The Wake

With the growing independence that accompanies going off to college, students find themselves learning more than what’s taught in the classroom. Most people nowadays are spending more and more time operating in a world that they don’t truly understand—the World Wide Web. It can probably be safely said that most students don’t really know the nitty-gritty technical aspects of the Internet, but they have figured out how to instant message, create a Facebook profile, download songs, order textbooks and register for class.

Of course, while an extensive knowledge of technology isn’t necessary to send an email, not really knowing what you’re working with can leave you vulnerable—especially when you’re giving away important information such as your credit card number online. It’s also a legal dilemma: how can you tell the court you had an expectation of privacy when you surfed the net and essentially opened your hard drive to anyone who knew how to access it? Just because most of us don’t know what’s going on doesn’t mean that everyone’s clueless.

On March 28, the Silha Center and the INMS sponsored a presentation, “Your Email is not Yours! Government Surveillance and Digital Privacy,” by three Internet-savvy speakers, including Mary Horvath, program manager and senior computer forensic examiner with the FBI; Dick Reeve, deputy district attorney in Denver and adjunct professor at the University of Denver College of Law; and Stephen Cribari from the University of Minnesota Law School.

The presentation focused on the constitutional interpretation of privacy. The Fourth Amendment of the U.S. Constitution states “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures …” But what about a search of your computer?

Would the people that wrote the Fourth Amendment have protected the hard drive? It’s hard to know since there has been no Supreme Court decision yet that precisely answers that question in relation to the constitution. The question of what the constitution says about online privacy is a tough one, Cribari says—the “jury’s still out” on whether or not your hard drive is even still solely yours once you connect to the web. “When you connect with an Internet site, do you know what’s been put on your computer?” he asked.

“The notion of what’s private when it comes to cyberspace is not an easy question,” he said. The notion of privacy that most of us have online is a sense of anonymity, but anonymity is not the same as privacy and simply being anonymous doesn’t protect private information, he says.

While constitutional protection hasn’t yet been defined, “there are federal laws, including various privacy acts, that govern where the Fourth Amendment might not,” Reeve says.

Aspects of these laws outline the steps that the government must take in order to search for information on a private computer. When examining a hard drive, forensic examiners can only look for evidence of an alleged crime and need to get a new warrant if they find anything else, Reeve said. When they’ve received a warrant, their first step is to make a “forensic copy” of all digital evidence is made. Such a copy is “a virtual snapshot of the entire drive,” including supposedly erased and reformatted data. “It takes a picture of everything, including where there’s nothing,” he said. “There’s no such thing as ‘hidden data’ in a forensic laboratory.”

There are also numerous ways to intercept and or “wiretap” for information in addition to accessing data that’s simply stored on a hard drive. For instance, “data sniffers” are programs that are designed to collect individual packets of data—each of our emails is broken into thousands of these—that are sent through servers around the world when we hit the send button.

All Internet traffic is routed through multiple servers and the routers determine the path that the information takes. Although the system tries to find the best path, the information still goes through multiple servers. “This is one of the major reasons there is no privacy on the Internet,” Horvath says.

However, there’s a great wealth of information stored on computers that is relatively easily accessed. Most of us don’t realize just how much of our actions remain recorded in files that our computer creates or moves around. “When I delete an email, it’s gone, right? When you throw something in the trash bin on your computer, does it go away?” Cribari asks. “No, it just moves to a different part of the computer,” he added. “Your emails are not private technically. Anybody can get your emails and it’s very easy to get if you know what you’re doing,” Horvath says.

As an FBI examiner, “I handle digital evidence of stored date, not the wiretaps or wireless transmissions or ‘data sniffers,’” Horvath says, although there are other examiners that work with such programs. Examiners used to go through every file on the computer over a course of several days, but now that would be impossible, so there are automated programs that do the same thing, she said. Methods of searching include date reduction by filtering out recognizable files, going through metadata that computers create about your actions in certain programs (such as Word), and looking through Web browser history files that record where you’ve been online and how frequently you visit. Sometimes even passwords or credit card numbers get stored in computer files. Nearly anything that has been “deleted” remains findable, at least in part. “When you delete a file … that information is still in the computer,” she says.

While the law oversees governmental use of these techniques (although the Patriot Act has lately been the subject of controversy in its treatment of government access to information), criminal hackers roam the Internet world and are able to do many of the same things, putting your personal hard drive at risk whenever you’re online.

Legally, the question of how much online privacy a person is entitled to remains an open-ended one. “Do you have to understand all this to expect privacy?” asks Cribari. For practical purposes, “if you’re going to use this high-tech stuff and are passing information over it,” Horvath says, “then you should understand the security risks.”