Month: April 2013

By: Adam Shamah

SCOTUSBlog’s “Petition of the day” Tuesday was the cert. petition in Jennings v. Broome, which asks the Supreme Court to answer “Whether e-mails stored by an e-mail provider after delivery are in “electronic storage” under the Stored Communications Act, 18 U.S.C. §§ 2701.”

If the Supreme Court grants cert., it’s decision could majorly impact privacy law. We covered the Act’s protections in class.  They include regulations on disclosure to private parties and the government; prohibition on unauthorized access; and rules governing compelled disclosure by law enforcement. The petition notes the importance of the Stored Communications Act in protecting email privacy, given that the Wiretap Act protects only communications in transit and the Fourth Amendment typically does not apply due to the third party doctrine.

As the petition explains, “The prohibition of unlawful access … and the disclosure regulations … apply to communications that are in “electronic storage,” which is defined as: (A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication… The scope of the SCA’s disclosure provisions and its protections accordingly turns on exactly what is encompassed by this definition.”

The case arose after a wife and husband separated.  The wife and her daughter-in-law guessed the husband’s email password and printed several of his emails. The husband filed suit under the SCA’s “unauthorized access” provision.  The Court of Common Pleas for

the Fifth Judicial Circuit of South Carolina granted summary judgment for the defendants, holding that e-mails were not “stored communications” because they had already been “transmitted and had reached their final destination” and thus could not be in “temporary, intermediate storage incidental to the electronic transmission.” Further “[b]ecause Yahoo was not storing the e-mails for its own ‘purposes of backup protection,’ the court reasoned that the e-mails failed to satisfy the second prong of the definition of electronic storage.”  The South Carolina Court of Appeals reversed the trial court.  The South Carolina Supreme Court then reversed again, offering three different opinions, each with a different rationale.

The South Carolina Supreme Court thus created a split with the Ninth Circuit on this issue. See Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004).  The petition notes additional lower courts that have taken a variety of views on the matter.  Hopefully, the Supreme Court will grant cert and decide whether billions of emails are protected by the Act or not.

By: Thomas Prieto

The Currency and Foreign Transactions Reporting Act of 1970, better known as the Bank Secrecy Act of 1970, requires banks to create and keep specific records, which the government can search, often in attempts to detect and prevent money laundering. In the past, enforcement of the Bank Secrecy Act has been relatively lax, but there are indications that enforcement is on the rise.

The three major requirements of the Bank Secrecy Act for financial institutions, according to the below linked article, are 1) “implementing an anti-money laundering program, 2) reporting suspicious transactions, 3) conducting due diligence for private banking and correspondent bank accounts involving foreign persons.” The Bank Secrecy Act empowers the Treasury Department to examine all these records it requires.

It should be interesting to see whether the government’s increased enforcement may once again raise the issues in United States v. Miller. In that case was whether the plaintiff’s bank records were seized illegally in violation of the Fourth Amendment. The Court held that Miller had no right to privacy in his bank records. The documents subpoenaed were not ‘private documents.’ Rather, they were the bank’s business records.

http://www.mainjustice.com/2012/12/18/analysis-enforcement-of-the-bank-secrecy-act-is-on-the-rise-is-your-financial-institution-prepared/

By: Wesley Horner

I used to have a remote control helicopter.  OK, I still do.  One of the great things about technology is that as it becomes economical to make and distribute the coolest gadgets and gizmos, they become increasingly accessible, and new uses and creative innovations arise that make our lives better.  Or at least more fun.  Yes, that means that you can operate cool new remote control helicopters from your smart phone.  One startup company is even offering a taco delivering service—you place an order using your smart phone, and a flying robot will deliver the taco to you.  Taco bout convenient!  But we should remember that with great power comes great responsibility.

When technology advances to the point of materially advancing law enforcement capabilities, society should be alert to the increased risks to individual privacy and be prepared to delineate the proper boundaries of police conduct.  Drone technology, in particular, demonstrates the risks accompanying technological progress.  Drones equipped with cameras could drastically reduce costs and drastically increase the effectiveness of search and rescue missions.  Drones could also improve tactical awareness by offering multiple vantage points to aid in the execution of dangerous operations.  Drones offer significantly improved coverage, and unlike manned surveillance, some advanced drones may be able to operate without breaks.  Indeed, the taco delivery service boasts, “Our unmanned delivery agents are fast and work tirelessly.”  But further advances in drone technology could also enable pervasive mass surveillance, raising questions about what Big Brother should be entitled to monitor and record and under what circumstances.

In February of 2012, President Obama signed into law provisions that incorporate drones into US airspace.    As local police have asked for FAA approval to incorporate drones into police operations, local outcry has created surprising opposition.  Although current commercial drone technology consists of small systems often weighing less than 5 lb. and with fly time limited to 15 minutes, technology moves rapidly, and these limits may soon be surpassed.  It’s no wonder that more than 30 states are considering legislation limiting the use of drones.

This past February, Virginia became the first state to pass legislation that would require a moratorium on drone use by law enforcement until 2015.  Last week, however, Governor Bob McDonnell proposed some amendments to allow police to use drones for search and rescue missions.  The Governor has the right idea.  An outright ban on drone use is unnecessarily overinclusive.  Regulations should be tailored to permit uncontroversial uses that could drastically improve public services.  The moratorium exception for search and rescue missions is just one example.  States should also consider permitting drone use upon a judicial finding of probable cause—modeled after the Federal Wiretap Act—side-stepping the constitutional question of whether or not an advanced technology fly-over constitutes a search.  Probable cause has always been considered adequate protection for individual privacy.  There is little reason to believe otherwise, even in the context of advanced surveillance technologies.

By: Cory McAlister

As Benjamin Smith mentioned in a recent post, the question of law enforcement’s use of “stingrays” in criminal investigations is currently being litigated in an Arizona federal court. A judge heard arguments on March 28 on the legal issues surrounding the FBI’s use of a Stingray to monitor Rigmaiden’s location.

Recall that Stingrays are international mobile subscriber identity (“IMSI”) catchers: they spoof the behavior of cell towers in order to trick local phones or other cellular devices into connecting through the Stingray rather than directly to a legitimate tower. Posts on this blog have alerted us to the power of cell site location information (“CSLI”),—the trafficking data collected by cell towers that reveals a caller’s whereabouts—which is permitted by most courts under the third party doctrine. The third party doctrine allows the government to demand records maintained by telecommunications companies necessary to the transmission of calls. A Stingray device allows law enforcement to bypass even the telecom’s (required) cooperation, and to pinpoint location with even greater accuracy than CSLI.

In Mr. Rigmaiden’s case, the FBI did in fact obtain a court order and warrant for mobile location tracking,—it appears to have been intended for obtaining CSLI—which they used to get information from Verizon Wireless about Rigmaiden’s use of an air card. They then tracked the location of his cell network-connected computer by setting up a Stingray to detect that air card’s use.

The defendant argued that the warrant application for the mobile location inadequately described the details of the technology that would eventually be used pursuant to the warrant, i.e. the Stingray. The defendant argued, therefore, that the FBI went beyond the scope of the warrant, and could not use any evidence obtained in excess of its authorization.

The government had originally argued in this case that the Stingray did not require a warrant of any kind, and therefore the details of the warrant application provided to the issuing magistrate had no bearing on its use. However, the government reversed course and subsequently argued that the warrant also authorized the use of the Stingray, and was sufficiently clear about the nature of the technology—that it would involve mobile location tracking—that the warrant could be validly issued.

As a separate matter, the defendant, and privacy advocates who submitted briefs as “friends of the court,” noted that the Stingray collaterally collected data from numerous innocent individuals who were not targets of the investigation. Rigmaiden does not have standing to contest the violations of third parties’ Fourth Amendment rights, but he argued that the warrant as a whole is defective because it did not meet the Fourth Amendment’s particularity requirements. That is, even if the scope of the warrant encompassed the use of the Stingray, that scope would mean so broad a search that it amounts to an invalid general warrant. The government, for its part, countered the defense’s particularity claims by arguing that it purges data on individuals unrelated to the investigation, and thereby allays the particularity concerns.

http://www.wired.com/threatlevel/2013/03/gov-fights-stingray-case/all/

By: Jamaal Myers

In R v Telus Communications Co. police officers attempted to retrieve text messages stored in the computer database of Telus, a Canadian phone company, under a general warrant. Telus, in response to the request, argued that in order to produce the text messages, police must first acquire a wiretap authorization as opposed to a general warrant as required under Part VI of the Criminal Code of Canada. It reasoned that the production of text messages from its database constituted an “interception of private communications.” The Government, in response, countered that such a request was not an “interception of private communications” because the messages were not being transmitted on the Telus database, but rather they were just stored there. The Supreme Court rejected the Government’s reasoning.

Writing for the majority, Justice Abella held that:

“The only practical difference between text messaging and the traditional voice communications is the transmission process. This distinction should not take text messages outside the protection of private communications to which they are entitled in Part VI. Technical differences inherent in new technology should not determine the scope of protection afforded to private communications.”

This decision contrasts to actions concerning digital privacy currently underway in the United States. Currently, the Communications Assistance for Law Enforcement Act allows the government to force phone companies to install surveillance equipment on their networks. However, the Act does not compel phone companies and wireless providers to mandate surveillance of real-time communications such as Gmail chat. Andrew Weissman, FBI general counsel, has stated that gaining the power to wiretap all forms of Internet conversations and cloud storages is a “top priority” for the Bureau in 2013.

The full text of R v Telus Communications Co. can be found at:

http://scc.lexum.org/decisia-scc-csc/scc-csc/scc-csc/en/item/12936/index.do

Ryan Gallagher’s of Slate.com discusses the FBI’s plan in FBI Pursuing Real-Time Gmail Spying Powers as “Top Priority” for 2013. It can be found at:

http://www.slate.com/blogs/future_tense/2013/03/26/andrew_weissmann_fbi_wants_real_time_gmail_dropbox_spying_power.html