When Your Records Are Not Yours
Two cases highlight the precariousness of privacy.
In May a federal appeals court said police do not need a warrant to look at cellphone records that reveal everywhere you've been. Two days later, another appeals court said the National Security Agency (NSA) broke the law by indiscriminately collecting telephone records that show whom you call, when you call them, and how long you talk.
That looks like one victory for government snooping and one defeat. But both decisions highlight the precariousness of privacy in an age when we routinely store huge amounts of sensitive information outside our homes.
The Fourth Amendment prohibits "unreasonable searches and seizures" of our "persons, houses, papers, and effects." But the Supreme Court says it does not protect our papers once we entrust them to someone else.
In a 1976 case involving bank records, the Court declared that "the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed." Three years later, in a case involving phone records, the Court reiterated that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties."
This dubious "third-party doctrine," enunciated before the Internet existed and mobile phones became ubiquitous, was crucial to the outcome of a case decided by the U.S. Court of Appeals for the 11th Circuit in May. The court said an armed robber named Quartavius Davis had no constitutional grounds to object when the FBI linked him to crime scenes with cellphone location data that it obtained without a warrant.
The court's logic was straightforward: Those records did not belong to Davis; they belonged to MetroPCS, his mobile phone company. So even though they revealed everywhere he went over the course of 67 days, he had no reasonable expectation that the information would remain private.
Dissenting Judge Beverly Martin noted that the majority's reasoning invites even bigger intrusions. "Under a plain reading of the majority's rule," she said, "by allowing a third-party company access to our e-mail accounts, the websites we visit, and our search-engine history—all for legitimate business purposes—we give up any privacy interest in that information."
That means the government can find out what we watch on YouTube, what we look up on Wikipedia, what we buy on Amazon, and whom we "friend" on Facebook or date via Match.com—"all without a warrant." In fact, Martin noted, "the government could ask 'cloud'-based file-sharing services like Dropbox or Apple's iCloud for all the files we relinquish to their servers."
The U.S. Court of Appeals for the 2nd Circuit also noted the privacy threat posed by such data grabs in its ruling against the NSA's mass collection of phone records. But that decision was based on Section 215 of the PATRIOT Act, which the court said did not authorize the NSA program, contrary to the Obama administration's position. The ruling, which came out amid the congressional debate over reauthorization of Section 215, seemed to mean that the NSA could no longer use the provision to collect everyone's phone records even if Congress renewed it unchanged.
That outcome, while welcome, leaves unresolved a deeper issue that the 2nd Circuit mentioned: "whether the availability of information to telephone companies, banks, internet service providers, and the like, and the ability of the government to collect and process volumes of such data that would previously have overwhelmed its capacity to make use of the information, render obsolete the third-party records doctrine." Until the Supreme Court grapples with that issue, such highly revealing and deeply personal information will have only as much protection as legislators decide to give it.