Legal Frameworks and Natural Rights Within the Digital Age
Module 8 explores the legal landscape relating to cybercrime, highlights the need for harmonized legislation, and outlines those fundamental concepts of search and seizure law as it relates to cybercrime. Special attention is paid to issues of federal statutes that govern electronic surveillance in communications networks and the admission of digital evidence at trial. Finally, the module provides a cursory review of U.S. Supreme Court cases related to digital evidence with special attention paid to the need for cybercrime laws that comply with human rights law, and any limitation of human rights to be in accordance with human rights standards and principles.
Learning Objectives
After completing this module, you should be able to:
- Analyze the protection of privacy rights online.
- Describe federal statutes that govern electronic surveillance in communications networks.
- Identify and discuss the significant U.S. Supreme Court cases focusing on cybercrime and evidence.
- Appraise national, regional, and international privacy laws
- Discuss fundamental concepts of privacy as it relates to concepts of search and seizure of digital evidence.
- Examine the fundamental concepts of search and seizure laws as it relates to cybercrime.
- Recognize federal statutes that govern electronic surveillance in communications networks and the admission of digital evidence at trial.
Summary
In the digital age, the legal landscape concerning cybercrime has become increasingly complex and nuanced. This complexity stems from the global nature of the internet, which allows cybercriminals to operate across borders with relative ease. As such, there’s a pressing need for harmonized legislation that not only facilitates international cooperation but also ensures that efforts to combat cybercrime do not infringe upon fundamental human rights.
The harmonization of cybercrime legislation is crucial for effective law enforcement and prosecution of cybercriminals. Currently, the disparity in national laws creates safe havens for cybercriminals, complicating the process of investigation and prosecution. The Council of Europe’s Convention on Cybercrime, also known as the Budapest Convention, represents a significant effort toward harmonization, setting a standard for the criminalization of internet and computer-related crimes. However, global adoption and implementation of these standards remain uneven, underscoring the need for broader international cooperation.
The principles of search and seizure law, fundamental to protecting individuals’ privacy and freedom, face unique challenges in the context of cybercrime. Traditional search and seizure laws were not designed with digital evidence in mind, leading to legal and ethical dilemmas in cases involving electronic surveillance and data collection. The Fourth Amendment of the U.S. Constitution, which guards against unreasonable searches and seizures, plays a critical role in shaping the legal framework for digital evidence collection. Yet, adapting these protections to the digital realm requires ongoing legal refinement and technological understanding.
Several federal statutes govern electronic surveillance and the admissibility of digital evidence in court. The Electronic Communications Privacy Act (ECPA) of 1986 and the Computer Fraud and Abuse Act (CFAA) are foundational laws in the U.S. that address unauthorized access to electronic communications and computer systems. The USA PATRIOT Act, enacted in response to the September 11 attacks, expanded law enforcement’s surveillance capabilities, raising concerns about privacy and civil liberties.
The challenge lies in balancing the need for security and effective law enforcement with the protection of individual privacy rights. The admissibility of digital evidence at trial further complicates this balance, as courts grapple with issues related to the authenticity, integrity, and reliability of electronically stored information.
Key U.S. Supreme Court cases, such as Riley v. California (2014) and Carpenter v. United States (2018), have significantly impacted the legal standards for accessing and using digital evidence. Riley v. California established that law enforcement must obtain a warrant before searching digital information on a cell phone seized during an arrest, recognizing the vast amount of private data stored on mobile devices. Carpenter v. United States further refined the legal landscape by ruling that accessing historical cell phone location records requires a warrant, emphasizing the need to protect individuals’ location privacy.
As the legal framework for combating cybercrime evolves, it is imperative that laws comply with international human rights standards. The right to privacy, freedom of expression, and due process must be safeguarded, even in the context of cybercrime prevention and investigation. Limitations on human rights, when necessary, must be proportional, necessary, and in accordance with established legal principles.
The legal landscape relating to cybercrime will undoubtedly continue to evolve along with technological advancement. The need for harmonized legislation that respects fundamental search and seizure principles and complies with human rights standards remains a critical challenge. Ensuring that cybercrime laws strike the right balance between effective law enforcement and the protection of individual rights will be essential for maintaining justice in the digital age.
Key Terms/Concepts
Budapest Convention
Carpenter v. United States (2018)
Computer Fraud and Abuse Act (CFAA)
Electronic Communications Privacy Act (ECPA)
Electronic surveillance
Human rights
Online privacy
Riley v. California (2014)
Search and seizure
Stored Communications Act (SCA)
Read, Review, Watch and Listen
- Read Brian X. Chen’s The Battle for Digital Privacy Is Reshaping the Internet (New York Times, Sep. 16, 2021)
- Read Clubhouse in China: Is the data safe? (Jack Cable, Matt DeButts, Renee DiResta, Riana Pfefferkorn, Alex Stamos, David Thiel, Stanford Internet Observatory, Feb. 2021)
- Read Liam Day’s Teacher Spying Is Instilling Surveillance Culture Into Students (Reason, Feb. 15, 2022)
- Read J.D. Tuccillie’s Facebook is a Snitch (January, 2022)
- Read Jennifer Lynch’s In 2021, the Police Took a Page Out of the NSA’s Playbook: 2021 in Review (Electronic Frontier Foundation, December 2021)
- Read Heather Kelly and Emily Guskin’s Americans widely distrust Facebook, TikTok and Instagram with their data, poll finds (MSN, December 2021)
- Read Emily Birnbaum and Daniel Lippman’s How one of America’s largest employers leans on federal law enforcement (Politico, December 2021)
- Watch Privacy: Here is how you find iOS apps that monitor accelerometer events, such as Facebook (myskapps, Oct., 2021) – also embedded below
- Listen to Why You Shouldn’t Use Google Chrome After New Privacy Disclosure (Forbes, March 2021)
Activity
Students should review the course syllabus to determine the assignment of this activity.
This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.
Purpose
Instructions
- Watch Five Exceptions to the Exclusionary Rule [No. 86]: https://youtu.be/Q3GVRMlqZNw
- Read Weeks v. United States: The Silver Platter Doctrine – https://law.jrank.org/pages/23955/Weeks-v-United-States-Silver-Platter-Doctrine.html
- Review the Tampa Bay Times article Records show deep ties between FBI and Best Buy computer technicians looking for child porn, read Chapter 10 Digital Laws and Legislation: https://www.tampabay.com/news/publicsafety/crime/records-show-deep-ties-between-fbi-and-best-buy-computer-technicians/2318913/
- Read about Weeks v. U.S. and the established exception to the exclusionary rule (https://law.jrank.org/pages/23955/Weeks-v-United-States-Silver-Platter-Doctrine.html)
Answer the following questions:
- As it relates to criminal investigations, what is the purpose of the ‘Silver Platter’ doctrine? Be as specific as possible.
- Explain how the silver platter doctrine might not apply in the case involving a California doctor, Mark Rettenmaier, and the supervisory personnel at the Bust Buy Geek Squad City facility in Brooks, KY.
- Do you believe that the Geek Squad supervisor, Justin Meade, was acting as an agent of the FBI? Explain.
Key Terms/Concepts
The Burden of proof can define the duty placed upon a party to prove or disprove a disputed fact, or it can define which party bears this burden. In criminal cases, the burden of proof is placed on the prosecution, who must demonstrate that the defendant is guilty before a jury may convict him or her.
The exclusionary rule prevents the government from using most evidence gathered in violation of the United States Constitution. The decision in Mapp v. Ohio established that the exclusionary rule applies to evidence gained from an unreasonable search or seizure in violation of the Fourth Amendment.
The Silver platter doctrine is the doctrine under which evidence turned over to federal officials by state officials would not be suppressed even though it was obtained by means of an illegal search. However, this doctrine has been repudiated by the Supreme Court. Articles obtained as a result of an unreasonable search and seizure by state officers may not be introduced into evidence against a defendant over his/her timely objection in a federal criminal trial, even though the search was conducted without the involvement of federal officers.
Discussion Questions
- How does the global nature of the internet and the operation of cybercriminals across borders complicate the legal landscape of cybercrime, and what does this imply for international legal cooperation and harmonization?
- Discuss the significance of the Budapest Convention in the harmonization of cybercrime legislation. What challenges does uneven global adoption and implementation of these standards present to international efforts in combating cybercrime?
- Considering the adaptation of traditional search and seizure laws to the digital realm, what are the main legal and ethical dilemmas that arise from electronic surveillance and data collection? How do federal statutes like the ECPA and CFAA address these challenges?
- Analyze the impact of key U.S. Supreme Court cases such as Riley v. California (2014) and Carpenter v. United States (2018) on the legal standards for accessing and using digital evidence. How do these decisions balance the need for security with the protection of individual privacy rights?
- Reflect on the imperative for cybercrime laws to comply with international human rights standards. Discuss how limitations on human rights, in the context of cybercrime prevention and investigation, can be made proportional, necessary, and in accordance with established legal principles.
Supplemental Readings
Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.
Click HERE to report any needed updates, e.g., broken links.
Officially known as the Convention on Cybercrime, is the first international treaty seeking to address Internet and computer crime by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. Adopted by the Council of Europe in 2001, the convention came into effect on July 1, 2004. It is open to ratification by any country, and as of my last update, more than 60 countries have ratified the convention, with many others having signed or expressed interest in it.
A seminal Supreme Court case that addressed the intersection of digital privacy and law enforcement, significantly impacting how legal standards apply to digital data. The case revolved around Timothy Carpenter, who was convicted of robbery in part due to cell phone location data obtained by law enforcement without a warrant. The government acquired months' worth of Carpenter's historical cell site location information (CSLI) from his cell phone provider under the Stored Communications Act, which only requires "reasonable grounds" rather than the probable cause needed for a warrant.
A United States federal statute that was enacted in 1986 as an amendment to existing computer fraud law, which had been part of the Comprehensive Crime Control Act of 1984. The CFAA was initially designed to reduce hacking and unauthorized access to computers and computer networks. Over the years, it has been amended several times to address the evolving landscape of cybercrime and to include a wider range of computer-related offenses.
A United States federal law enacted to extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer. It was designed to address the growing use of electronic communications and the need for legislation that would protect users from unauthorized surveillance and access to private communications.
Under the Foreign Intelligence Surveillance Act (FISA) "electronic surveillance" is defined to include "the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire communication to or from a person in the United States, without the consent of any party thereto, if such acquisition occurs within the United States . . . ." 50 U.S.C. § 1801(f)(2) [U.S. Department of Justice. 2021].
Rights inherent to all human beings, regardless of race, sex, nationality, ethnicity, language, religion, or any other status. Human rights include the right to life and liberty, freedom from slavery and torture, freedom of opinion and expression, the right to work and education, and many more. Everyone is entitled to these rights, without discrimination (United Nations, 2021).
According to Thomas Reuters | Legal (2021), there is no single law regulating online privacy. Instead, a patchwork of federal and state laws apply. Some key federal laws affecting online privacy include:
The Federal Trade Commission Act (FTC) [1914] – regulates unfair or deceptive commercial practices. The FTC is the primary federal regulator in the privacy area and brings enforcement actions against companies. This includes failing to comply with posted privacy policies and failing to adequately protect personal information.
Electronic Communications Privacy Act (ECPA) [1986] - protects certain wire, oral, and electronic communications from unauthorized interception, access, use, and disclosure.
Computer Fraud & Abuse Act (CFAA) [1986] – makes unlawful certain computer-related activities involving the unauthorized access of a computer to obtain certain information, defraud or obtain anything of value, transmit harmful items, or traffic in computer passwords. The law has been in amended six times.
Children’s Online Privacy Protection Act (COPPA) [1998] – requires certain website and online service providers to obtain verifiable parental consent before collecting, using, or disclosing personal information from minors under the age of 13. It also requires websites to post an online privacy policy, collect only the personal information necessary, and create and maintain reasonable security measures.
Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) [2003] – governs sending unsolicited commercial email and prohibits misleading header information and deceptive subject lines. It also requires senders to disclose certain information, include a valid opt-out mechanism, and it creates civil and criminal penalties for violations.
Financial Services Modernization Act (GLBA) [1999] – regulates the collection, use, and disclosure of personal information collected or held by financial institutions and requires customer notices and a written information security program.
Fair and Accurate Credit Transactions Act (FACTA) [2003] – requires financial institutions and creditors to maintain written identity theft prevention programs.
Many states have also adopted laws affecting online privacy, for example, consumer protection statutes, laws that protect certain categories of PI, information security laws, and data breach notification laws.
In addition to complying with these laws and implementing robust information security programs, there are steps organizations can take to help mitigate cybersecurity threats.
A landmark United States Supreme Court case that significantly impacted digital privacy rights and law enforcement practices in the digital age. The case arose from two incidents where police officers searched cell phones without a warrant during arrests. David Riley was stopped for a traffic violation, which led to his arrest on weapons charges. During the arrest, officers searched Riley's smartphone without a warrant, finding evidence of gang involvement and linking him to a shooting. This evidence was used to convict Riley. In a related case, Brima Wurie was arrested after police observed him participating in a drug sale. Officers seized his flip phone, accessed its call log without a warrant, and used the information to locate his house, where they found and seized drugs and a gun.
Search and seizure, in criminal law, is used to describe a law enforcement agent’s examination of a person’s home, vehicle, or business to find evidence that a crime has been committed. A search involves law enforcement officers going through part or all of individual's property and looking for specific items that are related to a crime that they have reason to believe has been committed. A seizure happens if the officers take possession of items during the search (Legal Information Institute, 2021).
Part of the Electronic Communications Privacy Act (ECPA) of 1986, a United States federal law designed to protect the privacy of individuals' electronic communications stored by service providers. The SCA specifically addresses the voluntary and compelled disclosure of stored wire and electronic communications and transactional records held by third-party internet service providers (ISPs).