The Challenge of Digital Evidence

The Lawfare Podcasts, sponsored by the Brookings Institution, always seem to get below the surface and find more detail than is typically available in the electronic news media. The one above describes the problems digital service and media providers have responding to law enforcement requests (subpoenas) for digital evidence. I won't try to summarize the entire podcast but one topic caught my attention: the breadth of subpoenas.

Typically, a subpoena will include some specific evidence  needed in a criminal case (e.g., a list of cell phone calls a suspect has made, etc.) but then goes on to add "...in addition to all other relevant evidence." Of course this is the problem: who decides what is relevant and how much data can a company be compelled to provide.

Compare the digital search to a typical warrant. Law enforcement breaks into an office with a warrant. The warrant lists specific evidence e.g., documents and physical evidence. If law enforcement finds other relevant evidence of criminal activity, that evidence is also swept up in the search. If they are looking for emails, can they ask for a backup of the company's entire email system in case some other employee (not the target of an investigation) forwarded evidence while also adding incriminating comments? Challenges to the scope of a digital subpoena can tie up searches to the point that data begins to disappear.

The podcast discusses a proposal to have a central clearing house that can broker these kinds of problems. I would add one other suggestion. If you listen carefully to the podcast, the discussion proceeds at a very high level with few specifics about the typical kinds of searches law enforcement might execute. Basically, prosecutors and law enforcement do not want to miss something that might be relevant. This is the mentality of the system.

After 9/11 the Department of Homeland Security (DHS) explored ways to share more information between local law enforcement, the FBI and DHS. "Connecting the dots" became a priority. But it was impossible to get the Federal government to specify what they wanted. Local Law Enforcement did not feel comfortable sharing it's raw data which included names of citizens never charged with any crime e.g., witnesses. After much argument and miscommunication, DHS admitted they "wanted everything" and really just wanted to do Google searches on every bit of information they could store centrally. This is the mentality of the system.

My suggestion is for the central clearing house to work on specifying routine searches e.g., cell phone call records, and move on from there to digital financial records, personnel records, customer data, etc. Digital service and media providers can then work on the programming necessary to meet these requests in a routine way. This might be easier than it sounds because enterprise software providers e.g., Oracle, Microsoft, IBM, etc. can build these searches into commercial systems that are used by most all large companies.

At some point in the process of building search requirements we will get to unreasonable and ill-defined requests basically for everything. I cannot predict what will happen at this point but judges might have to decide that some requests cannot be met. The central clearing house could be an unbiased third party assuring the judicial system that a request has gone too far.