The United States government hacks computer systems, for law enforcement purposes. As encryption becomes more pervasive, and as anonymization tools become easier to use, the government will foreseeably increase its resort to malware. This article provides a comprehensive examination of how federal law regulates law enforcement hacking.
The article’s first contribution is descriptive. It explains why and how law enforcement agencies hack computer systems, and it offers a framework for examining critical steps in the operation of government malware.
The article’s next contributions are doctrinal, analyzing the appropriate legal procedures for law enforcement hacking. About half of courts have, surprisingly, concluded that government malware does not necessarily implicate constitutional privacy protections. The article argues that law enforcement hacking constitutes a Fourth Amendment “search,” and presumptively requires a warrant and associated protections.
The article also makes theoretical contributions. Government malware is the latest flashpoint for electronic surveillance, and it illuminates longstanding scholarly debates about the Fourth Amendment. Law enforcement hacking is a case study in how the three branches of government articulate surveillance regulation, the inherent challenges of rebalancing privacy law to account for new technology, and the relationship between statutory and constitutional privacy protections.
Jonathan Mayer is Chief Technologist of the Federal Communications Commission Enforcement Bureau, where he works to protect the security and privacy of America’s telecommunications infrastructure. Jonathan is also a Cybersecurity Fellow at Stanford University, where he is completing a Ph.D. in computer science and received a J.D. in 2013.