Tag: Fourth Amendment

What You Don’t Know Won’t Hurt You (Surveillance State Edition)

While there are many choice tidbits to relate from Tuesday’s hearings on PATRIOT Act reform at the House Judiciary Committee’s Subcommittee on the Constitution—not least the fellow who had to be wrestled from the room, literally kicking and screaming, after he tried to stand and interrupt with a complaint about alleged FBI violations of his civil rights—I’ll just relate a novel theory of the Fourth Amendment advanced by Rep. Steve King (R-Iowa).

The ACLU’s Mike German, a former FBI agent turned surveillance policy expert, was explaining that it’s hard to know whether expansive surveillance powers are being abused, they’re mostly used in secret and deployed via third-parties like financial institutions and telecoms, who have little incentive to raise much fuss or draw attention to their cooperation. King interrupted to suggest that if we weren’t hearing about constitutional challenges, then it was probably safe to assume there was no Fourth Amendment harm. German tried to reiterate that the people whose privacy interests were directly harmed typically would not know they had ever been targeted.

That, King declared, was precisely the point. Surveillance of which the subject never became aware, he said, could be compared to a “tree falling in the forest” when nobody’s around. In other words, if you aren’t ultimately prosecuted, and don’t even feel subjective distress as a result of the knowledge that your private records or communications have been pored over, then it’s presumably no harm, no  foul. If we take this line of thinking literally, sufficiently secret surveillance can never be unconstitutional, which would seem to make King a spiritual cousin of Richard “if the president does it, that means it’s not illegal” Nixon.

Picture Don Draper Stamping on a Human Face, Forever

Last week, a coalition of 10 privacy and consumer groups sent letters to Congress advocating legislation to regulate behavioral tracking and advertising, a phrase that actually describes a broad range of practices used by online marketers to monitor and profile Web users for the purpose of delivering targeted ads. While several friends at the Tech Liberation Front have already weighed in on the proposal in broad terms – in a nutshell: they don’t like it – I think it’s worth taking a look at some of the specific concerns raised and remedies proposed. Some of the former strike me as being more serious than the TLF folks allow, but many of the latter seem conspicuously ill-tailored to their ends.

First, while it’s certainly true that there are privacy advocates who seem incapable of grasping that not all rational people place an equally high premium on anonymity, it strikes me as unduly dismissive to suggest, as Berin Szoka does, that it’s inherently elitist or condescending to question whether most users are making informed choices about their privacy. If you’re a reasonably tech-savvy reader, you probably know something about conventional browser cookies, how they can be used by advertisers to create a trail of your travels across the Internet, and how you can limit this.  But how much do you know about Flash cookies? Did you know about the old CSS hack I can use to infer the contents of your browser history even without tracking cookies? And that’s without getting really tricksy. If you knew all those things, congratulations, you’re an enormous geek too – but normal people don’t.  And indeed, polls suggest that people generally hold a variety of false beliefs about common online commercial privacy practices.  Proof, you might say, that people just don’t care that much about privacy or they’d be attending more scrupulously to Web privacy policies – except this turns out to impose a significant economic cost in itself.

The truth is, if we were dealing with a frictionless Coaseian market of fully-informed users, regulation would not be necessary, but it would not be especially harmful either, because users who currently allow themselves to be tracked would all gladly opt in. In the real world, though, behavioral economics suggests that defaults matter quite a lot: Making informed privacy choices can be costly, and while an opt-out regime will probably yield tracking of some who would prefer not to be under conditions of full information and frictionless choice, an opt-in regime will likely prevent tracking of folks who don’t object to tracking. And preventing that tracking also has real social costs, as Berin and Adam Thierer have taken pains to point out. In particular, it merits emphasis that behavioral advertising is regarded by many as providing a viable business model for online journalism, where contextual advertising tends not to work very well: There aren’t a lot of obvious products to tie in to an important investigative story about municipal corruption. Either way, though, the outcome is shaped by the default rule about the level of monitoring users are presumed to consent to. So which set of defaults ought we to prefer?

Here’s why I still come down mostly on Adam and Berin’s side, and against many of the regulatory remedies proposed. At the risk of stating the obvious, users start with de facto control of their data. Slightly less obvious: While users will tend to have heterogeneous privacy preferences – that’s why setting defaults either way is tricky – individual users will often have fairly homogeneous preferences across many different sites. Now, it seems to be an implicit premise of the argument for regulation that the friction involved in making lots of individual site-by-site choices about privacy will yield oversharing. But the same logic cuts in both directions: Transactional friction can block efficient departures from a high-privacy default as well. Even a default that optimally reflects the median user’s preferences or reasonable expectations is going to flub it for the outliers. If the variance in preferences is substantial, and if different defaults entail different levels of transactional friction, nailing the default is going to be less important than choosing the rule that keeps friction lowest. Given that most people do most of their Web surfing on a relatively small number of machines, this makes the browser a much more attractive locus of control. In terms of a practical effect on privacy, the coalition members would probably achieve more by persuading Firefox to set their browser to reject third-party cookies out of the box than from any legislation they’re likely to get – and indeed, it would probably have a more devastating effect on the behavioral ad market. Less bluntly, browsers could include a startup option that asks users whether they want to import an exclusion list maintained by their favorite force for good.

On the model proposed by the coalition, individuals have to make affirmative decisions about what data collection to permit for each Web site or ad network at least once every three months, and maybe each time they clear their cookies. If you think almost everyone would, if fully informed, opt out of such collection, this might make sense. But if you take the social benefits of behavioral targeting seriously, this scheme seems likely to block a lot of efficient sharing. Browser-based controls can still be a bit much for the novice user to grapple with, but programmers seem to be getting better and better at making it more easy and automatic for users to set privacy-protective defaults. If the problem with the unregulated market is supposed to be excessive transaction costs, it seems strange to lock in a model that keeps those costs high even as browser developers are finding ways to streamline that process. It’s also worth considering whether such rules wouldn’t have the perverse consequence of encouraging consolidation across behavioral trackers. The higher the bar is set for consent to monitoring, the more that consent effectively becomes a network good, which may encourage concentration of data in a small number of large trackers – not, presumably, the result privacy advocates are looking for. Finally – and for me this may be the dispositive point – it’s worth remembering that while American law is constrained by national borders, the Internet is not. And it seems to me that there’s a very real danger of giving the least savvy users a false sense of security – the government is on the job guarding my privacy! no need to bother learning about cookies! – when they may routinely and unwittingly be interacting with sites beyond the reach of domestic regulations.

There are similar practical difficulties with the proposal that users be granted a right of access to behavioral tracking data about them.  Here’s the dilemma: Any requirement that trackers make such data available to users is a potential security breach, which increases the chances of sensitive data falling into the wrong hands. I may trust a site or ad network to store this information for the purpose of serving me ads and providing me with free services, but I certainly don’t want anyone who sends them an e-mail with my IP address to have access to it. The obvious solution is for them to have procedures for verifying the identity of each tracked user – but this would appear to require that they store still more information about me in order to render tracking data personally identifiable and verifiable. A few ways of managing the difficulty spring to mind, but most defer rather than resolve the problem, and add further points of potential breach.

That doesn’t mean there’s no place for government or policy change here, but it’s not always the one the coalition endorses. Let’s look  more closely at some of their specific concerns and see which, if any, are well-suited to policy remedies. Only one really has anything to do with behavioral advertising, and it’s easily the weakest of the bunch. The groups worry that targeted ads – for payday loans, sub-prime mortgages, or snake-oil remedies – could be used to “take advantage of vulnerable consumers.” It’s not clear that this is really a special problem with behavioral ads, however: Similar targeting could surely be accomplished by means of contextual ads, which are delivered via relevant sites, pages, or search terms rather than depending on the personal characteristics or browsing history of the viewer – yet the groups explicitly aver that no new regulation is appropriate for contextual advertising. In any event, since whatever problem exists here is a problem with ads, the appropriate remedy is to focus on deceptive or fraudulent ads, not the particular means of delivery. We already, quite properly, have rules covering dishonest advertising practices.

The same sort of reply works for some of the other concerns, which are all linked in some more specific way to the collection, dissemination, and non-advertising use of information about people and their Web browsing habits. The groups worry, for instance, about “redlining” – the restriction or denial of access to goods, services, loans, or jobs on the basis of traits linked to race, gender, sexual orientation, or some other suspect classification. But as Steve Jobs might say, we’ve got an app for that: It’s already illegal to turn down a loan application on the grounds that the applicant is African American. There’s no special exemption for the case where the applicant’s race was inferred from a Doubleclick profile. But this actually appears to be something of a redlining herring, so to speak: When you get down into the weeds, the actual proposal is to bar any use of data collected for “any credit, employment, insurance, or governmental purpose or for redlining.” This seems excessively broad; it should suffice to say that a targeter “cannot use or disclose information about an individual in a manner that is inconsistent with its published notice.”

Particular methods of tracking may also be covered by current law, and I find it unfortunate that the coalition letter lumps together so many different practices under the catch-all heading of “behavioral tracking.” Most behavioral tracking is either done directly by sites users interact with – as when Amazon uses records of my past purchases to recommend new products I might like – or by third party companies whose ads place browser cookies on user computers. Recently, though, some Internet Service Providers have drawn fire for proposals to use Deep Packet Inspection to provide information about their users’ behavior to advertising partners – proposals thus far scuppered by a combination of user backlash and congressional grumbling. There is at least a colorable argument to be made that this practice would already run afoul of the Electronic Communications Privacy Act, which places strict limits on the circumstances under which telecom providers may intercept or share information about the contents of user communications without explicit permission. ECPA is already seriously overdue for an update, and some clarification on this point would be welcome. If users do wish to consent to such monitoring, that should be their right, but it should not be by means of a blanket authorization in eight-point type on page 27 of a terms-of-service agreement.

Similarly welcome would be some clarification on the status of such behavioral profiles when the government comes calling. It’s an unfortunate legacy of some technologically atavistic Supreme Court rulings that we enjoy very little Fourth Amendment protection against government seizure of private records held by third parties – the dubious rationale being that we lose our “reasonable expectation of privacy” in information we’ve already disclosed to others outside a circle of intimates. While ECPA seeks to restore some protection of that data by statute, we’ve made it increasingly easy in recent years for the government to seek “business records” by administrative subpoena rather than court order. It should not be possible to circumvent ECPA’s protections by acquiring, for instance, records of keyword-sensitive ads served on a user’s Web-based e-mail.

All that said, some of the proposals offered up seem,while perhaps not urgent, less problematic. Requiring some prominent link to a plain-English description of how information is collected and used constitutes a minimal burden on trackers – responsible sites already maintain prominent links to privacy policies anyway – and serves the goal of empowering users to make more informed decisions. I’m also warily sympathetic to the idea of giving privacy policies more enforcement teeth – the wariness stemming from a fear of incentivizing frivolous litigation. Still, the status quo is that sites and ad networks profitably elicit information from users on the basis of stated privacy practices, but often aren’t directly liable to consumers if they flout those promises, unless the consumer can show that the breach of trust resulted in some kind of monetary loss.

Finally, a quick note about one element of the coalition recommendations that neither they nor their opponents seem to have discussed much – the insistence that there be no federal preemption of state privacy law. I assume what’s going on here is that the privacy advocates expect some states to be more protective of privacy than Congress or the FTC would be, and want to encourage that, while libertarians are more concerned with keeping the federal government from getting involved at all. But really, if there’s an issue that was made for federal preemption, this is it.  A country where vendors, advertisers, and consumers on a borderless Internet have to navigate 50 flavors of privacy rules to sell a banner add or an iTunes track does not sound particularly conducive to privacy, commerce, or informed consumer choice.

Victory for Decency at the Supreme Court

The Supreme Court’s decision today in Safford Unified School District #1 et al. v. Redding was a victory for privacy and decency. The Court held that a middle school violated the Fourth Amendment rights of a thirteen-year-old girl by strip searching her in a failed effort to find Ibuprofen pills and an over-the-counter painkiller.

The Cato Institute filed an amicus brief, joined by the Rutherford Institute and the Goldwater Institute, opposing such abuses of school officials’ authority. The search in this case should have ended with the student’s backpack and pockets; forcing a teenage girl to pull her bra and panties away from her body for visual inspection is an invasion of privacy that must be reserved for extreme cases. School officials should be authorized to conduct such a search only when they have credible evidence that the student is in possession of objects posing a danger to the school and that the student has hidden them in a place that only a strip search will uncover.

Today’s decision should not come as a surprise. School officials were not granted unlimited police power in the seminal student search case, New Jersey v. T.L.O. Justice Stevens explored the limits of school searches in his partial concurrence and partial dissent, specifically mentioning strip searches. “To the extent that deeply intrusive searches are ever reasonable outside the custodial context, it surely must only be to prevent imminent, and serious harm.”

The Fourth Amendment exists to preserve a balance between the individual’s reasonable expectation of privacy and the state’s need for order and security. Unnecessarily traumatizing students with invasive and humiliating breaches of personal privacy upsets this balance. Today’s decision restores reasonable limits to student searches and provides valuable guidance to school officials.

Schneier and Friends on Fixing Airport Security

Security guru Bruce Schneier comes down on the strictly pragmatic side in this essay called “Fixing Airport Security.” Because of terrorism fears, he says, TSA checkpoints are “here to stay.” The rules should be made more transparent. He also argues for an amendment to some constitutional doctrines:

The Constitution provides us, both Americans and visitors to America, with strong protections against invasive police searches. Two exceptions come into play at airport security checkpoints. The first is “implied consent,” which means that you cannot refuse to be searched; your consent is implied when you purchased your ticket. And the second is “plain view,” which means that if the TSA officer happens to see something unrelated to airport security while screening you, he is allowed to act on that. Both of these principles are well established and make sense, but it’s their combination that turns airport security checkpoints into police-state-like checkpoints.

The comments turn up an important recent Fourth Amendment decision circumscribing TSA searches. In a case called United States v. Fofana, the district court for the southern district of Ohio held that a search of passenger bags going beyond what was necessary to detect articles dangerous to air transportation violated the Fourth Amendment. “[T]he need for heightened security does not render every conceivable checkpoint search procedure constitutionally reasonable,” wrote the court.

Application of this rule throughout the country would not end the “police-state-like checkpoint,” but at least rummaging of our things for non-air-travel-security would be restrained.

I prefer principle over pragmatism and would get rid of TSA.

Dance Like Thomas Jefferson’s Watching

As Thomas Jefferson’s birthday (April 13) approaches – and last night being the first night of Passover, which Jews celebrate to commemorate their deliverance from slavery – I thought I’d comment on a disturbing tale that reminds us again that “the price of liberty is eternal vigilance.”

In celebration of Thomas Jefferson’s (265th) birthday last year, about 20 D.C.-area libertarians gathered at the Jefferson Memorial just before midnight.  The plan was to have a music-through-headphones dance party for the father of the Declaration of Independence (i.e. each person would dance to the tune of his individual iPod). I was actually supposed to attend, but for some reason did not make it.

It was a short-lived party, however, with an ending that would almost certainly have made our nation’s third president frown in disapproval.

Shortly after the silent bopping started, U.S. Park Police officers began to disperse the partygoers. After shooing and pushing revelers (who were drunk only on liberty) off the memorial, one officer confronted the lone remaining dancer, Brooke Oberwetter, and told her to leave.  Oberwetter calmly asked what law or rules she was violating.  The officer provided no explanation but continued to insist that she leave.  Not satisfied with the officer’s response, Oberwetter stood her ground – until the officer pushed her against a stone pillar, handcuffed her, and led her away.

Now, nearly one year later – after the citation against her (for “interfering with an agency function,” whatever that means) was neither dropped nor pursued – Oberwetter filed suit in the U.S. District Court for the District of Columbia against the arresting officer, Kenneth Hilliard, and the Secretary of the Interior, Kenneth Salazar (whose office oversees the Park Police). Oberwetter argues that Hilliard and the Park Police violated her First Amendment rights by interrupting and preventing her expressive activity and freedom of assembly.  She also alleges that here Fourth Amendment rights were violated when she was arrested without probable cause and with excessive force.

The complaint, available here, is a model of legal writing.  Pithy, legally sound, and eminently readable, I cannot recommend it more highly to law students and young lawyers.  This is perhaps not surprising because Oberwetter’s counsel is none other than my friend Alan Gura, who last year successfully argued D.C. v. Heller before the Supreme Court.
Here’s a recent TV news story about the case and here’s Radley Balko’s (formerly of Cato, now at Reason) original post about the incident.

Full disclosure: While our tenures never crossed, Oberwetter is a former Cato employee – and a social acquaintance.  I wish Brooke and Alan the best in their fight against such arbitrary use of government power to oppress basic liberty.  (As Alan told me, a good rule of thumb for police: if you can’t think of any charges, even a few weeks later, it was probably a bad arrest.)  And I hope the incident gets Kevin Bacon thinking sequel.

School Strips Student of Clothes, Rights

A middle-school student who was caught red-handed with prescription-strength ibuprofen (in violation of the school’s drug policy) implicated another 13-year-old girl, Savana Redding. On the sole basis of this accusation, school officials searched Savana’s backpack, finding no evidence of drug use, drug possession, or any other illegal or improper conduct. They then took the girl to the nurse’s office and ordered her to undress. Not finding any pills in Savana’s pants or shirt, the officials ordered the girl to pull out her bra and panties and move them to the side. The observation of Savana’s genital area and breasts also failed to reveal any contraband.

Savana’s mother, whom Savana had not been permitted to call before or during the strip search, sued the school district and officials for violating her daughter’s Fourth Amendment rights to be protected from unreasonable search and seizure. The trial court and a panel of the Ninth Circuit ruled against her, but the en banc Ninth Circuit reversed, finding the search unjustified and unreasonable in scope, and therefore unconstitutional. The Supreme Court granted the school district’s petition for review.

Cato, joined by the Rutherford Institute and Goldwater Institute, filed a brief supporting the Reddings’ suit, arguing that strip searches, particularly of students, are subject to a higher level of scrutiny than other kinds of searches. Such searches are reasonable only when school officials have highly credible evidence showing that (1) the student is in possession of objects posing a significant danger to the school and (2) the student has secreted the objects in a place only a strip search will uncover.

In this case, there was insufficient factual basis for the strip search and the search was not reasonably related and disproportionate to the school officials’ investigation. The Supreme Court should thus affirm the Ninth Circuit and establish that such searches may be undertaken only when compelling evidence suggests a strip search is necessary to preserve school safety and health.

Safford Unified School District No. 1 v. Redding will be argued at the Supreme Court on April 21.

Pages