Tag: Fourth Amendment

Patriot Reauthorization Vote Fails… Now What?

First, the good news: Last night, civil libertarians had a rare excuse to pop champagne when an effort to fast-track a one-year reauthorization of three controversial Patriot Act provisions–set to expire at the end of the month–failed in the House of Representatives. As Slate’s Dave Weigel notes, the vote had been seen as such a sure thing that Politico headlined its story on the pending vote “Congress set to pass Patriot Act extension.” Around this time last year, a similar extension won House approval by a lopsided 315-97 vote.

Now the reality check: The large majority of representatives also voted for reauthorization last night: 277 for, 148 against. The vote failed only because GOP leadership had sought to ram the bill through under a “suspension of the rules”–a streamlined process generally used for the most uncontroversial bills, limiting debate and barring the introduction of amendments–which required a two-thirds majority for passage. Given last week’s developments in the Senate, it’s still a near certainty that the expiring provisions will be extended again before the end of the month. In fact, there’s a Rules Committee meeting today to get the bill back on the House floor. Also, while the defection of 26 Republicans who voted against reauthorization is the first real pushback against leadership we’ve seen since the GOP took the House, some of the talk that’s circulated about a Tea Party backlash against the surveillance state seems premature. As Weigel notes, just eight of the 26 Republican “no” votes were incoming freshmen, and many representatives prominently associated with the Tea Party were on the other side. Some of the resistance seems to have been generated by the fast-track approach, as there haven’t been any hearings or mark-ups on Patriot legislation.

That said, the tide does seem to be shifting somewhat. The failure of the fast-track vote means that we may see the reauthorization introduced under rules that would allow amendments aimed at remedying the civil liberties problems with the three expiring provisions, or with the still more controversial Patriot expansion of National Security Letter authority, which under current law does not expire. For those just tuning in, the sunsetting Patriot provisions are:

Lone Wolf

So-called “lone wolf” authority allows non-citizens in the U.S. who are suspected of involvement in terrorist activities to be monitored under the broad powers afforded by the Foreign Intelligence Surveillance Act (FISA), even if they are not connected to any overseas terror group or other “foreign power.” It was passed after FBI claimed the absence of “lone wolf” authority stymied efforts to monitor the infamous “20th 9/11 Hijacker”–but a bipartisan Senate report found that this failure was actually the result of a series of gross errors by the FBI, not any gap in government surveillance powers. Moreover, Lone Wolf blurs the traditional–and constitutionally significant–distinction between foreign intelligence, where the executive enjoys greater latitude, and domestic national security investigations. The way the statute is written, Lone Wolf authority is only available in circumstances where investigators would already be able to obtain a criminal terrorism wiretap. Given of the sweeping nature of FISA surveillance, that more narrow criminal surveillance authority should be employed when the special needs imposed by the involvement of a “foreign power” are not present.

Roving Wiretaps

Roving wiretap authority allows intelligence wiretap orders to follow a target across multiple phone lines or online accounts. Similar authority has been available in criminal investigations since 1986, but Patriot’s roving wiretaps differ from the version available in criminal cases, because the target of an order may be “described” rather than identified. Courts have stressed this requirement for identification of a named target as a feature that enables criminal roving wiretaps to satisfy the “particularity” requirement of the Fourth Amendment. Patriot’s roving taps, by contrast, raise the possibility of “John Doe” warrants that name neither a person nor a specific “place” or facility–disturbingly similar to the “general warrants” the Founders were concerned to prohibit when they crafted the Fourth Amendment. Given the general breadth of FISA surveillance and the broad potential scope of online investigations, John Doe warrants would pose a high risk of “overcollecting” innocent Americans’ communications. Most civil liberties advocates would be fine with making this authority permanent if it were simply modified to match the criminal authority and foreclose the possibility of “John Doe” warrants by requiring either a named individual target or a list of specific facilities to be wiretapped.

Section 215

Section 215 expanded the authority of the FISA Court to compel the production of business records or any other “tangible thing.” While previously such orders were limited to narrow classes of businesses and records, and required a showing of “specific and articulable facts” that the records sought pertain to an agent of a foreign power, Patriot stripped away those limits. The current law requires only a showing of “reasonable grounds” to believe records are “relevant” to an investigation, not probable cause, and has no requirement that people whose information is obtained be even suspected of any connection to terrorism. And the recipients of these orders are barred from Proposals to restore some of the previous checks on this power–requiring some demonstrable connection to terroris–initially received bipartisan support last year, but were torpedoed when the Justice Department objected that this limitation would interfere with a secret “sensitive collection program.” Several senators briefed on the program have expressed concern that this sweeping collection authority was being reauthorized without adequate public understanding of its true purpose.

So those are the sunsetting provisions–though a lot of the debate last year very justifiably centered on the need to reform National Security Letters, which we know to be constitutionally defective, and which have already been subject to serious abuses. One reason reform keeps getting postponed is that Congress is busy and tends not to make time for these issues until the sunset deadlines are right around the corner–at which point a reliable band of pundits and legislators imply that absolute bedlam will ensue unless every single surveillance authority is extended–meaning reform will have to wait until later, at which point it will be an emergency all over again. Once you start looking at the numbers, though, all these Chicken Littles begin to look faintly ridiculous.

The Lone Wolf provision is such an essential intelligence tool that it has never been used. Not a single time. And again, by the terms of the statute, it only applies under circumstances where a criminal wiretap warrant would already be available if Lone Wolf authority didn’t exist. Roving authority is granted by the FISA Court an average of 22 times per year, and in many (if not most) of those cases it never actually has to be used–surveillance is limited to named facilities. To put that in context, the FISA court issued 1,320 electronic surveillance orders in 2009, and that was the first time in 5 years the number fell below 2,000. So we’re talking about maybe 1 percent of FISA surveillance, which judging by internal oversight reports, is a good deal less than the portion that ends up sitting untranslated for months anyway. Similarly, there were 21 business records orders under §215 issued in 2009–and remember, that authority doesn’t disappear if this provision sunsets, it just reverts to its narrower, pre–Patriot version, where the court needs to see actual evidence that the records have some connection to a suspected terrorist. Surveys by the Inspector General’s office found no instances in which a major case development resulted from 215 information. The idea that we’d somehow be in grave danger if these provisions lapsed for a few months just doesn’t hold up, but there’s no reason Congress can’t pass a two-month extension while they consider some of the reforms already on the table, just as they did last year.

So let’s stop living in a state of perpetual panic. Some of these provisions we’d be better off without. Some, like roving wiretaps, just need minor tweaks to close loopholes for misuse. Some–I’m looking at you, National Security Letters–require substantial reform. Many of these changes ought to be common sense, and have attracted bipartisan support in the past. But let’s stop kicking the can down the road and saying we’ll debate the proper limits on the surveillance state when there’s time. It’s important enough that Congress can make time.

Jeff McKay: A Limp Rag Masquerading as a Terror Warrior

This afternoon I briefly attended a meeting of the Washington Metropolitan Area Transit Authority board to comment on the question whether there should be random bag searches in the D.C. area’s subway system. A variety of other liberty loving D.C.-area residents spoke up against bag searches, noting the weakness of the practice in terms of security, the privacy consequences, and the insult to Metro riders in treating all as suspects. The chairman of the Riders Advisory Council asked that the program be suspended.

Along with restating the security weakness of random bag searches—it simply transfers risk from one station to another, from the subway to busses, or from the Metro system to other infrastructure—I emphasized the strategic consequences of the policy:

Terrorists try to instill fear and drive victim states to over-reaction. They try to knock us off our game. The appropriate response is not to give in to fear-based impulses. Obviously, we can and do secure what can cost-effectively be secured. And where infrastructure can’t be secured specifically, many other layers of security are protecting the society as a whole—aware people, ordinary law enforcement, targeted lawful investigation of terror suspects, and international intelligence and diplomatic efforts.

WMATA can play a part in our security, but in a very different way than by making a great show of desperately searching passengers. Refusing the bag search policy can signal to D.C. area residents and the nation that we are relatively secure, because we are. Al Qaeda is on the run, and the franchises it inspired are generally incompetent.

When America’s capital city abandons bag searching, it will be a small but important signal that terrorism doesn’t knock us off our game. Consistency in this message over time will weaken terrorism and ultimately reduce terror attacks from their already low numbers.

There will never be perfect security, but security measures that cost more than they benefit our security make us worse off, not better off. They make us victims of terrorism’s strategic logic.

Fairfax County Supervisor Jeff McKay disagrees. An alternate member of the WMATA board, he is the picture of the politician  in thrall to terrorism. During the discussion of the Riders Advisory Council report, he stated—as a moral obligation, no less—that he should assume the existence of substantial threats to the Metro system because some authorities claim secret knowledge to that effect.

Whether there are threats or not, this does not respond at all to the point that random bag searches would not address them. Again, they transfer risk from one Metro station to another, from Metro stations to Metro busses, or from the Metro system to other infrastructure in the D.C. area.

We often joke about politicians who say “something must be done; this is something; this must be done,” but when you see it live and in person, it’s really stupid.

McKay seemed to take righteous pride in abdicating his responsibility to understand basic security principles as they pertain to the Metro system. He did note the bind that the board is in. They’re damned if they do bag searches because of the complaints from the community, and they’re damned if they don’t because something bad might happen.

McKay’s choice is to spend the money of District-area governments and undercut the civil liberties of Metro riders so that, in the unlikely event a terror attack occurs, his political career is protected. He can say “I tried to stop it with bag searches.” Never mind that it was an ineffective measure.

McKay thinks he’s doing the right thing, but that doesn’t excuse his being a patsy to the terrorism strategy. He’s a limp rag, abdicating his security responsibility while pretending that he fights terrorism.

Wikileaks, Twitter, and Our Outdated Electronic Surveillance Laws

This weekend, we learned that the U.S. government last month demanded records associated with the Twitter accounts of several supporters of WikiLeaks—including American citizens and an elected member of Iceland’s parliament. As the New York Times observes, the only remarkable thing about the government’s request is that we’re learning about it, thanks to efforts by Twitter’s legal team to have the order unsealed. It seems a virtual certainty that companies like Facebook and Google have received similar demands.

Most news reports are misleadingly describing the order [PDF] as a “subpoena” when in actuality it’s a judicially-authorized order under 18 U.S.C §2703(d), colloquially known (to electronic surveillance geeks) as a “D-order.” Computer security researcher Chris Soghoian has a helpful rundown on the section and what it’s invocation entails, while those who really want to explore the legal labyrinth that is the Stored Communications Act should consult legal scholar Orin Kerr’s excellent 2004 paper on the topic.

As the Times argues in a news analysis today, this is one more reminder that our federal electronic surveillance laws, which date from 1986, are in dire need of an update. Most people assume their online communications enjoy the same Fourth Amendment protection as traditional dead-tree-based correspondence, but the statutory language allows the contents of “electronic communications” to be obtained using those D-orders if they’re older than 180 days or have already been “opened” by the recipient. Unlike traditional search warrants, which require investigators to establish “probable cause,” D-orders are issued on the mere basis of “specific facts” demonstrating that the information sought is “relevant” to a legitimate investigation. Fortunately, an appellate court has recently ruled that part of the law unconstitutional—making it clear that the Fourth Amendment does indeed apply to email… a mere 24 years after the original passage of the law.

The D-order disclosed this weekend does not appear to seek communications content—though some thorny questions might well arise if it had. (Do messages posted to a private or closed Twitter account get the same protection as e-mail?) But the various records and communications “metadata” demanded here can still be incredibly revealing. Unless the user is employing anonymizing technology—which, as Soghoian notes, is fairly likely when we’re talking about such tech-savvy targets—logs of IP addresses used to access a service like Twitter may help reveal the identity of the person posting to an anonymous account, as well as an approximate physical location. The government may also wish to analyze targets’ communication patterns in order to build a “social graph” of WikiLeaks supporters and identify new targets for investigation. (The use of a D-order, as opposed to even less restrictive mechanisms that can be used to obtain basic records, suggests they’re interested in who is talking to whom on the targeted services.) Given the degree of harassment to which known WikiLeaks supporters have been subject, easy access to such records also threatens to chill what the courts have called “expressive association.” But unlike traditional wiretaps, D-order requests for data aren’t even subject to mandatory reporting requirements—which means surveillance geeks may be confident this sort of thing is fairly routine, but the general public lacks any real sense of just how pervasive it is. Whatever your take on WikiLeaks, then, this rare peek behind the curtain is one more reminder that our digital privacy laws are long overdue for an upgrade.

TSA’s Strip/Grope: Unconstitutional?

Writing in the Washington Post, George Washington University law professor Jeffrey Rosen carefully concludes, “there’s a strong argument that the TSA’s measures violate the Fourth Amendment, which prohibits unreasonable searches and seizures.” The strip/grope policy doesn’t carefully escalate through levels of intrusion the way a better designed program using more privacy protective technology could.

It’s a good constutional technician’s analysis. But Professor Rosen doesn’t broach one of the most important likely determinants of Fourth Amendment reasonableness: the risk to air travel these searches are meant to reduce.

Writing in Politico last week, I pointed out that there have been 99 million domestic flights in the last decade, transporting seven billion passengers. Not one of these passengers snuck a bomb onto a plane and detonated it. Given that this period coincides with the zenith of Al Qaeda terrorism, this suggests a very low risk.

Proponents of the TSA’s regime point out that threats are very high, according to information they have. But that trump card—secret threat information—is beginning to fail with the public. It would take longer, but would eventually fail with courts, too.

But rather than relying on courts to untie these knots, Congress should subject TSA and the Department of Homeland Security to measures that will ultimately answer the open risk questions: Require any lasting security measures to be justified on the public record with documented risk management and cost-benefit analysis. Subject such analyses to a standard of review such as the Adminstrative Procedure Act’s “arbitrary and capricious” standard. Indeed, Congress might make TSA security measures APA notice-and-comment rules, with appropriate accomodation for (truly) temporary measures required by security exigency.

Claims to secrecy are claims to power. Congress should withdraw the power of secrecy from the TSA and DHS, subjecting these agencies to the rule of law.

Phone Numbers, E-Mail Addresses, and Metaphor Wars

The law normally advances by small and cautious steps—by the gradual extension of established precedents and rules to novel problems and fact patterns. Little wonder, then, that tricky questions of law often amount to conflicts between competing metaphors. Is a hard drive like a closed briefcase whose contents are all fair game for police once the “container” is legitimately opened? Or is it more like a warehouse containing hundreds or thousands of individual closed containers? If the latter, what are the “containers”? Directories? Individual files?

A similar metaphor war figures in the FBI’s effort to expand its authority to acquire information from Internet Service Providers using National Security Letters, which are issued by agents without judicial oversight, and typically forbid providers from disclosing anything about the demand for records. The Bureau had long assumed that the NSL statutes gave them broad authority to get “electronic communications transaction records”—information about your online communications, though not the contents of the communications themselves—as long as they certified that those records would be “relevant” to a national security investigation, a far lower standard than the Fourth Amendment’s “probable cause.” But in a 2008 opinion, the Bush administration’s Office of Legal Counsel rejected this interpretation, finding that NSLs could only be used to obtain the particular types of records specified in the statute, including “toll billing records.” For Internet accounts, this meant the FBI could only get “information parallel to… toll billing records for ordinary telephone service.”

The obvious question is what, exactly, constitutes information “parallel to” a toll billing record in the online context. The FBI would prefer to resolve the ambiguity by simply amending the law to give them blanket authority to acquire transaction records. In particular, according to The Washington Post, government lawyers think they can obtain “the addresses to which an Internet user sends e-mail; the times and dates e-mail was sent and received; and possibly a user’s browser history.” On its face, this sounds like a reasonable reading. An important 1979 Supreme Court case, Smith v. Maryland, held that the information contained in telephone “toll billing records”—the itemized list of calls placed and received you’d find on a standard phone bill—didn’t enjoy Fourth Amendment protection, and so unlike the contents of phone conversations themselves, could be obtained by the government without a full probable cause warrant. Surely the obvious equivalent in the online context is the list of e-mail addresses in an Internet user’s inbox and outbox? At a second glance, though, there are some problems with that metaphor, of two central kinds.

First, there’s a problem with the formal analogy. The Court in Smith supported their finding of a diminished privacy interest in toll billing records on numerous grounds.  For one, the Court noted that because one’s itemized phone bill did contain these numbers, no reasonable person could be unaware that this information was “exposed” to employees of the phone company and retained as a matter of course among the company’s business records. Of course, it’s now increasingly common for phone companies to charge a flat rate rather than billing by individual calls, and so the legislative history of the NSL statutes makes clear that by “toll billing records” they mean information that could be used to assess a charge, even if a company happened not to charge that way.

The analogy gets pretty strained when we come to Internet services, though. At the time the laws in question here were written, ISPs almost universally charged people for the amount of time they were connected, not by the number of individual e-mails sent. Now it’s much more common to simply play a flat monthly fee for broadband connection, though you also sometimes see plans where there’s a charge by the megabyte above a certain threshold of bandwidth usage. Your ISP, of course has technical access to the list of e-mail addresses you’ve communicated with—just as they have the ability to access the e-mails themselves—but no major service, as far as I know, has ever actually kept this list as a separate billing record.

But maybe that’s not the right way to apply the metaphor. Maybe what’s important is whether those to/from e-mail records are substantively “parallel to” the kind of information you’d traditionally find in telephone toll billing records. As the Smith Court observed, a list of phone numbers was far less revealing and sensitive than the actual conversation—it revealed nothing of the “purport” of the communication itself, or even who was on the call. But as soon as we start to think more carefully about how we actually use e-mail in the real world, it becomes clear that the analogy is far from perfect.

One thing lots of people do with e-mail, after all, is participate in mailing lists and discussion groups.  Records of this sort, then, are likely to reveal the membership in potentially controversial social, political, or religious groups—and the Supreme Court has also found that such membership lists enjoy First Amendment protection as a component of freedom of association. But they’d also reveal much more than that. The closest telephone analogue to a mailing list discussion is probable a conference call.  An investigator who obtained toll billing records for such a call would, at most, have learned that a certain number of people called in for a certain amount of time; they’d learn nothing about who spoke in response to whom, or how much, and who remained silent.  Someone getting  e-mail transaction records would have a much more detailed picture of who was vocal and who was silent, the order and frequency with which participants spoke, and so on. And more generally, people in practice do not use e-mail like traditional letters: They tend to have exchanges in which each individual e-mail is more like a piece of the longer conversation.

There are also many common uses of e-mail that don’t really have close analogies in the telephonic context.  If I make a purchase from Amazon, win an Ebay auction,  make an OpenTable restaurant reservation, register for a conference at a local think tank, or place a Craigslist ad, that will typically generate an automatic confirmation e-mail from the site, and the e-mail address from which the site comes will often reveal something about the nature of the transaction. (My inbox has messages from auto-confirm, order-update, ship-confirm, and  store-news @amazon.com—inherently more revealing than the mere fact that I called some mail-order vendor.) It’s not a particularly big deal in those cases, but such e-mails could also reveal that I had opened or closed or modified an account at a particular politically, sexually, or religiously oriented Web site, or subscribed to a specific publication.

For an example of just how sensitive and revealing such task-specific e-mail addresses can be, consider Craigslist in particular. The site—which for those who haven’t used it is the vast online equivalent of the newspaper’s classified section—generates an individual anonymized e-mail addresses for each ad placed, so that users don’t have to expose their own contact information to the world. Yet while this provides anonymity against the general public, it also makes those mere e-mail addresses much more revealing to the government agent who obtains transaction records. That’s because each ad can be linked to a particular e-mail address, so if you’ve sent a message to pers-1234567-ABCD [at] craigslist [dot] com, the government may not know exactly who you’ve written, but they can determine why you’re writing: To respond to an ad offering a handgun for sale, say, or one soliciting a foot fetishist for a “casual encounter.”

The point is not just that investigators shouldn’t be able to get e-mail transaction records without a probable cause warrant—though I happen to think that would be a reasonable standard. It’s that metaphors can mislead us: We need to look past the easy equivalencies between new technologies and more traditional forms of communication, and drill down to see the full range of privacy interests implicated given the real-world practices of ordinary people who use those technologies.

GPS Tracking and a ‘Mosaic Theory’ of Government Searches

The Electronic Frontier Foundation trumpets a surprising privacy win last week in the U.S. Court of Appeals for the D.C. Circuit. In U.S. v. Maynard (PDF), the court held that the use of a GPS tracking device to monitor the public movements of a vehicle—something the Supreme Court had held not to constitute a Fourth Amendment search in U.S. v Knotts—could nevertheless become a search when conducted over an extended period.  The Court in Knotts had considered only tracking that encompassed a single journey on a particular day, reasoning that the target of surveillance could have no “reasonable expectation of privacy” in the fact of a trip that any member of the public might easily observe. But the Knotts Court explicitly reserved judgment on potential uses of the technology with broader scope, recognizing that “dragnet” tracking that subjected large numbers of people to “continuous 24-hour surveillance.” Here, the DC court determined that continuous tracking for a period of over a month did violate a reasonable expectation of privacy—and therefore constituted a Fourth Amendment search requiring a judicial warrant—because such intensive secretive tracking by means of public observation is so costly and risky that no  reasonable person expects to be subject to such comprehensive surveillance.

Perhaps ironically, the court’s logic here rests on the so-called “mosaic theory” of privacy, which the government has relied on when resisting Freedom of Information Act requests.  The theory holds that pieces of information that are not in themselves sensitive or potentially injurious to national security can nevertheless be withheld, because in combination (with each other or with other public facts) permit the inference of facts that are sensitive or secret.  The “mosaic,” in other words, may be far more than the sum of the individual tiles that constitute it. Leaving aside for the moment the validity of the government’s invocation of this idea in FOIA cases, there’s an obvious intuitive appeal to the idea, and indeed, we see that it fits our real world expectations about privacy much better than the cruder theory that assumes the sum of “public” facts must always be itself a public fact.

Consider an illustrative hypothetical.  Alice and Bob are having a romantic affair that, for whatever reason, they prefer to keep secret. One evening before a planned date, Bob stops by the corner pharmacy and—in full view of a shop full of strangers—buys some condoms.  He then drives to a restaurant where, again in full view of the other patrons, they have dinner together.  They later drive in separate cars back to Alice’s house, where the neighbors (if they care to take note) can observe from the presence of the car in the driveway that Alice has an evening guest for several hours. It being a weeknight, Bob then returns home, again by public roads. Now, the point of this little story is not, of course, that a judicial warrant should be required before an investigator can physically trail Bob or Alice for an evening.  It’s simply that in ordinary life, we often reasonably suppose the privacy or secrecy of certain facts—that Bob and Alice are having an affair—that could in principle be inferred from the combination of other facts that are (severally) clearly public, because it would be highly unusual for all of them to be observed by the same public.   Even more so when, as in Maynard, we’re talking not about the “public” events of a single evening, but comprehensive observation over a period of weeks or months.  One must reasonably expect that “anyone” might witness any of such a series of events; it does not follow that one cannot reasonably expect that no particular person or group would be privy to all of them. Sometimes, of course, even our reasonable expectations are frustrated without anyone’s rights being violated: A neighbor of Alice’s might by chance have been at the pharmacy and then at the restaurant. But as the Supreme Court held in Kyllo v US, even when some information might in principle be possible to obtain public observation, the use of technological means not in general public use to learn the same facts may nevertheless qualify as a Fourth Amendment search, especially when the effect of technology is to render easy a degree of monitoring that would otherwise be so laborious and costly as to normally be infeasible.

Now, as Orin Kerr argues at the Volokh Conspiracy, significant as the particular result in this case might be, it’s the approach to Fourth Amendment privacy embedded here that’s the really big story. Orin, however, thinks it a hopelessly misguided one—and the objections he offers are all quite forceful.  Still, I think on net—especially as technology makes such aggregative monitoring more of a live concern—some kind of shift to a “mosaic” view of privacy is going to be necessary to preserve the practical guarantees of the Fourth Amendment, just as in the 20th century a shift from a wholly property-centric to a more expectations-based theory was needed to prevent remote sensing technologies from gutting its protections. But let’s look more closely at Orin’s objections.

First, there’s the question of novelty. Under the mosaic theory, he writes:

[W]hether government conduct is a search is measured not by whether a particular individual act is a search, but rather whether an entire course of conduct, viewed collectively, amounts to a search. That is, individual acts that on their own are not searches, when committed in some particular combinations, become searches. Thus in Maynard, the court does not look at individual recordings of data from the GPS device and ask whether they are searches. Instead, the court looks at the entirety of surveillance over a one-month period and views it as one single “thing.” Off the top of my head, I don’t think I have ever seen that approach adopted in any Fourth Amendment case.

I can’t think of one that explicitly adopts that argument.  But consider again the Kyllo case mentioned above.  Without a warrant, police used thermal imaging technology to detect the presence of marijuana-growing lamps within a private home from a vantage point on a public street. In a majority opinion penned by Justice Scalia, the court balked at this: The scan violated the sanctity and privacy of the home, though it involved no physical intrusion, by revealing the kind of information that might trigger Fourth Amendment scrutiny. But stop and think for a moment about how thermal imaging technology works, and try to pinpoint where exactly the Fourth Amendment “search” occurs.  The thermal radiation emanating from the home was, well… emanating from the home, and passing through or being absorbed by various nearby people and objects. It beggars belief to think that picking up the radiation could in itself be a search—you can’t help but do that!

When the radiation is actually measured, then? More promising, but then any use of an infrared thermometer within the vicinity of a home might seem to qualify, whether or not the purpose of the user was to gather information about the home, and indeed, whether or not the thermometer was precise enough to reveal any useful information about internal temperature variations within the home.  The real privacy violation here—the disclosure of private facts about the interior of the home—occurs only when a series of very many precise measurements of emitted radiation are processed into a thermographic image.  To be sure, it is counterintuitive to describe this as a “course of conduct” because the aggregation and analysis are done quite quickly within the processor of the thermal camera, which makes it natural to describe the search as a single act: Creating a thermal image.  But if we zoom in, we find that what the Court deemed an unconstitutional invasion of privacy was ultimately the upshot of a series of “public” facts about ambient radiation levels, combined and analyzed in a particular way.  The thermal image is, in a rather literal sense, a mosaic.

The same could be said about long-distance  spy microphones: Vibrating air is public; conversations are private. Or again, consider location tracking, which is unambiguously a “search” when it extends to private places: It might be that what is directly measured is only the “public” fact about the strength of a particular radio signal at a set of receiver sites; the “private” facts about location could be described as a mere inference, based on triangulation analysis (say), from the observable public facts.

There’s also a scope problem. When, precisely, do individual instances of permissible monitoring become a search requiring judicial approval? That’s certainly a thorny question, but it arises as urgently in the other type of hypothetical case alluded to in Knotts, involving “dragnet” surveillance of large numbers of individuals over time. Here, too, there’s an obvious component of duration: Nobody imagines that taking a single photograph revealing the public locations of perhaps hundreds of people at a given instant constitutes a Fourth Amendment search. And just as there’s no precise number of grains of sand that constitutes a “heap,” there’s no obvious way to say exactly what number of people, observed for how long, are required to distinguish individualized tracking from “dragnet” surveillance.  But if we anchor ourselves in the practical concerns motivating the adoption of the Fourth Amendment, it seems clear enough that an interpretation that detected no constitutional problem with continuous monitoring of every public movement of every citizen would mock its purpose. If we accept that much, a line has to be drawn somewhere. As I recall, come to think of it, Orin has himself proposed a procedural dichotomy between electronic searches that are “person-focused” and those that are “data-focused.”  This approach has much to recommend it, but is likely to present very similar boundary-drawing problems.

Orin also suggests that the court improperly relies upon a “probabilistic” model of the Fourth Amendment here (looking to what expectations about monitoring are empirically reasonable) whereas the Court has traditionally relied on a “private facts” model to deal with cases involving new technologies (looking to which types of information it is reasonable to consider private by their nature). Without recapitulating the very insightful paper linked above, the boundaries between models in Orin’s highly useful schema do not strike me as quite so bright. The ruling in Kyllo, after all, turned in part on the fact that infrared imaging devices are not in “general public use,” suggesting that the identification of “private facts” itself has an empirical and probabilistic component.  The analyses aren’t really separate. What’s crucial to bear in mind is that there are always multiple layers of facts involved with even a relatively simple search: Facts about the strength of a particular radio signal, facts about a location in a public or private place at a particular instant, facts about Alice and Bob’s affair. In cases involving new technologies, the problem—though seldom stated explicitly—is often precisely which domain of facts to treat as the “target” of the search. The point of the expectations analysis in Maynard is precisely to establish that there is a domain of facts about macro-level behavioral patterns distinct from the unambiguously public facts about specific public movements at particular times, and that we have different attitudes about these domains.

Sorting all this out going forward is likely to be every bit as big a headache as Orin suggests. But if the Fourth Amendment has a point—if it enjoins us to preserve a particular balance between state power and individual autonomy—then as technology changes, its rules of application may need to get more complicated to track that purpose, as they did when the Court ruled that an admirably simple property rule was no longer an adequate criterion for identifying a “search.”  Otherwise we make Fourth Amendment law into a cargo cult, a set of rituals whose elegance of form is cold consolation for their abandonment of function.

Compare and Contrast

Fourth Amendment:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Supreme Court (Katz v. U.S.):

“[S]earches conducted outside the judicial process, without prior approval by judge or magistrate, are per se unreasonable under the Fourth Amendment—subject only to a few specifically established and well delineated exceptions.”

Washington Post:

“The Obama administration is seeking to make it easier for the FBI to compel companies to turn over records of an individual’s Internet activity without a court order if agents deem the information relevant to a terrorism or intelligence investigation.”