Part III: When Governments Hack People

Week 7 (Nov. 9, 2022): Encryption & Technical Assistance

This week, we’ll discuss the legal framework in the United States for the encryption technologies you studied with Prof. Stamos. We’ll go over the government’s past efforts to use ECPA and other laws to try to compel the providers of encrypted devices and communications services to decrypt customer data for law enforcement. We’ll also examine the policy debate over whether to change existing law to constrain online service providers’ and device manufacturers’ ability to provide their users (i.e., you) with strong encryption that does not include a mechanism for the provider or law enforcement to access to the plaintext of the encrypted data.

Week 8 (Nov. 16, 2022): Government Hacking

In week 7, we discussed U.S. government proposals to compel electronic device manufacturers and online communications service providers to build in a mechanism for law enforcement to access the plaintext of encrypted data - that is, to compel the intentional addition of new vulnerabilities to those devices and services. This week, we’ll study how the U.S. and other governments, and their private-sector contractors, exploit existing and unintentional vulnerabilities in order to hack people whom the governments wish to surveil or apprehend.