Facebook beats privacy lawsuit in U.S. over user tracking

The Facebook logo is displayed on their website

By Jonathan Stempel

(Reuters) – A U.S. judge has dismissed nationwide litigation accusing Facebook Inc of tracking users’ internet activity even after they logged out of the social media website.

In a decision late on Friday, U.S. District Judge Edward Davila in San Jose, California said the plaintiffs failed to show they had a reasonable expectation of privacy, or that they suffered any “realistic” economic harm or loss.

The plaintiffs claimed that Facebook violated federal and California privacy and wiretapping laws by storing cookies on their browsers that tracked when they visited outside websites containing Facebook “like” buttons.

But the judge said the plaintiffs could have taken steps to keep their browsing histories private, and failed to show that Menlo Park, California-based Facebook illegally “intercepted” or eavesdropped on their communications.

“The fact that a user’s web browser automatically sends the same information to both parties,” meaning Facebook and an outside website, “does not establish that one party intercepted the user’s communication with the other,” Davila wrote.

Lawyers for the plaintiffs did not immediately respond on Monday to requests for comment. Facebook did not immediately respond to a similar request.

Davila said the plaintiffs cannot bring their privacy and wiretapping claims again, but can try to pursue a breach of contract claim again. He had dismissed an earlier version of the 5-1/2-year-old case in October 2015.

The case is In re: Facebook Internet Tracking Litigation, U.S. District Court, Northern District of California, No. 12-md-02314.

 

(Reporting by Jonathan Stempel in New York; Editing by Bill Rigby)

 

U.S. Supreme Court to settle major cellphone privacy case

People speak on their cell phones near a blocked off area after a speeding vehicle struck pedestrians in Times Square in New York City, May 18, 2017. REUTERS/Brendan Mcdermid

By Lawrence Hurley

WASHINGTON (Reuters) – Police officers for the first time could be required to obtain warrants to get data on the past locations of criminal suspects based on cellphone use under a major case on privacy rights in the digital age taken up by the U.S. Supreme Court on Monday.

The justices agreed to hear an appeal by a man convicted in a series of armed robberies in Ohio and Michigan with the help of past cellphone location data who contends that without a warrant from a court such data amounts to an unreasonable search and seizure under the U.S. Constitution’s Fourth Amendment.

Cellphone location records are becoming increasingly important to police in criminal investigations, with authorities routinely requesting and receiving this information from wireless providers.

Police helped establish that the man at the center of the case, Timothy Carpenter, was near the scene of the robberies at Radio Shack and T-Mobile stores by securing past “cell site location information” from his cellphone carrier that tracked which local cellphone towers relayed his calls.

The case reaches the high court amid growing scrutiny of the surveillance practices of U.S. law enforcement and intelligence agencies amid concern among lawmakers across the political spectrum about civil liberties and police evading warrant requirements.

The legal fight has raised questions about how much companies protect the privacy rights of their customers. The big four wireless carriers, Verizon Communications Inc<VZ.N>, AT&T Inc<T.N>, T-Mobile US Inc<TMUS.O> and Sprint Corp<S.N>, receive tens of thousands of requests a year from law enforcement for what is known as “cell site location information,” or CSLI. The requests are routinely granted.

The Supreme Court has twice in recent years ruled on major cases concerning how criminal law applies to new technology, on each occasion ruling against law enforcement. In 2012, the court held that a warrant is required to place a GPS tracking device on a vehicle. Two years later, the court said police need a warrant to search a cellphone that is seized during an arrest.

The information that law enforcement agencies can obtain from wireless carriers shows which local cellphone towers users connect to at the time they make calls. Police can use historical data to determine if a suspect was in the vicinity of a crime scene or real-time data to track a suspect.

Carpenter’s bid to suppress the evidence failed and he was convicted of six robbery counts. On appeal, the Cincinnati, Ohio-based 6th U.S. Circuit Court of Appeals upheld his convictions, finding that no warrant was required for the cellphone information.

Civil liberties lawyers have said that police need “probable cause,” and therefore a warrant, in order to avoid constitutionally unreasonable searches.

‘LONGSTANDING PROTECTIONS’

“Because cellphone location records can reveal countless private details of our lives, police should only be able to access them by getting a warrant based on probable cause,” said Nathan Freed Wessler, a staff attorney with the American Civil Liberty Union’s Speech, Privacy and Technology Project who represents Carpenter.

“The time has come for the Supreme Court to make clear that the longstanding protections of the Fourth Amendment apply with undiminished force to these kinds of sensitive digital records,” Wessler added.

But, based on a provision of a 1986 federal law called the Stored Communications Act, the government said it does not need probable cause to obtain customer records. Instead, the government said, prosecutors must show only that there are “reasonable grounds” for the records and that they are “relevant and material” to an investigation.

The case will be heard and decided in the court’s next term, which starts in October and ends in June 2018.

The Trump administration said in court papers the government has a “compelling interest” for acquiring the records without a warrant because the information is particularly useful at the early stage of a criminal investigation.

“Society has a strong interest in both promptly apprehending criminals and exonerating innocent suspects as early as possible during an investigation,” the administration said in a brief.

David LaBahn, president of the Association of Prosecuting Attorneys, said warrants can be obtained quickly from judges but police may have problems getting the evidence needed to show probable cause.

“They may not be able to get over that legal hurdle, so the court couldn’t issue the warrant,” LaBahn said.

Civil liberties groups assert that the 1986 law did not anticipate the way mobile devices now contain a wealth of data on each user.

Steve Vladeck, a national security and constitutional law professor at the University of Texas, said the case will have “enormous implications” over how much data the government can obtain from phone companies and other technology firms about their customers without a warrant.

“Courts and commentators have tried to figure out exactly when individuals will have a continuing expectation of privacy even in data they’ve voluntarily shared with a third party,” Vladeck said. “This case squarely raises that question.”

(Reporting by Lawrence Hurley; Additional reporting by Dustin Volz; Editing by Will Dunham)

U.S. says Trump order will not undermine data transfer deals with EU

U.S. President Donald Trump walks after speaking during the Governor's Dinner in the State Dining Room at the White House in Washington, U.S., February 26, 2017.

By Julia Fioretti

BRUSSELS (Reuters) – An executive order signed by U.S. President Donald Trump to crack down on illegal immigration will not undermine two data transfer agreements between the United States and the EU, Washington wrote in a letter to allay European concerns.

An executive order signed by Trump on Jan. 25 aiming to toughen enforcement of U.S. immigration law rattled the European Union as it appeared to suggest Europeans would not be given the same privacy protections as U.S. citizens.

The order directs U.S. agencies to “exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”

Securing equal treatment of EU citizens was key to agreeing the Umbrella Agreement which protects law enforcement data shared between the United States and the EU.

And the EU-U.S. Privacy Shield – which makes possible about $260 billion of trade in digital services – was only clinched after Washington agreed to protect the data from excessive surveillance and misuse by companies.

In the first written confirmation since the executive order stoked uncertainty over transatlantic data flows, the U.S. Department of Justice said the executive order did not affect either the Umbrella Agreement or the Privacy Shield.

“Section 14 of the Executive Order does not affect the privacy rights extended by the Judicial Redress Act to Europeans. Nor does Section 14 affect the commitments the United States has made under the DPPA (Umbrella Agreement) or the Privacy Shield,” Bruce Swartz, Deputy Assistant Attorney General, wrote to the European Commission in a letter seen by Reuters.

EU Justice Commissioner Vera Jourova, who will travel to the United States at the end of March, said she was “not worried” but remained vigilant.

The EU-U.S. Privacy Shield is used by almost 2,000 companies including Google, Facebook and Microsoft  to store data about EU citizens on U.S. servers.

Its predecessor was struck down in 2015 by the EU’s top court for allowing U.S. agents unfettered access to Europeans’ data, forcing an acceleration of difficult talks to find a replacement.

(Reporting by Julia Fioretti; Editing by Mark Potter)

FCC chair to block stricter broadband data privacy rules

File Photo: Ajit Pai speaks at a FCC Net Neutrality hearing in Washington February 26, 2015. REUTERS/Yuri Gripas

By David Shepardson

WASHINGTON (Reuters) – The U.S. Federal Communications Commission will block some Obama administration rules that subject broadband providers to stricter scrutiny than websites, a spokesman said on Friday, in a victory for internet providers such as AT&T Inc <T.N>, Comcast Corp <CMCSA.O> and Verizon Communications Inc <VZ.N>.

The rules approved by the FCC in October in a 3-2 vote were aimed at protecting sensitive personal consumer data, but the spokesman said Ajit Pai, the FCC chairman appointed by President Donald Trump, believes all companies in the “online space should be subject to the same rules, and the federal government should not favor one set of companies over another.”

FCC spokesman Mark Wigfield said in a statement that the suspension affects only the data security rules, which are set to take effect on March 2. Some other aspects of the rules are under review by the White House Office of Management and Budget.

Pai plans by March 2 to delay the implementation of some rules, which subject companies to stricter oversight than websites under Federal Trade Commission rules, the spokesman said. Such a temporary stay is a first step toward permanently preventing the rules from taking effect.

The rules would subject broadband internet service providers to more stringent requirements than websites like Facebook Inc <FB.O>, Twitter Inc <TWTR.N> or Alphabet Inc’s <GOOGL.O> Google.

Providers would need to obtain consumer consent before using certain user data for advertising and internal marketing. They would be required to get consent for details like precise geo-location, financial information, health information, children’s information, Web browsing history, app usage history and communication content.

For less sensitive information such as email addresses or service tiers, consumers would be able to opt out.

Republican commissioners including Pai, said in October the rules unfairly give websites the ability to harvest more data than service providers and dominate digital advertising.

Pai said in October the FCC “adopted one-sided rules that will cement edge providers’ dominance in the online advertising market.” Google and Facebook dominate that market and account for about two-thirds of all revenue.

Former FCC Chairman Tom Wheeler, who authored the privacy rules, told Reuters on Friday that they are necessary because consumers have few options when it comes to broadband providers. “The fact of the matter is it’s the consumer’s information,” he said. “It’s not the network’s information.”

Berin Szóka, president of TechFreedom, said Pai’s decision was a good move because “because the real question isn’t a policy question but a legal one: does the FCC even have authority to regulate broadband privacy?”

(Reporting by David Shepardson in Washington; Additional reporting by Anjali Athavaley in New York; Editing by Richard Chang and Grant McCool)

FBI to gain expanded hacking powers as Senate effort to block fails

Password on Computer Screen

By Dustin Volz

WASHINGTON (Reuters) – A last-ditch effort in the Senate to block or delay rule changes that would expand the U.S. government’s hacking powers failed Wednesday, despite concerns the changes would jeopardize the privacy rights of innocent Americans and risk possible abuse by the incoming administration of President-elect Donald Trump.

Democratic Senator Ron Wyden attempted three times to delay the changes, which will take effect on Thursday and allow U.S. judges will be able to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas. His efforts were blocked by Senator John Cornyn of Texas, the Senate’s second-ranking Republican.

The changes will allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.

Magistrate judges can currently only order searches within the jurisdiction of their court, which is typically limited to a few counties.

In a speech from the Senate floor, Wyden said that the changes to Rule 41 of the federal rules of criminal procedure amounted to “one of the biggest mistakes in surveillance policy in years.”

The government will have “unprecedented authority to hack into Americans’ personal phones, computers and other devices,” Wyden said.

He added that such authority, which was approved by the Supreme Court in a private vote earlier this year, but was not subject to congressional approval, was especially troubling in the hands of an administration of President-elect Trump, a Republican who has “openly said he wants the power to hack his political opponents the same way Russia does.”

Democratic Senator Chris Coons of Delaware and Republican Senator Steve Daines of Montana also delivered speeches voicing opposition to the rule changes.

The U.S. Justice Department has pushed for the changes to the federal rules of criminal procedure for years, arguing they are procedural in nature and the criminal code needed to be modernized for the digital age.

In an effort to address concerns, U.S. Assistant Attorney General Leslie Caldwell wrote a blog post this week arguing that the benefits given to authorities from the rule changes outweighed any potential for “unintended harm.”

“The possibility of such harm must be balanced against the very real and ongoing harms perpetrated by criminals – such as hackers, who continue to harm the security and invade the privacy of Americans through an ongoing botnet, or pedophiles who openly and brazenly discuss their plans to sexually assault children,” Caldwell wrote.

A handful of judges in recent months had dismissed evidence brought as part of a sweeping FBI child pornography sting, saying the search warrants used to hack suspects’ computers exceeded their jurisdiction.

The new rules are expected to make such searches generally valid.

Blocking the changes would have required legislation to pass both houses of Congress, then be signed into law by the president.

(Reporting by Dustin Volz, editing by G Crosse)

Document spells out FBI rules to get journalists’ phone records: article

FBI headquarters

By Dustin Volz

WASHINGTON (Reuters) – The Federal Bureau of Investigation is allowed to seek journalists’ phone records with the approval of two government officials through a secretive surveillance process that does not require a warrant, The Intercept website reported on Thursday, citing a classified document.

The document, which The Intercept published without citing sources, was described as a classified appendix of the FBI’s Domestic Investigations and Operations Guide (DIOG) and was dated Oct. 16, 2013. The related document is at http://bit.ly/295HIpY.

Reuters could not verify the authenticity of the document.

FBI spokesman Christopher Allen said in an emailed reply to a Reuters request for comment, “We post a redacted version of the DIOG on our website. I am not in a position to comment or authenticate any other version.” Allen referred to an FBI website regarding the agency’s Domestic Investigations and Operations Guide. http://1.usa.gov/1QleO9n

“Because the DIOG governs sensitive operations and investigations, not all of its contents can be released,” Allen wrote.

“As a result I am not able to comment on how, or whether, the DIOG is updated as laws, Guidelines, or technology change. However, the FBI periodically reviews and updates the DIOG as needed,” he said.

Allen said the FBI’s DIOG remained consistent with guidelines from the U.S. attorney general.

The Intercept is an online publication launched in 2014 by First Look Media, which was created and funded by eBay founder Pierre Omidyar. The editors are Glenn Greenwald, Laura Poitras and Jeremy Scahill, who were all involved in breaking the Edward Snowden story.

The Intercept reported that, according to the document, pursuing a journalist’s call data with a national security letter requires the consent of the FBI’s general counsel and the executive assistant director of its national security branch, in addition to normal chain-of-command approval.

A national security letter is a type of government order for communications data sent to service providers. It is usually issued with a gag order, meaning the target is often unaware that records are being accessed.

There are several proposals in Congress to broaden the scope of national security letters, or NSLs. Privacy advocates, however, have said the authority is used too often, circumvents judicial oversight and lacks adequate transparency safeguards.

The Intercept reported that an added layer of review by the U.S. Justice Department’s assistant attorney general for national security is necessary to use an NSL to seek a journalist’s records if they are being sought “to identify confidential news media sources.”

National security letters have been available as a law enforcement tool since the 1970s. But their frequency and breadth expanded under the USA Patriot Act enacted shortly after the Sept. 11, 2001, attacks on the United States.

The FBI made 48,642 requests for data via NSLs in 2015, according to a Justice Department memo seen by Reuters in May.

Currently, national security letters can only compel sharing of phone billing records, according to a 2008 legal memo written by the U.S. Justice Department. Still, the FBI has used the letters since then to request internet records during national security investigations.

The U.S. Senate last week fell two votes short of advancing legislation that would broaden the type of records the FBI can compel a company to hand over under an NSL to include email metadata and some browsing history.

(Reporting by Dustin Volz; Editing by Dan Grebler, Toni Reinhold)

Push to expand FBI surveillance authority threatens email privacy bill

A lock icon, signifying an encrypted Internet

By Dustin Volz

WASHINGTON (Reuters) – An effort in the U.S. Senate to expand the Federal Bureau of Investigation’s authority to use a secretive surveillance order has delayed a vote on a popular email privacy bill, casting further doubt on whether the legislation will become law this year.

The Senate Judiciary Committee on Thursday postponed consideration of a measure that would require government authorities to obtain a search warrant before asking technology companies, such as Microsoft and Alphabet Inc’s Google , to hand over old emails. A version of the Senate bill unanimously passed the House last month.

Currently, federal agencies do not need a warrant to access emails or other digital communications more than 180 days old due to a provision in a 1986 law that considers them abandoned by the owner.

But Republican party senators offered amendments Thursday that privacy advocates argued contravened the purpose of the underlying bill and would likely sink its chances of becoming law.

Those amendments include one by Senator John Cornyn, the second ranking Republican in the Senate, that would broaden the FBI’s authority to deploy an administrative subpoena known as a National Security Letter to include electronic communications transaction records such as the times tamps of emails and their senders and recipients.

Senators Patrick Leahy and Mike Lee, the Democratic and Republican authors of the email privacy bill, agreed to postpone the vote to give time to lawmakers to review the amendments and other provisions of the bill that have prompted disagreement.

NSLs do not require a warrant and are almost always accompanied by a gag order preventing the service provider from sharing the request with a targeted user.

The letters have existed since the 1970s, though the scope and frequency of their use expanded greatly after the Sept. 11, 2001 attacks on the United States.

In 2015 requests for customer records via NSLs increased nearly 50 percent to 48,642 requests, up from 33,024 in 2014, according to a U.S. government transparency report.

The Obama administration has for years lobbied for a change to how NSLs can be used, after a 2008 legal memo from the Justice Department said the law limits them largely to phone billing records. FBI Director James Comey has said the change needed essentially corrects a typo.

The Senate Intelligence Committee this week passed a bill to fund the U.S. intelligence community that contains a similar provision that would allow NSLs to be used to gather email records.

Senator Ron Wyden, an Oregon Democrat, voted against the proposal and said it “takes a hatchet to important protections for Americans’ liberty.”

(Reporting by Dustin Volz; Editing by Alan Crosby)

FBI Unlocking Method Won’t Work on Newer Phones

The Apple logo is pictured at its flagship retail store in San Francisco

Reuters) – The Federal Bureau of Investigation’s secret method for unlocking the iPhone 5c used by one of the San Bernardino shooters will not work on newer models, FBI Director James Comey said.

“We have a tool that works on a narrow slice of phones,” Comey said at a conference on encryption and surveillance at Kenyon University in Ohio late on Wednesday.

Apple’s shares were down 1.3 percent at midday.

Comey added that the technique would not work on the iPhone 5s and the later models iPhone 6 and 6s. The iPhone 5c model was introduced in 2013 and has since been discontinued by Apple as newer models have become available.

The Justice Department said in March it had unlocked the San Bernardino shooter’s iPhone with the help of an unidentified third party and dropped its case against Apple Inc, ending a high-stakes legal clash but leaving the broader fight over encryption unresolved.

As the technique cannot be used to break into newer models, law enforcement authorities will likely have to lean on Apple to help them access the devices involved in other cases.

The Justice Department has asked a New York court to force Apple to unlock an iPhone 5s related to a drug investigation. Prosecutors in that case said they would update the court by April 11 on whether it would “modify” its request for Apple’s assistance.

If the government continues to pursue that case, the technology company could potentially use legal discovery to force the FBI to reveal what technique it used, a source familiar with the situation told Reuters.

Apple and the FBI were not immediately available for comment.

The FBI began briefing select U.S. senators this week about the method used to unlock the San Bernardino iPhone.

Up to Wednesday’s close of $110.96, Apple’s shares had risen more than 5 percent this year.

(Reporting by Narottam Medhora in Bengaluru and Dustin Volz in Washington; Editing by Saumyadeb Chakrabarty)

FAA to Allow Drones to Fly over Public

Airplane flies over a drone during the Polar Bear Plunge on Coney Island in the Brooklyn borough of New York

WASHINGTON (Reuters) – A Federal Aviation Administration advisory panel on Wednesday recommended that regulators set new rules allowing drones to fly over members of the public if the aircraft meet new standards to minimize the danger of physical injuries from collisions.

A report issued by the 27-member panel, which included representatives from the drone, aviation and technology industries, recommended that the FAA limit the risk of serious injury to less than 1 percent but allow drone makers to determine whether their products meet the standard.

An FAA official said the agency will consider the panel’s recommendations as it crafts new regulations that could eventually allow commercial drone flights over people, an option that is vital to plans for package delivery services being pursued by online commerce companies Amazon.com and Alphabet Inc’s Google.

Commercial drone flights are largely banned in the United States. But the FAA is expected to issue final regulations later this year that would allow limited commercial drone operations. The first proposed rules allowing flights over people would emerge much later, said the FAA official, who declined to provide a timeline.

(Reporting by David Morgan; Editing by Jonathan Oatis)

Apple, Google Products Target of Court Order

Apple Logo inside Corporate offices

SAN FRANCISCO (Reuters) – The American Civil Liberties Union on Wednesday said it had identified 63 cases across the U.S. in which the federal government asked for a court order compelling Apple Inc or Google to help access devices seized during investigations.

The cases predominantly arise out of investigations into drug crimes, the ACLU said, adding that the data indicate such government requests have become “quite ordinary.”

Representatives for the Justice Department and Apple declined to comment.

A spokesman for Google, a unit of Alphabet Inc, declined to say how frequently it has cooperated with All Writs Act requests or orders, and how often it has contested them.

The Justice Department previously disclosed that Apple has received 70 court orders requiring it to provide assistance since 2008, which it obeyed without objection.

However, last October Apple contested a Justice Department demand for assistance in a Brooklyn drug case. Since then, Apple has objected to several other government requests for help accessing devices across the country, the company said in a court filing last month.

A U.S. judge in Brooklyn agreed with Apple and ruled that Congress has not authorized the government to ask for the help it demanded of the company. The Justice Department has appealed that ruling.

The ACLU report comes after the Justice Department withdrew a request for Apple’s assistance in California, saying on Monday it had succeeded in unlocking an iPhone used by one of the shooters involved in a rampage in San Bernardino in December without Apple’s help.

Other cases involving government requests for Apple’s help are still pending.

A variety of Apple and Google products have been targeted by court orders, according to the ACLU report. In one, an Apple iPhone 5 was seized by a man arrested in 2013 for importing methamphetamine from Mexico.

A California court ordered Apple to help the Justice Department bypass the passcode and copy data onto an external hard drive. The order does not specify which operating system was running on the phone.

(Reporting by Dan Levine)