An Encyclopedia of Wiretaps

so hi welcome to encyclopedia of wiretap this is gonna be basically surveillance law 101 which is an actual law school course in like an hour less than an hour so we're gonna throw a lot of information out there at you guys so Who am I I like to call myself a hacker lawyer it's the term I stole from some of my friends as a software engineer for a long time got burned out went to law school which is a thing that very dumb people do and they're burned out it was fun I did national security law because it was actually the closest thing to cybersecurity law I could get and after law school I went to go work

for a law firm I did a lot of work of handling law enforcement requests for customer data for some companies which is kind of where I learned how to do this sort of stuff some of it based on my weird in law school but most of this is just sort of practical on-the-job sort of things so I am an attorney I am NOT your attorney none of this is legal advice even though we're talking about a lot of law stuff in here so unlike a lot of things that people care about surveillance law things are almost entirely based on statutes there are cases that come into play but unlike something like the Fourth Amendment or

First Amendment or like 99% of what is happening is based on my common law and precedent and what the cases before say surveillance law we are literally following the word of what is written in a law that was passed by Congress and signed into effect by the President of the United States and I'm going to be tossing around a bunch of numbers today they look like things like this 18 USC 32 33 I have done way too many wiretap orders and so I know that that's the P RTT statute but I'm going to try to explain these a little bit to you so 18 is Title 18 of the u.s. code that's the criminal law code because all this

wiretap law comes out of criminal law USC means United States Code so we mean that we're looking at a statute that's a federal law it's been passed by Congress and 3233 is the title is the specific section of this that we're going to be looking at and you'll sometimes see numbers after it like 30 to 33 like paren 1a and so forth that just sort of further narrows it into it so you say the fourth amendment even though I just said it's all statute based the fourth amendment actually does come into play in this area the fourth amendment is what gives us the idea the reasonable expectation of privacy standard and most Fourth Amendment law

is case law we have a lot of cases like Olmstead which is a very very old case that was one of the first wiretapping laws that was where they decided that like basically like claw Mike's into the wall as a house we're gonna decide on and so the Fourth Amendment is in here and it sort of sets the background you know the Fourth Amendment really does is it's going to tell us that we're going to need a warrant for some types of things were given to the big law that we're gonna be talking about here is title three it's got a law that created the modern wiretap framework we're gonna start dive into this it really was

passed in 1968 to prohibit private citizens from using electronic surveillance from like recording people there's a lot of state laws in this area also so like you may hear people refer to I live in a one-party state where I can record someone or I live in a two-party state where I need the consent of both parties to be recorded and those laws exist they're a little bit to the side of what we're going to be talking to talking about today but essentially title three is what codified what law enforcement can do with wiretap recording calls getting metadata of our internet traffic and so forth and it's very technical it requires compliance of some very specific requirements to come

out of the statute and that's what we're gonna do I'm gonna walk through how I would analyze one of these orders when they landed on my desk so in 1986 Congress amended title 3 by enacting the ECPA a lot of people in the tech industry have heard about this it basically added electronic communications aka Internet sort of stuff onto title three so electronic communications is basically an on voice communication made over a network or affecting interstate commerce which is fancy Allah speak for Internet it included text messages electronic mail faxes other non voice Internet traffic and so forth it's a you can go pull up 18 USC twenty five ten section twelve if you want to go look at the

specifics and all that and finally almost finally no more after this Kalea so Kalia is essentially the law that said that phone service providers have to give technical assistance to law enforcement when they come to them with a wiretap order or a PR TT or so forth it basically says you cannot build a phone system that is I cannot be a wiretap you must build your technical systems in a way that law enforcement if they come to you with a valid court order you can get their data so the last one which is one that I didn't really deal with but I wanted to touch on for everyone especially because it's been in the news a lot recently is FISA this has

to do with foreign intelligence wiretaps so essentially if someone is acting as an agent of a foreign power this is the authority that you use in order to get their phone records their internet traffic and so forth so the bulk of what this talk is going to be is we're gonna be talking about court orders just to sort of a framework of what a court order is and what I mean I say this a law enforcement officers doing an investigation he has a reason to believe that he if he can hear someone's phone conversations he'll get some evidence to help him figure out what's happening with this crime he'll usually go talk to a prosecutor or someone there's an

attorney who's going to help him go make an application to a judge the judge hears it the judge has to decide if there's probable cause and a couple of other requirements are going to get in so the judge then issues an order it's they vary from like three pages to many many many many pages and it gets issued to the service provider and those would be the things that would come across my desk so there's a couple different kinds of these things that would come in really so I'm just one of the lace and ground markers I'm going to talk through each of these my aim here really just is to educate you about what kind of data

you can get what some of their very specific technical requirements and so forth are I'm not doing any hype I'm not doing these scare mongering here hopefully not gonna do any editorializing about the benefits or evils a surveillance this is very sort of fact-based for you hopefully it'll be somewhat educational because this is not the kind of thing that really gets shared all that very often most attorneys to do this do not really go out and tell people about what they're working on with this so before we do our search jumps in we talked about the Fourth Amendment and how it lays out a reasonable expectation of privacy one of the distinctions that we get from that

is a difference between content and metadata and that's going to be key as we analyze each of these orders so content is the body of the letter so when the Constitution is being written people you know use postal mail and then I think you know like okay so if I'm gonna write a letter to someone who's gonna have all the details of like my bank robbery conspiracy and so forth this is pretty detailed information but there's also a lot of letters that go out that are very private people write letters to their family they might be at that time especially conducting business by letters and so forth and so if we're gonna have some privacy protections we

really want to make sure that it would protect that but at the same time a letter has to be addressed and we would call that to and from information metadata about the letter and we had kind of a lower bar for the privacy information for that this isn't the days before ad targeting and all of our awesome machine learning crunching things where we can actually play derive patterns from metadata much more easily then it turns out that you could in the 1780s and so they thought it was fine to have essentially lower protections for just this addressing information they're sort of the idea as well the addresses are on the outside envelope anybody can see

them you know is there in the mailbox or so forth but so we have essentially the split and how we think about data whether it's mother data or content data content data requires at least a warrant and to get a warrant you basically need a judge to determine this probable cause which is essentially a reasonable basis to believe that there has some evidence that a crime has been committed or there's some evidence for an arrest or so forth and you have to be a little particular about it you can't just say like I want a warrant to search a town you have to say I want a warrant to search a particular house because I

believe that if I go search that house I'm going to find evidence that relates to a bank robbery that occurs two weeks ago and here's a little bit of reasoning that I have for that if you take from Pro you learn all kinds of things about we can base warrants on and so forth it gets very technical also so one of the first things we're going to jump into here I'm just gonna lightly touch on these is stored content warrants so these come from the stored Communications Act part of the Electronic Communications Privacy Act title 2 of the ECPA is the stored Communications Act and it basically says that you need a warrant to access stored

content this is the one that says like if your emails over 180 days that you wouldn't because that people thought it would be abandon it's actually no longer true pretty much every provider requires a warrant there's a case called war shock that sort of applied to that it's one of the few places where case law does come into this but it's basically okay do you have content on disk yes okay like here's the court order for it please return it the other kind that we have is a subpoena so when we were talking about the content versus metadata thing we said that metod a does not need a warrant metadata instead needs a subpoena which

is still a court order but it has a lower threshold to get it so instead of needing probable cause we're going to have some specific requirements that we'll see when we jump in so pre carpenter cell site location records could be gotten with subpoenas and Carpenter is the Supreme Court case I was just decided at the end of June it essentially said that you know like even though these address records are considered to be metadata because it was just basically like locations where there were pings on the cell phone tower that you know we're now in the age where we can start combining this information and it creates a richer picture and it gets closer to the sort of the richer

picture picture of things that we had wanted to protect with warrants and so the Supreme Court essentially said you can no longer just use a subpoena to get like cell site location data from the service providers a PRT T is a specific type of a subpoena it's been registered trap-and-trace this is the 18 USC 32 33 and we're gonna walk through one I had an awfully fun time trying to find some examples of some of these orders for you guys so I think this one is okay some of these might be a little blurry because we're getting like scans of typewritten pages and stuff they're fun most of these orders when they come out to you an attorney I'm gonna say most is

probably almost all have non-disclosure orders on them which means I cannot say that I've seen in order to wiretap a particular person so they're not available in the public court records so in order to do this sort of thing you have to go to training materials and so forth and pull things that are not really quite real so we're gonna look at one that is essentially comes from a training reference manual my last slide is going to be a list of links which is the sources where I pulled all this materials so if you are interested in taking notes and so forth you can basically pull that last slide I'll post the slides and everything so you can

pull from them so this is pretty much what order looks like when it comes in we would fill it up at the top where it says district court for the abhi like northern district of Illinois some of them have separate divisions in the matter of obovata we'd have our case number and you notice right up here at the top we have that this is under thirty one thirty thirty one twenty two and so it's telling you like hey we're going to be in PR tt land this is essentially what we're going to this set of rules that we need to start looking for and I should put my glasses back on here I'm sorry I'm competing in

here we need to uniquely identify the device that we're going to be doing the it for so we might have an IMEI number in here or an ESN and then you say identifying the telephone number being used by we have to have a subject name in here or we have to say the whole like first name unknown last name unknown it's required by the statute if that's not in there you don't approve the order that used to be one of the things I would kick orders back for all the time I'd be like no like he didn't give me the name I know you don't know the name but you have to tell me you don't know

the name and you have to say it's in connection with an ongoing criminal investigation so we would literally have checklists of what the statute required as we read each of these and check them off as you go down so I was the first page so we're moving down in the order so we have to note here up at the top that the information to be obtained is relevant to an ongoing criminal investigation has to have that exact wording conducted by and then here we have what the agency is that's doing this wiretap regarding and we have to have one of a certain number of crimes because these can only be used to investigate particular crimes by and

then the subject because the subject may not be the target so like if we suspect John Doe of doing a bank robbery and we're wiretapping is buddy's friend like the names may be different in here and then a lot of this isin identity we want to make a really sure that like we're getting the right phone line that we're going to tap here we have to say the identity of the person is leased or whose name the telephone line or other facility which the pen register top of campus to applied is the others say is unknown or they tell us that the other name it's almost always unknown and then we need to say the order

applies to telephone believes to be operated by the subject so again this text all comes from the statute and you're basically doing a check mark as it goes down if any one of these things is missing it's essentially a required element like we don't say the purse call out that it's like the person who's leasing the phone line you reject the order its facially invalid it cannot be and we kind of return data under it so you go and they install and use anywhere in the United States to record or decode the phone numbers that are and we're sort of down here we say the order shall be effective for sixty days from the date that this order is signed by the

court so a PRT T can go for up to 60 days after that if you're so investigating and you're probably so investigating you'd essentially apply for a renewal so you have to go through and do the same exact thing you have to go back to the judge with the application he I think you pretty much tell them like this is a read every new all because they come back to us at the orders marked as renewals if they're giving you date in their like from you know January 1st to you have to check that it's 60 days or less if they try to give you a date range that is 61 days and you actually use like these little

calculator things to figure out the date range it's again invalid you cannot approve an order for more than 60 days oh and the sealed by the court this is a order with a non-disclosure order we could not you know go out and like publish this in the public court records so I uh that's this we're getting there so basically it allows you to collect non content information associated internet communications this came in 2001 u.s. Patriot Act amended the PRT T statute to do this some people debate about URLs I believe so essentially for most people you're looking for like email subject line you're looking for URLs visited like things that are considered internet metadata or if this is a phone line

you're basically looking for the register of what numbers were called and when and they use that to essentially figure out who your contacts are I believe so that's what you would be getting with one of these it's metadata but again like if you're getting the subject lines everybody's email you may or may not be getting web stuff title through weren't up came from the 1968 Omnibus Crime Control and safe streets Act of 1968 which i think is a hilarious title for this thing so note here that we're talking about the federal authorities and they're essentially a baseline States sometimes do also have their own wiretap statutes and so forth there's something's a little bit difference like Arizona

authorizes a little bit more subscriber data with some of these than some of the other ones but they are almost all modeled on the federal ones and I have the most experience of federal so I'm going to be presenting those but do understand that pretty much every state has a state equivalent of this stuff and so it does mostly preempt state law the states have to meet that bar so I didn't really did not get enough wire jokes into this thing I apologize I thought there would be tons of good ones essentially wiretaps because it is so intrusive we're basically bumping up the bar and probable cause you need not just probable cause you need some other

requirements and one of them is necessity and if you've seen the wire you remember they had to go say like hey we know that there's this criminal conspiracy in the streets of Baltimore and we're just not getting the evidence of a crimes that are out there we really need to tap this payphone we're not getting this information any other way and they really have to list out in the application like we tried alternative investigatory methods and we really need to do this intrusive way of getting our evidence you basically are supposed to list out likely you've tried and failed the if you are wrong on this especially if you lie that is actually grounds for

getting evidence tossed out in court so so something you like don't want to mess up I you need to basically describe exactly what you expect to get obviously you don't necessarily know like here I'm gonna hear like Joe Smith talked to Bob Smith about like stealing cookies are the cookie jar on Tuesday but you can't just say yeah we think like that guy is a sketchy dude and we want a wiretap in it you gotta be a little bit more than that it has to be the full and complete statement of facts and circumstances including details underlying the alleged offense in a particular description of the nature and location of the facilities in place to be wiretapped

it's like when I was calling on the PRTG like we have to mention like the name of the person who owns the line who the line is leased to and so forth we need that level of particularity here roving wiretap I mean none of us pay a long-distance anymore I certainly have not paid long distance my phone anymore like there's not really much like concept for roaming this i think used to be a bigger thing we're like you would go to a court that's just in one district and you would say like hey you know i went to at wiretap a phone line that's here and was fixed to a landline in there and then if the person moved to

another state you basically have to go get in another order for another phone line in another state our tech kind of breaks this so it's basically if you have a wiretap on you know an internet service like that it's kind of hard to tie that to geography but there's a whole concept of roving wiretaps i don't I have to and fire into it but you can certainly go google and look up some of this time period or I said PRT T's or 60 days wiretap is 30 days at most again they sometimes give you date ranges and you need to do the math to make sure it is only 30 days includes holidays they can start whenever because this is

all done electronically it doesn't really matter if you want isn't you want me to start at like 12:01 on like Sunday morning that's fine and also the orders will say to begin immediately or within 10 days of the order being released so it's going to go up to 40 days from the date the order was signed that has to be checked also if essentially the law enforcement agency slacks getting the order to the service provider and you don't get it until 11 days later so you can't start it like that scrounge to send it back and be like try again a lot of this stuff gets sent back with notes be like try again you were incorrect in this

spot and again they can be renewed you see a lot of renewals it's 30 days at a time you have to keep going back and say we still think that we need evidence we still can't get it any other way and so forth so we're going to start a walk through one of these and we'll see a lot of these are crowns they're just talking about it looks pretty similar to that PR TT that we just did and hopefully that is somewhat readable I apologize this is the like skin from the typewritten attorney manual I had a fun time finding some of this information for you guys so up at the top we say you know this is

the district court it's in the matter of the application for the wiretap order authorizing the interception of it will be a wire if it's internet or oral for recording phone calls and we have to essentially the judge is going to say like yes so someone came in and said under oath that they're applying for this and as they note at the bottom it's basically going to be a copy pasted from their application and I think this is on the next page we have to state this probable cause for the specific crime mentioned in title 3 that the wiretap can be used to investigate Italy so yes there's probable cause to believe that and then you have to state the people

who you're investigating who are the targets of the subject have committed are committing and will continue to commit why see this list of Pence's comes from 18 USC 2516 you have to check that it matches that list if they are trying to investigate something that is not on that list that's a reject and they say is probable cause to believe that I'm going to get some evidence from this particular wiretap that is going to help me investigate it sorry is small worry on my screen too and so we have to say the interception of the wire communications note that again we say subscribe to located at if we don't know these we say unknown it cannot just not say it if you

don't know what it is and this is where again you have your checklist you have this do you have this t of this and you're going down the order and marking it off as you go you say well concern the specifics of the offenses that are on the list matter and the means of it we have to also we specify a place interception will occur although as we just said with the roving stuff like it's a little theoretical with some of the internet stuff like if you're going to a social media company and doing you know in order for that like it's a little bit weird this is where also we have to say a specific

investigative techniques have been tried are not feasible that's in the paragraph C has been established and normal investigative procedures have been tried and failed reasonably P are unlikely to succeed if tried or too dangerous to employ and it's going to be pretty much copy pasted into that language from the statute and there's probable cause to believe so this is why we're calling out that the judge believes that there they have adequately demonstrated probable cause for this and then we say we have to specifically have the judge date that they are authorized to essentially go do this if there are state officials in there they will list them out also you see a lot of times sort of partnerships

between state agencies and federal agencies that are doing the investigation that gets listed pursuant to the power delegated by a so the statute basically says the Attorney General of the US can authorize wiretap Attorney General of the u.s. is a pretty busy dude so he delegates that downs like the US Attorney's and so forth I actually don't remember his specifically it's authorized to do that but it's like you're not getting the Attorney General to sign every single one of these even though the statute essentially says that that's right what is required and then to intercept and we call it again whether it's wire or oral this is a termination clause the statute says you should terminate a wiretap when you get

the evidence that you want I don't think that's super common I think maybe they do so basically this whole like reveal co-conspirators that language I swear is almost clear plate you'll see it a lot and others yet unknown committing these offenses so essentially a lot of this is they're pursuing terms of conspiracy and so forth and you want to keep figuring out who is in these networks and so they use the wiretaps and so forth the sort of hop around them one thing that is a little hard to tell from this training one here is that often times they're combined you will see an order that will have wiretaps on five people and PRT T's

and four of them and the it'll kind of be mixed in which is fun when you kind of make sure that you're checking off all the boxes and so what we have in here oh gosh I can't read it somewhere in here it says it applies to change phone numbers also it says to try a deal with like people sim swapping or so forth and so basically it says like hey if you have this phone and the number changed we know the person is over there and we can trace it like we're not going to make you go reapply it applies back over we had a technical assistance clause in here saying that the provider

has to help essentially get the data and return it non-disclosure clauses in here again to avoid prejudice to the government's criminal investigation and the provider the electronic communication service its agents or employees are ordered not to disclose or cause a disclosure of the order so if you came up to me and said did you see a wiretap for Bob Smith I would not be able to tell you if I was the attorney to process that because it's an undisclosed on that we have our time period of 30 days in here the order shall be executed as soon as practical so forth within 30 days measured from the earlier of the day on which the investigative or law enforcement

officers first began to conduct the interception or ten days after that's where we have to return it and they asked for the reports to the courts of the court supposed to be monitoring that they're still getting useful stuff from this and our target hasn't just like given his cell phone to his five year old kid and the five year old kid is on like the phone like babbling off you know doing whatever we're not getting any sort of active useful investigative material from this anymore and then we have to check the judge's signature and the date it's kind of confusing to me how you get these without a judge's signature on it I guess like I don't

know the clerk would print them out give them to the judge judge would be tired going through a stack of them and miss a few so you would always have to check that a lot of times we get not just a date but a time so if you signed you know at the first of April 10:40 a.m. and so the wiretap goes for 30 days to like whatever so if it was like April 1st to April 30th 10:40 a.m. at 10:00 what do you want it's supposed to kick off although probably by that time they've gotten the renewal and so it would go forward from that point but not valid of judges signature there's also

the concept of a consent based order these are a little bit different they go for longer periods of time they'll go for about 60 days instead of 30 I think some going to go for 45 I can't remember the specific ones to approve one of these you basically need to see a signed consent from the person whose communications are being monitored obviously you're not going to know under what circumstances that was signed but you have to look and make sure that like you know the person signed her name and the name matches and it appears at least kosher D orders I don't think I ever saw one of these independent they get tacked on to usually on to wiretaps it has to

have the specific language the specific and articulable facts trainings reasonable grounds for this if that language is not in there you do not approve the order you can approve a wiretap with if they had this in here a little bit wrong they might have just said with with specific facts showing they didn't put in the and articulable and it was in something with a wiretap you can approve the wiretap you reject the D order he puts it back in correct statutory language come back to me with something else from it there are some jurisdictions that will routinely screw up the D order and I don't know how they ever get their data because we would

certainly not approve it with the incorrect stuff and they just carry on so who knows it was going on to some of this I think a lot of this is very templatized on all sides and the court should just basically have their orders they're doing it had incorrect language and the law enforcement wasn't telling them hey fix it it would just carry on but basically the subscriber data is basically like information about who you're contacting it's never getting into some of the fun national security stuff so National Security Letters got a ton of attention a couple years ago people were all up in arms about the warrant can there anything I actually wrote a little Oliver article about

wearing carat Canaries are very trendy there's still very much a thing that's out there they're different from a wiretap and that essentially they're an administrative subpoena which means the agency has its own authority to issue them so people get very concerned about them because you don't even have a judge like people say all the judges like rubber stamp warrants there's no judge involved at all the agency has its own authority to issue these requests they are whoever very limited and the information comes back it's essentially subscribers sort of data that goes back um we've had in ourselves since 1978 there are five different places were essentially agencies that can request types of data for this financial data is

the first one financial data essentially is the second one the ECPA 2709 can request some also in Section 802 of the National Security Act that gives like the FBI and so forth the authority to go request this sort of data a there I mean they get used a lot I don't remember off the top of my head if there have been wiretap numbers released but the wiretap numbers are probably way way higher this is still not these are not small numbers a piece of information going out although between 2016-2017 you can see there's somewhat some more these are from the Office of the Director of National Intelligence precise transparency report every year and you can go pull it up and look at the

numbers I think that might have wiretap numbers and it also people like to dive in and sort of compare what's happening year-over-year and then also take the numbers that are in these transparency reports and compare them to the information released by the service providers and tried to mass and see if they add up or not so unit two 702 this is what FISA orders are done under the FISA Court is a special court it is still what we was saying article 3 courts means those federal judges on it everything is classified essentially the judge approves these requests he's not using the normal well on say normal like the requirements that we just looked at for a warrant he's using different like

essentially foreign intelligence sort of requirements like do we think this person who's an agent of a foreign power is that someone who's outside the United States is that someone who's acting against the interests of the United States there's a lot of confusion about these a lot about these is very cloaked in secrecy because everything having to do with these is classified I worked with someone who worked on these and I never saw one because I did not have a clearance for them but as it turns out as I was doing this talk the quarter page finds a wireless release so it's like oh this is kind of cool I can actually see what one looks

like so I did not reproduce the entire thing in this talk but I figured we would take a look at it to sort of see how it compares to the other ones that we just looked at so you can see on the surface this is actually not look that different from what we were just looking at with the title 3 and the PR TTS instead of saying a district court we say it's the Fisk it's an order down here just the same as we saw with the PRI TTS and so forth we say the application was made pursuant to instead of saying pursuant to 32 or 33 were pursuant to the FISA Act classified that

information is either still classified or if you look at the little markings next to it those are for read actions so the Freedom of Information Act is that when information is released you can hold back information for certain reasons so like b6 is a common law enforcement one I can't remember what b1 b3 b7 are but you can pull up flight and see so they basically are asserting that they can't release this information due to these yes well we can't see what the specific statute number is because it might tell us how many different sets of authorities are underneath because their numerical yeah so it might be like you know so it's 50 USC instead of 18 it may

be like sections you know one to five and we're like oh there's at least five sections because they go numerically no I don't remember what if C is it would be one of the national security issue i'p ones yeah I actually thought this would be under 18 but it's not yeah so we have to assert that Russia is a foreign power I love how some of these things you get and it's just starting like things that you would be like well duh like very basic faxing it because the statute requires it so I'm saying you probably have to assert that because it says it can only be used a foreign power so we can essentially

reverse engineer what the statute is requiring by looking at this warrant what they didn't redact out and we say Carter Paige is a agent of Russia so that must be required the minimization procedures proposed in the application have been adopted so FISA 702 years old minimization procedures is this whole thing I don't even want to touch it because it's a hairball you should research it it's cool stuff it's a hairball and then he asked to say somewhere to what we say a lot of the warrant ones that all the certifications required by statute have been met here and notice again they blacked out the statute number so we can't tell which statute is requiring these statements we

can say it's not clearly erroneous so this is probably another statute requirement that is in there that's not text that we usually see in a warrant one pursuant to the authority conferred on this court we're going to say the United States says I'm at the top of the second page and I say it's authorized to conduct blank of the target as falls and this is we're gonna be seeing like you can get the email subject lines you can get the URLs whatever they're actually getting here because we don't know because it's been flat-out I didn't go through the whole thing but it was kind of interesting sort of going through all this and seeing the pieces

it's pretty long it was right at least I think it might have been released by DOJ it you might be right I don't remember it's so blocked out yeah I mean I was mostly interested in it because I never particularly thought this through but it makes perfect sense that this is facially similar to the non-classified warrants that we handle for regular wiretaps yeah so this is just a little bit notes about 702 allows a targeted collection of content about collection to from and about the target we can do a couple of different hops around backdoor searches or basically where we already have this data available and the FBI has a target and they want to go see if

there's anything in the already collected data about it the last odni transparency report so there are a hundred and twenty nine thousand eighty individual groups or entities who are target's so after we just went through all these statutes and I said you know case law hasn't really had much to do with that we're gonna touch on all writs Act which is kind of case law and it's very fuzzy and it's a weird legally little area it is kind of a catch-all because especially all these things are very specific requirements way back in 1789 they decided we'd better make sure we can always get the information we need and we're gonna make this all writs act and it was actually

enacted to enable courts to always be able to go get the information they needed to pursue essentially their role so 99.999% of time that this law is used it's by a court basically saying I need you to go do something like some really arcane small like land dispute or something like it's not a big deal I guess use all the time in most states also have a version version of this for their state courts but it got used for the Apple iPhone unlocking a couple years ago essentially the FBI had you know the phone they want the phone unlocked Apple is like sorry we can't unlock that for you without writing custom software it didn't fit in

a box of like a wiretap or start content or something doesn't wanted Apple to go affirmative ly write some new software to do this and there's not really any provision to do that in our current wiretap statute or so forth so essentially the all writs act says anything necessary and appropriate to aid in the respective jurisdictions some I like this wording agreeable to the usage and principle of law I'm not sure how that says I'm going to require a software engineer to go write some code but DOJ said it was so United States versus New York telephone is a case that predates kaliya and essentially it was they wanted to essentially install a wiretap and because CLIA didn't yet

exist the phone company is like sorry like we don't have the text set up her TQ to tap this like we can't really help you and it they used this the oritse to force essentially the technical assistance that is now codified in Kalia and they said in this case basically we agree you know the federal courts should not just require third parties to do like anything they were kind of leaning on it then because they're like well clearly like we have this wiretap sort of law we should be using a you phone company or just being annoying and so we're gonna force it because it seems kind of clear to us they should be allowed to do it and so essentially what

happened with all writs act case with Apple was you know they found like some other way to get in because software is always buggy and there was such a backdoor to it but they have not said they won't try this kind of thing again so if there's another fight over this sort of thing if we do not have essentially a new version of CLIA that would require writing you know software or doing other work to it from really unlock phones or other devices all writs act could come back to play again so these are resources there is a lot of very boring government manuals up here I will definitely tweet out my slide deck if you don't want to try take

pictures of super long URLs la Farah blog in there is a very conservative vlog but they have people who really know what they're talking about and so I find it as somewhat interesting read the thing at the bottom is a book so when you got a law school you actually really learn law through like the supplements and this is a very good horn book that basically taught me from pro and the top book is an insanely expensive book by David Chris that if you have access to a law library that has it will basically teach you FISA and so forth it's very good but it's like five hundred dollars for two volumes or something insane so

try to find in a library so I think I have time for a question or two okay oh wow is this basically the same for wireless surveillance like if I was gonna bug somebody this is mainly wireless how would you be bugging likey you individually doing it yeah well I mean law enforcement so via so makes my questions this is mainly wired with the laws be that much different for wireless this applies to cell phones just to cell phones and stuff yeah okay no no not Wireless like electronics Darrell it's like I actually have like a spike might you know pointed at you technically falls under this yeah any of that done by law enforcement I mean that

this sort of like if you are one person recording you need a one person consent or a two person consent in your state anything outside of that is criminal and you should not do it please don't wiretap your neighbors they're awesome talking so you noted that the wiretap sort of extends to if I swap the same in an existing device then they don't have to go and get a whole new wiretap order right they can continue to use the existing one even though the for number to change because the device identifier is the same or the yeah whoever they're keying the identification off of it shifts you can often follow it so does that still apply

if you get a new device so the IMEI number changes I'm gonna say probably I think it may depend on the company I didn't handle the ones that were like that so I don't want to give you a definitive yes or no that may come down to the company policy there I don't think there's case law on that but so it seems like a lot of the reasons that you were kicking things back was sort of bureaucracy with that the wording has to match exactly can can that be gained from the perspective of someone who may be a target from this is there some way to increase your chances of being a person that makes it yeah make the law

Clark drafting these get tired and forget to check the statute but I'm pretty sure that most courts sees basically injection in your name oh man we saw some funny needs you don't usually have names you have known as and whatever they're like handles or whatnot yeah most courts are basically gonna have like on the C Drive in the folder orders they're gonna have a like PRT t folder I think of a PR TT with a D order and they're gonna fire that sucker up and basically do a find/replace so it's not like they're drafting it from scratch every time I think it's or this is awesome talk one question you were talking about mo iPhone so far but does

this also apply to mobile phone technologies for example I used into connected cars it would apply to anything has an internet connection essentially if you can get to a provider and serve an order on them then they can package that in response to the order packages data up and send it to law enforcement so my question is with regards to modification of data that is passed over there via thus this only cover well you are allowed to record everything that goes over this wire or through are you also allowed to modify the data for example enforcing SSL man-in-the-middle or something like that to be able to Inc to access the data because for example in Australia just

changed the law if you're using tor or signal the government is no longer able to read that if they want to wiretap you so they now have the right to install a backdoor on your phone they even may break into your house to install it there yeah in order to get access to the data so are they allowed to modify your device and all your data stream as well with the biota I'm gonna not answer this one okay maybe I'll move you to an easier question so how it does how does law enforcement decide to whom to issue the subpoena right I mean there's no one service provider that's just a operating in a vacuum everybody's using you know

yes and Google and all these other pieces of infrastructure and other vendors that may have access to the same information but how do they choose who to go to and it's a long chain of providers they I'm gonna guess go to the ones they're familiar working with some of these companies have very large trust and safety programs and they hire outside counsel and so forth this is where I did this kind of work and those are probably easier to work with and they may get a reputation to be easier to work with and people go there I don't know I think of seeing some recent laws allowing ISPs to possibly mounter and or alter data going through the ISP can you

roughly about the ISPs being allowed to modify data six months ago sorry I'm still trying to figure out like what the so law enforcement gets a wiretap order asking the ISP to monitor or to modify the data that they have no orders no orders and they're getting stuff outside an order right I'm just gonna say that no client I have worked for would do that I can't say who my clients were but that's not gonna be a common practice among people who are had like the big trust and safety groups whatever because if you essentially you're following like your hiring attorneys to do this checklist because if you don't it's essentially illegal wiretapping which is

very serious criminal penalties so if that's happening my guess is maybe there's some kind of like a 702 classified whatever thing going on but I I don't know I also know Justin and we add to that supporting a client of mine in Australia right now who's looking at a civil activity relating to copyright infringement and DNS blocking which has now actually become commonplace in Australia hit me up sometimes ring yeah and copyright enforcement stuff is gonna be entirely different from wiretap anyway my question was I I couldn't that helped sense going through it it sounds like everyone has a whole heap of Word docs that they just everyone has a so it sounds like law enforcement has a whole

heap of Word documents that the judgment ctrl-c ctrl-v has there been any view to automate and accelerate that well I just and even clear up some of the data validation piece well the data that I would see would come from the courts and courts are notoriously tricky to do nice whiz-bang technology with C pacer a lot I do think these various agencies that are various ways to do this kind of stuff if you go read these manuals like DOJ C sips they're gonna tell you exactly how to create and draft one of these applications like these are very interesting to read they'll tell you under like when you're allowed to use this what type of investigation and so

forth as far as automating the legal technology there are definitely interested the attorneys who do it they may be doing some automation I had some because I'm a programmer and this is really boring work um but it's a really high bar to make sure you're always correct like there's not a lot of room for screw-ups and so you know how many bugs happen like you don't want this fully automated thank you

okay so this will be the last question I'm gonna be outside a lockpick if you want to talk to me more some people alluded to this but can you do this under any spectrum even without the Internet there's like 900 megahertz 2.4 digger it's visible light radar you would need a service provider to serve on so if there is no service provider they don't have the authority to create a system that intercepts that's a good question they probably do I'm not that familiar with those I'm familiar with the stuff like the things the service providers get so that's a cool research question you should go look at I suspect they probably can I just don't off the top of my head

standing here with no legal research tools no so

[Music]

yeah you want to be very careful about recording anything off of this because there's a lot of laws in this area that are very finicky and in very serious penalties so well thank you everybody so today we're not worried about [Applause]