Short discussion from New York County Lawyers’ Association (NYCLA Bar) and Constitutional Communications experts about the impact of NSA Goverment Spying on Attorney Client communications and US Constitutional Government. From a recent Ethics and Technology accredited Continuing Legal Education(CLE) Program. Excerpt from 2 hour program at NYCLA headquarters in lower manhattan. NYCLA is home to a community of 9,000 attorneys, judges, academics, and law students, take the full CLE for credit at nycla.org or learn more at Concomms.org or Accessnow.org.
Newly leaked FBI guidelines for the use of National Security Letters (NSLs) have finally opened a window into how little control third parties, from Google, to Facebook to the phone company, have over the data of their users. The classified rules, were obtained by The Intercept in June, but date back to 2013, and concern the FBI’s use of national security letters (NSLs).
NSLs allow for an FBI agent to request any type of data from a third-party provider, and then use a gag order to prevent the provider from speaking about the fact that the data has ever been requested. This allows the bureau to obtain information about activists and journalists without going to a judge, as is the case with a regular search warrant, or informing the organization being targeted.
Sixteen thousand NSLs are issued annually. The letters only require the signature of a unit director at the FBI to obtain data from any provider and are often used for investigations that have nothing to do with national security, including investigations carried out against journalists who expose information that displeases the government. This type of surveillance has dubious legality and becomes even more dubious when evidence from these sources is used in criminal trials. The most striking use of information from NSL’s is when it is combined with “parallel construction”: the laundering of illegally acquired evidence into court proceedings.
Anyone who has watched the “The Wire” or “The Good Wife” has seen fictional examples of how parallel construction may currently happen. But the most clear-cut case of parallel construction in present-day prosecutions is through the Special Operations Division, a $125 million unit of the Drug Enforcement Administration (DEA), where agents are trained to utilize “parallel construction” to hide NSA or NSL data by covering it with fake witnesses. The use of this illegally acquired evidence in trials has therefore been hidden from attorneys, clients and the judiciary, threatening the integrity of the legal process as a whole. This startling practice undermines the Sixth Amendment right of defendants to know the evidence that is being used against them in an open court, and it destroys an attorney’s ability to effectively serve their clients. The vice chairman of the criminal justice section of the American Bar Association, James Felman, calls this domestic use of evidence from NSL or NSA intercepts “outrageous” and “indefensible.”
What can activists or concerned citizens do to stop this broad attack on freedom of speech and association? There are groups such as the National Lawyers Guild and The Electronic Frontier Foundation that work on specific legal strategies. As individuals, people need to understand that for law enforcement social media is public space. Although you may have privacy settings that can stop your mom or ex-partner from reading your posts, as far as federal law enforcement is concerned every page, post, mail, like or click on Facebook, Twitter, or Google could be used as evidence against you in a court of law.
To thwart these overbearing snoops there are a number of excellent Internet providers who take user privacy seriously, don’t collect log data and/or utilize warrant canaries that allow them to warn users if they are ever asked to comply with government requests for NSL information. There are a number of long-running projects that exist to support activists maintain their constitutional rights while using digital communications. Two of special significance are Riseup.net and Mayfirst.org.
Riseup.net is a non-profit collective active since the 1999 Seattle WTO protests. Riseup runs an email service (mail.riseup.net), a groupware network for organizing (we.riseup.net), pastebins for securely exchanging large files (share.riseup.net), a “google docs” type collaborative document writing (pad.riseup.net). All of these are maintained by ensuring no logging data is saved. It has a “warrant canary” that they publish and update regularly. It also allows people to sign up for and use services over the Tor network to preserve their anonymity (something that Google, Facebook, Apple, and Twitter, don’t allow.) Riseup relies on individual donations to survive.
May First/People Link (www.mayfirst.org) “engages in building movements by advancing the strategic use and collective control of technology for local struggles, global transformation, and emancipation without borders.” This redefines the concept of “Internet Service Provider” in a collective and collaborative way as a democratic membership organization with an elected Leadership Committee and coop model where everyone pay dues and collectively manage websites, email, email lists, and more.
This is the second in a two-part series.
The Indypendent is a monthly New York City-based newspaper and website founded in 2000. It has a print and online audience of more than 100,000 readers and has won more than 50 awards from the New York Community Media Alliance for excellence in journalism.
We are happy to report that Constitutional Communications has agreed to join the EFF’s new Electronic Frontier Alliance, and fight for the principles of Security, Privacy, Free Expression, Creativity, and Access to Knowledge.
The Electronic Frontier Alliance is a grassroots network of community and campus organizations across the United States working to educate our neighbors about the importance of digital rights.
As a member organization of the EFA, we believe that technology should support the intellectual freedom at the heart of a democratic society. In the digital age, that entails advancing:
People should be able to speak their minds to whoever will listen.
Technology should be trustworthy and answer to its users.
Technology should allow private and anonymous speech, and allow users to set their own parameters about what to share with whom.
Technology should promote progress by allowing people to build on the ideas, creations, and inventions of others.
Access to Knowledge:
Curiosity should be rewarded, not stifled.
We uphold these principles by fighting for transparency and freedom in culture, code, and law.
As legal showdowns go, Apple v. FBI came in like a lion and left like a lamb. In February, the Federal Bureau of Investigations (FBI) won a federal court order to compel Apple to build a new operating system that would allow agents to hack into the iPhone 5 used by the San Bernardino mass shooter. When Apple refused to comply, some commentators claimed it was the biggest showdown over surveillance in the last decade.
While this legal showdown was still grabbing headlines, National Security Agency (NSA) whistleblower and cyber security expert Edward Snowden called Apple’s refusal to cooperate important on principle. But he correctly asserted the FBI’s claim it was unable to access the iPhone due to Apple’s encryption was “bullshit.” On March 28, the FBI dropped the legal action after an unnamed contractor helped the Bureau bypass the encryption.
Nonetheless, encryption, is still a key privacy tool. As Snowden himself put it during an online Q & A hosted by The Guardian in 2013: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on [to protect your privacy].”
This is a broad statement, however, because there are different types of encryption for different types of functions. The most secure forms are made with open source software, which make it possible for technicians to see how the programs work and also makes them free for individuals to download and use. Although there are free tools that can secure information from even the most well resourced attackers, like the NSA, few organizations use encryption, let alone worry much about what types of encryption to use.
Case in point: Mossack Fonseca, the self-described “legal services firm” that was the source of the Panama Papers. A whistleblower concerned with the unethical and illegal nature of the company’s business provided 2.6 terabytes of data from its internal network to International Consortium of Investigative Journalists, which began publishing the material through various news outlets in April.
The term “Legal services firm” in Mossack Fonseca’s case is a nice way of saying “money laundry.” As the Panama Papers reveal the firm set up shell companies and provided tax havens to the globe’s wealthiest individuals. When the Panama Papers hit front pages worldwide, the company’s offices were raided by the police forces of four governments.
Mossack Fonseca’s behavior was not simply unethical and illegal, it was also stupid. As its own leaked internal emails show, the firm didn’t use modern, end-to end open source encryption tools; didn’t effectively educate its staff about what it was doing with digital security; and consistently undermined its security by creating anonymous and unlogged access points to its network. These types of practices make it easy for hackers, governments, or whistleblowers, for that matter, to access information systems that lack end-to-end, open source encryption.
Unfortunately, US government policy has made open source, end-to-end encryption important even for everyday people who are not engaged in nefarious activities. Mass surveillance is current government practice and it has made it necessary to defend our privacy in what many observers have begun referring to as the Golden Age of Surveillance.
Governments globally are working to ensure they can have access to all digital information all the time. Domestic law enforcement groups like the FBI have access to more and more information from massive government databases collected directly from the servers of all the major email providers. Here is how it works: the NSA collects information on Americans on a massive scale under the Foreign Intelligence Surveillance Act and Executive Order 12333, the FBI receives access to this data collected by the NSA through a partnership with the Drug Enforcement Administration’s Special Operations Division, which gives them information from all major US service providers — Google, Apple, Yahoo, Facebook. This enables domestic law enforcement to utilize the NSA’s Bluffdale Utah data facility, which has the capacity to hold 1000 times more data than the entire internet, a yottabyte of data.
In a 2015 report, United Nation’s Special Rapporteur on Freedom of Expression, David Kaye, argued that due to this type of widespread, warrantless surveillance of internet communications, anonymity and encryption must now be considered human rights. Kaye cites Article 19 of the International Covenant on Civil and Political Rights, ratified by the US in 1993, which affirms the universal “freedom to seek, receive and impart information and ideas of all kinds.”
Those of us wanting to uphold our rights should use open source, end-to-end encryption and demand the same of lawyers, businesses and others handling our personal data.
Jonathan Stribling-Uss is an attorney and Director of Constitutional Communications (concomms.org), a not-for-profit organization that trains lawyers, journalists and civil society leaders in maintaining secure communications.
6 Tools to Protect Your Privacy
1) Signal by Open whisper systems (in App Stores)
Signal is the easiest and most secure encrypted text and calling program, with more than one million users. The app is free and takes 3-5 minutes to get started. It can now be used with both your phone and computer.
2) Jitsi (Jitsi.org)
A free service, requiring no account, that allows for multiparty, end-to-end encrypted video calls and chats. For more usability you can install a download, but it is not necessary to get started calling friends around the globe.
3) Tor (www.torproject.org)
A free browser that uses encryption and a random series of open routing computers to separate your actions online from your IP (internet protocol) address, providing anonymity.
4) Make a longer passphrase with memorable words
With robust symmetric encryption, when you lose your password, you lose your data. This means that you have to create passphrases, not just words, that are easy for humans to remember but hard for machines to guess. The simplest way to do this is to use at least four random words, and a number or given name. For example; “correcthorsebatterystaplenatturner”.
5) PGP/GPG (www.gnupg.org)
A free, open source, end-to-end encryption system that has been used and tested for over 25 years. It is designed to supplement your current email address, so you don’t need a new email, you can just add this asymmetric encryption system over the top of your current provider.
6) Tails OS (tails.boum.org)
A free, open source operating system that can be run on most computer hardware and secures your traffic and data on an encrypted USB. It is based on one of the most used operating systems, Debian, and it is packaged with a full set of office and encryption tools.
— Jonathan Stribling-Uss
Founded in 2000 as the print project of the New York City Independent Media Center, The Indypendent is a New York City-based free newspaper and online newspaper with a print and online audience of more than 100,000 readers. It is the Winner of more than 50 awards from New York Community Media Alliance for excellence in journalism.
Ethics and Technology: What You Need to Know About E-Discovery, the Panama Papers, Attorney Liability for Hacks and Other Recent Developments in Technology That Cannot Be Ignored: May 17th at NYCLA Bar Association.
3 NJ Credits: 3 Ethics;
3 NY Credits: 3 Ethics
Join us for the third program in our ongoing series which will identify and help you learn and put into practice the new technology which is needed to deal with electronic data that is pervasive in all aspects of commercial and personal life.
Along with looking at recent technological developments and their effect on confidentiality of proprietary information and the lawyer’s ethical responsibilities to protect it, this program will take a special look at e-discovery and the ethical ramifications of compliance or sanctions for lack thereof.
Our expert panel will also answer audience questions about the ethical issues that are affecting the way attorneys practice law in the new paradigm.
Faculty: Joseph Bambara, UCNY, Co-Chair, NYCLA’s Law and Technology Committee; James B. Kobak, Jr., General Counsel, Hughes Hubbard & Reed LLP; Pery Krinsky, Krinsky, PLLC; Peter Micek, Access Now;Jonathan Stribling-Uss, Constitutional Communications
- NYCLA – 14 Vesey Street 2nd Floor Auditorium, New York, NY 10007, United States
Constitutional Communications had great success at Rights Con 2016. We gave three presentations and got David Kaye, the UN Special Rapporteur on the Freedom of Opinion and Expression, to publically support our position that we must update professional ethics for the 21st century by requiring encryption for all attorney client communication.
The first presentation was “Cybersecurity, professional ethics and encryption: How and why professionals must encrypt”. The second was a training for trainers “Organizational security: Moving communications from individual privacy to collective safety”. The third was a private presentation for litigation attorneys on the need to change professional standards to require end-to-end open source encryption for all attorney client communications.
We also had the great honor of dialoging with David Kaye, the UN Speical Rapporteur on the Freedom of Opinion and Expression. After David mentioned that the UN currently has no secure encrypted method for contacting the Special Rapporteur about human rights abuse, Jonathan got to ask him if he supported changing professional standards to require encryption for all attorney client information. He whole heartedly agreed with our position! You can watch the exchange here:
ConComms will be attending Rights Con 2016 in Silicon Valley, hosted by Accessnow.org from March 30th-April 1st. Jonathan will be part of leading two sessions. The first is “Cybersecurity, professional ethics and encryption: How and why professionals must encrypt” And the second is a training for trainers “Organizational security: Moving communications from individual privacy to collective safety”
Hope to see people there! You can follow us at on twitter @con_comms
We encourage you to support the safety and security of users, companies, and governments by strengthening the integrity of communications and systems. In doing so, governments should reject laws, policies, or other mandates or practices, including secret agreements with companies, that limit access to or undermine encryption and other secure communications tools and technologies.
- Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type;
- Governments should not mandate the design or implementation of “backdoors” or vulnerabilities into tools, technologies, or services;
- Governments should not require that tools, technologies, or services are designed or developed to allow for third-party access to unencrypted data or encryption keys;
- Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate insecure encryption algorithms, standards, tools, or technologies; and
- Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.
“Ethics and Technology: Recent Developments and Potential Risks That NO Lawyer Can Ignore” featured in National Acadamy Of Legal Education Program
Attorneys in practice today are being faced with a myriad of IT security and privacy issues. Therefore it is more imperative than ever for attorneys to understand recent technological developments and the risks associated with them, including their widely acknowledged duty to stay conversant with technology in order to represent their clients adequately and assure confidentiality of client data and privileged communications.
Indeed there is on-going debate about how far the ethics rules should or should not go in mandating specifics steps, such as encryption, to ensure the protection of client data, including recent ethics opinions or comments by bar associations around the country.
A panel of ethicists and technical experts will lead the discussion that no New York attorney can afford to miss, especially sole practitioners, small and mid-sized firm members who typically do not have in-house technical resources to rely on.
The National Academy of Continuing Legal Education is a provider of accredited continuing legal education courses throughout the United States. From its inception, the Academy has been firmly committed to addressing the needs of attorneys and has positioned itself as a leading provider of cost-effective and time-efficient continuing legal education courses. In addition to live seminars, NACLE provides full course credit via Website/Online, DVD, Audio CD and CD-ROM depending on the respective state.
Location: 156 5th ave, 2nd fl. Workshop Room, NY, NY
8:30am – 9:30am EST
February 8, 2016
In the wake of the Snowden revelations, many in the legal profession have grown concerned about the ramifications of surveillance and encryption. Law and discourse about the legality of encryption are rapidly evolving. But encryption and privacy also have day-to-day implications for attorney-client privilege. What do lawyers need to do in order to maintain client confidentiality?
Join Gus Andrews with guests Harlo Holmes from Freedom of the Press Foundation and Jonathan Stribling-Uss from Constitutional Communications for a brief breakfast presentation and discussion about best practices in digital privacy and law. Talk with other lawyers about their experiences using secure technology within their firms.
Key Words: Crypto Law