Topic: Telecom, Internet & Information Policy

Kerr Defends the Third-Party Doctrine

Orin Kerr is a law professor at George Washington University and a blogger on the popular Volokh Conspiracy. He is a thoughtful, open-minded legal scholar, but I don’t think it’s unfair to say that he reliably sides with law enforcement on Fourth Amendment issues.

He recently posted a draft article defending the third-party doctrine, which is an interpretation of the Fourth Amendment holding that a person sharing information with a third party cannot make a Fourth Amendment claim to protection of that information. Use an ISP to transmit your email? No Fourth Amendment protection for its contents. Have a bank account? No Fourth Amendment protection for your banking records. Etc.

He treats as similar two issues that I see as separate: revelations gleaned from informants/agents and from business records. I have always thought of the third-party doctrine as being about business records. My remarks here apply to that area only.

I think the third-party doctrine was never right, and that it grows more wrong with each step forward in modern, connected living. Incredibly deep reservoirs of information are constantly collected by third-party service providers today. Cellular telephone networks pinpoint customers’ locations throughout the day through the movement of their phones. Internet service providers maintain copies of huge swaths of the information that crosses their networks, tied to customer identifiers. Search engines maintain logs of searches that can be correlated to specific computers and usually the individuals that use them. Payment systems record each instance of commerce, and the time and place it occurred. The third-party doctrine exempts law enforcement from the Fourth Amendment’s reasonableness and warrant requirements when it looks at these records.

It’s wonderfully contrarian to run against the grain and defend the third-party doctrine, which has plenty of detractors, but sometimes contrarians can be wrong. I think Professor Kerr is, and here I’ll briefly lay out a few of the fundamental differences I have with his paper—all toward the end of perfecting it before it’s published in the Michigan Law Review next year, of course!

The basic gist of the article is that the third-party doctrine is better than most people think, for two reasons. First, it’s technologically neutral. It prevents criminals from making opportunistic use of technology to circumvent the basic balance between security and privacy struck by the Fourth Amendment. Second, it’s easier to administer than alternatives. The arguments against the third-party doctrine are weaker than most people believe, Kerr says.

Rather than wedging the third-party doctrine into the “reasonable expectation of privacy” framework arising out of Katz v. United States, Kerr argues that the third-party doctrine should be thought of as a form of consent. People sharing information with others are consenting to have it searched.

To make the third-party doctrine more palatable, he argues that substitutes for it help control against abusive practices. These include common law privileges, entrapment law, the Massiah doctrine, First Amendment doctrine, statutory privacy protections, and the rights of third parties themselves.

My differences with Kerr are plentiful. Starting at the 30,000 foot level, my sense is that Kerr is treating the Fourth Amendment as a rule about criminal procedure. Oh sure, it’s classed that way in the legal academy, it has most of its application in criminal cases, and I first studied Fourth Amendment law in my constitutional criminal procedure class. But add this to the list of things I didn’t learn in law school: The touchstone of the Fourth Amendment is the security of the people—all of them—against unreasonable searches and seizures of their persons, houses, papers and effects. “The people” refers to all of us, the law-abiding citizens.

(Kerr’s argument that the third-party doctrine is preferable because it’s easy to administer holds no weight if the rule derogates from the security of the people, and I’m confident that courts and police departments could manage other rules. That’s all I’ll have to say on that point so I can focus on Kerr’s point about technological neutrality.)

The interplay of the Fourth Amendment and technology is interesting, but I don’t think technological neutrality is a terribly relevant or useful metric for Fourth Amendment doctrine. Since the Fourth Amendment was adopted, technology has certainly shifted the scope of human enterprise. I imagine that in the late 1700’s most everything of deep import to people’s lives—personal and professional—happened in or near the home, so it was natural that the home was a place of high Fourth Amendment protection, and “home” was a useful proxy for “what should be protected.”

Since then, technological changes of all kinds have given us the freedom to take our lives outward. We move around much more within our communities and from one to another; we stay in different places and move our residences much more often; we communicate and transact using new technologies; and our things—both tangible and digital—come to rest many more places than they used to.

Focusing on technological neutrality would move our attention off the thing that matters—the security of the people—to whatever privacy people got in the late 1700’s from the buildings they constructed around themselves and lived in. Housing was the technology of the time. It was both the locus of activity and the source of security in persons, papers, and effects. (Thanks to the Fourth Amendment, it provided equal security against others as against the government.) It would be odd to let the technology of that time set the standard. Was there something special about the technology of that particular time that affixed the scope of people’s rights? Why weren’t they set in the era of the caveman? Or … 1957?

In 1967, of course, the Katz Court recognized that the expanded scope of human action needed coordinate expansion of Fourth Amendment protection, and it said in famous language, “the Fourth Amendment protects people, not places.” Katz preserved the security of the people as the technology moved their lives from “inside houses” to “on the phone” and elsewhere.

(It’s interesting to note how many times Kerr refers to the Fourth Amendment as protecting places: “Fourth Amendment protection for information matches the Fourth Amendment protection for the environment in which it is stored.” He could almost be arguing to undo Katz.)

The welcome vision displayed in Katz counsels that the Fourth Amendment should naturally protect people as they come to use other instrumentalities—automated machinery owned by third parties, in particular—to expand the scope of their lives yet again.

Kerr spends a good deal of time explaining how third parties like phone companies, ISPs, online banks, and such allow people to hide illegal behavior that would otherwise take place in public. But this is true of every technology. Fourth Amendment protection for houses allowed criminals to use houses in concealment of crime rather than planning crime in open fields as they otherwise would have had to do. The thing is, letting the vast majority of honest people be confident in the security of their houses has had more benefits than the costs of letting criminals make use of that protection for crime. This will be true of nearly every technology.

Technological neutrality isn’t really relevant. What’s relevant is preserving the same security for people and their stuff that they should have in a free society. It’s a consistent level of this security that matters—not technological neutrality.

A theme unfortunately not running through Kerr’s paper is how much it’s oriented toward victimless crimes, which require much more surveillance than real crime. At one point, he tellingly refers to crime as “the transaction,” not “the theft” or “the murder” or anything like that—“the transaction.” He’s talking about money laundering, prostitution, gambling, bootlegging, and the like.

Real crimes have complainants who tell the police. There isn’t a problem with discovering these crimes or knowing where to start looking for the criminals. The third-party doctrine is intimately bound up with the War on Drugs. Kerr should surface this and grant forthrightly that the third-party doctrine exists for and because of victimless crime laws.

It’s a fascinating idea—and weird—that sharing information with a third party is a form of consent to it being searched by the government. This area deserves more thinking, but my initial impression is that the word “consent” loses the moorings that make it meaningful if consent to a search is imputed to any sharing of information.

The consent argument, and much of Kerr’s other points are bound up with the “reasonable expectation of privacy” doctrine that evolved from Katz. Rather than go through everything now—as I write, it happens to be Friday a little after 5:00 p.m.—I’ll just mention that I have an article coming out soon in the American University Law Review showing that the “reasonable expectation of privacy” test from Justice Harlan’s concurrence is not even supported by the majority’s holding in that case.

There is much more to know about privacy. Kerr treats lost privacy and official abuse as essentially the same, though they’re quite different. (Two chapters in my book on identification policy discuss the free-standing importance of privacy and anonymity.) So many people have thrown themselves onto the “reasonable expectation of privacy” pyre based on that well-intended but mistaken concurrence. It won’t have to happen any more once my article comes out.

I’m going to send Professor Kerr an advance copy. Perhaps the final version of his article will sparkle from the exposure to it!

Patent Failure

This week I’m filling in for libertarian blogger Megan McArdle at the Atlantic. Yesterday I finished a three part discussion of Patent Failure, an excellent new book on the patent system by James Besson and Michael Meurer.

The use of the phrase “intellectual property” to describe patents and copyrights has become so commonplace that we barely give it a second thought. I think that’s unfortunate, because the question of whether patents can sensibly be considered a kind of property is an empirical question, not merely a matter of semantics or tradition.

In my first post, I discuss the key characteristics of a patents system — clear boundaries and positive incentives for innovation, and argue that the patent system tends to fulfill those characteristics with respect to the chemical and pharmaceutical industry. In my second post, I shift my attention to the rest of the patent system, and show evidence from Bessen and Meurer that the patent system seems to be creating dis-incentives for innovation in industries other than chemicals and pharmaceuticals. Finally, in my third post, I suggest that the problem is a lack of clear boundaries, and discuss some of the reform proposals Bessen and Meurer offer to fix the patent system’s problems.

The best thing about the book, from my perspective, is that it takes the idea of patents as property seriously and then tries to bring some empirical evidence to bear on whether the patent system behaves the way we expect a property rights system to behave. Because of the analytical clarity of their approach, it gives us a meaningful yardstick with which to judge potential reforms.

Alaska Will Not Implement REAL ID

Passed into law Wednesday:

Section 1. AS 44.99 is amended by adding a new section to article 1 to read:

4 Sec. 44.99.040. Limitation on certain state expenditures. A state agency may not expend funds solely for the purpose of implementing or aiding in the implementation of the requirements of the federal Real ID Act of 2005 (P.L. 109-13, Division B).

The E-Verify Debate as it Stands in Kansas

Here’s a good article in the Wichita Eagle on the debate over E-Verify, with particular reference to the state of Kansas, where the legislature recently considered requiring employers to use this system for a federal background check on all new hires.

My paper, “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration,” is here.

Headline Writers’ Lacking Literary Knowledge

Twice in two days now, I’ve come across news articles using the term “Big Brother” to refer to private sector information practices that affect privacy. Big Brother is not an appropriate shorthand here. In his book 1984, George Orwell gave the name “Big Brother” to the oppressive government that observed and controlled the lives of the book’s protagonists. The unique oppressive powers of this governmental entity were a central motif of the book.

Yesterday’s Washington Post had an article headlined “FTC Wants to Know What Big Brother Knows About You.” Is the Federal Trade Commision examining warrantless wiretapping, one hopes? Alas, no — they’re looking at “behavioral targeting” on the Web. This is when advertisers collect information about Web surfers with cookies, using it to direct more relevant ads their way.

Consumers who care to can “opt out” of nearly all “behavioral targeting” by setting their browsers not to receive third-party cookies. In both Internet Explorer and Firefox, the “Tools” pull-down has a selection called “Options.” Clicking the “Privacy” tab allows users to set blanket bans on cookies or site-specific preferences.

Behavioral targeting is in no way an exercise of the legal monopoly on coercion, much less an oppressive exercise of that power.

Ars Technica, an otherwise excellent tech publication, mangled the same literary reference in this headline: “Big Brother is Watching: Companies Snoop E-mail to Combat Leaks.” Employers monitoring communications on their systems are neither exercising government power nor oppressing their employees.

The most cogent, if not the kindest, explanation of this came in the comments to a recent blog post by Bruce Shneier (one I disagreed with). There, commenter “ManOnBlog” said:

You check your constitutional rights at the door when you go to work. They can tap your phone, read your email, paw through your computer, open your locker, etc. The list of what they can’t do legally is shorter than what they can do.

Commenter “@ ManOnBlog” replied:

> You check your constitutional rights at the door when you go to work.

No, you don’t.

> They can tap your phone

No, they can’t. They can tap *their* phone, which you use.

> Read your email

No, they can’t. They can read *their* email, which you use in the course of your job (although generally speaking they need to be VERY CAREFUL about this, because although your corporate mail store is indeed company property they have obligations to protect the individual information that is in that mail store if it is your personal info).

> paw through your computer

No, they can’t. They can paw through *their* computer. Again, see the email line above.

> open your locker

Ditto.

The distinction between government and private action is something more people should understand — especially people who write headlines for a living.

De-Debunker: Low-Hanging Fruit

Another day, another debunking.

DHS Assistant Secretary for Policy Stewart Baker has another effort to debunk information about the E-Verify program on DHS’ Leadership Journal blog. In this case, it’s “Debunking the ‘E-Verify Capacity Problem.’”

Critics say that only 60 thousand employers are registered with E-Verify, while there are 6 million employers in the U.S. But this is an example of using an accurate statistic to produce a misleading result. Many of those 6 million employers won’t hire a single worker this year. Others will hire thousands. What counts is how many individual hires the system can handle… . Based on a recent load testing, the system has the capacity to handle 240 million queries a year. That’s three to four times the number of people who are usually hired in a given year.

Fair enough, and frankly I hadn’t been aware of there being an argument about a “capacity” problem with E-Verify’s servers or data systems.

Running a Web search on “E-Verify capacity” to see what the capacity argument is, I found little other than a Government Accountability Office report which says the following:

A mandatory E-Verify program would necessitate an increased capacity at both U.S. Citizenship and Immigration Services (USCIS) and SSA to accommodate the estimated 7.4 million employers in the United States… . Although DHS has not prepared official cost figures, USCIS officials estimated that a mandatory E-Verify program could cost a total of about $765 million for fiscal years 2009 through 2012 if only newly hired employees are queried through the program and about $838 million over the same 4-year period if both newly hired and current employees are queried… . . SSA has estimated that implementation of a mandatory E-Verify program would cost a total of about $281 million and require hiring 700 new employees for a total of 2,325 additional workyears for fiscal years 2009 through 2013.

That’s a very different kind of capacity - and very expensive. I have written here before about a Social Security Administration workers’ union official who pointed out the lacking capacity at SSA to handle national E-Verify.

The difference in these kinds of capacity reveals an inference in my and others’ criticism of E-Verify that Baker and the folks at DHS may be missing. I may have been too obscure again yesterday when I wrote, “Just because you have a glass coffee table, that doesn’t mean you can build a glass sundeck.”

The class of businesses currently using E-Verify is particularly proactive about not hiring illegal immigrants – either because they are naturally fastidious or because they have been subject to enforcement actions that practically or legally require it. They may self-select against hiring potential illegal immigrants – perhaps avoiding native or fluent Spanish speakers, for example. If their motivation is avoiding trouble with the feds, these employers may not tell workers about tentative nonconfirmations, getting rid of them under other pretenses. Or they may prescreen workers using E-Verify before even hiring them. (Sure, E-Verify fan, tell yourself it’s against the rules - like driving over the speed limit is against the rules.) This all makes it look to folks like Stewart Baker like they’re catching illegal workers.

For what they’re worth, these employers are the low-hanging fruit for the E-Verify program. This is the best E-Verify will get. The rest of the nation’s employers, and the workers they hire, will produce higher error rates and new, more difficult problems.

The capacity of E-Verify’s databases and servers may be fine. The capacity of the various federal agencies to sort out the results of national E-Verify – not so good.

L-1 and China - Oh, Nevermind - Naomi Klein

In a recent Cato TechKnowledge, I highlighted a company called L-1 Identity Solutions that is likely to be a key sponsor of any continuing efforts to implement the REAL ID Act, our moribund national ID law.

L-1 features prominently in a current Rolling Stone article which points out how the company is working with China to build surveillance technologies that the state will use in its attempt to maintain a grip on power.

But before you get to that, you have to stomach this:

Remember how we’ve always been told that free markets and free people go hand in hand? That was a lie. It turns out that the most efficient delivery system for capitalism is actually a communist-style police state, fortressed with American “homeland security” technologies, pumped up with “war on terror” rhetoric. And the global corporations currently earning superprofits from this social experiment are unlikely to be content if the lucrative new market remains confined to cities such as Shenzhen. Like everything else assembled in China with American parts, Police State 2.0 is ready for export to a neighborhood near you.

There are serious issues here, but they’re so mixed up with ideological vomitus that it’s hard to carry on reading. If this paragraph isn’t just meaningless, the author has obviously deemphasized telling an interesting story in favor of indoctrinating readers with–well, whatever the substance is behind those anti-globalization street-puppet shows.

Sure enough, when I went to see who wrote it, it was Naomi Klein. The same Naomi Klein, I assume, who inspired Johan Norberg to pen his recent briefing paper, “The Klein Doctrine: The Rise of Disaster Polemics.”

Milton Friedman’s legacy survives her book with ease, so it didn’t trouble me much. But confusing the kids who read Rolling Stone about the role of communism in keeping China unfree? That could actually do some damage.