In October 2019, the UK and U.S. Governments signed an agreement on cross-border law enforcement demands for data from Communication Service Providers (the “Agreement”, which we described in our earlier post here). Only now, however, have the two countries completed the procedural steps required to bring the Agreement into
Continue Reading UK and U.S. Governments set a date for the entry into force of the UK-U.S. CLOUD Act AgreementElectronic Surveillance and Law Enforcement Access
Supreme Court Holds FISA Does Not Displace the State Secrets Privilege
In March, the Supreme Court issued its decision in Federal Bureau of Investigation v. Fazaga, No. 20-828, holding that the state secrets privilege—and its dismissal remedy—applies to cases that may also be subject to the judicial review procedures set forth in the Foreign Intelligence Surveillance Act (“FISA”). In so holding, the Court reversed the Ninth Circuit’s 2020 ruling that FISA displaces the state secrets privilege in cases involving electronic surveillance.
Continue Reading Supreme Court Holds FISA Does Not Displace the State Secrets Privilege
New York Requires Businesses To Notify Employees of Electronic Monitoring
On November 8, 2021, New York Governor Kathy Hochul signed a new electronic monitoring law (S2628) requiring New York businesses that monitor or intercept employees’ e-mails, telephone calls, or internet usage to notify employees in writing of these practices. The new law amends the state’s civil rights law and takes effect on May 7, 2022.
Continue Reading New York Requires Businesses To Notify Employees of Electronic Monitoring
Illinois Enacts Protecting Household Privacy Act
On August 27, 2021, Illinois Governor J.B. Pritzker signed into law the Protecting Household Privacy Act (“PHPA”). The law governs how, and under what conditions, Illinois law enforcement agencies may acquire and use data from household electronic devices, commonly referred to as “smart devices” or the “internet of things.” The…
Continue Reading Illinois Enacts Protecting Household Privacy Act
Ninth Circuit’s Interpretation of Private Search Exception to the Fourth Amendment Contributes to “Growing Tension” Among Circuit Courts
Last week, the Ninth Circuit held in United States v. Wilson, No. 18-50440, 2021 WL 4270847, that a law enforcement officer violated a criminal defendant’s Fourth Amendment rights when he opened images attached to the defendant’s emails without a warrant, even though the images had previously been flagged as child sexual abuse materials (“CSAM”) by Google’s automated CSAM-detection software. The court based its ruling on the private search exception to the Fourth Amendment, which permits law enforcement to conduct a warrantless search only to the extent the search was previously conducted by a private party. Because no individual at Google actually opened and viewed the images flagged as CSAM, the court held that law enforcement “exceeded the scope of the antecedent private search,” thereby “exceed[ing] the limits of the private search exception.” Op. at 20-21.
Continue Reading Ninth Circuit’s Interpretation of Private Search Exception to the Fourth Amendment Contributes to “Growing Tension” Among Circuit Courts
California Federal Court Adopts Narrow Reading of Telephone “Instrument” Under the California Invasion of Privacy Act
Last year, Apple’s iOS14 incorporated a new feature notifying users when an app copied from the iPhone’s clipboard. The feature resulted in media scrutiny for a number of well-known apps, some of which faced putative class action lawsuits as a result. A court in the Eastern District of California recently dismissed one such suit, Mastel v. Miniclip SA, No. 2:21-cv-00124 (E.D. Cal.). In that decision, the court rejected a broad interpretation of telephone “instrument” under the California Invasion of Privacy Act (“CIPA”), concluding that non-telephonic smartphone functionality does not constitute a telephone instrument.
Continue Reading California Federal Court Adopts Narrow Reading of Telephone “Instrument” Under the California Invasion of Privacy Act
Australia Passes Cross-Border Data Access Law, Creates a Pathway for CLOUD Act Bilateral Agreement
On June 24, 2021, Australian parliament passed legislation establishing a framework for its enforcement agencies to access certain electronic data held by companies outside of Australia for law enforcement and national security purposes. The law paves the way for the establishment of a bilateral agreement with the United States under the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act.
Similar to the function of the CLOUD Act, the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 enables Australian enforcement authorities to compel companies covered by the statute to provide data, regardless of where the data is stored. The legislation introduces international production orders, a form of legal process for compelling real-time interception of communications or the production of stored communications and telecommunications data, which can be served directly on communications providers in foreign countries with which Australia has an agreement.
Continue Reading Australia Passes Cross-Border Data Access Law, Creates a Pathway for CLOUD Act Bilateral Agreement
U.S. Government Issues White Paper on Privacy Safeguards Following Schrems II
In the wake of the Court of Justice of the European Union’s (“ECJ”) Schrems II decision invalidating the EU-U.S. Privacy Shield (“Privacy Shield”) but upholding the validity of standard contractual clauses (“SCCs”), the U.S. government has released a White Paper entitled “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II.” The Schrems II ruling requires companies relying on SCCs “to verify, on a case-by-case basis,” whether the level of protections afforded by the SCCs are respected and observed in the recipient country. According to the cover letter accompanying the White Paper, it “outlines the robust limits and safeguards in the United States pertaining to government access to data” as part of “an effort to assist organizations in assessing whether their transfers offer appropriate data protection in accordance with the ECJ’s ruling.”
The cover letter emphasizes that while the White Paper is intended to help companies make the case that they can transfer personal data from the EU to the United States in compliance with EU law, it does not “eliminate the urgent need for clarity from European authorities or the onerous compliance burdens generated by the Schrems II decision.” It concludes by citing the importance of the “$7.1 trillion transatlantic economic relationship” and stating that “the Trump Administration is exploring all options at its disposal and remains committed to working with the European Commission to negotiate a solution that satisfies the ECJ’s requirements while protecting the interests of the United States.”
Continue Reading U.S. Government Issues White Paper on Privacy Safeguards Following Schrems II
Two Years of Carpenter
Last month marks two years since the Supreme Court held, in Carpenter v. United States, that the Fourth Amendment applies to cell phone company records that detail a cell phone user’s location and movements. Under Carpenter, police are generally required to use a warrant to obtain seven days or more of a user’s cell-site location information from phone companies.
As we previously reported, Carpenter redefined how the Fourth Amendment applies to information held by technology companies in the digital age. Prior to Carpenter, the Court applied the third-party doctrine, under which a person who voluntarily revealed information to third parties—such as telephone companies, banks, or technology companies—lacks a reasonable expectation of privacy in that information and therefore forfeits Fourth Amendment protections. In Carpenter, the Court declined to apply the third-party doctrine to cell-site location information, even though the cell phone user revealed their location information to their phone company. Despite the significance of this ruling, the Court said that its decision in Carpenter was a “narrow one” that did not “address other business records that might incidentally reveal location information” or “consider other collection techniques involving foreign affairs or national security.”
Continue Reading Two Years of Carpenter
Lawful Access to Encrypted Data Act Introduced
Senators Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.) have introduced the Lawful Access to Encrypted Data Act, a bill that would require tech companies to assist law enforcement in executing search warrants that seek encrypted data. The bill would apply to law enforcement efforts to obtain data at rest as well as data in motion. It would also apply to both criminal and national security legal process. This proposal comes in the wake of the Senate Judiciary Committee’s December 2019 hearing on encryption and lawful access to data. According to its sponsors, the purpose of the bill is to “end[] the use of ‘warrant-proof’ encrypted technology . . . to conceal illicit behavior.”
The bill has three main provisions:
Continue Reading Lawful Access to Encrypted Data Act Introduced