On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). Written comments are requested on or before November 14, 2022 and may be submitted through the Federal eRulemaking Portal: http://www.regulations.gov.
Lawful Access to Encrypted Data Act Introduced
Senators Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.) have introduced the Lawful Access to Encrypted Data Act, a bill that would require tech companies to assist law enforcement in executing search warrants that seek encrypted data. The bill would apply to law enforcement efforts to obtain data at rest as well as data in motion. It would also apply to both criminal and national security legal process. This proposal comes in the wake of the Senate Judiciary Committee’s December 2019 hearing on encryption and lawful access to data. According to its sponsors, the purpose of the bill is to “end[] the use of ‘warrant-proof’ encrypted technology . . . to conceal illicit behavior.”
Continue Reading Lawful Access to Encrypted Data Act Introduced
IoT Update: Supreme Court’s Carpenter Decision Requires Warrant for Cell Phone Location Data
In a decision that defines how the Fourth Amendment applies to information collected in the digital age, the Supreme Court today held that police must use a warrant to obtain from a cell phone company records that detail the location and movements of a cell phone user. The opinion in Carpenter v. United States limits the application of the third-party doctrine, holding that a warrant is required when an individual “has a legitimate privacy interest in records held by a third party.”
The 5-4 decision, written by Chief Justice John Roberts, emphasizes the sensitivity of cell phone location information, which the Court described as “deeply revealing” because of its “depth, breadth, and comprehensive reach, and the inescapable and automatic nature of its collection.” Given its nature, “the fact that such information is gathered by a third party does not make it any less deserving of Fourth Amendment protection,” the Court held.
Continue Reading IoT Update: Supreme Court’s Carpenter Decision Requires Warrant for Cell Phone Location Data
IoT Update: Federal Appeals Courts Split on Forensic Searches of Devices Seized at Border
Two federal appellate courts are taking sharply different views on whether—and why—government agents must have some amount of suspicion to conduct forensic searches of electronic devices seized at the border.
The Fourth Circuit on May 9, 2018, held that government agents must have reasonable suspicion to conduct forensic searches of cell phones seized at the border. It said that decision was based on the Supreme Court’s recognition in Riley v. California that phones contain information with a “uniquely sensitive nature.” The Fourth Circuit and Ninth Circuit are the only two federal appellate courts to require reasonable suspicion for forensic border searches.
In contrast, the Eleventh Circuit on May 23, 2018, rejected that position—and held that no suspicion is required for forensic border searches of electronic devices. According to the Eleventh Circuit, even after Riley, “it does not make sense to say that electronic devices should receive special treatment because so many people now own them or because they can store vast quantities of records or effects.”
Continue Reading IoT Update: Federal Appeals Courts Split on Forensic Searches of Devices Seized at Border