Beyond Apple’s clash with DOJ, these surveillance cases got our attention in 2016.
As a tumultuous 2016 draws to a close, one case distilled contemporary law enforcement, terrorism, encryption, and surveillance issues more than any other: the case popularly known as “FBI vs. Apple.”
The ordeal began on February 16 when a federal judge in Riverside, California, ordered Apple to help the government unlock and decrypt the seized iPhone 5C used by Syed Rizwan Farook. Farook had shot up an office party in a terrorist attack in nearby San Bernardino in December 2015.
Specifically, United States Magistrate Judge Sheri Pym mandated that Apple provide the FBI a custom firmware file, known as an IPSW file, that would likely enable investigators to brute force the passcode lockout currently on the phone, which was running iOS 9. This order was unprecedented.
Apple refused, and the two sides battled it out in court filings and the court of public opinion for weeks.
But the day before they were set to argue before the judge in Riverside, prosecutors called it off. They announced that federal investigators had found some mysterious way to access the contents of Farook’s phone, but provided hardly any details. In April 2016, Ars reported that the FBI paid at least $1.3 million for a way to access the phone. But getting into the phone seems to have resulted in little, if any, meaningful benefits.
The underlying legal issue remains unresolved. In May 2016, FBI Director James Comey noted that the government would likely bring further legal challenges in the near future. The law is clearly struggling to keep up with the current realities of encryption. These issues impact not only national security cases, but also more run-of-the-mill crimes.
In short, many of the most profound questions of our time have yet to be resolved. These include: what measures can the government take in order to mitigate encryption? What tools can the government employ in order to conduct legitimate investigations? Can a person or a company be compelled to hand over a password or fingerprint to unlock a phone or create new software to achieve that end?
In years past, Ars has tried to predict what privacy-related cases would reach the Supreme Court. Given that our track record has been abysmal, we’re going to take a slightly different approach this year. Today, we’ll update the five surveillance-related cases that we thought would become huge in 2016. Tomorrow, we’ll expand our outlook to include other important legal cases still ongoing in 2017 that touch on important tech issues.
As with last year, we’ll begin with the story of a terrorism suspect who was convicted of attempting to blow up a Christmas tree lighting ceremony in Portland, Oregon, in 2010. That case involved a Somali-American, Mohamed Osman Mohamud, who became a radicalized wannabe terrorist. Mohamud believed that he was corresponding with an Al-Qaeda sympathizer, and he was eventually introduced to another man who he believed was a weapons expert. Both of those men were with the FBI. Mohamud thought it would be a good idea to target the ceremony on November 27, 2010. He was arrested possessing what he believed was a detonator, but it was, in fact, a dud.
Earlier this month, the 9th US Circuit Court of Appeals rejected an effort to overturn Mohamed Osman Mohamud’s conviction on the grounds that the surveillance to initially identify the suspect did not require a warrant. Mohamud went to trial, was eventually found guilty, and was then sentenced to 30 years in prison.
After the conviction, the government disclosed that it used surveillance under Section 702 of the FISA Amendments Act to collect and search Mohamud’s e-mail. Seeing this, Mohamud’s legal team attempted to re-open the case, but the 9th Circuit disagreed.
As the 9th Circuit ruled: “The panel held that no warrant was required to intercept the overseas foreign national’s communications or to intercept a U.S. person’s communications incidentally.”
From here, Mohamud and his legal team could ask that the 9th Circuit re-hear the appeal with a full panel of judges (en banc), or they could appeal up to the Supreme Court. If either court declines, the case is over, and the ruling stands.
Slowly turning wheels of justice
Case: United States v. Hasbajrami
Status: Appeal pending in 2nd US Circuit Court of Appeals
Similar to Mohamud, another notable terrorism case revolves around Section 702 surveillance. As we reported at this time last year, Hasbajrami involves a United States person (citizen or legal resident) accused of attempting to provide support for terrorism-related activities. According to the government, Agron Hasbajrami, an Albanian citizen and Brooklyn resident, traded e-mails with a Pakistan-based terror suspect back in 2011. The terror suspect claimed to be involved in attacks against the US military in Afghanistan. After he was apprehended, Hasbajrami pleaded guilty in 2013 to attempting to provide material support to terrorists.
Earlier this year, when we expected to see Hasbajrami’s first appellate filing, his new lawyers filed an application with the judge. They asked that the case be held “in abeyance,” which essentially puts a kind of stay on the appeals process. The 2nd Circuit agreed.
The reason? Because US District Judge John Gleeson, then the judge at the lower-court level, issued a classified opinion “which directly relates to and impacts the issues to be raised on appeal.”
United States v. Hasbajrami was delayed when Judge Gleeson stepped down from the bench in late February. While Judge Gleeson’s opinion was released (in a redacted form) to the defense attorneys, by September, defense attorneys argued again in filings to the new judge that they possess adequate security clearance and should be given access to this material, unredacted.
As they wrote:
In that context, the government repeatedly fails—in its argument as well as the authority it cites—to distinguish public release of the redacted portions from providing security-cleared defense counsel access to that material. Here, all Mr. Hasbajrami seeks is the latter. Thus, the dangers of dissemination beyond to those already authorized to review classified information simply do not exist, and the government’s contentions with respect to national security serve as a red herring.
The most recent entry in either the appellate or district court docket is an October 31 filing. In it, defense attorneys inform the 2nd Circuit that they are still waiting for Chief US District Judge Dora Irizarry to rule on receiving the unredacted version.
One of Hasbajrami’s attorneys is Joshua Dratel. Dratel is famous for having defended (and still defending) Ross Ulbricht, the convicted mastermind behind the Silk Road drug marketplace website.
The Free Encyclopedia
Case: Wikimedia v. NSA
Status: Appeal pending in 4th US Circuit Court of Appeals
Of course, Section 702 is just one of many ways the government is conducting surveillance beyond its intended target. Wikimedia v. NSA is one of several cases that has tried to target the “upstream” setup that allows the NSA to grab data directly off fiber optic cables.
Wikimedia, which publishes Wikipedia, filed its case originally in March 2015. In it, the company argues that the government is engaged in illegal and unconstitutional searches and seizures of these groups’ communications.
But, in October 2015, US District Judge T.S. Ellis III dismissed the case. He found that Wikimedia and the other plaintiffs had no standing and could not prove that they had been surveilled. That action largely echoed a 2013 Supreme Court decision, Clapper v. Amnesty International.
The plaintiffs filed their appeal to the 4th US Circuit Court of Appeals immediately. In their February 2016 opening brief, which was written by top attorneys from the American Civil Liberties Union, they argue essentially that Wikipedia traffic had to have been captured in the National Security Agency’s snare because it’s one of the most-trafficked sites on the Internet.
In other words, even if the NSA were conducting Upstream surveillance on only a single circuit, it would be copying and reviewing the Wikimedia communications that traverse that circuit. But the government has acknowledged monitoring multiple internet circuits—making it only more certain that Wikimedia’s communications are being copied and reviewed. Moreover, the NSA’s own documents indicate that it is copying and reviewing Wikimedia’s communications. Taken together, these detailed factual allegations leave no doubt as to the plausibility of Wikimedia’s standing.
The government, for its part, countered by saying that the 4th Circuit should uphold the district court’s ruling. Why? Because, as it argued in April 2016, Wikimedia’s argument is largely speculative.
… the facts do not support plaintiffs’ assumption that Wikimedia’s communications must traverse every fiber of every sub-cable such that, if the NSA is monitoring only one fiber or even one sub-cable, it still must be intercepting, copying, and reviewing Wikimedia’s communications.
Beyond that, the government continued, even if Wikimedia’s communications were intercepted, the plaintiffs have not demonstrated how they have actually been injured, because a large portion of the NSA’s interception is done by machine.
The government continued:
Indeed, plaintiffs’ complaint generally fails to state a cognizable injury because, whatever the nature of the particular communications at issue, plaintiffs have made no allegation that interception, copying, and filtering for selectors involve any human review of the content of those communications.
The two sides squared off at the 4th Circuit in Baltimore on December 8, 2016 for oral arguments. A decision is expected within the next few months.
Fast food, fast crimes
Case: United States v. Graham
Status: Decided en banc at 4th US Circuit Court of Appeals, cert petition filed to Supreme Court
This case was a big hope for many civil libertarians and privacy activists. An appeals court had initially rejected the thorny third-party doctrine and found that, because the two suspects voluntarily disclosed their own location to their mobile carrier via their phones, they did not have a reasonable expectation of privacy.
But in May 2016, the 4th US Circuit Court of Appeals, in an en banc ruling, found in favor of the government. The court concluded that police did not, in fact, need a warrant to obtain more than 200 days’ worth of cell-site location information (CSLI) for two criminal suspects.
As the court ruled:
The Supreme Court may in the future limit, or even eliminate, the third-party doctrine. Congress may act to require a warrant for CSLI. But without a change in controlling law, we cannot conclude that the Government violated the Fourth Amendment in this case.
This case dates back to February 5, 2011 when two men robbed a Burger King and a McDonald’s in Baltimore. Ten minutes later, they were caught and cuffed by Baltimore City Police officers. Eventually, Aaron Graham and Eric Jordan were charged with 17 federal counts of interstate robbery, including a pair of fast food robberies and another one at a 7-Eleven. They also received charges for brandishing a firearm in furtherance of the crime.
A Baltimore City Police detective first sought and obtained a search warrant for the two cell phones recovered during a search of the getaway car. Prosecutors later obtained a court order (a lesser standard than a warrant) granting disclosure of the defendants’ CSLI data for various periods totaling 14 days when the suspects were believed to have been involved in robberies. The government next applied for (and received) a second application to another magistrate judge for a new set of CSLI data, covering a period of July 1, 2010 through February 6, 2011 (221 days).
In August 2012, Graham and Jordan were found guilty on nearly all counts. They were sentenced to 147 years in prison and 72 years, respectively.
Meghan Skelton, Graham’s public defender, has filed an appeal with the Supreme Court, which has not yet decided whether it will hear the case.
Who is the Dread Pirate Roberts?
Cases: United States v. Ulbricht and United States v. Bridges
Status: Appeals pending in 2nd US Circuit Court of Appeals, 9th US Circuit Court of Appeals, respectively
While Section 702 surveillance and cell-site location information are important, there was one defendant who was defeated largely by snatching his laptop out of his hands: Ross Ulbricht. The young Texan was convicted as being Dread Pirate Roberts, the creator of the notorious online drug market Silk Road. Later on in 2015, Ulbricht was given a double life sentence, despite emotional pleas from himself, his family, and friends for far less.
2016 kicked off with Ross Ulbricht’s formal appeal to the 2nd Circuit. Ars described it as a “170-page whopper that revisits several of the evidentiary arguments that Ulbricht’s lawyer made at trial.” These included theories that Ulbricht wasn’t Dread Pirate Roberts, and it attributed digital evidence found on Ulbricht’s computer to “vulnerabilities inherent to the Internet and digital data,” like hacking and fabrication of files. According to the appeal, these “vulnerabilities” made “much of the evidence against Ulbricht inauthentic, unattributable to him, and/or ultimately unreliable.” Plus, corrupt federal agents Shaun Bridges and Carl Mark Force tarnished the case against Ulbricht, claimed his lawyer. That lawyer is Joshua Dratel, who makes his second appearance on this list.
The government responded with its own 186-page whopper on June 17, 2016. After a lengthy recap of the entire case, United States Attorney Preet Bharara opened his arguments with a notable flaw in Ulbricht’s logic:
But nowhere, either below or here, has Ulbricht explained, other than in the most conclusory way, how the corruption of two agents—who neither testified at his trial nor generated the evidence against him—tended to disprove that he was running Silk Road from his laptop.
In short, the government argues, Ulbricht was caught red-handed, and the appeals court should uphold both the conviction and the sentence.
The following month, federal prosecutors in San Francisco unsealed new court documents that make a strong case that former agent Bridges stole another $600,000 in bitcoins after he pleaded guilty.
By August 2016, Bridges’ lawyer Davina Pujari filed what she herself said was a “legally frivolous” appeal to the 9th Circuit on behalf of her client, and she asked to be removed from the case. Bridges’ case remains pending at the appellate level, and no oral arguments have been scheduled. (Pujari is still Bridges’ lawyer for now.) Bridges remains a prisoner at the Terre Haute Federal Correctional Institute in Indiana, where he is scheduled for release in 2021.
Later in August, Ars chronicled the saga of how a San Francisco-based federal prosecutor joined forces with a dogged Internal Revenue Service special agent to bring Bridges and Force to justice.
Meanwhile, Ulbricht’s lawyers, led by Joshua Dratel, faced off at the 2nd Circuit against federal prosecutors on October 6, 2016 to challenge Ulbricht’s conviction and sentence. The court is expected to rule within the next few months.