US wiretap and electronic surveillance law heavily depends on drawing distinctions between content and metadata. Content enjoys significant legal protection under most circumstances, while metadata generally does not, and often be obtained by the government with a simple subpoena.
So how do we tell what's content and what's not? Unfortunately, current law is based largely on the technology of the mid-20th century telephone system, drawing distinctions that can often be meaningless or nonsensical when applied to modern technology like the Internet. For example, are packet headers content or non-content? What about URLs? The law is largely unclear on even these basic questions.
This talk will survey the technical contradictions that are unraveling the rules for surveillance on the Internet, and suggest technical approaches for finding sensible answers to some increasingly difficult legal questions.
This talk is based partly on a forthcoming paper (co-authored with Steve Bellovin, Susan Landau, and Stephanie Pell) to appear in the Harvard Journal of Law and Technology.