The door is wide open for President Trump to influence the Supreme Court’s approach to privacy in the digital age as he chooses a replacement for retiring Justice Anthony M. Kennedy.
Kennedy, the court’s famed swing vote, leaves behind a varied legacy on privacy matters, siding with law enforcement in cases involving digital surveillance while also joining majorities in decisions that expanded privacy protections against unreasonable searches. And while Trump is all but certain to tap a conservative, that’s no predictor for how the new justice will rule in the bevy of cases expected to come before the court concerning how the Fourth Amendment applies in an era of ever expanding data collection.
“This is ironically one of those areas that doesn’t necessarily fall on ideological lines,” said Jennifer Daskal, a professor at American University Washington College of Law. “This is not a place where it’s obvious what the likely leanings of the next justice are going to be.”
Kennedy’s own leanings on privacy are hard to put in a box. While the court overall in recent years has recognized broader digital privacy rights as technologies have advanced, Kennedy has showed ambivalence about how far those protections should stretch.
In the 2012 case United States v. Jones, he sided with the court’s other justices in finding that law enforcement officers typically need a warrant to track people using GPS devices. And he joined another unanimous opinion in Riley v. California in 2014 declaring warrantless cellphone searches unconstitutional in most cases. Both decisions were hailed by privacy advocates and represented significant expansions of Fourth Amendment protections.
But in other cases, Kennedy bucked majorities on the court that voted to boost privacy rights in the face of increasingly sophisticated surveillance tools. In 2001, he was part of a minority in Kyllo v. United States that argued Fourth Amendment rights didn’t apply to when law enforcement used a thermal-imaging device to scan a property in a criminal investigation. And just last week, Kennedy dissented in Carpenter v. United States, a landmark case in which the court’s majority ruled that police generally must get a warrant to access the troves of location information wireless carriers collect on customers.
“Kennedy was mixed in terms of how much he understood, and he grappled with the ways in which the Internet and digital communications change the application of existing doctrine,” Daskal told me.
Whoever takes Kennedy’s place probably will have the opportunity to decide a range of new privacy-related cases, privacy experts said. For example, the high court has yet to rule on whether police need a warrant to access location data from cell towers over short periods of time or comb through records generated by Internet of things devices such as smartwatches. The court is also poised to hear cases involving searches of digital devices at the U.S. border, surveillance from drones and security cameras, and collection of biometric data, experts said.
“There’s definitely space for whoever replaces Kennedy to come in with potentially more knowledge and respect for the impact that technology is having on privacy,” said Amie Stepanovich, U.S. policy manager at the digital rights group Access Now. “There’s going to be a lot of room to do good by the court in the privacy space because we’re only going to see more cases heading in that direction as we see tech tools advance.”
But even if Trump taps someone opposed to expanding privacy rights, it may not be enough in the near term to dramatically alter the court’s general trajectory on digital privacy. On those issues, Kennedy had less power to shift the court than he did on other issues such as abortion rights or same-sex marriage.
“Privacy and surveillance issues were not one of the areas where Justice Kennedy was one of the so-called swing votes,” said Nathan Wessler, a staff attorney with the American Civil Liberties Union’s Speech, Privacy and Technology Project who represented the plaintiffs in the Carpenter case. “I’m not sure that we’ll see an immediate change in the direction of the court’s jurisprudence wherever [Trump’s nominee] falls on the spectrum.”
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED, PATCHED, PWNED
PINGED: The intelligence community’s 2017 assessment of Russia’s far-reaching efforts to interfere in the U.S. presidential election “is a sound intelligence product,” according to the Senate Intelligence Committee. The committee also said on Tuesday that it agrees with the intelligence community that Russian President Vladimir “Putin and the Russian Government developed a clear preference” for Donald Trump over Hillary Clinton in the 2016 campaign. The panel reviewed conclusions from the CIA, the FBI and the National Security Agency that were presented in January 2017 and released on Tuesday “initial findings” of its review of those agencies’ work.
Sen. Richard Burr (R-N.C.), the committee’s chairman, said in a statement that the Senate panel “sees no reason to dispute the conclusions” of the intelligence community. “As numerous intelligence and national security officials in the Trump administration have since unanimously re-affirmed, the ICA findings were accurate and on point,” Sen. Mark R. Warner (D-Va.), the committee’s vice chairman, said in a statement. “The Russian effort was extensive and sophisticated, and its goals were to undermine public faith in the democratic process, to hurt Secretary Clinton and to help Donald Trump.”
The committee also addressed the difference among the three intelligence agencies in their levels of confidence about the assessment that the Kremlin sought to help elect Trump. According to the Intelligence Community Assessment, the CIA and FBI had “high confidence” in this conclusion while the NSA had “moderate confidence.” The Senate panel said this variation in degrees of confidence “appropriately represents analytic differences and was reached in a professional and transparent manner.” “In all the interviews of those who drafted and prepared the ICA, the Committee heard consistently that analysts were under no politically motivated pressure to reach any conclusions,” the committee said. “All analysts expressed that they were free to debate, object to content, and assess confidence levels, as is normal and proper for the analytic process.”
Russia will be back in 2018. We need to be ready.
— Mark Warner (@MarkWarner) July 3, 2018
PATCHED: “Federal prosecutors concluded an 18-month investigation into a former congressional technology staffer on Tuesday by publicly debunking allegations — promoted by conservative media and President Trump — suggesting he was a Pakistani operative who stole government secrets with cover from House Democrats,” The Washington Post’s Shawn Boburg and Spencer S. Hsu reported. Trump tweeted last month that the Justice Department should not let Imran Awan “off the hook” and suggested that Awan somehow had something to do with the hacking of the Democratic National Committee, my colleagues wrote.
Our Justice Department must not let Awan & Debbie Wasserman Schultz off the hook. The Democrat I.T. scandal is a key to much of the corruption we see today. They want to make a “plea deal” to hide what is on their Server. Where is Server? Really bad!
— Donald J. Trump (@realDonaldTrump) June 7, 2018
“Particularly, the Government has found no evidence that your client illegally removed House data from the House network or from House Members’ offices, stole the House Democratic Caucus Server, stole or destroyed House information technology equipment, or improperly accessed or transferred government information, including classified or sensitive information,” federal prosecutors wrote, as quoted by Boburg and Hsu. Awan pleaded guilty to an unrelated charge of making a false statement on an application for a home-equity loan, and prosecutors said they won’t advise that he be jailed, according to my colleagues.
PWNED: The Palestinian militant group Hamas carried out a cyber campaign aiming to infiltrate Israel’s military by seeking to entice young recruits into downloading mobile apps for dating or following the soccer World Cup from the Google Play Store, The Post’s Ruth Eglash reported Tuesday. “The army official, who spoke on the condition of anonymity in keeping with military protocol, said Hamas operatives posing online as young, attractive and, in most cases, female Israelis attempted to lure young Israeli recruits via Facebook and WhatsApp to download the apps,” Eglash wrote. “Once embedded in a person’s phone, the malware in the apps can read text messages, view visual content and other documentation stored on the device, as well as allow outside sources to listen in on conversations and take photographs remotely.”
About 400 to 500 users have downloaded the applications but not all of those people are part of the military, according to the Israeli army, my colleague reported. The army found at least three apps — Wink Chat and Glance Love for dating and Golden Cup to keep up with the soccer tournament — and they were removed from the Google Play Store, according to Eglash. The Israeli army said roughly 2 percent of the hundreds of soldiers who said they were contacted on Facebook ended up accepting to download the apps, Eglash wrote.
More cybersecurity news:
— The Democratic National Committee is training its staffers as well as state parties and campaigns with DNC support to improve their cybersecurity practices to avoid a rerun of the hacking of the party’s computer network, CyberScoop’s Chris Bing reports. “Since September of last year — primarily through a phishing simulation platform named Wombat — the DNC’s tech team has been targeting co-workers as part of a broad effort to evaluate internal cybersecurity risks,” Bing writes. “Staffers are graded on their ability to spot, report and avoid emails that in a real-world scenario might carry malware.”
— The office of New York’s Special Narcotics Prosecutor successfully applied for an authorization to use the GrayKey software from the company Grayshift to access two locked iPhones in a drugs case, Forbes’s Thomas Fox-Brewster reported Tuesday. “Legal representation for the suspect, whose name has not been revealed, said they believed GrayKey was successful in gaining access to the client’s iPhones,” Fox-Brewster wrote. “Jerome Greco, staff attorney at the Legal Aid Society, told Forbes his team was waiting to learn what data was actually obtained from the devices.”
— Developers who create apps for the National Geospatial-Intelligence Agency are required to submit their source code for security vetting, according to Wired’s Lily Hay Newman. Engility, a private company, handles the code review, Wired reports. “The brokered vetting process means that the government never holds developers’ source code directly,” Hay Newman writes. “The inspection is always mediated by Engility, which signs nondisclosure agreements with developers and isn’t a software maker itself.”
— More cybersecurity news from the public sector:
In a June 22 memo, Deputy Defense Secretary Patrick Shanahan ordered DOD’s massive commercial cloud acquisition fall under new CIO Dana Deasy.
When a CIA-backed venture capital fund took an interest in Rana el Kaliouby’s face-scanning technology for detecting emotions, the computer scientist and her colleagues did some soul-searching — and then turned down the money.
THE NEW WILD WEST
— A University of Cambridge researcher looked inside one of the USB fans that were provided to journalists covering the meeting last month in Singapore between Trump and North Korean leader Kim Jong Un and it seems like the device wasn’t a spying tool in the end, The Post’s Hamza Shaban reports. “This particular sample of USB fan does not have any computer functionality on USB interface,” researcher Sergei Skorobogatov wrote in an analysis. “It can only be used for driving the motor from USB power. However, this does not eliminate the possibility of malicious or Trojan components wired to USB connector in other fans, lamps and other end-user USB devices.”
Media goody bag: Mini USB fan, hand-held fan with #TrumpKim on either side to blow around all the hot air…. and a fun guide to Sentosa. NB: that’s not the delegations playing beach volleyball. pic.twitter.com/fbdKVzr0Cn
— Amanda Drury (@MandyCNBC) June 10, 2018
But just because the device that Skorobogatov analyzed didn’t contain malware doesn’t mean that other fans handed out to reporters in Singapore weren’t harmless, my colleague reports. “Jake Williams, founder of the cybersecurity firm Rendition InfoSec and a former member of the National Security Agency’s hacking group, was also circumspect about the USB fans,” Shaban writes. “He said that malicious actors could have narrowly targeted one reporter who was of special interest out of 100, meaning that most fans may have appeared harmless even as some might have been used to target specific journalists.”
— More cybersecurity news from overseas:
Theft of cryptocurrencies from exchanges soared in the first half of this year to three times the level seen for the whole of 2017, leading to a three-fold increase in associated money laundering, according to a report from U.S.-based cybersecurity firm CipherTrace released on Tuesday.
FOR THE N00BS
It’s the smartphone conspiracy theory that just won’t go away: Many, many people are convinced that their phones are listening to their conversations to target them with ads.
— Trump on Tuesday attempted to tie the deletion of call detail records that the NSA announced last week with the Russia investigation even though nothing indicates that those two things are related, The Post’s Shane Harris reported. The NSA said in a June 28 statement that it had started in May to delete call detail records “acquired since 2015 under Title V of the Foreign Intelligence Surveillance Act (FISA).” “Officials explained that telecom companies had provided more information about Americans’ communications than the NSA was legally entitled to receive,” Harris wrote.
Wow! The NSA has deleted 685 million phone calls and text messages. Privacy violations? They blame technical irregularities. Such a disgrace. The Witch Hunt continues!
— Donald J. Trump (@realDonaldTrump) July 3, 2018
“The president routinely calls the special-counsel investigation, led by Robert S. Mueller III, a witch hunt,” Harris wrote. “But the NSA program to which the president referred is used primarily for counterterrorism. The president offered no evidence to suggest how the program was connected to Mueller’s probe.” Sen. Ron Wyden (D-Ore.), who has long expressed concerns about some government surveillance programs, seized on Trump’s tweet and told the president that “we should talk.”
.@realDonaldTrump, If you’re actually interested in real reforms, I’ve been pushing them for years, and we should talk. But with 20 indictments there’s no witch hunt. https://t.co/Hysu8fjuBM
— Ron Wyden (@RonWyden) July 3, 2018
The American Civil Liberties Union tweeted that Trump should support overhauling the NSA:
Instead of pushing to expand surveillance laws like you did last year, join us in calling for reform when NSA powers expire next year.
In the meantime, you can stop this program now: https://t.co/cjarHVsAmk https://t.co/sX7HCuF5ar
— ACLU (@ACLU) July 3, 2018
From Susan Hennessey, the executive editor of Lawfare and a former attorney at the NSA:
First, to understand what actually occurred you should read this piece by @DavidKris https://t.co/mosacauDec
— Susan Hennessey (@Susan_Hennessey) July 3, 2018
Third, healthy skepticism is different from a presumption of bad faith and that presumption has profoundly warped public debate and understanding of IC mission and tools. That’s been true for a long time, but I never in my life thought I’d see it championed by the White House.
— Susan Hennessey (@Susan_Hennessey) July 3, 2018
Finally, I’ll share this reflection on the ethos of NSA, which I wrote the day after the election. The oath is to the constitution; it’s to a mission—one that matters—and not a man. https://t.co/11SwJQ8osi pic.twitter.com/7K0KZND17K
— Susan Hennessey (@Susan_Hennessey) July 3, 2018
Several journalists also commented on Trump’s tweet.
From CNN’s Jenna McLaughlin:
Trump is, once again, attacking his intelligence agencies. It’s unclear if he knows any more about this incident, though NSA has claimed the error was with the telecoms. https://t.co/UzlhT2zMO0
— Jenna McLaughlin (@JennaMC_Laugh) July 3, 2018
From Mother Jones’s David Corn:
This is nuts. NSA says-accurately or not-it deleted “call detail records” bc it had received CDRs it had not been authorized to receive & couldn’t separate those from the full body of CDRs. Yet Trump ties this to the Russia probe. #ParanoiaInTheWhiteHousehttps://t.co/siUcAO5WFi https://t.co/2CwE76DMDm
— David Corn (@DavidCornDC) July 3, 2018
From BuzzFeed News’s Kevin Collier:
President Trump is indicating he just a few minutes ago learned about NSA self-reporting data deletion, which the agency publicly announced five days ago. He would have had access to a private and far more comprehensive briefing far earlier. pic.twitter.com/Evo2LhVbps
— Kevin Collier (@kevincollier) July 3, 2018
From Politico’s Kyle Cheney:
This appears to be the first time the NSA (under a new, Trump-appointed leader) has been accused of being complicit in the “witch hunt.” -> https://t.co/uMjZHHZt40
— Kyle Cheney (@kyledcheney) July 3, 2018
“Major incident” in town near former Russian spy poisoning:
Trump compares immigration enforcement to “liberating a town” in combat:
Trapped Thai soccer team receives dive lessons: