September 4, 2018 1:45PM

Doctors as Data Entry Clerks for the Government Health Surveillance System

As a practicing physician I have long been frustrated with the Electronic Health Record (EHR) system the federal government required health care practitioners to adopt by 2014 or face economic sanctions. This manifestation of central planning compelled many doctors to scrap electronic record systems already in place because the planners determined they were not used “meaningfully.” They were forced to buy a government-approved electronic health system and conform their decision-making and practice techniques to algorithms the central planners deem “meaningful.”  Other professions and businesses make use of technology to enhance productivity and quality. This happens organically. Electronic programs are designed to fit around the unique needs and goals of the particular enterprise. But in this instance, it works the other way around: health care practitioners need to conform to the needs and goals of the EHR. This disrupts the thinking process, slows productivity, interrupts the patient-doctor relationship, and increases the risk of error. As Twila Brase, RN, PHN ably details in “Big Brother in the Exam Room,” things go downhill from there.

With painstaking, almost overwhelming detail that makes the reader feel the enormous complexity of the administrative state, Ms. Brase, who is president and co-founder of Citizens’ Council for Health Freedom (CCHF), traces the origins and motives that led to Congress passing the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The goal from the outset was for the health care regulatory bureaucracy to collect the private health data of the entire population and use it to create a one-size-fits-all standardization of the way medicine is practiced. This standardization is based upon population models, not individual patients. It uses the EHR design to nudge practitioners into surrendering their judgment to the algorithms and guidelines adopted by the regulators. Along the way, the meaningfully used EHR makes practitioners spend the bulk of their time entering data into forms and clicking boxes, providing the regulators with the data needed to generate further standardization.

Brase provides wide-ranging documentation of the way this “meaningful use” of the EHR has led to medical errors and the replication of false information in patients’ health records. She shows how the planners intend to morph the Electronic Health Record into a Comprehensive Health Record (CHR), through the continual addition of new data categories, delving into the details of lifestyle choices that may arguably relate indirectly to health: from sexual proclivities, to recreational behaviors, to gun ownership, to dietary choices. In effect, a meaningfully used Electronic Health Record is nothing more than a government health surveillance system.  As the old saying goes, “He who pays the piper calls the tune.” If the third party—especially a third party with the monopoly police power of the state—is paying for health care it may demand adherence to lifestyle choices that keep costs down.

All of this data collection and use is made possible by the Orwellian-named Health Insurance Portability and Accountability Act (HIPAA) of 1996.  Most patients think of HIPAA as a guarantee that their health records will remain private and confidential. They think all those “HIPAA Privacy” forms they are signing at their doctor’s office is to insure confidentiality. But, as Brase points out very clearly, HIPAA gives numerous exemptions to confidentiality requirements for the purposes of collecting data and enforcing laws. As Brase puts it, 

 It contains the word privacy, leaving most to believe it is what it says, rather than reading it to see what it really is. A more honest title would be “Notice of Federally Authorized Disclosures for Which Patient Consent Is Not Required.”

It should frighten any reader to learn just how exposed the personal medical information is to regulators in and out of government. Some of the data collected without the patients’ knowledge is generated by what Brase calls "forced hospital experiments" in health care delivery and payment models, also conducted without the patients’ knowledge. Brase documents how patients remain in the dark about being included in payment model experiments, even including whether or not they are patients being cared for by an Accountable Care Organization (ACO). 

Again quoting Brase, 

Congress’s insistence that physicians install government health surveillance systems in the exam room and use them for the care of patients, despite being untested and unproven—and an unfunded mandate—is disturbing at so many levels—from privacy to professional ethics to the patient-doctor relationship. 

As the book points out, more and more private practitioners are opting out of this surveillance system. Some are opting out of the third party payment system (including Medicare and Medicaid) and going to a “Direct Care” cash pay model, which exempts them from HIPAA and the government’s EHR mandate. Some are retiring early and/or leaving medical practice altogether. Many, if not most, are selling their practices to hospitals or large corporate clinics transferring the risk of severe penalties for non-compliance to those larger entities. 

Health information technology can and should be a good thing for patients and doctors alike. But when the government rather than individual patients and doctors decide what kind of technology that will be and how it will be used, health information technology can become a dangerous threat to liberty, autonomy, and health. 

“Big Brother In The Exam Room” is the first book to catalog in meticulous detail the dangerous ways in which health information technology is being weaponized against us all.  Everyone should read it. 

July 13, 2018 1:19PM

Kavanaugh, Klayman, and the Fourth Amendment

Media Name: kavanaugh.jpg

In the few days since President Trump nominated him to be an Associate Justice on the Supreme Court, Judge Brett Kavanaugh has seen his life put under the microscope. It turns out that the U.S Court of Appeals for the D.C Circuit judge really likes baseball, volunteers to help the homeless, and has strong connections to the Republican Party – especially the George W. Bush administration. More consequentially, Kavanaugh is an influential judge with solid conservative credentials. For libertarians, Kavanaugh's record includes much to applaud, especially when it comes to reining in the power of regulatory authorities. However, at least one of Kavanaugh's concurrences reveals arguments that should concern those who value civil liberties. Members of the Senate Committee on the Judiciary should press Kavanaugh on these arguments at his upcoming confirmation hearing.

In 2015, Kavanaugh wrote a solo concurrence in the denial of rehearing en banc in Klayman v. Obama (full opinion below), in which the plaintiffs challenged the constitutionality of the National Security Agency's (NSA) bulk telephony metadata program. According to Kavanaugh, this program was "entirely consistent" with the Fourth Amendment, which protects against unreasonable searches and seizures.

The opening of the concurrence is ordinary enough, with Kavanaugh mentioning that the NSA's program is consistent with the Third Party Doctrine. According to this doctrine, people don't have a reasonable expectation of privacy in information they volunteer to third parties, such as phone companies and banks. This allows law enforcement to access details about your communications and your credit card purchases without search warrants. My colleagues have been critical of the Third Party doctrine, filing an amicus brief taking aim at the doctrine in the recently decided Fourth Amendment case Carpenter v. United States

Because the Third Party Doctrine remains binding precedent, Kavanaugh argues, the government's collection of telephony metadata is not a Fourth Amendment search. Regardless of one’s opinion of the Third Party Doctrine, this is a reasonable interpretation of Supreme Court precedent from an appellate judge.

Yet in the next paragraph the concurrence takes an odd turn. Kavanaugh argues that even if the government's collection of millions of Americans' telephony metadata did constitute a search it would nonetheless not run afoul of the Fourth Amendment:

Even if the bulk collection of telephony metadata constitutes a search,[...] the Fourth Amendment does not bar all searches and seizures. It bars only unreasonable searches and seizures. And the Government’s metadata collection program readily qualifies as reasonable under the Supreme Court’s case law. The Fourth Amendment allows governmental searches and seizures without individualized suspicion when the Government demonstrates a sufficient “special need” – that is, a need beyond the normal need for law enforcement – that outweighs the intrusion on individual liberty. Examples include drug testing of students, roadblocks to detect drunk drivers, border checkpoints, and security screening at airports. [...] The Government’s program for bulk collection of telephony metadata serves a critically important special need – preventing terrorist attacks on the United States. See THE 9/11 COMMISSION REPORT (2004). In my view, that critical national security need outweighs the impact on privacy occasioned by this program. The Government’s program does not capture the content of communications, but rather the time and duration of calls, and the numbers called. In short, the Government’s program fits comfortably within the Supreme Court precedents applying the special needs doctrine.

This paragraph includes a few points worth unpacking: 1) That the collection of telephony metadata is permitted under the "Special Needs" Doctrine, and 2) The 9/11 Commission Report buttresses the claim that "The Government’s program for bulk collection of telephony metadata serves a critically important special need – preventing terrorist attacks on the United States."

Kavanaugh asserts that the NSA's program serves a special need, and is therefore exempt from the Fourth Amendment's warrant requirement. The so-called Special Needs Doctrine usually applies when government officials are acting in a manner beyond what is associated with ordinary criminal law enforcement. Justice Blackmun explained the justification for the doctrine in his New Jersey v. T.L.O. (1985) concurrence:

Only in those exceptional circumstances in which special needs, beyond the normal need for law enforcement, make the warrant and probable cause requirement impracticable, is a court entitled to substitute its balancing of interests for that of the Framers.

Kavanaugh's concurrence includes a few notable examples of the Special Needs Doctrine, such as drug tests for high school athletes and drunk driving roadblocks. Unlike Klayman, which concerned the indiscriminate bulk collection of millions of citizens' telephony metadata, these cases involved limited searches specific to an isolated government interest.

In United States v. United States District Court (1972) – the so-called "Keith Case" – the Supreme Court rejected the government's argument that "the special circumstances applicable to domestic security surveillances necessitate a further exception to the warrant requirement."

The Supreme Court did not find this or some of the government's arguments persuasive:

But we do not think a case has been made for the requested departure from Fourth Amendment standards. The circumstances described do not justify complete exemption of domestic security surveillance from prior judicial scrutiny. Official surveillance, whether its purpose be criminal investigation or ongoing intelligence gathering, risks infringement of constitutionally protected privacy of speech. Security surveillances are especially sensitive because of the inherent vagueness of the domestic security concept, the necessarily broad and continuing nature of intelligence gathering, and the temptation to utilize such surveillances to oversee political dissent. We recognize, as we have before, the constitutional basis of the President's domestic security role, but we think it must be exercised in a manner compatible with the Fourth Amendment. In this case we hold that this requires an appropriate prior warrant procedure.

Kavanaugh's argument that the NSA's domestic spying can override Fourth Amendment protections thanks to "special needs" is at odds with the Supreme Court's holding in the Keith Case. If the Court expanded special needs to cover the bulk collection of telephony metadata it would be the most expansive application of the doctrine to date.

It's important to consider why Kavanaugh believes "bulk collection of telephony metadata serves a critically important special need – preventing terrorist attacks on the United States."

In making this claim, Kavanaugh cited the 2004 9/11 Commission Report. This report does not directly recommend the bulk collection surveillance at issue in Klayman, nor does it make the argument that such a program would have prevented the 9/11 attacks.  

In fact, the Privacy and Civil Liberties Oversight Board's (PCLOB) 2014 report on the NSA's bulk telephony surveillance program, published before Kavanaugh's Klayman concurrence, found that the program was not a critically important part of the ongoing War on Terror:

Based on the information provided to the Board, we have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack. And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. In that case, moreover, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA’s program.

Even in those instances where telephone records collected under Section 215 offered additional information about the contacts of a known terrorism suspect, in nearly all cases the benefits provided have been minimal — generally limited to corroborating information that was obtained independently by the FBI.

Kavanaugh's assertion that the NSA's invasive surveillance program is justified on national security grounds is simply not supported by the 9/11 Commission Report or the PCLOB's report.

If the Senate does vote to confirm Kavanaugh, as is widely expected, he will likely be on the bench for decades. In that time, he will hear cases involving warrantless surveillance justified on national security grounds. This surveillance may involve facial recognition, drones, and other emerging surveillance methods. That a potential Supreme Court justice might view such warrantless surveillance as justified because of a national security-based "special needs" exception to the Fourth Amendment should worry everyone who values civil liberties. Members of the Senate Committee on the Judiciary must ask Kavanaugh to better explain his reasoning in Klayman.

Klayman v. Obama by Matthew Feeney on Scribd

June 25, 2018 12:44PM

Surveillance Tech Still a Concern After Carpenter

Media Name: phone321.jpg

Last week the Supreme Court issued its ruling in Carpenter v. United States, with a five-member majority holding that the government's collection of at least seven days-worth of cell site location information (CSLI) is a Fourth Amendment search. The American Civil Liberties Union's Nathan Wessler and the rest of Carpenter's team deserve congratulations; the ruling is a win for privacy advocates and reins in a widely used surveillance method. But while the ruling is welcome it remains narrow, leaving law enforcement with many tools that can be used to uncover intimate details about people's private lives without a warrant, including persistent aerial surveillance, license plate readers, and facial recognition.

Background 

Timothy Carpenter and others were involved in a string of armed robberies of cell phone stores in Michigan and Ohio in 2010 and 2011. Police arrested four suspects in 2011. One of these suspects identified 15 accomplices and handed over some of their cell phone numbers to the Federal Bureau of Investigation. Carpenter was one of these accomplices.

Prosecutors sought Carpenter's cell phone records pursuant to the Stored Communications Act. They did not need to demonstrate probable cause (the standard required for a search warrant). Rather, they merely had to demonstrate to judges that they had "specific and articulable facts showing that there are reasonable grounds to believe” that the data they sough were “relevant and material to an ongoing criminal investigation.”

Carpenter's two wireless carriers, MetroPCS and Sprint, complied with the judges' orders, producing 12,898 location points over 127 days. Using this information prosecutors were able to charge Carpenter with a number of federal offenses related to the armed robberies. 

Before trial Carpenter sought to suppress the CSLI data, arguing that the warrantless seizure of the data violated the Fourth Amendment, which protects "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures." The district court denied Carpenter's motion to suppress. He was found guilty and sentenced to almost 116 years in prison.

Carpenter appealed to the Court of Appeals for the Sixth Circuit, which affirmed his conviction.

The Doctrines

Since the 1967 Supreme Court case Katz v. United States courts have deployed the "reasonable expectation of privacy test" to determine whether law enforcement officers have conducted a Fourth Amendment search. According to this test, outlined in Justice Harlan's solo Katz concurrence, officers have conducted a Fourth Amendment "search" if they violate a suspect's subjective expectation of privacy that society is prepared to accept as reasonable.  

The Sixth Circuit determined that Carpenter did not have a reasonable expectation of privacy in his physical location as revealed by CSLI. This determination is consistent with the so-called "Third Party Doctrine" developed by the Supreme Court in United States v. Miller (1976) and Smith v. Maryland (1979). According to the Third Party Doctrine, people don't have a reasonable expectation of privacy in information they voluntarily surrender to third parties such as banks and phone companies.

The Ruling

In an opinion written by Chief Justice Roberts and joined by Justices Ginsburg, Breyer, Kagan, and Sotomayor the Court sided with Carpenter without jettisoning the "reasonable expectation of privacy test" or the Third Party Doctrine. The opinion is a narrow one, holding that the warrantless acquisition of historic CSLI information does violate a reasonable expectation of privacy in physical location. In addition, the Court noted that the Third Party Doctrine remains in place, even if it doesn't extend to CSLI.

According to the Court, this is because of the "unique nature" of cell-site records:

But while the third-party doctrine applies to telephone numbers and bank records, it is not clear whether its logic extends to the qualitatively different category of cell-site records. After all, when Smith was decided in 1979, few could have imagined a society in which a phone goes wherever its owner goes, conveying to the wireless carrier not just dialed digits, but a detailed and comprehensive record of the person’s movements.

We decline to extend Smith and Miller to cover these novel circumstances. Given the unique nature of cell phone location records, the fact that the information is held by a third party does not by itself overcome the user’s claim to Fourth Amendment protection.

The Court's majority opinion make a number of points to emphasize the revealing nature of CSLI data, including the ubiquitousness of cell phones among American adults, and the fact that, "when the Government tracks the location of a cell phone it achieves near perfect surveillance, as if it had attached an ankle monitor to the phone’s user." The opinion goes on to discuss how government officials can "travel back in time" to retrace cell phone users' behavior.

Surveillance Tools Left Available

The Carpenter ruling will have an immediate impact on law enforcement. Last year, law enforcement sent 125,000 CSLI requests to AT&T and Verizon. While presumably many of these requests were related to CSLI data revealing suspects' movements for less than a week, it's worth considering this comment from Laura Moy, Deputy Director of Georgetown Law’s Center on Privacy & Technology and former CSLI analyst for the Manhattan District Attorney.

However, law enforcement can still conduct intrusive and revealing warrantless searches using a wide range of technologies. In the Carpenter majority opinion the Court noted, "we hold that an individual maintains a legitimate expectation of privacy in the record of his physical movements as captured through CSLI."

But our physical movements can be tracked without CSLI. The majority's mention of CSLI allowing government officials to "travel back in time" reminded me of the Baltimore Police Department's use of persistent aerial surveillance equipment, which its developer described as, "a live version of Google Earth, only with TiVo capabilities." He wasn't joking.

License plate readers are also useful tools for tracking physical movements. Immigration and Customs Enforcement (ICE), the federal agency responsible for deportations, has access to more than 2 billion license plate images, allowing its agents to engage in near real-time tracking and to access years-worth of location data. The license plate data available to ICE includes images from 24 of the US’ top 30 most populous metropolitan areas.

Law enforcement agencies across the country are pursuing real-time facial recognition capability. Other emerging police technologies, such as body cameras and drones, may soon be regularly outfitted with real-time facial recognition capability. This capability will provide another means by which police can track our physical movements.

Persistent aerial surveillance, license plate readers, and facial recognition remain a serious concern despite the Court's ruling in Carpenter.

Yet the fact that the Carpenter ruling is narrow should not detract from its significance. It's one of the the most important 4th Amendment Supreme Court cases in years and lays the groundwork for future cases involving a range of surveillance tools. 

For more on Carpenter listen to Cato Senior Fellow Julian Sanchez and Cato senior fellow in constitutional studies Ilya Shapiro discuss the case in a recent Cato Daily Podcast.

April 30, 2018 4:11PM

“Genetic Informants” and the Hunt for the Golden State Killer

Media Name: dna.jpg

Last week officers with the Sacramento County Sheriff's Department arrested Joseph James DeAngelo, the suspected Golden State Killer who allegedly committed a dozen murders, at least 50 rapes, and more than 100 burglaries in California between 1976 and 1986. Police made the arrest after uploading DeAngelo's "discarded DNA" to one of the increasingly popular genealogy websites. Using information from the site, investigators were able to find DeAngelo's distant relatives, thereby significantly narrowing their list of suspects. This investigatory technique is worth keeping an eye on, not least because millions of people are using DNA-based genealogical sites.

I'm one of them. I've signed up to 23andMe as well as MyHeritage, both of which offer DNA analysis. I did this in part because family history is a minor hobby of mine, but also because 23andMe offers interesting medical information. While both companies offer a DNA service, I've only used 23andMe's because MyHeritage allows its users to upload 23andMe data. One of the features of MyHeritage is its "DNA Matching" service, which updates me when a distant relative is found thanks to automated DNA analysis.

This month alone MyHeritage has altered me to the existence of two more 3rd - 5th cousins. This DNA Matching service has identified hundreds of my distant relatives, with varying degrees of confidence. 23andMe has a similar relative-finding feature. MyHeritage and 23andMe, as well as Ancestry.com, have all denied working with law enforcement in the Golden State Killer case.

According to The New York Times, investigators sent the suspected Golden State Killer's DNA to GEDmatch, a free genealogical service. A GEDmatch release stated that it had not been approached by law enforcement and warned customers, "If you are concerned about non-genealogical uses of your DNA, you should not upload your DNA to the database."

Media Name: screen_shot_2018-04-30_at_15.46.16.png

The Times report included this important paragraph:

The detectives in the Golden State Killer case uploaded the suspect’s DNA sample. But they would have had to check a box online certifying that the DNA was their own or belonged to someone for whom they were legal guardians, or that they had “obtained authorization” to upload the sample.

Investigators obviously didn't have DeAngelo's authorization. However, it's unlikely that they were constitutionally required to obtain it. From Technology Review:

[GEDmatch co-creator] Rogers didn’t say whether he thought police had acted legally or not, but he says the rule on his website is that “it’s only with a person’s permission.”

Investigators, of course, didn't have authorization from DeAngelo to use his DNA. However, it seems likely they would not have needed it. “Under current constitutional law, the government has a tremendous amount of discretion in how to use crime-scene evidence,” says Erin Murphy, a professor of law at New York University. “DNA abandoned by the perpetrator of a crime basically has no legal protection.”

What's particularly interesting about this case is that it doesn't involve police identifying a GEDmatch customer as a suspect and then seeking that suspect's DNA profile as part of an investigation. Rather, investigators used GEDmatch to build a family tree of the suspect based on information GEDmatch customers had volunteered. GEDmatch's website includes this warning, "DNA and Genealogical research, by its very nature, requires the sharing of information. Because of that, users participating in this site should expect that their information will be shared with other users."

23andMe and Ancestry.com both mention law enforcement in their privacy policies. These policies discuss law enforcement in the context of law enforcement seeking customers' data. For instance, 23andMe's policy states (emphasis mine), "Under certain circumstances your information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders" and Ancestry.com's policy includes the following, "We may share your Personal Information if we believe it is reasonably necessary to [...] Comply with valid legal process (e.g., subpoenas, warrants)."

It's laudable that these private companies have made commitments to protect their customers' privacy, but the Golden State Killer investigation did not rely on investigators directly accessing GEDmatch customers' information. Rather, it relied on GEDmatch to do what it's product is designed to do: find relatives.

Law enforcement use of genealogical sites is a rare investigatory technique. According to a 23andMe spokesperson, the company has only “had a handful of inquiries over the course of 11 years." Ancestry.com's 2017 transparency report revealed that the company had only received 34 valid law enforcement requests that year, only 19 of which came from American law enforcement agencies. Each one of these 34 requests related to credit card fraud or identity theft.

Although rare, we should prepare for a time when this kind of investigation is widespread. I doubt that any of DeAngelo's distant relatives will be upset that their genetic information was used to aid an investigation into a serial killer and rapist, but we should consider what law enforcement looks like in a world where "genetic informants" are commonplace. As UC Davis Law Professor Elizabeth Joh told The New Republic, "Do you realize, for example, that when you upload your DNA, you’re potentially becoming a genetic informant on the rest of your family? [...] And then if that’s the case, what if you’re the person who didn’t personally upload the DNA, but you discover that your family member has done that?”

 

January 8, 2018 2:49PM

Privacy Still at Risk Despite New CBP Search Rules

Media Name: cbp123.jpg

International travelers, citizens and foreigners alike, enjoy reduced privacy protections at ports of entry. Thanks to the "border exception" to the Fourth Amendment, Customs and Border Protection (CBP) officers do not need reasonable suspicion or probable cause to search electronic devices at airports. This regrettable authority made headlines last year after CBP officers searched phones belonging to innocent American citizens. CBP has updated its electronic device search policy via a new directive. While the directive does include a welcome clarification, it states that CBP can search anyone's electronic devices without probable cause or reasonable suspicion.

The CBP's new directive begins by outlining the unfortunate state of the Fourth Amendment at the border and ports of entry. The Fourth Amendment protects "persons, houses, papers, and effects" from "unreasonable searches and seizures."

Yet, as Justice Rehnquist wrote in his majority opinion in United States v. Ramsey (1977):

[S]earches made at the border, pursuant to the longstanding right of the sovereign to protect itself by stopping and examining persons and property crossing into this country, are reasonable simply by virtue of the fact that they occur at the border.

In 1985, Rehnquist reiterated this point, writing in his United States v. Montoya de Hernandez (1985) majority opinion:

Routine searches of the persons and effects of entrants are not subject to any requirement of reasonable suspicion, probable cause, or warrant.

CBP conducted numerous warrantless searches of electronic devices last year. Perhaps most notable was the January 2017 case involving Sidd Bikkannavar, an American citizen, member of the CBP Global Entry program, and NASA Jet Propulsion Laboratory engineer. After arriving from Chile (not exactly a hotbed of international terrorism), a CBP officer at Houston’s George Bush Intercontinental Airport asked Bikkannavar to unlock his smartphone, which happened to be NASA property. Despite Bikkannavar pointing out that the phone contained sensitive information, the officer persisted, and Bikkannavar eventually gave up the phone's passcode.

A month after CBP needlessly interrupted Bikkannavar's travel, agency officials reportedly stopped another American citizen, Haisam Elsharkawi, from leaving Los Angeles on his way to Saudi Arabia. According to Elsharkawi, CBP officers put him in handcuffs and pressured him into unlocking his phone. The officers released Elsharkawi without charge hours after his plane had left.

Searches of electronic devices at the border are on the rise. According to CBP's own figures, the number of international travelers processed with electronic device searches in the 2017 fiscal year increased almost 60 percent compared to the 2016 fiscal year. While the number of travelers subjected to these searches represents a small fraction of total international travelers, it's clear that these warrantless searches have targeted innocent Americans and are unlikely to stop. At a time when the smartphone is an increasingly integral part of modern life, containing most of our intimate and private details, this authority is of acute concern.

The directive distinguishes between "Basic" searches and "Advanced" searches. During a Basic Search, officers may—with or without suspicion—"review and analyze" information found on the electronic device. If CBP officers conduct an Advanced Search they may connect the electronic device to equipment that can review, analyze, and copy its contents. The new CBP directive states that the reasonable suspicion standard applies to "Advanced" searches.

The directive makes clear that CBP officers still have the authority to seek technical assistance for any device if it cannot be accessed thanks to encryption or passcodes.

The directive also clarifies what information CBP officers can access. Last year, Senator Ron Wyden (D-OR) wrote to then Department of Homeland Security Secretary John Kelly, asking a range of questions about CBP's search of electronic devices. CBP Acting Commissioner Kevin McAleenan responded.

According to McAleenan, CBP officers conducting an electronic device search only examine information that is "physically resident" on the device and do not access "information found only on remote servers."

What information is found "only on remote servers" is not exactly clear cut, as Ars Technica's Cyrus Farivar explained:

After all, many modern apps—notably social media, e-mail, or messaging apps—keep data on remote servers, but a smartphone often also keeps a local copy of the message or relevant data.

Late last year, McAleenan answered questions presented by the United States Senate Committee on Finance. In answering these questions he clarified the steps CBP officers take to ensure remote data is not accessed (emphasis mine):

Border searches of electronic devices extend to searches of the information residing on the physical device when it is presented for inspection or during its detention by CBP for aborder inspection. To ensure that data residing only in the cloud is not accessed, officers are instructed to ensure that network connectivity is disabled to limit access to remote systems.

The new CBP directive includes this policy:

To avoid retrieving or accessing information stored remotely and not otherwise present on the device, Officers will either request that the traveler disable connectivity to any network (e.g. by placing the device in airplane mode), or, where warranted by national security, law, enforcement, officer safety, or other operational considerations, Officers will themselves disable network connectivity.

This is a welcome clarification, but even with airplane mode enabled revealing details are still visible on a phone. Facebook group membership, emails, contact details, and photos are some of the information that's available on a phone in airplane mode. Even if all of this information was hidden from CBP officers conducting a "Basic" search, the apps someone has downloaded can be revealing. You don't have to be Sherlock Holmes to infer details about someone who has Coinbase, TinderDiabetes and Blood Glucose Tracker, and Muslim Pro apps on their phone.

CBP officers should have to secure a warrant before scouring our most intimate communications and details. A few years ago, the Supreme Court held in Riley v. California (2014) that police cannot search the digital information found on phones belonging to arrested persons without a warrant. In a brief for one of the cases considered in Riley v. California, the United States argued that searching information on phones is "materially indistinguishable" from searching wallets and purses. In his Riley v. California majority opinion Chief Justice Roberts correctly characterized this argument as "like saying a ride on horseback is materially indistinguishable from a flight to the moon."

The modern smartphone is an essential feature of modern life. Almost every American adult owns a cell phone, with 77 percent owning a smartphone. Americans use these devices to contact family and colleagues, organize their finances, find love, publish their thoughts, find transport, play games, track their eating habits, listen to music, and much more. Allowing CBP officers warrantless access to devices that house this information risks needlessly violating Americans' privacy.

Lawmakers in the House and Senate have introduced legislation requiring CBP to have warrants before searching phones. Until such legislation is passed or the Supreme Court revises the border exception to the Fourth Amendment, privacy at ports of entry will be dependant on CBP's policies. Sadly, the new CBP directive shows that we should expect continued privacy violations at ports of entry for the foreseeable future.

November 1, 2017 11:35AM

Body Cameras Worth Deploying Despite Limited Impact

Media Name: body_camera_2.jpg

A study

that examined the effects body worn cameras (BWCs) have on police officers in Washington, D.C. has been making the rounds recently. The study's findings have reinvigorated discussions about BWCs, not least because of its counterintuitive finding that BWCs did not have a statistically significant effect on officers' use of force or civilian complaints against the police. This finding is worth considering, but the study shouldn't deter local officials from mandating police BWCs. Even if they don't change police officers' behavior, BWCs can, with the right policies in place, provide a much-needed increase in police accountability and transparency.

During the study, officers with the Metropolitan Police Department of the District of Columbia were randomly assigned BWCs. Researchers with The Lab @DC, a study team in the D.C. mayor's office, and Yale University examined use of force incidents and complaints against police officers.

The study did not seek to measure the impact of BWCs' other benefits such as accountability, transparency, and protection for officers, but rather narrowly measured their impact. In addition to examining how often police officers use force and are the subject of complaints, researchers also studied police discretion and the judicial outcomes related to police charges.

You might expect that officers improved their behavior when they were wearing BWCs. After all, if you know that you're being filmed you have plenty of incentives to be on your best behavior, whether you're an officer or a resident. And yet, the recent D.C. body camera study showed that BWCs had no statistically significant effect on officers' behavior.

This may strike many as odd. But we shouldn't forget the limitations that restrict researchers looking into the effects of BWCs. Researchers cannot, for instance, insist that when an officer wearing a BWC calls for backup that only officers also wearing BWCs respond. In a situation where two officers are interacting with a resident and only one of the officers is wearing a BWC there is a good chance that the BWC will influence the behavior of the officer not wearing the BWC.

The researchers do not think, however, that this spillover effect affected the results of the experiment. The study notes that there was no statistically significant difference between officer behavior pre- and post-BWC deployment, as the two graphs from the study below show:

Media Name: screen_shot_2017-10-31_at_12.48.04.png

Media Name: screen_shot_2017-10-31_at_12.48.13.png

If officers not wearing BWCs improved their behavior in the presence of other officers wearing BWCs, we’d expect to see a reduction in use of force and complaints filed after the study began. However, Figure 4 and Figure 5 above show no significant difference.

Thus, even given the limitations of the study design, it appears that BWCs do not at a mass scale reduce the amount of force police officers use or the number of complaints officers receive.

The Washington, D.C. study raises an obvious question: if BWCs have no statistically significant effect on officers' use of force or complaints, should officers be wearing them?

The answer to that question is "yes."

First, even if body cameras do not reduce the frequency with which police officers use force, they nonetheless help provide accountability for the minority of officers who engage in serious misconduct, such as the Baltimore police officers caught planting drugs and "re-creating" a crime scene.

Second, BWCs are a tool for increased transparency in American law enforcement. Residents deserve to know how police officers behave, whether their behavior is changed by BWCs or not. At a time when cell phones are ubiquitous and BWCs are a regular feature of police misconduct debates, residents will be increasingly skeptical when a contentious fatal police encounter is not filmed. Even if a bird's eye view of a police department reveals that BWCs don't have a statistically significantly effect on police officers' use of force, that doesn't mean that same department won't one day hire a bad police officer who will engage in illegal and deadly misconduct.

Third, BWCs can also protect police officers by  minimizing time spent on baseless complaints against officers by providing clear exculpatory evidence, as was the case when a young woman falsely accused an Albuquerque Police Department officer of sexual assault during a 2014 DWI stop.  

All of these BWCs benefits can only be realized with the appropriate policies in place. Without policies that protect privacy and allow residents to view body camera footage of public interest, body cameras could be used as a surveillance tool.

The authors of the Washington, D.C. study state that their results "suggest that we should recalibrate our expectations of BWCs’ ability to induce large-scale behavioral changes in policing." But even if BWCs don't prompt significant changes in police officers' behavior they are worth mandating anyway. A police department with BWCs governed by the right policies will increase transparency and accountability—a welcome result even if it's not accompanied by better-behaved police officers.

October 17, 2017 4:59PM

LAPD Drones Threaten Privacy

Media Name: multicopter-1873532_960_720.jpg

Today, the Los Angeles Police Department (LAPD) civilian police commission voted to approve proposed guidelines for a one-year unmanned aerial vehicles (UAVs) pilot program. According to the LAPD's guidelines, UAVs will not be equipped with lethal or nonlethal weapons and will only be deployed in a narrow set of circumstances. The guideline also requires officers to obtain a warrant before using a UAV "when required under the Fourth Amendment or other provision of the law." This looks all well and good, except that the Fourth Amendment and California law provide little protection when it comes to aerial surveillance.

The Fourth Amendment protects "persons, houses, papers, and effects" from "unreasonable searches and seizures." Many Americans could be forgiven for thinking that this constitutional provision would act as a shield against warrantless aerial surveillance. Sadly, this is not the case. California law is similarly of little help. California is not one of the states that require law enforcement to obtain a warrant before using a UAV, with Gov. Jerry Brown in 2014 vetoing a bill that would have imposed such a requirement.  

To the LAPD's credit, routine surveillance is not included in its list of approved UAV operations. However, the LAPD has a history of using new surveillance gadgets, and it's reasonable to be wary of UAVs being regularly used for surveillance as they become an everyday feature of police departments' toolboxes.

Although the Supreme Court has yet to take up the issue of UAV surveillance, it did address aerial surveillance in a few cases in the 1980s. In Dow Chemical Co v. United States (1986) the Supreme Court ruled that the Environmental Protection Agency did not need an administrative warrant when it hired a commercial photographer using a mapping camera to inspect a 2,000 acre Dow Chemical plant from an aircraft.

The same year that Supreme Court ruled in Dow Chemical Co v. United States it also decided another case, California v. Ciraolo (1986). In that case police acting on an anonymous tip took to an airplane and without a warrant used naked eye surveillance to snoop on Dante Ciraolo's backyard, which was unobservable from street level thanks to a couple of fences. The police spotted marijuana growing in Ciraolo's backyard and arrested him. Ciraolo claimed that the police's aerial inspection of his backyard violated the Fourth Amendment, but the Supreme Court ruled that such warrantless surveillance is constitutional.

In 1989, the Supreme Court dealt with another case involving police looking for marijuana from the sky. In Florida v. Riley (1989), the Supreme Court considered whether police had conducted a Fourth Amendment search when they looked into Michael Riley's greenhouse from a helicopter at 400 feet without a warrant. A plurality on the Court found that Ciraolo controlled and that police had not conducted a Fourth Amendment search.

While those outside of courts and law schools might think that the government agents' behavior at issue in DowCiraolo, and Riley, could reasonably be described as "searches," the unfortunate reality is that for fifty years the word "search" has been defined by courts in a very particular way.  

Fifty years ago, in Katz. v. United States (1967), the Supreme Court ruled that the warrantless use of an eavesdropping device on the exterior of a public phone booth violated the Fourth Amendment. In his majority opinion, Justice Potter Stewart wrote that the Fourth Amendment "protects people, not places."

Katz is notable not only because of Stewart's opinion, but also because of a solo concurrence written by Justice John Harlan II. In his concurrence, Justice Harlan codified the two-pronged "reasonable expectation of privacy test." According to the test, police have conducted a Fourth Amendment "search" if they 1) violate someone's reasonable expectation of privacy and 2) that expectation is one that society is prepared to accept as reasonable.

Thanks to current Fourth Amendment doctrine the LAPD's declaration that police will seek a warrant for UAVs "when required under the Fourth Amendment" is hardly reassuring.

In his Florida v. Riley dissent Justice William Brennan took the Court's reasoning to its logical conclusion, using a "miraculous tool" that at the time was a hypothetical but now resembles a tool that will soon be in the hands of the LAPD and other police departments:

Imagine a helicopter capable of hovering just above an enclosed courtyard or patio without generating any noise, wind, or dust at all - and, for good measure, without posing any threat of injury. Suppose the police employed this miraculous tool to discover not only what crops people were growing in their greenhouses, but also what books they were reading and who their dinner guests were. Suppose, finally, that the FAA regulations remained unchanged, so that the police were undeniably "where they had a right to be." Would today's plurality continue to assert that "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" was not infringed by such surveillance?

The LAPD's UAV guidance does include some praiseworthy provisions, including the ban on UAVs being equipped with weapons. However, the guidance doesn't provide the privacy protections needed to prevent warrantless UAV snooping.