15: Assessment and "Going Dark"


Midterm Exam 2 is a week from Thursday on April 6th.

In-class assessment / feedback

See Piazza for my notes. I apologize if this went on perhaps a little too long. But I found it very useful.

The problem of "Going Dark"

Law enforcement, particularly at the federal level, has a problem. Forensics and investigations are getting harder, despite the increased digitization of evidence. Imaging and storing drives and data is more difficult as:

  • we all have more of it (how much storage do you have with you today?)
  • and FDE is getting easier and more automatic
  • filesystems and file formats continue to diverge and converge (HFS+->APFS, NTFS extensions, gazillion Unix filesystems, filesystems on phones)
  • same with physical interfaces (phones are getting better, but feature phones are still a huge headache)
  • data might not even be local: it's in the cloud, whatever that means.
  • RAM and hardware forensics are really hard

Lawful (that is, court-authorized) domestic wiretaps of both voice and data are getting harder to execute:

  • encryption
  • peer-to-peer protocols
  • providers outside the US

The de facto loss of wiretap and investigative powers is sometimes referred to as "going dark."

Privacy law

Wiretaps are a particular power authorized and used by our government. Normally our privacy is protected from government (not other) snooping by a set of protections: the 4A, surrounding case law, and various statutes that constrain government action.

Originally the 4A was a reaction against general warrants, where officers of the law (the British crown!) could search, essentially, whatever wherever whoever they deemed necessary.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The 4A requires that law enforcement (executive branch) go to a court (judicial branch, so powers are separate and presumably checked), swear out a warrant application (perjury for lying), showing probable cause (not proof, but "where the facts and circumstances within the officers' knowledge, and of which they have reasonably trustworthy information, are sufficient in themselves to warrant a belief by a man of reasonable caution that a crime is being committed" (Brinegar v US)) and particularly naming the person/place to be searched and thing to be seized.

Wiretaps (real-time interception of the contents of telephone and computer communication) require a "super warrant," aka a "Title III order." Investigators must show probable cause that the wiretap will reveal evidence of one of a particular set of crimes, and must further further show (1) normal procedures have been tried and failed (or would be too dangerous to try), (2) probable cause the communcation facility is involved in the crime, and (3) that surveillance methods will minimize interception of communications that do not provide evidence of a crime.

If we grant that law enforcement has the right, post-warrant, to wiretap in order to investigate crimes, then this should concern us. What to do?