School Laptop Spycams Took 56,000 Pictures
Last week, I wrote that we’d learned that the Lower Merion School District may have gathered many more photos of more students than had previously been revealed. Now, the Philadelphia Inquirer has put a number on it: A security program installed on laptops assigned to students captured 56,000 images over the course of two years, including screenshots (showing programs in use and private messages being sent) and surreptitious webcam photos of students at home.
Many of these images, it should be noted at the outset, do appear to have come from laptops that really had been stolen. Almost two-thirds of the total came from six laptops that had been stolen from a high school gym, and which kept transmitting for almost six months, though even there it’s a close question whether a warrant should have been obtained. (Why it took six months to recover the laptops with an active security program running is a good question for another time.) But many of those pictures seem much harder to justify:
[I]n at least five instances, school employees let the Web cams keep clicking for days or weeks after students found their missing laptops, according to the review. Those computers – programmed to snap a photo and capture a screen shot every 15 minutes when the machine was on – fired nearly 13,000 images back to the school district servers.
Emphasis added. The district also says it only once activated the tracking program because a student had not paid the $55 insurance fee required before taking a laptop home. Blake Robbins, the student whose lawsuit brought the story to national attention, says that one case was his. That raises obvious questions about whether school officials might have exercised their discretion to activate the tracking program more readily in the case of particular students. The activation procedure itself hardly imbues one with great confidence: Apparently 10 school officials had the authority to request laptop tracking, which they might do with a simple informal e-mail.
Just turn this over in your head for a moment. You’ve got ten different administrators—and in practice, the network techs themselves—able to turn a child’s home laptop into a remote surveillance camera just by sending an e-mail reporting that a laptop is missing, or that a fee didn’t get paid on time. The laptop can take thousands of photos over the course of days or weeks, with neither parents nor students any the wiser until a scandal forces closer scrutiny. If Robbins hadn’t been confronted, or if administrators had made a point of deleting these pictures of children at home rather than keeping them lying around in storage indefinitely, there’s no reason to think anyone would ever have known. How many tens of thousands of parents have kids in one-to-one school laptop programs now? What don’t they know?
Cell Phone Searches? There’s an App for That.
Police hoping to rummage through a suspect’s cell phone after an arrest must apply for a warrant, the Ohio Supreme Court has ruled. That apparently makes it the first court to address a question I first wrote about two years ago, after Adam Gershowitz broached it in a law review article.
Normally, when police arrest someone—and recall that even trivial offenses may provide formal grounds for arrest—they’re entitled to conduct an incidental search of the person and their immediate vicinity, nominally for the purpose of uncovering any weapons and preventing the destruction of contraband. The new wrinkle as Gershowitz noted, is that we’ve begun routinely carrying vast stores of personal data around with us in our pockets: photos, correspondence, music and movies, Internet browsing histories, even whole libraries of books. What’s more, these little archives are typically connected, sometimes automatically, to still more personal information held remotely: mailboxes, calendars, bank accounts, purchasing histories, or in principle just about anything accessible online.
Suddenly a narrow, reasonable-sounding exception to the ordinary Fourth Amendment warrant requirement starts looking like a pretty huge loophole. The quantity of personal “papers and effects” that can be stored in an ordinary phone would have filled a house just a few decades ago. But if those smartphones are subject to “search incident to arrest,” there’s no longer any need to bother with judicial authorization for the search of a private home. And since a legal system governed by precedent subjects digital technologies to the tyranny of bad metaphors, there’s a disarmingly strong argument to be made that smartphones should be treated like any other physical “closed container”—a digital backpack or purse, at least with respect to the data stored locally on the phone.
This case involved more conventionally phone-like information: calling records. But the Court nevertheless saw the danger inherent in treating portable data storage devices as mere “containers,” holding that searches of phones were reasonable only to the extent they could be linked to the twin justifications of safety and preventing destruction of evidence. But as the ruling and dissent both note, there are a handful of precedents that appear to cut in the other direction. The question now is whether other courts will follow Ohio’s lead or remain mired in inapposite comparisons to knapsacks and cigarette packs.
Three Keys to Surveillance Success: Location, Location, Location
The invaluable Chris Soghoian has posted some illuminating—and sobering—information on the scope of surveillance being carried out with the assistance of telecommunications providers. The entire panel discussion from this year’s ISS World surveillance conference is well worth listening to in full, but surely the most striking item is a direct quotation from Sprint’s head of electronic surveillance:
[M]y major concern is the volume of requests. We have a lot of things that are automated but that’s just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don’t know how we’ll handle the millions and millions of requests that are going to come in.
The FISA Amendments: Behind the Scenes
I’ve been poring over the trove of documents the Electronic Frontier Foundation has obtained detailing the long process by which the FISA Amendments Act—which substantially expanded executive power to conduct sweeping surveillance with little oversight—was hammered out between Hill staffers and lawyers at the Department of Justice and intelligence agencies. The really interesting stuff, of course, is mostly redacted, and I’m only partway though the stacks, but there are a few interesting tidbits so far.
As Wired has already reported, one e-mail shows Bush officials feared that if the attorney general was given too much discretion over retroactive immunity for telecoms that aided in warrantless wiretapping, the next administration might refuse to provide it.
A couple other things stuck out for me. First, while it’s possible they’ve been released before and simply not crossed my desk, there are a series of position papers — so rife with underlining that they look like some breathless magazine subscription pitch — circulated to Congress explaining the Bush administration’s opposition to various proposed amendments to the FAA. Among these was a proposal by Sen. Russ Feingold (D-WI) that would have barred “bulk collection” of international traffic and required that the broad new intelligence authorizations specify (though not necessarily by name) individual targets. The idea here was that if there were particular suspected terrorists (for instance) being monitored overseas, it would be fine to keep monitoring their communications if they began talking with Americans without pausing to get a full-blown warrant — but you didn’t want to give NSA carte blanche to just indiscriminately sweep in traffic between the U.S. and anyone abroad. The position paper included in these documents is more explicit than the others that I’ve seen about the motive for objecting to the bulk collection amendment. Which was, predictably, that they wanted to do bulk collection:
- It also would prevent the intelligence community from conducting the types of intelligence collection necessary to track terrorits and develop new targets.
- For example, this amendment could prevent the intelligence community from targeting a particular group of buildings or a geographic area abroad to collect foreign intelligence prior to operations by our armed forces.
So to be clear: Contra the rhetoric we heard at the time, the concern was not simply that NSA would be able to keep monitoring a suspected terrorist when he began calling up Americans. It was to permit the “targeting” of entire regions, scooping all communications between the United States and the chosen area.
State Secrets, State Secrets Are No Fun
Despite Barack Obama’s frequent paeans to the value of transparency during the presidential campaign, his Justice Department has incensed civil liberties advocates by parroting the Bush administration’s broad invocations of the “state secrets privilege” in an effort to torpedo lawsuits challenging controversial interrogation and surveillance policies. Though in many cases the underlying facts have already been widely reported, DOJ lawyers implausibly claimed, not merely that particular classified information should not be aired in open court, but that any discussion of the CIA’s “extraordinary rendition” of detainees to torture-friendly regimes, or of the NSA’s warrantless wiretapping, would imperil national security.
That may—emphasis on may—finally begin to change as of October 1st, when new guidelines for the invocation of the privilege issued by Attorney General Eric Holder kick in. Part of the change is procedural: state secrets claims will need to go through a review board and secure the personal approval of the Attorney General. Substantively, the new rules raise the bar for assertions of privilege by requiring attorneys to provide courts with specific evidence showing reason to expect disclosure would result in “significant harm” to national security. Moreover, those assertions would have to be narrowly tailored so as to allow cases to proceed on the basis of as much information as can safely be disclosed.
That’s the theory, at any rate. The ACLU is skeptical, and argues that relying on AG guidelines to curb state secrets overreach is like relying on the fox to guard the hen house. And indeed, hours after the announcement of the new guidelines—admittedly not yet in effect—government attorneys were singing the state secrets song in a continuing effort to get a suit over allegations of illegal wiretapping tossed. The cynical read here is that the new guidelines are meant to mollify legislators contemplating statutory limits on state secrets claims while preserving executive discretion to continue making precisely the same arguments, so long as they add the word “significant” and jump through a few extra hoops. Presumably we’ll start to see how serious they are come October. And as for those proposed statutory limits, if the new administration’s commitment to greater accountability is genuine, they should now have no objection to formal rules that simply reinforce the procedures and principles they’ve voluntarily embraced.
A Chance to Fix the PATRIOT Act?
As Tim Lynch noted earlier this week, Barack Obama’s justice department has come out in favor of renewing three controversial PATRIOT Act provisions—on face another in a train of disappointments for anyone who’d hoped some of those broad executive branch surveillance powers might depart with the Bush administration.
But there is a potential silver lining: In the letter to Sen. Patrick Leahy (D-VT) making the case for renewal, the Justice Department also declares its openness to “modifications” of those provisions designed to provide checks and balances, provided they don’t undermine investigations. While the popular press has always framed the fight as being “supporters” and “opponents” of the PATRIOT Act, the problem with many of the law’s provisions is not that the powers they grant are inherently awful, but that they lack necessary constraints and oversight mechanisms.
Consider the much-contested “roving wiretap” provision allowing warrants under the Foreign Intelligence Surveillance Act to cover all the communications devices a target might use without specifying the facilities to be monitored in advance—at least in cases where there are specific facts supporting the belief that a target is likely to take measures to thwart traditional surveillance. The objection to this provision is not that intelligence officers should never be allowed to obtain roving warrants, which also exist in the law governing ordinary law enforcement wiretaps. The issue is that FISA is fairly loosey-goosey about the specification of “targets”—they can be described rather than identified. That flexibility may make some sense in the foreign intel context, but when you combine it with similar flexibility in the specification of the facility to be monitored, you get something that looks a heck of a lot like a general warrant. It’s one thing to say “we have evidence this particular phone line and e-mail account are being used by terrorists, though we don’t know who they are” or “we have evidence this person is a terrorist, but he keeps changing phones.” It’s another—and should not be possible—to mock traditional particularity requirements by obtaining a warrant to tap someone on some line, to be determined. FISA warrants should “rove” over persons or facilities, but never both.
Obama’s Military Commissions
President Obama is expected to announce how his administration is going to prosecute prisoners for war crimes and perhaps other terrorist offenses. Instead of civilian court, courts-martial, or new “national security courts,” Obama has apparently decided to embrace George W. Bush’s system of special military tribunals, but with some “modifications.”
Glenn Greenwald slams Obama for seeking to create a “gentler” tribunal system and urges liberals to hold Obama to the same standards that were applied to Bush:
What makes military commissions so pernicious is that they signal that anytime the government wants to imprison people but can’t obtain convictions under our normal system of justice, we’ll just create a brand new system that diminishes due process just enough to ensure that the government wins. It tells the world that we don’t trust our own justice system, that we’re willing to use sham trials to imprison people for life or even execute them, and that what Bush did in perverting American justice was not fundamentally or radically wrong, but just was in need of a little tweaking. Along with warrantless eavesdropping, indefinite detention, extreme secrecy doctrines, concealment of torture evidence, rendition, and blocking judicial review of executive lawbreaking, one can now add Bush’s military commission system, albeit in modified form, to the growing list of despised Bush Terrorism policies that are now policies of Barack Obama.
Greenwald is right. The primary issue is not due process. The tribunals might ultimately be “fair” and “unbiased” in some broad sense, but where in the Constitution does it say that the president (or Congress) can create a newfangled court system to prosecute, incarcerate, and execute prisoners?
For more about how Bush’s prisoner policies ought to be ravamped, see my chapter “Civil Liberties and Terrorism” (pdf) in the Cato Handbook for Policymakers.
DoJ Fails to Report Electronic Surveillance Activities
Unlike with wiretaps, law enforcement agents are not required by federal statutes to obtain search warrants before employing pen registers or trap and trace devices. These devices record non-content information regarding telephone calls and Internet communications. (Of course, “non-content information” has quite a bit of content – who is talking to whom, how often, and for how long.)
The Electronic Privacy Information Center points out in a letter to Senate Judiciary Committee Chairman Patrick Leahy (D-VT) that the Department of Justice has consistently failed to report on the use of pen registers and trap and trace devices as required by law:
The Electronic Communications Privacy Act requires the Attorney General to “annually report to Congress on the number of pen register orders and orders for trap and trace devices applied for by law enforcement agencies of the Department of Justice.” However, between 1999 and 2003, the Department of Justice failed to comply with this requirement. Instead, 1999-2003 data was provided to Congress in a single “document dump,” which submitted five years of reports in November 2004. In addition, when the 1999-2003 reports were finally provided to Congress, the documents failed to include all of the information that the Pen Register Act requires to be shared with lawmakers. The documents do not detail the offenses for which the pen register and trap and trace orders were obtained, as required by 18 U.S.C. § 3126(2). Furthermore, the documents do not identify the district or branch office of the agencies that submitted the pen register requests, information required by 18 U.S.C. § 3126(8).
EPIC has found no evidence that the Department of Justice provided annual pen register reports to Congress for 2004, 2005, 2006, 2007, or 2008. “This failure would demonstrate ongoing, repeated breaches of the DOJ’s statutory obligations to inform the public and the Congress about the use of electronic surveillance authority,” they say.
It’s a good bet, when government powers are used without oversight, that they will be abused. Kudos to EPIC for pressing this issue. Senator Leahy’s Judiciary Committee should ensure that DoJ completes reporting on past years and that it reports regularly, in full, from here forward.
Fourth Amendment Up for a Vote?
New Jerseyans may get a chance to vote their Fourth Amendment preferences in the upcoming gubernatorial elections. Among the candidates is Chris Christie, who as U.S. Attorney for New Jersey authorized the tracking of suspects’ cell phones without getting a warrant.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
