You haven't established that this is a Constitutional standard, only that Justice Harlan in a concurring opinion said that's what the cases added up to. That's quite a difference to cover without mentioning it.

It's not clear to me why these are surprising conclusions for you. You might have quoted from Katz the Court's actual statement that "the Fourth Amendment protects people, not places," with the corollary that something exposed to the public from a man's home or office is not "private," which covers both the radio broadcast telephone call and the open wi-fi network.

Under this standard, users are responsible for discovering and countering the potential technological security weaknesses of their communication technology.

Not necessarily. The difference between open broadcasting and encrypted broadcasting with weak encryption, or broadcasting on frequencies that people are prohibited by statute from scanning might well be different. Now you are criticizing something somebody said once by claiming bad consequences you think it could lead to if not limited. This is a legitimate form of argument, but you need to be careful not to overdo it.

Is the same true of someone who uses WEP encryption on their wireless router instead of WPA? This analysis seems unfaithful to the ‘reasonable expectations’ interpretation of the Fourth Amendment. Removing the cord from a home phone changes the user’s expectation of privacy as much as using a phone booth instead of a home phone does – not at all.

I don't know how you concluded that. I can tell the difference between sending my words down a wire that you have to physically tap and using a radio device my neighbors can overhear. Is your standard of constitutional protection determined by the views of the most ignorant or careless citizens? Is that what you believe the Court held in Katz, or even what Justice Harlan said in the opinion that isn't what the Court said?

Here, the ‘reasonable expectation’ test has been applied to the susceptibilities of new technology and not to social or individual expectations based on the interaction itself, producing a standard that consistently disadvantages the user.

I'm not sure whether it disadvantages the user or not. That depends on whether you think the user is advantaged by being encouraged to overlook the privacy-defeating consequences in the real world (not in the world of constitutional mumbo jumbo) if he chooses to use unencrypted wireless voice communications in the 21st century.

As opposed to what other form of Fourth Amendment doctrine that applies the warrant requirement to documents or other evidence in the hands of unprivileged third parties?

What? This doesn't make sense as it stands. Could you explain how the reach of the warrant requirement has to do with asking questions about other people's sex lives? When has it ever required a warrant to ask people questions about other people?

Maybe. That depends on what the Fourth Amendment is about, as Justice Black says in dissent in Katz, a position you may well disagree with but haven't actually either said anything about or provided a good argument against.

I understand the conclusion, which I agree with, and I also understand the threat posed by circularity in limiting the scope of a right by "reasonable expectations" defined by the actual rulings of courts, leading to a Humpty-Dumpty form of constitutional decisionmaking, in which words mean only what the courts say they mean. I talked about this issue in class a good deal, the tedious recordings show. But I don't understand the assertion her that some particular words spoken in concurrence in Katz either changed the law or created the difficulty. Harlan said in Katz, in an attempt to deal straightforwardly with the "placiness" of the Fourth Amendment arguments adopted by both the government and the defendant in that case—the view that the Court is also rejecting, that the case turns on whether a phone booth is a "constitutionally protected space"—that the cases add up to a principle that warrants are required where people have both an actual subjective expectation of privacy and that this expectation is one that society (not the government) considers objectively reasonable.

Notwithstanding all the ire you direct at it, this has to be right. That which is not intended to be kept private isn't private, which is why consent is an adequate substitute for a warrant, and why the rule has always been that the policeman may look in every room in the house once the street door is passed. Equally, however, individual expectation cannot possibly be the sole determinant, unless warrants are to be required for all searches. So Harlan is offering no more than an obvious proposition, once one grants the premise (on which you and I also agree) that the warrant requirement cannot possibly reduce to a list of "protected" places, all other places being searchable without warrant always for any reason because not protected, because made of glass (as the government said about the telephone booth in Katz) of for some other really important reason like that.

On the other hand, if the principle so stated comes to be used to mean that once a court has ruled a search can constitutionally be conducted without warrant, there's no reasonable expectation of privacy and a warrant is never needed again in analogous circumstances, what was originally appropriate has become a tool of oppression. I agree once again that this is a concern, and I spoke of it in class, but it seems to me that your illustrations are not necessarily good ones. They seem to depend (and your commentary seems indeed to imply) on the primacy of subjective expectations. This converts Harlan's point, that anything which is not subjectively considered private isn't private, into the logically quite different proposition that anything widely considered private should be presumed the subject of a reasonable expectation.

This goes further than necessary, and to my eye it goes further than the constitutional tradition can possibly be stretched. Edward rightly says that you would best test your idea by the articulation of your preferable approach.

Alex,

While I agree with you that the "reasonable expecations" test has led to some questionable rulings by the courts, what do you feel would be a better constitutional "standard" to apply to Fourth Amendment privacy issues? I think that might be an interesting way to go with your paper.

-- EdwardBontkowski - 20 May 2010

The ‘reasonable expectation’ test and technology.

Basing Constitutional protections on reasonable societal expectations is dangerous because it allows both the strictest protections of privacy and the most egregious transgressions, with no standard to differentiate between the two. A reasonable expectation of privacy would be altered by a government announcement that they will be randomly monitoring private phone calls. And who can reasonably say that rational actor expects any level of privacy with information stored online? The reasonable expectations standard could be interpreted to offer stronger protections of privacy, based on actual expectations and not technological capabilities, but its indeterminacy makes it woefully inadequate as a Constitutional standard.

‘Traditional’ privacy concerns.

The Katz analysis has resulted in some surprising conclusions when applied to the rapidly evolving world of technology. The 8th Circuit found that the user of a cordless phone, does not have the same “justifiable expectation of privacy for their conversations” that the user of the cord-ed phone, despite maintaining every privacy-suggesting element of a traditional phone call (dialing a single number to speak to a specific person, for example). Tyler v. Berodt, 877 F.2d 705 (8th Cir. 1989). They also found that a person publicly sharing files on an open wi-fi network retains no reasonable expectation of privacy. US v. Ahrndt, 2010 WL 373994 (2010)

Under this standard, users are responsible for discovering and countering the potential technological security weaknesses of their communication technology. Is the same true of someone who uses WEP encryption on their wireless router instead of WPA? This analysis seems unfaithful to the ‘reasonable expectations’ interpretation of the Fourth Amendment. Removing the cord from a home phone changes the user’s expectation of privacy as much as using a phone booth instead of a home phone does – not at all. Here, the ‘reasonable expectation’ test has been applied to the susceptibilities of new technology and not to social or individual expectations based on the interaction itself, producing a standard that consistently disadvantages the user.

Third-party doctrine.

The “third-party doctrine,” establishes that a person cannot have a reasonable expectation of privacy in information they disclose to a third party.

In handling recorded surveillance of undercover/confidential informants, the third-party doctrine assumed that an actor retained no reasonable expectation of privacy for information turned over in conversation. This argument relies on a definition of privacy that is zero-sum: once something is no longer a secret, one cannot reasonably expect it to be private (and assume, instead, that it is public). In the world of blogs and youtube, we know all to well that an admission to a third party can very quickly become very public. Under the reasonable expectations rule, a rational actor can no longer expect any admission to a third party to remain absolutely private.

This puts the criminal at a tremendous disadvantage, but also threatens the innocent person who does not want the entire world to know (for example) her sexual orientation. Because illegal acts are not the only things people wish to keep secret, treating an admission to a limited audience as a public status update betrays any reasonable conception of privacy.

Administrative and business records, although sometimes protected by statute (Pen Register, RFPA, HIPAA) or privilege, are not protected at a Constitutional level. The argument for accessing these records relies on the user assuming of risk of disclosure by choosing to make use of the service or store information with a third party. However, because (most) of all modern society runs off of someone else’s server, expecting everyone to abandon those third parties in order to preserve their Constitutionally guaranteed privacy is unreasonable.

Consent: a backdoor into ‘reasonable expectations.’

Reasonableness alone is not sufficient to determine whether the Fourth Amendment protects a communication or record. Instead, such justifications stem from a modified reasonable expectations standard that implies consent. Fourth Amendment rights can be waived through consent, but the burden is on the prosecution to prove that the consent was “freely and voluntarily given,” and that it was not given as “acquiescence to a claim of lawful authority.” Bumper v. North Carolina, 391 US 543, 548-549 (1968). This approach finds that communications to informants and records of bank statements are reasonably expected to be private, but the interaction with third parties serve as voluntary waivers of the privacy right.

Presumably, in the case of informants, some avoidable risk was taken by divulging confidential information to another. However, as Justice Marshall argued in his dissent in Smith v. Maryland, 442 US 735, 749-750 (1979) there is no assumption of risk if “as a practical matter, individuals have no realistic alternative,” unless they are “prepared to forgo use of what for many has become personal or professional necessity.” In this situation, a person “cannot help but accept the risk of surveillance.” Ever-present monitoring technology, from bank records to cameras on the street, makes the choice illusory.

Abandoning the ‘reasonable expectation’ test.

Reliance on subjective expectations or societal assumptions of risk is a perilous approach to Constitutional rights. Reasonable expectations are not based on a constant theory of protected areas. They reflect changing technology, the pre-regulation response taken by potential criminals and law enforcement, and the eventual regulations themselves. New technology is only covered to the extent law enforcement respects it, and third party records are only protected by marginal statutory regulation and the good will of the third party. Finally, the 'reasonable expectations' test, when relying on a presumption of consent, fails the voluntary requirement because of the ubiquitous nature of communication technology and online services and storage. A Fourth Amendment protection of privacy must make special provisions to protect the right to live unmonitored in a world of constant surveillance.

-- AlexanderUballez? - 16 May 2010

<--/commentPlugin-->

The ‘reasonable expectation’ test and technology

The Fourth Amendment does not explicitly protect privacy. However, the court has extrapolated an inherent privacy protection: a person must “exhibit[] an actual (subjective) expectation of privacy and . . . that . . . expectation [must] be one that society is prepared to recognize as ‘reasonable’” Katz v. US, 389 U.S. 347, 361 (1967) (Justice Harlan, concurring); see also Kyllo v. US, 533 U.S. 27, 33 (2001). The rationale in the Katz decision protected conversations held within a phone booth because the user has entered a “temporarily private place whose momentary occupants’ expectations of freedom from intrusion are recognized as reasonable.” Basing Constitutional protections on reasonable societal expectations is dangerous because it allows both the strictest protections of privacy and the most egregious transgressions, with no standard to differentiate between the two. A reasonable expectation of privacy would be altered by a government announcement that they will be randomly monitoring private phone calls. And who can reasonably say that rational actor expects any level of privacy with information stored online? The reasonable expectations standard could be interpreted to offer stronger protections of privacy, based on actual expectations and not technological capabilities, but its indeterminacy makes it woefully inadequate as a Constitutional standard.

‘Traditional’ privacy concerns.

The Katz analysis has resulted in some surprising conclusions when applied to the rapidly evolving world of technology. The 8th Circuit found that the user of a cordless phone, does not have the same “justifiable expectation of privacy for their conversations” that the user of the cord-ed phone, despite maintaining every privacy-suggesting element of a traditional phone call (dialing a single number to speak to a specific person, for example). Tyler v. Berodt, 877 F.2d 705 (8th Cir. 1989). They also found that a person publicly sharing files on an open wi-fi network retains no reasonable expectation of privacy. US v. Ahrndt, 2010 WL 373994 (2010) Under this standard, users are responsible for discovering and countering the potential technological security weaknesses of their communication technology (the court did not address potential civil remedies against manufacturers for failure to warn). Is the same true of someone who uses WEP encryption on their wireless router instead of WPA? The 8th Circuit analysis suggests that it is unreasonable to expect that WEP encryption protects the privacy of a user’s network. This analysis seems unfaithful to the ‘reasonable expectations’ interpretation of the Fourth Amendment. Removing the cord from a home phone changes the user’s expectation of privacy as much as using a phone booth instead of a home phone does – not at all. The prevailing interpretation relies too heavily on the susceptibilities of technology and not enough on social or individual reasonable expectations.

Third-party doctrine.

The “third-party doctrine,” establishes that a person cannot have a reasonable expectation of privacy in information they disclose to a third party, and therefore denies all Forth Amendment protections. This loophole has been exploited in government investigations via two main pathways: the use of undercover agents and confidential informants to record conversations directly, and the access to administrative or business records that are increasingly recorded by third-party banks, credit card companies, cell phone companies, and various internet-based companies (from ISPs to webmail to Google).

Secret Agents

Remotely (third-party) stored records

Consent Searches: [4th, p.50]

An alternate view of the ‘reasonable expectations’ doctrine is that it is not a reasonable expectation of privacy doctrine at all, but instead a concession doctrine. This means that the intercepted communications from cordless phones and records of bank statements are reasonably expected to be private, but the use of insecure technology or third parties serve as voluntary waivers of the privacy right.

Fourth Amendment rights can be waived through consent, but the burden is on the prosecution to prove the voluntariness of the consent and the awareness of the right of choice [Bumper v. North Carolina, 391 US 543 (1968)] [Johnson v. US, 333 US 10, 13 (1948)]. In the case of informants, presumably some avoidable risk was taken by confiding confidential information in another. However, it is stretch to

Consent is not voluntary when an officer asserts a right to search and the searchee yields to this assertion. [Amos v. US, 255 US 313 (1921)]

Abandoning the ‘reasonable expectation’ test. Salvaging the reasonable expectations test may involve distinctions based on traditional understandings of communication, instead of on the capabilities of technology. Reasonable expectations would be maintained, regardless of susceptibility to hacking or interception, when the communication models the type that have traditionally been covered – person to person communications made in private – and that carry the reasonable ‘American’ expectations for private communication. Built into this definition may be an ‘average non-malicious use’ provision that excepts communications that an average person, going about their normal activities, would overhear. Unfortunately, even this seemingly basic ‘return’ to reasonable expectations does not fix the arbitrariness of the standard, nor would it hedge against future abuse.

While there is theoretical merit to this argument, in practice it is over inclusive. In a time before universal monitoring, a person who valued their privacy could rely on ‘natural’ processes (physical distance, the passage of time, fading memory) to keep their secrets – now that constant surveillance is possible, a person who values their privacy retains no such ‘natural’ defenses. This not only puts the criminal at a tremendous disadvantage, but also threatens the innocent person who does not want the entire world to know (for example) his or her sexual orientation, expectations for privacy are limited to those things they keep to themselves. In a world where illegal acts are not the only things people wish to keep secret, treating an admission to a limited audience as a public status update betrays any reasonable conception of privacy.

Reliance on subjective expectations or societal assumptions of risk is a perilous approach to Constitutional rights. Reasonable expectations are not based on a constant theory of protected areas. They reflect changing technology, the pre-regulation response taken by potential criminals and law enforcement, and the eventual regulations themselves.

Proposal: In communications: Presumption of privacy (must make public) vs. affirmative act to secure (must make private) In storage: “common carriers” are protected.

Orwell was an optimist

4th: Reasonable expectation of privacy Radio Cordless phones (why does removing the cord destroy the expectation) Wireless Email (why does removing the envelope destroy the expectation)

We don’t punish people for not locking their front door.

Substitution effects/Functional Role

As much as protecting privacy rights in electronic 3rd party facilitators may protect some criminal activity achieved through outsourcing, the countervailing privacy violations resulting from unencumbered access to the minute-by-minute record of every life outweigh the disadvantage imposed by requiring a warrant.

Clarity/Predictability

In terms of technology, I will examine the ‘reasonable expectation’ test in two broad categories. First, ‘traditional’ individual expectations and interactions involving specific devices such as cordless phones, home wi-fi networks, and other potentially ‘public’ uses of technology. I call these traditional because their treatment mirrors experiences such as holding a conversation in a public area or posting a sign in your front yard. The second group concerns interactions with (and through) third parties such as confidential informants, bank records, SMS services, and webmail. These are unique in that the third-party doctrine sets a blanket exception for all communications to third parties, automatically waiving any expected right to privacy.

-- AlexanderUballez - 16 May 2010

<--/commentPlugin-->