Recent Developments in Cybersurveillance



Similar documents
Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on

DEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3)

BILL ANALYSIS. Senate Research Center H.B By: Frullo et al. (Carona) Criminal Justice 5/12/2013 Engrossed

SENATE... No The Commonwealth of Massachusetts. In the Year Two Thousand Fourteen

Future Proof Your ediscovery Practices

Five Myths Regarding Privacy and Law Enforcement Access to Personal Information in the European Union and the United States

Be it enacted by the People of the State of Illinois,

S [Report No. 113 lll] To improve the provisions relating to the privacy of electronic communications. IN THE SENATE OF THE UNITED STATES

PUBLISHED UNITED STATES COURT OF APPEALS FOR THE FOURTH CIRCUIT. CORA D. TUCKER, Plaintiff-Appellant,

Electronic Communications Privacy Protection Act. SECTION 1. {Title} This Act may be cited as the Electronic Communications Privacy Protection Act.

UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Criminal No (DSD/FLN) This matter is before the court upon the objection by

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF TEXAS HOUSTON DIVISION

TECHNOLOGY S INCREASING ROLE IN ANTI-FRAUD EFFORT ELECTRONIC DISCOVERY IN A CLOUD COMPUTING ENVIRONMENT

THE USA PATRIOT ACT: IMPLICATIONS FOR LAWFUL INTERCEPTION. White Paper

Pan-American Governmental Access to Data in the Cloud

HOUSE ENROLLED ACT No. 1009

ADMINISTRATIVE ASSESSMENT OF CIVIL PENALTIES AGAINST FEDERAL AGENCIES UNDER THE CLEAN AIR ACT

Legislative Language

Location and Cell Phone Tracking: Technology, Law, and Defense Strategy

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND

CYBERCRIME LAWS OF THE UNITED STATES

Secretary of the Senate. Chief Clerk of the Assembly. Private Secretary of the Governor

HB By Representative Hall. RFD: Judiciary. First Read: 23-APR-13. Page 0

F ACEBOOK ACCOUNT SEARCH WARRNT AFFIDAVIT. at l2/criminal/ccips/online/library.htm under "Guides from ISPs."

Public Law th Congress An Act

TITLE I FORMER VICE PRESIDENT PROTECTION ACT

ARTICLE THE NEXT GENERATION COMMUNICATIONS PRIVACY ACT ORIN S. KERR

ASSEMBLY COMMITTEE ON PUBLIC SAFETY Bill Quirk, Chair. AB 539 (Levine) As Introduced February 23, 2015

SECTION 1. SHORT TITLE.

SUMMARY OF KEY SECTIONS OF THE USA PATRIOT ACT OF 2001 By Richard Horowitz, Esq.

The New Zealand Security Intelligence Service Amendment Bill

Freedom of Information Act Request and Request for Expedited Processing

WikiLeaks Document Release

Public Law th Congress An Act

How To Clarify The Disclosure Of Information From Prohibited Personnel Practices

Department, Board, Or Commission Author Bill Number

Case 1:14-mj UA Document 1 Filed 10/31/14 Page 1 of 5

IN THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF WEST VIRGINIA PARKERSBURG DIVISION. v. CIVIL ACTION NO. 6:

Principles of Oversight and Accountability For Security Services in a Constitutional Democracy. Introductory Note

Electronic Communications: , Voic , Telephones, Internet and Computers

Federal Criminal Court

CHAPTER 149 FORMERLY SENATE SUBSTITUTE NO. 1 FOR SENATE BILL NO. 79

When Can We Expect a Federal Data Breach Notification Law?

Case 1:14-mj JMF Document 11 Filed 08/08/14 Page 1 of 21 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

H. R SEC DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

Snapchat Law Enforcement Guide

Case 1:11-cv PAC Document 15 Filed 08/04/11 Page 1 of 5

Case 1:10-cr REB Document 111 Filed 05/06/11 USDC Colorado Page 1 of 11 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLORADO

Compliance. TODAY September Fighting fraud, waste, and abuse. Ted Doolittle. See page 16. How to avoid the CIA: The high price of non-compliance

HP0868, LD 1187, item 1, 123rd Maine State Legislature An Act To Recoup Health Care Funds through the Maine False Claims Act

Department of Justice Policy Guidance: Use of Cell-Site Simulator Technology

Computer Fraud & Abuse Act

Family Policy Compliance Office Guidelines: Disclosure of Education Records Concerning Registered Sex Offenders

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

Case 3:15-cr RJB Document 140 Filed 01/28/16 Page 1 of 17

In an age where so many businesses and systems are reliant on computer systems,

28 USC 532. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see

UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT

SUPREME COURT OF ALABAMA

STATE OF OKLAHOMA. 2nd Session of the 53rd Legislature (2012) AS INTRODUCED

Transcription:

David W. Opderbeck New Jersey Law Journal, May 16, 2016 Over the past few months, there has been a flurry of sometimes contradictory activity concerning the government's ability to access electronic information in the course of a criminal investigation. This article highlights three recent proposals that show how the broader policy debate is playing out at the level of specific legal rules. Changes to the Federal Rules of Criminal Procedure Concerning Search Warrants On April 28, the Supreme Court adopted changes to F. R. Crim. Pro. 41, adding a subsection (6), to authorize a magistrate judge in any district "where activities related to a crime may have occurred" to issue a warrant "to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district." Under the amendment, such warrants can issue if "the district where the media or information is located has been concealed through technological means" or in cases involving investigations of hacking or malware transmission under the Computer Fraud and Abuse Act where the "media" are damaged computers in five or more districts. Historically, warrants were only available for search and seizure within the district where the warrant was issued. In 1990, F. R. Crim. Pro. 41 was amended to permit a warrant for search and seizure of a person or property located outside the district "if the person or property is located within the district when the warrant is issued but might move or be moved outside the district before the warrant is executed." Fed. R. Crim. P. 41(b)(1)-(2). This principle was expanded by the PATRIOT Act in 2002 to include authority to issue a warrant for a person or property outside the district if the investigation involved domestic or international terrorism, and was further amended in 2006 to include warrants for installation of a tracking device to track the movement of person inside or outside the district. SeeFed. R. Crim. P. 41(b)(1)-(4). Finally, in 2006 the rule was amended to clarify that a warrant could be issued for property outside the district but within a U.S. territory, possession or commonwealth, on the premises of a U.S. diplomatic or consular mission in a foreign state, or in a residence leased by the U.S. and used by U.S. personnel assigned to a U.S. diplomatic or consular mission in a foreign state. Fed. R. Crim. P. 41(5). Reprinted with permission from the May 16, 2016 issue of The New Jersey Law Journal. 2016 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.for information, contact 877-257-3382 or reprints@alm.com or visit www.almreprints.com.

Critics of the recent addition of subsection (6), including some tech industry giants such as Google, argued that "remote access" warrants will provide authority for nationwide or even worldwide electronic surveillance. Google's comments in this regard were typical of tech industry concerns: The proposed change does not define what a "remote search" is or under what circumstances and conditions a remote search can be undertaken; it merely assumes such searches, whatever they may be, are constitutional and otherwise legal. It carries with it the specter of government hacking without any Congressional debate or democratic policy-making process. http://googlepublicpolicy.blogspot.com/2015/02/a-small-rule-change-that-could-give-us.html Notwithstanding such objections, the rule change was approved by the Supreme Court, and will become effective unless disavowed by Congress before Dec. 1, under the Rules Enabling Act. See 28 U.S.C. 2074. Burr-Feinstein Bill On April 13, Senators Richard Burr (R-N.C.) and Diane Feinstein (D-Calif.), Chair and Vice- Chair, respectively, of the Senate Intelligence Committee, released a draft bill titled the "Compliance With Court Orders Act of 2016." This bill responds to the recent showdowns between Apple and the FBI concerning the ability to compel technology companies under the All Writs Act to assist with access to locked and encrypted devices such as iphones. See David W. Opderbeck, "The Apple iphone Showdown: What Is at Stake," N.J.L.J., March 7, 2016. The bill would require any covered entities that receive court orders "for information or data" to provide the information or data "in an intelligible format" and to "provide such technical assistance as is necessary to obtain such information or data in an intelligible format or to achieve the purpose of the court order." Discussion Draft, Sec. 3(a)(1). The bill states that a covered entity is only responsible for providing data in an intelligible format "if such data has been made unintelligible by a feature, product, or service owned, controlled, created, or provided, by the covered entity or a by a third party on behalf of the covered entity." Id., Sec. 3(a)(2). The bill further states that it would not authorize any government officer to require or prohibit "any specific design or operating system to be adopted." Id., Sec. 3(b). However, the very next subsection of the bill requires providers of "remote computing service" or "electronic communication service" to ensure that their products or services are capable of complying with - 2 -

the requirement to provide data in an intelligible format. Id., Sec. 3(d), (e). The terms "remote computing service" and "electronic communication services" are defined to have the meanings provided in the Electronic Communication Privacy Act (ECPA), 18 U.S.C. s 2510, 2711. The draft bill was immediately pilloried by technology-industry and civil-liberties advocates. For example, Kevin Bankston, director of the New America Foundation's Open Technology Institute, called it "easily the most ludicrous, dangerous, technically illiterate proposal I've ever seen." Andy Greenberg, "The Senate's Draft Encryption Bill is Ludicrous, Dangerous, Technically Illiterate," Wired Security, April 8, 2016. Critics noted that the bill's performance standard necessarily would constrain design choices, that it would effectively outlaw user-directed end-toend encryption, and that it would require a greater level of technological assistance than the government ever sought in the All Writs Act cases. See"The Burr-Feinstein Proposal is Simply Anti-Security," Electronic Frontier Foundation Deeplinks Blog, April 8, 2016. Proposed Amendments to ECPA The changes to F. R. Crim. P. 41 and the Burr-Feinstein Bill are pro-law-enforcement and antiencryption. Not all recent legislative proposals, however, fall on that side of the line. On April 27, the "Email Privacy Act" passed the House of Representatives. See H.R. 699, 114th Cong. 2d Sess. (2015-2016). The Email Privacy Act would amend the ECPA to require the government to obtain a search warrant to access stored electronic communications. Current law makes a distinction between electronic communications in transit and in storage. For communications in transit, the Wiretap Act requires a showing of probable cause plus a showing that "normal investigative procedures have been tried and have failed or reasonably appear to be unlikely to succeed if tried or to be too dangerous." 18 U.S.C. s 2518(3). Wiretap orders must expire after 30 days, although extensions are possible upon a showing of necessity. Id. s. 2518(5). For communications in storage, presently, the ECPA distinguishes between contents stored by an "electronic communication service (ECS)" and a "remote computing service (RCS)," and as to an ECS, further distinguishes whether the communications have been in storage for 180 days or more. See18 U.S.C. 2703. Finally, the ECPA allows a judge in any district, not only the district where the information is stored, to issue the order. Id. s. 2703(d). - 3 -

Under the current ECPA, the contents of stored electronic communications (such as emails and voicemails) that have been in storage by an ECS for 180 days or less can be obtained only through a warrant. 18 U.S.C. s 2703(a). However, the government may obtain the contents of information held by an RCS "solely for the purpose of providing storage or computer processing services," or held in storage by an ECS for 180 days or more, through a court order based on "specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation." 18 U.S.C. s. 2703(a)-(d). In other words, the law currently recognizes a lower expectation of privacy: (a) for the contents of communications held in storage by an RCS; and (b) for the contents of emails and other communications held in storage for more than 180 days by an ECS. These distinctions date back to the early days of the Internet, when users were able to download and store only a small amount of data from email servers run by their service providers. See H. Rept. 114-528 - 114th Congress (2015-2016) April 26, 2016, As Reported by the Judiciary Committee. The Email Privacy Act would instead recognize the same expectation of privacy in all communications stored by third-party providers by requiring a warrant on probable cause before the government could obtain the contents of such communications, regardless of how long they have been in storage, and regardless of whether the provider is classified as an RCS or ECS. See Email Privacy Act, Sec. 3. This would make the statute consistent with practice in the Sixth Circuit, which has held the distinctions under the present ECPA unconstitutional under the Fourth Amendment. See United States v. Warshak, 631 F.3d 266 (6th Cir. 2010). The bill would not affect the government's ability to obtain noncontent information, such as subscriber records, through an administrative subpoena, nor would it change the ability of the owner of a communication system, such as an employer-owned email system, to disclose stored information voluntarily. Conclusion These three recent proposals get "into the weeds" of the larger national policy debate about encryption and Internet surveillance. They demonstrate that the larger debate implicates a host of more granular authorities involving the scope and requirements of judicially approved process for the government to obtain electronic information and for technology companies to assist with such a process. The critics may be right to worry about the jurisdictional and technological breadth of the changes to the search warrant rule and in the Burr-Feinstein Bill. However, even - 4 -

if these rules are not adopted and the pro-privacy changes of the Email Privacy Act are enacted into law, significant issues will remain concerning how law enforcement can execute its mission to provide security for everyone while respecting Constitutional privacy concerns in the Internet age. The history of both Federal Rule of Criminal Procedure 41 and the ECPA show that the law in this area is constantly changing in response to new challenges and threats. - 5 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information