Law Enforcement and Privacy

Question 1

FRCP 45: subpoena

Answer 1

a subpoena must:
* state the court from which it is issued
* state the title of the action and its civil-action number
* command each person to whom it is directed to do the following at a specific time and place: attend and testify; produce designated documents, electronically stored information, or tangible things in that person’s possession, custody or control; or permit the inspection of premises
* set out text of the rules describing the person’s right to challenge or modify the subpoena

Question 2

Define:

legal standards for seeking stored content of records, search warrant and telephone wiretap

Answer 2

• **stored content of records **: “specific and articulable facts showing that there are reasonable grounds” to believe communications are relevant to a criminal investigation
• traditional search warrant issued under 4A: showing that there is probable cause that a crime has been, or will be committed
• telephone wiretap: probable cause warrant + other requirements

Question 3

Define:

“computer trespasser” exception

Answer 3

in general, a law enforcement officer needs to have a court order or some other lawful basis to intercept wire or electronic communications
* officer must be lawfully engaged in investigation and have reasonable grounds to believe contents of comm will be relevant investigation

Question 4

Define:

4th Amendment

Answer 4

• ban against “unreasonable searches and seizures” by the government
• for search warrants, the government must show “probable cause” that a crime has been, is or is likely to be committed
• must describe the place to be searched with particularity

Question 5

Define:

exclusionary rule

Answer 5

evidence gathered by the government in violation of 4A can be excluded from criminal trial

Question 6

Katz v. United States (U.S. 1967)

Answer 6

• overruled Olmstead vs. United States
• warrant needed for police bug in a restaurant placed to hear calls behind closed doors of a phone booth

Question 7

rule from Katz v. United States

Answer 7

“reasonable expectation of privacy” test:
1. person exhibited actual (subjective) expectation of privacy
2. expectation be one that society is prepared to recognize as “reasonable”

what a person seeks to preserve as private, even in an areas accessible to the public, may be constitutionally protected

Question 8

United States v. Jones (2012)

Answer 8

warrant needed when police placed GPS device on a car and tracked its location for over a month
* warrant needed when police placed GPS device on a car and tracked its location for over a month

Question 9

Riley v. California (U.S. 2014)

Answer 9

contents of a cellphone cannot be searched unless law enforcement officers first obtain a search warrant

Question 10

Carpenter v. United States (U.S. 2018)

Answer 10

reduced scope of third-party doctrine → must secure warrant to access at least certain records held by 3Ps, namely, cell site location information

Question 11

Define:

geofence

Answer 11

technology that allows companies to target digital advertising to people within a virtually fenced area

Question 12

HIPAA and the 4th Amendment

Answer 12

• general rule in HIPAA is that PHI may be disclosed to third parties, including law enforcement, only with opt-in consent from the patient
• Section 512(f) permits disclosure pursuant to court order or grand jury subpoena, or through administrative request, if three criteria met:
  1. info sought is relevant and material to a legitimate law enforcement inquiry
  2. request is specific and limited scope to the extent reasonably practicable in light of the purpose for which the info is sought
  deidentified information could not reasonably be used

Question 13

What types of claims can monitoring of communications give rise to?

Answer 13

• federal law violations
• state law violations
• invasion of privacy if offensive to a reasonable person
• stricter for real-time interception vs. retrieval of a stored record

Question 14

federal law on interception of communications

Answer 14

interception is prohibited unless an exception applies

• Wiretap Act: applies to wire communications, which includes a phone call or other aural communications made through a network and oral communications
• Electronic Communications Privacy Act: applies to electronic communications

Question 15

What is the exception to prohibition on interceptions under federal law?

Answer 15

interception is permitted if a person is the party to call or if one of the parties has given consent

Question 16

Rank the below in order from strictest to most permissive:

1. telephone monitoring and other tracking of oral communications
2. video surveillance
3. privacy of electronic communications

Answer 16

1. telephone monitoring and other tracking of oral communications
2. privacy of electronic communications
3. video surveillance

Question 17

Does federal law on monitoring communciations preempt state law?

Answer 17

no, state laws can be more restrictive

Question 18

Define:

Stored Communications Act

Answer 18

• enacted as part of ECPA
• creates a general prohibition against the unauthorized acquisition, alteration or blocking of electronic communications while in electronic storage in a facility through which an electronic communications service is provided

Question 19

Does the SCA preempt state law?

Answer 19

no

Question 20

What are the exceptios under the SCA?

Answer 20

• exception for conduct authorized by the person or entity providing a wire or electronic communication service, which will often be the company
• exception for conduct authorized by a user of that service with respect to a communication of or intended for that use

Question 21

Define:

pen register

Answer 21

records telephone numbers of outgoing calls

Question 22

Define:

trap-and-trace devices

Answer 22

record the telephone numbers that called in to a particular number

Question 23

What is the standard for pen register and trap-and-trace orders from a judge?

Answer 23

“relevant to an ongoing investigation”
* USA FREEDOM Act prohibits use of pen register and trap-and-trace orders for bulk collection and restricting their use to circumstances where there were specific selectors such as an email address or telephone number

Question 24

Define:

U.S. Communications Assistance to Law Enforcement Act of 1994 (CALEA)

Answer 24

• duties of defined actors in telecomms industry to cooperate in the interception of communications for law enforcement and other needs related to security and safety of public
• requires telecomms carriers to design their products and services to ensure they can carry out a lawful order to provide government access to communications
• also covers providers of broadband internet access and voice-over-internet protocol (VoIP) services

Question 25

Who implements CALEA?

Answer 25

FCC

Question 26

Define:

Cybersecurity Information Sharing Act (CISA)

Answer 26

permits federal government to share unclassified technical data with companies about how networks have been attacked and how successful defenses against such attacks have been carried out

Question 27

What are specific provisions of CISA?

Answer 27

• authorization for a company to share or receive “cyberthreat indicators” or “defensive measures”
• req for company to remove personal information before sharing
• sharing information with a federal government
  does not waive privileges
• shared information exempt from federal and state FOIA laws
• prohibition on government using shared information to regulate or take enforcement actions against lawful activities, but may be used to develop or implement new cybersecurity regulations
• authorization for company’s monitoring and operating defensive measures protection from liability for monitoring activities (but not for defensive measures)

Question 28

What does the Right to Financial Privacy Act (RFPA) of 1978 cover?

Answer 28

covers disclosures of financial records of individuals and partnerships of fewer than five people, by a variety of financial institutions, including banks, credit card companies and consumer finance companies in response to requests from federal agencies

Question 29

What is the rule under the Right to Financial Privacy Act?

Answer 29

no governmental authority may have access to or obtain copies of, the information contained in the financial records of any customer from a financial institution unless the financial records are reasonably described and meet at least one of these conditions:
* customer authorizes access
* appropriate administrative subpoena or summons
* qualified search warrant
* appropriate judicial subpoena
* appropriate formal written request from an authorized government authority

Question 30

Define:

Privacy Protection Act of 1980

Answer 30

provides extra layer of protection for members of the media and media orgs from government searches or seizures in the course of a criminal investigation

Question 31

What is the rule under the Privacy Protection Act of 1980?

Answer 31

government officials engaging in criminal investigations are not permitted to search or seize media work products or documentary materials “reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast or other similar form of public communication”

exception:
* if there is probable cause to believe that a reporter has committed or is in process of committing a crime
* prevent death and serious injury
* reason to believe docs would be destroyed or concealed if subpoena’d

Question 32

Define:

U.S. CLOUD Act (2018)

Answer 32

• Part I addresses how DOJ can access content of comms held by companies located in the U.S.
• Part 2 creates a new mechanism for other countries to access content of comms held by U.S. service providers

Question 33

Define:

Part I of U.S. CLOUD Act

Answer 33

compelled disclosure orders apply regardless of whether such communication, record or other information is located within or outside of the United States (pending SCOTUS case)

Question 34

Define:

Part II of U.S. CLOUD Act

Answer 34

• under ECPA, service providers in U.S. prohibited from disclosing content of comms to law enforcement except through a warrant or an appropriate request through a mechanism such as a mutual legal assistance treaty (MLAT) and must show “probable cause” (takes 10 months)
• if U.S. and foreign government sign agreement pursuant to Part II, foreign law enforcement can go directly to service providers for comms content and can target comms of non-U.S. citizens and residents

Question 35

Define:

Budapest Convention

Answer 35

first international treaty to focus explicitly on cybercrime and mandated participating countries to outlaw certain cybercrimes, enact evidence-gathering rules and cooperate with investigations across national borders

Question 36

Define:

Second Additional Protocol to the Budapest Convention

Answer 36

• opened for signature in 2022
• expedited production of subscriber info and traffic data
• direct disclosure of subscriber information and domain name registration information by allowing law enforcements to make request directly to service provider in another country
• additional protections for personal data