Wednesday, March 31, 2010

Are We Playing God?

Robin Williams stars in a movie titled, “Final Cut”. In this movie, people have the option to implement a memory chip in their brains that records every moment of their life. When they die, a person called a “cutter” uploads the chip to his computer and arranges the individual’s memories to represent that individual’s life. This “final cut” of the individual’s memories of his life is then played at his funeral. In the movie, there was a political group against this technology. This political group argued it is solely the place of God to know all of the details about an individual’s life. Thus, “cutters” like Robin Williams are playing the role of God as they watch hours and hours of film of an individual’s life from the individual’s memory chip.

I bring up this movie not because I believe memory chips will soon be implemented in our society, but rather to ask if the government will soon play God in the sense that cutters in “Final Cut” play God? Will the government eventually be able to see everything that occurs in our lives? I believe the full body scan is a step too far for the government.

Currently, we’re given the option of participating in the full body scan, but I argue that it will eventually become mandatory. An individual’s body is only for that individual to see and whomever he chooses to allow to see that individual’s body. Personally, I would feel quite uncomfortable having a complete stranger see me naked. True, the image is digital; nonetheless, the process is quite dehumanizing. I argue that a full body scan like the one presented in the YouTube video and the readings is not even necessary. Can’t a pat down suffice? Or, can the government wait to implement this technology until a generic image of the body is shown instead of the individual’s actual body? It cannot be that difficult to create a generic visual for the body, can it? Or, if we continue to use the body scan, could there be a computer program that searches the image rather than an individual? If the computer finds an unidentified object, then a pat down search by security would proceed. I believe either of these options would allow for improved security, while still maintaining one’s privacy.


Continuing with the theme of playing God, I would argue that searching a personal computer at random without reason could give security too much insight to another person’s life. People are continuing to intertwine their lives with technology. Family photos, past purchases, IM conversations, journals, and all sorts of documents are saved on any given person’s computer. When computers are searched, all sorts of embarrassing facts about that person (that are not even relevant to criminal activity) may be revealed to security. Security has no business knowing that much about another individual without reason to search them.

On another note, while I agree with Reese that government should be allowed to detain people for a long period of time at border check points, I also want to argue that the conditions for “reasonable suspicion” must be refined. To simply state that each search depends on an individual circumstance is not enough. This leaves an opportunity for ethnic and racial discrimination to take place at checkpoints. I think this is extremely plausible when evaluating the facts of the Mantoya de Hernandez case. I was shocked by the stark differences in which the majority reported the facts of the case when compared to how Rehnquist (the dissent opinion) presented the case. The majority opinion reported the facts in an apathetic tone and played down the embarrassing events Montoya de Hernandez had to face. The obvious differences in the rhetoric the majority opinion and Rhenquist used to describe Mantoya de Hernandez’s experience in detainment is representative of the great subjectivity used in judging what is a reasonable search and what is not. In this instance, luckily security was not wrong about their assumption that Mantoya de Hernandez’s status as a “balloon swallower”. However, what if they were wrong? That is always a possibility. Moreover, I can’t help but question how many American citizens the border-patrol stops to check for illegal drug ownership. Being that the illegal drug world is so expansive, there have to be Americans smuggling drugs as well. However, I have never heard of Americans being suspected for smuggling drugs and suffering through a situation similar to Montoya de Hernandez’s. This “reasonable suspicion” rule is not efficient at all. It’s completely subjective.

Borders and Laptops

There are several interesting issues at play in this week’s Fourth Amendment readings. The first issue I want to address is the idea that the border deserves a different set of rules from the interior of the country. Justice Brennan’s dissent makes a really interesting point that needs to be expanded upon. There is little legal question that the border should have different rules for the purposes of “immigration and custom control,” but for the purposes of a criminal investigation, “far different considerations apply.” These different considerations mean that people’s individual liberties are more protected when the investigation is of a criminal sort than of an immigration/customs type. Initially, I agreed with this line of reasoning, as Brennan goes on to lament the idea that warrants are necessary for many seemingly innocuous searches, but not to detain someone for 27 hours at the border, as happened with Montoya de Hernandez. A flaw in Brennan’s argument though, is this concession that customs control should allow different, less stringent rules for meriting a search or seizure. Customs is defined as an agency that controls the flow of goods including animals, personal effects, and hazardous items, in and out of the country. Montoya de Hernandez’ case was absolutely a customs case as she was smuggling illegal goods into the country.

Certainly, the officers did not deal with the Montoya de Hernandez case in a humane way, as there is no explanation for why it took such an excruciatingly long period of time for a warrant to be obtained and the command to excrete is inhumane and very worrisome. Nevertheless, if drug smugglers are going to go to such great lengths to break the law and bring illegal goods into our country, we must allow the people whose job it is to protect our borders to carry out their job—the initial seizure of de Hernandez because of a “reasonable suspicion” (her entire backstory) was valid, but the methods they used: demanding a pregnancy test and keeping her in a room without a bed for twenty-seven hours were not. The reasonable suspicion standard at the border seems fair and necessary for public safety, but the duration of seizure and intrusiveness of some searches must be more concretely defined.

In the Arnold case, Arnold makes an argument that searching computers, due to their ability to hold such a vast amount of information, should be treated like searches of “homes,” or even more interestingly, like the “human mind.” I don’t know how far I would take the comparison, but I have to agree that a laptop is fundamentally very different from other containers. This seems like a vast overreach of the government to be able to make such an intrusive look into personal material without even the medium standard of “reasonable suspicion” being necessary. The lack of physical danger associated with material that might be found on a computer makes these searches even more problematic in my mind.

Border Security and Technology

Border control officers must always walk a thin line between thorough, effective security practices and invasive searching. We all want our borders to be safe, but we also don’t want our privacy invaded when we travel; one could argue these two desires are mutually exclusive. Thus the government has become increasingly reliant on new security technologies like full-body scanners to balance these privacy and security concerns. For whatever reason, people feel more comfortable when a machine invades their privacy than when a human does so directly. When it comes to security, however, technology can be its own worst enemy.

As security measures become increasingly stringent, those who wish to transport contraband into the United States have resorted to increasingly radical techniques to achieve their aims. Balloon swallowers like Montoya de Hernandez are just one sort of the many desperate people who are willing to do anything, literally anything, to make it past airport security unnoticed. When suspicious individuals are caught in the act, however, border control is placed in the untenable position of having either to detain the individual for a more extended period of time than a normal Terry stop, or to apply expedient but potentially invasive investigative techniques.

In US v de Hernandez, as often happens in 4th Amendment cases, the court resolved to accept evidence obtained by arguably intrusive means, lest an obviously guilty drug smuggler go unpunished. Yet Brennan’s dissent raises legitimate concerns that detention based only on the “‘reasonable’ suspicions of low-ranking enforcement agents” is more characteristic of a police state than a free society. In my opinion, “Reasonable” suspicions are too often incorrect for invasive searches to not first be subject to some sort of judicial approval. In particular, Brennan cites one physician who claimed that in only 15-20% of the body cavity searches he performed did the customs officials’ suspicions turn out to be correct. Such a statistic is frightening.

So what are we to do? As people become increasingly creative about the ways in which they transport contraband, border control has little other option but to rely on new technology in order to protect our national security; this is a much more palatable alternative than full body cavity searches for more and more people. Yet until our security technology is perfect – and I, for one, doubt that this will ever be the case – reliance on increasingly invasive technology will only necessitate even more invasive practices in the future. I can only hope that at some point the government will draw a line.

Government and private parties

I wanted to bring up the problems that we’ve seen with third parties and non-governmental actors in the Fourth Amendment. One of the problems that Belkin mentions is private power and public-private cooperation. We’ve seen through the Fourth Amendment section that “third parties” and private entities have served as a problem, since the Fourth Amendment only strictly covers governmental actions.

The government seems to have addressed another side of this when it immunized the telecommunication companies from their participation in the NSA’s warrantless wiretapping program. (Incidentally, I read a little more about Qwest later and found out that they had filed a lawsuit against the government for allegedly denying them contracts because of their refusal to participate in this program.) The warrantless wiretapping program on the side of the government is already questionable, but when extended to the private parties it seems that it can be assaulted from both sides: on the one hand, private parties should be protecting our information because it is not as if they provide any sort of security mechanism; and on the other hand, we technically “release” our information to these private third parties, so who are we to restrict how they use the information?

It therefore seems that given the confusingly different and varied array of searches that are available via the Fourth Amendment, ECPA, the various wiretapping acts, etc., which may or may not apply to private actors and the government, that we should have some sort of more streamlined standards for searches. At the very least, I think that we need to admit that there’s been a blurring of the distinction between the government and private actors in this situation. In many ways, the information that private companies amasses through market research, etc., is just as comprehensive as that which the government gets through its methods of data mining. In an age in which the government is effectively applying a lot of pressure on private third parties to cooperate with it, shouldn’t we treat them both equally?

I don’t know if the proper solution is simply to implement more legislation – after all, there’s already such a mess of legislation that yet another law would only seem to really compound the problem. Yet at the same time, it seems like this might be the only solution. I’m also not entirely clear on the exact details of what it would be: we obviously can’t dictate that the government and private parties are exactly the same, but perhaps that in the context of searches and seizures, and especially when data is being given to the government, that private parties should be treated the same?

Sorry, Ben, but You're Wrong

The issue of national security sometimes takes precedence over the idea of personal liberty – that is a fact that we all readily accept. It is surprising to me that border searches and airplane searches raise such issues simply because these locations are particularly high-risk security areas. The fact that people often concentrate in these areas raises the need for increased scrutiny within these areas, and, in my mind, trump notions of personal privacy.

When a person walks down the street, he presents little risk to the welfare of the other people that might be around him on the street. If he is violent or abusive, he will be stopped and contained with little harm to the passers-by as compared to a highly congested area. If a large crowd is gathered on the street, the negative consequences will be more pronounced and afflict more people. Thus, law enforcement officials increase their numbers so threats can still be easily contained in order to protect the well being of the group. The fact that so many people can be adversely affected so quickly is the cause for concern and necessary factor for more security.

Continuing this analogy, imagine someone diving a car. Because of the particular circumstances associated with driving – high speeds, other people driving, potential for pile-ups and property damage – the state has an even more compelling interest in social safety and can thus legislate what may or may not be present in a vehicle – weapons, drugs, open alcohol containers. It is also important to note that cars, as vehicles, allow illegal actions to influence people beyond the normal personal space, such as a dealer transporting a shipment or a pedophile delivering child pornography. So, the fact that cars allow for mobility is further cause for more scrutiny.

A society has a compelling interest to protect its citizens from substances or content that it finds abhorrent or destructive to its values, and venues of mass transit are choke points where harmful content can enter. At these choke points, personal liberty takes a backseat to group security because of the high risks of mass transit. While it is unfortunate that law-abiding citizens may sometimes be harassed by intrusive searches, the unique attributes of both borders and airports necessitate more scrutiny than normal circumstances allow.

Thus, I have no problems with border computer searches, full body scanners (so long as they delete the image immediately and cannot print it off), or detaining suspected drug mules. My question: Benjamin Franklin once said “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.” Why does the Digital Age prove this aphorism to be antiquated? Does it?
Police officers, judges, and others integral to law enforcement are endowed with special authority to execute the law given their abilities and qualifications. These officials are chosen, in part, for their abilities and judgment to enforce the law and not to abuse their powers.

TSA officials, however, do not necessarily share the same qualifications or higher standards and so they should not share the same privileges. To allow them to be the arbiters of justice and security and to endow them with wide-ranging, privacy infringing powers is unacceptable. If a member of law enforcement has probable cause and obtains a warrant from a judge, then I do not question his ability to confiscate or search a laptop or other items. But even if a member of airport security just has no better reason beyond a gut feeling about someone traveling by plane, he has no right to confiscate or search any electronic device, extensions in this digital age of our own personal spaces; US v. Arnold and Homeland Security, however, seemingly grant them this power which so clearly violate Fourth Amendment privacy in the face of security. From a Bill of Rights context, to allow a single individual’s right to privacy be so easily violated by someone whose not been chosen for his judgment and with artificially-granted authorities puts civil liberties in jeopardy. In addition, total body scanners grants them even more invasive tools to use at their untested discretion; abuses are not only likely, they have happened.

Brennan’s dissent in United States v. Montoya better elucidates this point; reasonable suspicion may entitle an official for a brief terry stop, but he must immediately try notifying a judge for permission - during the entire retelling of Montoya’s holding, I saw little reason why none of them sought counsel from a judge. Ultimately, the Fourth Amendment does not afford the TSA and border officials the right to be both judge and enforcer upon people. In drawing a line between national security and Fourth Amendment privacy interests at the border, I think a balance is struck when we hold onto previously held standards - of needing probable cause and a warrant to conduct a search of a person and his possessions - terrorism does not necessarily fundamentally change the game.

But the example of the failed Nigerian bomb threat shows that the sharing of legitimately-attained information among agencies with the same jurisdiction, authority, and purpose is necessary and acceptable under Fourth Amendment terms. For example, allowing the NSA, CIA, and FBI - organizations which I think have similar jurisdiction and purposes - to share and access each other’s information (but not offering this information to some other unrelated federal branch or some smaller state or city) would be a boon for productivity as they are organizations dedicated to national security issues and would not infringe on Fourth Amendment rights. This information sharing is acceptable assuming the information they share are reasonably obtained; NSA mass surveillance does not fall under this category. Though secret surveillance may not necessarily prevent people from exploring exploring new ventures, as was my issue against surveillance as discussed in previous weeks, I think that the fact remains that NSA has not provided any reason they are entitled to this information beyond threats to security; national security is of paramount importance, but I think that using this faceless, omnipresent threat is a valid reason to throw out well-established and well-reasoned precedents for needing warrants and probable cause to break into someone’s privacy.
Since I did not post a blog post last week, the ideas in this post are a continuation of the issues that I had with the readings and cases from last week. Something that troubled me about these drug court decisions is this concept of "reasonable suspicion." I think individuals would all like to think that there are certain characteristics and actions that drug smugglers do that would label them unmistakably as such (paying with only cash, not checking any luggage, looking nervous, etc.), but as we saw last week in our discussion, when we compile all the characteristics of the drug smugglers in all of the Supreme Court cases, the characteristics are often polar opposites of one another and can describe almost any given individual anytime. Therefore, I want to discuss whether or not it is possible to define a set of characteristics that could serve as a checklist for "reasonable suspicion." In the Supreme Court case this week U.S. v. Montoya de Hernandez, the characteristics of Montoya de Hernandez that contributed to her suspicious status were her recent frequent trips to Miami and Los Angeles, her home destination of Bogota a source city of narcotics, her possession of $5,000 of cash, as well as an unconcrete plan of where she would be staying and how she would be traveling around Los Angeles. Insepctor Talamantes had determined from these facts that Montoya de Hernandez was a balloon swallower, and subsequently detained her. Read in context of the court case, many of us would agree that Montoya de Hernandez seems to be a drug smuggler, but taken out of context, many individuals would not have known what to label her.

I do not think our country can get away with relying on ambiguous terms anymore because no one deserves to be mistakenly thrown into detention. In the context of international border searches, it makes sense that the United States would be extremely overcautious about suspicious individuals into the country, but there should still be a laundry list of characteristics that constitute "reasonable suspicion" that is expressed to and understood by the general public. By having these characteristics set, debates and discussions on seizures and probable cause can be focused on whether these characteristics are an accurate representation of criminals and drug smugglers and veer away from whether the seizure itself had probable cause. I believe this to be a more fruitful way in which to conduct Fourth Amendment searches in the future.

Bumbling Bureaucrats

Something that was alluded to near the end of last week's class, but never ferreted out explicitly in the discussion, was the danger--or reality, as I see it--of "mission creep" taking hold of the federal government, particularly its intelligence agencies within the Department of Homeland Security (DHS). The prevalence of contracting between the private and public sectors, these agencies and telecommunications companies, is reminiscent of an iron triangle (i.e., "military-industrial complex") and all too prone to inertia or moral hazard at every vertex. 

The executive branch has been pressuring firms, unilaterally and without challenge, for their databanks or R&D products; these firms stand to receive kickbacks for complying with said demands, or threats when they don't, as in the case of Qwest vis-à-vis the NSA; and meanwhile, the third component to this crooked nexus, Congress, has been lax in updating its outmoded statutes so as to discourage further collusion between the other two components. For example, the USA Today article brought out a troublesome ambiguity in the Communications Act, that it fails to specify--or, more accurately, force the FCC to specify--the breadth of a Section 222 violation. Nowhere, too, does it specify the magnitude of an attendant fine, which needn't bear any relation to how many people's calling habits have been handed over to the government.

This misalignment of incentives is why law needs to keep pace with technology--not just for the reason Kerr identifies, namely that the function of government is no different from what it's always been, but also because human nature hasn't evolved like our technical capabilities have.

More often than not, I'm of the opinion that liberty should not be sacrificed upon the altar of security. My rationale is that it's far from clear-cut when such a sacrifice might directly contribute, in any discernible or meaningful way, to our collective safety. At the same time, I recognize there being extenuating circumstances, such as when our national security is truly at stake (or, according to the precedent of United States v. Arnold, when customs inspections are being carried out at entry points), that call for the momentary suspension of BoR protections.

What do I take issue with, then?  Not so much the conditionality of our liberties in times of public emergency, as the politicized process behind a determination of when--and whose--liberties are going to be revoked. In fact, I recall Tom Ridge, former chieftain of the DHS, admitting that he was coerced into raising the terror alert level on the eve of President Bush's reelection, presumably in order to cow the populace into sticking with the familiar. But, just as most of the 4th Amendment test cases have been fought over lowlifes, I reckon that low-ranking officials under the aegis of the DHS are the most likely to overstep their mandate and thereby infringe on the personhood of their vulnerable charges. Take the example of that Bollywood megastar who, in addition to having been racially profiled, dealt graciously with the unauthorized release of his nude body scan images. 

Of course, breaches of privacy like this one are nothing new, especially when a celebrity is involved. Keep constant the tendency for unthinking officials to commit snafus, while increasing the volume and consolidation of sensitive information at their disposal, and the result is bedlam that, for me, cancels out the utility of whatever gains have been made in preventing terrorism ex ante. 

Briefly, I see this taking place in two counterposed strains: 1) Many of those who have been targeted falsely, based on a suspect amalgam of their traits and behaviors, are not even aware of this. 2) In spite of these efforts at profiling and "link analysis," aspiring terrorists like the "Crotch Bomber" still may not be identified in time--even when all the indicators are there.

Together, those flaws do not argue for heightened screening and coordination among agencies. They suggest instead that imperfect detection is an inevitability, no matter how sophisticated our technologies, because humans will continue to be behind these efforts for the foreseeable future. Rather than stand by as this feedback loop picks up steam, we should be calling, at minimum, for transparency, (retroactive) notification, and even compensation for damages; ideally, for a halt to this potential for accumulation--and misuse--of our personal information.

Monday, March 29, 2010

Importance of Scope in Laptop Searches

In U.S. v. Arnold, the court lists four categories of materials that it had previously ruled searchable at the border without particularized suspicion: (1) the contents of a briefcase and luggage; (2) a purse, wallet or pockets; (3) papers found in containers such as pockets; (4) pictures, films and other graphic materials. Short of physical intrusiveness (such as a cavity search), the only way a search can be held as illegitimate is if it results in the destruction of property or if it is carried out in a particularly offensive manner. The court then holds that, because a search of a traveler’s laptop contents does not offend any of these three limitations, the search requires no particularized suspicion and is upheld.

This is a clear case of old law simply not mapping onto the digital world. While exceptions are made for “destruction of property” and “offensive nature of search,” there is no mention of scope in established border search doctrine. Prior to personal, portable electronic devices, there were significant physical limitations on the sheer volume of information that could be gleaned from an airport search. Indeed, it is very revealing that the Court’s example of an extreme informational scope is a “sophisticated executive with a locked attaché case.” Before portable electronic devices, a briefcase would likely be the most personal information that an individual could carry onto a plane.

However, it is rather self-evident that laptops, i-pods, cell phones and the like have drastically altered the implications of airline border searches. While Arnold’s contention that the laptop is akin to a “home” or the “human mind” is misplaced (it seems unlikely that the court would consider a laptop a “home” if they would not consider a “mobile home” as such), this bizarre construction calls further attention to the significant void in border search doctrine with regards to portable electronic devices. A laptop, in its capacity to hold nearly limitless amounts of personal information, is in a completely different category than papers, briefcases or any other pre-digital analogue.

Therefore, rather than attempting to map this case onto existing law through examining the applicability of the afore-mentioned three restrictions on border searches, the court would have be better served to consider the true scope of a laptop search and its implications for privacy concerns. As revealed by the behavior of the agents in this case (clicking on a folder of pictures labeled “Memories”), even cursory searches can reveal detailed, extensive, personal information. Also worth mentioning is the fact that individuals often have no choice but to bring these items along, and thus subject them to a search, as they play an indispensable role in everyday life for most Americans.

Given these considerations, perhaps a “reasonable suspicion” requirement would be appropriate for the examination of electronic devices during a border search. Or perhaps the court would find that national security interests do in fact outweigh privacy concerns. Nevertheless, it seems imprudent and irresponsible to view these searches only in light of outdated law, rather than fully considering the true scope and implications of laptop searches.

I think Kerr’s piece did a great job of really crystallizing and clearly exploring an issue which has come up in various ways throughout our discussions and readings recently. The question is when looking at how to adjust the laws for new technologies, how do we look at what the original law “was supposed to be” (as if we could ever really know this). Were the privacy laws designed the way they were because they knew that primitive technologies and human observations could only do so much to infringe on a person’s privacy, or were they intended to be timeless, regardless of technological advances? The analogy that first comes to mind would be this: were underage drinking laws passed with the understanding that when a minor has some of his parent’s wine at a restaurant nobody cares, or, if there could be some sort of alcohol detector chip implanted in each of us, would the law intend for a minor to be flagged as breaking the law if a drop of alcohol entered the body? (I realize this is an issue which people will have lots of other complicating personal views on, but the principle remains the same).

So, as we move into the age of this supposed Surveillance State, do we or do we not adapt the laws?

Though Kerr did a good job of going through the issues, I do not completely agree with his perspective on what to do with the advent of all these technologies. Simply stated, I do not think that just because there were certain inherent restrictions because of the technology our founders had, this means that they only expected those technologies to be used in searches. If there is a better technology that can more accurately track people and help law enforcement, why not use it? In some cases, the answer may be that it invades privacy, and therefore we should not use it. However, I found Kerr’s approach to be more along the lines of “if it wasn’t a feasible option then, we probably shouldn’t be doing it now.” In many cases, I think that foolishly restricts law enforcement and the ability of the government to better serve its citizens. For instance, if it were once hard to detect some forms of money-laundering (and clearly prosecuting people for this is one of the government’s jobs), if new software can scan bank records for various patterns and signs of money-laundering, shouldn’t we utilize it? Assuming this can be done in a way which does not violate people’s privacy, it seems strange to me to argue that because the laws were made at a time when preventing money-laundering could only be done ineffectively, we should continue to do this ineffectively. The question to be debated, then, is simply how much can we use these more effective technologies without them impeding on civil liberties?

This sort of brings me to my final point, which relates to sharing of information between law enforcement agencies. The current laws, which prevent information sharing under various conditions, seem to be an extension of an outdated and ineffective way of operating. As the 9/11 report shows, this kind of information sharing can be crucial to national security (and obviously also to many smaller-scale law enforcement efforts). The United States v. Isa case also provides a good illustration in my opinion. The case, I believe rightfully, found that once the government has done a legitimate search, what it finds can be used for purposes other than the original purpose of the search (this is akin to a police having a search warrant to look for explosives in a house, and then seeing cocaine lying out on the table). The point is if a legal search is being conducted, how can the government afford to ignore important evidence it finds? Concealing information between agencies is tantamount to simply ignoring the evidence in many cases, since other branches cannot act upon it. However, there are also compelling reasons to say that not everything the government knows about you should be available to every government official (a police officer does not need to know the details of your tax filings and medical situation). So how do we regulate this massive information regime that our government is becoming on order to make sure that all law enforcement can have access to all relevant information about a person, but not to superfluous information? What type of information is “relevant” for law enforcement purposes?

Sunday, March 28, 2010

Week 10: Fourth Amendment: “Special Needs” – Anti-Terrorism Efforts & Border Searches


In a post-9/11 world, the Government has a heightened interest in surveillance for national security purposes. How should traditional Fourth Amendment search and seizure doctrines be applied to new technologies like deep-packet inspection? What is the optimal balance? Is transparency important? Or would that undermine the very purpose of government spying? Similarly, the Government has always asserted a heightened law enforcement interest, as well as lower individual expectations of privacy, at border checkpoints. How much leeway should this “special need” give customs and immigration agents? Should the Government be able to confiscate and search your laptop or iPod at the border when you return from vacation? More broadly, where is the appropriate balance to be struck between national security and law enforcement interests, on the one hand, and autonomy and privacy interests, on the other? How are we to draw this line?


Required readings:

Border Searches:

National Security and Anti-Terrorism Efforts:

Thursday, March 25, 2010

What particularly alarms me about current Internet policies regarding privacy is that private establishments can track an individual’s activities on the Internet without the individual having any knowledge of being tracked, such as the company ChoicePoint [sic] and another company that can track what individuals are buying at grocery stores and student activities on the Internet. One could argue that these companies do not pose a real threat since the information they accumulate is only attainable by the government with a warrant or subpoena. As technology improves other companies will be able to record more activities in the physical world and the cyberspace. People’s lives are becoming more intertwined with cyberspace and the physical world as individuals can now shop online, communicate with through social networks, and conduct research all on the Internet. Before the vast improvement of technology, all of these actions could only be accomplished in the physical world; thus, the government could not invade a person’s privacy quite as easily. The architecture of the physical world posed many obstacles, such as the simply boundary of a private home or building, for the government to investigate a person’s private life. With the efficiency and success of the Internet, it is almost necessary for an individual to communicate for business and pleasure purposes through social networks and e-mail. The exclusionary rule in the ECPA does not protect e-mail and other means of technology, which means the government has access to such records. In Katz v. US, the Supreme Court decreed that the fourth amendment protects “people, not places.” However, it is paradoxical to not extend this concept to e-mails and technological forms of communication that are not protected from government interception in the ECPA’s exclusionary rule. In this instance, people are not being protected, but are rather vulnerable to having their privacy invaded.
It is logical to draw parallels between the use of public phones and e-mails. In both mediums, communication is the primary objective. However, in the eyes of the government, this is not true as the ECPA’s exclusionary rule as e-mails communication can be intercepted by the government and admitted into trials without the need of a warrant. This must mean that not all Internet actions can be related to the physical world. Where should the line be drawn?

Wednesday, March 24, 2010

False Positives

As you probably have figured out by now, I am less offended than most by government intrusion into our private lives. So it is at the risk of sounsing hypocritical that I wish to state my qualms with the proliferation of government database technology. The dissent in US v Ellison worries that heavy monitoring of the people all but eliminates anonymity, and may even chill speech and usher in a totalitarian government. Indeed, after 9/11 the American people have been subjected to random searches with increasing frequency when they travel. So long as psychologically invasive practices that may be acceptable in an airport, like metal detectors and bomb sniffing dogs, do not become the regular tools of highway patrolmen, I am relatively comfortable with a policeman's ability to run a car's plates to check for outstanding violations. This is a useful, expedient, and non-invasive practice. However, a number of the cases we read for this week bring up an important downside to law enforcement's reliance on database technology: the possibility of false positives.

I have the unlucky privilege of sharing the name with someone who has been placed on the national "No Fly List". What this means is that whenever I fly I am subject to extra scrutiny by the ticketing agent; more than once I have nearly missed my flight as a result. Even after registering with the Traveler Redress Inquiry Program a few years ago, I continue to have problems. While flying back from Florida with my family last week, an airline representative actually boarded our plane at the terminal and delayed takeoff in order to verify my ID in greater detail. If the Wikipedia page is to be trusted, I am far from the only person who has the problem. There are over a million names on the No Fly list currently, which means there are millions more false positives; each of us is guilty until proven innocent. And while I don't blame the government for trying to keep our skies safe, I am tired of being scrutinized like a criminal every time I check in for a flight.

The problem of false positives is not limited to air travel, but by explaining my own experience I hope I have demonstrated some of the risks at play as law enforcement becomes increasingly reliant on digital databases. Computers are very good at parsing and conveying information, but they lack common sense. No matter what the computer says, a college student on spring break with his family does not pose a security threat. Although cases like US v Sokolow have shied away from allowing law enforcement officers too much discretion in their actions, I believe that discretion can be very much a positive in certain circumstances. Reliance on databases can be useful, but a little common sense can also go a long way.

Ellison and Reasonable Expectations

US v. Ellison is an interesting case to examine for the purposes of the evolution of the Fourth Amendment. While Ellison’s defense focused on the officer’s lack of probable cause (since Ellison was merely idling in a Fire Lane—a semi-violation that may not even be against the law), the Court of Appeals focused on the always-controversial “reasonable expectation of privacy” standard. I deem it always-controversial because it seems so subjective, but justices are constantly making these types of judgments, so perhaps my frustration with the vagueness is misplaced. As was elaborated upon in US v. Sokolow (and previously in Cortez), “The process does not deal with hard certainties, but with probabilities. Long before the law of probabilities was articulated as such, practical people formulated certain common sense conclusions about human behavior; jurors as factfinders are permitted to do the same—and so are law enforcement officers.”

Anyway, the Sixth Circuit Appeals Court decided that a citizen has no reasonable expectation regarding the privacy of their license plate number because it is clearly visible to anyone in the public sphere, and the entire idea behind having license plates is to identify and keep track of drivers. With this explanation by the Court, they suggest that a car need not commit any violation in order for a police car to look up one’s records in the LEIN. I am still mostly comfortable with this, as I agree that one does not have a right to the privacy of the records that a license plate search might reveal.

My discomfort comes with what seems to me to be the shrinking physical space that is considered “private” with progressing technology. The “reasonable expectation of privacy” standard seems to move along a spectrum towards less and less privacy as our society evolves. These days, physical spaces of privacy are limited to the interior of the home that is not visible from a public space. The idea that the government can find out one’s past transgressions from their license plate number seems like an overreach. This could lead to police anticipating (perhaps falsely) criminal activity from past records that are accessible from the license plate. Considering that one cannot move any significant distance without a car, and one cannot legally own a car and drive it without a license plate, this seems problematic to me.

Digital People Watching

The issue of whether government data mining is a violation of the Fourth Amendment depends on whether ISPs are seen as a third party to a transfer of information through their servers. In many ways, this discussion is an extension of the one from last week. Despite popular opinion, the Internet has never been private and free from government intrusion – it’s only just now that the government has the resources by which to exploit Internet users’ lack of privacy. Part of the argument for data mining suggests that its not an action that inherently intrudes on someone’s privacy, since all searches are fed through a third party, the ISP.

Public information such a license plate numbers has always been held to be searchable without violating privacy rights, since the information is meant to identify a vehicle for law enforcement purposes. However, the analogy cannot be made for Internet searches because the point of searches is not to provide information to a la enforcer, but rather for the edification of the individual. A more appropriate analogy would be libraries, since libraries, in and of themselves, are meant to cater to the informational needs of their patrons. As a result, the ALA strongly discourages libraries to disclose lists of books checked out by its patrons. Still, even this analogy is insufficient to cover the immense breadth the Internet’s purview – libraries do not detail purchases, plan travels, or record finances.

Earlier in this blog, I argued that the Internet’s idiosyncrasy in modern life demanded that it receive the same protection that content distributed over phone lines receives. However, that came idiosyncrasy seems to provide an equally compelling case for its availability to law enforcement officials. In light of the compelling societal interest, I seem forced to argue that the government be allowed to do gather this information. Solove (and through him, Schwartz) provides strong challenges to this government access, such as how the information gathering will constrain democracy and individual self-determination and could perhaps even lead to a totalitarian state. Though many of these fears are perhaps overblown and informed more by emotional fervor that legal reasoning, it is nonetheless clear that we are entering a society where free information paradoxically confines us.

Thus, the question hinges upon whether we see the Internet as a public sphere where the government and industry can freely investigate, or a zone that is truly unrestricted that needs specialized protection. Personally, I feel that pattern searching software is justified because it seeks out patterns of behavior that warrant suspicion, analogous to a digital U.S. v. Sokolov. In this sense the government is merely an observer, not an intruder. The question: should the Internet be seen as a digital street upon which the government can observe the goings-on?

We’ve seen in several cases that involve newer technologies (such as the use of heat sensors and the house growing marijuana) that when it is argued that the technology merely replicates an analog or non-technological equivalent, then this type of technology is permissible. However, the dissent makes the point that the amount of information available through MDT technology seems to surpass that which the police were able to gain before this technology became available.

The intersection of Fourth Amendment doctrine and search technology is tricky because in many ways, newer technology has allowed us to perform searches on a vast scale. (Of course, First Amendment and technology has also proven to be a challenging spot. However, I think the difference lies in the fact that many of the technological problems that we have encountered with the Fourth Amendment are a question of scope: tools dramatically expand the government’s power in this case, while in First Amendment cases it’s more a question of uncharted territory and what category it falls into.)

In any case, though, simply because information is already previously available through disparate sources, its availability through the collection into one large database, which seems to be the case here, shouldn’t mean that its use is automatically okay. I can probably find out lots of information about a person by doing different types of research online and through various different types of sources. However, it seems questionable that if all this information were accumulated into one big database, that the government would be able to simply use this.

Part of me wants to argue that this type of technological surveillance or the casual use of vast license-plate networks and similar tools should not be permitted because we shouldn’t be allowing the government to have such massive control over our lives. However, at the same time, part of me also wants to argue that, well, maybe in the past this type of technology was not available in the past, and why then should we not allow the police/government from using it now when criminals are free to take advantage of this type of technology? (This unfortunately helps to demonstrate the fact that challenges invoking the Fourth Amendment tend to arise when issues of crimes and criminals are present.)

The Fourth Amendment is Great!

The Ellison dissent brings up an excellent point with which I largely agree. Law enforcement and other agencies ought not constantly surveil people and collect information without justification beyond the post 9/11 Ashcroft policy of ‘surveil anyone who might have, might currently, or possibly will commit a crime’ (read: everyone); allowing the FBI to investigate everything and everyone with no specified purpose is harmful - it’s akin to saying that everyone could be a potential enemy to the state, a bad precedent to set, and likely would discourage people from participating in legitimate communications and consuming content which, out of context, could be misused.
In applying the Fourth Amendment, government and law enforcement must keep in mind whether a reasonable person would grant this person a tight to privacy; back to Ellison, if that the car was legally parked, then the driver has a right to privacy (driving is a ubiquitous form of transport, essential to daily life), but if the car was doing anything illegal, even something as innocuous as idling in a no parking zone, then it is not unreasonable for the police to use their databases to search an individual - the law must be enforced, and looking up an individual’s information is a prerequisite in appropriately enforcing a law. Thus, the discovery of firearms in the Ellison case is a legitimate one and not poison fruit.
Applying this principle to the Internet, governments maintaining working with companies like ChoicePoint is not kosher; maintaining active records on everyone’s activities is unnecessary. As terrible as the threat of a terrorist attack would be, the point that data analysis on some database which contained every bit of information on everyone’s lives could have prevented 9/11 and so therefore we must use it in the future seems misleading; yes, this tactic probably could have worked, but so conceivably could have other, less Fourth Amendment violating measures. That said, the government can and ought to subpoena an ISP or email provider if they have reasonable suspicion that is validated by a judge.
I believe that the government ought to employ computer matching techniques to study behavior; agencies ought to study the information available to them to prevent fraud and work more efficiently. My issue is the relative ease with which agencies can share and disseminate personal records without an individual’s consent. Under the Privacy Act, an individual is entitled to determine what information relating to him a government agency can collect, use, and spread among other agencies and allows an individual to prevent agencies from spreading information to other agencies without his consent. The CMPPA update to the Privacy Act undermines its original purpose in protecting an individual’s information; the CMPPA grants agencies authority in sharing information within the government and relegates citizens to a position where they can only request information on agreements between agencies; individuals, then, have a greatly diminished, if any, voice on these decisions. When an individual discloses information to a government agency, they maintain a reasonable expectation of privacy over this information; for example, someone who gives up his medical records to a federal agency to qualify for Medicare would not expect another government agency or branch which could employ the individual in the future to peek into that information.
Also, I think the earlier mentioned point which Solove also supports calling for an expectation of accuracy in databases is an unnecessary one; 1-the managers of these databases are incentivized to maintain accurate records (it is their job) and as technology makes updating these databases simpler, these errors will be less common and practically nonexistent; 2-though the Fourth Amendment draws no specific line between law enforcement and the maintainers of these records, precedent has interpreted the Fourth Amendment as a restraint on law enforcement, and so imposing the Fourth Amendment restraint on an otherwise rule-adherent officer seems unfair and, from a pragmatism standpoint, unnecessarily limits the effectiveness of law enforcement. Ultimately, allowing cases of faulty database information like Evans to go forward will not lead to overzealous officers and not undermine the Fourth Amendment - by nature of the situation, the police must be acting by the book.
Also, I found it hilarious that the Department of Defense Total Information Awareness database project was led by someone called ‘Admiral Poindexter.’ Just saying.

Question: Solove makes an odd point at one point during his digital dossiers text - he says that ‘mere subpoenas’ as a means to access information is terribly insufficient and lacks judicial oversight - but aren’t subpoenas instances where a judge oversees and ensures the legality of police procedures? Is his issue that the standards for a subpoena are too low, or is it another issue?

Tuesday, March 23, 2010

Interview w/ Hal Varian, Google Chief Economist

Over break, I had an interview w/ Dr. Hal Varian, who is "Chief Economist" at Google. The interview will be published in a shortened form in the Yale Economic Review, but it is at least partly relevant to this class. If you want to read it, click here. I highlighted a few questions in bold that may be most applicable.

Monday, March 22, 2010

The Need for a New “Expectation of Accuracy” Judicial Standard

The majority opinion in Arizona v. Evans decision is misguided. When Rehniquist differentiates between “police misconduct” and “mistakes by court employees,” he draws an artificial line when the Fourth Amendment makes no such distinction. The creation of a “categorical exception to the exclusionary rule for clerical errors of court employees” is nothing short of a vacuous judicial double standard: the search should be Constitutionally legal or illegal irrespective of the particular governmental actor that committed the error.

That is not to say, however, that Arizona v. Evans was necessarily decided wrongly. Rather, Justice O’Connor’s concurrence raises what should be the relevant question: whether reliance on faulty computer record keeping is reasonable and protected under the “good faith exception” to the exclusionary rule.

Why might the Evans case fall under the good faith exception? As the evidence highlights, this is the type of rare clerical error that occurs only “once every three or four years.” Intuitively, it seems reasonable that officers can rely on that high level of database accuracy and precision when performing their police work; false arrests are so rare in this case as to render them effectively null. Thus the evidence maybe should not be excluded, as the good faith would override the exclusionary rule.

The problem with Evans is that it does not address how far courts should go in excusing computer and clerical errors for exclusionary rule purposes and does not create a test for the reasonable expectation of accuracy in police records. Such a distinction is imperative: as Justice O’Connor highlights, even if we permit the search in the Evans case, there are certainly cases where it “would not be reasonable” for the police to rely “on a recordkeeping system… that routinely leads to false arrests.” Consequently, because no record keeping system is perfect, as we rely more and more on digital databases it is crucial that we create a judicial standard that determines whether or not relying on their accuracy is reasonable.

There's no reason why courts could not create such a judicial standard and we could even call this standard an "expectation of accuracy" standard.

Any “expectation of accuracy” standard would need to be a compromise between competing interests. While applying the exclusionary rule too freely allows guilty people to get away free, applying it too strictly would allow for no expectation of precision in any record keeping system. Where and how do we strike this balance? Any expectation of accuracy standard would need to manage both of these concerns. Such a standard, however, would be beneficial, and it would even respond to Justice Ginsburg’s assertion that there is no “suppl[ied] incentive to the State to prompt updating of computer records” by creating such an incentive.

An “accuracy standard” would help us to reconcile our increasing use of databases and archives in the digital world and determine how far courts should go in excusing computer and clerical rules under the exclusionary rule.

Protection not from the government, but from corporations

A lot of the discussion in class and the issues brought up in the readings have to do with a very important issue—how government can or cannot use large databases of information about individuals held by private companies. I think this issue is indeed one that must be analyzed and considered carefully, but I also think that the current laws governing this are more or less on the right track. While there is definitely room for improvement, the general consensus is that there must be restrictions on government invading citizens’ privacy through these extensive databases.
I, however, want to look at a different issue—how these companies can collect and use information about individuals. While we can all be skeptical of government’s use of this kind of data, I think everyone needs to be much more fearful of how a corporation might decide to make use of this information. As we all know, certain companies have vast amounts of information about individuals which could theoretically be used to significantly harm individuals’ lives.
In our discussion about the Fourth Amendment, it has been assumed that the searches being prevented are always searches by the government. Indeed, much of the Bill of Rights is about what the government cannot do to infringe upon citizens’ rights. However, the Fourth Amendment does not say that it is limited to the government. While the clause about warrants does tie the searches to the government, there is a broader way in which the first clause can be read. It seems entirely plausible that the amendment is not only telling the government that it must not infringe upon citizens’ privacy, but that it is also mandating that the government ensures that no other organization infringe upon this privacy. I do not know the full range of scholarly interpretations of the Fourth Amendment, but I am here to express my own viewpoint on it, even if it might be outside what most experts believe. To actually have privacy be a meaningful right we need to focus on what is being protected—not on whom we are protecting it from. I feel no security knowing that my personal information is safe from the government, but that private companies can access it. How can we go about ensuring that people are given adequate privacy protections from companies which have tremendous amount of personal information?
The issue, of course, is that people have willingly given all of this information over to these third parties in various ways. It would seem odd for the government to tell these companies that there are restrictions on what they can do with information that they have legally obtained. However, I believe that this is the genius behind the Fourth Amendment—it mandates that our privacy be preserved, even if we have not done a great job of preserving it ourselves. Even if a person has given over this information by filling out various forms online, he or she never intended to give some company such complete knowledge about him/herself. Ultimately, despite the fact that the person handed over this information in different pieces, that person’s privacy has been violated. For these kinds of cases, I think the government needs to create a set of laws to fully protect a person’s privacy, and not merely to protect their privacy from one organization (the United States government). I am sure some people might see this as unconstitutional, since this gives government significant reach into the operations of private companies. However, is this not a necessary part of carrying out the privacy protection of the Fourth Amendment? I would be interested in what people think about this issue as a whole, and also how specifically to go about crafting this kind of legislation.

Sunday, March 21, 2010

Importance of Court Skepticism

Taken together, the majority opinions in U.S. v. Ellison and Arizona v. Evans illustrate the importance of maintaining a strict approach to 4th Amendment protections. When this standard is relaxed, the potential for governmental abuse becomes unacceptably high. It is the Court’s role to hold any threat to the 4th Amendment as inherently suspicious. The adjudicating court must maintain a detailed grasp of the relevant facts of each case, as well as a general awareness of the “potential for Orwellian mischief.” If either of these responsibilities is not fulfilled by the Court, 4th Amendment protections are significantly weakened.

In U.S. v. Ellison, it is unclear exactly what a LEIN search entails, specifically what private or non-private information it reveals. As the dissent notes, “there is minimal evidence in the record as to what information is available from the LEIN search.” Nevertheless, the LEIN search requires nothing, no warrant, no probable cause, no reasonable suspicion. However, these details should be the crux of the case. If police are able to view private information through a LEIN search, then such searches are suspicious under the 4th Amendment and would likely require at least “reasonable suspicion,” if not probable cause. On the other hand, if only basic public information is accessible, then LEIN searches are more acceptable under 4th Amendment doctrine. The Court’s priority should be to determine the scope of the search and make its decision accordingly. By assuming with little factual basis that the search only reveals “non-private” information, the majority is remiss. In scrutinizing a potential search, the Court must require more than a mere governmental assurance that the practice does not violate privacy concerns. This decision is the Court’s, not the government’s to make.

The Court makes a similar error in Arizona v. Evans. In ruling that the exclusion of evidence would have no deterrence effect, and is therefore unwarranted, the majority relies heavily on the testimony of governmental actors that record-keepers have no interest in the apprehension of individuals. However, the very reason the exclusionary rule exists is because courts have recognized that it is improper to entrust 4th Amendment protections to the discretion of governmental actors. In many cases, the goals of law enforcement (including municipal court employees) indirectly contradict the privacy interests of individuals. While governmental actors may not have directly chosen to allow the error in this case, the suppression of evidence would nevertheless increase the probability that the problem is corrected in the future. Regardless of technology, human choice remains integral to law enforcement, whether in the determination of protocol for record-keeping, the selection of software, or the application of technology. In Arizona v. Evans, the application of the exclusionary rule would motivate governmental actors to take every possible step to ensure that similar record-keeping errors do not occur in the future. Allowing the evidence in Evans provides the perverse incentive for law enforcement to perpetuate a faulty system, in order to allow further illegitimate but protected searches.

Both cases demonstrate the danger of “giving the benefit of the doubt” to governmental testimony in Fourth Amendment cases. As tempting as it may be to believe law enforcement’s pleas that their methods are harmless, doing so woefully under-estimates the potential for the government to present sinister programs in an innocuous light. Whether the LEIN search uncovers private information, and whether court employees are subject to pressure to perpetuate quashed warrants are questions that are far to important to be glazed over by the Court.

The Court is an independent arbiter. The moment it accords governmental testimony a privileged position, it forfeits its greatest strength: objective neutrality. The Court must not forget the distrust that the Framer’s had for big government. After all, it is their Bill of Rights that the Court is entrusted with protecting.

Monday, March 15, 2010

Week 9: Fourth Amendment: Reasonable Suspicion – Databases, Data Mining & Access to Private Records

As new technologies dramatically reduce the cost of data collection and storage, both government and private actors are able to amass vast quantities of information about individual citizens. Databases can aggregate this data, forming detailed dossiers that reveal the activities and interests of targeted individuals. What restrictions are there on the Government’s ability to collect and aggregate of information about individuals? Under what circumstances may the Government gain access to records and databases maintained by private parties? Could the Government subpoena a history of your search records from an ISP? Does pattern-based data mining by counter-terrorism agents constitute the kind of “fishing expedition” prohibited by the Fourth Amendment? How can the Fourth Amendment be applied in light of the counter-terrorism and foreign intelligence needs of a post-9/11 world?

Required readings:

Government Databases:
  • Solove & Schwartz, Privacy, Information, and Technology, pp. 330-331.
  • Arizona v. Evans, 514 U.S. 1 (1995).
  • United States v. Sokolow, 490 US 1 (1989).
  • United States v. Ellison, 462 F.3d 557 (6th Cir. 2006). Skip Part II of the majority opinion, and skim the rest of it. Skip all of the dissent except Part II.B, but please read that part closely.

Government Data Mining:
  • Solove & Schwartz, Privacy, Information, and Technology, pp. 335-341 (Start at “Government Data Mining”).
  • Wikipedia on Carnivore. Skim.
  • Wikipedia on Narus Insight. Skim.

Government Access to Private Databases:

Thursday, March 4, 2010

So you definitely don't have reasonable expectation of privacy on Facebook

http://thelede.blogs.nytimes.com/2010/03/03/israeli-raid-canceled-after-facebook-leak/

TigerText

http://www.cnn.com/video/#/video/offbeat/2010/03/01/moos.tiger.text.cnn?iref=allsearch

Wednesday, March 3, 2010

When Online Searches interfere with Free Speech

Following United States v. Forrester, which established that IP addresses are not private, I would like to consider how this ruling, which seems to make sense in most contexts, might actually be quite problematic. As the court noted, to/from fields in emails and IP addresses serve as routing information, and just as the outside on an envelope is not private, these things should not be private. This seems to make a lot of sense. However, in some cases, such as when people visit sites and post on them, the government’s ability to track IP addresses could constitute a serious attack on free speech.

If the government suspects a person is making bombs, and then checks to see if they have visited IP addresses of sites with bomb making instructions, this seems fine. This seems to be a logical extension of the government legally looking an envelopes sent between someone and a bomb making consulting firm (not the best example, but oh well).

However, a problem arises when the IP address tracking reveals not only a site someone visited, but a site someone may have posted on, such as a blog or a newspaper that provides user comments after articles. In such cases, it might be possible for the government to see that a certain person visited a certain site at a given time, which corresponds to the time and IP address of someone who posted a certain comment. I am not an expert on IP addresses and these issues, but it does not seem unforeseeable that the government could sometimes figure out if a certain user posted a certain comment based on IP addresses. In such cases, what was intended to be an anonymous comment would lose anonymity. Unlike cases of letters and phone calls, where the government can know which two people are communicating but the content of such communication remains private, because what’s posted on the internet often stays there for all to see, the government can piece together who was talking and what they said.
Clearly, from a First Amendment perspective, the above scenario is quite problematic. Essentially, the government gains the ability to uncover anonymous posters to online sites without a warrant. This, of course, creates problems since individuals lose their right to anonymous speech, and this will lead to injustices as well as to chilling speech.

However, how can the laws be modified? Is it possible to draw a line between letting the government track IP addresses for sites people have viewed but not for tracking things people have written online? If it is not possible, which should be sacrificed – the government’s ability to track online activity or freedom to post online without fear that IP addresses will lead the government back to the speaker?

Choice and necessity

I wanted to discuss the intertwining issues of choice and necessity – as Justice Marshall notes, in order to have some element of risk you need to have choice. We have also seen in previous weeks that technologies or other services that are considered to be essential forms of communication tend to receive special treatment from the government, or at the very least some form of special consideration as to restrictions placed on them – broadcast television and telephones, for instance (and railroads, to add a somewhat random example). These are not simply private technologies that people choose to use or not – rather, they are technologies that also serve an essential public function.

In its various lawsuits, the government is implying that we are all consenting to give our information to third parties, thus rendering Fourth Amendment protections moot, but this strikes me as a “false choice.” (Justice Stewart notes that this is impossible.) Just as Katz noted that it would be impossible to survive without the telephone, it seems that it is increasingly functionally impossible to survive without email and Internet services – both technologies that require us in a very technical sense to give up information to a third party.

So then should we protect these communications (by declaring government surveillance of them to be bona fide Fourth Amendment searches) simply because they are essential technologies? Obviously, this would be taking the idea to the logical extreme. Just because electricity is essential doesn’t mean that our electricity bills can’t be monitored for unusual usage or anything like that. However, I think what’s important here is choice combined with the fact that it is essential. If technologies are essential, but there are multiple choices – I want to suggest something like the airline industry, although I don’t really know if this is the best industry to which to draw parallels – then it should be treated differently from something like the Internet and emails, which are essential forms of communication in the modern day.

It all sort of hearkens back to what the spirit of the Fourth Amendment – while in text the amendment is designed to protect one’s person and physical papers, in recent years the courts have taken this to mean that the point of the amendment is to protect the person, and it seems that in the modern context email and the Internet are logical extensions of this.

In Defense of the Way Things Are

Maybe I'm crazy, but I’m just not as concerned by the perceived lack of privacy in the Digital Age as some of you seem to be. New technologies have provided law enforcement with the ability to identify and track down criminals with remarkable exactness and efficiency, and in my opinion the government should have the ability to use these technologies to their full potential. The question at hand is whether such use is an invasion of our Fourth Amendment right to privacy; I do not think it is.
As the Forrester decision makes clear, seizing IP addresses and e-mail To/From fields is little different from keeping a pen register or taking note of the return address on a piece of snail mail. Such practices are not especially invasive: the actual content of the missives are kept private in each case. I especially like Alex’s analogy of the IP address as a sort of Internet GPS device. Case law has shown that the government has a right to see where people were, but not what they were doing in these places. When it comes to monitoring actual content, the government still needs a warrant, so we still have a reasonable expectation of privacy.
I agree with the sentiment that the prevailing case law is sometimes poorly reasoned, but that does not diminish its usefulness. The courts have looked to dependence on a third-party intermediary, whether the phone company, the ISP, or the government itself, as evidence that the individuals using these media of communication had no reasonable expectation of privacy. This standard does not hold up well in the case of the Internet, where, as Eric points out “…information is split up across various paths and delivered in bits; only the original sender and the intended recipient have access to the full information sent.” Nevertheless, I fail to see the harm in allowing the government to look at our e-mail addresses.
Normally, I would hesitate to argue that there’s nothing wrong with giving up information if you have nothing to hide, but in this case I don’t because the amount of information we are giving up is so small (only the routing information), and the potential advantage to law enforcement agencies so great. The greatest reason that the individuals in Smith v Maryland and US v Forrester objected to government efforts to, allegedly, invade their privacy was that they had done something illegal and were looking to cover their tracks. The use of technology has already greatly assisted in the prosecution of criminals who would otherwise have gotten away, and will continue to do so.
This line of thinking is, admittedly, utilitarian. But so long as content is protected, I am not concerned that the United States will become a surveillance state.
My question: Do you think having a password-protected email account gives someone a reasonable expectation of privacy to the headers on their individual emails as well as to their content? If you think of the password protection as the seal on a letter rather than a sort of invisible ink, then it might not.
I believe Obama’s motivation to scale back the ban on Internet cookies is with good intentions; however, I believe his aims could be reached in a method that does not raise so many questions about privacy on the Internet. The Obama administration’s aspiration to increase public involvement in politics through social websites, like Face Book, is a great idea; however, it is troubling that the government can “see” how the public is interacting with government websites. As Kerr states in his article, it is troubling that the government can quietly, and secretly regulate what people do on the Internet. By scaling back on Internet cookies, the government will have more opportunities to regulate Internet activity. Although the government claims other means of privacy protection will be put in place, it should be clarified what those policies are. A possible solution to the issue is to have YouTube sponsor a page with material the government wants the public to see. In this instance, a visitor can interact with YouTube videos that are relevant to political issues on YouTube and avoid being tracked by Google, rather than accessing these videos through the White House website and allowing Google access to the user’s involvement on the website (see U.S. Web-Tracking Plan Stirs Privacy Fears pg. 2). Rather than making social websites available through the White House page, it could beneficial and better protect personal privacy if the individual company to promote public involvement with political matters. Social websites could be given some sort of tax break for promoting usage of the government page on their site.
The cases this week take the ruling of Katz and the protection of the Fourth Amendment to a new technological level. It was argued in Smith that a pen register placed at the phone company used to record the numbers that Smith called from his telephone did not constitute a search under the Fourth Amendment and the police did not need a warrant to install the pen register. Similarly, in Forrester, the courts argued that obtaining the to/from addresses of emails from ISPs did not constitute a Fourth Amendment search . Both of these rulings were prefaced with the assertion that there particular searches did not in any way obtain the phone conversations or the content of the emails; the content remained private. With these cases, the lack of a warrant makes sense; individuals are aware that phone companies and ISPs need to use the phone numbers and email addresses to appropriately direct messages, and therefore the subpoena of this information can be made without a warrant.

However, in Warshak, the government asserted that ISPs have a "contractual right to access users' emails." Since ISPs are third parties, the information kept on ISPs servers can also be subpoenaed without a warrant. However, I want to argue that in Warshak, the actions conducted by the US government in reading and obtaining the email of Warshak is analogous to wiretapping. In wiretapping, the information obtained by the third party, the wiretapper, is illegal. ISPs, although they are different from wiretappers in the sense that they are needed by individuals to direct their email and Internet, are in the same position as wiretappers and as a result, the information that is stored on their servers should not be legally revealed or obtained by the government without a warrant. Extending this analogy further, even the revealing of the to/from phone numbers and email addresses would be considered illegal because this information in the overall perspective is the same as the content of phone conversations and emails. If third parties are then interpreted to be in the same position as wiretappers, to access the information stored on their servers without a warrant, therefore, would be entirely illegal. Still, if this conclusion is made true, it could throw off the balance that the Fourth Amendment between having information to prosecute crime and protecting the information and privacy of individuals in favor of the latter. I believe individuals definitely have a reasonable and legitimate expectation that their emails, dialed phone numbers, and email addresses are to remain private regardless if private third parties have access to them. I would therefore argue that obtaining third party information is a search under the Fourth Amendment and therefore in need of a warrant.

As stated before, there are some strong differences in intent between the wiretapper and the ISPs and phone companies, and these differences may be enough to treat the two parties in two different camps. In addition, there also is a distinction between information that is content (and private) and information that is directional (such as addresses, which is arguably public). I recognize that in my position I am treating all information the same, and I am curious to see if there are other types of information that do not fit within these two categories and how the treatment of that information would differ from the treatment of private content and public addresses.

RIghts are Reasonable... Right?

One of the challenges of the Digital Age is defining whether there is a reasonable expectation of privacy when online. Orin Kerr’s article in the GW Law Review points out that information sent to ISPs are held on ISP servers, so some courts have held that users have relinquished their Fourth Amendment rights to that information. These cases deal with two possible solutions: (1) using ISPs removes any protection guaranteed by the Fourth Amendment, or (2) the role of digital communication in our society necessitates the same protection afforded tradition forms of communication. I argue that the latter is more palatable to the sensibilities of citizens in the Digital Age.

In ruling in Katz, the Court noted to role that public telephones have such a vital role in society that a reasonable expectation of privacy must be granted for the sake of expedience and convenience of modern living. As such, Katz’s constitutional rights had been violated when he was wiretapped. The same reasoning was applied in regards to private telephones, so both public and private telephones are protected from unreasonable encroachments upon reasonable expectations of privacy. The case led to a two-ponged test for establishing reasonableness, the Katz test: (1) the individual "has exhibited an actual (subjective) expectation of privacy," and (2) society is prepared to recognize that this expectation is (objectively) reasonable.

I argue that this test reveals that people feel there is a reasonable expectation of privacy online. One would not use the postal service if one thought that his letter’s contents could be read by anyone. One would be reticent to use a phone if his calls could be monitored by anyone. The Court in Katz recognized that there would be tremendous disservice to efficient communication if people did not feel that their calls could not be tapped unless there was incriminating evidence. Similarly, in the digital age, it is virtually impossible to function without digital age technology. We have become so dependent on digital communication that we have come to expect the same privacy rights that are afforded us through the mail and over the telephone. Thus, according to Katz test, we do have a reasonable expectation to privacy.

The question remains, does a consensus’ expectation of a right actually entail that people should be granted the freedom it affords? (Granted, this notion is probably the source of all rights, but that’s simply the legal positivist in me talking. Natural lawyers would probably argue this point.)

Who's to say that the expectation to privacy is "reasonable"?

At first, going off the assigned excerpt from the textbook, I wanted this blog post to turn on the lopsided relationship between federal statutes (particularly the Patriot Act) and the 4th Amendment.  I found it strange that, in certain respects like continuing surveillance, the law actually exceeds the 4th Amendment in broadness of application.  This goes against my perhaps naive understanding of the Constitution as a foolproof trump on what may be enacted into law.  Although, theoretically at least, the Constitution is supposed to override any law that runs counter to its principles, I suppose it could very well be the case that nobody has mounted the requisite challenge for such a law to be taken off the books.

That led me to wonder why it is that we're so accepting of the contemporary surveillance regime, and unquestioning of any further encroachments it might make on our privacy rights.  I thought back to the diagram with the four overlapping "modalities," and it occurred to me that no account was taken of how they evolve and are in flux with one another.  Instead, it depicted a static equilibrium for the sake of explanatory power.  What I see happening, especially in the context of the third-party doctrine taking effect on cyberspace, is that our laws and norms alike haven't adapted to keep sufficient pace with modern technology.  More disturbingly, and this is what I'll take up in the remainder of the post, we have idly stood by as norms too often take the backseat to laws.  

Ideally, norms and laws should be in communication with--and responsive to--each other.  But that is a far cry from what we've seen in much of the case law authorizing pen registers, wiretapping, and other invasive measures.  In the two-part Katz test used in Smith v. Maryland, the second criterion is that "society" be prepared to recognize the individual's expectation of privacy as "reasonable."  This is circular and self-justifying reasoning, with the effect of codifying a norm where none yet exists.   Granted, part of the function of laws is to give rise to norms when appropriate.  However, it seems presumptuous in Smith, when justifying the seizure of dialed numbers, to invoke a norm that hasn't been time-tested.

The CNET article, about the government's dubious collusion with mobile phone companies in pinpointing bank robbers, does speak to the question of whether laws precede norms, or vice versa.  But these so-called norms, as the article acknowledges implicitly, are less the product of public opinion than of Hollywood prophecy.

Despite the prevalence nowadays of government-sanctioned monitoring as a trope in popular culture, my guess is that most Americans either fail or don't care to apprehend the extent to which their privacy is truly at stake, especially on the Internet.  Such apathy is largely due to the idea that if you aren't a wrongdoer, there isn't any need to worry about your sensitive information being compromised.  Then again, one troubling implication of the Pen Register Act, which risks being construed as applying wholesale to online correspondence, is that your information may still be gathered even if it's tangential to an investigation.

So far I've talked about the failure of privacy-protective norms to take root organically.  This may be because the courts have determined what they are preemptively, or because the public hasn't bothered to suss them out.  Where norms have cropped up, by contrast, is in the procedural side of things.  It's extremely disturbing to me that some 59% of all wiretap orders are granted in just 8% of the states, indicating the onset of a norm of investigation when in doubt, and only 20% of the communications collected ultimately prove of use to investigators.  

What I would like to see, down the road, is not merely transparency but also accountability for the results of this information-gathering.  Before this loathsome practice gets out of hand, as the escalating numbers on the state level do suggest, a countervailing norm should be set up that deters the authorities from carrying it out except when necessary.  One possibility for dis-incentivizing is to compensate those individuals who have been surveilled wrongfully.  (Contrast this with the status quo dating back to the Patriot Act's revision of the SCA, providing for civil action against "willful" damages, yet also putting the onus on the affected individual).  Or, to a lesser extreme, penalties could be handed down to those agencies with low success rates.

If society is ill-equipped or unwilling to assert, by way of norms, a "reasonable" expectation to privacy, then I'm in favor of burdening the authorities who, by way of law, are chipping away at that expectation without the society even realizing it.

The Cellular in Cell Phone just might kill you.

While I have not finished any weekly readings feeling particularly secure, this week, to say I am rattled is a serious understatement. As McCullagh charmingly and convincingly describes: the time of a James Bond government is now. Only the super-agent technology isn’t only used to combat supervillains, it is used to combat citizens. I hope I am not undermining my unrest; there is a gross presumptuousness that pervades the court-rulings and general judiciary activity for all cases technological and privacy concerned. What exactly does it mean to reasonably expect a citizen was/is aware that certain private information is fair game for non-warranted evaluation? I understand that it is not the government’s responsibility if citizens remain ignorant to their rights (or lack there of), but this brings to light a particularly Digital Age-specific issue: when technology is constantly upgrading, evolving, and transforming how can the common citizen be expected to be constantly up to date with all of the new privacy-protecting-policies that develop? It is reasonable to assume, I suppose, that even without knowledge of the Smith v. U.S. case, a phone user is aware that the phone numbers he dials are logged by his phone company. He receives a bill every month that states as much. And as outlined in Warshak v. U.S., there is no infringement of privacy because the government is only accessing knowledge accessed by a third-party (ie. they are not listening into the conversation, or reading the content of an email). But, just because triangulation of location is generated only using “surface” information, and just because the phone company may make that triangulation itself, does not mean that the phone user can be reasonably assumed to know he is divulging his location to a log. Unless roaming or long-distance charges apply, the caller (or worse, the recipient of the call) has no reason to assume that the phone company is keeping record of his locational information. In this case, location has nothing to do with the transaction taking place. Therefore, the government is not merely gathering information collected and analyzed by the phone company, they are collecting and analyzing the information themselves.

There is another assumption of concern here, too. It would seem that the FBI is treating the cell-phone as a physical extension of its registered user. Without to the conversation itself, interrogating the receiver of a phone call, or accessing CCTV footage around the area from which the call was made, how can the FBI assure the call was made by the person in question? Are phones like cars and homes: (excluding theft) are their owners liable every time they are used? I’ll think twice before lending my phone to my druggie friends from now on. Wait, can the fact that I associated myself with drug-users on a blog be used to insinuate me in something?

Tuesday, March 2, 2010

The problem with Smith's third-party doctrine applied to the Internet

I strongly agree with Alex’s blogpost that U.S. v. Forrester is misguided. However, I differ slightly in my reasoning and would like to offer some elaboration and nuance.

I believe that we must understand why we might have a legitimate expectation of privacy in online activity but not in the pen-register case. For one, the Internet is technologically quite different from the third-party telephone switching equipment in Smith. A telephone number that has been dialed is electronically delivered in whole from one station to another. On the Internet, however, information is split up across various paths and delivered in bits; only the original sender and the intended recipient have access to the full information sent. Consequently, we probably have an expectation of privacy that we will be the only ones to have full access to this data. Additionally, our phone bills display all of the contacts that we have called, but our Internet bills do not list website ISPs or display email information. This information is not kept in the “regular course of business,” and so we have a greater expectation that it will not be disclosed. The fact that we employ passwords to access our Internet information also distinguishes it; we rarely use passwords to guard other forms of communication like the phone.

In addition, the very notion of third-party doctrine should be called into question when we have no personal choice but to reveal such information. Katz suggests that even “the public telephone has come to play [a critical role] in private communication”; it goes on to state that a person may “assume… [what] he utters into the mouthpiece will not be broadcast to the world.” Thus, even in environments where some exposure is inherent, we may maintain our privacy expectations if that exposure is unwillingly forced. If this privacy expectation didn’t exist, the government might be able to monitor all digital transmissions, since every electronic transmission is sent through numerous switching computers rather than from one person to another!

I also take issue with Alex’s assertion that IP addresses do not reveal content. Rather, I think that the IP address reveals a great deal of information about the person—and that’s precisely why it should be regulated. IP and email addresses may reveal contacts, interests, or other beliefs that a person wishes to remain private. Because this personal information clearly contains content, it is thus analogous to the telephone call itself rather than the dialed number in US v. Katz. Like the content of the telephone communication in Katz, this content deserves Fourth Amendment protection.

Thus, I believe that US v. Forrester creates a powerful threat when it comes to surveillance. Forrester suggests that the mere presence of a third-party Internet service provider precludes any internet security. It implies that the government can regulate absolutely anything online, including your password-protected Gmail account and your Facebook private messages. This is fundamentally at odds with our cultural values and our widespread understanding of Internet technology. If the third-party precedent is not changed, it threatens the future of the Internet itself.

Monday, March 1, 2010

Mirror Ports: Analogous to Pen Registers or GPS?

At first glance, the technology used in U.S. v. Forrester seems to accurately map onto the Smith v. Maryland decision, which allowed the use of pen registers without a warrant. After all, just as a pen register records only the phone numbers of incoming and outgoing calls, the to/from addresses of emails was recorded in Forrester. Furthermore, just as the pen register recorded frequency and length of calls, frequency and data volume of emails were both recorded in Forrester. However, whereas this was the extent of the capabilities of the pen register used in Smith, the “mirror port” used in Forrester contained a completely novel function: it revealed the IP addresses of all websites that Alba visited. In fact, recording the IP addresses of visited websites was the primary purpose of the police action in Forrester. Therefore, as the pen register is a partial, but clearly imperfect non-digital analogue for “mirror ports,” the search for the proper analog-world foil begins.

Visiting a website in the electronic world is in many ways analogous to visiting a building in the physical world. Some visits are clearly driven by a certain motive: it would be equally easy to decipher the purpose of a visit to the sporting goods store and a visit to a sporting goods website. On the other hand, some visits are fundamentally ambiguous: whether a visit to a private friend’s house or a visit to the website of extensive supplier of broadly defined goods, such as target.com, the government would have difficulty ascertaining the "content" of the visit without other information. Visiting sites in the electronic world is the equivalent of travelling to establishments in the analog world, and tracking an individual electronically is akin to tracking an individual in the physical world.

Therefore, recording the IP addresses of all electronic sites visited is analogous to placing a GPS device on an individual’s car and recording all places that car goes. Just as a GPS device gives information about the places that have been visited, but not what has gone on in these venues, mirror ports do the same. In this sense, mirror ports do not reveal content. However, they allow for same reasonable inferences to be made regarding the probable activity at the visited sites as are provided by GPS data.

Installing mirror ports is an action comparable to installing both a pen register on an individual’s phone and a GPS device on his or her car. This is not to say that a warrant is necessarily required: lower courts remain divided on this issue with the 7th Circuit ruling in U.S. v. Garcia that the placement of a GPS device does not constitute a search and the Washington State Supreme Court ruling that it required a warrant, in State v. Jackson. However, the limited analogy between mirror ports and pen registers, as employed in U.S. v. Forrester by the 9th Circuit, is clearly lacking and must be reviewed.