Any book about cybersecurity law would be incomplete without an examination of the constraints that both the government and private companies have on monitoring networks and sharing information. From the Fourth Amendment's prohibition on unreasonable searches and seizures to the Cybersecurity Act of 2015, both the government and companies face significant constraints on monitoring electronic traffic, even if their intention is to protect networks and users.

As discussed throughout this book, cybersecurity involves more than just preventing viruses and malware from infecting systems or flooding networks with denial‐of‐service attacks. Cybersecurity involves efforts by both the private and public sectors to secure the Internet and computer systems and to fight cybercrime. This chapter focuses on the tools that U.S. government entities have to conduct cyber operations, and the limits on the use of those tools.

This chapter first examines U.S. legal restrictions on government and private sector surveillance. We begin with a discussion of application of the Fourth Amendment to electronic content, and the general prohibition on warrantless searches and seizures by the government and government agents. We then examine the Electronic Communications Privacy Act and its three components: (1) the Stored Communications Act, which restricts government and private sector access to communications and data that are stored on servers and in the cloud; (2) the ...