Newly Released Memo Tries (And Fails) To Justify Broad Surveillance

The New York Times has reported that the Justice Department has released a newly declassified version of a May 2004 legal memo regarding warrantless surveillance and data collection activities that President George W. Bush secretly authorized after the terrorist attacks of Sept. 11, 2001.

According to the Times,

The Justice Department’s conclusion that the email metadata program was illegal led to a March 2004 confrontation between White House and department officials in the hospital room of Attorney General John Ashcroft, after which nearly the entire top leadership of the department threatened to resign, prompting President Bush to agree to changes.

On May 6, 2004, Mr. Goldsmith, who had taken over as the head of the Office of Legal Counsel the previous year and had reached the conclusion that the Internet data program was illegal, completed a 108-page memo that fully reassessed all aspects of the program.

Mr. Goldsmith concluded that the president’s wartime powers both as commander in chief and under Congress’s authorization to use military force against Al Qaeda were sufficient to overcome requirements in theForeign Intelligence Surveillance Act, or FISA, for court approval for most of the program.

“The president has inherent constitutional authority as commander in chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States,” he wrote. “Congress does not have the power to restrict that authority.”

The theory proposed in the Memo still seem tenuous.  The suggestion that a wartime footing — even if applicable — would permit widespread surveillance in violation of the Fourth Amendment finds no basis in the text or history of the Amendment. Moreover, the scope of the program would allow for broad searches unrelated to any individualized suspicion of wrong doing.

The United States Supreme Court has held that police generally may not, without a warrant, search digital information on a cell phone seized from an individual who has been arrested.

In a 2010 law review article, I predicted precisely this result. I wrote:

The challenge smart phones pose is that the devices contain information and communications that people reasonably expect to be free from intrusion, even when placed under arrest. . . . society is willing to recognize that expectation of privacy is reasonable, and to impose tighter limits on law enforcement‘s review of cell phone data than, for example, law enforcement‘s review of what numbers were dialed. This does not mean that law enforcement should never be permitted to review the contents of cell phones incident to arrest without a warrant, as exigent circumstances and other law enforcement needs may justify exceptions.

Arrests, even for minor offenses, such as seat belt violations, are not uncommon and could permit police unprecedented access into data stored on electronic devices held by the arrestee.328 To continue to treat advanced devices like smart phones as containers under an analytical doctrine originally developed when such devices were nonexistent or new329 would be to permit the use of technology that is commonly available and used by the public to erode the privacy guarantees of the Fourth Amendment. Instead, courts should recognize that certain electronic devices are reasonably likely to contain intimate personal information about a person, and to exclude these devices from the traditional doctrines.

Supreme Court, As Predicted, has held that police generally may not, without a warrant, search digital information on a cell phone seized from an individual who has been arrested.

The United States Supreme Court has held that police generally may not, without a warrant, search digital information on a cell phone seized from an individual who has been arrested.

In a 2010 law review article, I predicted precisely this result. I wrote:

The challenge smart phones pose is that the devices contain information and communications that people reasonably expect to be free from intrusion, even when placed under arrest. . . . society is willing to recognize that expectation of privacy is reasonable, and to impose tighter limits on law enforcement‘s review of cell phone data than, for example, law enforcement‘s review of what numbers were dialed. This does not mean that law enforcement should never be permitted to review the contents of cell phones incident to arrest without a warrant, as exigent circumstances and other law enforcement needs may justify exceptions.

Arrests, even for minor offenses, such as seat belt violations, are not uncommon and could permit police unprecedented access into data stored on electronic devices held by the arrestee.328 To continue to treat advanced devices like smart phones as containers under an analytical doctrine originally developed when such devices were nonexistent or new329 would be to permit the use of technology that is commonly available and used by the public to erode the privacy guarantees of the Fourth Amendment. Instead, courts should recognize that certain electronic devices are reasonably likely to contain intimate personal information about a person, and to exclude these devices from the traditional doctrines.

New Details Emerge On Adam Swartz Computer Fraud Prosecution

This week’s must read story is the Boston Globe’s investigation of MIT’s role in the prosecution of Adam Swartz.

Swartz committed suicide instead of facing trial on multiple charges of violating the Computer Fraud and Abuse Act.  He faced about 50 years in prison if convicted of crimes relate to the downloading of academic journal articles in a computer closet at Massachusetts Institute of Technology.  The case became controversial because Swartz faced heavy charges despite the  government’s admission that he had no plans to use the articles for personal gain, but instead may have been trying to further his goal of open access.

The article notes how MIT both assisted the prosection in gathering evidence against Swartz, and at times seemed indifferent to the prosecution:

MIT never encouraged Swartz’s prosecution, and once told his prosecutor they had no interest in jail time. However, e-mails illustrate how MIT energetically assisted authorities in capturing him and gathering evidence — even prodding JSTOR to get answers for prosecutors more quickly — before a subpoena had been issued.

In a handful of e-mails, individual MIT employees involved in the case aired sentiments that were far from neutral. One, for example, gushed to prosecutor Stephen P. Heymann about the quality of the indictment of Swartz.

More:

The documents say little about what MIT was thinking and doing once the case morphed from an investigation into an active prosecution. But MIT’s own report on the case raises serious questions about the wisdom of MIT’s neutrality stance.

The Swartz case drew attention, particularly after Swart’s suicide, to the dangers posed by prosecutorial overcharging in order to coerce a plea deal.

Federal Judge Criticizes Overbroad Search of Email Records

A federal judge “admonished the Justice Department for repeatedly requesting overly broad searches of people’s email accounts, a practice that he called ‘repugnant’ to the Constitution.”

Magistrate Judge John M. Facciola criticized the government when it requested a significant number of emails in a kickback investigation.

The problem was not that the government was seeking emails related to criminal activity, but that the government sought “every email, contact, picture and transaction record” from the subject.

The government has aggressively pursued emails stored by third parties, such as Google, Yahoo! or, in this case, Apple.

This is not new.  Back in 2010, I highlighted a Sixth Circuit case that suggested people had broader privacy interests in emails, even when the emails are stored on servers owned by third parties.

Fifth Amendment Does Not Protect Against Disclosure of Facebook Posts and Messages

A federal bankruptcy court has held that the Fifth Amendment does not protect against the compelled disclosure Facebook messages and other electronic messages — even if the content of those messages could be incriminating.

The case is in re Welsh.  Case No. 13-02457-8-SWH. United States Bankruptcy Court, E.D. North Carolina, Raleigh Division.

The bankruptcy court was involved in resolving a state court case for alienation of affection, criminal conversation and defamation arising out of an alleged affair between the debtor and the plaintiff’s former wife.

Continue reading

Fifth Amendment Does Not Protect Against Network Administrator Disclosing Passwords

A California court has upheld the conviction of a network administrator who refused to provide network passwords after he was relieved of duty.

The case is People v. Childs, Cal: Court of Appeal, 1st Appellate Dist., 4th Div. 2013

The defendant was convicted of disrupting or denying computer services to an authorized user.   The defendant was employed as the principal network engineer for Department of Telecommunications and Information Services (DTIS) of the City and County of San Francisco.

In 2005, he was assigned to configure, implement and administer the city’s then-new fiber-optic wide area network.  To protect the security of this critical infrastructure, all configurations were confidential.  Starting in spring 2007, only the defendant had administrative access.  Later, he was reassigned.  When asked to user IDs and passwords, the Defendant first said that he no longer had administrative access.  Later, he provided incorrect passwords that did not allow access to the network.

Finally, the defendant, through his attorney, gave the correct passwords and backup configurations to the Mayor Gavin Newsom.  However, for 12 days DTIS was effectively locked out of the network.

The state’s case was premised on the idea that the defendant “acted as if he—not the city—owned the FiberWAN network and that he believed that his sole access to the computer system gave him job security.”

The issue highlighted here is the defendant’s contention that his privilege against self-incrimination by the admission of evidence that he failed to divulge his user name and password after being arrested.  The argument was that he had a constitutional right to remain silent—to decline to provide the information that the city sought.

The court rejected this argument, concluding that the privilege against self-incrimination does not apply.  The court noted:  “This privilege bars the state from compelling a person to be a witness against him or herself. It does not bar all compelled disclosures, even if those disclosures might lead to criminal prosecution.”

The court reasoned that the “privilege does not apply if the incriminating disclosure is required for compelling, broadly applied reasons unrelated to criminal law enforcement.”  In this case, the disclosure of the passwords was required to allow DTIS administrative access to its computer system.  This was not an inherently criminal investigation. Instead, the disclosures served a compelling business and governmental interests, not law enforcement.

The court concluded that “for DTIS to require its outgoing computer system administrator to reveal access codes necessary to allow the new system administrator to perform those functions is not the type of disclosure protected by the privilege against self-incrimination.”

As Predicted Here: Court Says Facebook “Likes” Are Protected by First Amendment

Two years ago, I wrote an LTN article “The Social Media/First Amendment Face Off.”  I suggested that the First Amendment freedom of speech protects people from investiagtsion of their Facebook Likes.

Then, in August 2012, I wrote a long analysis of this issue.  I concluded that

likes on Facebook, just like status update histories, postings, friend and group listings, IP logs, and private messages, can provide a “map of association” of all of the contacts, associates, colleagues, and friends of users.

 

The Supreme Court has recognized a privilege, grounded in the First Amendment right of association, not to disclose information when disclosure may impede the rights of speech and assembly.

Yesterday: validation.  A Federal Appeals Court ruled that the First Amendment protects Facebook “likes.”  The court said, Liking something — in this case a political issue, is the “Internet equivalent of displaying a political sign in one’s front yard, which the Supreme Court has held is substantive speech.”

More to Come . . .