Not on Her Watch
Her knowledge of Internet law is profound, and her advocacy for civil liberties is fierce. Meet Jennifer Granick, one of the country's most powerful voices for digital privacy.
Photo: Michael Sugrue
By Mike Antonucci
To understand Jennifer Granick’s views on freedom and privacy, consider her interactions with Apple. In 2010, she and the company were at odds. Debate was raging over the practice of “jailbreaking,” which enabled iPhone users to circumvent locks Apple put on its devices so they could switch carriers or install apps not sold by Apple. The company claimed the practice led to copyright infringement. Then, Granick was civil liberties director at the Electronic Frontier Foundation, an advocacy group focused on protecting individuals’ rights in the digital world. Her group successfully persuaded the U.S. Librarian of Congress to adopt a rule clarifying that jailbreaking doesn’t violate federal law.
But last fall, their interests aligned. Federal prosecutors in Brooklyn wanted Apple to disable the encryption on a mobile device whose owner was under investigation. Granick signed on to an amicus brief that defended Apple’s interest in building robust privacy and security features into its products. The brief also argued that Congress specifically chose not to require certain technology companies to create “backdoors” into their encryption features to enable access for law enforcement purposes.
Now director of civil liberties at Stanford Law School’s Center for Internet and Society, Granick seems to be engaged as a lawyer, a scholar or an advocate with nearly every hot-button political and social issue influenced by technology. She’s fiercely concerned about the vulnerability of average citizens to government surveillance programs ostensibly dedicated to national security and antiterrorism efforts. Frequently she cites the classified national security files leaked by former government contractor Edward Snowden.
“Right now I think it’s really scary,” Granick says, “because we’re living in a time where we found out that much of the most controversial things our government does, it does in secret—and doesn’t tell us about and there’s no clear avenue for us to find out.”
Surveillance stands out in part because she’s working on a book about it—how pervasive it is, what the nature of government misconduct is and how much “regular people” are at risk. As she sees it, the world’s vast trove of digital information can invite abuse. “It enables people in the government to misuse the data to go after you,” Granick says, “either for sort of selective law enforcement, or for blackmail, or dirty tricks campaigns, or to embarrass you, or to get informants about you or something like that.”
Granick, 46, took her current position at Stanford in 2012, rejoining the center where she had been executive director from 2001 to 2007. Her expertise is broad: Surveillance systems, computer crime and security, Internet law, data protection, cryptography policy, consumer privacy, copyright and trademark are all within her bailiwick. A list of her most prominent past legal clients reads like a roll call of rebels, rogues and underdogs, ranging from an agitator who created fake airline boarding passes to hobbyists in conflict with Texas Instruments for reverse engineering their calculators.
Her advocacy campaigns, including critiques of security legislation and calls for investigations of the intelligence community, spotlight the deep divisions that prevail nationally about government transparency versus covert safeguards. To former FBI agent Rick Smith, who accumulated 20 years of experience on domestic and international espionage cases, the alarms raised by critics about intentional abuse of surveillance powers for political or discriminatory purposes are vastly exaggerated. “I don’t think they know enough about it,” says Smith, now a private investigator in San Francisco. “It just doesn’t work that way.” Recently, FBI officials have lobbied Congress for expanded surveillance powers as communications move increasingly from telephone calls and text messages to encrypted platforms such as Apple’s iMessage and Facebook’s WhatsApp—where warrants for wiretaps don’t reach.
What stands out about Granick is that she has captured the attention—and respect—of fellow scholars and lawyers, law enforcement officials and lobbyists, judges and legislators, regardless of whether they agree with her positions. Herbert Lin, senior research scholar for cyber policy and security at Stanford’s Center for International Security and Cooperation, says Granick is one of the most notable “free and open Internet” proponents. “She warns of a technology environment that subverts the early dreams of those who hoped that the Internet would be an instrument of social good and liberty,” says Lin, also a research fellow at the Hoover Institution. “She and I are often on opposite sides of a policy fence, but an essential aspect of my work has to be considering what Jennifer and her supporters might think about any argument I might make.”
Granick On How Surveillance Affects Everybody
“(People) feel like, ‘Oh, the government’s never going to go after me.’ But I think everybody has a cause that they care about . . . whether your cause is gun rights or gun control, if your cause is climate change, if your cause is Planned Parenthood, pro or con . . . this is something that matters to you, and you have leaders who help put forward this argument, and all of those arguments are meant to change the way things are now. And so they’re challenges to the current system, and in our democracy, we welcome those challenges—that’s part of how society evolves. But those groups, those causes, those advocates, are all susceptible (to surveillance), as are journalists and whistleblowers. . . . So if you care about knowing things about your government . . . and you want to know that judges are ruling the way they are because that’s what they believe the law is and not because they’re being blackmailed, or you think that senators should be free from that kind of influence—this surveillance impacts all of those issues.”
Lee Tien, ’79, a senior staff attorney for the Electronic Frontier Foundation, worked with Granick when she was the organization’s civil liberties director, from 2007 to 2010. He describes a plain speaker whose credibility is too substantial too ignore. “She has great influence in the area of computer crime and computer security,” Tien says. “I always listen to Jen. We don’t always agree, but I’d be crazy not to think about her point of view.”
Given the flashpoint nature of her work, her Stanford platform and the persona of an activist as well as an academic, it’s no wonder Granick has gained national visibility. Just don’t make the error of casting her as someone motivated by politics instead of scholarship, says law professor Barbara van Schewick, director of the Center for Internet and Society. Her positions, insists van Schewick, are born of exhaustive research.
“It is not her goal to get rid of surveillance,” says van Schewick. “The big question for her is where the right balance is between surveillance power and civil liberties. She believes that balance is not in place anymore.”
Granick says she was “shy and nerdy” as a kid growing up in New Jersey. Her father, who worked in educational testing, had some sort of 1970s-era terminal that connected via phone lines to a network or service with text-based games. He can’t remember exactly what the thing was, but it makes him think of the 1983 movie WarGames, in which Matthew Broderick gets entangled in a dial-up game of global crisis with an aerospace defense supercomputer. Granick was 7 or 8 when she learned to solve online game problems such as “You’re standing in the woods—what do you do?” Aha, you “turn left.”
When she was a junior in high school, she read Steven Levy’s 1984 book, Hackers: Heroes of the Computer Revolution. Its credo, which emphasized the free exchange of information and changing life for the better, made such a lasting impression that it seems to be her intellectual bedrock. As the keynote speaker at last summer’s Black Hat security conference—which draws mainstream programmers as well as “underground researchers,” aka hackers—Granick described the book’s impact in unflinchingly utopian terms. “The idea,” she told the assemblage, “was that we would have this global network, and the global network would allow us to communicate with anyone, anywhere, anytime. And that would bring us all of the hopes and dreams and glories that the human mind and heart could dream of. I wanted to live in that world.” That’s far more than a mantra, say people who have seen Granick in action—it’s more like an energy source. “I think passion is what makes her powerful,” Tien says.
Granick’s first job after graduating from UC Hastings College of the Law in 1993 was with the California public defender office, concentrating on death penalty cases. She went on to broader work by volunteering her services in cases that gave her experience, connections and some notoriety. Particularly memorable was her disruption-friendly help in defending bicyclists who were arrested by San Francisco police for their participation in the monthly Critical Mass, a group ride on downtown streets. Before the decade was over, she had become the go-to person for conspicuous hackers by immersing herself in issues of computer crime and security.
When she was just seven years out of law school, a Forbes.com article anointed her “The Lawyer Hackers Call.” If prosecutors were after you for, say, exposing insecure information on a corporation’s website, Granick was the rock-the-system champion who would exalt your freedom of access.
In one memorable case in 2008, Granick was leading the Electronic Frontier Foundation’s Coders’ Rights Project when the Massachusetts Bay Transportation Authority filed a federal lawsuit against three MIT students for bringing national attention to a vulnerability in the MBTA’s automated fare system. Granick and the EFF spearheaded the defense, pro bono. A gag order against the students was lifted—that was the big win—and the case was settled, with the students agreeing to work with the MTBA to improve the fare system’s security. “A really fun case,” says Granick. “The clients were smart, the cause was free speech, and we were ultimately able to convince the court to let the truth be told.”
A few years later, Granick’s brief tenure at the Internet law firm ZwillGen included giving advice to a technology security company that had been, yes, hacked. That spurred another Forbes.com story, which described the hacker fraternity’s reaction to Granick’s corporate work as shock and disappointment. It was an atypical episode in Granick’s history, yet also a signal, perhaps, that she shouldn’t be so glibly pigeonholed.
Despite her professional interests, for example, little about her personality comes across as geeky or wonkish. Almost all her conversation is squeezed between gregarious laughs. She wrote her carefully prioritized to-do lists on paper for a long time before going electronic. Her gear is garden variety—Android phone, MacBook and iPad—and her spare-time talents have been honed without a keyboard: “like how to make cookies.” She says she has kept her 8-year-old twin daughters relatively sheltered from the digital milieu, while the household instead gives attention to things like softball and My Little Pony comic books. Of the cookies in particular, she says, “I know a lot.”
Last summer’s Black Hat speech undoubtedly enhanced Granick’s reputation in certain circles—she’s one of only two women who’ve been given the keynote microphone since the conference’s founding in 1997—but her stage presence was hardly a surprise. The quintessential moment that van Schewick points to is the commencement address Granick made at her undergraduate alma mater, New College of Florida, in 2014. It was during college, Granick told the graduating class, that she recognized her life’s calling—“studying systems of power, and when they enable liberty and when they cross the line into oppression.” Finding that direction, she explained, was spurred by the new way she began to look at the interplay between authority and freedom.
To the crowd’s delight, her examples included her account of being at the college pool and seeing a sign on the wall: No riding bikes off high dive. Her audience cracked up, but Granick was serious, speaking with what sounded like a dollop of mischief, about the dilemmas and psychology of individual rights. Riding a bike off the high board never would have occurred to her before she saw the sign. “But there was a rule against it, and as a result, I felt oppressed.”
Granick On Using Her Parents as a Sounding Board
“For stuff like, ‘What do normal people think?’ I talk to my mom and dad. . . . With them, I think about speech stuff. Right now we have this big push by different governments to have platforms policed for jihadist speech—how does that come off? When my mom sees that on the news, what does she think?”
Thinking expansively about choices—and about what might limit them—dovetailed with comments she made about surveillance later in her address. She pounded away at how much information-gathering the Internet has enabled and how much of it the government has done in secrecy. Yet in her wrap-up, she bequeathed her concern as a question the new grads needed to answer for themselves: “How much surveillance and how much secrecy are compatible with democracy?”
Granick’s work on surveillance is incorporated in actions such as comments she filed with the Privacy and Civil Liberties Oversight Board, an agency established after 9/11 to review the balance between federal antiterrorism efforts and the protection of civil rights. She posed a variety of questions she would like the PCLOB to investigate about a section in federal law that supports large clandestine surveillance programs, but she considers them to have gone largely unanswered in a subsequent report by the board. All the questions were legally complex, but a good sense of what Granick is after is contained in this one: “What is the national security value of authorizing warrantless surveillance of people who are not agents of foreign powers?” This falls under Granick’s continuing concern about the surveillance of “regular people,” and she argued in a blog post that PCLOB “punts generally on the important issue of privacy rights for people around the world.”
Other items on Granick’s wish list are congressional hearings on surveillance activities and more limits on the kind of information that remains classified. Institutions involved in national security operations, she says, may have particularly strong claims to secrecy, but not in situations where the public interest is paramount, such as exposing “instances of wrongdoing.” Hearings are crucial to overcoming government evasion, says Granick,
because academic and other private researchers lack the subpoena power that Congress can bring to bear.
When it comes to hackers, Granick acknowledges there are some who are plainly bad guys, destructive and malicious. But she is tolerant to exuberant about an assortment of others who are ethically controversial but often credited with uncovering problems of public importance. Tell Granick you’re not sure you want her enabling hackers and she practically gushes, “You totally do.” She has a raft of reasons, such as misguided laws and prosecutions. But her quickest answer is about the good that hackers do when they expose threats to public safety. “Do you remember Jeep Cherokee just did a recall because their cars could be remotely attacked? Hackers found that out.”
Among the people with extra insight on Granick is Kevin Poulsen, a onetime notorious hacker sentenced to federal prison and subsequently paroled in 1996 with a stipulation barring him from using computers and the Internet. Granick signed on pro bono to help him challenge that stipulation. Although prosecutors elected to reduce the ban before Granick could file her challenge, Poulsen says she was one of a very small group of attorneys “who really grokked” the technical and legal frontiers of the time. Poulsen, now a journalist, says he has watched Granick transform from a pioneering defense attorney into “a visionary big thinker.”
Another hacker she supported was Aaron Swartz, ’08, a prodigy programmer and Internet activist who killed himself in 2013 at the age of 26. At the time, he was under federal indictment for data theft in a case about the downloading of a huge quantity of academic journal articles. Granick didn’t represent him but had provided some advice. When she learned of Swartz’s death, she quickly blogged at length, and emotionally, about both her sorrow and her belief that the Computer Fraud and Abuse Act had been exploited to wrongly prosecute Swartz with “draconian” power. She wrote that she cried not only for Swartz and his family, but also for herself because she felt guilty about not having done more on his behalf.
She concluded, “To Aaron’s friends and family: I’m sorry. In the aftermath of this great loss, all I know how to do is make a To Do list. I am going to try to make changes that will reduce the chances that something like this happens again.”
Since Swartz’s death, Granick has advocated for Aaron’s Law, a bill to modify the CFAA, a federal anti-hacking statute that prohibits unauthorized access to computers and networks. Passed in 1986, the statute has been updated six times and remains controversial. Aaron’s Law, initiated by Silicon Valley Rep. Zoe Lofgren, ’70, and Oregon Sen. Ron Wyden, ’71, in 2013 and reintroduced last year, in part seeks to stop prosecutors from pursuing criminal sanctions against individuals for breaking contracts, like a website’s terms of service. But the bill has made little progress: “Getting Congress to do something that reins in law enforcement is not easy,” Granick says.
When Granick surveys the state of the Internet, she worries about a huge range of encroachments. The list is growing and includes blocks on access in some countries, regulations on content in others, and a Web that’s increasingly commercialized and corporately centralized. In the back of her mind is the late Jacques Ellul’s book The Technological Society, which she read at New College and recalls as a warning about the way technology “perverts” society when people are enamored with it.
“That had a big effect on me, although now I live in that perverted human society and I love it,” she says, her laughter spilling out. “I fear it, but I love it.”
- You must log in to comment.
Mike Antonucci did a fantastic job summing up what is generally a complex subject. It's reassuring to know there are experts out there with the balance Jennifer Granick has shown between academia and activism. We need more passionate people with high levels of expertise. Clearly, Jennifer fits the bill to a "T".
The ongoing (nascent) battle between privacy and security, as our enemies gain skills via social networks, will be a worthy war where we need a few generals like Granick ! Kudos !
Posted by Mr. David Elton III on Jan 5, 2016 2:38 PM
Let Me Introduce Myself
The Effort Effect
The Menace Within
Bananas Are Berries?
What It Takes
Data is from the past two weeks.