EFF in the News
Electronic Frontier Foundation technologist Jeremy Gillula advises against creating a simple code for sending important numbers, such as changing all 1s to 2s. “If you’re using a simple cipher, you might as well call up the recipient and tell them [the number] over the phone,” he says.
Some email networks are encrypted within their own systems. If you know that your recipient is using Gmail, and you’re using Gmail, the content of the messages will be protected from snooping while being sent, Gillula says. “It can thwart a passive eavesdropper, but you’re still susceptible to active attacks.”
“I think the All Writs Act litigation is most likely over,” says Electronic Frontier Foundation staff attorney Nate Cardozo. “Nothing’s saying they can’t try it again, but they’ve been burned twice.”
Instead, Cardozo and other civil liberties advocates think the fight will shift to Congress, where the government can argue that it needs a new law to govern encryption since the old laws aren’t proving effective.
When Senators Richard Burr and Dianne Feinstein introduced their anti-encryption legislation two weeks ago, their efforts were panned by technologists as “flawed and dangerous,” “ludicrous” and “technically illiterate.” The bill, titled the Compliance with Court Orders Act of 2016, is not expected to receive widespread support among lawmakers. However, Cardozo says that the demands of the bill — which would require companies to decrypt “unintelligible” data by making it “intelligible” — are merely a point from which the government can negotiate.
“This is just the opening bid,” Cardozo says of the bill. Any successful encryption legislation is likely to scale back the drastic measures proposed in the Burr-Feinstein bill, while still providing some support for the Justice Department’s interests.
"My best guess is that after yet another eleventh-hour reversal, DOJ won't bring another of these All Writs Act cases," says Andrew Crocker, an attorney with the Electronic Frontier Foundation. "Instead, I think we should expect to see even stronger efforts to pass some sort of anti-security bill in Congress—the sort of government access mandate we've seen in the Burr-Feinstein proposal."
The legality issue Airbnb raises could trip up the proposed amendments. The Communications Decency Act shields online intermediaries from liability for content generated by users of their services. That federal law aims to prevent service providers from being compelled “to actively monitor and police their users,” said Corynne McSherry, legal director of the Electronic Frontier Foundation. “That would create a chilling atmosphere for online commerce and speech.”
“The FBI could have handled this investigation in a different way, but they failed to,” Electronic Frontier Foundation staff attorney Mark Rumold told TechCrunch. The EFF has argued in another Playpen-related case that the NIT warrant was unconstitutional. “They just cast their net as wide as they could, and now they’re having to fight tooth and nail to bring these prosecutions. If they had done it in a way that was targeted in the first place, they wouldn’t have this problem,” he added.
Although this ruling is likely the end of the case against Levin, other defendants linked to Playpen are standing trial across the country. Judges in those cases are not bound to follow Young’s ruling, and those cases may still proceed. The Justice Department may also continue to bring charges against other suspected Playpen users — but Rumold says that’s not a good idea.
“At this point, there were so many problems with the way the FBI conducted this investigation that DOJ should just stop bringing these cases,” Rumold said.
“I think that it is a small percentage, but it's also very difficult to measure because frequently there is no place to report it to, and people have different ideas about what qualifies as harassment,” Eva Galperin, global policy analyst at the Electronic Frontier Foundation, told Motherboard in a phone call. “We can't really know.”
Andrew Crocker a staff attorney with the Electronic Frontier Foundation, says the San Bernardino case highlights the need for oversight of the government’s purchase and use of zero days.
“The fact that it was not useful is the biggest headline to me,” says Crocker told WIRED. “It’s a lot of money, but there’s nothing to compare it to. There’s no insight into how this fits into the [government] market for vulnerabilities. If the government is going to continue on a course of spending a lot of money on vulnerabilities that are perhaps not useful or short-lived, it’s the sort of thing that Congress should have some oversight on it.”
"Our heroic clients want to talk about the NSLs they received from the government, but they’ve been gagged—one of them since 2011," EFF Deputy Executive Director Kurt Opsahl said in a statement. "This government silencing means the service providers cannot issue open and honest transparency reports and can’t share their experiences as part of the ongoing public debate over NSLs and their potential for abuse."
Opsahl said the digital rights group would appeal Illston's decision.
“U.S. privacy laws are so far behind the rest of the world that it … falls short of the requirements of international human rights norms,” said Jeremy Malcolm, an analyst at Electronic Frontier Foundation, a San Francisco-based digital rights group.
Jennifer Lynch, a senior staff attorney with the Electronic Frontier Foundation who wrote an amicus brief in the Maryland case with Wessler, agrees.
“We’re starting to see other stingray cases bubble up, and it’s pretty fantastic that the first opinion on this came out so strongly in favor of the defendant’s Fourth Amendment rights,” she says.