Tag: third party doctrine

If You Think Smith v. Maryland Permits Mass Surveillance, You Haven’t Read Smith v. Maryland

… and you’re not following developments in Fourth Amendment law.

Jeffrey Toobin is the latest to claim that Smith v. Maryland settles the Fourth Amendment issues around the National Security Agency’s acquisition of data about every call made in the United States. He even links to the text of the decision in a recent blog post.

The majority opinion in Smith did say that people don’t have a reasonable expectation of privacy in phone records, but that rationale is weak, and the facts of Smith are inapposite to the present controversy. I think that’s easily gathered from reading the case with awareness of legal currents.

Here’s what happened in Smith:

On March 5, 1976, in Baltimore, Md., Patricia McDonough was robbed. She gave the police a description of the robber and of a 1975 Monte Carlo automobile she had observed near the scene of the crime. After the robbery, McDonough began receiving threatening and obscene phone calls from a man identifying himself as the robber. On one occasion, the caller asked that she step out on her front porch; she did so, and saw the 1975 Monte Carlo she had earlier described to police moving slowly past her home. On March 16, police spotted a man who met McDonough’s description driving a 1975 Monte Carlo in her neighborhood. By tracing the license plate number, police learned that the car was registered in the name of petitioner, Michael Lee Smith.

The next day, the telephone company, at police request, installed a pen register at its central offices to record the numbers dialed from the telephone at petitioner’s home. The police did not get a warrant or court order before having the pen register installed. The register revealed that on March 17 a call was placed from petitioner’s home to McDonough’s phone. On the basis of this and other evidence, the police obtained a warrant to search petitioner’s residence. The search revealed that a page in petitioner’s phone book was turned down to the name and number of Patricia McDonough; the phone book was seized. Petitioner was arrested, and a six-man lineup was held on March 19. McDonough identified petitioner as the man who had robbed her. (citations omitted)

All Your Records Are Belong to U.S.

Twice in the last month, the Ninth Circuit Court of Appeals has affirmed that the government can access records about you held by third parties without getting a warrant. It’s a nice illustration of the broad and deep reach of the “third party doctrine.”

U.S. v. Golden Valley Electric Association is the more recent of the two. In that case, the government delivered an administrative subpoena to a member-owned electricity cooperative asking for quite a bit of information about three residences it served:

customer information including full name, address, telephone number, and any account information for customer; method of payment (credit card, debit card, cash, check) with card number and account information; to include power consumption records and date(s) service was initiated and terminated for the period 10-01-2009 through 12-14-2010…

Golden Valley resisted the subpoena on a number of bases, including by arguing that criminal investigations require a warrant.

The court rejected the Fourth Amendment argument because the customer of a business like Golden Valley “lacks ‘a reasonable expectation of privacy in an item,’ like a business record, ‘in which he has no possessory or ownership interest.’” That’s the third-party doctrine: The government can access your electricity usage records and billing information without implicating the Fourth Amendment.

In mid-July, a different panel of the Ninth Circuit concluded the same thing about hotel records.

Los Angeles Municipal Code section 41.49 requires hotel operators to maintain information about their guests,

including name and address; total number of guests; make, type and license number of the guest’s vehicle if parked on hotel premises; date and time of arrival; scheduled date of departure; room number; rate charged and collected; method of payment; and the name of the hotel employee who checked the guest in.

These records must be held for 90 days and made available for inspection by any officers of the Los Angeles Police Department.

The owners of motels in Los Angeles challenged the law as a facial violation of the Fourth Amendment. The court rejected that argument, finding that the information the ordinance makes available to law enforcement “does not, on its face, appear confidential or ‘private’ from the perspective of the hotel operator.” For their part, hotel guests do not have a “reasonable expectation of privacy in guest registry information once they have provided it to the hotel operator.”

This is another unremarkable application of the third party doctrine, which says that people do not have Fourth Amendment rights against unreasonable search and seizure with respect to information they have shared with others.

Last January, in her concurrence to the Supreme Court’s ruling in U.S. v. Jones, Justice Sotomayor questioned the “third party doctrine” (as Justice Alito had done during oral argument).

[I]t may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers.

It is not a slam dunk that utility and hotel records should be Fourth-Amendment protected, requiring probable cause and a warrant before law enforcement can access them. But if electric providers and hoteliers maintain information in confidence due to contractual or regulatory obligations, that should extend the protection of the Fourth Amendment to what I think of as the digital effects created by modern living. This is not so much because of the sensitivities around electricity use or lodging, but because this is the rule we need to secure the much more sensitive data we routinely share and store with third parties online.