A message from America – about privacy

Uncategorized 3 Minutes

This blog is not the product of extensive legal researches. It is largely the product of two different questions which I asked ChatGPT.

Question 1.

Are there any US federal laws which allow law enforcement agencies to require communications providers to hand over encrypted data?

I have italicised the bits which seem to me to be the most interesting or important.

Answer

Yes, several federal laws in the U.S. allow law enforcement agencies to compel communications providers to hand over data, including encrypted data. However, these laws do not always require providers to decrypt the data if they do not possess the means to do so.

Key Laws Allowing Law Enforcement Access to Data

1. Communications Assistance for Law Enforcement Act (CALEA) (1994)

  • Requires telecom companies to build their networks in a way that allows lawful government surveillance.
  • However, it does not require providers to decrypt encrypted communications if they do not have the decryption key.

2. Stored Communications Act (SCA) (1986) (Part of the Electronic Communications Privacy Act – ECPA)

  • Allows law enforcement to request stored communications (such as emails or messages) from service providers with a warrant (for content) or a subpoena (for metadata).
  • If the data is encrypted, the provider may hand it over in its encrypted form and is not necessarily required to decrypt it.

3. USA PATRIOT Act (2001)

  • Expanded law enforcement’s ability to access electronic communications for national security and counterterrorism purposes.
  • Allows authorities to obtain data, including encrypted data, but does not explicitly mandate decryption by providers.

4. Clarifying Lawful Overseas Use of Data (CLOUD) Act (2018)

  • Allows the U.S. government to request electronic data from providers, even if the data is stored outside the U.S.
  • Applies to providers like Google, Apple, and Microsoft, but does not explicitly require them to decrypt data they cannot access.

Can the Government Force Companies to Decrypt?

  • There is no federal law that explicitly requires companies to decrypt data if they do not have the encryption keys.
  • Companies like Apple and WhatsApp have resisted law enforcement requests for decrypted data, arguing they do not have access to users’ encryption keys (as in the Apple vs. FBI case after the San Bernardino shooting).
  • Some government officials have pushed for “backdoor” requirements, but no law currently mandates this.

Conclusion

While U.S. federal laws allow law enforcement to demand encrypted data, they do not require service providers to decrypt it if they do not have the technical means to do so. The debate over encryption backdoors remains unresolved.

Question 2.

In the USA is there a federal law which declares privacy to be a “fundamental right”?

There is no single explicit federal law in the U.S. that declares privacy to be a “fundamental right.” However, privacy rights have been recognized through a combination of constitutional interpretation, federal statutes, and Supreme Court rulings.

Constitutional Basis

While the U.S. Constitution does not explicitly mention “privacy,” the Supreme Court has interpreted several amendments to imply a fundamental right to privacy:

  • Fourth Amendment – Protects against unreasonable searches and seizures, implying a right to privacy in one’s home, body, and personal effects.
  • First Amendment – Protects privacy of beliefs.
  • Third Amendment – Protects privacy in the home from government intrusion (quartering of soldiers).
  • Fifth Amendment – Protects against self-incrimination, reinforcing privacy in personal information.
  • Fourteenth Amendment – The Due Process Clause has been interpreted to protect personal privacy in issues such as marriage, contraception, and child-rearing.

Key Supreme Court cases, such as Griswold v. Connecticut (1965) and Roe v. Wade (1973), have recognized privacy as a fundamental right under these amendments.

Federal Privacy Laws

Although no single statute declares privacy a fundamental right, various federal laws protect specific aspects of privacy, including:

  • Privacy Act of 1974 – Regulates government collection and use of personal data.
  • Electronic Communications Privacy Act (ECPA) – Protects electronic communications from unauthorized surveillance.
  • Children’s Online Privacy Protection Act (COPPA) – Protects children’s online data.
  • Health Insurance Portability and Accountability Act (HIPAA) – Protects medical privacy.
  • Family Educational Rights and Privacy Act (FERPA) – Protects student records.

Conclusion

While privacy is not explicitly labeled as a fundamental right in a single federal law, it has been recognized as such in constitutional law and Supreme Court rulings. Additionally, various federal laws provide specific protections for privacy in different contexts.

ShareRelatedLatestTopDiscussions

Unknown's avatar

Published by John Carr

John Carr is one of the world's leading authorities on children's and young people's use of the internet and digital technologies. He is a former Senior Technical Adviser to Bangkok-based global NGO ECPAT International and a former Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised the Council of Europe, the UN (ITU), UNODC, the EU and UNICEF. A former member of Microsoft's Policy Board for Europe, the Middle East and Africa and a former Vice President of Mspace, he has also advised several of the world's largest technology companies on online child safety and ethical investors with shares in high tech businesses. John's skill as a writer has also been widely recognised. http://johncarrcv.blogspot.com and https://substack.com/@johnc1912

Published