The Twelve Days of Surveillance

By Lance Koonce

It seems like a new revelation about mass surveillance by the U.S. government and our allies occurs on an almost daily basis, each one more astounding than the last.  Don’t be surprised if those jingling bells you hear on your roof next week are not St. Nick, but instead someone installing a covert listening device on your fiberoptic phone line.

So, just in time for holidays, here’s a musical summary of some of the most stunning surveillance disclosures, with citations to background material on each.  Break out the eggnog and join us as we count down the Twelve Days of Surveillance.

Continue Reading...

Bills on Use of Mobile-Device-Location Data Reintroduced

By Brad Guyton

Updating our entry on this issue posted during the last Congress, on March 21, 2013, lawmakers in the House and Senate reintroduced companion bills intended to curb government use of mobile users’ geolocation data.  The reintroduced Geolocation Privacy and Surveillance Act is nearly identical to legislation introduced nearly two years ago, as described in our prior post.  However, unlike two years ago, the bills are not accompanied by companion legislation requiring users’ permission for industry to share geolocation data, as was the case previously with the Location Privacy Protection Act of 2011.

The newly reintroduced Geolocation Privacy and Surveillance Act, sponsored again in the Senate by Sen. Ron Wyden (D-Or.) and in the House by Rep. Jason Chaffetz (R-Utah), would require the government and law enforcement agencies to obtain a warrant before accessing a person’s geolocation data, i.e., GPS information logged through Wi-fi networks and cellular towers.  The legislation is modeled after existing wiretapping and electronic surveillance laws and would add to Title 18 of the U.S. Code a new chapter 120 entitled “Protection of Geolocation Information.”

Several exceptions would apply, including those for emergency responders, parents of minors, and intelligence investigations under the Patriot Act.  In addition, the bill specifies that the Foreign Intelligence Surveillance Act and this legislation, if adopted, would be the only means by which geolocation information could be lawfully obtained by the government.  The bills are expected to be referred to the Judiciary Committees in both chambers, neither of which acted on versions introduced in the previous Congress.

California District Court Finds National Security Letter Statute Unconstitutional

By Brad Guyton and John Seiver

Last week, in In re National Security Letter, the United States District Court for the Northern District of California found unconstitutional two sections of the federal law allowing the FBI to issue “National Security Letters” (“NSLs”) to secretly demand subscriber records from ISPs, telecom carriers and other electronic service providers when investigating international terrorism or conducting clandestine intelligence activities.  An as-yet-unnamed telecommunications provider challenged the federal law and United States District Judge Susan Illston ordered the federal government to cease issuing NSLs and stop enforcing NSL gag orders, but stayed the order pending an expected appeal by the government to the Ninth Circuit.

Continue Reading...

FBI Reportedly Seeking Expansion of CALEA to New Communications and Technology Platforms

By Bob Scott & K.C. Halm

 On the heels of the House’s recent approval of the Cyber Intelligence Sharing and Protection Act (CISPA), CNET News reports that the FBI has drafted amendments to the Communications Assistance for Law Enforcement Act (CALEA) that would significantly expand the scope of the statute.  The FBI and other law enforcement officials have long been concerned about the increasing volume of communications occurring on technology platforms that are beyond the reach of CALEA, and outside of law enforcement’s existing surveillance capabilities.  The FBI reportedly terms this phenomenon the “Going Dark” problem.  Solving it as the FBI proposes, however, could require significant operational changes by service providers that utilize such technologies.

Continue Reading...

House Passes Cyber Intelligence Sharing Bill With Substantial Industry Support, But Veto Threat Looms

By Jay Ireland

On April 26, 2012 the House passed the Cyber Intelligence Sharing and Protection Act (“CISPA”) on a 248 – 168 vote.  CISPA is supported by many communications and technology companies (e.g., Verizon, AT&T, Facebook, and Microsoft) as a critical step in protecting the nation’s infrastructure and national security from cyber attacks, by permitting the sharing of cyber threat information between private companies and the federal government.  Critics (e.g., the ACLU, Center for Democracy and Technology, and others) strenuously oppose CISPA based on concerns it compromises individual privacy by allowing personal information to be shared with the government without adequate protections, oversight, or legal recourse.  The White House opposes the legislation and has threatened to veto it in its current form.

Continue Reading...

Two Bills Introduced on Use of Mobile-Device-Location Data

By Rob Morgan

Two new bills propose to place limits on government and industry use of mobile users’ location data. The bills would require users’ permission for industry to share geolocation data. They would also require probable-cause warrants for law enforcement agencies to use mobile-device-location data to track individuals.

Continue Reading...

We're Baaaaaaack.

Those of you who were once frequent visitors to this blog may, by now, be asking one or more of the following questions:

(a) Why haven’t you guys posted anything for so many months?
(b) Why does the site look different?
(c) Who’s going to win the NBA playoffs?
(d) Why did they cancel My Name is Earl?

Well, the first two at least. The truth is that this blog was started in August 2005, and ran steadily (sometimes more steadily than others) for about three years. As blogs go, that’s a fairly distinguished record – there are more abandoned blogs lining the sides of the Information Superhighway than there are hubcaps along the Cross Bronx. Wait, did we actually just use the phrase “Information Superhighway”? Because that is so 2005. As is that phrase we just used.

So anyway, when our firm decided to revamp its website, we took this as an opportunity to think seriously (read: discuss over drinks) what we wanted to accomplish with this blog, and what we needed to do to keep it fresh and relevant. The process has taken a bit longer than we expected, but here’s where we are:

Rather than a long list of bloggers, you will be getting regular updates from just five of us – and henceforth there will be no more posts in this annoying third-person, royal we, voice. We may have some guest bloggers on occasion, but for the most part you can level any criticisms at the following:

Bruce Johnson, our Burgermeister-Meisterburger, who will be blogging on the topic of Personal Communications (blogging, employee/employer relations, etc.)

Randy Gainer, who will be captivating you with stories about the Government Surveillance (ECPA/CFAA, CALEA, REAL ID/travel issues, etc.)

Charlene Brownlee, who is by far the most stylish among us (and who will be blogging on the subject of Data Breaches and identity-theft laws)

Ronald London, who will endeavor to keep an eye on Congress and will be blogging about telemarketing, junk fax, CAN-SPAM, behavioral/advanced advertising, and CPNI (which we’ll call Marketing and Consumer Privacy)

Lance Koonce, who will try not to mangle any stories about Online Threats such as hacking, phishing, pharming, pretexting, malware/spyware, and offline versions such as dumpster diving and the theft/loss of data-containing devices.

We do not purport to be a source for all news that touches on privacy and security – the field has exploded and aggregating such information would be a full-time career. Rather, we hope to tease out interesting aspects of specific issues within our areas of coverage. We hope you’ll take a look, and keep coming back if what you see intrigues you.

Thanks,

The PrivSecBlog Team


And by the way:

The Lakers.
Ratings. And possibly bad karma.