Slashdot Mirror

← Back to Stories (view on slashdot.org)

SIgn Of the Times: Calif. Privacy Protections Signed Into Law

Posted by timothy on from the persons-papers-and-effects dept.

The EFF reports a spot of bright news from California: Governor Jerry Brown today signed into law the California Electronic Communications Privacy Act. CalECPA, says the organization, "protects Californians by requiring a warrant for digital records, including emails and texts, as well as a user's geographical location. These protections apply not only to your devices, but to online services that store your data. Only two other states have so far offered these protections: Maine and Utah." The ACLU provides a fact sheet (PDF) about what the bill entails, which says: SB 178 will ensure that, in most cases, the police must obtain a warrant from a judge before accessing a person's private information, including data from personal electronic devices, email, digital documents, text messages, and location information. The bill also includes thoughtful exceptions to ensure that law enforcement can continue to effectively and efficiently protect public safety in emergency situations. Notice and enforcement provisions in the bill provide proper transparency and judicial oversight to ensure that the law is followed.

24 of 41 comments (clear)

  1. Protect yourself by WarJolt · · Score: 2

    You should still encrypt your cell phone and if you're going to put anything online you don't want public you should encrypt it before putting it there.

    1. Re:Protect yourself by sexconker · · Score: 1

      No, encrypt it locally with keys only in your brain.

      Alternatively, encrypt it locally with keys only on your computer / in your possession, then encrypt those keys with keys only in your brain. This method lets you manage more unique keys than you can fit in your brain.

    2. Re:Protect yourself by currently_awake · · Score: 1

      Encrypting your phone should keep the local police out, but we should assume the feds have arranged back doors for their own use. I'm not sure we can avoid that problem, given they could pay to have the backdoor installed into the chips at the fab. Ex. they make you run your phone through the scanner at airports. Are they looking for drugs or downloading your phone's memory?

    3. Re:Protect yourself by AHuxley · · Score: 1

      Re: "arranged back doors", weak crypto, trap doors designed in. Equipment interference options for the state or city is now at a very low cost per user from federal/mil contractors or other nations/private sectors.. Collect it all is now at a city budget per year per interesting user.
      Users cannot gain anonymity on any cell network given todays tracking methods and key loggers that are placed at low software levels beyond any user complied crypto app.
      The only way to keep mail, digital documents, text messages safe from unreasonable searches and seizures is to encrypt before digital data entry.
      ie the keystrokes are in code as entered.
      Electronic communications content is safe after sending or waiting to be accessed sounds good to a court and the press but the key loggers at one and then both ends will get all the plain text everytime.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Protect yourself by TheGratefulNet · · Score: 1

      basically you are saying that you'd have to treat the cell phone as simple a transport, only, and never a data entry or even data display device. it should not even be part of any encryption system other than normal cell or wifi. assume its weak and just consider it like UDP (lol). do all your data entry, display and encryption outside of the phone and the phone simply gives you a wifi AP.

      if you think about it, that's a huge waste. such power and display, being ignored and using it just to convert cell rf to wifi rf. in fact, there are boxes that do that cheaper and better. you could get a $30 battery 'travel router' and have cell rf via usb and wifi also over another usb port. that gets you raw ip.

      then, you need your trusted phone, but it can't be any kind of 'normal' phone. and this does not know or care about cell and only speaks ip/wifi. you can have a trustable touchscreen system that does that and it does not have to have any blackbox magic in it.

      it still means you need 2 boxes. but really, since one box (the cell part) will never be 'ours' or trustable, might as well make it its own separate box, create an IP boundary and talk just IP.

      if a phone can be repurposed so that no black magic is left in it and all code is known and trustable, then we could go back to using 'phones' as user interfaces. but really, if you need to trust it, you can't use phones as phones and UI devices anymore.

      shame. really it is. but this is what we have.

      --

      --
      "It is now safe to switch off your computer."
    5. Re:Protect yourself by AHuxley · · Score: 1

      Re "it still means you need 2 boxes. but really, since one box (the cell part) will never be 'ours' or trustable, might as well make it its own separate box, create an IP boundary and talk just IP."
      Or just pen and paper to create the encoded message :) Enter the message and be seen with normal fancy hardware
      The next question is how good is the filtering of all data at a city, state or federal level for all free, open source, commercial encryption use or interest.
      A city/state based journalist shows an interest in unique crypto software and is then using it 12-24 hours later... who with and can the journalists end be collected from. Where is the data flowing? In the city? State? Another local whistleblower is found in near real time :)
      If the news story is been created and communications is been encrypted on a computer like device using well understood digital methods, privacy is gone.
      So yes the 'cell phone as simple a transport, only, and never a data entry or even data display device" is one way to try and keep privacy.

      --
      Domestic spying is now "Benign Information Gathering"
  2. unusual politics by Anonymous Coward · · Score: 3, Interesting

    The most interesting thing about this news item is we have both blue Democratic as well as Red Republican states enacting electronic privacy laws. So here is at least one issue that apparently cuts across the usual liberal - conservative boundaries.

  3. Enforce against the feds? by blindseer · · Score: 2

    The state passes a law requiring law enforcement to obtain a warrant before collecting electronic evidence against you, so what happens if an agent of the federal government violates that law? As I understand our federal system even federal agents cannot break state law. Realistically though I doubt heavily that any federal agent is going to get arrested under this law.

    Curious though, states seem quite willing to break federal law by passing laws legalizing the trade and consumption of marijuana. The federal government has chosen to yield to state laws on this part of law. Perhaps the feds will also recognize state authority on the search and seizure of electronic evidence?

    Right, I don't think so either.

    --
    I am armed because I am free. I am free because I am armed.
    1. Re:Enforce against the feds? by swell · · Score: 1

      Can a state enforce a law against the feds? Ask also if a county or a city can enforce a law against the feds. Where does jurisdiction begin and end? Can you and I as free citizens enforce a law within our home, papers and personal space against the feds?

      --
      ...omphaloskepsis often...
    2. Re:Enforce against the feds? by currently_awake · · Score: 1

      The Federal government is trampling on state rights by legislating in areas where they have no constitutionally mandated powers. Legality of drugs is clearly a state right. I think the feds will handle spying behind closed doors, and publicly let the states have their way.

    3. Re:Enforce against the feds? by kuzb · · Score: 1

      That's not true. When a state law and a federal law conflict, federal law wins.

      See: https://en.wikipedia.org/wiki/...

      --
      BeauHD. Worst editor since kdawson.
    4. Re:Enforce against the feds? by HiThere · · Score: 1

      Right. Federal law and precedent says so.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    5. Re:Enforce against the feds? by The_Laughing_God · · Score: 2

      Of course a state can enforce its laws against the Feds.

      Local police can issue parking tickets to or tow Federal vehicles, even those with Federal plates.

      Federal vehicles must be registered to some state, and must meet the safety/emissions inspections laws of that state (e.g. Federal agencies can't buy non-California certified models to be registered in California). Similarly, states have sued and won Federal agency compliance/cleanup of environmental hazards per state, not Federal, standards law (federal laws may have an impact when it is "federal/military property" such as a state park or military base, but not, say, an FBI Bureau office in a commercial building)

      Note: the above apply to Federal agencies (legitimately called "the Feds"), but the same general principle applies to Federal agents ("a Fed")

      While a homicide committed by a Federal agent in the commission of his/her duties has Federal implications, it is also a local crime; local police can detain/arrest and interrogate a Federal officer, pending further disposition. Other felonies, short of murder, are more clearly handled by state law, without any question of jurisdiction: drunk driving, theft, etc.

    6. Re:Enforce against the feds? by countach · · Score: 1

      Yeah but, while I guess a lot of data is stored in California the NSA is not headquartered there. So what can the state do if the NSA is disobeying it? That's not so clear to me.

    7. Re:Enforce against the feds? by Drathos · · Score: 1

      Maybe it's different on that side of the country, but around here, the feds (FBI, Secret Service, DHS, etc.) drive vehicles with "US Government" tags, not state issued tags. As far as I know, they're not actually registered with the state.

      --
      End of line..
    8. Re:Enforce against the feds? by blue9steel · · Score: 1

      Yeah, we had a bit of disagreement about that initially but it was settled pretty firmly in 1865.

    9. Re:Enforce against the feds? by SScorpio · · Score: 1

      According to the ten amendment it doesn't.

      Sadly federal bullying of state financing says otherwise. When the federal IRS takes 20% or some of my income and my state takes 5%.

      The federal government then says, state this is what is going to happen otherwise you won't get this federal funding, ie you need this legal drinking age or this speed limit or you won't get the federal funding for road repairs.

      Ideally this should be the other way around where the state funds itself, though ironically this would screw over all the anti welfare southern red states that get far more federal funding than their citizen contribute to the federal government.

    10. Re:Enforce against the feds? by sjames · · Score: 1

      Yes, but if the Feds are acting legally due to the lack of a federal law against it rather than under a federal law that expressly permits their action, then the state law will apply.

  4. Accountability for cops by Anonymous Coward · · Score: 1

    Placing limits on law enforcement with regard to digital snooping doesn't work when police both at the individual and agency level do not ever suffer consequences for violating the law.

    In the case of the individual officer, the only limits on them are technical ones, such as in the case of an encrypted device. After detaining a person, the individual LEO might ask to see the suspect's phone. The LEO will state or imply that the detained person will be in a world of shit if they don't comply. A witness could be recording the entire encounter and every single human on earth could be in agreement that it is an illegal search of the suspect's phone. The agency that the LEO belongs to will not punish that individual cop. Even if such an illegal search is proven in court proceedings, it doesn't harm the prosecution's case. The prosecution and police have already engaged in any number of underhanded things such as parallel reconstruction, bringing hundreds of charges to act as bargaining chips in plea deals or have just flat out colluded to lie about events. Hell, the prosecution could walk up to the judge and admit that an illegal search was performed. The worst that's going to happen is that some small piece of evidence will no longer be allowed in the trial. The dozens or hundreds of charges that the prosecution brought based on the content of the illegal search won't be dismissed. I've never even heard of a court that has ruled that the illegal nature of the search of a phone both significantly improves the defendant's position and will result in a punishment for the cops involved and the prosecution.

    tl;dr - cops do not follow the existing laws, passing new laws to limit their overreach is a farce

  5. Doesn't matter. by kuzb · · Score: 1

    As long as federal law trumps state law, you aren't protected.

    --
    BeauHD. Worst editor since kdawson.
    1. Re:Doesn't matter. by Anonymous Coward · · Score: 1

      Probably should vote in someone to shut it down at a federal level then.
      http://feelthebern.org/bernie-...

  6. NSA/DHS? by ramriot · · Score: 1

    Does this also include an exemption for the ubiquitous NSA/DHS hovering up of metadata, arguably the bigger problem here. If not how does CA expect to enforce its rules over data that leaves or enters CA soil, which is substantial?

  7. Good start by Impy+the+Impiuos+Imp · · Score: 1

    Thank you! I would prefer this enshrined as a constitutional right rather than a legislative one, but it's a start.

    Ideally, have an amendment stating one's papers w r t the 4th Amendment, shall include but not be limited to electronic records, data storage, and transmissions wherever they may occur.

    This could conceivably happen via Supreme Court decision as they love "evolving standards and expectations" to alter what is and is not constitutional for the government to do. Current warrantless invasiveness is based on an ancient ruling about phone records, being in the business, are not something a reasonable person expects privacy over. Now they do.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  8. WE ALREADY HAD THESE RIGHTS by Anonymous Coward · · Score: 1
    FOURTH AMENDMENT. It's simple. Quite simple.

    The fact that California thinks it necessary to pass a law for this at all indicates that things need to be done which I can't say for fear that our all-powerful masters in the government might do bad things to me. Thinks about it; we can't even criticize the government for violating the rights that we already had.

    "To learn who rules over you, simply find out who you are not allowed to criticise" - Voltaire

    Think not "Oh, how wonderful that California is now requiring warrants!" that's like thinking "Oh, how wonderful that California has now made murder illegal!"

    Think instead: "How shall we punish the dogs, the traitors, that violate our rights and undermine liberty? How shall we punish them to deter the other curs from doing the same? How shall we give them reason to fear the rightful rulers of our country-- the individual people themselves?"