phone – Techdirt (original) (raw)

Stories filed under: "phone"

Mistrial Declared In Bribery Trial Of AT&T Executive

from the this-is-why-we-can't-have-nice-things dept

I’ve covered telecom giants like AT&T for most of an adult life. And I can tell you with absolute certainty that the company all but owns most state legislatures, who are happy to pass no limit of terrible, anti-consumer, anti-competitive legislation in exchange for a nice vacation trip or campaign contribution.

AT&T lawyers and executives are usually smart enough to avoid leaving any sort of paper trail, bribing officials within the pathetic confines of our existing, really flimsy lobbying and campaign finance laws. But in 2022, AT&T was hit with a $22 million fine for just outright bribing former state Rep. Edward Acevedo and his colleague, Former Illinois House Speaker Michael Madigan.

AT&T was trying to secure legislation that would free the company from having to maintain or repair traditional copper-based (and heavily taxpayer subsidized) phone and DSL service, often still in active use by the poor and elderly. AT&T’s been going state to state, with mixed results, trying to convince state politicians that it shouldn’t have to maintain the copper-based networks taxpayers paid handsomely for and still, in many parts of the country, help connect folks to 911 services.

AT&T used a lobbying firm as an intermediary to pay Acevedo $22,500 over nine months. That resulted in the indictment of Former AT&T Illinois President Paul La Schiazza. But the attempted prosecution of La Schiazza was declared a mistrial last week in Illinois, after prosecutors failed to convince just one of twelve jurors hearing the case that bribery had occurred. La Schiazza’s attorneys were very happy about it:

“Defense attorney Tinos Diamantatos mocked the prosecutors’ case in his closing argument Tuesday, referring to the feds’ “dark and stormy night”interpretation of evidence and at one point calling his client “Mr. Unethical Bribester.” The reality, he said, is that there is no evidence that La Schiazza exchanged Acevedo’s money for AT&T’s legislative success.”

Prosecutors say they had ample email evidence bribery occurred (you can peruse the complaint and case details here). The complaint notes that Acevedo was paid “for supposed consulting services” but clearly “did no work in return for the payments.” The bribes are clearly bribes, but in email correspondence was often couched in the kind of rhetoric that leaves things open to interpretation. If you’re an imbecile.

If you recall, AT&T also was caught in a scandal paying Trump “fixer” Michael Cohen $600k to gain inside access to the former President.

Madigan, meanwhile, is facing his own broader trial on various corruption allegations.

In just the last decade or so AT&T has been fined $18.6 million for helping rip off programs for the hearing impaired; fined $10.4 million for ripping off a program for low-income families; fined $105 million for helping “crammers” rip off their customers; and fined $60 million for lying to customers about the definition of “unlimited” data. It’s also been accused of ripping off U.S. schools for decades, something I’ve yet to see properly investigated.

Usually AT&T cleverly skirts around the limits of our fairly weak lobbying laws, and when they are caught, routinely manages to reduce or avoid fines entirely. Here we have one of the most obvious bribery cases in years showcasing how AT&T literally purchases favorable state legislation, yet it’s still somehow a steep uphill climb toward anything even vaguely resembling accountability or justice.

Filed Under: 911, accountability, bribery, carrier of last resort, corruption, dsl, edward acevedo, paul la schiazza, phone, telecom
Companies: at&t

Major SS7 Vulnerability In Wireless Networks Oddly Gets A Fraction Of The Hysteria Reserved For TikTok

from the you-are-not-serious-people dept

Wed, May 22nd 2024 09:28am - Karl Bode

While lawmakers, looking to get on cable TV, spent much of the last few years performatively hyperventilating about TikTok privacy and national security issues, few of those same folks seem quite as bothered by the parade of obvious, nasty vulnerabilities in the nation’s telecom networks.

For example, we still haven’t somehow addressed longstanding flaws in Signaling System 7 (SS7, or Common Channel Signaling System 7), a series of protocols hackers can exploit to track user location, dodge encryption, and even record private conversations. Governments and various bad actors routinely exploit the flaw to covertly spy on wireless users around the planet without them ever knowing.

It’s very bad, and we’ve know about the problem for a long while. 60 Minutes aired a profile on the issue back in 2016. Senator Ron Wyden demanded answers as early as 2017 from mobile phone companies as to why they haven’t done more to thwart the abuse. I’d always lazily assumed we weren’t rushing to fix the problem because it’s currently being broadly exploited by the U.S. government.

Earlier this month a Cybersecurity and Infrastructure Security Agency (CISA) official broke ranks with the NSA and formally acknowledged for the first time that the U.S. has exploited flaws in SS7 for years, going so far as to use it to track and surveil folks within the U.S. 404 Media has an interesting (but paywalled) report that’s worth a read.

Wyden sent another letter to the Biden administration last February, asking why the government seemingly refuses to take the SS7 flaw particularly seriously:

“Surveillance companies and their authoritarian foreign government customers have exploited lax security in U.S. and foreign phone networks for at least a decade to track phones anywhere in the world. Authoritarian governments have abused these tools to track Americans in the United States and journalists and dissidents abroad, threatening U.S. national security, freedom of the press, and international human rights.”

In April the FCC announced it would finally be probing “grave” weaknesses in both SS7 and another similarly flawed protocol, Diameter. But the generally feckless agency will likely be butting heads not just with U.S. intelligence, but the giant telecoms like AT&T tethered to our domestic surveillance systems. So whether this results in any meaningful reform will have to be seen.

What’s amusing is that this is a massive, significant, proven flaw in our communications networks and a proven risk to national security, and yet you’d be hard pressed to see one-one thousandth of the press coverage or political attention relegated to concerns about a single Chinese app.

The TikTok fracas was utterly avoidable for three straight years as a partially Facebook-driven hysteria about the potential security threat of the app utterly consumed American discourse. Yet if you want to learn anything about the SS7 flaw, you’ll see nowhere near the same attention, with most of the coverage (like the 404 piece or this Economist piece from this month) paywalled.

Recall that Republican FCC official Brendan Carr spent much of the last three years going on cable TV news to whine incessantly about the purported privacy and national security threat of an app he doesn’t have regulatory oversight over. Yet do a basic Google search for his name and SS7 and you’ll find the Commissioner far less invested in a problem in a sector he actually regulates.

TikTok isn’t without issues, but I still tend to think the absolute hysteria surrounding TikTok mostly functions as a policy and media distraction from our comically corrupt failure to pass a modern privacy law, regulate data brokers, and protect U.S. consumers from harm.

Between the robocall scourge and major security vulnerabilities, policy incompetence has resulted in us ceding our wireless communications networks to scammers, scumbags, and surveillance hungry bureaucrats. And outside of Ron Wyden, officials that could do something about it spend more time crying about a popular Chinese app peppered with sexy dancing and adorable racoons — than doing their actual jobs.

Filed Under: 5g, cisa, flaw, nsa, phone, privacy, ron wyden, security, ss7, surveillance, telecom
Companies: tiktok

Verizon Once Again Busted Handing Out Sensitive Wireless Subscriber Information To Any Nitwit Who Asks For It

from the hey,-let's-do-absolutely-nothing-about-this-problem dept

Fri, Dec 22nd 2023 01:52pm - Karl Bode

Half a decade ago we documented how the U.S. wireless industry was caught over-collecting sensitive user location and vast troves of behavioral data, then selling access to that data to pretty much anybody with a couple of nickels to rub together. It resulted in no limit of abuse from everybody from stalkers to law enforcement — and even to people pretending to be law enforcement.

While the FCC purportedly moved to fine wireless companies for this behavior, the agency still hasn’t followed through. Despite the obvious ramifications of this kind of behavior during a post-Roe, authoritarian era.

Nearly a decade later, and it’s still a very obvious problem. The folks over at 404 Media have documented the case of a stalker who managed to game Verizon in order to obtain sensitive data about his target, including her address, location data, and call logs.

Her stalker posed as a police officer (badly) and, as usual, Verizon did virtually nothing to verify his identity:

“Glauner’s alleged scheme was not sophisticated in the slightest: he used a ProtonMail account, not a government email, to make the request, and used the name of a police officer that didn’t actually work for the police department he impersonated, according to court records. Despite those red flags, Verizon still provided the sensitive data to Glauner.”

In this case, the stalker found it relatively trivial to take advantage of Verizon Security Assistance and Court Order Compliance Team (or VSAT CCT), which verifies law enforcement requests for data. You’d think that after a decade of very ugly scandals on this front Verizon would have more meaningful safeguards in place, but you’d apparently be wrong.

Keep in mind: the FCC tried to impose some fairly basic privacy rules for broadband and wireless in 2016, but the telecom industry, in perfect lockstep with Republicans, killed those efforts before they could take effect, claiming they’d be too harmful for the super competitive and innovative (read: not competitive or innovative at all) U.S. broadband industry.

In fact, any time the FCC proposes doing absolutely anything about lax privacy standards in wireless or broadband, Republicans work in perfect synchronicity with Comcast, Verizon, and AT&T to demonize and crush the effort. They’re currently trying to block an FCC effort requiring that broadband providers do a better, faster job informing customers about hacks and data breaches.

The Republican party not only never has to truly own this dangerous policy decision in the press, you can often watch as cable news outlets present Republicans like Marsha Blackburn, Ted Cruz, or Brendan Carr as good faith privacy reformers (see their performative outrage about TikTok).

At the same time, Congress, as a whole, has proven too corrupt to pass even a basic privacy law for the internet era, despite no limit of problematic scandals. In part because there’s a massive coalition of companies across numerous industries lobbying against it, but also because this lax data-hoovering system we’ve constructed helps the government avoid having to get actual warrants.

So what we get is this steady beat of ugly and avoidable privacy scandals we’ve chosen to do nothing about. Those in power have effectively decided that making money is more important than market health, human safety, or pretty much anything else. Eventually, there will be a scandal at a scale so disturbing it finally shakes Congress out of its corrupt slumber, and it’s going to be a doozy.

Filed Under: location data, phone, privacy, security, stalker, verizon wireless service, wireless
Companies: verizon

Apple Now Supports A Federal Right To Repair Law (Its Lawyers Will Help Write)

from the fix-your-own-shit dept

Thu, Oct 26th 2023 05:20pm - Karl Bode

Eager to maintain a lucrative repair monopoly over its products, Apple has had a long history of bullying independent repair shops. Apple lobbyists have also falsely claimed that making its products easier and less expensive to repair would result in vast untold consumer privacy and security nightmares, turning states that consider “right to reform” legislation into lawless meccas for hackers.

But given the immense, bipartisan popularity of right to repair reform, Apple (like Microsoft) back in August claimed it was having a change of heart. The company’s support helped push California’s new right to repair law over the finish line, and now Apple is clearly lending its support for a federal right to repair law:

Apple Vice President Brian S. Naumann made the shocking proclamation during an online right-to-repair event hosted by the Biden Administration Tuesday afternoon. Naumann, who recently echoed support for California’s newly passed right-to-repair law, said both consumers and businesses alike would benefit from clear federal legislation that makes it easier for consumers to repair products while maintaining device security.

Here’s the thing: most of these companies haven’t genuinely changed their stripes. They just know that the bipartisan popularity of these reforms make it impossible for them to continue actively opposing them. So what they’re doing is lending their support for state laws, provided said laws exempt most of the key industries engaged in the dumbest behaviors.

New York and California’s laws are a step in the right direction, but they actively avoid covering key industries where repair monopolies are hugely problematic, like medical hardware, agricultural hardware, or in some instances even phones or game consoles. I’d assume that any federal law where Apple has key input would likely be so loophole-filled and watered down as to have questionable utility.

Activists suggest that some 45 different states are considering right to repair legislation. Like with most policy (net neutrality, privacy) companies would much rather be tasked with adhering to a singular federal law than a fractured web of various state laws. Especially if their lawyers have significantly more input into the width and breadth of that law than activists, consumer groups, or policy experts.

Filed Under: electronics, freedom to tinker, hardware, phone, right to repair, right to repair law
Companies: apple

It’s Beyond Stupid That Robocallers And Lobbyists Have Made Our Voice Networks Almost Unusable

from the fifty-forth-time's-the-charm dept

Tue, Sep 26th 2023 05:23am - Karl Bode

It can’t be said often enough: it’s stunning that we’ve let scammers and scumbags hijack the nation’s top voice communications platform. And that we’ve let marketing and telecom industry lobbyists slowly degrade the authority of the one U.S. regulator capable of actually doing something about it.

Every six months or so the FCC comes out with a new plan it insists will finally fix the scourge that is robocalls. Yet the solutions are never quite enough to actually combat robocallers, who now annoy Americans roughly 5.1 billion times every month. We’ve noted repeatedly why robocalls are a problem that somehow never gets truly fixed:

Still, the FCC really loves putting on a show to suggest that a fix for the problem is just around the next corner. Like last week, when the FCC finally (after years of pressure) closed a loophole pertaining to voice over IP (VOIP) providers that gave robocallers easy access to U.S. phone numbers. Which scammers then use to spoof their numbers and hide their identities:

“…under rules adopted by the FCC yesterday, VoIP providers will face some extra hurdles. They will have to “make robocall-related certifications to help ensure compliance with the Commission’s rules targeting illegal robocalls,” and “disclose and keep current information about their ownership, including foreign ownership, to mitigate the risk of providing bad actors abroad with access to US numbering resources,” the FCC said.”

To be clear: this is good; it’s just not enough.

Every time you see the FCC do something about robocalls, you can be fairly certain that it’s (1) something people had been pressing them to do for the better part of a decade, (2) probably contains ample loopholes as not to offend the “legitimate” companies that utilize the exact same tactics as scammers, and (3) probably won’t actually stop more agile robocallers from annoying the shit out of you at dinner.

Groups like the National Consumer Law Center (NCLC) have repeatedly issued reports detailing that we can’t fix robocalls until the FCC and Congress find the backbone (you might be waiting a while) to stand up to both scammers and legitimate corporations alike:

“Even when these providers are told—sometimes repeatedly—that they are transmitting fraudulent calls, they keep doing it, because they are making money from these calls. And even when they are caught and told to stop, they are not criminally prosecuted, and the fines that are levied are rarely collected.”

The robocall problem is usually framed in the press as a story about robocall scammers deftly outmaneuvering bumbling regulators. But that’s only part of the story. The reality is legitimate companies have actively constrained the FCC’s authority to do its job, blocked real reformers from being seated at the agency, and actively purchased the hollow performance that is modern regulatory oversight.

As a result, you often can’t use the fucking phone. Another byproduct of corruption and unchecked lobbying power we’ve somehow normalized over decades of dysfunction.

Filed Under: fcc, phone, regulatory oversight, robocalls, scammers, scams, spam, telecom, voip

Telecom Stocks Plummet After Report Shows Many Cables Lined With Lead

from the comes-around-goes-around dept

Fri, Jul 21st 2023 02:58pm - Karl Bode

While the telecom industry did manage to successfully defang U.S. consumer protection regulators for the better part of the last decade, they’re still facing some notable headwinds. Broadband growth has dramatically slowed, their cable TV customers are leaving in droves, and while they are getting a ton of new subsidies via the infrastructure bill, a lot of that is going to very popular new publicly-owned competitors.

But there’s another major worry: a new report by the Wall Street Journal (paywalled) showed huge swaths of telecom cabling installed years ago was coated in lead, posing significant health concerns. In response, AT&T did was AT&T always does, which was basically pretend that none of it was real:

Based on information shared by The Journal, it appears that certain of their testing methodologies are flawed and one of the companies responsible for the testing is compromised by a conflict of interest.

But the pressure is on to remove and re-install any lead-coated cabling, and the mounting costs of such a project (estimated to be somewhere around $60 billion) pummeled already reeling telecom stocks for most of last week:

The telecom stocks were already having a rough year. Over the past 12 months, including today’s results, AT&T’s stock is down 34.1 percent. Verizon is down 37.4 percent over the past year. Lumen and Frontier are down 84.2 percent and 52.8 percent during the past 12 months, respectively.

There’s some irony here given that the telecom industry has successfully engaged in one of the most successful lobbying campaigns in recent memory. The Trump FCC was basically a puppet for industry, and the Biden FCC has lacked any competent voting majority thanks to both inherent fecklessness and the industry’s assault on the nomination of Gigi Sohn. Lobbying couldn’t conquer reality, though.

With AT&T’s network being the oldest, they likely face the greatest costs. And while consumers will inevitably be the ones to pay for it (either through higher rates or the government bailing AT&T out with taxpayer money), maybe we could instead use some of the money AT&T reportedly stole from the U.S. school system to fund the repairs instead?

Filed Under: dsl, health, lead, networks, phone, public, telecom

Decades Late, The FCC Might Start Cracking Down On Terrible Telecom Prison Monopolies. Maybe.

from the do-not-pass-go,-do-not-collect-$200 dept

Mon, Jan 9th 2023 01:21pm - Karl Bode

However terrible telecom monopolies are in the free world, they’re arguably worse in prisons. For decades, journalists have outlined how a select number of prison telecom giants like Securus have enjoyed a cozy, government-kickback based monopoly over prison phone and teleconferencing services, resulting sky high rates (upwards of $14 per minute) for inmate families.

Efforts to do something about it were scuttled by FCC boss Ajit Pai, whose former clients included Securus. Pai not only routinely opposed efforts by ex-FCC Commissioner Mignon Clyburn to drive change in the prison telco sector, one of his very first acts as FCC boss was to pull the rugs out from underneath his own lawyers as they tried to support those reforms in court (they, as intended, lost).

Fortunately for inmate families, things finally shifted thanks to the passage of the Martha Wright-Reed Act, which quietly amended the Communications Act to give the FCC the authority to “ensure just and reasonable charges for telephone and advanced communications services in correctional and detention facilities.”

The legislative update removes a loophole that prevented the FCC from taking action against the $1.4 billion prison telecom industry, whose members (like Securus) have also routinely found themselves facing scandals for recording privileged communications between inmates and their lawyers, then covertly sharing it with law enforcement.

“I am committed to working with my colleagues on the Commission to expeditiously move
new rules forward to fix this problem,” FCC boss Jessica Rosenworcel said in a statement. “I also want to highlight the late Martha Wright-Reed for her courageous voice and thank my former colleague Mignon Clyburn for carrying this issue forward at the FCC.”

Granted the FCC still has to actually take action, not exactly its strong suit when it comes to lumbering telecom giants with powerful lawyers. And that’s before you factor in the fact that the agency still lacks a functioning voting majority thanks to the sustained, telecom-industry backed campaign against Biden FCC nominee Gigi Sohn, a battle that will extend well into 2023.

Filed Under: exorbitant phone rates, fcc, inmates, monopolies, phone, prisons, social justice, telecom

New Report Offers Solutions For Our Never Ending Robocall Hell

from the your-car-warranty-has-expired dept

Wed, Jun 15th 2022 06:32am - Karl Bode

We’ve noted several times how there are a few reasons why the U.S. government can’t get a handle on robocalls, despite big announcements every six months or so about how they’re cracking down on the practice and really mean it this time.

One of the biggest reasons is that neither the discourse, nor our solutions, generally make it clear that the biggest robocallers are “legitimate companies.” The focus for agencies like the FCC (something marketing, telecoms, banks, and others encourage) is generally and somehow exclusively on “scammers.” But scammers routinely make up the minority of robocalls:

Source: National Consumer Law Center

But we’re not really tackling truly illegal, scam robocalls either. Every single month U.S. residents receive an estimated 4 billion robocalls. About a billion of those are illegal, outright scammers. That’s more than 33 million illegal scam robocalls every day. As a result, 70% of Americans no longer answer the phone if it’s an unrecognized number. We’ve just ceded a major tech platform to scumbags.

The National Consumer Law Center (NCLC) has spent years providing insights and solutions on this problem. They’ve issued a new report that’s worth a read if you’re at all curious why we’ve allowed a major communications platform to be hijacked by garbage merchants and snake oil salesmen.

The group has testified for years how numerous industries have lobbied to ensure robocall rules have vast loopholes, so their own harassment of consumers (using many of the same tools “scammers” use) isn’t included in any solution. This of course includes debt collectors, who have been shown to harass people they already know can’t pay with sometimes hundreds of calls per day.

The report also notes that the federal government routinely fails to hold major telecom providers accountable for doing too little (or nothing) to thwart specifically illegal, scam robocalls:

Even when these providers are told—sometimes repeatedly—that they are transmitting fraudulent calls, they keep doing it, because they are making money from these calls. And even when they are caught and told to stop, they are not criminally prosecuted, and the fines that are levied are rarely collected. FCC Commissioner Geoffrey Starks has noted this counterproductive dynamic regarding robocalls: “[I]llegal robocalls will continue so long as those initiating and facilitating them can get away with and profit from it.”

Companies like AT&T have a long, rich history of turning a blind eye to the various scams on their networks, almost always because the company is getting a cut. The fines levied are usually a small fraction of the money that’s been gleaned over decades, and the vast, vast majority of FTC and FCC fines on this subject are never collected at all.

Again, the full report (pdf) makes it clear there’s a lot of reasons and a lot of culprits when it comes to U.S. robocall hell. And while there has been a good amount of progress on some fronts (requiring the application of SHAKEN/STIR tech to thwart number spoofing, for example) regulatory fecklessness and an unwillingness to play hardball with industry routinely raises its head:

for more than two years, the Commission has made it clear that it expects providers to couple STIR/SHAKEN (or other “reasonable measures” of call authentication) with reasonable use of call analytics, and that providers are permitted (but not required) to block calls likely to be illegal.116 In so doing, the Commission has placed the emphasis on reasonableness and provider discretion, rather than on effectiveness at actually stopping robocalls.

The report makes it repeatedly clear that the FCC, under both parties, likes to push forth solutions that are generally reactive and toothless, with enforcement to match. On page 26 the NCLC provides concrete steps to fix the problem; though if history is any indication they’ll be ignored.

Filed Under: phone, robocalls, scammers, scams, spoofing, voip

Uh Oh: FBI Serves Search Warrant On Senator Richard Burr, Seizes His Phone

from the how-do-you-feel-about-surveillance-now? dept

I’m wondering how Senator Richard Burr feels about phone encryption right about now? As you may recall, the notoriously pro-surveillance Senator has whined about phone encryption at great length and even introduced legislation that would effectively end encryption on phones.

And yet, the FBI just served a search warrant on him and seized his phone as part of its investigation into claims that he engaged in insider trading:

Federal agents seized a cellphone belonging to Sen. Richard Burr on Wednesday night as part of a Justice Department probe into stock transactions he made ahead of the sharp market downturn sparked by concerns over the coronavirus, a law enforcement official told the Los Angeles Times.

The North Carolina Republican turned over his phone after agents served a search warrant at his home in the Washington area, the official told the newspaper.

This likely means that there’s even more going on than has been made public so far, and it’s unlikely to be good for Senator Burr. As former federal prosecutor Renato Mariotti explains, to get that search warrant, it means that a judge was convinced that Burr likely engaged in insider trading and that there was evidence to that effect on his phone:

This means that a federal judge concluded that there is good reason to believe that Senator Burr engaged in insider trading and that evidence of his insider trading is contained on his cell phone. https://t.co/OkWEjyHAJr

— Renato Mariotti (@renato_mariotti) May 14, 2020

And as others have noted, the FBI — for whatever faults it might have (and they are many) — does not just show up at a Senator’s home with a warrant on a hunch.

Holy moly. Showing up at the home of a U.S. Senator and executing a warrant is not business as usual and not a step the FBI would take lightly. https://t.co/XKgwP5zj65

— Matthew Miller (@matthewamiller) May 14, 2020

Of course, the bigger issue was that while he was selling all those stocks (including a bunch of hotel stocks), he was claiming publicly that everything was fine and that the US had COVID-19 under control. Frankly, that part should be the bigger scandal, but unfortunately it won’t be.

Filed Under: doj, encryption, fbi, insider trading, phone, richard burr, warrant

Court Says Fifth Amendment Covers Smartphone Passcodes, But It's Hardly A Victory For Constitutional Rights

from the blueprint-for-fifth-amendment-evasion-currently-in-progress dept

A recent opinion issued in a prosecution by the Securities and Exchange Commission seems to indicate the government can’t force members of the public to hand over passwords without violating the Fifth Amendment. But the details suggest something else: that this is limited to a very specific set of circumstances and is not in any way precedential, at least not at this point.

The courts have previously weighed in on the legality of forcing people to basically provide incriminating evidence against themselves through the compelled relinquishment of passwords. Back in 2013, a magistrate judge rejected an order compelling a defendant to decrypt a seized hard drive by providing the government with his password. A year later, the Massachusetts Supreme Court came to the opposite conclusion: that the compelled production of passwords did not have Fifth Amendment implications.

The DOJ has argued that it does have the right to demand passwords to unlock seized items and actually found a judge that agreed with it. In that case, the court found that unlocking a device was no different than producing documents at the government’s request — distancing it from the “compelled speech” against a person’s own interests that the Fifth Amendment is supposed to guard against.

This case falls along those same lines, but the legal conclusions are a bit different.

The Securities and Exchange Commission (SEC) is investigating Bonan and Nan Huang for insider trading. The two worked at the credit card company Capital One as data analysts. According to the complaint, the two allegedly used their jobs as data analysts to figure out sales trends at major U.S. companies and to trade stocks in those companies ahead of announced company earnings. According to the SEC, they turned a 150,000investmentinto150,000 investment into 150,000investmentinto2.8 million.

Capital One let its employees use company-owned smartphones for work. Every employee picked his own passcode, and for security reasons did not share the passcode with Capital One. When Capital One fired the defendants, the defendants returned their phones. Later, as part of the investigation, Capital One turned over the phones to the SEC. The SEC now wants to access the phones because it believes evidence of insider trading is stored inside them.

But here’s the problem: The SEC can’t get in. Neither can Capital One. Only the defendants know the passcodes. And the defendants have refused to disclose them. As much as Capital One may want to aid the SEC in prosecuting its former employees, it can’t.

The SEC sought an order to compel the production of the passcodes. The suspects refused on Fifth Amendment grounds. This brings us to the tricky details of this case, which suggest it won’t become an across-the-board Fifth Amendment-protected “right” to deny the government access to password-protected devices and storage.

The government argued for the compelled production of passwords using the “foregone conclusion” doctrine.

The doctrine, introduced in Fisher v. United States, says that the Fifth Amendment doesn’t block complying with a court order when the testimonial part of complying with a court order is a foregone conclusion. In other words, if the government already knows the testimonial part of complying with the order, and they’re not seeking to prove it from the order, then you can’t use the Fifth Amendment to avoid compliance with the order.

In the government’s creative interpretation of the doctrine, the production of passcodes would be no more than the defendants acknowledging they used the phones Capital One supplied them with — something the government already knows and which has been confirmed by Capital One. Therefore, there are no Fifth Amendment implications. The judge disagreed, correctly pointing out that the government was seeking access to documents possibly contained on the phones, rather than simply seeking to confirm what it already suspected: that the phones were used by the defendants.

By using one thing to achieve another, the government was stretching its “foregone conclusion” to cover any evidence discovered on the unlocked phones. If the defendants have reason to believe incriminating documents resided on those phones, they are well within their Fifth Amendment rights to refuse the government’s request. Or so you would think.

Should the SEC ultimately succeed with this interpretation of the “foregone conclusion” doctrine, it will have compelled incriminating testimony. It claims that it’s merely seeking to confirm ownership by seeing if the passcodes unlock the phones. But once they’re unlocked, it can compel the production of documents. Should these prove to be incriminating, it already has the defendants’ admissions that these are their cell phones.

So, this case is less about securing Fifth Amendment rights than the government exploring options on how to obtain permission to compel defendants to hand over access to possibly incriminating information. If the court holds firm in its view of the government’s true aims, it will be a small win for constitutional rights but one unlikely to be applied broadly.

As Orin Kerr points out in a second post on the case, some unanswered questions point towards the government being able to successfully argue that simply providing a password to a locked device isn’t self-incriminating testimony.

If this analysis is right, then the password is incriminating because it provides a link to the evidence. The government could grant the defendants immunity, but it would need to be use and derivative use immunity — that is, immunity not just from the actual testimony but from what the testimony would reveal.See Counselman v. Hitchcock, 142 U.S. 547, 585 (1892). The defendants should win. That’s where Jonathan comes out, and it might be correct.

But I’m not sure. Here’s my question: Does the “link in the chain” test include a merely causal link — that is, a link in the chain to the evidence? Or does “link in the chain” mean that the testimony was part of the evidence of guilt but not enough to prove the entire offense — that is, a link within the body of evidence? If testimony is solely of value for its causal connection to evidence, and it has no evidentiary value itself, is the testimony incriminating?

If the government can argue that compelled production of passwords that leads to the discovery of incriminating material is merely causal (rather than the password itself being evidence of guilt), it may be able to skirt the Fifth Amendment entirely. This has obvious implications in the ongoing law enforcement war on encryption. With no firmly established legal footing for the argument that demanding passwords violates the Fifth Amendment, password-protected encryption will be ultimately no more safe than leaving everything unlocked and in plaintext.

So, while the court has — for the moment — denied the government’s request to compel the production of passwords, the underlying legal entanglements don’t exactly bode well for the future of the Fifth Amendment.

Filed Under: fifth amendment, passcodes, phone, self-incrimination