Computers, Privacy & the Constitution

View   r2  >  r1  ...
AvaGuoFirstPaper 2 - 24 Apr 2013 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
How the Death of the Fourth Amendment Could Have Been Avoided

-- By Ava Guo - 04 Mar 2013

Changed:
<
<
With the advent of computers and the internet, this Fourth Amendment right of people “to be secure in their persons” has been chipped away by the courts in an attempt to figure out what warrants protection in cyberspace. The problem with the Fourth Amendment is not that it is inherently incapable of accommodating electronic communications; it is that the courts have been so wrapped up in trying to fit the new world of the internet into an old mold of the physical world that they have completely ignored the uniqueness of cyberspace. I believe that as drafted, the Fourth Amendment had room to grow; had the courts abided by acknowledgement in Katz v. United States that it protects people, not areas, the “death” of the Fourth Amendment in the Information Age could have been avoided. Instead of comparing electronic communications with speech or telephone calls, the courts should have looked to society’s actual expectations with respect to activities on the internet, and analyzed them under and the “reasonable expectation of privacy” test.
>
>
With the advent of computers and the internet, this Fourth Amendment right of people “to be secure in their persons” has been chipped away by the courts in an attempt to figure out what warrants protection in cyberspace. The problem with the Fourth Amendment is not that it is inherently incapable of accommodating electronic communications; it is that the courts have been so wrapped up in trying to fit the new world of the internet into an old mold of the physical world that they have completely ignored the uniqueness of cyberspace.

But the old world hasn't gone anywhere. And in it, those rules were being "chipped away" much faster. In the US I grew up in, no one thought it was constitutional to roadblock traffic or go through everyone's bag at the airport. I don't know how, in view of the erosion of those certainties in the "old" world, we can be so sure that any of what we're talking about has to do with a confusion introduced by treating the "new" world like the "old" one. That should have had better results than the ones we experienced.

I believe that as drafted, the Fourth Amendment had room to grow; had the courts abided by acknowledgement in Katz v. United States that it protects people, not areas, the “death” of the Fourth Amendment in the Information Age could have been avoided. Instead of comparing electronic communications with speech or telephone calls, the courts should have looked to society’s actual expectations with respect to activities on the internet, and analyzed them under and the “reasonable expectation of privacy” test.

 Katz v. United States

In Katz, federal agents taped a microphone to the top of a public pay phone booth that recorded the defendant’s side of his conversations. The court reasoned that the warrantless surveillance of the phone booth was impermissible, and more importantly, noted that the “Fourth Amendment protects people – and not simply “areas” – against unreasonable searches and seizures.” 389 U.S. 347, 352 (1967). This early analysis demonstrates that the Fourth Amendment was perfectly capable of extending its protections beyond physical places to people’s identities in cyberspace. In Justice Harlan’s concurrence, he articulates the “expectation of privacy” test as a twofold requirement. First, the individual must have an actual (subjective) expectation of privacy; and second, that expectation has to be one that society is prepared to recognize as “reasonable.” This test was subsequently applied to public spaces and telephone calls, not because the test itself was limited to physical things, but because that was all we, as a society, had encountered. The courts have subsequently tried to analogize electronic communications with these situations.

Added:
>
>
First, a concurrence is not the opinion of the court. Second, the talk about persons over places is plainly rhetorical rather than analytical. The Court concluded that Katz had an expectation of privacy in "an enclosed phone booth," leaving open the possibility that fewer walls on the booth, or no walls at all, could have changed the result with respect to a wiretap placed outside the confines of the telephone booth altogether.

 The Danger of Analogies

In Hoffa v. United States, the defendant admitted his involvement in criminal activities to someone who turned out to be a government informer. The court held that as a result of this conversation, the defendant had no reasonable expectation of privacy in his communications because he assumed the risk that others may overhear and share it with others. 385 U.S. 293 (1966). Extending this to online communications, the court in State v. Moller held that the defendant had no expectation of privacy in an internet chatroom. 2002 WL 628634 (Ohio Ct. App. 2002). In this case, a police officer posed as a young girl and entered a chatroom for older men. The defendant contacted the officer to arrange a meeting with the “girl” for sexual activities. After defendant was arrested, he challenged the admission of his online communications as a violation of his Fourth Amendment rights. The court reasoned that just like an individual who has a conversation in public and within earshot of others, the defendant assumed the risk when he entered the public chatroom. It may be a subtle distinction to make but rather than comparing the chatroom to a crowded café, the court should have based its decision on the norms and expectations of a public internet chatroom. Indeed, the defendant should have had even less of an expectation of privacy in the chatroom because there is not only a risk that someone could “eavesdrop” on his conversation, but an absolute certainty that anyone else in the chatroom could and would read what he wrote.

In Smith v. Maryland, 442 U.S. 735 (1979), the police installed a pen register on the defendant’s telephone and it recorded the numbers dialed from his phone line without recording the actual conversations. The Supreme Court distinguished between content (the conversation) and non-content information (the phone numbers dialed), and held the latter had no constitutional protection because the defendant voluntarily conveyed the numerical information to the telephone company. By analogy, in United States v. Forrester, the Ninth Circuit held that computer surveillance that enabled the government to learn the to/from addresses of the defendant’s e-mail messages and the IP addresses of the websites he visited did not constitute a Fourth Amendment search because it was analogous to the use of a pen register. The court stated that internet users have no expectation of privacy because “they should know that these messages are sent and these IP addresses are accessed through the equipment of their Internet service providers and other third parties.” 495 F.3d 1041 (9th Cir. 2007).

Changed:
<
<
The court’s insistence on grouping IP addresses and to/from fields of e-mails with numbers dialed from a telephone as non-content information is indicative of its reluctance to accept, or perhaps even understand, electronic communications as a separate category. Unlike telephones, the internet works by combining content and non-content information into packets and sending them across networks altogether. This kind of blending of information is unique to the internet and should be acknowledged by the court. Instead of focusing on these analogies, the courts should be asking (a) whether an individual has an actual or subjective expectation of privacy in their electronic activities; and (b) whether our society should accept this expectation as a “reasonable” one. For instance, there is a strong argument to be made that the very identities of our e-mail contacts, along with the content of the communications, should be protected as a single packet of information. Unlike letters, which cannot be delivered without the address being viewable to the public, e-mails are unconstrained in such a way. There is no reason to force the content vs. non-content information analysis onto something that is inherently free from such a distinction, and if the courts can embrace this logic now, there may still be room for the Fourth Amendment in cyberspace.
>
>
The court’s insistence on grouping IP addresses and to/from fields of e-mails with numbers dialed from a telephone as non-content information is indicative of its reluctance to accept, or perhaps even understand, electronic communications as a separate category.

Or maybe its perfectly consistent application of consistent principles. Even if one encrypts the content of the email message, after all, that's precisely the information that must be publicly exposed in order to make delivery possible, as the telephone number must be disclosed in order to complete a call. So I'm not sure I understand your criticism.

Unlike telephones, the internet works by combining content and non-content information into packets and sending them across networks altogether.

Yes, but one can draw wrong conclusions from that fact. The IP packet has headers in it, which are precisely the addressing information, as opposed to the content, which in this context is called in the vernacular the packet "payload." So that's clearly "non-content" information in your analysis. For an email service provider asked to provide traffic information only, not message content, isolating the relevant information and providing it doesn't somehow require going inside the IP datagram to inspect the payload: the mail service provider deals with reassembled datagrams, representing email messages, which are data at the application layer. The service provider can intelligibly and easily take traffic information (From, To, CC, Sender, Received, etc.) apart from message content, and respond appropriately to subpoena. So argument from the nature of the IP datagram is misconceived from a technical point of view.

This kind of blending of information is unique to the internet and should be acknowledged by the court. Instead of focusing on these analogies, the courts should be asking (a) whether an individual has an actual or subjective expectation of privacy in their electronic activities; and (b) whether our society should accept this expectation as a “reasonable” one. For instance, there is a strong argument to be made that the very identities of our e-mail contacts, along with the content of the communications, should be protected as a single packet of information. Unlike letters, which cannot be delivered without the address being viewable to the public, e-mails are unconstrained in such a way.

As I've explained above, this argument is wrong. It's a serious weakness to be relying on it in this fashion here.

The problem at the layer above is probably more serious: you could find another illustration to replace this "packets are different" argument you've been relying upon. But there is simply no reason provided to believe that if we applied your version of the dictum in Katz, we would find any reasonable expectation of privacy in third-party data storage.

We do not, in the real world, have any trouble with the reasonable rules of third-party stuff storage. If you rent a storage space and put your own lock on it, the operator can be required to disclose to the government by subpoena a list of those renting spaces, but to go inside and search the space will require either the consent of the renter or a warrant. If, on the other hand, I ask a friend to let me store stuff in his basement—or a local businessman offers me free storage in his basement in return for my accepting his advertising—I know that my friend, or the businessman may consent to a search of his premises, and certainly will obey a warrant without giving me notice and a chance to contest it before his basement is searched and my stuff along with it.

These rules have been ever thus and are now reasonable, beyond serious doubt. Why they should be different with respect to bits than they are with respect to stuff it is very difficult to see and you have in no way argued. It is true that those rules are having profound consequences as people adopt services provided to them in a supposedly "convenient" but indeed very rights-suppressing fashion. But that is not necessarily a reason to change the rules. If our desire to restore Fourth Amendment protection led us to reengineer "cloud services" and restore email to the federated condition it was in before Gmail, so that we all stored our data in a little box under our own bed at home in our own castle, that would be pretty damn fine.

But that's beside the point until we get past where you leave us, which is somehow believing that the analysis ought to come out the other way. Which, if you're going to argue in the next draft, you're going to have to do more work to demonstrate. Why should the expectations of the "real" world not apply to third-party data storage? Why shouldn't we engineer our services differently, in order to hold on to our legal rights, rather than try to make ourselves in some fleeting way more comfortable with sham realities? In truth, of course, data will be stored wherever in the world it is convenient for the business storing the data to put it, and whatever the US legal system says about searching it will make no difference. Why am I trying to change my idea about what is reasonable, in some supposed distinction between the "new" world and the "old," when I ought instead to be reminding myself of the wisdom of putting my "papers and effects" in my own house? This perfectly technically feasible, and would be smarter for every possible reason. Except the reason that smart Google would rather keep it for you, as long as you allow them to extract all the data's peripheral value, without actually "selling" it to anyone. In the end, that is not a good deal for you, even if you managed to recover a scrap or two of your previously-robust constitutional rights.

There is no reason to force the content vs. non-content information analysis onto something that is inherently free from such a distinction, and if the courts can embrace this logic now, there may still be room for the Fourth Amendment in cyberspace.

 Word count: 998

AvaGuoFirstPaper 1 - 04 Mar 2013 - Main.AvaGuo
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FirstPaper"
How the Death of the Fourth Amendment Could Have Been Avoided

-- By Ava Guo - 04 Mar 2013

With the advent of computers and the internet, this Fourth Amendment right of people “to be secure in their persons” has been chipped away by the courts in an attempt to figure out what warrants protection in cyberspace. The problem with the Fourth Amendment is not that it is inherently incapable of accommodating electronic communications; it is that the courts have been so wrapped up in trying to fit the new world of the internet into an old mold of the physical world that they have completely ignored the uniqueness of cyberspace. I believe that as drafted, the Fourth Amendment had room to grow; had the courts abided by acknowledgement in Katz v. United States that it protects people, not areas, the “death” of the Fourth Amendment in the Information Age could have been avoided. Instead of comparing electronic communications with speech or telephone calls, the courts should have looked to society’s actual expectations with respect to activities on the internet, and analyzed them under and the “reasonable expectation of privacy” test.

Katz v. United States

In Katz, federal agents taped a microphone to the top of a public pay phone booth that recorded the defendant’s side of his conversations. The court reasoned that the warrantless surveillance of the phone booth was impermissible, and more importantly, noted that the “Fourth Amendment protects people – and not simply “areas” – against unreasonable searches and seizures.” 389 U.S. 347, 352 (1967). This early analysis demonstrates that the Fourth Amendment was perfectly capable of extending its protections beyond physical places to people’s identities in cyberspace. In Justice Harlan’s concurrence, he articulates the “expectation of privacy” test as a twofold requirement. First, the individual must have an actual (subjective) expectation of privacy; and second, that expectation has to be one that society is prepared to recognize as “reasonable.” This test was subsequently applied to public spaces and telephone calls, not because the test itself was limited to physical things, but because that was all we, as a society, had encountered. The courts have subsequently tried to analogize electronic communications with these situations.

The Danger of Analogies

In Hoffa v. United States, the defendant admitted his involvement in criminal activities to someone who turned out to be a government informer. The court held that as a result of this conversation, the defendant had no reasonable expectation of privacy in his communications because he assumed the risk that others may overhear and share it with others. 385 U.S. 293 (1966). Extending this to online communications, the court in State v. Moller held that the defendant had no expectation of privacy in an internet chatroom. 2002 WL 628634 (Ohio Ct. App. 2002). In this case, a police officer posed as a young girl and entered a chatroom for older men. The defendant contacted the officer to arrange a meeting with the “girl” for sexual activities. After defendant was arrested, he challenged the admission of his online communications as a violation of his Fourth Amendment rights. The court reasoned that just like an individual who has a conversation in public and within earshot of others, the defendant assumed the risk when he entered the public chatroom. It may be a subtle distinction to make but rather than comparing the chatroom to a crowded café, the court should have based its decision on the norms and expectations of a public internet chatroom. Indeed, the defendant should have had even less of an expectation of privacy in the chatroom because there is not only a risk that someone could “eavesdrop” on his conversation, but an absolute certainty that anyone else in the chatroom could and would read what he wrote.

In Smith v. Maryland, 442 U.S. 735 (1979), the police installed a pen register on the defendant’s telephone and it recorded the numbers dialed from his phone line without recording the actual conversations. The Supreme Court distinguished between content (the conversation) and non-content information (the phone numbers dialed), and held the latter had no constitutional protection because the defendant voluntarily conveyed the numerical information to the telephone company. By analogy, in United States v. Forrester, the Ninth Circuit held that computer surveillance that enabled the government to learn the to/from addresses of the defendant’s e-mail messages and the IP addresses of the websites he visited did not constitute a Fourth Amendment search because it was analogous to the use of a pen register. The court stated that internet users have no expectation of privacy because “they should know that these messages are sent and these IP addresses are accessed through the equipment of their Internet service providers and other third parties.” 495 F.3d 1041 (9th Cir. 2007).

The court’s insistence on grouping IP addresses and to/from fields of e-mails with numbers dialed from a telephone as non-content information is indicative of its reluctance to accept, or perhaps even understand, electronic communications as a separate category. Unlike telephones, the internet works by combining content and non-content information into packets and sending them across networks altogether. This kind of blending of information is unique to the internet and should be acknowledged by the court. Instead of focusing on these analogies, the courts should be asking (a) whether an individual has an actual or subjective expectation of privacy in their electronic activities; and (b) whether our society should accept this expectation as a “reasonable” one. For instance, there is a strong argument to be made that the very identities of our e-mail contacts, along with the content of the communications, should be protected as a single packet of information. Unlike letters, which cannot be delivered without the address being viewable to the public, e-mails are unconstrained in such a way. There is no reason to force the content vs. non-content information analysis onto something that is inherently free from such a distinction, and if the courts can embrace this logic now, there may still be room for the Fourth Amendment in cyberspace.

Word count: 998


Revision 2r2 - 24 Apr 2013 - 21:36:47 - EbenMoglen
Revision 1r1 - 04 Mar 2013 - 16:54:27 - AvaGuo
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM