Computers, Privacy & the Constitution

View   r6  >  r5  >  r4  >  r3  >  r2  >  r1
AvaGuoFirstPaper 6 - 14 Jan 2015 - Main.IanSullivan
Line: 1 to 1
Changed:
<
<
META TOPICPARENT name="FirstPaper"
>
>
META TOPICPARENT name="FirstPaper2013"
 How the Fourth Amendment Could Be Revived

-- By Ava Guo - 04 Mar 2013


AvaGuoFirstPaper 5 - 12 May 2013 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
How the Fourth Amendment Could Be Revived
Line: 19 to 19
 In a world in which personal best efforts to protect private information is insufficient because we have to interact with others who do not do the same, it is up to the courts to revive the Fourth Amendment to protect what are and should be reasonable expectations in the new technological world.
Added:
>
>

This is meaningless not-analysis. In response to my criticism of the last draft, you simply decided to ignore what I said and re-establish your argument on the same basis using different words. The Fourth Amendment, you say again, should be understood to reflect not "the artificial reason of the law," but whatever dumb shit uninformed people think about "privacy." That isn't how the constitutional law of search and seizure worked before, and it isn't how it's going to work now. The "reasonable expectation of privacy" bootstrap works against popular ideas of privacy, by giving judges the power to hold that the dumb shit people actually believe, by not being reasonable, isn't law. Which is what, in case after case, they do.

Here you tried again to make subjective popular belief the sole basis on which you are going to treat bits stored in a third-party location to which the operator has constant unlimited access differently than physical "papers and effects" stored on the same terms. This isn't legal analysis, this is ignoring applicable law. The question you need to answer is the question you ducked in this draft: what is the legal reason to treat bits differently than not-bits given the existing law of search and seizure with respect to third-party control?

 Word count: 985

AvaGuoFirstPaper 4 - 25 Apr 2013 - Main.AvaGuo
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Changed:
<
<
How the Death of the Fourth Amendment Could Have Been Avoided
>
>
How the Fourth Amendment Could Be Revived
 -- By Ava Guo - 04 Mar 2013
Changed:
<
<
With the advent of computers and the internet, this Fourth Amendment right of people “to be secure in their persons” has been chipped away by the courts in an attempt to figure out what warrants protection in cyberspace. The problem with the Fourth Amendment is not that it is inherently incapable of accommodating electronic communications; it is that the courts have been so wrapped up in trying to fit the new world of the internet into an old mold of the physical world that they have completely ignored the uniqueness of cyberspace.

I believe that as drafted, the Fourth Amendment had room to grow; had the courts abided by acknowledgement in Katz v. United States that it protects people, not areas, the “death” of the Fourth Amendment in the Information Age could have been avoided. Instead of comparing electronic communications with speech or telephone calls, the courts should have looked to society’s actual expectations with respect to activities on the internet, and analyzed them under and the “reasonable expectation of privacy” test.

>
>
With the advent of computers and the internet, this Fourth Amendment right of people “to be secure in their persons” has been chipped away by the courts in an attempt to figure out what warrants protection in cyberspace. The problem with the Fourth Amendment is not that it is inherently incapable of accommodating electronic communications; it is that the courts have been so wrapped up in trying to fit the new world of the internet into an old mold of the physical world that they have completely ignored the uniqueness of cyberspace. I believe that as drafted, the Fourth Amendment had room to grow and could be revived. Instead of comparing electronic communications with speech or telephone calls, the courts should have looked to society’s actual expectations with respect to activities on the internet, and analyzed them under and the “reasonable expectation of privacy” test.
 Katz v. United States

In Katz, federal agents taped a microphone to the top of a public pay phone booth that recorded the defendant’s side of his conversations. The court reasoned that the warrantless surveillance of the phone booth was impermissible, and more importantly, noted that the “Fourth Amendment protects people – and not simply “areas” – against unreasonable searches and seizures.” 389 U.S. 347, 352 (1967). This early analysis demonstrates that the Fourth Amendment was perfectly capable of extending its protections beyond physical places to people’s identities in cyberspace. In Justice Harlan’s concurrence, he articulates the “expectation of privacy” test as a twofold requirement. First, the individual must have an actual (subjective) expectation of privacy; and second, that expectation has to be one that society is prepared to recognize as “reasonable.” The Katz formulation has subsequently been adopted in various opinions of the court in relation to telephone calls, letters, electronic communications, and even GPS devices. In as recently as United States v. Jones, 132 S.Ct. 945 (2012), the Court reiterated the importance of Justice Harlan's concurrence as the standard in non-property-based searches and seizures, and emphasized that the Fourth Amendment protects a person's “reasonable expectation of privacy."

Changed:
<
<
The Danger of Analogies
>
>
Old and New Reasonable Expectations of Privacy
 In Hoffa v. United States, the defendant admitted his involvement in criminal activities to someone who turned out to be a government informer. The court held that as a result of this conversation, the defendant had no reasonable expectation of privacy in his communications because he assumed the risk that others may overhear and share it with others. 385 U.S. 293 (1966). Extending this to online communications, the court in State v. Moller held that the defendant had no expectation of privacy in an internet chatroom. 2002 WL 628634 (Ohio Ct. App. 2002). In this case, a police officer posed as a young girl and entered a chatroom for older men. The defendant contacted the officer to arrange a meeting with the “girl” for sexual activities. After defendant was arrested, he challenged the admission of his online communications as a violation of his Fourth Amendment rights. The court reasoned that just like an individual who has a conversation in public and within earshot of others, the defendant assumed the risk when he entered the public chatroom. It may be a subtle distinction to make but rather than comparing the chatroom to a crowded café, the court should have based its decision on the norms and expectations of a public internet chatroom. Indeed, the defendant should have had even less of an expectation of privacy in the chatroom because there is not only a risk that someone could “eavesdrop” on his conversation, but an absolute certainty that anyone else in the chatroom could and would read what he wrote.
Changed:
<
<
Rather than relying on analogies, we could start from scratch and look to what society's expectations are with respect to electronic communications and the electronic storage of data. In doing so, we could be guided by the Katz test and ask: (a) whether the individual has a subjective expectation of privacy; and (b) whether this expectation is one that we are prepared to recognize as reasonable. Much of our rules about third party storage in the real world come from the relationships between the parties and their expectations of privacy stemming from those relationships. For instance, renting a storage unit gives the renter the assurance that any search of the unit itself will require either his/her consent or a warrant. On the other hand, simply storing one's belongings in the apartment of a friend leaves the individual at the mercy of his friend's consent. In both of these situations, the "renter" is the one with ownership rights over the items, but his expectations nevertheless differ from scenario 1 to scenario 2. This is a result of reasonable expectations.

These rules have been ever thus and are now reasonable, beyond serious doubt. Why they should be different with respect to bits than they are with respect to stuff it is very difficult to see and you have in no way argued. It is true that those rules are having profound consequences as people adopt services provided to them in a supposedly "convenient" but indeed very rights-suppressing fashion. But that is not necessarily a reason to change the rules. If our desire to restore Fourth Amendment protection led us to reengineer "cloud services" and restore email to the federated condition it was in before Gmail, so that we all stored our data in a little box under our own bed at home in our own castle, that would be pretty damn fine.

But that's beside the point until we get past where you leave us, which is somehow believing that the analysis ought to come out the other way. Which, if you're going to argue in the next draft, you're going to have to do more work to demonstrate. Why should the expectations of the "real" world not apply to third-party data storage? Why shouldn't we engineer our services differently, in order to hold on to our legal rights, rather than try to make ourselves in some fleeting way more comfortable with sham realities? In truth, of course, data will be stored wherever in the world it is convenient for the business storing the data to put it, and whatever the US legal system says about searching it will make no difference. Why am I trying to change my idea about what is reasonable, in some supposed distinction between the "new" world and the "old," when I ought instead to be reminding myself of the wisdom of putting my "papers and effects" in my own house? This perfectly technically feasible, and would be smarter for every possible reason. Except the reason that smart Google would rather keep it for you, as long as you allow them to extract all the data's peripheral value, without actually "selling" it to anyone. In the end, that is not a good deal for you, even if you managed to recover a scrap or two of your previously-robust constitutional rights.

>
>
Rather than relying on analogies, we could start from scratch and look to what society's expectations are with respect to electronic communications and the electronic storage of data. In doing so, we could use the Katz test as a guide and ask: (a) whether the individual has a subjective expectation of privacy; and (b) whether this expectation is one that we are prepared to recognize as reasonable. Much of our rules about third party storage in the real world come from the relationships between the parties and their expectations of privacy stemming from those relationships. For instance, renting a storage unit gives the renter the assurance that any search of the unit itself will require either his/her consent or a warrant. On the other hand, simply storing one's belongings in the apartment of a friend leaves the individual at the mercy of his friend's consent. In both of these situations, the "renter" is the one with ownership rights over the items, but his expectations of privacy nevertheless differ from scenario 1 to scenario 2, and reasonably so. With respect to e-mails, we can begin by asking: is our relationship with our e-mail providers more like the one we would have with storage rental companies or the one we have with our friends' basements? My intuition is that it is the former - while individuals may expect e-mail providers to give over a list of their subscribers and their corresponding IP addresses to the government (much like how a rental company would give over their list of customers), they would not expect the providers to hand over the actual contents of their e-mails without a warrant (much like the physical items they stored). The fact that there is no physical place we can point to should not doom this analysis - it is not too late for the courts to turn its claims that the Fourth Amendment protects people, not places, into more than rhetoric.
 
Changed:
<
<
>
>
In a world in which personal best efforts to protect private information is insufficient because we have to interact with others who do not do the same, it is up to the courts to revive the Fourth Amendment to protect what are and should be reasonable expectations in the new technological world.
 
Changed:
<
<
Word count: 998
>
>
Word count: 985
 


AvaGuoFirstPaper 3 - 25 Apr 2013 - Main.AvaGuo
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
How the Death of the Fourth Amendment Could Have Been Avoided
Line: 6 to 6
 With the advent of computers and the internet, this Fourth Amendment right of people “to be secure in their persons” has been chipped away by the courts in an attempt to figure out what warrants protection in cyberspace. The problem with the Fourth Amendment is not that it is inherently incapable of accommodating electronic communications; it is that the courts have been so wrapped up in trying to fit the new world of the internet into an old mold of the physical world that they have completely ignored the uniqueness of cyberspace.
Deleted:
<
<
But the old world hasn't gone anywhere. And in it, those rules were being "chipped away" much faster. In the US I grew up in, no one thought it was constitutional to roadblock traffic or go through everyone's bag at the airport. I don't know how, in view of the erosion of those certainties in the "old" world, we can be so sure that any of what we're talking about has to do with a confusion introduced by treating the "new" world like the "old" one. That should have had better results than the ones we experienced.

  I believe that as drafted, the Fourth Amendment had room to grow; had the courts abided by acknowledgement in Katz v. United States that it protects people, not areas, the “death” of the Fourth Amendment in the Information Age could have been avoided. Instead of comparing electronic communications with speech or telephone calls, the courts should have looked to society’s actual expectations with respect to activities on the internet, and analyzed them under and the “reasonable expectation of privacy” test.

Katz v. United States

Changed:
<
<
In Katz, federal agents taped a microphone to the top of a public pay phone booth that recorded the defendant’s side of his conversations. The court reasoned that the warrantless surveillance of the phone booth was impermissible, and more importantly, noted that the “Fourth Amendment protects people – and not simply “areas” – against unreasonable searches and seizures.” 389 U.S. 347, 352 (1967). This early analysis demonstrates that the Fourth Amendment was perfectly capable of extending its protections beyond physical places to people’s identities in cyberspace. In Justice Harlan’s concurrence, he articulates the “expectation of privacy” test as a twofold requirement. First, the individual must have an actual (subjective) expectation of privacy; and second, that expectation has to be one that society is prepared to recognize as “reasonable.” This test was subsequently applied to public spaces and telephone calls, not because the test itself was limited to physical things, but because that was all we, as a society, had encountered. The courts have subsequently tried to analogize electronic communications with these situations.

First, a concurrence is not the opinion of the court. Second, the talk about persons over places is plainly rhetorical rather than analytical. The Court concluded that Katz had an expectation of privacy in "an enclosed phone booth," leaving open the possibility that fewer walls on the booth, or no walls at all, could have changed the result with respect to a wiretap placed outside the confines of the telephone booth altogether.

>
>
In Katz, federal agents taped a microphone to the top of a public pay phone booth that recorded the defendant’s side of his conversations. The court reasoned that the warrantless surveillance of the phone booth was impermissible, and more importantly, noted that the “Fourth Amendment protects people – and not simply “areas” – against unreasonable searches and seizures.” 389 U.S. 347, 352 (1967). This early analysis demonstrates that the Fourth Amendment was perfectly capable of extending its protections beyond physical places to people’s identities in cyberspace. In Justice Harlan’s concurrence, he articulates the “expectation of privacy” test as a twofold requirement. First, the individual must have an actual (subjective) expectation of privacy; and second, that expectation has to be one that society is prepared to recognize as “reasonable.” The Katz formulation has subsequently been adopted in various opinions of the court in relation to telephone calls, letters, electronic communications, and even GPS devices. In as recently as United States v. Jones, 132 S.Ct. 945 (2012), the Court reiterated the importance of Justice Harlan's concurrence as the standard in non-property-based searches and seizures, and emphasized that the Fourth Amendment protects a person's “reasonable expectation of privacy."
 The Danger of Analogies

In Hoffa v. United States, the defendant admitted his involvement in criminal activities to someone who turned out to be a government informer. The court held that as a result of this conversation, the defendant had no reasonable expectation of privacy in his communications because he assumed the risk that others may overhear and share it with others. 385 U.S. 293 (1966). Extending this to online communications, the court in State v. Moller held that the defendant had no expectation of privacy in an internet chatroom. 2002 WL 628634 (Ohio Ct. App. 2002). In this case, a police officer posed as a young girl and entered a chatroom for older men. The defendant contacted the officer to arrange a meeting with the “girl” for sexual activities. After defendant was arrested, he challenged the admission of his online communications as a violation of his Fourth Amendment rights. The court reasoned that just like an individual who has a conversation in public and within earshot of others, the defendant assumed the risk when he entered the public chatroom. It may be a subtle distinction to make but rather than comparing the chatroom to a crowded café, the court should have based its decision on the norms and expectations of a public internet chatroom. Indeed, the defendant should have had even less of an expectation of privacy in the chatroom because there is not only a risk that someone could “eavesdrop” on his conversation, but an absolute certainty that anyone else in the chatroom could and would read what he wrote.

Changed:
<
<
In Smith v. Maryland, 442 U.S. 735 (1979), the police installed a pen register on the defendant’s telephone and it recorded the numbers dialed from his phone line without recording the actual conversations. The Supreme Court distinguished between content (the conversation) and non-content information (the phone numbers dialed), and held the latter had no constitutional protection because the defendant voluntarily conveyed the numerical information to the telephone company. By analogy, in United States v. Forrester, the Ninth Circuit held that computer surveillance that enabled the government to learn the to/from addresses of the defendant’s e-mail messages and the IP addresses of the websites he visited did not constitute a Fourth Amendment search because it was analogous to the use of a pen register. The court stated that internet users have no expectation of privacy because “they should know that these messages are sent and these IP addresses are accessed through the equipment of their Internet service providers and other third parties.” 495 F.3d 1041 (9th Cir. 2007).

The court’s insistence on grouping IP addresses and to/from fields of e-mails with numbers dialed from a telephone as non-content information is indicative of its reluctance to accept, or perhaps even understand, electronic communications as a separate category.

Or maybe its perfectly consistent application of consistent principles. Even if one encrypts the content of the email message, after all, that's precisely the information that must be publicly exposed in order to make delivery possible, as the telephone number must be disclosed in order to complete a call. So I'm not sure I understand your criticism.

Unlike telephones, the internet works by combining content and non-content information into packets and sending them across networks altogether.

Yes, but one can draw wrong conclusions from that fact. The IP packet has headers in it, which are precisely the addressing information, as opposed to the content, which in this context is called in the vernacular the packet "payload." So that's clearly "non-content" information in your analysis. For an email service provider asked to provide traffic information only, not message content, isolating the relevant information and providing it doesn't somehow require going inside the IP datagram to inspect the payload: the mail service provider deals with reassembled datagrams, representing email messages, which are data at the application layer. The service provider can intelligibly and easily take traffic information (From, To, CC, Sender, Received, etc.) apart from message content, and respond appropriately to subpoena. So argument from the nature of the IP datagram is misconceived from a technical point of view.

This kind of blending of information is unique to the internet and should be acknowledged by the court. Instead of focusing on these analogies, the courts should be asking (a) whether an individual has an actual or subjective expectation of privacy in their electronic activities; and (b) whether our society should accept this expectation as a “reasonable” one. For instance, there is a strong argument to be made that the very identities of our e-mail contacts, along with the content of the communications, should be protected as a single packet of information. Unlike letters, which cannot be delivered without the address being viewable to the public, e-mails are unconstrained in such a way.

As I've explained above, this argument is wrong. It's a serious weakness to be relying on it in this fashion here.

The problem at the layer above is probably more serious: you could find another illustration to replace this "packets are different" argument you've been relying upon. But there is simply no reason provided to believe that if we applied your version of the dictum in Katz, we would find any reasonable expectation of privacy in third-party data storage.

We do not, in the real world, have any trouble with the reasonable rules of third-party stuff storage. If you rent a storage space and put your own lock on it, the operator can be required to disclose to the government by subpoena a list of those renting spaces, but to go inside and search the space will require either the consent of the renter or a warrant. If, on the other hand, I ask a friend to let me store stuff in his basement—or a local businessman offers me free storage in his basement in return for my accepting his advertising—I know that my friend, or the businessman may consent to a search of his premises, and certainly will obey a warrant without giving me notice and a chance to contest it before his basement is searched and my stuff along with it.

>
>
Rather than relying on analogies, we could start from scratch and look to what society's expectations are with respect to electronic communications and the electronic storage of data. In doing so, we could be guided by the Katz test and ask: (a) whether the individual has a subjective expectation of privacy; and (b) whether this expectation is one that we are prepared to recognize as reasonable. Much of our rules about third party storage in the real world come from the relationships between the parties and their expectations of privacy stemming from those relationships. For instance, renting a storage unit gives the renter the assurance that any search of the unit itself will require either his/her consent or a warrant. On the other hand, simply storing one's belongings in the apartment of a friend leaves the individual at the mercy of his friend's consent. In both of these situations, the "renter" is the one with ownership rights over the items, but his expectations nevertheless differ from scenario 1 to scenario 2. This is a result of reasonable expectations.
  These rules have been ever thus and are now reasonable, beyond serious doubt. Why they should be different with respect to bits
Line: 144 to 56
 

Deleted:
<
<
There is no reason to force the content vs. non-content information analysis onto something that is inherently free from such a distinction, and if the courts can embrace this logic now, there may still be room for the Fourth Amendment in cyberspace.
 Word count: 998

AvaGuoFirstPaper 2 - 24 Apr 2013 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
How the Death of the Fourth Amendment Could Have Been Avoided

-- By Ava Guo - 04 Mar 2013

Changed:
<
<
With the advent of computers and the internet, this Fourth Amendment right of people “to be secure in their persons” has been chipped away by the courts in an attempt to figure out what warrants protection in cyberspace. The problem with the Fourth Amendment is not that it is inherently incapable of accommodating electronic communications; it is that the courts have been so wrapped up in trying to fit the new world of the internet into an old mold of the physical world that they have completely ignored the uniqueness of cyberspace. I believe that as drafted, the Fourth Amendment had room to grow; had the courts abided by acknowledgement in Katz v. United States that it protects people, not areas, the “death” of the Fourth Amendment in the Information Age could have been avoided. Instead of comparing electronic communications with speech or telephone calls, the courts should have looked to society’s actual expectations with respect to activities on the internet, and analyzed them under and the “reasonable expectation of privacy” test.
>
>
With the advent of computers and the internet, this Fourth Amendment right of people “to be secure in their persons” has been chipped away by the courts in an attempt to figure out what warrants protection in cyberspace. The problem with the Fourth Amendment is not that it is inherently incapable of accommodating electronic communications; it is that the courts have been so wrapped up in trying to fit the new world of the internet into an old mold of the physical world that they have completely ignored the uniqueness of cyberspace.

But the old world hasn't gone anywhere. And in it, those rules were being "chipped away" much faster. In the US I grew up in, no one thought it was constitutional to roadblock traffic or go through everyone's bag at the airport. I don't know how, in view of the erosion of those certainties in the "old" world, we can be so sure that any of what we're talking about has to do with a confusion introduced by treating the "new" world like the "old" one. That should have had better results than the ones we experienced.

I believe that as drafted, the Fourth Amendment had room to grow; had the courts abided by acknowledgement in Katz v. United States that it protects people, not areas, the “death” of the Fourth Amendment in the Information Age could have been avoided. Instead of comparing electronic communications with speech or telephone calls, the courts should have looked to society’s actual expectations with respect to activities on the internet, and analyzed them under and the “reasonable expectation of privacy” test.

 Katz v. United States

In Katz, federal agents taped a microphone to the top of a public pay phone booth that recorded the defendant’s side of his conversations. The court reasoned that the warrantless surveillance of the phone booth was impermissible, and more importantly, noted that the “Fourth Amendment protects people – and not simply “areas” – against unreasonable searches and seizures.” 389 U.S. 347, 352 (1967). This early analysis demonstrates that the Fourth Amendment was perfectly capable of extending its protections beyond physical places to people’s identities in cyberspace. In Justice Harlan’s concurrence, he articulates the “expectation of privacy” test as a twofold requirement. First, the individual must have an actual (subjective) expectation of privacy; and second, that expectation has to be one that society is prepared to recognize as “reasonable.” This test was subsequently applied to public spaces and telephone calls, not because the test itself was limited to physical things, but because that was all we, as a society, had encountered. The courts have subsequently tried to analogize electronic communications with these situations.

Added:
>
>
First, a concurrence is not the opinion of the court. Second, the talk about persons over places is plainly rhetorical rather than analytical. The Court concluded that Katz had an expectation of privacy in "an enclosed phone booth," leaving open the possibility that fewer walls on the booth, or no walls at all, could have changed the result with respect to a wiretap placed outside the confines of the telephone booth altogether.

 The Danger of Analogies

In Hoffa v. United States, the defendant admitted his involvement in criminal activities to someone who turned out to be a government informer. The court held that as a result of this conversation, the defendant had no reasonable expectation of privacy in his communications because he assumed the risk that others may overhear and share it with others. 385 U.S. 293 (1966). Extending this to online communications, the court in State v. Moller held that the defendant had no expectation of privacy in an internet chatroom. 2002 WL 628634 (Ohio Ct. App. 2002). In this case, a police officer posed as a young girl and entered a chatroom for older men. The defendant contacted the officer to arrange a meeting with the “girl” for sexual activities. After defendant was arrested, he challenged the admission of his online communications as a violation of his Fourth Amendment rights. The court reasoned that just like an individual who has a conversation in public and within earshot of others, the defendant assumed the risk when he entered the public chatroom. It may be a subtle distinction to make but rather than comparing the chatroom to a crowded café, the court should have based its decision on the norms and expectations of a public internet chatroom. Indeed, the defendant should have had even less of an expectation of privacy in the chatroom because there is not only a risk that someone could “eavesdrop” on his conversation, but an absolute certainty that anyone else in the chatroom could and would read what he wrote.

In Smith v. Maryland, 442 U.S. 735 (1979), the police installed a pen register on the defendant’s telephone and it recorded the numbers dialed from his phone line without recording the actual conversations. The Supreme Court distinguished between content (the conversation) and non-content information (the phone numbers dialed), and held the latter had no constitutional protection because the defendant voluntarily conveyed the numerical information to the telephone company. By analogy, in United States v. Forrester, the Ninth Circuit held that computer surveillance that enabled the government to learn the to/from addresses of the defendant’s e-mail messages and the IP addresses of the websites he visited did not constitute a Fourth Amendment search because it was analogous to the use of a pen register. The court stated that internet users have no expectation of privacy because “they should know that these messages are sent and these IP addresses are accessed through the equipment of their Internet service providers and other third parties.” 495 F.3d 1041 (9th Cir. 2007).

Changed:
<
<
The court’s insistence on grouping IP addresses and to/from fields of e-mails with numbers dialed from a telephone as non-content information is indicative of its reluctance to accept, or perhaps even understand, electronic communications as a separate category. Unlike telephones, the internet works by combining content and non-content information into packets and sending them across networks altogether. This kind of blending of information is unique to the internet and should be acknowledged by the court. Instead of focusing on these analogies, the courts should be asking (a) whether an individual has an actual or subjective expectation of privacy in their electronic activities; and (b) whether our society should accept this expectation as a “reasonable” one. For instance, there is a strong argument to be made that the very identities of our e-mail contacts, along with the content of the communications, should be protected as a single packet of information. Unlike letters, which cannot be delivered without the address being viewable to the public, e-mails are unconstrained in such a way. There is no reason to force the content vs. non-content information analysis onto something that is inherently free from such a distinction, and if the courts can embrace this logic now, there may still be room for the Fourth Amendment in cyberspace.
>
>
The court’s insistence on grouping IP addresses and to/from fields of e-mails with numbers dialed from a telephone as non-content information is indicative of its reluctance to accept, or perhaps even understand, electronic communications as a separate category.

Or maybe its perfectly consistent application of consistent principles. Even if one encrypts the content of the email message, after all, that's precisely the information that must be publicly exposed in order to make delivery possible, as the telephone number must be disclosed in order to complete a call. So I'm not sure I understand your criticism.

Unlike telephones, the internet works by combining content and non-content information into packets and sending them across networks altogether.

Yes, but one can draw wrong conclusions from that fact. The IP packet has headers in it, which are precisely the addressing information, as opposed to the content, which in this context is called in the vernacular the packet "payload." So that's clearly "non-content" information in your analysis. For an email service provider asked to provide traffic information only, not message content, isolating the relevant information and providing it doesn't somehow require going inside the IP datagram to inspect the payload: the mail service provider deals with reassembled datagrams, representing email messages, which are data at the application layer. The service provider can intelligibly and easily take traffic information (From, To, CC, Sender, Received, etc.) apart from message content, and respond appropriately to subpoena. So argument from the nature of the IP datagram is misconceived from a technical point of view.

This kind of blending of information is unique to the internet and should be acknowledged by the court. Instead of focusing on these analogies, the courts should be asking (a) whether an individual has an actual or subjective expectation of privacy in their electronic activities; and (b) whether our society should accept this expectation as a “reasonable” one. For instance, there is a strong argument to be made that the very identities of our e-mail contacts, along with the content of the communications, should be protected as a single packet of information. Unlike letters, which cannot be delivered without the address being viewable to the public, e-mails are unconstrained in such a way.

As I've explained above, this argument is wrong. It's a serious weakness to be relying on it in this fashion here.

The problem at the layer above is probably more serious: you could find another illustration to replace this "packets are different" argument you've been relying upon. But there is simply no reason provided to believe that if we applied your version of the dictum in Katz, we would find any reasonable expectation of privacy in third-party data storage.

We do not, in the real world, have any trouble with the reasonable rules of third-party stuff storage. If you rent a storage space and put your own lock on it, the operator can be required to disclose to the government by subpoena a list of those renting spaces, but to go inside and search the space will require either the consent of the renter or a warrant. If, on the other hand, I ask a friend to let me store stuff in his basement—or a local businessman offers me free storage in his basement in return for my accepting his advertising—I know that my friend, or the businessman may consent to a search of his premises, and certainly will obey a warrant without giving me notice and a chance to contest it before his basement is searched and my stuff along with it.

These rules have been ever thus and are now reasonable, beyond serious doubt. Why they should be different with respect to bits than they are with respect to stuff it is very difficult to see and you have in no way argued. It is true that those rules are having profound consequences as people adopt services provided to them in a supposedly "convenient" but indeed very rights-suppressing fashion. But that is not necessarily a reason to change the rules. If our desire to restore Fourth Amendment protection led us to reengineer "cloud services" and restore email to the federated condition it was in before Gmail, so that we all stored our data in a little box under our own bed at home in our own castle, that would be pretty damn fine.

But that's beside the point until we get past where you leave us, which is somehow believing that the analysis ought to come out the other way. Which, if you're going to argue in the next draft, you're going to have to do more work to demonstrate. Why should the expectations of the "real" world not apply to third-party data storage? Why shouldn't we engineer our services differently, in order to hold on to our legal rights, rather than try to make ourselves in some fleeting way more comfortable with sham realities? In truth, of course, data will be stored wherever in the world it is convenient for the business storing the data to put it, and whatever the US legal system says about searching it will make no difference. Why am I trying to change my idea about what is reasonable, in some supposed distinction between the "new" world and the "old," when I ought instead to be reminding myself of the wisdom of putting my "papers and effects" in my own house? This perfectly technically feasible, and would be smarter for every possible reason. Except the reason that smart Google would rather keep it for you, as long as you allow them to extract all the data's peripheral value, without actually "selling" it to anyone. In the end, that is not a good deal for you, even if you managed to recover a scrap or two of your previously-robust constitutional rights.

There is no reason to force the content vs. non-content information analysis onto something that is inherently free from such a distinction, and if the courts can embrace this logic now, there may still be room for the Fourth Amendment in cyberspace.

 Word count: 998

AvaGuoFirstPaper 1 - 04 Mar 2013 - Main.AvaGuo
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FirstPaper"
How the Death of the Fourth Amendment Could Have Been Avoided

-- By Ava Guo - 04 Mar 2013

With the advent of computers and the internet, this Fourth Amendment right of people “to be secure in their persons” has been chipped away by the courts in an attempt to figure out what warrants protection in cyberspace. The problem with the Fourth Amendment is not that it is inherently incapable of accommodating electronic communications; it is that the courts have been so wrapped up in trying to fit the new world of the internet into an old mold of the physical world that they have completely ignored the uniqueness of cyberspace. I believe that as drafted, the Fourth Amendment had room to grow; had the courts abided by acknowledgement in Katz v. United States that it protects people, not areas, the “death” of the Fourth Amendment in the Information Age could have been avoided. Instead of comparing electronic communications with speech or telephone calls, the courts should have looked to society’s actual expectations with respect to activities on the internet, and analyzed them under and the “reasonable expectation of privacy” test.

Katz v. United States

In Katz, federal agents taped a microphone to the top of a public pay phone booth that recorded the defendant’s side of his conversations. The court reasoned that the warrantless surveillance of the phone booth was impermissible, and more importantly, noted that the “Fourth Amendment protects people – and not simply “areas” – against unreasonable searches and seizures.” 389 U.S. 347, 352 (1967). This early analysis demonstrates that the Fourth Amendment was perfectly capable of extending its protections beyond physical places to people’s identities in cyberspace. In Justice Harlan’s concurrence, he articulates the “expectation of privacy” test as a twofold requirement. First, the individual must have an actual (subjective) expectation of privacy; and second, that expectation has to be one that society is prepared to recognize as “reasonable.” This test was subsequently applied to public spaces and telephone calls, not because the test itself was limited to physical things, but because that was all we, as a society, had encountered. The courts have subsequently tried to analogize electronic communications with these situations.

The Danger of Analogies

In Hoffa v. United States, the defendant admitted his involvement in criminal activities to someone who turned out to be a government informer. The court held that as a result of this conversation, the defendant had no reasonable expectation of privacy in his communications because he assumed the risk that others may overhear and share it with others. 385 U.S. 293 (1966). Extending this to online communications, the court in State v. Moller held that the defendant had no expectation of privacy in an internet chatroom. 2002 WL 628634 (Ohio Ct. App. 2002). In this case, a police officer posed as a young girl and entered a chatroom for older men. The defendant contacted the officer to arrange a meeting with the “girl” for sexual activities. After defendant was arrested, he challenged the admission of his online communications as a violation of his Fourth Amendment rights. The court reasoned that just like an individual who has a conversation in public and within earshot of others, the defendant assumed the risk when he entered the public chatroom. It may be a subtle distinction to make but rather than comparing the chatroom to a crowded café, the court should have based its decision on the norms and expectations of a public internet chatroom. Indeed, the defendant should have had even less of an expectation of privacy in the chatroom because there is not only a risk that someone could “eavesdrop” on his conversation, but an absolute certainty that anyone else in the chatroom could and would read what he wrote.

In Smith v. Maryland, 442 U.S. 735 (1979), the police installed a pen register on the defendant’s telephone and it recorded the numbers dialed from his phone line without recording the actual conversations. The Supreme Court distinguished between content (the conversation) and non-content information (the phone numbers dialed), and held the latter had no constitutional protection because the defendant voluntarily conveyed the numerical information to the telephone company. By analogy, in United States v. Forrester, the Ninth Circuit held that computer surveillance that enabled the government to learn the to/from addresses of the defendant’s e-mail messages and the IP addresses of the websites he visited did not constitute a Fourth Amendment search because it was analogous to the use of a pen register. The court stated that internet users have no expectation of privacy because “they should know that these messages are sent and these IP addresses are accessed through the equipment of their Internet service providers and other third parties.” 495 F.3d 1041 (9th Cir. 2007).

The court’s insistence on grouping IP addresses and to/from fields of e-mails with numbers dialed from a telephone as non-content information is indicative of its reluctance to accept, or perhaps even understand, electronic communications as a separate category. Unlike telephones, the internet works by combining content and non-content information into packets and sending them across networks altogether. This kind of blending of information is unique to the internet and should be acknowledged by the court. Instead of focusing on these analogies, the courts should be asking (a) whether an individual has an actual or subjective expectation of privacy in their electronic activities; and (b) whether our society should accept this expectation as a “reasonable” one. For instance, there is a strong argument to be made that the very identities of our e-mail contacts, along with the content of the communications, should be protected as a single packet of information. Unlike letters, which cannot be delivered without the address being viewable to the public, e-mails are unconstrained in such a way. There is no reason to force the content vs. non-content information analysis onto something that is inherently free from such a distinction, and if the courts can embrace this logic now, there may still be room for the Fourth Amendment in cyberspace.

Word count: 998


Revision 6r6 - 14 Jan 2015 - 22:44:39 - IanSullivan
Revision 5r5 - 12 May 2013 - 14:47:28 - EbenMoglen
Revision 4r4 - 25 Apr 2013 - 21:48:39 - AvaGuo
Revision 3r3 - 25 Apr 2013 - 19:45:23 - AvaGuo
Revision 2r2 - 24 Apr 2013 - 21:36:47 - EbenMoglen
Revision 1r1 - 04 Mar 2013 - 16:54:27 - AvaGuo
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM