Category Archives: DOJ, DC and inside the Beltway

The DNC Sues, Counter Suits in the Making

Posted on by

Tom Perez, Chairman of the Democrat National Committee has filed a lawsuit against 15 entities/people including John Does (which could be 10 or more people). The question is who is funding this lawsuit as the DNC is at least $6.1 million in debt. Oh wait, the DNC is also fundraising off this lawsuit….okay…moving on. The DNC has also requested a jury trial.

Levin: 'The Democrat Party just made a massive mistake' photo

Lawsuits require something called discovery which would be a long process and you can bet the Russian Federation will not even bother with any kind of compliance. Ah yes, we cannot overlook that Julian Assange of WikiLeaks fame is also funding raising to file a counter suit against the DNC. Will any of this go anywhere even if a judge accepts the case? Likely no….it is a collective fundraising gesture and a matter of dragging out the hacking scandals for years to come.

Meanwhile, TechDirt has an interesting summary of this legal warfare.

Most of the time when we see these laws used, they’re indications of pretty weak lawsuits, and going through this one, that definitely seems to be the case here. Indeed, some of the claims made by the DNC here are so outrageous that they would effectively make some fairly basic reporting illegal. One would have hoped that the DNC wouldn’t seek to set a precedent that reporting on leaked documents is against the law — especially given how reliant the DNC now is on leaks being reported on in their effort to bring down the existing president. I’m not going to go through the whole lawsuit, but let’s touch on a few of the more nutty claims here.

The crux of the complaint is that these groups / individuals worked together in a conspiracy to leak DNC emails and documents. And, there’s little doubt at this point that the Russians were behind the hack and leak of the documents, and that Wikileaks published them. Similarly there’s little doubt that the Trump campaign was happy about these things, and that a few Trump-connected people had some contacts with some Russians. Does that add up to a conspiracy? My gut reaction is to always rely on Ken “Popehat” White’s IT’S NOT RICO, DAMMIT line, but I’ll leave that analysis to folks who are more familiar with RICO.

But let’s look at parts we are familiar with, starting with the DMCA claim, since that’s the one that caught my eye first. A DMCA claim? What the hell does copyright have to do with any of this? Well…

Plaintiff’s computer networks and files contained information subject to protection under the copyright laws of the United States, including campaign strategy documents and opposition research that were illegally accessed without authorization by Russia and the GRU.

Access to copyrighted material contained on Plaintiff’s computer networks and email was controlled by technological measures, including measures restricting remote access, firewalls, and measures restricting acess to users with valid credentials and passwords.

In violation of 17 U.S.C. § 1201(a), Russia, the GRU, and GRU Operative #1 circumvented these technological protection measures by stealing credentials from authorized users, condcting a “password dump” to unlawfully obtain passwords to the system controlling access to the DNC’s domain, and installing malware on Plaintiff’s computer systems.

Holy shit. This is the DNC trying to use DMCA 1201 as a mini-CFAA. They’re not supposed to do that. 1201 is the anti-circumvention part of the DMCA and is supposed to be about stopping people from hacking around DRM to free copyright-covered material. Of course, 1201 has been used in all sorts of other ways — like trying to stop the sale of printer cartridges and garage door openers — but this seems like a real stretch. Russia hacking into the DNC had literally nothing to do with copyright or DRM. Squeezing a copyright claim in here is just silly and could set an awful precedent about using 1201 as an alternate CFAA (we’ll get to the CFAA claims in a moment). If this holds, nearly any computer break-in to copy content would also lead to DMCA claims. That’s just silly.

Onto the CFAA part. As we’ve noted over the years, the Computer Fraud and Abuse Act is quite frequently abused. Written in response to the movie War Games to target “hacking,” the law has been used for basically any “this person did something we dislike on a computer” type issues. It’s been dubbed “the law that sticks” because in absence of any other claims that one always sticks because of how broad it is.

At least this case does involve actual hacking. I mean, someone hacked into the DNC’s network, so it actually feels (amazingly) that this may be one case where the CFAA claims are legit. Those claims are just targeting the Russians, who were the only ones who actually hacked the DNC. So, I’m actually fine with those claims. Other than the fact that they’re useless. It’s not like the Russian Federation or the GRU is going to show up in court to defend this. And they’re certainly not going to agree to discovery. I doubt they’ll acknowledge the lawsuit at all, frankly. So… reasonable claims, impossible target.

Then there’s the Stored Communications Act (SCA), which is a part of ECPA, the Electronic Communications Privacy Act, which we’ve written about a ton and it does have lots of its own problems. These claims are also just against Russia, the GRU and Guccifer 2.0, and like the DMCA claims appear to be highly repetitive with the CFAA claims. Instead of just unauthorized access, it’s now unauthorized access… to communications.

It’s then when we get into the trade secrets part where things get… much more problematic. These claims are brought against not just the Russians, but also Wikileaks and Julian Assange. Even if you absolutely hate and / or distrust Assange, these claims are incredibly problematic against Wikileaks.

Defendants Russia, the GRU, GRU Operative #1, WikiLeaks, and Assange disclosed Plaintiff’s trade secrets without consent, on multiple dates, discussed herein, knowing or having reason to know that trade secrets were acquired by improper means.

If that violates the law, then the law is unconstitutional. The press regularly publishes trade secrets that may have been acquired by improper means by others and handed to the press (as is the case with this content being handed to Wikileaks). Saying that merely disclosing the information is a violation of the law raises serious First Amendment issues for the press.

I mean, what’s to stop President Trump from using the very same argument against the press for revealing, say, his tax returns? Or reports about business deals gone bad, or the details of secretive contracts? These could all be considered “trade secrets” and if the press can’t publish them that would be a huge, huge problem.

In a later claim (under DC’s specific trade secrets laws), the claims are extended to all defendants, which again raises serious First Amendment issues. Donald Trump Jr. may be a jerk, but it’s not a violation of trade secrets if someone handed him secret DNC docs and he tweeted them or emailed them around.

There are also claims under Virginia’s version of the CFAA. The claims against the Russians may make sense, but the complaint also makes claims against everyone else by claiming they “knowingly aided, abetted, encouraged, induced, instigated, contributed to and assisted Russia.” Those seem like fairly extreme claims for many of the defendants, and again feel like the DNC very, very broadly interpreting a law to go way beyond what it should cover.

As noted above, there are some potentially legit claims in here around Russia hacking into the DNC’s network (though, again, it’s a useless defendant). But some of these other claims seem like incredible stretches, twisting laws like the DMCA for ridiculous purposes. And the trade secret claims against the non-Russians is highly suspect and almost certainly not a reasonable interpretation of the law under the First Amendment.

 

DNC Lawsuit by Zerohedge on Scribd

End of the Castro Era, yet Communism Prevails Under new Leader

Posted on by

In February of 2013, the 600 members of the National Assembly of People’s Power and the 1600 provincial government representatives voted for Miguel Diaz Canal to be vice president. As of April 2018, Miguel Diaz Canal will reign supreme over Cuba as Raul Castro steps down.

While the Cuban military runs most of the operations in Cuba including all tourism, it is predicted under Miguel Diaz Canal, the junta will expand in Cuba. Cuba remains on the U.S. State Department Tier 2 Watchlist because of human trafficking.

For a historic slide show on Cuba, go here.

El ALBA: Trece años de "una poderosa esperanza" | Cubadebate photo

Cuba remains in an economic crisis and has been patching this crisis with oil agreements with Venezuela, attempting to increase agriculture production and applying some reforms. Meanwhile Cuba has asked Australia, Austria, Belgium, Canada, Denmark, Finland, Italy, Japan, the Netherlands, Spain, Sweden, Switzerland and the United Kingdom for debt forgiveness which in total is estimated in the $11 billion range. Russia wrote off $32 billion in Soviet era debt of Cuba in 2014.

As a continued threat to the United States, Russia re-opened a signals intelligence facility at Lourdes and two Russian oil companies, Gazprom and Zarubezhneft have continued offshore oil drilling exploration operations. In 2014, President Xi of China visited Cuba to sign 29 trade agreements along with debt and  credit cooperation concessions.

Putin in Cuba, hopes for more trade with Latin America ... photo

In 2013, a weapons shipment on board a North Korea ship that left Cuba bound for the return to North Korea was discovered raising additional concerns for sanctions violations of both countries. The ship’s cargo was discovered in Panama due to suspicions of carrying illicit narcotics.

In 2009, the Obama administration began a significant shift in policy toward Cuba launching a new beginning which led to the reopening of the U.S. embassy in Havana. Yet nothing in Cuba changed with regard to human rights violations but some dissident prisoners were released and there were some Cuba spies released from the United States back to Cuba. U.S. citizen Alan Gross was also released from prison by Cuba and returned to the United States. In at least four rounds of talks with Cuba to reestablish diplomatic relations with the United States, Barack Obama sent a resolution to Congress to removed Cuba from the designation of a State Sponsor of International Terrorism. There were no objections by Congress and the rescission of this designation was removed.

Further, under Barack Obama many other initiatives were launched including law enforcement cooperation, smuggling prevention, technical exchanges, environmental, banking, maritime issues, counter-narcotics, trade, travel and cyber-crime. Continued health cooperation, direct mail services and oil spill preparedness were all part of the Obama new era policies.

The Trump administration has made statements indicating a reversal to some of the policy changes made during the Obama administration. This also includes operations at Guantanamo Bay.Meanwhile, Cuba still protects fugitives from justice including Assata Shakur also known as Joanne Chesimard that killed a New Jersey State police officer when she was a member of the Black Liberation Army. Another fugitive is William Guillermo Morales, a member of FALN that a domestic terror group convicted in New York for bomb production and weapons charges in cases going back to 1978.

There are continued property claims totaling 5911 where private property and that of U.S. corporations were confiscated by the Cuban government. The value of these claims is in the $10.9 billion and no resolution is in sight.

So, as Raul Castro passe power to a younger groomed and mentored communist, there is no reason to consider that relations and conditions will improve or move closer to a democratic process in Cuba. Not to be overlooked, the matter of a still unclear health attack of U.S. and Canadian diplomats assigned to the embassy in Havana has not been resolved. Both the United States and Canada have removed personnel as a result of debilitating health issues where Cuba has not protected or mitigated these acoustic attacks in and around the homes of diplomatic housing quarters.

Miguel Diaz Canal will continue to carry on the Castro regime and communist party platform. In fact, it is said that Miguel Diaz Canal will in fact be much more of a hardliner than that of the previous Castro regime.

In a videotaped private meeting with Communist Party members, Cuban Vice President Miguel Díaz-Canel — often portrayed as a moderate politician with a quiet disposition — took on an all too familiar hardline tone that offered a rare glimpse into his ideology.

In the video, which has quickly spread across social media platforms, Díaz-Canel lashed out against Cuban dissidents, independent media and embassies of several European countries, accusing them all of supporting subversive projects.

For the United States, he had this message: Cuba will not make any concessions.

“The U.S. government… invaded Cuba, put the blockade [embargo] in place, imposed restrictive measures. Cuba did not do any of that, so in return for nothing they have to solve those asymmetries if they want relations and if they want normalization of the relations,” Díaz-Canel said in the February meeting captured on video and published by Cuban dissident Antonio Rodiles on YouTube this week.

Have you Met James Fraser? Students may Know him Soon

Posted on by

This fella took over where Howard Zinn left off…beware parents…

James W. Fraser, Professor of History and Education at the Steinhardt School of Culture, Education, and Human Development at New York University, holds a joint appointment in the departments of Humanities and Social Sciences and Teaching and Learning. Fraser’s teaching and research is motivated by his concern with the challenges facing future Social Studies and History teachers who must find ways of engaging sometimes bored students with American and world history. His most recent book, By the People: A History of the United States is designed to help make US History courses more lively, with a focus on the agency of everyday Americans of many different communities, times, and places. Fraser’s work also reflects his concern with complex debates about the place of religion in public schools, especially in the United States, but also internationally. He has written, taught, and consulted about the state of teacher education in the United States and elsewhere, and also written and spoken about the future of the History of Education as an academic field of study. Fraser is the president of the History of Education Society for 2013-2014. He has served on the Editorial Board of the History of Education Quarterly, and as the NYU liaison to New Design High School, a public high school in New York’s Lower East Side, and to Facing History and Ourselves. He is Director of Undergraduate Studies in the NYU Department of Teaching and Learning, and serves on the committees responsible for the NYU programs in London, England and Accra, Ghana.

From 2008 to 2012, Fraser was the Senior Vice President for Programs at the Woodrow Wilson National Fellowship Foundation in Princeton, New Jersey, where he coordinated the different Fellowship programs and led the launch of the Foundation’s Fellowships for Teachers. Now back to full-time teaching at NYU, he remains a senior advisor to the Foundation. Fraser was the founding dean of Northeastern University’s School of Education, serving from 1999 to 2004. He was a member and chair of the Commonwealth of Massachusetts Education Deans Council, the Boston School Committee Nominating Committee, and other boards. He was also a lecturer in the Program in Religion and Secondary Education at the Harvard University Divinity School from 1997 to 2004. He has taught at Lesley University, the University of Massachusetts, Boston, Boston University, and Public School 76, Manhattan. He is an ordained minister in the United Church of Christ and was pastor of Grace Church in East Boston, Massachusetts, from 1986 to 2006 and is now a member of Judson Memorial Church in Greenwich Village, New York.

*** That church by the way is an activist ‘justice’ church. And that activism is pervasive in Mr. Fraser as he is pushing a new high school advanced class history textbook, full of indoctrination.

*** In part:

The final section of the book, titled “The Angry Election of 2016,” is highly critical of Trump.

“Most thought that Trump was too extreme a candidate to win the nomination, but his extremism, his anti-establishment rhetoric, and, some said, his not-very-hidden racism connected with a significant number of primary voters,” Fraser wrote.

book2

A new AP history textbook that covers the 2016 election is coming under fire for being “blatantly biased” against Trump and his supporters.  (Courtesy of Terra Snyder)

Trump voters are described as “mostly older, often rural or suburban, and overwhelmingly white” while the book uses the viewpoint of Clinton voters to describe Trump’s supporters as fearful, backwards, sexist people who supported a mentally ill candidate.

“Clinton’s supporters feared that the election had been determined by people who were afraid of a rapidly developing ethnic diversity of the country, discomfort with their candidate’s gender, and nostalgia for an earlier time in the nation’s history,” the textbook says. “They also worried about the mental stability of the president-elect and the anger that he and his supporters brought to the nation.”

The book also bashes police for its handling of the Ferguson riots.

In a section titled “Black Lives Matter,” Fraser wrote that after the shooting of Michael Brown, Brown’s “parents were kept away at gunpoint.” He paints a negative view of police while glossing over violent tactics carried out by some rioters, critics say.

“The nearly all-white police force was seen as an occupying army in the mostly African American town…the police increased the tensions, defacing memorials set up for Brown and using rubber bullets on demonstrators,” he wrote.

According to his bio, Fraser wrote the book to “help make U.S. History courses more lively, with a focus on the agency of everyday Americans or many different communities, times, and places.” More of the story here.

What is the Syria Strategy from the West?

Posted on by

In the days ahead, it appears that Russia and the rogue friends they keep will respond to the West likely by a obscure cyber war. Take personal caution with your financial activity.

The other warning is news reports for are specific assassination attempts covered to look as suicide. While we heard about the poison assassination attempt in Salisbury, England of Skripal and his daughter, the United States had it’s own successful assassination in 2015 of Mikhail Lesin in Washington DC. Additionally, the UK had two another successful wet jobs as it is called going back to 20o6 and 2010. Those victims were Alexander Litvinenko and  Gareth Williams who worked for GCHQ

There are many other hit operations that happened in Russia including the recent death of Maxim Borodin.

https://treasurereading.com/wp-content/uploads/2018/04/1523901144_Serious-concern-about-death-of-Russian-journalist-Maxim-Borodin.jpg  photo

There are an estimated 250+ journalists that have been killed since the fall of the Soviet Union.

So, it is now declared that the United Nations quit counting the dead from the Syria civil war since the number has officially exceeded 500,000. What is disgusting however is, we sorta care about the dead but the methods no longer matter unless chemical weapons are used. How nuts is that? So, France, Britain and the United States respond to the most recent attack –>  Russia says Syria 'gas attack' caused by terrorist weapons ... photo

check – round one of airstrikes

check – round two of airstrikes

Let’s give credit where credit is due. By John Hannah

First, U.S. President Donald Trump set a red line and enforced it. He warned that the large-scale use of chemical weapons by the Syrian regime would trigger a U.S. attack. When Syrian President Bashar al-Assad crossed that red line a year ago, Trump responded with 59 cruise missiles that took out about 20 percent of Syria’s operational aircraft. A year later, Trump has acted again after Assad chose to challenge him a second time. This attack was twice as big and hit multiple targets, including what U.S. defense officials called the “heart” of Syria’s chemical weapons program, substantially degrading Assad’s ability to produce the deadly agents.

That ain’t peanuts. No, there’s no guarantee it will end Assad’s use of chemical weapons — in which case Trump and his military have made clear that they’ll strike again, almost certainly harder than the time before. And no, nothing that happened Friday night will, in isolation, alter the trajectory of Syria’s bloody civil war. But the effective deployment of U.S. power in defense of a universal norm barring the use of some of the world’s worst weapons against innocent men, women, and children is nevertheless to be applauded — limited an objective as it may be. Also to be praised is the possible emergence of a commander in chief whose threats to use force need to be taken seriously by U.S. adversaries. Once established, this kind of credibility (while no panacea) can be a powerful instrument in the U.S. foreign-policy arsenal. Once lost, it is hard to recover, and the consequences can be severe. For evidence, just see the post-2013 results, from Crimea to Syria.

A second important virtue of Friday night’s attack was its multilateral character. With barely a week’s notice, Britain, France, and the United States, the three most powerful militaries of the trans-Atlantic alliance, all permanent members of the United Nations Security Council, seamlessly operated on the seas and in the skies of the Middle East to defend their common interests and values against a murderous Russian and Iranian client. What’s the worth of that kind of unity, coordination, and seriousness of purpose? It’s hard to quantify precisely. But anyone who’s ever toiled as a practitioner in the national security space knows, deep in their bones, that it matters — a lot. And it especially matters in the case of a U.S. president who has too often unfairly — and, to my mind, dangerously — discounted the value of Europe, the West, and the post-World War II system of institutions and alliances that his predecessors built. In that power and righteousness of the world’s leading liberal democracies acting in concert, there’s a significant value-added that no mere counting of ships, planes, and missiles can adequately capture. Kudos to the president and his team for their skill in mounting this posse. It’s an important framework that they hopefully will continue to invest in to confront the multitude of urgent international challenges now staring us in the face.

A few other related observations: Say what you will about the wisdom of some of the president’s public messaging last week, but once he made clear that he again would act to enforce his red line, U.S. adversaries took him deadly seriously. Russian ships dispersed from port. Syria abandoned its own air bases and rushed to co-locate its aircraft near Russian military assets. And Iranian-backed fighters, including Hezbollah forces, allegedly vacated certain positions and went to ground for fear of a possible U.S. strike. Again, the fact that the United States’ worst adversaries appear to take Trump’s threats with the seriousness they deserve is a very good thing, a genuine national security asset that needs to be husbanded, reinforced, and carefully but systematically exploited going forward. But hopefully last week’s experience also serves as a reminder to the president of the deep wisdom inherent in the criticism that he’s long leveled at his predecessors: Don’t telegraph your military punch.

Another observation: There was much nervous hand-wringing before the strike about a possible U.S.-Russia confrontation. Rightly so. No one wants World War III to break out over Syria. All prudent and appropriate measures should be taken to mitigate those risks. But in some circles, the hyping of the concern threatened to become absolutely paralyzing, a justification (or excuse) for doing nothing in the face of Assad’s abominable use of weapons of mass destruction.

In the end, of course, for all their chest thumping, the Russians did next to nothing as Western planes and missiles flew under their noses to strike a client that they’ve expended significant resources to save.

Just as the Israelis, for their part, have conducted nearly 100 strikes against Russia’s Iranian, Hezbollah, and Syrian allies with barely more than a clenched fist from Moscow. The fact is that for all the firepower they may have assembled in Syria, and for all the success they’ve enjoyed carpet-bombing defenseless civilian populations and poorly equipped Islamist radicals, Russian forces are severely overmatched — both in terms of quality and quantity — by what the United States and its allies can bring to bear in any head-to-head confrontation in the eastern Mediterranean. Putin knows it. So does his military. That reality of the actual balance of power — not only militarily, but economically and diplomatically as well — is always worth keeping in mind.

On their own, the Syrians and their Iranian allies were virtually defenseless against the U.S.-led strike. The best they had was a flurry of unguided missiles haphazardly fired after the mission’s designated targets had been turned to smoldering ruins. Of course, it was only a few years ago (well before the Russians intervened with their advanced S-400 surface-to-air batteries) that senior U.S. officials were pointing to the dangers of Assad’s air defenses as an excuse for not acting to protect Syrian civilians from being systematically terrorized by barrel bombs, indiscriminate artillery fire, and Scud missiles. Let’s hope that the overwhelming success of this attack puts the reality of that threat into somewhat better perspective for U.S. military planners — while also serving as a powerful reminder not just to Assad, but to Iran and other adversaries as well, of the extreme vulnerability they potentially face at the hands of U.S. air power and weaponry.

My criticisms of the U.S. strike? It was clearly at the lowest end of the options presented the president. As suggested by some of what I’ve said above, Trump was too risk-averse. Even with the president telegraphing that a strike was coming, the universe of targets that the United States could have attacked — while still minimizing collateral damage and the threat of great-power escalation — was far larger than what it ended up hitting. Trump could have done much more to degrade the Assad regime’s overall capability to wage war against its own people. The United States could have sent far more powerful messages to the Syrian government’s key military and intelligence power nodes of the risks they run to their own survival through mindless obedience to Assad’s genocidal criminality. Ditto the Russians and Iranians, and the realization that their failure to reign in the most psychotic tendencies of their client could substantially raise the costs and burdens of their Syrian venture if they’re not careful.

In short, everything the United States wanted to do with the strike — hold Assad accountable, re-establish deterrence against the use of chemical weapons, send a message to the Russians and Iranians about the price to be paid for failing to control their client, and move toward a credible political settlement — could have been done more effectively, at acceptable risk, with a significantly larger strike.

More fundamentally, I have deep concerns about what appears to be the president’s emerging strategy in Syria. It amounts to defeating the Islamic State, deterring the use of chemical weapons, and then withdrawing U.S. forces as quickly as possible from eastern Syria. As for the more strategically significant menace posed to vital U.S. interests by an aspiring Iranian hegemon seeking to dominate the Middle East’s northern tier, drive the United States out of the region, and destroy Israel, the administration’s strategy is not particularly compelling. As best as one can tell from the president’s recent statements — including the one he made on Friday night announcing the Syria strike — it amounts to encouraging some combination of regional allies (and perhaps Russia) to fill the vacuum the United States leaves behind.

That kind of abdication of U.S. leadership rarely works out well. Leveraging U.S. power to demand greater burden-sharing from partners who have even more at stake than the United States does? Definitely. Less effective: When the United States washes its hands of a problem with deep implications for U.S. national security in vague hope that other parties — smaller, weaker, more deeply conflicted and strategically myopic than the United States is — will organically rise to the occasion and mobilize a virtuous coalition that takes care of business and keeps at bay the country’s most vicious adversaries.

The president is right, of course: The Middle East is a deeply troubled place. There are no great victories to be won there. There is no glory to be gained. Just worst disasters to be avoided, threats contained, and important national interests preserved. Yes it is imperative that the United States does so smartly, prudently, by, with and, through local partners and multilateral coalitions, using all instruments of national power, and in a way that sustains the understanding and support of the American people. But do so the country must. Packing its bags and vacating the playing field to the likes of Russia, Iran, and Hezbollah is escapism masquerading as strategy. Trump’s important response to the Syrian chemical weapons attack last week is evidence that he may still be capable of grasping that unforgiving reality. He should be encouraged to build on it.

John Hannah

Hey Android Users, How about that Bundled Permission Thing

Posted on by

A few members of congress did ask Mark Zuckerberg about bundled permissions and Zuckerberg played dumb on the question. Remember that thing when your phone asks for permission to post to Facebook? Well it goes across all your synchronized  devices. What? uh huh…read on.

  This screen in the Messenger application offers to conveniently track all your calls and messages. But Facebook was already doing this surreptitiously on some Android devices until October 2017, exploiting the way an older Android API handled permissions.

Better check and ask some harder questions…..

[Update, March 25, 2018, 20:24 Eastern Time]: Facebook has responded to this and other reports regarding the collection of call and SMS data with a blog post that denies Facebook collected call data surreptitiously. The company also writes that it never sells the data and that users are in control of the data uploaded to Facebook. This “fact check” contradicts several details Ars found in analysis of Facebook data downloads and testimony from users who provided the data. More on the Facebook response is appended to the end of the original article below.

This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years’ worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received.

This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us—my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata.

In response to an email inquiry by Ars about this data gathering, a Facebook spokesperson replied, “The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”

The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.

Facebook uses phone-contact data as part of its friend recommendation algorithm. And in recent versions of the Messenger application for Android and Facebook Lite devices, a more explicit request is made to users for access to call logs and SMS logs on Android and Facebook Lite devices. But even if users didn’t give that permission to Messenger, they may have given it inadvertently for years through Facebook’s mobile apps—because of the way Android has handled permissions for accessing call logs in the past. (For Facebook’s instructions on turning off continuous contact uploading, go here. )

If you granted permission to read contacts during Facebook’s installation on Android a few versions ago—specifically before Android 4.1 (Jelly Bean)—that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. From Android 4.1 on, a single request from those applications would trigger two separate permission requests.

But until the “Marshmallow” version of Android, even with split permissions, all permissions could still be presented all at once, without users getting the option to decline them individually. So Facebook and other applications could continue to gain access to call and SMS data with a single request by specifying an earlier Android SDK version. Starting with Marshmallow, users could toggle these permissions separately themselves. But as many as half of Android users worldwide remain on older versions of the operating system because of carrier restrictions on updates or other issues.

Apple iOS has never allowed access to call log data by third-party apps, overt or silently, so this sort of data acquisition was never possible.

Facebook provides a way for users to purge collected contact data from their accounts, but it’s not clear if this deletes just contacts or if it also purges call and SMS metadata. After purging my contact data, my contacts and calls were still in the archive I downloaded the next day—likely because the archive was not regenerated for my new request. (Update: The cached archive was generated once and not updated on the second request. However, two days after a request to delete all contact data, the contacts were still listed by the contact management tool.)

As always, if you’re really concerned about privacy, you should not share address book and call-log data with any mobile application. And you may want to examine the rest of what can be found in the downloadable Facebook archive, as it includes all the advertisers that Facebook has shared your contact information with, among other things.

Update, March 25, 2018, continued:

Facebook responded to reports that it collected phone and SMS data without users’ knowledge in a “fact check” blog post on Sunday. In the response, a Facebook spokesperson stated:

Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provide you with a better experience across Facebook. People have to expressly agree to use this feature. If, at any time, they no longer wish to use this feature they can turn it off in settings, or here for Facebook Lite users, and all previously shared call and text history shared via that app is deleted. While we receive certain permissions from Android, uploading this information has always been opt-in only.

This contradicts the experience of several users who shared their data with Ars. Dylan McKay told Ars that he installed Messenger in 2015, but only allowed the app the permissions in the Android manifest that were required for installation. He says he removed and reinistalled the app several times over the course of the next few years, but never explicitly gave the app permission to read his SMS records and call history. McKay’s call and SMS data runs through July of 2017.

In my case, a review of my Google Play data confirms that Messenger was never installed on the Android devices I used. Facebook was  installed on a Nexus tablet I used and on the Blackphone 2 in 2015, and there was never an explicit message requesting access to phone call and SMS data. Yet there is call data from the end of 2015 until late 2016, when I reinstalled the operating system on the Blackphone 2 and wiped all applications.

While data collection was technically “opt-in,” in both these cases the opt-in was the default installation mode for Facebook’s application, not a separate notification of data collection. Facebook never explicitly revealed that the data was being collected, and it was only discovered as part of a review of the data associated with the accounts. The users we talked to only performed such reviews after the recent revelations about Cambridge Analytica’s use of Facebook data.

Facebook began explicitly asking permission from users of Messenger and Facebook Lite to access SMS and call data to “help friends find each other” after being publicly shamed in 2016 over the way it handled the “opt-in” for SMS services. That message mentioned nothing about retaining SMS and call data, but instead it offered an “OK” button to approve “keeping all of your SMS messages in one place.”

Facebook says that the company keeps the data secure and does not sell it to third parties. But the post doesn’t address why it would be necessary to retain not just the numbers of contacts from phone calls and SMS messages, but the date, time, and length of those calls for years. Sean Gallagher Sean is Ars Technica’s IT and National Security Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.