The Limitations of the 4th Amendment – What it Can and Cannot Do

As we’ve discussed in class, the threat posed to individuals from big data derives not from individual data points, but from a reconstituted behavioral identity which can be exploited. Individuals face the danger of data exploitation from two distinct directions. The first danger comes from the data which individuals voluntarily (on its face) grant to entities in exchange for goods/services. In this relationship, generally the consumer allows the commercial gathering of data by larger entities, as by doing so the consumer is promised free or improved software and hardware. The second danger comes from the taking of data from larger entities by the government. In this relationship, the government uses the power of the law to compel entities to hand over the data they’ve collected on individuals, force entities to begin collecting data on individuals, or both.

While there are many arguments that the Fourth Amendment should prevent the government from forcibly collecting data, such a robust interpretation of the Fourth Amendment would in fact do little to curb the dangers posed by data exploitation. As long as the aforementioned relationship between individuals and private entities is viewed as voluntary, the Fourth Amendment can do little to prevent government collection of data.

The Dual Relationships of Data

The current privacy framework between individuals and larger entities, known as “notice and choice”, was adopted by the FTC in the 1970’s. This framework addresses privacy concerns through ensuring user notice and consent. The framework is designed to “preserve user autonomy,” “flexible, inexpensive to implement, and easy to enforce,” and “legitimize information practice.” Through TOS’s and EULAs, the common viewpoint is that individuals voluntarily give up information in return for goods and services. Though this viewpoint might be incorrect or flawed, under the current privacy framework the transfer and collection of data is viewed as a legitimate agreement between two parties.

In contrast, the privacy framework between individuals and the government primarily comes from the Fourth Amendment protections against unreasonable searches and seizures by the government, which do very little to curb the mass collection of data. Currently, the various government agencies conduct mass surveillance through contract, secrecy, or force. Through contract, corporations are incentivized to leave exploits open for individual surveillance or to deliver gathered data in return for a fee. If there is no contract, the data is stolen either through trade with other governments or governmental teams. If there is no contract, the data cannot be stolen, and an entity refuses to comply with a request for data, the government has the ability to use the power of the law as a bludgeon to enforce compliance.

Possess v. Access