Category: Privacy (Electronic Surveillance)

41

Annoy someone online (anonymously); go to jail

From Declan McCullagh (link via my annoying — but not anonymous — friend Steve Evans):

Last Thursday, President Bush signed into law a prohibition on posting annoying Web messages or sending annoying e-mail messages without disclosing your true identity. In other words, it’s OK to flame someone on a mailing list or in a blog as long as you do it under your real name. . . . Criminal penalties include stiff fines and two years in prison.

As McCullough notes, there are a number of problematic issues that arise from this. Many legitimate websites include anonymous or pseudonymous writers.

Will this law mean the end for Juan Non-Volokh, Bitch Ph.D., Plainsman, and legions of other psuedonymous and anonymous bloggers? I certainly hope not. Perhaps a big enough backlash from angry bloggers will have positive results.

UPDATE: Dan S. weighs in with a comment. The change in law affects only the intent analysis. Dan’s comment seems to indicate (correct me if I’m wrong) that the statute will still affect only those who send a “communication which is obscene, lewd, lascivious, filthy, or indecent.” (However, assuming you’re engaged in such activity, the “intent to annoy” will be enough to satisfy the intent requirement of the statute).

So it looks like you’re safe — unless you’re sexually harrassing someone via the Internet.

UPDATE 2: New thoughts from bloggers on the further-developing story: Dan Solove argues that the statute does indeed cover more than just sexual harrassment; I suggest that the provision in question may still be limited to cases of obscenity and harrassment; and Kip Esquire goes even further and questions whether the statute covers blogs at all, or whether it’s merely meant to cover internet telephony.

UPDATE 3: Further evidence that this is _not_ the end of the world as we know it: Orin Kerr notes that the First Amendment limits application of the statute; Ann Bartow argues that e-mail and blogs are not “telecommunications devices” under the statute.

0

Orin Kerr on the USA Patriot Act Compromise

My colleague Orin Kerr has gone through the nearly 100 pages of statutory text of the new USA Patriot Act renewal compromise bill. He offers his tentative conclusions here. The bill makes changes in Section 215 Orders, National Security Letters, and Sneak and Peek Warrants. Basically the changes are more recordkeeping and more judicial review — both laudable improvements. There are, however, many other problems in the USA Patriot Act as well as in the underlying electronic surveillance laws that still remain. Check out Kerr’s analysis, which is insightful and intelligent as usual. You could, of course, read the almost 100 pages of statutory code yourself, but I’m sure you’ve got a life. Thank goodness there are folks like Kerr to do it for us. That’s why we keep him around.

Related Posts:

1. Solove, National Security Letters

2. Solove, More on National Security Letters

3. Solove, The USA Patriot Act: A Fraction of the Problem

0

Hi-Tech Rat Race: Law Enforcement Surveillance and New Technology

surveillance2.jpgBrian Bergstein writes in an AP article about the issue of law enforcement surveillance and technology:

With each new advance in communications, the government wants the same level of snooping power that authorities have exercised over phone conversations for a century. Technologists recoil, accusing the government of micromanaging — and potentially limiting — innovation.

Today, this tug of war is playing out over the Federal Communications Commission’s demands that a phone-wiretapping law be extended to voice-over-Internet services and broadband networks.

Opponents are trying to block the ruling on various grounds: that it goes beyond the original scope of the law, that it will force network owners to make complicated changes at their own expense, or that it will have questionable value in improving security.

No matter who wins the battle over this law — the Communications Assistance for Law Enforcement Act, known as CALEA — this probably won’t be the last time authorities raise hackles by seeking a bird’s eye view over the freewheeling information flow created by new technology.

Read More

2

National Security Letters

confidential3.jpgDid you know that the FBI can issue a letter to an Internet Service Provider or a financial institution demanding that they turn over data on a customer? The letter doesn’t require probable cause. No judge must authorize the letter. The FBI simply issues the letter and gets the information. There’s a gag order, too, preventing the institution receiving the letter from mentioning this fact.

A recent lengthy Washington Post article examines National Security Letters (NSLs) in depth:

The FBI now issues more than 30,000 national security letters a year, according to government sources, a hundredfold increase over historic norms. The letters — one of which can be used to sweep up the records of many people — are extending the bureau’s reach as never before into the telephone calls, correspondence and financial lives of ordinary Americans.

Issued by FBI field supervisors, national security letters do not need the imprimatur of a prosecutor, grand jury or judge. They receive no review after the fact by the Justice Department or Congress. The executive branch maintains only statistics, which are incomplete and confined to classified reports. The Bush administration defeated legislation and a lawsuit to require a public accounting, and has offered no example in which the use of a national security letter helped disrupt a terrorist plot.

Read More

2

Teaching Information Privacy Law

privacy1a.jpgThis post was originally posted on PrawfsBlawg on May 10, 2005. I have made a few small edits to this post.

For the law professor readers of this blog, especially newer professors (or professors-to-be) who are still figuring out the courses they want to teach, I thought I’d recommend information privacy law as a course you might consider teaching. (I have a casebook in the field, so this is really a thinly-disguised self-plug.)

Information privacy law remains a fairly young field, and it has yet to take hold as a course taught consistently in most law schools. I’m hoping to change all that. So if you’re interested in exploring issues involving information technology, criminal procedure, or free speech, here are a few reasons why you should consider adding information privacy law to your course mix:

1. It’s new and fresh. Lots of media attention on privacy law issues these days. Students are very interested in the topic.

2. Lively cases and fascinating issues abound. There’s barely a dull moment in the course. Every topic is interesting; there is no rule against perpetuities to cover!

Read More

2

Making Universities Pay for Government Surveillance

computer-surveillance.jpg.gifIn 1994, Congress passed a law called the Communications Assistance for Law Enforcement Act (CALEA), which requires telecommunication providers to build wiretapping and surveillance capabilities for law enforcement officials into their new technologies.

A recent rulemaking by the Federal Communications Commission (FCC) significanty expands the reach of CALEA beyond telephone companies and ISPs:

The federal government, vastly extending the reach of an 11-year-old law, is requiring hundreds of universities, online communications companies and cities to overhaul their Internet computer networks to make it easier for law enforcement authorities to monitor e-mail and other online communications.

The action, which the government says is intended to help catch terrorists and other criminals, has unleashed protests and the threat of lawsuits from universities, which argue that it will cost them at least $7 billion while doing little to apprehend lawbreakers. . . .

Read More

2

Italy’s Surveillance of Cyber Cafes

italy3.jpgThis interesting story describes Italy’s strong antiterrorism laws, which require extensive monitoring of people’s use of the Internet in cyber cafes:

After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni, to make passport photocopies of every customer seeking to use the Internet, phone, or fax. . . .

Passed within weeks of the London bombings this summer, the law is part of the most extensive antiterror package introduced in Italy since 9/11 and the country’s subsequent support of the Iraq war.

Though the legislation also includes measures to heighten transportation security, permit DNA collection, and facilitate the detention or deportation of suspects, average Italians are feeling its effect mainly in Internet cafes.

Before the law was passed, Savoni’s clients were anonymous to him. Now they must be identified by first and last name. He must also document which computer they use, as well as their log-in and log-out times.

Like other owners of Internet cafes, Savoni had to obtain a new public communications business license, and purchase tracking software that costs up to $1,600.

The software saves a list of all sites visited by clients, and Internet cafe operators must periodically turn this list into their local police headquarters.

4

The USA-PATRIOT Act: A Fraction of the Problem

usa-patriot1.jpgOver at Legal Affairs Debate Club, Geoffrey Stone and Judge Richard Posner are debating the USA-PATRIOT Act. The focus of the debate thus far is on Section 215 of the USA PATRIOT Act, which states:

The Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.

Further, this section requires that the person ordered to turn over the materials shall not “disclose to any other person . . . that the Federal Bureau of Investigation has sought or obtained tangible things under this section.”

Stone calls for curtailing Section 215 and Posner comes out in favor of a modified version of it.

The problem with this debate, as with many debates over the USA-PATRIOT Act, is that it is focused only on the USA-PATRIOT Act. Many of the issues that people are debating about already existed in federal electronic surveillance law before the USA-PATRIOT Act.

Read More

3

When Clacks Squawk: The New Keystroke Surveillance

keyboard1.jpg

You thought keyboard clacking was just annoying noise. Little did you know your clacking is broadcasting what you’re typing!

Berkeley researchers have developed a way to monitor your keystrokes without installing a device into your computer. Thus, far, keystrokes can be monitored via special software or other devices installed into people’s computers (either directly or via a virus or spyware). This new technique relies on the clacking of your keyboard. According to the AP:

If spyware and key-logging software weren’t a big enough threat to privacy, researchers have figured out a way to eavesdrop on your computer simply by listening to the clicks and clacks of the keyboard.

Those seemingly random noises, when processed by a computer, were translated with up to 96 percent accuracy, according to researchers at the University of California, Berkeley.

“It’s a form of acoustical spying that should raise red flags among computer security and privacy experts,” said Doug Tygar, a Berkeley computer science professor and the study’s principal investigator.

Researchers used several 10-minute audio recordings of people typing away at their keyboards. They fed the recordings into a computer that used an algorithm to detect subtle differences in the sound as each letter is struck.

On the first run, the computer had an accuracy of about 60 percent for characters and 20 percent for words, said Li Zhuang, a Berkeley graduate student and lead author of the study. After spelling and grammar checks were deployed, the accuracy for individual letters jumped to 70 percent and words to 50 percent.

The software learned to improve as researchers repeatedly fed back the same recordings, using results of spelling and grammar checks as a gauge on correctness. In the end, it could accurately detect 96 percent of characters and 88 percent of words.