An emergency data request is a procedure used by U.S. law enforcement agencies for obtaining information from service providers in emergency situations where there is not time to get a subpoena. In 2022, Brian Krebs reported that emergency data requests were being spoofed by hackers to obtain confidential information.[1] [2]
There have been proposals to secure emergency data requests using digital signatures, but this would require substantial technical and legal effort to implement.[1] [3]
Implementing digital signatures would not solve the problem of compromised government and law enforcement email accounts. Hackers could still compromise these accounts and use them to submit fraudulent emergency data requests. Additionally, there is no validated master list of authorized law enforcement personnel, making it difficult for service providers to verify the legitimacy of the requests. [4]