Virtru: Trends in Federal Surveillance Law Q2 2014
-
Upload
virtruprivacy -
Category
Law
-
view
52 -
download
0
Transcript of Virtru: Trends in Federal Surveillance Law Q2 2014
CONFIDENTIAL
Why is Virtru Tracking Surveillance Law?
While Virtru hasn’t been affected by a national security order we need to be prepared. Our product predates the “startup clause” of the recent DOJ settlement. We intend to continue publishing transparency reports. Virtru’s strategy hinges upon how the courts view encryption keys and what is required to access these keys.
Internet Backbone in 2010
• For beCer or worse, US is the hub of the global Internet. • Very hard for foreign countries to wall themselves off and ineffec4ve anyway. • Special responsibility and sensi4vity for US companies given recent revela4ons.
US Technology Companies: Bad Rep on Privacy
Mark Zuckerberg (Facebook): “That social norm is just something that has evolved over 4me.” ScoC McNealy (Sun Microsystems): “You have zero privacy anyway. Get over it.”
Data: How Law Sees It Data: generally treated as wri4ng Analogies -‐-‐files = documents -‐-‐computer = container In transit versus at rest -‐-‐at rest = document? -‐-‐in transit = wiretap?
Metadata Collec4on • Despite major debate, few real changes to surveillance laws in the past year.
• Most likely reform in the short run is to bulk telephony metadata collec4on – Internet bulk metadata collec4on under different provision of FISA could affect Virtru; ended in 2011
Content Collec4on • Methods of collec4on: criminal
tools, FISA (tradi4onal and sec4on 702), overseas signals intelligence
• ECPA reform (criminal) hasn’t gone anywhere
• President’s reform direc4ve (PPD-‐28) guidelines to protect privacy interests of foreigners
• Reform coali4on: 4ghten sec4on 702 of FISA (e.g., restrict categories of intelligence); not in current FISA reform bills
• PCLOB to provide recommenda4ons on sec4on 702 in June
Encryp4on Keys
• S4ll unclear what legal tools are permiCed to access encryp4on keys: subpoena, pen/trap, search warrant?
• Lavabit – raised “master key” issue because architecture was flawed; Virtru’s is different, would not raise same issue
• Lavabit case sidestepped issue: dismissed appeal because Lavabit failed to properly raise arguments in district court
Mobile Phone Search Cases Is a warrant needed to search phone upon arrest?
United States v. Wurie, 13-‐212 Boston case – following up on informa4on from review of cell phone logs on arrest at a drug deal resulted in search of suspect’s apartment
Riley v. California, No. 13-‐132 California case – forensic analysis of photos on phone lead to arrest for gang ac4vity, following arrest on traffic viola4on
Transparency
• Google, other major tech companies agreed with DOJ on rules for transparency reports; withdrew legal challenge.
• Agreement sets forth DOJ posi4on; contains 2-‐year gag rule for “new capabili4es”
• Virtru published a transparency report and promised to update regularly; would test this rule