In Smith
v. Maryland, the Supreme Court disseminated what has become known as the
“third party doctrine.” This doctrine asserts that,
under Fourth Amendment law, people have no expectation of privacy in
information they expose to others. This holding gives government access to
personal information about individuals, such as the websites they visit, who
they email, what phone numbers they dial, their banking and education records,
and so forth. The issue today is whether the Smith decision should be reconsidered, in light of evolving
advances in technology, which may change society’s expectations of privacy. The
Katz test
requires us to ask whether: (1) there is a subjective expectation of privacy on
cell phones; and (2) whether society is prepared to accept that expectation as
being reasonable. The first prong must be evaluated on a case-by-case basis. So
the issue boils down to whether society is prepared to recognize as
“reasonable” a person’s expectation of privacy regarding their cell phone data.
In Smith, the police requested that a telephone company install a pen
register at its central offices, in order to record the numbers dialed from the
telephone at petitioner’s home. Petitioner moved to suppress all evidence
derived from the pen register. The Maryland court denied the motion, finding no
Fourth Amendment violation, and the Appellate court affirmed. The Unite States Supreme
Court agreed with the Maryland courts, holding that the installation and use of
the pen register to obtain phone numbers dialed from petitioner’s home was not
a “search” within the meaning of the Fourth Amendment—therefore, no warrant was
required. Important to the Court’s decision was the Court’s belief that society
would treat an expectation of privacy in the information obtained—i.e. the phone
number one dials—as unreasonable because the high court had consistently held
“that a person has no legitimate expectation of privacy in information he
voluntarily turns over to third parties.” The Court relied on a previous case, United
States v. Miller, where Court found that a person’s bank records were not
private because people assume the risk that information they share with someone
could be revealed to another person, including the government. Under this
rationale, Smith had no reasonable expectation of privacy in the phone numbers
he dialed because he had to reveal the numbers he dialed to the phone company,
in order to dial them. Therefore, he should assume that the phone company could
reveal that information to others, like the government. It followed, then, that
the pen register installation was not a “search” for Fourth Amendment purposes,
since Smith had no reasonable expectation of privacy. It was important to the
Smith Court that “first,…telephone users know that the phone company, for its
own purposes, records the numbers dialed on a given phone; and second, that
dialing information was therefore voluntarily turned over to a third party. The
former conclusion defeated the defendant's subjective expectation of privacy;
the latter demonstrated that any expectation was unreasonable in any event.” United States v. Cusumano, 67 F.3d 1497,
1508 (10th Cir. 1995) vacated and
superseded on reh'g en banc, 83 F.3d 1247 (10th Cir. 1996)
(citing Smith v. Maryland).
Since Smith, the circuits have been split on whether the third party
doctrine protects cellular data from Fourth Amendment protection. The Fourth
Circuit has held that the government’s warrantless procurement of cell site
location information (CSLI) recorded by defendants’ cell phone service provider
violated the Fourth Amendment (U.S. v. Graham, 796 F.3d 332, 2015). The Fourth
Circuit also explicitly held that phone customers have no constitutionally
cognizable privacy interests in basic subscriber information, and thus, law
enforcement officer's procurement of defendant's phone records, without
securing a subpoena or warrant, did not amount to a constitutional violation
(U.S. v. Clenney, 631 F.3d 658, 2011). The Eleventh Circuit has held that the government
obtaining a court order under Stored Communications Act (SCA) for production of
cell phone carrier's business records was not a search and, even if it was a
search, obtaining records without a warrant was reasonable (U.S. v. Davis, 785
F.3d 498, 2015). The First Circuit held that the search-incident-to-arrest
exception did not authorize the warrantless search of data on a cell phone
seized from arrestee's person (U.S. v. Wurle, 728 F.3d 1, 2013). The Sixth
Circuit has held that a person does not have reasonable expectation of privacy
in inherent location data broadcast from his cellular phone (U.S. v.
Skinner, 690 F.3d 772, 2012).
Smith
has been relied upon to gather all sorts of personal data, including: Twitter account
information, tracking a
cell phone’s past locations, and the NSA’s bulk
collection of telephone metadata and Internet communications.
[1]
State courts have begun to fight
back against the Smith decision. The
following states recognize an expectation of privacy in phone records: Alabama (cell
site), California, Colorado,
Florida (phone and cell
site), Georgia (cell
site), Hawaii, Idaho, Illinois, Massachusetts (cell
site), New Jersey (phone andcell
site), Pennsylvania, Washington.
By statute, Georgia and Oregon require police to demonstrate
probable cause to obtain phone records. Several states have passed legislation that
requires police to obtain a search warrant to track a person’s location through
their cell phone.
Critics
of the Smith decision argue that “privacy
is not an all or nothing commodity” (citing Justice Marshall’s dissent in Smith). Most people have an expectation
of privacy in their bank records and the phone numbers they dial. As more and
more people begin to have an expectation of privacy in these things, and in the
cellular data contained on their phone, the expectation becomes reasonable
(instead of unreasonable, as Smith
would suggest, because it was disclosed to others). These critics make the
argument that “as more people do have an expectation of privacy in information
they’ve turned over to third parties, it's the Smith decision,
and not the expectation of privacy, that becomes unreasonable.” In a concurring
opinion in U.S.
v. Jones, Justice Sotomayor also suggested that the Court should
re-consider Smith, and adapt the law
to evolving technology. She stated that Smith
was “ill suited to the digital age, in which people reveal a great deal of
information about themselves to third parties in the course of carrying out
mundane tasks.”
I agree with Justice Sotomayor and
the critics of the Smith decision. I
don’t suggest that the third party doctrine is unsound—in fact, it sounds a lot
like a waiver of attorney/client or other privilege. However, the ubiquity of Cloud-based
servers makes almost all currently held data “voluntarily turn[ed] over to a
third party.” Yet most of this data is information we, as a society, absolutely
expect to be private. The law needs to adapt in light of evolving technology. Since
cell phones (and other mobile computing devices) are really just small personal
computers, they should be given the same privacy considerations. Court have
generally treated privacy issues regarding computers
as “closed
container” cases. Because courts recognize a reasonable expectation of privacy
in closed containers, courts have generally also found a reasonable expectation
of privacy for data held within electronic storage devices. [2]
I believe that society is ready to recognize as “reasonable” an expectation of
privacy on cell phones (and other data stored on the Cloud). As such, courts
should also recognize a reasonable expectation of privacy, and therefore Fourth Amendment protections, for cell phone records.
I agree with Angela’s point that, while not completely obsolete, the Smith decision requires modification in light of current technology. One of the biggest privacy threats based on the third party doctrine is the potential for the aggregation of data. As several of the articles cited mentioned, the scope of data that is currently implicated by the third party doctrine was largely unforeseen by the Court in 1979. In my view, the danger with the third party doctrine is the potential for the aggregation of data. It could be argued that phone metadata in and of itself is of limited utility (likely a weaker argument now than in 1979), but when combined with locations based on cell towers, the ALPR tracking discussed this week, GPS receivers, and the information given to other third parties like Google or Yahoo by using their email accounts (just to pick out a few), it becomes fairly simple for those with the intent to do so to develop a pattern of life analysis on individuals.
ReplyDeleteThis debate surrounding the appropriateness of Smith in light of recent technology could be addressed by the existing constitutional standard in Katz. Given the amount and type of information given to third parties, this is data that people generally have a subjective expectation of privacy in and that society has come to recognize as reasonable.
I also agree with Angela. It seems unreasonable to suggest that a person forfeits an expectation of privacy when they turn their private data over to a third-party when turning such data over to a third party is the only practical option for things such as cell phone service, data storage, and a slew of other services. Moreover, I imagine most lay people expect that services that store private data will keep that data private. Based on this expectation, it would seem reasonable for courts interpret the Katz test in such a way that recognizes an expectation of privacy to information that is turned over to third-parties with the expectation that such information will remain private. To fulfill this goal, I would be in favor of enacting state legislation that requires third-party service providers be more transparent and unambiguous regarding the manner in which they use private data.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteI find Justice Sotomayor’s analysis clearly on point. The sheer amount of information that we hand over to third-parties by necessity, from simply using our cell phones, should be protected in the aggregate. It is unreasonable to think that there is an actual choice in owning a cell phone and that people have no reasonable expectation of privacy in the data that is automatically downloaded to the cloud—that the notion that I give up my privacy right to a third party seems absolutely scary. Because the Fourth Amendment protects persons and not places, I agree that Smith should be re-evaluated in light of the more advanced technology. Police should be required to obtain probable cause for the collection of data given to third parties.
ReplyDeleteThe law has not caught up with technology and I am concerned how cases such as Knotts, and Karo, talked about in the Jones case, will be interpreted. In Knotts, a beeper that was placed inside a chloroform container allowing police to track the beeper, was not in violation of the Fourth Amendment. The installation was not a search or seizure even though Knotts didn’t know about it, as the consent of the original owner agreed to it’s installation and the monitoring was done on public roads. Where does this leave our reasonable expectation of privacy driving around town with our cell phones? Unlike in Karo, where beeper was also placed inside an object, it was moved into the home. However, in Smith the pen register was in the home and used to collect information because of the third party doctrine. It seems that following Karo, in light of today’s technology one could argue that our cell phones are constantly sharing data with third parties and thus we have no reasonable expectation of privacy—even when we are not using our phone. Following the logic of Jones, one would think that information to track your cell phone on the town, collected over a period of time, would violate a person’s reasonable expectation of privacy.
But what if information was simply saved with no intent to gather the information until there was a need and a search warrant is obtained and the information gathered quickly? I think people have a growing reasonable expectation of privacy in the collection of their data. In the beginning people have not been completely aware of the extent of privacy concerns when utilizing new technology. I agree with ALS that cell phones have the same privacy concerns and expectations as our computers.
The third party doctrine has severe shortcomings when applied to always-on, internet-enabled technologies, and indiscriminate application of this doctrine needs to end. I agree with the critics of the Smith decision in that it only applies to individualized, short-term surveillance of identified suspect with probable cause, rather than continuous bulk monitoring of everyone’s communication without so much as reasonable suspicion. Smith was set in an age when recording your call logs—and the consequent relinquishing of your Fourth Amendment rights—was a voluntary act. In today’s world, we do not have the means to control whether phone companies can collect these data about us, and therefore the act of sharing / relinquishing this information is no longer voluntary. Therefore, allowing the (Smith) exception will necessarily swallow the (Fourth Amendment) rule. Lauren Doney, in her comment “NSA Surveillance, Smith & Section 215: Practical Limitation to the Third Party Doctrine in the Digital Age” published in the National Security Law Journal Vol. 3, Issue 2 (Spring/Summer 2015) https://www.nslj.org/wp-content/uploads/3_NatlSecLJ_462-496_Doney.pdf offers a test for a “more nuanced application of the third party doctrine,” based on the underlying purpose of the doctrine: “first, the Court should determine if an alternative to sharing information with a third party exists. If one does not exist, the third-party doctrine does not apply, and the Court must then consider the context and consequences of the government action to determine whether a search has taken place.” Applying this test to the bulk collection of cell phone metadata, one must ask if there is an alternative to sharing this information with the third party, and the answer is no. This leads us to the second prong, where the Court must weigh the context and consequences of government action with regard to collection of cell phone metadata to determine whether a search has taken place. Adopting such a test might help the Court to clarify its rationale and potentially apply restraint in applying the Smith decision to and help strike a balance between the Fourth Amendment interests of the individual with the national security interests argued by the government. Ultimately, however, as Lauren notes in her comment, the way the Supreme Court has ruled in United States v. Jones (installing a GPS tracking device without a warrant) and Riley v. California (searching a cell phone without a warrant) lays the foundation for the Court to reconsider the third party doctrine.
ReplyDeleteI agree with all those above who have made comments on the third party doctrine in the context of the changes in society due to the advancement of technology. With so much information being held by third parties, it has become such a common practice so fast that there has not been time for the law to address issues fast enough for people to understand that by providing information to third parties there is no expectation of privacy. While this doctrine made sense in the past where the volume of information held by third parties was not as extensive and was not aggregated (the points made by Justice Sotomayor) I think that it could still be a viable doctrine, but not in the digital world. We allow so much information like bank records, health records, and other personal information to flow through third parties. Much of this information is protected by other laws which shows that as a matter of policy should be protected and therefore people automatically feel that the information transmitted is protected despite being passed through cell phone providers, ISPs, databank administrators, etc.
ReplyDelete