Electronic Surveillance and Law Enforcement Access

On Wednesday, the U.S. Department of Justice released a white paper and FAQ on the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which was enacted in March 2018 and creates a new framework for government access to data held by technology companies worldwide.  The paper, titled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act,” addresses the scope and purpose of the CLOUD Act and responds to 29 frequently asked questions about the Act.

Continue Reading Department of Justice Releases White Paper on CLOUD Act

This article originally appeared in Global Data Review on March 29, 2019

Last year, the US passed legislation expanding the geographic reach of certain legal process, including search warrants, issued to technology providers seeking customer data. Under the Clarifying Lawful Overseas Use of Data (CLOUD) Act, warrants issued by US courts can force certain types of providers to disclose customer data stored anywhere in the world.

Notably, the CLOUD Act does not affect only US technology providers. The legislation covers all providers of defined technology services, so long as they are subject to US jurisdiction and in possession, custody or control of the data sought.  This article describes the CLOUD Act, addresses scenarios in which technology providers based outside the US may be subject to the legislation, and identifies mechanisms for challenging legal process issued under the Act.


Continue Reading Reaching for the CLOUD

In August 2018, the Government of Australia unveiled a new proposed bill that would grant the county’s national security and law enforcement agencies additional powers when confronting encrypted communications and devices. The text of the draft Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (the “Assistance and Access Bill” or the “Bill”) states that the purpose is “to secure critical assistance from the communications industry and enable law enforcement to effectively investigate serious crimes in the digital era.”

The Assistance and Access Bill, if enacted, could affect a wide range of service providers both in and outside of Australia.
Continue Reading Australia Proposes New Encryption Legislation

Covington’s Alex Berengaut and Kate Goodloe today hosted a webinar on the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act.  The CLOUD Act was signed into law in March and creates a new framework for government access to data held by technology companies worldwide.  The webinar, hosted with DataGuidance, is available here.  The webinar

In a decision that defines how the Fourth Amendment applies to information collected in the digital age, the Supreme Court today held that police must use a warrant to obtain from a cell phone company records that detail the location and movements of a cell phone user.  The opinion in Carpenter v. United States limits the application of the third-party doctrine, holding that a warrant is required when an individual “has a legitimate privacy interest in records held by a third party.”

The 5-4 decision, written by Chief Justice John Roberts, emphasizes the sensitivity of cell phone location information, which the Court described as “deeply revealing” because of its “depth, breadth, and comprehensive reach, and the inescapable and automatic nature of its collection.”  Given its nature, “the fact that such information is gathered by a third party does not make it any less deserving of Fourth Amendment protection,” the Court held.
Continue Reading Supreme Court’s Carpenter Decision Requires Warrant for Cell Phone Location Data


Two federal appellate courts are taking sharply different views on whether—and why—government agents must have some amount of suspicion to conduct forensic searches of electronic devices seized at the border.

The Fourth Circuit on May 9, 2018, held that government agents must have reasonable suspicion to conduct forensic searches of cell phones seized at the

By Lauren Moxley

Today, the Supreme Court released its decision in Byrd v. United States.  The Court held that under the Fourth Amendment, a driver of a rental vehicle can challenge a search of the vehicle even if he is not listed as an authorized driver on the rental agreement.

The case began in

Last summer, Marcus Hutchins, the security researcher who stopped the “WannaCry” malware attack, was arrested and charged for his role in allegedly creating and conspiring to sell a different piece of malware, known as Kronos.  As we have previously discussed on this blog, however, the indictment was notable for its lack of allegations connecting Hutchins

On March 23, 2018, Congress passed, and President Trump signed into law, the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which creates a new framework for government access to data held by technology companies worldwide.

The CLOUD Act, enacted as part of the Consolidated Appropriations Act, has two components.

Part I:  Extraterritorial Reach

On Wednesday, the Supreme Court heard oral arguments in Carpenter v.  U. S., a case that involved the collection of 127 days of Petitioner Thomas Carpenter’s cell site location information as part of an investigation into several armed robberies.  We attended the argument to gain any insights into how the Supreme Court may resolve this important case.

The central issue in the appeal is whether the government can access this type and amount of individual location data without a warrant.  But an equally important issue is whether the Supreme Court should reevaluate the “third-party doctrine” exception to the Fourth Amendment’s warrant requirement in light of dramatic changes in the way individuals interact with technology in the digital era.  The “third-party doctrine” provides that individuals have no expectation of privacy in any information that is voluntarily released to a third party—a mobile-phone provider, cloud service provider, and the like.  The Court’s decision will have major implications for technology companies’ ability to protect customer data against warrantless searches by law enforcement officials.

During the 80-minute, extended oral arguments, the Justices broadly acknowledged that technology has changed dramatically in the decades since the Court originally recognized the third-party doctrine.  Each Justice, however, appeared to place varying weight on the import of that change on current legal standards.  Justices Kennedy and Alito focused on the information itself, rather than the technology, asking whether location information should be considered more sensitive than the bank information that United States v. Miller permitted law enforcement to access without a warrant, suggesting that banking information might be considered more sensitive.  
Continue Reading The Supreme Court Arguments in Carpenter Show that It May Be Time to Redefine the “Third-Party Doctrine”