Stanford CIS

Government Hacking: Evidence & Court Disclosure of Vulnerabilities

Join Mozilla and Stanford CIS for the fourth and final installment in our series of conversations about government hacking. Information from our first three events, discussing the cybersecurity risk of government hacking, the vulnerabilities disclosure process, and recent changes to Federal Rule of Criminal Procedure 41, can be found here, here, and here.

When law enforcement uses its hacking capabilities to collect information about a crime, that evidence might eventually be introduced in court, raising questions about what defendants have a right to know about the hacking techniques used. In order to confront the evidence against them, do those defendants need to know about the specific product vulnerabilities the government is exploiting? What if court disclosure of vulnerabilities puts the government’s capabilities in jeopardy? And if disclosure of vulnerabilities is necessary, what does this say about the overall viability of hacking as a law enforcement technique?

These questions have been playing out across the country over the last year in novel criminal cases based on evidence procured through hacking. Thus far, judges have reached wildly different conclusions about the evidentiary questions at play. Some elected to throw out evidence. Others have found that a search warrant is not  necessary for this type of remote hacking operation.

Our fourth discussion, to be held on April 5, 2017, will bring together leading technologists and legal experts to discuss admissibility of evidence obtained through hacking and whether vulnerabilities used in hacking operations need to be disclosed in court. Thank you to the Stanford Cyber Initiative for providing the funding for this event.

Presented by the Stanford Center for Internet and Society and Mozilla, the event series is dedicated to convening experts in cybersecurity, government surveillance technologies, and public policy to examine the legal, technical, and policy challenges associated with government hacking.

Speakers:

Nicholas Weaver, Senior Researcher at the International Computer Science Institute

Andrew W. Grindrod, Asst. Federal Public Defender