This is my first article that deals with the legal side of things in the IT security world. To start off I would first like to state that I am not a lawyer, I am not your lawyer, and I am certainly not the US governments’ lawyer. With that said some of the research that I do before I write articles like this one contain a lot of legal documentation that, in some ways, is a bit confusing to me. If a lawyer or someone who happens to have a lot of knowledge in law happens to be reading this article (or any of my future articles like this one) please keep that in mind that this is not the type of thing that I usually deal with so if you notice any errors or anything that does not sound right please feel free to contact us either by email or through our contact us page and let me know.
What a 2703(d) Order Is
A 2703(d) order is basically one of the “legal” ways law enforcement can wiretap someone (without having access to the conversation details). 2703(d) orders can also be used for forcing a provider to disclose detailed records about a customer’s use of services. This includes recent IP addresses used to access the provider’s services, email records (if the provider provides email services), and any other types of contacts that the provider might have. From what I understand 2703(d) orders do not allow law enforcement to have access to the actual details (data) of conversations; it only allows for information like to and from (meta data) of the conversations. If a 2703(d) order is being used against a subscriber of a cellular telephone service provider then they will turn over records showing the cell-site location information of where the subscriber is making and receiving calls in real time. Some of you might have heard about 2703(d) orders because of law enforcement using them on certain people that you “follow”. An example of law enforcement using a 2703(d) order is with Jacob Appelbaum, who is an activist, hacker, and Tor project developer (I have talked about him in previous articles). Several years ago law enforcement used this order to disclose information about Jacob’s Twitter account which included recently used IP addresses and possibly other information. From what I heard about this story Twitter actually tried to fight this in court which is a big thumbs up to Twitter but, sadly, in the end law enforcement won and they were granted access to his information. This is only one example of when law enforcement used a 2703(d) order; there are many others.
In The “Real World”
I am going to be honest and say that I don’t totally disagree with the methodology behind 2703(d) orders and any other legal order like it, primarily because if they were truly being used in a legal way then there would be no issues because they would only affect the true “bad guys” out there. However from what we have seen about the US government and the NSA in general, they tend to illegally wiretap someone (for example), then once they have enough dirt on that person they will go and get a legal court order which then legalizes the process. I am not against wiretapping or even (in some cases) wiretapping a subscriber where even that specific subscriber does not know about it but this is not how our system should work with everyone. In my opinion, this method should only be allowed in extreme circumstances such as with known terrorists. We really need to redefine our legal system and make better laws which are not more complex but more specific and easier for everyone to understand.
Thank you for taking the time to read this article! As always keep the faith!