What kind of surveillance assistance can the U.S. government force companies to provide? This issue has entered the public consciousness due to the FBI's demand in February that Apple write software to help it access the San Bernardino shooter's encrypted iPhone. Technical assistance orders can go beyond the usual government requests for user data, requiring a company to actively participate in the government's monitoring of the targeted user(s). Companies that take seriously the task of securing of their users' information and communications must be prepared to respond to demands to disclose, proactively begin storing, or decrypt user data; write custom code; allow the installation of government equipment on their systems; or hand over encryption keys. Advance preparation for handling technical assistance demands is especially important now since the U.S. Department of Justice has been so aggressive with companies that resist broad or novel surveillance orders. In the "Apple vs. FBI" case, America's richest company faced a motion for contempt of court and derisive rhetoric from U.S. officials before it enlisted the nation's top lawyers in its defense and ultimately fought off the case. In stark contrast, encrypted e-mail provider Lavabit unsuccessfully opposed multiple court orders to compel it to decrypt and give law enforcement the e-mails of its most famous customer, Edward Snowden, and even to hand over its private encryption keys. The Fourth Circuit Court of Appeal did not look kindly on Lavabit, which lost its legal battle and shuttered its operations after its legal defeat. In 2007, Yahoo! unsuccessfully battled warrantless wiretapping in secret before the Foreign Intelligence Surveillance Court. The price for seeking to protect its users' Fourth Amendment rights? DOJ argued that Yahoo! should be fined $250,000 a day for non-compliance while the litigation was pending.
This talk, given by two Crypto Policy Project attorneys from Stanford Law School's Center for Internet and Society, will teach an enterprise audience what they need to know about technical-assistance orders by U.S. law enforcement, so that they can handle demands effectively even if they do not have Apple-level resources. We'll go over what sorts of assistance law enforcement may demand you provide (and has demanded of companies in the past), whether they have authority to require such assistance and under what law(s), and a company's options in response.
Jennifer Granick is the Director of Civil Liberties at the Stanford Center forInternet and Society. Jennifer returns to Stanford after working with theinternet boutique firm of Zwillgen PLLC. Before that, she was the CivilLiberties Director at the Electronic Frontier Foundation. Jennifer practices,speaks and writes about computer crime and security, electronic surveillance,consumer privacy, data protection, copyright, trademark and the DigitalMillennium Copyright Act. From 2001 to 2007, Jennifer was Executive Directorof CIS and taught Cyberlaw, Computer Crime Law, Internet intermediaryliability, and Internet law and policy. Before teaching at Stanford, Jenniferspent almost a decade practicing criminal defense law in California. She wasselected by Information Security magazine in 2003 as one of 20 "Women ofVision" in the computer security field. She earned her law degree fromUniversity of California, Hastings College of the Law and her undergraduatedegree from the New College of the University of South Florida.
Riana Pfefferkorn is the Cryptography Fellow at the Stanford Center forInternet and Society. Her work focuses on investigating and analyzing the U.S.government's policy and practices for forcing decryption and/or influencingcrypto-related design of online platforms and services, devices, and products,both via technical means and through the courts and legislatures. Riana alsoresearches the benefits and detriments of strong encryption on freeexpression, political engagement, economic development, and other publicinterests.