Search warrants, subpoenas, and other forms of compulsory legal process are essential for legal parties to gather evidence. Internet technology companies increasingly control wide-ranging forms of evidence, yet little is known about how these companies fulfill their compulsory legal obligations. This Article presents an original study of internet technology companies as evidence intermediaries: third-party organizations that control access to evidence routinely sought by legal parties. Drawing on in-depth qualitative interviews with companies’ legal and compliance staff and with law enforcement agents, I show how company processes for responding to search warrants cannot be neatly categorized within the existing literature’s dichotomy of cooperation or resistance. Rather, the responses consist of makeshift measures that companies have developed to manage predicaments arising from the imprecise or impracticable wording of warrants. These measures can affect the evidence that is ultimately available for use in legal proceedings. They can also untether the scope of searches—as they are carried out—from the procedures of the Fourth Amendment. This Article contends that, because judicial officers are likely ill-equipped to oversee problematic company practices, a variety of institutional interventions to supplement existing court oversight of search procedure should be considered.
Introduction
Legal actors depend on forms of compulsory legal process to gather evidence, including information from internet technology companies such as Google, Meta, X (formerly Twitter), and Apple. In 2022, Google and Meta alone received over 230,000 search warrants, subpoenas, and other U.S. compulsory demands.1 1.See Government Requests for User Data, Meta, https://transparency.fb.com/data/government-data-requests/ [https://perma.cc/SWT6-NA5R] (last visited Apr. 10, 2024) (data showing 125,877 legal process requests received by Meta in the United States in 2022); Global Requests for User Information, Google, https://transparencyreport.google.com/user-data/overview [https://perma.cc/QAA7-PLVH] (last visited Apr. 10, 2024) (data showing 107,306 legal process requests received by Google in the United States in 2022).Show More These are nearly all third-party process demands, meaning that the recipient companies are not parties to the underlying disputes. Rather, the companies receive many such demands because their business operations generate evidence relevant to nearly every form of conduct that might give rise to an investigation or legal dispute. For example, congressional committees have subpoenaed companies to obtain social media data related to Russian interference in the 2016 elections.2 2.Aaron R. Cooper, Congressional Surveillance, 70 Am. U. L. Rev 1799, 1801 (2021).Show More Regulatory agencies submit subpoenas and civil investigative demands to internet technology companies for information about subscribers who have engaged in fraud or been victims of deceit.3 3.E.g., Christopher Slobogin, Privacy at Risk: The New Government Surveillance and the Fourth Amendment 140–41 (2007); Rory Van Loo, The Missing Regulatory State: Monitoring Businesses in an Age of Surveillance, 72 Vand. L. Rev. 1563, 1590, 1627 (2019); Andrew Keane Woods, Against Data Exceptionalism, 68 Stan. L. Rev. 729, 776–77 (2016).Show More Litigants in both civil and criminal cases have sought photographs, social media postings, and other forms of data to gather information about witnesses.4 4.See, e.g., Rebecca Wexler, Privacy as Privilege: The Stored Communications Act and Internet Evidence, 134 Harv. L. Rev. 2721, 2738–39 (2021); Joshua A.T. Fairfield & Erik Luna, Digital Innocence, 99 Cornell L. Rev. 981, 1076 (2013); Jane Bambauer, Other People’s Papers, 94 Tex. L. Rev. 205, 239 (2015); Marc J. Zwillinger & Christian S. Genetski, Criminal Discovery of Internet Communications under the Stored Communications Act: It’s Not a Level Playing Field, 97 J. Crim. L. & Criminology 569, 571 (2007); Steven S. Gensler, Special Rules for Social Media Discovery?, 65 Ark. L. Rev. 7, 9 n.7, 12–13 n.18 (2012).Show More And perhaps most frequently, law enforcement agents seek evidence from internet technology companies regarding suspects’ and victims’ identities, communications, and conduct.5 5.See, e.g., Slobogin, supranote 3, at 141; Alan Z. Rozenshtein, Surveillance Intermediaries, 70 Stan. L. Rev. 99, 147‒48 (2018); Anne E. Boustead, Police, Process, and Privacy: Three Essays on the Third Party Doctrine 40 (Aug. 2016) (Ph.D. dissertation, Pardee RAND Graduate School) (on file with RAND Corp.); Am. Bar Ass’n, ABA Standards for Criminal Justice: Law Enforcement Access to Third Party Records 2–3 (3d ed. 2013).Show More
Despite the volume and importance of third-party legal process directed at internet technology companies, little is known about how these companies actually undertake the work of processing such demands. To be sure, scholars are aware of the importance of these actors as “evidence intermediaries,” which I define as third-party organizations that control access to evidence routinely sought by legal parties. Scholars have paid particular attention to these companies’ role in generating and controlling access to information about people, places, and events.6 6.Jennifer Daskal, The Un-Territoriality of Data, 125 Yale L.J. 326, 328 (2015) [hereinafter Daskal, Un-Territoriality]; Woods, supra note 3, at 731; Paul M. Schwartz, Legal Access to the Global Cloud, 118 Colum. L. Rev. 1681, 1700 (2018); Ian Samuel, The New Writs of Assistance, 86 Fordham L. Rev. 2873, 2884 (2018); Aziz Z. Huq & Rebecca Wexler, Digital Privacy for Reproductive Choice in the Post-Roe Era, 98 N.Y.U. L. Rev. 555, 560 (2023); Anne E. Boustead, Hoover Inst., Aegis Series Paper No. 1802, Small Towns, Big Companies: How Surveillance Intermediaries Affect Small and Midsize Law Enforcement Agencies 24 (2018). For implications for defendants, overseas governments, and international bodies seeking evidence, see Wexler, supra note 4, at 2738–39; Alexa Koenig, Keith Hiatt & Khaled Alrabe, Access Denied: The International Criminal Court, Transnational Discovery, and the American Servicemembers Protection Act, 36 Berkeley J. Int’l L. 1, 25 (2018); Kate Westmoreland & Gail Kent, International Law Enforcement Access to User Data: A Survival Guide and Call for Action, 13 Canadian J.L. & Tech. 225, 227 (2015).Show More For example, a growing body of literature examines the information-centralizing effect of the largest companies—which have vast numbers of users and extensive data from and about those users7 7.E.g., Jon D. Michaels, All the President’s Spies: Private-Public Intelligence Partnerships in the War on Terror, 96 Calif. L. Rev. 901, 908 (2008) [hereinafter Michaels, All the President’s Spies]; Jon D. Michaels, Deputizing Homeland Security, 88 Tex. L. Rev. 1435, 1435–36 (2010) [hereinafter Michaels, Deputizing Homeland Security]; Niva Elkin-Koren & Eldar Haber, Governance by Proxy: Cyber Challenges to Civil Liberties, 82 Brook. L. Rev. 105, 112–13 (2016).Show More—as well as those companies’ capacity to constrain evidence access.8 8.E.g., Rozenshtein, supra note 5, at 105; Kristen E. Eichensehr, Digital Switzerlands, 167 U. Pa. L. Rev. 665, 712–13 (2019); see also Avidan Y. Cover, Corporate Avatars and the Erosion of the Populist Fourth Amendment, 100 Iowa L. Rev. 1441, 1445 (2014) (arguing that service providers cannot serve a government-checking function because they have vested interests in cooperating with the government); Developments in the Law—More Data, More Problems, 131 Harv. L. Rev. 1715, 1722–23 (2018) [hereinafter Developments—More Data] (explaining how technology companies exercise large amounts of discretion in handling law enforcement requests for information, including by minimizing capacity to respond and slowing down response times).Show More However, with few exceptions,9 9.See Orin S. Kerr, The Fourth Amendment Limits of Internet Content Preservation, 65 St. Louis U. L.J. 753, 755 (2021); Christopher Soghoian, The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance 2 (July 15, 2012) (Ph.D. dissertation, Indiana University) (ProQuest); William A. Carter & Jennifer C. Daskal, Ctr. for Strategic & Int’l Stud., Low-Hanging Fruit: Evidence-Based Solutions to the Digital Evidence Challenge 18–19 (2018); Sean E. Goodison, Robert C. Davis & Brian A. Jackson, RAND Corp., Digital Evidence and the U.S. Criminal Justice System: Identifying Technology and Other Needs to More Effectively Acquire and Utilize Digital Evidence 10 (2015); Michael Vermeer, Dulani Woods & Brian Jackson, RAND Corp., Identifying Law Enforcement Needs for Access to Digital Evidence in Remote Data Centers 2 (2018).Show More scholars have paid little attention to the core work of the evidence mediating that internet technology companies now undertake: how company staff review demands for evidence, determine what material is responsive, and segregate and produce that material to the demanding party.
This omission is problematic. Current academic accounts focus on companies’ highly visible efforts to resist or cooperate with government officials’ compulsory demands, such as through litigation against court orders or efforts to encrypt communication services.10 10.Rozenshtein, supra note 5, at 104‒05, 115‒22; Eichensehr, supra note 8, at 667‒68, 677‒79; Cover, supra note 8, at 1469‒74, 1479, 1481‒84; Developments—More Data, supra note 8, at 1722–23; Michaels, All the President’s Spies, supra note 7, at 908; Michaels, Deputizing Homeland Security, supra note 7, at 1435–36; Elkin-Koren & Haber, supra note 7, at 112–13.Show More Moreover, consistent with a focus on companies’ publicized activities, existing accounts assume that companies’ everyday practices in responding to routine law enforcement evidence demands also reflect a deliberately chosen orientation toward either cooperation or resistance.11 11.E.g., Rozenshtein, supra note 5, at 105 (describing a contentious relationship between internet technology companies and law enforcement as the “new normal”). For a critique, see Developments—More Data, supranote 8, at 1724–29.Show More The focus of existing literature on companies’ efforts to obstruct or assist law enforcement overlooks an antecedent problem that companies must navigate: understanding what law enforcement is actually asking of the company.
Internet technology companies represent only half of third-party compulsory legal process. On the other side of this process, law enforcement officers must compose a formal set of directives that would putatively require a company to produce evidence. How agents compose these evidence demands affects how company staff identify and produce that evidence. How those companies actually respond to such directives, in turn, shapes how evidence seekers compose future demands. The highly interrelated character of compulsory legal process suggests that an understanding of companies’ roles as evidence intermediaries must account for the two-sided nature of the legal process task, both as a matter of practice and as a matter of theory.
This Article addresses both these empirical and theoretical requirements. It presents findings from an in-depth interview study that affords substantial insight into internet technology companies’ roles as evidence intermediaries for data sought through search warrants. The study involved forty-seven semi-structured interviews with two groups of hard-to-access subjects: company legal and compliance staff responsible for reviewing search warrants and law enforcement investigators and prosecutors responsible for preparing them.
Based on an analysis of these data, I show that in the routine, everyday processing of search warrants, company staff are oriented chiefly toward expedience in processing warrants and only secondarily toward assisting or resisting government efforts to acquire evidence. Indeed, my data indicate that investigators and prosecutors often do not prepare search warrants in ways that present the responding company with a choice among actions readily distinguishable as efforts to either facilitate or frustrate agents’ access to evidence.
Theoretically, this Article develops the concept of “knowledge misalignment” to explain these findings. Knowledge misalignment arises when the distribution of necessary knowledge among individuals and organizations undertaking a joint task is misaligned with regard to the parts of the task for which each party is responsible. In the context of search warrants for internet evidence, law enforcement agents are well acquainted with the facts of an underlying case, but they often lack the knowledge of the company’s operations necessary to compose warrant language that precisely identifies the desired data. This disconnect arises because internet technology companies can easily modify their product and service offerings and thus can collect and store a wide variety of changing data types. As a result, law enforcement agents preparing search warrants often describe desired evidence in terms that reflect incorrect, informal, or outdated understandings of the company’s data holdings. The task of interpreting and narrowing imprecise and impractically broad directives then falls to the company staff executing the demand, who may know well what kinds of data their company has but know little about the needs of the underlying investigation beyond what can be inferred from the language of the search warrant.
To manage the task of interpreting and narrowing imprecise and impractically broad warrant directives, company staff use a set of interpretive and technological coping practices. These practices sometimes result in staff producing additional evidence not called for by the warrant, or failing to produce evidence called for by the warrant. Because these coping practices can displace the terms of search warrants as the measure by which company staff determine the scope of the searches carried out, these practices influence what kinds of evidence, and how much of it, is ultimately available for use in legal proceedings.
Drawing on these insights, this Article also identifies two important implications for legal institutions. First, it identifies a worrisome potential consequence of the practices that companies use to manage knowledge misalignment: these practices can untether the scope of searches, as they are carried out, from the procedures of the Fourth Amendment. Analysis of interview data reveals that when company staff interpret what data are sought in a warrant with a view toward making the production of responsive data a manageable task, they tend to reframe the boundaries of the production in ways that foreground quantitative organizational criteria within their knowledge (e.g., dates, numbers of accounts, data size), rather than the circumstances of the investigation as reflected in the judicially approved language of the warrant. Over time, the production of evidence in response to search warrants may be shaped more by evidence intermediaries’ application of these quantitative organizational criteria than an analysis of probable cause that is consistent with the Fourth Amendment.
Second, this Article raises substantial questions about the capacity of our current adversarial system—dependent on judicial oversight of search warrants—to address the knowledge misalignment that underlies potentially problematic company practices. Given that judicial officers are no better informed about the operations of internet technology companies than law enforcement agents, it is difficult to see how resource-constrained judicial officers could acquire an understanding of the data holdings, technical architecture, and production practices of widely ranging businesses that would be necessary to effectively oversee the search warrant response process. All of this points to the necessity of institutional intervention to supplement judicial oversight in individual cases.
This Article proceeds in four Parts. Part I defines the concept of evidence intermediaries and shows how internet technology companies are similar to and different from older evidence intermediaries such as banks, hospitals, and telecommunications companies. Internet technology companies are similar in that they, like other evidence intermediaries, provide centralized access points to evidence. However, these companies are also distinguishable because they collect broader swaths of data types that change more frequently, they are more opaque to outsiders seeking evidence, and they receive evidentiary demands across a greater variety of cases.
In Part II, I present the design of the interview study that I conducted to examine how internet technology companies process third-party search warrants from law enforcement agencies. Section II.A explains why in-depth interviews with two sets of actors—legal and compliance staff for internet technology companies and law enforcement investigators and prosecutors—are necessary to understand how third-party search procedure for internet evidence works in practice. Sections II.B and II.C summarize the procedures that I used to sample, recruit, and interview respondents and to increase the reliability of the interview data, given that both sets of respondents were reluctant to speak about a sensitive topic that has been the subject of substantial public scrutiny. Section II.D reports what both company and law enforcement respondents emphasized during the interviews: while companies often provide useable evidence in response to search warrants, they encounter uncertainties in understanding what a search warrant is seeking. In response to these uncertainties, companies may end up producing evidence not called for by a warrant and withholding evidence that is called for by a warrant.
In Part III, I develop the concept of knowledge misalignment as a diagnosis of a core informational problem in third-party compulsory legal process. Drawing on organizational theory and interview data, I argue that two types of knowledge misalignment complicate company responses to search warrants. Linguistic misalignment occurs when search warrants describe the sought-after data in terms that do not align with the data that the company holds or the internal company language used to describe those data. Substantive misalignment occurs when company staff must reframe search warrant directives into tasks tractable within the constraints of the company’s dedicated resources, without knowledge of the circumstances of the investigation or the legal elements that must ultimately be proven in court. I then explain the four types of practices that companies may use to manage knowledge misalignment: acquisition of information about underlying investigations, reconstruction of the language of compulsory demands, standardization of company staff interpretations of recurring search warrant language, and insulation of company knowledge. While these practices allow companies to manage knowledge misalignment, they also change the nature and quantity of evidence ultimately available to legal parties.
In Part IV, I turn to the institutional implications of these insights. I first explain how the company practices described in my data tend to untether the scope of searches—as they are carried out—from the procedures of the Fourth Amendment. Due to knowledge misalignment, companies usually do not know the facts about the underlying case that gave rise to a given process demand. Thus, when company staff interpret what data are sought in a warrant with a view toward making the production of responsive data a manageable task, they tend to reframe the boundaries of the production in ways that favor handing over routinely produced types of data, often within quantitative limits set by internal company standards. The scope of the search carried out is thus determined not by case-specific assessment of probable cause as determined by a judge and conveyed in the language of the search warrant but rather by makeshift efforts on the part of company staff to apply quantitative organizational limits to search production.
I then argue that judicial officers are likely ill-equipped to oversee the kinds of company practices revealed by the interview data. Similarly to law enforcement agents, judicial officers currently lack the knowledge of internet company data holdings and data production practices that would be necessary to detect and redress the displacement of search warrant directives with companies’ standardized internal protocols. Accordingly, I argue for consideration of multiple institutional interventions to supplement judicial oversight.
- See Government Requests for User Data, Meta, https://transparency.fb.com/data/government-data-requests/ [https://perma.cc/SWT6-NA5R] (last visited Apr. 10, 2024) (data showing 125,877 legal process requests received by Meta in the United States in 2022); Global Requests for User Information, Google, https://transparencyreport.google.com/user-data/overview [https://perma.cc/QAA7-PLVH] (last visited Apr. 10, 2024) (data showing 107,306 legal process requests received by Google in the United States in 2022). ↑
- Aaron R. Cooper, Congressional Surveillance, 70 Am. U. L. Rev 1799, 1801 (2021). ↑
- E.g., Christopher Slobogin, Privacy at Risk: The New Government Surveillance and the Fourth Amendment 140–41 (2007); Rory Van Loo, The Missing Regulatory State: Monitoring Businesses in an Age of Surveillance, 72 Vand. L. Rev. 1563, 1590, 1627 (2019); Andrew Keane Woods, Against Data Exceptionalism, 68 Stan. L. Rev. 729, 776–77 (2016). ↑
- See, e.g., Rebecca Wexler, Privacy as Privilege: The Stored Communications Act and Internet Evidence, 134 Harv. L. Rev. 2721, 2738–39 (2021); Joshua A.T. Fairfield & Erik Luna, Digital Innocence, 99 Cornell L. Rev. 981, 1076 (2013); Jane Bambauer, Other People’s Papers, 94 Tex. L. Rev. 205, 239 (2015); Marc J. Zwillinger & Christian S. Genetski, Criminal Discovery of Internet Communications under the Stored Communications Act: It’s Not a Level Playing Field, 97 J. Crim. L. & Criminology 569, 571 (2007); Steven S. Gensler, Special Rules for Social Media Discovery?, 65 Ark. L. Rev. 7, 9 n.7, 12–13 n.18 (2012). ↑
- See, e.g., Slobogin, supra note 3, at 141; Alan Z. Rozenshtein, Surveillance Intermediaries, 70 Stan. L. Rev. 99, 147‒48 (2018); Anne E. Boustead, Police, Process, and Privacy: Three Essays on the Third Party Doctrine 40 (Aug. 2016) (Ph.D. dissertation, Pardee RAND Graduate School) (on file with RAND Corp.); Am. Bar Ass’n, ABA Standards for Criminal Justice: Law Enforcement Access to Third Party Records 2–3 (3d ed. 2013). ↑
- Jennifer Daskal, The Un-Territoriality of Data, 125 Yale L.J. 326, 328 (2015) [hereinafter Daskal, Un-Territoriality]; Woods, supra note 3, at 731; Paul M. Schwartz, Legal Access to the Global Cloud, 118 Colum. L. Rev. 1681, 1700 (2018); Ian Samuel, The New Writs of Assistance, 86 Fordham L. Rev. 2873, 2884 (2018); Aziz Z. Huq & Rebecca Wexler, Digital Privacy for Reproductive Choice in the Post-Roe Era, 98 N.Y.U. L. Rev. 555, 560 (2023); Anne E. Boustead, Hoover Inst., Aegis Series Paper No. 1802, Small Towns, Big Companies: How Surveillance Intermediaries Affect Small and Midsize Law Enforcement Agencies 24 (2018). For implications for defendants, overseas governments, and international bodies seeking evidence, see Wexler, supra note 4, at 2738–39; Alexa Koenig, Keith Hiatt & Khaled Alrabe, Access Denied: The International Criminal Court, Transnational Discovery, and the American Servicemembers Protection Act, 36 Berkeley J. Int’l L. 1, 25 (2018); Kate Westmoreland & Gail Kent, International Law Enforcement Access to User Data: A Survival Guide and Call for Action, 13 Canadian J.L. & Tech. 225, 227 (2015). ↑
- E.g., Jon D. Michaels, All the President’s Spies: Private-Public Intelligence Partnerships in the War on Terror, 96 Calif. L. Rev. 901, 908 (2008) [hereinafter Michaels, All the President’s Spies]; Jon D. Michaels, Deputizing Homeland Security, 88 Tex. L. Rev. 1435, 1435–36 (2010) [hereinafter Michaels, Deputizing Homeland Security]; Niva Elkin-Koren & Eldar Haber, Governance by Proxy: Cyber Challenges to Civil Liberties, 82 Brook. L. Rev. 105, 112–13 (2016). ↑
- E.g., Rozenshtein, supra note 5, at 105; Kristen E. Eichensehr, Digital Switzerlands, 167 U. Pa. L. Rev. 665, 712–13 (2019); see also Avidan Y. Cover, Corporate Avatars and the Erosion of the Populist Fourth Amendment, 100 Iowa L. Rev. 1441, 1445 (2014) (arguing that service providers cannot serve a government-checking function because they have vested interests in cooperating with the government); Developments in the Law—More Data, More Problems, 131 Harv. L. Rev. 1715, 1722–23 (2018) [hereinafter Developments—More Data] (explaining how technology companies exercise large amounts of discretion in handling law enforcement requests for information, including by minimizing capacity to respond and slowing down response times). ↑
- See Orin S. Kerr, The Fourth Amendment Limits of Internet Content Preservation, 65 St. Louis U. L.J. 753, 755 (2021); Christopher Soghoian, The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance 2 (July 15, 2012) (Ph.D. dissertation, Indiana University) (ProQuest); William A. Carter & Jennifer C. Daskal, Ctr. for Strategic & Int’l Stud., Low-Hanging Fruit: Evidence-Based Solutions to the Digital Evidence Challenge 18–19 (2018); Sean E. Goodison, Robert C. Davis & Brian A. Jackson, RAND Corp., Digital Evidence and the U.S. Criminal Justice System: Identifying Technology and Other Needs to More Effectively Acquire and Utilize Digital Evidence 10 (2015); Michael Vermeer, Dulani Woods & Brian Jackson, RAND Corp., Identifying Law Enforcement Needs for Access to Digital Evidence in Remote Data Centers 2 (2018). ↑
- Rozenshtein, supra note 5, at 104‒05, 115‒22; Eichensehr, supra note 8, at 667‒68, 677‒79; Cover, supra note 8, at 1469‒74, 1479, 1481‒84; Developments—More Data, supra note 8, at 1722–23; Michaels, All the President’s Spies, supra note 7, at 908; Michaels, Deputizing Homeland Security, supra note 7, at 1435–36; Elkin-Koren & Haber, supra note 7, at 112–13. ↑
-
E.g., Rozenshtein, supra note 5, at 105 (describing a contentious relationship between internet technology companies and law enforcement as the “new normal”). For a critique, see Developments—More Data, supra note 8, at 1724–29. ↑