Blog Ipsa Loquitur

Thursday, June 14 was President Trump’s birthday. Now, for my birthday, I got a notebook with special fountain pen-friendly paper because I live in Brooklyn, and they’ll kick me out if I don’t use an old-fashioned pen.

For the President’s birthday, he and his three favorite children found out they were the subjects of a lawsuit filed by the New York State Attorney General, Barbara Underwood. The AG is suing the four Trumps for their maladministration of the Donald J. Trump Foundation, a not-for-profit corporation; as a bonus, the Foundation itself is a party to the lawsuit.

Now, first things first. This is a civil suit, not a criminal case. While the defendants (the four Trumps and the Foundation they run) are accused of breaking the New York State Not-For-Profit Corporation Law, nobody’s going to jail at the end of this trial. The law says non-profits have to do ABC and can’t do XYZ, and the Attorney General has complained to a court that the Foundation did not do ABC and did do XYZ in violation of the law. Think penalties being imposed and business permits being revoked, not people going to jail.

So in a civil suit, the complainant is the person who files the complaint to the court. In addition to complaining that the defendant(s) did something wrong, the complainant asks the court to do something about it. In this case, the AG has asked the NY Supreme Court to freeze the Foundation’s assets, dissolve the Foundation (i.e. the not-for-profit death penalty), fine the Trumps for the benefits they accreted by breaking the Not-For-Profit Corporation Law, and ban the various Trumps from running New York charities for various lengths of time.

And one last thing: the terms “non-profit” and “not-for-profit” can be used interchangeably. A non-profit is just a kind of corporation with some extra rules on it: it’s not allowed to pay dividends to its shareholders, for example. (More on that below.) A charity is a specific kind of non-profit corporation in New York; not all non-profits are charities, but all charities are non-profits.

Published on under Board of Director? I hardly know ‘er!

Anna Maria Barry-Jester and Mai Nguyen measured how bail works in New York City, analyzing over 100,000 cases handled by the largest public defense organization in the State. When you’re indicted by a grand jury, you’re arraigned – taken to the court and asked by a judge how you plead.

[We] found that how much bail you owe — and whether you owe it at all — can depend on who hears your case the day you’re arraigned. New York’s judges are assigned to arraignment shifts, hearing every case that comes into the court during that time. Because the assignments are random — judges hear cases solely based on when people are arrested and how busy the court is — we can identify whether defendants are being treated equally regardless of who hears their case. They are not.

In New York City, when clients of The Legal Aid Society who were charged with a misdemeanor in 2017 entered their initial arraignment, they had anywhere between a 2 and 26 percent chance of the judge setting a cash bail, depending on which judge was randomly assigned to oversee the court that day. For felonies, the range was even wider: anywhere between 30 and 69 percent. Those not assigned bail are likely to be released without having to pay, which means getting arrested on the wrong day can have a major consequence: You are more than twice as likely to have to pay your way to freedom. Can’t find the money? You’re stuck in jail.

There are a lot of interesting implications here. While I think the idea that the justice system’s imposition of bail is inequitable isn’t terribly controversial (in my circles, at least), seeing it quantified like this is striking. On the one hand, judges are people, and people aren’t identical. There will always be tougher judges and more lenient judges, so long as people are doing the job of setting bail after an arraignment.

But on the other hand, this is a little like having instant replay for called strikes in baseball, or offsides calls in ice hockey. What’s striking isn’t the fact that umpires and referees get it wrong sometimes, it’s how often that happens and what that says about all the times these decisions were made before we could review them qualitatively or quantitatively.

Published on under The other kind of open data

I enjoyed this piece from Riana Pfefferkorn, writing in NYU Law’s Just Security, on the implications of a forthcoming iPhone feature called “USB Restricted Mode” that blocks all connections to a computer if the phone hasn’t been unlocked in over an hour. Today, even if the police don’t know the passcode to unlock your phone, they can connect your phone to a special computer that will try all possible passcode combinations from 000000 to 999999 over the span of a few days. This fall, Apple will push an update to iPhones that disables that port, and makes it harder to break into a locked iPhone.

As Pfefferkorn explains, the police don’t need a search warrant if there are what’s called “exigent circumstances” – and if the phone is about to lock everyone out of itself forever, Apple might be shooting itself in the foot:

The 2014 Supreme Court case Riley v. California requires police to get a warrant before searching a smartphone seized from someone who’s been arrested. […] “If ‘the police are truly confronted with a “now or never” situation,’ … they may be able to rely on exigent circumstances to search the phone immediately,” the Court said. Id. at 2487 (citation omitted). DOJ could thus thread the needle by arguing that the mere possibility that USB Restricted Mode is enabled on a seized iPhone creates “a ‘now or never’ situation” necessitating the immediate use of Cellebrite or GrayKey without waiting for a warrant.

Applied broadly to iPhones, this exception would swallow the Fourth Amendment’s general rule. The “we need to dump the phone ASAP just in case USB Restricted Mode is on” approach might fly in a one-off situation. But that uncertainty will probably be present most times police seize a locked iPhone. Under that logic, it would be OK to forensically search any iPhone immediately without a warrant, because there would always be exigent circumstances.

That is not how an exception to a rule works. “Exigent circumstances” are supposed to be situational and case-specific. The DOJ’s own manual for electronic evidence search and seizure acknowledges as much: “in electronic device cases, as in all others, the existence of exigent circumstances is tied to the facts of the individual case.” Given that recognition, DOJ would be hard-pressed to adopt or defend a policy allowing warrantless searches of iPhones a priori in all instances on the rationale that every single time police seize an iPhone, they “are truly confronted with a ‘now or never’ situation” as Riley said. That is particularly so given the alternative ways that police, with a warrant, could get data from a locked, encrypted phone, as a recent law review article about Riley explains—for example, going to the relevant service provider and asking for cloud backups of the phone’s contents.

The Fourth Amendment isn’t exactly my strong suit, so this was an extremely educational read.

Published on under This wasn’t covered in ’99 problems’

Sam Rutherford in Gizmodo on how Spain’s Biggest Football App Reportedly Turned Fans Into Unwitting Narcs:

The La Liga app, which is the official streaming app for Spain’s most popular football league, has reportedly been using the microphones on fans’ phones to root out unauthorized broadcasts of matches in public venues like bars and restaurants. It sounds exactly like the kind of surveillance people are afraid of when it comes to modern technology, but as is often the case, the La Liga app technically asks users in Spain for permission to access their mics, according to Spanish Website El Diario.

After downloading the La Liga app, it presents Spanish users with two options: a standard terms-of-service agreement, and a second, opt-in permission that gives La Liga consent to activate your device’s mic and even turn on GPS to help pinpoint the location of unlicensed broadcasts. However, according to the report, the only way you’d know that is by reading the fine print that accompanies the permissions—which no one ever does. Even more troubling, it seems this behavior has been going on for a while, and only recently has been brought back to light thanks to Europe’s new GDPR online privacy laws.

First, it’s nice that modern smartphone platforms have a structured permissions system through which users can grant—and deny—apps access to certain sensors on the phone. The app I use to take notes or write emails doesn’t need access to my GPS coordinates, for example. That was not always the case, and this is definitely an area where smartphone manufacturers have done a good job protecting their consumers.

Second, it makes much more sense for the Googles and Facebooks of the world to offer this kind of surveillance as a service to copyright holders than for companies like La Liga to try to freelance this thing. While El Diario mentions the La Liga app has been downloaded more than 10 million times, that’s still a small fraction of the overall smartphone base.

For example, YouTube scans uploaded videos for copyrighted content, but that might be a result of its tortured history with copyright holders as much as anything else. It’s unclear to me how the La Ligas of the world would convince Google to turn every Android phone into a copyright informant.

Published on under Nosotros Somos El Hermano Grande

Like just about everyone who took an Intro to Psychology course in college, I learned about Philip Zimbardo’s “Stanford Prison Experiment” as a parable about the dangers of groupthink and the ease with which authority—real or imagined—led to the abuse of power. I didn’t know the experiment was fatally flawed until I read The Lifespan of a Lie by Ben Blum:

Zimbardo, a young Stanford psychology professor, built a mock jail in the basement of Jordan Hall and stocked it with nine “prisoners,” and nine “guards,” all male, college-age respondents to a newspaper ad who were assigned their roles at random and paid a generous daily wage to participate. The senior prison “staff” consisted of Zimbardo himself and a handful of his students. The study was supposed to last for two weeks, but after Zimbardo’s girlfriend stopped by six days in and witnessed the conditions in the “Stanford County Jail,” she convinced him to shut it down. Since then, the tale of guards run amok and terrified prisoners breaking down one by one has become world-famous, a cultural touchstone that’s been the subject of books, documentaries, and feature films — even an episode of “Veronica Mars.” ​ The way I learned it, the guard’s behavior was a natural byproduct of the prisoner/guard relationship. However:

Once the simulation got underway, [The “warden,” undergrad student David] Jaffe explicitly corrected guards who weren’t acting tough enough, fostering exactly the pathological behavior that Zimbardo would later claim had arisen organically.

“The guards have to know that every guard is going to be what we call a tough guard,” Jaffe told one such guard. “[H]opefully what will come out of this study is some very serious recommendations for reform… so that we can get on the media and into the press with it, and say ‘Now look at what this is really about.’ … [T]ry and react as you picture the pigs reacting.”

Though most guards gave lackluster performances, some even going out of their way to do small favors for the prisoners, one in particular rose to the challenge: Dave Eshelman, whom experimenters nicknamed “John Wayne” for his Southern accent and inventive cruelty. But Eshelman, who had studied acting throughout high school and college, has always admitted that his accent was just as fake as Korpi’s breakdown. His overarching goal, as he told me in an interview, was simply to help the experiment succeed.

I’m not a sociologist, and I don’t know that a double-blind experiment is the right approach here. (Though it’s fun to imagine a “prison” split in half by bars, and the people on each side are unsure whether they’re prisoners or guards.) But over and over in Blum’s examination of the Stanford Prison Experiment, the researchers seem to have pretty blatantly interfered with the process.

And this isn’t just modern science second-guessing the research methods of yesteryear:

Despite the Stanford prison experiment’s canonical status in intro psych classes around the country today, methodological criticism of it was swift and widespread in the years after it was conducted. Deviating from scientific protocol, Zimbardo and his students had published their first article about the experiment not in an academic journal of psychology but in The New York Times Magazine, sidestepping the usual peer review.

Famed psychologist Erich Fromm, unaware that guards had been explicitly instructed to be “tough,” nonetheless opined that in light of the obvious pressures to abuse, what was most surprising about the experiment was how few guards did. “The authors believe it proves that the situation alone can within a few days transform normal people into abject, submissive individuals or into ruthless sadists,” Fromm wrote. “It seems to me that the experiment proves, if anything, rather the contrary.”

For those of you keeping score at home, the silver lining here appears to be “the situation didn’t turn guards into monsters; some of the guards were monsters this whole time,” which is silver-ish at best. I’ll take it.

Published on under Compliance Will Be Rewarded

Remember the San Bernardino shooters? The husband and wife team that walked into his office holiday party and opened fire with a pair of assault rifles, and were then shot to death by police after a brief car chase? Detectives recovered the husband’s work phone, an iPhone with full-disk encryption enabled.

At the time, the FBI had a whole song and dance routine about how dangerous encryption was, and how companies like Apple needed to build the FBI a system to get keys to unlock any device at any time. But the FBI mishandled the phone in that investigation and made their own jobs a whole lot harder.

As I wrote about it back then:

Look, if local police in a tiny town in the middle of nowhere had screwed up this badly, we’d wonder why the FBI wasn’t entrusted with this. But the FBI made their jobs a lot harder; this can’t be their first time at the iPhone Evidence Rodeo, so how could they have locked themselves out of the phone? […] Sure is funny how the FBI was hilariously inept in their investigation, and now the only way they can get into the phone is by having Apple build a tool to circumvent its own security measures, right?

After all, if you were the FBI, and you wanted a test case, this whole “real live radicalized Muslim terrorist committing an act of war on American soil with pipe bombs and assault rifles before dying in a glorious shootout with the police” thing would be, like, the perfect test case. It sure would be a shame if the traditional investigation went awry, and the only way to get access to the phone was filing a completely novel test case.

That’s a pretty cynical take, I’ll admit. I more or less tiptoed up to the precipice of accusing certain members of the FBI of sabotaging their own investigation; it didn’t seem out of the question that the FBI was using that phone as ammunition in a broader war on encryption. Fortunately, cooler heads prevailed and the only backdoors in my phone are planted by the NSA. Ha ha(?).

Well, earlier this year, the FBI’s Inspector General issued a report on the San Bernardino iPhone investigation. That report is not much kinder to the FBI than my blog post from 2016. Susan Landau, law professor at Tufts University and one of the preeminent experts on this topic, breaks it down for folks like you and I:

For the FBI, the IG report brings some good news: No one deliberately withheld knowledge to prevent opening the locked iPhone. But that’s about the only positive revelation. The IG report chronicles foot dragging during the efforts to open the locked device and, in a critical instance, an aversion to finding a technological resolution of the issue outside of the court case. Above all, the IG report casts doubt on the argument that locked phones are “warrant-proof” devices preventing law enforcement from doing its job.

The FBI’s failure to open the iPhone was a result of bureaucracy and slowdown. Two units of the FBI’s Operational Technology Division (OTD) were key to eventually unlocking the iPhone: the Cryptologic and Electronic Analysis Unit (CEAU), which examines data on digital devices, working largely on criminal cases, and the Remote Operations Unit (ROU), which uses network exploitation techniques and appears to work largely in classified cases. […]

The CEAU and ROU weren’t communicating about this matter, but once they did, things moved pretty quickly:

The ROU chief reached out to his vendors, and on March 16, 2016, discovered that one of them was already 90 percent of the way toward a solution. At the FBI’s request, the vendor reallocated resources, moving work on opening the iPhone “to the ‘front burner.’” A month later, a vendor demonstrated a solution to the FBI, and the court conflict between Apple and the FBI was over.

Opening the locked iPhone should have been a good within the FBI. But that was not the view held by the CEAU chief; he apparently asked the ROU chief, “Why did you do that for?” The CEAU chief told the Inspector General “after the outside vendor came forward, the CEAU chief became frustrated that the case against Apple could no longer go forward.”

That’s a striking story. We have the FBI director testifying—and U.S. attorneys submitting a motion operating of of the same premise—that only Apple could unlock this terrorist’s phone. But it seems that what was really going on, at least on the part of some FBI investigators, was an unwillingness to really try.

Boy, that sure sounds like what privacy experts were publicly worried about back in 2016, doesn’t it?

Published on under Staring Into the Abyss