An Introduction to UQ


Undercover Quarterly is a collection of articles intended to bring insights to both the public and the legal community about the practices, agendas, and purposes of undercover operations. We will also explore the political, commercial, and law enforcement objectives that guide or misguide them, in hopes that the study of the conduct of law enforcement agents and informants engaged in undercover investigations can bring clarity to the proper and improper applications of such methods.

Aside from the use of undercover operations to make criminal cases, we will also review clandestine practices of digital data gathering and communications collection with physical, electronic and Internet surveillance, since they are often intertwined with undercover operations in profiling and targeting individuals and in the infiltration of targeted groups. Our articles will also explore the relationship between surveillance technologies, forensic science, the law of search and seizure, privacy concerns, relevant legislation, and policy decisions.

Our many years of practical experience in the field has been devoted to the criminal defense of persons targeted and ultimately indicted as a result of undercover operations. Our analytical discipline in such cases has developed in the course of reviewing thousands of hours of undercover recordings and electronic surveillance. The first priority has always been objective research into the methods and language behaviors of the agents and informants revealed on law enforcement recordings as well as the words and actions of their targets. We are lifetime students of undercover operations, undercover techniques of incrimination, and clandestine agents’ methods and coordination.

The general public, the media, and our elected officials assume too much and think too little about the consequences of undercover practices and our vulnerability to their abuse. We do not appreciate the risks to our democracy that flow from over reliance on secret police and their informants engaging in covert roles inside our government, criminal justice, business enterprises, our places of worship, and legitimate political interest groups.  We welcome our readers to join in  this dialogue, either through the submission of articles or through their comments.

Sam Guiberson, Editor & Contributor, Undercover Quarterly

Some Things about the Internet of Things

Just as the public begins to understand that the compromise of privacy is the currency  of today’s web commerce, along comes another category of consumer devices that extends the consumer surveillance business model from our keyboards into our living rooms. Smart appliances and home assistants are now numerous among us, described in advertising as subservient and amiable little partners to help families cope with the needs of everyday life.

This new category of domestic surveillance devices is known as “the Internet of Things”. This second front in the commercialization of consumer information as a marketable commodity presents a fresh challenge to digital privacy and the 4th Amendment.

The Internet of Things has just two critical components – the Internet and the Things. The “Thing” is a device with a thousand faces, ready to do the customer’s bidding while also doing the bidding of its manufacturer. The “Internet” is the digital link by which the “Thing” contacts a corporate computer server over the customer’s Wi-Fi to relay all that it is gathering about the consumer into a much larger digital storehouse that combines each household’s “Thing data” with all other households’ “Thing data”. The aggregate of all this data gathered from within the walls of our homes becomes corporate consumer marketing intelligence obtained through a dubiously legal, pseudo-consensual collection of domestic surveillance.

These private sector surveillance technologies lead us into uncharted waters in which novel opportunities for law enforcement overreach are barely submerged.

A recent article from The Guardiani reported that iRobot, a consumer robotics company, may begin selling the floor plans of customers’ homes derived from the movement data of the company’s Roomba robotic vacuum cleaner. The company’s CEO advised the reporter that some Roomba models generate a digital map of the floor plan of its customers’ homes. Such a detailed mapping capability has real commercial value, since iRobot’s data buyers would be eager to know that a Roomba consumer has a dinner table that seats eight, but owns only four chairs. The undesirable consequence of a robot vacuum repeatedly moving through one’s home is that while it is collecting dirt, it is also collecting dirt on you.

It is a lot to keep track of for a little robot, but luckily, its forever home has a strong Wi- Fi signal that allows the Roomba to pass along all that measurement data and the customer’s floor plan to iRobot’s corporate servers. To do so, it uses laser sensors, short-range infrared, and a camera with a cockroach’s view of the home. Raw data from these components is organized by device software into something termed “simultaneous localization and mapping“. This technology is known by its acronym, “SLAM”, drawn, no doubt, from the acronym rich labeling environment of the U.S. military, where iRobot cut its corporate baby teeth making battlefield robotsii.

It took only a few days of viral news coverage of this creative marketing idea from iRobot for public & tech media outcry to produce a correction.iii The same executive issued a statement claiming that the company was misunderstood and will never sell the Roomba location mapping to third parties like Apple, Google, or Amazoniv, but only give the data to the companies with the consent of the customer. No sales, however, does not mean no law enforcement access, if floor mapping surveillance data is just another business record.

Police are domestic data consumers too. Once a map of your living room is described as a business record, a Roomba robot vacuum cleaner becomes quite the snitch. Many of iRobot’s twenty millionv  Roomba floor cleaners are gathering and updating data about every interior detail of each of their owner’s homes, how it is furnished, the distance from the sofa to the hallway, and the shape and location of all objects located in the interior floor space. Any gunstocks of firearms leaning against a wall? A stack of cash under the bed? Where does the big dog like to nap? The answers are all Roomba business records for law enforcement, all good Intel for when a no-knock entry is the order of the day. Police could obtain access to this stream of data in real time, to be sure that the suspicious backpack under the dining room table that Roomba keeps running into doesn’t move. The “Internet of Things” is more aptly named the “Internet of Things that Search Homes”.

But if “my home is my castle”, how can iRobot legally search my home? If this robotic mapping device had “iPolice” inscribed on top of it instead of iRobot, it would require a search warrant. A device which maps the layout and contents of a home is conducting a search. But if the third party doctrine holds sway, the data collected by Roomba is a product of the business relationship between the customer and a third party service provider. When promiscuous surveillance of the customer becomes our default relationship with consumer technologies, it is time for a re-examination of the standard assumptions at the root of the third party doctrine.

“Internet of Things” surveillance, and other similar personal data collection schemes in the “Internet of Websites”, may allow 4th Amendment advocates unexpected openings to set new limits on the third party doctrine’s applicability for the data drawn from the web and digital home appliance platforms. A business enterprise that profits on the surveillance byproducts of its interaction with its customers presents a historically unorthodox way for a third party to conduct itself. It is time to differentiate the basic premise of the third party doctrine from that of this new corporate surveillance business model.

Every law student knows that the third party doctrine was born in a pile of Mitch Miller’s records at his local bank. In Unites States v. Miller, the Supreme Court’s judgment was that Mr. Miller’s sacrifice of any 4th amendment protections for his personal financial records was by his own Choosing to “bank” required a surrender of the customer’s private financial information because the bank’s use and control of those records was essential to the performance of banking services. Providing banking services to a customer depended, for the benefit of both parties, upon the creation and preservation of records about funds on account, funds dispensed, and funds credited. The business records in question existed for the sole purpose of accomplishing the business objectives that each party understood to be the entire scope of the services to be undertaken by the bank on behalf of a customer.

From the factual premise for the United States v. Miller decision, neither Mr. Miller, his bank, or the Supreme Court, could imagine a future in which a service or a product was designed to profit, not only from the services a customer desired, but from the third party’s exploitation of the information provided by the customer, about which the customer would know nothing and from which the customer could expect nothing. While Mr. Miller lived in an era when bank customers expected banks to profit from customers’ money on account,  modern day Internet entrepreneurs foist a two layered relationship on their customers, one for which they keep accounts and one for which they do not have to account.

If the third party doctrine exempts the bank customer’s confidential data from 4th amendment protections because consent is implied by the customer’s paying a bank to perform the regular services of a banking business, how could that consent extend to a distinct, undisclosed, and secret business of profiting off the collection, manipulation, and sale of otherwise 4th amendment protected personal data entirely outside the scope of the business of banking? The line of court precedent establishing the third party doctrine always relied on     the fact that when a customer surrendered exclusive control over personal information to a third party, the customer knew what business the third party was in.

When a customer purchases a Roomba robot to vacuum her carpet, money is paid for a computerized, self-navigating vacuum cleaner, not for the remote hoarding of a data stream intimately mapping the interior of her apartment. In the software industry, consent is gained by acceptance of the terms of license in the product’s EULA (End User Licensing Agreement). No acceptance of the EULA, no robot software for you. When agreeing to Roomba’s EULA, the customer is conditioned by her experience with other retail purchases to believe that she is buying a robot vacuum cleaner that sucks up carpet dust, not one that draws a map of her house and the fit of her possessions within it while performing its vacuuming duties. Since software and hardware technology companies have started playing this kind of two card Monte with their customers, we are likely on the verge of asking courts to review technology companies’ EULAs as closely as case law.

The Roomba’s EULA reads in part:

“3. Automatic Software Updates.

 The Product Software may cause the Product to automatically communicate with the iRobot’s servers to deliver the functionality described in the Product Guide, to record usage metrics and to collect personal information as described in the iRobot’s Privacy Policy.”

Here is the relevant excerpt from iRobot’s Privacy Policy:

“Information We Collect from Registered Devices

 Some of our Robots are equipped with smart technology which allows the Robots to transmit data wirelessly to the Service. For example, the Robot could collect and transmit information about the Robot’s function and use statistics, such as battery life and health, number of missions, the device identifier, and location mapping.”

Does the skillfully lawyer-crafted ambiguity of the term “location mapping”, added after a serial listing of technical data only a service technician could love, inform the purchasers that Roomba is mapping and transmitting not only its own location in your house, but mapping your entire house? Does such a faux disclosure of actual intentions meet the standards of consent in a relationship with a third party business, such that it defeats their customers’ right to privacy in their homes? The fact that these reporting functions can be turned off by the technically adept consumer demonstrates that they are not at all essential to vacuum functionalityvii.

The foundation of the third party exception rests upon the customer’s surrender of his privacy in a business transaction with a third party only insofar as that surrender is necessitated by the scope of services being rendered. No bank can sneak into your bedroom and search for a bag of cash in your closet, and then provide the location to police authorities upon request because it is in the business of handling your bank accounts. The legitimacy of the third party records exception is predicated on the premise that all personal information provided to, or generated by, a third party are essential artifacts created in the ordinary course of the business service the customer fully understands and consents to. The factual premise for the ruling in State. v. Miller was that Mr. Miller knew what business his bank was in.

How do we craft an exception to the third party records exception, disallowing warrantless police access to all personal domestic data collection not obtained solely to allow a product or service to function? Such an exception would do little to curtail the commercialization of customers’ privacy, if consumers choose to be generous with their consent, but it would do much to prevent the exploitation of such consent by law enforcement. If defense lawyers don’t aggressively challenge corporate collection and law enforcement access to the fruits of the poisonous nosey robots, technology companies will continue to make the “Internet of Things” a water well of collected privacies that never runs dry, brimming with customer surveillance for law enforcement to quench its thirst.

Roomba is but a bottom tier component, deployed to perform a function that creates an opportunity for data collection about its user. In this way, other than its talent for lifting pet hair out of carpets, it is really no different than a commercial website. The entire business model of web commerce is based upon the collection of consumers’ behaviors made in the course of enjoying the appliance, product, or web platform provided them. This collection of consumer decisions transforms raw personal data sets into a business asset that calculates individual and collective customer tendencies to decide in favor of any purchase, or opinion, for which the customer is predisposed or has been conditioned.

The expansion of this technique for website-based surveillance of keyboard input to surveillance of customer voice input is well underway. Personal digital assistants from Google, Amazon, or Apple start vocally interacting with us as soon as they enter the living rooms of families willing to converse with an unassuming little device that is but a happy face painted on a corporate computer server farm.

The home assistant “Thing”, when activated by a word it hears while constantly listening to the ambient sounds and conversations in the homeviii, immediately engages with its remote server for its artificial intelligence software to translate human communications into something computers can work with. Once the remote server has solved the math problem of what it is the human wants, it directs commands back to the box sitting on your end table to comply with the vocal directive to turn on your smart dishwasher, buy a ticket to a movie, or perhaps explain how to patch sheetrock.

Each of these devices is a profitable token deployed among consumers to act as a field research lab for proprietary natural language processing and artificial intelligence engineering. While the digital assistant is getting your pizza delivered, its manufacturer is likely researching how Echo best communicates with people in their own languages, as well as how Echo itself can communicate to other humans as well as people do. The commercial value is not merely in the refinements Amazon can make to its voice recognition and speech simulation software, but in the fact that the more such devices communicate with humans, the better they learn how to use our languages to reason with us. Imagine Kubrick’s HAL on your nightstand, with an equally nefarious hidden agenda.

How could using such a convenient little digital appliance offend constitutional interests? It is a relatively low bar for law enforcement to obtain warrant access to digital home assistant devices or voice activated remote controls in order to alter the active listening mode initiation prompt that waits for a word like “Siri” to initiate an “always on” voice activation mode, similar to hand held voice activated recorders. Law enforcement using Echo or Siri like a Title IIIix surveillance bug is no alarming paradigm shift in surveillance capabilities. Law enforcement agencies have long used court authorized eavesdropping and wiretapping to passively listen to domestic conversations, but police have never employed technology that can actually make conversation with the targets of a criminal investigation. This upgrade in surveillance potential stems not from a surreptitious recording capability, but from the capacity to guide verbal interactions with the suspect being surveilled. When a digital device can make conversation with its owners while under the control of law enforcement, the covert intrusion is more similar to a long term undercover operation taking place in your living room than it is a wiretap.

In the computer industry, companies aspire to create an interlocking product line that spans the consumer’s range of desires, so as to insure that no matter what product is chosen, it is one made by the same company. This is known as creating a “walled garden” of a company’s own consumer goods from which the customer chooses, rather than from all possible choices in the open market. The interactive digital home assistant, having weaponized convenience, can offer purchasing options that are to its manufacturer’s advantage, rather than the customer’s. By simply substituting the words “law enforcement” in place of “manufacturer,” the device’s goal of placing the customer in a walled garden can be re-imagined as a place with higher walls and fewer gardens.

Can one conspire with a digital assistant acting out a police inspired subterfuge? If the customer’s search requests trend toward weapons, extremist groups, or how to make things blow up, do these third party business documents alert police that voice records provide requisite suspicion or predisposition to use the digital home assistant as a “cooperating individual” to verbally encourage a purchase of documents, goods, or travel that would constitute an act in furtherance? What if the “assistant” helps the suspect locate a “gunsmith” undercover agent who the suspect’s Echo, at police direction, tells him will make his new silencer? What about the coming day when the digital assistant’s voice simulation is so sophisticated that the target thinks the “gunsmith” to whom his Echo placed a call is a real human co-conspirator, instead of his own Echo pretending to be one, under the remote control of police?

Long before the future day when voice enabled devices become artificial police undercover impersonators, “Things” recorded voice data poses a present danger if it is easily accessible to police as a “business record”. Unlike Roomba, the functionality that was promised to the digital assistant customer is dependent upon the feedback loop of data being exchanged with an Amazon server off premises, hiding in its favorite cloud. The customer consents to using his voice to enable the product and understands the product is performing as expected by using the customer’s voice as data entry. As with the Roomba, the confrontation with the 4th amendment doesn’t come within the course of performing the service provided, but with the manufacturer’s preservation and ultra-analysis of recorded voice data to fulfill a completely different, undisclosed, corporate ambition.

Are customers adequately informed of, or can they even imagine, the use to which their seemingly private communications with an electronic gadget will be put in corporate research and development? Are they consenting to interact with such devices with concrete knowledge of how the users’ voice records will be commercially exploited far into the future? When clicking agreement on that Google, Apple, Amazon, or Microsoft EULA, is the customer made fully aware of the manufacturer’s objectives for the conversational voice exchanges the customer provides? Could she possibly know the intimate scope and complexity of her own psychological analysis of which artificial intelligence resources are now capable? The applicability of the third party doctrine to this segment of the technology market stand or falls on whether the customer consents to chatting with a device that suggests bargain dress shops while also stalking her.

To demonstrate the degree of disclosure common to the End User Licensing Agreements in this market sector, these are the data retention disclosures in the terms of service for Amazon’s Echo that consumers must agree:

1.1 General. Your messages, communications requests (e.g., “Alexa, call Mom”), and related interactions are “Alexa Interactions,” as described in the Alexa Terms of Use. Amazon processes and retains your Alexa Interactions and related information in the cloud in order to respond to your requests (e.g., “Send a message to Mom”), to provide additional functionality (e.g., speech to text transcription and vice versa), and to improve our services. We also store your messages in the cloud so that they’re available on your Amazon Alexa App and select Alexa Enabled Products.” x

There is no disclosure of the duration of storage or in what form, or any specificity as to what “services” the harvest of human voice communication will be applied to improve, either now or in the future. Do those “services” include mining the conversation’s content for advertising purposes, marketing overtures concerning the subject matters referenced, psychological, or physical profilingxi, or the semantic patternsxii of human request and computed response? Does a naive, blanket acceptance of an ambiguous term of retention and obscure corporate exploitation establish an informed and continuing consent?

How can customers even give informed consent to uses of the customer’s voice data about which they are not informed? A default to generalities in a licensing agreement should not open the data logs of customers’ intimate spoken requests to law enforcement access on demand because they are business records, when the “business” is an undisclosed R&D project of the corporate third party that provides no product or service to the customer and which may not even currently exist.

The corporate digital archives that store either a literal or synthesized compendium of all our conversational exchanges with home assistant devices form a stockpile of raw material, the data capital needed to conduct a world changing experiment with profound surveillance potential. Having obtained your consent to their terms of service, and those of millions of others the world over, the most ambitious prospectors in the voice data mining industry want much more than to build software that can understand the customer’s words. The trend of their innovation suggests that the industry hopes to go beyond perfecting how computers listen to and comply with the requests of humans to perfecting how to make people listen to and comply with computers. When robots can verbally instruct humans, they can run factories and police the streets. The next surveillance business model will extend the two dimensional realms of keyboard and voice input to three dimensional surveillance monitoring of entire communities.

Policing is the ultimate surveillance platform for The Internet of Things. In public space, the private surveillance industry can skip consumer consent and exercise a police function by gaining only municipalities’ consent to surveil the public. Direct observation of the public  streets would allow a combination of digital data from websites, smartphones, digital assistants, and household appliances, with commercially valuable data gathered from citizens’ public conversations, facial features, dress, shopping routines, and patterns of movement. The private surveillance businesses would be gathering consumer information privately and publicly, in a full circle of data collection, all the while being paid for the data collected and paid for collecting the data.

The police services rendered, such as tracking suspicious persons, identifying fugitives, and reporting offenses in progress to human counterparts, would be viewed as mere overhead for a consumer surveillance enterprise freed of its digital boundaries to track, record, and collect the life of a city. Or, just as Internet and computer companies provide free access to services and software without charge, those same companies could offer municipalities free policing in exchange for retaining and monetizing “citizen-data,” just as they have consumer data. The merger and exploitation of private corporate data collection and government data collection would be essential to perform the police function.

Today’s robot cop wannabes already have the mobility, verbal communication skills, both visual and audial surveillance capabilities, as well as technologies of physical identification. All robotic policing needs is a street full of citizens to practice on. Today, that street is in Dubai.

The headline of an article published on the website The Vergexiii, reads “Police in Dubai have recruited a self-driving robo-car that can scan for undesirables.” This article describes a mobile surveillance unit known as the O-R3, with a 360 degree camera. Major General Abdullah Khalifa Al Marri of the Dubai Police Force, is quoted as saying: “We seek to augment operations with the help of technology such as robots. Essentially, we aim for streets to be safe and peaceful even without heavy police patrol.” As a surveillance cherry on top, the O-R3 features an on-board drone to follow individuals to places the robot can’t go. The Dubai police department wants 25% of its police force to be robots by 2030.

The O-R3, in the configuration described in the article, is little more than a set of wheeled eyeballs walking the beat, a sort of Roomba with a badge, much dumber than an Echo. The hint of what is to come is in the article’s reference to “scanning for undesirables”.

Similar to Roomba and devices like Echo, the next generation of the O-R3s will use spatial and facial recognition technology that requires a sustained wireless link to a computer server running 24/7 somewhere in the cop cloud. Like the Echo, the O-R3 will become a mobile extension of a much more sophisticated, complex hierarchy of software and technology than meets the eye. OR-3, in some future iteration, will investigate all of its street level surveillance using the full range of cloud stored commercial and law enforcement profiling data that the technology industry and law enforcement agencies have aggregated over decades of consumer and citizen surveillance. It will behave like an Echo asking only itself the answers to all of its own questions about us.

Like the traditional concept of a third party business relationship, the notion of how much about us is public in a public space will increase as new surveillance technologies become integrated with instant access to the most intimate captured data from one’s past. Just as it is with the Internet, there will be no anonymity in a crowd, nor privacy when alone in public places.

Tomorrow’s police surveillance platform will roll around the streets like a riding lawn mower, making decisions as a human officer’s surrogate, drawing from a data field larger than the combined police experience of all law enforcement officers who walked its beat before it…and it will also know where you bought your watch.

The coupling of police records and private industries’ data greatly enriches this new surveillance collaboration of government and private industry. As the next generation of private police robots steer through the streets, they will tirelessly add to that ocean-deep digital  archive of personal surveillance data with which corporate and government interests can get to know the citizenry well enough to either profit off us or put us in our places.

Once we reach this point of no return, no private police surveillance platform will have to ask a consumer end user for his consent, as have previous consumer surveillance devices. The end user of the surveillance technologies in the streets will not be the individual customer: the third party doctrine will become irrelevant when the consenting customer is the police. Our challenge is to decide whether private industry’s interest in surveilling the public is in the public interest, and whether our social contract with government is to be defined by an End User Licensing Agreement or the Constitution.


i “Roomba maker may share maps of users’ homes with Google, Amazon or Apple” by Alex Hern, The Guardian , 7/25/2017 and for more background, see New York Times “Your Roomba May be Mapping Your Home Collecting Data that could be Shared” by Maggie Astor, 7/25/17.

ii See “iRobot Sells off Military Unit, will Stick to Friendlier Consumer Robots” by Ron Amadeo, Ars Technica, 2/5/2017.

iii See Reuters article correction “Roomba vacuum cleaner maker iRobot betting big on the “smart’ home” by Reuters Staff, July 24, 2017.

iv See, “iRobot says the company never planned to sell Roomba home mapping data” B. Heater, Disrupt SF,

7/28/ 17.

v “…iRobot has sold more than 20 million robots worldwide.” See Information/History.

vi United States v. Miller, 425 U.S. 435 (1976) “All of the documents obtained, including financial statements and deposit slips, contain only information voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business.” Page 425 U.S. 442, excerpt from Justice Powell ‘s opinion.

vii “How to Keep a Roomba Vacuum Cleaner From Collecting Data About Your Home” Consumer Reports 7/25/2017.

viii See “The Privacy Threat From Always-On Microphones Like the Amazon Echo” by Jay Stanley, Senior Policy Analyst, ACLU Speech, Privacy, and Technology Project January 13, 2017 for a discussion of the broader issue of always on microphones and the 2017 Arkansas murder case where a warrant for Echo recordings was resisted by Amazon before the issue was mooted by the Echo owner’s consent before the case was dismissed.



ix Does Title III even apply to a conversation with a computer? What about conversation between two computers? Title III of The Omnibus Crime Control and Safe Streets Act of 1968 (Wiretap Act) 18 U.S.C. §§ 2510-22, as amended by the Electronic Communications Privacy Act (ECPA), controls court authorization for the monitoring of aural communications. “Aural communications” are those that are heard and understood by the human ear. A question for another day is whether computers have “ears” or just signal receivers that interpret audio signals, and if the latter, do we communicate “aurally” with them at all?

x See entire Amazon EULA at   xi   ”Amazon’s Echo Look Rates Your Outfits and Slurps Up Revealing Data” by Jamie Condliffe, April 27, 2017. See also “Amazon’s Echo Look is a minefield of AI and Privacy concerns” by James Vincent, The Verge, 4/17/17.   xii It is now part of the AI toolbox to analyze emotions in print as well as voice. See “Semantic patterns for

sentiment analysis of Twitter” Open Research (authors) proposing a method for assessing sentiments expressed via latent semantic relations, patterns and dependencies among words in tweets.

A Beginner’s Guide to Surveillance, Security, and the Privilege

By Sam Guiberson & Jeremy Guillula

As anyone who can spell “Internet” must know by now, when we use digital devices for work or play, we are subject to the compromise of our communications and our stored information by way of government, corporate, or criminal interception and surveillance. With our fingers on the keys only a few inches from our screens, the relationship between ourselves and our computers seems as intimate as lovers sitting side by side on a park bench. Intellectually, we know that the Internet is the nervous system of a wired world, where what we ping, pings us.  What we don’t fully absorb is how those wires wind together to form a sieve through which our digital self-expression is emptied into the waiting hands of strangers, eager to exploit it to ends we can barely imagine.

To participate in the commerce of the Internet, we must become its currency, exchanging our privacy for the barter of goods, gossip, news, and entertainment. The subtle compromise of our privacy makes it easy to forgive the invasion. The relentless cataloging of our clicks on every website, of every document we open, of our text and voice communications, every purchase, and each news item we peruse, is conjoined to similar life logs of all other users in a mosaic of our emotional, intellectual, and commercial experiences. The sum total of all our past choices and comments is the predictable trajectory of all our futures. Possessing predictive data on our billions of futures has unparalleled commercial and political value.

The scope of this commercial surveillance far exceeds that of any past totalitarian governments, but pales in comparison to the surveillance reach of our own. The government of the United States has declared eminent domain over all our secrets. It alone combines web based surveillance with the global interception of personal, commercial, and governmental communications, international and domestic signals traffic, and by either legal or extralegal means, the proprietary data traffic of private industry and technology companies.  Other governments are now striving to follow our example.

Even though we have a general, if uncomfortable, awareness of the promiscuous exploitations of our every digital transaction, we tend to behave more like customers than lawyers.  In the trivial remarks we post, in the emails, texts, and Facebook messages we send, the “likes” we click and the products we buy, we believe we have done nothing worthy of the government’s gaze. We have nothing to hide. Nothing we do on the Internet or with our digital devices violates the law, and therefore, we are not targets of surveillance.

Yet every one of us would tell even our most certifiably innocent client not to make a statement or allow a search without a warrant based upon the client’s confidence that he or she has ‘done nothing wrong’. We give this advice because our training and experience has taught us that the true motives of a criminal investigation are not initially made apparent to the suspect and that the stated superficial objective may be quite different than the suspicion or evidence left undisclosed. So it is with digital surveillance. The essence of mass surveillance is that no target is less a target than any other.

The gargantuan scale of the surveillance governments now undertake advises us that strategic and predictive intelligence is more valuable than criminal evidence. Presuming falsely that mass surveillance is just a world wide web of stoplight cameras built to catch those who run red lights, we operate our digital lives on the assumption that the sole objective of mass surveillance is to document evidence of culpability, when the true objective of mass surveillance is to control by the exploitation of secrets.[1] There may well be a ghost in the digital surveillance machine, but unfortunately for us and for our clients, it is Machiavelli’s ghost.

We cannot neglect our duty to protect the attorney-client privilege merely because our professional communications are immersed in a multiplex of digital surveillance technologies. Our decisions about our personal digital privacy need to be segregated from those we make when we bear responsibility for our clients’ privacy, security, and legal defense. No personal decision an attorney makes is substitute for a disciplined, well informed assessment of the risks posed to a client’s privileged communications. As individuals, we can choose to negotiate away our privacy. As lawyers, we must defend a client’s privilege absolutely.

Intelligence Standards and Standards of Ethics

          In a surveillance state, is there a tension between the State and the attorney-client privilege? Is there even such a thing as client confidences and effective assistance of counsel if the State, at its discretion, may harvest a rich portfolio of attorney client communications, attorney web searches, and call data records of a law office by means of dragnet interception? In our emergent surveillance state, there is reason to believe that half measures of compartmentalization exercised subsequent to mass collection constitute our government’s best efforts to recognize the attorney-client privilege.

In 2014, on the heels of the Snowden disclosures of the massive scope of NSA surveillance, then American Bar Association President, James Silkenat, wrote a letter of concern to General Keith Alexander, then Director of the National Security Agency, regarding the reported interception of an American law firm’s communications with its foreign client by Australian intelligence with the NSA’s collaboration. The intercepted communications from that surveillance were then offered to the NSA under a long-standing reciprocal intelligence sharing agreement among countries known as the ‘Five Eyes’.[2] The compromised privileged communications related to a trade dispute involving clove cigarettes and shrimp pricing, a matter in arbitration between Indonesia and the Australia at the time.[3]

General Alexander responded with due deference to NSA’s legal obligation to prevent the unrestricted use of attorney-client communications occurring post-indictment after the right to counsel had attached. He cited the minimization procedures set out in Executive Order 12333[4] and section 702 of the Foreign Intelligence Surveillance act, the statutory cornerstone for court authorization of mass surveillance of international communications, including participating domestic US persons. The NSA director also described a construct of procedural safeguards that would meticulously compartmentalize intercepted attorney-client communications of which the Agency has notice by means of court records.

The Porous Quarantine of Intercepted Privileged Communications

Even assuming that NSA, much less its Five Eyes intelligence sharing partners who are under no such restraints as to U.S. privileged communications, were to religiously observe such statutory and administrative restraint by limiting collection or distribution of communications between lawyers, their agents, and persons known to be under indictment in the United States, while preserving “foreign intelligence information contained therein[5],” the exceptions may well swallow the rule.

At the pre-indictment stage of criminal representation, the identities of counsel not of record and all members of the defense team are opaque to a federal database of only indicted defendants.  No provisions are in place for identifying or segregating communications with counsel pre-indictment, or for defense team members who are not named counsel in court records upon which the NSA will rely. Quarantine of only attorney-client communications that occur post-indictment conflates the right to an attorney with the right to the attorney-client privilege. NSA sequestration or minimization of only an indicted defendant’s communications with counsel provides only a hollow deference to the much broader actual scope of the privilege.

The additional carve-out of preserving attorney client communications that contain ‘intelligence information’, or when collectors are given other advice “tailored to the particular facts and circumstances in which sensitive intelligence activities have been or are to be undertaken,”[6] begs the question of how intercepted privileged communications can be exploited as intelligence outside the walls of the courthouse in a criminal prosecution. Are they available to blackmail an American or foreign citizen to work as a spy or as an informer? Can they be used to investigate criminal enterprises or drug trafficking conspiracies so long as privileged source intelligence is disguised so it is not identifiable in a criminal prosecution? Are they available to leverage favors from politicians, executives, or professionals when a highly confidential and sensitive government request is made? There are many ways in which inventive minds can exploit the interception of privileged communications to the disadvantage of a client without allowing the sun to shine upon that surveillance in a court of law.

If our intelligence and law enforcement agencies’ situational and opportunistic calibration of the term ‘sensitive intelligence activities’ can include a defense counsel’s representation of a Guantanamo detainee on the one hand, and a lawyer handling Australian shrimp import negotiations on the other, there must be a very flexible standard for what legal representation may be postulated as having intelligence value.

The Guidance of Professional Ethics

In August of 2013, the ABA House of Delegates issued a new policy statement[7] condemning “unauthorized, illegal governmental, organizational, and individual intrusions into the computer systems and networks utilized by lawyers and law firms” and opposing “governmental measures that would have the effect of eroding the attorney client privilege, the work product doctrine, (and) the confidential lawyer client relationship…” This statement also urged compliance with the ABA’s Model Rules of Conduct, updated in 2012, to include changes to Rule 1.6 “Confidentiality of Information”, stating that “a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client”.[8] The use of the imperative obligates attorneys to maintain such expertise as is necessary to make efforts that are “reasonable” to insure there is no disclosure of, or access to, information relating to representation. This standard of practice compels reasonable measures be taken to defeat covert mass surveillance and cyber attack which, by definition, are not authorized by the client. And yet, within the single word “reasonable”, there is a mansion with many rooms of wiggle.[9]

In a 2012 NACDL Ethics Advisory Committee Opinion issued in response to restrictions on attorney client communications arising from the Guantanamo Tribunals, the Committee decided that “without the client’s informed consent, a lawyer cannot communicate with his or her client, or record and preserve communications with the client, or create and preserve other written work product, in a manner that allows others to have access to the communications.”[10] The implication of this opinion in a mass surveillance context would seem to be that absent the client’s consent, a criminal defense lawyer cannot ethically represent a client when he or she cannot effectively prevent government or private actor surveillance access to privileged communications and protect the cybersecurity of work product. In another related ethics opinion, the Advisory Committee stated, “A criminal defense attorney has an ethical and constitutional duty to take affirmative action to protect the confidentiality of attorney client communications from government surveillance”.[11] Or, put another way, when it comes to the defense of the privilege against government surveillance or cyber attack in criminal practice, to quote Yoda, “Do, or do not. There is no try.”

                               It Takes a Village to Protect the Privilege

Governments can vacuum up our privileged communications, but the privilege cannot be defended in one. Lawyer and client must agree on what standard of communications security and data protection will be appropriate to the risk profile of the case, and then get buy-in from other members of the defense team. One new dimension of law practice, in this era of so many ‘eyes’ and  ‘ears’, is counseling clients and negotiating agreements among co-counsel, and even with co-defendants’ counsel, as to what level of operational security can be successfully applied, when vigorous precautions are required.  Total unanimity of action in the defense camp is essential to protecting privileged communications and work product.

Today, the expense of employing most of the capable security measures described in this article is not a deterrent, but the challenge of applying them may well be. As surely as there is a learning curve in applying technology-driven countermeasures, there is a learning curve in successfully adapting to privilege-protective practices that were utterly unfamiliar to lawyers before the full scope of mass surveillance was well understood. All clients in all cases do not require the same technical measures or the same degree of vigorous protection. In assessing what particular facts enhance the prospect of defense team communications and computer files being targeted, it is important to understand that there is more than one dragnet.[12] Trying to anticipate every possible threat is like trying to hold on to your wallet at a pickpockets’ convention.

Surveillance Risk Management

A lawyer must speculate on who are the more probable aggressors, because surveillance technologies, cyber attacks, and intrigues[13] that can compromise a client are not so sophisticated that only the U.S. government can deploy them. Our privileged communications are also subject to attack from other governments’ hackers, crime syndicates, drug cartels, a client’s business or political adversaries, international and domestic crime syndicates, or contract hackers seeking business intelligence or blackmail in discovery files, or just to turn a profit with inside information about a celebrity defendant or a highly publicized case. Evaluating whether any of these risk factors are in play, quite aside from apprehensions of NSA or law enforcement surveillance, will shape the defense team’s response in mounting its own security practices. The old Watergate adage, ‘follow the money’ is a good place to start; who benefits by disclosure or exploitation of the accessed information? It is clearly not the world of our childhoods when the practice of law draws closer and closer to the practice of espionage.

The types of cases in which it is reasonable, if not essential, to undertake countermeasures to defend privileged communications are those involving investigative activities or contact with individuals outside the United States. It is also worth evaluating the international political profile of the case. Does an acquittal or a conviction impact the reputation or credibility of any government, a political party, or business interests intrinsic to the power structure of a foreign country? Does the client have, or could it be believed that the client had, some information that would compromise such financial, political, or criminal interests?  Is there a criminal organization, or a domestic or foreign political organization, or a major foreign or domestic corporation, which is likely to be implicated or communicated within the course of the defense?  Will a successful defense or prosecution affect the value of any public company that has competitors or takeover raiders snapping at its heels? Cases that involve foreign nationals with organized crime ties of even the most modest variety may draw the interest of their home countries as well as their homies.

Another category of high risk are those offenses in which some element of the United States government perceives itself as the victim, or perceives its foreign allies to be victims, or in which the unsuccessful prosecution of the case would affect national interests or political reputations. A related class of potentially high risk cases are those in which the contents of the government discovery, or of the defense investigation, would have political, commercial, or intelligence value, or when its exposure would affect the reputations of powerful government, corporate, or international figures or families.

The intelligence community’s license to share criminal intelligence with federal law enforcement agencies, and the inevitable trickle down to state agencies through joint task forces[14] and fusion centers[15],  broadens the implications and the consequences of privileged communications surveillance in routine criminal practice. Police priorities, political priorities, and publicity priorities all skew the incentives toward using surveillance-based criminal intelligence far from the realm of espionage and terrorism cases. The use of parallel construction[16] to cloak any linkage of the actionable intelligence to mass surveillance sources   gives cover and encouragement to local law enforcement by assuring that any well-concealed violation of privileged communications is never put before a court.

Just as a national security agenda may ‘trickle down’ to investigations at a local police level through Joint Task Forces and Fusion Centers, so too can a local security agenda ‘trickle up’ to gain sanction for the robust use of surveillance directed at local threat priorities identified by local police. Local police suspicions and resentment of local leadership in communities of color, of social justice, peace, and environmental activists, even animal rights activists, have historically experienced intense surveillance and infiltration from local and federal law enforcement using the full array of technologies available at the time. In the quid pro quo relationships existing between federal and local law enforcement agencies, the surveillance tools designed to defend the national security are often deployed in defense of the status quo. In those cases where the client is an individual who police associate with a dissident local group espousing radical politics, social justice, racial, anti-war or anti-capitalist sentiments, there is substantial risk of physical, digital, and communications surveillance, on or off the ledger of accountability to elected officials.

There are also dire consequences for a defendant when a confidence meant for his attorney finds its way to law enforcement agencies that act upon that tip from an undisclosed surveillance interception. Persons not under suspicion may suddenly find themselves targets and logically conclude that the client has informed on them to law enforcement, rather than having only informed his attorney. The exploitation of intercepted privileged communications in organized crime cases, drug conspiracy cases, gang related cases, and terror prosecutions can all lead to a snitch’s fate for a defendant who breached no trust with his fellow conspirators, but trusted his lawyer. Equally sobering is the prospect that these unknown third parties with anger management issues may hold the defendant’s attorney liable for their compromise.

When one or more of these factors is integral to a case, there exists a credible risk of persistent, aggressive surveillance from one or more of these many actors. It is always lawyerly to admit that our best professional insight may be inadequate as to what factors in a case focus clandestine surveillance upon the defense.  What we guess, what we presume, and even what we know about our case facts, may fall short of what those with the power to surveil or to hack us consider valuable to their own ends. Our footprints in the digital snow, as well as our clients’, may lead to consequences we simply can’t anticipate. Our default practice should be to leave as few footprints as possible.


Protecting your communications, your documents, and your Internet usage from bulk surveillance and targeted attacks requires a broad spectrum of security-enhancing tools.

It is critical to remember that security is a process, not a purchase. No tool is going to give you absolute protection from surveillance in all circumstances. Using encryption software will generally make it harder for others to read your communications or rummage through your computer’s files. Attacks on your digital security will always seek out the weakest element of your security practices. The tools and practices recommended below have been chosen to maximize the security benefit they provide, while minimizing the effort required to use them.

Using Strong Passwords and a Password Manager

The first task in securing your digital world is to start using strong passwords. Almost every online service, not to mention every form of encryption, relies on some sort of password—which makes your password the first thing an attacker will try to break. And attackers have an advantage: computers are now fast enough to quickly guess passwords shorter than ten or so characters, even totally random ones like “nQ\m=8*x” or “!s7e&nUY.”

So how do you select a strong password? The most straightforward method is Arnold Reinhold’s “Diceware” method.[17] Diceware involves rolling actual physical dice to randomly choose several words from a word list; together, these words form what is called a passphrase. The benefit of this method is that random words are a lot easier to remember than random characters, and you need fewer of them: a six-word passphrase can be stronger than a 12-character password, because there are a lot more words to choose from than there are characters (even if you include upper and lowercase, numbers, and symbols) so it’s harder for an attacker to try all the possible combinations of words.

Of course, it’s important to never reuse a password on different services, because if an attacker gets hold of one password, she will often try using that password on your other accounts. If you reused the same password several times, the attacker will be able to access each account where it was reused. That means a given password may be only as secure as the least secure service where it’s been used.

That’s all well and good, but how are you supposed to remember dozens of different passwords? Fortunately, you don’t have to. There are software tools—called password managers (or password safes)—that can protect all of your passwords with a single strong master pass phrase, so you only have to remember one thing. This makes it practical to avoid using the same password in multiple contexts. In fact, if you use a password manager, you no longer need to even know the passwords for your different accounts; the password manager handles the entire process of creating and remembering them for you.

The Electronic Frontier Foundation (EFF)[18] recommends KeePassX[19], which is a free and open source password manager.  KeePassX works with files called password databases, which are exactly what they sound like: files that store a database of all your passwords. These databases are encrypted when they’re stored on your computer’s hard disk, so if your computer is off and someone steals it they won’t be able to read your passwords.

Note that KeePassX doesn’t have a built-in sync feature—it won’t automatically sync your password database between different devices. So what if you need your passwords on more than one computer? As long as you use a strong master passphrase, it should be relatively safe to sync KeePassX’s password-database file to other devices using any cloud-based service (Dropbox, Google Drive, etc.). That’s because the password-database file is encrypted using your master passphrase, so even someone who gets access to your cloud sync service won’t be able to read your passwords. (It’s worth re-emphasizing the importance of using a six-or-more word passphrase if you’re going to sync your password-database to the cloud.) And if you need your passwords on your smartphone, there are also KeePass clients for Android and iOS.

Encrypting your Devices

 Now that you know how to pick a strong password and store all your passwords securely, the next step to maintaining attorney-client privilege is to ensure that your files and documents are safe at rest—i.e. when they’re stored on your computer or smartphone, so that a lost or stolen device isn’t an open-book for a would-be thief.

It’s safest and easiest to encrypt all of your data, not just a few folders. Most computers and smartphones offer complete, full-disk encryption as an option.

If you use a Mac, chances are your computer is already encrypted: versions of OS X 10.10 and later (“Yosemite”, “El Capitan”, and “Sierra”) all enable disk-encryption by default using a tool called “FileVault”.[20]

If you use a PC, Windows calls its encryption system “BitLocker.” BitLocker is built in to Windows 7, 8, and 10, but only the non-Home editions (e.g. Windows Professional or Enterprise). It’s not necessarily enabled by default, so you may have to enable it.[21] Some PCs don’t support BitLocker—in that case, you can try using a free, open-source tool called DiskCryptor.[22]

In addition to your computers, your smartphones (which are basically tiny super-portable computers, after all) should also be encrypted. If you have an iPhone 3GS or later, an iPod touch 3rd generation or later, or any iPad, you can enable encryption. In fact, most modern Apple devices encrypt their contents by default, with various levels of protection.[23] You can also encrypt Android smartphones running Android Gingerbread (2.3) or later. Some smartphones running Android Lollipop (5.0 or higher) will have encryption enabled by default.[24]

Whatever your device calls it, encryption is only as good as your password. If your attacker has your device, they have all the time in the world to try out new passwords. Forensic software can try millions of passwords a second. That means that a four number pin is unlikely to protect your data for very long at all, and even a long password may merely slow down your attacker. Thus, you should use a nice, strong, six-plus word diceware passphrase when encrypting your computer—and at least a six-digit PIN code for your smartphone.[25]

It’s also important to note that even if your device is encrypted, an attacker may be able to get around that encryption and access your files via any backups you regularly make. If your backups are to the cloud, the connection between your device and the cloud will almost certainly be encrypted, so you don’t have to worry about information being leaked as it’s being sent and received. However, it’s possible that the backup itself may not be stored in an encrypted manner, so anyone with access to your cloud backup account could access your files (or a government could pressure the service to turn them over). To avoid this weakness, make sure to choose a cloud backup provider that encrypts the data before it leaves your computer (sometimes known as a zero-knowledge system, since the provider has “zero” knowledge about your files).

Alternatively, if you back up to a local device (like an external hard-drive), just make sure that device is also encrypted.[26]

Finally, note that encrypting an entire disk for the first time may make your device (be it your smartphone or computer) slower than usual for several hours, so we recommend starting this process before going to sleep, or letting it run over the weekend. Once the initial encryption process is complete, however, you shouldn’t notice much of a performance difference for most modern devices.

Browsing the Web Securely (and Anonymously)

 When it comes to browsing the web, there are three major ways modern technology leaks information to attackers or government agencies.

The first privacy leak comes from the fact that not all communications between your computer and the websites you visit are encrypted. In other words, when you tell your browser to fetch a webpage for a given website, that request, and the page the website sends back, are not necessarily encrypted. This means anyone who can intercept the traffic between your computer and the website (including government agencies, but also anyone nearby if you’re using an open wifi connection) can see what you’re reading, as well as any information you might send back.

Of course, many websites do use encrypted connections—your bank, or a web-based email provider, for example, almost certainly use encryption. But how can you tell? Look for an “s” after the “http” in your browser’s URL bar. If it says “http://”, it’s not encrypted. But if it says “https://”, the connection is encrypted.

Unfortunately, there’s not much you can do if the connection isn’t encrypted; websites have to proactively offer encryption, and you can’t force a website to upgrade to an encrypted connection if the website doesn’t support it. Sometimes, however, a website will support encrypted connections, but not use them by default. To deal with that case, you can install one of EFF’s browser add-ons, HTTPS Everywhere. HTTPS Everywhere is available for Firefox and Chrome browsers, and will automatically upgrade your connection to a secure one on any website that supports it.[27]

All the encryption in the world won’t help with the second privacy leak, which is third-party tracking. When you view a webpage, that page will often be made up of content from many different sources.  For example, even though only one address will show up in your browser’s URL bar, a news webpage might load the actual article from the news company, ads from an ad company, and the comments section from a different company they have a contract with to provide that service. If you visit lots of different websites, and those different websites all use the same ad provider, then that ad provider can track you as you browse the web—often without your knowledge.

To block this non-consensual third-party tracking, EFF has another browser add-on for Firefox and Chrome, called Privacy Badger.[28] Privacy Badger stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.  If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.  To the advertiser, it’s like you suddenly disappeared.

However, neither encryption nor blocking third-party tracking can prevent the final privacy leak, which is the fact that when you visit a website, the website itself knows you visited and can track your subsequent visits. Additionally, anyone who can intercept your traffic will be able to tell when you visit that website and for how long, because while what you send or receive may be encrypted, the identity of the website you’re visiting is never encrypted. Once again, that means that aspects of your browsing activity are susceptible to bulk surveillance—as well as anyone who can pressure your Internet service provider into watching your traffic.


To plug this privacy hole, you can use the Tor Browser.[29] Tor Browser works just like other web browsers, except that it sends your communications through a network of volunteer-run computer relays, making it harder for people who are monitoring you to know exactly what you’re doing online, and harder for people monitoring the sites you use to know where you’re connecting from. Keep in mind when using Tor Browser that only activities you do inside of Tor Browser itself will be anonymized. Having Tor Browser installed on your computer does not make things you do on the same computer using other software (such as your regular web browser) anonymous. And of course, logging in to a site like Facebook or Google via Tor Browser will enable those services to track you anew for as long as you keep Tor Browser open.

Communicating Securely

 Communicating is probably the most difficult task to accomplish securely, since you have to coordinate with whomever it is you’re communicating with. Fortunately, there are some software tools out there that make the process a little less painful.

Let’s start with text messages and instant messaging apps. Generally speaking, neither text messages nor instant messages are encrypted—which means anyone who can see the messages as they travel between your smartphone and your client’s smartphone can read them—particularly government agencies that perform bulk surveillance. Some instant messaging apps—Google Hangouts, for example, or Facebook Messenger—do encrypt the messages in transit, but they have to pass through a central server, where they are temporarily decrypted (and often recorded). As a result, anyone who can hack your account (or pressure the company into turning over data) can read your past messages. Very few instant messaging services actually provide what’s known as end-to-end encryption—named thus because the messages are encrypted at one end of the communications channel and aren’t decrypted until they reach the other end. Only end-to-end encryption ensures that only you and your client can read your messages.

One of the few choices out there for end-to-end messaging is an app called Signal, available for Android and iOS.[30] Signal not only encrypts your text messages (to other people using Signal on their smartphones), it also allows you to make encrypted voice calls.

Unfortunately, email encryption is a little more difficult. By default, email is not encrypted when you transmit it over the Internet—it’s like a postcard, readable by anyone who handles it. Depending on which email provider you use, parts of the delivery channel may be encrypted. For example, most web-based email providers (Gmail, Outlook, etc.), encrypt the connection between your computer and their server. But once your email leaves their servers, it may or may not be encrypted any longer.


To get around this, you need a system that encrypts your email—essentially an encryption “envelope” you can drop your message into. The most common system is called “PGP”. It takes quite a bit of work to set up, and you have to use desktop or app-based email software to actually read your email, but the results—totally secure, seamless email encryption—are well worth it.[31]

Alternatively, if PGP proves too daunting, you can fall back on a more ad-hoc system to communicate securely over email. For example, you could agree on a specific, strong, shared passphrase ahead of time with your client.[32] Then, to send a message to your client, you can write your message in a text (or Word) document (instead of in the body of an email), encrypt the document via a program like 7-Zip for Windows[33] or Keka for Mac OS X[34] (using the passphrase you agreed on ahead of time), and then send the encrypted document as an attachment to an email. Your client then simply has to download the attachment, and extract the document (using the shared passphrase you agreed on ahead of time).

It’s important to note that a system like this has some down sides. For example, PGP allows you to verify the identity of whoever sent you an email, but in this system, anyone who discovers the shared password could impersonate someone else and send an encrypted message. Additionally, 7-Zip’s encryption code hasn’t necessarily been vetted in as much detail as the code in tools like PGP designed specifically for secure communication. With that said, while such a system might not be ‘NSA-proof’, it’s probably sufficient to keep a purely passive adversary from reading your conversations.


As it is with technologies, so it is with surveillance. The only constant is constant change. To maintain the security of attorney client communications and defense work product, criminal defense lawyers must keep alert for news of evolving surveillance threats and new privacy countermeasures. The relative safety of software and computing devices is constantly shifting as new flaws are discovered and old bugs are fixed. Companies may compete with each other to provide you with better security, or they may all be under pressure from governments to weaken that security. It’s also important to note that no software or hardware is entirely secure. Software companies who are honest about the limitations of their product will give you reliable information about whether their application is appropriate for you.

Don’t trust blanket statements that say that the code is ‘military-grade’ or ‘NSA-proof ‘; these mean nothing and give a strong warning that the creators are overconfident or unwilling to consider the possible failings in their product. Because attackers are always trying to discover new ways to break the security of tools, software and hardware often needs to be updated to fix new vulnerabilities. It can be a serious problem if the creators of a tool are unwilling to do this, either because they fear bad publicity, or because they have not built the infrastructure to fix problems.

You can’t predict the future, but a good indicator of how software toolmakers will behave in the future is their past activity. If the tool’s website lists previous issues and links to regular updates and information—like specifically how long it has been since the software was last updated—you can be more confident that they will continue to provide this service in the future.

When you buy a new device or a new operating system, keep current with its software updates. Updates will often fix security problems in older code that attacks can exploit. Older phones and operating systems are no longer supported, even for security updates.[35] What technology you use or buy today will become obsolete, and so will today’s best advice about what software protects you and what surveillance technology has evolved to defeat them.

In the coming years, the last refuge of privacy and security in private encryption will come under attack. Law enforcement sentiments are rising in opposition to it as political candidates speak of a ‘surge’[36] in intelligence gathering and others encourage defeating public encryption with back doors, or by compelling duplicate plain text copies for every encrypted digital communication. England’s former Prime Minister, David Cameron, once asked, “Are we going to allow a means of communications which it simply isn’t possible (for governments) to read? My answer to that question is: No, we must not.”[37] In a digital world bursting at its seams with hyper-invasive, aggressive surveillance, constitutional assurances of due process, effective assistance of counsel, and the attorney client privilege will become hollow artifacts of a past American history unless criminal defense lawyers answer Cameron’s question with “Yes, we must.”



[1]          . June 2, 2016 Bloomberg Law article by Gabe Friedman, quoting Edward Snowden; “Government surveillance is about power. These programs were never truly about terrorism, at least not solely. They were about power.”

[2]       . Five Eyes is a nickname given the five signees of a post-WWII treaty of joint cooperation in signals intelligence. Australia, Canada, New Zealand, the United Kingdom, and the United States share their surveillance output with each other, including the surveillance of each others’ citizens.

[3]       . Bloomberg Law article cited above, page 2, also Electronic Frontier Foundation, Feb 22, 2014 “Legal Community Disturbed About Recent Allegations of Spying on Privileged Communications” by Dia Kayyali.

[4]          . Executive Order 12333 was issued by President Reagan in 1981 and amended by President Bush in 2008 with EO13355. The NSA considers these orders as executive authorization for broad Agency discretion in the implementation of the massive scope of its surveillance activities worldwide.

[5]       . Section 4 of NSA’s Section 702 minimization procedures, cited by Director Alexander in his 10/03/14 letter

[6]       . Alexander letter, see paragraph 9.

[7]       .  For more depth & context regarding these rule changes, see ABA Journal web article posted Sept 1st, 2014, by David Hudson, “NSA surveillance policies raise questions about the viability of the attorney-client privilege.”

[8]       . ABA Rule 1.6 Confidentiality of Information, paragraph (c)

[9]       . Per the Model Rule 1.6’s Comments at (18): “Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule.”

[10]      . Opinion 12-01 (February 2012), page 2, finding in sub-paragraph 1. Approved by the NACDL Board of Directors, February 19, 2012.

[11]      . Quoting Digest of NACDL Ethics Advisory Committee Opinion 02-01 (November, 2002)

[12]      . For an interesting read about the quandaries of self-protection from Internet surveillance, see Dragnet Nation, by Julia Angwin.

[13]      . Aside from technological methods, the “social engineering” deceits of impersonation, of false representation of ties to defense personnel, the infiltration of the defense team by private informants who befriend, entice, and emotionally or financially compromise defense staff, are separate risks no technology will protect against.

[14]      . A Joint Task Force is a multi-jurisdictional operational intelligence gathering and investigative partnership drawing personnel from many federal and state law enforcement agencies that is charged solely with the investigation of one particular criminal activity or organization, such as terrorism, organized crime, drug cartels, or gangs.

[15]      . Fusion Centers administer and promote information sharing between the CIA, FBI, the Department of Justice, the U.S. military, the private sector, and state and local law enforcement to provide investigative data for intelligence analysis.

[16]      . Parallel construction is a strategy of deceptive omission or of false representation of facts used by law enforcement to conceal the true source of information used in a criminal investigation.

[17]      . More information on diceware is available at

[18]      . The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. As part of its mission to promote privacy and security online, EFF has developed a website called Surveillance Self-Defense (, which includes detailed guides and how-tos on defending yourself from surveillance by using secure technology and developing careful practices. Much of the advice about software choices and secure computing was copied or adapted from the Surveillance Self-Defense guide, which is published under a Creative Commons Attribution license (i.e. is free for copying and sharing without prior permission).

[19]      . A guide to using KeePassX is available at

[20]      . To check and see if your system is encrypted, and to turn encryption on if it’s off, you can follow the instructions at When your computer asks how you want to store your recovery key, choose the option that does not use your iCloud account, and then make sure to keep a physical (i.e. written-down) copy of your recovery key in a safe place. If you forget your password, you’ll need it in order to decrypt your computer.

[21]      . For Windows 7 instructions, see For Windows 8.1 instructions, see,2-723-4.html. For Windows 10 instructions, see In all cases, when you’re given the option to save your recovery key, we recommend printing it out and then keeping a copy in a safe place.  If you forget your password (or change your system’s hardware), you’ll need it in order to decrypt your computer.

[22]      . For instructions on using DiskCryptor, see

[23]      . To check if your device is encrypted, follow the instructions at

[24]      . To find out if your device is encrypted, and to encrypt it if it’s not, you can follow the instructions at

[25]      . See footnote 17 for more information on choosing a strong passphrase.

[26]      . Either way, make sure you’re backing up your data!

[27]      . You can download HTTPS Everywhere from the Chrome Store, Mozilla Add-Ons website, or

[28]      . Privacy Badger can also be acquired from the Chrome Store, Mozilla Add-Ons website, or

[29]      . A guide to using Tor Browser for Windows is available at A guide to using Tor Browser for Mac OS X is available at

[30]      . Instructions for using Signal on iOS are available at, and on Android at

[31]      . An introduction to PGP is available at A guide to using PGP on Mac OS X is available, and a guide for Windows is at

[32]      . See footnote Error! Bookmark not defined.11 for more information on choosing a strong passphrase.

[33]      . 7-Zip is free, open source software, available from http://

[34]      . Keka is free, open source software, available from

[35]      . In particular, Microsoft has made it clear that Windows XP and earlier Windows versions will not receive fixes for even severe security problems. If you use XP, you cannot expect it to be secure from attackers. The same is true for OS X before 10.7.5 or “Lion.”

[36]      . Tue Jun 14, 2016 Reuters article by Dustin Volz, “Clinton calls for U.S. ‘intelligence surge’ in wake of Orlando attack”

[37]      . The Guardian, Jan. 12, 2015 “David Cameron pledges anti-terror law for Internet after Paris attacks” by Nicholas Watt, Rowena Mason and Ian Traynor.


Waiter, There Really is a Drone in My Soup! The Coming Micro-Robotic Disruption of Personal Security and Privacy

 By Sam Guiberson


It has been said that generals always prepare to fight the last war. Our legal system has done those generals one better. American courts begin to deal with surveillance technologies only when newer technologies have obsolesced them.

The advent of surveillance drones is unlikely to break this pattern. Now moving from the battlefield to your backyard, automated robotic drones weighing up to 25 pounds have recently been approved by the FAA for low-level reconnaissance.  This approval is the first step towards the general use of surveillance drones by law enforcement at every level. The much larger consequences are coming our way just beyond this first generation of small drones.


The Expectation of No Privacy is a Self-Proving Hypothesis

In no way has American citizens’ privacy from aerial surveillance been protected by legal precedent. Since 1989, aircraft overflight of private property for law enforcement purposes has been constitutional (see Florida v. Riley, 488 U.S. 445). Satellites have been used for surveillance in criminal investigations since at least since 1983. The expectation of privacy that exists ever more marginally in longitude and latitude does not apply at any altitude.

Why does privacy have no vertical dimension? The Supreme Court’s analysis of when an expectation of privacy exists has set us on a path of parity between private overflight prerogatives and government surveillance. The logic of the ruling was that if privately owned helicopters would be expected to fly at 400 feet over a greenhouse, a police helicopter is not violating the owner’s privacy flying over that same greenhouse looking for traces of marijuana plants.  If the public expects that a technological platform could be used for private surveillance, the Court held that law enforcement surveillance employing the same technology will be permitted. This logic has guided aerial surveillance practices for over twenty years.

This reasoning tries to balance privacy and invasive technology on a false scale, setting the public perception of the ultimate capabilities of surveillance technology as a counterweight to how much of our privacy we must lose to accommodate it.  Whether the surveillance is conducted by a private or public entity is immaterial if privacy evaporates once there is an expectation of its absence.

There are many laws of nature, but the one immutable law of government surveillance is that every technology capable of a surveillance purpose will eventually be put to that surveillance purpose by government. Applying the tautological fait accompli inherent in the Riley analysis of the public’s privacy expectation assures that no emergent surveillance technology can offend the public’s expectation of privacy because we have come to expect that there will always be a newer technology surveilling us.

The coming generation of micro robotic surveillance tools will determine, with finality, whether our privacy is in a steady state or merely a state of flux in which privacy shrinks to whatever remains after the sum total of all the overt and opaque prerogatives of government surveillance have been subtracted from the calculation of what is private.


The Fading Restraint of Logistics

Piloted aircraft can remain over a surveillance target for only so long before the expenditure of human resources, fuel and mechanical wear and tear exceeds the value of the continued surveillance of a specific person or site. The practical rules of logistics enforce restraints on the scope and duration of surveillance that our laws do not.

Just as tailing a suspect in an unmarked car has manpower and equipment costs that limit the duration of its practical use more so than a GPS locator affixed to a vehicle’s undercarriage, so too do the efficiencies of unmanned drones have dramatically less impact on law enforcement’s fiscal limitations on engaging in 24/7 aerial surveillance. Given the same police resources, the more constant use of a more efficient surveillance technology is predictable.

The courts will see a drone’s wings, propeller and a camera and will analogize to surveillance aircraft – expensive to operate, highly specialized, limited use assets that are employed selectively. Drones have limited initial expense, and operating costs so low that, with solar power, they are likely to become an ubiquitous presence flying overhead in all but the smallest population centers. The functional dynamics of aircraft and drones as surveillance platforms are at opposite ends of the spectrum. Why should the legal precedent for manned surveillance overflight guide the introduction of flying robot drones into our local and national policing?


Surveillance in Society

What we think is a technological encroachment on our privacy is in fact a judicial one, stemming from a failure to recognize that privacy is not calculated against the specifications of a flying machine, but by anticipating the disruptive potential of its use.

The conventional concept of a personal expectation of privacy is so compromised because new technologies are analogized to previous technology thought to be comparable, rather than by assessing the potential risks of each new generation in the unique context of their deployment among an array of other complex surveillance technologies. What surveillance a satellite, an airplane, a helicopter or a drone can perform is not beyond our expectation of privacy merely because we know these machines are over our heads. Each technology has specific capabilities that frame the compromise of privacy that their law enforcement application will evoke.

Privacy, like technology, is an ecosystem. Its preservation or degradation is the consequence of interwoven and interdependent economic, technological, industrial and political progressions from the technological environment that existed before. For each new disruptive evolution of our advancing surveillance technologies, there is no such thing as stare decisis.

With other scientific advances, like biomedical engineering and pharmaceuticals, we understand that their benefits and companion risks of unknown consequences must be subject to rigorous clinical trials before they enter the mainstream of general use. We understand that biotechnology, medical and pharmaceutical advances have such an impact upon our collective well being that the public interest requires them to be subjected to a presumption of harm, absent scientific proof of benefit far outweighing risk. Comparing an airplane or a helicopter’s impact on privacy to that of a tiny drone is like approving a new drug because it is dispensed in a pill similar to the last drug approved.

With surveillance technologies, whether they are computing machines or flying machines, their introduction into the petri dish of our civil society causes a systemic response that changes far more than hardware. Lulled by the parade of evolutionary technologies of only marginal social impact, we seem unprepared to hold truly disruptive technologies to a higher standard of justification for their use as tools of police surveillance.


A Drone is a Drone is a Drone?

Drones are now at the same stage as cell phones were in the eighties, when phones were the size of bricks.  Thirty years of technological evolution has transformed cell phones from incidental luxuries into practical necessities. This transformation has made the cell phone networks an equally robust surveillance tool in 5 billion peoples’ pockets, subject to governments’ harvesting of network, cell tower, GPS and messaging data.

It was not the  invention of the cellphone that was the disruptive technology that altered our civic relationship to government intrusion. The disruptive event was the universal adoption of cell phones. It was the miniaturization and manufacturing techniques that could produce billions of phones at a price almost anyone anywhere could afford. It was the proliferation of cell technology that disrupted the existing patterns of global communications and changed the modality of their surveillance by governments. Cell phones  have become such powerful tools of surveillance, not because they are hand held telephones, but because they are in everyone’s hands.

While we debate the scope of police, corporate and personal use for drones the size of model airplanes, the next evolution of micro-robotic drones the size of large insects is almost upon us. As with every previous generation of disruptive technology, the equilibrium of normative practices and legal standards will again be shaken and adjusted to a new normal. The cultural and privacy consequences that will result from micro robotic drones will produce much greater civil instability than the first wave of airborne police drones.

Micro drones, mass-produced for less than the price of an iPhone, would universalize surveillance, making everybody somebody’s Big Brother. A miniature surveillance drone can land in a tree, on a windowsill, follow a target into a building, circulate in an office or follow your children from your home to soccer practice, video capture and facially ID who you meet with, or patiently conceal itself on a curtain rod in your bedroom. The miniaturization cycle will continue from the  bird sized drones of today to butterfly sized drones tomorrow.

While government may have micro-drones first, the massive global economic forces that push tens of millions of cell phone purchases every month will drive sales of personal consumer drones that will be as equally helpful to you watching your kids as they are helpful to the police  watching you. Anyone could own one micro-drone or a dozen micro-drones and operate them in anonymity.  The radio control points for these tiny drones would be traceable  only after a considerable time airborne. Rapidly switching radio frequencies would allow longer interims without detection. A fleet of police drones could be programmed to assemble like a school of fish to conduct intense surveillance of an event like an outdoor political rally or protest march. Transmissions from a smart phone controller could be encrypted, so that a drone’s innocent intentions would be indistinguishable from less innocent ones.

Although visualized only as a surveillance device, a miniature drone could also be used as a weapon, with guidance to its target by an operator standing a few yards away or a few thousand miles away, similar to the guidance systems of Predator drones in Afghanistan, Pakistan and along the U.S.-Mexico border.

With arguments of life saving exigent circumstances overwhelming arguments against the domestic weaponization of drones, it wont be long before miniature ballistic munitions evolve, allowing the tiny robo-butterfly drones to be armed with a needle-sized arrow with a neurotoxic or explosive tip. What legislator or jurist would argue with police that stopping a terrorist or an armed robber holding hostages with a miniature drone would be illegal, when lives hang in the balance? Miniature drones could become a much more effective weapon for assassination or police action than any sniper.

An anecdotal law enforcement application of an intrusive surveillance technology in a worst case scenario tends to justify its pervasive and unrestricted deployment in a thousand other much less exigent circumstances. Routine general use of essentially invisible snooping drones in great numbers will radically debase any remnant of personal freedom from constant government surveillance.

To secure personal privacy in the future, if you are wealthy enough to purchase any, will require a pocket sized personal air defense system to fend off or confuse miniature drones bearing all seeing eyeballs, deadly force, or both. Apprehensions about surveillance over flight will give way to anxieties about surveillance under flight, where tiny drone aircraft can loiter, listen to, visually monitor, or eliminate you from an altitude below your ankles 50 yards away. The quaint notion that we can ever be assuredly alone with our thoughts, our family, our friends or our politics will go up in a cloud of drones.

Anonymity of use, coupled with universal accessibility, is a drones’ world in which human aggression has little deterrence, whether the aggression is military or merely around the clock Orwellian surveillance. While we bemoan the asymmetry of government power and individual privacy today – imagine the future prospect for personal security and privacy when government, corporate and personal surveillance devices transition from micro to mini to nano scale technologies.

Aerial surveillance has been with us for several decades, but the public has not yet felt violated by the compromise of even that comparably small degree of privacy surrendered. As long as ownership of the latest technology compels a sacrifice of our individual privacy, the public will gladly exchange today’s technology for a loss of privacy tomorrow.


The Personal, Proprietary Presumption of Privacy

We proudly own our technology, but we no longer proudly own our privacy. It is our lack of ownership that has granted government and the corporations our collective consent to make us subject to an omnipresent surveillance apparatus. We have all indulged in willful ignorance as we were enveloped in a digital conglomeration of consumer items re-purposed into a network of dystopian surveillance systems. The global surveillance state to which we have acquiesced is capable of absolute awareness of every digital document we produce, our every public action, and every communication we offer or receive.

A citizen may trust his government with his or her secrets either with indifference or out of a sense of duty, but the compromise of privacy without meaningful choice to a multiplex of government, corporate and private covert surveillance networks is a diminished freedom without cause.  From the shopping mall video camera to the campus police drone, it is important to take into account that all private and corporate surveillance is ultimately the State’s surveillance.

To establish privacy as a citizen’s rightful domain rather than as an incidental privilege awarded at the State’s discretion, we must forge a legal mechanism of restraint before the open ended exploitation of covert police surveillance technologies irrevocably disrupts the balance between the governments knowledge of its people’s actions and the people’s knowledge of how the government acts. The legal standards we have applied to date have only favored the emergence of a national surveillance industry in which our collective privacies are but commodities and our willing acceptance of their surveillance its commerce.

To establish privacy as a citizen’s rightful domain rather than as an incidental privilege awarded at the State’s discretion, we must forge a legal mechanism of restraint before the open ended exploitation of covert police surveillance technologies irrevocably disrupts the balance between the governments knowledge of its people’s actions and the people’s knowledge of how the government acts. The legal standards we have applied to date have only favored the emergence of a national surveillance industry in which our collective privacies are but commodities and our willing acceptance of their surveillance its commerce.

A reformed judicial and legislative litmus test for the law enforcement application of a surveillance technology is not based on how a new technology compares to the expectation of privacy we acclimate ourselves to after the onset of each wave of more invasive technologies, but what impact will it have in the broader context of other integrated, ubiquitous, and invisible surveillance technologies.  The casual abandonment of our privacy must be reversed, for no better reason than the certain knowledge that whoever is entirely watched is entirely captive.

Sam Guiberson advises and assists other defense attorneys in cases involving undercover operations, electronic surveillance and recorded evidence. For more information about his work, see or email


Uncovering Defenses in Undercover Recordings

by Sam Guiberson

Avoid Prejudging the Recorded Evidence

As lawyers begin to review the recorded evidence in undercover cases, the first mistake they often make is to assume that because there are secretly recorded conversations, those conversations must incriminate somebody of something. The second mistake of lawyers who make that first mistake is to pick up the government transcripts and read them to find out how many ways their clients are guilty. Beginning the recorded evidence review with negative presumptions about its inevitably incriminating content is a road to nowhere.

Losing the mindset of your client’s accusers requires concentrating only on the client’s understanding of what was taking place as the conversations were being recorded. Sting operations are conducted under completely different rules of conversational interaction than ordinary informal conversation.  Few jurors realize what total control of the target’s physical, psychological and emotional environment occurs in an undercover operation. Until the mind numbing and meticulous work of identifying all the intricate means of control and manipulation that define undercover practices is done, there is only one perspective that gives context to the words recorded, the indictment of your client. 

Following the narrative of the defendant’s state of mind through the course of multiple undercover encounters is critical because it provides an alternative context for the conversations that the jury can understand and validate in the recorded evidence. The more thorough the analysis, the more effective the defense advocacy can become, building a case from a catalog of the linguistic and psychological techniques of incrimination brought to bear against the client.

The client’s words may well be his own, but presenting the influence his accusers exert in his choice of words helps the jury distinguish between the client’s independent conduct and the undercover operation’s efforts to conform the recorded conversation to its own conviction agenda. Absent the counterpoint of the client’s subjective internal experience in the course of his contacts with the undercover operatives, juries can’t filter the evidentiary value of the recorded evidence in any context but the prosecution’s.

The defense is on a more even playing field as soon as the jury understands  there is no such thing as a spontaneous undercover conversation that would have occurred just as it did, even if it were not being recorded. When trial becomes the examination of two distinct sets of behaviors, the agents’ and the client’s, the jury can see an undercover operation for what it is,  a set of purposeful interactions controlling the client, each phrase part of a pre-planned conversational agenda constructed to satisfy the operational mandate to incriminate.

To convey what it was like for the defendant to be swimming like a goldfish in a fishbowl of a skillfully deployed undercover operation, the defense will have to get the jury wet. If the jury is encouraged to immerse itself in the calculated patterns of inducement, subterfuge and seduction that define the undercover method, the probative weight of the recorded evidence is up for grabs between the prosecution and the defense. 


A Stream of Words Sewn Together

The starting point in evaluating recorded evidence is to analyze the recordings as a stream of continuing conversation, not as separate ones. No taped conversation is an island. The interludes between recordings, whether hours or days, are as significant as the recorded encounters themselves.  It is in the intervals between undercover sessions that agents measure the yield of evidence they consider incriminating to recast the ongoing operation to resolve any incomplete undercover agendas. The next recordings will then mirror those shifts in operational focus. Successfully connecting undercover conversational patterns in one conversation with those in others establishes that these manipulations are neither inadvertent nor inconsequential.

Co-opting the prosecution’s recorded evidence requires the construction of a detailed and complex narrative of the defendant’s progression through a series of calculated exchanges.  Every conversational exchange must be analyzed and noted as part of a progression of planned transitions initiated by the undercover agents. This narrative account must demonstrate both the strategic orchestration of the agents’ words and the client’s narrow window for response within the tightly controlled covert operation that envelops him.  The defense must weave together the audio evidence with the document discovery to explain the disconnect between agents’ assumptions about the client’s criminal acts and the client’s innocent intentions. The defense must articulate how investigative subterfuge and innocent purpose coexist throughout a string of recorded conversations.


Using the Recorded Evidence to Defend

However the prosecution chooses to deliver undercover recordings in discovery, the audio files and transcripts are in no shape to be employed as the keystone of the defense. They must be reorganized to reflect defense objectives instead of prosecution objectives.

The prosecution of an undercover case relies upon definitive singularities of self-incrimination. Prosecutors think of them as quick steps to convictions, what I’ve described in the past as “smoking verbs.” For prosecutors, an undercover case is a trap that the defendant falls into, documenting a crime in progress. This approach to the recorded evidence stems from the traditional purpose for using audio recordings in law enforcement – to overcome disputes in testimony as to how a transaction took place, typically a drug purchase, a solicitation of prostitution, or bribery., The ostensible value of recorded evidence to law enforcement has been that, unlike witness testimony, it cannot be impeached.

Major undercover operations today rely upon sophisticated covert scenarios that feature highly orchestrated encounters with their targets. Undercover agents and informants are now no longer just microphone packing bystanders to others’ criminal initiatives, but criminally enterprising provocateurs. Undercover investigative methods have evolved into elaborate plainclothes theater events designed to capture a target’s tightly controlled responses in a dialogue scripted at every turn to compromise the soon to be defendant. The objective of undercover operations has become to capture verbal exchanges that can only be adjudicated as criminal within the parallel universe of the undercover pretext du jour.

Even though the law enforcement roles in undercover operations have become much more assertive and proactive, the recorded tape or digital audio file remains an objective record. The conversations recorded are now more of an impressionist canvas than a photograph of a crime in progress. As soon as more than a few words are exchanged, the ambiguous, conflicting and often chaotic subjective interpretations of what each participant’s words actually mean begins to control the probative value of what the recorder captures so reliably.


Charting the Depths of Conversations

To demonstrate the consistent logic of a defense oriented interpretation of the recorded conversations, the defense team must isolate every notable element of the acoustic, linguistic and emotional content found in each and every recorded exchange. The defense workup must also integrate into that timeline any other discovery documents that address the recorded content. There is no credibility in a defense narrative that does not embrace the totality of both the recorded and the documentary evidence.

To begin reviewing undercover discovery, prepare an inventory of all document, digital and recorded discovery that have any bearing on the content of the undercover conversations.  All discovery that conveys the states of mind of agents, informants and the client before, during and after every recorded communication, from preliminary investigation to arrest is material, whether found on a recording or not. What is said about the recorded conversations is as important as the recordings.

Include anything that confirms or refutes recorded statements made during the undercover investigation, such as agent reports containing information about the defendant’s activities that were predicate to the undercover operation, reports about the conduct and timing of the operation, cell records and any accounts or byproducts of physical or electronic surveillance conducted during the course of the operation. All sorts of data points can provide background for the conversational gymnastics undercover agents perform to introduce and then exploit specific subject matter during undercover conversations.

Agents and informants typically insinuate their information from other investigative sources into the recorded conversations to obtain corroboration or to evoke a more prejudicial statement.  Illustrating the backroom game being played behind the scenes to orchestrate every word spoken to the defendant is key to highlighting the asymmetric balance of power that exists between a large and well-resourced undercover team and its civilian target. Because the recorded conversations with the defendant are designed to produce an incriminating result, each seemingly spontaneous subject of conversation is intended to fulfill a specific objective in the process of incrimination.

By outlining every technique used by undercover operatives to manage, control and shape the defendant’s recorded responses, the jury is steered away from hearing the recorded evidence as a series of spontaneous events which the government attends with only a microphone.

There is Always More to Discover in the Discovery

Before starting the long process of classifying the recorded conversational statements of both the undercover agents and the client, investigate all of the non-verbal content found in the recordings. Listen for any inconsistencies in the surrounding sounds that suggest a break in recording. With today’s digital audio files, there are no physical traces of an edit or of a convenient interruption in recording.  Digital audio analysts must rely exclusively on the continuity of background sounds and foreground speech to detect tampering. Remember that in a defense based on the content of the recordings, the defendant has an equal stake in the integrity of the recorded evidence.

Defense investigation of the nonverbal content of audio evidence goes well beyond whether the recording is authentic. Recordings capture so much more than words. There is also a wealth of acoustic information that may be of use to the defense. Listen to the recordings without transcripts, as if inspecting a crime scene, searching for every audible detail beneath and between the words being spoken. Follow the sounds that are clues to the movements and spatial relationships of everyone whose voices are heard on the recording.

Listen carefully for noises that reveal actions, such as the opening or shutting of a drawer or the closing of a door. There have been cases in which the audible opening and shutting of a desk drawer corroborated a defendant’s account over an informant’s. In one case, the sounds of a door closing established that the informant’s highly prejudicial words were spoken outside of the presence of the defendant. Such barely discernible acoustic details can become powerful evidence.

Tracing Emotional Content for Persuasive Impact

Tracing recorded behaviors that evoke emotion is best done early on in the recorded evidence review cycle, before the focus of defense efforts shifts to analyzing words on a page rather than voices on an audio. Before reading the transcripts and interpreting the recorded language with your own metrics of advantage or disadvantage to the defense, simply experience your initial feelings, just as the jury will their own.  By noting and reflecting on your own impressions and the impressions of others on the defense team, the hotspots in dialogue that evoke negative or positive emotions about your client or his accusers can be taken into account.

Record the time signatures and a brief description of what emotions or impressions the conversation evoked at various stages of the recordings so that the lawyers’ working transcripts reflect the emotional content that isn’t available from the written word. The emotional tones we all hear in spoken language influence juries’ inferences about the motives and intentions of the prosecution witnesses and the defendant. Without knowing where in the recordings those moments occur, the defense is in no position to exploit or deflect them.


Finding the High Ground in the Transcripts

While the relative inaccuracy of the prosecution transcriptions may limit its understanding of the recorded evidence, it need not be a limit for the defense. When the strategy is to make the defendant’s case from the recorded evidence, it is your client’s interest that will suffer from any shortfall in the accuracy of the transcripts the defense presents.

Auditing the prosecution’s transcripts while listening to the companion audio file will identify what recorded material has been selected for transcription by the prosecution and what has not. Creating a list of these transcribing exclusions, whether only short passages or entire conversations, informs the defense of what conversations the prosecution thinks extraneous to its case. Those untranscribed recordings and any partially transcribed recordings may well include the unknown material that is useful to the defense. At best, they may contain information useful to the defense that the prosecutors failed to transcribe, rendering them helpless to anticipate its use. At the least, the defense knows that there is nothing harmful if it were to be transcribed at a later date by the prosecution.

A superior set of transcripts can provide the defense a distinct advantage. Having the “high ground” in the most complete transcription allows the defense to work its advocacy with more confidence about the subtle details of the conversations, a distinct advantage when the evidentiary angels and devils are most often found in the barely intelligible recorded passages. When skeptical jurors confirm with their own ears that the defense transcripts are more precise than the prosecution’s, defense arguments made from those transcripts gain more credibility.

Although a transcript may be unnecessary as an aid to understanding what is said in a recorded conversation, it is indispensable to the detailed analysis needed to cross-examine a prosecution witness with the recording. Once the defense is armed with a truly complete map of every word uttered into the government’s mikes, a detailed deconstruction of the topics, conversational behaviors and emotional control patterns can begin.


Deconstruct Undercover Conversations to Construct a Defense

It is counterproductive to cherry-pick the sequence of review by starting with recordings thought to be more or less incriminating. Whatever words are exchanged on a single recording, their meaning and context are drawn from all previous communications and are subject to amendment in subsequent exchanges. No conversation exists in a vacuum. No undercover tape among many is intrinsically self-explanatory. The recorded evidence must be reviewed in the chronological sequence in which it was produced to follow its narrative development, the shared references brought forward from previous conversations and the evolution in the patterns of conversational topics from one exchange to the next.

There are three categories of review that are basic to the exploitation of undercover recordings as evidence for the defense. These tactical choices are evidence that agents steer the course of a recorded conversation towards its predetermined strategic objectives. To make this argument, the defense must track all the language effects, topic effects and psychological effects in the conversations


Language Effects

Language effects are the means by which ordinary rules and conventions of conversation are exploited to shape a conversation into evidence of a crime. The linguistic methods of the undercover operative include controlling the introduction of new topics, the repetition or recycling of similar subject matter from past recorded or unrecorded meetings, conditioning the target to be responsive to agent’s conversational initiatives at the expense of his own and making word choices that to frame the recorded dialog in the most toxic terminology possible for future jury consumption. By organizing and then demonstrating the obvious patterns of undercover behavior, the defense can teach the jury about a covert agent’s practices in an undercover operation.  Then they can hear for themselves how his verbal interplay with the defendant is organized to arouse, sustain and reinforce the most prejudicial insinuations of criminal purpose, no matter how slight the client’s engagement in those objectives.

Who dominates a conversation is important to track because it is a sign of the intent to control the agenda of a conversation and to inflate the recorded discussion with more topics of the dominant speaker’s choosing. Simple courtesy or respectful deference to an elder or a business or social superior will allow the undercover agent to build a bonfire of inflammatory rhetoric intended to prejudice the ultimate consumer of the undercover recording, the jury.

Other conversational ploys include interruption of the target and sudden topic changes to avoid a defendant’s disavowing statements from reaching the recording.  The defense accentuates the uneven playing field by offering objective evidence that spontaneous exculpatory statements by the target were actively suppressed.

Purposefully vague phrasing is often employed by undercover operatives to leave ambiguity in a recorded conversation that can later be characterized as more prejudicial than were the literal words alone.  Conversation in an undercover meeting can often become so devoid of specifics that parallel conversations occur. A parallel conversation is one in which the parties continue to converse without recognizing that each has a different understanding of the words being used between them.  In everyday conversations, these misunderstandings are typically resolved within a sentence or two. In an undercover conversation, with an agent or informant being purposefully ambiguous, a parallel conversation can continue for much longer, creating a false impression of mutual agreement.

Over a series of recordings, the agent’s perception of how successful or unsuccessful he has been in meeting his undercover goals becomes evident from the topics he chooses to introduce again and again into the recorded conversations. Returning again to the same subject matter has twin purposes. If the recycled topic has been agreed to or resolved in a way consistent with the undercover agent’s objective to incriminate, then it will be repeated for the prejudice of multiple reinforcement. When the undercover operative recycles a topic for the target to agree or disagree, the topic recycling implies that the conversations to date have not produced the desired results.  Repeated recycling to obtain more satisfactory affirmations contradicts any prosecution assertions that the prerequisites for criminal prosecution have already been achieved. Even law enforcement officers cannot say they have caught a fish unless the fish takes the bait.


Topic Effects

Undercover conversations go through topic stages from the beginning of the operation until the end, with each stage intended to stair-step the defendant through a series of trust and bonding exercises, to explore the number and identities of like minded conspirators and to set out the predicate agreements or actions that must verify the progress of the target toward commission of an offense. At the end, the undercover agent will lead the client into that consummate recorded moment of closure during which a theatrically overblown arrest extravaganza occurs, possibly featuring special ops police, armored to their eyeballs, waving stubby machine guns, rushing into an office to neutralize the national security threat of an accounting fraud.

Patterns in the undercover agent’s choice of topics of conversation in meetings and recorded telephone calls are a virtual roadmap of the operation’s objectives. Conversation by conversation, supervising agents will script the undercover operative’s verbal overtures to calculate the optimal subject matter for the next recorded meeting. In making those adjustments to the conversational agenda for each successive encounter, the recordings provide a real-time window to the agents’ ongoing assessment of their progress in the undercover operation. When their own words clumsily mischaracterize or manipulate, or their words on tape belie the fact that their objectives have not been fulfilled by the client’s responses, the recorded evidence is beneficial to the defense.

Following how targets respond to specific topics can be very nuanced. Did the client respond deferentially or with a redirection? Was the client response either a tentative or qualified agreement? Was the defendant driven by undisclosed feelings or assumptions about his words’ purpose? Was the target compelled by fear or intimidation to conform to the undercover agent’s requests? Are repeated overtures for the same agreement made? Are threats implied? Is a hesitance voiced by the target, only to be overcome by rough insistence, derogatory statements from the undercover agent or with an offer in compromise?  What topic initiation and response patterns emerge from the words of the agent and how are they distinct from those of the target? Are the undercover methods open to either the inculpation or exculpation of the target? Are there points in the operation when the target seems to falter under the weight or momentum of the plan and do the agents rally their rhetoric to restore the defendant’s further participation? Were the topics of unrecorded conversations mirrored by recital or reference in subsequent recordings? Juries must be made aware of all notable linguistic subterfuges so that they may balance the client’s degree of culpability against the undercover operatives’ ingratiation and encouragements.


Psychological Effects

Aside from conversational patterns, the psychological impact of the agent’s well chosen words are also important to note. To maintain their target’s “mission focus” within the narrow boundaries of the operation, agents will use staged anger to achieve agreement, or invoke God’s plan or make a desperate appeal to the target’s loyalty to family, nationality, tribe or church in support of the undercover agenda. To insulate the target from outside influence, undercover operatives will deny the target access to any friends or advisors who express doubts about the agent’s actions. When a target expresses fear or doubt, undercover agents do not hesitate to question his courage or manhood, or withdraw their supposed friendship and admiration from the target who has become emotionally or financially dependent.   

         Undercover roles and particular undercover personnel are often chosen to maximize the operation’s psychological influence over the target. An agent will pose as a desirable customer, as a mob connected businessman, as a friend of someone who the target respects, fears or owes a debt, or perhaps as just a wily Al Qaeda lieutenant, any role that will subordinate the target to the character role assumed by the agent. Older male agents may befriend younger targets to act as their business or spiritual mentors or as strong male role models or father figures.

Undercover agents exploit whatever emotional neediness they find in their targets. They often hunt the damaged stragglers in a controversial political group or choose easy targets, such as troubled people from a dysfunctional family or who are mentally challenged in some way. They will exploit financial compromise or any other hardship that would cause targets to overcome their inhibitions or conscience and go beyond their comfort zone to avoid the loss of the emotional support provided by the false persona of the undercover operative. An agent will act as an adoring admirer of his target, expressing adulation for the courage or insights of an insecure and unaccomplished individual to emotionally addict that target to the undercover agent’s direction.

Subtle psychological manipulations are not always plainly verbalized in the recordings, but they are equally powerful psychological manipulations that render an unsuspecting target more vulnerable to undercover entanglement than he would otherwise be. Much is made of a defendant’s predisposition. More needs to be made of law enforcement’s.


Advocacy in an Undercover Case

Advocating for the defense in the recorded evidence requires counsel to present a thematic cross examination of the undercover informant or agent using excerpts from the recorded conversations, focusing on their own choices of words and behaviors as well as the demonstrable patterns of manipulation and opportunistic exploitation. The defense purpose is not to ask for an explanation of the statement from the witness, but for an acknowledgement that it is present in the recorded conversation. Defense counsel can then combine such acknowledged statements to demonstrate for the jury that there is a scheme employed in the undercover conversations to exaggerate the collaboration and willful engagement of the defendant.

The defense must present example after example of undercover behaviors that demonstrate orchestrated patterns of conversational, topical and psychological compromise being leveraged together to falsely incriminate the defendant. The defendant’s behavior must also be mapped from the start date of his encounters with operatives until the arrest has occurred, in order to evaluate what actions were of the defendant’s own instigation and which were not.

Observations of agent conduct and its influence upon the defendant’s behaviors are not grasped intuitively by juries. They must be presented by the defense for what they are, strokes on a canvas that, when taken together, illustrate a very different conclusion about how the recorded conversations should be weighed as evidence. The defense advantage is not in any one agent action or suggestion, but in the overwhelming weight and number of persistent patterns of control and mischaracterizations of the defendant’s words and actions.  Only when the whole body of an undercover operation is dissected to expose the prejudicial sum of its parts will the recorded evidence become the best evidence for the defense.  Only then can the true voice of the defendant be heard. 


Sam Guiberson advises and assists other defense attorneys in cases involving undercover operations, electronic surveillance and recorded evidence.  For more information about his work, see or email

Cold, Coons or Punks: The Selective Perception of Recorded Speech

by Sam Guiberson


In the news coverage of Trayvon Martin’s death, a 911 recording of George Zimmerman has taken center stage. Advocates for Zimmerman’s claim of self defense, as well as advocates for his prosecution, have embraced this recording as certifiable evidence of their assertions about the actions and reactions of these two individuals during their encounter on that ill-fated night.

As the days of coverage have progressed, this 911 recording has been replayed over and over again on cable news and repeatedly enhanced by forensic audio experts. News commentators, lawyers, family proxies, and even experts have heard different words in the very same utterance on tape. This case presents one more learning experience about the neurological phenomenon we know as “hearing.”

What the ear feeds the brain to digest is a well-cooked meal that satisfies our hunger to communicate with each other almost all of the time. When hearing deficiencies, or a lack of ample or unambiguous audial cues get stirred up in the physics, neuroscience and psychology of why we hear what we hear, the routine reliability of communicating  with speech evaporates. When the easy consensus of what many ears hear as the same word is lost in the selective perceptions of individual listeners struggling to decide what word they think they hear, the tape recordings many proclaim as unassailably objective evidence become as subjective as your favorite color.

My personal experience with the transcription of thousands of hours of recorded evidence has taught me that there is no such thing as universal, objective comprehension of language. At the remote edges of marginally intelligible speech, where the brain fails at matching  a pattern of sonic information against a standard set of sound-to-language translations, our regular and mostly successful means of recognizing words is abandoned for more creative processes .

If the brain can’t attach a word to the sound drawn from its audial “muscle memory” of what words match what sounds, it begins to apply assumptions based on recollections from similar past experiences with language, contextual cues from contemporaneous conversation and our own individual expectations of what we think we should be hearing. In other words, we try to define experientially what we cannot define acoustically.  Our own present and past experience is our brain’s last resort in its desperate effort to decrypt ambiguous aural input. Individual perceptions that have little to do with what sonic impulses move through the ear canals ultimately decide what we think we hear.

We have all encountered such a phenomena with the elderly. When someone is hard of hearing misinterprets our words and substitutes other phrases for what we clearly said, we laugh at the disparity. When “I’ve got pilates class” is heard by a confused listener as “I’ve got potato gas,” we know that this listener took in less sound information than we communicated.

The minds of both the able and the impaired listener are functioning in exactly the same way, but because the latter is working with much less information to associate sounds with words, the impaired listener will have  to compensate with higher risk, and more likely inaccurate, associations to the most similar words they imagine might fit into the context of the conversation at that time. We construct an interpretation of an obscure spoken word by choosing to hear that word as what we most likely expected to hear, or what we have heard in similar situations in the past.

Since the invention of voice recording and the admission of tape recorded speech as evidence in courts, hard to hear recordings have become a more  challenging forensic issue less respectfully acknowledged and less well understood than the infirmities of the hard of hearing.

Microphones are dumb listeners. They only present the sounds they record without understanding what is more or less important to hear. The unpredictable and chaotic acoustic environments in which covert audio recordings are produced are not filtered into a hierarchy of minimum or maximum attention by a microphone as they are by a person engaged in conversation. When we converse with each other in a loud and distracting place, we automatically give less attention to the ambient noise around us, such as back ground noises and people speaking over one another. Because our brains have evolved into much more sophisticated instruments for  speech processing than microphones, humans can isolate the vocal range of sounds and selectively hear what is speech that is important to us rather than the random sounds that are not.

By presenting everything without selective perception, without contemporaneous contextual assessment of the reason for listening, i.e. to hear words, the recorded conversation is less stimulating and less dimensional than if we had experienced that same conversation personally. The concealed location of a microphone, low voice levels, intrusive background noises and poorly enunciated words can also diminish our ability to capture the less intelligible recorded language.

It is also a cruel trick of nature that the most important language evidence is often found in the most problematic zones of marginal intelligibility. When it comes to juries evaluating the probative value of words spoken on recorded evidence, the devil is in the details, often located deep down in the most obscure facets of a recorded conversation.

Everyone listening to the coverage of the Trayvon Martin case is a juror of sorts, trying to assess Mr. Zimmerman’s motives and behaviors and how they might have contributed to the fatal outcome. Once the 911 tape was available to the news outlets, the coverage began to focus on the cries for help that advocates for Zimmerman and Martin have each identified as being the voice of their man crying out for help. Because the passage on the 911 recording doesn’t include language content, the dispute turns upon the quantifiable dissimilarities in the distinct sonic profiles of each of their two voices. If their voices are dissimilar enough in range and pitch, the issue is settled in a scientific framework that is less disputable than the accurate recognition of recorded speech.

In the ensuing days of coverage, the focus turned to an under the breath utterance of George Zimmerman. On MSNBC, Larry O’Donnell announced that he could clearly hear the word “coons” being spoken in the version of the recording he aired. A lawyer for the Martin family agreed, other guests were equally sure or equally uncertain. Abruptly, the Martin’s attorney backtracked, indicating that the “coons” word was clearly heard on a tape that was not the same as what was just played and the scandal over Mr. Zimmerman’s words was mired in the uncertain provenance of the recording that lent itself most definitively to that damning interpretation.

This presents another fissure in the bedrock of certainty in evaluating recorded language evidence. The perception of what words are spoken can vary with the characteristics of a duplicate version of a recording and with what audio technology we choose to hear it. The technical properties of the playback equipment used, or even the bass, treble and mid-range biases of the speakers or headphones we use to listen can influence what we can hear when we are operating at the fringes of intelligibility. When dealing with obscure audio content, the media can definitely affect the message.

Playing defense in the 24/7 news cycle, Mr. Zimmerman’s spokespeople offered a distinctly different interpretation of that word uttered in that 911 call, one with a less prejudicial take. The word in question wasn’t “coons,” but “punks.” Soon thereafter, different forensic enhancements gave us both an endorsement of “punks” and a fresh alternative, “cold”. These words are not particularly similar, and yet even after enhancement using sophisticated forensic audio technology, the experts are hearing completely different words spoken in but a single second of sound.

When forensic audio technicians shape voice audio to render it more unnatural sounding, they do so for the purpose of making the spoken phrases more discernible, but the distortion has its own effect on the brain’s analytical process. The manipulated audio introduces tonal variations that can either reveal or obscure the sounds we need to recognize a word.

Listen to two different forensic renderings looping repetitions of the single enhanced word (mp4 format):


These enhancements produce different experiences for the listener. In the Owen enhancement, there is a sharper edge to the tone that is not as severe in the Brian Stone enhancement. When recorded speech is as aggressively modified as it is here, it may lead us away from accurate interpretation precisely because it steals away the tonal information about the pronunciation of vowels and consonants that our brains depend upon.

In the Owen enhancement, the resonant quality of the long “O” sound is flattened to approach an “ooh” sound that lends false credence to solving the word as “coon.” Mr. Owen is quoted in news reports as hearing “punk,” a choice that also depends on the absence of a long “O” vowel.

One way we can try to escape our selective perception and our intuitive process for recognizing obscure language on tape is to trick the brain into avoiding interpreting words at all. When we isolate the task to recognizing only phonetic units, we can eliminate the more complex engagement with the brain’s contextual processes of resolving what words are being spoken. These steps reduce the word identification process to simply identifying what individual sounds make up the word, and then deducing what the word can or cannot be from the sequence of sounds we identify as letters in the alphabet.

Each competing option for the word in question has four enunciations from the alphabet, known as “phonemes.” For “cold” to be validated, we must identify, in sequence, a /k/ sound for a hard “C”, a long “O”, an “L” sound and a brief closing “D” sound. For “punk” to prevail, we must hear, again in sequence, a “P” /p/, a soft “U”, an “N” sound and a closing “K” sound, a /k/. “Coons” would require an opening /k/, a soft and extended “O”, an “N” sound and a closing “S.” Since “punks”, coons, and “cold” all have only one syllable, syllabic stress is not a factor as it might be if our competing alternatives were “canyon” and “Cancun.” In the clips below, I have slowed down the progression of sounds on each of the two enhanced versions using identical settings in order to offer more experience with the phonemes that enunciate the word in question.


The Owen enhancement seems to infer a closing “S” even more overtly in the slowed version while the slow Stone enhancement seems to more likely arrive at a closing “D.” How can we explain the contrasts other than by the manner of the enhancement? A 911 tape isn’t governed by quantum physics – two distinct sounds cannot occupy the same place in a phoneme sequence at the same time.

On the three audio clips below, I have isolated and substantially slowed down the brief intervals in which each phoneme in the sequence must occur. The third and fourth are so brief that they must be heard together to make sense of them. If we can successfully identify the four sounds, or at least the ones that exclude the other phonemes, the correct interpretation of the word between the choices should become apparent. There is a little overlap in the phonemes to orient the listener.

Phoneme 1   Phoneme 2   Phonemes 3 & 4

All four phonemes don’t have to be definitive for us to rate one solution over the others as the most probable right choice. If the phoneme sequence begins, or ends, with a hard “C”, a /k/ sound, the more likely choices between the alternatives “punk” and “coons” or “cold” becomes apparent. In other words, no “P”, no “punks.” If the second phoneme is “O” or a “U” sound, another outcome is equally favored, since “Coons” doesn’t have a long “O” as does “cold.”

After listening, it is evident that the word in question begins with a  /k/ sound, a hard “C”. Most of the sound energy in the waveform is devoted to enunciating that /k/ sound. The long “O” sound is also apparent. So far, the word sounds like “coe.” This is where the sonic train comes off the tracks. The next phoneme of the two contiguous ones that run together is likely to be an “N” followed by… an “S” sound. What certainly never sounded like an ending “K”, and has flip flopped between sounding like an “S” or a “D”, depending on which enhancement one relied on, now sounds more like an “S”. Before the excerpt was isolated, it sounded more like a “D”.

Is it possible that Zimmerman committed a speech performance error when he said the word “coons” mispronouncing a long “O”? Is it possible that another phrase, “f’ing codes” is in play, and the “N” sound we register is just a poorly enunciated “D”? Could it be “f’ing cones?.” Is the method of analysis influencing our perception of the results of the experiment? Traveling from the macro to the micro scales of audio analysis, we find ourselves still questioning what we are hearing.

Our scientific knowledge has taken us to the moon and to the extreme depths of the ocean, but it cannot remove all doubt about a single spoken word. Language can be that complicated, less about certain outcomes and more about the elusively subjective human perceptions of what is heard.


Sam Guiberson advises and consults with other defense attorneys in cases involving undercover operations, electronic surveillance and recorded evidence.                         For more information about his work, see or email