Mediaboss Marketing

Early this month, the U.S. Supreme Court addedCarpenter v. United Statesto the roster for consideration in the upcoming October term.Carpenterwill mark the Courts first chance to address an important, as-yet unresolved question in the digital age: Does the Fourth Amendment require a warrant for law enforcement officials to obtain cell site location information, or CSLI, which reveal the location and movements of a cell phone user?

The case will address the tension between the Fourth Amendment and the Stored Communications Act, which Congress enacted as Title II of the Electronic Communications Privacy Act of 1986. The SCA specifies procedures that law enforcement may use to obtain certain records from third-party electronic communication services or remote computing services. But it does not require a warrant. Since its enactment, third-party service providers have routinely cooperated with law enforcement requests to disclosesubject to certain statutory requirementscustomer data. And notably the petitioner here does not attack the constitutionality of the SCA. Rather,Carpenterasks whether companies should require a warrant, supported by particularized findings of probable cause, before disclosing CLSI. This question has caused considerable doubt among service providers, which must balance responding to law enforcement demands for information with the privacy interests of their customers, and which also require a clear roadmap about what the appropriate procedures are.

The uncertainty among service providers responding to requests for customer information under the SCA is exacerbated by the existence of a significant circuit split concerning whether the Fourth Amendment applies to CSLI. There have been no fewer than 18 separate majority, concurring and dissenting opinions across five circuit courts on the issue, and courts have fractured over whether there is any reasonable expectation of privacy in CLSI and other customer data.Carpenterimplicates three different strains of Fourth Amendment jurisprudence: (1) the third party disclosure doctrine, (2) the physical trespass doctrine, and (3) the distinction between content and non-content information. The case will have the Court decide whether these doctrines, which first arose in the pre-digital world, still have continuing vitality today. And it will allow the Court to consider whether the accumulation of data by third-party service providersnow commonplacegives rise to any new privacy interests under the Fourth Amendment.

Background

In connection with the investigation of a series of armed robberies, federal prosecutors moved under the SCA for court orders requiring two cellular service providers to disclose 187 days of phone records, including CSLI, for petitioner Timothy Carpenter. Based on the CSLI, the government charged Carpenter with aiding and abetting robbery. Carpenter moved to suppress the evidence, but the district court rejected Carpenters argument and held that the governments collection was not a Fourth Amendment search. On appeal, the Sixth Circuit affirmed, holding (1) that the records did not disclose the contentof communications and thus were not entitled any Fourth Amendment protection; (2) that the disclosure of the records to third-party cellular providers defeated any reasonable expectation of privacy under the seminal caseKatz v. United States, 389 U.S. 347 (1967); and (3) that the physical trespass doctrinewhich the Supreme Court had revived in its recentRiley v. California, 134 S. Ct. 2473 (2014), andUnited States v. Jones, 565 U.S. 400 (2012), decisionsdid not apply.

Concurring in the outcome on alternative grounds, one member on the panel, Judge Jane Branstetter Stranch, wrote separately to air her concerns about the Fourth Amendment tests that courts have applied in this rapidly changing area of technology, especially in light of the sheer quantity of sensitive information procured without a warrant.

The Old Ways Just Dont Work

Carpenterdemonstrates the difficulty of applying the canonical tests under existing Fourth Amendment jurisprudence to the modern day. For example, there is the third party disclosure doctrine, which grows out ofKatzs reasonable expectation of privacy test. For someone to have a reasonable expectation of privacy in a piece of information, (1) that person must subjectively exhibit an expectation of privacy and (2) that expectation must be objectively reasonable. The core concept is that people have no reasonable expectation of privacy in any information they disclose to third parties, because they already subjectively surrendered any such expectation with the fact of disclosure. Where the doctrine applies, you cannot even get past the first step of theKatzframework, andKatzhas remained black letter law on the books for half a century now. But in the digital age, where persons passively disclose so much information about themselves (and their whereabouts) to third parties at all times, what reasonable expectation of privacy could possibly be left?

Or take the related distinction that the Fourth Amendment marks between content information and non-content information, such as addressing. The idea here is that a person has no reasonable expectation of privacy in non-content information, because that is frequently disclosed, either to third-party service provider or to the public more broadly. Consider, for instance, a package sent through the mail: itscontentsare unknown and thus the sender has a reasonable expectation of privacy in that. But all other information about the packagethe return and target address, the amount of postage on it, its size, shape, and weightis ascertainable by any mail carrier or member of the public that comes into contact with it. And so there is no reasonable expectation of privacy in that kind of information. On balance, CLSI appears closer to what courts have traditionally considered addressing or other non-content information: it does not tell you what a person said or did, it just shows you where a person was.

Finally, there is the trespass theory of the Fourth Amendment, which the Supreme Court resurrected in its recent cases dealing with technology. InJones, the Court held that the unauthorized placement of a GPS tracker on a car for long-term surveillance triggered Fourth Amendment protections. Similarly, inRiley, the Court held that law enforcement needed a warrant to search a mobile phone. But this trespass notion does not appear to have any place inCarpentereither. Police did not track Carpenter, or break into his cell phone; they merely asked for records from a third party who kept them.

None of these doctrines apply cleanly. Still, given the accumulation of information, there is still some visceral notion that the Fourth Amendment should apply here. The only question is how?

How MayCarpenterResolve This Tension?

While the petitioner here did not request a full rejection of the third party disclosure doctrine, the Court may cull back on the third party disclosure doctrine. Chief Justice Robertss majority opinion inRileysuggested that persons still have some reasonable expectation of privacy in sensitive information collected over mobile phones and stored by service providers. Similarly, Justice Sotomayors concurrence inJoneswarned against a strict application of the third party doctrine: I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose, is for that reason alone, disentitled to Fourth Amendment protection. In both cases, the Court signaled that stringent adherence toKatzmay stop making sense as technology evolves. But those cases both side-stepped the issue by instead turning to the doctrine of physical trespass, and that doctrine cannot sensibly apply to the facts ofCarpenter.

It is also possible that the Court might create a new strain of jurisprudence based on the quantity of records requested. Such an approach would likely introduce certain issues of line-drawing, for instance, if a warrant is required for long-term tracking, while the SCA is sufficient for short-term. But, as Justice Samuel Anthony Alitos concurrence inJonesand Judge Stranchs concurrence in theCarpentercase point out, that might be appropriate. After all, in the modern era, it is not the disclosure of individual, isolated data points that seem problematic, but rather the accumulation of that data over time.

Which test will the Court apply? Service providers, and their customers, will have to wait until this October term to find out.

View original post here:
Oh, The Places You'll Go: Mobile Geolocation Data and the 4th Amendment - Lexology (registration)

Lawyers gather in court for the NSA contractor accused in top secret leak, Reality Winner, on June 27. Richard Miller

Attorney Titus Nichols told reporters outside court Tuesday afternoon that the discussion over the order centered on both sides knowing the rules of engagement regarding any potentially classified information.

That way if there is any type of information that is classified at any level, that everyone knows what the rules of engagement will be, so there is not going to be a risk of accidental release of information and definitely not going to be any intentional release of information thats classified, he said.

Prosecutor Jennifer Solari said during the hearing that a note pad with handwriting in Farsi was being reviewed and translated. Nichols told reporters after the hearing that the defense had not seen the notebook and thus was not able to discuss anything about it at the time.

Prosecutors are also examining two computers, hard drives, a tablet and four phones seized from Winner. They agreed to have all evidence discovery filed by August 25.

Nichols added that Winner was maintaining pretty well and that every conversation he had had with her has been positive, as his client remains in jail awaiting her trial.

Earlier this month,

Terry Pickard reported from Augusta, Georgia, and Daniella Silva reported from New York.

See the original post:
Alleged NSA Leaker Reality Winner Appears in Federal Court, Trial Date Set - NBCNews.com

The seals of the U.S. Cyber Command, the National Security Agency and the Central Security Service are pictured outside the campus the three organizations share in Fort Meade, Maryland. | Getty

By Eric Geller

06/27/2017 12:16 PM EDT

Updated 06/27/2017 05:49 PM EDT

A potent ransomware attack has gripped organizations around the world for the second time in less than two months.

And like the first outbreak in mid-May which claimed hundreds of thousands victims in a game-changing cyberattack Tuesday's outburst is spreading via a Microsoft flaw originally exposed in a leak of apparent NSA hacking tools.

Story Continued Below

The latest malicious software battered companies in Russia, Ukraine and many other countries in Europe, according to cybersecurity researchers, sending law enforcement officials scrambling and sparking fears about how the world would contain the outbreak of the malware, which locks up computer systems and demands ransom payments.

While the U.S. has been largely unscathed to this point, major multinational energy, shipping, banking, pharmaceutical and law firms, as well as government agencies, have confirmed they are fighting off cyberattacks.

Security firm Kaspersky Lab estimated it had seen 2,000 victims, and counting, throughout the day. While the estimate is significantly lower than the massive numbers tied to May's attack which relied on malware dubbed WannaCry some researchers noted technical details of the new malware that might make it harder to kill.

Researchers have also not yet linked the latest attack to any specific hacking group or nation-state, unlike May's digital ambush, which technical specialists and reportedly intelligence officials in the U.S. and U.K. traced to North Korean-backed hackers.

But security specialists have been warning for weeks that the recent WannaCry ransomware virus was only the beginning of these fast-spreading digital sieges.

WannaCry was powered by a variant of apparent NSA cyber weapons that were dumped online, raising questions about whether the secretive hacking agency should sit on such powerful tools instead of alerting companies like Microsoft to the deficiencies in their software.

Experts say hackers have likely been working to tweak the WannaCry malware, potentially allowing new versions to skirt the digital defenses that helped stall the first global assault.

Sign up for POLITICO Playbook and get the latest news, every morning in your inbox.

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

Indeed, the virus that proliferated Tuesday shares many similarities with WannaCry, but contains some striking differences.

For starters, Tuesday's virus proliferated using the same Microsoft Windows flaw as WannaCry, according to digital security firms Symantec and Bitdefender Labs. But researchers noted the malware is also capable of hopping around using multiple Microsoft flaws, not just the most famous one exposed in the online dump of the purported NSA cyber weapons.

Additionally, like WannaCry, this new malware demands that victims pay a ransom using the digital currency Bitcoin before their files can be unlocked. As of Tuesday evening, 32 victims had paid a ransom, with the number steadily climbing.

Unlike WannaCry, however, the rapidly spreading malware does not merely encrypt files as part of its ransom scheme. Rather, it changes critical system files so that the computer becomes unresponsive, according to John Miller, a senior manager for analysis at the security firm FireEye, which reviewed the malware.

Some researchers identified the infection as a novel variation of the so-called Petya malware, which has been around since 2016. But researchers at Kaspersky believe it is a totally new strain they are dubbing ExPetr.

A sample of the malware initially went undetected by nearly all antivirus software.

The digital weapon cloaks itself as a file that Microsoft has already approved as safe, helping it avoid detection, Costin Raiu, director of global research efforts at Kaspersky, said on Twitter.

The malware was written on June 18, according to a sample that Kaspersky has analyzed.

Most of the infections on Tuesday were in Ukraine, with Russia the next hardest hit, according to Kasperskys analysis. Russia was also a major victim during the WannaCry outbreak. Raiu told POLITICO that Belarus, Brazil, Estonia, the Netherlands, Turkey and the United States were also affected, but that those countries accounted for less than 1 percent of all victims.

A Department of Homeland Security spokesman said the agency was "monitoring reports" of the ransomware campaign and coordinating with international authorities.

Researchers suspect that Ukraine became the nexus of the outburst after companies using a popular tax program unknowingly downloaded an update that contained the ransomware. From there, the virus could have spread beyond those companies using various flaws in Windows.

The ransomware eruption may be responsible for several major cyber incidents that began Tuesday.

The global shipping and logistics firm Maersk which is based in Denmark confirmed that it was dealing with a intrusion affecting "multiple sites and business units." And the Russian oil company Rosneft said it was responding to "a massive hacker attack."

Ukraine's central bank and its capital city's main airport also said they were dealing with cyberattacks. The virus appeared to be hitting the country's government computers as well.

The cyberattack also forced the Ukraine-based Chernobyl nuclear power plant to revert to manual radiation monitoring, according to a Ukrainian journalist citing the country's state news service.

Elsewhere, the German pharmaceutical giant Merck said its network was compromised in the outbreak and that it was still investigating the incident.

A daily briefing on politics and cybersecurity weekday mornings, in your inbox.

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

But the U.S. has been largely spared so far.

The American Gas Association said in a statement that no U.S. natural gas utilities have reported infections.

However, in Pennsylvania, the Heritage Valley Health System which operates two hospitals and 60 physician offices said it was grappling with a cyberattack. The incident is widespread and is affecting the entire health system, said spokeswoman Suzanne Sakson.

Multinational law firm DLA Piper was also experiencing computer and phone outages in multiple offices, including in Washington, D.C. The company did not respond to a request for comment.

But a photo shared with POLITICO showed a sign outside the firm's Washington office that read, "All network services are down, do not turn on your computers! Please remove all laptops from docking stations and keep turned off. No exceptions."

DLA Pipers secure document storage system for clients also went down, though the firm may have done that as a precaution. A bit stressed at moment as I am unsure if our docs there are safe, one client told POLITICO.

Tim Starks contributed to this report.

Missing out on the latest scoops? Sign up for POLITICO Playbook and get the latest news, every morning in your inbox.

More:
NSA-linked tools help power second global ransomware outbreak - Politico

But the witnesses sidestepped Mr. Grahams question, saying only that they were working on his request. That provoked an angry intervention from the committee chairman, Senator Charles E. Grassley, Republican of Iowa, who banged his gavel and told Mr. Graham, his voice rising, I want you to proceed until you get an answer.

Mr. Graham eventually ended his questioning without getting one. But later in the hearing, Senator Richard J. Durbin, Democrat of Illinois, suggested that the senators emotion at the thought that their government could invade their privacy and use the information against them was just part of the bigger picture.

What about the privacy of the Americans who are not in this room? he asked.

The warrantless surveillance program traces back to President George W. Bushs Stellarwind program, introduced after the Sept. 11, 2001, attacks. Stellarwind permitted the National Security Agency to wiretap Americans international phone calls without the court orders required by the Foreign Intelligence Surveillance Act, or FISA, of 1978.

After it came to light, Congress legalized a form of the program in 2008 with the FISA Amendments Act. It permits the government to collect, from American internet or phone providers and without warrants, the communications of foreigners abroad who have been targeted for any foreign intelligence purpose even when they are talking to Americans.

Privacy advocates want Congress, as part of any bill extending the law, to require warrants before officials may use Americans identifiers, like their email addresses, to search the repository of messages previously collected by the program. But Stuart J. Evans, a top intelligence official at the Justice Department, testified on Tuesday that imposing such a limit would grind the entire FISA process to a halt because investigators need to quickly search a large volume of such queries to process leads, and because such queries are typically undertaken at an early stage, when investigators have not yet found evidence to establish probable cause of wrongdoing.

Several lawmakers also pressed the officials about a decision by Dan Coats, the director of national intelligence, to shelve an N.S.A. effort to estimate how much incidental collection of Americans information the program sweeps up. Bradley Brooker, the acting general counsel to Mr. Coats, said that systematically determining who is using email accounts that are not of foreign intelligence interest would invade peoples privacy and divert resources.

To underscore their message that the program is too valuable to curtail, Mr. Brooker and other officials disclosed several additional examples where the program had been useful. They included detecting an unidentified country that was smuggling goods in violation of sanctions, and finding someone in Western Europe who was talking to a member of the Islamic State about purchasing material to build a suicide belt.

Mr. Ghattas said the government had used the program to investigate Shawn Parson, a Trinidadian social media propagandist for the Islamic State whose network distributed prolific amounts of English-language recruiting pitches and calls for attacks before he was killed in Syria in August 2015.

The F.B.I. had been investigating Mr. Parson since October 2013 based on his online postings, Mr. Ghattas said, and information it shared from that collection with unspecified allies had helped them identify other Islamic State supporters and had potentially prevented attacks in those countries.

Follow Charlie Savage on Twitter @charlie_savage.

A version of this article appears in print on June 28, 2017, on Page A14 of the New York edition with the headline: Up-and-Down Hearing On Surveillance Program.

More here:
NSA Warrantless Surveillance Aided Turks After Attack, Officials Say - New York Times

PARIS (AP) UPDATE (1:30 p.m.):

Security experts say Tuesday's cyberattack shares something in common with last month's WannaCry attack: Both spread by using digital break-in tools purportedly created by the U.S. National Security Agency and recently leaked to the web.

Security vendors Bitdefender Labs and Kaspersky Labs say the NSA exploit, known as EternalBlue, is allowing the malware to spread inside an organization's network. Other than that, the latest malware is different from WannaCry.

Organizations should be protected if they had installed a fix that Microsoft issued in March.

But Chris Wysopal, chief technology officer at the security firm Veracode, says that's only the case if 100 percent of computers were patched. He says that if one computer gets infected, the new malware has a backup mechanism to spread to patched computers within the network as well.

Wysopal says the attack seems to be hitting large industrial companies that "typically have a hard time patching all of their machines because so many systems simply cannot have down time."

Organizations hit include the Russian oil company Rosneft and the Danish oil and shipping company AP Moller-Maersk.

_____

UPDATE (12:10 p.m.):

The second-largest drugmaker in the United States is confirming it's been affected by a cyberattack.

In a message sent using its verified Twitter account, Merck confirmed Tuesday that its computer network was "compromised" as part of a global attack.

Officials said the Kenilworth, New Jersey-based company was investigating the incident but provided no further details.

Merck has global locations including in Ukraine, where a new and highly virulent outbreak of malicious data-scrambling software causing mass disruption across Europe appeared to be hitting especially hard.

Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words, "the whole network is down."

Dutch-based transport company TNT Express, which was taken over last year by FedEx, also said Tuesday that it is suffering computer disruptions. Spokesman Cyrille Gibot says that "like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network. We are assessing the situation and are implementing remediation steps as quickly as possible and we regret any inconvenience to our customers." He declined further comment.

_____

A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.

Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words, "the whole network is down." Ukraine's prime minister said the attack was unprecedented but that "vital systems haven't been affected."

Russia's Rosneft oil company also reported falling victim to hacking, as did Danish shipping giant A.P. Moller-Maersk.

"We are talking about a cyberattack," said Anders Rosendahl, a spokesman for the Copenhagen-based group. "It has affected all branches of our business, at home and abroad."

The number of companies and agencies reportedly affected by the ransomware campaign was piling up fast, and the electronic rampage appeared to be rapidly snowballing into a real-world crisis. Dutch daily Algemeen Dagblaad says that container ship terminals in Rotterdam run by a unit of Maersk were also affected. Rosneft said that the company narrowly avoided major damage.

"The hacking attack could have led to serious consequences but neither the oil production nor the processing has been affected thanks to the fact that the company has switched to a reserve control system," the company said.

There's very little information about what might be behind the disruption at each specific company, but cybersecurity experts rapidly zeroed in on a form of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.

"A massive ransomware campaign is currently unfolding worldwide," said Romanian cybersecurity company Bitdefender. In a telephone interview, Bitdefender analyst Bogdan Botezatu said that he had examined samples of the program and that it appeared to be nearly identical to GoldenEye, one of a family of hostage-taking programs that has been circulating for months.

It's not clear whether or why the ransomware has suddenly become so much more potent, but Botezatu said that it was likely spreading automatically across a network, without the need for human interaction. Self-spreading software, often described as "worms," are particularly feared because they can spread rapidly, like a contagious disease.

"It's like somebody sneezing into a train full of people," said Botezatu. "You just have to exist there and you're vulnerable."

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the web.

This particular variant of ransomware leaves a message with a contact email; several messages sent to the address were not immediately returned.

___ Vladimir Isachenkov in Moscow and Jan M. Olsen in Copenhagen, Denmark contributed to this report.

Read this article:
New cyberattack uses same NSA-developed exploit - WHSV.com - WHSV