Law enforcement agencies need access to data...sometimes

Law enforcement agencies need access to data...sometimes Photo by JessicaGale at Morguefile.com

Very often when I try to start a discussion about law enforcement access to data, the conversation immediately leaps to wiretapping as if this is a slam-dunk argument against any form of law enforcement access to data. For me, this indicates a narrowness of thinking that is prevalent in those who advocate for privacy rights above all others. The purpose of this article is to broaden the discussion by presenting a commonly used data categorisation and discussing the reasons why law enforcement agencies need access to data.

One point on the scope of this article before I begin: the discussion below relates to electronic data and does not address the collection of other types of evidence such as statements, physical evidence, fingerprints, DNA, etc.

Wiretapping is understandably an emotive topic to which people feel visceral suspicion – wondering who could be listening to, or monitoring, their communication without their knowledge – particularly in light of the Snowden revelations of government mass surveillance. However, the situation is not that simple. There are different types of data that can be accessed by law enforcement and these are frequently categorised as follows:

  1. Subscriber data – who owns, or was controlling a particular identity (account, IP address, etc.) at a particular point in time.
  2. Traffic data – this is, briefly, metadata about communication that has taken place between two parties (but not the content).
  3. Content data – the actual content of communication collected through mechanisms such as wiretapping.

By way of a concrete example, consider the traditional phone system:

  • Information about the individual who owns or controls a particular phone number would be subscriber data;
  • Information about whether person A called person B on the phone would be traffic data;
  • The content of the call between person A and person B would be content data.

Actions that lead to the collection of data from each of these categories are considered to be progressively more intrusive, with subscriber data being the least intrusive and content data being the most intrusive. Increasing levels of intrusiveness come with increasing levels of judicial oversight. An investigator that was requesting measures that provide access to content data would be required to demonstrate a significantly greater level of suspicion before being granted an order than an investigator that was asking for access to basic subscriber information.

Considered in this context, wiretapping should be thought of as a technical means to an end – it is one mechanism used by law enforcement agencies to collect a certain type of data, specifically content data.

In a more general sense, the aim of law enforcement agencies is to enforce the law (as the name suggests!). What this means, amongst other things, is the identification, and investigation, of breaches of criminal legislation. Every country has its own legislation and there is clearly disagreement amongst different countries about what constitutes a crime – this is part of the problem with discussions about law enforcement access to data, particularly on the Internet. Investigation of criminal activity must be done with the expectation that all of the law enforcement activity will be scrutinised in a court in due course. Therefore the findings of the investigation must be supported by appropriately collected and managed evidence. For a given jurisdiction, the rules for admissibility and appropriate management of evidence are commonly laid out in the criminal procedure code or equivalent.

Of course, when it comes to something as difficult and nuanced as law enforcement access to data, there is nothing simple, particularly when talking about electronic evidence and even more particularly when talking about electronic evidence collected from another jurisdiction. Below, I have provided a (far from exhaustive) list of examples of the challenges presented by these issues. I plan to describe some of these challenges in more detail in later articles.

  • There is not universal agreement of what constitutes a crime. The canonical example provided here are countries that do not have laws that restrict free speech or that do not protect individual rights to privacy.
  • There are different levels of judicial independence around the world.
  • There are different levels to which the principle of rule of law applies around the world.
  • There are different types of law enforcement agencies with a variety of different powers in different jurisdictions.
  • The time taken to gain access to evidence that is located in a different jurisdiction can be a major impediment to investigations. In fact, identifying the jurisdiction that the evidence is located in can, in itself, sometimes present an insurmountable challenge.
  • Different jurisdictions have different rules about what constitutes evidence and, in particular, where and how electronic evidence fits in their criminal procedure code. This can lead to some significant practical difficulties.
  • Fundamental technological challenges that can prevent identification of criminals online, such as topics I have already covered like Carrier-Grade NAT and IPv6 Stateless Address Autoconfiguration. This is a separate problem from the use by criminals of obfuscation technologies such as Tor.

Conclusion

The individual right to privacy is critically important but it is not an absolute right. Law enforcement agencies need to gather evidence during criminal investigations and this requirement represents an important societal need, the right of victims of crime to expect that their crimes can and will be effectively investigated by law enforcement agencies in their jurisdiction.

Wiretapping is not the only form of law enforcement access to data. The issue of law enforcement access to data is far more complex than is suggested by any simplistic dismissal of the entire topic because of an objection to wiretapping. As I concluded in my previous article, a more level-headed discussion is required to find a sensible balance between privacy and law enforcement access to data.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site you are accepting the use of cookies in accordance with our privacy policy.
Privacy Policy Accept