“When everything is classified, then nothing is classified…The system becomes one to be disregarded by the cynical or the careless and to be manipulated by those intent on self-protection or self-promotion.” ~ Justice Stewart, New York Times v. United States, 1971.
Last week, the White House issued the so-called ‘WikiLeaks’ Executive Order, which mandates better security for the nation’s classified computer systems. While ensuring that the government has better security over its own systems is a good goal, it fails to address an equally important problem: the American government’s addiction to overclassification, which goes far beyond the appropriate and effective means necessary to safeguard real secrets.
The Order, announced nine months ago, was put on “a relatively fast track” by the administration, according to Secrecy News, yet the much more meaningful changes to the classification system President Obama pledged to implement at the very beginning of his presidency have been all but ignored.
In 2009, President Obama famously promised “an unprecedented level of openness” in his administration, and a lynchpin in his open government plan was an overhaul of the government’s bloated secrecy system. In a memo on classification on May 27, 2009, he directed all government agencies to aggressively tackle the problem of overclassification and find ways to reduce the number of classified documents. Included in his proposals were a National Declassification Center and “the possible restoration of the presumption against classification."
He wrote the memo for good reason. The amount of sensitive information held by the government at the end of the Bush Administration was extraordinary, as Suffolk Law Professor Alastair Roberts illustrates, using the largest leak in U.S. history—the WikiLeaks cache—as a starting point:
[T]he leaked State Department cables might have added up to about two gigabytes of data—one-quarter of an eight-gigabyte memory card. By comparison, it has been estimated that the outgoing Bush White House transferred 77 terabytes of data to the National Archives in 2009. That is almost 10,000 memory cards for the White House alone. The holdings of other agencies are even larger.
And the problem is even older than that. Several US Commissions, including one chaired by Senator Moynihan in the mid-90s and the 9/11 Commission in the last decade, found that unnecessary classification was rampant. EFF’s FOIA work is often thwarted by government claims under Exemption 1 of the Freedom of Information Act, which prevents the release of classified information.
Unfortunately, besides the most peripheral and cosmetic changes, government secrecy has only increased since Obama took office. Last year, as part of their Washington Post series and subsequent book Top Secret America, Dana Priest and William Arkin reported, “An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.” Yet incredibly, when the government released its official count as part of an intelligence community report to Congress two months ago, the number of people holding the Top Secret clearance had ballooned to 1,419,051. And the same report noted that 4.2 million people hold some level of security clearances for access to classified information.
Document classification, already at record highs under the Bush Administration, has continued to explode as well. The government classified a staggering 77 million documents in 2010, a 40% increase over the previous year.
With so much information stamped “secret,” leaks to the media are inevitable. On October 4th, the New York Times reported on just that: the “growing phenomenon” of public but classified information.
The older and larger drone program in Pakistan, for instance, is a centerpiece of American foreign policy, discussed daily in the news media — but it cannot be mentioned at a public Congressional hearing. The State Department cables published by WikiLeaks can be found on the Web with a few mouse clicks and have affected relations with dozens of countries — but American officials cannot publicly discuss them.
Nowhere was this absurdity starker than when the media reported on the death of Yemen’s alleged al-Qaeda leader Anwar al-Awlaki, a U.S. citizen, at the hands of a (classified) C.I.A. drone. The evidence against him, the panel of U.S officials who decided he was to be put on a “kill list,” and the legal memo “authorizing” his killing were all “Top Secret,” despite the extraordinary constitutional implications of extrajudicially killing an American citizen.
While technically secret, these stories were plastered over the front pages of newspapers every day for one reason: leaks from government officials to journalists. Leaks of classified information, both helpful and damaging to administrations, have been commonplace for decades, and the Obama administration is no different.
But while high-level White House officials continually leak Top Secret information to justify their covert actions and to combat criticism, Obama’s Justice Department is also engaged in an unprecedented campaign to prosecute lower-level whistleblowers that leak information to the press in the name of public interest. This is in contradiction of another pledge Obama made to protect and strengthen whistleblower protections during his 2008 campaign. His administration, in just two and a half years, has indicted fiveleakers under the Espionage Act. That’s more than every president since Richard Nixon—combined.
In addition, the Justice Department is currently trying to indict WikiLeaks for publishing classified information—a case that has huge First Amendment implications and could potentially criminalize portions of national security journalism.
By keeping everything “secret” and selectively prosecuting leakers, Obama is, as Glenn Greenwald put it, “trumpeting information that makes the leader and his government look good while suppressing anything with the force of criminal law that does the opposite.”
The government’s secrecy obsession has many remedies, however. J. William Leonard, George W. Bush’s former “classification czar,” thinks overclassifiers should be sanctioned. The Brennen Center just released a series of innovative proposals—from requiring a written explanation every time a document is stamped ‘secret,’ to allowing authorized clearance holders to win cash prizes for successfully challenging an improperly classified document.
Or Obama could just implement the ideas he already proposed two years ago.
As several international organizations hatch new ways to impose control over online activities, genuine multi-stakeholder input in policy development becomes extremely crucial. The sixth UN Internet Governance Forum (IGF), held in Nairobi, Kenya, was an important venue for discussing competing models for governing the Internet.
EFF played a pivotal role in shaping the dialogue at this forum, and we were able to push our policies to enhance free expression and privacy, while preventing various government and corporate efforts at mobilizing Internet intermediaries to police the Internet. EFF explained why the effort to utilize Internet intermediaries--from Comcast to Youtube--as tools for surveillance and censorship is a dangerous and misguided policy that will impede innovation and freedom of expression.
EFF supported the CoE’s principles because they create a solid foundation by stating that any Internet governance arrangement must ensure protection of fundamental rights, democracy and the rule of law. The CoE also adopted a resolution recognizing that the right to freedom of expression is fully applicable to domain names. We also praised the U.N report on Freedom of Expression and Opinion for freeing private entities from the burden of policing the Internet. “...Censorship measures should never be delegated to a private entity, and that no one should be held liable for content on the Internet of which they are not the author...”
We reiterated our criticism of the OECD Internet governance principles adopted in June, for encouraging states to turn Internet intermediaries into Internet cops. These intermediaries are uniquely placed to exert an unprecedented level of censorship and surveillance since our most valuable information is transmitted through their services. Such new measures that seek Internet companies to deter infringement give Internet companies powerful incentives to surveil their customers.
Dramatic examples of intermediaries becoming spies, censors, and informants abound. In the U.S., the Department of Homeland Security is using domain name registrars to confiscate domain names accused of copyright infringement (EFF is fighting these improper seizures).
In Ireland, ISPs have voluntarily begun cutting off citizens from the Internet based on allegations of copyright infringement. Several major U.S. Internet access providers struck a deal with big content industry to cut user’s Internet access based on allegations of copyright infringement. Yet millions of subscribers who will be governed by the deal were absent from the discussion.
During the meeting, we asked OECD member countries to further improve its multi-stakeholder discussions in future negotiations on Internet intermediaries to achieve consensus among all stakeholders. The process must respect international human rights as a baseline for any policy dialogue.
The users must be represented in the development of Internet policy because the future of the Internet is too important to be left to companies and governments alone.The only way to get users’ views involved is a multi-stakeholder process, providing versatility, quicker responsiveness to changing situations, and an opportunity to directly persuade governments.
Multi-stakeholder processes cannot be multi-stakeholder in name only. Civil society must ensure the users’ inputs are included, and not left by the wayside. We should remain wary of the risk of multi-stakeholder processes being rendered moot by secret negotiations that circumvent transparent discussion. While negotiations at the OECD were held in Paris, recent documents disclosed by a Freedom of Information Act request revealed how, according to Wired, U.S. top ranking officials actively participated in “secret negotiations between Hollywood, the recording industry, and ISPs to disrupt access for users suspected of violating copyright law.” Such backroom deal-making cut the users out, to the detriment of the web's future.
The informal nature of IGF provided a vibrant space where all participants could debate openly. The forum, which was attended by governments, non-profits and companies from around the world present an amazing opportunity to reach out to governments and build global coalitions with civil society and like-minded organizations. More than ever, International cooperation among civil society needs to be strengthened to muster public outcry. EFF will continue to move forward policies that protect the open Internet and affirm existing limits on the liability of Internet intermediaries. We will continue to oppose legal and policy frameworks that encourage Internet intermediaries to filter and block online content or disconnect users from the Internet.
This week marks the 25th anniversary of the Electronic Communications Privacy Act (ECPA), the main federal law setting standards for government access to electronic communications like email.As we’ve been saying for years, ECPA is woefully outdated, putting Americans’ privacy at risk.
That’s why EFF is a co-sponsor of Tuesday’s press conference about updating privacy law for the 21st Century.Senator’s Ron Wyden (D-OR) and Mark Kirk (R-IL) will discuss the changes needed to ensure privacy rights as technology continues to advance.
But the 1980s weren’t all bad news.If you are in Washington, D.C., you should Party Like it’s 1986 on the evening of Oct. 20.It will be a chance to celebrate what was great about the 80s while showing support for improved privacy law.And remember to sign the petition calling on Congress to update the law to safeguard our digital privacy.Americans deserve more than yesterday’s laws when using today’s technology.
Two years ago, civil society organizations met in Madrid to draft a Declaration that reaffirmed international standards for Internet privacy. On October 31, civil society groups will meet again in Mexico City to review the Madrid Privacy Declaration and examine privacy laws and policies in Latin America and around the world. This gathering is being organized by The Public Voice, a coalition of global civil society groups that promotes privacy and free expression on the Internet. EFF is part of this coalition and will be presenting at the conference. The event will be held in conjunction with the 33rd Data Protection and Privacy Commissioners Conference.
The Public Voice conference will review the protection of privacy rights outlined in the Madrid Privacy Declaration and consider strategies to expand these protections. It will also look at larger questions such as whether privacy and data protection is really dependent on cultural and generational differences as is often claimed.
Is it true that some countries and communities are more tolerant of privacy invasions and data sharing? How can policy analysts determine what people around the world really think about their right to privacy? How do governments make use of this information as they develop privacy policies and legislative measures? The Public Voice conference will look at whether legislation and implementation of national privacy laws actually reflect the needs of civil society.
Other panels at the Public Voice will examine specific issues such as how social media can be used to help safeguard freedom of expression without undermining norms and laws protecting privacy. Evolving data protection legislation will be discussed, such as the complex Droit d' Oubli or “right to forget” concept that was first debated in France and is now being promoted by Viviane Redding, European Commissioner responsible for justice, fundamental rights and citizenship. Can digital communications technology support a right that prevents individuals from being held accountable for unguarded actions of their past?
In addition to policy issues, the Public Voice conference will help raise public awareness of emerging surveillance technologies such as facial recognition applications, employment verification programs, automobile black boxes, Internet identification systems and emerging technologies like smart meters that track electricity usage. Panels will consider how the public can access different forms of tracking technology for private use. How do these new forms of technology threaten privacy? What happens when collecting intimate details about a person’s life is valued above all else? Can technology, policy and innovation work together to support both privacy and security?
These questions are particularly pressing in Latin America where many democratically elected governments still fail to respect human rights, including the right to privacy. There have been multiple scandals involving government officials and intelligence agencies engaged in illegal surveillance and misuse of interception technologies to spy on politicians, dissidents, judges, human rights organizations and activists. Disclosed data gathering programs have provided a glimpse of concealed surveillance architectures that are used as political tools to identify, control and stifle dissent.
Members of civil society deprived of their privacy must fight back! Show the world how surveillance technology impacts human rights and freedom of expression. Help pressure governments in Latin America and throughout the world to pass meaningful privacy protections. Registration for the Public Voice event is free. Come and join us. Blog and tweet the discussions at #tpv11. Fight for everyone’s right to privacy!
Before the Public Voice conference, EFF will visit evolving hackerspaces in Mexico. Join us for the HackLab event HACKMITIN 2011 from October 28 – 30. Learn more about hacklabs in Mexico. See you there.
Occupy Wall Street has called for a global day of action on October 15, and protesters are mobilizing all over the world. In the United States, the Occupy Wall Street movement has already spawned sizeable protests in New York, Washington DC, Boston, Seattle, San Francisco, Oakland, Austin, and other cities. Several of these movements have faced opposition from their local police departments, including mass arrests.
Protesters of all political persuasions are increasingly documenting their protests -- and encounters with the police -- using electronic devices like cameras and cell phones. The following tips apply to protesters in the United States who are concerned about protecting their electronic devices when questioned, detained, or arrested by police. These are general guidelines; individuals with specific concerns should talk to an attorney.
1. Protect your phone before you protest
Think carefully about what’s on your phone before bringing it to a protest. Your phone contains a wealth of private data, which can include your list of contacts, the people you have recently called, your text messages, photos and video, GPS location data, your web browsing history and passwords, and the contents of your social media accounts. We believe that the police are required to get a warrant to obtain this information, but the government sometimes asserts a right to search a phone incident to arrest -- without a warrant. (And in some states, including California, courts have said this is OK.) To protect your rights, you may want to harden your existing phone against searches. You should also consider bringing a throwaway or alternate phone to the protest that does not contain sensitive data and which you would not mind losing or parting with for a while. If you have a lot of sensitive or personal information on your phone, the latter might be a better option.
Password-protect your phone - and consider encryption options. To ensure the password is effective, set the “password required” time to zero, and restart phone before you leave your house. Be aware that merely password-protecting or locking your phone is not an effective barrier to expert forensic analysis. Some phones also have encryption options. Whispercore is a full-disk encryption application for Android, and Blackberry also has encryption tools that might potentially be useful. Note that EFF has not tested these tools and does not endorse them, but they are worth checking into.
Back up the data on your phone. Once the police have your phone, you might not get it back for a while. Also, something could happen, whether intentional or not, to delete information on your phone. While we believe it would be improper for the police to delete your information, it may happen anyway.
2. You’re at the protest – now what?
Maintain control over your phone. That might mean keeping the phone on you at all times, or handing it over to a trusted friend if you are engaging in action that you think might lead to your arrest.
Consider taking pictures and video. Just knowing that there are cameras watching can be enough to discourage police misconduct during a protest. EFF believes that you have the First Amendment right to document public protests, including police action. However, please understand that the police may disagree, citing various local and state laws. If you plan to record audio, you should review the Reporter’s Committee for Freedom of the Press helpful guide Can We Tape?.
3. Help! Help! I’m being arrested
Remember that you have a right to remain silent -- about your phone and anything else. If questioned by police, you can politely but firmly ask to speak to your attorney.
If the police ask to see your phone, you can tell them you do not consent to the search of your device. They might still legally be able to search your phone without a warrant when they arrest you, but at least it’s clear that you did not give them permission to do so.
If the police ask for the password to your electronic device, you can politely refuse to provide it and ask to speak to your lawyer. Every arrest situation is different, and you will need an attorney to help you sort through your particular circumstance. Note that just because the police cannot compel you to give up your password, that doesn’t mean that they can’t pressure you. The police may detain you and you may go to jail rather than being immediately released if they think you’re refusing to be cooperative. You will need to decide whether to comply.
4. The police have my phone, how do I get it back?
If your phone or electronic device was illegally seized, and is not promptly returned when you are released, you can file a motion with the court to have your property returned. If the police believe that evidence of a crime was found on your electronic device, including in your photos or videos, the police can keep it as evidence. They may also attempt to make you forfeit your electronic device, but you can challenge that in court.
Cell phone and other electronic devices are an essential component of 21st century protests. Whether at Occupy Wall Street or elsewhere, all Americans can and should exercise their First Amendment right to free speech and assembly, while intelligently managing the risks to their property and privacy.
The saga of the lost iPhone prototype -- the 2010 incident at least, not the most recent one -- has finally concluded. On Tuesday, Brian Hogan (who allegedly found the iPhone 4 prototype in a Redwood City bar) and Sage Wallower (who allegedly helped Hogan contact various web sites about the find) pleaded no contest to misdemeanor theft and were sentenced to probation, 40 hours of community service, and $250 each in restitution payments to Apple.
As part of the criminal investigation surrounding the incident last year, agents with the Rapid Enforcement Allied Computer Team (REACT), a "partnership of 17 local, state, and federal agencies" focused on computer-related crime in the Bay Area, executed a warrant and raided the home of Gizmodo editor Jason Chen, searching for evidence related to Gizmodo's scoop about the lost phone. As we repeatedlypointed out at the time, regardless of whether Chen or Gizmodo could have been charged with any crime related to obtaining and discussing the phone, state and federal law plainly barred the issuance and execution of the search warrant directed at journalist-held information "obtained or prepared in gathering, receiving or processing of information for communication to the public." While never discussing the matter directly, the San Mateo D.A.'s office tacitly conceded as much three months later when they petitioned the court to withdraw the warrant.
It turns out that prosecutors concluded that neither Chen nor Gizmodo did anything wrong after all. Legally, that is. Speaking to CNET.com earlier this week, San Mateo County District Attorney Steven Wagstaffe said that there was not sufficient evidence to charge anyone associated with the tech site with "possession of stolen property" or "extortion." Nevertheless, Wagstaffe took it upon himself to deride the quality of the improperly-seized, unpublished correspondence between the Gizmodo editors, describing it as "juvenile."
"It was obvious that they were angry with the company about not being invited to some press conference or some big Apple event. We expected to see a certain amount of professionalism--this is like 15-year-old children talking," Wagstaffe said. "There was so much animosity, and they were very critical of Apple. They talked about having Apple right where they wanted them and they were really going to show them."
San Mateo law enforcement officers are in no position to comment on professionalism in this matter. Illegally breaking into the home of a journalist and seizing his property is profoundly troubling, especially as law enforcement shows no apparent sign of remorse or of learning from their mistake. Indeed, one cannot avoid feeling a sense of deja vu upon hearing the recent news of the questionable police-escorted search of a San Francisco home by Apple employees apparently looking for another lost iPhone prototype. As it was their agents who did not comply with the law, Wagstaffe and the San Mateo County Sheriff's Office owe Chen and Gizmodo an apology, not snide commentary, now that the matter has concluded.
Just three months ago, we at EFF expressed our disappointment with Australia's two largest Internet service providers (ISPs), Telstra and Optus, for agreeing to implement a filtering scheme after a filtering bill from the Australian government failed to pass.
The blocked sites were to include "the appropriate subsection of the Australian Communications and Media Authority (ACMA) blacklist as well as child abuse URLs that are provided by reputable international organisations," according to News.com.au. Now, in conjunction with the Christian organization Mothers' Union, UK Prime Minister David Cameron has decided to take similar measures, enacting a plan with four of Britain's major ISPs—BT, TalkTalk, Virgin, and Sky—to block access to pornography, gambling, self-harm, and other blacklisted websites. The "good news" is that the filtering isn't mandatory: New customers will be required to select between a filtered and unfiltered connection, while existing customers will be offered the same choice via email. The bad news, on the other hand, is extensive.
First, the plan lacks transparency. The blocked categories are vague in nature, and the list's origins unknown. Not only do the categories contain legal content in some cases, but there is significant room for overblocking. For example, one filtering tool used by several Middle Eastern governments categorizes Tumblr.com as pornography, because several pornographic blogs are hosted on the platform.
Second, customers of ISP TalkTalk who opt out are still monitored, says University of Cambridge security research Richard Clayton, who in May noted a series of privacy concerns relating to TalkTalk's use of the HomeSafe system, the same system the ISP intends to use for filtering. According to Clayton, "the company scans all web addresses that its customers visit regardless of whether they have opted-in to the service."
Third, opt-in services create privacy concerns. Users who choose to opt out of the "bad" content filter are then on one list. The plan does not in include privacy protections for the people who choose to opt out. The list could potentially be made public, shaming users who would prefer their Internet with its pornography, gambling, and self-harm websites intact.
Lastly, as ZDNet's Violet Blue points out, the decision by PM Cameron and Mother's Union is based on the Bailey Report [PDF], a UK Department for Education report that relied heavily upon phone surveys with parents, input from Christian organizations, and a Murdoch-funded Australia Institute report entitled Youth, Sex, and the Internet.
Time and time again, filtering based on blacklists has proven to be overbroad, blocking access to some offensive websites at the cost of many legitimate ones. Parents have plenty of Internet filtering options which they can implement by installing software on their computers at home without having to resort to filtering at the ISP level, especially given the potential privacy risks this plan may pose for Internet users throughout the UK.
For the past six months, EFF has strongly supported SB 914, a bill recently passed by the California state legislature that would require police officers to get a warrant before searching through an arrested suspect’s cell phone.
Last month, the bill received overwhelming support from both Democrats and Republicans, passing the California State Assembly 70-0 and then the State Senate, 32-4. Despite such strong bipartisan support, Governor Brown disappointingly vetoed the bill (PDF) yesterday.
SB 914, written in response to the California Supreme Court decision in People v. Diaz, upheld basic constitutional principles. It just maintained Fourth Amendment protection to the contents of cell phones, requiring officers to show a judge there is probable cause that the phone has evidence of a crime before it is searched incident to arrest.
The bill was strongly opposed by law enforcement groups, yet SB 914’s effect on the police’s ability to do its job would be almost non-existent. As we pointed out in May, “cell phones pose no danger to the police, the threat of destruction of evidence can be easily remedied through simple preservation methods, and many arrests do not result in criminal prosecution at all.”
Privacy rights, however, will now take a major hit thanks to Gov. Brown’s veto.
As we warned when the bill was up for a vote, “Without SB 914, officers can use a pretextual arrest to casually browse the data on a person's cell phone for any reason, even if that person is never charged with a crime.” Smart phones, of course, contain a wealth of personal information, far beyond just call logs and address books. They store text messages, emails, photo albums, Internet browsing history and GPS location technology – and police will have unfettered access to all of it, even if they don’t suspect there is any evidence of a crime on the device.
This should be especially concerning for Californians involved in large protests and rallies. As we've seen in the recent Occupy Wall Street protests in New York, Seattle, Boston, and now San Francisco, the police have arrested protestors under a variety of pretenses. With Governor Brown’s veto, law enforcement will now be free to search through the cell phone of any arrested protestor and use its contents as evidence for alleged crimes that may have nothing to do with protesting. Because individuals in such circumstances don't have court or legislative protection in California, they should be aware of just what kinds of information are stored in their mobile devices. Where possible, they should also consider taking technical steps, such as disk encryption, to protect their data.
Despite the obvious privacy concerns, Governor Brown’s statement noted “Courts are better suited to resolve the complex and case specific issues relating to constitutional search-and-seizures protections.”
But as law professor Orin Kerr explained, Governor Brown actually has it backwards: a temporary legislative fix is much preferable to waiting for the courts.
It is very difficult for courts to decide Fourth Amendment cases involving developing technologies like cell phones. Changing technology is a moving target, and courts move slowly: They are at a major institutional disadvantage in striking the balance properly when technology is in flux…In contrast, legislatures have a major institutional advantage over courts in this setting. They can better assess facts, more easily amend the law to reflect the latest technology, are not stuck following precedents, can adopt more creative regulatory solutions, and can act without a case or controversy.
In fact, just last week, the United States Supreme Court declined to hear an appeal of California v. Diaz, ensuring the ultimate issue would remain unresolved by the nation’s highest court in the near future.
SB 914 was a much-needed fix for privacy violations happening now. Two cases, both decided in the last few weeks, are stark examples of where the Diaz decision is rapidly taking us. The routine privacy violations that EFF predicted would happen are now real and dangerous and we need legislative action to correct them.
In In re Alfredo C(PDF), police arrested a juvenile suspected of vandalism for spray painting graffiti in an alley. Despite being caught literally red handed, with spray paint on his hands and clothing, officers searched the juvenile, found a digital camera, and searched it without a warrant. The search was found reasonable on the basis of Diaz.
Similarly, in People v. Nottoli, (PDF) the defendant was pulled over for speeding. While talking with the defendant, officers suspected he was under the influence of drugs and placed him under arrest. Despite finding plenty of evidence of drug use in the defendant’s car, officers decided to nonetheless search his cell phone without a warrant. Again, the court found that the opinion in Diaz justified the search.
While Governor Brown’s veto of SB 914 is a setback for cell phone privacy, we will continue to fight for your rights. With strong support from both parties in the California state legislature, as soon as the bill can be brought up again, EFF will make sure Governor Brown reconsiders his extremely disappointing decision.