Entries Tagged "laws"

Page 27 of 35

REAL ID Harder Than Legislators Thought

According to the Associated Press:

State motor vehicle officials nationwide who will have to carry out the Real ID Act say its authors grossly underestimated its logistical, technological and financial demands.

In a comprehensive survey obtained by The Associated Press and in follow-up interviews, officials cast doubt on the states’ ability to comply with the law on time and fretted that it will be a budget buster.

I’ve already written about REAL ID, including the obscene costs:

REAL ID is expensive. It’s an unfunded mandate: the federal government is forcing the states to spend their own money to comply with the act. I’ve seen estimates that the cost to the states of complying with REAL ID will be $120 million. That’s $120 million that can’t be spent on actual security.

According to the AP, I was way off:

Pennsylvania alone estimated a hit of up to $85 million. Washington state projected at least $46 million annually in the first several years.

Separately, a December report to Virginia’s governor pegged the potential price tag for that state as high as $169 million, with $63 million annually in successive years. Of the initial cost, $33 million would be just to redesign computing systems.

Remember, security is a trade-off. REAL ID is a bad idea primarily because the security gained is not worth the enormous expense.

See also the ACLU’s site on REAL ID.

Posted on January 13, 2006 at 1:23 PMView Comments

Anonymous Internet Annoying Is Illegal in the U.S.

How bizarre:

Last Thursday, President Bush signed into law a prohibition on posting annoying Web messages or sending annoying e-mail messages without disclosing your true identity.

[…]

Buried deep in the new law is Sec. 113, an innocuously titled bit called “Preventing Cyberstalking.” It rewrites existing telephone harassment law to prohibit anyone from using the Internet “without disclosing his identity and with intent to annoy.”

What does this mean for the comment section of this blog? Or any blog? Or Usenet?

More importantly, what does it mean for our society when obviously stupid laws like this get passed, and we have to rely on the police being nice enough to not enforce them?

EDITED TO ADD (1/9) Some commenters to BoingBoing clarify the legal issues. This is from an anonymous attorney:

The anonymous harassment provision ( Link ) is the old telephone-annoyance statute that has been on the books for decades. It was updated in the widely (and in many respects deservedly) ridiculed Communications Decency Act to include new technologies, and the cases make clear its applicability to Internet communications. See, e.g., ACLU v. Reno, 929 F. Supp. 824, 829 n.5 (E.D. Pa. 1996) (text here), aff’d, 521 U.S. 824 (1997). Unlike the indecency provisions of the CDA, this scope update was not invalidated in the courts and remains fully effective.

In other words, the latest amendment, which supposedly adds Internet communications devices to the scope of the law, is meaningless surplusage.

Posted on January 9, 2006 at 2:38 PMView Comments

Wisconsin Voting Machines

Here’s an impressive piece of common sense:

Among the 15 bills governor Jim Doyle signed into law on Wednesday will require the software of touch-screen voting machines used in elections to be open-source.

Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used.

Any voting machines to be used in the state already had to pass State Elections Board tests. Electronic voting machines, in particular, already were required to maintain their results tallies even if the power goes out, and to produce paper ballots that could be used in case of a recount. The new law also requires the paper ballots to be presented to voters for verification before being stored.

I wrote about electronic voting here (2004), here (2003), and here (2000).

Posted on January 6, 2006 at 7:15 AMView Comments

Project Shamrock

Decades before 9/11, and the subsequent Bush order that directed the NSA to eavesdrop on every phone call, e-mail message, and who-knows-what-else going into or out of the United States, U.S. citizens included, they did the same thing with telegrams. It was called Project Shamrock, and anyone who thinks this is new legal and technological terrain should read up on that program.

Project SHAMROCK…was an espionage exercise that involved the accumulation of all telegraphic data entering into or exiting from the United States. The Armed Forces Security Agency (AFSA) and its successor NSA were given direct access to daily microfilm copies of all incoming, outgoing, and transiting telegraphs via the Western Union and its associates RCA and ITT. Operation Shamrock lasted well into the 1960s when computerized operations (HARVEST) made it possible to search for keywords rather than read through all communications.

Project SHAMROCK became so successful that in 1966 the NSA and CIA set up a front company in lower Manhattan (where the offices of the telegraph companies were located) under the codename LPMEDLEY. At the height of Project SHAMROCK, 150,000 messages a month were printed and analyzed by NSA agents. In May 1975 however, congressional critics began to investigate and expose the program. As a result, NSA director Lew Allen terminated it. The testimony of both the representatives from the cable companies and of director Allen at the hearings prompted Senate Intelligence Committee chairman Sen. Frank Church to conclude that Project SHAMROCK was “probably the largest government interception program affecting Americans ever undertaken.”

If you want details, the best place is James Banford’s books about the NSA: his 1982 book, The Puzzle Palace, and his 2001 book, Body of Secrets. This quote is from the latter book, page 440:

Among the reforms to come out of the Church Committee investigation was the creation of the Foreign Intelligence Surveillance Act (FISA), which for the first time outlined what NSA was and was not permitted to do. The new statute outlawed wholesale, warrantless acquisition of raw telegrams such as had been provided under Shamrock. It also outlawed the arbitrary compilation of watch list containing the names of Americans. Under FISA, a secret federal court was set up, the Foreign Intelligence Surveillance Court. In order for NSA to target an American citizen or a permanent resident alien—a “green card” holder—within the United States, a secret warrant must be obtained from the court. To get the warrant, NSA officials must show that the person they wish to target is either an agent of a foreign power or involved in espionage or terrorism.

A lot of people are trying to say that it’s a different world today, and that eavesdropping on a massive scale is not covered under the FISA statute, because it just wasn’t possible or anticipated back then. That’s a lie. Project Shamrock began in the 1950s, and ran for about twenty years. It too had a massive program to eavesdrop on all international telegram communications, including communications to and from American citizens. It too was to counter a terrorist threat inside the United States. It too was secret, and illegal. It is exactly, by name, the sort of program that the FISA process was supposed to get under control.

Twenty years ago, Senator Frank Church warned of the dangers of letting the NSA get involved in domestic intelligence gathering. He said that the “potential to violate the privacy of Americans is unmatched by any other intelligence agency.” If the resources of the NSA were ever used domestically, “no American would have any privacy left…. There would be no place to hide…. We must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is an abyss from which there is no return.”

Bush’s eavesdropping program was explicitly anticipated in 1978, and made illegal by FISA. There might not have been fax machines, or e-mail, or the Internet, but the NSA did the exact same thing with telegrams.

We can decide as a society that we need to revisit FISA. We can debate the relative merits of police-state surveillance tactics and counterterrorism. We can discuss the prohibitions against spying on American citizens without a warrant, crossing over that abyss that Church warned us about twenty years ago. But the president can’t simply decide that the law doesn’t apply to him.

This issue is not about terrorism. It’s not about intelligence gathering. It’s about the executive branch of the United States ignoring a law, passed by the legislative branch and signed by President Jimmy Carter: a law that directs the judicial branch to monitor eavesdropping on Americans in national security investigations.

It’s not the spying, it’s the illegality.

Posted on December 29, 2005 at 8:40 AMView Comments

Are Computer-Security Export Controls Back?

I thought U.S. export regulations were finally over and done with, at least for software. Maybe not:

Unfortunately, due to strict US Government export regulations Symantec is only able to fulfill new LC5 orders or offer technical support directly with end-users located in the United States and commercial entities in Canada, provided all screening is successful.

Commodities, technology or software is subject to U.S. Dept. of Commerce, Bureau of Industry and Security control if exported or electronically transferred outside of the USA. Commodities, technology or software are controlled under ECCN 5A002.c.1, cryptanalytic.

You can also access further information on our web site at the following address: http://www.symantec.com/region/reg_eu/techsupp/enterprise/index.html

The software in question is the password breaking and auditing tool called LC5, better known as L0phtCrack.

Anyone have any ideas what’s going on, because I sure don’t.

Posted on December 28, 2005 at 7:08 AMView Comments

The Security Threat of Unchecked Presidential Power

This past Thursday, the New York Times exposed the most significant violation of federal surveillance law in the post-Watergate era. President Bush secretly authorized the National Security Agency to engage in domestic spying, wiretapping thousands of Americans and bypassing the legal procedures regulating this activity.

This isn’t about the spying, although that’s a major issue in itself. This is about the Fourth Amendment protections against illegal search. This is about circumventing a teeny tiny check by the judicial branch, placed there by the legislative branch, placed there 27 years ago—on the last occasion that the executive branch abused its power so broadly.

In defending this secret spying on Americans, Bush said that he relied on his constitutional powers (Article 2) and the joint resolution passed by Congress after 9/11 that led to the war in Iraq. This rationale was spelled out in a memo written by John Yoo, a White House attorney, less than two weeks after the attacks of 9/11. It’s a dense read and a terrifying piece of legal contortionism, but it basically says that the president has unlimited powers to fight terrorism. He can spy on anyone, arrest anyone, and kidnap anyone and ship him to another country … merely on the suspicion that he might be a terrorist. And according to the memo, this power lasts until there is no more terrorism in the world.

Yoo starts by arguing that the Constitution gives the president total power during wartime. He also notes that Congress has recently been quiescent when the president takes some military action on his own, citing President Clinton’s 1998 strike against Sudan and Afghanistan.

Yoo then says: “The terrorist incidents of September 11, 2001, were surely far graver a threat to the national security of the United States than the 1998 attacks. … The President’s power to respond militarily to the later attacks must be correspondingly broader.”

This is novel reasoning. It’s as if the police would have greater powers when investigating a murder than a burglary.

More to the point, the congressional resolution of Sept. 14, 2001, specifically refused the White House’s initial attempt to seek authority to preempt any future acts of terrorism, and narrowly gave Bush permission to go after those responsible for the attacks on the Pentagon and World Trade Center.

Yoo’s memo ignored this. Written 11 days after Congress refused to grant the president wide-ranging powers, it admitted that “the Joint Resolution is somewhat narrower than the President’s constitutional authority,” but argued “the President’s broad constitutional power to use military force … would allow the President to … [take] whatever actions he deems appropriate … to pre-empt or respond to terrorist threats from new quarters.”

Even if Congress specifically says no.

The result is that the president’s wartime powers, with its armies, battles, victories, and congressional declarations, now extend to the rhetorical “War on Terror”: a war with no fronts, no boundaries, no opposing army, and—most ominously—no knowable “victory.” Investigations, arrests, and trials are not tools of war. But according to the Yoo memo, the president can define war however he chooses, and remain “at war” for as long as he chooses.

This is indefinite dictatorial power. And I don’t use that term lightly; the very definition of a dictatorship is a system that puts a ruler above the law. In the weeks after 9/11, while America and the world were grieving, Bush built a legal rationale for a dictatorship. Then he immediately started using it to avoid the law.

This is, fundamentally, why this issue crossed political lines in Congress. If the president can ignore laws regulating surveillance and wiretapping, why is Congress bothering to debate reauthorizing certain provisions of the Patriot Act? Any debate over laws is predicated on the belief that the executive branch will follow the law.

This is not a partisan issue between Democrats and Republicans; it’s a president unilaterally overriding the Fourth Amendment, Congress and the Supreme Court. Unchecked presidential power has nothing to do with how much you either love or hate George W. Bush. You have to imagine this power in the hands of the person you most don’t want to see as president, whether it be Dick Cheney or Hillary Rodham Clinton, Michael Moore or Ann Coulter.

Laws are what give us security against the actions of the majority and the powerful. If we discard our constitutional protections against tyranny in an attempt to protect us from terrorism, we’re all less safe as a result.

This essay was published today as an op-ed in the Minneapolis Star Tribune.

Here’s the opening paragraph of the Yoo memo. Remember, think of this power in the hands of your least favorite politician when you read it:

You have asked for our opinion as to the scope of the President’s authority to take military action in response to the terrorist attacks on the United States on September 11, 2001. We conclude that the President has broad constitutional power to use military force. Congress has acknowledged this inherent executive power in both the War Powers Resolution, Pub. L. No. 93-148, 87 Stat. 555 (1973), codified at 50 U.S.C. § 1541-1548 (the “WPR”), and in the Joint Resolution passed by Congress on September 14, 2001, Pub. L. No. 107-40, 115 Stat. 224 (2001). Further, the President has the constitutional power not only to retaliate against any person, organization, or State suspected of involvement in terrorist attacks on the United States, but also against foreign States suspected of harboring or supporting such organizations. Finally, the President may deploy military force preemptively against terrorist organizations or the States that harbor or support them, whether or not they can be linked to the specific terrorist incidents of September 11.

There’s a similar reasoning in the Braybee memo, which was written in 2002 about torture:

In a series of opinions examining various legal questions arising after September 11, we have examined the scope of the President’s Commander-in-Chief power. . . . Foremost among the objectives committed by the Constitution to [the President’s] trust. As Hamilton explained in arguing for the Constitution’s adoption, “because the circumstances which may affect the public safety are not reducible within certain limits, it must be admitted, as a necessary consequence, that there can be no limitation of that authority, which is to provide for the defense and safety of the community, in any manner essential to its efficacy.”

. . . [The Constitution’s] sweeping grant vests in the President an unenumerated Executive power . . . The Commander in Chief power and the President’s obligation to protect the Nation imply the ancillary powers necessary to their successful exercise.

NSA watcher James Bamford points out how this action was definitely considered illegal in 1978, which is why FISA was passed in the first place:

When the Foreign Intelligence Surveillance Act was created in 1978, one of the things that the Attorney General at the time, Griffin Bell, said—he testified before the intelligence committee, and he said that the current bill recognizes no inherent power of the President to conduct electronic surveillance. He said, “This bill specifically states that the procedures in the bill are the exclusive means by which electronic surveillance may be conducted.” In other words, what the President is saying is that he has these inherent powers to conduct electronic surveillance, but the whole reason for creating this act, according to the Attorney General at the time, was to prevent the President from using any inherent powers and to use exclusively this act.

Also this from Salon, discussing a 1952 precedent:

Attorney General Alberto Gonzales argues that the president’s authority rests on two foundations: Congress’s authorization to use military force against al-Qaida, and the Constitution’s vesting of power in the president as commander-in-chief, which necessarily includes gathering “signals intelligence” on the enemy. But that argument cannot be squared with Supreme Court precedent. In 1952, the Supreme Court considered a remarkably similar argument during the Korean War. Youngstown Sheet & Tube Co. v. Sawyer, widely considered the most important separation-of-powers case ever decided by the court, flatly rejected the president’s assertion of unilateral domestic authority during wartime. President Truman had invoked the commander-in-chief clause to justify seizing most of the nation’s steel mills. A nationwide strike threatened to undermine the war, Truman contended, because the mills were critical to manufacturing munitions.

The Supreme Court’s rationale for rejecting Truman’s claims applies with full force to Bush’s policy. In what proved to be the most influential opinion in the case, Justice Robert Jackson identified three possible scenarios in which a president’s actions may be challenged. Where the president acts with explicit or implicit authorization from Congress, his authority “is at its maximum,” and will generally be upheld. Where Congress has been silent, the president acts in a “zone of twilight” in which legality “is likely to depend on the imperatives of events and contemporary imponderables rather than on abstract theories of law.” But where the president acts in defiance of “the expressed or implied will of Congress,” Justice Jackson maintained, his power is “at its lowest ebb,” and his actions can be sustained only if Congress has no authority to regulate the subject at all.

In the steel seizure case, Congress had considered and rejected giving the president the authority to seize businesses in the face of threatened strikes, thereby placing President Truman’s action in the third of Justice Jackson’s categories. As to the war power, Justice Jackson noted, “The Constitution did not contemplate that the Commander in Chief of the Army and Navy will constitute him also Commander in Chief of the country, its industries, and its inhabitants.”

Like Truman, President Bush acted in the face of contrary congressional authority. In FISA, Congress expressly addressed the subject of warrantless wiretaps during wartime, and limited them to the first 15 days after war is declared. Congress then went further and made it a crime, punishable by up to five years in jail, to conduct a wiretap without statutory authorization.

The Attorney General said that the Administration didn’t try to do this legally, because they didn’t think they could get the law passed. But don’t worry, an NSA shift supervisor is acting in the role of a FISC judge:

GENERAL HAYDEN: FISA involves the process—FISA involves marshaling arguments; FISA involves looping paperwork around, even in the case of emergency authorizations from the Attorney General. And beyond that, it’s a little—it’s difficult for me to get into further discussions as to why this is more optimized under this process without, frankly, revealing too much about what it is we do and why and how we do it.

Q If FISA didn’t work, why didn’t you seek a new statute that allowed something like this legally?

ATTORNEY GENERAL GONZALES: That question was asked earlier. We’ve had discussions with members of Congress, certain members of Congress, about whether or not we could get an amendment to FISA, and we were advised that that was not likely to be—that was not something we could likely get, certainly not without jeopardizing the existence of the program, and therefore, killing the program. And that—and so a decision was made that because we felt that the authorities were there, that we should continue moving forward with this program.

Q And who determined that these targets were al Qaeda? Did you wiretap them?

GENERAL HAYDEN: The judgment is made by the operational work force at the National Security Agency using the information available to them at the time, and the standard that they apply—and it’s a two-person standard that must be signed off by a shift supervisor, and carefully recorded as to what created the operational imperative to cover any target, but particularly with regard to those inside the United States.

Q So a shift supervisor is now making decisions that a FISA judge would normally make? I just want to make sure I understand. Is that what you’re saying?

Senators from both parties are demanding hearings:

Democratic and Republican calls mounted on Tuesday for U.S. congressional hearings into President George W. Bush’s assertion that he can order warrantless spying on Americans with suspected terrorist ties.

Vice President Dick Cheney predicted a backlash against critics of the administration’s anti-terrorism policies. He also dismissed charges that Bush overstepped his constitutional bounds when he implemented the recently disclosed eavesdropping shortly after the September 11 attacks.

Republican Sens. Chuck Hagel of Nebraska and Olympia Snowe of Maine joined Democratic Sens. Carl Levin of Michigan, Dianne Feinstein of California and Ron Wyden of Oregon in calling for a joint investigation by the Senate Intelligence and Judiciary Committees into whether the government eavesdropped “without appropriate legal authority.”

Senate Minority Leader Harry Reid, a Nevada Democrat, said he would prefer separate hearings by the Judiciary Committee, which has already promised one, and Intelligence Committee.

This New York Times paragraph is further evidence that we’re talking about an Echelon-like surveillance program here:

Administration officials, speaking anonymously because of the sensitivity of the information, suggested that the speed with which the operation identified “hot numbers” – the telephone numbers of suspects – and then hooked into their conversations lay behind the need to operate outside the old law.

And some more snippets.

There are about a zillion more URLs I could list here. I posted these already, but both Oren Kerr and
Daniel Solove have good discussions of the legal issues. And here are three legal posts by Marty Lederman. A summary of the Republican arguments. Four good blog posts. Spooks comment on the issue.

And this George W. Bush quote (video and transcript), from December 18, 2000, is just too surreal not to reprint: “If this were a dictatorship, it’d be a heck of a lot easier, just so long as I’m the dictator.”

I guess 9/11 made it a heck of a lot easier.

Look, I don’t think 100% of the blame belongs to President Bush. (This kind of thing was also debated under Clinton.) The Congress, Democrats included, have allowed the Executive to gather power at the expense of the other two branches. This is the fundamental security issue here, and it’ll be an issue regardless of who wins the White House in 2008.

EDITED TO ADD (12/21): FISC Judge James Robertson resigned yesterday:

Two associates familiar with his decision said yesterday that Robertson privately expressed deep concern that the warrantless surveillance program authorized by the president in 2001 was legally questionable and may have tainted the FISA court’s work.

….Robertson indicated privately to colleagues in recent conversations that he was concerned that information gained from warrantless NSA surveillance could have then been used to obtain FISA warrants. FISA court Presiding Judge Colleen Kollar-Kotelly, who had been briefed on the spying program by the administration, raised the same concern in 2004 and insisted that the Justice Department certify in writing that it was not occurring.

“They just don’t know if the product of wiretaps were used for FISA warrants—to kind of cleanse the information,” said one source, who spoke on the condition of anonymity because of the classified nature of the FISA warrants. “What I’ve heard some of the judges say is they feel they’ve participated in a Potemkin court.”

More generally, here’s some of the relevant statutes and decisions:

Foreign Intelligence Surveillance Act (FISA)” (1978).

Authorization for Use of Military Force (2001),” the law authorizing Bush to use military force against the 9/11 terrorists.

United States v. United States District Court,” 407 U.S. 297 (1972), a national security surveillance case that turned on the Fourth Amendment.

Hamdi v. Rumsfeld,” 124 S. Ct. 981 (2004), the recent Supreme Court case examining the president’s powers during wartime.

[The Government’s position] cannot be mandated by any reasonable view of the separation of powers, as this view only serves to condense power into a single branch of government. We have long since made clear that a state of war is not a blank check for the President when it comes to the rights of the Nation’s citizens. Youngstown Steel and Tube, 343 U.S. at 587. Whatever power the United States Constitution envisions for the Executive in times of conflict with other Nations or enemy organizations, it most assuredly envisions a role for all three branches when individual liberties are at stake.

And here are a bunch of blog posts:

Daniel Solove: “Hypothetical: What If President Bush Were Correct About His Surveillance Powers?.”

Seth Weinberger: “Declaring War and Executive Power.”

Juliette Kayyem: “Wiretaps, AUMF and Bush’s Comments Today.”

Mark Schmitt: “Alito and the Wiretaps.”

Eric Muller: “Lawless Like I Said.”

Cass Sunstein: “Presidential Wiretap.”

Spencer Overton: “Judge Damon J. Keith: No Warrantless Wiretaps of Citizens.”

Will Baude: “Presidential Authority, A Lament.”

And news articles:

Washington Post: “Clash Is Latest Chapter in Bush Effort to Widen Executive Power.”

The clash over the secret domestic spying program is one slice of a broader struggle over the power of the presidency that has animated the Bush administration. George W. Bush and Dick Cheney came to office convinced that the authority of the presidency had eroded and have spent the past five years trying to reclaim it.

From shielding energy policy deliberations to setting up military tribunals without court involvement, Bush, with Cheney’s encouragement, has taken what scholars call a more expansive view of his role than any commander in chief in decades. With few exceptions, Congress and the courts have largely stayed out of the way, deferential to the argument that a president needs free rein, especially in wartime.

New York Times: Spying Program Snared U.S. Calls.”

A surveillance program approved by President Bush to conduct eavesdropping without warrants has captured what are purely domestic communications in some cases, despite a requirement by the White House that one end of the intercepted conversations take place on foreign soil, officials say.

Posted on December 21, 2005 at 6:50 AM

The Military is Spying on Americans

The Defense Department is collecting data on perfectly legal, peaceful, anti-war protesters.

The DOD database obtained by NBC News includes nearly four dozen anti-war meetings or protests, including some that have taken place far from any military installation, post or recruitment center. One “incident” included in the database is a large anti-war protest at Hollywood and Vine in Los Angeles last March that included effigies of President Bush and anti-war protest banners. Another incident mentions a planned protest against military recruiters last December in Boston and a planned protest last April at McDonald’s National Salute to America’s Heroes—a military air and sea show in Fort Lauderdale, Fla.

The Fort Lauderdale protest was deemed not to be a credible threat and a column in the database concludes: “US group exercising constitutional rights.” Two-hundred and forty-three other incidents in the database were discounted because they had no connection to the Department of Defense—yet they all remained in the database.

The DOD has strict guidelines (PDF link), adopted in December 1982, that limit the extent to which they can collect and retain information on U.S. citizens.

Still, the DOD database includes at least 20 references to U.S. citizens or U.S. persons. Other documents obtained by NBC News show that the Defense Department is clearly increasing its domestic monitoring activities. One DOD briefing document stamped “secret” concludes: “[W]e have noted increased communication and encouragement between protest groups using the [I]nternet,” but no “significant connection” between incidents, such as “reoccurring instigators at protests” or “vehicle descriptions.”

Personally, I am very worried about this increase in military activity inside our country. If anyone should be making sure protesters stay on the right side of the law, it’s the police…not the military.

And it could get worse.

EDITED TO ADD (12/16): There’s also this news :

Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without the court-approved warrants ordinarily required for domestic spying, according to government officials…..

Mr. Bush’s executive order allowing some warrantless eavesdropping on those inside the United States including American citizens, permanent legal residents, tourists and other foreigners is based on classified legal opinions that assert that the president has broad powers to order such searches, derived in part from the September 2001 Congressional resolution authorizing him to wage war on Al Qaeda and other terrorist groups, according to the officials familiar with the N.S.A. operation.

And:

….officials familiar with it said the N.S.A. eavesdropped without warrants on up to 500 people in the United States at any given time. The list changes as some names are added and others dropped, so the number monitored in this country may have reached into the thousands over the past three years, several officials said. Overseas, about 5,000 to 7,000 people suspected of terrorist ties are monitored at one time, according to those officials.

This is a very long article, but worth reading. It is not overstatement to suggest that this may be the most significant violation of federal surveillance law in the post-Watergate era.

EDITED TO ADD (12/16): Good analysis from Political Animal. The reason Bush’s executive order is a big deal is because it’s against the law.

Here is the Foreign Intelligence Surveillance Act. Its Section 1809a makes it a criminal offense to “engage in electronic surveillance under color of law except as authorized by statute.”

FISA does authorize surveillance without a warrant, but not on US citizens (with the possible exception of citizens speaking from property openly owned by a foreign power; e.g., an embassy.)

FISA also says that the Attorney General can authorize emergency surveillance without a warrant when there is no time to obtain one. But it requires that the Attorney General notify the judge of that authorization immediately, and that he (and yes, the law does say ‘he’) apply for a warrant “as soon as practicable, but not more than 72 hours after the Attorney General authorizes such surveillance.”

It also says this:

“In the absence of a judicial order approving such electronic surveillance, the surveillance shall terminate when the information sought is obtained, when the application for the order is denied, or after the expiration of 72 hours from the time of authorization by the Attorney General, whichever is earliest. In the event that such application for approval is denied, or in any other case where the electronic surveillance is terminated and no order is issued approving the surveillance, no information obtained or evidence derived from such surveillance shall be received in evidence or otherwise disclosed in any trial, hearing, or other proceeding in or before any court, grand jury, department, office, agency, regulatory body, legislative committee, or other authority of the United States, a State, or political subdivision thereof”.

Nothing in the New York Times report suggests that the wiretaps Bush authorized extended only for 72 hours, or that normal warrants were sought in each case within 72 hours after the wiretap began. On the contrary, no one would have needed a special program or presidential order if they had.

According to the Times, “the Bush administration views the operation as necessary so that the agency can move quickly to monitor communications that may disclose threats to the United States.” But this is just wrong. As I noted above, the law specifically allows for warrantless surveillance in emergencies, when the government needs to start surveillance before it can get a warrant. It explains exactly what the government needs to do under those circumstances. It therefore provides the flexibility the administration claims it needed.

They had no need to go around the law. They could easily have obeyed it. They just didn’t want to.

Posted on December 16, 2005 at 6:49 AMView Comments

Korea Solves the Identity Theft Problem

South Korea gets it:

The South Korean government is introducing legislation that will make it mandatory for financial institutions to compensate customers who have fallen victim to online fraud and identity theft.

The new laws will require financial firms in the country to compensate customers for virtually all financial losses resulting from online identity theft and account hacking, even if the banks are not directly responsible.

Of course, by itself this action doesn’t solve identity theft. But in a vibrant capitalist economic market, this action is going to pave the way for technical security improvements that will effectively deal with identity theft.

The good news for the rest of us is that we can watch what happens now.

Posted on December 14, 2005 at 7:14 AMView Comments

Brian Snow on Security

Good paper (.pdf) by Brian Snow of the NSA on security and assurance.

Abstract: When will we be secure? Nobody knows for sure—but it cannot happen before commercial security products and services possess not only enough functionality to satisfy customers’ stated needs, but also sufficient assurance of quality, reliability, safety, and appropriateness for use. Such assurances are lacking in most of today’s commercial security products and services. I discuss paths to better assurance in Operating Systems, Applications, and Hardware through better development environments, requirements definition, systems engineering, quality certification, and legal/regulatory constraints. I also give some examples.

Posted on December 13, 2005 at 2:15 PMView Comments

FBI to Approve All Software?

Sounds implausible, I know. But how else do you explain this FCC ruling (from September—I missed it until now):

The Federal Communications Commission thinks you have the right to use software on your computer only if the FBI approves.

No, really. In an obscure “policy” document released around 9 p.m. ET last Friday, the FCC announced this remarkable decision.

According to the three-page document, to preserve the openness that characterizes today’s Internet, “consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement.” Read the last seven words again.

The FCC didn’t offer much in the way of clarification. But the clearest reading of the pronouncement is that some unelected bureaucrats at the commission have decreeed that Americans don’t have the right to use software such as Skype or PGPfone if it doesn’t support mandatory backdoors for wiretapping. (That interpretation was confirmed by an FCC spokesman on Monday, who asked not to be identified by name. Also, the announcement came at the same time as the FCC posted its wiretapping rules for Internet telephony.)

Posted on December 2, 2005 at 11:24 AMView Comments

1 25 26 27 28 29 35

Sidebar photo of Bruce Schneier by Joe MacInnis.