September 27, 2016 The Playpen Story: Rule 41 and Global Hacking Warrants

The warrant the FBI used in the Playpen investigation�which resulted in the delivery of malware to over a thousand computers, located around the world�violated Rule 41, an important rule of federal criminal procedure. Although Rule 41 may seem obscure, it plays a vital role in limiting when federal law enforcement agencies can conduct lawful searches and seizures. The warrant used in the Playpen investigation is an omen of warrants to come. That�s because DOJ is advocating for a change to Rule 41 that, if it takes effect, was designed to authorize exactly this kind of warrant.

Let’s take a look at Rule 41, what happened in the Playpen case, and the changes DOJ is trying to make to the rule�changes that must be stopped.

What is Rule 41?

Rule 41 is a part of the Federal Rules of Criminal Procedure�a set of rules that govern criminal investigations and prosecutions in the federal court system. Rule 41 authorizes federal magistrate judges (a specific type of federal judge) to issue search warrants for federal law enforcement.

One important restriction in the rule deals with where the warrant application must be made. Right now (and subject to a few exceptions that aren�t relevant here), Rule 41 only authorizes magistrate judges to issue warrants to conduct searches in the judicial district where the magistrate is located. So, for example, if the FBI wants to search a house in San Francisco, it must apply for a search warrant in the Northern District of California�not the Western District of Texas.

This �territorial� restriction is an important one. It ensures that any search or seizure that is authorized has a sufficient nexus to the judicial district, and it helps guard against law enforcement �forum shopping��where law enforcement is able to seek out sympathetic or unquestioning judges to obtain warrants, even if those warrants have little or no connection to the judicial district.

Why did the Playpen warrant violate Rule 41?

In the Playpen case, the FBI blew straight through that territorial limitation. The FBI went to a magistrate judge in the Eastern District of Virginia and asked her to sign off on a warrant that would allow them to deliver malware to search any computer that accessed Playpen�no matter where the computer was located.

And the FBI did just that, searching computers located in Arkansas, California, Louisiana, Massachusetts, Oklahoma, Ohio, Pennsylvania, Texas, Washington, and Wisconsin�just to name a few examples.

Under the terms of Rule 41, the magistrate could only authorize searches that occurred in the Eastern District of Virginia (save those irrelevant exceptions). But remember: because users were accessing the site through Tor, the FBI didn�t know where its searches would take place. That means a user might have accessed the site, and searches might have been carried out next door, the next city over, the next state over, or the next country over. There�s evidence, in fact, that the FBI did conduct international searches. These types of international searches are particularly problematic because many countries have laws prohibiting precisely this type of hacking.

If the FBI didn�t know where its searches would occur, then why did the magistrate issue the warrant? The short answer: the FBI misled the judge. As you can see below, the warrant application clearly states that the searches will be carried out on persons or property . . . located in the Eastern District of Virginia[.]”

That was not true, and the FBI knew it. Had the FBI filled out the warrant application honestly, making clear that it did not know where its searches would be carried out, there’s a good chance the magistrate would not have issued the warrant in the first place. In fact, one court reviewing the issue said exactly that, finding that had [the Magistrate judge] understood that the NIT technology would search computers in other districts. . . she probably would not have issued the NIT Warrant given the limitations of the Rule.”

The FBI also did not bother to mention that the magistrate was authorizing activities that would likely violate the laws of other countries�a convenient omission, to say the least. Yet this is all information the federal judiciary needs when it is signing off on warrants, especially ones authorizing a surveillance technique as novel as the one used here.

Fortunately, almost every federal court that we know of that has looked at the issue has recognized that the warrant ran afoul of Rule 41, although the courts have disagreed about whether the violation requires suppression of the evidence obtained through the search. In our view, this kind of misrepresentation from federal law enforcement shouldn’t be tolerated by the courts. The only option is suppression.

So how does the proposed change to Rule 41 figure into this, and how will this affect Internet users more generally?

As we�ve written about before, DOJ is pushing a change to Rule 41. The new Rule 41 would, for the first time, authorize magistrates to issue search warrants, like the Playpen warrant, when �technological means� like Tor or VPNs are obscuring the location of a computer, or when a computer is swept up in a botnet.” In these circumstances, law enforcement could remotely access, search, seize, or copy data on computers, no matter where the computers were located and without providing notice to the users being searched. That means the FBI could go to almost any federal magistrate judge and get a warrant authorizing the FBI to hack into a computer (or, as was the case in the Playpen investigation, thousands of computers), no matter where in the world those computers are located.

Make no mistake: the changes to Rule 41 will result in many, many more warrants like the one used in the Playpen case. Fine,” you might say, I’m not doing anything illegal online. The FBI won’t have any interest in hacking into my computer.” But, because the Rule 41 changes authorize hacking when a computer is part of a botnet, even innocent users caught up in a botnet could be unknowingly subjected to an FBI search.

Perhaps that’s all fine and good, if there were strict limitations on the circumstances the FBI could use this authority, the information they could obtain from searches, and mandatory transparency about when and where these techniques are used (among other concerns). But right now, there is very little cabining law enforcement’s authority. The FBI is making up the rules as it goes along. And, and as we’ve blogged about before, courts looking at the Playpen cases are struggling mightily in applying traditional legal rules, like the Fourth Amendment, to the government’s new hacking techniques.

With the courts struggling to place appropriate limitations (and the FBI suffering from serious deficits in candor), right now is not the time to massively expand the government’s authority to hack into private computers. Congress cannot expand the government’s authority without establishing rules to govern (and limit) that authority. That�s why we need your help in speaking out against the changes to Rule 41
artcles FBI hacking legal
September 27, 2016”>Government �hacking� and the Playpen search warrant

In recent months, over a dozen district courts have handed down divided opinions on the legality of a single search warrant that was used to search the computers of many visitors to a child pornography website. The warrant raises interesting legal issues, although I think the significant issues are mostly not the ones that have received the most media attention. Many of these cases are headed to various courts of appeal, so I thought I would present an overview of the investigation and discuss some of the legal issues raised by the warrant. In September 2014, the federal government began investigating a child pornography website available only as a hidden service on the anonymized Tor network. The site, known as Playpen, could only be found if a person used Tor and knew the random string of numbers and letters that made up the site�s online address. In just a few months, Playpen drew more than 200,000 global users who contributed more than 100,000 posts. Every user had to log in with a username and password to visit the site. Thousands of posts on the site contained child pornography, and much of the rest of the site was discussions about child pornography.

As an anonymizing service, Tor hid the true IP addresses of Playpen account holders. Without knowing those IP addresses, there was no obvious way the government could identify and prosecute the account holders. The government devised the following strategy to reveal the users� true location. After taking over the website pursuant to a warrant, the government obtained a second search warrant from a magistrate judge in the Eastern District of Virginia allowing the government to install a �network investigative technique� (�NIT�) on the computers of Playpen account holders. This second warrant is what I am calling the Playpen warrant.

According to the Playpen warrant, when a visitor logged in to the site with a username and password, the NIT would be secretly installed on the visitor�s personal computer. The NIT would then send the government identifying information about the user�s computer, most importantly the computer�s true IP address from inside the user�s machine.

For reasons I don�t quite understand, it appears that the government executed the warrant more narrowly than the warrant says. Although the warrant says that the NIT can be installed when a user logs in to his account, the government apparently only installed the NIT when a logged-in user clicked on a link to access the �Preteen Videos�Girls Hardcore� forum. But the warrant itself was written more broadly to authorize the use of the NIT when a user logged in to a Playpen account.

The big picture here is that the NIT was used to bypass the anonymizing feature of Tor. Tor hid the users� IP addresses, but the NIT would go directly into the suspect�s computer and retrieve the real IP addresses that Tor had hidden. When investigators learned the targets� actual IP address, and addresses resolved to addresses inside the United States, investigators could then get additional court orders to identify where in physical space the computer was likely located. They could then obtain additional search warrants to conduct searches there, searching homes for the computers and finding child pornography on the machines.

During the time that the NIT was used, as authorized by the warrant, it led to the installation of the NIT on more than 1,000 visitor computers. This led to around 200 nearly identical criminal cases all around the United States charging child pornography offenses. All of the charges stemmed from the one search warrant issued by a magistrate judge in the Eastern District of Virginia.

The Playpen case has received a lot of media attention, including about the ethics of the government running the Playpen server for a window of time while the monitoring occurred. For the rest of this post, I�ll pick just three among the many issues that have received attention or that I think deserve more attention. A significant amount of media attention about the Playpen cases has focused on a curious argument. A minority of the judges have held that the the Playpen searches were constitutional because they weren�t searches at all. According to this argument, a person has no Fourth Amendment rights in IP addresses. Because the most important information obtained by the NIT was IP addresses, use of the NIT was not a search and no Fourth Amendment rights were violated. As far as I can tell, the government has not actually made this argument. Rather, it is a position introduced by one judge and then adopted by some others.

This argument is clearly wrong, though. Individuals have Fourth Amendment rights in information stored inside their computers unless they voluntarily share the information. A person using Tor has not voluntarily shared his IP address with the websites he visits. Indeed, the absence of voluntarily sharing is precisely what led the government to surreptitiously obtain the information using the NIT. Given that a Tor user has not voluntarily shared his IP address, it doesn�t matter that obtaining an IP address from a third party or a visited website would not be a search in other circumstances that did involve voluntarily sharing.

Put another way, it�s the way of obtaining information that makes the act a search, not the information itself in the abstract. This point is obvious in the physical world. See Arizona v. Hicks, 480 U.S. 321 , 325 (1987) (�A search is a search, even if it happens to disclose nothing but the bottom of a turntable.�). It should be equally obvious with computers. If the police want to read today�s newspaper, they can�t break into my house and open my desk drawer to find my copy without committing a search. The fact that they could have read the newspaper by finding a copy in public doesn�t mean they can break into my house to read mine. Similarly, the fact that IP addresses may be available without searching a target in some cases doesn�t mean they can break into his computer to find the IP address without committing a search. A much more interesting question is whether the Playpen warrant satisfied the Fourth Amendment�s requirement that warrants must particularly describe the place to be searched. Here�s how the warrant described the place to be searched: This warrant authorizes the use of a network investigative technique (�NIT�) to be deployed on the computer server described below, obtaining information described in Attachment B from the activating computers below.

The computer server is the server operating the Tor network child pornography website referred to herein as the TARGET WEBSITE, as identified by its URL � [omitted]� which will be located at a government facility in the Eastern District of Virginia. The activating computers are those of any user or administrator who logs into the TARGET WEBSITE by entering a username and password.

The place to be searched, in other words, was the �computers . . . of any user or administrator who logs into the TARGET WEBSITE by entering a username and password.� Was this description constitutionally adequate?

I haven�t seen good discussions of this in the cases so far. But it�s a serious question, I think.

On one hand, courts have approved quite general descriptions of the place to be searched in cases that involved monitoring that would go to different and unknown places. For example, in United States v. Karo, 468 U.S. 705 (1984), the Supreme Court suggested that that warrants to install a locating beeper could simply name �the object into which the beeper is to be placed� as the place to be searched. Under this approach, the thing into which the surveillance tool is placed becomes the place to be searched for purposes of the warrant, even if the location where the surveillance will reveal the beeper to be is unknown and unknowable.

Lower courts have taken a similarly flexible approach in cases that involved roving wiretaps. See, e.g., United States v. Petti, 973 F.2d 1441, 1445 (9th Cir. 1992) (allowing roving wiretaps that name the place to be searched as any �telephone facilities actually used� by an identified speaker). Under that approach, it is at least plausible that listing the place to be searched as the �activating computers . . . of any user or administrator who logs into the TARGET WEBSITE by entering a username and password� satisfies the Fourth Amendment standard.

On the other hand, those precedents are potentially distinguishable because they involved the monitoring of a single suspect or single device. The Playpen warrant authorized searching an unlimited number of computers located all around the world. The place to be searched was not wherever a single suspect went, or a single item of property, but rather thousands of machines located throughout the planet (or, if you assume that the warrant was only needed and effective inside national borders, hundreds of computers throughout the United States) in an automated process.

This raises an intriguing question: Is there a limit on how many different places can be searched under a single warrant while still satisfying the requirement that the warrant describe the �place to be searched�? Can a single warrant justify a search of thousands or even (hypothetically) millions of computers, all used by different people who don�t know each other? At what point does the use of a single warrant to search many places make the warrant a general warrant that the Fourth Amendment prohibits?

Resolution of these questions hinge in part on level of generality courts use to interpret the particularity-as-to-place requirement. Do you take it on its face, requiring a single place to be searched? Do you take it more generally as a concern with ensuring narrow warrants, so that the particularity requirement is met if the warrant is not too broad? Do you take it even more abstractly as reflecting a concern with avoiding searches of innocent people, so that the particularity requirement becomes part of the probable cause requirement?

For example, does the existence of probable cause as to each place (assumed for now) negate the particularity concern, or does the Fourth Amendment have a cap on the number of different places searched even if there is probable cause for each place? And if there is such a cap, is there a way to draft the warrant to allow such multiple automated searches? Or are such automated searches prohibited by the Fourth Amendment under the particularity requirement?

These are really interesting issues, I think, and the trial court decisions I have seen haven�t engaged much with them. I expect the appellate courts will hand down important rulings on these questions. A lot of the litigation on the Playpen warrant has focused on Federal Rule of Criminal Procedure 41(b), the venue provision for federal search warrants. The usual venue rule is that judges can only authorize searches of property in their district. The Playpen server was located in the Eastern District of Virginia, the same district where the warrant was obtained. But the user computers turned out to be located all over the world, leading to criminal charges all over the country. Defendants are now arguing that the evidence should be suppressed because the warrant violated the venue provision of Rule 41(b).

The Rule 41 issue is somewhat time-bound, as several judges have recognized. Rule 41(b) is set to change in December absent Congressional override. The new venue rule will allow judges in districts �where activities related to a crime may have occurred� to issue warrants �to use remote access to search electronic storage media and to seize or copy electronically stored information� outside their districts when the district where �the media or information is located has been concealed through technological means.� (For discussion of these amendments from me, see my participation on this panel from August starting at the 40-minute mark.)

Putting the merits of the Rule 41(b) question to the side, the Playpen litigation has exposed variations in the circuits on the suppression standard for Rule 41(b) violations. In some circuits, violations of Rule 41(b) can lead to suppression independently of any Fourth Amendment violation if �the search might not have occurred or would not have been so abrasive if the Rule had been followed� or �there is evidence of intentional and deliberate disregard of a provision of the Rule.� United States v. Krueger, 809 F.3d 1109, 1114 (10th Cir. 2015).

Other circuits look to whether the search �offends concepts of fundamental fairness or due process.� United States v. Hall, 505 F.2d 961 (3d Cir. 1974). Some circuits have suggested that Rule 41(b) violations do not lead to suppression unless they are also constitutional violations, which in practice means that Rule 41(b) violations do not themselves lead to suppression. See, e.g., United States v. Hornick, 815 F.2d 1156, 1158 (7th Cir. 1987) (Easterbrook, J.) (�In light of Leon, it is difficult to anticipate any violation of Rule 41, short of a defect that also offends the Warrant Clause of the fourth amendment, that would call for suppression. Many remedies may be appropriate for deliberate violations of the rules, but freedom for the offender is not among them.�). One interesting aspect of the Playpen litigation is that any circuit splits on legal issues likely won�t be distinguishable on the facts. These cases are being brought all around the country, and they all stem from a single warrant. Challenges to the warrant involve the same facts, so disagreement on the law will likely lead to direct clashes among the circuits. It seems possible that the Supreme Court will end up resolving some of the issues raised by these warrants because the lower courts may end up dividing deeply in essentially the same case.

PlayPen might not be the greatest case, but it’s the best demonstration of how broad the new rule 41(b) warrents will be.

articles FBI hacking legal
September 22, 2016 Yes, I’ll get gender surgery. But I may still be punished for my suicide attempt | Chelsea E Manning | Opinion | The Guardian

Last week I was given the �good news� that the Department of Defense will grant my request to see a surgeon for treatment related to my gender dysphoria. Although I don�t have anything in writing, I was shown a memorandum with my name on it that confirmed the military is moving forward with my request. Everything that they have presented to me leads me to believe that they are going to provide the care that has been recommended by my doctor. I have requested this for nearly a year. That same week, I was also given �bad news�: I may be punished for a suicide attempt in July For the past week, I have been busy preparing for my disciplinary board. This administrative board has the power to sentence me for indefinite solitary confinement. Preparing to defend yourself for a disciplinary board is time consuming. It takes time to research, collect evidence, and organize a defense. The process is rather stressful. I am facing this alone. I am not allowed to have a lawyer or anyone else with me.

Last week I was escorted to view the evidence before the board. There are now nearly 100 pages. I do not have easy access. I do not have a copy. I could only see it for an hour. Looking through the evidence and taking notes in a hurried manner was very stressful.

In the evidence, I saw a photograph of myself shortly after my suicide attempt. Seeing this photograph has haunted me for the past week. It has disturbed me. It sends a chill down my spine. This hurt me more than any physical injury or hardship I have lived through. This process has forced me to relive one of the worst moments of my entire life.

I saw the face of a woman who had given up. I saw the face of woman who, for years, has politely asked, formally requested, and desperately begged for help.

I am not alone in my struggle. Suicide pervades the trans community. The risk among our trans siblings with no or inadequate treatment is staggering. In comparison with the general population, the risk is a full order of magnitude higher. While a specific suicide rate among trans prisoners is not available, it is estimated to be significantly higher than among the community outside.

I lack the words to describe how concerned my family and friends are about this board. I lack the words to express how deeply pained I am about this board and the fact that the government is pursuing my punishment so aggressively. How am I supposed to explain this to my family? How am I going to explain this to future generations when they look back and ask how I could have been punished for my own desperation? I have absolutely no idea. I have no idea how to explain it at all
articles legal Wikileaks
September 22, 2016

Get mirandized for an encrypted world. This talk will cover the legal doctrines and statues our government is perverting to compel individuals into decrypting their data, or conscript technology companies into subverting the security of their own products. We�ll survey the arguments being advanced by prosecutors, the resulting case law, and the ethical dilemmas facing technology companies. The session will cover the rights and civil liberties we�ve already lost, and review the current threats to our collective freedoms. We�ll cover what an individual needs to know if they want to avoid compelled decryption, and keep their data private. We�ll also discuss strategies that third parties (friends, f/oss developers, and technology companies) can use to resist conscription and build trust through transparency. Because knowing your rights, is only half the battle

Ladar Levison serves as the founder, president, and chief executive of Lavabit, where he has worked the past 12 years. Founded in 2004 (and originally called Nerdshack), Lavabit was created because Mr. Levison believes that privacy is a fundamental, necessary right for a functioning, free and fair democratic society. Presently, Mr. Levison is focused on Lavabit’s Dark Mail Initiative, which aims to make end-to-end email encryption automatic and ubiquitous, while continuing to vigorously advocate for the privacy and free speech rights of all. Mr. Levison�s involvement in the internet can be traced to the early days of the world wide web, when he built his first website, in the early nineties for the fledgling Mosiac web browser (from the National Center for Supercomputing Applications).

OK, this presentation is long! Everyone should watch it if they’ve had any questions over the past 3 years though. It’s long enough to explain everything, and it does exactly that! If you still come out of this one agreeing with the defamers, well then there’s probably not much anyone’s going to be able to say to change your mind.

external link to video.

Lavabit legal surveillance video
September 18, 2016 Alleged hacker Lauri Love to be extradited to US

An autistic man suspected of hacking into US government computer systems is to be extradited from Britain to face trial, a court has ruled.

Lauri Love, 31, who has Asperger’s syndrome, is accused of hacking into the FBI, the US central bank and the country’s missile defence agency.

Mr Love, from Stradishall, Suffolk, has previously said he feared he would die in a US prison if he was extradited.

A judge at Westminster Magistrates’ Court made the extradition ruling. Earlier, his lawyer said his alleged hacking had embarrassed” US authorities.

Tor Ekeland said the US government had very, very bad security and these hacks utilised exploits that were publicly-known for months”. Mr Love’s lawyers said he could face up to 99 years in prison if convicted of the hacking offences.

Earlier he stood in the dock as district judge Nina Tempia ruled he could be extradited to the US, where he could face trials in three different states.

He was first arrested at home in Suffolk in 2013 and had computer equipment seized by British police, who then released him on bail.

He was not charged in the UK, where the investigation into him was dropped.

Mr Love’s defence team argues his depression and Asperger’s syndrome mean he should not be sent abroad, but US prosecutors say he is using his mental health issues as an excuse to escape justice.

In England and Wales, the maximum sentence for crimes such as those of which Mr Love is accused is two years and eight months.

Obviously, we know that extradition cases are long, and this was just the first step. Since this was a bad ruling, (even after the laws that were put in place to stop this exact thing from happening,) an appeal will definitely take place.

articles extradition legal
September 18, 2016 Stop President Obama�s Internet giveaway

The development and maintenance of the open Internet has been one of the greatest boons to the enhancement of free speech and free commerce since time began. But if the Obama Administration has its way, both will be threatened in the very near future - unless Congress acts by the end of this month to block the Obama Internet Give-Away. Will it?

Russia, China and Iran don�t have a First Amendment, and their governments regularly clamp down on free speech. So why would we want to end American protection of the open Internet and transfer it to Moscow, Beijing and Tehran instead?

On Oct. 1, the Obama administration plans to end the U.S. Government contract with the Internet Corporation for Assigned Names and Numbers, or ICANN. Doing so would kick off a transition that could irreparably harm the open Internet, leading to censorship abroad that could, quite realistically, lead to censorship right here in the United States. Under this transition of Internet oversight, China, Russia and Iran, which have all demonstrated their contempt for Internet freedom by blocking websites and restricting Internet access to their own citizens, would be newly empowered to block specific websites from users all over the world, including in the United States.

Let�s back up.

The Internet was originally launched as a project of the U.S. Defense Department�s Advanced Research Projects Agency (ARPA) in the 1960s. Then, in the 1980s, access to ARPANET was expanded courtesy of U.S. taxpayer-funded grants via the National Science Foundation, and, eventually, the Internet as we know it was developed.

So U.S. taxpayers paid for the creation, and development, and maintenance of the Internet. It is, in a very real sense, American property.

Article IV of the U.S. Constitution reads in part: �The Congress shall have Power to dispose of and make all needful Rules and Regulations respecting the Territory or other Property belonging to the United States ��

So under what authority, exactly, does President Obama claim the authority to make a decision on the disposition of a U.S. property - to wit, the Internet - without explicit permission from Congress?

Perhaps as important a question to ask is, where in the world are congressional leaders on this, and why are they not screaming bloody murder about yet another executive overreach by this overreach-hungry president?

Enter Texas Sen. Ted Cruz, who has introduced S. 3034, the Protecting Internet Freedom Act. Rep. Sean Duffy of Wisconsin has introduced a companion bill, H.R. 5418, in the House. The bills would simply prohibit the Commerce Department from moving forward on its plan unless it first wins congressional approval.

Similar legislation blocking the transfer of domain registration authority has been included in the government�s annual funding bills for the last few years. The current prohibition expires on Sept. 30. If that prohibition - embodied nicely in the Cruz-Duffy legislation - is not enacted again before Oct. 1, the administration believes it can do whatever it wants.

Cruz believes otherwise, and will be chairing a hearing of his Senate Judiciary Committee Subcommittee on Oversight, Agency Action, Federal Rights and Federal Courts on Wednesday morning to examine the subject further. The hearing, entitled �Protecting Internet Freedom: Implications of Ending U.S. Oversight of the Internet,� will begin at 10 AM.

Moreover, Cruz wants to add the provisions of his bill to the upcoming Continuing Resolution, the one piece of legislation Congress must pass and send to the president before September 30. That�s a smart play on his part.

And it would be a smart play on the part of Senate Majority Leader Mitch McConnell and House Speaker Paul Ryan to agree to add it. They�re already going to have a tough enough time winning votes for passage from among the more conservative elements of their respective GOP caucuses; adding the Cruz-Duffy provision blocking the proposed Obama Internet Give-Away would add a sweetener that could woo enough conservatives to allow the measures to pass without the leaders� having to move left in search of Democrat votes.

And would Harry Reid or Barack Obama be so determined to give away U.S. control over the Internet that they�d be willing to shut down the government to get their way? Is that a fight either one of them would want to play out in public just five weeks before a crucial election?

Most importantly, though, Ryan and McConnell should move on the Cruz-Duffy legislation simply because it�s the right thing to do.

The Internet was conceived, built, developed, and grown to fruition long before Barack Obama became president. It was done at the hands of U.S. scientists and engineers, working with funds taken from U.S. taxpayers. The Internet is U.S. property. President Obama has no authority to give it away without explicit authority granted him by the U.S. Congress.

Sen. Cruz and Rep. Duffy understand that. Do leader McConnell and Speaker Ryan?

OK so I’m about 4 days behind with posting links. Let’s just say I had an interesting week!

articles internet legislation politics