In a new post on the Inside Tech Media blog, our colleagues discuss the “Quantum Computing Cybersecurity Preparedness Act,” which President Biden signed into law in the final days of 2022. The Act recognizes that current encryption protocols used by the federal government might one day be vulnerable to compromise as a result of
In March, the Supreme Court issued its decision in Federal Bureau of Investigation v. Fazaga, No. 20-828, holding that the state secrets privilege—and its dismissal remedy—applies to cases that may also be subject to the judicial review procedures set forth in the Foreign Intelligence Surveillance Act (“FISA”). In so holding, the Court reversed the Ninth Circuit’s 2020 ruling that FISA displaces the state secrets privilege in cases involving electronic surveillance.
Continue Reading Supreme Court Holds FISA Does Not Displace the State Secrets Privilege
Last Thursday, the Eastern District of Virginia in United States v. Chatrie, No. 19-cr-00130, 2022 WL 628905, denied a motion to suppress evidence obtained from Google pursuant to a geofence search warrant. Geofence warrants are a relatively new investigative tool that target private companies’ databases of location data, compelling these companies to produce the location data of every user that was in a particular area over a particular span of time. The court invalidated the warrant for lack of particularized probable cause, but declined to suppress the evidence obtained from Google—which linked the defendant to the scene of a 2019 bank robbery—because the officers sought the warrant in good faith.
Continue Reading Federal Court Expresses Skepticism About Validity of Geofence Warrants But Declines Suppression Remedy
On December 15, 2021, the United States and Australia signed an agreement on cross-border law enforcement demands for data from service providers (“Agreement”). The Agreement is the second bilateral agreement to be entered into under the Clarifying Lawful Overseas Use of Data (CLOUD) Act, following the U.S.-UK agreement in 2019. …
Continue Reading U.S. and Australia Sign CLOUD Act Agreement
On November 1, 2021, the Supreme Court denied a petition for a writ of certiorari in American Civil Liberties Union v. United States. In its petition, the American Civil Liberties Union (ACLU) sought the Supreme Court’s review of the Foreign Intelligence Surveillance Court (FISC) and the Foreign Intelligence Surveillance Court of Review’s (FISCR) decisions declining to release court records to the ACLU.
Continue Reading The Supreme Court Denies Certiorari in American Civil Liberties Union v. United States
On August 27, 2021, Illinois Governor J.B. Pritzker signed into law the Protecting Household Privacy Act (“PHPA”). The law governs how, and under what conditions, Illinois law enforcement agencies may acquire and use data from household electronic devices, commonly referred to as “smart devices” or the “internet of things.” The PHPA will go into effect…
Last week, the Ninth Circuit held in United States v. Wilson, No. 18-50440, 2021 WL 4270847, that a law enforcement officer violated a criminal defendant’s Fourth Amendment rights when he opened images attached to the defendant’s emails without a warrant, even though the images had previously been flagged as child sexual abuse materials (“CSAM”) by Google’s automated CSAM-detection software. The court based its ruling on the private search exception to the Fourth Amendment, which permits law enforcement to conduct a warrantless search only to the extent the search was previously conducted by a private party. Because no individual at Google actually opened and viewed the images flagged as CSAM, the court held that law enforcement “exceeded the scope of the antecedent private search,” thereby “exceed[ing] the limits of the private search exception.” Op. at 20-21.
Continue Reading Ninth Circuit’s Interpretation of Private Search Exception to the Fourth Amendment Contributes to “Growing Tension” Among Circuit Courts
On June 24, 2021, Australian parliament passed legislation establishing a framework for its enforcement agencies to access certain electronic data held by companies outside of Australia for law enforcement and national security purposes. The law paves the way for the establishment of a bilateral agreement with the United States under the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act.
Similar to the function of the CLOUD Act, the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 enables Australian enforcement authorities to compel companies covered by the statute to provide data, regardless of where the data is stored. The legislation introduces international production orders, a form of legal process for compelling real-time interception of communications or the production of stored communications and telecommunications data, which can be served directly on communications providers in foreign countries with which Australia has an agreement.
Continue Reading Australia Passes Cross-Border Data Access Law, Creates a Pathway for CLOUD Act Bilateral Agreement
Yesterday the Supreme Court issued a decision in Van Buren v. United States, No. 19-783, ruling that a police officer did not violate the Computer Fraud and Abuse Act (“CFAA”) when he obtained information from a law enforcement database that he was permitted to access, but did so for an improper purpose. In so ruling, the Court adopted a relatively narrow reading of the CFAA, and partially resolved a years-long debate concerning the scope of liability under the CFAA.
The CFAA prohibits, inter alia, “intentionally access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtain[ing] information from any protected computer.” 18 U.S.C. § 1030(a)(2). What it means to “exceed authorized access” has been the subject of disagreement among lower courts: Some have concluded that this term refers to accessing areas of a computer that the user is not permitted to access under any circumstances—e.g., a student accessing her university’s database of grades that is restricted to only administrator use. Others have concluded that this term also encompasses individuals who are permitted to access an area of a computer for certain purposes, but they do so for an improper purpose—e.g., an administrator accessing the university’s database of grades that she is generally permitted to use, but she does so for the improper purpose of blackmailing a student. …
Continue Reading Supreme Court Adopts Narrow Reading of the CFAA in Van Buren v. United States
Senators Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.) have introduced the Lawful Access to Encrypted Data Act, a bill that would require tech companies to assist law enforcement in executing search warrants that seek encrypted data. The bill would apply to law enforcement efforts to obtain data at rest as well as data in motion. It would also apply to both criminal and national security legal process. This proposal comes in the wake of the Senate Judiciary Committee’s December 2019 hearing on encryption and lawful access to data. According to its sponsors, the purpose of the bill is to “end the use of ‘warrant-proof’ encrypted technology . . . to conceal illicit behavior.”
The bill has three main provisions:…
Continue Reading Lawful Access to Encrypted Data Act Introduced