Privacy SOS

Week in Review: Technology News You Can Use

PRIVATE/PUBLIC SURVEILLANCE PARTNERSHIP TO FUEL TRUMP’S DEPORTATION MACHINE

From Verge: ICE is about to start tracking license plates across the US

Verge reports that Immigration Customs Enforcement is expanding its agents’ access to the country’s largest location tracking database, maintained by a private corporation called Vigilant Solutions. The firm collects license plate location data from repo trucks and law enforcement nationwide, storing the information in a centralized database—a one stop shop for cops and federal agents who want to know where someone has been, or where they’ve ended up. Anyone with access to the database can track the locations of cars throughout the United States going back at least five years, and even get alerts in real time when a specific car is captured by one of Vigilant’s networked cameras. In 2014, Vigilant sued the state of Arkansas over a statute that aimed to outlaw its core business. Vigilant filed a similar lawsuit against the state of Utah that year.

 

HUH? AT&T PUSHES FOR AN “INTERNET BILL OF RIGHTS” 

From Motherboard: AT&T’s Push for a Fake Net Neutrality Law Begins in Earnest

AT&T took out full page advertisements in several newspapers like the New York Times and Washington Post in which it called for the creation of an “internet bill of rights.” AT&T CEO Randall Stephenson wrote that the “[l]egislation would not only ensure consumers’ rights are protected, but it would provide consistent rules of the road for all internet companies across all websites, content, devices and applications.” This may sound odd coming from a company that spent more than $16 million lobbying for the repeal of net neutrality. It’s the very same company that once charged consumers extra to opt out of being spied on, and was fined $105 million for making it harder for customers to see fraudulent charges on their bills. AT&T’s push for “net neutrality legislation” is likely fueled by the fear that the FCC’s order to dissolve neutrality will be repealed. The ISP-backed bill wouldn’t actually institute neutrality. Instead, it would ban actions that ISPs don’t likely care to engage in, such as blocking access to entire websites. The bill doesn’t address the core issues at the heart of consumers’ actual concerns, like usage caps, overage fees, or paid prioritization.

 

FISA REAUTHORIZED UNTIL 2023 

From Verge: Senate Passes Bill to Renew Controversial NSA Spying Powers

On January 18th, the Senate voted to reauthorize the FISA Amendments Act, which allows for widespread spying under Section 702. Under the guise of foreign surveillance, the NSA uses the FAA to extensively collect Americans’ private communication and internet activity. The reauthorization also allows “about” surveillance, enabling the NSA to retain conversations that simply mention a surveillance target. The FBI will continue to have access to the data collected under the surveillance authority, and will be able to use it in domestic law enforcement investigations totally unrelated to foreign intelligence. Several members of the House had proposed an amendment which would have prohibited “about” collection and granted Americans more privacy protections, but it failed.

 

LOCAL COPS CAN DO WHAT?! 

From Motherboard: Florida Cop Bought Powerful Phone Malware that can Intercept Emails and WhatsApp

Jim Born, a retired Department of Law Enforcement officer, bought FlexiSpy, a program which allows the user to capture social media messages, emails, and other personal data. He explained that it was “probably a program I used on a case or tried it to understand how it worked. Nothing nefarious.” This is the first reported incident of a state law enforcement officer purchasing this kind of spying software. It appears that Born bought the malware on his own instead of discussing it with his supervisors and documenting it. Riana Pfefferkorn, a cryptography fellow at the Stanford Center for Internet and Society, questioned the legality of Born’s actions. “If the malware was ‘used on a case,’ how exactly did he use it, and why did he apparently not document that? Did he get the appropriate court order? Given the functionality of FlexiSpy, it would seem to require a wiretap order, not just a search and seizure warrant.” FlexiSpy requires manual installation on the targeted device, but installation only takes about a minute, and officers have many cell phones in custody.

 

ACLU, BRENNAN CENTER FOR JUSTICE, EFF, RESTORE THE FOURTH, AND THE R STREET INSTITUTE FILE AMICUS BRIEF TO PROTECT FOURTH AMENDMENT 

From ACLU: Does a US Warrant Extend to Data Held Abroad?

Last week, a coalition filed an amicus brief on behalf of Microsoft Corporation in Microsoft Corp. v. United States. The issue at the heart of this case is whether a US search warrant can compel an organization to retrieve and turn over data that is stored abroad. Back in 2013, Microsoft received a warrant demanding it provide the government with all emails and information it possessed for a specific user. Microsoft returned the small amount of information stored on its US servers, but it refused to give the government most of the users’ information because it was stored at an Ireland datacenter. The company held that the warrant does not apply to information stored outside of the US. A US district court then mandated that Microsoft turn over the information, so the company appealed. Microsoft won the appeal, because the court determined that that warrant would be executed in Ireland and not the US. The DOJ then appealed that decision, and the Supreme Court will hear the case on February 27th.

It is a critically important case to watch. The government’s view, if adopted by the high court, would have extremely dangerous consequences. First, the government seeks to convince the court that Microsoft employees’ copying or transferring of user emails is not a search; it only becomes a search once employees give the government that information. If the Court adopts this view, it would mean government proxies who search and seize information abroad are not actually engaging in search and seizure until the information is given to the government. Second, the government has argued that a subpoena should be sufficient to search and seize Microsoft’s emails. Subpoenas do not require a judge’s approval. Finally, if the US can seize foreign data by using US law, foreign governments may try to seize Americans data by using foreign law.  

This edition of Week in Review was written by Iqra Asghar, an intern with the ACLU of Massachusetts’ Technology for Liberty Program.

© 2018 ACLU of Massachusetts.