Cybersecurity & Tech Surveillance & Privacy

Sound Recommendations on Digital Evidence and Law Enforcement

David Kris
Wednesday, July 25, 2018, 8:00 AM

Professor Jennifer Daskal and Will Carter of the Center for Strategic and International Studies have written a terrific report, “Low-

Published by The Lawfare Institute
in Cooperation With

Professor Jennifer Daskal and Will Carter of the Center for Strategic and International Studies have written a terrific report, “Low-Hanging Fruit: Evidence-Based Solutions to the Digital Evidence Challenge.” The report is based on survey data from law enforcement agencies across the country and reflects input from technology companies and others (my consulting firm, Culper Partners, provides counsel to technology companies, so readers should factor that into their assessments).

The CSIS report begins on a solid foundation, recognizing that digital network technology has created both costs and benefits for law enforcement. The paper does not take sides in the debate about whether governments are “Going Dark” or whether this is a “Golden Age of Surveillance.” I wrote a long paper in February 2017, called “Digital Divergence,” advancing the argument that digital network technology has been bad for both privacy and security, and the Supreme Court’s recent decision in Carpenter v. United States—not just Chief Justice John Roberts’s majority opinion but also Justice Anthony Kennedy’s dissent—reinforce the point. Apart from being empirically correct (at least in my view), the CSIS report’s approach is also politically useful as we search for consensus in an effort to increase both privacy and security where possible.

To that end, the report is explicit in not addressing encryption, which is currently the most controversial issue in digital evidence. The report’s animating idea, as its title suggests, is to address some of the low-hanging fruit, or to make real progress where possible without prejudice to addressing other issues. Law enforcement sometimes worries that focusing attention on other aspects of digital evidence may reduce pressure to address encryption. But the CSIS report is quite explicit, and therefore credible, in disclaiming such an intention, and law enforcement therefore ought to be able to support it without being seen as surrendering on encryption or other hotly disputed issues.

The report makes a strong case that there are problems, apart from encryption and the like, that are worth addressing. As the report’s executive summary explains (emphasis in original):

Our survey of federal, state, and local law enforcement officials suggests that challenges in accessing data from service providers—much of which is not encrypted—is the biggest problem that they currently face in terms of their ability to use digital evidence in their cases. Specifically, the inability to effectively identify which service providers have access to relevant data was ranked as the number-one obstacle in being able to effectively use digital evidence in particular cases. Difficulties in obtaining sought-after data from these providers was ranked as a close second. These challenges ranked significantly higher than any other challenges—including challenges associated with accessing data from devices or interpreting the data that has been obtained.

The report calls on service providers to do more to improve transparency and communication with law enforcement. For providers, the anticipated benefits include higher-quality and more tailored requests from law enforcement, better working relationships with law enforcement, and reduced risk that law enforcement will engage in less transparent measures (that if and when revealed could undercut consumer confidence in providers). As the report explains, “any workable solution will require renewed efforts by both law enforcement and the private companies that manage and hold data of interest.”

The report’s chief recommendation is to establish a National Digital Evidence Office charged with developing a national policy on digital evidence. The office would be responsible for “overseeing and coordinating” efforts to assist law enforcement and improve law enforcement access to digital evidence consistent with civil liberties. For example, the report explains, the office should “facilitate improved cooperation with service providers and help disseminate knowledge and analytical tools that can assist law enforcement in deciphering data that has been disclosed. And it should promote greater transparency about the nation’s digital evidence policies and programs, ensure that new initiatives are being conducted in a manner consistent with privacy and civil liberties, and make recommendations with respect to new legal authorities and policy changes that are needed or being pursued.” This approach, in general terms, strikes me as very sound, and I agree with the report that overall the proposed reforms’ “costs are moderate and the payoffs likely large.”

This report is, in short, a high-quality effort to identify common ground and facilitate win-win approaches in a highly polarized policy environment. It will not make everyone entirely happy, of course, but its core recommendations could and should be supported widely. I commend it to readers from all camps.

David Kris is a founder of Culper Partners, with more than 30 years of experience in the private sector, government, and academia. He has been a corporate director, general counsel, deputy general counsel, and chief compliance officer; assistant attorney general for national security, associate deputy attorney general, and a trial attorney at the Justice Department. He serves on advisory boards for several government agencies and as a FISA Court amicus curiae. He is the author or co-author of several works on national security and teaches national security law. He is a member of the board of directors of Lawfare.

Subscribe to Lawfare