Revisiting Smith v. Maryland


Since I'd been focusing on a variety of other things, I never did say anything about the NSA's call-pattern data mining program, which USA Today disclosed earlier this month. So here's one belated thought about Smith v. Maryland, the 1979 Supreme Court case establishing that pen registers and trap-and-trace devices (which record the numbers dialed from a particular phone and the numbers calling in, respectively) were not Fourth Amendment "searches." The case is being routinely invoked as a kind of stainless steel shut-up rejoinder to anyone who raises questions about the constitutional propriety of the program. (See, e.g., Stephen Spruiell in the latest National Review. [subsc.])

The decision in Smith rests on two main pillars. The first is the argument that pen registers differ markedly from the sorts of wiretaps that were ruled to require a warrant in Katz v. United States (1967) because the information they provided to police was so limited. (Let's be really creative and call this the "limited information argument.") Citing an earlier decision, the court wrote:

Indeed, a law enforcement official could not even determine from the use of a pen register whether a communication existed. These devices do not hear sound. They disclose only the telephone numbers that have been dialed - a means of establishing communication. Neither the purport of any communication between the caller and the recipient of the call, their identities, nor whether the call was even completed is disclosed by pen registers.

The second argument is what I'll call the "disclosure argument," which rests on the notion that you don't have an expectation of privacy in information you've disclosed to a third party:

Telephone users, in sum, typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes. Although subjective expectations cannot be scientifically gauged, it is too much to believe that telephone subscribers, under these circumstances, harbor any general expectation that the numbers they dial will remain secret.

Let's take these in reverse order.

The disclosure argument I've always had some issues with. In fact, it was the topic of one of the first Web columns I wrote for Reason. The problem with it is that it imagines this unrealistically (if conveniently, for legal line-drawing purposes) simple binary concept of privacy, where information is either known only to me (and maybe my family), or else has been shared with someone else, at which point it is fully public. One big problem with this, as I noted in that column, has been pointed out by Richard Posner: It allows the government to evade Fourth Amendment scrutiny by a kind of two step. First, in the guise of economic regulation, the government can require all companies of a certain sort (say banks and phone companies, which it's enormously difficult for most Americans to avoid dealing with entirely) to collect some particular information from their customers. Then if the government wants to require the company to turn over the information, it can avoid scrutiny because there's no expectation of privacy once some third party institution is in on the secret.

Problems of that sort aside, I think this is a pretty obviously unrealistic picture of how people form expectations of privacy. If I send a snarky e-mail around to a dozen friends, I may well be taking the risk that one of them will indiscreetly forward it to the target of my snark (or to someone who forwards it to someone who…). But that's just wholly different, it seems, from the risk that the government will force one of my friends to fork over the e-mail. And it's different yet again from the situation where I've shared the information with some company that may well have a binding contractual obligation to use it only in some specified ways.

Part of the problem here is that since the late '70s, we've gone a long way toward a world in which a huge amount of our most private information is held by third parties. A huge chunk of my e-mails from the last couple years are stored on some server owned by Google, where ad-generating software sifts through my private communications looking for keywords that will allow the company to display personally-tailored advertisements for me. Now, maybe I'm naive to have any expectation of privacy in the e-mails sitting on that server, but I do pretty much expect that nobody at Google is actually looking through my correspondence and passing it around to their friends. And I at least didn't expect until recently that some government program would be sifting through those e-mails to see whether I used the word "jihad" some suspicious number of times in letters to people in Saudi Arabia.

So much for third party disclosure. What about the limited information argument? Here, again, we've got a case where the ruling decision hails from a very different technological context. First, it's worth observing that just in terms of the information the NSA program actually collects, there's more information gathered than was at issue in Smith, since the NSA is apparently also taking note of how long particular calls lasted. More important, though, is how much other information is, so to speak, implicitly contained in some datum like a phone number.

It is now, for instance, incredibly easy to run a reverse phone number lookup using public databases to put names and addresses with those numbers. Has hubby been racking up hours on the gay singles chat line? Has the missus been on the horn to a divorce lawyer? All things one might want to keep private. Now, the NSA says it's not connecting its numbers to names and identities, just doing pattern analysis. But it seems as though the point has got to be to make that kind of connection, eventually, when your computers decide some pattern or another is suspicious. And if the collection of the numbers themselves doesn't count as a search, it's very difficult to imagine the legal argument that would make it a search if investigators later decided to run those legitimately-obtained numbers through a public database (hell, you can do it with Google) and get a list of names. What court is going to rule that getting the number wasn't a search, but punching it into Google is?

Someone like Spruiell is going to say (does, in fact, say) this is all moot unless we can point to some specific case in which information gathered by this top-secret program has been abused. Oddly enough, I think it might be a while, given the NSA's reluctance to advertise such things. But even leaving that aside, that's just not the way the Fourth Amendment is supposed to work. We don't operate on the presumption that the government can just gather all this information, and that we'll wag our fingers at them if we discover they've gone ahead and misused it in some invasive way. (If it were, we could make things a lot easier by letting the government record all our calls and hoping they'd only be listened to with proper authorization.) We recognize there's a huge asymmetry in power and information between the NSA and the average American, and prevent them from getting the information in the first place.

I'm not actually sure just yet what I think about this program—what level of judicial scrutiny should be applied, what kind of restrictions might be placed on how data is used. But I'm pretty sure that just invoking Smith v. Maryland doesn't do anything to deal with the core concerns people have about programs like these.

[Cross-posted @ NftL]

NEXT: Sniper Down Again

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I agree with all of that. The analogy that the info the NSA is gathering (even if you take what we are told at face value, which the track record to dat tells us we should not) is no different than pen registers simply does not hold up, considering the vast store of information that can be accessed by a simple cross-reference to public databases (and God knows what kind of cross-referencing the NSA can do).

    I also agree with the broader concern with how the courts view privacy. This issue comes up in other contexts, where any disclosure at all is taken to mean a blanket waiver of privacy, which I think often misses the point and does not take into account the realities of how people live their lives. On the issue of closed-circuit monitoring of anything and everything, for example, advocates for 24/7 monitoring say "look, you are in public, you have no expectation of privacy, what's the big deal?" But I think it is one thing that you obviously have no expectation of privacy when you go to the cleaners, or to the grocery store, or wherever, and quite another that someone is following you (or filming you as you go) from on place to the next, making a database of where you go, how long you stay, who you talk to, etc. Likewise, everyone can see you and your kids playing in the front yard of your house, but that does not mean a person standing across the street watching you and your kids EVERY time you go out in the front yard is not threatening as hell, and feels like an invasion of privacy. In the phone tap context, of course we realize that the phone company knows who we are calling and how long we are on the line. That some other party (especially the NSA) creates a comprehensive database of EVERY call, EVERY party, etc., is a difference in the kind of invasion of privacy, not just degree.

    Apart from any other conrcerns, the NSA database seems tailor-made to be a vast resource for the government whenever they want blackmail someone (with phone calls to ex-girlfriends, hookers, whatever) or to create a perjury trap. Since lying to a fed (even when not under oath) can get you popped for a federal crime, knowing all sorts of uncomfortable telephonic tidbits about you would come in quite handy. "When is the last time you talked to so-and-so? Months? Oh, really?"

  2. I often wonder, though, if we aren't all doomed because we constitutionally permit drunk driving check points. It all seems to come from the same well.

  3. Don't look for much help from the courts.

  4. I predict this program will be shut down by an angry Republican Congress the day before Hillary Clinton is sworn into office.

    And undoubtably, it will be her massive overreach of executive power -- backwards through time, no doubt -- that triggered such an unprecedented move. 🙂

    I wish I was joking. I think most Democrats are too damn naive to think this program will be abused (and are, in any case, utterly helpless to stop it at the moment) and the GOP won't care about abuses until they risk being on the receiving end.

  5. Julian and Jeff, you both make great points. Like Julian, though, I'm not sure what to think of this program.

    The underlying reason given for the NSA to be doing this kind of data collection and analysis seems to be in keeping with the legitimate role of gov't in society of preventing the application of force by parties foreign or domestic against the people of the US. Good so far.

    Where there's potential for mischief is, as Jeff alludes to, when other agencies ask to have a look at this data and analysis for purposes far removed from that legitimate mission. Drug interdiction springs to mind as a probable usage, though one should not discount misuse along the lines of the fishing expeditions exemplified by the FBI files in the Clinton White House.

    Given that the Federal gov't has a lusy track record at coloring inside the lines in these matters, I guess I'm inclined to be somewhat reluctantly opposed to the NSA (theoretical) program, not because it's unjustified on the face of it, but because it's just too likely to be misused in the future.

  6. The issue is never whether the government actually abuses the information they find. In fact, most 4th Amendment cases concern extremely damning evidence, not "innocent" information. The "law and order" GOPers are worse than the liberals.

  7. Damn, Julian. You have posted over 3000 words today, breaking Phileleutherus Lipsiensis' single day record.

  8. Alright, Morat, you've persuaded me. I want Hillary in the White House, and I want the 60 most frequent posters on in the Senate. And the next 300 most frequent Freeper posters in the House.

    They'll have articles of impeachment drafted before she even takes the oath of office.

    Oh, sweet gridlock!

  9. I often wonder, though, if we aren't all doomed because we constitutionally permit drunk driving check points. It all seems to come from the same well.

    When seat belt laws were introduced (here) it was with the expressed intent that they would never be the subject of 'primary enforcement'.

    Today I got held up by a "seat-belt enforcement zone" which is a sort of rolling checkpoint. Spotter cops relay the plate numbers of scofflaws to vehicles ahead.

    I belt up because it's a good bet. But I seriously respect the right of Joe Driver to make the choice for himself. Same with motorcycle helmets.

    Except, of course, for teh children.

  10. Good spotlight on "pen registers." I dealt with the more general topic last week in Unreasonable Search.

  11. First, it would be interesting to see if the SCOTUS would agree that this ruling extends to sharing such information with non-law-enforcement branches of the government (NSA is not a law enforcement arm). Second, it would be interesting to see if the Court came to the same conclusion if the target for the the data sweep was "every citizen in the US" and not just targets of law enforcement investigations.

    Third and most importantly, this decision seems to suck. This exact same logic seemingly applies to any piece of data submitted to any private third party unless the data is specifically protected (e.g. medical records). Sorry, but this is wrong. I should be able to have commercial transactions with third parties without the expectation that the government can take the records for its own use without any kind of a warrant.

    Also, the premise that this ruling is based on is provably false, though only by technology instituted after the decision. There is an entire industry of phone company services and 3rd party technologies aimed right at this area of phone call (and email; and Internet surfing) anonymity and privacy. With the Internet for example, there is a very, very clear expectation that sharing information with a company for one purpose (e.g. to complete a transaction) does NOT authorize the company to use or share the data for any other purpose. This use of transaction data and its limits is a CRITICAL and front-of-mind issue for modern communicators. It is absurd to say, as the justices did, that:

    When petitioner voluntarily conveyed numerical information to the phone company and "exposed" that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information to the police

    The implication is that by giving a company data for use in a transaction, we are giving them an unwritten license to do whatever they want with the data. Do you believe you are granting this? Is it true that you "entertain no expectation of privacy" in such transactions? If you agree with this ability, then I assume you also agree that the government should be able to see all your:

    * Credit card bills
    * Records of who you have emailed
    * Records of which Internet sites you have visited
    * Records of what searches you made in search engines

    These are all 100% amenable to the logic the Justices used in this decision.

    I don't mean that law enforcement shouldn't be able to subpoena these records ever. But they need to at least go to a judge and say "we want to see Warren's phone records from X to Y date because we suspect him of Z for the following reasons."

  12. I wish companies would just stop storing this data.
    A phone company does not need to track who I call.

Please to post comments

Comments are closed.