Does your level of Fourth Amendment protection vary inversely with the convenience of your digital life?
Matthew Smith
Today, Ars Technica published an excellent rundown of the various approaches that policymakers have taken, or are taking, to attempt to secure the privacy of smartphone users.
The article ties in with another recent Ars piece, which pointed out that Apple has the “master keys” to the encryption of its iCloud service – and so, in theory, could give those keys to the police, if asked.
This situation exemplifies a truism that may well come to define the digital age: your level of privacy varies inversely with the convenience of your digital life. Here’s how it plays out.
Everyone has data that’s important to them – and the convenience of their digital life depends, in large part, on how easily they can organize, access, and play around with their data. Data can be anything from an address book and e-mails to a digital movie collection.
In the 1990s, the PalmPilot – arguably, the forerunner of modern smartphones – was successful, in large part, because it offered users easy, convenient access to their data. Of course, the PalmPilot posed no threat to privacy, as long as the user was able to hold onto it: the data never left the user’s possession. The drawback to this ecosystem was, as any PalmPilot user will remember, the need to “sync” the device whenever the user wished to update its data.
The game changer in this realm was the creation of mobile access to the Internet and the rise of “The Cloud.” Once the devices we carried with us gained access to the Internet, putting our data on the Internet was an obvious next step: keep the master copy of everything in the Cloud, and, any time there is a change, all of the user’s devices can be updated over their Internet connections, in real-time. Everything is always up-to-date, and always at hand.
But, of course, this convenience comes at a price. The user puts the privacy of their data at risk by entrusting it to a third party. The extent to which data given over to a third party is protected by the Fourth Amendment or other laws is still being worked out – largely because Cloud services are so new that laws regulating them have yet to develop – see the Ars Technica posts linked above. If Apple (or another company) possesses the keys to a user’s data, Apple (or the other company) can control who accesses that data. And frequently, the police look to access a user’s private data when they suspect the user of criminal activity.
As the Ars Technica rundown of smartphone privacy approaches above indicates, the law here is unsettled – but it is clear that, absent a strong stand in favor of privacy, users who store their personal data in Cloud services may well be trading off legal privacy protections by doing so.
So, what’s a tech-savvy citizen who values privacy and convenience to do?
One clue may come from the so-called Maker Manifesto: “if you can’t open it, you don’t own it.” Unless a user is personally responsible for the storage and security of their data – perhaps by purchasing or building a dedicated private web server to be set up in the home or setting up an always-connected PC at home for remote access to its hard drive – it is impossible to be certain of the security and privacy of the user’s data.
When a user personally controls access to their data, the level of government intrusion on that user’s privacy required to access that data is much greater. In the instance of a server set up in a private home, the government would be required to make entry into the home itself to access the data on the server. And traditionally, the home is the most-protected sphere under the Fourth Amendment.
Of course, this is costly – and, because software systems for remote data access are frequently built around the assumption that the user will be connecting to a third-party service (Apple iCloud, Google, Box.net, Dropbox) to access their data – many of the convenient features of data storage in the Cloud may be unavailable to a user setting up their own system.
Because of this cost – in terms of finance and convenience – the desirability of strong legal protections for users’ data stored with third parties is manifest. It remains to be seen whether (and how) Congress (and courts) will act to respond to this need.