Computers, Privacy & the Constitution

The average layman and the Third Party doctrine

-- By SeanTan - 13 Apr 2018

Introduction

The Fourth Amendment currently protects privacy based on the “reasonable expectations” of defendants. This doctrine, introduced in Katz v. United States 389 U.S. 347 (1967), replaced the original trespass-based model of Fourth Amendment protection and was designed to “permit the Fourth Amendment to respond to changing technology” (Daniel Solove, Fourth Amendment Pragmatism, 51 BCLR 1511, 1519). Given the importance of privacy, it is crucial that the courts abstain from drawing artificial distinctions when interpreting the “reasonable expectations” doctrine, but instead strive to apply the doctrine in a way that truly coheres with the expectations of the average layman. Unfortunately, this has not always been the case. In this article, we will focus on the Third Party doctrine, which is arguably the biggest failure in this regard.

The Third Party Doctrine and Ignorance

The Third Party doctrine essentially holds that a person who voluntarily conveys information to a third party has no reasonable expectation of privacy because she “assume[s] the risk” that the information would be revealed to the police (See Smith v. Maryland, 442 U.S. 735, 737 (1979)). This has been applied in the context of pen registers (Smith) and bank records (United States v. Miller, 425 U.S. 435, 442-43 (1976)), with a potentially seminal case on cellphone location records currently pending decision by the Supreme Court (Carpenter v United States).

As technology develops, more and more personal data is being delivered into the hands of third party intermediaries, such as cloud services or phone companies. The Third Party doctrine effectively removes such data from the scope of Fourth Amendment protections, making it a huge threat to personal privacy if left unchecked. Faced with these new developments, the law could assume that society was aware of the Third Party doctrine (based on ignorantia juris non excusat), and thus had acquiesced, by entrusting their data to third parties, to the reduction in privacy – after all, there are, in many instances, ways to work around third party intermediaries for those diligent enough to acquire the technological knowhow. This may involve a degree of inconvenience, but it is hard to make a serious argument that convenience, in and of itself, is of sufficient importance to warrant Constitutional change.

The problem, of course, is that the average man is, in reality, mostly ignorant of the Third Party doctrine. While an empirical study is outside the scope of this article, it is probably safe to say that most Americans appear to be oblivious of the fact that they have traded off their constitutional protections by engaging with third parties, through utilizing cloud services or the GPS on their phones. What is important is not so much the convenience that new forms of technology bring, but the fact that society has, by and large, already made the uninformed choice to adopt it.

This brings us back to ignorantia juris non excusat. After all, the Third Party doctrine lays down a bright line, which puts the onus on individuals to structure their affairs accordingly. When it comes to privacy, however, the stakes are simply too high, and so the law must allow itself to be shaped by the behavior of society in order to ensure that it adequately fulfills its protective function. After all, wasn’t this what the shift from a trespass-based conception of the Fourth Amendment to “reasonable expectations” was meant to achieve? The Fourth Amendment “was intended to function as a barrier to government overreach and as a catalyst for other constitutional rights, notably freedom of speech and freedom of association, which are essential to a healthy democracy” (Michael W. Price, Rethinking Privacy: Fourth Amendment “Papers” and the Third Party Doctrine, 8 J. Nat'l Sec. L. & Pol'y 247, 260), a role that is more crucial than ever in a world where the very acts of reading, communication and association create records in the hands of third parties. This is of such fundamental importance that the law cannot afford to content itself with letting individuals suffer the consequences of their ignorance, and it must instead provide common sense principles that are designed to deliver adequate privacy protection to the average layman in the course of his daily life.

Reforming the third party doctrine

Unfortunately, the Third Party doctrine falls short of this ideal because it draws an artificial line at the involvement of any and all third parties without regard to their identity or the circumstances. Unsurprisingly, the average layman’s experience is not so clear cut. The main culprit is the fact that the doctrine is framed as an assumption of risk by the individual that “the information will be conveyed by [the third party] to the Government” (Smith, quoting Miller). The problem is that most laypersons do not take the Government as their threat level, and hence are unlikely to think about privacy in those terms. Take for instance the phone records in Smith. A layperson could probably be forgiven for thinking that her phone records were private because, of course, they are – albeit in relation to everyone but the Government. Since the average layman does not think of privacy in relation to the Government, the way he handles his private documents will not be ordered on that basis. Therefore, in order to adequately protect his rights, the Third Party doctrine must be changed to reflect the way he does conceive of privacy, i.e. vis-a-vie the public. The point here is not to condone naiveite. Laymen should ideally be cognizant of Fourth Amendment jurisprudence and shape their behavior along its contours. To the extent that they are not, a conscientious effort should be made to teach them. However, until that day comes, the framing of the Third Party doctrine in terms of snitching to the Government has resulted in a far greater loss of privacy than the individuals in society even realize, which has dangerous implications for the American democratic system. The law could blame these individuals for failing to keep up. It should find a way to protect them anyway.

The route to improvement is to take your points seriously, spend less time making them and more time considering what comes next.

For example, suppose there is legislation requiring parties retaining and processing data gathered from the public to be encrypted at rest and in flight. Suppose that legislation does not provide for backdoors or other mandatory defects in the crypto. Does the existence of that legislation modify the assumption of the risk of disclosure by putting technical barriers to disclosure, and thus increasing the correlation between the subjective expectation of privacy and the Fourth Amendment requirement? Does legislation like HIPAA that blocks unauthorized disclosure change the Fourth Amendment logic? And so on. Perhaps if you spend fewer words on the premise, which you have adequately shown, you can spend more on these potential routes out of the problem as you define it.

(998 words)

 

Navigation

Webs Webs

r2 - 10 May 2018 - 23:28:04 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM