InsideSources

President Donald Trump’s administration was sued with the help of unions and advocates Monday for reining in a program that helps displaced immigrants by granting them legal status.

The American Civil Liberties Union of Southern California, Unite Here, the International Union of Painters and Allied Trades, the National TPS Alliance, and others are assisting in the lawsuit as part of a larger coalition. The groups are hoping to save hundreds of thousands of immigrants who will soon lose legal status under the Temporary Protected Status (TPS) program. The lawsuit was filed by a group of immigrants within the program including Wilna Destin.

“UNITE HERE has a long tradition of fighting for civil rights and racial justice for all workers, and we’re deeply moved by the courage of our plaintiff, Wilna Destin,” Unite Here said in a statement provided to InsideSources. “Wilna is a Haitian TPS recipient in Orlando, Florida, and her daughter who is also a plaintiff is among the 200,000 American citizens who will lose one or more parents if the current TPS terminations are not reversed.”

President Trump has made immigration a critical piece of his agenda with his promise to prioritize domestic workers over their foreign competitors. The TPS program has become one of the targets of the administration with its decision to roll back the legal status of immigrants from four countries.

“Wilna has spent 18 years building a life in this country, working at Disney and then dedicating her life to worker justice as an organizer,” Unite Here said. “She and her husband own a home, and she exemplifies the best of the American dream. We applaud Wilna’s courage and are committed to further utilizing the labor movement as a conscious for all working families under the immoral and illegal actions of the Trump administration.”

The TPS program allows foreign nationals to stay in the country legally if they are unable to return to their home country safely. The DHS has started to terminate the protected status for Salvadorans, Sudanese, Nicaraguan, and Haitian immigrants. The DHS is hoping to allow for an orderly transition by delaying the terminations by a couple of years.

The lawsuit challenges the legality of the terminations in a few key ways. It alleges that the administration violated the equal protection guarantees under the Fifth Amendment’s Due Process Clause. It also asserts that terminations violate the Administrative Procedure Act and the due process rights of United States citizen children of TPS holders.

“As a result of DHS’s unlawful actions, over 200,000 individuals—many of whom have lived in the United States for decades—face imminent loss of their right to live and work lawfully in this country,” the lawsuit, which was obtained by InsideSources, argued. “In addition, over 200,000 United States citizen children face an impossible choice between leaving the only home they have ever known and growing up without their mother or father.”

The lawsuit alleges that the terminations violate Fifth Amendment equal protection guarantees because they were motivated by intentional discrimination against race and national origin. It asserts the administration has explicitly focused on ejecting non-white, non-European, and non-English speaking people from the United States.

The ACLU has warned that the decisions have created devastating uncertainty for families around the country. Unite Here has been at the forefront in fighting to save these immigrants over the past year. The hotel workers union has organized protests, launched petitions, coordinated with industry groups, and met with lawmakers in its effort. The fight is also personal for the union with some of its members being caught in the rollback.

Supporters have argued that ending the protected status for these immigrants could be disastrous for families, communities, and employers. They contest that these immigrants have integrated into society and become part of their communities in the many years – sometimes decades – they have been here.

The lawsuit also claims that the terminations go against the Administrative Procedure Act because they are a sudden and unexplained departure from decades of practice and procedure. Additionally, it argues that those decisions violate the substantive due process rights of children who have parents within the program by presenting them with an impossible choice between leaving their home countries or leaving their mothers and fathers.

DHS has defended its decision to roll back the protected status of these immigrants by arguing their countries of origin are safe to return to. The TPS program is intended to provide temporary legal status when the immigrants cannot return safely. Critics have countered that some countries are still unsafe and the length of time they’ve been here means they have firm roots in their communities and the economy.

The TPS program also includes immigrants from countries like Nepal, Nicaragua, Somalia, South Sudan, Syria, and Yemen. Supporters are hoping to see the protected status of these immigrants extended until the government develops pathways for them to stay permanently.

Congressional members from both sides of the aisle have worked together in the hope of countering the decision to end the protected status for these immigrants. They introduced a bill Oct. 31 that would allow TPS migrants who arrived in the country prior to January 13, 2011, to claim legal permanent resident status.

The lawsuit was filed alongside a handful of other groups in the federal court in San Francisco

Editor’s Note: The article originally said the unions and advocacy groups filed the lawsuit. This was changed to show they are helping the TPS recipients in their challenge.  

Follow Connor on Twitter

Privacy experts and digital rights advocates want the House of Representatives to reform a loophole to National Security Agency surveillance authority set to expire in December that allows the intelligence community to collect and search data on U.S. citizens without a warrant.

The American Civil Liberties Union (ACLU) in a Tuesday letter called on the House Judiciary Committee to close that loophole in legislation the committee is drafting to reauthorize Section 702 of the 2008 Foreign Intelligence Surveillance Amendments Act (FISA). Section 702 lets the NSA surveil without a warrent foreign nationals communicating with U.S. persons. Critics say it sweeps up data on potentially tens of millions of Americans, which the intelligence community can search under the pretext of national security.

Attorneys for the ACLU said the reform that House lawmakers are considering “would leave the so-called ‘backdoor search loophole’ wide open.”

“We urge you to ensure that any reform proposal include a full fix requiring all agencies to obtain a warrant based on probable cause to search Section 702 data for information about U.S. citizens and residents in all investigations,” reads the letter, signed by a bipartisan group of privacy and digital rights advocates including the Electronic Frontier Foundation, New America’s Open Technology Institute, and the R Street Institute.

Section 702 lets the NSA tap the physical infrastructure of internet service providers, like fiber connections, to intercept foreign emails, instant messages, and other communications belonging to foreign nationals as those messages exit and enter the U.S. According to the NSA it also “incidentally” sweeps up the communications of Americans corresponding with, and until recently, merely even mentioning foreign targets.

Though the law forbids targeting persons inside the U.S., intelligence agencies including NSA, CIA, FBI, and others report they search the incidentally-collected data “in broadly defined ‘foreign intelligence’ investigations that may have no nexus to national security, in criminal investigations that bear no relation to the underlying purpose of collection, and even in the pre-assessment phase of investigations where there are no facts to believe someone has committed a criminal act” absent any warrant requirement, according to the ACLU.

While House lawmakers haven’t released any details about the bill, the New York Times reported in September the proposed legislation would require “FBI agents obtain warrants before searching the program’s repository of intercepted messages for information about American criminal suspects.” The Hill later reported “investigators would apparently only be required to seek a warrant to use Americans’ data in criminal investigations, not national security investigations.”

Lawyers for the ACLU say a “warrant requirement only to searches of Section 702 data involving ‘criminal suspects,’ is not an adequate solution to this problem,” and “ignores the fact that the Fourth Amendment’s warrant requirement is not limited to criminal or non-national security related cases.”

“[U]nder traditional FISA, agencies wishing to collect Americans’ communications in foreign intelligence investigations are required to apply to the FISA Court for an individualized warrant,” the letter said. “Warrantless searches of Section 702 data thus undermine constitutional protections and create an unacceptable loophole to access Americans’ communications in criminal and foreign intelligence investigations alike.”

According to the ACLU, limiting warrant reform to only “criminal suspects” would “likely exclude thousands of searches by the NSA, CIA, and FBI that target U.S. citizens and residents” and “exclude searches performed by the NSA, CIA, and [the National Counterterrorism Center],” agencies focused on foreign threats. The CIA and NSA report they performed 30,000 searches for information about U.S. persons in 2016 alone.

Neema Singh Guliani, legislative counsel for the ACLU, said Thursday that if Congress can’t “significantly reform Section 702, including by completely closing the ‘backdoor search loophole,’ then they should allow the law to sunset” at the end of December.

“Federal agencies like the NSA and FBI should not be permitted to conduct tens of thousands of searches targeting people in the U.S. without a warrant based on probable cause,” she said. “Furthermore, any fix that includes broad national security or intelligence loopholes fails to adequately protect activists, government critics, and minority communities that have a history of being improperly surveilled.”

Attorney General Jeff Sessions and Director of National Intelligence (DNI) Dan Coats asked the leaders of both parties in the House and Senate to permanently reauthorize Section 702 without reform in September. That scenario seems unlikely based on opposition to the law on both sides of the aisle.

Democrat Sens. Ron Wyden of Oregon and Al Franken of Minnesota have blasted intelligence officials for repeatedly failing to produce an estimate of how many Americans are swept up in Section 702. Republican Sen. Rand Paul of Kentucky has raised similar concerns while Republican Sen. Lindsey Graham of South Carolina has taken issue with Section 702 potentially being used for political targeting when used to surveil government leaders in contact with foreign officials, as happened to former National Security Adviser Michael Flynn with Russian Ambassador Sergey Kislyak.

Sessions and Coats in their own letter to Congress argued the program is subject to rigorous oversight from Congress and the Foreign Intelligence Surveillance Court, which oversees the intelligence community in secret. They reiterated Section 702 is not intentionally used to surveil Americans.

Follow Giuseppe on Twitter

More opponents are lining up against congressional Republicans’ online privacy bill, including a trade group representing Facebook and Google — whose user data collection would be limited by the legislation — and the ACLU, which says it will limit states’ ability to pass their own restrictions.

NetChoice, a trade group that includes targeted ad giants Google, Facebook, and Yahoo, says a bill proposed by Republican Tennessee Rep. Marsha Blackburn to make web services and internet access providers like Comcast and Verizon get permission from users before collecting their data will end free services online.

“[I]magine a world where the next time you use a search engine, instead of seeing results, you see a requirement to enter a credit card. Or the next time you visit USA Today there is fewer content and even more ads on the screen,” NetChoice senior policy counsel Carl Szabo wrote in a blog post this week.

“In this alternate world,” he continued, “you are bombarded with pop-ups and interstitials, all of which are asking for consent in various ways: blanket consent for use of all ‘sensitive’ information, consent for use of some sensitive information, consent for use of sensitive and non-sensitive information, and so on.”

Szabo warns that will be the fate of the web if Congress advances the BROWSER Act. Under the law, companies on both sides of the online ecosystem would have to obtain opt-in consent from users before collecting and monetizing their sensitive data, a reversal of the current, largely opt-out requirement set down by the Federal Trade Commission. The definition of “sensitive” includes web browsing history, a category previously left unregulated before the FCC passed privacy rules aimed exclusively at internet service providers (ISPs) last year.

According to NetChoice, the bill would erase $340 billion in advertising revenue over the next five years, citing studies that show opt-in regimes are 65 percent less effective. The loss of targeted ads will mean a greater volume of ads, less content, and more paywalls across popular websites, consequences that will hit low-income Americans and small businesses hardest.

The group argues the FTC already enforces privacy standards and that the industry regulates itself. But the FTC rules only require opt-in consent for the most sensitive information, like health and financial data. Meanwhile, efforts by edge providers themselves, like Google Chrome’s “Do Not Track” feature, are largely ignored by other websites. There’s no law requiring they comply with the browser’s request.

Blackburn, who chairs a committee overseeing the FCC, sponsored the House repeal of the agency’s privacy rules. She and other Republicans said the FCC rules “focused on only one part of the internet eco-system and ignored edge provider services that collect as much, if not more data, than ISPs.”

Many of the Republicans who voted for the repeal count ISPs among some of their largest donors, and became the target of a groundswell of constituent criticism. Blackburn’s bill invited another wave of criticism, including from consumer advocate groups who say the legislation is at best a disingenuous attempt at saving political face with little chance of passing, and at worst cover for preventing states from passing their own privacy standards.

“[O]ur skepticism comes from a provision buried at very end of the bill that would explicitly preempt state legislation on these issues – even if a state passes legislation requiring higher privacy standards than Congress,” ACLU legislative counsel Neema Singh Guliani wrote of the bill. “The provision appears to be a naked attempt to undercut state privacy efforts.”

Some 17 states are working on online privacy legislation in the wake of the repeal of the FCC privacy rules. Those efforts would likely prove problematic for internet service and edge providers, who would have to adhere to different privacy standards across multiple states.

States like New Hampshire are considering rules tougher than those passed by the FCC, including barring ISPs from offering discounts to subscribers choosing to waive privacy protections. Other states are considering a ban on collection altogether.

“Rep. Blackburn’s bill would do precisely what industry wants, which is prevent states from taking their own actions to ensure high privacy standards,” the ACLU attorney wrote.

The pro-net neutrality group Public Knowledge has yet to stake out a position on the bill. Other groups that track privacy issues including Fight for the Future, TechFreedom, and the Association of National Advertisers oppose the bill.

Follow Giuseppe on Twitter

Subscribe for the Latest From InsideSources Every Morning

A lawsuit brought against broad National Security Agency surveillance programs will go forward as a result of a Tuesday federal appeals court ruling, a reversal of a lower court that ruled there wasn’t sufficient evidence NSA spied on Wikimedia.

Three judges on the Fourth Circuit Court of Appeals in Richmond, Virginia Tuesday ruled Wikimedia — the nonprofit organization behind Wikipedia — will be allowed to proceed with its case against NSA upstream surveillance programs. A lower court in December 2015 ruled Wikimedia, the ACLU, and others failed to prove their communications were being monitored by NSA.

“Wikimedia has plausibly alleged that its communications travel all of the roads that a communication can take, and that the NSA seizes all of the communications along at least one of those roads,” judges wrote in the Tuesday decision.

The panel will allow the organization to sue the government for Fourth Amendment violations of Americans’ privacy and First Amendment violations of free speech. Wikimedia argued such surveillance has a chilling effect on users, who censor themselves based on knowledge of the programs leaked by former NSA contractor Edward Snowden in 2013.

“Thus, at least at this stage of the litigation, Wikimedia has standing to sue for a violation of the Fourth Amendment,” the court continued. “And, because Wikimedia has self-censored its speech and sometimes forgone electronic communications in response to Upstream surveillance, it also has standing to sue for a violation of the First Amendment.”

Plaintiffs including Amnesty International, Human Rights Watch, and others filed the case in March 2015 to challenge NSA’s “upstream” surveillance — when the signals intelligence agency taps the physical infrastructure of the internet, such as undersea fiber cables, to surveil the content of foreigners’ emails, instant messages, and other communications as they exit and enter the U.S.

Upstream surveillance is legal under Section 702 of the 2008 FISA Amendments Act, and allows NSA to surveil Americans communications with foreign targets overseas. According to rights groups, it also facilitates a loophole that lets NSA “incidentally” sweep up unrelated data belonging to Americans in the process.

While the agency has for years rebuffed congressional requests for an estimate of the number of Americans incidentally surveilled via upstream surveillance, some estimate it could account for millions to tens of millions of warrantless interceptions.

“If people look over their shoulders before searching, pause before contributing to controversial articles, or refrain from sharing verifiable but unpopular information, Wikimedia and the world are poorer for it,” Wikipedia founder Jimmy Wales said in March 2015 when the ACLU filed the case.

The U.S. District Court for the District of Maryland granted a government motion to dismiss the case in 2015 on the grounds the plaintiffs “had not plausibly alleged that their communications were being monitored by the NSA,” according to the ACLU, whose attorney, Patrick Toomey, argued the case and its appeal last December.

Now the case will go forward, but with Wikimedia as the sole plaintiff. Two judges ruled the remaining eight plaintiffs still failed to make a strong case they were likely surveilled by NSA. The larger scope of Wikipedia and its tens of millions of users make its claim sufficiently plausible within the broad scope of the agency’s various upstream programs.

“This is an important victory for the rule of law. The NSA has secretly spied on Americans’ internet communications for years, but now this surveillance will finally face badly needed scrutiny in our public courts,” Toomey said Tuesday. “Our government shouldn’t be searching the private communications of innocent people in bulk, examining the contents of Americans’ emails and chats day in and day out. This mass surveillance threatens the foundations of a free internet.”

The ACLU challenged upstream surveillance once before in Amnesty v. Clapper, dismissed by the Supreme Court in a 5-4 decision in 2013. At the time, the court said the ACLU lacked evidence to show parties in the case were surveilled.

They tried again after agency slides leaked by Snowden detailing Section 702 programs like “Prism” and “Muscular” showed NSA targeted Wikipedia and its users, and even included the website’s logo in one such slide.

In April, NSA ended the upstream practice of collecting Americans’ email and text messages exchanged with overseas users that simply mention search terms — like an email address belonging to a target — but isn’t to or from a target, known as “about” surveillance.

Privacy advocates including the ACLU celebrated the move, but noted it isn’t permanent, and that Congress should address upstream surveillance via legislation before renewing the FISA Amendments Act when it expires in December.

Follow Giuseppe on Twitter

Subscribe for the Latest From InsideSources Every Morning

Senators opposed to expanding the FBI’s authority to surveil Americans’ online activity barely defeated Republican-sponsored legislation Wednesday, but it may not be long before the measure comes up for a vote again.

Lawmakers voted 58-38 Wednesday denying an expansion to the FBI’s authority to use National Security Letters (NSLs) to subpoena online records of Americans’ online browsing histories, location information, IP addresses and the senders and recipients of emails without a warrant.

Fueled by the recent ISIS-inspired shooting in Orlando, Florida — the deadliest in U.S. history — the provision was offered up earlier this year by Arizona Republican and Senate Armed Services Committee Chairman Sen. John McCain and Senate Intelligence Committee Chairman Richard Burr of North Carolina as an amendment to a Commerce, Justice and Science appropriations bill, skipping scrutiny in either committee before coming to the floor Wednesday.

Director of the FBI James Comey said ascertaining the expanded NSL power was one of the FBI’s top legislative priorities while testifying before the Senate Intelligence Committee earlier this year.

Republican Majority Leader Mitch McConnell missed the procedural hurdle to pass the amendment by two votes, and left voting open on the floor for roughly an hour before changing his vote — a move that allows him to bring it back to the floor for a vote later.

The American Civil liberties Union said later Wednesday “he could call for a vote today, tomorrow, or next week.”

“Just last year, the Senate passed the USA Freedom Act — taking the first steps towards reforming the Patriot Act,” ACLU Washington Director Karin Johanson and legislative counsel Neema Singh Guliani wrote in a letter to lawmakers Tuesday. “The proposed amendment would erode many of the reforms in that bill, expanding existing surveillance authorities that have a history of abuse.”

Passed as part of the Patriot Act in 2001, NSLs currently give the FBI the power to subpoena names, addresses, lengths of service and billing records — otherwise known as “business records” — from internet service providers. McCain’s amendment would expand the net to cover email metadata and additional personally identifiable information.

It would also permanently cement the FBI’s authority to surveil “lone wolf” targets not affiliated with major targets of anti-terror investigations like Orlando gunman Omar Mateen. The authority is currently set to expire in 2019.

Democrats opposed to the bill — including privacy advocate Sen. Ron Wyden of Oregon — said Congress should be tackling gun laws like those that allowed Mateen — despite being under FBI scrutiny prior to his attack — to purchase an assault rifle.

“Yesterday the Senate rejected measures that would help keep guns out of the hands of terrorists and lone gunmen,” Wyden said Tuesday. “Instead, Senate Republicans are pushing fake, knee-jerk solutions that will do nothing to prevent mass shootings or terrorist attacks.”

Wyden described the act as a “lose-lose” that “won’t make our country safer, but it will take away crucial checks and balances that protect our freedom.”

Opposing Democrats were joined by Republican Sens. Rand Paul of Kentucky, Mike Lee of Utah. Influential Democratic Sens. Bob Menendez of New Jersey and Dianne Feinstein of California — well-known as a defense hawk in the upper chamber — did not vote.

A total of 11 Democrats and one independent sided with Republicans to pass the bill, while six Republicans voted against the amendment.

Republicans including McCain and Senate Majority Whip John Cornyn of Texas expressed confidence after Wednesday’s vote they could pass the measure with a second vote.

“It will allow the FBI to collect the dots so they can connect the dots, and that’s been the biggest problem that they’ve had in identifying these homegrown, radicalized terrorists, like the shooter in Orlando,” Cornyn said Tuesday.

Follow Giuseppe on Twitter

The Federal Communications Commission fined Verizon Wireless $1.35 million Monday for tracking wireless customers Web browsing habits with technology left available to third-party advertisers without consumers’ knowledge or consent.

The agency’s settlement with the carrier concludes an FCC Enforcement Bureau investigation launched in December 2014 to examine Verizon’s use of so-called “supercookies,” or permanent identifiers installed in its devices to track customers as they surf from site to site.

Verizon used the unique and undeletable identifiers to more effectively deploy targeted advertising to consumers and left the tool open to use by a third party advertising partner. The headers — inextricably tied to a users’ individual devices — differ from traditional cookies, which can be deleted.

According to the investigation Verizon introduced the identifiers as early as December 2012 but failed to disclose the practice until October 2014.

After the disclosure Verizon said third-party advertisers were unlikely to use the supercookies to build consumer profiles until it was revealed last January a Verizon third-party advertising partner discovered the identifiers and used them to restore cookies intentionally deleted by customers from their devices, “in effect overriding customers’ privacy choices,” the agency said in a statement Monday.

Verizon acknowledged the issue but didn’t update its privacy policy or offer customers the choice of opting out until March 2015.

In addition to paying the $1 million-plus fine Verizon ongoing will have to inform customers about the presence of the supercookies on their devices and seek their consent before tracking their data or let them opt out of tracking altogether.

“Consumers care about privacy and should have a say in how their personal information is used, especially when it comes to who knows what they’re doing online,” FCC Enforcement Bureau Chief Travis LeBlanc said Monday.

“Privacy and innovation are not incompatible,” he continued. “This agreement shows that companies can offer meaningful transparency and consumer choice while at the same time continuing to innovate. I would like to acknowledge Verizon Wireless’s cooperation during the course of this investigation and its willingness to make changes to its practices for the benefit of its customers.”

In a press release the agency cited Communications Act Section 222 as the basis for its action — the same legislation the agency described as the basis for upcoming privacy regulations to govern the use of consumer data by Internet service providers including Verizon, AT&T, Comcast, Cox and Time Warner Cable, which could be announced as soon as this month.

Section 222 gives the FCC authority over how common carriers like telephone networks use customer proprietary network information — personal data on customers carriers retain due to the nature of their relationship in facilitating private communications.

When the FCC reclassified ISPs as common carriers as part of its net neutrality rulemaking last year, it forbore from applying Section 222 to ISPs, describing the rules as too telephone centric, and opted instead to draft new privacy rules for broadband later.

A panel of experts challenged the FCC’s wisdom and legal ability to implement such rules last week, suggesting new technology like virtual private networks and encryption block much of the data ISPs can see already and that the FCC should follow the FTC’s example with flexible standards and case-by-case enforcement.

A group of privacy, civil liberties and net neutrality advocates including the American Civil Liberties Union, Public Knowledge and New America’s Open Technology Institute challenged those claims and called for new rules in a letter to FCC Chairman Tom Wheeler Monday.

“Regardless of encryption, ISPs still receive data related to the frequency, timing, location, and volume of a user’s Internet access,” the letter reads. “This information can reveal intimate details about the subscriber, such as when a user has recently become employed or given birth to a child.”

“Moreover, many Internet users do not even know what VPNs are, much less how to use them. Consumers should not be forced to pay for extra precautions to protect their privacy.”

The dozen groups said ISPs engage in prolific data mining as part of business practices aimed at monetizing consumers personal information, and that the FTC’s approach — making companies disclose their practices via lengthy and legal language-heavy user privacy agreements, and case-by-case enforcement — isn’t enough.

“Research shows that consumers rarely read privacy policies; when they do, these complex legal documents are difficult to understand,” the groups wrote. “Moreover, emphasizing notice or disclosure favors the interests of businesses over consumers and fails to establish meaningful privacy safeguards.”

During a speech last Thursday FCC Wireline Competition Bureau Chief Matthew DelNero said the the move is backed by years of regulatory agency precedent, including at the FCC, and pointed to three chief areas the rules will address — “transparency, choice and data security.”

Follow Giuseppe on Twitter

A federal court is using an 18th century law to force Apple into building a back door for the FBI to assist in unlocking the encrypted data on an iPhone belonging to one of the San Bernardino shooters — an order Apple CEO Tim Cook says he will refuse.

“We have great respect for the professionals at the FBI, and we believe their intentions are good,” Apple CEO Tim Cook wrote in a letter posted late Tuesday on the iPhone maker’s website.

“Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”

United States Magistrate Judge Sheri Pym of the U.S. District Court for the Central District of California ordered Apple on Tuesday to develop a way to disable the iPhone security feature limiting a user to 10 password attempts before it erases the data on the device.

The order states Apple must only build the security workaround specifically for the iPhone 5C belonging to Syed Farook, who with his wife Tashfeen Malik shot and killed 14 people last December in San Bernardino Calif., and died in a shootout with police shortly after.

Director James Comey of the FBI told Congress last week investigators have been unable to access the iPhone of the Islamic State-inspired shooter in the months since the attack as a result end-to-end encryption built by default into Apple’s phones, which the company itself can’t access without the user’s password.

By compelling Apple to disable the limited password attempt feature, the FBI can attempt to brute-force hack the phone by trying random password combinations until they come across the correct one. The order further compels Apple to streamline this process by ensuring the FBI can submit passcode attempts electronically and preventing the phone’s software from delaying consecutive attempts “beyond what is incurred by Apple hardware.”

“Once created, the technique could be used over and over again, on any number of devices,” Cook explained. “In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”

Federal prosecutors said the company “has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily,” and that Apple must provide the FBI with “reasonable technical assistance.”

Judge Pym backed up the court’s order by citing the All Writs Act — a 1789 statute intended to fill in gaps in legal authority where no pre-existing statute applies.

Apple complied with similar FBI requests in the past under the All Writs Act, but fought the most-recent request in New York last year, where a federal magistrate judge in Brooklyn sided with the company in refusing the request and described the use of the All Writs Act as overly broad and inappropriate.

“The FBI is trying to hit the ultimate reset button on privacy, turning the clock back to a time even before the Fourth Amendment’s warrant protections,” president of TechFreedom Berin Szoka said Wednesday. “Using the All Writs Act this way would allow law enforcement to bypass all privacy safeguards. If forcing Apple to hack its own devices qualifies as ‘reasonable technical assistance,’ there is no practical limit to what law enforcement could force private companies to do to compromise the security of their systems under the Act.”

Tech and privacy groups on both sides of the aisle agreed allowing the order to go forward sets a dangerous legal precedent.

“This is an unprecedented, unwise, and unlawful move by the government,” American Civil Liberties Union staff attorney Alex Abdo said Wednesday. “The Constitution does not permit the government to force companies to hack into their customers’ devices. Apple is free to offer a phone that stores information securely, and it must remain so if consumers are to retain any control over their private data.”

“The government’s request also risks setting a dangerous precedent,” he continued. “If the FBI can force Apple to hack into its customers’ devices, then so too can every repressive regime in the rest of the world. Apple deserves praise for standing up for its right to offer secure devices to all of its customers.”

Apple has five business days to file a brief to the court explaining why complying with the order would be “unreasonably burdensome” — something Cook clearly indicated the company intends to do.

“The implications of the government’s demands are chilling,” Cook wrote. “If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data.”

Such access would include include messages, health records, financial data, location tracking, microphone and camera access, all without a user’s knowledge, according to Cook.

“Opposing this order is not something we take lightly,” the Apple CEO continued. “We feel we must speak up in the face of what we see as an overreach by the U.S. government.”

If the court upholds the order, it could signal a significant victory for law enforcement and in particular Comey, who has spent well over a year warning Congress of the dangers of terrorists and criminals “going dark” online via encrypted communications.

Follow Giuseppe on Twitter

A bipartisan coalition of lawmakers across 16 states and the American Civil Liberties Union announced a series of legislative proposals Wednesday aimed at giving Americans greater control over their privacy, including limiting government surveillance and mandating tech companies get user permission to collect data.

Local legislators across the U.S. partnered with the ACLU to draft legislation mandating authorities get a warrant to deploy so-called “cell-site simulators” or “stingray” devices, designed to masquerade as cell towers while collecting private data from cellphones in a given area, including calls, texts, photos and location data.

Law enforcement agencies across the U.S. in recent years have upped their use of the technology, originally meant for anti-terror operations, often without a warrant. The ACLU-backed version would also require authorities to quickly dispose of data unrelated to investigations, frequently swept up from any phone within range automatically connecting to the device.

The coalition’s legislative package also includes limiting school and third-party access to student data, requiring warrants to access student devices on and off campus, prohibiting educational institutions and companies from demanding access to student and employee social media accounts, and mandating states using automatic license plate readers delete information on drivers not suspected of a crime.

A final big ticket measure mimics the recently passed California Electronic Communications Privacy Act, and would prohibit the government from reading the contents of electronic communications without a warrant, in some cases applying the same standard to location tracking.

“A bipartisan consensus on privacy rights is emerging, and now the states are taking collective action where Congress has been largely asleep at the switch,” ACLU Executive Director Anthony Romero said in a statement Wednesday. “This movement is about seizing control over our lives. Everyone should be empowered to decide who has access to their personal information.”

The ACLU coordinated the effort in Alabama, Alaska, Connecticut, Hawaii, Illinois, Massachusetts, Michigan, Minnesota, Missouri, Nebraska, New Hampshire, New Mexico, New York, North Carolina, Virginia, and West Virginia, and Washington D.C., all adopting pieces of the various proposals.

“We are united in our belief that if the government has a legitimate reason for wanting to access someone’s communications or to use a device to track someone’s movements, it must get a warrant,” Romero wrote in a Time op-ed with Michael Boldin, executive director of the Tenth Amendment Center.

“We also believe that if corporations want to track what Americans, including our children, do online, on private social media pages, or in school, they must get clear and express permission to do so. Without a warrant or our permission, they simply shouldn’t be doing it.”

The leaders of both organizations said Americans “have become increasingly outraged and outspoken” about indiscriminate electronic government surveillance, often conducted without a warrant, and companies’ increasing reliance on user data to satisfy business models, legalized via esoteric user privacy agreements.

“In today’s digital age, governments and corporations are armed with powerful tools that enable them to access our personal information without our knowledge or consent,” Romero and Boldin wrote. “Coaches and employers can coerce us into revealing personal information we only want to share with our friends and family. This is unacceptable, and our current laws are not up to the task of protecting us. But as the states are making clear today, the time has come to take a stand.”

The group also expressed frustration with Congress, where privacy reforms including the Electronic Communications Privacy Act — enacted under the Reagan administration — have languished for years, despite broad bipartisan support for reform.

According to a Pew Research report cited by the group from last year, 93 percent of adults think being in control of who can get information on them is important, while 88 percent said they didn’t want someone watching or listening to them without their permission.

Ninety percent of Americans in a poll by Anzalone Liszt Grove Research said the next presidential administration should prioritize “protecting privacy so we have more control over our personal information.”

“In this era of political division, privacy is an issue that bucks the national trend and has brought both sides of the aisle together,” the directors wrote. “Republicans and Democrats alike strongly support laws that empower Americans to take control of their personal privacy.”

Follow Giuseppe on Twitter

Earlier this month Microsoft announced the building and expansion of data storage facilities in Germany, Ireland and the United Kingdom after an EU court invalidated a key U.S.-EU data transfer agreement in October — a response to mass National Security Agency surveillance programs revealed in the last two years.

While the move represents the first time a major U.S tech company has admitted it can’t protect user data inside U.S. borders, the question of whether it will allow Microsoft to skirt the U.S. government’s ability to obtain user data is still very much in the air.

“In terms of the Electronic Communications Privacy Act (ECPA), whether giving the data over to another company would avoid whatever legal obligations they’re under here is a very fact-specific question,” American Civil Liberties Union staff attorney Alex Abdo told InsideSources. “I’m sure that the federal government would argue that so long as Microsoft has effective control over the data, they could still be subpoenaed for it or they could still be ordered or compelled to turn it over.”

Microsoft has been fighting such a battle with the Justice Department since last year, when the government ordered the Silicon Valley giant to turn over user emails stored in a Microsoft data center in Dublin, Ireland as part of an FBI drug trafficking investigation.

Under ECPA — a law passed under the Reagan Administration in 1986 — the government can subpoena U.S. companies’ business records after they’re 180-days old. In recent years, the definition of eligible business records has expanded to include Americans’ emails after they reach the six-month threshold.

In an effort to protect users’ private data in the wake of mass surveillance program disclosures by NSA whistleblower Edward Snowden in 2013, Microsoft, along with the ACLU and others, spent the last year fighting the order and lobbying for ECPA reform, arguing the DOJ has no authority to compel the Windows maker to turn over data stored on another country’s sovereign soil, and that it must go though the foreign government in question.

The government argues that as a company based in the U.S., Microsoft is obligated to adhere to the law, regardless of the physical location of the server itself.

RELATED: Microsoft Email Case Heads Before Second Circuit Wednesday

According to the company’s announcement two weeks ago, it will build two new data storage facilities in Magdeburg and Frankfurt am Main, Germany.

“[A]ccess to customer data stored in these new datacenters will be under the control of T-Systems, a subsidiary of Deutsche Telekom, an independent German company acting as a data trustee,” a company blog post reads. “Microsoft will not be able to access this data without the permission of customers or the data trustee, and if permission is granted by the data trustee, will only do so under its supervision.”

Abdo said that while details about the legal relationship between Microsoft and Deutsche Telekom are unknown, it’s unlikely the DOJ would be deterred.

“I don’t think we know a whole lot about the nature of the relationship between the companies,” he explained. “If Microsoft still had some sort of effective control of the data, then it might be that a U.S. court would agree with the government, but I think that’s kind of an open legal question.”

“It will in part depend on what the courts say about the current legal fight,” Abdo added. “If they say that the government cannot compel Microsoft to turn over information currently, then I don’t think Microsoft gains by moving the data to another country, at least as a matter of U.S. law.”

Though hazy on the legal front, the move is undoubtedly aimed at giving the company a public relations boost in the wake of the Snowden leaks, which revealed Microsoft to be one of the NSA’s closest collaborators in mass surveillance programs like Prism, in some cases even handing over users’ encrypted communications.

The data center announcement was followed by a “3,000-word privacy manifesto” the day after, in which Microsoft President Brad Smith touched on everything from the Foreign Intelligence Surveillance Court — which approves surveillance requests in secret for the NSA — to Snowden himself.

“Microsoft needs to go beyond standing up for the rights of businesses and governments; we need to be a voice for people,” Smith wrote, going on to say the Ireland case “is important not just to Microsoft and its products, partners and customers, but to everyone who uses the Internet.”

“This is about the future of technology,” Smith continued. “With your help, we can create a world in which people can trust the technology they use — a world in which technology continues to empower.”

“Whatever the motive, when companies protect user privacy in a meaningful way, I think that’s a win for everyone,” Abdo said. “Now companies in the U.S., to the extent they didn’t realize it before, know that privacy matter to their customers, and it’s something for which they should be competing. And companies are trying to compete, and that’s great.”

Adbo added there’s still more Microsoft and others could be doing, including offering end-to-end encrypted services not even the companies themselves can access (a service Apple has adopted over iPhone communications, much to the chagrin of the FBI).

“It’s perfectly understandable that they would try to restructure their storage of data to avoid indiscriminate NSA surveillance,” Adbo said. “But in my mind, the solution to indiscriminate NSA surveillance is not stop indiscriminate NSA surveillance, not to try to restructure the Internet.”

Follow Giuseppe on Twitter