Section 3

Question 1

What happened in United States v. Miller?

Answer 1

SCOTUS established that the Constitution does not prevent financial institutions from responding to a properly authorized subpoena

Question 2

Does the RFPA apply to state and local governments?

Answer 2

No

Question 3

When was the RFPA enacted?

Answer 3

1978

Question 4

Who is a “person” under the RFPA?

Answer 4

A person or an organization with up to 5 people

Question 5

Which agencies are carved out of RFPA?

Answer 5

Supervisory agencies (FDIC, CFPB, SEC)

Question 6

How long do customers have to challenge a request for information from their financial institution (RFPA)?

Answer 6

10 days or 14 if mailed

Question 7

Does the RFPA have a private right of action?

Answer 7

Yes. They have three years from the date of the violation.

Question 8

What are the potential RFPA damages?

Answer 8

$100 per violation, actual damages, or potential punitive damages and plaintiff’s legal costs

Question 9

When was the BSA enacted?

Answer 9

1970

Question 10

What is the other name for the BSA?

Answer 10

Currency and foreign transactions reporting Act

Question 11

What unusual entities are included in the BSA?

Answer 11

Precious metal and jewelry dealers, pawnbrokers, travel agencies, telegraph companies, vehicle sales companies, gambling operators the USPS!

Question 12

How did the Patriot Act modify the BSA?

Answer 12

It added a customer identification program requirement

Question 13

Can financial institutions notify customers when they are filing an SAR?

Answer 13

No they are prohibited from doing so. This is an important exception to the RFPA.

Question 14

What is a Currency Transaction Report?

Answer 14

Under the BSA, financial institutions are required to notify FinCEN of any transaction that totals more than $10K in a day.

Question 15

How long do companies have to file a CTR?

Answer 15

15 days

Question 16

What government agency enforces the BSA?

Answer 16

Department of Treasury

Question 17

What did SCOTUS hold in Katz v. US?

Answer 17

In situations with a ‘reasonable expectation of privacy’ individuals are protected by the 4th Amendment

Katz is viewed as overturning Olmstead v. US

Question 18

When was the Electronic Communications Privacy Act enacted?

Answer 18

1986

Question 19

What are the three parts of the ECPA?

Answer 19

1. Wiretap Act
2. Stored Communications Act
3. regulation for technologies for collecting data (pen registers and trap and trace devices)

Question 20

Under the Wiretap Act, can an individual record a conversation without the other’s knowledge or permission?

Answer 20

Yes, but some states like CA do not allow this

Question 21

How does the Stored Communications Act (SCA) handle communications that are stored by service providers?

Answer 21

It prohibits unauthorized access (extends the privacy protection)

Question 22

Does the ECPA preempt state laws?

Answer 22

No and many states have more stringent requirements

Question 23

What does CALEA (Communications Assistance for Law Enforcement) do?

Answer 23

Requires telecoms companies to make govt wiretapping capabilities bake-in features of their products and services

Question 24

When was the Foreign Intelligence Surveillance Act enacted?

Answer 24

1978

Question 25

How did the Patriot Act update FISA?

Answer 25

The threshold for authorizing surveillance changed from foreign intelligence being the “primary purpose” to “significant purpose”

Question 26

What are the principle features of FISA?

Answer 26

Surveillance of foreign powers
Authorization for specific forms of surveillance
The Foreign Intelligence Surveillance Court
Authority for warrantless surveillance
Surveillance of US Persons acting as agents of foreign powers
Minimization principle

Question 27

What are the controversial provisions of the Patriot Act?

Answer 27

206: Roving Wiretaps
207: The “Lone Wolf” Provision
215: Business Records Provision

Question 28

How did the USA Freedom Act of 2015 update the Patriot Act?

Answer 28

1. Prohibited bulk data collection by requiring the request list specific search parameters called “selection terms”
2. Subjected requests for pen registers and trap-and-trace devices to selection terms
3. Reform the NSL process to add selection terms and limit the govt’s ability to impose gag orders and created a process for companies to object
4. Strengthened FISA’s minimization requirements
5. Restricted the USAG from authorizing business record requests without the FISC unless there is an emergency
6. Added legal advisers to help FISC interpret requests from the USAG
7. Increased transparency by requiring the USAG to report to Congress

Question 29

How does the Cybersecurity Information Sharing Act of 2015 break down barriers for companies to share cybersecurity information with the government?

Answer 29

1. Requires companies to remove PII before sharing
2. Reduces company liability by exempting them from antitrust liabilities or loss of attorney-client privilege
3. The information shared is still designated as proprietary to the company and is exempted from federal and state Freedom of Information request laws

Question 30

Is sharing mandatory under CISA?

Answer 30

No, it’s voluntary in both directions

Question 31

What was the holding in Zurcher v Stanford Daily (1978 SCOTUS)?

Answer 31

The Stanford Daily was required to turn over documentary evidence despite first and fourth amendment protections. Congress passed the Privacy Protection Act in response.

Question 32

When was the Privacy Protection Act enacted?

Answer 32

1980

Question 33

What did the Privacy Protection Act do?

Answer 33

Prohibited law enforcement from using a warrant to search news media personnel, the homes of journalists, news media facilities, and journalistic records

Question 34

Even with the PPA, how can law enforcement compel information from journalists?

Answer 34

Through a subpoena but they have advance notice and the opportunity to challenge it (as opposed to a warrant)

Question 35

Does RFPA apply to requests by state regulators?

Answer 35

No, only federal agencies

Question 36

What are the RFPA request criteria?

Answer 36

1. Must reasonably identify the records
2. Must be justified by (a) customer authorization, (b) administrative subpoena, (c) judicial subpoena (d) search warrant or (e) written law enforcement request

Question 37

What is the difference between a pen register and trap and trace?

Answer 37

Pen - records info about outbound comms
Trap + Trace - records info about inbound comms

Question 38

What was Section 215 of the Patriot Act?

Answer 38

It authorized the government to demand “tangible items” including call detail records (bulk collection)

Question 39

What did the Freedom Act do?

Answer 39

• Eliminated Section 215
• Prohibited blanket “tangible things” product orders
• Required the use of specific selector terms (also to FISA)
• Requires judicial involvement
• Natl Security Letters required specific terms
• Imposes higher standard for gag orders
• allows recipients of NSLs to challenge in court

Question 40

Can states pass stricter laws under CAN-SPAM?

Answer 40

No