keynote - cindy cohn
Post on 09-Jul-2015
114 Views
Preview:
TRANSCRIPT
Clio Cloud Conference 2014
SEPTEMBER 22 – 23, 2014 · CHICAGO, ILLINOIS
Clio Cloud Conference 2014 #ClioCloud9
NSA Spying: Mass US Collection Basics
by Cindy Cohn
Clio Cloud Conference 2014 #ClioCloud9
• Internet Backbone collection
• Telephone records collection
• A few more things
• NOT PRISM, Internet metadata or foreign
collection
NSA Spying Mass US Collection Basics
Clio Cloud Conference 2014 #ClioCloud9
• Collect everything first and analyze• Phone records• Prism/Upstream
• Sort out what you actually need second • Rely heavily on minimization• “the Founders did not fight a revolution to
gain the right to government agency protocols” Riley v. California (June 25, 2014)
Turning upside down
Clio Cloud Conference 2014 #ClioCloud9
Response to General Warrants; Riley* First question: is it a search or seizure- Govt says no if metadata – Smith case
* If Search then warrant needed - FISC orders are NOT warrants
- Or exceptionSpecial needs turns on totality of the circumstances
and reasonableness * Also First Amendment
Fourth Amendment
Clio Cloud Conference 2014 #ClioCloud9
"the child independence was then and there born,[for] every
man of an immense crowded audience appeared to me to go
away as I did, ready to take arms against writs of assistance."
- John Adams
Clio Cloud Conference 2014 #ClioCloud9
* Right of Association - NAACP v. Alabama
- Prop 8 case
* If likely chilling effect
- Then must show “least restrictive means” and “narrow
tailoring”
* Gov’t says doesn’t apply if not aimed at
associations
First Amendment
Clio Cloud Conference 2014 #ClioCloud9
* Section 702 was passed in 2008, and the
government relies on this for the collection
of content.
* Targeting and Minimization docs- Aimed foreign targets
- Encrypted information kept forever
- Can “Tip” the FBI on criminal (and maybe IRS, DEA and
others)
FISA Amendments Act
#ClioCloud9Clio Cloud Conference 2014
FISA Amendments Act
Clio Cloud Conference 2014 #ClioCloud9
Clio Cloud Conference 2014 #ClioCloud9
“all call detail records or ‘telephony metadata’ created by Verizon for communications (i)
between the United States and abroad; or (ii) wholly within the United States, including local
telephone calls.”Originating and terminating phone nos., IMSI #, IMEI #, trunk identifier, telephone calling card
numbers, and time and duration of callRenewed every 90 days, kept 5 years
Phone Records Collection
Clio Cloud Conference 2014 #ClioCloud9
Section 215 amended FISA to allow orders to
produce “tangible things”
Must be “relevant to an authorized investigation
(other than a threat assessment)”
No broader than a Grand Jury Subpoena
Section 215 of PATRIOT Act
Clio Cloud Conference 2014 #ClioCloud9
You rang a phone sex service at 2:24 am and spoke for 18 minutes..
You called the suicide prevention hotline from the Golden Gate Bridge.
You spoke with an HIV testing service, then your doctor, then your health insurance company in
the same hour.Felten declaration in ACLU v. Clapper
Why Metadata Matters
Clio Cloud Conference 2014 #ClioCloud9
Klayman v. Obama (DC Circuit)
ACLU v. Clapper (2nd Circuit)
EFF:
Smith v. Obama (9th Circuit)
First Unitarian Church of Los Angeles v. NSA
Jewel v. NSA (since 2008!)
Phone Records Cases
Clio Cloud Conference 2014 #ClioCloud9
* Bullrun 5 Sept 2013
“Insert vulnerabilities into commercial systems”covertly influence and/or overtly leverage commercial products’”
“Shape the worldwide commercial cryptography marketplace to make it more tractable to NSA
“To the consumer and other adversaries, however, the systems' security remains intact.”* Targeting Tor
* I Hunt SysadminsExploit weaknesses: Google smiley face, Angry birds
Phishing: Quantum Exploit faking Facebook Then installing Malware that can turn on cameras, microphones, collect
passwords and taking total control of computer* Scooping up cookies: Google PREF cookies and others
And Also: Sabotage, Malware
Clio Cloud Conference 2014 #ClioCloud9
•Litigation
•Phone records:
Smith v. Obama
Jewel v. NSA (filed in 2008)
First Unitarian v. NSA (filed July 2014)
•FOIA
•Amicus
Lavabit
Support for criminal cases based on surveillance
Klayman and ACLU phone records case
What Is EFF Doing?
Clio Cloud Conference 2014 #ClioCloud9
USA FreedomCurrently support but it’s very small
End mass collection is goal
But wiggle room and we know govt plays word
games
FISC reformAdvocate and maybe more opinions published
Modest transparency (but not FBI)
Legislation
Clio Cloud Conference 2014 #ClioCloud9
13 Principles (necessaryandproportionate.net)
Around 600 organizations worldwide
UN Special Rapporteurs
UN High Commissioner for HR report
Legal processes ECHR complaint
OAS hearing
And: International
Clio Cloud Conference 2014 #ClioCloud9
Don’t Forget: Technology
Clio Cloud Conference 2014 #ClioCloud9
Questions?Cindy Cohn
Legal Director, EFF
Cindy@eff.org
top related