Photo of Chloe Goodwin

Chloe Goodwin is a litigator and regulatory attorney focused on privacy and technology issues. She represents several leading technology companies in litigation and compliance matters relating to electronic surveillance, law enforcement access to digital evidence, cybersecurity, and data privacy.

On October 7, 2022, President Biden signed an Executive Order directing the steps that the United States will take to implement its commitments under the new EU-U.S. Data Privacy Framework.  The framework was announced by the U.S. and the EU Commission in March 2022, after reaching a political agreement in principle (see our blog post

In March, the Supreme Court issued its decision in Federal Bureau of Investigation v. Fazaga, No. 20-828, holding that the state secrets privilege—and its dismissal remedy—applies to cases that may also be subject to the judicial review procedures set forth in the Foreign Intelligence Surveillance Act (“FISA”).  In so holding, the Court reversed the Ninth Circuit’s 2020 ruling that FISA displaces the state secrets privilege in cases involving electronic surveillance.

Continue Reading Supreme Court Holds FISA Does Not Displace the State Secrets Privilege

Last Thursday, the Eastern District of Virginia in United States v. Chatrie, No. 19-cr-00130, 2022 WL 628905, denied a motion to suppress evidence obtained from Google pursuant to a geofence search warrant.  Geofence warrants are a relatively new investigative tool that target private companies’ databases of location data, compelling these companies to produce the location data of every user that was in a particular area over a particular span of time.  The court invalidated the warrant for lack of particularized probable cause, but declined to suppress the evidence obtained from Google—which linked the defendant to the scene of a 2019 bank robbery—because the officers sought the warrant in good faith.
Continue Reading Federal Court Expresses Skepticism About Validity of Geofence Warrants But Declines Suppression Remedy

On December 15, 2021, the United States and Australia signed an agreement on cross-border law enforcement demands for data from service providers (“Agreement”).  The Agreement is the second bilateral agreement to be entered into under the Clarifying Lawful Overseas Use of Data (CLOUD) Act, following the U.S.-UK agreement in 2019.
Continue Reading U.S. and Australia Sign CLOUD Act Agreement

On November 1, 2021, the Supreme Court denied a petition for a writ of certiorari in American Civil Liberties Union v. United States. In its petition, the American Civil Liberties Union (ACLU) sought the Supreme Court’s review of the Foreign Intelligence Surveillance Court (FISC) and the Foreign Intelligence Surveillance Court of Review’s (FISCR) decisions declining to release court records to the ACLU.
Continue Reading The Supreme Court Denies Certiorari in American Civil Liberties Union v. United States

On August 27, 2021, Illinois Governor J.B. Pritzker signed into law the Protecting Household Privacy Act (“PHPA”).  The law governs how, and under what conditions, Illinois law enforcement agencies may acquire and use data from household electronic devices, commonly referred to as “smart devices” or the “internet of things.”  The PHPA will go into effect

Last week, the Ninth Circuit held in United States v. Wilson, No. 18-50440, 2021 WL 4270847, that a law enforcement officer violated a criminal defendant’s Fourth Amendment rights when he opened images attached to the defendant’s emails without a warrant, even though the images had previously been flagged as child sexual abuse materials (“CSAM”) by Google’s automated CSAM-detection software.  The court based its ruling on the private search exception to the Fourth Amendment, which permits law enforcement to conduct a warrantless search only to the extent the search was previously conducted by a private party.  Because no individual at Google actually opened and viewed the images flagged as CSAM, the court held that law enforcement “exceeded the scope of the antecedent private search,” thereby “exceed[ing] the limits of the private search exception.”  Op. at 20-21.

Continue Reading Ninth Circuit’s Interpretation of Private Search Exception to the Fourth Amendment Contributes to “Growing Tension” Among Circuit Courts

Yesterday the Supreme Court issued a decision in Van Buren v. United States, No. 19-783, ruling that a police officer did not violate the Computer Fraud and Abuse Act (“CFAA”) when he obtained information from a law enforcement database that he was permitted to access, but did so for an improper purpose.  In so ruling, the Court adopted a relatively narrow reading of the CFAA, and partially resolved a years-long debate concerning the scope of liability under the CFAA.

The CFAA prohibits, inter alia, “intentionally access[ing] a computer without authorization or exceed[ing] authorized access, and thereby obtain[ing] information from any protected computer.”  18 U.S.C. § 1030(a)(2).  What it means to “exceed authorized access” has been the subject of disagreement among lower courts:  Some have concluded that this term refers to accessing areas of a computer that the user is not permitted to access under any circumstances—e.g., a student accessing her university’s database of grades that is restricted to only administrator use.  Others have concluded that this term also encompasses individuals who are permitted to access an area of a computer for certain purposes, but they do so for an improper purpose—e.g., an administrator accessing the university’s database of grades that she is generally permitted to use, but she does so for the improper purpose of blackmailing a student.
Continue Reading Supreme Court Adopts Narrow Reading of the CFAA in Van Buren v. United States

The Department of Justice has released a draft bill to amend Section 230 of the Communications Decency Act of 1996, joining the chorus of voices seeking to limit the statute’s liability protections (covered here, here, here, and here).  The DOJ’s draft bill incorporates recommendations from its June 2020 report analyzing Section 230, as well as President Trump’s Executive Order on Preventing Online Censorship.  According to Attorney General William Barr, DOJ’s proposal “recalibrates Section 230 immunity,” aiming to “incentivize online platforms to better address criminal content on their services and to be more transparent and accountable when removing lawful speech.”
Continue Reading DOJ Proposes Legislation to Limit Section 230 Immunity

Senators Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.) have introduced the Lawful Access to Encrypted Data Act, a bill that would require tech companies to assist law enforcement in executing search warrants that seek encrypted data.  The bill would apply to law enforcement efforts to obtain data at rest as well as data in motion.  It would also apply to both criminal and national security legal process.  This proposal comes in the wake of the Senate Judiciary Committee’s December 2019 hearing on encryption and lawful access to data.  According to its sponsors, the purpose of the bill is to “end[] the use of ‘warrant-proof’ encrypted technology . . . to conceal illicit behavior.”

The bill has three main provisions:
Continue Reading Lawful Access to Encrypted Data Act Introduced