Privacy in the Digital Age
While the media spotlight is focused on NSA leaker Edward Snowden's efforts to avoid extradition and prosecution, a crucial question lingers beyond the headlines: what government surveillance constitutes an unlawful violation of our Fourth Amendment privacy rights? In today's Digital Age, where electronic communication permeates nearly every aspect of life, what privacy rights do U.S. citizens have regarding both the transactional data and actual content of e-mails, phone calls, internet searches, and the like?
The Fourth Amendment of the U.S. Constitution ensures "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" and provides that no warrants shall be issued unless those who would search us show "probable cause, supported by Oath or affirmation," which "particularly describ[e] the place to be searched, and the person or things to be seized." Under the Fourth Amendment, probable cause "amounts to more than a bare suspicion but less than evidence that would justify a conviction."
Given that the Constitution was drafted prior to the advent of the internet and modern communications technology, courts have expanded the realm of protected private property beyond mere "papers and effects" to include intangibles such as the content of telephone conversations, text messages, and e-mails. This protection does not include transactional data, or "metadata," which refers to records rather than content and can include the history, tracking, or management of an electronic file.
For Fourth-Amendment protections against warrantless searches and seizures to apply, a person must exhibit a subjective expectation of privacy, and the expectation must be one that society is prepared to recognize as reasonable. However, one caveat remains: any reasonable expectation of privacy with respect to the content of a particular communication is lost when that content is deliberately conveyed to a third party. Traditionally, this pertained to telephone operators, banks, and service providers with records of otherwise private information. The Supreme Court articulated this "third party doctrine" in determining "[w]hat a person knowingly expresses to the public, even in his own home or office, is not a subject of Fourth Amendment protection." Hence, according to the Supreme Court, one has no reasonable expectation of privacy to, and the government can obtain without a warrant, any information intentionally provided to a third party.
One of the first cases articulating the third party doctrine was Smith v. Maryland, where the Supreme Court held that the installation of a pen register by a telephone company at the request of police, which was used to record the telephone numbers dialed from a man's home, did not constitute a "search" within the context of the Fourth Amendment. Therefore, the surveillance could be implemented without a warrant. "All telephone users realize that they must 'convey' phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bill." The court applied the third party doctrine to justify the warrantless search because, according to its reasoning, the defendant had knowingly provided his telephone provider with a phone number, regardless of whether the phone call itself was made privately.
When Smith was decided, it was easy to differentiate between records and content, a dialed number and a conversation. But now that most electronic communication comprises data transmitted through a third party, it is unclear whether the Smith standard remains appropriate.
Given the public response resulting from Snowden's revelation that the NSA is using technology to collect and store the transactional data of millions of U.S. citizens' phone calls without a warrant, it may be time to re-examine the third party doctrine and how it is being applied. The Foreign Intelligence Surveillance Court Order, which authorized the NSA to collect the telephone records of Verizon customers, specifically limited the scope of the collection to "telephony metadata" and not the "substantive content of any communication." However, the potentially revealing nature of metadata, "knowingly" provided to the phone company, has created a question of whether continued use of the third party doctrine is a justified exception to the constitutional requirement of a warrant. Specifically, does the use of modern technology to expedite the warrantless government collection, storage, and analysis of transactional data in fact violate constitutional privacy rights?
On June 11, 2013, the American Civil Liberties Union (ACLU) filed a complaint against James Clapper, Director of National Intelligence, challenging the constitutionality of the NSA's warrantless acquisition of the ACLU's telephone records. The complaint alleged that Verizon customers' metadata should be treated as private property requiring a warrant to search and seize, even though the third party doctrine would likely lead a court to conclude that this data has been "knowingly revealed." The ACLU asserts that the use of technology to carry out the widespread collection, tracking, analysis, and storage of transactional data over significant periods of time "gives the government a comprehensive record of our associations and public movements, revealing a wealth of detail about our familial, political, professional, religious, and intimate associations," and thus constitutes a search of private information that requires a warrant supported by probable cause.
Communication technology has transformed since the days of Smith v. Maryland, and differentiating between "records" and "content" may not offer the same level of privacy than it once did, since metadata (digital records) can reveal substantively more information about an individual than can be obtained from a pen register.
In reality, everything transmitted by electronic means, including the content of a transmission, not just the metadata, is revealed and accessible, and can be stored by third-party providers. It is therefore possible that continued use of the third party doctrine may eventually lead warrantless court orders requiring the relinquishment of communication content based on the rationale that such content has been deliberately conveyed to a third-party provider. Hence the slippery slope of relying on the third party doctrine in the Digital Age. Given the extent to which society has become reliant on communications technology, individuals may "knowingly" provide third parties with data on a daily (even hourly) basis. With such issues in mind, Justice Sonia Sotomayor acknowledged in Jones v. United States that the third party doctrine is "ill-suited to the digital age."
In fact, the third party doctrine may have been flawed from the start. Its broad construction lends justification to warrantless government searches of any and all information revealed to a third-party provider, from dialed telephone numbers to documents uploaded to online cloud storage. In an age where nearly all of our communications pass through a third party, how can society maintain any reasonable expectation of privacy? If U.S. courts continue to use the third party doctrine, they risk undermining the spirit of the Fourth Amendment and eliminating society's expectation of privacy in all electronic communication.
Kara Goldman is a J.D. candidate studying at the Benjamin N. Cardozo School of Law and a student fellow at The Lawfare Project. Brooke Goldstein is a New York City-based human rights attorney and is the founder and director of The Lawfare Project. Benjamin Ryberg is an attorney and serves as director of research at The Lawfare Project.