Why The 'Third Party Doctrine' Undermines Online Privacy Protections
from the fourth-amendment dept
There’s been an interesting discussion going on between my colleague Jim Harper and legal scholar Orrin Kerr about the third party doctrine, the legal principle that, in effect, you lose your Fourth Amendment rights when you relinquish information to a third party. The doctrine has become increasingly important with the rise of modern technology because we now entrust a host of private data — including our email, cell phone calling data, credit card transactions, and more — to private companies, and the third party doctrine would seem to suggest that Fourth Amendment protections would not extend to such information. A couple of weeks ago, Kerr posted a draft paper defending the doctrine, arguing that it brings clarity and simplicity to privacy law and avoids the need for “a complex framework of sui generis rules.” Jim strongly disagrees with Kerr, arguing that the third party doctrine was always misguided and that recent technological changes have simply made these flaws more evident.
Jim points out that when the Fourth Amendment was drafted, the vast majority of peoples’ private activities occurred inside the home, and so it made sense to make the home focus of Fourth Amendment protections. But as people began conducting more and more of their lives outside of the home, with telephones, email, credit cards, and so forth, using the four walls of the home as the boundary for Fourth Amendment protection made less and less sense. And indeed, that’s precisely what the Supreme Court recognized in the famous 1967 case of Katz v. United States, which held that the Fourth Amendment applied to wiretapping of public pay phones because the Fourth Amendment protects “people, not places.” The same principle ought to apply to our emails, credit card transactions, and other data of a private nature: what matters is not where the data is located or who has custody over it, but whether the subject of surveillance had a reasonable expectation of privacy in his use of that data.
Kerr responded that “the real judges and Justices that make the rules” have recently shown greater sympathy for Kerr’s view of the Fourth Amendment as a narrow doctrine of criminal procedure rather than a broad charter for protecting peoples’ privacy. I agree with Jim that this isn’t really responsive to his argument. Whether judges currently do see things Kerr’s way tells us little about whether they ought to view them that way. Judges have gotten the Fourth Amendment wrong in the past. After all, Katz overruled Olmstead v. United States, a decision that had allowed warrantless wiretapping almost four decades earlier. So the fact that the courts have not yet extended Fourth Amendment protections to email or other digital records doesn’t prove that a future court won’t recognize that such information is as crucial to personal privacy as paper records and phone calls. Sticking with the third party doctrine would make the Fourth Amendment less and less relevant as technology changes because more and more private information to be held by third parties. If we want the Fourth Amendment to continue to be an effective protection for peoples’ privacy, and I think we do, it needs to be continuously updated to reflect changing technological realities.
Filed Under: fouth amendment, jim harper, orrin kerr, privacy, third party doctrine
Comments on “Why The 'Third Party Doctrine' Undermines Online Privacy Protections”
Mail
Before email, there was this thing called “mail”. It used envelopes.
What’s the modern version of an envelope? Encryption.
Re: Mail
That’s fine and dandy, but you can’t encrypt all forms of networked communication.
Even still, we’re discussing telephone conversations that may digitally pass through a third party’s network, but would still be considered private. Private instant communication comes in lots of forms that are rarely encrypted.
But the Fourth Amendment is also about PRESUMPTION of privacy.
It is widely known and stated that non-encrypted email is NOT private.
If you want the presumption of privacy in your e-mails, encrypt them, THEN complain if the government circumvents your encryption to read the e-mail.
Re: Re:
That’s not what I’ve found. Indeed, the vast majority of people that I talk to about it do believe that their e-mails are private. When asked if they would permit me to post all of their e-mail messages on a public website, all of them have answered “no” due to their considering those messages to be private.
Re: Re:
Anonimous Coward (love the name btw)
I would argue that the fact that in order for me to access my email server to read or write emails, I have to enter a user name and a personalized password, indicate that I should have presumption of privacy, unless you give me your information to access your email account or I unlawfully get your personal information, I cannot access your email because it is private.
Because your home’s curtains are open and your wife is taking a shower, doesn’t give me the right to stand at the window checking her out. and I say at the window rather than the street, because if I can see her from a public place then it gets murky, but I don’t thing that yahoo or gmail emails are readily available to be read by anyone typing a URL, you would need to hack into a system in order to have access to them.
Point of no return
Well, I think the horses have left the barn and the cat has escaped the bag.
Every day you read about another massive “loss” of personal information. Information on millions which should’ve been encrypted at least and even better locked up somewhere, but no, it was stored on a laptop left in the back seat in plain sight for someone to take or something similar ….
I now have no other conclusion available other than to assume that almost all data breaches are intentional and you rpersonal data is being bought and traded for the highest amount.
Not if, but when you are faced with some entity showing up with their hand out demanding payment – what are you to do ?
I think I’ll say “piss off dirtbag” its their own fault, not mine and I’m not paying.
Responsibility
The interesting thing about the article is that is suggests the courts need to extend the reaches of the fourth amendment and then ends with desire that the fourth amendment continues to be updated as technology is. So, whose responsibility is it? Courts or legislature. I think anytime you are looking for the courts to extend the reaches of any law, you are asking for trouble. Call upon congress to enact changes to the fourth amendment if that’s what you want, but don’t ask the court to continually reinterpret what is there.
Re: Responsibility
AC -> extend the reaches of the fourth amendment … whose responsibility is it?
Where in the 4th amendment does it limit its scope ?
I do not assume that the latest technology needs to be included, it is included unless specificaly stated otherwise.
“secure in their persons, houses, papers, and effects”
I think we all know what the writers had in mind, and it is easy to conclude that both papers and effects would cover your personal email, IMs, storage, etc.
And it is the courts, DAs, and AG who are responsible.
Katz and the phone company
So, wasn’t the Katz decision made in a situation where Katz and whoever he spoke to on the phone were handing the electrical impulses over to the phone company for transport to each other?
How does it make any difference that these days people are handing over digital bits for transport instead of analog electrical impulses?
I think the problem lies with your statement about continual update: “If we want the Fourth Amendment to continue to be an effective protection for peoples’ privacy, and I think we do, it needs to be continuously updated to reflect changing technological realities.”
What you want is to document the intent clearly, not examples. Clearly this whole mess got started because someone encoded an example – matters in the house – into law instead of the intent – matters between people.
So whilst I agree with you that it needs updating, I disagree with the continual part. People should stop interpreting things literally but instead focus on the intent.
I did not know the judicial branch made laws in the US. Hmm time for civics class again I guess.
Re: Re:
Wyatt -> I did not know the judicial branch made laws in the US. Hmm time for civics class again I guess
It is up to the judicial branch to enforce the existing laws, but you knew that.
I think the point is that the existing laws will do just fine. The default should be to include everything unless specifically excluded, therefore “papers, and effects” would cover email, IMs, etc.
Re: Re:
Pay attention when they mention “case law”.