The journalism world has been rightly outraged by the Justice Department dragging the Associated Press (and now a Fox News reporter) into one of its sprawling leak investigations. As we wrote last week, by obtaining the call records of twenty AP phone lines, “the Justice Department has struck a terrible blow against the freedom of the press and the ability of reporters to investigate and report the news.”
But there are several other important lessons that this scandal can teach us besides how important free and uninhibited newsgathering is to the public’s right to know.
1. Weak Privacy Laws That Doomed AP Affect Everyone
The AP detailed in its letter to the Justice Department how its privacy was grossly invaded even though the government accessed only the call records of its reporters and not the content of their conversations. We completely agree. Unfortunately, this isn’t just a problem in the AP investigation. Law enforcement agencies routinely demand and receive this information about ordinary Americans over long periods of time without any court involvement whatsoever, much less a full warrant.
For example, according to information released by the phone companies to Rep. Ed Markey, Sprint alone received a staggering 500,000 subpoenas for call records data last year.
The DOJ’s decision to dive into these call records shows the growing need to update our privacy laws to eliminate the outmoded Third Party Doctrine—which holds that anything you give to a service provider, or that a service provider collects as part of providing you a service—can retain no reasonable expectation of privacy. In an era where email is stored by our providers, cellphone companies keep records that track our location and cloud services hold our documents, it’s long past time to bring our interpretation of the Fourth Amendment and statutory electronic privacy laws in compliance with the 21st Century.
In response to the AP scandal, a bipartisan coalition in Congress just introduced a bill to partially fix this problem called The Telephone Records Protection Act. The bill would require the Justice Department to get a judge’s approval before seeking these records. At EFF, we think the government should have to go even further than a court order: a judicial warrant showing the kind of probable cause required by the Fourth Amendment should be the standard. But this bill is certainly an improvement over administrative subpoenas, which don’t need a sign-off from a judge at all and allow the Executive branch to seek information without any external check.
2. Phone Companies May Give Up Your Information Without Telling You
As the New York Times reported, the AP is still examining if and when any telephone companies tried to push back on the overbroad requests for its call records. “But at least two of the journalists’ personal cellphone records were provided to the government by Verizon Wireless without any attempt to obtain permission to tell them so the reporters could ask a court to quash the subpoena,” the Times said. And it also seems clear that the AP itself wasn’t given notice before their phone company turned over the records.
In EFF’s 2013 “Who Has Your Back” report, which tracks several ways in which communications companies can help protect user privacy, we give a star for promising to notify users about government demands for data whenever whenever the company is not legally prevented from doing so. Notably, Verizon does not have such a notification policy and did not receive a star. In fact, Verizon was the only company to receive zero stars.
This isn’t a small problem or just a problem for journalists. Verizon received 260,000 similar subpoenas for call records last year. The government requests this information with regularity, and given the phone companies control the data, communications company policies are all that stand between you and governmental overreach.
Users should demand that their communications companies notify them when the government comes seeking information, unless they are legally barred by a court order.
3. Government often Overstates National Security Claims, Overclassifies Information
We’ve written many times about the many ways “national security” has been invoked—and exaggerated—in order to cover up government embarrassment or wrongdoing, or to assert powers that would normally not be granted under the Constitution. The government routinely overclassifies information that should never be secret, according to reports commissioned by the White House itself.
The most glaring example for EFF is our lawsuit over the NSA warrantless wiretapping program, where the government won’t admit or deny that the program even exists, citing the danger to national security, despite thousands of pages of public evidence. The government has argued the same thing in cases about torture and the CIA drone program where, many times, the same information that they claim is secret is on the front pages of the nation’s newspapers.
In the AP’s case, while Attorney General Holder says this leak put “lives at risk,” John Brennan said the opposite around the time of the story (“Brennan said the plot was never a threat to the U.S. public or air safety,” reported Reuters). The AP also held its story for six days until the CIA told them it was safe to publish and the White House had a news conference planned the day after the story to announce the successful counterterrorism operation.
As the late Supreme Court Justice Huge Black once said, “The word ‘security’ is a broad, vague generality whose contours should not be invoked to abrogate the fundamental law embodied in the First Amendment.”
4. There’s Not Much Recourse For Prosecutorial Misconduct
In this case, just like the case of Aaron Swartz, there has been widespread criticism that the Justice Department has abused its authority and aggressively pursued parties in an unprofessional manner. As we detailed last week, it seems the Justice Department didn’t follow its own guidelines when issuing subpoenas about[?] the reporters, or at least went to the very edge of its own guidelines.
Just like in the Swartz case, the specific prosecutor has a history of over-aggressive prosecutions (even being accused of overzealous prosecution by Eric Holder himself when he was in private practice). Yet when Congress asked Holder at a hearing about the allegations, just like in the Swartz case, he did not admit to any wrongdoing, and was able to deflect questions about his department’s handling of the case. Unfortunately, there is not much recourse for meaningful remedy for the public in these situations, and this case is just the latest example.
5. Journalists Need to be Pro-Active in Protecting Their Digital Security
In an age where warrantless surveillance is skyrocketing and governments potentially have access to an astonishing amount of information, journalists must learn to proactively protect both themselves and their sources.
The Committee to Protect Journalists Journalist Security Guide is an excellent place to start. It addresses concerns faced by journalists working inside the United States and internationally.
Wired published an op-ed last week about the care one needs to take from the source’s end if one wishes to send information to the press undetected. Much of the advice is applicable to reporters talking to sources as well. Additionally, the New Yorker has just released a promising—but un-tested—anonymous leak submission system, coded by Aaron Swartz before he tragically died in January. In certain circumstances physical mail remains the safest option.
Overall, the final lesson is that journalists, and sources, need to take security seriously. Trusting that the government won’t come after you because you’re engaged in journalism, serving the public interest, or helping reveal wrongdoing is plainly not sufficient.
A new bill introduced in Congress today aims to resolve the restrictions that complicate phone unlocking, and it’s doing it the right way. While other proposals would apply temporary “bandaid” fixes that fail to address the underlying problems behind the restrictions, this bi-partisan proposal from Representatives Zoe Lofgren, Thomas Massie, Anna Eshoo, and Jared Polis, gets to the root of the issue.
Contact your representative today to ask them to join in supporting this bill.
That makes this new bill, H.R. 1892, a rare exception to the sorts of bad copyright policy usually promoted in Washington, and the first one to meet the conditions we set forth in a group letter to Congress earlier this year. There we explained why the public needs a complete and permanent fix on phone unlocking, and why that has to start with re-examining the Digital Millennium Copyright Act’s (DMCA) so-called “anti-circumvention” rules laid out in section 1201.
As it’s currently written, section 1201 creates a blanket ban on breaking digital rights management (DRM) software—even if there’s no resulting copyright infringement. Its rulemaking procedure puts the burden on the public to explain every three years why circumvention is necessary for specific lawful purposes. Even then, once an exemption for those specific purposes is granted, the tools to actually achieve these purposes remain unlawful (which makes as much sense as declaring it legal to drive while banning cars).
The uncertainty around the legal status of phone unlocking is a symptom of section 1201’s unintended consequences. Here are the three targeted fixes that H.R. 1892 creates to solve the problems the DMCA has created.
- It focuses the definition of “circumvention” to include only circumvention that infringes or facilitates the infringement of copyright. This point may seem technical, but it’s very important. If this bill were adopted, it would reduce the massive overreach of section 1201 that the triennial rulemaking processwas designed to mitigate — but which hasn’t been very effective.
Also important, the bill calls for Congressional review of the DMCA in general, and section 1201 in particular. This kind of review is most welcome: the DMCA’s record of 15 years of unintended consequences speaks for itself, and as long as Congress takes its commitment to the public interest seriously it will have to recognize that fact.
- Next, the proposal addresses phone unlocking in particular, carving it out from the general circumvention restrictions by adding it to a list of exemptions already built into the lawfor certain computer programs. Unlike previous proposals, this bill would also cover the tools and services used in phone unlocking.
Put simply: under this bill, unlocking a phone is not an infringement. Of course, that’s consistent with a common sense understanding of what copyright law should cover.
- One final nice touch: the bill instructs the executive branch to clear up any potential conflicts that may be caused by international agreements. Once again, the clarity is welcome. Opponents of an effective phone unlocking fix have used the possibility of incompatibility with existing trade agreements to spread fear, uncertainty, and doubt.
Regardless of whether these claims are true, that sort of chatter can slow down real change and entrench laundered policies. The US Trade Representative has no business directing Congress on domestic policies, and this bill would remedy that issue.
We support this new proposal, and urge more Congressmen to support this bill as a real effective fix to the phone unlocking issue and an important conversation starter about where copyright law has failed the public. If you are in the United States, please ask your representative to support this bill today.
CISPA is a bill recently introduced in the US that would create a gaping new exemption to existing privacy law. It would let any company obtain…
This week, the House of Representatives will vote on CISPA.
The Cyber Intelligence Sharing and Protection Act (CISPA) is supposed to promote cybersecurity— a goal EFF wholeheartedly supports — but it doesn’t address common-sense network security issues. Instead, it creates a new, dangerous exception to existing privacy laws. That’s why hundreds of thousands of concerned Internet users have joined EFF and other civil liberties groups in opposing the bill. This is our last chance to stop it in the House.
Despite recent amendments, CISPA still features vague language that could put your personal information in the hands of military organizations like the National Security Agency.
Can you call your representative and tell him or her to oppose this bill? We’ll give you the phone number for your representative and a very brief suggested script. Click here to call Congress now.
Not in the United States? Click here to sign our petition.
We want to generate thousands of calls between now and the vote—likely on Thursday. Please call now and then tell your friends to speak out on this important issue. It’s as easy as posting this on your social networking accounts:
Congress is about to vote on CISPA. If you care about online privacy, you’ve got to speak out now: https://eff.org/r.5bPw
You can also use Twitter tool to tell key members of Congress to stand up for your privacy and vote NO on CISPA.
Thanks for joining us in this fight,
“Is a cell phone really a pair of trousers?”
That’s the question posed in a Texas case dealing with whether the police need a warrant to search the contents of a cell phone sitting in a jail’s property room. In a new amicus brief we filed in the Texas Court of Criminal Appeals, we explain police need a warrant before searching an arrested person’s cell phone.
Teenager Anthony Granville was arrested at his high school for a misdemeanor and booked into the county jail. All of his belongings, including his cell phone, were taken from him and placed in the jail’s property room while he was locked up. Three hours after his arrest, a different officer than the one who arrested Granville at the high school went into the property room and, without a search warrant, looked through Granville’s phone in search of evidence connected to another, unrelated misdemeanor felony.
The trial court suppressed the evidence taken from the phone, finding the officer had plenty of time and opportunity to obtain a search warrant and no exigent circumstance justified the search. The state appealed to the Texas Court of Appeals, arguing that Granville had no expectation of privacy in the contents of his cell phone while it was in the jailhouse, noting that looking through the phone was no different than looking at a person’s clothes when they are booked into jail. The appellate court disagreed with the government’s analogy, finding the amount of information stored on mobile devices make a cell phone search far more invasive than a search of clothing. Now the case is in front of the Texas Court of Criminal Appeals and we’ve filed an amicus brief along with EFF-Austin, the Texas Civil Rights Project and the ACLU of Texas urging the high court to affirm the decision of the two courts before it that found the government’s warrantless search violated the Fourth Amendment.
In our amicus brief we explain the government had no excuse for not obtaining a warrant before searching Granville’s phone. A person doesn’t surrender their expectation of privacy in the contents of their phone once the phone is in the hands of jail officials. Plus none of the exceptions to the search warrant requirement applied. This wasn’t a search “incident to arrest” since it took place hours after Granville was arrested, when the phone was out of his control. And it wasn’t an “inventory search” because once the phone itself was inventoried and secured by the police, there was no need to inventory the data on the phone. Plus, a inventory search can’t be used as a pretext for a clearly investigatory search, which this certainly was.
Trying to pigeonhole the search of a cell phone into legal precedent addressing something quite different only highlights the need to have the law account for technological changes. As Professor Orin Kerr observed recently, “thanks to changing technology and its widespread adoption, searching a person meant one thing in 1973 and means something quite different today.” Courts are slowly recognizing this. In United States v. Cotterman, the Ninth Circuit Court of Appeals recently ruled that given the amount of information stored on electronic devices, border agents must have a reasonable suspicion of criminal activity before engaging in a “forensic examination” of an electronic device. Part of the court’s justification was that although the amount of items a person can carry in physical luggage is necessarily limited, the same isn’t true with electronic devices. A broad electronic search policy would be the equivalent of searching luggage for “not only what the bag contained on the current trip, but everything it had ever carried.”
The appellate court’s obvious conclusion that “a cell phone is not a pair of pants” follows this correct line of thinking and makes clear that our privacy rights don’t become eviscerated simply because invasive searches not contemplated 30 years ago can now happen with just a few taps on a screen.