Issues with Designating Election Infrastructure as Critical Infrastructure

By Daniel Patrick Shaffer

Critical Infrastructure and the Power of the Executive Branch

Department of Homeland Security Secretary Jeh Johnson recently proposed the idea of designating election infrastructure as “critical infrastructure.” Critical infrastructure includes pieces of infrastructure that are so vital to the United States, that their destruction would have a crippling effect on our economy, health, and security. This currently includes infrastructure like dams, the power grid, and financial institutions. The Secretary has cybersecurity concerns, citing the recent cyber-attacks on the Democratic National Committee database, and the possibility of more destructive attacks in the future. Pursuant to the Homeland Security Act of 2002, The President and Secretary of DHS both have the power to designate critical infrastructure. The President did this in the Presidential Policy Directive-21, Critical Infrastructure Security and Resilience. The Directive says that department heads are in charge of working with the Secretary of Homeland Security to ensure security in their respective critical infrastructures. The Department of Justice, a part of the executive branch, has jurisdiction to monitor, investigate, and Continue reading “Issues with Designating Election Infrastructure as Critical Infrastructure”

The Third Party Records Doctrine and Privacy in the Digital Age and Its Role in National Security

Everyday that passes the expectation of privacy of individuals diminishes. The newest technological crazes revolve around monitoring our day-to-day activities and maximizing every second we have. From wristwatches that measure your heart rate and let you read email or text messages at the same time, to smart meters installed at our houses collecting minute-by-minute data about energy consumption to transmit it back to energy companies for more accurate billing.[1] Everywhere we go and in everything we do there seems to no longer be a way to avoid transmitting some our most personal and private details of our life to a third party through the use of technology. In taking into account this reality it’s hard to accept the fact that just by making use of this existing technology we’ve inadvertently renounced to our privacy rights over some of our most personal information that was never intended to be public. Continue reading “The Third Party Records Doctrine and Privacy in the Digital Age and Its Role in National Security”

Cell Site Simulator Technology Violating Fourth Amendment Rights

In the age of modern technology, the balance between individuals’ privacy rights and national security have been heavily weighed. Advances in technology have enabled government agencies to obtain cellular information without appropriate judicial review and without the individual’s knowledge. Due to public outcry and complaints made by the American Civil Liberties Union, the Federal Government felt that appropriate action should be taken to minimize the use of this rare technology and has restricted the use of cell-site simulator technology without a warrant; however, state and local governments have not been instructed to do so and many have failed to address the issue at all. 1

The Fourth Amendment protects persons’ personal privacy from government intrusion.2 When intrusion leads to the obtainment of intimate knowledge, it will be deemed unreasonable unless the need for public interest is outweighed by the privacy interest of the individual.3 For a search to be reasonable, officers generally will need to acquire a search warrant signed by a magistrate.4 If information is obtained without a search warrant and without an exception to the search warrant clause, it will be deemed inadmissible at trial.5

The use of technology, not acquirable by an ordinary person, dates back to the Supreme Court’s decision, Kyllo v. United States.6 The Supreme Court held that the obtainment of information through sense-enhancing technology into the interior of the home, that could not have been obtained without a physical intrusion, is a search.7 The Supreme Court has also determined that the monitoring of a beeper device in a private residence, not in a location open to visual surveillance, is a violation of the Fourth Amendment.8

More recently, with the storage capacity of modern cellular devices, the Supreme Court has instructed that the Government must obtain a search warrant before conducting a search of the content.9 This is because of the vast amount of intimate information such as emails, medical information, photographs and credit card information.10 The protection is placed on what a person preserves as private and in the modern era, the contents of a cellphone will be preserved as private to most individuals.

It has recently come to light that government agencies, local and federal, have been using cell-site simulator technology to obtain physical locations of suspects. A cell-site simulator, known as Stingray, acts as a substitute cell tower and awaits signals from particular cellular phones.11 Based on the strength of the signal, a general location can be determined.12 Once multiple signals and locations have been obtained, a precise location is then determined.13 The location is so precise that it can pinpoint the cellular phone to a particular room in a large building. Based on precedent, Courts are likely to hold that the use of Stingray is a search and inadmissible without obtaining a warrant. The ability to obtain tracking information from the device is in violation of the decision in Riley v. California, where the Court held that a cellular phone may  not be accessed and searched without first obtaining a warrant or consent.14 This technology is also rare technology that is not available to the general public and would physically intrude into an individual’s home.15

The Department of Justice has recently drafted and adopted a policy instructing government agencies to obtain appropriate approval before utilizing cell site simulators.16 This was in light of claims being made by organizations like the American Civil Liberties Union that the government was failing to inform the courts that they have access to this information and instead reported using criminal informants to obtain the information.17 While this was determined to be used more often local police departments, this technology allowed the ability for the Government to violate individual’s privacy rights.

After the Department of Justice drafted a policy requiring investigators to obtain warrants before using cell site simulators, state and local departments have not been forced to do the same. There are even loopholes to this policy. It merely applies to criminal investigations NOT national security or border cases. This means, that the Government has the ability to use Stingray when “monitoring” the border for national security. Has the Government failed to protect its citizens again? After the excessive collection of citizen’s information found under the United States Patriot Act, shouldn’t the Government protect individuals’ privacy rights at a higher level? Also, does this new policy prohibit the use of Stingray on suspected terrorists without a warrant? To many questions are still left unanswered after the drafting of this policy that need to be answered.

  1. Neema Singh Guliana, ACLU, The Four Biggest Problems With DHS’s New Stingray Policy, Oct. 22, 2015, available at https://www.aclu.org/blog/free-future/four-biggest-problems-dhss-new-stingray-policy.
  2. U.S. Const. Amend. IV.
  3. Kyllo v. United States, 533 U.S. 27, 36 (2001).
  4. U.S. Const. Amend. IV.
  5. Id.
  6. Kyllo, 533 U.S. 27.
  7. Id. at 40.
  8. United States v. Karo, 710 F.2d 1433, 1439 (1983).
  9. Riley v. California 134 S. Ct. 2473, 2494 (2014).
  10. Id.
  11. Department of Justice, Department of Justice Policy Guidance: Use of Cell-Site Simulator Technology, Sept 3, 2015, available at https://www.justice.gov/opa/pr/justice-department-announces-enhanced-policy-use-cell-site-simulators.
  12. Id.
  13. Id.
  14. Riley, 134 S. Ct. 2473, 2494.
  15. Kyllo, 533 U.S. 27.
  16. Department of Justice, Department of Justice Policy Guidance: Use of Cell-Site Simulator Technology, Sept 3, 2015, available at https://www.justice.gov/opa/pr/justice-department-announces-enhanced-policy-use-cell-site-simulators.
  17. Jeremy Schahill & Margot Williams, The Intercept, Stingrays: A Secret Catalogue of Government Gear for Spying on Your Cell Phone, Dec. 17, 2015,  available at https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/.

The Intersection of “Internet Terrorism” and “Individual Privacy” in the Context of the First Amendment

“Deterring Russia, channeling growing Chinese power, and working with others to dismantle the Islamic State are daunting challenges — but not greater than rebuilding post-World War II Europe, containing the Soviet Union, ending the Cold War, and promoting democratic governance throughout much of the modern world.”[1]

James Dobbins

The “modern world” that Ambassador James Dobbins speaks of has a mounting threat: “Internet Terrorism.” The dawn of the 21st century, coupled with the post 9/11 world in which we live, has completely transformed the way war is waged. Under the First Amendment:

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.[2]

The Internet is a platform used to express opinions, share ideas, and absorb information. However, it has become weaponized to perpetuate radicalism, violence, and instability. Both the Federal Bureau of Investigation and the Central Intelligence Agency have listed “Terrorism” and “Cyber Warfare” as the top two threats to our Nation’s security. We are living in a digital age where culture is shaped by the media through the utilization of the Internet. It is an intangible infrastructure where ideas, beliefs, thoughts, and opinions are shared, debated, criticized, tweeted, hash-tagged, posted, and commented on. How do we, as a country, combat the threats of “Terrorism” and “Cyber Warfare,” while continuing to preserve the life, liberty and property of the American people as protected by the Constitution?

The United States Constitution does not explicitly define privacy as a right to the people, however the Supreme Court has historically handed down decisions that suggest a broader reading of the Constitution: one which protects an individual’s rights to privacy and free speech. In the June 2015 Supreme Court Decision, Anthony Douglas Elonis v. United States, the court undertook, for the first time, a case that considers threats and the limits of free speech in the context of the internet. The court had the opinion that:

Federal law makes it a crime to transmit in interstate commerce “any communication containing any threat . . . to injure the person of another.” 18 U. S. C. §875(c). Petitioner was convicted of violating this provision under instructions that required the jury to find that he communicated what a reasonable person would regard as a threat. The question is whether the statute also requires that the defendant be aware of the threatening nature of the communication, and—if not—whether the First Amendment requires such a showing.[3]

Presently, the First Amendment is at a severe crossroads in the context of freedom of speech and the perpetuation of violence through Internet discord. Terrorism,” and cyber attacks via the Internet, are growing dangers to our Nations security.

An example of this multifaceted paradigm is the arrests of United States citizens charged with “terrorism-related crimes, including two Queens women who allegedly discussed making bomb with an undercover federal agent…and a Texas man…[who] was charged separately with seeking to train alongside Muslim militants who allegedly plotted to attack New York City subways.”[4] According to an April 2015 article in Bloomberg: “U.S. prosecutors announced charges against a Philadelphia woman, Keonna Thomas, accused of attempting to join Islamic State. The government said she posted items expressing support for the group on Twitter, and communicated online with a Somalia-based jihadi fighter from Minnesota, a radical Islamic cleric and an ISIS fighter in Syria.”[5] Going forward, National Security law will play a crucial role in shaping the gray line between an individual’s freedom of speech and the profound use of the internet to spread violent extremism. Does the First Amendment inexplicably safeguard an individual’s rights to privacy through the milieu of free speech, or does the digital age in which we live redefine its meaning?

 

[1] James Dobbins, Reports of Global Disorder Have Been Greatly Exaggerated, Foreign Policy (July 22, 2015), http://foreignpolicy.com/2015/07/22/reports-of-our-global-disorder-have-been-greatly-exaggerated-russia-china-us-leadership/.  

[2] U.S. Const. amend. I

[3] Elonis v. United States, 135 S. Ct. 2001 (2015)

[4] Christie Smythe, U.S. Citizens Swept Up in N.Y., Philadelphia Terrorism Arrests, Bloomberg Business (April 3, 2015) http://www.bloomberg.com/news/articles/2015-04-02/two-new-york-women-charged-by-u-s-in-alleged-terrorist-plot.

[5] Id.

 

The Slippery Slope of Creating an iPhone Backdoor

Gregory Coutros

The Slippery Slope of Creating an iPhone Backdoor

            The FBI’s request that Apple provide an electronic backdoor into the iPhone used by the San Bernardino shooters is, on its face, a reasonable request. The government’s need to access the phone is undoubtedly important for national security so as to protect against terrorist attacks similar to the San Bernardino shooting. The problem is that by creating a backdoor into the iPhone a dangerous precedent is set and a powerful technological tool is created.

To put it bluntly, destroying something once created in cyberspace is nearly impossible.[1] The FBI argues that it is only requesting access to a single phone; the Bureau does not want or expect Apple to create a backdoor to all iPhones. However, Apple points out a flaw in the FBI’s argument that the process used to create the backdoor “. . . could be replicated. Thus, [the code] would not be truly destroyed.”[2] Meaning, that this code creating a backdoor could be recreated and applied to other mobile devices. This would completely eliminate any security measure the original operating system had in place for any phone that operates it.[3] The code used to create the backdoor would result in a sort of skeleton key floating around which could potentially be a major cyber security threat. However, because of the nature of the Intelligence world, the information on the phone could be more valuable than a potential cyber security threat against an aging Operating System.

Information in the Intelligence community is passed from agency to agency in a way that is designed to help piece together information to form a picture of what is happening.[4] For instance, the “. . . FBI can share information with . . . the CIA,” because one agency has information that the other needs.[5] This flow of information can easily be used to help create a clearer picture of a potential threat. By gaining access to the content, not just the metadata, of the San Bernardino shooter’s phone the FBI could potentially create a very clear picture for many different agencies as to how the attack was orchestrated and who else was involved.[6] By gaining this valuable information, the FBI and other agencies could work to prevent anything like the shooting from happening again. Unfortunately, the way in which it is being asked to be done can set a very dangerous precedent that impacts people’s privacy for the sake of potentially stopping a threat.[7]

This is now a fight that will be played out in court and will inevitably set a precedent for courts to follow on similar issues.[8] Currently, there is a Manhattan prosecutor waiting to learn how the iPhone case will play out, because he currently has “175” locked iPhones he wants access to.[9] If the court finds that Apple is required to create this backdoor for the FBI, prosecutors around the country will begin to act in kind. Every prosecutor in the country who stumbles upon a cellphone in the possession of a suspect can request the content of the phone be provided simply by citing to the Apple case.[10] Even if there is no guarantee that the content on the phone is crucial to the case, the argument will be made that the potential of the threat exists as an attempt to justify the request.

Creating a backdoor is dangerous. It creates a slippery slope, both in the legal world and the technological one. Legally speaking, a precedent will be set that could make it very easy to access the content of a person’s phone impacting, and effectively changing, privacy rights with cellphones. Technologically speaking, a skeleton key will have been created that could potentially be used to access anything that runs the same operating system. No one would argue that trying to prevent another San Bernardino-type attack isn’t important; but is it important enough to allow for the creation of a skeleton key, or setting a dangerous precedent? It is truly a hard question to answer, and it is hard to say what answer would be correct.

 

 

 

[1] Chris Smith, An iPhone backdoor like the FBI wants is even more dangerous than you think, (Feb. 26, 2016), http://bgr.com/2016/02/26/apple-fbi-iphone-hack-backdoor//

[2] Id.

[3] Id.

[4] Christina Sterbenz, Ex-FBI officials explain why the government wants Apple to provide access to the San Bernardino shooter’s iPhone, (Feb. 22, 2016),  http://www.businessinsider.com/what-ex-fbi-officials-think-about-apple-2016-2

[5] Id.

[6] Id.

[7] Spencer Ackerman et al., FBI director admits Apple encryption case could set legal precedent, The Guardian (Feb. 25, 2016),  http://www.theguardian.com/technology/2016/feb/25/fbi-director-james-comey-apple-encryption-case-legal-precedent

[8] Id.

[9] Id.

[10] See Id.