State-Sponsored Hash Searches & the Reasonable Expectation of Privacy
Volume 69, Online, 28-51
This Note examines whether, under the Fourth Amendment, the United States government can conduct searches based on hash encryption to comb through large digital databases such as the cloud and find files known to be incriminating. “Hashing” is an encryption process which assigns each encrypted file its own mathematically unique identifier called a hash value. The chances of two files having the same hash value is so improbable as to be almost impossible, unless the two files are exactly the same. A file with a minor edit, such as a document with one added period, will be assigned a completely new hash value by the algorithm. Thus, if two hash values match up, a person (or a computer) can know with certainty, without opening either file, that the files are exactly the same.
In the context of national security, hash values present a powerful opportunity to find criminal collaborators. If the government lawfully seizes one copy of a criminal plan, the government could then use hash searching to quickly identify co-conspirators by searching through the cloud for other accounts storing the same hash value. This Note considers whether the government can run hash searches on large databases without violating the Fourth Amendment. First, the Note locates hash searching within existing Fourth Amendment doctrine and discusses whether hash searches, particularly those conducted by computers, require a warrant. After examining whether existing warrant exceptions apply to hash searches it turns to consider, in the alternative, whether a warrant application based on a hash search could survive Fourth Amendment requirements such as particularity. The Note argues that hash searches fall under existing exceptions to the warrant requirement. In the alternative, hash searching’s extreme object particularity will satisfy the warrant requirement even in the absence of particularity regarding target identity and file location.