Everything Radiates: Does the Fourth Amendment Regulate Side-Channel Cryptanalysis

by Riana Pfefferkorn

     Encryption shields private information from malicious eavesdroppers.  After years of slow adoption, encryption is finally becoming widespread in consumer-oriented electronic devices and communications services.  Consumer-oriented encryption software is now more user-friendly, and much of it turns on encryption by default.  These advances enhance privacy and security for millions of people.

     However, encryption also poses an impediment to law enforcement's ability to gather electronic evidence.  Law enforcement calls this the "going dark" problem.  U.S. law enforcement agencies have responded through both legal and technological means to encryption's perceived threat to their capabilities. The scope of encryption's impact on those capabilities is not yet clear, and police still have a wealth of data and technical tools at their disposal.  Nevertheless, sophisticated criminals can use encryption to stymie investigators, forcing them to resort to resource-intensive, tailored measures to investigate those individuals. [...]

Ancient Worries and Modern Fears: Different Roots and Common Effects of U.S. and E.U. Privacy Regulation

by Pierluigi Perri and David Thaw

     Much legal and technical scholarship discusses the differing views of the
United States and European Union toward privacy concepts and regulation. A substantial amount of effort in recent years, in both research and policy, focuses on attempting to reconcile these viewpoints searching for a common framework with a common level of protection for citizens from both sides of Atlantic. Reconciliation, we argue, misunderstands the nature of the challenge facing effective cross-border data flows. No such reconciliation can usually occur without abdication of some sovereign authority of nations, which would require the adoption of an international agreement with typical tools of international law. In this Article, we explore an alternative means to achieve effective data interchange governance among the Western nations, arguing that the focus for addressing privacy issues created in cross-border data flows should instead be procedural, rather than substantive.
     Beginning with the observation that both U.S. and E.U. cultures share a
common fear of “chilling effects” infringing various rights to privacy, we link the differences in privacy fears to the comparative views of the role of the state. These differences are instructive in that while they limit the potential for substantive harmonization of privacy goals, they also create substantial opportunity for procedural harmonization. [...]

Cyberensuring Security

by Justin (Gus) Hurwitz

     Cybersecurity is one of the most pressing and legally difficult issues facing this country today. It touches every aspect of modern political and social life, the economy, and national security. From the OPM and IRS breaches, to the Sony hack, to attacks on hospitals and health insurers, to attacks on domestic and international infrastructure, to domestic and international surveillance, cybersecurity concerns are omnipresent. For technical, legal, and practical, reasons, they also have proven extremely difficult to address.
     This Article draws from the economic literatures on strict liability and
insurance to argue that cyber incidents generally, and data breaches specifically, should be treated as strict liability offenses. But that is only the starting point of this Article’s argument. The economic literature on strict liability recognizes that it is, in fact, a form of insurance—potential tortfeasors subject to strict liability effectively are required to insure others against harms caused by their conduct. This Article’s core argument is that pervasive cyber-incident insurance is the best approach to addressing the full range of cybersecurity concerns. [...]

The Ethical Imperative for Vulnerability Equities Process and How the Common Vulnerability Scoring System Can Aid that Process

by Stephanie K. Pell & James Finocchiaro

Cybersecurity is one of the most pressing and legally difficult issues facing this country today. It touches every aspect of modern political and social life, the economy, and national security. From the OPM and IRS breaches, to the Sony hack, to attacks on hospitals and health insurers, to attacks on domestic and international infrastructure, to domestic and international surveillance, cybersecurity concerns are omnipresent. For technical, legal, and practical, reasons, they also have proven extremely difficult to address.
This Article draws from the economic literatures on strict liability and
insurance to argue that cyber incidents generally, and data breaches specifically, should be treated as strict liability offenses. But that is only the starting point of this Article’s argument. The economic literature on strict liability recognizes that it is, in fact, a form of insurance—potential tortfeasors subject to strict liability effectively are required to insure others against harms caused by their conduct. This Article’s core argument is that pervasive cyber-incident insurance is the best approach to addressing the full range of cybersecurity concerns.

Privacy in Public Spaces: The Reasonable Expectation of Privacy Against the Dragnet Use of Facial Recognition Technology

by Mariko Hirose

Our society is steadily marching towards a world in which cameras equipped with facial recognition technology could be used to conduct constant and dragnet surveillance on people as they walk down the street. The law, as is usual in the field of privacy and emerging technologies, is lagging behind—no clear set of constitutional rules constrains law enforcement’s use of this powerful technology, especially because the prevailing axiom has been that there is no right to privacy in public spaces. This Article challenges the axiom and argues that the dragnet, real-time
uses of facial recognition technology violates reasonable expectations of privacy.

Digital Surveillance and Preventative Policing

by Manuel A. Utset

Modern police departments use "Big Data" technologies to collect digital information about almost every aspect of our public and private lives, storing it in large data banks, and processing it, as needed, to extract actionable knowledge, used to solve and prevent crimes.  For example, police departments routinely feed data about past crimes into sophisticated learning algorithms to help them "predict the timing and location of future crimes.  This Article refers to law enforcement's use of Big Data as "digital policing."

     With the continued growth of digital policing, policymakers and commentators have focused their attention on a plethora of privacy and criminal procedure issues.  But digital policing has other, less obvious, effects on the criminal justice system: on police practices, deterrence policy, and substantive criminal law.  These collateral effects of digital policing, largely overlooked by commentators and policymakers, are the focus of this Article.

Encryption Policy and Law Enforcement in the Cloud

by David W. Opderbeck

     Public debate about encryption and digital security is as muddled today as it was in the Paleolithic Internet age of the mid-1990's.  Both sides—law enforcement officials and privacy hawks—argue in absolute terms that obscure the many different layers of the debate. The truth is that the larger question is not just about “encryption,” but rather envelopes multiple layers of the global information infrastructure implicated by the massive
shift of personal and business records into the “cloud.” Cloud infrastructure is mostly controlled by private corporations, including behemoths such as Google and Microsoft, which enter into contractual relationships with their users. The privacy issue, then, is not only about the traditional relationship between individuals and the government. It is more directly about the quasi-governmental role of these large cloud providers.
     This essay explores some facets of this complex problem. Part I discusses the question of “exceptional access” to encrypted content. Part II examines legal issues raised by stored documents in the cloud. Part III offers some tentative thoughts about an updated SCA and CALEA for the cloud.

Next Generation Electronic Surveillance Law: Imagining the Future

by William C. Banks

Predictably, the Trump administration signaled its intentions early on
to enhance national security measures taken during the Obama
administration. Throughout the campaign and since his inauguration, the
President and his senior national security team, including CIA Director
Mike Pompeo, have promised enhanced surveillance to protect against
terrorist attacks. Perhaps encouraged by the trend toward expanded
surveillance powers given to the government in England and France in
recent months, and amid ongoing threats of terrorist attacks at home, the
Trump administration is going so far as to discuss reviving the government
metadata collection program that was repealed less than two years ago.
Meanwhile, the unresolved battles over encryption and forced access by
government fester below the radar. [...]

Social Justice and Silicon Valley: A Perspective on the Apple-FBI Case and the "Going Dark" Debate

by Maj. Gen. Charles J. Dunlap, Jr., USAF (Ret.)

Social justice, we are told, "is generally equated with the notion of equality or equal opportunity in society." It also embraces the idea of economic justice.  This essay argues that these concepts are involved in last year's dispute between Apple Inc. and the Federal Bureau of Investigation (FBI) over an encrypted phone found among the possessions of one perpetrator of the San Bernardino massacre that killed fourteen people and wounded twenty-two. [...]

Judicial Engagement with Surveillance Technology

Keynote by James Orenstein

     "Good morning, and thank you for this opportunity to share some thoughts with you. Of course, I am speaking only for myself, and not for the federal judiciary or anyone else.

     Before we turn to new surveillance technologies, let’s take a moment to consider what a couple of relics—the land-line telephone and the pager—can teach us about the development of technology-related law.

     In 1928, roughly fifty years after the telephone’s invention, the
Supreme Court held in Olmstead that the Constitution did not prohibit warrantless wiretapping because even a liberal construction of the Fourth Amendment could not “justify enlarg[ing its] language . . . beyond the . . . meaning of houses, persons, papers, and effects . . . .”. . ."

Data Collection and the Regulatory State

Transcript of Panel of Hillary Greene, Dr. James Cooper, Ahmed Ghappour, David Lieber, & Dr. Felix Wu

     The following remarks were given on January 27, 2017 during the Connecticut Law Review’s symposium, “Privacy, Security & Power: The State of Digital Surveillance.” Hillary Greene, the Zephaniah Swift Professor of Law at the University of Connecticut School of Law, offered introductory remarks and moderated the panel. The panel included Dr. Cooper, Associate Professor of Law and Director of the Program on Economics & Privacy at Antonin Scalia Law School at George Mason University, Professor Ghappour, Visiting Assistant Professor at UC Hastings College of the Law, Attorney Lieber, Senior Privacy Policy Counsel at Google, and Dr. Wu, Professor of Law and Faculty Director of the Cardozo Data Law Initiative at Benjamin N. Cardozo School of Law.

Total Recall: Computers and the Warrant Clause

by Joshua Perldeiner

The inherent conflict between the requirement for limited-scope warrants and searches under the Fourth Amendment and the structure of computer file systems has yet to be resolved. Where searches must be, by law, constrained but, due to the realities of computer architecture, cannot be so confined, there is a tension that must be addressed. This Note proposes a solution whereby law enforcement would seek to use a form of blind search algorithm, allowing a program to do the searching of the computer system in question, but only returning hits where appropriate and justified by the scope of the warrant.

Please reload

Want to see more Print Edition Articles? Head to the archive.

© 2018 by Connecticut Law Review. 

  • LinkedIn Social Icon
  • Twitter Social Icon