The Faulty Privacy Premise
- August 26, 2017
- Clayton Rice, K.C.
In my last post titled “Proxy Tracking” dated August 12, 2017, I discussed Carpenter v US which is pending in the Supreme Court of the United States, No. 16-402. The case has raised the question whether the warrantless seizure and search of historical cell site location information (CSLI) violates the Fourth Amendment. I reviewed some aspects of the Brief for Petitioner that was filed on August 7, 2017.
Three amicus curiae briefs have now been filed by technology companies, technology experts and legal scholars. I will give you two extracts from each brief.
1. Technology Companies
The Brief for Technology Companies As Amici Curiae In Support of Neither Party was filed by fourteen tech giants including Apple, Facebook, Google, Microsoft and Twitter. Although they do not take a position on the outcome, the companies assert that rigid rules such as the third party doctrine and the content/non-content distinction make little sense in the digital world and “should yield to a more nuanced understanding of reasonable expectations of privacy” including consideration of the sensitivity of the data and the circumstances under which it is collected by or disclosed to third parties.
- In the digital context, inflexible doctrines that categorically foreclose any protection for data automatically generated by ordinary digital activity – or that will be generated by the yet-to-be-conceived technologies of tomorrow – are not sustainable. In particular, the analog-era notion that transmission of data to a third party is necessarily “voluntary” conduct that precludes Fourth Amendment protection should not apply in a world where devices and applications constantly transmit data to third parties by dint of their mere operation. No constitutional doctrine should presume that consumers assume the risk of warrantless government surveillance simply by using technologies that are beneficial and increasingly integrated into modern life. Similarly, the fact that certain digitally transmitted information might have been traditionally classified as “non-content” should not unconditionally bar Fourth Amendment protection, as this data can often be highly revealing of the intimate details of a user’s life. (p. 11)
- Rather than adhere to rigid Fourth Amendment “on/off” switches developed in the analog context, courts should take a more flexible approach that realistically reflects the privacy people expect in today’s digital environment. Consistent with the general reasonable expectation of privacy inquiry, courts should focus on the sensitivity of the data at issue and the circumstances of its transmission to third parties. That approach would better reflect the realities of today’s digital technologies and accommodate the technologies of the future. (p. 11)
Nathan Freed Wessler, an attorney with the American Civil Liberties Union, one of the counsel acting for Carpenter, has reportedly said that the companies’ brief represented a “robust defense of their customers’ privacy rights in the digital age.” (See: Andrew Chung. Tech companies urge Supreme Court to boost cellphone privacy. Reuters. August 15, 2017)
2. Technology Experts
The Brief of Technology Experts As Amici Curiae In Support Of Petitioner was filed by nineteen world renowned technologists including Bruce Schneier of the Berkman Center for Internet & Society at Harvard Law School; Dr. Matt Blaze who is the Director of the Distributed Computing Laboratory at the University of Pennsylvania; and, Philip Zimmermann, a cryptographer at the Delft University of Technology’s Faculty of Electrical Engineering and the creator of the encryption software Pretty Good Privacy (PGP). The experts argue that CSLI is no longer “confined to crude approximations” but is now “sophisticated and precise”. It has the potential to expose a wide range of information about our “habits, activities and associations”.
- The implications of unrestricted government access to CSLI for privacy and the freedoms of expression and association are profound. Even discrete pieces of CSLI can be used to uncover highly sensitive personal information – including an individual’s medical conditions, religious beliefs, or political affiliations. Aggregated over time, CSLI is even more revealing, exposing an individual’s social circles, romantic liaisons, and even morning and nightime routines as they move about their house. Combined even further with publicly available data, such as maps, calendars, and social media postings, CSLI has the potential to reveal the most intimate details of a person’s life. (p. 5)
- Cellular carriers now routinely retain months and even years of CSLI data, on all of their users. And law enforcement increasingly requests large trenches of this information – making up many months – for their surveillance targets. The use of this information without adequate court supervision has the potential to profoundly unsettle legitimate expectations of privacy. Amici therefore urge the Court to treat this issue as the serious and growing challenge to individual privacy that it is, and to institute appropriate safeguards for CSLI use, including requiring law enforcement to obtain a warrant, subject to traditional Fourth Amendment standards, before obtaining or using it. (p. 6)
The experts emphasize that (a) CSLI includes historical and prospective records (b) prospective location data includes the generation and acquisition of real time location information through a “ping” whereby the provider sends a signal to a phone to determine its location and (c) as law enforcement’s appetite for CSLI has grown, the phone companies have created “automated self-service websites” through which government personnel can request and receive location data. (pp. 10-2)
3. Legal Scholars
The Brief of Scholars Of Criminal Procedure And Privacy As Amici Curiae In Support Of Petitioner was filed by forty-two scholars engaged in research and teaching on criminal procedure and privacy law including Mark A. Lemley of Stanford Law School, Richard H. McAdams of the University of Chicago Law School and Jason Schultz of New York University School of Law. They assert that the court should resist extending the third party doctrine of Smith v Maryland, 442 US 735 (1979), which they describe as “a 38-year-old case built on a faulty privacy premise”, to the modern technology-dependent world. “Instead, ” they argue, “the Court should recognize that the new realities of this world require new legal doctrines to fit the privacy expectations shared by most Americans.”
- Criminal procedure and privacy scholars are in near-unanimous agreement that an extension of what some have called the “third-party doctrine,” which holds that people lack a reasonable expectation of privacy in information voluntarily conveyed to third parties, could eliminate citizens’ privacy in the modern age. CSLI (and other data transmitted to third parties in the modern age) can reveal an individual’s interests, friendships, activities, travel, associations, beliefs, health concerns, financial problems, employment, and education. Smith is grounded in a pre-digital era, and cannot support future application of the Fourth Amendment. (p. 2)
- As a matter of Fourth Amendment practice, extending the third-party doctrine would curtail digital privacy and encourage arbitrary government intrusions into the lives of American citizens. As a matter of Fourth Amendment theory, applying the third-party doctrine to the digital world would undersell the value of privacy, and contradict the logic of Katz v. United States, 389 U.S. 347, 359 (1967) (“Wherever a man may be, he is entitled to know that he will remain free from unreasonable searches and seizures.”) And, as a matter of precedent, Smith offers an inapposite and inadequate doctrinal foundation to support the future of a digital Fourth Amendment. (p. 3)
What, then, is the “faulty privacy premise” on which the third party doctrine is based? The central tenet of the third party doctrine is that when an individual discloses information to any third party for any purpose, regardless of confidentiality, he or she abandons any reasonable expectation that the government will not obtain that information without a warrant based on probable cause. I have argued previously on this blog that a reasonable expectation of privacy is not necessarily compromised by disclosure to a third party by virtue of the restricted purpose doctrine. There are many circumstances where an individual will have a reasonable expectation that information voluntarily disclosed will remain confidential and restricted to the purpose for which it is divulged. In the context of CSLI, the disclosure of data for the purpose of maintaining cellular service does not mean that an individual’s privacy interest in that data is relinquished for all other purposes. (See e.g., On The Wire. Digital Crumbs. May 16, 2017)
The scholars’ amicus brief engages this issue head on, at p. 16: “Most people recognize that ‘[p]rivacy is not an all or nothing phenomenon.’ Ashton, The Fourth Amendment and the ‘Legitimate Expectation of Privacy,’ 34 Vand. L. Rev. at 1315; Smith, 442 U.S. at 749 (Marshall J., dissenting) (“Privacy is not a discrete commodity, possessed absolutely or not at all. Those who disclose certain facts to a bank or phone company for a limited business purpose need not assume that this information will be released to other persons for other purposes.”) In disclosing information to a business, health care provider, or other third party, an individual has a reasonable expectation that his information will be used for a limited purpose and will not be disclosed to any other party without their permission.”
The case has not been set for oral argument although some commentators have speculated that it may be heard during the October Term. (See e.g., Cyrus Farivar. Tech companies, law profs agree: The Fourth Amendment should protect data. ArsTechnica. August 15, 2017)