TESTIMONY IN OPPOSITION TO HB2191

• The language in the bill covers a broad category of materials, including any device which could store electronic information, any media with electronically stored information, etc. This seems to grant an unspecified license that could be interpreted as seizing any electronically stored information, even beyond that which is identified in the warrant itself. The Fourth Amendment requires items subject to search and seizure be identified with particularity.
• Permitting law enforcement to essentially copy and transfer this data to review at a later time/date gives them the opportunity to do a much more comprehensive search than would otherwise be available and that search will very likely go beyond the scope of the warrant.

Government collection of private data bears with it a concomitant responsibility to protect that data.

• In a society where so much of our information is stored online, on electronic devices, and in databases over which we may have little or no control, privacy is a constant concern for every citizen. If the government puts itself in the position of holding private data, then it must also provide protections to prevent that data from being accessed and used by any unauthorized party. This bill gives broad discretion and indicates this information may be broadly shared without protections.
• A data breach is the unauthorized disclosure of information compromising the confidentiality of personally identifiable information. The state of Kansas itself, in fact, defines “security breach” as the “unauthorized access and acquisition of unencrypted or unredacted computerized data that compromises the security, confidentiality or integrity of personal information…” The federal Health Insurance Portability and Accountability Act (HIPAA) also defines a breach as the “unauthorized acquisition, access, use or disclosure” of protected health information—not merely the compromise of that information by hackers.
• Kansas does not have a good track record with this. For example, after a Crosscheck open records request, an independent auditor found the site exposed the private information of more than 900 Kansans, compromising everything from partial social security numbers in combination with full names and birthdates to home addresses and relationships. This information was stored on the Secretary of State website (sos.ks.gov) which researchers found is better managed than many other networks associated with the ks.gov domain are. Experts said even this more secure network within the ks.gov system was “significantly exposed.” Ultimately, the researchers found that infiltration of the larger Kansas government, by even a modestly proficient hacker, would be all but guaranteed.¹

• If a police agency gets a search warrant and seizes a target’s iPhone, can the agency share a copy of all of the phone’s data with other government agencies in the spirit of “collaborative law enforcement among different agencies”? Not without the Fourth Amendment being violated, a federal court ruled in United States v. Hulscher, 2017 WL 657436 (D.S.D. February 17, 2017).² This case makes it clear that private electronic information must remain just that.
• The court’s conclusion stated: “The government’s review of Hulscher’s unsegregated iPhone data constituted a search under the Fourth Amendment. Because the Leon good faith exception and the plain view doctrine do not apply, the government’s search of Hulscher’s iPhone data violated Hulscher’s Fourth Amendment rights.”³