As the country’s new Congress settles into its term, several technology issues are coming to the forefront. A number of Senators recently questioned the Department of Justice over how it is collecting cellphone-location data in the wake of the Supreme Court’s landmark Carpenter decision. Carpenter v. United States, 138 S. Ct. 2206 (2018). The House of Representatives is considering a renewed version of legislation that would strengthen the security of “Internet of Things” technologies used by the federal government. And politicians and pundits throughout Capitol Hill are asking whether this will be the year that comprehensive federal privacy legislation becomes law. As it turns out though, some of the nation’s top courts are already tackling these tough issues. In fact, the Seventh Circuit’s opinion last year in Naperville Smart Meter Awareness v. City of Naperville, 900 F.3d 521 (7th Cir. 2018), has received relatively little reporting, but its impact will be broad when it comes to how courts interpret the Fourth Amendment in the era of big data.

In Naperville, the Seventh Circuit heard an appeal concerning the city’s “smart meter” program. Without residents’ permission, Naperville had been replacing traditional energy meters on its grid with “smart meters” for homes. Each smart meter collected thousands of readings a month, as opposed to just the previous single monthly readings. According to the plaintiffs, the repeated readings of the smart meters collected data at such a granular level that they revealed what appliances were present in homes and when they were used. Considering the potential privacy impact, the Seventh Circuit found that Naperville’s collection of smart meter data from residents’ homes constituted a “search” under the Fourth Amendment.
Continue Reading Seventh Circuit Wades into Big Data Case Law

The U.S. Department of Justice released revisions to the Foreign Corrupt Practices Act corporate enforcement policy on March 8, 2019. While intended to clarify the DOJ’s position on a number of hot-button issues, including its controversial stance on certain instant-messaging software, a closer look reveals that these changes fall short of answering several key questions

Attorney General Jeff Sessions and EU Justice Commissioner Věra Jourová have met twice over the last two weeks, signaling momentum towards a new EU-U.S. solution for the sharing of electronic evidence. These meetings occurred in the wake of proposed regulations on the sharing of electronic evidence in the EU, and the passage of the Clarifying

U.S.-based technology companies and courts across the country have disagreed over the extraterritorial application of the Stored Communications Act in allowing U.S. law enforcement to enforce warrants to reach data stored overseas.  Some courts have treated the data stored overseas as a “physical” object  and, therefore, refused to extend the reach of the Act abroad. 

DOJ Proposes Workaround to Microsoft Ruling; United States Joins Irish Facebook Case; St. Louis Cardinals Scouting Director Sentenced to 46 Months; EU’s Advocate General Okays National Data Retention Laws; Data Protection Authority of Hamburg Becomes “Completely Independent”; 9th Circuit Suggests Password Sharing is a Federal Crime

DOJ Seeks Legislative Circumvention of 2nd Circuit’s Microsoft Ruling

Late last week, Assistant Attorney General Peter Kadzik sent a letter to Vice President Biden (in his role as presiding officer of the U.S. Senate) asking Congress to amend the Electronic Communications Privacy Act (ECPA) to permit government warrants to reach data stored overseas. This letter was written in response to the Second Circuit’s ruling earlier this month in Microsoft v. U.S., in which the Second Circuit ruled that ECPA’s data seizure provisions did not apply extraterritorially and in which Judge Lynch, in concurrence, called for congressional intervention.  For more information about the Microsoft ruling, please see the Crowell & Moring “Data Law Insights” blog post detailing the court’s decision.

ECPA reform, General Kadzik’s letter argued, will resolve cross-border data access issues for both domestic and foreign governments investigating criminal activity, including terrorism. The proposal seeks to change U.S. law to “authorize law enforcement to obtain electronic data located abroad.” Admonishing the Second Circuit’s decision, General Kadzik noted the “significant public safety implications of the Microsoft decision.”Continue Reading Privacy & Cybersecurity Weekly News Update – Week of July 17

The Second Circuit today issued a much-anticipated ruling holding that U.S. firms are not required to turn over user data stored overseas, even in the face of a government warrant.  This decision arose from Microsoft’s December 2014 appeal of a civil contempt ruling against the tech giant for refusing to turn over the personal data

In conjunction with the 2015 American Bar Association annual State of Criminal Justice publication, Louisa Marion and I have published a new chapter on “Digital Privacy and E-Discovery in Government Investigations and Criminal Litigation.” The article provides an in-depth look at many of the current and cutting edge issues raised by digital privacy

President Obama recently proposed several new laws reflecting the administration’s increased focus on privacy and cyber issues. The proposals seek to create a consistent national data breach notification law (to replace the current patchwork of 47 state laws), to encourage cyber threat information sharing, and to update cybercrime enforcement. Although Immediate reactions to the proposed

In an obscure case that could have broad implications, a judge in the Eastern District of Virginia sentenced the Danish CEO of two overseas technology companies to time served and a fine of $500,000 for the advertisement and sale of a mobile application capable of surreptitiously monitoring communications and other information on a mobile device. A Department of Justice press release touted the result as “the first-ever criminal conviction concerning the advertisement and sale of a mobile device spyware app.” Nevertheless, the sentence of ten days of time served represents a significant downward departure from the recommended 4-10 month prison term contemplated by the defendant’s plea agreement.

According to a statement of facts filed with the plea agreement, the defendant, Hassam Akbar, advertised and sold “StealthGenie,” a now-defunct mobile app that could be used for real-time monitoring of a mobile device owner’s calls, texts, emails, photographs, calendar appointments, contacts, and other information. The app apparently could also remotely activate the phone’s microphone and record nearby sound. Once installed and activated, the app was undetectable to the average user because it ran in the background whenever the smartphone was powered on with no indication that the app was running. According to the DOJ, “[a]pps like StealthGenie are expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim’s personal life – all without the victim’s knowledge”; indeed, according to the DOJ “SteathGenie ha[d] little use beyond invading a victim’s privacy.” For this reason, as Wired reported, the Akbar indictment was hailed as a step in the right direction by at least one group working to fight domestic violence, which was hopeful the conviction signaled an intent to crack down not only on the users but also on the developers and distributors of tools used to perpetrate domestic violence and stalking.
Continue Reading Recent Conviction Illustrates How Obscure Federal Statute Can Be Used to Criminally Prosecute Those Who Design and Sell Devices and Apps Capable of Surreptitious Monitoring

Last week, in In re Warrant to Search a Certain E-mail Account Controlled and Maintained by Microsoft Corp., a federal judge lifted the stay of execution of an order requiring Microsoft to turn over content stored on a Microsoft server located in Ireland.  While this development is largely procedural, we have previously discussed the