3A.3 Privacy

3A.3 Privacy

Most of us take for granted today that we have some sort of "right of privacy," but what is that "right" and how did we get it?

Privacy can be defined in different ways. Justice Cooley in 1888 defined it as a right to be left alone. Others define privacy as a right to be anonymous. These are very different definitions with significantly different implications, particularly in the context of technology.

In legal terms, privacy is a dual right: the right to be free from government intrusion in certain areas of our lives and the right to be free from intrusion by other individuals into our "private" lives. The former right is largely protected via constitutional interpretation and assorted statutes. The latter, the right to be free from intrusion by other individuals, is protected largely via common law, that is, the law of courts and precedent - sometimes referred to as "judge-made law" or as a tort. A tort, as defined by the great legal commentator William Prosser, is a civil, as opposed to criminal, wrong, other than breach of contract, for which the law will provide a remedy in the form of an action for damages.

Before 1890, no English or American court had ever recognized a "right of privacy." However, in 1890, a Harvard Law Review article by Samuel Warren and Louis Brandeis examined a number of cases ostensibly decided on other grounds, and concluded that these decisions were actually based on a broader principle: a right of privacy. By the 1930s, almost all jurisdictions had recognized the Right of Privacy, either by statute or common law.

The Common Law "Right of Privacy" actually is four different rights protected by four different tort causes of action:

1. appropriation of a person's name or likeness for the defendant's benefit,

2. unreasonable intrusion, defined as intentional interference with another person's interest in solitude and seclusion,

3. public disclosure of private facts,

4. false light, that is, publicity which presents a person to the public in a false light.

In addition to common law protections, there are a number of federal statutes specifically aimed at preserving privacy in particular circumstances. These include:

• the Electronic Communications Privacy Act, which regulates interception of electronic communications by both the government and private individuals,

• the Privacy Act of 1974, which imposes limits on the collection and use of personal information by federal agencies,

• the Family Educational Rights & Privacy Act, which permits students (and parents of minor students) to examine and challenge the accuracy of school records,

• the Fair Credit Reporting Act, which regulates collection and use of personal data by credit-reporting agencies,

• the Equal Credit Opportunity Act, which prohibits creditors from gathering certain types of data from applicants such as gender, race, religion, national origin, birth control practices, or child-bearing plans,

• the Federal Right to Financial Privacy Act of 1978, which limits the ability of financial institutions to disclose customer information to agencies of the federal government,

• the Federal Cable Communications Policy Act, which prohibits cable television companies from using cable systems to collect personal information about subscribers without their consent,

• the Video Privacy Protection Act, which prohibits video tape sale or rental companies from disclosing customer names and addresses and the subject matter of their purchases or rentals for direct marketing use.

While it is important to understand that the "right of privacy" is protected by common law and statutes, for the purposes of the criminal law, and this book, the focus is on our privacy protection as it is embodied in the Constitution. The word "privacy" does not appear in the Constitution and the right of privacy in this context is largely a separate body of law developed over many years through interpretations and analysis of the Fourth Amendment, which prohibits "unreasonable searches and seizures." It turns out that our right of privacy has a lot to do with our expectations and how reasonable they are. Consider some seminal Supreme Court criminal cases regarding our "right to privacy" under the Fourth Amendment.

The Fourth Amendment's prohibition of "unreasonable searches and seizures" applies to searches and seizures made by government without a warrant, unless either a warrant is unnecessary, or the search or seizure falls under one of the exceptions to the warrant requirement. It is illustrative to consider several key cases to gain a better understanding of when a warrant is unnecessary and when it is not, that is, when does a warrantless search or seizure not violate our "right of privacy?"

3A.3.1 Katz v. United States

In 1967, the Supreme Court considered the case of Katz v. United States. Katz had been convicted of transmitting wagering information from Los Angeles to Miami and Boston. The government introduced evidence of Katz's end of telephone conversations, which had been obtained without a warrant by placing electronic listening devices on the outside of the phone booth from which Katz made the calls. The government argued that a warrant was unnecessary in this case because there was no search or seizure since there had been no physical entrance into the area occupied by Katz - the phone booth.

The Katz court defined the parameters of "privacy" by saying that what a person exposes to the public, even in his own home, is not private but that, similarly, what a person seeks to preserve as private, even in an areas accessible to the public, may be constitutionally protected. Here, the Court said, Katz was in a phone booth (the old-fashioned kind, which was actually an enclosed space with a door that closed). He was entitled to aural privacy. "One who occupies it, shuts the door behind him, and pays the toll is surely entitled to assume that the words he utters will not be broadcast to the world."

Katz is one of the earliest cases in which the Supreme Court addressed the question of privacy rights in intangible property, that is, information, and how strongly information is protected against searches or seizures made possible by technology. The court's decision makes it clear that such property is as highly protected as tangible property, the object of more traditional searches and seizures.

3A.3.2 California v. Greenwood

Twenty-one years later, in California v. Greenwood, the Supreme Court explained the relationship between privacy expectations and the extent to which a right of privacy is safe from government intrusion. Acting on a tip from an informant and without a warrant, the police asked the garbage collectors in Greenwood's community to give them Greenwood's garbage. The police searched the garbage and found evidence of drug use. Based on this evidence, the police obtained a warrant, searched Greenwood's home, and found drugs. Greenwood was arrested on felony narcotics charges. Finding that the warrant to search Greenwood's house could not have been obtained without the evidence obtained from the warrantless trash searches, the California Superior Court dismissed the charges under a previous California decision holding that warrantless trash searches violated the Fourth Amendment. On appeal, both the California Court of Appeals and the California Supreme Court affirmed the dismissal of the charges against Greenwood. The state took its appeal to the United States Supreme Court.

The Supreme Court stated that the warrrantless search of the trash bags left outside Greenwood's home would violate the Fourth Amendment only if Greenwood manifested a "subjective expectation of privacy in [his] garbage that society accepts as objectively reasonable." Whether something is constitutionally protected as "private" (in cyberspace as well as the physical world) is therefore determined by a two-prong test. Did the individual do something to demonstrate that he or she personally had an expectation of privacy (the subjective prong), and is that person's expectation of privacy one that society believes is reasonable (the objective prong).

In Greenwood's case, the court said he may indeed have had a subjective expectation of privacy, but it was not an objectively reasonable one. By putting out his trash he exposed it to the public (i.e. made it accessible to snoops, scavengers, animals, etc.). In fact, by leaving the trash at the curb he expressly intended to convey it to a third party. Greenwood therefore had no constitutionally protected expectation of privacy in the contents of his garbage and no warrant was necessary for the police to search it.

3A.3.3 Kyllo v. United States

Perhaps no Supreme Court decision illustrates the tension between technology and privacy law better than its 2001 decision in Kyllo v. United States. Kyllo was suspected of growing marijuana in his home. Without obtaining a warrant, Department of the Interior agents used a thermal imager to scan Kyllo's triplex apartment from the passenger seat of a car. The imager showed that the garage roof and sidewall of the home were relatively hot compared to the rest of the structure and neighboring homes. The agents concluded that Kyllo was using halide lights to grow marijuana. Based on the results of the thermal imaging, as well as tips from an informant and Kyllo's high electricity bills, a warrant was issued and Kyllo's home was searched. An indoor marijuana growing operation was found. Kyllo was indicted on one count of "manufacturing marijuana." Kyllo moved to suppress the evidence obtained during the search, arguing that a warrant was required for the thermal imaging of his home. The Ninth Circuit Court of Appeals held that no warrant was needed for the thermal imaging, reasoning that Kyllo had exhibited no subjective expectation of privacy because he had not attempted to conceal the heat escaping from his home, and that even if he had exhibited a subjective expectation of privacy, it was not one that society would consider objectively reasonable because the thermal imager did not expose intimate details of his life, merely amorphous "hot spots" on the exterior of his home.

The Supreme Court reversed. The Court noted that it is true that warrantless surveillance is generally legal and that previous holdings say that visual observation is simply not a "search," and thus, not subject to Fourth Amendment prohibition. The Court emphasized the critical issue in this case: "The question we confront today is what limits there are upon the power of technology to shrink the realm of guaranteed privacy." The Court found that using sense-enhancing technology to obtain information about the interior of a home that could not otherwise have been obtained without physical intrusion constituted a search and was presumptively unreasonable without a warrant. Interestingly, however, the court added that this was true "at least where the technology in question is not in general public use."^[1] In the Kyllo case, the Court reasoned that the thermal imager was a device not in general public use and that it exposed details of activities within the home. The case was remanded to the District Court to determine whether there was sufficient evidence other than the thermal imaging results to support the issuance of the search warrant.

The dissenting opinion stressed the more traditional analysis that what a person knowingly exposes to the public is not a subject of Fourth Amendment protection and that searches and seizures of property in plain view are presumptively reasonable. It characterized the thermal imaging as "off the wall" surveillance, as opposed to "through the wall." No details of the interior of the home were revealed, said the dissent, and the conclusions drawn by the officers from the results of the thermal imaging were simply inferences, not a search.

The dissent also criticized the majority's opinion because of the difficulty of defining "in general public use." The dissent noted that 12,000 thermal imagers had already been manufactured and are readily available to the public (they can even be rented by calling an 800 number).

When is a technology "in general public use", and therefore, one from whose use as a search tool individuals are no longer constitutionally protected? What about technologies developed to replace non-mechanical law enforcement techniques that have previously been held not to be "searches?" For example, the use of dogs to sniff out narcotics has not been considered a search. Would a device to detect the same odors be treated differently?

In many ways, the Kyllo decision raises more questions than it answers. However, it vividly illustrates how tightly connected technology and its use are with the reasonableness of our expectations about what is private, and therefore protected by the Fourth Amendment from warrantless search or seizure.

The ECPA prohibits anyone, not just the government, from unlawfully accessing (18 USC 2511-2521) or intercepting (18 USC 2701-2709) electronic communications. Rather than detail every aspect of these complex sections, several interesting aspects are highlighted here. A more detailed discussion of the ECPA can be found in (USDOJ 2002) and (Rosenblatt 1995). Rosenblatt interprets the ECPA twice. One interpretation is aimed at law enforcement and the other is directed at corporate investigators.

The ECPA stipulates that, to obtain authorization to intercept transmissions, law enforcement must follow a specific procedure and obtain a court order (or another certification in writing) that satisfies a given list of requirements. These rigid requirements make it more difficult to obtain authorization to intercept electronic communications. Notably, when dealing with intercepted transmissions, a search warrant will not satisfy the ECPA's court order requirement. There is more flexibility when it comes to stored electronic communications:

2703(1) A governmental entity may require a provider of remote computing service to disclose the contents of any electronic communication to which this paragraph is made applicable by paragraph (2) of this section -

1. without required notice to the subscriber or customer, if the governmental entity obtains a search warrant issued under the Federal Rules of Criminal Procedure or equivalent State warrant; or

2. with prior notice from the governmental entity to the subscriber or customer if the government entity -

   1. uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury subpoena; or

   2. obtains a court order for such disclosure under subsection (d) of this section;

except that delayed notice may be given pursuant to section 2705 of this title

This distinction between stored and transmitted communications was made because intercepting transmissions is potentially a greater invasion of privacy than collecting stored communications. When intercepting communications, there is a high chance that unrelated, private information will also be intercepted, whereas stored communications are more discrete and the chance of collecting unrelated, private information is limited.

An interesting distinction between intercepted and stored communications arose during the Steve Jackson games case (detailed in Chapter 9), in which the Secret Service violated the ECPA by reading and deleting e-mail that had never reached the intended recipients. Steve Jackson Games argued that the Secret Service had intercepted the e-mail because it had not been delivered to the intended recipients. However, the court argued that the e-mail had been delivered to the recipient's mailboxes and the ECPA made a clear distinction between storage and transmission so there was no way that the deleted e-mail fell into both categories. The e-mail would have to have been actively traveling through a wire or computer to qualify for the transmission clause.

There is one aspect of the ECPA that is still hotly debated. It is argued that under certain conditions (e.g. prior consent by one of the participants in a communication) an organization can search employees' communications. Therefore, many organizations have policies that allow them to monitor communications and all employees are required to agree to the policy by signature before gaining access to e-mail or a network. However, some people feel that any random monitoring of communications is not in the spirit of the law and that an employee's consent should be obtained each time the employer needs to access or intercept communications.

The USA Patriot Act, enacted after the terrorist attacks of September 11, 2001, greatly expands the government's ability to use technology as a surveillance and data collection tool - both in the physical world and cyberspace. As mentioned in Chapter 1, the Terrorist Information Awareness (formerly Total Information Awareness) program seeks to exploit technology to merge information contained in thousands of different databases and use novel data mining techniques to create profiles of individuals in an attempt to identify suspected terrorists and potential terrorist activity. It is too soon to assess the impact of these and other efforts to monitor activities and behavior, or to know whether they will withstand constitutional scrutiny by the courts, but civil libertarians are concerned that the traditional privacy protections of the Fourth Amendment are rapidly being eroded.

^[1]The Court also noted its concern with other technology under development by the Department of Justice, such as a "Radar-based Through-the-Wall Surveillance System" and a "Radar Flashlight" that will enable law officers to detect individuals through interior building walls.