Author Archive | Natasha Duarte

EFF Weeks 8-9: How the NSA’s mass data collection violates the First Amendment

By Natasha Duarte on July 25, 2013 in First Amendment, Internet, Privacy

EFF filed a lawsuit last Tuesday against the National Security Agency for its mass collection of Verizon customers’ phone records. First Unitarian Church of Los Angeles v. National Security Agency was filed on behalf of a diverse group of 19 organizations and focuses on an important First Amendment right: the right of association. Protecting associational freedom is increasingly important in the context of the government’s collection of metadata — pieces of information, such as the numbers a person calls, which, when put together, reveal information about that person’s associations, including organizations he or she belongs to.

Background: The First Amendment Freedom of Association

The First Amendment right of association is based on the freedom to assemble without government interference. In a landmark 1958 case, NAACP v. Alabama, the Supreme Court recognized that government access to people’s associations creates a “chilling effect” — it makes people less likely to associate with certain organizations. In NAACP v. Alabama, the Court held that it would violate NAACP members’ First Amendment rights for the state to force the organization to turn over its membership lists. The right to organize and assemble without government interference is so fundamental because these associations are forums for political expression and the advancement of ideas — the type of speech the First Amendment was designed to protect.

While discussions about data privacy tend to focus on the Fourth Amendment, First Amendment rights are equally implicated in electronic surveillance. The ability to keep one’s associations private is critical to preserving the right to freely associate.

The case against the NSA

EFF’s case argues that when the NSA collects data about the numbers a person calls and how often, that data can reveal a person’s protected associations, and the surveillance constitutes an interference with the right of association. To illustrate that point, EFF joined with 19 different organizations from across the political spectrum that focus on a range of issues, many of which conflict with one another. These organizations include churches, marijuana legalization advocates, and gun owners’ groups, to name a few. Many members of these organizations hold controversial views and depend on the ability to express those views as a group, but fear individual exposure.

What do the plaintiffs have to hide?

The potential chilling effects and the need for privacy are perhaps best expressed by Gene Hoffman, Chairman of Calguns Foundation, a gun ownership rights group. The group runs a hotline for gun owners who have questions about California gun laws. “California is a difficult place to live if you’re a gun owner,” Hoffman said in a press conference on EFF’s new case. “People are turning to our hotline specifically because they didn’t want to have a record created.” He mentioned that the people who have the most at stake might be those who belong to multiple organizations with potentially conflicting views: “If you are a supporter of marijuana legalization…and you were known to have phoned both [our hotline] and NORML [a marijuana legalization advocacy group], it could cause people to ask questions you didn’t want to have asked.”

New developments: Congress rejects legislation to curtail NSA surveillance

In a close vote yesterday, the U.S. House of Representatives voted against an amendment that would have cut funding for the NSA’s mass surveillance of call records. By striking funding for bulk data collection, the bipartisan amendment would have required Foreign Intelligence Surveillance Court orders to pertain to a person already under investigation. The current legal authority doesn’t require the FISA court to make a showing of suspicion that a person has engaged in terrorism or any illegal activity before it collects data. This lack of standards has allowed the NSA to engage in the mass collection of all Americans’ phone call records. The amendment failed in an extremely close vote of 205 to 217 and garnered both Democratic and Republican support.

Off-topic: Cute pictures of ducks

It’s not uncommon to have three dogs in the office on any given day, but last week one of EFF’s technologists brought these ducklings to work.

EFF weeks 6-7: States attempt to censor adult advertising online

By Natasha Duarte on July 9, 2013 in First Amendment, Internet

Ever since “adult” advertising moved from the back page of The Village Voice to the Internet, some government officials have been trying to censor it. A recent attempt by the New Jersey legislature was blocked by a federal judge on June 28. Chief Judge Dennis Cavanaugh of the U.S. District Court for the District of New Jersey signed a temporary restraining order preventing New Jersey from enforcing a law that would have taken effect July 1. The New Jersey law addressed a serious problem — human trafficking and the exploitation of minors — but it did so in a way that unnecessarily and impermissibly burdened a large amount of lawful speech.

The statute would impose severe criminal penalties on any party that “directly or indirectly” caused to be disseminated sex ads containing images of minors. The Act’s broad language would make Internet service providers (ISPs) such as Backpage.com, Craigslist, and the Internet Archive criminally liable for such ads posted by third parties, even if the ISPs didn’t know the person pictured in the ad was a minor.

In 2010, Craigslist removed its “adult services” category after it was pressured to do so by a group of state attorneys general. Those ads moved to Backpage.com, which has since resisted similar pressure to remove adult ads. EFF is representing another plaintiff, the Internet Archive, which acts as a library for the Internet by archiving and displaying as much content as possible from other websites.

Laws that chill a significant amount of speech, even if they address important problems, are unconstitutional under the First Amendment if they are not narrowly tailored. To be narrowly tailored, a law must burden as little lawful speech as possible while still achieving its goals. The New Jersey statute is not narrowly tailored to combat child sex trafficking. On one hand, it punishes people who “knowingly” purchase or author sex ads depicting minors. This part of the law goes after the bad actor, and backpage.com has said that it supports such measures. However, another part of the law punishes parties who “indirectly” cause such ads to be disseminated, which would include any website on which third parties can post ads. It is not a defense under this law that the ISP did not know that the ad depicted a minor.

The law also conflicts with Section 230 of the Communications Decency Act, a federal law which shields ISPs from liability for content posted by third parties. Under Section 230, for example, Youtube is not liable for videos posted by users that infringe copyrights or otherwise break the law.

To comply with the New Jersey statute, an ISP would have to manually inspect every item posted on its website and obtain identification for every person pictured who could potentially be a minor. This is an impossible task for websites like Craigslist and Backpage.com, where millions of users post content daily, and for the Internet Archive, which attempts to house every webpage that ever existed. It would likely force advertising services to ban adult or sexual ads altogether, which is probably what the legislature was aiming for.

Now that New Jersey is temporarily restrained from enforcing its statute, I’m writing a brief explaining why the judge should issue a permanent injunction.

San Francisco’s Rally to Restore the Fourth Amendment

Last week I marched in the Fourth of July Rally to Restore the Fourth. Hundreds of people walked down Market Street from U.N. Plaza to the Ferry Building protesting warrantless, secret surveillance by the National Security Administration.

EFF Weeks 4-5: Craigslist v. 3Taps and CFAA Reform

By Natasha Duarte on June 24, 2013 in Internet

EFF filed an amicus brief last week in Craigslist v. 3Taps, a case in which Craigslist sued 3Taps for copying its publicly available data and making it available to its customers to use on their websites. One of 3Taps’s customers is Padmapper, a website that publishes Craigslist apartment postings over a map, allowing users to search for apartments geographically. Craigslist claims that, by copying its data, 3Taps violated the Computer Fraud and Abuse Act, a criminal statute that was intended to deter malicious hacking and computer trespassing but that is now used to criminalize all sorts of behavior. EFF’s brief argues that the CFAA should not be applied to accessing a publicly available website.

The United States District Court for the Northern District of California ruled that 3Taps violated the CFAA not because it violated Craigslist’s terms of use, but because Craigslist sent 3Taps a cease and desist letter and attempted to block its IP address. The court held that 3Taps was therefore unauthorized to access Craigslist’s website under the CFAA. The court found that the “expansive” language of the CFAA allowed Craigslist to use it to protect information on a publicly accessible website. However, the court recognized that this premise was troubling, and agreed to accept additional briefing on whether the statute should be interpreted so broadly.

The CFAA has been widely used to stifle innovation, most famously in the prosecution of the late Aaron Swartz, the Reddit co-founder who faced severe penalties for downloading millions of journal articles from the JSTOR database. Last week, Reps. Zoe Lofgren (D-Calif.) and Jim Sensenbrenner (R-Wis.) and Sen. Ron Wyden (D-Ore.) introduced Aaron’s Law, a bill reforming the CFAA by deleting and clarifying some of the law’s vague, sweeping language. The amendments would mean that violating a website’s terms of service would not be a criminal offense. The bill also lowers penalties under the CFAA in an attempt to curb overly aggressive prosecution.

Chicken, waffles, and cyberlaw

EFF held its annual cyberlaw pub trivia/chicken and waffles night on June 11. Attorneys from Bay Area law firms, Google, Wikimedia, Stanford’s Center for Internet and Society, and other organizations came to compete. This year, the EFF interns took fifth place, beating more than half of the teams. We named our team after the NSA’s secret spying center in Utah.

EFF Week 3: The First and Fourth Amendments — down, but hopefully not out

By Natasha Duarte on June 9, 2013 in First Amendment, Internet, Privacy, Transparency

It was a busy week at EFF. The phones have been ringing almost non-stop with journalists, supporters, and concerned people. The news outlets wanted interviews with attorneys. The supporters wanted to commiserate. The concerned people wanted answers — how can the government do this, and what does it mean? Of course, the fact that the National Security Agency has been spying on Americans’ phone records was the big story, but that’s not the only threat to our rights to privacy and free speech that we suffered this week.

Warrantless DNA searches

On Monday, the Supreme Court ruled that police can take a DNA sample from someone who is arrested — not even convicted of a crime — without a warrant. A DNA swab is a search under the Fourth Amendment, and this is the first time the Court has allowed an exception to the need for a warrant for general crime solving and investigative purposes. The majority held that the “search” was only the cheek swab to collect the DNA, not the subsequent steps of extracting the DNA profile and comparing it to an FBI database of DNA left at crime scenes.

Revenge porn

Also on Monday, new legislation passed the California State Senate’s Public Safety Committee that would make the electronic distribution of revenge porn a misdemeanor. Revenge porn is the practice of posting pictures of former romantic or sexual partners online. EFF Staff Attorney Nate Cardozo was interviewed by ABC about the bill’s First Amendment implications.

Nate being interviewed by ABC News. The interns were filmed for some B-roll, but we didn’t make the cut.

Nate said that while revenge porn is a “serious issue,” the California bill is not narrowly tailored enough to pass First Amendment scrutiny because it punishes not only the “bad actor” (the person who posts pornographic pictures) but also everyone who distributes the images once they are posted.

NSA phone and Internet data collection

On Wednesday and Thursday, The Guardian published leaks from Edward Snowden revealing that the National Security Administration has been operating a broad, untargeted phone and Internet spying regime for at least seven years. Wednesday’s leak revealed that the NSA has been collecting the phone records of millions of Verizon customers, including all calls made into, within, and out of the United States. Thursday’s leak revealed that the NSA has been intercepting certain information from major Internet companies including Google, Microsoft, Apple, Facebook, and Skype.

These leaks confirm that the government has been using secret law to justify warrantless spying on Americans. The Fourth Amendment generally protects us from warrantless, suspicionless searches by the government. The NSA derives its authority to collect phone records from secret opinions and orders from the Foreign Intelligence Surveillance Court interpreting the Patriot Act. Unlike other courts, whose opinions are public, FISA Court opinions and orders are kept secret.

Why we should care that the government is collecting our phone records

In a statement on Thursday, President Obama said we shouldn’t worry about the NSA’s data collection because the government is not listening to our phone calls. It’s true that the NSA needs to obtain a warrant, based on reasonable suspicion, to listen to the content of someone’s phone call. But even without hearing your conversation, the NSA can obtain an alarming amount of data about you based on whom you called, where you called to and from, and when the calls were made. This information is commonly referred to as “metadata,” and EFF Senior Staff Attorney Kurt Opsahl’s new blog post explains why it matters. These are some of Kurt’s examples illustrating what your phone records might reveal to the NSA:

They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed.
They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after. But the content of those calls remains safe from government intrusion.

President Obama also said that we can’t have 100 percent privacy and 100 percent security. He believes the government has struck the correct balance. He said he welcomes a national debate about how much privacy we want to give up in the name of fighting terrorism. However, he also said he does not welcome leaks about the NSA’s spying programs. How can we have a real debate about how much spying is too much, and how can the American people have a say in the so-called balance between privacy and security, when the government does all it can to hide the details of and justifications for its data collection programs?

Woody comes to California!

Me and Woody at a reception for the Privacy Law Scholars Conference.

Woodrow Hartzog, brilliant privacy scholar, law professor, UNC J-School alumnus (Ph.D. 2011), and the best mentor a nerd could ask for, came to town this week for the annual Privacy Law Scholars Conference. Woody presented a working paper with Daniel Solove on privacy law and the FTC. It was so great to catch up!

EFF Internship Week 2: Facial Recognition and Privacy

By Natasha Duarte on June 2, 2013 in Internet, Privacy

[Ed: This is the second in a series of posts by Natasha Duarte, who is blogging about her summer internship experience at EFF.] This week I researched how state law enforcement agencies use facial recognition software to track individuals. I’m helping EFF prepare public records requests to gather more information on the facial recognition and biometric tracking programs being deployed throughout the United States.

If you’ve ever had your picture taken for a driver’s license or other photo ID, your face is probably in a database used by the DMV, state law enforcement agencies, and the FBI for almost limitless tracking purposes. Some agencies use mobile systems in the field to detect a person’s facial measurements, fingerprints, and other biometrics. The system automatically scans a database and matches the person’s face with any other information the government has access to.

The U.S. Department of Homeland Security is reportedly developing systems that will scan crowds in stadiums or other areas, matching faces in the crowd with these extensive databases. While it might help track criminal suspects, the curre

nt technology is susceptible to mismatches, and the databases include photos of individuals who have never been arrested, charged, or convicted.

Despite its dangerous privacy implications, the use of facial recognition technology by the government remains unregulated. In Arizona, facial recognition systems developed to find “terrorists” reportedly have been used to track protestors associated with the Occupy movement and to do instant immigration background checks at traffic stops.

But the most detailed facial recognition database is not the FBI’s—it’s Facebook’s. Facebook already uses facial recognition software (that’s how it knows whom to tag when you upload a photo). Some proponents of facial recognition programs have suggested that the government should incorporate social network photos into its databases. Unlike most frontal driver’s license photos, Facebook photos reveal what a person looks like from different angles, how tall she is, how she dresses, whom she hangs out with, and where she hangs out. Facebook has not indicated that it would cooperate with requests to search its database, but access to social network data could be a powerful and dangerous tool for law enforcement.

Living in San Francisco:

Dancers in a parade at Carnaval, an annual Latin American and Caribbean festival that takes place in San Francisco’s Mission District.

Carnaval, a Latin American and Caribbean festival, took place in my neighborhood last weekend. I love how many different cultures intersect in San Francisco, especially in the Mission District. Here’s a photo I took of some of the dancers in the Carnaval parade.

← Previous 1 … 3 4

@uncmedialaw on Twitter

New post: Workshop on Police Body-Worn Cameras a Success https://t.co/vNQTsRTJz5 6 years ago
New post: Center’s Research Fellow Co-Authors Article on OnionDNS in Information Security Journal https://t.co/piEGoR0N1o 6 years ago
RT @dsardia: If you are in Chapel Hill this week, you won’t want to miss this lunch on Friday @UNCMJschool: "New Media Barons and the Emerg… 6 years ago retweeted via dsardia
Upcoming Event: Media Law Dual Degree Program (MA/JD and PhD/JD) Info Session https://t.co/d6eEhohsVY 6 years ago
RT @dsardia: Police Body-Worn Cameras: Time to roll up our sleeves and study the issues. Join us & @nclrev Friday 11/3. More info https://t… 6 years ago retweeted via dsardia
New post: Police Body-Worn Cameras: Time to Roll Up Our Sleeves and Study the Issues https://t.co/zEdIThNpGI 6 years ago

Follow uncmedialaw on Twitter

Navigation