DOCSLIB.ORG

INSECURE-Mag-48.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
INSECURE-Mag-48.Pdf • Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions • Carl Herberger, VP Security Solutions at Radware • Brian Honan, CEO at BH Consulting • Matt Jones, Partner at Elttam • Wolfgang Kandek, CTO at Qualys • Ganesh Kirti, CTO at Palerra • Zoran Lalic, Senior Security Engineer at a large corporation • James J. Treinen, VP, Security Research at ProtectWise • Geoff Webb, VP, Solutions Strategy for NetIQ, the security practice of Micro Focus. ! Visit the magazine website at www.insecuremag.com (IN)SECURE Magazine contacts Feedback and contributions: Mirko Zorz, Editor in Chief - [email protected] News: Zeljka Zorz, Managing Editor - [email protected] Marketing: Berislav Kucan, Director of Operations - [email protected] Distribution (IN)SECURE Magazine can be freely distributed in the form of the original, non-modified PDF document. Distribution of modified versions of (IN)SECURE Magazine content is prohibited without the explicit permission from the editor. ! Copyright (IN)SECURE Magazine 2015. www.insecuremag.com The privacy risks of school technology saved passwords. Google doesn’t first obtain tools permission from students or their parents and since some schools require students to use The Electronic Frontier Foundation (EFF) filed Chromebooks, many parents are unable to a complaint with the Federal Trade Commis- prevent Google’s data collection. sion (FTC) against Google for collecting and data mining school children’s personal infor- Google’s practices fly in the face of commit- mation, including their Internet searches—a ments made when it signed the Student Pri- practice EFF uncovered while researching its vacy Pledge, a legally enforceable document “Spying on Students” campaign. whereby companies promise to refrain from collecting, using, or sharing students’ personal The campaign was created to raise aware- information except when needed for legitimate ness about the privacy risks of school-sup- educational purposes or if parents provide plied electronic devices and software. EFF permission. examined Google’s Chromebook and Google Apps for Education (GAFE), a suite of educa- “Despite publicly promising not to, Google tional cloud-based software programs used in mines students’ browsing data and other in- many schools across the country by students formation, and uses it for the company’s own as young as seven years old. purposes. Making such promises and failing to live up to them is a violation of FTC rules While Google does not use student data for against unfair and deceptive business prac- targeted advertising within a subset of Google tices,” said EFF Staff Attorney Nate Cardozo. sites, EFF found that Google’s “Sync” feature for the Chrome browser is enabled by default “Minors shouldn’t be tracked or used as on Chromebooks sold to schools. This allows guinea pigs, with their data treated as a profit Google to track, store on its servers, and data center. If Google wants to use students’ data mine for non-advertising purposes, records of to ‘improve Google products,’ then it needs to every Internet site students visit, every search get express consent from parents.” term they use, the results they click on, videos they look for and watch on YouTube, and their ! www.insecuremag.com !5 Revealed: What info the FBI can collect lives, including our political activities, religious with a National Security Letter affiliations, private relationships, and even our private thoughts and beliefs,” he explained. After winning an eleven-year-long legal battle, Nicholas Merrill can finally tell the public how The law authorizing NSLs allows the FBI to the FBI has secretly construed its authority to demand “electronic communications transac- issue National Security Letters (NSLs) to tional records” from online companies, but the permit collection of vast amounts of private FBI has long refused to clarify just how broad- information on US citizens without a search ly it construes this vaguely worded and unde- warrant or any showing of probable cause. fined phrase. The PATRIOT Act vastly expanded the do- The NSL that Merrill received in 2004 included mestic reach of the NSL program, which al- an attachment listing the specific categories of lows the FBI to compel disclosure of informa- highly sensitive personal information that the tion from online companies and forbid recipi- FBI was demanding he disclose under this ents from disclosing they have received an authority. Merrill has repeatedly challenged NSL. The FBI has refused to detail publicly the gag order that forbade him from disclosing the kinds of private data it believes it can ob- this information. The Media Freedom & Infor- tain with an NSL. mation Access Clinic at Yale Law School rep- resented Merrill in his current, successful First Merrill has been privy to this information since Amendment challenge. 2004, when the FBI served him with an NSL demanding that he turn over records about a Three months ago, in a partially redacted customer of the Internet company he then opinion, Judge Victor Marrero of the federal owned, Calyx Internet Access. Until No- district court in Manhattan found that the gag vember 30, 2015, Merrill was subject to a gag order was no longer justified. Judge Marrero’s order forbidding him from sharing this informa- decision described the FBI’s position as “ex- tion with the public. treme and overly broad,” affirming that “Courts cannot, consistent with the First Amendment, Merrill is now able to reveal that the FBI be- simply accept the Government’s assertions lieves it can force online companies to turn that disclosure would implicate and create a over the following information simply by send- risk.” He also found that the FBI’s overbroad ing an NSL demanding it: an individual’s com- gag order on Merrill “implicates serious is- plete web browsing history; the IP addresses sues, both with respect to the First Amend- of everyone a person has corresponded with; ment and accountability of the government to and records of all online purchases. the people.” Judge Marrero’s ruling goes into effect today and has just been published in The FBI also claims authority to obtain cell- full, without redaction, after the government site location information with an NSL, which declined to appeal. effectively turns a cell phone into a location tracking device. In court filings, the FBI said More than ten thousand NSLs are issued to that at some point it stopped gathering loca- online companies by FBI officers every year, tion data as a matter of policy, but that it could and almost all of those NSLs are accompa- secretly choose to resume the practice under nied by a complete gag order barring any pub- existing authority. lic disclosure of what the FBI has requested and from whom. Merrill is the first person who “For more than a decade, the FBI has been has succeeded in completely lifting an NSL demanding extremely sensitive personal in- gag. formation about private citizens just by issuing letters to online companies like mine,” said “The broad scope of the FBI’s claimed NSL Merrill. “The FBI has interpreted its NSL au- authority is deeply problematic because the thority to encompass the websites we read, government can issue NSLs without any judi- the web searches we conduct, the people we cial oversight,” stated Lulu Pantin, a law stu- contact, and the places we go. This kind of dent intern who represented Merrill in his suc- data reveals the most intimate details of our cessful lawsuit. ! www.insecuremag.com !6 VPN protocol flaw allows attackers to dis- The company has offered advice for VPN cover users' true IP address providers on what to do to plug this hole, but also did something that they should definitely The team running the Perfect Privacy VPN be praised for: they tested nine prominent service has discovered a serious vulnerability VPN providers that offer port forwarding for that affects all VPN providers that offer port the flaw, and notified the five that were vul- forwarding, and which can be exploited to re- nerable of the fact before they went public veal the real IP address of users. with the information. Dubbed Port Fail, the flaw affects all VPN pro- Thank-you messages on Twitter revealed that tocols (IPSec, OpenVPN, PPTP, etc.) and all among the affected providers were Private In- operating systems. ternet Access (PIA) and nVPN. "The attacker needs to meet the following re- "However, other VPN providers may be vul- quirements: 1. Has an active account at the nerable to this attack as we could not possibly same VPN provider as the victim, 2. Knows test all existing VPN providers," the team victim’s VPN exit IP address (can be obtained pointed out. Hopefully, these providers are by various means, e.g. IRC or torrent client or working mitigating the issue. by making the victim visit a website under the attackers control), and 3. The attacker sets up Security researcher Darren Martyn noted: "I port forwarding. It makes no difference believe this kind of attack is probably going to whether the victim has port forwarding acti- be used heavily by copyright-litigation firms vated or not," they shared in a blog post, trying to prosecute Torrent users in the future, along with a step-by-step explanation of how so it is probably best to double check that the the bug can be exploited. VPN provider you are using does not suffer this vulnerability. If they do, notify them, and make sure they fix it." ! More than 900 embedded devices share unlikely that each device is intentionally ex- hard-coded certs, SSH host keys posed on the web (remote management via HTTPS/SSH from WAN IP). Enabling remote Embedded devices of some 50 manufacturers management exposes an additional attack have been found sharing the same hard-cod- surface and enables attackers to exploit vul- ed X.509 certificates (for HTTPS) and SSH nerabilities in the device firmware as well as host keys, a fact that can be exploited by a weak credentials set by the user." remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive According to the researcher, affected vendors decryption attacks, Carnegie Mellon Universi- are: ADB, AMX, Actiontec, Adtran, Alcatel-Lu- ty's CERT/CC warns.
Load more

Recommended publications
  • 11 I' ICI ;\~~;C.\L LY Llll'd
    Case 1:14-cv-09763-VM Document 15 Filed 03/20/15 Page 1 of 9 Case 1:14-cv-09763-VM Document 13 Filed 03/18/15 Page 1of9 . _- __ -::_: __ ·:.::.:::::::_ ·---------- UNITED STATES DISTRICT COURT JC ~UNY SOUTHERN DISTRICT OF NEW YORK l h \( l . '. " ...... 11 I' ICI ;\~~;C.\l LY llLl'D NICHOLAS MERRILL, r~~l #I! L!D ~Jr =·' Plaintiff, v. No. l 4-cv-9763 ERIC HOLDER, Jr., in his official capacity as Attorney General of the United States, and JAMES B. COMEY, in his official capacity as Director of the Federal Bureau oflnvestigation, Defendants. UNOPPOSED MOTION OF THE REPORTERS COMMITTEE FOR FREEDOM OF THE PRESS AND 21 MEDIA ORGANIZATIONS FOR LEAVE TO FILE AMICI CURIAE BRIEF IN SUPPORT OF PLAINTIFF Michael D. Steger STEGER KRANE LLP 1601 Broadway, 12th Floor New York, NY 10019 (212) 736-6800 Counsel of record for amici curiae Bruce D. Brown Katie Townsend Hannah Bloch-Wehba REPORTERS COMMITTEE FOR FREEDOM OF THE PRESS 1156 15th Street NW, Ste. 1250 Washington, D.C. 20005 (202) 795-9301 Of counsel Case 1:14-cv-09763-VM Document 15 Filed 03/20/15 Page 2 of 9 Case 1:14-cv-09763-VM Document 13 Filed 03/18/15 Page 2 of 9 The Reporters Committee for Freedom of the Press, American Society of News Editors, Association of Alternative Newsmedia, Association of American Publishers, Inc., Courthouse News Service, Dow Jones & Company, Inc., First Amendment Coalition, Investigative Reporting Workshop at American University, The McClatchy Company, Media Consortium, MediaNews Group, Inc., MPA - The Association of Magazine Media, National Press Photographers Association, Newspaper Association of America, The News Guild - CW A, Online News Association, Radio Television Digital News Association, Reuters America LLC, The Seattle Times Company, Student Press Law Center, Tully Center for Free Speech, and The Washington Post (collectively, "amici''), by and through the undersigned counsel, respectfully request permission to file the attached amici curiae brief in support of the motion for summary judgment filed by Plaintiff Nicholas Merrill ("Plaintiff') in the above-captioned action.
    [Show full text]
  • Or for Summary Judgment
    Case 1:14-cv-09763-VM Document 36 Filed 06/26/15 Page 1 of 32 UNITED STATES DISTRICT COURT SOUTHERN DIST~CT OF NEW YORK NICHOLAS MERRILL, Plaintiff, V. 14 CIV. 9763 (VM) ERJ;C HOLDER, Jr., in his official ~apacity as Attorney General of the United States, and JAME~ B. COMEY, in llls official capacity as Director of the Federal Bureau of Investigation, , Defendants. REPLY MEMORANDUM OF LAW IN SUPPORT OF NICHOLAS MERRILL'S MOTION FOR SUMMARY JUDGMENT' AND IN OPPOSITION TO THE GOVERNMENT'S MOTION TO DISMISS OR FOR SUMMARY JUDGMENT Jonathan'Manes, supervising attorney David A. Schulz, supervising attorney Benj amin Graham, law student intern Matthew Halgren, law student intern Nicholas Handler, law student intern Amanda Lynch; law student iptern MEDIA FREEDOM AND INFORMATION ACCESS CLINIC YALE LAW SCHOOL P.O. Box. 208215 New Haven, CT 06520 Tel: (203) 432-9387 -Fax: (203) 432-3034 [email protected] , Attorneys for plaintiffNicholas Merrill ------------- Case 1:14-cv-09763-VM Document 36 Filed 06/26/15 Page 2 of 32 TABLE OF CONTENTS PRELIJ\.1J:N"ARY STATEMENT .................................................................. '..................... : .............. 1 ARGU1v.I.ENT .................................. ;................................... :............. ;........ , ... :~ ....... }............ ·............... 2 . ... I. THE FIRST AMENDMENT DOES NOT ALLOW THE FBI TO INDEFINITELY SUPPRESS SPEECH ABOUT THE SCOPE OF ITS STATUTORY AUTHORITY. ..... 2 A. The Gag Order Supptesses Discussion of the Government's Interpretation of Its Statutory Authority, not Law Enforcement Techniques and Procedures ................ 3 1. The AttachmentReveals the' Scope of the Goverrim,ent's Claimed Authority, Not "Techniques and Pro·cedures." .................................. , ......... 3 2. The Breadth of the Gag Order Can Be Explained Only by a Concern With Maintaining a Secret Interpretation of the NSL Statute .....................
    [Show full text]
  • On October 26, 2001, Just 45 Days After the Devastating Terrorist
    Written Statement of Michael German, Senior Policy Counsel American Civil Liberties Union Washington Legislative Office On “The Permanent Provisions of the PATRIOT Act” Before the Subcommittee on Crime, Terrorism and Homeland Security House Committee on the Judiciary March 30, 2011 1 WASHINGTON LEGISLATIVE OFFICE 915 15th Street, NW Washington, D.C. 20005 (202) 544-1681 Fax (202) 546-0738 On October 26, 2001, amid the climate of fear and uncertainty that followed the terrorist attacks of September 11, 2001, President George W. Bush signed into law the USA Patriot Act and fundamentally altered the relationship Americans share with their government.1 This act betrayed the confidence the framers of the Constitution had that a government bounded by the law would be strong enough to defend the liberties they so bravely struggled to achieve. By expanding the government‟s authority to secretly search private records and monitor communications, often without any evidence of wrongdoing, the Patriot Act eroded our most basic right – the freedom from unwarranted government intrusion into our private lives – and thwarted constitutional checks and balances. Put very simply, under the Patriot Act the government now has the right to know what you‟re doing, but you have no right to know what it‟s doing. More than nine years after its implementation there is little evidence that the Patriot Act has been effective in making America more secure from terrorists. However, there are many unfortunate examples that the government abused these authorities in ways that both violate the rights of innocent people and squander precious security resources. Three Patriot Act-related surveillance provisions are scheduled to expire in May 2011, which will give the 112th Congress an opportunity to review and thoroughly evaluate all Patriot Act authorities – as well as all other post-9/11 domestic intelligence programs – and rescind, repeal or modify provisions that are unused, ineffective or prone to abuse.
    [Show full text]
  • Congressional Record United States Th of America PROCEEDINGS and DEBATES of the 112 CONGRESS, FIRST SESSION
    E PL UR UM IB N U U S Congressional Record United States th of America PROCEEDINGS AND DEBATES OF THE 112 CONGRESS, FIRST SESSION Vol. 157 WASHINGTON, THURSDAY, FEBRUARY 10, 2011 No. 21 House of Representatives The House met at 10 a.m. and was The Lillian Trasher Orphanage, loudest voice on the field because called to order by the Speaker pro tem- begun in 1911 by an American from that’s the kind of person that she is. pore (Mr. CHAFFETZ). Jacksonville, Florida, is one of the old- She is passionate, she is fierce in her f est and longest-serving charities in the dedication to her friends, and she has world. It currently serves over 600 chil- devoted her entire life to making her DESIGNATION OF SPEAKER PRO dren, along with widows and staff. This community, her State, and her country TEMPORE pillar of the community has been home a better place for all Americans. The SPEAKER pro tempore laid be- to thousands of children who needed Bev recently had a curveball thrown fore the House the following commu- food, shelter, and a family. Orphanage at her when she was diagnosed with nication from the Speaker: graduates serve around the world as amyotrophic lateral sclerosis, also WASHINGTON, DC, bankers, doctors, pastors, teachers, and known as ALS—Lou Gehrig’s Disease. February 10, 2011. even in the U.S. Government. Bev has always taken life head-on, and I hereby appoint the Honorable JASON Despite many challenges over the that’s how she addressed this chal- CHAFFETZ to act as Speaker pro tempore on years, the wonderful staff, now led by lenge, the same way she has lived her this day.
    [Show full text]
  • Unredacted Version of This Opinion Will Be Filed
    UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK -----------------------------------x NICHOLAS MERRILL, Plaintiff, 14-CV-9763 (VM) - against - DECISION AND ORDER LORETTA E. LYNCH, in her official Capacity as Attorney General of The United States, and JAMES B. COMEY, in his official Capacity as Director of the Federal Bureau of Investigation, Defendants. -----------------------------------x VICTOR MARRERO, United States District Judge. Plaintiff Nicholas Merrill ("Merrill") brought suit seeking injunctive relief against defendants Loretta E. Lynch, in her official capacity as Attorney General of the United States, and James B. Corney, in his official capacity as Director of the Federal Bureau of Investigation (collectively, "Defendants" or "the Government") . 1 (Dkt. No. 1 ("Complaint" or "Compl. ") . ) Now before the Court is Merrill's motion for summary judgment, made pursuant to Rule 56 of the Federal Rules of Civil Procedure ("Rule 1 The Court notes that, at the time Merrill initiated this litigation, Eric Holder, Jr. served as the Attorney General of the United States, and in that official capacity, was a named defendant. Pursuant to Federal Rule of Civil Procedure 25(d), the Court substitutes Loretta E. Lynch for Eric Holder, Jr. 56") / seeking that an order to lift a non-disclosure requirement imposed by a National Security Letter ( "NSL") from the Federal Bureau of Investigation (the "FBI") (Dkt. Nos. 16, 17.) The Government opposes Merrill's summary judgment motion, and also moves to dismiss the Complaint or for summary judgment. (Dkt. Nos. 24, 25.) I. BACKGROUND2 In 2004, Nicholas Merrill was the owner and operator of Calyx Internet Access ("Calyx") , a now-defunct company that provided a number of internet services to its clients, including an interface for maintaining their own websites, 2 The factual summary presented herein derives from the following documents: Complaint, filed Dec.
    [Show full text]
  • In Re National Security Letter, Under Seal V. Holder
    Nos. 13-15957, 13-16731 UNDER SEAL IN THE United States Court of Appeals FOR THE NINTH CIRCUIT In Re:d NATIONAL SECURITY LETTER, UNDER SEAL, Petitioner-Appellee (No.13-15957), Petitioner-Appellant (No.13-16731), —v.— ERIC HOLDER, JR., ATTORNEY GENERAL; UNITED STATES DEPARTMENT OF JUSTICE; FEDERAL BUREAU OF INVESTIGATION, Respondents-Appellants (No.13-15957), Respondents-Appellees (No.13-16731). ON APPEAL FROM THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA CASE NOS. 13-CV-2173 SI, 13-MC-80089 SI HONORABLE SUSAN ILLSTON, DISTRICT JUDGE BRIEF OF AMICI CURIAE FLOYD ABRAMS INSTITUTE FOR FREEDOM OF EXPRESSION AND FIRST AMENDMENT SCHOLARS IN SUPPORT OF THE PARTIES UNDER SEAL MICHAEL J. STRUMWASSER JONATHAN MANES ADRIENNA WONG* BJ ARD STRUMWASSER & WOOCHER LLP NABIHA SYED* 10940 Wilshire Boulevard, Suite 2000 FLOYD ABRAMS INSTITUTE FOR Los Angeles, California 90024 FREEDOM OF EXPRESSION (310) 576-1233 YALE LAW SCHOOL P.O. Box 208215 New Haven, Connecticut 06520 (203) 432-9387 Attorneys for Amici Curiae *Not admitted in this jurisdiction CORPORATE DISCLOSURE STATEMENT None of the amici has a parent corporation and no corporation owns 10% or more of any of the amici’s stock. STATEMENT OF COMPLIANCE WITH RULE 29(C)(5) Pursuant to Federal Rule of Appellate Procedure 29(c)(5), amici certify that no party’s counsel authored this brief in whole or in part, no party or party’s counsel contributed money that was intended to fund preparing or submitting this brief, and no person—other than amici, their members, or their counsel— contributed money that was intended to fund preparing or submitting this brief.
    [Show full text]
  • Us Governmental Access to Data in the Clouds Through the Usa Patriot Act
    US GOVERNMENTAL ACCESS TO DATA IN THE CLOUDS THROUGH THE USA PATRIOT ACT Law and Technology, Master Thesis Teresa del Rocío Espinosa Vega ANR 125095 Supervised by Prof. dr. Ronald Leenes Tilburg, the Netherlands July, 2012 TABLE OF CONTENTS Introduction ……………………………………………………………………......6 Chapter 1: Basics of Cloud Computing 1.1 Introduction ………………………………………………………………….. 9 1.2 Definition ….…………………………………………………………………. 9 1.3 Essential Characteristics ………………………………………………….. 10 1.4 Service Models ……………………………………………………………....12 1.5 Deployment Models ………………………………………………………....13 1.6 Stakeholders ………………………………………………………………....14 1.7 Data Protection and Privacy Issues ……………………………………….16 1.8 Scenarios ……………………………………………………………………..22 1.9 Conclusions …………………………………………………………………..22 Chapter 2: USA PATRIOT Act 2.1 Introduction …………………………………………………………………..24 2.2 Background ………………………………………………………………….24 2.3 Content …………………………………………………………………….....27 2.4 Analysis of Relevant Sections …………………………………………......29 2.5 Facts and Figures of National Security Letters and FISA orders ……....47 2.6 FBI’s dissemination of data to other entities ………………………….......48 2.7 Case Law ………………………………………………………………...…...50 2.8 Conclusions…………………………………………………………………. .52 - 2 - Chapter 3: European Data Protection Legislation 3.1 Introduction …………………………………………………………………...55 3.2 Privacy and Data Protection Directives ………………………………….. 55 3.3 Conclusions …………………………………………………………………..63 Chapter 4: Jurisdiction and Governmental Access to Data in the Cloud 4.1 Introduction …………………………………………………………………...64 4.2
    [Show full text]
  • Decision and Order, in Order to Preserve the Government's
    Case 1:14-cv-09763-VM Document 44 Filed 08/28/15 Page 1 of 35 UNITED STATES DISTRICT COURT SOUT~ DISTRICT OF N'ZW YORK -----------------------------------x NICHOLAS MERR!l1L, Plaintiff, 14-CV-9763 (VM) - against - DECISION AND ORD!:R LORETTA E. LYNCH, in her official Capacity as Attorney General of The united States, and JAMES B. COMEY, in his official capacity as Director of the Federal Bureau of Investigation, Defendants. -----------------------------------x VICTOR MARRERO, United States District Judge. Plaintiff Nicholas Merrill ("Merrill") brought suit seeking injunctive relief against defendants Loretta E. Lynch, in her official capacity as Attorney General of the United States, and James B. Corney, in his official capacity as O:i.rector of the Federal Bureau of Investigation (collectively, "Defendants• or "the Government").> (Dkt. No. 1 ("Complaint• or "Compl. •).) Now before the Court is Merrill's motion for summary judgment, made pursuant to Rule 56 of the Federal Rules of Civil Procedure ("Rule 1 The Court notes that, at the time Merrill initiated this litigation, t:ric Holder, Jc sexved as the Attorney G<11neral of the United St;ates, and in that official (.;apacity, was a naimed defendant. ?ursuant. to Federal Rule of civil Procedure 25 (d), the Court substitutes t.oretta E. t.ynch for Eric Holder, Jr. Case 1:14-cv-09763-VM Document 44 Filed 08/28/15 Page 2 of 35 56")' seeking that an order to lift a non-disclosure requirement imposed by a National Security Letter ( "NSL") from the Federal Bureau of Investigation (the "FBI") (Dkt. Nos. 16, 17.) The Government opposes Merrill's summary judgment motion, and also moves to dismiss the Complaint or for summary judgment.
    [Show full text]
  • United States Court of Appeals for the NINTH CIRCUIT
    Case: 13-16732 03/31/2014 ID: 9043981 DktEntry: 35 Page: 1 of 41 No. 13-16732 UNDER SEAL IN THE United States Court of Appeals FOR THE NINTH CIRCUIT In Re:d NATIONAL SECURITY LETTER, UNDER SEAL, Petitioner-Appellant, —v.— ERIC HOLDER, JR., ATTORNEY GENERAL; UNITED STATES DEPARTMENT OF JUSTICE; FEDERAL BUREAU OF INVESTIGATION, Respondents-Appellees. ON APPEAL FROM THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA CASE NO. 13-CV-1165 SI HONORABLE SUSAN ILLSTON, DISTRICT JUDGE BRIEF OF AMICI CURIAE FLOYD ABRAMS INSTITUTE FOR FREEDOM OF EXPRESSION AND FIRST AMENDMENT SCHOLARS IN SUPPORT OF THE PARTIES UNDER SEAL MICHAEL J. S TRUMWASSER JONATHAN MANES ADRIENNA WONG* BJ ARD STRUMWASSER & WOOCHER LLP NABIHA SYED* 10940 Wilshire Boulevard, Suite 2000 FLOYD ABRAMS INSTITUTE FOR Los Angeles, California 90024 FREEDOM OF EXPRESSION (310) 576-1233 YALE LAW SCHOOL P.O. Box 208215 New Haven, Connecticut 06520 (203) 432-9387 Attorneys for Amici Curiae *Not admitted in this jurisdiction Case: 13-16732 03/31/2014 ID: 9043981 DktEntry: 35 Page: 2 of 41 CORPORATE DISCLOSURE STATEMENT None of the amici has a parent corporation and no corporation owns 10% or more of any of the amici’s stock. STATEMENT OF COMPLIANCE WITH RULE 29(C)(5) Pursuant to Federal Rule of Appellate Procedure 29( c)(5), amici certify that no party’s counsel authored this brief in whole or in part, no party or party’s counsel contributed m oney that was inte nded to fund preparing or subm itting this brief, and no person—other than amici, their mem bers, or their counsel — contributed money that was intended to fund preparing or submitting this brief.
    [Show full text]
  • Online Service Providers and Surveillance Law Transparency Jonathan Manes
    THE YALE LAW JOURNAL FORUM M ARCH 3 , 2016 Online Service Providers and Surveillance Law Transparency Jonathan Manes On June 5, 2013, the first revelation hit the front pages: documents provided by Edward Snowden showed that the National Security Agency (NSA) had for years ordered telephone companies to turn over our domestic telephone calling records en masse.1 The government had created a database of our phone calls going back years—a virtual time machine capable of reconstructing anybody’s past communications, should they come under scrutiny in the future. The program, we learned, had been authorized under section 215 of the USA PATRIOT Act.2 But this authorization required an extraordinarily broad reading of the law. On its face, the statute permitted only the collection of records that were “relevant” to an authorized national security or counterterrorism investigation.3 Yet behind closed doors, the Foreign Intelligence Surveillance Court (FISC) had stretched the statute to encompass all telephone records. Its theory was that all phone records are “relevant” to counterterrorism investigations because it is impossible to say in advance which will become useful in the future.4 1. Glenn Greenwald, NSA Collecting Phone Records of Millions of Verizon Customers Daily, GUARDIAN (June 6, 2013), http://www.theguardian.com/world/2013/jun/06/nsa-phone -records-verizon-court-order [http://perma.cc/5PLD-MUDX]. 2. Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, Pub. L. No. 107-56, § 215, 115 Stat. 272, 287-88 (codified as amended at 50 U.S.C.
    [Show full text]
  • Brief of Amici Curiae Floyd Abrams Institute for Freedom of Expression and First Amendment Scholars, in Support of the Parties Under Seal
    Case: 16-16067, 09/26/2016, ID: 10137176, DktEntry: 21, Page 1 of 44 Nos. 16-16067, 16-16081, 16-16082, 16-16190 UNDER SEAL IN THE United States Court of Appeals FOR THE NINTH CIRCUIT In re:d NATIONAL SECURITY LETTER, UNDER SEAL, Petitioner-Appellant (No. 16-16067), Petitioner-Appellant/Cross-Appellee, (Nos. 16-16081, 16-16190), Petitioner-Appellant (No. 16-16082), —v.— LORETTA E. LYNCH, Attorney General, Respondent-Appellee (No. 16-16067), Respondent-Appellee/Cross-Appellant , (Nos 16-16081, 16-16190, Respondent-Appellee (No. 16-16082). ON APPEAL FROM THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA CASE NOS. 13-CV-2173 SI, 13-MC-80089 SI, 13-CV-1165-SI HONORABLE SUSAN ILLSTON, DISTRICT JUDGE BRIEF OF AMICI CURIAE FLOYD ABRAMS INSTITUTE FOR FREEDOM OF EXPRESSION AND FIRST AMENDMENT SCHOLARS, IN SUPPORT OF THE PARTIES UNDER SEAL JONATHAN MANES HANNAH BLOCH-WEHBA UNIVERSITY AT BUFFALO SCHOOL JOHN T. LANGFORD* OF LAW FLOYD ABRAMS INSTITUTE FOR THE STATE UNIVERSITY OF NEW YORK FREEDOM OF EXPRESSION 613 O’Brian Hall, North Campus YALE LAW SCHOOL Buffalo, New York 14260 P.O. Box 208215 Tel: (716) 645-6222 New Haven, Connecticut 06520 Fax: (716) 645-6199 Tel: (203) 436-5824 Fax: (203) 432-3034 *Not admitted in this jurisdiction Attorneys for Amici Curiae Floyd Abrams Institute for Freedom of Expression and First Amendment Scholars Case: 16-16067, 09/26/2016, ID: 10137176, DktEntry: 21, Page 2 of 44 CORPORATE DISCLOSURE STATEMENT None of the amici has a parent corporation and no corporation owns 10% or more of any of the amici’s stock.
    [Show full text]
  • Warrant Canaries and Disclosure by Design: the Real Threat to National Security Letter Gag Orders Rebecca Wexler Introduction
    THE YALE LAW JOURNAL FORUM D ECEMBER 19, 2014 Warrant Canaries and Disclosure by Design: The Real Threat to National Security Letter Gag Orders Rebecca Wexler introduction Since the 1980s, the FBI has issued documents referred to as National Se- curity Letters (NSLs), which demand data from companies—including finan- cial institution records and the customer records of telephone companies and communications service providers—for foreign intelligence investigations.1 The use of the letters increased dramatically after the attacks of September 11, 2001 and the USA PATRIOT Act’s expansion of the FBI’s statutory NSL authority.2 But these letters were rarely publicized or publicly challenged,3 as they often included gag orders that required recipients not to reveal the contents of the letter, or even its existence.4 After the leak of classified information by Edward 1. See CHARLES DOYLE, CONG. RESEARCH SERV., RS22406, NATIONAL SECURITY LETTERS IN FOREIGN INTELLIGENCE INVESTIGATIONS: A GLIMPSE AT THE LEGAL BACKGROUND 1 (2014), http://fas.org/sgp/crs/intel/RS22406.pdf [http://perma.cc/U5PV-PSJ3]. 2. Id. at 3. 3. By 2008, only three court challenges to NSLs were publicly known. Ryan Singel, FBI Tar- gets Internet Archive with Secret ‘National Security Letter’, Loses, WIRED (May 7, 2008, 10:22 AM), http://www.wired.com/2008/05/internet-archiv [http://perma.cc/T9FR-9G7T]. Nicholas Merrill, the president of a small internet service provider, brought the first of those challenges in 2004, but he was not permitted to reveal his identity to the public until 2010. Gagged for 6 Years, Nick Merrill Speaks Out on Landmark Court Struggle Against FBI’s National Security Letters, DEMOCRACY NOW! (Aug.
    [Show full text]