Metadata, the Constitution, and You
Having recently completed my second excursion into the wonderment that is Shmoocon, I’ve come away with a slightly perplexing quandary. I attended a talk titled “The Metadata is the Message”. This talk was at the same time both entertaining and very informative. Given by Matt Blaze, he not only describes the technical background of wiretapping, but also the legality of it and how it may apply in a post-telephone universe. The talk essentially describes metadata (information about data) and content (data) from a technical AND legal perspective and how that applies to wire tapping and collection by the Government. Going into a detailed picture of the verbiage contained within the Constitution (4th Amendment in particular), he gives insight into an antiquated realm of law that clearly does not scale to today’s modern infrastructure.
Essentially, the current rulings and precedence, from a legal standpoint, dates back to the 1960s and 1970s, long before the Internet existed. In fact, and Matt described this very well, that the rulings, while made during those years, were based on the technical understanding of a 1920s phone system! This astounded me that with the multitude of communication networks, advanced protocols, and the state of IoT that the legality around collection of data is based on telephones from the 20s!
And even after that, Matt explains more on “voluntary disclosure to a third-party”. In a very quick nutshell, using the telephone methodology of metadata collection, when you dial a phone number, you “voluntarily” give that information to a third-party (phone company), thereby allowing The Law access to those records. The content of the message (your conversation) is protected by the Constitution and requires a warrant to obtain. But how does this apply to newer communication networks? An example: An IP address. Is that metadata or content? Did you voluntarily give that information to a third party? And does being a “technical person”, who understands routing, ip addressing, and ports, place me at a legal disadvantage as it pertains to wire tapping?
All of that to say, this was an excellent talk and definitely opens my eyes to the complexity of internet laws. Make sure to read Matt’s paper (https://ssrn.com/abstract=2791646) for all of the delicious details. Thanks Matt, for giving me yet one more thing to think about.