Legal Frameworks and Natural Rights Within the Digital Age
Module 8 explores the intersection of privacy, surveillance, and legal protections in the digital age. It begins by analyzing privacy rights online, focusing on how individuals’ information is protected and the potential risks in a connected world. Students will study key federal statutes that govern electronic surveillance in communications networks, such as the Wiretap Act and the Electronic Communications Privacy Act (ECPA).
Significant U.S. Supreme Court cases related to cybercrime and digital evidence will be discussed, highlighting landmark decisions that have shaped the legal landscape. These cases help illustrate how the judiciary balances privacy concerns with the needs of law enforcement in the digital realm.
The module also covers national, regional, and international privacy laws, providing a broad understanding of how privacy is protected across different jurisdictions. Concepts related to search and seizure, particularly in relation to digital evidence, are explored in-depth, examining the constitutional foundations and evolving legal interpretations in the context of cybercrime.
Finally, students will gain an understanding of the federal statutes that regulate the admission of digital evidence at trial, reinforcing the importance of lawful surveillance and evidence collection in maintaining both justice and individual privacy.
Learning Objectives
After completing this module, you should be able to:
- analyze the protection of privacy rights online.
- describe federal statutes that govern electronic surveillance in communications networks.
- identify and discuss the significant U.S. Supreme Court cases focusing on cybercrime and evidence.
- appraise national, regional, and international privacy laws
- discuss fundamental concepts of privacy as it relates to concepts of search and seizure of digital evidence.
- examine the fundamental concepts of search and seizure laws as it relates to cybercrime.
- recognize federal statutes that govern electronic surveillance in communications networks and the admission of digital evidence at trial.
Summary
In the digital age, the legal landscape concerning cybercrime has become increasingly complex and nuanced. This complexity stems from the global nature of the internet, which allows cybercriminals to operate across borders with relative ease. As such, there’s a pressing need for harmonized legislation that not only facilitates international cooperation but also ensures that efforts to combat cybercrime do not infringe upon fundamental human rights.
The harmonization of cybercrime legislation is crucial for effective law enforcement and prosecution of cybercriminals. Currently, the disparity in national laws creates safe havens for cybercriminals, complicating the process of investigation and prosecution. The Council of Europe’s Convention on Cybercrime, also known as the Budapest Convention, represents a significant effort toward harmonization, setting a standard for the criminalization of internet and computer-related crimes. However, global adoption and implementation of these standards remain uneven, underscoring the need for broader international cooperation.
The principles of search and seizure law, fundamental to protecting individuals’ privacy and freedom, face unique challenges in the context of cybercrime. Traditional search and seizure laws were not designed with digital evidence in mind, leading to legal and ethical dilemmas in cases involving electronic surveillance and data collection. The Fourth Amendment of the U.S. Constitution, which guards against unreasonable searches and seizures, plays a critical role in shaping the legal framework for digital evidence collection. Yet, adapting these protections to the digital realm requires ongoing legal refinement and technological understanding.
Several federal statutes govern electronic surveillance and the admissibility of digital evidence in court. The Electronic Communications Privacy Act (ECPA) of 1986 and the Computer Fraud and Abuse Act (CFAA) are foundational laws in the U.S. that address unauthorized access to electronic communications and computer systems. The USA PATRIOT Act, enacted in response to the September 11 attacks, expanded law enforcement’s surveillance capabilities, raising concerns about privacy and civil liberties.
The challenge lies in balancing the need for security and effective law enforcement with the protection of individual privacy rights. The admissibility of digital evidence at trial further complicates this balance, as courts grapple with issues related to the authenticity, integrity, and reliability of electronically stored information.
Key U.S. Supreme Court cases, such as Riley v. California (2014) and Carpenter v. United States (2018), have significantly impacted the legal standards for accessing and using digital evidence. Riley v. California established that law enforcement must obtain a warrant before searching digital information on a cell phone seized during an arrest, recognizing the vast amount of private data stored on mobile devices. Carpenter v. United States further refined the legal landscape by ruling that accessing historical cell phone location records requires a warrant, emphasizing the need to protect individuals’ location privacy.
As the legal framework for combating cybercrime evolves, it is imperative that laws comply with international human rights standards. The right to privacy, freedom of expression, and due process must be safeguarded, even in the context of cybercrime prevention and investigation. Limitations on human rights, when necessary, must be proportional, necessary, and in accordance with established legal principles.
The legal landscape relating to cybercrime will undoubtedly continue to evolve along with technological advancement. The need for harmonized legislation that respects fundamental search and seizure principles and complies with human rights standards remains a critical challenge. Ensuring that cybercrime laws strike the right balance between effective law enforcement and the protection of individual rights will be essential for maintaining justice in the digital age.
Key Takeaways
The complexity of cybercrime legislation is inherent in both the global nature of computing and those complex systems from which it operates. Therefore, cybercrime laws, making international cooperation crucial.
There is a need for unified legislation; that is harmonization of laws, to facilitate law enforcement across borders while protecting human rights.
Council of Europe’s Budapest Convention sets standards for cybercrime legislation, but global adoption is inconsistent.
Search and seizure law challenges to traditional search and seizure laws face difficulties when applied to digital evidence, requiring legal refinement.
Key U.S. legal frameworks, e.g., the Fourth Amendment, ECPA, CFAA, and USA PATRIOT Act govern electronic surveillance and raise privacy concerns.
Balancing security and privacy describe the challenge between law enforcement needs with protecting individual privacy rights, especially regarding digital evidence.
Supreme court rulings like Riley v. California and Carpenter v. United States have set important precedents for digital evidence and privacy protections.
Human rights considerations are inextricably linked to cybercrime laws. Therefore, such laws must respect international human rights standards, including privacy, freedom of expression, and due process.
Evolving legal landscape describes the condition in which as technology advances, cybercrime legislation must continuously adapt while maintaining a balance between effective enforcement and human rights protection.
Key Terms/Concepts
Budapest Convention
Carpenter v. United States (2018)
Computer Fraud and Abuse Act (CFAA)
Electronic Communications Privacy Act (ECPA)
Electronic surveillance
Human rights
Online privacy
Riley v. California (2014)
Search and seizure
Stored Communications Act (SCA)
Modern Application
How Insurance Companies Track Your data
In a recent investigation, the New York Post revealed that several popular smartphone apps, including Life360, GasBuddy, and MyRadar, are quietly collecting detailed vehicle motion data from users without their explicit knowledge. This data, which includes information such as miles driven, acceleration, hard braking, and collisions, is transmitted to a data collection company called Arity. Unbeknownst to most users, Arity is owned by Allstate Insurance and shares the collected driving data with Allstate and other auto insurers. This information is then used to assess a driver’s behavior, potentially impacting insurance rates. Many users unknowingly opt into this data sharing by agreeing to vague Terms and Conditions without realizing their driving habits are being monitored. The practice of using driving data to determine insurability raises concerns about privacy and the potential for increased insurance premiums based on app usage. This investigation highlights the growing issue of data collection through everyday apps and the significant, often hidden, impact it can have on consumers.
The practice of collecting personal data to develop a “profile” is not limited to auto insurance companies. Health insurance companies too have long been involved in the collection of personal data. Jessica Davis (2020) states that, “Reports show health insurers routinely scour public and private sources for consumer generated health data. But 90 percent of patients are unaware of the practice, a MITRE-Harris survey finds” (TechTarget, September).
Here are other useful sources that explore the topic of data collection by insurance companies, particularly through connected vehicles and apps:
- Marketplace reports on how automakers, like GM, collect data on drivers’ habits and sell it to data brokers like LexisNexis. This data can then be shared with insurance companies, potentially affecting drivers’ premiums without their knowledge (Marketplace).
- Abraham Watkins provides insight into how car manufacturers, including Ford and GM, collect and share driving behavior data with insurance companies. This data often includes details like speed, hard braking, and mileage, which insurers use to determine premiums (AWNA Law).
- Insurify highlights how driver data is collected through connected cars and apps, often without explicit consent. Automakers and third-party brokers sell this data to insurance companies, who then adjust premiums based on driving behavior (Insurify).
These sources provide an overview of how vehicle and app data is used in the insurance industry, raising important concerns about privacy and the impact on insurance rates and even more important human rights.
Read, Review, Watch and Listen
- Read Brian X. Chen’s The Battle for Digital Privacy Is Reshaping the Internet (New York Times, Sep. 16, 2021)
- Read Clubhouse in China: Is the data safe? (Jack Cable, Matt DeButts, Renee DiResta, Riana Pfefferkorn, Alex Stamos, David Thiel, Stanford Internet Observatory, Feb. 2021)
- Read Liam Day’s Teacher Spying Is Instilling Surveillance Culture Into Students (Reason, Feb. 15, 2022)
- Read J.D. Tuccillie’s Facebook is a Snitch (January, 2022)
- Read Jennifer Lynch’s In 2021, the Police Took a Page Out of the NSA’s Playbook: 2021 in Review (Electronic Frontier Foundation, December 2021)
- Read Emily Birnbaum and Daniel Lippman’s How one of America’s largest employers leans on federal law enforcement (Politico, December 2021)
- Review, Supreme Court to scrutinize U.S. protections for social media (Andrew Chung, Oct. 2022).
- Review, Queenie Wong’s, California lawmakers pass bill to make it easier to delete online personal data (Los Angeles Times as reported by Yahoo! News, September 2023).
- Watch Privacy: Here is how you find iOS apps that monitor accelerometer events, such as Facebook (myskapps, Oct., 2021) – also embedded below
- Listen to Why You Shouldn’t Use Google Chrome After New Privacy Disclosure (Forbes, March 2021)
Activity
STOP!!!
Students should review the course syllabus to determine the assignment of this activity.
This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.
Purpose
Instructions
- Watch Five Exceptions to the Exclusionary Rule [No. 86]
- Read Weeks v. United States: The Silver Platter Doctrine
- Review the Tampa Bay Times article Records show deep ties between FBI and Best Buy computer technicians looking for child porn, read Chapter 10 Digital Laws and Legislation
- Read about Weeks v. U.S. and the established exception to the exclusionary rule
Answer the following questions:
- As it relates to criminal investigations, what is the purpose of the ‘Silver Platter’ doctrine? Be as specific as possible.
- Explain how the silver platter doctrine might not apply in the case involving a California doctor, Mark Rettenmaier, and the supervisory personnel at the Bust Buy Geek Squad City facility in Brooks, KY.
- Do you believe that the Geek Squad supervisor, Justin Meade, was acting as an agent of the FBI? Explain.
Key Terms/Concepts
The Burden of proof can define the duty placed upon a party to prove or disprove a disputed fact, or it can define which party bears this burden. In criminal cases, the burden of proof is placed on the prosecution, who must demonstrate that the defendant is guilty before a jury may convict him or her.
The exclusionary rule prevents the government from using most evidence gathered in violation of the United States Constitution. The decision in Mapp v. Ohio established that the exclusionary rule applies to evidence gained from an unreasonable search or seizure in violation of the Fourth Amendment.
The Silver platter doctrine is the doctrine under which evidence turned over to federal officials by state officials would not be suppressed even though it was obtained by means of an illegal search. However, this doctrine has been repudiated by the Supreme Court. Articles obtained as a result of an unreasonable search and seizure by state officers may not be introduced into evidence against a defendant over his/her timely objection in a federal criminal trial, even though the search was conducted without the involvement of federal officers.
Discussion Questions
- How does the global nature of the internet and the operation of cybercriminals across borders complicate the legal landscape of cybercrime, and what does this imply for international legal cooperation and harmonization?
- Discuss the significance of the Budapest Convention in the harmonization of cybercrime legislation. What challenges does uneven global adoption and implementation of these standards present to international efforts in combating cybercrime?
- Considering the adaptation of traditional search and seizure laws to the digital realm, what are the main legal and ethical dilemmas that arise from electronic surveillance and data collection? How do federal statutes like the ECPA and CFAA address these challenges?
- Analyze the impact of key U.S. Supreme Court cases such as Riley v. California (2014) and Carpenter v. United States (2018) on the legal standards for accessing and using digital evidence. How do these decisions balance the need for security with the protection of individual privacy rights?
- Reflect on the imperative for cybercrime laws to comply with international human rights standards. Discuss how limitations on human rights, in the context of cybercrime prevention and investigation, can be made proportional, necessary, and in accordance with established legal principles.
Supplemental Readings
- F.T.C. Study Finds ‘Vast Surveillance’ of Social Media Users (DNYUZ, September 19, 2024) [last accessed, October 6 2024]
- Omnipresent AI cameras will ensure good behavior, says Larry Ellison “We’re going to have supervision,” says billionaire Oracle co-founder Ellison (Benj Edwards, Sep. 16 2024) [last accessed, October 6 2024]
- Kevin Bessle reports, Google settles lawsuit alleging violation of Illinois’ biometric laws (The Center Square Oct 4, 2022).
Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.
Click HERE to report any needed updates, e.g., broken links.
Officially known as the Convention on Cybercrime, is the first international treaty seeking to address Internet and computer crime by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. Adopted by the Council of Europe in 2001, the convention came into effect on July 1, 2004. It is open to ratification by any country, and as of my last update, more than 60 countries have ratified the convention, with many others having signed or expressed interest in it.
A seminal Supreme Court case that addressed the intersection of digital privacy and law enforcement, significantly impacting how legal standards apply to digital data. The case revolved around Timothy Carpenter, who was convicted of robbery in part due to cell phone location data obtained by law enforcement without a warrant. The government acquired months' worth of Carpenter's historical cell site location information (CSLI) from his cell phone provider under the Stored Communications Act, which only requires "reasonable grounds" rather than the probable cause needed for a warrant.
A United States federal statute that was enacted in 1986 as an amendment to existing computer fraud law, which had been part of the Comprehensive Crime Control Act of 1984. The CFAA was initially designed to reduce hacking and unauthorized access to computers and computer networks. Over the years, it has been amended several times to address the evolving landscape of cybercrime and to include a wider range of computer-related offenses.
A United States federal law enacted to extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer. It was designed to address the growing use of electronic communications and the need for legislation that would protect users from unauthorized surveillance and access to private communications.
Under the Foreign Intelligence Surveillance Act (FISA) "electronic surveillance" is defined to include "the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire communication to or from a person in the United States, without the consent of any party thereto, if such acquisition occurs within the United States . . . ." 50 U.S.C. § 1801(f)(2) [U.S. Department of Justice. 2021].
Rights inherent to all human beings, regardless of race, sex, nationality, ethnicity, language, religion, or any other status. Human rights include the right to life and liberty, freedom from slavery and torture, freedom of opinion and expression, the right to work and education, and many more. Everyone is entitled to these rights, without discrimination (United Nations, 2021).
According to Thomas Reuters | Legal (2021), there is no single law regulating online privacy. Instead, a patchwork of federal and state laws apply. Some key federal laws affecting online privacy include:
The Federal Trade Commission Act (FTC) [1914] – regulates unfair or deceptive commercial practices. The FTC is the primary federal regulator in the privacy area and brings enforcement actions against companies. This includes failing to comply with posted privacy policies and failing to adequately protect personal information.
Electronic Communications Privacy Act (ECPA) [1986] - protects certain wire, oral, and electronic communications from unauthorized interception, access, use, and disclosure.
Computer Fraud & Abuse Act (CFAA) [1986] – makes unlawful certain computer-related activities involving the unauthorized access of a computer to obtain certain information, defraud or obtain anything of value, transmit harmful items, or traffic in computer passwords. The law has been in amended six times.
Children’s Online Privacy Protection Act (COPPA) [1998] – requires certain website and online service providers to obtain verifiable parental consent before collecting, using, or disclosing personal information from minors under the age of 13. It also requires websites to post an online privacy policy, collect only the personal information necessary, and create and maintain reasonable security measures.
Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) [2003] – governs sending unsolicited commercial email and prohibits misleading header information and deceptive subject lines. It also requires senders to disclose certain information, include a valid opt-out mechanism, and it creates civil and criminal penalties for violations.
Financial Services Modernization Act (GLBA) [1999] – regulates the collection, use, and disclosure of personal information collected or held by financial institutions and requires customer notices and a written information security program.
Fair and Accurate Credit Transactions Act (FACTA) [2003] – requires financial institutions and creditors to maintain written identity theft prevention programs.
Many states have also adopted laws affecting online privacy, for example, consumer protection statutes, laws that protect certain categories of PI, information security laws, and data breach notification laws.
In addition to complying with these laws and implementing robust information security programs, there are steps organizations can take to help mitigate cybersecurity threats.
A landmark United States Supreme Court case that significantly impacted digital privacy rights and law enforcement practices in the digital age. The case arose from two incidents where police officers searched cell phones without a warrant during arrests. David Riley was stopped for a traffic violation, which led to his arrest on weapons charges. During the arrest, officers searched Riley's smartphone without a warrant, finding evidence of gang involvement and linking him to a shooting. This evidence was used to convict Riley. In a related case, Brima Wurie was arrested after police observed him participating in a drug sale. Officers seized his flip phone, accessed its call log without a warrant, and used the information to locate his house, where they found and seized drugs and a gun.
Search and seizure, in criminal law, is used to describe a law enforcement agent’s examination of a person’s home, vehicle, or business to find evidence that a crime has been committed. A search involves law enforcement officers going through part or all of individual's property and looking for specific items that are related to a crime that they have reason to believe has been committed. A seizure happens if the officers take possession of items during the search (Legal Information Institute, 2021).
Part of the Electronic Communications Privacy Act (ECPA) of 1986, a United States federal law designed to protect the privacy of individuals' electronic communications stored by service providers. The SCA specifically addresses the voluntary and compelled disclosure of stored wire and electronic communications and transactional records held by third-party internet service providers (ISPs).
