Government and Court Access to Private-sector Information Flashcards
Right to Financial Privacy Act of 1978
Summary:
1. Request must reasonably identify the records
2. Requests must be justified by one of the following:
o Customer authorization
o Admin subpoena or summons
o Judicial subpoena or summons
o Written law enforcement request
3. Agencies must provide the customers written notice of the request and wait 10 days from service or 14 days from mailing to access records
Detail:
Governs the release of customer financial information to federal government authorities. The act defines both the circumstances under which a financial institution can volunteer information about a customers’ financial records to federal government authorities and the applicable procedures and requirements to follow when the federal government is requesting customers’ financial information.
Bank Secrecy Act of 1970 (BSA)
Summary:
- Requires financial institutions to maintain records for customer activity for five years
- Currency Transaction Reports (CTR) – must report cash transactions totaling more than $10,000 in a single day
- Suspicious Activity Report (SAR) – institutions must report suspected money laundering, or a customer is deliberately taking actions to miss the CTR limits.
Detail:
A US federal law that requires US financial institutions and money services businesses (MSBs), which are entities that sell money orders or provide cash transfer services, to record, retain and report certain financial transactions to the federal government. This requirement is meant to assist the government in the investigation of money laundering, tax evasions, terrorist financing, and various other domestic and international criminal activities.
Access to Communications
Government access to communications is highly regulated. The 4th amendment is the overarching law regarding government access. The 4th amendment applies to digital communications and creates the right to a “reasonable expectation of privacy”
Electronic Communications Privacy Act (ECPA)
Includes the Federal Wiretap Act of 1968. Protects wire, oral and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The act applies to e-mail, telephone conversations, and data stored electronically. The USA Patriot Act and subsequent federal enactments have clarified and updated ECPA in light of the ongoing development of modern communications technologies and methods, including easing restrictions on law enforcement access to stored communications in some cases.
ECPA Title I
Wiretap Act covering oral communications. One Part consent, recording is permissible as long as one party consents to that wiretap.
ECPA Title II
Stored communications Act covers digital communications stored by a service provider (emails, texts, voicemails, billing records)
ECPA Title III
Covers the use of pen register and trap and trace methodologies.
Pen Registers
Records information about outbound communications
Tap and Trace
Records information about inbound communications
The Communications Assistance to Law Enforcement Act (CALEA)
Also known as the Digital Telephony Act - Does not add any new wiretapping authority. Requires providers of commercial voice services to engineer their networks in such a way as to assist law enforcement agencies in executing wiretap orders.
What is the scope of CALEA?
- Applies to telephone companies
- VOIP service providers
- Internet Service Providers
National Security & Privacy
National security requests may be made under looser requirements than other investigatory requests.
Foreign Intelligence Surveillance Act of 1978 (FISA)
In response to the Cold War, US federal law regulating the way that US intelligence agencies conduct foreign intelligence surveillance activities, including wiretaps and the interception of communications. The act sets forth a judicial approval process required when the government targets US persons located within the US. FISA allows warrant-less surveillance to be conducted without a court order for up to one year, provided the surveillance is for foreign intelligence information, is targeting foreign powers, and will not capture the contents of any communication to which a US person is a party.
The Foreign Intelligence Surveillance Court
Established by FISA, hold secret hearing on FISA requests.
What is the role of the Attorney General under FISA?
Approves surveillance for foreign intelligence purposes if there is no substantial likelihood of intercepting communications involving US persons (1-year duration)
What does a court order do under FISA?
Approves surveillance that may involve US persons if there is probable cause to believe that the person is the agent of a foreign power. (90-to-120-day duration)
What is the role of National Security Letters (NSLs) under FISA?
A category of a subpoena. The US PATRIOT Act expanded the use of national security letters. Separate and sometimes differing statutory provisions now govern access, without a court order, to communication providers, financial institutions, consumer credit agencies, and travel agencies.
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act)
Broad ranging act designed to counter terrorism that expanded US law enforcement authority to surveillance and capturing communication records.
PATRIOT Act Powers
- Loosened requirements for surveillance of US citizens
- Created “roving” wiretaps – allowed investigators to get a wiretap for any type of communication engaged by that person
- Strengthened rules against money laundering
- FBI gained power to use NSLs to secretly demand records from communication service providers.
- Section 215 of the Patriot Act authorized the government to demand “tangible items” including call detail records (Snowden Revelations)
The USA Freedom Act of 2015
– Expired the Patriot Act. Restored in modified form several provisions of the Patriot Act. The act imposes new limits on the bulk collection of telecommunication metadata on US citizens by American intelligence agencies, including NSA.
The Cyber-security Information Sharing Act of 2015 (CISA)
Facilitates information sharing through two main components:
i. Authorizes companies to monitor and implement defensive measures on their own information systems to counter cyber threats.
ii. Provides certain protections to encourage companies voluntarily to share information – specifically, information about “cyber threat indicators” and “defensive measures” – with the federal government, state and local governments, and other companies and private entities
Zurcher vs. Stanford Daily
o Argued that the Fourth Amendment prohibits searches of third parties
o Argued First Amendment prohibits searches of media organizations
o Decided by SOCUS against the newspaper – congress disagreed and passed the Privacy Protection Act of 1980
Privacy Protection Act of 1980
Summary:
- Applies to dissemination of information to the public
- Protects work products and documentary materials from search warrants
- Requires the use of subpoenas or voluntary cooperation
Detail:
Protects journalists from being required to turn over to law enforcement any work product and documentary materials – including sources – before dissemination to the public.
Electronic Discovery (e-Discovery)
Prior to trial, information is typically exchanged between parties and their attorneys. E-discovery requires civil litigants to turn over large volumes of a company’s electronic records in litigation
Three Steps of the e-Discovery Process
- Preservation
- Collection
- Production
Preservation
Legal holds require the preservation of relevant electronic and paper records. System Admins must suspend the automatic deletion of relevant logs.
Collection
Security teams often assist in collection efforts.
Sources of Electronic Records:
- File Servers
- Endpoint Systems
- Email messages
- Enterprise system and cloud services
eDiscovery Management systems coordinate collection efforts
Production
If production occurs, attorneys must review documents for relevance and turn them over to the other side.
Most litigation holds never move forward to the production phase.
