Government and Court Access to Private-sector Information

Question 1

Right to Financial Privacy Act of 1978

Answer 1

Summary:
1. Request must reasonably identify the records
2. Requests must be justified by one of the following:
o Customer authorization
o Admin subpoena or summons
o Judicial subpoena or summons
o Written law enforcement request
3. Agencies must provide the customers written notice of the request and wait 10 days from service or 14 days from mailing to access records

Detail:
Governs the release of customer financial information to federal government authorities. The act defines both the circumstances under which a financial institution can volunteer information about a customers’ financial records to federal government authorities and the applicable procedures and requirements to follow when the federal government is requesting customers’ financial information.

Question 2

Bank Secrecy Act of 1970 (BSA)

Answer 2

Summary:

1. Requires financial institutions to maintain records for customer activity for five years
2. Currency Transaction Reports (CTR) – must report cash transactions totaling more than $10,000 in a single day
3. Suspicious Activity Report (SAR) – institutions must report suspected money laundering, or a customer is deliberately taking actions to miss the CTR limits.

Detail:
A US federal law that requires US financial institutions and money services businesses (MSBs), which are entities that sell money orders or provide cash transfer services, to record, retain and report certain financial transactions to the federal government. This requirement is meant to assist the government in the investigation of money laundering, tax evasions, terrorist financing, and various other domestic and international criminal activities.

Question 3

Access to Communications

Answer 3

Government access to communications is highly regulated. The 4th amendment is the overarching law regarding government access. The 4th amendment applies to digital communications and creates the right to a “reasonable expectation of privacy”

Question 4

Electronic Communications Privacy Act (ECPA)

Answer 4

Includes the Federal Wiretap Act of 1968. Protects wire, oral and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The act applies to e-mail, telephone conversations, and data stored electronically. The USA Patriot Act and subsequent federal enactments have clarified and updated ECPA in light of the ongoing development of modern communications technologies and methods, including easing restrictions on law enforcement access to stored communications in some cases.

Question 5

ECPA Title I

Answer 5

Wiretap Act covering oral communications. One Part consent, recording is permissible as long as one party consents to that wiretap.

Question 6

ECPA Title II

Answer 6

Stored communications Act covers digital communications stored by a service provider (emails, texts, voicemails, billing records)

Question 7

ECPA Title III

Answer 7

Covers the use of pen register and trap and trace methodologies.

Question 8

Pen Registers

Answer 8

Records information about outbound communications

Question 9

Tap and Trace

Answer 9

Records information about inbound communications

Question 10

The Communications Assistance to Law Enforcement Act (CALEA)

Answer 10

Also known as the Digital Telephony Act - Does not add any new wiretapping authority. Requires providers of commercial voice services to engineer their networks in such a way as to assist law enforcement agencies in executing wiretap orders.

Question 11

What is the scope of CALEA?

Answer 11

1. Applies to telephone companies
2. VOIP service providers
3. Internet Service Providers

Question 12

National Security & Privacy

Answer 12

National security requests may be made under looser requirements than other investigatory requests.

Question 13

Foreign Intelligence Surveillance Act of 1978 (FISA)

Answer 13

In response to the Cold War, US federal law regulating the way that US intelligence agencies conduct foreign intelligence surveillance activities, including wiretaps and the interception of communications. The act sets forth a judicial approval process required when the government targets US persons located within the US. FISA allows warrant-less surveillance to be conducted without a court order for up to one year, provided the surveillance is for foreign intelligence information, is targeting foreign powers, and will not capture the contents of any communication to which a US person is a party.

Question 14

The Foreign Intelligence Surveillance Court

Answer 14

Established by FISA, hold secret hearing on FISA requests.

Question 15

What is the role of the Attorney General under FISA?

Answer 15

Approves surveillance for foreign intelligence purposes if there is no substantial likelihood of intercepting communications involving US persons (1-year duration)

Question 16

What does a court order do under FISA?

Answer 16

Approves surveillance that may involve US persons if there is probable cause to believe that the person is the agent of a foreign power. (90-to-120-day duration)

Question 17

What is the role of National Security Letters (NSLs) under FISA?

Answer 17

A category of a subpoena. The US PATRIOT Act expanded the use of national security letters. Separate and sometimes differing statutory provisions now govern access, without a court order, to communication providers, financial institutions, consumer credit agencies, and travel agencies.

Question 18

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act)

Answer 18

Broad ranging act designed to counter terrorism that expanded US law enforcement authority to surveillance and capturing communication records.

Question 19

PATRIOT Act Powers

Answer 19

1. Loosened requirements for surveillance of US citizens
2. Created “roving” wiretaps – allowed investigators to get a wiretap for any type of communication engaged by that person
3. Strengthened rules against money laundering
4. FBI gained power to use NSLs to secretly demand records from communication service providers.
5. Section 215 of the Patriot Act authorized the government to demand “tangible items” including call detail records (Snowden Revelations)

Question 20

The USA Freedom Act of 2015

Answer 20

– Expired the Patriot Act. Restored in modified form several provisions of the Patriot Act. The act imposes new limits on the bulk collection of telecommunication metadata on US citizens by American intelligence agencies, including NSA.

Question 21

The Cyber-security Information Sharing Act of 2015 (CISA)

Answer 21

Facilitates information sharing through two main components:

i. Authorizes companies to monitor and implement defensive measures on their own information systems to counter cyber threats.
ii. Provides certain protections to encourage companies voluntarily to share information – specifically, information about “cyber threat indicators” and “defensive measures” – with the federal government, state and local governments, and other companies and private entities

Question 22

Zurcher vs. Stanford Daily

Answer 22

o Argued that the Fourth Amendment prohibits searches of third parties
o Argued First Amendment prohibits searches of media organizations
o Decided by SOCUS against the newspaper – congress disagreed and passed the Privacy Protection Act of 1980

Question 23

Privacy Protection Act of 1980

Answer 23

Summary:

1. Applies to dissemination of information to the public
2. Protects work products and documentary materials from search warrants
3. Requires the use of subpoenas or voluntary cooperation

Detail:
Protects journalists from being required to turn over to law enforcement any work product and documentary materials – including sources – before dissemination to the public.

Question 24

Electronic Discovery (e-Discovery)

Answer 24

Prior to trial, information is typically exchanged between parties and their attorneys. E-discovery requires civil litigants to turn over large volumes of a company’s electronic records in litigation

Question 25

Three Steps of the e-Discovery Process

Answer 25

1. Preservation
2. Collection
3. Production

Question 26

Preservation

Answer 26

Legal holds require the preservation of relevant electronic and paper records. System Admins must suspend the automatic deletion of relevant logs.

Question 27

Collection

Answer 27

Security teams often assist in collection efforts.

Sources of Electronic Records:

1. File Servers
2. Endpoint Systems
3. Email messages
4. Enterprise system and cloud services

eDiscovery Management systems coordinate collection efforts

Question 28

Production

Answer 28

If production occurs, attorneys must review documents for relevance and turn them over to the other side.

Most litigation holds never move forward to the production phase.