Computers, Privacy & the Constitution

The ‘reasonable expectation’ test and technology.

The Fourth Amendment does not explicitly protect privacy. However, the court has extrapolated an inherent privacy protection: a person must “exhibit[] an actual (subjective) expectation of privacy and . . . that . . . expectation [must] be one that society is prepared to recognize as ‘reasonable’” Katz v. US, 389 U.S. 347, 361 (1967) (conversations protected because a phone booth is a “temporarily private place whose momentary occupants’ expectations of freedom from intrusion are recognized as reasonable”) (Justice Harlan, concurring).

Basing Constitutional protections on reasonable societal expectations is dangerous because it allows both the strictest protections of privacy and the most egregious transgressions, with no standard to differentiate between the two. A reasonable expectation of privacy would be altered by a government announcement that they will be randomly monitoring private phone calls. And who can reasonably say that rational actor expects any level of privacy with information stored online? The reasonable expectations standard could be interpreted to offer stronger protections of privacy, based on actual expectations and not technological capabilities, but its indeterminacy makes it woefully inadequate as a Constitutional standard.

‘Traditional’ privacy concerns.

The Katz analysis has resulted in some surprising conclusions when applied to the rapidly evolving world of technology. The 8th Circuit found that the user of a cordless phone, does not have the same “justifiable expectation of privacy for their conversations” that the user of the cord-ed phone, despite maintaining every privacy-suggesting element of a traditional phone call (dialing a single number to speak to a specific person, for example). Tyler v. Berodt, 877 F.2d 705 (8th Cir. 1989). They also found that a person publicly sharing files on an open wi-fi network retains no reasonable expectation of privacy. US v. Ahrndt, 2010 WL 373994 (2010)

Under this standard, users are responsible for discovering and countering the potential technological security weaknesses of their communication technology. Is the same true of someone who uses WEP encryption on their wireless router instead of WPA? This analysis seems unfaithful to the ‘reasonable expectations’ interpretation of the Fourth Amendment. Removing the cord from a home phone changes the user’s expectation of privacy as much as using a phone booth instead of a home phone does – not at all. Here, the ‘reasonable expectation’ test has been applied to the susceptibilities of new technology and not to social or individual expectations based on the interaction itself, producing a standard that consistently disadvantages the user.

Third-party doctrine.

The “third-party doctrine,” establishes that a person cannot have a reasonable expectation of privacy in information they disclose to a third party.

In handling recorded surveillance of undercover/confidential informants, the third-party doctrine assumed that an actor retained no reasonable expectation of privacy for information turned over in conversation. This argument relies on a definition of privacy that is zero-sum: once something is no longer a secret, one cannot reasonably expect it to be private (and assume, instead, that it is public). In the world of blogs and youtube, we know all to well that an admission to a third party can very quickly become very public. Under the reasonable expectations rule, a rational actor can no longer expect any admission to a third party to remain absolutely private.

This puts the criminal at a tremendous disadvantage, but also threatens the innocent person who does not want the entire world to know (for example) her sexual orientation. Because illegal acts are not the only things people wish to keep secret, treating an admission to a limited audience as a public status update betrays any reasonable conception of privacy.

Administrative and business records, although sometimes protected by statute (Pen Register, RFPA, HIPAA) or privilege, are not protected at a Constitutional level. The argument for accessing these records relies on the user assuming of risk of disclosure by choosing to make use of the service or store information with a third party. However, because (most) of all modern society runs off of someone else’s server, expecting everyone to abandon those third parties in order to preserve their Constitutionally guaranteed privacy is unreasonable.

Consent: a backdoor into ‘reasonable expectations.’

Reasonableness alone is not sufficient to determine whether the Fourth Amendment protects a communication or record. Instead, such justifications stem from a modified reasonable expectations standard that implies consent. Fourth Amendment rights can be waived through consent, but the burden is on the prosecution to prove that the consent was “freely and voluntarily given,” and that it was not given as “acquiescence to a claim of lawful authority.” Bumper v. North Carolina, 391 US 543, 548-549 (1968). This approach finds that communications to informants and records of bank statements are reasonably expected to be private, but the interaction with third parties serve as voluntary waivers of the privacy right.

Presumably, in the case of informants, some avoidable risk was taken by divulging confidential information to another. However, as Justice Marshall argued in his dissent in Smith v. Maryland, 442 US 735, 749-750 (1979) there is no assumption of risk if “as a practical matter, individuals have no realistic alternative,” unless they are “prepared to forgo use of what for many has become personal or professional necessity.” In this situation, a person “cannot help but accept the risk of surveillance.” Ever-present monitoring technology, from bank records to cameras on the street, makes the choice illusory.

Abandoning the ‘reasonable expectation’ test.

Reliance on subjective expectations or societal assumptions of risk is a perilous approach to Constitutional rights. Reasonable expectations are not based on a constant theory of protected areas. They reflect changing technology, the pre-regulation response taken by potential criminals and law enforcement, and the eventual regulations themselves. New technology is only covered to the extent law enforcement respects it, and third party records are only protected by marginal statutory regulation and the good will of the third party. Finally, the 'reasonable expectations' test, when relying on a presumption of consent, fails the voluntary requirement because of the ubiquitous nature of communication technology and online services and storage. A Fourth Amendment protection of privacy must make special provisions to protect the right to live unmonitored in a world of constant surveillance.

-- AlexanderUballez? - 16 May 2010

Alex,

While I agree with you that the "reasonable expecations" test has led to some questionable rulings by the courts, what do you feel would be a better constitutional "standard" to apply to Fourth Amendment privacy issues? I think that might be an interesting way to go with your paper.

-- EdwardBontkowski - 20 May 2010

 

Navigation

Webs Webs

r4 - 20 May 2010 - 02:43:23 - EdwardBontkowski
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM