The problem with privacy today is doctrinal. not generational, asserts Michael Price in a new analysis published in Georgetown Law's Journal of National Security Law & Policy. Current law affords little privacy protection to information about digital communications, undermining First and Fourth Amendment safeguards that are essential to individual freedoms and a robust democracy.
In this analysis, Price reviews the history of Fourth Amendment jurisprudence to identify missteps in doctrine that have led us to the current privacy gaps and calls on Congress and the Supreme Court to abandon the Third Party Doctrine and create a new framework that protects Americans' digitally stored data.
Most Americans now live in a world where nearly every call or click online leaves a digital trail that can be stored, searched, and stitched together to reveal an intimate portrait of private life. But current law affords little privacy protection to information about these activities, undermining First and Fourth Amendment safeguards that are essential to individual freedoms and a robust democracy. The so-called third-party doctrine has created a privacy gap by denying Fourth Amendment protection to expressive and associational data processed by third parties, including communications information and data stored in the “cloud.” Exacerbated by rapid advances in information technology and a proliferation of third-party records, the gulf continues to widen.
Congress has not stepped in to fill the void. The laws that govern online privacy are older than the World Wide Web. It is a frequent and wholly justified criticism of the American legal system that a great number of the people in charge of making the rules for modern information technology have little or no experience using email, sending a text, or reading a blog. And federal courts have been reluctant to delve into the business of regulating electronic surveillance, with the exception of two recent Supreme Court decisions that hint at a new way forward.
The Executive Branch, for its part, has taken advantage of the legal turmoil. As we now know, in the aftermath of 9/11, the National Security Agency began collecting phone records and online metadata in bulk, relying in large part on Smith v. Maryland—a 1979 Supreme Court case that involved one crime and one suspect’s phone records. And while there is a bipartisan push in Congress to update the decades-old law that gives electronic communications a patchwork of inconsistent and illogical protections, it remains to be seen whether the reform package will become law.
There is a strong temptation to blame the current privacy gap on a divide between so-called digital natives and digital immigrants—those who grew up using computers and the Internet, and those who did not. Of course, it is the older generation, the digital immigrants, who make the rules (at least for the moment). Perhaps a new crop of tech-savvy judges and politicians will set things straight? This presumes a great deal about yet-to-be-invented technologies and how different people will use them. And it also assumes that there will be no generational divide in the future.
The problem with privacy today is doctrinal, not generational. If the Supreme Court intends to afford greater privacy protection to personal data stored electronically, as it seems inclined to do, then it may want to consider a new analytical framework for the job. Existing Fourth Amendment tests are not fit for the digital long haul.
This article posits a supplemental approach to data privacy, one grounded in the history and text of the Fourth Amendment and easily applicable by all jurists—even those who lack a degree in information technology. The framework is compatible with existing Fourth Amendment tests; there is no need to displace them entirely. But the proliferation of highly personal third-party data demands an avenue for Fourth Amendment analysis that is cognizant of its role in society.
Section I is a brief history of the Fourth Amendment, focusing on its ties to First Amendment values in the development of search and seizure law. It tells the story of the Court’s doctrinal evolution from a focus on property rights and trespass law to the “reasonable expectation of privacy” test developed in Katz v. United States. The trespass approach is well established and well suited to determining whether the search of a home is constitutional. Similarly, the Katz test may be most appropriate when the issue involves searches of the person or even access to medical records. But neither of these approaches provides an adequate Fourth Amendment framework for assessing the privacy interest in expressive and associational data held by third parties. A third way may be necessary in order to account for twenty-first-century “papers.”
Section II dissects the third-party doctrine, a prime example of how the Katz test led the Court astray on information privacy. I deconstruct the origins of the doctrine and discuss its modern consequences, which have been devastating for digital privacy due to rapid changes in technology and the proliferation of third-party records. The doctrine was a misstep nearly forty years ago, but its full effect has now come into sharp relief and necessitates a course correction.
Section III proposes a new, supplemental Fourth Amendment analysis centered on the privacy of one’s “papers,” which enjoy equal billing with “persons,” “houses,” and “effects” in text, if not in practice. The Supreme Court has not been eager to articulate how the Fourth Amendment should apply to “papers” independent of their physical location in a “constitutionally protected area” like a home or office. But in light of the history and purpose of the Fourth Amendment, it is fair to say that “papers” should be read to protect expressive and associational data, regardless of its form, how it is created, or where it is located. Fourth Amendment “papers” may be pamphlets and letters in hard copy, or they may be digital files stored on a cell phone, hosted in “the cloud,” or even generated by a third party.
Of course, not all third-party records have significant expressive or associational value. An online search for political or religious commentary may be followed by one with no clear First Amendment value whatsoever. Embarrassing, perhaps. But is it really the kind of speech the Framers fought a revolution to protect? The truth is that no one can begin to tell before looking, and that is precisely the problem. Consequently, the constitutional default for searching or seizing such categories of data must be Fourth Amendment protection, that is, a warrant based on probable cause.
Section IV returns to the third-party doctrine and analyzes two common categories of third-party data using the test proposed in Section III. I articulate how the theory would apply to data stored in the cloud and to communications data, while seeking to avoid the pitfalls of existing approaches. I conclude that both types of data, as well as their associated metadata, should be protected under the Fourth Amendment and that law enforcement should be required to get a warrant before searching or seizing them.
Finally, I discuss the potential limits of this approach. Certain types of third-party records that we intuitively believe to be private, such as medical and financial records, do not always have obvious First Amendment value. At the same time, it is not difficult to imagine scenarios where there is in fact a First Amendment component. Thus, we must acknowledge their First Amendment potential and recognize that the inability to pre-determine content means that the default should be set to privacy.