Decentralized Legal System: War on Crypto Privacy Intensifies

The Decentralized Legal System recently wrote an article titled: The War on Crypto Privacy Intensifies. Automatic Reporting of All Trades and Transactions Soon Mandatory.

Massive overreach of international regulators to force all service providers in the industry to:

Record ALL crypto trades on exchanges, DEFI and DEXs;
Record (large) purchases from private wallets;
Record all transfers to cold storage and make lists with private wallet addresses;
Send all this info annually to the (tax) authorities;
And finally, force governments to pass these rules into domestic law.

The war on privacy continues. The aim: to tackle anonymous spending and exchanging of crypto.

As you’ll discover, these new regulations force upon us a system of complete surveillance and control.

This report explains exactly what to expect from the latest developments launched in October 2022…

What is Going On?

Last year, the crypto world was shaken to its core when the Financial Action Task Force (FATF), acting in behalf of the G20, released their guidance on virtual assets.¹⁾

This document laid out a set of rules regarding stablecoins, distinctions between private and hosted wallets, extensive KYC requirements, the tackling of privacy tools, and more.²⁾ FATF has also provided a final definition of the type of service provider tasked with reporting on crypto: the Virtual Asset Service Provider.

Fast forward to today, and these rules are quickly being implemented across the world.³⁾ But as usual, it didn’t stop there. Another international regulator, the OECD, is already building on this framework in an attempt to massively increase the grip of authorities on crypo.

What is the OECD?

The Organisation for Economic Co-operation and Development (OECD) is a Paris-based international organisation that works to “build better policies for better lives.” Its goal is to shape policies that foster prosperity, equality, opportunity and well-being for all.⁴⁾

Together with governments, policy makers and citizens, the OECD works on finding solutions to a range of social, economic and environmental challenges. From improving economic performance and creating jobs, to fostering strong education and fighting international tax evasion. The organisation provides a unique forum and knowledge hub within which to discuss and develop public policies and international standard setting.⁵⁾

This “international standard” setting is what we will look at next.

Automated Exchange of Financial Information with Authorities Since 2014

In 2014, the OECD published the Standard for Automatic Exchange of Financial Account Information in Tax Matters.⁶⁾ This publication created a “Common Reporting Standard” (CRS), which forces financial institutions to automatically exchange account information with the authorities of the country of residence of their account holders. The goal: to prevent persons from holding financial accounts in offshore jurisdictions and not reporting them back home.

This is why all financial service providers request utility bills: they prove where you live, and hence where they have to report to.

All financial institutions that are subjected to these regulations are forced to automatically report to the authorities the name, address, Tax Identification Number(s), date and place of birth, the account number, and the account value as of the end of the relevant calendar year (or other appropriate reporting period).⁷⁾

Now, there is no more hiding of accounts held with a foreign financial institutions. The authorities enlisted all financial institutions as involuntary (but powerful) assistants in collecting facts and evidence needed for tax compliance.

The Panama Papers; Just in Time to Boost Worldwide Implementation of Automated Reporting…

After publishing their standards in 2014, the OECD needed to get countries and their financial institutions in line. By August 2015, the OECD had released the first version of a CRS Implementation Handbook.⁸⁾ It provided practical guidance to assist government officials and financial institutions in implementing CRS.

But while the standards set by the OECD came into force in 2016 in early-adopting states, by March of that year these standards were still far from being fully integrated into the global financial system.⁹⁾ This was especially true in the offshore jurisdictions that were the main target. What was needed was a shift in conscience…

On April 3rd, 2016, the International Consortium of Investigative Journalists published a giant leak of offshore financial records, better known as the Panama Papers.¹⁰⁾ These revelations caused public outrage.

The G5, the five largest Western European countries, were quick to jump on the bandwagon and call for more international cooperation to tackle “tax dodging and illicit finance.”¹¹⁾ The message did not fall on deaf ears; the next day, on April 15th, G20 Finance Ministers and Central Bank Governors met in Washington and issued the following Communiqué:

“…we call on all relevant countries including all financial centers and jurisdictions, which have not committed to implement the standard on automatic exchange of information by 2017 or 2018 to do so without delay and to sign the Multilateral Convention. We expect that by the 2017 G20 Summit all countries and jurisdictions will upgrade their Global Forum rating to a satisfactory level. We mandate the OECD working with G20 countries to establish objective criteria by our July meeting to identify non-cooperative jurisdictions with respect to tax transparency. Defensive measures will be considered by G20 members against non-cooperative jurisdictions if progress as assessed by the Global Forum is not made.”¹²⁾

Thus, within 12 days of the publication of the Panama Papers, the world’s 20 most powerful governments had collectively agreed to start pushing CRS reporting requirements aggressively, and to punish non-cooperative (offshore) jurisdictions—regardless of their local laws.

This is how offshore finance was brought into the fold, and financial privacy died.

Why Can the OECD Regulate Financial Institutions Around the World? Isn’t this a Task of Democracy?

The OECD isn’t a government agency of any individual country. As such, it cannot create law. It issues what is known as “soft laws,” or “recommendations” and “guidance.” Only when this guidance is transposed into the laws of individual countries does it becomes “hard” law, with real world power.

In theory, this process is subjected to the formal (democratic) law-making processes of the implementing countries. However, countries that don’t participate face restricted access to the financial system and ostracism from the international community. For this reason, almost all nations are compelled to implement these recommendations.

It must also be said that national governments, especially in the Western world, highly value this kind of international cooperation, and the control it gives them without the need to deal with the “inconveniences” of democracy. They simply hide behind the fact that these are “international standards” which they have to follow because “everybody” does.

Neither does it help that few of our representatives, journalists and fellow citizens seem to understand the impact of these treaties. Those in the legal industry who do understand the implications just look at it as “business as usual” and a new way to generate income. As such, most standards are passed into domestic law with little opposition or delay.

International Standards Aim to Supersede National Law

Once these treaties are accepted, they become part of a body of law called “international law,” which in many cases supersedes national laws. Unknown to the general public, international law is increasingly being used as a backdoor for passing invasive regulations such as those we are discussing here, and establishing a global bureaucracy with real power over our (financial) lives.

It is also worth noting that the people working for this Paris-based institution have not been elected, their procedures and budget are not subjected to democratic oversight, and they are almost impossible to remove from power.

Like most international organizations, their operations fall under the Vienna Conference on Diplomatic Intercourse and Immunities.¹³⁾ As such, they enjoy immunity for their actions taken whilst in office, are exempt from administrative burdens (such as taxes and fines), and enjoy less stringent (COVID) travel restrictions.

AUTOMATIC Exchange of Transaction Info For Crypto

Last October 10th, the OECD published the “Crypto-Asset Reporting Framework and Amendments to the Common Reporting Standard.”¹⁴⁾ This applies the tax reporting guidance of the existing CRS to crypto―and makes it FAR more invasive…

The OECD first published a public consultation version of the document on 22nd March 2022.¹⁵⁾ The deadline for feedback from the public was 29th April 2022. This gave the public just over a month to analyze a 101-page document, figure out what it meant for them and their clients in multiple jurisdictions, and formulate a public statement on company letterhead.

This is not a sign that the OECD takes public input seriously. When comparing the two documents, there is no material difference between the public consultation and the final version in the section that matters most, the actual rules…¹⁶⁾

Public consultations give these recommendations the appearance of being widely supported by “stakeholders.” It creates the illusion that the public has a say in the matter. It doesn’t. When you read the questions carefully, they only seek feedback on details, such as which intermediaries are to be included or excluded, which type of NFTs are to be in scope, what reporting thresholds there should be, and how much time should be reserved for implementation.¹⁷⁾

Furthermore, if you read the commentaries submitted, which can be downloaded here, most respondents just talk their own book, trying to elicit amendments that perhaps exempt them from a specific reporting requirement, or trying to get a longer time-frame for implementation. In all fairness, there were also a number of industry insiders who highlighted the double standards created for the crypto industry, and how much of a burden the regulations would represent. In the end, none of this mattered. The regulations have been published and are now the new worldwide standard…(article continues, click here)

Tenth Amendment Center: No Expectation of Privacy? Are You Sure About That?

Mike Maharrey at the Tenth Amendment Center talks about a reasonable expectation of privacy in public and how government is (should be) held to higher standard.

A lot of people just parrot things they hear without really thinking about it. If they did carefully consider what they were saying, they probably wouldn’t say it. This is particularly true when it comes to mass, warrantless surveillance.

The Lexington Police Department covertly uses two cameras that can be hidden in streetlights and one that is disguised as a utility box. Coupled with the fact that documents released by the LPD during legal proceedings reveal lax policies that could be interpreted to allow surveillance virtually any place at any time, I find the use of these cameras troubling.

But I’ve been told I have no basis to oppose the use of these cameras because, “You have no expectation of privacy in a public place.”

This is true in a technical, legal sense. But just because something is legal doesn’t make it just or ethical. And legality has virtually no bearing on how we live our lives.

And when you really did deep, most people don’t really believe this nonsense.

Based on the “expectation of privacy” doctrine, you can stand on the sidewalk in front of my house and take pictures of my daughter playing in the yard all day every day. You can even take pictures of my wife getting dressed through the window if she forgets to pull the curtains closed. Now, I may not have any legal expectation of privacy in my front yard or through my open blinds, but in the real world, I damn sure expect my daughter to be able to play in the yard and my wife to be able to get dressed free from your video-voyeurism.

And I think most reasonable people have the same expectation. It may not be a valid legal expectation, but it is certainly a reasonable human expectation.

The legal notion of “no expectation of privacy” in public is really meant to apply to incidental observation. I can’t come after you for taking a photo of a bird in my yard even if you happen to capture my daughter in the frame. I can’t demand police arrest you if you happen to glance up and see my wife through an uncovered window. I can’t get angry if I start dancing in a public park and you film me and stick it on YouTube.

But even from a legal standpoint, you can’t spy on me. At some point, your behavior crosses the line from incidental observation to stalking. I’m pretty sure if you saw me standing on the street taking pictures of your kids for hours on end, my insistence that you have “no expectation of privacy” would fall on deaf ears.

Government surveillance is more akin to stalking than incidental observation. If a cop positions a camera in such a way as to capture everything that happens in your yard, that’s a little creepy. It may be legal, but that doesn’t make it right.

In fact, government is held to a higher standard than everyday folks. The Fourth Amendment and privacy protections in every state constitution make this clear. For instance, Section 10 of the Kentucky State Constitution declares:

“The people shall be secure in their persons, houses, papers and possessions, from unreasonable search and seizure; and no warrant shall issue to search any place, or seize any person or thing, without describing them as nearly as may be, nor without probable cause supported by oath or affirmation.”

If government agents are going to watch me, they should have probable cause and get a warrant. Otherwise, they should leave me alone.

The issue of privacy was one of the flashpoints that led to the American War for Independence.

Prior to the Revolution, the British claimed the authority to issue Writs of Assistance allowing officials to enter private homes and businesses to search for evidence of smuggling. These general warrants authorized the holder to search anyplace for smuggled good and did not require any specification as to the place or the suspected goods. Writs of assistance never expired and were considered a valid substitute for specific search warrants. They were also transferable.

Electronic surveillance is the 21st-century version of writs of assistance. They allow police to go on fishing expeditions and watch our every move. They empower law enforcement to track us, document us and monitor us until they find a reason to come after us.

George Orwell’s 1984 was meant to warn us about ubiquitous government surveillance, not serve as an instruction manual.

I’ve written before about the negative impacts of surveillance on society and this odd mantra of “if you have nothing to hide you have nothing to fear.” I encourage you to review that article if you’re still not convinced.

People who roll out arguments like “you have no expectation of privacy” or “if you have nothing to hide you have nothing to fear” are really telling me they simply don’t believe the government would ever target them with surveillance. This mostly comes from conservatives who value law and order. But you should ask yourself a question: who is going to get targeted by surveillance when the government decides it wants to enforce a mask mandate? Or arrest people for attending a church service? Or when they come after a certain kind of gun? You are only one policy-shift away from having the digital crosshairs on your back.

Never forget, the power you give government over others — it also has over you.

Mises Wire: The Government Wants Your Crypto Data. And Lots of It.

Bitcoin Manifesto author Allan Stevo has an article at the Mises Institute about how the government would like to track your crypto transactions, as well as ways that can help anonymize your cryptocurrency use – The Government Wants Your Crypto Data. And Lots of It. Don’t be scared off of cryptocurrency just because governments want to control them. It takes some time and effort to understand and take countermeasures. While governments would have you think otherwise, the money you have earned is yours not theirs.

he Venezuelan government recently announced that its Administrative Service for Identification, Migration and Foreigners (SAIME) is now accepting bitcoin as a payment method for passports.

The problem with that is that bitcoin is not anonymous but pseudonymous.

To interact with any government using bitcoin is to reveal to them the wallet you are paying from. The blockchain is public. When commentators like Caitlin Johnstone and Stefan Molyneux or organizations such as the Mises Institute or TOR Foundation ask for bitcoin contributions, one can follow the money with a blockchain explorer to see how much comes in and how it is spent. One can also see who gave it to them if a donor hasn’t exercised some caution in protecting their privacy.

I would never want the Venezuelan government, the US government, or anyone else who might misuse that information to be able to peek into my crypto finances, especially not through a transaction tied to my passport. Who’s to say that the next time I appear at an immigration checkpoint I won’t be flagged for having too fat of a bitcoin wallet or putting money toward some politically incorrect use?

Though the Venezuelan government dedicates a fraction of the resources to spying on its citizens that the US government does to spying on Americans, there is no need to carelessly provide any government with extra personal data. Knowledge in the hands of the state will be used as a weapon in the hands of the state.

There are plenty of lists of big bitcoin wallets and there are people who make a name for themselves by watching bitcoin move from one account to another. Among them is the US government.

On February 6, 2018, Commodity Futures Trading Commission (CFTC) chairman Chris Giancarlo before the US Senate Banking Committee revealed that the US government uses spot exchanges such as Bitstamp, Coinbase, itBit, and Kraken to glimpse into the industry.

Chainalysis, run by Kraken’s cofounder and former COO Michael Gronager, exists to tie personal identity to bitcoin transactions. Their business model is the reduction of other people’s personal privacy, data that they then monetize by selling it to their customers. Far more sinister than Google or Facebook, which at least anonymize data prior to selling it to advertisers, Chainalysis links real-life personal data, including legal name, to a specific wallet. Many blockchain analysis competitors exist.

Coinbase has recently come under fire for having a similar service, Coinbase Analytics, which has a contract with the US Department of Homeland Security. “Coinbase joins a crowded field of cryptocurrency analytics companies – Chainalysis, Elliptic, CipherTrace and others – vying for a piece of the federal pie. Agencies from all corners of the U.S. government regularly contract with crypto intel firms, inking deals for their tracing software worth millions, and sometimes stretching years,” reports Coindesk.

The bitcoin exchanges that KYC (know your customer) their customers are a perfect place for industry data collection to take place. Coinbase could monetize and simplify that data collection process, not only charging fees for their exchange services, but taking it a step further and monetizing their user data, making their users the product. This is especially pernicious in the privacy obsessed, smaller-government realm of cryptocurrency.

How much money did it take for this $8 billion company to sell out crypto consumers to the US government? Government disclosure shows that the contract has a current award amount of $49,000, with potential for another $134,750 total over the next four years.

Coinbase has reassured users that it is only collecting publicly available data about its users, nothing more, and packaging that for government use. Its CEO, Brian Armstrong, has encouraged users not to use bitcoin if they don’t want to be snooped on by Coinbase, but to use privacy coins instead.

Luckily, the marketplace is responding to privacy incursions like this:

There are exchanges that won’t follow standard “know your customer” polices (or KYC), and which consequently can provide more anonymity.

There are decentralized exchanges like Bisq that can’t easily be subpoenaed because there is no central entity to subpoena.

There are wallets that can be used to anonymize bitcoin transactions such as Wasabi Wallet, which utilizes a concept known as CoinJoin to anonymize ownership

Bitcoin mixers too are used by some to anonymize transactions.

Additional ways of anonymizing bitcoin purchases exist, such as with cash or through ATMs, which may or may not KYC customers.

We are now witnessing the introduction of “privacy coins.” These are designed to be far more difficult to trace—some might even say impossible—though I long ago learned that the word “impossible” is not really that accurate, as possibility or impossibility is merely a question of will and available resources.

This topic of maintaining privacy in bitcoin transactions is especially pertinent as personal privacy comes under attack.

US Senators Lindsey Graham (R-South Carolina), Tom Cotton (R-Arkansas), and Marsha Blackburn (R-Tennessee) have introduced the “Lawful Access to Encrypted Data Act,” an antiencryption bill that insists that all encryption without a government back door is illegal. To follow such an order would spell the death of encryption. Any encryption with a back door is not actually encryption.

The pseudonymous Scott Alexander of Slate Star Codex was under threat of doxxing by the New York Times and consequently deleted his popular blog out of privacy concerns. The New York Times defended itself by saying it has a policy to identify all people it writes about. Alexander, after a month of silence from the New York Times on the topic, believes the threat has subsided. The callous disregard for privacy remains.

Google and Apple are begging governments to let them use mobile phones to monitor the whereabouts of users in the name of the latest cause against liberty—public health.

As journalist Peter Chawaga has pointed out, “Privacy is becoming one of the most scarce resources in the world.”

If these attacks on privacy were without consequence, then perhaps one might feel better about them, but as the current spate of cancel culture demonstrates—from Central Park Karen to Seattle’s middle finger Karen—merely having a camera turned on a person when they’re showing disagreeable behavior can be enough to shatter the fragile lives that many live. There’s almost a sociopathic hunger to destroy a person intertwined in some of this behavior. How much worse would the impact of that mob of sociopaths be if they also had access to all of a person’s financial data?

It’s a great time for more encryption and more privacy, and an awful time for helping governments or any other organization populate databases that you can guarantee will one day be used heartlessly against you.

EFF: EARN IT Bill to Scan Every Online Message

From digital civil liberties champion Electronic Frontier Foundation, The EARN IT Bill Is the Government’s Plan to Scan Every Message Online

Imagine an Internet where the law required every message sent to be read by government-approved scanning software. Companies that handle such messages wouldn’t be allowed to securely encrypt them, or they’d lose legal protections that allow them to operate.

That’s what the Senate Judiciary Committee has proposed and hopes to pass into law. The so-called EARN IT bill, sponsored by Senators Lindsay Graham (R-SC) and Richard Blumenthal (D-CT), will strip Section 230 protections away from any website that doesn’t follow a list of “best practices,” meaning those sites can be sued into bankruptcy. The “best practices” list will be created by a government commission, headed by Attorney General Barr, who has made it very clear he would like to ban encryption, and guarantee law enforcement “legal access” to any digital message.

The EARN IT bill had its first hearing today, and its supporters’ strategy is clear. Because they didn’t put the word “encryption” in the bill, they’re going to insist it doesn’t affect encryption.

“This bill says nothing about encryption,” co-sponsor Sen. Blumenthal said at today’s hearing. “Have you found a word in this bill about encryption?” he asked one witness.

It’s true that the bill’s authors avoided using that word. But they did propose legislation that enables an all-out assault on encryption. It would create a 19-person commission that’s completely controlled by the Attorney General and law enforcement agencies. And, at the hearing, a Vice-President at the National Center for Missing and Exploited Children (NCMEC) made it clear [PDF] what he wants the best practices to be. NCMEC believes online services should be made to screen their messages for material that NCMEC considers abusive; use screening technology approved by NCMEC and law enforcement; report what they find in the messages to NCMEC; and be held legally responsible for the content of messages sent by others.

You can’t have an Internet where messages are screened en masse, and also have end-to-end encryption any more than you can create backdoors that can only be used by the good guys. The two are mutually exclusive. Concepts like “client-side scanning” aren’t a clever route around this; such scanning is just another way to break end-to-end encryption. Either the message remains private to everyone but its recipients, or it’s available to others…

Click here to read the entire article at EFF.org.

EFF: Dangers to Privacy in EARN IT Act

The EARN IT Act introduced by Senator Lindsay Graham purports to be for the prevention of online child exploitation “and other purposes.” It’s those other purposes that we need to watch. The EFF, an organization fighting for your digital civil liberties, writes the article Congress Must Stop the Graham-Blumenthal Anti-Security Bill, expounding upon the many dangers lurking inside this bill.

There’s a new and serious threat to both free speech and security online. Under a draft bill that Bloomberg recently leaked, the Attorney General could unilaterally dictate how online platforms and services must operate. If those companies don’t follow the Attorney General’s rules, they could be on the hook for millions of dollars in civil damages and even state criminal penalties.

The bill, known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, grants sweeping powers to the Executive Branch. It opens the door for the government to require new measures to screen users’ speech and even backdoors to read your private communications—a stated goal of one of the bill’s authors.

Senators Lindsay Graham (R-SC) and Richard Blumenthal (D-CT) have been quietly circulating a draft version of EARN IT. Congress must forcefully reject this dangerous bill before it is introduced.

EARN IT Is an Attack on Speech

EARN IT undermines Section 230, the most important law protecting free speech online. Section 230 enforces the common-sense principle that if you say something illegal online, you should be the one held responsible, not the website or platform where you said it (with some important exceptions)…

EARN IT is a direct threat to constitutional protections for free speech and expression. To pass constitutional muster, a law that regulates the content of speech must be as narrowly tailored as possible so as not to chill legitimate, lawful speech. Rather than being narrowly tailored, EARN IT is absurdly broad: under EARN IT, the Commission would effectively have the power to change and broaden the law however it saw fit, as long as it could claim that its recommendations somehow aided in the prevention of child exploitation. Those laws could change and expand unpredictably, especially after changes in the presidential administration…

Throughout his term as Attorney General, William Barr has frequently and vocally demanded “lawful access” to encrypted communications, ignoring the bedrock technical consensus that it is impossible to build a backdoor that is only available to law enforcement. Barr is far from the first administration official to make impossible demands of encryption providers: he joins a long history of government officials from both parties demanding that encryption providers compromise their users’ security.

We know how Barr is going to use his power on the “best practices” panel: to break encryption. He’s said, over and over, that he thinks the “best practice” is to always give law enforcement extraordinary access. So it’s easy to predict that Barr would use EARN IT to demand that providers of end-to-end encrypted communication give law enforcement officers a way to access users’ encrypted messages. This could take the form of straight-up mandated backdoors, or subtler but no less dangerous “solutions” such as client-side scanning. These demands would put encryption providers like WhatsApp and Signal in an awful conundrum: either face the possibility of losing everything in a single lawsuit or knowingly undermine their own users’ security, making all of us more vulnerable to criminals…

Weakening Section 230 makes it much more difficult for a startup to compete with the likes of Facebook or Google. Giving platforms a legal requirement to screen or filter users’ posts makes it extremely difficult for a platform without the resources of the big five tech companies to grow its user base (and of course, if a startup can’t grow its user base, it can’t get the investment necessary to compete)…

Click here to read the entire article at EFF

EFF: Ending Government Use of Face Surveillance

The Electronic Frontier Foundation (EFF) has launched a new campaign called About Face to help communities call for an end to government use of face surveillance. With the recent announcement that facial recognition is coming to Sea-Tac airport, you can see that face surveillance is becoming more and more prevalent in America.

…Many forms of biometric data collection raise a wealth of privacy, security, and ethical concerns. Face surveillance ups the ante. We expose our faces to public view every time we go outside. Paired with the growing ubiquity of surveillance cameras in our public, face surveillance technology allows for the covert and automated collection of information related to when and where we worship or receive medical care, and who we associate with professionally or socially.

Many proponents of the technology argue that there is no reasonable expectation of privacy when we spend time in public, and that if we have nothing to hide, we have nothing to fear. EFF is not alone in finding this argument meritless. In his recent majority opinion in the watershed Carpenter v. United States (2018), Supreme Court Chief Justice John Roberts wrote: “A person does not surrender all Fourth Amendment protection by venturing in the public sphere.” In a recent Wired interview, Attorney Gretchen Greene explains: “Even if I trust the government, I do care. I would rather live in a world where I feel like I have some privacy, even in public spaces.” Greene goes on to identify the inherent First-Amendment concerns implicated by government use of face surveillance: “If people know where you are, you might not go there. You might not do those things.”

Like many of us, Greene is particularly concerned about how the technology will impact members of already marginalized communities. “Coming out as gay is less problematic professionally than it was, in the US, but still potentially problematic. So, if an individual wants to make the choice [of] when to publicly disclose that, then they don’t want facial recognition technology identifying that they are walking down the street to the LGBTQ center.” These concerns are not limited to any one community, and the impacts will be felt regardless of intent. “We’re not trying to stop people from going to church, we’re not trying to stop them from going to community centers, but we will if they are afraid of [the consequence] in an environment that is hostile to, for instance, a certain ethnicity or a certain religion…”

Click here to read the entire article at EFF.org.

EFF: US-UK Agreement to Allow Warrantless Access to US Internet Servers

This article is from the Electronic Frontier Foundation, which fights for your digital freedoms, about an agreement between the US and the UK which would allow the UK police access to data held by American companies without following US privacy laws or the 4th Amendment.

Congress, Remember the 4th Amendment? It’s Time to Stop the U.S.-UK Agreement.

Unless Congress stops it, foreign police will soon be able to collect and search data on the servers of U.S. Internet companies. They’ll be able to do it without a probable cause warrant, or any oversight from a U.S. judge. This is all happening because of a new law enforcement deal between the U.S. and the United Kingdom. And while it seeks to exclude purely domestic correspondence between U.S. citizens and residents, plenty of Americans’ data will get swept up when they communicate with targeted individuals located abroad.

This is all happening because, for the first time, the U.S. executive branch is flexing its power to enter into law enforcement agreements under the CLOUD Act. We’ve been strongly opposed to this law since it was introduced last year. The recently signed deal between the U.S. Department of Justice and the U.K. Home Office will allow U.K. police easy access to data held by American companies, regardless of where the data is stored. These U.K. data requests, including demands to collect real-time communications, do not need to meet the standards set by U.S. privacy laws or the 4^th Amendment. Similarly, the deal will allow U.S. police to grab information held by British companies without following U.K. privacy laws.

This deal, negotiated by American and British law enforcement behind closed doors and without public input, will deal a hammer blow to the legal rights of citizens and residents of both countries. And the damage won’t stop there. The U.S.-U.K. Cloud Act Agreement may well become a model for further bilateral deals with other foreign governments and the United States. Earlier this month, Australian law enforcement agencies began negotiating their own deal to directly access private information held by U.S. Internet companies.

There’s still one possible path to put the brakes on this disastrous U.S.-UK deal: Congress can introduce a joint resolution of disapproval of the agreement within 180 days. This week, EFF has joined 19 other privacy, civil liberties, and human rights organizations to publish a joint letter explaining why Congress must take action to resist this deal.

No Prior Judicial Authorization

In the U.S., the standard for when law enforcement can collect stored communications content is clear: police need to get a warrant, based on probable cause. If police want to wiretap an active conversation, they have to satisfy an even higher standard, sometimes called a “super warrant,” that limits both the timing and use of a wiretap. Perhaps most importantly, stored communications warrants and wiretap warrants have to be signed by a U.S. judge, which adds an extra layer of review to whether privacy standards are met. At EFF, a core part of our work is insisting on the importance of a warrant in many different scenarios.

Judicial authorization is a critical step in the U.S. warrant process. When police search people’s private homes, offices, or devices, they must justify why the search for specific evidence outweighs the presumption that individuals remain free from government intrusion. Judicial authorization acts as a safeguard between citizens and law enforcement. Further, history has shown that police can and will abuse their powers for intimidation, or even personal gain. In colonial times, the British military used general warrants to search through colonists’ houses and seize property—actions that helped fuel a revolution, and formed the basis for the 4th Amendment to the U.S. Constitution.

Incredibly, the DOJ has just thrown those rights away. Instead of relying on probable cause, the new agreement uses an untested privacy standard that says that orders must be based on a “reasonable justification based on articulable and credible facts, particularity, legality, and severity.” No judge in any country has decided what this means. Continue reading “EFF: US-UK Agreement to Allow Warrantless Access to US Internet Servers” →

Liberty Blitzkrieg: AG Barr Wants to Kill Privacy and Security

Michael Krieger of Liberty Blitzkrieg has written a post about US Attorney General William Barr who has come out very much against the use of encryption by anyone but the government in recent weeks. The government wants full access to everything that you do and say wherever you are doing it, no matter how personal or private. As usual, it must be done “to save the children.”

William Barr Wants to Kill Privacy and Security…’For the Children’

U.S. Attorney General William Barr, along with co-conspirators in the UK and Australia, recently wrote a letter to Mark Zuckerberg requesting he not move forward with a plan to implement end-to-end encryption across Facebook’s messaging services. A draft of the letter was published earlier this month by Buzzfeed, and it’s worth examining in some detail.

What immediately strikes you is the letter’s emphasis on “protecting the children,” a talking point universally used by authoritarians throughout history to justify both a reduction of public liberty and a transfer of increased power to the state. Though this tactic is transparent and well understood by those paying attention, it’s nevertheless disturbing to observe Barr’s disingenuous and shameless use of it (the words ‘child’ and ‘children’ appear 17 times in the course of this brief letter).

Here’s just one example from the letter:

Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes. This puts our citizens and societies at risk by severely eroding a company’s ability to detect and respond to illegal content and activity, such as child sexual exploitation and abuse, terrorism, and foreign adversaries’ attempts to undermine democratic values and institutions, preventing the prosecution of offenders and safeguarding of victims. It also impedes law enforcement’s ability to investigate these and other serious crimes. Risks to public safety from Facebook’s proposals are exacerbated in the context of a single platform that would combine inaccessible messaging services with open profiles, providing unique routes for prospective offenders to identify and groom our children.

Barr and the U.S. government feign deep concern regarding the ability of bad people to “identify and groom our children,” yet this is the same guy and government who allowed Jeffrey Epstein to be suicided in a Department of Justice prison just a few months ago. It’s the same guy and government who can’t find or doesn’t want to find Ghislaine Maxwell. And it’s same guy and government that can’t be bothered to raid Epstein’s New Mexico ranch despite known instances of child abuse there…

Click here to read the entire article at Liberty Blitzkrieg.

EFF: Big Tech’s Disingenuous Push for a Federal Privacy Law

Following the theme of the earlier article on The Meat Packing Myth is this article from the Electronic Frontier Foundation – an organization leading the fight for digital privacy and free speech — about a push by big tech companies for federal regulation of digital privacy and why this push is in the self-interest of these corporations rather than in support of your actual privacy.

Big Tech’s Disingenuous Push for a Federal Privacy Law

This week, the Internet Association launched a campaign asking the federal government to pass a new privacy law.

The Internet Association (IA) is a trade group funded by some of the largest tech companies in the world, including Google, Microsoft, Facebook, Amazon, and Uber. Many of its members keep their lights on by tracking users and monetizing their personal data. So why do they want a federal consumer privacy law?

Surprise! It’s not to protect your privacy. Rather, this campaign is a disingenuous ploy to undermine real progress on privacy being made around the country at the state level. IA member companies want to establish a national “privacy law” that undoes stronger state laws and lets them continue business as usual. Lawyers call this “preemption.” IA calls this “a unified, national standard” to avoid “a patchwork of state laws.” We call this a big step backwards for all of our privacy.

The question we should be asking is, “What are they afraid of?”

Stronger state laws

After years of privacy scandals, Americans across the political spectrum want better consumer privacy protections. So far, Congress has failed to act, but states have taken matters into their own hands. The Illinois Biometric Information Privacy Act (BIPA), passed in 2008, makes it illegal to collect biometric data from Illinois citizens without their express, informed, opt-in consent. Vermont requires data brokers to register with the state and report on their activities. And the California Consumer Privacy Act (CCPA), passed in 2018, gives users the right to access their personal data and opt out of its sale. In state legislatures across the country, consumer privacy bills are gaining momentum.

This terrifies big tech companies. Last quarter alone, the IA spent nearly $176,000 lobbying the California legislature, largely to weaken CCPA before it takes effect in January 2021. Thanks to the efforts of a coalition of privacy advocates, including EFF, it failed. The IA and its allies are losing the fight against state privacy laws. So, after years of fighting any kind of privacy legislation, they’re now looking to the federal government to save them from the states. The IA has joined Technet, a group of tech CEOs, and Business Roundtable, another industry lobbying organization, in calls for a weak national “privacy” law that will preempt stronger state laws. In other words, they want to roll back all the progress states like California have made, and prevent other states from protecting consumers in the future. We must not allow them to succeed.

A private right of action

Laws with a private right of action allow ordinary people to sue companies when they break the law. This is essential to make sure the law is properly enforced. Without a private right of action, it’s up to regulators like the Federal Trade Commission or the U.S. Department of Justice to go after misbehaving companies. Even in the best of times, regulatory bodies often don’t have the resources needed to police a multi-trillion dollar industry. And regulators can fall prey to regulatory capture. If all the power of enforcement is left in the hands of a single group, an industry can lobby the government to fill that group with its own people. Federal Communications Commission chair Ajit Pai is a former Verizon lawyer, and he’s overseen massive deregulation of the telecom industry his office is supposed to keep in check.

The strongest state privacy laws include private rights of action. Illinois BIPA allows users whose biometric data is illegally collected or handled to sue the companies responsible. And CCPA lets users sue when a company’s negligence results in a breach of personal information. The IA wants to erase these laws and reduce the penalties its member companies can face for their misconduct in legal proceedings brought by ordinary consumers…

Organic Prepper: Gov’t Still Wants to Backdoor Encryption

Daisy Luther at the Organic Prepper has written an article summarizing some of the recent press and government meetings discussing the government’s desire to be able to reverse encryption on communication devices, web pages, etc. – The Govt. Wants to OUTLAW Encrypted Messaging in iMessage, WhatsApp, Signal, Wickr, Telegram, Etc. If you’re tuned into the modern fight over privacy, they probably isn’t news to you. The government always wants more control over your data, communication and information. They say they need it to keep you safe. Luckily there are still entities with some pull who are arguing that putting in encryption backdoors will harm the United States, but they’re fighting on the basis of economic harm. No one cares about your privacy. No one in government, anyway.

If you ever use the encrypted messaging options on programs like iMessage, WhatsApp, Signal, Wickr, Telegram, or any other service, your time to discuss things privately over the phone may be running out. The US government doesn’t like for anything to get in the way of their ability to ~~spy on~~ investigate even the most mundane of conversations.

Instead of seeing privacy as a right, they see it as suspicious. Your devices are already being searched at quadruple the previous rate in airports. And the attack on free speech is now going as far as our private messages to our friends and family.

Because the only reason we’d want privacy is that we’re criminals

This was the topic of a National Security meeting last week.

The encryption challenge, which the government calls “going dark,” was the focus of a National Security Council meeting Wednesday morning that included the No. 2 officials from several key agencies, according to three people familiar with the matter.

Senior officials debated whether to ask Congress to effectively outlaw end-to-end encryption, which scrambles data so that only its sender and recipient can read it, these people told POLITICO. Tech companies like Apple, Google and Facebook have increasingly built end-to-end encryption into their products and software in recent years — billing it as a privacy and security feature but frustrating authorities investigating terrorism, drug trafficking and child pornography. (source)

So, which government agencies are hot to make encrypted messages illegal?

The DOJ and the FBI argue that catching criminals and terrorists should be the top priority, even if watered-down encryption creates hacking risks. The Commerce and State Departments disagree, pointing to the economic, security and diplomatic consequences of mandating encryption “backdoors.”

DHS is internally divided. The Cybersecurity and Infrastructure Security Agency knows the importance of encrypting sensitive data, especially in critical infrastructure operations, but ICE and the Secret Service regularly run into encryption roadblocks during their investigations. (source)

It looks like the simpler answer is the few who understand there are reasonable, non-criminal uses.

There are plenty of legitimate reasons we might want to encrypt our conversations.

Of course, we know there are dozens of reasons we might want to use the encryption function on our favorite messaging apps. For example, when I was recently traveling in Europe, I needed to give my daughter credit card information to pay a bill for me. I used the encryption function on Telegram to send it because who wants that out there floating around?

Indeed, there are many legitimate reasons to use end-to-end encryption…

Click here to read the entire article at the Organic Prepper.

More Anti-Gun Crazy from New York

From RochesterFirst.com, more proof that the inmates are running the asylum – Proposed law would let State search gun owner’s social media and internet history. The privacy invasions involved in this bill are a new level of crazy. Look for more of this mental diarrhea coming to a state near you.

A new act introduced in the New York State Assembly this month would require pistol owners to submit to a “social media review.”

Anyone applying for, or renewing a pistol permit would have to give up all login information, including passwords, for any social media sites they’re a part of.

Posts from the past three years on site like Facebook, Twitter and Snapchat would be reviewed for language containing slurs, racial/gender bias, threats and terrorism.

One year of search history on Google/Yahoo/Bing would also be reviewed.

Conservative Firing Line: New York Senate Bill 9191 – Destroying the Bill of Rights

How “Nothing to Hide” Leads to “Nowhere to Hide”

From The Daily Bell – How “Nothing to Hide” Leads to “Nowhere to Hide” – Why Privacy Matters in an Age of Tech Totalitarianism

Would you allow a government official into your bedroom on your honeymoon? Or let your mother-in-law hear and record every conversation that takes place in your home or car – especially disagreements with your husband or wife? Would you let a stranger sit in on your children’s playdates so that he could better understand how to entice them with candy or a doll?

Guess what? If you bring your phone with you everywhere, or engage with a whole-house robo helper such as Alexa or Echo or Siri or Google, you’re opening up every aspect of your life to government officials, snooping (possibly criminal) hackers, and advertisers targeting you, your spouse and your children…

When you ask Siri or Echo or Alexa or Google (and others of their ilk) something, it’s great to get an immediate answer… but the corollary is that Siri and Echo and Alexa and Google are listening to every conversation you’re having with your spouse, every fight you’re having with your kids, and every bit of heavy breathing that might be taking place in the dark.

That response inherently grants legitimacy to the search in the first place. The implication is that if you have nothing to “hide,” then the tech companies, the advertisers, the government, etc. should indeed have full access to every aspect of your life…

Technology can lead to convenience, but it can also lead to abuses of power. In its extreme, that is called totalitarianism.

In the end, we must take precautions if we’re to have anything close to liberty. Some of you have, no doubt, read Jonah Goldberg’s excellent book from 2007, Liberal Fascism, the hardcover of which features a smiley face graphic with a Hitler mustache. In the introduction, Mr. Goldberg quotes a segment from a Bill Maher show in which George Carlin says, in essence, (and I’m paraphrasing) that “when fascism comes to America it will be wearing a smiley face.”

I’d go a step further — it will be cloaked in an emoji… seemingly innocuous, friendly, and ubiquitous.

We must stop giving away our privacy. We must start thinking about personal “data” as the commodity that it already is, and even as a weapon that can be used against us.

If we don’t stop and reconsider what we’re giving away, not only will there be nothing to hide, but nowhere to hide.

Read the entire article here