CRIMINAL INVESTIGATIONS AND TECHNOLOGY: PROTECTING DATA AND RIGHTS

Similar documents
A BILL. (a) the owner of the device and/or geolocation information; or. (c) a person to whose geolocation the information pertains.

UNITED STATES DISTRICT COURT EASTERN DISTRICT OF WISCONSIN. In re: Two accounts stored at Google, Case No. 17-M-1235 MEMORANDUM AND ORDER

CHAPTER 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS

Strike all after the enacting clause and insert the

IN RE TWO ACCOUNTS STORED AT GOOGLE, INC. MEMORANDUM AND ORDER. WILLIAM E. DUFFIN U.S. Magistrate Judge. I. Procedural History

TRANSPARENCY REPORTING FOR BEGINNERS: MEMO #1 *DRAFT* 2/26/14 A SURVEY OF

Title 15: COURT PROCEDURE -- CRIMINAL

Case 2:16-mj JS Document 53 Filed 03/10/17 Page 1 of 14 IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF PENNSYLVANIA

Case 3:16-mc RS Document 84 Filed 08/14/17 Page 1 of 9 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA I.

THE GOVERNMENT S POST-HEARING BRIEF

United States District Court,District of Columbia.

Case 9:18-mj BER Document 2 Entered on FLSD Docket 11/30/2018 Page 1 of 13

HEARING ON ELECTRONIC COMMUNICATIONS PRIVACY ACT REFORM

CRS Report for Congress

Cell Site Simulator Privacy Model Bill

Encryption & FBI vs Apple. Sophie Park & Shanelle Roman

H.R The 2001 Anti-Terrorism Legislation [Pub. L. No (Oct. 26, 2001)]

TITLE VIII PRIVACY PROTECTIONS Subtitle A Video Privacy Protection

State of Minnesota HOUSE OF REPRESENTATIVES

Chapter 33. (CalECPA)

S 2403 SUBSTITUTE A ======== LC004252/SUB A ======== S T A T E O F R H O D E I S L A N D

Terms of Use When you Access FoodSwitch you agree to these Terms of Use ("Terms"). General Terms and Conditions of Use

Case 1:10-mj AK Document 24 Filed 05/23/13 Page 31 of 183

Privacy: An Abbreviated Outline of Federal Statutes Governing Wiretapping and Electronic Eavesdropping

Issue Area Current Law S as reported by Senate Judiciary Comm. H.R as reported by House Judiciary Comm.

REGULATORY AGENCIES DO NOT NEED ADDITIONAL AUTHORITY TO ACCESS STORED COMMUNICATIONS

CRS Report for Congress

Mobil Serv Lubricant Analysis Sample Scan Application: Terms of Use Agreement

AeroScout App End User License Agreement

T-Mobile US, Inc. Transparency Report for 2016

CRS Report for Congress

IC Chapter 5. Search and Seizure

United States Supreme Court Grants Certiorari in United States v. Microsoft Corporation

IN REORDER REQUIRINGAPPLE, INC. Case No. [i m g 0 g TO ASSIST IN THE EXECUTIONOF A SEARCH WARRANT ISSUED BY THIS APPLICATION COURT 43

Electronic Privacy Information Center September 24, 2001

T-Mobile Transparency Report for 2013 and 2014

Statement of James X. Dempsey Executive Director Center for Democracy & Technology 1. before the House Permanent Select Committee on Intelligence

Briefing from Carpenter v. United States

BILLS PENDING AS OF 9/11/13 THAT RELATE TO NSA SURVEILLANCE

Case 2:15-mj CMR Document 52 Filed 09/06/17 Page 1 of 5 IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF PENNSYLVANIA

ELECTRONIC COMMUNICATIONS PRIVACY ACT UNITED STATES CODE

Case 1:18-mj DAR Document 1-1 Filed 10/03/18 Page 1 of 10 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA. Mag. No.

Assumption of TOBT Responsibility and Usage Agreement HAM CSA

Legal Standard for Disclosure of Cell-Site Information (CSI) and Geolocation Information

Legislation to Permit the Secure and Privacy-Protective Exchange of Electronic Data for the Purposes of Combating Serious Crime Including Terrorism

Testimony of Kevin S. Bankston, Policy Director of New America s Open Technology Institute

An Act to Promote Transparency and Protect Individual Rights and Liberties With Respect to Surveillance Technology

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

Case 5:16-cr XR Document 52 Filed 08/30/17 Page 1 of 10

Security Video Surveillance Policy

3121. General prohibition on pen register and trap and trace device use; exception

In the Supreme Court of the United States

POLICY MANUAL. Policy department: Legal References: Policy Number: Cross References: Policy Title: Adoption Date: Review Date: Revision Date:

Legal Supplement Part C to the Trinidad and Tobago Gazette, Vol. 56, No. 52, 18th May, 2017

Workplace Surveillance Act 2005

Electronic Searches and Surveillance ( )

Remote Support Terms of Service Agreement Version 1.0 / Revised March 29, 2013

Appendix B. State Wiretap Legislation (as of June 1, 2002)

Obtaining Social Media Information. Kelly Meehan, Assistant Attorney General Nick Wanka, Assistant Attorney General

THE ERIE WESTERN-PENNSYLVANIA PORT AUTHORITY RULES AND REGULATIONS GOVERNING THE RELEASE OF PUBLIC RECORDS UNDER THE PENNSYLVANIA RIGHT-TO-KNOW LAW

TYPE OF ORDER NUMBER/SERIES ISSUE DATE EFFECTIVE DATE General Order /3/ /5/2014

Draft Rules on Privacy and Access to Court Records

Does a Civil Protective Order Protect a Company s Foreign Based Documents from Being Produced in a Related Criminal Investigation?

Guidelines Targeting Economic and Industrial Sectors Pertaining to the Act on the Protection of Personal Information. (Tentative Translation)

Department of Defense INSTRUCTION. Guidance on Obtaining Information from Financial Institutions

U.S. Department of Justice

Gottschlich & Portune, LLP

CBLDF Advisory: Legal Hazards of Crossing International Borders With Comic Book Art

IN THE DISTRICT COURT OF APPEAL OF THE STATE OF FLORIDA FIFTH DISTRICT JULY TERM v. Case No. 5D

Recent Developments in Cyberlaw: 2018

Statement on Security & Auditability

Encryption: Balancing the Needs of Law Enforcement and the Fourth Amendment

UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA MEMORANDUM OPINION AND ORDER

Obtaining Information From Financial Institutions

ORDINANCE _ BOROUGH OF NEW ALBANY BRADFORD COUNTY, PENNSYLVANIA

The Right to Privacy in the Digital Age: Meeting Report

THE SURVEILLANCE AND COMMUNITY SAFETY ORDINANCE

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

Legal Ethics of Metadata or Mining for Data About Data

The Honorable Reena Raggi Chair, Advisory Committee on Criminal Rules

Case 3:15-cv WHA Document 31 Filed 03/03/16 Page 1 of 14 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA.

Notes on how to read the chart:

IN THE UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT

Private Equity and Tax Reform: Fund, Transactions and Portfolio Company Strategies

Amendment to the Infinite Campus END USER LICENSE AGREEMENT

Terms and Conditions for the use of

REMOTE ACCOUNT TRANSFER SERVICE AGREEMENT

H. R. ll. To establish reasonable procedural protections for the use of national security letters, and for other purposes.

REQUESTS FOR MUTUAL LEGAL ASSISTANCE IN CRIMINAL MATTERS. Guidance for Authorities Outside of Kenya

DATA PROTECTION LAWS OF THE WORLD. South Korea

Case 1:18-cr TFH Document 4 Filed 10/08/18 Page 1 of 10 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT

Institute for Development of Freedom of Information Statistics on Telephone Surveillance and Secret Investigation in Georgia.

APPENDIX. 1. The Equipment Interference Regime which is relevant to the activities of GCHQ principally derives from the following statutes:

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

Case3:08-cv MMC Document86 Filed12/02/09 Page1 of 8

Protection of Freedoms Bill. Delegated Powers - Memorandum by the Home Office. Introduction

AVIS RENT A CAR AVIS APPS TERMS OF USE

CCTV, videos and photos in health, aged care and retirement living and disability facilities your rights and obligations

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

Transcription:

CRIMINAL INVESTIGATIONS AND TECHNOLOGY: PROTECTING DATA AND RIGHTS JUNE 8, 2017 Bracewell LLP makes this information available for educational purposes. This information does not offer specific legal advice or create an attorney-client relationship with the firm. Do not use this information as a substitute for specific legal advice. Proprietary. Not for duplication. Philip J. Bezanson & Shannon B. Wolf

FORMER ASSISTANT ATTY. GENERAL LESLIE R. CALDWELL Innovation in computing, the Internet, and related services has had tremendous benefits for our economy... It has also transformed how we in law enforcement do our jobs by expanding our ability to detect, investigate and prosecute criminal activity. There is nothing wrong with companies pursuing profits and marketing strategies, but... Our ability to protect Americans from crime has become dependent, in thousands of cases, on the business decisions of for-profit corporations. More troublingly, even when companies have the technical ability to reasonably assist us in accessing encrypted information, they have refused to do so for fear of tarnishing their image. 2

INTRODUCTION As innovation continues to outpace legal and legislative developments, companies that store personal data have been in tension with law enforcement over investigation techniques. Law enforcement utilizes traditional criminal investigation techniques including the use of grand jury subpoenas and search warrants to obtain data and other materials from technology companies. The technology sector, has countered with objections under the Stored Communications Act as well as the First and Fourth Amendments to the Constitution to protect customer data and privacy. 3

CRIMINAL INVESTIGATIONS AND TECHNOLOGY: PROTECTING DATA AND RIGHTS Warrant Proof Encryption Lavabit, Inc. Apple Inc. Foreign Reach of Search Warrants Google, Inc. Virtual Currency & the Internal Revenue Service Coinbase, Inc. Agency Subpoenas Twitter, Inc. Emerging Issues with New Technologies 4

WARRANT PROOF ENCRYPTION RESPONDING TO A SUBPOENA AND SECRET SEARCH WARRANT WHEN CUSTOMER PRIVACY IS CRITICAL TO YOUR BUSINESS.

6

THE 18 U.S.C. 2703 ORDERS Section 2703(d) permits: a court order for disclosure of contents of electronic communications or records concerning electronic communication if there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation. Section 2705(b) permits: a gag order precluding the disclosure of the subpoena or warrant if notification of the existence of the warrant, subpoena, or court order will result in: o (1) endangering the life or physical safety of an individual; o (2) flight from prosecution; o (3) destruction of or tampering with evidence; o (4) intimidation of potential witnesses; or o (5) otherwise seriously jeopardizing an investigation or unduly delaying a trial. 7

COMMUNICATIONS ASSISTANCE FOR LAW ENFORCEMENT ACT ( CALEA ) 47 U.S.C. 1001 Requires companies to assist the government with the decryption of data when the company has a decryption key; does not require the company to create a decryption key. Does not authorize any law enforcement agency or officer to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications. 8

PEN REGISTER ACT: 18 U.S.C. 3121 Pen Trap Orders can require providers assist law enforcement in the installation of the trap and trace device. Pen Trap Orders also frequently filed under seal and prohibit providers from disclosing to the target the fact of the Pen Trap Order and data collection. 9

10

THE ALL WRITS ACT: 28 U.S.C. 1651 The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law. The All Writs Act is a residual source of authority to issue writs that are not otherwise covered by statute. Pennsylvania Bureau of Correction v. U.S. Marshals Service, 474 U.S. 34, 43 (1985). Empowers courts to issue supplemental orders in furtherance of search warrants. U.S. v. New York Telephone Co., 434 U.S. 159, 174 (1977) 11

THE ORDER COMPELLING APPLE TO ASSIST AGENTS IN ITS SEARCH: Required Apple to assist the FBI by providing the FBI an opportunity to determine the passcode of the iphone; and Instructed Apple to provide reasonable technical assistance which included creating custom software that would: bypass or disable the iphone s auto-erase function; enable the FBI to submit passcodes for testing; and remove any time delays between entering incorrect passcodes. 12

APPLE S RESPONSE: MOTION TO VACATE ORDER Cautioned against the reach of the All Writs Act to compel a private company to develop software: what is to stop the government from demanding that Apple write code to turn on a microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on the location services to track the phone s user? In Matter of the Search of an Apple Iphone, 16-cm- 00010 (C.D.C.A. Feb. 25, 2016) (Apple Inc. s Motion to Vacate) at p. 4. 13

REMARKS OF ASSISTANT A.G. CALDWELL [C]ertain implementations of encryption pose an undeniable and growing threat to our ability to protect the American people. Our inability to access such data can stop our investigations and prosecutions in their tracks. 14

FOREIGN REACH OF SCA ORDERS EXTRATERRITORIAL APPLICATION IS NOT SETTLED.

16

RULE 41 OF THE FEDERAL RULES OF CRIMINAL PROCEDURE (b) At the request of a federal law enforcement officer or an attorney for the government: (1) a magistrate judge... may issue a warrant for property that is located outside the jurisdiction of any state or district, but within any of the following: o (A) a United States territory, possession, or commonwealth (6) a magistrate judge with authority in any district where activities related to a crime may have occurred has authority to issue a warrant to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district if: o (A) the district where the media or information is located has been concealed through technological means; or o (B) in an investigation of a violation of 18 U.S.C. 1030(a)(5), the media are protected computers that have been damaged without authorization and are located in five or more districts. 17

MICROSOFT DECISION AND THE GOOGLE RULING The Second Circuit s majority opinion relied on the presumption against extraterritorial application of U.S. statutes as articulated in Morrison v. Nat l Australia Bank Ltd., 561 U.S. 247 (2010). The Second Circuit analyzed the SCA and application of Section 2703 orders to material stored on foreign servers in light of the two-part approach set forth in Morrison: whether the statute s warrant provisions contemplated extraterritorial application; and the statute s focus. Ultimately, the Second Circuit concluded that the SCA focuses on user privacy and directing Microsoft to seize its customers communications stored overseas would be an unlawful extraterritorial application. Judge Rueter rejected the Second Circuit s application of Morrison, and further called into question the Second Circuit s conclusion that retrieval of documents stored on a foreign server constitutes a seizure in a foreign country. 18

IN RE XXXXXXXXXXXXXXXXXX@YAHOO.COM (M.D. FLA) Geographic scope of the warrant lacked: Nationality of Yahoo s customer Location of customer when account was established Customer s current location Location of stored information being sought by the government Warrant sought all information including data stored outside of the United States pertaining to the identified account that is in the possession, custody, or control of Yahoo. [A] warrant issued pursuant to the Stored Communications Act reaches only as far as the territorial bounds of the United States... [i]f Yahoo has responsive information that is stored at a place outside the United States, it is not required to produce that information. 19

IN RE INFORMATION ASSOCIATED WITH ONE YAHOO ACCOUNT (E.D. WIS.) Warrant sought all responsive information including data stored outside the United States pertaining to the identified account that is in the possession, custody, or control of Yahoo. Rule 41 is silent as to whether a federal court may issue a warrant for search of property outside of the United States. [E]ffect of an order under the SCA is to compel the service provider to disclose information in its possession...[i]t is not an authorization for government agents to physically enter any location or to seize anything from either the user or the service provider. 20

VIRTUAL CURRENCY & THE IRS RESPONDING TO A JOHN DOE SUBPOENA

22

INFORMATION SOUGHT FOR YEARS 2013-2015 User profile, history of changes to the user profile from account inception, user preferences, user security settings and history (including confirmed devices and account activity), payment methods and other information related to funding sources for the account. Records associated with Know-Your-Customer due diligence. Powers of attorney and other agreements or instructions for any account giving a third party access to or control of the account. Records of payments to and from the Coinbase account user. Account activity/transaction logs reflecting: date, amount, transaction type, account posttransaction balance, requests or instructions to send or receive bitcoin, name or identifier of the counterparty. Payments processed for which Coinbase acts as the payment service provider. Correspondence between Coinbase and its users. Periodic account statements or invoices. Exception reports produced by Coinbase s Anti- Money Laundering system. 23

JOHN DOE SUBPOENA 26 U.S.C. 7609 A summons that does not identify the person with respect to whose liability the summons is issued. IRS is authorized to issue a John Doe summons pursuant to an investigation of a specific, unidentified person or ascertainable group or class of persons. Permits the IRS to obtains the names and requested information and documents concerning all taxpayers in a certain group or class of persons. Cannot be used to conduct a fishing expedition. The Service should be prepared to investigate the tax liabilities of specific taxpayers based on the information received from the John Doe summons. 24

REQUIREMENTS FOR OBTAINING A JOHN DOE SUBPOENA District Court approval is required before serving a John Doe Summons. Typically approved in an ex parte proceeding. Three specific requirements: The summons must relate to the investigation of a particular person or ascertainable group or class of persons. The IRS must have a reasonable basis for believing that such person or group or class of persons may fail or may have failed to comply with any provision of the tax laws. The information and identities sought to be obtained from summoned records must not be readily available from other sources. 25

THE AGENCY SUBPOENA KNOWING WHEN TO RESPOND

27

TWITTER V. DEPT. OF HOMELAND SECURITY AND U.S. CUSTOMERS AND BORDER PROTECTION THE ADMINISTRATIVE SUMMONS Issued pursuant to 19 U.S.C 1509 which authorizes production of records related to the importation of merchandise. The Summons: Requested all records regarding the Twitter accounts @ALT_USCIS, including, user names, account login, phone number, mailing address and I.P. address. Cautioned that failure to comply would result in proceedings in U.S. District Court to enforce the summons and possible sanctions. Requested that Twitter non disclose the existence of the summons for an indefinite period of time. 28

OTHER NOTEWORTHY CASES EMERGING ISSUES INVOLVING TECHNOLOGY & LAW ENFORCEMENT

30

BORDER SEARCHES The New York Times reported, in March 2017, that, in the wake of heightened scrutiny at border crossings (i.e., airports), individuals were reporting searches of their gadgets and devices. DHS enacted restrictions impacting travelers from 8 Muslim-majority countries who cannot bring devices larger than cell-phones on the plane (other devices must be stored in checked luggage). Airlines are cautioning international travelers to have their devices charged and accessible by Border Agents; travelers could be detained until agents can search devices. 31

32

QUESTIONS? PHILIP J. BEZANSON SHANNON B. WOLF 33 T E X A S N E W Y O R K W A S H I N G T O N, D C C O N N E C T I C U T S E A T T L E D U B A I L O N D O N b r a c e w e l l. c o m

This presentation is provided for informational purposes only and should not be considered specific legal advice on any subject matter. You should contact your attorney to obtain advice with respect to any particular issue or problem. The content of this presentation contains general information and may not reflect current legal developments, verdicts or settlements. Use of and access to this presentation does not create an attorney-client relationship between you and Bracewell.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback