Computers, Privacy & the Constitution

The Need for A Property-Based Approach to Data Privacy

-- By WillPalmer - 06 Mar 2015

Section I: Erosion of the Fourth Amendment Through the "Reasonable Expectations" Test.

The Fourth Amendment’s protection against unreasonable searches and seizures of one’s “persons, houses, papers and effects,” is historically grounded in notions of trespass and trespass to chattels. Despite its original focus on physical spaces, the Court expanded the Fourth Amendment’s protections to include a person’s reasonable expectation of privacy in Katz v. U.S., 389 U.S. 347 (1967).

Why don't you link the cases you cite? In the 21st century, isn't it fair for the reader to be given what she needs to read your work carefully. Katz v. United States, 389 U.S. 347 (1967) is much better than your citation, and is no harder to make. Please fix in the next draft.

This decision was an expansion of the Fourth Amendment’s protections; in finding that a wiretap of a public phone booth violated a person’s reasonable expectation of privacy, it directly overturned Olmstead v. United States, 277 U.S. 438 (1928), which had previously held that wiretaps do not violate the Fourth Amendment because they involve no physical trespass on the target’s property. Katz effectively added a “reasonable expectations” test to the Fourth Amendment, while leaving intact its longstanding protection against government’s physical trespass. Thus, under Katz, unwarranted searches of personal physical spaces and property are per se unreasonable, while other searches are subject to a two-part reasonableness test that considers the individual’s subjective expectation of privacy, as well as whether that expectation was reasonable.

However, in adding a reasonable expectations test to the Fourth Amendment, the Court opened Pandora’s Box, with the net result of significantly limiting the scope of Fourth Amendment protections. Under the third party doctrine, individuals have no reasonable expectation of privacy with regard to information they knowingly share with a third party. By this logic, the Court has applied the reasonable expectations test to hold that neither business records nor metadata (or “addressing information”) are protected by the Fourth Amendment. First, United States v. Miller, 425 U.S. 435 (1976) held that an individual has no reasonable expectation with regard to a bank’s records of her or his accounts, because the bank merely recorded “transactions to which the bank was itself a party.” Id. at 442. Second, Smith v. Maryland, 442 U.S. 734 (1979) held that a person has no reasonable expectation of privacy with regard to the phone numbers, dates, and times at which they make calls from their landline phones, for two reasons. First, the Court found that the person effectively conveyed these facts to the telephone company in the process of using their service to make the call. Id. at 745. Second, since telephone companies regularly make records of the numbers dialed for billing and general business purposes, any person would be reasonably aware that they possess this information and have the power to disclose it. Id. at 742.

Section II: A Property-Based Approach to Data Privacy

As the above cases suggest, the third party doctrine crucially relies on the third party’s first amendment right to disclose information it possesses. While a technology company’s handing over telephonic metadata to the government may have little to do with the notion of free expression, it nevertheless falls under the scope of First Amendment protection. If we were to treat certain types of personal information as distinct from the speech covered by the First Amendment, it could limit the ongoing erosion of the Fourth Amendment at the hands of the reasonable expectations test.

What has one thing to do with another? A search warrant or subpoena describes some material to be turned over in response to a judicial order. What difference does it ever make whether the material sought is a pair of shoes or a newspaper?

If individuals have a property interest in certain types of personal data, that could theoretically limit the discretion of companies to provide government access to that data.

Granted, such a fundamental conceptual shift comes with its own host of problems, some of which might be critically important for some parties, and irrelevant for others. First and foremost are the potential First Amendment implications: could such an approach be expanded to curb more conventional forms of free expression? Perhaps even more pressing is whether the denial of companies’ right to disclose information is itself a violation of the First Amendment, but to the extent that we conceive of certain types of personal information as a form of property, granting government access is comparable to a bank letting the government borrow money from one’s account without one’s consent.

Second, such a fundamental shift is completely at odds with the business models of almost every major internet technology company. As a practical matter, stiff opposition from the industry is a critical concern: any fundamental shift in case law would be challenged in court, and, failing that, likely would face a legislative reaction (at the behest of major technology companies). The ideal form of implementing this conceptual shift -- a constitutional amendment -- is equally problematic for the same reasons.

Third, likely the most difficult element in formulating a property-based approach to data privacy is determining its scope -- i.e., what types of data should be covered. Legislation already exists to provide individuals control over certain types of sensitive data about themselves, such as the Health Insurance Portability and Accountability Act and the Right to Financial Privacy Act. Susan W. Brenner & Leo L. Clark, Fourth Amendment Protection for Shared Privacy Rights in Stored Transaction Data, 14 J.L. & Pol’y 211 (2006). While it is difficult to articulate a unifying principle beyond the notion that certain types of data reveal “too much” about an individual to be subject to disclosure at the discretion of third parties, at least two types of data immediately stand out as fundamentally different in their power to disclose or reveal personal details: telephonic metadata, and GPS location data.

Two recent Supreme Court cases lend support to the view that these types of data are inherently, categorically different in their power to reveal personal information. First, Justice Sotomayor’s concurrence in U.S. v. Jones, 742 S.Ct. 945, 949 (2012) emphasized the power of GPS information to provide a holistic representation of an individual’s personal beliefs, habits, and relationships. Id. at 955. Second, the Court’s holding in Riley v. California, 134 S.Ct. 2473 (2014) held that the contents of an individual’s cell phone were protected by the Fourth Amendment precisely because of the sheer power of those contents to reveal a person’s inner life.

The draft can be improved by untangling the core legal argument, which is subject to a serious confusion as noted.

Navigation

Webs Webs

r2 - 28 Apr 2015 - 19:17:23 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM