Law Enforcement and Privacy

Question 1

FRCP 45: subpoena

Answer 1

a subpoena must:

• state the court from which it is issued
• state the title of the action and its civil-action number
• command each person to whom it is directed to do the following at a specific time and place: attend and testify; produce designated documents, electronically stored information, or tangible things in that person’s possession, custody or control; or permit the inspection of premises
• set out text of the rules describing the person’s right to challenge or modify the subpoena

Question 2

Define:

legal standards for seeking stored content of records, search warrant and telephone wiretap

Answer 2

• stored content of records: “specific and articulable facts showing that there are reasonable grounds” to believe communications are relevant to a criminal investigation
• traditional search warrant issued under 4A: showing that there is probable cause that a crime has been, or will be committed
• telephone wiretap: probable cause warrant + other requirements

Question 3

What are the requirements under the 4th Amendment?

Answer 3

• ban against “unreasonable searches and seizures” by the government
• for search warrants, the government must show “probable cause” that a crime has been, is or is likely to be committed
• must describe the place to be searched with particularity

Question 4

Define:

exclusionary rule

Answer 4

evidence gathered by the government in violation of 4A can be excluded from criminal trial

Question 5

Katz v. United States (U.S. 1967)

Answer 5

• overruled Olmstead vs. United States
• warrant needed for police bug in a restaurant placed to hear calls behind closed doors of a phone booth
• what a person seeks to preserve as private, even in an areas accessible to the public, may be constitutionally protected

Question 6

rule from Katz v. United States

Answer 6

“reasonable expectation of privacy” test:
1. person exhibited actual (subjective) expectation of privacy
2. expectation be one that society is prepared to recognize as “reasonable”

Question 7

United States v. Jones (2012)

Answer 7

warrant needed when police placed GPS device on a car and tracked its location for over a month

Question 8

Riley v. California (U.S. 2014)

Answer 8

contents of a cellphone cannot be searched unless law enforcement officers first obtain a search warrant

Question 9

Carpenter v. United States (U.S. 2018)

Answer 9

reduced scope of third-party doctrine → must secure warrant to access at least certain records held by 3Ps, namely, cell site location information

Question 10

HIPAA and the 4th Amendment

Answer 10

disclosure is permitted pursuant to court order or grand jury subpoena, or through administrative request, if three criteria met:
1. info sought is relevant and material to a legitimate law enforcement inquiry
2. request is specific and limited in scope to the extent reasonably practicable in light of the purpose for which the info is sought
3. deidentified information could not reasonably be used

Question 11

federal law on interception of communications

Answer 11

interception is prohibited unless an exception applies

• Wiretap Act: applies to wire communications, which includes a phone call or other aural communications made through a network and oral communications
• Electronic Communications Privacy Act: applies to electronic communications
• Stored Communications Act: applies to stored commnucations

Question 12

What is the exception to prohibition on interceptions under federal law?

Answer 12

the interception is permitted if:

• a person is the party to the call
• if one of the parties has given consent
• if done in ordinary course of business

Question 13

Does federal law on monitoring communications preempt state law?

Answer 13

no, state laws can be more restrictive

Question 14

Define:

Stored Communications Act

Answer 14

• enacted as part of ECPA
• creates a general prohibition against the unauthorized acquisition, alteration or blocking of electronic communications while in electronic storage in a facility through which an electronic communications service is provided

Question 15

What are the exceptions under the SCA?

Answer 15

• exception for conduct authorized by the person or entity providing a wire or electronic communication service, which will often be the company
• exception for conduct authorized by a user of that service with respect to a communication of or intended for that use

Question 16

Define:

pen register

Answer 16

records telephone numbers of outgoing calls

Question 17

Define:

trap-and-trace devices

Answer 17

record the telephone numbers that called in to a particular number

Question 18

What is the standard for pen register and trap-and-trace orders from a judge?

Answer 18

“relevant to an ongoing investigation”

• USA FREEDOM Act prohibits use of pen register and trap-and-trace orders for bulk collection and restricting their use to circumstances where there were specific selectors such as an email address or telephone number

Question 19

Define:

U.S. Communications Assistance to Law Enforcement Act of 1994 (CALEA)

Answer 19

• requires telecomms carriers to design their products and services to ensure they can carry out a lawful order to provide government access to communications
• also covers providers of broadband internet access and voice-over-internet protocol (VoIP) services

Question 20

Who implements CALEA?

Answer 20

FCC

Question 21

Define:

Cybersecurity Information Sharing Act (CISA)

Answer 21

permits federal government to share unclassified technical data with companies about how networks have been attacked and how successful defenses against such attacks have been carried out

Question 22

What are specific provisions of CISA?

Answer 22

• authorization for a company to share or receive “cyberthreat indicators” or “defensive measures”
• req for company to remove personal information before sharing
• sharing information with a federal government
  does not waive privileges
• shared information exempt from federal and state FOIA laws
• prohibition on government using shared information to regulate or take enforcement actions against lawful activities, but may be used to develop or implement new cybersecurity regulations
• authorization for company’s monitoring and operating defensive measures protection from liability for monitoring activities (but not for defensive measures)

Question 23

What does the Right to Financial Privacy Act (RFPA) of 1978 cover?

Answer 23

covers disclosures of financial records of individuals and partnerships of fewer than five people, by a variety of financial institutions, including banks, credit card companies and consumer finance companies in response to requests from federal agencies

Question 24

What is the rule under the Right to Financial Privacy Act?

Answer 24

no governmental authority may have access to or obtain copies of, the information contained in the financial records of any customer from a financial institution unless the financial records are reasonably described and meet at least one of these conditions:

• customer authorizes access
• appropriate administrative subpoena or summons
• qualified search warrant
• appropriate judicial subpoena
• appropriate formal written request from an authorized government authority

Question 25

What is the rule (and exceptions) under the Privacy Protection Act of 1980?

Answer 25

government officials engaging in criminal investigations are not permitted to search or seize media work products or documentary materials “reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast or other similar form of public communication”

exception:

• if there is probable cause to believe that a reporter has committed or is in process of committing a crime
• prevent death and serious injury
• reason to believe docs would be destroyed or concealed if subpoena’d

Question 26

Define:

U.S. CLOUD Act (2018)

Answer 26

• Part I addresses how DOJ can access content of comms held by companies located in the U.S.
• Part 2 creates a new mechanism for other countries to access content of comms held by U.S. service providers

Question 27

Define:

Part I of U.S. CLOUD Act

Answer 27

compelled disclosure orders apply regardless of whether such communication, record or other information is located within or outside of the United States (pending SCOTUS case)

Question 28

Define:

Part II of U.S. CLOUD Act

Answer 28

• under ECPA, service providers in U.S. prohibited from disclosing content of comms to law enforcement except through a warrant or an appropriate request through a mechanism such as a mutual legal assistance treaty (MLAT) and must show “probable cause” (takes 10 months)
• if U.S. and foreign government sign agreement pursuant to Part II, foreign law enforcement can go directly to service providers for comms content and can target comms of non-U.S. citizens and residents

Question 29

Define:

Budapest Convention

Answer 29

first international treaty to focus explicitly on cybercrime and mandated participating countries to outlaw certain cybercrimes, enact evidence-gathering rules and cooperate with investigations across national borders

Question 30

Define:

Second Additional Protocol to the Budapest Convention

Answer 30

• opened for signature in 2022
• expedited production of subscriber info and traffic data
• direct disclosure of subscriber information and domain name registration information by allowing law enforcements to make request directly to service provider in another country
• additional protections for personal data