The Fourth Amendment in the Digital Age and Other Considerations - Module 5 of 5

Module 5: The Fourth Amendment in the Digital Age and Other Considerations

The Fourth Amendment was drafted and ratified at a time when all of a person’s possessions were tangible. Now, privacy concerns must adapt to technological advances and these concerns also relate to the data stored in cyberspace. They must account for the ease with which information can be intercepted with advanced technology. This module will discuss the Fourth Amendment in the digital age as well as in the age of evolving national security concerns.

The Evolution of the Fourth Amendment

            The Fourth Amendment provides that people have a right to be secure “in their persons, houses, papers, and effects, against unreasonable searches and seizures.”[1] Thus, Fourth Amendment analysis requires a determination of whether the government intrusion infringes on an area mentioned within the Fourth Amendment, which means persons, houses, papers and effects. If it does, a determination must be made whether the subject of the search maintained the private nature of the area. For instance, when the object of the search was mail, or “papers,” the analysis turned to whether the mail was maintained in a sealed envelope.[2] If others—like a mail carrier—could see the mail then the police should be allowed to as well. So, while the papers inside a mailed envelope could reasonably be considered the papers of the sender (or recipient), there is certainly no reasonable expectation of privacy regarding the writing on an open postcard.

The original determination of whether a Fourth Amendment intrusion occurred hinged on whether a physical border, such as the exterior of a house and its border or the envelope that covers and seals a letter, was breached.[3] However, with the advent of intangible forms of communication and technology, this analysis is no longer practical. The Court’s recognition that Fourth Amendment privacy concerns went further than a physical trespass formed the basis of the reasonable expectation of privacy standard under the Supreme Court’s Katz decision.[4] This test seemed to be the only usable test where the “trespass” analysis was not applicable.

            The 2012 decision in United States v. Jones, which involved the attachment of a GPS monitoring device to a vehicle, applied the trespass test to modern-day technology.[5] Now, regardless of whether the case involves technology or tangible possessions, both the trespassory analysis and the reasonable expectation of privacy tests should be applied to determine the constitutionality of a search or seizure.[6] If the government either trespasses one’s property to search or seize OR violates one’s reasonable expectation of privacy, there may be a Fourth Amendment violation. As a practical matter, the reasonable expectation of privacy test is the most workable test for modern day technology, to analyze privacy concerns pertaining to data, technology and future technological advances.

The Third-Party Doctrine

            The third-party doctrine minimizes the privacy interests of people who share information or other interests with third parties. There is no reasonable expectation of privacy in information or other property voluntarily provided to a third party. This doctrine has traditionally been applied in two contexts: (1) when people share information or other property with confidential informants or undercover agents, and (2) disclosure of records to third parties such as banks or phone companies.[7]

            The Supreme Court has decided two cases that formed the basis behind the third-party doctrine. The first case, United States v. Miller, dealt with police obtaining the defendant’s bank records by issuing a subpoena. The defendant argued that this constituted an illegal seizure since the police did not obtain a warrant.[8] The Court disagreed, holding that someone who deposits money in a bank has no “‘legitimate expectation of privacy’ . . . [in financial information] voluntarily conveyed to . . . banks and exposed to their employees in the ordinary course of business.”[9] Following Miller the Court decided Smith v. Maryland.[10] In Smith, the defendant argued that the installation of a pen register by a telephone company at the request of police to record the defendant’s phone numbers constituted an illegal search and seizure. The Smith Court held that the defendant did not have a reasonable expectation of privacy in the numbers that he dialed because the defendant, by using his phone, voluntarily disclosed those numbers to the phone company which maintains that information in the ordinary course of business.[11]  

It is common for private data to be disclosed to third parties. For instance, most people store personal data on the “cloud,” which denotes data being stored on an internet service housed at massive server farms.[12] Sometimes, people pay for these services. But the chances are that if you own a mobile phone, such as an iPhone, your data, including your pictures, phone book and text messages are stored in Apple’s iCloud. Also, when you visit webpages, they can collect your location through your IP address, any information you search for, what links you click and how long you spend on a site. A site may also install “cookies” on your computer to recognize your computer the next time you visit the site.[13]

The third-party doctrine can come into play in many respects when these technologies are used. Using the reasoning of Miller and Smith, it can be argued that cloud and browser data was voluntarily disclosed to third parties and, as such, there is no reasonable expectation of privacy. In fact, this is the argument the Government used when it was disclosed that it was collecting massive amounts of data on Americans and storing it, back in 2013.[14] On the other hand, it can be argued that the sharing of this private information in modern-day technology is not voluntary, especially as many are unaware of the extent to which their data is collected and stored. Government entities have a mixed record in arguing for carte blanche in using these types of information without warrants, and determinations of these questions can be highly fact-specific.[15]

Federal Legislation to Protect Online Privacy

Because changes in the way courts analyze questions involving technology happen slowly, Congress has weighed in and passed laws where the courts have failed to properly recognize privacy rights.

Sometimes, Congress places the onus on private entities to protect data privacy, as in the case of the Telecommunications Act of 1996. Section 702 of that Act provides that “every telecommunications carrier has a duty to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers and customers.”[16]

Other times, Congress has focused more on the government’s role in privacy protections. In 1986, Congress enacted the Electronic Communications Privacy Act[17] to address government intrusion into stored communications, including data housed in computers. Still, the Privacy Act only protected stored data, such as emails and text messages, for 180 days after their creation, treating data older than 180 days as “abandoned.”[18]

Note that cloud storage and internet service providers may, and often do, go beyond the requirements of federal privacy legislation. Some ISPs, for example, may refuse to turn over customer data upon government request.[19] Without a search warrant, the government may have no practical way to force ISPs and cloud storage services to hand over customer data. The Fourth Amendment is also implicated when the ISP or cloud storage company chooses to cooperate. The underlying data belongs to the customer even if housed by a data storage company. As such, if covered by a reasonable expectation of privacy, only a search warrant can compel the production of the information and secure the government’s ability to use that information in court.

Court Decisions on Specific Privacy Concerns

The changing landscape, digital dependence, the third-party doctrine and the lack of clear Supreme Court direction caused much concern in the legal community about loss of privacy rights.[20]

GPS and Real-Time Cell Site Location Information

GPS technology, which uses satellites to pinpoint a person’s physical location on a map, is used in millions of cars and on millions of Americans’ mobile phones. GPS makes it possible for a person to be located anywhere in the world with a high degree of accuracy, often pinpointing them within feet of their actual locations.[21] Cell site location information is similar to GPS, but instead of using satellites in the Earth’s orbit, it identifies location through cell towers that triangulate a person’s location.[22] The records produced by the cell site location information can be historical or in real time. This data is stored and shared with third parties hundreds of times per day. In one case, a Carnegie Mellon Study found that location data was shared for one person over 5,000 times in a two-week period.[23] 

The Supreme Court’s 2012 Jones decision that we’ve discussed dealt with GPS and Fourth Amendment privacy concerns through the physical attachment of a GPS device to a suspect’s car. However, in Jones the Court did not discuss whether police surveillance of a mobile phone location through GPS or real-time cell site location information constituted a search under the Fourth Amendment.[24] 

Lower courts around the country have been split on the question about whether monitoring a mobile phone’s GPS and real-time cell site information to locate someone is a Fourth Amendment search. For instance, the Sixth Circuit, in United States v. Skinner,[25] held that the defendant did not have a reasonable expectation of privacy in the GPS location of his mobile phone since he was traveling on a public road.[26] The Florida Supreme Court, however, in Tracey v. State,[27] held that the defendant did have a reasonable expectation of privacy in his real-time cell site location information even on public roads.[28] The Supreme Court has not yet resolved this conflict amongst lower courts.

Mobile Phones

In 2014, in Riley v. California, [29] the Court considered two cases that posed the same question: “whether the police may, without a warrant, search digital information on a cell phone seized from an individual who has been arrested.”[30] The government argued that these searches were justified as searches incident to lawful arrests. The Court disagreed. Applying the reasonable expectation of privacy test, the Court held that the search allows the seizure of the phone if there is reason to believe it was involved in the commission of a crime or as part of the normal inventory process. However, the data on the phone is distinct from the physical device itself. To search the phone requires a warrant or another exception to the warrant requirement.

In Carpenter v. United States,[31] the government obtained several months of cell site information detailing the defendant’s locations and movements over that period.  The Court noted that “all together, the Government obtained 12,898 location points cataloging the defendant’s movements—an average of 101 data points per day.”[32] In ruling that this data was protected under the Fourth Amendment, the Court held that, given the “deeply revealing nature of [cell-site location information], its depth, breadth, and comprehensive reach, and the inescapable and automatic nature of its collection, the fact that such information is gathered by a third party does not make it any less deserving of Fourth Amendment protection.”[33] 

Although many privacy advocates heralded Carpenter as a big step in data privacy rights, some argued it didn’t go far enough. For instance, the Court in Carpenter left open two major issues: (1) whether the government can use cell site information to view suspects’ locations in real-time, and (2) whether a shorter and fixed duration of cell site location records would be permissible under the Fourth Amendment. The Court also stated that it was not overruling the third-party doctrine under Smith and Miller.[34] Given this somewhat unclear guidance, it remains to be seen how this decision will govern the decisions of lower courts.

National Security and the Fourth Amendment

Traditionally, the Supreme Court had separated Fourth Amendment analysis from the concept of national security. The Katz Court went so far as to say that its decision had no bearing on cases involving national security concerns.[35] Congress, too, has tried to preserve effective national security devices when legislating privacy. Privacy laws following Katz, such as Omnibus Crime Control and Safe Streets Act of 1968, were drafted to ensure that the President’s authority remained untouched in matters of national security and foreign affairs.[36] 

Still, privacy and national security concerns have competed more and more in recent years, in foreign and domestic contexts and in cases involving US Citizens and foreigners. In United States v. United States District Court for the Eastern District of Michigan, a case involving a domestic organization’s conspiracy to bomb a CIA building, the Supreme Court declared that while cases involving national security concerns with domestic aspects require some judicial process, they do not need to meet the normal standard imposed by the Fourth Amendment.[37]

In 1978, Congress passed the Foreign Intelligence Surveillance Act, which granted the Executive Branch the authority to conduct electronic surveillance for the purposes of foreign intelligence.[38] The Act imposed standards that were more lenient than those required in regular criminal investigations. The courts consistently held that the Act complied with the Fourth Amendment.[39] This Act, however, predates the birth of the World Wide Web and so its application may have to be revisited in light of the recent decisions on privacy and technology.  

The evolution of technology and the instant transmission of information have changed the interests of national security. Likewise, the relatively new developments and the scarce authority of Fourth Amendment jurisprudence revolving around technology has slowed the development of guidance regarding the Fourth Amendment within the national security context. 

Originally, Fourth Amendment decisions were designed to apply within the United States. Now, restricting the doctrines within physical boundaries does not make sense in light of the limitless nature of information sharing and technology. The lines that were originally drawn predate modern technology and most of the laws regarding surveillance are outdated. Many of these issues remain unresolved by the Supreme Court. Technology has been and continues to be outpacing the law.

Conclusion

            Thank you for participating in our course on Searches and Seizures. We’ve aimed to give you the framework of the Fourth Amendment and how it’s applied. We’ve looked at the warrant requirement, the exceptions to the requirement and the exclusionary and fruit of the poisonous tree rules that enforce the Amendment’s protections. We’ve also seen how the privacy guarantees of the Constitution become confusing, muddled and harder to apply as technology changes the landscape of what is considered private information. Thank you for watching this presentation on this important and interesting area of law and please let us know if you have any questions or comments.