Computers, Privacy & the Constitution

View   r3  >  r2  >  r1
SeanTanFirstPaper 3 - 11 May 2018 - Main.SeanTan
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"

The average layman and the Third Party doctrine

Line: 6 to 6
 

Introduction

Changed:
<
<
The Fourth Amendment currently protects privacy based on the “reasonable expectations” of defendants. This doctrine, introduced in Katz v. United States 389 U.S. 347 (1967), replaced the original trespass-based model of Fourth Amendment protection and was designed to “permit the Fourth Amendment to respond to changing technology” (Daniel Solove, Fourth Amendment Pragmatism, 51 BCLR 1511, 1519). Given the importance of privacy, it is crucial that the courts abstain from drawing artificial distinctions when interpreting the “reasonable expectations” doctrine, but instead strive to apply the doctrine in a way that truly coheres with the expectations of the average layman. Unfortunately, this has not always been the case. In this article, we will focus on the Third Party doctrine, which is arguably the biggest failure in this regard.
>
>
The Fourth Amendment currently protects privacy based on the “reasonable expectations” of defendants. This doctrine, introduced in Katz v. United States 389 U.S. 347 (1967), was designed to “permit the Fourth Amendment to respond to changing technology” (Daniel Solove, Fourth Amendment Pragmatism, 51 BCLR 1511, 1519). Unfortunately, much of its promise has been undone by the Third-Party doctrine.
 

The Third Party Doctrine and Ignorance

Changed:
<
<
The Third Party doctrine essentially holds that a person who voluntarily conveys information to a third party has no reasonable expectation of privacy because she “assume[s] the risk” that the information would be revealed to the police (See Smith v. Maryland, 442 U.S. 735, 737 (1979)). This has been applied in the context of pen registers (Smith) and bank records (United States v. Miller, 425 U.S. 435, 442-43 (1976)), with a potentially seminal case on cellphone location records currently pending decision by the Supreme Court (Carpenter v United States).
>
>
The Third-Party doctrine holds that a person who voluntarily conveys information to a third party has no reasonable expectation of privacy because she “assume[s] the risk” that the information would be revealed to the Government (Smith v. Maryland, 442 U.S. 735, 737 (1979); United States v. Miller, 425 U.S. 435, 442-43 (1976)). This has been applied in the context of pen registers (Smith) and bank records (Miller), and could potentially be extended to cellphone location records (Carpenter v United States). This is a disconcerting trend. As technology develops, more and more personal data is delivered into the hands of third-party intermediaries (such as cloud services or phone companies), which the Third-Party doctrine removes from the protection of the Fourth Amendment.
 
Changed:
<
<
As technology develops, more and more personal data is being delivered into the hands of third party intermediaries, such as cloud services or phone companies. The Third Party doctrine effectively removes such data from the scope of Fourth Amendment protections, making it a huge threat to personal privacy if left unchecked. Faced with these new developments, the law could assume that society was aware of the Third Party doctrine (based on ignorantia juris non excusat), and thus had acquiesced, by entrusting their data to third parties, to the reduction in privacy – after all, there are, in many instances, ways to work around third party intermediaries for those diligent enough to acquire the technological knowhow. This may involve a degree of inconvenience, but it is hard to make a serious argument that convenience, in and of itself, is of sufficient importance to warrant Constitutional change.
>
>
Unfortunately, the average layman is seemingly oblivious to the fact that she has traded away her constitutional protection through utilizing cloud services or the GPS on her phone. Against this stands the doctrine of ignorantia juris non excusat, which deems individuals to be cognizant of the Third-Party doctrine, placing on them the onus to structure their affairs accordingly. However, the stakes are simply too high. The Fourth Amendment “was intended to function as a barrier to government overreach and as a catalyst for other constitutional rights, notably freedom of speech and freedom of association, which are essential to a healthy democracy” (Michael W. Price, Rethinking Privacy: Fourth Amendment “Papers” and the Third Party Doctrine, 8 J. Nat'l Sec. L. & Pol'y 247, 260), a role that is more crucial than ever in a world where the very acts of reading, communication and association create records in the hands of third parties. In these circumstances, the law cannot afford to let individuals suffer the consequences of their ignorance, but must instead provide common sense principles that are designed to deliver adequate privacy protection to the average, ill-informed, layman.
 
Changed:
<
<
The problem, of course, is that the average man is, in reality, mostly ignorant of the Third Party doctrine. While an empirical study is outside the scope of this article, it is probably safe to say that most Americans appear to be oblivious of the fact that they have traded off their constitutional protections by engaging with third parties, through utilizing cloud services or the GPS on their phones. What is important is not so much the convenience that new forms of technology bring, but the fact that society has, by and large, already made the uninformed choice to adopt it.
>
>

Reforming the third party doctrine

 
Changed:
<
<
This brings us back to ignorantia juris non excusat. After all, the Third Party doctrine lays down a bright line, which puts the onus on individuals to structure their affairs accordingly. When it comes to privacy, however, the stakes are simply too high, and so the law must allow itself to be shaped by the behavior of society in order to ensure that it adequately fulfills its protective function. After all, wasn’t this what the shift from a trespass-based conception of the Fourth Amendment to “reasonable expectations” was meant to achieve? The Fourth Amendment “was intended to function as a barrier to government overreach and as a catalyst for other constitutional rights, notably freedom of speech and freedom of association, which are essential to a healthy democracy” (Michael W. Price, Rethinking Privacy: Fourth Amendment “Papers” and the Third Party Doctrine, 8 J. Nat'l Sec. L. & Pol'y 247, 260), a role that is more crucial than ever in a world where the very acts of reading, communication and association create records in the hands of third parties. This is of such fundamental importance that the law cannot afford to content itself with letting individuals suffer the consequences of their ignorance, and it must instead provide common sense principles that are designed to deliver adequate privacy protection to the average layman in the course of his daily life.
>
>
The Third-Party doctrine falls short of this ideal. The main problem is that the doctrine is framed as an assumption of risk by an individual that “the information will be conveyed by [the third party] to the Government (emphasis added)” (Smith, quoting Miller). This is artificial - most laypersons do not take the Government as their threat level, and hence are unlikely to think about privacy in those terms. Take for instance the phone records in Smith. A layperson could probably be forgiven for thinking that her phone records were private because, of course, they are – albeit in relation to everyone but the Government. Since the average layman does not think of privacy in relation to the Government, the way she handles her private documents will not be ordered on that basis. A solution needs to be found in order to close the gap.
 
Changed:
<
<

Reforming the third party doctrine

>
>
One way this could be achieved is by altering the behavior of third parties through legislation. For instance, it is possible to envisage legislation requiring service providers to encrypt the data they have received in such a way that it is difficult for them to comply with a request for disclosure (e.g. by putting in place genuine end-to-end encryption or committing to not storing the keys on their servers). Unfortunately, there is little reason to believe that Congress would be willing to push through such a bill. Indeed, if the political will were to exist, it would arguably be more elegant to simply eliminate the Third-Party doctrine rather than to shape behavior around an artificial construct. Another possibility could be to limit the permissibility of disclosure to certain enumerated situations, as was done in the case of the Health Insurance Portability and Accountability Act (HIPAA). Protection in this case would come directly from the statute, removing the need for the Fourth Amendment to shoulder the burden. However, even if this could be formulated, it is quite likely that the resulting text would lack the flexible qualities of the “reasonable expectations” standard, which may affect its effectiveness as a safeguard for privacy in the future.

To my mind, the ideal approach is not to skirt the problems with the Third-Party doctrine but to tackle them head on. Given the record of legislative inaction at the federal level (some states such as California have been more proactive in enacting privacy legislation at the state level, but state practice is uneven and it is desirable to have an overarching federal safeguard in this case), the Supreme Court should seize the next opportunity to modify the Third-Party doctrine in a way that conforms with the layman’s conception of privacy. Fortunately, this does not require a wholesale renovation. As previously mentioned, the main difficulty with the doctrine is that it is based on the assumption of risk that “the information will be conveyed by [the third party] to the Government (emphasis added)”. My proposal is that privacy should only be forfeited where an individual can reasonably be said to assume the risk that “the information will be conveyed by [the third party] to the public”.

Conclusion

To be clear, I am not suggesting that the above proposal will solve all (or even most) of the issues with the Fourth Amendment. For one, shifting the focus of the Third-Party doctrine towards the public instead of the Government may have implications for the practice of wire-tapping (though reconciliation does not appear to be impossible). More fundamentally, the “reasonable expectations” standard is not anchored in the text of the Fourth Amendment, and its foundations may creak in future. Nevertheless, I believe that this tweak would go a significant way in mitigating one of the more problematic areas in the Fourth Amendment jurisprudence and is worth further consideration.

 
Changed:
<
<
Unfortunately, the Third Party doctrine falls short of this ideal because it draws an artificial line at the involvement of any and all third parties without regard to their identity or the circumstances. Unsurprisingly, the average layman’s experience is not so clear cut. The main culprit is the fact that the doctrine is framed as an assumption of risk by the individual that “the information will be conveyed by [the third party] to the Government” (Smith, quoting Miller). The problem is that most laypersons do not take the Government as their threat level, and hence are unlikely to think about privacy in those terms. Take for instance the phone records in Smith. A layperson could probably be forgiven for thinking that her phone records were private because, of course, they are – albeit in relation to everyone but the Government. Since the average layman does not think of privacy in relation to the Government, the way he handles his private documents will not be ordered on that basis. Therefore, in order to adequately protect his rights, the Third Party doctrine must be changed to reflect the way he does conceive of privacy, i.e. vis-a-vie the public. The point here is not to condone naiveite. Laymen should ideally be cognizant of Fourth Amendment jurisprudence and shape their behavior along its contours. To the extent that they are not, a conscientious effort should be made to teach them. However, until that day comes, the framing of the Third Party doctrine in terms of snitching to the Government has resulted in a far greater loss of privacy than the individuals in society even realize, which has dangerous implications for the American democratic system. The law could blame these individuals for failing to keep up. It should find a way to protect them anyway.
>
>
(999 words)
 
The route to improvement is to take your points seriously, spend less time making them and more time considering what comes next.
Line: 40 to 46
 

Deleted:
<
<
(998 words)
 
Added:
>
>

Thank you. The post has been amended to take into account the comments.

-- SeanTan - 11 May 2018

 
 
<--/commentPlugin-->
\ No newline at end of file

SeanTanFirstPaper 2 - 10 May 2018 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"

The average layman and the Third Party doctrine

Line: 22 to 22
 Unfortunately, the Third Party doctrine falls short of this ideal because it draws an artificial line at the involvement of any and all third parties without regard to their identity or the circumstances. Unsurprisingly, the average layman’s experience is not so clear cut. The main culprit is the fact that the doctrine is framed as an assumption of risk by the individual that “the information will be conveyed by [the third party] to the Government” (Smith, quoting Miller). The problem is that most laypersons do not take the Government as their threat level, and hence are unlikely to think about privacy in those terms. Take for instance the phone records in Smith. A layperson could probably be forgiven for thinking that her phone records were private because, of course, they are – albeit in relation to everyone but the Government. Since the average layman does not think of privacy in relation to the Government, the way he handles his private documents will not be ordered on that basis. Therefore, in order to adequately protect his rights, the Third Party doctrine must be changed to reflect the way he does conceive of privacy, i.e. vis-a-vie the public. The point here is not to condone naiveite. Laymen should ideally be cognizant of Fourth Amendment jurisprudence and shape their behavior along its contours. To the extent that they are not, a conscientious effort should be made to teach them. However, until that day comes, the framing of the Third Party doctrine in terms of snitching to the Government has resulted in a far greater loss of privacy than the individuals in society even realize, which has dangerous implications for the American democratic system. The law could blame these individuals for failing to keep up. It should find a way to protect them anyway.
Added:
>
>
The route to improvement is to take your points seriously, spend less time making them and more time considering what comes next.

For example, suppose there is legislation requiring parties retaining and processing data gathered from the public to be encrypted at rest and in flight. Suppose that legislation does not provide for backdoors or other mandatory defects in the crypto. Does the existence of that legislation modify the assumption of the risk of disclosure by putting technical barriers to disclosure, and thus increasing the correlation between the subjective expectation of privacy and the Fourth Amendment requirement? Does legislation like HIPAA that blocks unauthorized disclosure change the Fourth Amendment logic? And so on. Perhaps if you spend fewer words on the premise, which you have adequately shown, you can spend more on these potential routes out of the problem as you define it.

 (998 words)

 
<--/commentPlugin-->

SeanTanFirstPaper 1 - 13 Apr 2018 - Main.SeanTan
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FirstPaper"

The average layman and the Third Party doctrine

-- By SeanTan - 13 Apr 2018

Introduction

The Fourth Amendment currently protects privacy based on the “reasonable expectations” of defendants. This doctrine, introduced in Katz v. United States 389 U.S. 347 (1967), replaced the original trespass-based model of Fourth Amendment protection and was designed to “permit the Fourth Amendment to respond to changing technology” (Daniel Solove, Fourth Amendment Pragmatism, 51 BCLR 1511, 1519). Given the importance of privacy, it is crucial that the courts abstain from drawing artificial distinctions when interpreting the “reasonable expectations” doctrine, but instead strive to apply the doctrine in a way that truly coheres with the expectations of the average layman. Unfortunately, this has not always been the case. In this article, we will focus on the Third Party doctrine, which is arguably the biggest failure in this regard.

The Third Party Doctrine and Ignorance

The Third Party doctrine essentially holds that a person who voluntarily conveys information to a third party has no reasonable expectation of privacy because she “assume[s] the risk” that the information would be revealed to the police (See Smith v. Maryland, 442 U.S. 735, 737 (1979)). This has been applied in the context of pen registers (Smith) and bank records (United States v. Miller, 425 U.S. 435, 442-43 (1976)), with a potentially seminal case on cellphone location records currently pending decision by the Supreme Court (Carpenter v United States).

As technology develops, more and more personal data is being delivered into the hands of third party intermediaries, such as cloud services or phone companies. The Third Party doctrine effectively removes such data from the scope of Fourth Amendment protections, making it a huge threat to personal privacy if left unchecked. Faced with these new developments, the law could assume that society was aware of the Third Party doctrine (based on ignorantia juris non excusat), and thus had acquiesced, by entrusting their data to third parties, to the reduction in privacy – after all, there are, in many instances, ways to work around third party intermediaries for those diligent enough to acquire the technological knowhow. This may involve a degree of inconvenience, but it is hard to make a serious argument that convenience, in and of itself, is of sufficient importance to warrant Constitutional change.

The problem, of course, is that the average man is, in reality, mostly ignorant of the Third Party doctrine. While an empirical study is outside the scope of this article, it is probably safe to say that most Americans appear to be oblivious of the fact that they have traded off their constitutional protections by engaging with third parties, through utilizing cloud services or the GPS on their phones. What is important is not so much the convenience that new forms of technology bring, but the fact that society has, by and large, already made the uninformed choice to adopt it.

This brings us back to ignorantia juris non excusat. After all, the Third Party doctrine lays down a bright line, which puts the onus on individuals to structure their affairs accordingly. When it comes to privacy, however, the stakes are simply too high, and so the law must allow itself to be shaped by the behavior of society in order to ensure that it adequately fulfills its protective function. After all, wasn’t this what the shift from a trespass-based conception of the Fourth Amendment to “reasonable expectations” was meant to achieve? The Fourth Amendment “was intended to function as a barrier to government overreach and as a catalyst for other constitutional rights, notably freedom of speech and freedom of association, which are essential to a healthy democracy” (Michael W. Price, Rethinking Privacy: Fourth Amendment “Papers” and the Third Party Doctrine, 8 J. Nat'l Sec. L. & Pol'y 247, 260), a role that is more crucial than ever in a world where the very acts of reading, communication and association create records in the hands of third parties. This is of such fundamental importance that the law cannot afford to content itself with letting individuals suffer the consequences of their ignorance, and it must instead provide common sense principles that are designed to deliver adequate privacy protection to the average layman in the course of his daily life.

Reforming the third party doctrine

Unfortunately, the Third Party doctrine falls short of this ideal because it draws an artificial line at the involvement of any and all third parties without regard to their identity or the circumstances. Unsurprisingly, the average layman’s experience is not so clear cut. The main culprit is the fact that the doctrine is framed as an assumption of risk by the individual that “the information will be conveyed by [the third party] to the Government” (Smith, quoting Miller). The problem is that most laypersons do not take the Government as their threat level, and hence are unlikely to think about privacy in those terms. Take for instance the phone records in Smith. A layperson could probably be forgiven for thinking that her phone records were private because, of course, they are – albeit in relation to everyone but the Government. Since the average layman does not think of privacy in relation to the Government, the way he handles his private documents will not be ordered on that basis. Therefore, in order to adequately protect his rights, the Third Party doctrine must be changed to reflect the way he does conceive of privacy, i.e. vis-a-vie the public. The point here is not to condone naiveite. Laymen should ideally be cognizant of Fourth Amendment jurisprudence and shape their behavior along its contours. To the extent that they are not, a conscientious effort should be made to teach them. However, until that day comes, the framing of the Third Party doctrine in terms of snitching to the Government has resulted in a far greater loss of privacy than the individuals in society even realize, which has dangerous implications for the American democratic system. The law could blame these individuals for failing to keep up. It should find a way to protect them anyway.

(998 words)

 
<--/commentPlugin-->

Revision 3r3 - 11 May 2018 - 10:18:59 - SeanTan
Revision 2r2 - 10 May 2018 - 23:28:04 - EbenMoglen
Revision 1r1 - 13 Apr 2018 - 18:49:30 - SeanTan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM