The following guest post is provided by Sonya Ziaja, J.D. Sonya is the co-owner of Ziaja Consulting LLC, a California based consulting group. She writes regularly for LegalMatch's Law Blog and Ziaja Consulting's blog, Shark. Laser. Blawg.
Senator Ron Wyden (D-Oregon) is in the process of crafting a bill to place legal limitations on the use of geolocation technologies.
Geolocation is commonplace nowadays. People play geolocation games (Foursquare, etc.). And geolocation technologies are encouraged to protect public safety (FCC’s Enhanced 911 rule). To some extent we are comfortable with broadcasting our location, which is well and good so long as doing so is harmless. There is, however, a less carefree side to geolocation--especially where it comes into conflict with the protections of the fourth amendment against unreasonable searches.
Over the past few years, law enforcement has increasing relied on geolocation techniques to track citizens without first obtaining a warrant. Doing so is at least questionably constitutional, if not outright illegal. Law enforcement makes use of both cell phone tracking and secretly tagging vehicles with GPS devices, all without court authorization.
The courts are split on the fourth amendment issues this issue raises. The Ninth Circuit in US v. Pineda-Moreno, for example, held that surreptitiously tagging a vehicle with a GPS device does not require a warrant because it is a substitute for “following a car on a public street, that is unequivocally not a search within the meaning of the [fourth] amendment.” The D.C. Circuit, however, takes the opposite view. In US v. Maynard, the D.C. Circuit held that a warrant is constitutionally necessary before police attach a GPS device to a suspect’s car. The court also specifically rejected the automobile exception argument, stating that
the automobile exception permits the police to search a car without a warrant if they have reason to believe it contains contraband; the exception does not authorize them to install a tracking device on a car without the approval of a neutral magistrate.
A recent case highlights the split. Earlier this March, a twenty-year old college student from San Jose, California brought suit against the FBI for secretly tagging his car without a warrant. Not surprisingly, he has decided to file in Washington D.C., rather than in California.
This circuit split is part of the impetus behind Senator Wyden’s bill--the Geolocational Privacy and Surveillance Act, or GPS Act. The bill aims to clarify the law, addressing multiple forms of geolocation, covering both information gained through cell phone use and covertly tagging vehicles. The hope is that the bill will create a uniform policy that protects both privacy and public safety.
To balance privacy and safety, the bill provides exemptions for emergency cases--for example in cases of national security of when the user’s life is at risk--when police would not need to obtain a warrant. These exemptions have been the most contentious aspect of the bill. Paul Wormelli, executive of the Integrated Justice Information Systems Institute, has been particularly vocal about his concerns that the bill’s exceptions are too vague and would have a chilling effect on officers.
The bill is still in the early stages, however, and has not been formally introduced in the Senate. The language may need clarifying, but at the moment, the GPS bill looks to be our best bet to address the constitutional issues raised by widespread use of geolocation technologies.
Showing posts with label Fourth Amendment. Show all posts
Showing posts with label Fourth Amendment. Show all posts
Wednesday, March 30, 2011
Thursday, January 20, 2011
Use of the Stored Communications Act to Get Email Without a Warrant Violates Fourth Amendment
Most modern email services allow people to keep messages indefinitely, and provide their users with enough space that doing so is actually an option. As a result, many people use their email accounts as a long term data archive, storing messages going back years.
So what does this have to do with privacy? Well, the stored communications act was written back in the days when email was much more akin to a mailbox. Because of this, it treats old email in a manner which is similar to how one might treat abandoned mail, and provides a mechanism in 18 U.S.C. 2703(d) to allow the government to get access to it without a warrant.
Actually, it provided a mechanism to allow the government to get access without a warrant. That changed with the case of U.S. v. Warshak, which found the government's use of section 2703(d) to obtain incriminating emails without a warrant violated the fourth amendment.
The facts of the case are extreme, and make for entertaining reading. The main defendant, Steven Warshak, owned Berkeley Premium Neutraceuticals, the company behind the once ubiquitous commercials for Enzyte. According to the opinion, Warshak had owned a number of other businesses. However, Berkeley stood out, both because of the success of Enzyte, and because of its extremely slimy business practices. A sample:
Those practices eventually led to a 112 count indictment, and the government obtaining thousands of incriminating emails from Warshak's service provider without a warrant under section 2703(d) of the stored communications act. After his conviction, Warshak appealed to the Sixth Circuit court of appeals arguing (among other things) that the emails were obtained in violation of the 4th amendment, and therefore should have been excluded as evidence.
While the Sixth Circuit upheld Warshak's conviction, it agreed that the warrantless search of Warshak's emails violated the fourth amendment. First, it established that Warshak had a subjective expectations that his emails would remain private. Indeed, the court said the very fact that the emails contained so much incriminating information was evidence that Warshak saw them as private correspondence. Next, the court asked whether the expectation of privacy in emails was one society was prepared to recognize as reasonable. To answer, the court addressed the heavy reliance of modern society on email, and analogized it to other types of communication that were traditionally protected under the fourth amendment. In the end, it concluded that
The decision didn't do much for Warshak. The court also held that the government had been relying in good faith on the act, and so the emails shouldn't be excluded. However, it will help everyone else down the line, because the good faith rule can't be used to justify actions that are clearly inconsistent with the court's holding.
So what does this have to do with privacy? Well, the stored communications act was written back in the days when email was much more akin to a mailbox. Because of this, it treats old email in a manner which is similar to how one might treat abandoned mail, and provides a mechanism in 18 U.S.C. 2703(d) to allow the government to get access to it without a warrant.
Actually, it provided a mechanism to allow the government to get access without a warrant. That changed with the case of U.S. v. Warshak, which found the government's use of section 2703(d) to obtain incriminating emails without a warrant violated the fourth amendment.
The facts of the case are extreme, and make for entertaining reading. The main defendant, Steven Warshak, owned Berkeley Premium Neutraceuticals, the company behind the once ubiquitous commercials for Enzyte. According to the opinion, Warshak had owned a number of other businesses. However, Berkeley stood out, both because of the success of Enzyte, and because of its extremely slimy business practices. A sample:
in November 2003, Berkeley hired a company called West to handle “sales calls that were from . . . Avlimil or Enzyte advertisements.” During the calls, West’s representatives asked customers if they wanted to be enrolled in the auto-ship program, and over 80% of customers declined. When Warshak learned what was happening, he issued instructions to “take those customers, even if they decline[d], even if they said no to the Auto-Ship program, go ahead and put them on the Auto-Ship program.” A subsequent email between Berkeley employees indicated that “all [West] customers, whether they know it or not, are going on [auto-ship].” As a result, numerous telephone orders resulted in unauthorized continuity shipments.
Those practices eventually led to a 112 count indictment, and the government obtaining thousands of incriminating emails from Warshak's service provider without a warrant under section 2703(d) of the stored communications act. After his conviction, Warshak appealed to the Sixth Circuit court of appeals arguing (among other things) that the emails were obtained in violation of the 4th amendment, and therefore should have been excluded as evidence.
While the Sixth Circuit upheld Warshak's conviction, it agreed that the warrantless search of Warshak's emails violated the fourth amendment. First, it established that Warshak had a subjective expectations that his emails would remain private. Indeed, the court said the very fact that the emails contained so much incriminating information was evidence that Warshak saw them as private correspondence. Next, the court asked whether the expectation of privacy in emails was one society was prepared to recognize as reasonable. To answer, the court addressed the heavy reliance of modern society on email, and analogized it to other types of communication that were traditionally protected under the fourth amendment. In the end, it concluded that
because they did not obtain a warrant, the government agents violated the Fourth Amendment when they obtained the contents of Warshak’s emails. Moreover, to the extent that the SCA purports to permit the government to obtain such emails warrantlessly, the SCA is unconstitutional.
The decision didn't do much for Warshak. The court also held that the government had been relying in good faith on the act, and so the emails shouldn't be excluded. However, it will help everyone else down the line, because the good faith rule can't be used to justify actions that are clearly inconsistent with the court's holding.
Tuesday, April 20, 2010
City of Ontario v. Quon
Yesterday, the Supreme Court heard oral arguments in City of Ontario v. Quon (transcript here), a case which addressed the ability of government employers to read personal text messages sent using government pagers. The background: Jeff Quon was a SWAT Sergeant who used a department issued pager to exchange text messages with his wife and girlfriend. After Quon repeatedly exceeded the department's 25,000 character/month limit, an audit was conducted which revealed Quon's personal text messages. Quon sued, claiming that he had a reasonable expectation of privacy in his personal text messages, and that reading the messages as part of the audit was an unreasonable search. The district court disagreed, the Ninth Circuit court of appeals reversed, and the Supreme Court accepted cert.
There were a couple of factual issues in the case, such as whether the police department's policy regarding personal communications covered text messages, and whether that policy had been modified by a later staff meeting where a Lieutenant had said that he wouldn't audit the messages as long as the individual employees paid for any overages. However, as described in the Scotuswiki (which did a pretty good job of summarizing the case and arguments), at oral argument, the Supreme Court seemed to be minimizing those factual issues, and coming down pretty squarely against Sergeant Quon. The Scotuswiki cited Justice Ginsburg as indicative of the court's apparent leanings. My preference would have been Justice Scalia, for this characteristically blunt exchange
Of course, whether you focus on Scalia, or Ginsburg, or one of the other Justices, the result looks the same - the Supreme Court is likely to decide that, at least for SWAT personnel using government issued pagers, employers are allowed to audit text messages by reading them, even if some of those text messages are personal.
There were a couple of factual issues in the case, such as whether the police department's policy regarding personal communications covered text messages, and whether that policy had been modified by a later staff meeting where a Lieutenant had said that he wouldn't audit the messages as long as the individual employees paid for any overages. However, as described in the Scotuswiki (which did a pretty good job of summarizing the case and arguments), at oral argument, the Supreme Court seemed to be minimizing those factual issues, and coming down pretty squarely against Sergeant Quon. The Scotuswiki cited Justice Ginsburg as indicative of the court's apparent leanings. My preference would have been Justice Scalia, for this characteristically blunt exchange
(emphasis added)
JUSTICE SCALIA: I guess we don't decide our -- our Fourth Amendment privacy cases on the basis of whether there -- there was an absolute guarantee of privacy from everybody. I think -- I think those cases say that if you think it can be made public by anybody, you don't -- you don't really have a right of privacy. So when the -- when the filthy-minded police chief listens in, it's a very bad thing, but it's not offending your right of privacy. You expected somebody else could listen in, if not him.
MR. RICHLAND [representing the City of Ontario]: I think that's correct, Justice Scalia.
JUSTICE SCALIA: I think it is.
Of course, whether you focus on Scalia, or Ginsburg, or one of the other Justices, the result looks the same - the Supreme Court is likely to decide that, at least for SWAT personnel using government issued pagers, employers are allowed to audit text messages by reading them, even if some of those text messages are personal.
Sunday, February 28, 2010
Creepiest Privacy Violation of 2009?
Imagine your child's school offered him or her a free laptop to do homework. That'd be pretty cool, right? Now, imagine that the school administrators used a built in web cam to surreptitiously take pictures of your children. According to the complaint filed in Robins v. Lower Merion School District, that's exactly what happened in one Pennsylvania school district (actually, it's even creepier than that, if the allegations set forth here are true). The complaint alleges violations of (among other things) the electronic communications privacy act, the stored communications act, the computer fraud and abuse act, and the fourth amendment (since the school administrators were acting on behalf of the state when they were allegedly violating the student's privacy rights).
Of course, the school officials are denying any wrongdoing, and claim they have been unfairly portrayed (see here). That could be true. After all, there's a reason we have trials, and it makes sense not to rush to judgment until after both sides have been able to have their proverbial day in court. However, while I don't want to rush to judgment, I can make a few comments at least on the legal theories in the case. First, while I understand the plaintiff's argument, that taking surreptitious web cam pictures violated the stored communications act and electronic communications privacy acts, I still don't know how good a fit those acts are for this particular (alleged) crime. After all, while the hypothetical communications (i.e., web cam images) were illicit, they weren't intercepted or accessed by anyone other than their intended recipients. Instead, I think the computer fraud and abuse act arguments seem a bit more natural. For the computer fraud and abuse act, I can't imagine how taking surreptitious pictures over a web cam doesn't exceed unauthorized access to a protected computer. I think the fourth amendment claim is also a good fit. While students have a lessened right to privacy in the school, there must still be a reasonable suspicion of illegal activity before school authorities can perform a search (a more detailed, and better, explanation of the relevant precedent can be found here). Further, the alleged monitoring wasn't limited to school hours, but also caught students while they were at home and, according to the complaint, "in various stages of dress or undress."
Again, all of the allegations in the complaint are just that - allegations. Until the defendants have a chance to answer, and the case is actually tried, they are presumed innocent (or, in this case, not liable). However, at least from the face of the complaint, it appears as though there could have been some serious privacy violations (potentially supporting claims under at least the fourth amendments and the computer fraud and abuse act).
(via Bruce Schneier)
Of course, the school officials are denying any wrongdoing, and claim they have been unfairly portrayed (see here). That could be true. After all, there's a reason we have trials, and it makes sense not to rush to judgment until after both sides have been able to have their proverbial day in court. However, while I don't want to rush to judgment, I can make a few comments at least on the legal theories in the case. First, while I understand the plaintiff's argument, that taking surreptitious web cam pictures violated the stored communications act and electronic communications privacy acts, I still don't know how good a fit those acts are for this particular (alleged) crime. After all, while the hypothetical communications (i.e., web cam images) were illicit, they weren't intercepted or accessed by anyone other than their intended recipients. Instead, I think the computer fraud and abuse act arguments seem a bit more natural. For the computer fraud and abuse act, I can't imagine how taking surreptitious pictures over a web cam doesn't exceed unauthorized access to a protected computer. I think the fourth amendment claim is also a good fit. While students have a lessened right to privacy in the school, there must still be a reasonable suspicion of illegal activity before school authorities can perform a search (a more detailed, and better, explanation of the relevant precedent can be found here). Further, the alleged monitoring wasn't limited to school hours, but also caught students while they were at home and, according to the complaint, "in various stages of dress or undress."
Again, all of the allegations in the complaint are just that - allegations. Until the defendants have a chance to answer, and the case is actually tried, they are presumed innocent (or, in this case, not liable). However, at least from the face of the complaint, it appears as though there could have been some serious privacy violations (potentially supporting claims under at least the fourth amendments and the computer fraud and abuse act).
(via Bruce Schneier)
Tuesday, October 9, 2007
USA PATRIOT Act Violates Fourth Amendment
In Mayfield v. U.S., a federal district judge ruled that the two provisions of the USA PATRIOT Act violate the Fourth Amendment of the United States Constitution because they allow surveillance without probable cause. This decision shows that six year after the Patriot Act passed, privacy concerns still exist regarding its use and scope. Indeed, privacy concerns were raised within a week of the act passing in 2001. In Mayfield, these privacy concerns were somewhat relieved.
Brandon Mayfield is a 38-year old American citizen. He is a former Army office with an honorable discharge and a practicing lawyer. Prior to his arrest based on the Patriot Act, he had never been arrested. Mayfield is Muslim.
In 2004, the FBI began surveillance on Mayfield and his family. The FBI followed them to work, school, the Mosque they attend, and other places. The FBI also placed electronic surveillance devices in their home.
The FBI contends that it took this action because it believer, based on a partial match fingerprint, that Mayfield may have been involved in the terrorists bombings in Madrid, Spain on March 11, 2004. But, the Spanish National Police did not share this conclusion. Regardless, the FBI arrested Mayfield and imprisoned him for two weeks. Mayfield was released when the Spanish National Police informed the FBI that the fingerprint actually belonged to an Algerian, Ouhane Daoud.
While the facts of Mayfield's arrest are interesting, they are not directly relevant to the court opinion because he brought a facial challenge to the two provisions, not an as-applied challenge. In other words, the focus of his claim is that the two provisions at issue always violate the Fourth Amendment, not just in his particular case.
Specifically, Mayfield challenged the way in which the Patriot Act amended FISA. Before the Patriot Act, the government could only get a search warrant from a FISA court if the "primary purpose" was related to gathering national security intelligence. The Patriot Act lowered the standard to allow FISA warrants when merely a "significant purpose" of the warrant was related to national security intelligence. Thus, the Patriot Act allowed the government to obtain FISA court warrants when the primary purpose was to gather evidence related to domestic criminal activity. This lower standard violates the Fourth Amendment's probable cause requirement.
As the Mayfield court stated:
As a remedy to Mayfield, the court not only found this change in the law unconstitutional, it ruled that the "Executive Branch must destroy or otherwise eliminate" the materials in its files that were the fruits of the unconstitutional search.
In short, the privacy implications of this case relate to the government's ability to conduct surveillance and create and retain databases of information on American citizens using FISA without having to prove probable cause, even when the primary purpose of the surveillance is not related to national security. While this decision is a victory for privacy interests, it is not the last word. Most likely, the government will appeal. Nonetheless, six year after passing the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorists Act (aka USA Patriot Act), privacy concerns seem to be getting some traction in the courts.
Brandon Mayfield is a 38-year old American citizen. He is a former Army office with an honorable discharge and a practicing lawyer. Prior to his arrest based on the Patriot Act, he had never been arrested. Mayfield is Muslim.
In 2004, the FBI began surveillance on Mayfield and his family. The FBI followed them to work, school, the Mosque they attend, and other places. The FBI also placed electronic surveillance devices in their home.
The FBI contends that it took this action because it believer, based on a partial match fingerprint, that Mayfield may have been involved in the terrorists bombings in Madrid, Spain on March 11, 2004. But, the Spanish National Police did not share this conclusion. Regardless, the FBI arrested Mayfield and imprisoned him for two weeks. Mayfield was released when the Spanish National Police informed the FBI that the fingerprint actually belonged to an Algerian, Ouhane Daoud.
While the facts of Mayfield's arrest are interesting, they are not directly relevant to the court opinion because he brought a facial challenge to the two provisions, not an as-applied challenge. In other words, the focus of his claim is that the two provisions at issue always violate the Fourth Amendment, not just in his particular case.
Specifically, Mayfield challenged the way in which the Patriot Act amended FISA. Before the Patriot Act, the government could only get a search warrant from a FISA court if the "primary purpose" was related to gathering national security intelligence. The Patriot Act lowered the standard to allow FISA warrants when merely a "significant purpose" of the warrant was related to national security intelligence. Thus, the Patriot Act allowed the government to obtain FISA court warrants when the primary purpose was to gather evidence related to domestic criminal activity. This lower standard violates the Fourth Amendment's probable cause requirement.
As the Mayfield court stated:
Since the adoption of the Bill of Rights in 1791, the government has been prohibited from gathering evidence for use in a prosecution against an American citizen in a courtroom unless the government could prove the existence of probable cause that a crime has been committed. The hard won legislative compromise previously embodied in FISA reduced the probable cause requirement only for national security intelligence gathering. The Patriot Act effectively eliminates that compromise by allowing the Executive Branch to bypass the Fourth Amendment in gathering evidence for a criminal prosecution.
As a remedy to Mayfield, the court not only found this change in the law unconstitutional, it ruled that the "Executive Branch must destroy or otherwise eliminate" the materials in its files that were the fruits of the unconstitutional search.
In short, the privacy implications of this case relate to the government's ability to conduct surveillance and create and retain databases of information on American citizens using FISA without having to prove probable cause, even when the primary purpose of the surveillance is not related to national security. While this decision is a victory for privacy interests, it is not the last word. Most likely, the government will appeal. Nonetheless, six year after passing the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorists Act (aka USA Patriot Act), privacy concerns seem to be getting some traction in the courts.
Subscribe to:
Posts (Atom)