• Tag Archives 1st Amendment
  • Border Security Overreach Continues: DHS Wants Social Media Login Information

    Now more than ever, it is apparent that U.S. Customs and Border Protection (CBP) and its parent agency, the Department of Homeland Security (DHS), are embarking on a broad campaign to invade the digital lives of innocent individuals.

    The new DHS secretary, John Kelly, told a congressional committee this week that the department may soon demand login information (usernames and passwords) for social media accounts from foreign visa applicants—at least those subject to the controversial executive order on terrorism and immigration—and those who don’t comply will be denied entry into the United States. This effort to access both public and private communications and associations is the latest move by a department that is overreaching its border security authority.

    In December 2016, DHS began asking another subset of foreign visitors, those from Visa Waiver Countries, for their social media handles. DHS defended itself by stating that not only would compliance be voluntary, the government only wanted to access publicly viewable social media posts: “If an applicant chooses to answer this question, DHS will have timely visibility of the publicly available information on those platforms, consistent with the privacy settings the applicant has set on the platforms.”

    As we wrote last fall in comments to DHS, even seeking the ability to view the public social media posts of international travelers implicates the universal human rights of free speech and privacy, and—importantly—the comparable constitutional rights of their American associates. Our objections are still salient given that DHS may soon mandate access to both public and private social media content and contacts of another group of foreigners visitors.

    Moreover, as a practical matter, such vetting is unlikely to weed out terrorists as they would surely scrub their social media accounts prior to seeking entry into the U.S.

    Such border security overreach doesn’t stop there.

    There have been several reports recently of CBP agents demanding access to social media information and digital devices of both American citizens and legal permanent residents. Most disturbing are the invasive searches of Americans’ cell phones, where CBP has been accessing social media apps that may reveal private posts and relationships, as well as emails, texts messages, browsing history, contact lists, photos—whatever is accessible via the phone.

    Such border searches of Americans’ digital devices and cloud content are unconstitutional absent individualized suspicion, specifically, a probable cause warrant. In light of the DHS secretary’s statements this week, we fear that DHS may soon take the next step down this invasive path and demand the login information for American travelers’ online accounts so that the government can peruse private, highly personal information without relying on access to a mobile device.

    Source: Border Security Overreach Continues: DHS Wants Social Media Login Information | Electronic Frontier Foundation

  • Fear Materialized: Border Agents Demand Social Media Data from Americans

    The Council on American-Islamic Relations (CAIR) recently filed complaints against U.S Customs and Border Protection (CBP) for, in part, demanding social media information from Muslim American citizens returning home from traveling abroad. According to CAIR, CBP accessed public posts by demanding social media handles, and potentially accessed private posts by demanding cell phone passcodes and perusing social media apps. And border agents allegedly physically abused one man who refused to hand over his unlocked phone.

    CBP recently began asking foreign visitors to the U.S. from Visa Waiver Countries for their social media identifiers. Last fall we filed our own comments opposing the policy, and joined two sets of coalition comments, one by the Center for Democracy & Technology and the other by the Brennan Center for Justice. Notably, CBP explained that it was only seeking publicly available social media data, “consistent with the privacy settings the applicant has set on the platforms.”

    We raised concerns that the policy would be extended to cover Americans and private data. It appears our fears have come true far faster than we expected. Specifically, we wrote:

    It would be a series of small steps for CBP to require all those seeking to enter the U.S.—both foreign visitors and U.S. citizens and residents returning home—to disclose their social media handles to investigate whether they might have become a threat to homeland security while abroad. Or CBP could subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data; CBP could then access both public and private online data—not just social media content and contacts that may or may not be public (e.g., by perusing a smartphone’s Facebook app), but also other private communications and sensitive information such as health or financial status.

    We believe that the CBP practices against U.S. citizens alleged by CAIR violate the Constitution. Searching through Americans’ social media data and personal devices intrudes upon both First and Fourth Amendment rights.

    CBP’s 2009 policy on border searches of electronic devices is woefully out of date. It does not contemplate how accessing social media posts and other communications—whether public or private—creates chilling effects on freedom of speech, including the First Amendment right to speak anonymously, and the freedom of association.

    Nor does the policy recognize the significant privacy invasions of accessing private social media data and other cloud content that is not publicly viewable. In claiming that its program of screening the social media accounts of Visa Waiver Program visitors does not bypass privacy settings, CBP is paying more heed to the rights of foreigners than American citizens.

    Finally, the CBP policy does not address recent court decisions that limit the border search exception, which permits border agents to conduct “routine” searches without a warrant or individualized suspicion (contrary to the general Fourth Amendment rule requiring a warrant based on probable cause for government searches and seizures). These new legal rulings place greater Fourth Amendment restrictions on border searches of digital devices that contain highly personal information.

    As we recently explained:

    The U.S. Court of Appeals for the Ninth Circuit in U.S. v. Cotterman (2013) held that border agents needed to have reasonable suspicion—somewhere between no suspicion and probable cause—before they could conduct a “forensic” search, aided by sophisticated software, of the defendant’s laptop….

    The Supreme Court held in Riley v. California (2014) that the police may not invoke another exception to the warrant requirement, the search-incident-to-arrest exception, to search a cell phone possessed by an arrestee—instead, the government needs a probable cause warrant. The Court stated, “Our holding, of course, is not that the information on a cell phone is immune from search; it is instead that a warrant is generally required before such a search, even when a cell phone is seized incident to arrest.”

    Although Riley was not a border search case, the Riley rule should apply at the border, too. Thus, CBP agents should be required to obtain a probable cause warrant before searching a cell phone or similar digital device.

    Both Riley and Cotterman recognized that the weighty privacy interests in digital devices are even weightier when law enforcement officials use these devices to search cloud content. A digital device is not an ordinary “effect” akin to a piece of luggage or wallet, but rather is a portal into an individual’s entire life, much of which is online.

    The Ninth Circuit wrote:

    With the ubiquity of cloud computing, the government’s reach into private data becomes even more problematic. In the “cloud,” a user’s data, including the same kind of highly sensitive data one would have in “papers” at home, is held on remote servers rather than on the device itself. The digital device is a conduit to retrieving information from the cloud, akin to the key to a safe deposit box. Notably, although the virtual “safe deposit box” does not itself cross the border, it may appear as a seamless part of the digital device when presented at the border.

    And the Supreme Court wrote:

    To further complicate the scope of the privacy interests at stake, the data a user views on many modern cell phones may not in fact be stored on the device itself. Treating a cell phone as a container whose contents may be searched incident to an arrest is a bit strained as an initial matter…. But the analogy crumbles entirely when a cell phone is used to access data located elsewhere, at the tap of a screen. That is what cell phones, with increasing frequency, are designed to do by taking advantage of “cloud computing.” Cloud computing is the capacity of Internet-connected devices to display data stored on remote servers rather than on the device itself. Cell phone users often may not know whether particular information is stored on the device or in the cloud, and it generally makes little difference.

    The Riley Court went on to state:

    The United States concedes that the search incident to arrest exception may not be stretched to cover a search of files accessed remotely—that is, a search of files stored in the cloud…. Such a search would be like finding a key in a suspect’s pocket and arguing that it allowed law enforcement to unlock and search a house.

    Thus, the border search exception also should not be “stretched to cover” social media or other cloud data, particularly that which is protected by privacy settings and thus not publicly viewable. In other words, a border search of a traveler’s cloud content is not “routine” and thus should not be allowed in the absence of individualized suspicion. Indeed, border agents should heed the final words of the unanimous Riley decision: “get a warrant.”

    We hope CBP will fully and fairly investigate CAIR’s grave allegations and provide a public explanation. We also urge the agency to change its outdated policy on border searches of electronic devices to comport with recent developments in case law. Americans should not fear having their entire digital lives unreasonably exposed to the scrutiny of the federal government simply because they travel abroad.

    Source: Fear Materialized: Border Agents Demand Social Media Data from Americans | Electronic Frontier Foundation

  • Government Pressure Shutters Backpage’s Adult Services Section

    Succumbing to years of government pressure, the online classified ads website Backpage.com has shut down its adult services section. Just like Craigslist before it, Backpage faced the difficult choice of censoring an entire forum for online speech rather than continue to endure the costly onslaught of state and federal government efforts seeking to hold it responsible for the illegal activity of some of its users.

    The announcement came on the eve of a hearing by the Senate Permanent Subcommittee on Investigations (PSI). The hearing was the backdrop for the release of a committee report [PDF] alleging [PDF] that Backpage knew that its website was being used to post ads for illegal prostitution and child sex trafficking, and directly edited such ads to make their illegality less conspicuous or flagged for the posters how to do so themselves.

    While acknowledging the horrific nature of sex trafficking, EFF has participated in several cases to remind courts about the importance of preserving strong legal protection under the First Amendment and Section 230 (47 U.S.C. § 230) for Internet intermediaries.

    For example, we were counsel for the Internet Archive in two cases in which Backpage was co-plaintiff, one in Washington state and the other in New Jersey, challenging state laws that sought to hold online companies responsible for hosting third-party ads for illegal sexual transactions. We successfully argued that the laws were invalid under the First Amendment and Section 230.

    Section 230 is the two-decade old statute passed by Congress to promote online free speech and innovation by immunizing (with certain exceptions) Internet intermediaries from liability for illegal content created or posted by their users. Section 230 immunity holds as long as the companies did not themselves create the illegal content, while editing user-generated content is permitted by Section 230 as long as the editing itself does not make the content illegal.

    We’ve also filed amicus briefs in support of strong legal protections for Internet intermediaries. We filed an amicus brief in an emotionally tough Massachusetts case against Backpage brought by young women trafficked for sex as minors via the website. The court rightly dismissed the case, largely adopting our Section 230 arguments.

    Much of Backpage’s fights have hinged on defending fundamental First Amendment rights online. We submitted an amicus brief in a case where Backpage successfully challenged the “campaign of suffocation” by an Illinois sheriff who had illegally coerced major credit card companies to stop doing business with Backpage. Recently, we submitted an amicus brief in a case where Backpage is challenging some of the subpoenas issued by PSI, arguing that the committee’s inquiry into Backpage’s ad moderating practices amounts to improper government interference into core editorial functions protected by the First Amendment—something we also argued Sen. Thune did in relation to Facebook’s “trending” news stories.

    During the PSI hearing, senators expressed their disdain for Backpage’s reliance on Section 230 and the First Amendment. Chairman Rob Portman (R-OH) said that Backpage’s invocation of Section 230 is a “fraud on courts, on victims, and on the public.” Ranking Member Claire McCaskill (D-MO) exclaimed, “This investigation is not about curbing First Amendment rights. Give me a break!” And Sen. Heidi Heitkamp (D-ND) said that Backpage has “the audacity to hide behind the First Amendment.”

    EFF and other civil liberties organizations are all too familiar with the fact that First Amendment rights are often championed by those accused of disseminating unpopular or harmful speech. And when First Amendment rights are weakened for one unsavory person or entity, First Amendment rights become weakened for everyone.

    Most disturbing during the hearing, Chairman Portman said that the committee will explore “legislative remedies” to address the problem of online sex trafficking. This surely means a weakening of Section 230 protection for Internet intermediaries, which EFF strongly opposes. Congress already passed the SAVE Act in 2015, which amended the federal criminal statute on sex trafficking to include anyone involved in advertising sex trafficking. This amendment was specifically meant to target online platforms that host ads posted by third parties, and strip those platforms of Section 230 protection since the statute does not provide immunity against federal criminal charges.

    Any changes to Section 230 itself, to make it easier to impose liability on companies for user-generated content, would be devastating to the web as we know it—as a thriving online metropolis of free speech and innovation. As my colleague Matt Zimmerman wrote back in 2010 when Craigslist shuttered its adult services section, Section 230 “is not some clever loophole” but rather “a conscious policy decision by Congress to protect individuals and companies who would otherwise be vulnerable targets to litigants who want to silence speech to which they object.”

    Matt further explained:

    This clear protection plays an essential role in how the Internet functions today, protecting every interactive website operator—from Facebook to Craigslist to the average solo blog operator—from potentially crippling legal bills and liability stemming from comments or other material posted to websites by third parties. Moreover, if they were obligated to pre-screen their users’ content, wide swaths of First Amendment-protected speech would inevitably be sacrificed as website operators, suddenly transformed into conservative content reviewers, permitted only the speech that they could be sure would not trigger lawsuits.

    So while Backpage’s announcement suggests that the company’s opponents have at least temporarily won the battle against the adult services section of the website (because Backpage has vowed to continue its legal battles), EFF will continue to try to win the war to ensure that both the First Amendment and Section 230 remain strong protectors of Internet intermediaries—the online innovators who enable the rest of us to communicate, engage in commerce, and generally be active participants in our democratic and diverse society like never before.

    Source: Government Pressure Shutters Backpage’s Adult Services Section | Electronic Frontier Foundation