Are the Charges Against Telegram CEO Pavel Durov Meant to Lead the World to Outlaw Encryption?9/3/2024
For days after the arrest of Telegram CEO Pavel Durov by French authorities at Le Bourget Airport near Paris, the world civil liberties community held back.
The impulse to rush to the defense of a Russian dissident/entrepreneur was almost overwhelming. Durov had refined his skills with the creation of VK, a social media website that allowed dissidents, opposition politicians, and Ukrainian protesters to evade Vladimir Putin’s emerging surveillance state as late as 2014. After Durov fled Russia with his brother Nikolai, they created the encrypted messenger service Telegram, which allows users not only to communicate in secrecy, but to also set their messages to disappear. Across Asia, Africa, Latin America, and our own country, Telegram enables dissidents, journalists, and people in fear of cartels or abusive spouses to communicate without making themselves vulnerable. So civil libertarians were naturally poised to rush to Durov’s defense. But they didn’t. There was the matter of the 12 charges approved by a French judge this week, including “complicity” in crimes such as aiding in the distribution of international narcotics and child sex abuse material. The many devils in this case lurk in its many details, some of which are far from well understood. At this point, however, we can at least pose preliminary questions. Some answers must come from the French government. Some must come from every person who cares about privacy, including the almost 1 billion users of Telegram.
We can already highlight at least one aspect of this case that should concern civil libertarians and free speech advocates around the world. Thanks to an insightful analysis by Kevin Collier and Rob Wile in Slate, we know that two of the 12 charges involve a purported obligation of providers of cryptological services to require their users to register with their real identities. Another count declares it a crime to import such an encrypted service “without prior declaration.” Collier and Wile write that this latter provision, which at first sounds like a matter of bureaucratic form-filling, actually implies that “France sees the use of internationally based, unregulated ‘encryption’ service as a crime all its own.” If so, will France get away with criminalizing private encryption services? And if that happens, might this become EU policy? We are already seeing Europe employ illiberal interpretations of the recently enacted Digital Services Act. The EU’s top digital regulator, Thierry Breton, threatened X with legal action if it ran Elon Musk’s full interview with Donald Trump. While Breton’s threat was later disowned by his boss, EU President Ursula von der Leyen, it was still breathtaking to see in Europe today that a powerful regulator believes the European public would be well served by censoring the words of a major party nominee to lead the United States. It is not a stretch to imagine such people also wanting to stamp out private communications. Is France now using possibly legitimate charges about Telegram’s operation to undermine the very idea of encryption? Everyone who cares about privacy should watch how this case unfolds. After all, thanks to Telegram, we know that there are at least one billion of us. PPSA's senior policy advisor, Bob Goodlatte, and general counsel, Gene Schaerr, explain in Just Security on why it’s imperative that intel agencies listen to bipartisan concerns re: surveillance reform. Surveillance abuses degrade and threaten the vital mission these agencies must carry out. Additionally, they explain how the intel agencies' alienation of Americans and congressional representatives is dangerous for both the Constitution and national security.
Our general counsel, Gene Schaerr, explains in the Washington Examiner how the Biden administration's recent executive order to protect personal data from government abuse falls short. Hint: It excludes our very own government's abuse of our personal data.
Gene Schaerr, PPSA's General Counsel, explains how the House Permanent Select Committee on Intelligence's bill on FISA's Section 702 would actually expand warrantees surveillance.
"But the House Intelligence bill’s expansion to include “equipment” would cover, for example, any small or medium-sized business that simply provides Wi-Fi or stores data. This means that your business landlord, Airbnb host, hotel manager, or coffee shop barista will have a legal obligation to give the government any of your emails, texts, or phone metadata that ran through their equipment. Larger entities, such as data centers, would also be enlisted in spying on Americans." Look to an intelligence community that refuses to entertain necessary reforms to a widely abused authority. Our senior policy advisor and former U.S. Senator, Mark Udall, and general counsel, Gene Schaerr, provide insight in a letter to the editor in The Wall Street Journal.
"The government should do all it can to combat the illegal trafficking of dangerous drugs. But those efforts should not - and need not - come at the expense of Americans’ constitutional rights," writes Noah Chauvin in The Hill.
Noah is a counsel in the Liberty and National Security Program at the Brennan Center for Justice at NYU Law in The Hill. Our bipartisan coalition is prompting former intelligence agency officials to carry the Biden administration's water by lobbying hard to kill Section 702 reform. Our Senior Policy Advisor and former U.S. Congressman, Bob Goodlatte, and Americans for Prosperity's deputy director of Federal Government Affairs, Matthew Silver, cut through the spin in RealClearPolitics.
On Aug. 5, The Wall Street Journal gave readers an uncharacteristically off take about Section 702 of the Foreign Intelligence Surveillance Act. The Journal posed a false dichotomy – we must either reauthorize Section 702 as it is, or let it lapse and expose Americans to the next terrorist attack.
Bob Goodlatte, PPSA Senior Policy Advisor and former Chairman of the House Judiciary Committee, offered this response in a letter-to-the-editor. PPSA's senior policy advisors, Bob Goodlatte and Mark Udall, writes in Real Clear Politics.
Our General Counsel, Gene Schaerr, writes in the Washington Examiner on how CBS News and their podcast, Intelligence Matters, enabled a completely one-sided, misleading interview about our government's domestic surveillance. Every citizen should be outraged on how our privacy rights are being abused all around.
WASHINGTON EXAMINER: The Supreme Court’s chance to take on government surveillance and secrecy2/18/2023
Next week, the justices will decide whether to take up a case, Wikimedia Foundation v. NSA, that raises a narrow but vital question for surveillance and the rule of law. Wikimedia asks the Supreme Court to decide whether and when the government can invoke secrecy to halt lawsuits challenging executive branch overreach.
The Supreme Court’s decision on whether to take up this case will have long-lasting implications for independent oversight of the NSA, CIA, and FBI, and other intelligence agencies. Meanwhile, the public’s privacy hangs in the balance. Our senior policy advisors, former U.S. Congressman Bob Goodlatte and former U.S. Senator Mark Udall, map out four basic principles all surveillance programs should be subject to by Congress before the reauthorization of Section 702 can be contemplated.
Earlier this month, former Vice-President Mike Pence called out criticism of the FBI lodged by members of his own party. In his speech, Pence stated “I … want to remind my fellow Republicans we can hold the attorney general accountable for the decision that he made without attacking the rank-and-file law enforcement personnel at the FBI..” While the intent of Pence’s statement is certainly laudable, it comes at a time when the public is increasingly distrustful of the agency’s activities.
Pence’s comments have been received so poorly because they dismiss the credible concerns emanating from all sectors of the American public. The distrust towards the agency turned into full-blown outrage when the FBI raided former President Trump’s Mar-a-Lago estate earlier this month on August 8th. It has been weeks since the raid, and there has been little official explanation provided. What information we do have has been pieced together from an unsealed warrant and source leaks. From the warrant, the search was related to potential violations of three laws including the Espionage Act. Attorney General Merrick Garland said during remarks on August 11 that he would not explain why he personally signed off on seeking a search warrant. Even though documents were recovered, distrust of the agency has become so severe, that swaths of the American public may choose to believe that the evidence seized was forged and planted. Also worried is Michael Horowitz, Inspector General of the U.S. Department of Justice. Across multiple reports, Horowitz details the abuses, noncompliance, and mishandling that is currently ongoing within the FBI. For a few examples, in September of 2021, the office of the Inspector General released a report stating that there “was widespread non-compliance with the Woods Procedures,” a set of procedures to ensure factual accuracy in FISA applications. In August of 2019, the office of the Inspector General released a report detailing the multiple rules violations by former FBI Director James Comey, indicating a culture of secrecy and noncompliance at the highest level in the chain of command. There are multiple reports detailing commercial sex, accepting illegal gifts from the media, the violation of ethics rules, and a “lack of candor.” When American citizens display “a lack of candor,” they can be fired from their jobs. When senior officials at the FBI do it, prosecution is declined and the offending party is “reassigned to a nonsupervisory role.” In 2019, the Foreign Intelligence Surveillance Court criticized the FBI for misleading it in applications to wiretap former Trump campaign aide, Carter Page. Inspector General Horowitz found that the FBI had omitted facts and provided false statements to the FISA court when the FBI filed for a warrant to conduct surveillance on Page. FISA court presiding Judge Rosemary Collier stated in her opinion that “The FBI’s handling of the Carter Page applications, as portrayed in the OIG report, was antithetical to the heightened duty of candor described above…” So, not only is the public concerned, but so is the office of the Inspector General and the FISA courts, two organizations which either oversee or directly liaise with the FBI. Just this week, the escapades of the FBI were on full display during a trial to convict two men involved in the 2020 plan to kidnap Michigan Governor Gretchen Whitmer. The already high-profile nature of the case was catapulted into the stratosphere when the FBI revealed there were at least five informants or undercover agents embedded among the suspected planners. Defense attorneys have argued there were at least twelve. The involvement of FBI agents and informants was so significant, that a trial for a separate set of suspected planners failed to get a single conviction. One informant became second-in-command of a militia. Another undercover agent offered to provide explosives to the group. It calls into question whether the FBI was engaged in entrapment. FBI agents assigned to the case became subjects of scrutiny themselves. As the New York Times reports, “one F.B.I. agent on the case was fired last year after being charged with domestic violence, and another agent, who supervised a key informant, tried to build a private security consulting firm based in part on some of his work for the F.B.I.…” That FBI agents so close to an ongoing plan to kidnap a governor were themselves so compromised is very chilling. It seems obvious from the last several years that the FBI is in need of both oversight and reform. An agency with significant investigatory and enforcement powers, Congress can and should do more to monitor the activities of the agency. The U.S. House of Representatives passed a major transparency measure by voice vote tonight. This amendment to the National Defense Authorization Act, offered by Rep. Sara Jacobs (D-CA) and Rep. Warren Davidson (R-OH), will require the Department of Defense to report the number of times it purchases the internet browsing and phone location data of Americans from private data brokers. The report will also include a general accounting of how the government uses this information.
PPSA commends Reps. Jacobs and Davidson on their steady leadership and articulate advocacy. Tonight’s success should provide momentum for the passage of the Fourth Amendment Is Not for Sale Act. "Only Congress and the American people can decide whether we will remain a free society or succumb to technological totalitarianism."A must read opinion piece in Real Clear World by our President, Erik Jaffe.
You might think that, given the severe restrictions on sharing Americans’ private health information under HIPAA, it would be illegal to sell data concerning your personal health information. You might also think, that given the need for a warrant imposed on cellphone location data by the U.S. Supreme Court in the Carpenter decision, it is also illegal to sell your location history tracked by your cellphone.
And, of course, you’d be wrong. The $200 billion private data industry routinely sells not only your location information, but also your health data collected by apps and social media platforms. Not only can a large ecosystem of corporations buy your data, so can – and does – the government. From the FBI to the IRS, Department of Homeland Security and other law enforcement and intelligence agencies, the government routinely buys this data. Now Democratic senators are rushing to make this practice illegal under the Health and Location Data Protection Act, sponsored by Sen. Elizabeth Warren (D-MA), and co-sponsored by Sen. Ron Wyden (D-OR), Sen. Patty Murray (D-WA), Sen. Sheldon Whitehouse (D-RI), and Sen. Bernie Sanders (D-VT). This bill would ban data brokers from selling or transferring location data and health data under rules to be promulgated by the Federal Trade Commission. It would empower the FTC, state attorneys general and individuals to bring suits to enforce the provisions of the law. And it would add $1 billion in funding to the Federal Trade Commission budget. So will this bill pass in this Congress? Not a chance. Since the Dobbs opinion from the U.S. Supreme Court that overturned Roe v. Wade, the Health and Location Data Protection Act has been spun by Democrats as a means of protecting women seeking abortions. It would protect, in Sen. Murray’s words, women from “extremist Republican lawmakers [who] work around the clock to criminalize essential health services.” From the pro-choice point of view, it is natural to include women’s reproductive freedom in the bill. From the pro-life point of view, supporting a bill that is being touted by others as a protection for reproductive freedom could be seen as supporting abortion. Before Dobbs, such a bill would have had an excellent chance of securing bipartisan support and passage. Now that it is caught up in abortion politics, it has become a partisan talking point. It seems unlikely that either party will relent, and that the larger issue of our lack of privacy in health and location will remain caught up in the tug of war between pro-choice and pro-life forces. The constructive course of action, one that can be taken by members of both parties, is to pass the Fourth Amendment Is Not for Sale Act, which has strong bipartisan support in both the House and Senate. This bill would at least require the government to obtain a probable cause warrant before examining our private information purchased from data brokers. Letter Follows Leak About “Backdoor to Access User Data”TikTok’s growth in the American market is explosive. In just the first quarter of 2022 alone, the short-video app has been downloaded 19 million times. In all, TikTok has about 80 million U.S. users – about one-fourth of the U.S. population.
TikTok is owned by a Chinese company, ByteDance. This is a matter of worry in Washington, since explicit Chinese law that requires Chinese companies share information with the intelligence agencies of the Chinese Communist Party. Given the massive torrents of data TikTok collects on its users, the Trump Administration proposed forcing ByteDance to sell off TikTok. The company allayed these concerns by promising to seal off any sensitive data from China. With TikTok storing U.S. user data in the United States, with backups in Singapore, the issued seemed resolved. Then on June 17, Buzzfeed reported that leaked audio from dozens of TikTok internal meetings revealed that employees expressed concern U.S. user data was being accessed by China. “I feel like these tools, there’s some backdoor to access user data in almost all of them,” one external auditor said. “Everything is seen in China,” said a member of TikTok’s “trust and safety” department. Another insider referred to a Beijing-based engineer as a “Master Admin” who has “access to everything.” Now Brendan Carr, Republican member of the Federal Communications Commission, has written to CEOs Tim Cook and Sundar Pichai to ask that Apple and Google remove TikTok from their app stores. Carr wrote that TikTok’s image as “an app for sharing funny videos or memes” is just “the sheep’s clothing.” He added: “TikTok collects everything from search and browsing histories to keystroke patterns and biometric identifiers, including faceprints – which researchers have said might be used in unrelated facial recognition technology – and voiceprints. It collects location data as well as draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device’s clipboard.” TikTok has already paid $92 million to settle lawsuits that it clandestinely transferred vast amounts of Americans’ user data to China. India has banned TikTok, as have the U.S. military and many federal agencies. With so much criticism, TikTok is now working furiously on a project, codenamed “Project Texas,” to work out a deal with Oracle and the Committee on Foreign Investment in the United States to exclusively store sensitive user information on U.S. servers. Commissioner Carr remains skeptical. “TikTok has long claimed that its U.S. user data has been stored on servers in the U.S., and yet those representations provided no protection against the data being accessed from Beijing.” Some might find Carr’s demands to private businesses to be heavy handed. Whether or not Apple and Google should remove TikTok from their app stores, at a minimum Americans need to be aware that their personal data might be at risk. When it comes to digital privacy, Americans feel like a well-dressed person caught in the rain without an umbrella. At first, you try to wait it out under an eave. Then you accept getting a little bit wet. Finally, when your clothes are thoroughly soaked, you just give up.
When it comes to digital privacy, Americans have long accepted we couldn’t get any wetter. The social media services and apps we use track and sell our location history, our contacts, our communications, our purchases and (most revealing) our web searches. These data points, like the dots in a pointillistic painting, create a portrait of users with great detail. These portraits are then sold by data brokers to government agencies and commercial entities. A recent Apple commercial portrayed this process by putting a young woman’s virtual self on an auction block. In the ad, the heroine Ellie turns on Apple’s privacy devices, vaporizing her would-be auctioneers. But such controls on a smartphone only involve a small portion of the torrents of information that are collected about us and sold wholesale. So just when many are ready to declare the death of privacy, a bicameral, bipartisan group of legislators have put forward a discussion draft of the American Data Privacy and Protection Act (ADPPA). In a House hearing on Tuesday morning, this bill drew robust discussion from civil rights groups, digital reformers, and industry-allied organizations. This legislation is the first attempt at a comprehensive, national approach to, in the words of House Energy and Commerce Committee Chairman, Rep. Frank Pallone put “consumers back in control of their data and protecting their privacy.” Under ADPPA, companies would have to obtain consumers’ consent for them to collect, process or transfer sensitive personal information. Affirmative consent would be required before the data of children between ages 13 and 17 could be transferred. The Federal Trade Commission (FTC) would form a Young Privacy Marketing Division to police the use of children’s data. Best of all, the shadowy world of data brokers would be exposed to sunlight, with a public online registry created by FTC and third-party audits of how these brokers share information with others. ADPPA would preempt some state privacy laws, while granting an exemption for the Illinois Biometrics Information Privacy Act (recently used to extract a sweeping settlement in the privacy practices of facial recognition provider Clearview AI), and California’s Privacy Rights Act. Other states with recent privacy laws are preempted, which Govtech.com writes “reeks of backroom dealing.” The current draft includes a limited private right of action, which would allow individuals to bring suits for privacy violations after giving industry four years to adjust. Federal Trade Commission enforcement would be strengthened, and state attorneys general would be empowered to act against data holders who violate ADPPA. Companies would be given a limited right to cure a problem, which would give them standing to seek injunctive relief. The discussion that took place in the House Subcommittee on Consumer Protection and Commerce reveals serious legislation with major issues to resolve. Here are a few of them. How far should preemption of state privacy laws go? Colorado, Texas, Virginia, Utah, and Connecticut have passed their own privacy laws. Will they eventually be excluded from preemption along with those of California and Illinois? If they are, do we run the risk of balkanizing the internet? “American consumers and businesses deserve the clarity and certainty of a single federal standard for privacy,” said Former FTC Commissioner Maureen Ohlhausen. Can we protect personal data by degrees of sensitivity without degrading the ability of digital commerce to function? One goal of the bill is to have data minimization, which tasks companies with using only data that is needed for a given transaction. But can a law define the limits of what is needed? John Miller of the Information Technology Industry Council noted that one provision, “information identifying an individual’s online activities over time or across third party websites or online services” could create restrictions for routine browsing. Or, as Ohlhausen put it, the bill “creates uncertainty for routine operational uses of information that are necessary to serve customers and operate a business.” How broad should the private right of action be for individuals? “The current proposal inserts several procedural hurdles that will not reduce litigation costs but will block injured individuals from having their day in court,” said David Brody, managing attorney of the Digital Justice Initiative Lawyers’ Committee for Civil Rights Under Law. “The private right of action in the Act is weak and difficult to enforce.” John Miller countered, “while it is true neither punitive nor statutory damages are permitted” under the bill’s private right of action, “the availability of attorney’s fees could encourage the filing of borderline meritorious cases by specialized attorneys charging exorbitant hourly rates.” Should government purchases of Americans’ personal data be included in the bill? One issue that was not addressed on Tuesday is the frequent sale of Americans’ personal data to the government, a problem addressed by the proposed Fourth Amendment Is Not For Sale Act. Any privacy solution should look beyond the private uses of data by businesses to those of law enforcement and intelligence agencies. After all, only the government can use your information to bang down your door at dawn and arrest you. There were further debates about how the bill might impact the ability of companies to handle cybersecurity threats, and whether small businesses would get tagged with onerous provisions aimed at tech giants. The legislative process in the House and Senate will have to untangle these and many other knotty issues to make this law workable. Yet the hearing room echoed with statements of determination by leaders in both parties to make a national privacy law a reality. Opinion piece by PPSA Senior Policy Advisor, Bob Goodlatte, on The Hill.
The FBI searches through databases of foreign communications in a program that Congress created specifically to catch foreign terrorists and spies. But the FBI uses this same program to glean private information about American citizens and our communications. These so-called “U.S. person queries” are transforming one of the most powerful and invasive surveillance authorities — Section 702 of the Foreign Intelligence Surveillance Act — into a means for FBI agents to spy on Americans without a warrant, gutting the Fourth Amendment of the Constitution. |
Categories
All
|