Author: beesquared

Categories
News Privacy

Sorting out the cyberattacks

This post has been updated as of Nov. 11.

The cyberattack announced in June on a system that stores information about millions of current and former federal workers and contractors highlights yet again the vulnerabilities of the computer networks that connect us.

The breaches resulted in raids on files containing names, Social Security numbers, fingerprints and other personal information for nearly 26 million people, according to the Office of Personnel Management (OPM), the agency that was hacked. Investigators say the attack came from China, which has denied responsibility.

The attack on OPM spurred me to sift through a series of cyberattacks on the government, companies and others since 2013. The list, which appears below, is almost certainly incomplete. It also doesn’t include breaches of unsecured protected health information that by law are reported to the U.S. Department of Health and Human Services, which has logged 34 such intrusions this summer alone.

Though the attacks summarized below have been reported widely, the roster suggests the sweep and frequency of intrusions, which are likely to increase according to a survey fielded last fall by the Pew Research Center. I will update this post periodically. Please tweet additions, corrections or comments to @bbrowdie.

2015 (attacks listed in reverse chronological order by date of disclosure)

Scottrade (Oct.)—Between late 2013 and early 2014, thieves stole the names and street addresses of roughly 4.6 million clients, according to the retail brokerage firm, which said it had no evidence that trading platforms or clients funds were compromised.

E-Trade (Oct.)—The financial firm notified 31,000 customers that hackers may have accessed their names, email addresses, and street addresses. The intrusion reportedly occurred in 2013, but at the time the company did not think that customer information had been compromised.

Dow Jones (Oct.)—The publisher of The Wall Street Journal said in a statement that intruders who gained access to its systems may have swiped payment card and contact information for roughly 3,500 customers.

Experian (Oct.)—Hackers stole personal information for roughly 15 million Americans, the consumer data company said in a statement. The data included names, dates of birth and Social Security numbers for people who applied for service with T-Mobile over a period of two years starting in September 2013. In a statement, T-Mobile CEO John Legere said he is “incredibly angry about this data breach” and pledged to “institute a thorough review” of the company’s relationship with Experian.

CVS (Sept.)—The pharmacy chain, which in July revealed a possible breach of its online photo service, confirmed that personal information may have been swiped by hackers. The data included names, credit card numbers, phone numbers, email addresses, usernames and passwords. The company declined to say how many customers were affected.

Business Wire/PR Newswire Association (Aug.)—Federal officials charged a group of hackers and inside traders with stealing nonpublic information from servers belonging to two of the largest services that companies use to distribute news releases and using the information to profit illegally over a period of roughly five years.

Carphone Warehouse (Aug.)—The UK-based mobile phone retailer said that a “sophisticated cyberattack” resulted in the theft of names, addresses, dates of birth and bank details for as many as 2.4 million customers. The intrusion also may have resulted in the theft of encrypted payment card information for as many as 90,000 customers, the company said.

Sabre/American Airlines (Aug.)—Sabre, a company processes reservations for hundreds of airlines and thousands of hotels, “recently learned of a cybersecurity incident” but could not say what data was stolen or who might be responsible, Bloomberg reported. American Airlines reportedly was investigating whether the intruders moved to its computers from Sabre’s systrems.

U.S. Dept. of Defense (Aug.)—A unclassified system that supports email for about 4,000 military and civilian personnel who work for the Joint Chiefs of Staff returned to operation roughly two weeks after an intrusion by hackers thought to be from Russia. Officials said that no classified information was swiped or compromised during the attack.

United Airlines (July)—Hackers based in China allegedly stole manifests in May or early June that detail passengers and their travel origins and destinations, Bloomberg reported. Investigators reportedly have linked the hackers to the group that stole information from both Anthem Inc. and the Office of Personnel Management. The intrusion reportedly occurred in May or early June.

Fiat Chrysler (July)—The automaker updated software that tethers its vehicles to a series of information and navigation services after two security researchers demonstrated they could take control of a Jeep Cherokee remotely and force it into a ditch.

Ashley Madison (July)— The online service that offers casual sexual encounters for married people said that hackers obtained information about some of its 37 million users, as well as financial information and other data that belongs to Avid Life Media, Ashley Madison’s company. The hackers, who go by the name “Impact Team,” threatened to release all of the company’s information, including nude photos and members’ private postings, if management did not take Ashley Madison’s sites offline. A month later Impact Team made good on that threat. On Aug. 18, the group released postal and email addresses, descriptions of users (including height and weight), encrypted passwords, partial payment card numbers and details of transactions. Two days later, the hackers leaked a trove of data twice as large that appeared to include additional files from the company.

Hershey Resorts (July)—The theme park operator is investigating a series of fraudulent charges that appeared in payment card accounts of customers who visited its attractions in Pennsylvania between mid-March and late May.

Hacking Team (July)—Emails and records that hackers stole from the Italian maker of software that itself allows governments to hack into computers showed that the company counts Russia, Saudi Arabia, and other nations with questionable human-rights records as clients.

Trump Hotel Collection (July)—The chain of 12 luxury hotels owned by Donald Trump said in a statement it was investigating “suspicious credit card activity” stemming from a breach that may date to February.

Houston Astros (June)—Federal law enforcement officials reportedly are investigating whether the St. Louis Cardinals stole scouting reports and information about players and prospects from a database belonging to the Astros. If true, the intrusion represents the first known example of a professional sports team breaking into the network of another team.

LastPass (June)—The service, which lets customers store their passwords online and access them with master log ins, disclosed that an intruder or intruders swiped email addresses, password reminders, authentication codes and more. The breach did not include customer accounts, LastPass said.

Negotiations with Iran (June)—An unnamed state—thought to be Israel—used malware to spy on negotiations between Iran and a group of nations that aim to prevent Iran from obtaining a nuclear weapon. According to Kaspersky Lab, whoever sought the information unleashed the malware, known as Duqu 2.0, on computers at hotels where the negotiations took place.

U.S. Army (June)—The U.S. Army’s website went offline following what appears to have been a distributed denial of service attack. The Syrian Electronic Army, a group of hackers who back President Bashar al-Assad, claimed credit.

Eataly (June)—The marketplace in Manhattan for foods from Italy warned that “unauthorized individuals” set up malware designed to harvest information from credit and debit cards in the company’s payment-processing system. The intruders may have obtained names and account numbers, as well as expiration dates and security codes for cards that customers swiped at Eataly in the first three months of this year.

Office of Personnel Management (June)—The attacks, which OPM discovered in April, resulted in the theft of personal information belonging to 4.2 million current and former federal workers, as well as another 21.5 million applicants for security clearances and their spouses or partners. In a letter dated June 11, the president of the American Federation of Government Employees—the largest federal employees’ union—charged that hackers stole information for every federal worker and retiree, and that the Social Security numbers the hackers obtained were unencrypted. The union has filed a class action lawsuit that charges OPM’s director and chief information officer with negligence in failing to protect information entrusted to them. On Sept. 23, OPM increased its count of the number of people whose fingerprints were stolen to roughly 5.6 million, from approximately 1.1 million previously. Though OPM termed the potential for misusing the fingerprint data “limited,” the agency noted “this probably could change over time as technology evolves.”

CareFirst BlueCross BlueShield (May)—Hackers suspected of operating from China obtained access to names, email addresses and dates of birth for roughly 1.1 million customers of this health insurer based in Maryland and D.C.

Tesla (April)—Hackers took over the automaker’s Twitter feed and defaced the company’s website.

Mandarin Oriental Hotel Group (March)—The upscale lodging chain said that intruders used malware to swipe payment-card information from some of the company’s hotels in the U.S. and Europe.

Anthem Blue Cross (Feb.)—Hackers said to be operating from China allegedly obtained names, dates of birth, Social Security numbers, and information about bank accounts and medical conditions for as many as 78 million people insured by this Indianapolis-based company, which does business in 14 states.

Internal Revenue Service (May)—Hackers thought to be operating from Russia stole tax forms containing Social Security numbers, dates of birth, home addresses and other information for as many as 334,000 people.

Sally Beauty Supply (May)—The Denton, Texas-based retailer of beauty supplies said that intruders had breached its payment system, though the company did not speculate on the scope of the breach. The cyberattack constituted the second on Sally Beauty in as many years.

US HealthWorks (April)—Hackers allegedly pilfered personal and health-related data for an unknown number of members of this California-based insurer. The thieves reportedly breached US HealthWorks’ systems via a laptop stolen from a vehicle belonging to one of the company’s employees.

Premera Blue Cross (March)—Hackers thought to be operating from China allegedly stole names, dates of birth, email addresses, Social Security numbers, information about bank accounts and more from as many as 11 million members of this health insurer based in Washington state.

Banks in Russia, Japan, Europe and the U.S. (Feb.)—A band of thieves that reportedly included Russians, Chinese and European hackers orchestrated an attack on more than 100 banks worldwide, making off with as much as $900 million.

Park ‘N Fly (Jan.)—The Atlanta-based airport parking service confirmed that intruders stole numbers, names and addresses, expiration dates and verification codes for credit cards stored in its reservations website. The company did not say how many cards might have been affected.

2014

Korea Hydro and Nuclear Power Co. Ltd. (Dec.)—A cyberattack reportedly erased some data at the state-owned company that runs the country’s 23 atomic reactors. South Korea later blamed North Korea for the intrusion.

Chik-fil-A (Dec.)—The fast-food chain said it was investigating reports of unauthorized activity concerning credit and debit cards used at some of its restaurants. Chik-fil-A later said the investigation revealed “no evidence” of its systems being hacked or payment cards stolen.

Bebe (Dec.)—The women’s clothing chain disclosed that hackers obtained names, account numbers, expiration dates and verification codes for payment cards swiped between Nov. 8 and Nov. 26 at its stores in the U.S., Puerto Rico, and the U.S. Virgin Islands.

Sony Pictures Entertainment (Nov.)—Cyber intruders obtained names, home addresses, and Social Security numbers, as well as information about bank accounts, payment cards, compensation and more for as many as 47,000 employees. According to the U.S. government, the hackers operated from North Korea, although some experts have doubted the charge. The thieves also swiped more than 173,000 emails and nearly 31,000 documents from the studio.

JPMorgan Chase (Oct.)—Hackers obtained names, home and email addresses, phone numbers and internal bank information about 83 million customers, including 76 million households.

Apple (Oct.)—Cyberattackers reportedly sought to intercept user IDs, passwords and other information from the company’s iCloud service in China. The Chinese government denied responsibility for the attack.

Staples (Oct.)—The office-supply chain confirmed it was investigating a potential theft of payment-card data. Two months later, Staples said that hackers swiped information for roughly 1.16 million credit and debit cards after installing malware at 115 of the company’s 1,400 stores in the U.S.

NATO, the Ukraine, Poland and the European Union (Oct.)—Hackers working on behalf of the Russian government allegedly used a flaw in Windows to swipe documents and other files from government and university offices, as well as energy and telecommunications companies.

Kmart (Oct.)—The retailer disclosed that someone had installed malware on payment systems at its stores but that no email addresses, PINs or Social Security numbers were swiped. Still, the information that thieves grabbed may have allowed them to counterfeit stolen cards.

Home Depot (Sept.)—Cyber thieves allegedly used an account belonging to a refrigeration contractor in Pennsylvania to steal 56 million credit and debit cards, as well as 53 million email addresses.

Jimmy John’s (Sept.)—An intruder or intruders used log-in credentials to pilfer numbers for credit and debit cards swiped at 216 of the sandwich chain’s more than 1,900 stores, along with cardholders’ names, verification codes and expiration dates.

Viator (Sept.)—The tour-booking unit of TripAdvisor notified customers that an intruder or intruders may have made off with payment information for as many as 880,000 customers, along with email addresses and encrypted passwords for another 560,000.

AB Acquisition (Aug.)—The parent of the Albertsons, ACME, Jewel-Osco, Shaw’s and Star Markets chains warned customers of a breach that may have resulted in the theft of credit and debit card information from some of its stores. About six weeks later, the company disclosed a second breach in which thieves used “different malware” than that used in the incident announced in August.

Community Health Systems (Aug.)—Hackers allegedly operating from China stole names, addresses, Social Security numbers, birth dates and telephone numbers belonging to 4.5 million patients of the chain, which operates 199 hospitals in 29 states. The attackers did not swipe payment data or clinical information, the company said.

AT&T (June)—The company said that three employees of one of its vendors accessed records—including Social Security numbers and information about calls—for some customers.

State of Montana Dept. of Public Health and Human Services (June)—Someone who broke into the state’s systems allegedly made off with addresses, birth dates, Social Security numbers and medical records for as many as 1.3 million people.

Domino’s Pizza (June)—The company disclosed that hackers swiped customers’ names, email addresses and even favorite pizza toppings for roughly 650,000 customers in France and Belgium.

P.F. Chang’s China Bistro (June)—Cyber thieves allegedly stole more than 7 million credit and debit cards, including numbers, cardholders’ names and expiration dates, from 33 of the chain’s restaurants.

Feedly (June)—Websites for this service, which delivers RSS feeds to roughly 15 million users, went down as the result of a distributed denial of service attack.

EBay (May)—Intruders allegedly stole customers’ names, encrypted passwords, email and home addresses, phone records and dates of birth for as many as 233 million users of the auction site. Three months earlier, the Syrian Electronic Army defaced websites belonging to both eBay and its PayPal subsidiary.

Sally Beauty Supply (March)—The beauty supply chain said that hackers accessed its network and stole information for roughly 25,000 credit and debit cards.

University of Maryland (Feb.)—An attacker or attackers infiltrated a database that contained names, Social Security numbers, dates of birth and university IDs for roughly 288,000 students, faculty and staff. The hack reflected the work of someone or some group of people who knew the university’s systems well, the university’s chief information officer told The Washington Post.

Neiman Marcus Group (Jan.)—Hackers used malware to steal roughly 1.1 million credit and debit cards from the Dallas-based retailer.

Michaels Stores (Jan.)—The retailer reported that it was looking into a potential security breach. Three months later the company said that thieves broke into its payment system and made off with credit and debit card information for 3 million customers.

Snapchat (Jan.)—Hackers said they published phone numbers and handles for roughly 4.6 million users of the video-message service that the hackers swiped in a New Year’s Eve raid.

2013

Target (Dec.)—Cyber thieves suspected of operating from Russia stole credit and debit card information for roughly 40 million customers along with names, mailing addresses, phone numbers or email addresses for as many as 70 million people.

Adobe Systems (Oct.)—A cyberattack on the software maker exposed names, IDs, passwords, and payment card information for nearly 3 million customers.

Experian (Oct.)—A subsidiary of the credit bureau sold personal and financial information about millions of Americans to a Vietnamese man who later pleaded guilty to running an identity theft service. The company said its credit files were not breached.

South Korean banks (March)—A cyberattack, alleged to have originated in North Korea, suspended online banking and paralyzed systems at Shinhan Bank, Nonghyup Bank and Cheju Bank.

LivingSocial (March)—The online marketplace asked customers to change their passwords after a cyberattack on the company’s systems exposed names, email addresses, passwords and dates of birth for more than 50 million people worldwide.

Evernote (March)—The note-taking service directed 50 million users to reset their passwords after hackers gained access to user IDs, email addresses and passwords tied to accounts.

U.S. financial institutions (March)—Distributed denial of service attacks slowed websites at a series of banks. A hacktivist group that called itself the al-Qassam Cyber Fighters claimed responsibility for some of the slowdowns.

Categories
Law

Supreme Court strikes down Jerusalem passport law

The Supreme Court on Monday ruled that the power to recognize foreign nations belongs to the president alone, resolving a dispute between the executive branch and Congress over the American position on the status of Jerusalem.

The decision came in connection with a passport issued to Menachem Binyamin Zivotofsky, who was born in 2002 to U.S. citizens living in the contested capital. Zivotofsky’s parents had asked the U.S. Department of State to list the place of birth on his passport as “Jerusalem, Israel.” The department declined, citing a longstanding policy of neutrality on the status of the city. Zivotofsky’s passport would list only “Jerusalem” as his place of birth, the department determined.

Zivotofsky’s parents sued, charging that a law passed in 2002 requires the Secretary of State to identify citizens born in Jerusalem who so request as being born in Israel, a position at odds with the policy of presidents dating to the Oslo Accords, which call for Jerusalem’s status to be resolved through negotiation. Though a trial judge declined to resolve the dispute, which the judge concluded presented a question committed to the legislative and executive branches of government, the D.C. Circuit Court of Appeals later sided with the executive branch, declaring the statute to be unconstitutional.

By a vote of 6 to 3, the Court agreed, holding that the Constitution gives the president the exclusive right to recognize foreign governments and nations. “The President’s exclusive recognition power encompasses the authority to acknowledge, in a formal sense, the legitimacy of other states and governments, including territorial bounds,” Justice Kennedy wrote for the majority. “Albeit limited, the exclusive recognition power is essential to the conduct of presidential duties.”

“The formal act of recognition is an executive power that Congress may not qualify,” he added.

In arriving at its determination, the majority looked to the framework for assessing exercises of executive power first articulated by the Court in 1952, when the justices invalidated a move by President Truman to seize the nation’s strike-bound steel mills during the Korean War. According to that analysis, when the president takes measures that are incompatible with a congressional mandate, the president’s power, as Kennedy explained, “must be both ‘exclusive’ and ‘conclusive’ on the issue.”

The majority traced debates over the power to recognize nations to 1793, when President Washington, without consulting Congress, authorized diplomatic relations with the revolutionary government of France. “Congress expressed no disagreement with this position, and [the French ambassador’s] reception marked the Nation’s first act of recognition—one made by the president alone,” wrote Kennedy.

According to the Court, Congress also honored a decision by President Monroe not to recognize Argentina and Chile initially as those republics cast off colonization by Spain, as well as a determination by President Jackson to recognize Texas when it ceded from Mexico and President Lincoln’s decision to recognize Liberia and Haiti.

Similarly, as the majority noted, Congress acceded to President McKinley’s opposition to recognizing Cuba when it separated from Spain in 1898 and to President Carter’s recognition of the People’s Republic of China instead of Taiwan as the government of China.

Though the recognition power belongs exclusively to the president, Congress has other ways to disagree with the executive branch in the conduct of foreign relations, the majority noted. As Kennedy observed, the Constitution authorizes the legislature to decline to confirm an ambassador, to put in place an embargo or to declare war.

“From the face of [the statute], from the legislative history, and from its reception, it is clear that Congress wanted to express its displeasure with the president’s policy by, among other things, commanding the executive to contradict his own, earlier stated position on Jerusalem,” Kennedy wrote. “This Congress may not do.”

For their part, the Court’s dissenters rejected the majority’s view of the separation of powers at issue. “I agree that the Constitution empowers the president to extend recognition on behalf of the United States, but I find it a much harder question whether it makes that power exclusive,” wrote Justice Scalia, who took the unusual step of reading his dissent from the bench.

Chief Justice Roberts, writing separately, called the ruling unprecedented. “Today’s decision is a first: Never before has this Court accepted a president’s direct defiance of an Act of Congress in the field of foreign affairs,” he wrote.

U.S. and Palestinian officials welcomed the ruling, while the Israeli government declined to comment. “This is an important decision which accords with international resolutions and the resolutions of the U.N. Security Council and General Assembly,” a spokesman for Palestinian President Mahmoud Abbas told Reuters.

Categories
Law

Why the Supreme Court will uphold same-sex marriage (Part 2)

A friend whose prognostications about politics I respect and who happens to be married to someone of the same sex, told me recently that he predicts that the Supreme Court, in a decision expected before the end of this month, will refrain from enshrining same-sex marriage in law but command states to recognize such marriages from other states.

That would represent a middle ground—short of finding a constitutional right to marry someone of the same sex—which, in my friend’s view, would allow the Court to continue same-sex marriage on a course toward inevitability nationwide without having to get too far in front of states.

There’s precedent for incrementalism. Two years ago the Court ruled that gay couples married in states that have legalized same-sex marriage are eligible for Social Security and other federal benefits that opposite-sex couples receive. Yet the Court stopped short of declaring a fundamental right to marry.

Still, there are reasons to think the Court may act more sweepingly this time. One is that same-sex marriage itself has become the law in more states. Since the decision in 2013, nine states have legalized same-sex marriage, bringing the total nationwide to 37. Also, 60% of Americans think same-sex marriage should be recognized by law as valid, according to the latest Gallup poll, up from 53% two years ago.

Then there’s the appeal currently before the Court. The parties agree that if the couples who are challenging the bans on same-sex marriage in four states persuade the Court to declare a constitutional right to marry, the question whether states must recognize same-sex marriages performed in other states becomes moot.

So the court could rule as my friend suggests on the first question while ordering states to acknowledge same-sex marriages performed elsewhere, as they do valid heterosexual marriages from other states. But that, as Chief Justice Roberts observed at oral argument, presents an inconsistency that may be difficult for the Court to overlook. Consider the following exchange:

Chief Justice Roberts: I think your… argument is pretty much the exact opposite of the argument of the petitioners in the prior case. The argument that was presented against them is, you can’t do this, we’ve never done this before, recognized same-sex marriage. And now you’re saying, well, they can’t not recognize same-sex marriages because they’ve never not recognized marriages before that were lawfully performed in other states.

Douglas Hallward-Driemeier (on behalf of the petitioners): Well, what—

Chief Justice Roberts: “You’ve got to decide one or the other if you win… You can’t say that [the states] are not treating the marriage as a marriage when they don’t have to do that in the first place.”

In other words, if the couples challenging the law assert that the argument by states in opposition to same-sex marriage that they have never defined marriage to include a couple of the same sex is not a reason to deny same-sex marriage now, the couples cannot then argue that states must recognize same-sex marriages from other states because they’ve long recognized heterosexual marriages from other states.

By extension, the states cannot argue that they cannot be compelled to redefine marriage and then maintain they cannot depart from their longstanding practice of recognizing opposite-sex marriages entered into elsewhere. Either tradition matters or it doesn’t, according to the chief justice’s observation.

That reality may present an obstacle to a justice who may be tempted to decide the appeal as my friend suggests. This assumes, of course, that there already are four votes in favor of striking down state laws that ban same-sex marriage. The inconsistency that Chief Justice Roberts noted may matter most to the chief justice himself or to Justice Kennedy, who together represent the likeliest fifth or sixth votes for a majority.

Categories
Law

Supreme Court limits ability of struggling homeowners to cancel mortgage debts

The Supreme Court dealt financially ailing Americans a setback on Monday in a decision that narrows their ability to erase mortgage debts in bankruptcy.

The Court ruled unanimously that David Caulkett and Edelmiro Toledo-Cardona, who each had two mortgage liens on their respective houses, cannot void a mortgage held by Bank of America that is subordinate to the other mortgage, even though both borrowers owe more on their first mortgage than the property is worth.

Both debtors filed for Chapter 7 bankruptcy, which allows a trustee appointed by the court to sell off the debtor’s assets and discharge any remaining debts, in 2013.

At the debtors’ urging, the bankruptcy court, acting pursuant to a provision of the law that allows debtors to strip away rights to repayment held by creditors who would receive nothing if the house were sold, voided Bank of America’s liens. That rendered the bank unable to foreclose on the loans even if the houses’ values later rose. The 11th Circuit Court of Appeals affirmed the rulings.

The Court disagreed. A secured claim, as defined by the bankruptcy code, means “a claim supported by a security interest in property, regardless whether the value of that property would be sufficient to cover the claim,” wrote Justice Thomas, who added that the debtors had not asked the Court to overrule a decision from 1992 on which the Court based its ruling but instead “request that we limit that decision to partially—as opposed to wholly—underwater liens,” a characterization that Justices Kennedy, Breyer and Sotomayor did not endorse despite joining the ruling.

The decision means that Americans who find themselves in financial distress may remain liable for second mortgages notwithstanding bankruptcy. To cite one example, 23% of Florida’s roughly 1.3 million homes that are worth less than the debt they secure have more than one mortgage, according to the Times.

If a house is worth less than the amount a borrower owes on the first mortgage—a situation known as the home’s being underwater—the second mortgage is worth nothing in a foreclosure.

The debtors’ contention—that a wholly underwater mortgage can be voided but a partially underwater mortgage cannot—would lead to an “odd” result, according to Justice Thomas. Under their approach, he explained, “if a court valued the collateral at one dollar more than the amount of a senior lien, the debtor could not strip down a junior lien under [the relevant precedent], but if it valued the property at one dollar less, the debtor could strip off the entire junior lien.”

“Given the constantly shifting value of real property, this reading could lead to arbitrary results,” Thomas added.

Last year more than 700,000 individuals and couples filed for Chapter 7 bankruptcy. Lenders cheered the ruling, which they say will help to make second mortgages affordable.

Others termed the decision an erosion of rights for vulnerable consumers. “Since 1992, the financial industry has chipped away at [bankruptcy law] to give protections to property regardless of the value of the claim,” David Dayen wrote last March about the appeal in The New Republic. “Now they want to chip away some more.”

Categories
Law

Facebook posts cannot be threats without intent, Supreme Court rules

The Supreme Court on Monday narrowed the circumstances in which someone who posts threats on Facebook or social media can be criminally liable for their actions.

In an 8 to 1 ruling, the court overturned the conviction of Anthony Elonis, a Pennsylvania man who was found guilty in 2011 of threatening his estranged wife, former co-workers and others in series of posts on his Facebook page.

The musings, which contained violent language and images, earned Elonis, writing under the pseudonym “Tone Dougie,” a sentence of 44 months in prison for violating a federal law that bars “transmitting in interstate commerce” a threat to injure another person or group of people.

On appeal, Elonis contended that to be criminal—and otherwise beyond the protection of the First Amendment—the threats required a subjective intent that Elonis claimed he lacked. According to Elonis, the trial court erred when it instructed a jury that a statement constitutes a criminal threat when a “reasonable person” would interpret the statement as “a serious expression” of an intent to inflict injury.

The Court agreed, noting that to be criminal, conduct must derive from a defendant’s mental state; that negligence alone is insufficient to support liability. “Federal criminal liability generally does not turn solely on the results of an act without considering the defendant’s mental state,” Chief Justice Roberts wrote for the majority. “That understanding ‘took deep and early root in American soil’ and Congress left it intact here… ‘wrongdoing must be conscious to be criminal.’” (citation omitted)

Though the court did not discuss the implications for free speech raised by the appeal, the American Civil Liberties Union and other groups had charged that the instruction insisted on by the trial court would discourage speech protected by the First Amendment.

For its part, the government contended that requiring a subjective intent as Elonis urged would undermine the goal of protecting people from fear of violence regardless whether the person who threatens them intends his words to be harmless.

The Court limited its opinion to Elonis’ intent. “Having liability turn on whether a ‘reasonable person’ regards the communication as a threat—regardless of what the defendant thinks—‘reduces culpability on the all-important element of the crime to negligence,” wrote Roberts. “We ‘have long been reluctant to infer that a negligence standard was intended in criminal statutes… Under these principles, ‘what [Elonis] thinks’ does matter.” (citations omitted)

Categories
Law

Senate has few options in Patriot Act extension, NSA phone records collection matters little in preventing terrorist attacks

The Senate is expected to convene Sunday to decide whether to permit the lapse of a surveillance program that authorizes the government to collect en masse  information about Americans’ telephone calls.

Amid news coverage of the debate, I reread relevant portions of reports by several panels within the executive branch that have assessed the effectiveness of the program, which, according to the panels, has never been instrumental in any investigation of terrorism.

At issue is Section 215 of the USA Patriot Act, which authorizes the National Security Agency to harvest telephone numbers and other details of calls made or received in the US. By its terms, Section 215 will sunset on June 1. A federal appeals court in New York ruled recently that the collection of so-called metadata in bulk as the government currently gathers it is illegal.

Though collection of telephone records by the government predates the September 11 attacks, the Patriot Act broadened the types of records the government can gather. As the appeals court found, the government has collected telephone metadata in bulk for at least the past nine years.

A report on the telephone records program published in January 2014 by the Privacy and Civil Liberties Review Board, an independent bipartisan agency established by law in 2007, concluded that Section 215 “has shown minimal value in safeguarding the nation from terrorism.” According to the board:

“Based on the information provided to the Board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack. And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. Even in that case, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA program.”

A report published roughly a month earlier by The President’s Review Group on Intelligence and Communications Technologies arrived at a similar conclusion. According to that panel:

“Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders. Moreover, there is reason for caution about the view that the program is efficacious in alleviating concern about possible terrorist connections, given the fact that meta-data captured by the program covers only a portion of the records of only a few telephone service providers.”

The Department of Justice’s Office of Inspector General, which reviewed the FBI’s use of Section 215 for surveillance generally over a two-year period starting in 2007, also found the provision to be of limited value in tracking terrorists. “The agents we interviewed did not identify any major case developments that resulted form the records obtained in response to Section 215 orders, but told us the authority is valuable when it is the only means to obtain certain information,” the Inspector General wrote in a report released May 22.

Based on the findings of these panels, it seems reasonable to conclude that no terrorism investigations have turned on bulk collection of telephone metadata by the government.

As a practical matter, the imminent sunset of Section 215 leaves the Senate with two choices: pass a measure that narrows the government’s authority to collect telephone call metadata or do nothing and allow Section 215 to expire. Of course, allowing Section 215 to lapse would not preclude Congress from legislating a replacement.

President Obama has called on senators to pass legislation that the House approved on May 13. That bill would authorize the NSA to access call records from telephone companies, which would be obligated to collect and store the data, after obtaining judicial approval.

Categories
Law

Why the Supreme Court will uphold same-sex marriage

A recent piece by Jill Lepore in The New Yorker sheds a fascinating light on legal arguments in support of same-sex marriage, the constitutionality of which the Supreme Court is expected to decide by late June.

Lepore traces the development of theories that underpin the Court’s rulings on matters ranging from contraception and abortion rights to marriage. As she elucidates, the battles for reproductive and gay rights turned on the Court’s finding guarantees of privacy and equal protection of the law enshrined variously in the Fourth, Fifth, Ninth and Fourteenth Amendments, the latter of which denies states the ability to discriminate.

Still, as Lepore explains, equal protection has provided the way forward for marriage equality notwithstanding the court’s precedents that find protection for both contraception and choice in constitutional guarantees of privacy.

“When the fight for equal rights for women narrowed to a fight for reproductive rights, defended on the ground of privacy, it weakened,” Lepore writes. “But when the fight for gay rights became a fight for same-sex marriage, asserted on the ground of equality, it got stronger and stronger.”

Reading that conclusion sent me to an exchange during oral argument in April between Justice Alito and Mary Bonauto, a lawyer for the Gay & Lesbian Advocates and Defenders who argued the case for the petitioners in the same-sex marriage appeal.

Amid the back-and-forth, Justice Alito asked Bonauto whether, if the Court were to overturn state bans on same-sex marriage, the justices might later have a basis for denying a marriage license to a group consisting of two men and two women.

Bonauto answered yes, that the state might reasonably question whether such an arrangement constitutes marriage, which, she noted, is between two people. A foursome also might raise concerns about consent and coercion, she added.

“Let’s say they’re all consenting adults, highly educated,” Alito pressed, referring by reference to an observation by Justice Roberts that marriage between two people of the same sex did not exist in the U.S. until two decades ago. “They’re all lawyers. What would be the logic of denying them the same right?”

Again, Bonauto replied that marriage is between two consenting adults who pledge their commitment to each other. “I assume there’d be lots of family disruption issues, setting aside issues of coercion and consent and so on that just don’t apply here, when we’re talking about two consenting adults who want to make that mutual commitment for as long as they shall be,” said Bonauto. “So that’s my answer on that.”

That may be true but what Bonauto didn’t say during the exchange, and what Lepore underscores indirectly, is that one reason for denying a marriage license to four people is that numbers, by themselves, do not raise a question of equal protection of the law. Distinctions between people based on race or sex do.

Lepore cites a decision in 2003 by the Supreme Judicial Court of Massachusetts that established the commonwealth as the first to guarantee same-sex marriage as a constitutional right. In that case, Chief Justice Margaret Marshall tied the right to marry to equal protection. As Lepore writes, describing Marshall’s opinion:

“Marshall also cited Loving v. Virginia, the 1967 Supreme Court Case that struck down a ban on interracial marriage, drawing an analogy between racial discrimination (if a black person can marry a black person but cannot marry a white person, that is discrimination by race) and sex discrimination (if a man can marry a woman but cannot marry a man, that is discrimination by sex).”

Of course, both are inconsistent with what Marshall described in her decision as “equality under law.” The observation by Lepore fills in what seemed to be missing the first time I read the exchange between Justice Alito and Bonauto.

Missing to me, that is, not from the argument. Later in the session, Donald Verrilli, Jr., the solicitor general, underscored the significance of equal protection as a legal theory that supports same-sex marriage. As it happens, the solicitor general advanced only that theory, reasoning that it alone provides a basis for the Court to uphold same-sex marriage. As Verrilli explained:

“We think… this issue really sounds in equal protection, as we understand it, because the question is equal participation in a state-conferred status and institution. And that’s why we think of it in equal protection terms… what these gay and lesbian couples are doing is laying claim to the promise of the Fourteenth Amendment now.”

The argument seems insurmountable based on the history that Lepore delineates. It also seems likely to be the basis upon which a majority of justices will decide the appeal.

Categories
Law

Making sense of trade deals

Over this Memorial Day weekend, I’ve tried to learn a bit about the recent debate over trade, including legislation that would authorize President Obama and his successor to negotiate trade agreements without the prospect of the deals being dismantled by Congress.

The issue arises most recently in connection with the so-called Trans-Pacific Partnership (TPP), a regional free-trade pact being negotiated among 12 countries: the U.S., Australia, Brunei, Japan, Canada, Chile, Malaysia, Mexico, New Zealand, Peru, Singapore, Vietnam and, possibly, South Korea and Taiwan. (Note that the U.S. currently has trade agreements with Australia, Chile, Peru and Singapore.)

One hears a great deal of wrangling over trade. Do the pacts strengthen the U.S. economy and add jobs, as supporters say, or send jobs overseas and threaten the environment, as opponents charge? I knew little about the subject so I set out to learn more.

What the Senate passed on Saturday

The Senate approved a measure on Saturday that would grant the president trade-promotion authority (TPA)—sometimes referred to as fast track—by a vote of 62 to 37. The bill now goes to the House of Representatives, which is expected to debate the measure as early as next month.

TPA outlines a series of procedures for moving trade legislation through Congress. Such legislation, which Congress first passed in 1974, limits legislative debate on trade deals the president negotiates. Because Congress cannot amend such deals, both the House and Senates must vote either up or down on trade pacts, which means the deals can pass with a simple majority (as opposed to the two-thirds majority needed to bring up legislation for a vote in the Senate).

In essence, TPA is a compact between the executive and legislative branches that reconciles powers the Constitution grants to both Congress and the president with respect to trade. Article 1, Section 8 of the Constitution gives Congress the power to “regulate commerce with foreign nations… ” and to “lay and collect taxes, duties, imposts, and excises… ” Though the Constitution gives the president no explicit authority over trade, Article II authorizes the president to negotiate treaties and international agreements.

TPA empowers the president to enter into trade agreements with foreign nations, provided, among other stipulations, that at least 90 days prior to entering into an agreement, the president notifies Congress of his intention to do so and publishes the text of the agreement at least 60 days prior to the U.S. entering into the deal. That way Congress can examine the treaty and consider implementing legislation subject to the limitations on debate and amendments.

The latest grant of trade promotion authority would tie to a series of trade deals that, besides the TPP, include Trans-Atlantic Trade and Investment Partnership, a pact that is being negotiated between the U.S. and the European Union; the Trade in Services Agreement, a trade pact being negotiated by the U.S. and 22 other countries, including the EU; and the Environmental Goods Agreement, a trade agreement the U.S. and 13 countries that among them represent roughly 86 percent of global trade in solar panels, wind turbines or advanced batteries.

As President Obama describes it, TPA is essential to America’s pivot toward Asia, where China also is influencing the rules of trade. As the president explained in his latest State of the Union address:

“Today, our businesses export more than ever, and exporters tend to pay their workers higher wages.  But as we speak, China wants to write the rules for the world’s fastest-growing region.  That would put our workers and our businesses at a disadvantage.  Why would we let that happen?  We should write those rules.  We should level the playing field.  That’s why I’m asking both parties to give me trade promotion authority to protect American workers, with strong new trade deals from Asia to Europe that aren’t just free, but are also fair.”

Support for trade promotion authority scrambles party lines. Only two Republicans in the Senate—Senator Rand Paul, the Kentucky Republican and White House hopeful; and Senator Richard Shelby of Alabama—joined 35 of the chamber’s 44 Democrats and two Independents to oppose the measure. Shelby said in a statement that he fears “that Alabama could lose a significant number of jobs if President Obama agrees to an unfair agreement.” Meanwhile, Majority Leader Mitch McConnell of Kentucky predicted that TPA would create “new opportunities for bigger paychecks, better jobs and a stronger economy.”

Opponents, who include senators from manufacturing states, say the negotiating objectives contained in the bill are insufficient. “Trade Promotion Authority will green light a deal that will not advance wage growth in Pennsylvania or our manufacturing sector,” Senator Bob Casey (D-Pa.) said in a statement.

Senator Debbie Stabenow, a Democrat from Michigan who opposed the bill, contends that manufacturers in her state see the competitiveness of their exports weakened by countries that manipulate their currencies. Senator Elizabeth Warren, the Massachusetts Democrat who leads the party’s populist wing, charged that big banks will use trade deals “to water down financial regulations.”

That’s because, as Paul Krugman opined recently in the Times, the TPP “could force the United States to change policies or face big fines, and financial regulation is one policy that might be in the line of fire.” Krugman points to the example of Canada’s foreign minister recently telling bankers in the U.S. that the so-called Volcker Rule, which bars banks from certain forms of risky trading, may violate the North American Free Trade Agreement.

Trade promotion authority has the support of manufacturers, Hollywood studios, pharmaceutical companies, farmers and the software industry, among others. Organized labor opposes it. “Fast track trade deals mean fewer jobs, lower wages, and a declining middle class,” Rich Trumka, president of the AFL-CIO, wrote to Congress in March.

The Trans-Pacific Partnership

The economic impact of the TPP, which was proposed by President George W. Bush and later taken up by President Obama, may depend on several factors, including the extent of trade liberalization achieved in the agreement and, of course, the trade and investment that develops among members, according to a report last March by the Congressional Research Service (CRS).

Taken together, countries that are party to the agreement represent about 40 percent of the global economy and the largest U.S. trading partners, accounting for 41 percent of total U.S. goods traded in 2014 and 24 percent of total U.S. services trade a year earlier, according to CRS. The treaty has 29 chapters that cover such industries and issues as financial services, labor, plant and food safety, telecommunications, intellectual property and the environment.

Estimates of the TPP’s potential impact on the U.S. economy suggest that the effect might be modest. According to David Rosnick, an economist with the Center for Economic and Policy Research, a progressive think tank, the gains to the U.S. economy from the TPP will be “meaninglessly tiny” while workers whose wages fall in the middle of the wage spectrum “are likely to lose” as a result of the deal.

An analysis by Peter Petri and Michael Plummer for the Peterson Institute for International Economics that was published in June 2012 predicts that the U.S. will gain $78 billion annually—a bump in income of 0.19 percent—from the TPP. A study in 2012 by the National Bureau of Economic Research projects a gain of 0.22 percent of GDP provided that the signatories remove non-tariff barriers.

Though the gains don’t seem that significant compared with the size of the U.S. economy (gross domestic product stands at nearly $17 trillion), there are other objectives at stake. “For the United States, the TPP’s overriding purpose is not to contain China but to create a counterweight to its rise,” Robert Samuelson wrote recently in The Washington Post.

For its part, the Obama administration says the TPP aims to set standards for trade, not to put China on the defensive. “TPP is open architecture, and TPP is really meant to be about setting high standards for trade — standards that aspire to be equivalent to the United States’,” Commerce Secretary Penny Pritzker told the Times last spring.

The White House terms the Trans-Pacific Partnership “the most progressive trade agreement in history.” According to the Obama administration, the deal would reduce or eliminate tariffs for American goods and make foreign state-owned companies compete fairly with U.S. businesses. The deal also would ensure, among other things, the rights of workers to form unions and bargain collectively, protect wildlife and the environment, and remove tariffs and other impediments to an open Internet and the sale of high-tech products, the administration says.

Some disagree. According to Public Citizen, a nonprofit group that champions citizen interests before Congress, the TPP would, among other ills, offshore U.S. jobs and expose Americans to unsafe food and products. Public Citizen, the AFL-CIO, the American Association of Retired Persons and Doctors Without Borders all have charged that patent protections in the TPP will hike the cost of medicines by delaying cheaper versions from entering the market. For its part, the Obama administration says the pact will expand access to generic versions of patented drugs.

According to the Electronic Frontier Foundation, the TPP also would enshrine laws that restrict fair use of copyrighted material, diminish competition in businesses ranging printer cartridge refills to mobile phones, and subject journalists to criminal penalties for revealing or accessing information via a computer system that is allegedly confidential.

Robert Reich, who served as labor secretary under President Bill Clinton, wrote recently that despite the administration’s push to counter the influence of China, the TPP “will also allow American corporations to outsource even more jobs abroad.”

According to Reich, corporations “want more international protection when it comes to their intellectual property and other assets… But they want less protection of consumers, workers, small investors, and the environment, because these interfere with their profits. So they’ve been seeking trade rules that allow them to override these protections.”

As for public opinion, 58 percent of Americans view trade as a opportunity for U.S. economic growth through more exports, while 33 percent view trade as a threat to the economy from imports, according to a poll last February by Gallup. Sixty-one percent of Democrats trade mainly as an opportunity for the U.S., compared with 51 percent of Republicans. According to Gallup, Americans’ support for free trade may correlate with their confidence in the economy.

Categories
New York City

Memorial Day

Soldiers' and Sailors' Monument, Riverside Park, New York City (Photo by Beesquared)
Soldiers’ and Sailors’ Monument, Riverside Park, New York City
Categories
Law

Victim of Ponzi scheme must be customer of firm to compel arbitration

An investor who wants to force a financial firm to arbitrate a dispute must first establish that she is a customer of the firm, a federal court in Brooklyn has ruled.

Sagepoint Financial, an investment firm based in Phoenix, cannot be compelled to arbitrate a claim filed by Marcia Small, who allegedly lost $870,000 after investing with Robert Henry Van Zandt, Sr., a financial adviser from the Bronx who in November pleaded guilty to a Ponzi scheme that stole $4.8 million from 29 investors.

Small invested with Van Zandt in 2008, when Van Zandt was registered with GunnAllen Financial, a Tampa-based brokerage firm that shuttered in 2010.

In December, Small filed papers with the Financial Industry Regulatory Authority (FINRA) against brokerage firms that Van Zandt was associated with during the decade that his scheme unfolded. Among them was American General Services, Inc. (AGSI), which Sagepoint acquired in 2006, roughly two years after Van Zandt ended his registration with AGSI.

Small charged that Sagepoint, as successor to AGSI, bears responsibility for AGSI’s failure to supervise Van Zandt with regard to investments he sold, for misreporting the reasons that Van Zandt left the firm, and for the company’s alleged failure to report Van Zandt’s activities properly to regulators. Those obligations, according to Small, required Sagepoint to arbitrate Small’s claim in a forum provided by FINRA.

The court disagreed, pointing to the absence of either a relationship between Sagepoint and Small that would constitute Small’s being a customer of Sagepoint or an agreement between the parties to arbitrate disputes.

“Here, any customer relationship between [Small] and Van Zandt based on investment activity in 2008 arose almost four years after Van Zandt ended his affiliation with AGSI,” U.S. District Judge Dora Irizarry wrote in a ruling published May 15. “Further, [Small’s] claims in the arbitration, whether based on AGSI’s alleged supervisory failures or on Van Zandt’s own misconduct, do not allege any time during which [Small’s] investment activity with Van Zandt coincided with Van Zandt’s affiliation with AGSI.”

“Absent any such temporal nexus, [Small’s] investment relationship with Van Zandt does not provide a basis to compel arbitration against AGSI, or against [Sagepoint] as AGSI’s alleged successor,” Irizarry added.

The ruling illustrates at least one limit on investors’ ability to compel arbitration, which is a contractually agreed-upon procedure to resolve disputes. When one party resists arbitration as part of a push to move a dispute into court, a judge will, as in Small’s case, decide whether the arbitration should proceed.

Small charged Sagepoint with seeking to avoid arbitration because the firm disliked the outcomes of other arbitrations that stemmed from Van Zandt’s conduct. However, Sagepoint’s experience in other cases had no bearing on Small’s charges, according to Irizarry.

Though Irizarry acknowledged Small’s contention that federal law has a presumption in favor of arbitration, Small and Sagepoint were battling over the existence of an obligation to arbitrate, according to the court, and not the scope of an arbitration clause.