Yael Tzipori
On January 30, 2014, a judge of the Southern District of Texas determined that there is no reasonable expectation of privacy in the metadata embedded in a photograph posted on the Internet. The defendant in the case, United States v. Post, had uploaded child pornography images to a website, and investigators used publicly available software to scan at least one photograph for the precise location of where the photograph was taken. The photograph had been taken with a cell phone. When a cell phone is used to take a photograph while the location services feature is set to “on,” the camera will store the information from the phone’s GPS in the image file. Investigators were able to scan the image and determine the location at which the photograph was taken, and the location led them directly to the defendant.
The defendant acknowledged that he had no expectation of privacy in the image itself, which had been voluntarily uploaded to the Internet, but argued that he did have a reasonable expectation of privacy in the metadata (the location information) embedded in the image because he had not intended for that information to be made public. The district court judge stated that there was no basis for dividing the image up based on the type of content it contained–when the defendant made the image publicly available, he relinquished his right to privacy in any of the information contained in that image. The judge analogized the situation to one in which a defendant voluntarily leaves his clothing at a crime scene, but does not realize that he has also left DNA evidence on that clothing. Leaving the clothing in a public place causes the defendant to relinquish any privacy interest in information contained on the clothing, “regardless of how he contemplated that clothing could be used.” Such a conclusion, said the judge, was equally applicable to the defendant in Post.
Daniela Badiola
States Address Privacy Concerns
Post-Snowden revelations, states have taken it into their own hands to increase the privacy protections of citizens and individual residents. The states taking this action, by enacting stronger privacy protection legislation, are mainly addressing two issues: 1) the courts’ hesitancy to adapt fourth amendment jurisprudence to technological advances that create the capability to store & collect unprecedented amounts of data; and 2) the federal government’s inertia in amending privacy protecting legislation to reflect modern technological use & societal norms.
In this week’s readings we have seen that while some courts recognize that new uses and dependence on technology renders law like Smith to be irrelevant or wholly distinguishable regarding the NSA’s collection of metadata (Klayman v. Obama, 2013), others cling on to strict analogies to letters and telephones which could only be used to make phone calls (ACLU v. Clapper, 2013). As a result, 4th amendment jurisprudence regarding mobile phones, which serve a mini-personal computers rather than simple telephones is extremely confused. In addition, legislation such as the Electronic Communications Privacy Act (ECPA) is inadequate in today’s context of mass data. As a result, states are fighting back.
In Arizona and Tennessee state legislators have proposed, a will likely pass, legislation that bars the state from providing material support to the NSA. In addition, data collected without a warrant cannot be used as evidence in state court. The evidence ban creates a bright line test in the face of confused jurisprudence regarding an individual’s right to privacy from the government.
In New Hampshire, a proposed bill requires that law enforcement obtain a warrant before searching “information in an electronic portable device.” This mirrors the holding in US v. Wurie (2013) which found that evidence found when a cop searched an arrestee’s phone without a warrant violated the 4th amendment. However, on appeal this might be reversed and other courts might disagree. New Hampshire’s law provides clarity. In addition, New Hampshire is also proposing a bill that will protect “expectation of privacy in personal information, including personal identifiers, content, and usage, given or available to third-party providers of information and services, including telephone; electric, water and other utility services; internet service providers; social media providers; banks and financial institutions; insurance companies; and credit card companies.” This is a necessary slap in the face to the third party doctrine – which taken to its extreme in today’s digital world – diminishes the 4th amendment protections to a mere novelty.
Relying on out of date precedent, ignoring the modern reality that communication of information is not truly voluntary if one wants to participate in society, and not acknowledging the unprecedented scope of data collection possible using previously acceptable devices, courts have not adapted 4th amendment jurisprudence to adequately protect the privacy of American citizens. In its current gridlock, Congress cannot be depended to make sweeping changes either. As a result, the states have stepped up to the plate. Although this is of little condolence to one interacting with a federal court, it is a step in the right direction.
Kevin Thomas
http://www.dotnews.com/2014/sj-court-decision-impacts-04-savin-hill-murder-trial
A decision by the Massachusetts Supreme Judicial Court has the effect of throwing out “key evidence” against the defendant from a 2011 murder trial. The decision focused on law enforcement access to cell-site location information (CSLI). More specifically, whether the government needed to meet the traditional “probable cause” requirement for obtaining a warrant, or whether a court order for the information could be obtained through the much less demanding “specific and articulable” facts standard.
Here the majority found that CSLI, as with GPS in Massachusetts, implicates the constitutionally protected interest of a reasonable expectation of privacy in one’s personal movements. It chose not to apply the same third party doctrine used in Smith v. Maryland and United States v. Miller to the acquisition of CSLI. Interestingly, the dissent distinguished the use of “call CSLI” wherein a user’s location is recorded during phone calls and “registration CSLI” in which the phone’s location is transmitted automatically every seven seconds.
The District Attorney noted that, because of the gray area in the law, police have been obtaining warrants for this kind of information for years. As a result, this ruling will not impact very many criminal cases in Massachusetts.
Jessica Heller
This article discusses the ways in which the government can use border crossings to perform warrantless searches and seizures of electronic devices.
The article specifically focuses on the case of David House, a former fundraiser for Bradley Manning’s legal defense, and the government documents that were released as part of House’s legal settlement with the Department of Homeland Security. The government tagged House as a ‘person of interest’ because of his connection with Private Manning. As a result, when House flew from Mexico to the U.S., immigration officials seized his computer without a warrant and performed a thorough search. The documents revealed that after searching over 26,000 of House’s files, there was no evidence of any criminal wrongdoing.
Though the government may lawfully perform warrantless searches and seizures of electronic devices because of the border crossing exception to the Fourth Amendment, in an increasing number of cases like House’s, it is being asserted that the government is abusing its power, and that power should be curtailed. An A.C.L.U lawyer working on House’s case said that the government had abused its power to execute a search that “no court would have approved.”
The government’s ability to skirt constitutional protections is particularly concerning given the high volume of searches on electronic devices. In the last 3 years, Customs and Border Protection has conducted warrantless electronic media searches on an average of 15 people per day.
Christine Kuveke
http://www.nytimes.com/2013/10/02/technology/google-accused-of-wiretapping-in-gmail-scans.html
This article discusses a lawsuit that has been brought against Google, alleging that it is wiretapping its users in violation of the Electronic Communications Privacy Act (ECPA). The plaintiffs assert that Google has acted illegally in collecting user data in Gmail and Street View. One practice, which is challenged, is the scanning of emails used to provide targeted advertisements.
Google has argued that its users have consented to its practices by agreeing to its service and privacy policy. Consent is one of the ECPA exceptions that we discussed in class. Google has also argued that non-Gmail users have no reasonable expectation of privacy when they send emails to Gmail users. Another argument is that Google is entitled to protection under ECPA because it is acting in the ordinary course of business. The counterargument, of course, is that creating user profiles and providing targeted ads are not related to Google’s core business of providing email services. Two federal judges have ruled against Google in its motions to dismiss. One of the themes that runs through the article is the argument that ECPA is “stuck in the past and has failed to keep up with new technologies.”
Nathan Monroe Yavneh
http://www.nytimes.com/2013/05/08/us/politics/obama-may-back-fbi-plan-to-wiretap-web-users.html
This article, by Charlie Savage of the New York Times, describes the policy debate that surrounds efforts to update the Communications Assistance for Law Enforcement Act (CALEA).
CALEA, which dates to 1994, already requires phone and network carriers to build interception capabilities into their systems. Today, however, more people are choosing to communicate online, using protocols like VoIP. CALEA does not apply to such modern Internet-based methods of communication. This has prompted a concern by law enforcement officials, such as FBI Director Robert S. Mueller, III, that voice communication is “going dark” – that is, moving to media that law enforcement are not able to intercept.
The FBI has put out two proposals to update CALEA in recent years. The first proposal, in 2010, would have required Internet communications services to build a backdoor into their systems which law enforcement could use for wiretapping. It would also have required those companies to unscramble encrypted data at the request of law enforcement.
The more recent proposal takes a different tack, strengthening wiretap orders issued by judges. Under the proposal, a company would first receive notice that it may receive a surveillance request in the future. If it has received such notice, and fails to comply, it would be eligible for steep fines. This would have more teeth than the current law, which affords companies “wiggle room” to argue that they can not surveil for technical reasons.
There has been criticism of both proposals. Critics argue that it will stifle innovation, potentially driving tech startups overseas to countries where they would not have to comply with wiretap requests. Others worry about security, pointing out that any backdoors built into systems for law enforcement could also be discovered and exploited by hackers or other malicious agents.
While it remains unclear what form the revisions to CALEA will take, this article indicates that we are at a crossroads with regards to government surveillance of the internet. As technology outpaces a two decade old law, some decision must be reached balancing the privacy interests of Internet users and the law enforcement interests of the government. The abandonment of the FBI’s 2010 proposal to require backdoors and decryption of communications seems to indicate that the balance has swung slightly in favor of user’s privacy, but beyond that it is difficult to predict.
Siobhan Atkins
Article: Chanakya Sethi, Do Americans Care About the Privacy of our Metadata?
Every day, Americans share vast amounts of information with cell phone service providers, credit card companies, and Internet vendors. The frequency and volume of information shared with third parties in the digital age raises an important question: do Americans truly “voluntarily” give away all such information, thus waiving any Fourth Amendment protections against that information’s collection? Or, given the degree to which citizens must share such data to participate in modern society, do Americans perhaps expect a greater degree of privacy now than ever before?
This article briefly explores American sentiments towards metadata collection, and ultimately argues that Americans who disclose more information may expect more privacy in the electronic information they share. The article first discusses findings made by the panel of intelligence experts convened by President Obama in December 2013 to evaluate the NSA telephony metadata program. The panel argued that Americans’ extensive disclosure in the digital age does not reflect an increasing apathy about the information’s release to the wider world, but rather is a “necessary accommodation to the realities of modern life.”
The article goes on to discuss a Pew Research poll that indicates that many Americans are increasingly concerned about the information available about them online – even, paradoxically, as they share more of that information with third parties. Perhaps most interesting was the poll’s finding that those who have taken more steps to remain anonymous online are more likely than others to have posted information about themselves online – an indication that our desire for privacy may grow stronger in the digital age, even as we share more information about ourselves with others.
The changing nature of disclosure in modern society, as well as shifting public opinions on privacy, may influence whether courts continue to use Smith v. Maryland as a guide in assessing the constitutionality of metadata collection programs. In Klayman v. Obama, Judge Leon cited the changing frequency and nature of phone use – and an Associated Press survey revealing increased concern about data privacy – in support of his argument that Smith is “of little value” in evaluating the Fourth Amendment claims raised by the NSA’s telephony metadata collection program. In contrast, Judge Pauley argued in ACLU v. Clapper that the ubiquity of cell phones today “does not undermine the Supreme Court’s ruling that a person has no subjective expectation of privacy in telephony metadata.” It will be interesting to see how – or whether – changing habits and public sentiment influence court rulings in the future.
Paul Hanft (submitted 25 February)
http://www.usatoday.com/story/news/politics/2014/01/20/poll-nsa-surveillance/4638551/
http://swampland.time.com/2013/12/17/nsa-takes-a-hit-in-fight-for-american-public-opinion/
These two articles from Time and USA today discuss the overall public opinion of the American public on the NSA and its collection of metadata. The NSA has been trying to assuage the public that its collection of metadata phone records does not amount to domestic spying, as such former public affairs officer for the Federal Bureau of Investigation and CBS correspondent John Miller featured NSA head Keith Alexander who attempted to explain the NSA’s actions to the American public. The segment was heavily criticized for being inaccurate and the current public opinion leans heavily against the NSA with a 53% majority disapproving of the metadata collection program against 40% approving.
President’s Obama’s most recent proposals that a third party rather than the government to hold the massive stores of phone metadata and that intelligence analysts would need a court order to search it except in emergencies were also surveyed and respondents expressed little confidence in them in protecting privacy. By 73%-21% margin, those who paid attention to the speech say his proposals won’t make much difference in protecting people’s privacy.
The article discusses Judge’s Leon recent ruling that the NSA’s broad collection of information from cell-phone records violates the constitution. Particular bothering both to judge Leon and likely to the public as a whole is the NSA’s ability to collect data without any particularized suspicion of wrongdoing and inability of individuals to avoid government collection while simultaneously being integrated into modern life (that is one generally must have a cell-phone).