January 20, 2006

posted by Daniel J. Solove

I've never been an absolutist. In this kind of situation, I would say that the only way Google could be compelled to deliver any such information, would be if the government had shown, to a relevant justice's satisfaction, that a case might likely hinge upon the delivery of certain, very specific, information from Google's databases.

It would have to be very specific though.

Great post! I'm curious: why not work to overturn Miller, now that we see how pernicious it turns out to be?

Doesn't a privacy policy alter the expectation of privacy analysis?

I'm no fan of governmental efforts to seek information from third parties, but my understanding in this case was that the government is not seeking any personal information (IP addresses, etc.). Arguably a certain amount of personal information may show up as search terms but not much (are you really going to google your own SS#).

For this reason I think google chiefly opposed the request on trade secret / unduly burdensome grounds.

Ah, I see you addressed some of this in your previous post :)

As to the chilling effects, you are right on. The bookstore cases (Tattered Cover, Kramerbooks, see generally this article) provide a good analogy.

Google will defy the US Government, but cooperate WILLINGLY to help the Chinese Government prevent searches "freedom" and "democracy". Can anyone explain this?

"Google and Yahoo both censor some results on Chinese versions of their products, and the MSN blog tool in China prevents phrases like "Dalai Lama" and "human rights" from being used in the title for an entry."

http://www.iht.com/bin/print_ipub.php?file=/articles/2006/01/15/business/chinet.php

Just curious, what about a reasonable expectation of privacy when a company (such as Google) makes a promise not to release your personal information to anyone? To the lay person, I think that definitely establishes an expectation of privacy, but is there any caselaw to that effect?

Dave -- One would think, rationally, that a promise not to release your personal information to third parties would give rise to an expectation of privacy. But don't expect such rationality from the Supreme Court. Banks for years have been operating under implicit and explicit promises to keep customer information privacy. Yet, in United States v. Miller, the Court completely ignored the longstanding tradition of banks providing privacy to their customers.

Google will lose this big-time. Read Civ. R. 45, it lays out limited grounds for a non-party witness to resist a subpoena and the only grounds even arguably applicable here are (c)(B)(i) -requires disclosure of a trade secret or other confidential research, development, or commercial information, or (c)(3)(A)(iv)- subjects a person to undue burden.

The trade secret issue is not likely meritorious given the very extensive protective order that the judge has already put in place. The undue burden argument is 1) laughable coming from a multi-billion dollar business and 2) severely undercut by the fact that other businesses have already complied: if they could do it without an undue burden, why can't google?

Also, if it pleases you, you can call United States v. Miller an "enormous problem" and an "immensely troubling doctrine" all day, but what I call it is "controlling precedent" regarding "a rule adopted in accordance with congressional authorization." And while you say the relevant statutes are "woefully inadequate," another term I like to use for such statutes is "the law."

It seems to me that you are simply cheerleading what is at best a marginal legal argument, without recognizing, in even a cursory way, the government interest here - attempting to fashion a law that helps to protect children from sexual predators.

MJ -- Several responses:

1. On FRCP 45, see the Posner case I discuss in my previous post here. The purpose of this post is to make a normative argument about the third party doctrine. I'm not making a legal argument on behalf of Google in this post. I'm in fact arguing that Google and other companies that collect personal data should ask Congress to provide greater restrictions on government subpoenas for that data. So I don't know what legal argument you think I'm making in this post, because I'm not attempting to make one. If you want my legal argument on FRCP 45, see my post on the Posner case linked to above.

2. Congress did not "authorize" United States v. Miller. If your argument is that whenever the Supreme Court decides a case and Congress doesn't respond, Congress authorizes it, then does Congress authorize Kelo (the eminent domain case) or countless other cases that you may or may not agree with? Plus, with Miller, Congress did in fact partially repudiate it by passing the Right to Financial Privacy Act.

3. The COPA has been struck down as unconstitutional, so it's not clear how obtaining these records will "protect children from sexual predators."

1. Your normative argument is not served by Google opposing the government's subpoena in a legal matter - that's a legal challenge - not a normative debate.

2. Congress did authorize the Federal Rules of Civil Procedure - which Miller interpreted.

3. The reason the government is seeking this type of information is pursuant to the Supreme Court's direction to develop a factual record so that the court can determine if COPA is constitutional. Doesn't it seem like a catch-22 to you to say to the government "your statute is unconstitutional because you haven't shown us if their is a less-restrictive/more effective way of protecting minors - but the privacy interests of everyone are too important for us to let you actually conduct the discovery you need."?

4. You still have not even recognized that there is a legitimate government interest in the information.

I misstated that Civ. R. 45 was the source of the subpoenas in Miller - they were grand jury subpoenas.

However, the subpoena to Google is a Civ. R. 45 subpoena.

MJ --

1. I don't follow your first point. Why is it wrong for Google to challenge the subpoena and exercise its legal rights? Anyway, as I've said, the argument on the subpoena isn't addressed in this post -- it's addressed in the other post I've pointed you towards.

2. Miller was primarily an interpretation of the Fourth Amendment. I still don't understand your authorization argument.

3. Aren't there other ways for the government to address the constitutionality of the statute? How does obtaining the information help it prove its case? I think that the government's arguments were even more compelling in the Posner case, and if the court follows the Posner case, I don't see how the government can prevail.

4. What is the legitimate government interest in the information? This whole government inquiry in to the searches strikes me as a silly wild goose chase. I'm quite surprised that the government has gone this route. There is plenty of information that the government can use to support its case, and I don't see why seeking this information is worth the government's time and attention.

I readily bow to your knowledge in this particular field - a bit like getting into a bible-quoting contest with a preacher - but let me try to clarify:

1. It's not "wrong" to challenge the government's subpoena - I just think that it is not meritorious, and question whether or not this was the case to make a stand (protection of children, others have already complied...)

2. Google is challenging the application of Civ. R. 45 - which was created by congress, by statute, interpreted over, and over again to allow access to this type of information. That's what I meant by "a rule adopted in accordance with congressional authorization."

3. I don't know. The criterion for requesting this information is that it must be "reasonably calculated to lead to admissible evidence." Not exactly a high hurdle to jump over - which is why Google's argument is weak IMHO.

4. You don't request information in discovery because you know exactly what you will find, you subpoena the information if it is "reasonable" to believe that it will help you prove your case. The government evidently believes this will help them prove whether or not COPA is more effective than filtering software, which was important question to the Supreme Court. Sounds reasonable to me.

The government interest is two-fold: protect children while protecting constitutional rights to the greatest extent possible.

MJ, there is caselaw standing for the proposition that a third party like Google has standing to move to quash a subpoena that would burden the rights of others (fourth parties, I guess) *if* there is reason to think those fourth parties may be unable to litigate the issue themselves. If that caselaw is as I remember and is applicable in N.D. Cal., Google could assert the harm to First Amendment rights as an "undue burden," or perhaps as a sort of privilege.

Understood, but so could every financial institution in the United States that gets served with 100 subpoenas a day - they just won't prevail - an neither will Google.

Methinks the MJ doth protest too much.

I am confused. The DOJ says it just wants to see how many searches went to pornographic sites, from what I got from the story I read, and that they don't want to know who did the searches. But this search is supposed to give the Administration the ammunition to try to regenerate COPA legislation. If the purpose of the legislation was to protect children, and you don't know who is visiting the websites, then what good is the data? What does the information provide to the DOJ to justify reanimating COPA?

How exactly is the "reasonable expectation of privacy" standard applied? Is it under an objective, reasonable person standard? The vast majority of people using the Internet are unaware of data retention policies of search engines such as Google, or even what a browser cookie is. Also, few are aware of the trail of breadcrumbs left via server logs, or the amount of information about people's web surfing habits being aggregated by companies (including Google) that are serving up web ads.

A web browser is a very complex piece of software that perfoms a great number of actions that people are unaware of, and often do not approve of. For example, how many people reading this post realize that in visiting Concurring Opinion's homepage, one's web browser exchanges information with:

concurringopinions.com

sitemeter.com

extreme.com

technorati.com

feedburner.com

And this is tiny compared to the number of disparate sites are implicted in visiting the typical webpage. Each of these sites has differing data retention and data sharing policies. It seems that under such circumstances, analogies to ideas such as customers “know[ing] that they must convey numerical information to the phone company” when they dial the phone break down. Unfortunately, it sounds like one shouldn't count in the Supreme Court to appreciate this distinction...

(apologies for the formatting of the above post - preview served it up a little differently)

I believe the Government is over reaching in its claim this information will protect minor children from photographic material. This claim is speculation and no expert can say this information will do what the Government is seeking to discover. In my opinion the Government is asking for more data then it needs. It has already received data from other businesses that run search engines and that should be enough data to conduct their test. The question is, can we trust the Government to not misuse this information? If you consider their past record, they have made promises before to protect an individual in the witness protection program and that individual wound up dead. I just don’t trust the Government with my private information. We have seen our Government outsource credit report informaton to India. I just don’t trust the Government or the Courts to protect our privacy.

I believe the Government is over reaching in its claim this information will protect minor children from photographic material. This claim is speculation and no expert can say this information will do what the Government is seeking to discover. In my opinion the Government is asking for more data then it needs. It has already received data from other businesses that run search engines and that should be enough data to conduct their test. The question is, can we trust the Government to not misuse this information? If you consider their past record, they have made promises before to protect an individual in the witness protection program and that individual wound up dead. I just don’t trust the Government with my private information. We have seen our Government outsource credit report informaton to India. I just don’t trust the Government or the Courts to protect our privacy.