alive.”

— Ross Anderson at Light Blue Touchpaper

The Opinion: pdf (110 pages)

News Reports:

NSA Program on Phone Records is Illegal, Court Rules – Washington Post

NSA Phone Program is Illegal, Appeals Court Rules – Wall Street Journal

Audio Summary for Laypersons: Professor William McGeveran on Wisconsin public radio (approx. 10 minutes)

Analysis and Opinion:

Second Circuit Rules that Section 215 Does Not Authorize Telephony Bulk Collection Program – Marty Lederman at Just Security

Second Circuit Rules, Mostly Symbolically, that Current Text of Section 215 Doesn’t Authorize Bulk Surveillance – Orin Kerr in the Washington Post

Court Backs Snowden, Strikes Secret Laws – Noah Feldman at BloombergView

Background Legal Paper by an Attorney for one of the Amici Curiae: Bulk Metadata Collection: Statutory and Constitutional Considerations by Laura Donohue (2013)(pdf download at the link)

Impact on Patriot Act Section 215 Status/Sunset:

How the Second Circuit’s Decision Changes the Legislative Game – Liza Goiten at LawFare

The Second Circuit and the Politics of Surveillance Reform – Steve Vladeck at Just Security

Related:

If the Supreme Court Tackles the NSA in 2015, It’ll be One of these Five Cases – The Hill

A report by the Brennan Center for Justice on the legitimacy of today’s FISA Court, which concludes that the court longer functions in keeping with constitutional requirements (direct link to pdf – 83 pages)

Re/code’s Kara Swisher interviews the President at Stanford University on February 13th (25 minute video).

00:20    Cybersecurity breaches
04:17    U.S. offensive capabilities
06:22    U.S. cybercommand
08:02    Government relationship with Silicon Valley
10:51    Encryption and Backdoors
15:24    Privacy and Data Ownership
18:13    Immigration, STEM, diversity, loss of U.S. tech leadership
23:22    President’s personal tech habits

But:

President Obama’s Cyber Pitch Misses Mark in Silicon Valley – The Hill

What President Obama is Getting Wrong about Encryption – The Washington Post

Tor Browser 4.0.3 and Tails 1.2.3 have been released, in each case allegedly addressing security issues in their respective prior releases.

Background: U.S. Senate Bill Proposes Sweeping Curbs on NSA surveillance – Reuters’ news report.

Update: On November 18, 2014, the Senate voted to end further discussion of the proposed Act during the 113th United States Congress. Critical NSA Reform Bill Fails in the Senate – Wired

Text: txt, pdf and html versions at Congress.gov.

Summary of the Bill: Senator Leahy’s NSA Reform Bill: A Quick and Dirty Summary — LawFare

Position of the Electronic Frontier Foundation: EFF’s Decision to Support the Bill and The New Senate USA FREEDOM Act: A First Step Towards Reforming Mass Surveillance at EFF’s DeepLinks blog.

Other Commentary: Our Privacy and Liberty Still at Risk, Even if Leahy NSA Bill Passes – Elizabeth Goitein of the Brennan Center for Justice.

Debate (audio): Stewart Baker, former NSA general counsel, debating Harley Geiger, Deputy Director for the Freedom, Security and Surveillance Project at the Center for Democracy and Technology (Steptoe Cyberlaw Podcast); debate sponsored by the Federalist Society).

Feds call it ‘twelve triple three’ – Whistleblowers Say it’s the Heart of the Mass Spying Problem – ArsTechnica

Text of Executive Order 12333 – National Archives

Executive Order 12333 and the Golden Number – Alvaro Bedoya at Just Security

Executive Order 12333 on American Soil, and Other Tales from the FISA Frontier – Jonathan Mayer of Stanford University

“The path to a proper encrypted email system isn’t that far off. At minimum, any real solution needs:

‘A proper approach to key management. This could be anything from centralized key management as in Apple’s iMessage — which would still be better than nothing — to a decentralized (but still usable) approach like the one offered by Signal or OTR. Whatever the solution, in order to achieve mass deployment, keys need to be made much more manageable or else submerged from the user altogether.’

‘Forward secrecy baked into the protocol. This should be a pre-condition to any secure messaging system.’

‘Cryptography that post-dates the Fresh Prince. Enough said.’

‘Screw backwards compatibility. Securing both encrypted and unencrypted email is too hard. We need dedicated networks that handle this from the start.'”

— Professor Matthew Green, Johns Hopkins University, writing at his blog: A Few Thoughts on Cryptographic Engineering.

The Interview: The Most Wanted Man in the World — James Bamford in Wired

Two Companion Pieces in WIRED: I Left the NSA Clues, But They Couldn’t Find Them and A Day With Edward Snowden

National security reporter, Barton Gellman, responding in a Washington Post Q&A to the question of why anyone should care about U.S. government surveillance if they have nothing to hide:

“Information is power. The US government (and US companies) now learn more about us than anyone has ever known about anyone, and secrecy prevents us from learning what they do. That puts us, in effect, behind a one way mirror. As a citizen who wants to hold my government to account, I find that troubling. I am not saying that the government is abusing the power it has accrued. Sometimes the scandal is what’s legal, especially if lawmakers and citizens had no reasonable opportunity to learn what the executive branch believed it was authorized to do. But abuse is not far behind us in our history. Spying on enemies was one of the Articles of Impeachment against Nixon, and the FBI’s Hoover died in the lifetime of many people still living. I don’t know whether I’ve ever met someone who truly has nothing to hide. If you think that’s you, post a link to everything on your phone, your computer, your email accounts and your web browsing and purchasing history. And even if you have no secrets, you’re probably in possession of the secrets of others — the friend who is going to leave her husband, or wants to find a new job, or just got diagnosed with something she does not want people to know about. Privacy is relational. We may tell things to our friends we don’t tell our parents or our kids, and so on. I want control of my own secrets, personal and professional. That’s the bottom line.”

Also worthwhile: Barton Gellman’s 2003 lecture at Princeton on “Secrecy, Security and Self-Government: An Argument for Unauthorized Disclosures” (transcript: Part I and Part II), as well as Conor Friedersdorf’s Why the Press Can Publish Any Classified Material It Likes in The Atlantic.

NSA = J. Edgar Hoover On Steroids – The Big Picture:

“With a few hundred cable probes and computerized decryption, the NSA can now capture the kind of gritty details of private life that J. Edgar Hoover so treasured and provide the sort of comprehensive coverage of populations once epitomized by secret police like East Germany’s Stasi. And yet, such comparisons only go so far. After all . . . . J. Edgar Hoover still only knew about the inner-workings of the elite in one city: Washington, D.C. To gain the same intimate detail for an entire country, the Stasi had to employ one police informer for every six East Germans — an unsustainable allocation of human resources. By contrast, the marriage of the NSA’s technology to the Internet’s data hubs now allows the agency’s 37,000 employees a similarly close coverage of the entire globe with just one operative for every 200,000 people on the planet. In the Obama years, the first signs have appeared that NSA surveillance will use the information gathered to traffic in scandal, much as Hoover’s FBI once did.”

Read the whole thing. Domestic bulk data collected by the NSA conveys immense power on those with access to this information and will be prone to political (and financial) abuse. History demonstrates that the lure of such data for improper purposes likely will be irresistible. Hoover stayed in office for decades, aided in large part by the information the the FBI had collected on politicians of the day. Imagine what could be done with the data collected by the NSA.

“The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission — protecting the security of U.S. communications and eavesdropping on the communications of our enemies — has become unbalanced in the post-Cold War, all-terrorism-all-the-time era . . . . The result is an agency that prioritizes intelligence gathering over security, and that’s increasingly putting us all at risk. It’s time we thought about breaking up the National Security Agency.” Bruce Schneier at CNN.Opinion with practical suggestions for reform.

No Morsel Too Minuscule for All-Consuming N.S.A.: New York Times

Cyber Law, Tech and Policy

• Spying for the Sake of Spying: an Op-Ed in the Washington Post by Anne Applebaum, lauded author of “Gulag” and “Iron Curtain: The Crushing of Eastern Europe, 1944-1956”:
  

  “But Bismarck couldn’t tap phones. We can. And that, as far as I can tell, explains why we were doing it. White House spokesman Jay Carney declared this week that the president is anxious to ensure ‘that we are not just collecting information because we can but because we should.’ Yet almost everything publicly known about the NSA to date indicates the opposite: The United States collects information because it can, whether or not it is moral to do so, violates the trust of allies or is a monumental waste of time and money.”
  

• Senate Committee Votes in Favor of NSA Phone-Records Snooping at Wired, and Feinstein Releases Fake NSA Reform Bill, Actually Tries To Legalize Illegal NSA Bulk Data Collection at TechDirt. The original sources: Senator Feinstein’s press release and her draft bill (pdf) which has been approved by the Senate Intelligence Committee.

• Want To Avoid Defaming Someone Online? Link To Your Sources: Law Professor Eric Goldman at the Technology & Marketing Law Blog. See also, his recent post on California’s new “do-not-track” law: How California’s New ‘Do-Not-Track’ Law Will Hurt Consumers.

• Tech Companies Are Better Off Targeting Geezers Instead Of Youngsters at Business Insider.

• Finally, a Bill to End Patent Trolling; Bipartisan Bill has Most of What Reformers Want—and a Real Chance of Passing: at ArsTechnica.

General Interest

• The 50 Greatest Breakthroughs Since the Wheel ranked by a panel of scientists, entrepreneurs, engineers and historians of technology – The Atlantic (via kottke).

• Memo to Workers: The Boss Is Watching; Tracking Technology Shakes Up the Workplace: The Wall Street Journal.

• Who Made that Coffee Lid?: New York Times Magazine.

• How to Succeed as an Author: Give up on Writing; The Rancid Smell of 21st Century Literary Success: Lionel Shriver in the New Republic.

The Case for NSA Reform – by Senator Patrick Leahy and Congressman Jim Sensenbrenner:

“[W]e were the primary authors of the USA PATRIOT Act . . . . [W]e strongly agree that the dragnet collection of millions of Americans’ phone records every day — whether they have any connection at all to terrorism — goes far beyond what Congress envisioned or intended to authorize. More important, we agree it must stop. [Today] we will introduce bicameral, bipartisan legislation that will put an end to the National Security Agency’s indiscriminate collection of personal information. Our proposal, the USA FREEDOM Act, provides stronger privacy safeguards with respect to a range of government surveillance programs. While the USA FREEDOM Act ends the dragnet collection of telephone records, it preserves the intelligence community’s ability to gather information in a more focused way, as was the original intent of the PATRIOT Act. Our bill also ensures that this program will not simply be restarted under other legal authorities, and includes new oversight, auditing and public reporting requirements. No longer will the government be able to employ a carte-blanche approach to records collection or enact secret laws by covertly reinterpreting congressional intent. And to further promote privacy interests, our legislation establishes a special advocate to provide a counterweight to the surveillance interests in the FISA Court’s closed-door proceedings.”

The USA Freedom Act: pdf

See also:

The White House on Spying: New York Times Editorial Board

Spycraft: how do we fix a broken NSA? – Reformers are still struggling to imagine an NSA that doesn’t overstep the constitution: Russell Brandon at The Verge.

Counterpoint: We Need an Invasive NSA by Harvard Law Professor Jack Goldsmith

Amateur Hour in Intelligence Gathering

“The NSA spied on other people too much, and it bungled the protection of its own secrets. Imprudence matched with incompetence doesn’t lead to anything good. We need a thorough airing out of this mess, with personnel changes where appropriate, so that the NSA can stop doing things it ought not to be doing and instead spend its energy making sure that it does a good job on what we really need it to do . . . . It’s time to call in some grown ups to clean up the mess: we would suggest a series of congressional hearings combined with a blue ribbon, bipartisan commission to review what’s happened, to consult with our key allies, and to make recommendations. We need to do this not because intelligence gathering is bad and NSA surveillance is unnecessary. We need to do it because intelligence gathering and surveillance are so important, but so dangerous, that they must be done right.”

—   Walter Russell Mead at ViaMedia