Tag: privacy

Kashmir Hill Has It Right…

on the Google privacy policy change.

The idea that people should be able to opt out of a company’s privacy policy strikes me as ludicrous.

Plus she embeds a valuable discussion among her Xtranormal friends. Highlight:

“Well, members of Congress don’t send angry letters about privacy issues very often.”

“Oh, well, actually, they do.”

Read the whole thing. Watch the whole thing. And, if you actually care, take some initiative to protect your privacy from Google, a thing you are well-empowered to do by the browser and computer you are using to view this post.

The Second-Day Story on U.S. v. Jones

Does a more careful reading of the Supreme Court’s decision in U.S. v. Jones turn up a lurking victory for the government?

Modern media moves so fast that the second-day story happens in the afternoon of the first. The Supreme Court ruled unanimously Monday morning that government agents conduct a Fourth Amendment search when they place a GPS device on a private vehicle and use it to monitor a suspect’s whereabouts for weeks at a time. Monday afternoon, a couple of commentators suggested that the case is less a win than many thought because it didn’t explicitly rule that a warrant is required to attach a GPS device to a vehicle.

Writing on the Volokh Conspiracy blog, George Washington University law professor Orin Kerr noted “What Jones Does Not Hold.”

The Court declined to reach when the installation of the device is reasonable or unreasonable. … So we actually don’t yet know if a warrant is required to install a GPS device; we just know that the installation of the device is a Fourth Amendment “search.”

And over on Scotusblog, Tom Goldstein found that “The Government Fared Much Better Than Everyone Realizes”:

[D]oes the “search” caused by installing a GPS device require a warrant? The answer may be no, given that no member of the Court squarely concludes it does and four members of the Court (those who join the Alito concurrence) do not believe it constitutes a search at all.

So there is a constitutional search when the government attaches a GPS device to a vehicle, but the Court conspicuously declined to say that such a search requires a warrant. Do we have an “a-ha” moment?

When the Supreme Court granted certiorari in the case, it took the unusual step of adding to the questions it wanted addressed. In addition to “[w]hether the warrantless use of a tracking device on respondent’s vehicle to monitor its movements on public streets violated the Fourth Amendment,” the Court wanted to know “whether the government violated respondent’s Fourth Amendment rights by installing the GPS tracking device on his vehicle without a valid warrant and without his consent.” These are both compound questions, but the dimension added by the second is the Fourth Amendment meaning of attaching a device to a vehicle. The case was about attaching a device to a vehicle, and if the Court didn’t walk through every clause in each of the questions presented, that’s why.

On that central question in the case, the government argued the following: “Attaching the GPS tracking device to respondent’s vehicle was not a search or seizure under the Fourth Amendment.” The government lost, full stop.

Now, it’s true that the Court’s majority opinion didn’t explictly find that the “search” that occurs when attaching and using a GPS device requires a warrant, but look at its characterization of the opinion it affirmed: “The United States Court of Appeals for the District of Columbia Circuit reversed [Jones’s] conviction because of admission of the evidence obtained by warrantless use of the GPS device which, it said, violated the Fourth Amendment.”

The Court did decline to consider the argument that the government might be able to attach a device based on reasonable suspicion or probable cause—that argument was “forfeited” by the government’s failure to raise it in the lower courts—but if the Supreme Court were limiting its holding to the attachment-as-search issue, it would have remanded the case back to the lower courts for further proceedings consistent with the opinion. It did not, and the sensible inference to draw from that is that the general rule applies: a warrant is required in the absence of one of the customary exceptions. Failing to make that explicit was not “opening a door” to a latent government victory. U.S. v. Jones was a unanimous decision rejecting the government’s warrantless use of outré technology to defeat the natural privacy protections provided by law and physics.

At least one serious lawyer I know has raised the point that I address here, and it is a real one, but some in the commentariat are a little too showy with their analysis and far too willing to go looking for a government victory in what is nothing other than a government defeat.

U.S. v. Jones: A Big Privacy Win

The Supreme Court has delivered a big win for privacy in U.S. v. Jones. That’s the case in which government agents placed a GPS device on a car and used it to track a person round-the-clock for four weeks. The question before the Court was whether the government may do this in the absence of a valid warrant. All nine justices say No.

That’s big, important news. The Supreme Court will not allow developments in technology to outstrip constitutional protections the way it did in Olmstead.

Olmstead v. United States was a 1928 decision in which the Court held that there was no Fourth Amendment search or seizure involved in wiretapping because law enforcement made “no entry of the houses or offices of the defendants.” It took 39 years for the Court to revisit that restrictive, property-based ruling and find that Fourth Amendment interests exist outside of buildings. “[T]he Fourth Amendment protects people, not places” went the famous line from Katz v. United States (1967), which has been the lodestar ever since.

For its good outcome, though, Katz has not served the Fourth Amendment and privacy very well. The Cato Institute’s brief argued to the Court that the doctrine arising from Katz “is weak as a rule for deciding cases.” As developed since 1967, “the ‘reasonable expectation of privacy’ test reverses the inquiry required by the Fourth Amendment and biases Fourth Amendment doctrine against privacy.”

Without rejecting Katz and reasonable expectations, the Jones majority returned to property rights as a basis for Fourth Amendment protection. “The Government physically occupied private property for the purpose of obtaining information” when it attached a GPS device to a private vehicle and used it to gather information. This was a search that the government could not conduct without a valid warrant.

The property rationale for deciding the case had the support of five justices, led by Justice Scalia. The other four justices would have used “reasonable expectations” to decide the same way, so they concurred in the judgement but not the decision. They found many flaws in the use of property and “18th-century tort law” to decide the case.

Justice Sotomayor was explicit in supporting both rationales for protecting privacy. With Justice Scalia, she argued, “When the Government physically invades personal property to gather information, a search occurs.” This language—more clear, and using the legal term of art “personal property,” which Justica Scalia did not—would seem to encompass objects like cell phones, the crucial tool we use today to collect, maintain, and transport our digital effects. Justice Sotomayor emphasized in her separate concurrence that the majority did not reject Katz and “reasonable expectations” in using property as the grounds for this decision.

Justice Sotomayor also deserves special notice for mentioning the pernicious third-party doctrine. “[I]t may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.” The third-party doctrine cuts against our Fourth Amendment interests in information we share with ISPs, email service providers, financial services providers, and so on. Reconsidering it is very necessary.

Justice Alito’s concurrence is no ringing endorsement of the “reasonable expectation of privacy” test. But he and the justices joining him see many problems with applying Justice Scalia’s property rationale as they interpreted it.

Along with the Scalia-authored Kyllo decision of 2001, Jones is a break from precedent. It may seem like a return to the past, but it is also a return to a foundation on which privacy can be more secure.

More commentary here in the coming days and weeks will explore the case’s meaning more fully. Hopefully, more Supreme Court cases in coming years and decades will clarify and improve Fourth Amendment doctrine.

Information Regulation that Hasn’t Worked

When Senator William Proxmire (D-WI) proposed and passed the Fair Credit Reporting Act forty years ago, he almost certainly believed that the law would fix the problems he cited in introducing it. It hasn’t. The bulk of the difficulties he saw in credit reporting still exist today, at least to hear consumer advocates tell it.

Advocates of sweeping privacy legislation and other regulation of the information economy would do well to heed the lessons offered by the FCRA. Top-down federal regulation isn’t up to the task of designing the information society. That’s the upshot of my new Policy Analysis, “Reputation under Regulation: The Fair Credit Reporting Act at 40 and Lessons for the Internet Privacy Debate.” In it, I compare Senator Proxmire’s goals for the credit reporting industry when he introduced the FCRA in 1969 against the results of the law today. Most of the problems that existed then persist today. Some problems with credit reporting have abated and some new problems have emerged.

Credit reporting is a complicated information business. Challenges come from identity issues, judgments about biography, and the many nuances of fairness. But credit reporting is simple compared to today’s expanding and shifting information environment.

“Experience with the Fair Credit Reporting Act counsels caution with respect to regulating information businesses,” I write in the paper. “The federal legislators, regulators, and consumer advocates who echo Senator Proxmire’s earnest desire to help do not necessarily know how to solve these problems any better than he did.”

Management of the information economy should be left to the people who are together building it and using it, not to government authorities. This is not because information collection, processing, and use are free of problems, but because regulation is ill-equipped to solve them.

U.S. v. Jones: The Court’s Search for a Rationale

I attended the Supreme Court’s oral argument in U.S. v. Jones today, the case dealing with the Fourth Amendment constitutionality of using GPS to track individuals’ movements without a warrant. Predicting outcomes is fraught, and you’re getting your money’s worth from the following free observations.

It seemed to me that most members of the Court want to rule that the government does not have free reign to attach GPS devices to cars. Justices Kennedy, Breyer, and Sotomayor, for example, noted the vast consequences if the government were to win the case. Law enforcement could attach tracking devices to people’s overcoats, for example, and monitor their movements throughout society without implicating the Fourth Amendment. Voluble as he often is, Justice Scalia did not say that the Fourth Amendment doesn’t reach GPS because GPS data wasn’t around for the Framers to insulate from government access.

Justice Alito’s thinking seemed to venture the furthest. He noted how insufficient it would be if the Court were to decide the case based on the narrow ground that attaching a GPS device to a car is an unreasonable seizure. Doing so would not account for the vast amount of personal data the government might access without attaching something to a car, clothing, or other property. If not in this case, the Court will soon have to face the (pernicious) third-party doctrine, which holds that a person has no Fourth Amendment interests in information shared with others.

If the Court desires to rule against the government, the one thing it lacks is a rationale for doing so. When it was time for Jones’s counsel to argue, the Justices seemed frustrated not to have a principle on which to base a decision.

Justice Scalia early-on declared his concern with GPS tracking and his dismay that the “reasonable expectation of privacy” test from Katz v. United States (1967) might shrink the zone of privacy the Framers sought to protect in the Fourth Amendment. But he later retreated into a sort of catch-all posture: the Congress can control GPS tracking if it wants. (Jones’s counsel cleverly suggested that there were 535 reasons not to do that.)

Other Justices’ questions danced awkwardly with the “reasonable expectation of privacy” test. Justice Kennedy was equivocal once about whether it would apply. Chief Justice Roberts seemed acutely aware of the Court’s incompetence to make judgments of such broad societal sweep. This is for good reason: there is no way to determine what society thinks, or what is “reasonable” in terms of privacy, when new technologies are applied new ways.

The solution to this conundrum can be found in the Cato Institute’s amicus brief in the Jones case. The Court should not use the “reasonable expectation of privacy” test from Justice Harlan’s Katz concurrence. Rather, it should follow the majority holding, which accorded Fourth Amendment protection to information that Katz had kept private using physical and legal arrangements. The government stands in the same shoes as the general public when it comes to private information—that is, information that can’t be accessed legally or with ordinary perception. When the government accesses information that was otherwise private, those searches and seizures must be reasonable and must almost always be based upon a warrant.

This way of administering the Fourth Amendment is not a snap of the fingers. There will be details to hash out when the Court eventually finds that having a Fourth Amendment interest in information turns on a factual question: whether someone has concealed information about him- or herself.

The biggest impediment to adoption of this rule may be getting lawyers to realize that “reasonable expectation of” is not a prefix required every time they use the word “privacy.”

I Told Ya So

The Children’s Online Privacy Protection Act became law just over thirteen years ago, passed in the name of protecting children online. It imposes various obligations on Web sites providing content to children thirteen and under.

So? How’s it doing?

danah boyd (she doesn’t capitalize her name) is a skilled researcher into the worlds of social media, youth practices, “public” and “private,” social networking, and other intersections between technology and society. In a Huffington Post article published this week, she reveals conclusions from her research into COPPA and its results. Here are some choice lines from “Why Parents Help Tweens Violate Facebook’s 13+ Rule”:

COPPA is a well-intentioned piece of legislation with unintended consequences for parents, educators, and the public writ large. It has stifled innovation for sites focused on children and its implementations have made parenting more challenging. …

Rather than reinforcing or extending a legal regime that produces age-based restrictions which parents actively circumvent, we need to step back and rethink the underlying goals behind COPPA and develop new ways of achieving them. This begins with a public conversation about what it means to parent in a digital world.

That is a non-libertarian’s research-based conclusion about the COPPA law and its poor fit between means and ends—using federal Internet regulation to protect children. It echoes the words of a report issued a decade ago finding that the White House Web site had violated a Clinton administration policy applying COPPA to federal Web sites.

The difficulty of applying the Children’s Online Privacy Protection Act to just one leading federal Web site … shows how governments rob people of power over information about themselves and their children. It also suggests that future privacy laws and regulations should be studied much more carefully before being put into effect. On government or private-sector Web sites, they can be deeply burdensome and have dramatic unintended effects.

That’s yours truly in a report entitled “Making the Rules, Breaking the Rules: How the “White House for Kids” Web Site Violates Federal Privacy Policy.” The report helped generate a USA Today editorial, which in turn drew a response from White House Chief of Staff John Podesta. Pretty good for a kid trying to break in the debate about privacy policy.

boyd’s research has borne out what this student of privacy told you a decade ago: Policymakers don’t know enough about society to decide how the manifold interests people pursue online can properly be protected. We have parents for that.

Our free society should decide how the Internet works and how people communicate on it.

Biometrics Collection = Risk Creation

Why shouldn’t the government collect biometric data unless absolutely necessary? Things like this can happen to it:

The stolen database contained the name, date of birth, national identification number, and family members of 9 million Israelis, living and dead. More alarmingly, the database contained information on the birth parents of hundreds of thousands of adopted Israelis—including children—and detailed health information on individual citizens.

It’s a good, short write-up from Fast Company. Read the whole thing and pass it along.