Section 3 Flashcards
What happened in United States v. Miller?
SCOTUS established that the Constitution does not prevent financial institutions from responding to a properly authorized subpoena
Does the RFPA apply to state and local governments?
No
When was the RFPA enacted?
1978
Who is a “person” under the RFPA?
A person or an organization with up to 5 people
Which agencies are carved out of RFPA?
Supervisory agencies (FDIC, CFPB, SEC)
How long do customers have to challenge a request for information from their financial institution (RFPA)?
10 days or 14 if mailed
Does the RFPA have a private right of action?
Yes. They have three years from the date of the violation.
What are the potential RFPA damages?
$100 per violation, actual damages, or potential punitive damages and plaintiff’s legal costs
When was the BSA enacted?
1970
What is the other name for the BSA?
Currency and foreign transactions reporting Act
What unusual entities are included in the BSA?
Precious metal and jewelry dealers, pawnbrokers, travel agencies, telegraph companies, vehicle sales companies, gambling operators the USPS!
How did the Patriot Act modify the BSA?
It added a customer identification program requirement
Can financial institutions notify customers when they are filing an SAR?
No they are prohibited from doing so. This is an important exception to the RFPA.
What is a Currency Transaction Report?
Under the BSA, financial institutions are required to notify FinCEN of any transaction that totals more than $10K in a day.
How long do companies have to file a CTR?
15 days
What government agency enforces the BSA?
Department of Treasury
What did SCOTUS hold in Katz v. US?
In situations with a ‘reasonable expectation of privacy’ individuals are protected by the 4th Amendment
Katz is viewed as overturning Olmstead v. US
When was the Electronic Communications Privacy Act enacted?
1986
What are the three parts of the ECPA?
- Wiretap Act
- Stored Communications Act
- regulation for technologies for collecting data (pen registers and trap and trace devices)
Under the Wiretap Act, can an individual record a conversation without the other’s knowledge or permission?
Yes, but some states like CA do not allow this
How does the Stored Communications Act (SCA) handle communications that are stored by service providers?
It prohibits unauthorized access (extends the privacy protection)
Does the ECPA preempt state laws?
No and many states have more stringent requirements
What does CALEA (Communications Assistance for Law Enforcement) do?
Requires telecoms companies to make govt wiretapping capabilities bake-in features of their products and services
When was the Foreign Intelligence Surveillance Act enacted?
1978
How did the Patriot Act update FISA?
The threshold for authorizing surveillance changed from foreign intelligence being the “primary purpose” to “significant purpose”
What are the principle features of FISA?
Surveillance of foreign powers
Authorization for specific forms of surveillance
The Foreign Intelligence Surveillance Court
Authority for warrantless surveillance
Surveillance of US Persons acting as agents of foreign powers
Minimization principle
What are the controversial provisions of the Patriot Act?
206: Roving Wiretaps
207: The “Lone Wolf” Provision
215: Business Records Provision
How did the USA Freedom Act of 2015 update the Patriot Act?
- Prohibited bulk data collection by requiring the request list specific search parameters called “selection terms”
- Subjected requests for pen registers and trap-and-trace devices to selection terms
- Reform the NSL process to add selection terms and limit the govt’s ability to impose gag orders and created a process for companies to object
- Strengthened FISA’s minimization requirements
- Restricted the USAG from authorizing business record requests without the FISC unless there is an emergency
- Added legal advisers to help FISC interpret requests from the USAG
- Increased transparency by requiring the USAG to report to Congress
How does the Cybersecurity Information Sharing Act of 2015 break down barriers for companies to share cybersecurity information with the government?
- Requires companies to remove PII before sharing
- Reduces company liability by exempting them from antitrust liabilities or loss of attorney-client privilege
- The information shared is still designated as proprietary to the company and is exempted from federal and state Freedom of Information request laws
Is sharing mandatory under CISA?
No, it’s voluntary in both directions
What was the holding in Zurcher v Stanford Daily (1978 SCOTUS)?
The Stanford Daily was required to turn over documentary evidence despite first and fourth amendment protections. Congress passed the Privacy Protection Act in response.
When was the Privacy Protection Act enacted?
1980
What did the Privacy Protection Act do?
Prohibited law enforcement from using a warrant to search news media personnel, the homes of journalists, news media facilities, and journalistic records
Even with the PPA, how can law enforcement compel information from journalists?
Through a subpoena but they have advance notice and the opportunity to challenge it (as opposed to a warrant)
Does RFPA apply to requests by state regulators?
No, only federal agencies
What are the RFPA request criteria?
- Must reasonably identify the records
- Must be justified by (a) customer authorization, (b) administrative subpoena, (c) judicial subpoena (d) search warrant or (e) written law enforcement request
What is the difference between a pen register and trap and trace?
Pen - records info about outbound comms
Trap + Trace - records info about inbound comms
What was Section 215 of the Patriot Act?
It authorized the government to demand “tangible items” including call detail records (bulk collection)
What did the Freedom Act do?
- Eliminated Section 215
- Prohibited blanket “tangible things” product orders
- Required the use of specific selector terms (also to FISA)
- Requires judicial involvement
- Natl Security Letters required specific terms
- Imposes higher standard for gag orders
- allows recipients of NSLs to challenge in court
Can states pass stricter laws under CAN-SPAM?
No