Skip to main content


How 2020 Presidential Candidates Can Guard Against Cyberattacks

The 2016 presidential election witnessed unprecedented Russian cyberattacks and disinformation campaigns designed to disrupt the U.S. electoral system by influencing public opinion. The Russian goal is intended to destabilize the U.S.  through ideological activism, advancing their interest and further their political agenda. Their methods compromised computer systems of candidates and political parties using the exfiltrated data to spread disinformation and influence presidential elections.

On January 6, 2017, the U.S. Director of National Intelligence released a declassified report “Assessing Russian Activities and Intentions in Recent U.S. Elections.” According to the report, Vladimir Putin ordered a massive campaign orchestrating attacks from multiple fronts that involved spreading pro-Trump propaganda on social media to hacking the Democratic National Committee (DNC). Their methods resulted in massive data breaches within the DNC that included access to John Podesta's email f…

Security & Privacy Can I Have Both?

We live in a digital world giving away something about ourselves on LinkedIn, Facebook and Twitter. The servers that store our e-mail, Google searches, online banking and shopping records. Does the fact that so many of us live our lives online mean we have given the government wide-open access to all that information? Even our privacy laws are disturbing, for example, in a recent U.S. Supreme Court ruling United States vs. Jones held that that that long-term GPS surveillance of a suspect’s car violated the Fourth Amendment.

The Constitution’s Fourth Amendment of the United States provides:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The Justices were unanimous 9-0 upholding the law of the constitution, and that decision does protect constitutional liberty from invasive police use of technology was celebrated across the ideological spectrum. But not so fast, we live in a different world where the fourth amendment, perhaps too quickly, is tossed aside with emerging technology and with it the need for security, both informational and physical are necessary to protect our privacy.

Drones, manned aircraft flyovers, satellite imaging, the infamous Google automobile photographing street views of buildings and homes above. Are these “searches” within the meaning of the Fourth Amendment? The courts have struggled with these questions over the years.
In this article I will discuss:
  1. Supreme Court Deliberations United States vs. Jones
  2. The Patriot Act
  3. U.S. National Security Agency (NSA) and Snowden

1. Supreme Court Deliberations United States vs. Jones

In that Supreme Court case, Justice Antonin Scalia looked to the 18th century for guidance. In his view, attaching the GPS was the sort of physical invasion of property the framers had in mind when they wrote the Bill of Rights. Yet does the risk the GPS poses a loss of privacy, not ownership? Instead, the question was whether long-term GPS tracking violated reasonable expectations of privacy not those of another era debated by the Justices.
The right questions were asked in their deliberation, but when applied to the government, the standard he used could turn our lives into the proverbial open book. I will point to the NSA, Patriot, and Freedom of Information Act. Focusing on public expectations of privacy means that our rights change when technology does. As Justice Alito said:
"New technology may provide increased convenience or security at the expense of privacy, and many people may find the tradeoff worthwhile."
The question of the day is, are constitutional rights are intended to protect our liberty even when the public accepts “increased convenience or security at the expense of privacy”? Fundamental rights remain fundamental in the face of time and new inventions.

In essence, Justice Scalia’s approach will better protect privacy rights over the long term stressed that at the very least, the Fourth Amendment protects rights we had when the framers drafted the Constitution. Still, his approach is problematic. There isn’t always an available 18th-century analog for current government conduct, like GPS tracking.

In another related case, Kyllo vs. the United States, even Justice Scalia held that police use of a thermal imager to detect marijuana grow lamps within a home was a search but only so long as such technology was not in general public use. There’s the rub, expanding the use of technology narrows rights.

Among the justices in the Jones case, only Sonia Sotomayor insisted that fundamental rights not be hostage to technological change. She called into question the court’s longstanding reliance on expectations of privacy, which she deemed ill-suited to the digital age.

2. The Patriot Act

The Patriot Act is one of the most controversial that broadly expanded law enforcement’s surveillance and investigative powers and amended more than 15 different statutes, including the Electronic Communications Privacy Act of 1986 (ECPA), the Computer Fraud and Abuse Act (CFAA), the Foreign Intelligence Surveillance Act (FISA), and the Family Education Rights and Privacy Act (FERPA).

Among other things, the USA Patriot Act intended to update wiretap and surveillance laws for the Internet age, addressing real-time communications and stored communications (e-mail, voicemail), and to give law enforcement greater authority to conduct searches of property. The Act, however, goes far beyond fighting terrorism and is particularly true concerning computer crimes.
So what are the critical elements of this Act essential to privacy and cybersecurity?

Procedural changes

Although not directly focused on computer crimes, the Patriot Act includes changes to several procedural-related statutes that are likely to aid in prosecuting computer-related activity. For example, under certain circumstances, grand jury information can now be shared, and customer records can be disclosed. These procedural enhancements are not directly tied to computer crimes but are likely to assist law enforcement in investigating and prosecuting them.

Before the Patriot Act, Internet service providers were limited in their ability to provide information to law enforcement. The Act expands the circumstances under which service providers can now notify law enforcement of suspicious information, as, for example, when the service provider "reasonably believes that an emergency involving the immediate danger of death or serious physical injury to any person requires disclosure of the information without delay."

In addition to genetic changes, the Patriot Act contains two procedural modifications that directly focus on computer activity. First, it adds explicitly felony acts related to the Computer Fraud and Abuse Act in the list of predicates that can serve as the basis for receiving authority to intercept wire, oral, and electronic communications. A second procedural change that directly targets computer crimes is found in a section that authorizes the interception of computer trespasser communications.
With the permission of the owner or operator of a "protected computer," a term defined in the computer fraud statute, law enforcement may now intercept communications to and from the computer trespasser when the "person acting under color of law has reasonable grounds to believe that the contents of the computer trespasser’s communications will be relevant to the investigation." A new statutory provision specifically defines "computer trespassers." This provision will likely increase law enforcement’s role in hacking cases.

Investigative changes

The Act recognizes the need to increase computer tools for investigating cybercrime. Under Section 816 of the Patriot Act titled the "Development and Support of Cybersecurity Forensic Capabilities" calls for the U.S. attorney general to establish regional computer forensic laboratories. These laboratories are for "training and educating" "federal, state, and local law enforcement" in their investigations of computer crimes. It appears from the wording of this section that these new investigative tools are not limited to cyberterrorism, but are meant to cover all computer-related crime.

The Patriot Act also increases the types of law enforcement individuals who may now be a part of investigations for some computer crimes. Before the new legislation, the Secret Service was allowed to participate in some, but not all, of the studies of different computer offenses listed within the Computer Fraud and Abuse Act. As a result of the new law, the investigative powers of the Secret Service are extended to include all offenses within the computer fraud and abuse statute. Primary authority, however, is provided to the Federal Bureau of Investigation for crimes such as those related to espionage and foreign intelligence.

Substantive changes

Several substantive criminal law changes within the Patriot Act are directly related to the prosecution of computer crimes. These can be found in sections about money laundering, defining the federal crime of terrorism, and revising the computer fraud statute.
  • Money laundering - One of the critical money laundering statutes finds a new, specified unlawful activity in its addition of crimes related to computer fraud and abuse. This Patriot Act does not limit the money laundering charges to cases of terrorism or to specific provisions within the computer fraud and abuse statute. It merely includes this new form of a specified unlawful activity by name and statute number, without placing any limits on what type of computer activity can form the basis of specified criminal activity for purposes of money laundering. This means that we may now see money-laundering charges as an additional count in some indictments that were previously limited to charges of computer fraud.
  • Defining computer crimes as acts of terrorism - The definition of terrorism has been a subject of significant international debate, but from a domestic perspective the term is defined as acts of terrorism transcending national boundaries. The second part of the definition relies upon criminal violations that are listed explicitly in the statute. Before the Patriot Act, computer crimes were not among the offenses upon which a charge of terrorism could be based. Now terrorism can now be premised upon some of the conduct provisions within the computer fraud and abuse statute. The fact that all types of computer criminality listed in the Computer Fraud and Abuse Act are not included in the Patriot Act demonstrates that there was an effort made to limit the definition of computer terrorism to acts involving espionage and cyberterrorism. Actions that recklessly cause damage, or just cause damage, will not be a sufficient basis for claiming that it constitutes terrorism. To meet the definition of terrorism, a computer crime will require that the action be knowingly committed and the damage intentional. The fact that Congress decided to include certain computer crimes as acts of terrorism is an indication that cyberterrorism is a concern of the highest magnitude.
  • Revising the computer fraud statute - Since Congress passed the Computer Fraud and Abuse Statute in 1984, there have been several amendments to its language. As it exists today, it provides for the prosecution of seven different types of computer-related conduct. The various forms of behavior listed in the statute each specify a basis for jurisdiction. Some of the different activities covered by this statute are electronic espionage, intentionally accessing a computer without authorization, browsing in a government computer, acts of theft from protected computers, trafficking in passwords, and extortion conduct related to computers. The substance of many of these provisions remains unchanged by the Patriot Act.
Among the changes above include the fact that the government can now prosecute extraterritorial computer crimes. One modification expands the scope of the statute and is found in a section that redefines a "protected computer" to include those that are located outside the United States. This language provides extraterritorial jurisdiction whenever the term "protected computer" is used in the statute. Surprisingly, however, it does not limit extraterritoriality to acts of national security or terrorism. As such, computer acts involving acts of fraud that are unrelated to terrorism may be the subject of a United States prosecution even when the computer is located outside the country. It is only required that the protected computer be used in a manner that affects interstate or foreign commerce or communication of the United States.

Patriot Act enforcement of extraterritorial computer crimes is strict without the full cooperation of sovereign foreign governments short of military intervention. According to Laurie Thomas Lee, professor of broadcasting at University of Nebraska-Lincoln:
"Many of the new provisions pertaining to telecommunications users and providers are also potentially unconstitutional, in that they violate Fourth Amendment rights. Although the Act was designed to address terrorist activity, many of the overly broad provisions may result in surveillance powers applied to large numbers of innocent people. The Act effectively snubs the judicial system in favor of executive power, bypassing the role of the courts in providing an adequate system of checks and balances."
The Patriot Act allowed federal agents to monitor electronic communications, which includes wireless phones, email, and internet, without much oversight. It also allowed the government to seize business records of telecom companies as well as customer records from the Internet Service Providers. Besides the internet, any subscriber records from the television cable company, including programming details, can also be confiscated.

Most importantly, the surveillance does not even stop at the telecom companies or state borders. The FBI was given authority to obtain warrants that followed a person across state borders, as well as to trace any telephone or computer usage. Under expanded FISA (Foreign Intelligence Surveillance Act) authority, the government was allowed to set up wiretaps at anyone’s residence and to search the premises without notification. The FBI was even permitted to monitor and tape conversations, as well as meetings, between an attorney and the client in federal custody. The complete loss of privacy is in violation of the constitution by allowing the circumvention of security controls protecting our private data.

3. The National Security Agency (NSA) and Snowden

Edward Snowden is a high school dropout who worked his way into the most secretive computers in U.S. intelligence as a defense contractor only to blow those secrets wide open by disclosing details of classified surveillance programs.

Snowden has revealed himself as the source of documents outlining a massive effort by the NSA to track cell phone calls and monitor the e-mail and Internet traffic of virtually all Americans. Snowden said he just wanted the public to know what the government was doing.
"Even if you're not doing anything wrong you're being watched and recorded."
Snowden told The Guardian newspaper in the United Kingdom that he had access to the full rosters of everyone working at the NSA, the entire intelligence community and undercover assets around the world. The implications of privacy and cybersecurity are profound to the degree we ask ourselves do we want a wall of security or freedom on the internet?

Even before Edward Snowden, the NSA, and Prism made headlines, a group of technologists was dedicated to making the Internet more anonymous. They were viewed mostly as paranoid, weird and potentially criminal. Now, more than a year after revelations of the government's mass electronic surveillance program, they are leaders in a movement heating up globally to create more ways for people to use the Internet while keeping private who and where they are, and what they're doing on the Web. These include email accounts that cannot be spied on, file-sharing services that the government cannot trace, and massage services that cannot be recorded and stored. But governments worldwide went on a rampage and began developing security technologies to thwart the surveillance mechanisms Snowden disclosed.

Andrew Lewman, the executive director of the Tor Project, an international group of researchers and technologists who maintain an Internet network in which all users are anonymous, and their locations are secret said:
"That idea used to sound far-fetched. It doesn't sound so crazy anymore, does it?"
Joining the effort are tech giants such as Google, Microsoft, Apple, and Yahoo, responding to a backlash from their users over data collection. Niche tech companies such as San Francisco based BitTorrent, which builds software so Internet users can keep their identities and data hidden; and ad hoc groups of technologists. While total anonymity on the highly commercialized Internet, powered by advertising revenue and big data sales, is probably impossible in that one way or another, anonymity will be a more significant part of the digital future.

Today users of the internet are more aware that what they are doing online may not be private, and they are taking steps to combat that looking to technology companies for solutions. Yet many others question people’s conviction they have the right to online anonymity. Sure just stay off the internet, go on an all-cash basis and live like a hermit in a desolate area of the country.

The backbone of the Internet was created through the federally funded Defense Advanced Research Projects Agency, so the feds are watching us from the beginning by signing up for tracking when you use the Internet. Companies such as BitTorrent and Guerrilla Mail, a Chicago-based service founded in 2006 that offers anonymous, disposable email accounts have won over mainstream customers after once mainly serving tech geeks and rabble-rousers. BitTorrent is experiencing tremendous growth, with a surge in users from two new products that target consumers worried about government spying.
Guerrilla Mail, which gives users an email address without any registration or logs in and deletes emails permanently after one hour, has done nearly half of its business in the past year. And Tor grew from 75 million users in 2012 to well over 200 million in 2014 after the NSA operation was revealed. Micah Lee, a Berkeley-based technologist with media site The Intercept, helped protect the Snowden documents from being hacked after they were released to the media. He created OnionShare, an anonymous file-sharing service that uses fake domain names to protect data.

But some of the same services that offer a safe haven from government snooping or Facebook data mining also have been a breeding ground for drug rings and child pornography, which could stay primarily hidden in the protected networks. For example, in 2013 a Harvard used Tor to send a bomb threat to avoid taking a final exam, although he was caught by law enforcement because he accessed Tor using Harvard's wireless network, which authorities could trace.

BitTorrent has long had the reputation as the go-to service to illegally download music and movies and that it was used in the recent leak of female celebrities' nude photos. BitTorrent and Tor have said nefarious activity is one downfall of not keeping information on their users, but that they cooperate with law enforcement to help find criminals, who are far outnumbered by law-abiding users who merely want privacy and their internet connection secure. They don't want to share their online business with the world.

Privacy and security go hand-in-hand, you can never have one without the other as we discussed the Fourth Amendment of the U.S. Constitution where law-abiding citizens privacy is assured. Yet, with the acts of terrorism and the Cybercriminal, the Patriot Act was passed allowing federal agencies the power to institute internet and telecommunication surveillance along with enforcement. The required disclosures of those activities Snowden provided on those activities became a global controversy only to making a mockery of the inherent rights afforded by the U.S. Constitution. Since the dawn of the internet, the world entered into a challenging world, a new realm, a new beginning to the realities we face in the digital age.