FBI Oversight Hearing - Will we get some answers?

Jeramie Scott image The Senate Judiciary Committee is holding an oversight hearing of the FBI on Wednesday, May 21. There are plenty of things to oversee with respect to FBI's programs, but here are a couple questions that interest me.

What's the status of the various privacy assessments the FBI has committed to performing?

In a previous post, I detailed how documents obtained by EPIC through a Freedom of Information Act ("FOIA") request showed how the FBI was told in early 2012 that the agency needed to do a privacy assessment of its use of License Plate Readers ("LPRs"). The FOIA documents even showed that a rough draft of a privacy assessment had been created. There is no indication that the FBI ever finished its assessment of LPRs.


NSA Reforms Move Forward in Congress - With a Clear Prohibition on Bulk Collection But Still Missing Important Transparency and Oversight Provisions

Alan Butler imageWe have focused a lot on NSA reform since the disclosure of sweeping surveillance last summer, and now Congress is finally taking steps to move the reform process forward. The House Judiciary Committee voted unanimously to pass the USA Freedom Act last week and the House Intelligence Committee followed suit shortly after, paving the way for the bill's consideration by all members of the House with strong bipartisan support. The surveillance reform bill was first introduced back in October following the disclosures of bulk surveillance on Americans.

So far civil liberties advocates have provided mixed reviews of the bill (see examples here, here, here, here, here, and here). Any progress is good, but the newly amended version of the Freedom Act is weaker in terms of its reform of National Security Letter authorities, its protection against back-door searches of Americans' communications collected under Section 702, its creation of a public interest advocate at the FISA Court, and its mandate of greater transparency. Still I think that the amended bill would provide significant protections that do not currently exist in FISA, and would be a step forward for privacy and transparency.

What follows is an in-depth analysis of the major differences between the original USA FREEDOM Act and the current amended bill that will be considered by the U.S. House of Representatives.


Argument Recap: Justices Look to Limit Warrantless Cell Phone Searches

Alan Butler imageToday the U.S. Supreme Court heard oral argument in Riley v. California and United States v. Wurie, two cases involving the warrantless search of an individual's cell phone incident to arrest. These cases present an important and fundamental Fourth Amendment question, namely, whether the police can search the entire contents of an individual's cell phone incident to any lawful arrest. As others have noted today, the Justices seemed to recognize that cell phones and other digital devices create a "new world" that justifies a modified search incident to arrest rule. But the Justices struggled throughout the arguments in both cases to identify a workable rule.

One important practical insight from Orin Kerr is that, given the short time frame for a decision (the case will be decided by mid-June), it is possible that the Justices will seek a unified majority view / author for both the Riley and Wurie opinions. Given that consideration, and the facts and arguments in Wurie, it is possible that an unexpected "middle ground" compromise will emerge focused on the plain view doctrine. But regardless of the particular rule, it seems very unlikely that the Justices will endorse the broad categorical rule that all individuals cell phones are subject to limitless search incident to arrest. And if the Court can't agree on a compromise solution, Justice Kagan might have enough votes for a categorical ban on warrantless cell phone searches.


White Hat, Black Hat, Bleeding Heart

Julia Horwitz imageLet's start with the Heartbleed bug.

Since the announcement of Heartbleed last week, everyone has been paying attention to security vulnerabilities - a typically niche technical subject. Most internet users are, rightfully, concerned. What can they can do to protect themselves in the short term? What can Internet providers and government agencies do to help protect them in the long run? In a series of posts, I will identify and discuss the technology and policy issues involved in this important question: how can we keep the Internet secure and protect user privacy?


There Are No OLC Opinions About PRISM or 215, So Who Decided It Was Legal?

Alan Butler imageIn light of the President's recent announcement that the NSA's bulk collection of telephone metadata will end, there is a renewed interest in Congress to revise U.S. surveillance laws. At the same time, the Privacy and Civil Liberties Oversight board is conducting its review of the bulk collection of international communications under the Section 702 / PRISM program. While these oversight and reform efforts are underway, it is important to consider the policy-making process that authorized these programs in the first place.

Two Freedom of Information Act cases, one brought by EPIC following the disclosures last summer and another brought by the ACLU several years before, attempt to get to the heart of this question. Both cases lead to the same shocking conclusion - that the Department of Justice Office of Legal Counsel, which played a central role in the initial decision to implement the warrantless wiretapping program, was not involved in the decision to transition those surveillance programs to new FISA authorities.


The FBI is "Working" on an Updated Privacy Statement for Facial Recognition

Jeramie Scott imageFacial recognition technology presents a serious risk to privacy and civil liberties because it can so easily be deployed covertly, from a distance, and on a mass scale. There is little to no precautions that can be taken to prevent collection of one's image. Participation in society inevitably involves exposing one's face, whether it's on the public streets or through social media. Ubiquitous and near-effortless identification eliminates an individual's ability to control their identity and poses special risk to the First Amendment rights of free association and free expression, particularly for those who engage in lawful protests. The FBI's ever expanding use of facial recognition technology could render anonymous free speech virtually impossible.

For at least 10 years, the FBI has been testing and using facial recognition. This is evidenced by a February 19, 2004 Privacy Impact Assessment ("PIA") conducted by the FBI for the "Computer Aided Facial Recognition Project." The project sought to assist the University of Sheffield in its testing of a particular method of facial recognition. The PIA makes clear that the FBI wanted "to develop a semi-automated tool enabling FBI examiners to extract facial landmark measurements from question images (such as, bank Surveillance photos) and conduct one-on-one comparisons with known images of a suspect in custody."

More recently, the FBI has been working on incorporating facial recognition technology into its Next Generation Identification ("NGI") program.


Sometimes In Class Action Settlements Plaintiffs Gain Nothing, But Risk Everything

Julia Horwitz imageWhen I refer to the Constitution's "Double Jeopardy Clause," people know what I mean. You can't be tried twice for the same crime. Many have seen the Ashley Judd movie, where her character is wrongly convicted of a murder and therefore free to kill with impunity when she is released form prison. But there is a counterpoint to the Double Jeopardy Clause, and it kind of works the other way. You can't relitigate an issue you've already brought to court. That concept is called res judicata, and it creates an interesting problem when applied to consumer class action lawsuits, like the recent Facebook privacy suit.


Offensive Cyber Operations and America's Grand Strategy Mistake

David Husband image

There should be a serious, public debate about the value of offensive cyber operations for American security versus the costs. There are indications that this debate has occurred behind the scenes, but if we have learned anything from the NSA surveillance scandal, it is that the American people should be involved in the debate. It is the American people who should be setting the terms of whether we should even engage in this war and, if we choose to do so, to what extent we should prosecute the war. This debate, quite frankly, should be far more public than it has been. It is high time that Americans are aware of what is being done in our name in the realm of national security, when the potential blowback and costs are so high.


New Reports Reveal Flaw in Government's Justification for NSA Metadata Program

Alan Butler imageNew reports from the Wall Street Journal and the Washington Post reveal that the NSA's collection of telephone call records under Section 215 of the USA PATRIOT Act is not as "comprehensive" as the Government previously described. Officials now estimate that less than 30% of domestic calls are collected under the 215 program because the collection does not cover records from most cell phone carriers. This severely undercuts the government's two main justifications for the bulk metadata collection program: (1) that it is necessary to have comprehensive call records to conduct link analysis and (2) that querying the database can provide "peace of mind" by indicating that no terrorist links exist. In light of this new revelation, it is now more clear than ever that this program is ineffective and has to end.

But let's look in a bit more detail at how both justifications fall apart because the NSA collects a skewed subset of telephone records.


Welcome to EPIC's Privacy Rights Blog!

Today EPIC is launching our Privacy Rights Blog. The goal of the blog is to expand on our coverage of emerging privacy and open government issues by publishing extended posts written by EPIC staff and special guests. We will post our thoughts on recent news items, legal developments, and policy issues. If you have comments, questions, or suggestions for future blog topics, please contact us at blog [at] epic [dot] org. Thanks for reading!