Cybercrime Logo

 

 

 NYLS Cybercrime.AdvancedStudies.Org

 

UNIT 09:
Interception, Search and Seizure, and Surveillance

Cybercrime, Cyberterrorism, and Digital Law Enforcement
NYLS CRI150 SPRING 2009
Professor K. A. Taipale (bio) (contact)


Registered Students login to NYLS Portal for updated Course Information and Reading Assignments.



UNIT 09:
Interception, Search and Seizure, and Surveillance

PONDERABLES:

The Fourth Amendment in a digital world: How to maintain sufficient degrees of freedom?

Digital Law Enforcement.

New information technologies can improve efficiencies in law enforcement and national security information. Advanced sensing, collection, information sharing, and data analysis technologies (including data mining) can improve allocation of law enforcement and national security resources to more effective uses.

Such developments, however, are challenging to political and legal systems, and social expectations, that are at least partially based on protecting certain civil liberties and individual freedoms by maintaining privacy through the “practical obscurity” of inefficient information access technologies and procedures.  On the one hand there is a need to "connect the dots" through improved information sharing and analysis to provide for collective security or effective law enforcement and on the other hand the notion of individual liberty in free society is at least partially built on keeping the power to easily "connect the dots" out of the control of government agencies by maintaining or imposing inefficiencies in information sharing through a system of checks and balances, due process, and technical constraints.

See COURSE SUBTEXT.

 

REQUIRED READING:

CASEBOOK: David J. Loundy, COMPUTER CRIME, INFORMATION WARFARE, AND ECONOMIC ESPIONAGE, Carolina Academic Press (2003) (ISBN:0890891109):

Chapter 5, Interception of Electronic Communications, pp. 131-158 (Steve Jackson Games v. U.S. Secret Service), and

Chapter 6, Search and Seizure, pp. 159-230 (Katz v. US; Kyllo v. US; US v. Gorshkov; US v. Scarfo; Trulock v. Freeh).

US v COUNCILMAN (2005) ("stored communications")
http://www.ca1.uscourts.gov/pdf.opinions/03-1383EB-01A.pdf

US v. Comprehensive Drug Testing Inc. , 09 C.D.O.S. 11022 (Aug. 26, 2009)

Nimrod Kozlovski, "Designing Accountable Online Policing," pp. 107-134 in Cybercrime, (Jack Balkin, et al. eds., NYU Press 2007).

Kim A. Taipale, Why Can't We All Get along? How Technology, Security, and Privacy Can Co-exist in the Digital Age," pp. 151-183 in Cybercrime, (Jack Balkin, et al. eds., NYU Press 2007).

 

ADDITIONAL CASES:

Katz v. United States, 389 U.S. 347 (1967) (FindLaw) (extending warrant requirement to wiretaps and overruling Olmstead v. United States, 277 U.S. 438 (1928).

Smith v. Maryland, 442 U.S. 735 (1979) (FindLaw) (use of "pen register" not a "search," therefore, does not require warrant).

[cf. Trudi Gilfillian, "Internet subpoena invalid, appeals court says," PressofAtlanticCity.com (Jan. 23, 2007) (NJ appeals court holds "defendant had a reasonable expectation of privacy in her ISP account information" under state constitution).]

US v Miller, 425 U.S. 435 (1976) (FindLaw) (no legally recognized expectations of privacy in records of accounts held by bank).

Kyllo v. US, 533 U.S. 27 (2001) (use of a thermal imaging device to monitor the radiation of heat from a person's home was a "search" requiring a warrant).

US v. Forrester, No. 05-50410 (9th Circuit, July 6, 2007, amended July 25, 2007) (extends Smith v. Maryland to email, no privacy expectation in IP addresses, email To/From fields) (notice that the amendment makes clear that the pen register logging device was installed at the ISP (cf. Smith v. Maryland). Compare this with the use of CIPAV pen register installed on the user's computer discussed below pursuant to a warrant).

 

FOURTH AMENDMENT, U.S. CONSTITUTION (BILL OF RIGHTS):

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

 

STATUTES:

ELECTRONIC COMMUNICATIONS PRIVACY ACT (ECPA)
18 U.S.C. § 2701, et seq.

THE WIRETAP ACT (Title III)
18 U.S.C. § 2510, et seq.

Pen Register / Trap and Trace
18 U.S.C. § 3121, et seq.

FOREIGN INTELLIGENCE SURVEILLANCE ACT (FISA)
50 USC §1801 et seq.

U.S. Constitution, Fourth Amendment.

 

GOVERNMENT DOCUMENTS

U.S. DOJ, Computer Crime & Intellectual Property Section, Electronic Evidence and Search & Seizure (including Search & Seizure Manual).

"Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping," Congressional Research Service CRS 98-326 (Updated Sep. 2, 2008).

"Privacy: An Abbreviated Outline of Federal Statutes Governing Wiretapping and Electronic Eavesdropping," Congressional Research Service 98-327 (Updated Sep. 2, 2008).

 

CLASS CASE STUDY: SEARCH AND SEIZURE: WARRANTS

Orin Kerr, Searches and Seizures in a Digital World, 119 Harvard L. Rev. (2005).

Orin Kerr, Search Warrants in an Era of Digital Evidence, 75 Miss. L. J. 85 (2005).

United States v. Comprehensive Drug Testing Inc. , 09 C.D.O.S. 11022 (Aug. 26, 2009)

Paul Elias, "Feds seek rehearing of baseball drug list ruling," Associated Press (Nov. 25, 2009) (FindLaw) ("A ... panel of 9th Circuit judges voted 9-2 in August that investigators trampled on protections against unreasonable searches when they seized the records and samples of 104 players. Prosecutors initially obtained warrants for only the test results of 10 players as part of the ... investigation. ... majority opinion contained a major change in Fourth Amendment law, ruling that federal magistrates should insist the government waive reliance on the "plain view doctrine" in computer evidence searches. That doctrine allows prosecutors who obtained search warrants to use evidence of other crimes they come upon during the original search.")

Solicitor General Elena Kagan, Petition for Rehearing (Nov. 23, 2009).

 

CLASS CASE STUDY: ENCRYPTION/PASSWORD: COMPELLED DISCLOSURE

Jeremy Kirk, "Contested U.K. encryption disclosure law takes effect: New British legislation compels individuals and businesses to decrypt data wanted by law enforcement authorities for investigations," InfoWorld (Oct. 1, 2007).

Mark Ward, "Campaigners hit by decryption law," BBC News (Nov. 20, 2007).

UK LAW: Regulation of Investigatory Powers Act 2000: Part III Investigation of electronic data protected by encryption etc.

Declan McCullagh, "Judge: Man can't be forced to divulge encryption passphrase," CNET News (Dec. 14, 2007) ("A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his ... passphrase [because it would violate his Fifth Amendment rights]")

IN RE BOUCHER, United States District Court for the District of Vermont
2007 WL 4246473 (Nov. 29, 2009) (Download PDF).

Ellen Nakashima, "In Child Porn Case, a Digital Dilemma: U.S. Seeks to Force Suspect to Reveal Password to Computer Files," Wash. Post (Jan. 16, 2008) ("The federal government is asking a U.S. District Court in Vermont to order a man to type a password that would unlock files on his computer, despite his claim that doing so would constitute self-incrimination. The case, believed to be the first of its kind to reach this level, raises a uniquely digital-age question about how to balance privacy and civil liberties against the government's responsibility to protect the public.")

Is the lower court ruling in Boucher correctly decided? Is this a Fifth or Fourth Amendment case given the specific factual circumstances? Is a password "testimonial" even when the government knows what is locked up? Is there a difference between forcing the surrender of a physical key versus disclosure of a password? Should there be? (See Orin Kerr post at Volokh Conspiracy and comments).

John Curran, "Encrypted laptop poses 5th Amendment dilemma," Associated Press (Feb. 7, 2008) (" ... The government wants [the defendent] to give up the password, but doing so could violate his Fifth Amendment right against self-incrimination by revealing the contents of the files. Experts say the case could have broad computer privacy implications for people who cross borders with computers, PDAs and other devices that are subject to inspection. "This has been the case we've all been expecting," ... "As encryption grows, it was inevitable there'd be a case where the government wants someone's keys.")

 

BORDER SEARCHES/SEIZURES:

Ellen Nakashima. "Clarity Sought on Electronics Searches: U.S. Agents Seize Travelers' Devices," Washington Post A:01 (Feb 7, 2008) ("The U.S. ... has argued in ... that its authority to protect ... border extends to looking at information stored in electronic devices such as laptops without any suspicion of a crime. In border searches, it regards a laptop the same as a suitcase. "It should not matter . . . whether documents and pictures are kept in 'hard copy' form in a ... briefcase or stored digitally in a computer. The authority of customs officials to search the former should extend equally to searches of the latter," ... . As more and more people travel with laptops, BlackBerrys and cellphones, the government's laptop-equals-suitcase position is raising red flags. "It's one thing to say it's reasonable for government agents to open your luggage,".... "It's another thing to say it's reasonable for them to read your mind and everything you have thought over the last year. What a laptop records is as personal as a diary but much more extensive. It records every Web site you have searched. Every e-mail you have sent. It's as if you're crossing the border with your home in your suitcase." ).

Jeanne Meserve "Suit: Airport searches of laptops, other devices intrusive," CNN.com (Feb, 11, 2008) ("The suit accuses customs agents of "lengthy questioning and intrusive searches" and seeks clarification on the law that allows such [border] searches.")

Richard Adhikari, "Napolitano Urged to Act on Border Laptop Seizures: Homeland security advisers press for greater oversight by privacy officials," InternetNews (Feb.4, 2009) ("The Department of Homeland Security's (DHS) controversial policies on search and seizure of electronic devices at U.S. borders is facing a new round of criticism -- this time, from the department's own data privacy advisers.")

 

SPYWARE/KEYLOGGERS

Declan McCullagh, "Judge OKs FBI Keyboard Sniffing," Wired (Jan. 4, 2002) ("a federal judge ... has ruled that evidence surreptitiously gathered by the FBI about ... Scarfo's reputed loan shark operation can be presented in a trial later this year ... it was perfectly acceptable for FBI agents armed with a court order to sneak into Scarfo's office, plant a keystroke sniffer in his PC and monitor its output.")

Kevin Poulsen, "FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats," Wired (Jul. 18, 2007) ("FBI agents trying to track the source of e-mailed bomb threats ... sent the suspect a secret surveillance program designed to surreptitiously monitor him and report back to a government server ... In an affidavit seeking a search warrant to use the software ... describes the software as a "computer and internet protocol address verifier," or CIPAV. ... the spyware program gathers a wide range of information, including the computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last-visited URL. ... then settles into a silent "pen register" mode, ... and monitors its internet use.")

Kevin Poulsen, "Appeals Court Clarifies: Government Spyware Not Protected in Ruling," Wired (July 25, 2007) ("The original July 6th opinion in U.S. v. Forrester upheld the DEA's limited monitoring of a suspect's internet use under the low "pen register" standard, which requires only that a law enforcement agency certify that the surveillance will be "relevant" to an investigation -- no probable cause or judicial fact finding needed. Key to the ruling was that the DEA recorded only the IP addresses of the websites the surveillance target visited, and the e-mail addresses he corresponded with, and not the content of the communication.")

Kevin Poulsen, "FBI's [sic] Sought Approval for Custom Spyware in FISA Court," Wired (Frb. 6, 2008) ("The FBI sought approval to use its CIPAV spyware program from the secretive Foreign Intelligence Surveillance Court in terrorism or foreign spying cases.")

 

DATA RETENTION:

Anne Broache, "Politicos mull data retention by Web hosts, registrars," CNET News (Sep. 26, 2006).

Declan McCullagh, "FBI director wants ISPs to track users," CNET News (Oct. 17, 2006).

Jo Best, "EU data retention directive gets final nod," CNET News (Feb. 22, 2006).

DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 March 2006 (on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending) (Directive 2002/58/EC) [download PDF].

Anne Broache, "Attorney general to talk data retention with new Congress," CNET News (Jan. 18, 2007) ("The Bush administration plans to approach Congress again this year about the possibility of new rules requiring Internet service providers to retain information about their subscribers for a certain period of time.").

Declan McCullagh, GOP revives ISP-tracking legislation, CNET News (Feb. 6, 2007) ("All Internet service providers would need to track their customers' online activities to aid police in future investigations under legislation introduced Tuesday as part of a Republican "law and order agenda.").

Victoria Shannon, Proposed legislation called a threat to Internet users' privacy, Int'l. Herald Tribune (Feb. 14, 2007) ("European governments are preparing legislation to require companies to keep detailed data about people's Internet and phone use that goes beyond what the countries will be required to do under a European Union directive").

 

PRE-CRIME:

Movie: Minority Report (20th Century Fox 2002) ("pre-cogs" predict who will commit murder in the future allowing for their preemptive arrest).

Data mining:

Charles Piller & Eric Lichtblau, FBI Plans to Fight Terror With High-Tech Arsenal, L.A. Times, July 29, 2002, at A1 ("By Sept. 11, 2011, the FBI hopes to use artificial-intelligence software to predict acts of terrorism the way the telepathic precogs in the movie Minority Report foresee murders before they take place.").

Emily Singer, Computer model forecasts crime sprees, (Aug. 17, 2003) ("Computer forecasts that predict where and when crimes will happen by analysing past patterns should help police channel resources where they are needed most. The technique, now under trial in the US, could be available for routine use within a year.")

The Privacy Implications of Government Data Mining Programs, Hearing Before the U.S. Senate Committee on the Judiciary (Jan. 10, 2007).

See also, ADDITIONAL READING ON SURVEILLANCE AND DATAVEILLANCE, below, and the Project on Data Mining, Automated Data Analysis, and Computational Social Science.

Brain scanning:

"Brain Fingerprinting" Testing Ruled Admissible in Court ("Iowa ... Court ... ruled [in 2001] that "Brain Fingerprinting" testing is admissible in court. ... The test showed that the record stored in [defendant's] brain did not match the crime scene and did match the alibi. ... In a "Brain Fingerprinting" test, words, pictures or sounds describing salient features of a crime are presented by a computer, along with other, irrelevant information, that would be equally plausible for an innocent subject. Items are chosen that would be known only to the perpetrator and to investigators, but not to the public or to an innocent suspect. ... When a subject recognizes something as significant in the current context, the brain emits a specific brain response [the "P300" spike]. If the record of the crime is stored in the subject's brain, this response appears when the subject recognizes the correct, relevant items. If not, then the response is absent.").

Ian Sample, The brain scan that can read people's intentions, The Guardian (Feb. 9, 2007) ("A team of ... neuroscientists has developed a powerful technique that allows them to look deep inside a person's brain and read their intentions before they act. ... to probe people's minds and eavesdrop on their thoughts, and raises serious ethical issues over how brain-reading technology may be used in the future. ... they may be able to spot people who plan to commit crimes before they break the law.").

Steve Silberman, Don't Even Think About Lying: How brain scans are reinventing the science of lie detection, WIRED 14.01 (Jan. 2006) ("Functional magnetic resonance imaging [fMRI] enables researchers to create maps of the brain's networks in action as they process thoughts, sensations, memories, and motor commands. ... fMRI is also poised to transform the security industry, the judicial system, and our fundamental notions of privacy ... using the technology to analyze the cognitive differences between truth and lies.").

Lie detection:

R. Colin Johnson, Lie-detector glasses offer peek at future of security, EE Times (Jan. 16 , 2004) ("... a lie detector small enough to fit in the eyeglasses of law enforcement officers, and its inventors say it can tell whether a passenger is a terrorist by analyzing his answer to that simple question in real-time").

Carrie Lock, Deception Detection: Psychologists try to learn how to spot a liar, Science News (Jul. 31, 2004).

NICK McDERMOTT, Telephone lie detector claims to catch fibbers, Daily Mail (Dec. 18, 2006) ("A new telephone lie detector system promises to pick up on tell-tale signs of stress in a caller's voice whenever they tell a fib. Available for free, the Kishkish lie detector can be easily downloaded from the web and used by those who make phone calls over the internet.").

Scientists: A good lie detector is hard to find, PHYSORG.com (Feb. 12, 2007) ("in the not-too-distant future, police may request a warrant to search your brain").

 

HONEYPOTS:

Dr. Ian Walden & Anne Flanagan, Honeypots: A Sticky Legal Landscape? 29 Rutgers Computer & Tech. L.J. 317 (2002).

 

 

NETWORK MONITORING:

Ellen Nakashima, "Bush Order Expands Network Monitoring: Intelligence Agencies to Track Intrusions," Washington Post (Jan. 26, 2008) ("President Bush signed a directive this month that expands the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems. The [classified] directive ... authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies. ... The NSA has particular expertise in monitoring ... communications systems -- traditionally overseas. The prospect of aiming that power at domestic networks is raising concerns, just as the NSA's role in the government's warrantless domestic-surveillance program has been controversial.")

Siobhan Gorman, "Bush Looks to Beef Up Protection Against Cyberattacks," Wall Street Journal (Jan. 28, 2008) ("President Bush has promised a frugal budget proposal next month, but one big-ticket item is stirring controversy: an estimated $6 billion to build a secretive system protecting U.S. communication networks from attacks by terrorists, spies and hackers. ... The administration's plan is to reduce points of access between the Internet and the government and to use sensors to detect intrusions displaying potentially nefarious patterns, said former top intelligence officials. The program would first be used on government networks and then adapted to private networks. ").

 

ADDITIONAL READING ON SEARCH & SEIZURE:

Orin Kerr, Searches and Seizures in a Digital World, 119 Harvard L. Rev. (2005).

Orin Kerr, Search Warrants in an Era of Digital Evidence, 75 Miss. L. J. 85 (2005).

Orin Kerr, A User's Guide to the Stored Communications Act, and a Legislator's Guide to Amending It, Geo. Wash. L. Rev. (2004).

Ceter for Democracy and Technology (CDT) Report: Digital Search and Seizure [PDF].

Ceter for Democracy and Technology (CDT) Press Release: Digital Technology Makes Surveillance Easier; Stronger Laws Needed, Report Finds, Feb. 22, 2006.

 

ADDITIONAL READING ON SURVEILLANCE AND DATAVEILLANCE (excerpts):

See references in COURSE SUBTEXT and see Surveillance Societyproject.

See The Eye of God: The Social Construction of Omniveillance (The Surveillance Society), in SUBTEXT, below.

Foreign Intelligence Surveillance Modernization: Reconciling Signals Intelligence Activity with Targeted Wiretapping, testimony of Kim Taipale before the U.S. Senate Select Committee on Intelligence (SCCI) (May 1, 2007).

K. A. Taipale, "The Ear of Dionysus: Rethinking Foreign Intelligence Surveillance," 9 Yale J. L. & Tech. 128 (Spring 2007).

The Privacy Implications of Government Data Mining Programs, testimony of Kim Taipale before the U.S. Senate Committee on the Judiciary (Jan. 10, 2007).

K. A. Taipale, Whispering Wires and Warrantless Wiretaps: Data Mining and Foreign Intelligence Surveillance, N.Y.U. Rev. L. & Sec., No. VII Supl. on L. & Sec. The NSA and the War on Terror (Spring 2006).

Foreign Intelligence Surveillance Act Modernization, testimony of Kim Taipale before the U.S. House Permanent Select Committee on Intelligence (HPSCI) (Jul. 19, 2006).

K. A. Taipale, The Trusted Systems Problem: Security Envelopes, Statistical Threat Analysis, and the Presumption of Innocence, Homeland Security—Trends and Controversies, IEEE Intelligent Systems, Vol. 20 No. 5, pp. 80–82 (Sep./Oct. 2005). [Also available here from IEEE.]

K. A. Taipale, Technology, Security and Privacy: The Fear of Frankenstein, the Mythology of Privacy, and the Lessons of King Ludd, 7 Yale J. L. & Tech. 123 ; 9 Intl. J. Comm. L. & Pol'y 8 (Dec. 2004).

K. A. Taipale, Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data, 5 Colum. Sci. & Tech. L. Rev. 2 (Dec. 2003), excerpt from 57-67 (download article for footnotes):

Distilled to a simple taxonomy, the significant privacy concerns ... are primarily two: those that arise from the aggregation (or integration) of data and those that arise from the automated analysis of data that may not be based on any individualized suspicion. [238] The former might be called the "database" problem, [239] and the latter the "mining" problem. [240] The former is implicated in subject-based inquiries that access distributed databases to find more information about a particular subject, and the latter is implicated in the use of pattern-matching inquiries, in which profiles or models are run against data to identify unknown individuals. [241]

Additional concerns are that the technology will not work for the intended purpose (providing either a false sense of security by generating false negatives or imposing civil liberties costs on too many innocent people by generating false positives), [242] that the technology is subject to potential abuse, or that it will be vulnerable to attack. [243]

B. Data Aggregation: The Demise of "Practical Obscurity"

The efficiencies inherent in data aggregation ... cannot be denied; ... the Supreme Court addressed the issue of data aggregation almost 15 years ago, albeit in contrapose to the problem at hand. In Department of Justice v. Reporters Committee for Freedom of Press,248 the court held that raw FBI criminal data (in this case, a "rap sheet") that was officially part of the public record did not have to be disclosed to a reporter's Freedom of Information Act request because the aggregation of public records in one place negated the "practical obscurity" that protected those records in the world of distributed paper records.

***

Thus, in weighing the relative rights of two private parties – the free press rights of the reporter and the privacy rights of the individual – the Court held that the interest in privacy expectations created by inefficiencies in data acquisition was a recognized and protectable interest.

The question that has not been definitively determined as yet is whether that same analysis, when applied to government aggregation or integration of previously discrete, distributed sources of information – each which it may have the perfect legal right to access individually – is itself problematic under the Fourth Amendment's right to be free from "unreasonable" search.250

***

C. Data Analysis: The "Non-particularized" Search

... a significant concern for privacy advocates in connection with data mining is that the search for previously unknown information may not be based on individualized or particular suspicion.252 Rather, the data itself may be mined in order to discover certain patterns or relationships,253 and then the pattern may be matched against new data to identify additional subjects for further processing. For those opposed to the use of these technologies this amounts to a search "led by investigators with no clear idea how to identify real terrorist threats"255 "put[ting] the government in the business of maintaining constant surveillance on millions of people"256 – "a sharp departure from the principle that you have the right to be left alone unless your government has just cause."257 Pattern-matching, it is contended, "investigate[s] everyone, and most people who are investigated are innocent."258

Although much of the concern behind these criticisms is legitimate, there are technical and procedural subtleties missing from the critics' analysis. First, ... a distinction must be drawn between the development of descriptive and predictive models (data mining in the narrow sense), which may employ undirected data mining techniques to model normative behavior, and their subsequent application to new data to find additional like occurrences or deviations (pattern-matching).259

Unlike in commercial applications, pattern development for domestic security or intelligence purposes usually involves analyzing actual (or hypothesized) terrorists or terrorist activity in order to discern whether there are identifying characteristics that can reveal a descriptive or predictive pattern that can then be used to identify other terrorists or related events.260 To the extent that computational "data mining" is used to automate the task of extracting patterns, the data to be analyzed generally still relates to particular terrorists, terrorist activities, or related analogs – the intent of data mining is to uncover connections that may not be obvious from manual observation.261 The popular conception that vast amounts of information relating to innocent subjects is mined with no idea as to what the investigator is looking for, on the hope of uncovering "suspicious patterns," is generally false.262

***

On the other hand, pattern-matching queries, in which descriptive or predictive models (whether mined from real data relating to terrorists or derived from hypothetical scenarios) are run against new data in order to identify unknown subjects or activities for further investigation, may directly implicate the issue of the non-particularized search.264 However, ... [p]attern-matching is not inherently a surveillance technology. No individual dossier is created and no individual is scrutinized for suspicious behavior. No person or behavior is individually observed or surveilled by the automated analysis itself.266 To the extent that valid behavioral or transactional profiles are developed,267 a search for matching behaviors is undertaken. Once matching behaviors are identified, there may be a Fourth Amendment (and due process) issue regarding whether the suspicion is sufficiently reasonable to "particularize" the search – that is, to connect the behavior with identity.268

... it is contended that pattern- matching "alters the way government investigations typically occur,"269 it is unclear that this is so.

***

But how is pattern-matching in a database any different than observing behavior in public? A simple example may illustrate the point. Suppose that a police officer observes an individual running on a public street wearing a mask. Due process requires that the officer comply with certain standards of reasonable suspicion and other procedures before taking additional action, not that he close his eyes. If stopping and questioning an individual who is running in the street wearing a mask is reasonable (it may or may not be in the particular circumstance), then why is questioning or investigating someone whose electronic trail indicates a reasonable suspicion of terrorist activity presumptively not? More importantly, does observing the running suspect somehow invade the privacy of the others on the street who are also observed but not questioned?

Obviously, the answer turns on whether one considers the particular database the equivalent of the public street. But that highlights the paradox: to the extent that the question is whether the particular form of data (street observation or database) is subject to expectations of privacy, we are squarely within the traditional Fourth Amendment jurisprudence.271 Thus, there is no general non-particularized suspicion problem – only the same issue encountered before, that is, is the pattern-matching "reasonable" in the particular context of its use. And that question is related to its efficacy, the point of the research and development at issue.272

***

For a rebuttal of the popular arguments against data mining based on false positives and ineffectiveness, see “The Privacy Implications of Government Data Mining Programs” 7–14 (Testimony of Kim Taipale before the U.S. Senate Committee on the Judiciary, Jan. 10, 2007):

"In particular, many critics have asserted that data mining is an ineffectual tool for counterterrorism not likely to uncover any terrorist plots and that the number of false positives will waste resources and will impact too many innocent people. Unfortunately, many of these critics fundamentally misunderstand data mining and how it can be used in counterterrorism applications. My testimony today is intended to address some of these misunderstandings."

 

OPTIONAL BACKGROUND REFERENCES:

Phillip A. Hubbart, MAKING SENSE OF SEARCH AND SEIZURE LAW: A Fourth Amendment Handbook (Carolina Academic Press 2005) (ISBN:1594600635).

Wayne LaFave, SEARCH AND SEIZURE (4th ed. 2004).

O.M. Dickerson, Writs of Assistance as a Cause of the Revolution, in THE ERA OF THE AMERICAN REVOLUTION (Richard Morris ed. 1939).

 

ALSO RELATED:

Kim Taipale and Kate Martin, director of the Center for National Security Studies, debate the NSA surveillance programs on WHHY Radio Times, National Public Radio (NPR) (May 16, 2006).

Kim Taipale and Marc Rotenberg, director of the Electronic Privacy Information Center (EPIC), discussed the role of technology in government surveillance efforts in The Wall Street Journal Online (May 16, 2006). Their exchange is linked here.

 

RECOMMENDED MOVIES:

BRAZIL (MCA-Universal 1985) (Terry Gilliam, dir.) (ASIN:0780022181) (Kafka meets Monty Python in a complex story reflecting on industrialization, terrorism, government control and bureaucracy, and technology gone wrong. A minor bureaucrat in a retro-future dystopia overcome by bureaucratic inefficiency tries to correct an administrative error and himself becomes an enemy of the state):

Protagonist: “Do you want to see my papers?”
Official: “No need, sir”
Protagonist: “But I could be anyone.”
Official: “No you couldn’t, sir, this is [the Ministry of] Information Retrieval.”

MINORITY REPORT (20th Century Fox 2002) (Steven Spielberg, dir.) (ASIN:B00005JL78) ("precogs" predict who will commit murder in the future thus allowing for their preemptive arrest).

 


Registered Students login to NYLS Portal for updated Reading Assignments.



 

Course Outline/Class Units

Registererd NYLS students login to my.nyls.edu for updated outline and assignments.

  1. Overview, What is Cybercrime?
  2. Computer Intrusions and Attacks (Unauthorized Access)
  3. Computer Viruses, Time Bombs, Trojans, Malicious Code (Malware)
  4. Online Fraud and Identity Theft; Intellectual Property Theft; Virtual Crime
  5. Online Vice: Gambling; Pornography; Child Exploitation
  6. International Aspects and Jurisdiction
  7. Infrastructure and Information Security; Risk Management
  8. Investigating Cybercrime: Digital Evidence and Computer Forensics
  9. Interception, Search and Seizure, and Surveillance
  10. Information Warfare, Cyberterrorism, and Hacktivism
  11. Terrorism, Radicalization, and The War of Ideas
  12. Trade Secret Theft and Economic Espionage
  13. National Security
  14. Case Study: CALEA, VoIP

Course Information

  1. PAPER RESEARCH
  2. USEFUL LINKS FOR DEFINING TECHNICAL TERMS
  3. COURSE SUBTEXT AND OPTIONAL BACKGROUND MATERIAL

 


Registered Students login to NYLS Portal for updated Reading Assignments.


All original material on this or any linked page is copyright the Center for Advanced Studies in Science and Technology Policy © 2003-2009. Permission is granted to reproduce this material in whole or in part for non-commercial purposes, provided it is with proper citation and attribution.

 

 NYLS Logo