Last fall, Lawfare published a piece by Ian Levy and Crispin Robinson of GCHQ entitled Principles for a More Informed Exceptional Access Debate.
Sharon Bradford Franklin is Director of Surveillance & Cybersecurity Policy at New America’s Open Technology Institute (OTI). She directs OTI's work on issues involving government surveillance, encryption, cybersecurity, government access to data, transparency, and freedom of expression online. Prior to joining OTI, Franklin served as executive director of the Privacy and Civil Liberties Oversight Board, an independent federal agency that reviews counterterrorism programs to ensure that they include appropriate safeguards for privacy and civil liberties. She previously served as senior counsel at the Constitution Project, a nonprofit legal watchdog group. Franklin graduated from Harvard College and Yale Law School.
Subscribe to this Lawfare contributor via RSS.
Writing for the majority in Carpenter v. United States, Chief Justice John Roberts called the court’s momentous Fourth Amendment decision “a narrow one.” The specific holding—that a warrant is required for law enforcement to access historical cell site location information (CSLI)—may indeed be narrow, and the decision rightfully cautions that “the Court must tread carefully” when considering new technologies.
In our interconnected world, the electronic data that we create may be stored far away from us, without regard for national boundaries. If our data become relevant to legitimate law enforcement investigations, the borderless nature of digital data can create obstacles for government investigators and the tech companies who receive government requests for their customers’ electronic data. Yet, efforts to overcome these barriers must address the tension between the needs of law enforcement and the rights of individuals.
When the government discovers a bug in any computer hardware or software system, should it immediately inform the device or software manufacturer, so the company can create a patch and protect its customers’ cybersecurity? When should the government be permitted to keep the information to itself, and exploit the vulnerability to hack into devices in support of law enforcement and intelligence agency operations?