Category: Privacy (Law Enforcement)

14

Bartelt’s Dog and the Continuing Vitality of the Supreme Court’s Tacit Distinction between Sense Enhancement and Sense Creation

Last Term, in an amicus brief in United States v. Jones, 565 U.S. __, several colleagues and I highlighted the Supreme Court’s long, albeit not always clearly stated, history of distinguishing between sense-enhancing and sense-creating technologies for Fourth Amendment purposes.  As a practical matter, the Court has consistently subjected technologies in the latter category to closer scrutiny than technologies that merely bolster natural human senses.  Thus, the use of searchlights, field glasses, and (to some extent) beepers and airplane-mounted cameras was not found to implicate the Fourth Amendment.  As the Court explained, “[n]othing in the Fourth Amendment prohibit[s] the police from augmenting the sensory faculties bestowed upon them at birth with such enhancement as science and technology” may afford.  460 U.S. at 282 (emphasis added).  In contrast, the Court has held that technologies that create a new capacity altogether, including movie projectors, wiretaps, ultrasound devices, radar flashlights, directional microphones, thermal imagers, and (as of Jones) GPS tracking devices, do trigger the Fourth Amendment.  To hold otherwise, as the Court has stated, would “shrink the realm of guaranteed privacy,” leaving citizens “at the mercy of advancing technology.”  533 U.S. at 34-36.

In fact, of the landmark cases involving technology and the Fourth Amendment during the past 85 years (from United States v. Lee, 274 U.S. 559, in 1927 to Jones in 2012), only in one instance did the Supreme Court appear to deviate from this distinction between sense enhancement and sense creation.  In that case, United States v. Place, 462 U.S. 696, and its successors, City of Indianapolis v. Edmond, 531 U.S. 32, and Illinois v. Caballes, 543 U.S. 405, the Court held that the use of trained narcotics-detection dogs (more apparently similar to using a new capacity than merely enhancing a natural human sense) did not implicate the Fourth Amendment.  In our amicus brief in Jones, we rationalized Place, Edmond, and Caballes by arguing that dogs were unique, being natural biological creatures that had long been used by the police, even in the time of the Framers.  Further, we argued, a canine sniff, unlike the use of, say, a wiretap or a thermal imager, “discloses only the presence or absence of narcotics, a contraband item.”  462 U.S. at 707 (emphasis added).  Still, the apparent ‘dog exception’ was rankling. Read More

2

Some Thoughts On Florida v. Jardines

Amidst all of the discussion of gay marriage at One First Street NW today, you may have missed that the Supreme Court decided Florida v. Jardines.  In a five-four opinion by Justice Scalia, the Court held that bringing a police dog within the curtilage (in this case, the front porch) of the home to sniff for drugs constitutes a search for purposes of the Fourth Amendment.  As Orin Kerr predicted, the opinion turned on the lack of implied consent to approach with a dog, which converted the detectives’ action into a trespass.  Justices Thomas, Ginsburg, Sotomayor, and Kagan joined Justice Scalia’s opinion.  Justice Alito wrote for the dissent, joined by Justices Kennedy, Breyer, and the Chief Justice.  Justice Kagan, joined by Justices Ginsburg and Sotomayor, wrote separately to note that they “could just as happily have decided [the case] by looking to Jardines’ privacy interests.” Read More

0

“The Future of Drones in America” Hearing

I got the chance to testify at a hearing of the full Senate Judiciary Committee about the domestic use of drones yesterday. The New York Times has this coverage and, for aficionados of torts, I talk about intrusion upon seclusion with Senator Dick Durbin in this clip from NBC News. Should you get a chance to watch the hearing in full, Senator Al Franken’s thoughts at the end were particularly vivid. My written and oral comments were similar to those outlined in my previous post: privacy law places few limits on the use of drones for surveillance, but we should be very careful in crafting any drone-specific legislative response.  It happens that, about when I was testifying, my students were taking a final where one of the questions involved a drone filming a private party.  I feel they had fair notice that this might be on the exam.

4

New Edition of Solove & Schwartz’s Privacy Law Fundamentals: Must-Read (and Check out the Video)

Privacy leading lights Dan Solove and Paul Schwartz have recently released the 2013 edition of Privacy Law Fundamentals, a must-have for privacy practitioners, scholars, students, and really anyone who cares about privacy.

Privacy Law Fundamentals is an essential primer of the state of privacy law, capturing the up-to-date developments in legislation, FTC enforcement actions, and cases here and abroad.  As Chief Privacy Officers like Intel’s David Hoffman and renown privacy practitioners like Hogan’s Chris Wolf and Covington’s Kurt Wimmer agree, Privacy Law Fundamentals is an “essential” and “authoritative guide” on privacy law, compact and incredibly useful.  For those of you who know Dan and Paul, their work is not only incredibly wise and helpful but also dispensed in person with serious humor.  Check out this You Tube video, “Privacy Law in 60 Seconds,” to see what I mean.  I think that Psy may have a run for his money on making us smile.

4

In Honor of Alan Westin: Privacy Trailblazer, Seer, and Changemaker

Privacy leading light Alan Westin passed away this week.  Almost fifty years ago, Westin started his trailblazing work helping us understand the dangers of surveillance technologies.  Building on the work that Warren and Brandeis started in “The Right to Privacy” in 1898, Westin published Privacy and Freedom in 1967.  A year later, he took his normative case for privacy to the trenches.  As Director of the National Academy of Science’s Computer Science and Engineering Board, he and a team of researchers studied governmental, commercial, and private organizations using databases to amass, use, and share personal information.  Westin’s team interviewed 55 organizations, from local law enforcement, federal agencies like the Social Security Administration, and direct-mail companies like R.L. Polk (a predecessor to our behavioral advertising industry).

The 1972 report, Databanks in a Free Society: Computers, Record-Keeping, and Privacy, is a masterpiece.  With 14 case studies, the report made clear the extent to which public and private entities had been building substantial computerized dossiers of people’s activities and the risks to economic livelihood, reputation, and self-determination.  It demonstrated the unrestrained nature of data collection and sharing, with driver’s license bureaus selling personal information to direct-mail companies and law enforcement sharing arrest records with local and state agencies for employment and licensing matters.  Surely influenced by Westin’s earlier work, some data collectors, like the Kansas City Police Department, talked to the team about privacy protections, suggesting the need for verification of source documents, audit logs, passwords, and discipline for improper use of data. Westin’s report called for data collectors to adopt ethical procedures for data collection and sharing, including procedural protections such as notice and chance to correct inaccurate or incomplete information, data minimization requirements, and sharing limits.

Westin’s work shaped the debate about the right to privacy at the dawn of our surveillance era. His changing making agenda was front and center of  the Privacy Act of 1974.  In the early 1970s, nearly fifty congressional hearings and reports investigated a range of data privacy issues, including the use of census records, access to criminal history records, employers’ use of lie detector tests, and the military and law enforcement’s monitoring of political dissidents. State and federal executives spearheaded investigations of surveillance technologies including a proposed National Databank Center.

Just as public discourse was consumed with the “data-bank problem,” the courts began to pay attention. In Whalen v. Roe, a 1977 case involving New York’s mandatory collection of prescription drug records, the Supreme Court strongly suggested that the Constitution contains a right to information privacy based on substantive due process. Although it held that the state prescription drug database did not violate the constitutional right to information privacy because it was adequately secured, the Court recognized an individual’s interest in avoiding disclosure of certain kinds of personal information. Writing for the Court, Justice Stevens noted the “threat to privacy implicit in the accumulation of vast amounts of personal information in computerized data banks or other massive government files.”  In a concurring opinion, Justice Brennan warned that the “central storage and easy accessibility of computerized data vastly increase the potential for abuse of that information, and I am not prepared to say that future developments will not demonstrate the necessity of some curb on such technology.”

What Westin underscored so long ago, and what Whalen v. Roe signaled, technologies used for broad, indiscriminate, and intrusive public surveillance threaten liberty interests.  Last term, in United States v. Jones, the Supreme Court signaled that these concerns have Fourth Amendment salience. Concurring opinions indicate that at least five justices have serious Fourth Amendment concerns about law enforcement’s growing surveillance capabilities. Those justices insisted that citizens have reasonable expectations of privacy in substantial quantities of personal information.  In our article “The Right to Quantitative Privacy,” David Gray and I are seeking to carry forward Westin’s insights (and those of Brandeis and Warren before him) into the Fourth Amendment arena as the five concurring justices in Jones suggested.  More on that to come, but for now, let’s thank Alan Westin for his extraordinary work on the “computerized databanks” problem.

 

0

Video Voyeurism

Recall that during the spring, a jury convicted Dahrun Ravi of criminal invasion of privacy along with a bias intimidation charge for surreptitiously using his webcam to live stream his roommate’s sexual encounter and for attempting to do so a second time.  Here comes word of another criminal invasion of privacy case, this time in Maryland.  Apparently, a Howard County man broke into the apartments of two young women, installing a video camera in their bathrooms and bedrooms.  The man has been charged with burglary and video surveillance “with a prurient interest.”  The man apparently knew the women, allowing him to steal and copy their apartment keys.  According to news reports, the suspect filmed himself installing the cameras.  Apparently, Maryland law aims to punish and deter sexualized privacy invasions by requiring proof of prurient interest.  Besides the Ravi case, another criminal matter that comes to mind is the Erin Andrews stalking case.  Much like the criminal case against Ms. Andrews’s stalker, prosecutors might also have charged the defendant with criminal harassment, that is, repeated conduct designed to cause victim substantial emotional distress with intent to cause substantial emotional distress.  On the civil side of things, the women can surely sue their harasser for tort privacy’s intrusion on seclusion, which protects against invasions of someone’s solitude or her “private affairs or concerns” that would be “highly offensive to the reasonable person.”  As I head off to speak at the Harvard Law Review’s symposium on Privacy and Technology where I will be commenting on Neil Richards’s excellent essay “The Dangers of Surveillance” (and as I write my book Hate 3.0: The Rise of Cyber Harassment and How to Stop It, forthcoming in Harvard University Press), this case could not be more timely.  You can check out David Gray’s and my response to Neil’s paper, a draft of which is posted on the HLR website.

15

Harvard Law Review Symposium on Privacy & Technology

This Friday, November 9th, I will be introducing and participating in the Harvard Law Review’s symposium on privacy and technology.  The symposium is open to the public, and is from 8:30 AM to 4:30 PM at Harvard Law School (Langdell South).

I have posted a draft of my symposium essay on SSRN, where it can be downloaded for free.  The essay will be published in the Harvard Law Review in 2013.  My essay is entitled Privacy Self-Management and the Consent Paradox, and I discuss what I call the “privacy self-management model,” which is the current regulatory approach for protecting privacy — the law provides people with a set of rights to enable them to decide for themselves about how to weigh the costs and benefits of the collection, use, or disclosure of their data. I demonstrate how this model fails to serve as adequate protection of privacy, and I argue that privacy law and policy must confront a confounding paradox with consent.  Currently, consent to the collection, use, and disclosure of personal data is often not meaningful, but the most apparent solution — paternalistic measures — even more directly denies people the freedom to make consensual choices about their data.

I welcome your comments on the draft, which will undergo considerable revision in the months to come.  In future posts, I plan to discuss a few points that I raise my essay, so I welcome your comments in these discussions as well.

The line up of the symposium is as follows:

Symposium 2012:
Privacy & Technology

Daniel J. Solove
George Washinton University
“Introduction: Privacy Self-Management and the Consent Paradox”

Jonathan Zittrain
Harvard Law School

Paul Schwartz
Berkeley Law School
“The E.U.-U.S. Privacy Collision”

Lior Strahilevitz
University of Chicago
“A Positive Theory of Privacy”

Julie Cohen
Georgetown University
“What Privacy is For”

Neil Richards
Washington University
“The Harms of Surveillance”

Danielle Citron
University of Maryland

Anita Allen
University of Pennsylvania

Orin Kerr
George Washington University

Alessandro Acquisti
Carnegie Mellon University

Latanya Sweeney
Harvard University

Joel Reidenberg
Fordham University

Paul Ohm
University of Colorado

Tim Wu
Columbia University

Thomas Crocker
University of South Carolina

Danny Weitzner
MIT

0

More on government access to private sector data

Last week I blogged here about a comprehensive survey on systematic government access to private sector data, which will be published in the next issue of International Data Privacy Law, an Oxford University Press law journal edited by Christopher Kuner. Several readers have asked whether the results of the survey are available online. Well, now they are – even before publication of the special issue. The project, which was organized by Fred Cate and Jim Dempsey and supported by The Privacy Projects, covered government access laws in AustraliaCanadaChinaGermanyIsraelJapanUnited Kingdom and United States.

Peter Swire’s thought provoking piece on the increased importance of government access to the cloud in an age of encrypted communications appears here. Also see the special issue’s editorial, by Fred, Jim and Ira Rubinstein.

 

2

On systematic government access to private sector data

The Sixth Circuit Court of Appeals has recently decided in United States v. Skinner that police does not need a warrant to obtain GPS location data for mobile phones. The decision, based on the holding of the Supreme Court in US v. Jones, highlights the need for a comprehensive reform of rules on government access to communications non-contents information (“communications data”). Once consisting of only a list of phone numbers dialed by a customer (a “pen register”), communications data have become rife with personal information, including location, clickstream, social contacts and more.

To a non-American, the US v. Jones ruling is truly astounding in its narrow scope. Clearly, the Justices aimed to sidestep the obvious question of expectation of privacy in public spaces. The Court did hold that the attachment of a GPS tracking device to a vehicle and its use to monitor the vehicle’s movements constitutes a Fourth Amendment “search”. But it based its holding not on the persistent surveillance of the suspect’s movements but rather on a “trespass to chattels” inflicted when a government agent ever-so-slightly touched the suspect’s vehicle to attach the tracking device. In the opinion of the Court, it was the clearly insignificant “occupation of property” (touching a car!) rather than the obviously weighty location tracking that triggered constitutional protection.

Suffice it to say, that to an outside observer, the property infringement appears to have been a side issue in both Jones and Skinner. The main issue of course is government power to remotely access information about an individual’s life, which is increasingly stored by third parties in the cloud. In most cases past – and certainly present and future – there is little need to trespass on an individual’s property in order to monitor her every move. Our lives are increasingly mediated by technology. Numerous third parties possess volumes of information about our finances, health, online endeavors, geographical movements, etc. For effective surveillance, the government typically just needs to ask.

This is why an upcoming issue of International Data Privacy Law (IDPL) (an Oxford University Press law journal), which is devoted to systematic government access to private sector data, is so timely and important. The special issue covers rules on government access in multiple jurisdictions, including the US, UK, Germany, Israel, Japan, China, India, Australia and Canada.

Read More

3

Laws Regulating PII

My co-author Sasha Romanosky asks me to post the following:

I am involved in a research project that examines state laws affecting the flow of personal information in some way. This information could relate to patients, employees, financial or retail customers, or even just individuals. And by “flow” we are interested in laws that affect the collection, use, storage, sale, sharing, disclosure, or even destruction of this information.

For example, some state laws require that companies notify you when your personal information has been hacked, while other state laws require notice if the firm plans to sell your information. In addition, laws in other
states restrict the sale of personal health information; enable law enforcement to track cell phone usage without a warrant; or prohibit the collection of a customer’s zip code during a credit card purchase.

Given the huge variation among states in their information laws, we would like to ask readers of Concurring Opinions to help us collect examples of such laws. You are welcome to either post a response to this blog entry or
reply to me directly at sromanos at cmu dot edu.

Thank you!

Sasha is a good guy, and a really careful researcher. Let’s help him!