Saturday, February 22, 2014

Freedom of religion should not be freedom to discriminate! AZ SB 1062

Well, dang. Arizona just keeps coming on, don't they?

Arizona Senate Bill 1062 amending their current statute on freedom of religion:
"Person" includes [a religious assembly or institution] any individual, association, partnership, corporation, church, religious assembly or institution, estate, trust, foundation or other legal entity.
The removed language in brackets and italicized. The new language is bolded. It might seem innocuous until you start thinking about what this does. It grants the religious status of churches to EVERYBODY in the state -- so businesses, estates, trusts, and any individual who wants to can wrap their discriminatory acts in the mantle of freedom of religion and breeze along. Not covering birth control in their health insurance, or not hiring somebody from a different race or religion just because it offends their own sense of religious propriety. But of course, the rubber really hits the road when it comes to sexual orientation, doesn't it? Now, the good folks of Arizona won't have to be bothered by those uncomfortable gay, lesbian, queer, trans folks, if they just want to claim it is against their personal religion.

If you want to sign a petition against the bill, do so here.

It might hearten you to know that many Arizona businesses oppose this bill, remembering the financial sting from a previous boycott over their dismissal of Martin Luther King Day as a paid state holiday and then S.B. 1070, dealing with immigration. They are just seeing an economic recovery in the state, and are looking forward to the Superbowl coming in 2015. And already there are calls to move the Superbowl elsewhere because of this bill.

Thursday, February 20, 2014

Bitcoins -what?

There is a new ATM in South Station in Boston. South Station is a sort of rail and bus hub where the subways, commuter rails, AmTrack and buses all come together on the south side of Boston. Lot of people from all over come through there.

Well the Boston Globe reports they have a Bitcoin ATM machine there. If you've been following the news about this new currency it's kind of interesting, and I'm just imagining how many disappointed and outraged mistaken users might stumble across the machine unless the signage is significantly better than the norm here in Boston. Apparently Boston is a Johnny come lately to the bitcoin ATM party. I read that there are already bitcoin ATMs in Austin, Seattle and Vancouver, and maybe in Calgary. Apparently they are coming to Europe and Asia as well.

Bitcoins are a digital currency. The Wikipedia article states they were introduced as open source software in 2009 by a pseudonymous person or group calling itself Satoshi Nakamoto. It is a peer-to-peer currency, meaning that it isn't minted by a government and doesn't pass through a financial institution. It is "mined" by any individual who has the ability and computing ability to set up a software program to run the cryptography to create bitcoins and also earned by those who manage the "block chains" whereby the transactions using each bitcoin are traced in its records. This prevents double spending, a major problem with digital currencies. The transactions are designed to be very secure and private between the parties. There are several problems, some with gaps in security and some with the extreme volatility of the currency compared against other currencies. There are some news stories recently commenting that this may be settling in the near future.

Most in the news recently, bitcoins have been the object of speculation. When introduced into China, many Chinese citizens became enthusiastic speculators in the global bitcoin market. This caused a spike the value of bitcoins, with a bitcoin trading at the equivalent of $1,100 U.S. in November, 2013 in China. The Chinese government, concerned about an ephemeral and foreign currency flooding their country, had the Bank of China announce in December, 2013 that Chinese financial institutions could not use bitcoin. Shortly after, the Chinese internet ISP Baidu announced it would no longer accept bitcoin to purchase website security services. Since 2009, according to Wikipedia, it has been illegal to purchase real world goods with virtual currencies in China.

Bitcoins, though digital, sometimes have a physical manifestation. They can be turned into a physical coin, usually made of some light weight metal like aluminum, wood, or plastic but often colored gold, to convey its value. In either the physical or digital form, bitcoins can be stolen. They have 2 step security, with a private and a public key. But if a user is not careful storing the data, and generating the key on a secure computer, thieves can apparently retrieve both keys and make off with the coin or coins.

Bitcoins have, like all money, been associated (already!), with organized crime. There has been a money-laundering scheme using bitcoins. There has just been a large denial of service attack on the bitcoin exchanges that forced them to suspend services. That action dropped the value of bitcoins on markets around the world. The bitcoin folks themselves have a sort of "warning" page of things you ought to know before you jump into the bitcoin experiment.

The very beautiful image of one physical form of the bitcoin is from Wikicommons, from Casascius.

Wednesday, February 19, 2014

Net Neutrality news

Folks who have been following the Net Neutrality news might have been cast down when the Court of Appeals for the D.C. Circuit handed down Verizon v. F.C.C., Docket No. 11-1355, January 14, reissued January 15, 2014 (too early for a reporter number, apparently, but something in F3d).

Now the F.C.C. has responded, declaring their intention to propose new rules supporting Net Neutrality. Here are the headliners from Chairman Tom Wheeler's statement:

1. Propose new rules. I intend to ask my fellow commissioners to:

* Enforce and enhance the transparency rule.

* Fulfill the “no blocking” goal.

* Fulfill the goals of the non-discrimination rule

2. Keep Title II authority on the table.

3. Forgo judicial review of the Verizon decision.

4. Solicit public comment.

5. Hold Internet Service Providers to their commitment.

6. Enhance competition.

Visit the linked website for the FCC statement because there is a lot of commentary for each of these statements that you should read. But I am so cheered by the FCC's response! Yay!

The image is a photo of FCC chair Tom Wheeler dated May 1, 2013 credited to AFP photographyer Saul Loeb, from an article at AFP news site, "US renews 'Open Internet' push after court order" story by Rob Lever dated today, (2/19/14).

Sunday, February 16, 2014

NSA involved in spying on attorney-client communications: What do we do now?

My fabulous colleague, Andy Perlman, was quoted in the article that ran yesterday in the New York Times, as well as in today's Boston Globe. Apparently the Australian government security counterpart, the Australian Signals Directorate, was monitoring communications between the Indonesian government and the American law firm they had hired to advise them on trade relations. The Mayer Brown firm, home-base in Chicago, was advising on several import issues that came up in trade negotiations with the U.S. government, including clove and menthol cigarettes and shrimp. Mayer Brown was not identified in any of the communications, but, the article authors conclude that it is likely to be that firm, because of the timing and the client.

The Australians contacted their counterparts at the NSA, according to documents that surfaced in the materials released by Edward Snowden. They alerted them to possible problems with “information covered by attorney-client privilege may be included” in the surveillance. The Australian agency reported in a monthly bulletin that liaison officers asked the NSA for guidance on the matter and received "clear guidance." They noted their agency “has been able to continue to cover the talks, providing highly useful intelligence for interested US customers.”

This is especially interesting because lawyers have been increasingly concerned about computer, e-mail and telephone privacy issues (both government surveillance, but perhaps more commonly, hacking). They have recently rewritten the ABA Rule of Professional Conduct regarding Client-Lawyer Relationship, Rule 1.6, Confidentiality of Information. Subsection (c) now states:
A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
Suffolk's Andy Perlman was involved in redrafting this provision, and is quite aware of the difficulties for modern lawyers in a technologically complex world.

The article in the Times discusses the recent Supreme Court decision, Clapper v. Amnesty International, 568 U.S. ___ (2013). The case, (see nice link here to SCOTUS Blog which includes the petition, all briefs and the procedural steps) was decided along ideological lines, with Justice Kennedy providing the swing vote and Justice Alito writing the majority opinion. Justice Breyer wrote a dissent in which Justices Ginsburg, Kagan and Sotomayor joined. The case turned on the question of whether the petitioners had standing. The majority felt that, since the petitioners could not prove that there was or would be any surveillance of themselves, in particular, they failed to show standing on that count. There was an alternative argument put forth by the petitioners that they could show they were suffering injuries through the concern they felt at the prospect of surveillance and through their efforts to protect their clients' interests in case they were being surveilled. This argument did not sway the majority either. If you think about it, though, how would a target of FISA Court-authorized surveillance ever be aware for sure that there was any surveillance or authorization for it? The whole point is that it's secret!

So it is of interest and some irony that the document from the trove released by Edward Snowden showed up now, proving that at least some foreign clients of American attorneys are, indeed, subject to surveillance, if not directly by the NSA, then with their knowledge and advice.

Many techie lawyers may already be miles ahead of this on the security front. But I talked with my tech consultant and have a couple of FREE security add-ons. First you might want a...

Brief Primer on Security Basics
The key to better security is to have 2 different pieces that guard your access or privacy. There are 3 ways to secure this access or privacy:
1. Who you are (biometrics)- your fingerprint, retinal scan, face or voice recognition sort of identification. This is not really feasible for most regular folks at this point.

2. What you know - your password

3. What you have - your cell phone or key fob or other security device.

You may already be using two factor security (also known as two step verification, which is Google's name for it). If you use a Google product like Blogger or Gmail, or Google Circles, you have undoubtedly been prompted to not only register a password, but also to give them your cell phone number. That cell number is not just their way to contact you if you lose the e-mail password. It is also a way they can verify that you are the real owner of the account. You may have lost the password, but you will still have the cell phone registered as belonging to the account owner. That way, Google is OK with sending you the new password - they know they have the right person!

Your ATM card is another example of a two factor security system. You must have the card, but you also need the pin number. Having one without the other, a thief still cannot access your account. This is an example that lets you see how the security system ideally works. By requiring two separate identifying verifications, from 2 different types of the three options, you increase the security level greatly. It's much less easy for a thief to steal both the card and the pin number unless you write the number on a sticky note and keep it with the card. That's the last part -- keep the verification items separately and securely.

Lawyers should also be aware of the very recently released CyberSecurity Framework from the National Institute of Standards and Technology. About a year ago, President Obama issued Executive Order no. 13636, Improving Critical Infrastructure Cybersecurity, DCPD-201300091, February 12,2013. The Framework was released on Feb. 12, 2014, and declares itself to be a living document that will be updated and amended in response to industry feedback on voluntary implementation. Silicon Valley type industries have been highly critical of the President's stance on the NSA and FISA embroglio, which is costing large social media and telecom companies thousands or millions of dollars in compliance with secret orders. But they seem, according to reports, fairly pleased with the new Framework, which is voluntary but is built to align with enlightened self-interest.

1. Encryption software (a quick answer to surveillance concerns?)
a. PGP (Pretty Good Privacy)
This was first introduced by Phil Zimmermann in 1991, according to the Open PGP Alliance, and several other sources as well. According to Zimmerman's homepage, he first designed PGP as a human rights tool, and that is why it was released free on Usenet. It's a sad and ironic commentary that the U.S. government then began a criminal investigation against Mr. Zimmerman for allegedly violating export restrictions on cryptographic software when PGP spread worldwide through the proto-Internet. The criminal charges were eventually dropped after three years.

PGP is still available for free. Here is a list of links to download it in various versions and to get patches. Here is a helpful tutorial and information page from University of Pittsburg at Johnstown. Not easy reading, but it is chock-full of information using the private and public keys to create a two-factor verification process between you and the person you are communicating with. If you encrypt your message, the guy at the other end needs a key to decode it, right? But how to get it there, without being intercepted? It's an ingenious system and has no backdoor. The system also allows you to use your encryption key as a digital signature, which is an interesting feature.

Back when Phil Zimmerman developed PGP originally, in the early 1990's, Linux was just a toy O.S. known only to a few geeky operating system managers. So, PGP was naturally written with Windows and (later I think) Mac (or here) in mind. Now it is being developed into Open PGP and is an open source collaborative coding project and supports all sorts of operating systems, including Blackberry, Android and other mobile O.S. See, for instance, Open PGP Ruby and the Wikipedia article which nicely pulls together a list of the supported systems. Still distributed free, PGP is probably the most widely used encryption standard in the world (per the Open PGP Ruby intro).

b. GPG (GNU Privacy Guard)
This was developed originally by German citizen Werner Koch, then by the GNU Project, which developed the GNU/Linux operating system. The standard is obviously built to support Linux and GNU/Linux systems. GPG can also support Windows, Mac, Android and many other operating systems.

... Should U.S. citizens have access to technology that permits private communication? And ultimately, do U.S. citizens have the right to communicate in absolute privacy?

There are forces at work that will, if unresisted, take from us our liberties. There always will be. But at least in the United States, our rights are not so much stolen from us as they are simply lost by us. The price of freedom is not only vigilance but also participation. ...
From statement by Phil Dubois, lead defense lawyer for Phil Zimmerman in the announcement of the government's dropping of criminal charges, dated Jan. 11, 1996.

Monday, February 10, 2014

Just say NO to continued government surveillance!

Call/email Congress. Ask legislators to oppose the FISA Improvements Act. Look here at the ACLU comments, here at the EFF comments on "fake fix bill", another EFF note on 54 civil liberties and public interest organizations opposing this bill and here for an analysis in the British paper The Guardian (Permanent loophole for "backdoor search provision," and the Cato Institute, which called it the NSA Fig Leaf.

Ask your congresspeople to support the USA Freedom Act, and enact protections for non-Americans. Read the ACLU comments supporting this alternative bill. The EFF also supports this bill, which was co-sponsored by Representative Sensenbrenner (R, Wis) and Senator Leahy (D, Ver).

There are limits to what the USA Freedom Act accomplishes, according to the EFF website:

The bill only addresses a small portion of the problems created by NSA spying and overreaching government secrecy. It does not touch problems like NSA programs to sabotage encryption standards, it does not effectively tackle the issue of collecting information on people outside of the United States, and it doesn't address the authority that the government is supposedly using to tap the data links between service provider data centers, such as those owned by Google and Yahoo.

The bill also does not address a key issue that the government uses to inhibit lawsuits contesting the spying: excessive secrecy. For instance, it won't deal with the major over-classification issues or the state secrets privilege, the latter of which is used aggressively to prevent litigation from getting to a court decision on whether the spying is unconstitutional. The bill also leaves out a clause appearing in Sen. Ron Wyden's bill [113 S. 1551 Intelligence Oversight and Surveillance Reform Act] and, which provides guidelines to obtain standing in legal cases against the spying.

Lastly, it does not hold public officials accountable for their role in allowing this spying to take place and hiding it from public and Congressional oversight, and it does not create a Congressional committee that could independently investigate the surveillance programs and give the country a full accounting. Remember we are still just learning the full depth of the programs on a piecemeal basis.

So while we are happy to support the USA FREEDOM Act, we also acknowledge that there is still much to do to dial back the NSA. This can happen through ongoing improvements to the USA FREEDOM Act as well as through additional bills.
The EFF does list 7 steps the USA Freedom Act uses to improve privacy rights:
1. It would likely stop the NSA's call records program;
2. The bill modifies Section 702 of the FISA Amendments Act (EFF thinks one effect of the amendment is good - it requires the NSA to get a more narrowly tailored order from the FISA court before searching its enormous databases of call data for information on U.S. citizens. However, EFF is concerned that the amendment codifies the practices and existence of the collection and databases rather than abolishing them.
3. The bill creates a special advocate before the FISA court.
4. "Significant decisions" by the FISA court must be disclosed by the Attorney General. This is hugely important, though the FISA court itself has increased the publication of some of its decisions in recent days, there is neither any confidence that it might continue nor anything to show the public that we have had publication of either the most significant decisions or any proportion of significant decisions.
5. It increases protections designed to limit the potential harm from the use of National Security Letters (NSLs, the secret orders from the FBI that include a gag order preventing recipients from ever announcing they got one). Nevertheless, the law fails to address the central problem with NSLs: NSLs would still be unconstitutional.
6. Increases (a tiny bit) the ability of the companies that are ordered to cooperate with government agencies to be more transparent to users about their cooperation. There would still be gag orders limiting the amount of information that could be shared, but reports could be somewhat more detailed.
7. It grants subpoena powers for the Privacy and Civil Liberties Oversight Board (PCLOB). PCLOB is supposed to provide oversight and recommendations to the executive branch when it comes to our civil liberties, but currently has no subpoena powers.

Fight for the Future coordinates an Internet Fight against NSA Surveillance

Who here has gotten the e-mail from Fight for the Future? FFtF is a not for profit that
is dedicated to protecting and expanding the Internet's transformative power in our lives by creating civic campaigns that are engaging for millions of people. Alongside internet users everywhere we beat back attempts to limit our basic rights and freedoms, and empower people to demand technology (and policy) that serves their interests.
Well, they don't have any problem with self esteem, anyway. Their issues, from their About Us page, listed as posing "major threats to freedom of expression online":

Copyright and patent laws are outdated and overzealous. They hurt artists and innovation, shifting control of our art, media, and ideas to large corporations.
Slow speed and limited access: Lack of competition in the U.S. broadband market has resulted in an Internet system that is among the slowest, most expensive and least available among developed nations.
Tracking and Spying: People can’t express themselves freely online when they feel like they are being watched. In an extreme form, government and corporate surveillance can lead to political repression.
On Feb. 11, they are urging websites to add a banner to their sites
urging people to call/email Congress. We'll ask legislators to oppose the FISA Improvements Act, support the USA Freedom Act, and enact protections for non-Americans.

If you're not in the US: Visitors will be asked to urge appropriate targets to institute privacy protections.
Visit their website to see.

I have mixed feelings about the breadth of their issues. But I do know what I think about the NSA and FISA courts.