Skip to Content

Government Surveillance

What’s Wrong With the Third Party Doctrine and Einstein 3.0

In a new book, CDT experts debate some of the most pressing issues in surveillance law today.

Patriot Debates: Contemporary Issues in National Security Law features CDT’s Greg Nojeim in a debate on the third-party records doctrine and its application to criminal investigations in the digital age. The doctrine holds that law enforcement does not need a warrant to search and seize information lawfully held by third parties, such as online file hosting services like Dropbox or online email providers like Gmail. Nojeim argues that the third-party records doctrine is outdated and an ill-suited legal standard for today’s digital world. For example, people can use physical storage lockers rented out to them by a third party—that is, a locker rental company—and retain a warrant protection for their property stored in the lockers. However, if people use an online storage service provided by a third party, their warrant protection is lost. Nojeim advocates for a technologically neutral third-party doctrine that extends the Fourth Amendment’s warrant protection to the digital space.

CDT’s Jim Dempsey is featured in a discussion about Einstein 3.0, a government-operated cybersecurity system that is designed to prevent cyber intrusions into private networks. Dempsey states that liberty and security both benefit from the private sector leading the cybersecurity charge, as opposed to running the government-operated Einstein 3.0 system on private networks. Although Dempsey agrees that the government can offer aid to the private sector, he sees the private sector as “more agile and more knowledgeable” about its own systems. Dempsey also points out that Einstein 3.0 would allow large quantities of data from private citizens to pass through the federal government during the operations of Einstein 3.0, which poses a severe threat to civil liberties. Dempsey holds up the NSA’s agreement with the private sector in the Defense Industrial Base (DIB) pilot as a model for the rest of the Federal government to ensure cybersecurity.