Think carefully about which format you store your data in and what it exposes not just about your users, but about the people your users would interact with if they were to obtain it. For instance, you might store data that could implicate someone who is an indirect (i.e., secondary or tertiary) user such as someone who works or lives in the user’s house or community.

Search warrant requests often only require access to a subset of a user’s data (i.e., communication in a certain time frame or between a few people). However, our respondents said that companies would return the full history of someone’s social media data dump and leave it to law enforcement to redact what they did not need. By developing an intentional technical process for responding to warrants and subpoenas in a legal context, you protect the privacy of your users and anyone whose information is inadvertently tracked by your system.

Law enforcement can request almost any interpretable data artifact with a search warrant. Search warrants are issued by a judge on behalf of law enforcement, and it is illegal not to comply with them. In order to receive a search warrant, law enforcement has to show “probable cause” that the data will implicate someone in a crime.

However, most data which is not protected by the Electronic Communications Privacy Act, 1986 can be requested by law enforcement, prosecutors, or defense counsel with a simple subpoena (which does not include review by a judge). The Stored Communications Act protects communications such as emails, messages, and recordings of phone and video calls for 180 days.

See this discussion for how these provisions apply to social media posts.

For example, any system which gives reference to someone’s location might be useful as an alibi.

If data is in a proprietary format, or requires special software to interpret it, it may only be useful to whichever party has the most technical resources.

We recommend that barriers to interpretation of the data be made fair and intentional. If you already have a system which tags data by time, it may make sense to return it in that way to a user. Consider instances where you might need to provide informational resources to attorneys, and think about data extraction accordingly.

As an example, consider a public defender we spoke with who received a log file of the computer system in a Tesla which was implicated in a vehicular homicide.

• Law enforcement claimed, and were able to hire an expert who concurred, that this computer recorded the car’s behavior as prosecutors described it.
• How could this public defender plausibly argue otherwise without resources to hire an expert?

Process was a huge pain point for public defenders. Often they were unable to get data that they were legally entitled to because the person or entity to whom they issued a subpoena was slow to comply or complied in a way that rendered the information useless.

Though public defenders should be able to hold someone who does not respond to a subpoena request in contempt of court, they often lack the resources exercised by law enforcement to enforce their data-gathering rights.