|
META TOPICPARENT | name="FirstPaper" |
|
|
< < | Geofence Warrants, and the Precariousness of Private Constitutional Norm-setting |
> > | Geofence Warrants and the Precariousness of Private Constitutional Norm-Setting |
| -- By JohnClayton - 12 Mar 2021 |
|
< < | Every now and then, following the Constitution can be good for business. Take the case of Google and geofence warrants. Five years ago, law enforcement agencies began requesting from Google location data for phones linked to specific geographic areas and time periods. Police investigating a bank robbery, for example, might ask for location data of phones that passed within 100 feet of the bank in the 30 minutes before and after the robbery. Investigators used the data to pursue and develop leads. |
> > | Sometimes the Constitution is good for business. Take Google and geofence warrants. Five years ago, law enforcement agencies started asking Google to disclose location data for phones linked to specified places and times. Data on which phones passed by a bank during a robbery, for example, could help generate new leads. Geofence searches are controversial. But as a Fourth Amendment matter, it is debatable whether police even need a warrant to access geofence data. The Supreme Court has expressly reserved the question. |
| |
|
< < | Geofence warrants are controversial. They may be unconstitutional. But as a matter of Fourth Amendment law, it is debatable whether police even need a warrant to request and receive bulk geolocation data from third-parties. |
> > | That hasn’t stopped Google from setting its own quasi-constitutional rules: Google refuses to respond to geofence data requests without a warrant, and initially provides only anonymized data. Since Google is the lone company to receive such requests—thanks to its extensive location tracking database—its judgment on the Fourth Amendment status of geofence searches is effectively final. |
| |
|
< < | That hasn’t stopped Google from setting its own quasi-constitutional rules for geofence data requests. Google refuses to respond to such requests without a warrant, and it only provides anonymized data (at least initially). And since Google is effectively the only company to receive geofence search requests—thanks to its uniquely extensive SensorVault? database—its judgment on the Fourth Amendment status of geofence searches is final (at least for now). |
> > | This seemingly happy example underscores the precarious state of citizen privacy when third parties are both facilitators of government surveillance and shapers of Fourth Amendment norms. To permit tech companies to set search and seizure rules, then, is to submit to world where the Fourth Amendment stands as a proxy for private business interests—upheld when useful, discarded when not. |
| |
|
< < | One could applaud Google for going above and beyond. But even this seemingly happy example reveals the precarious nature of citizen-state relations when third-parties are both the primary facilitators of government surveillance and active shapers of Fourth Amendment norms. Google’s lawyers are not a constitutional court. Nor should we presume a company built on spying is guided by some commitment to the public good. To stand back and let private actors set search and seizure rules, then, is to submit to world where the Fourth Amendment is little more than a proxy for private business interests—upheld when useful, discarded when not. |
> > | The limits of public pressure |
| |
|
< < | Constitutional fidelity: The limits of public pressure |
> > | At first, public pressure seems a viable way to influence private Fourth Amendment norm-setting. There is business value in aligning with constitutional values. Hence why Apple fights the FBI over encryption. Or why Facebook recruits pseudo-judges to legitimize its content moderation. If Google blithely forks over geolocation data, people might stop buying Android phones. Perhaps that is enough. |
| |
|
< < | It doesn’t take a cynic to see the business value for corporations—even those built on spying—in aligning themselves with cherished constitutional values like free speech and privacy. Hence why Apple fights the FBI over encryption. Or why, in an adjacent constitutional arena, Facebook goes through the trouble of recruiting a panel of pseudo-judges to help legitimize to its content moderation practices. |
> > | We should not be fooled. Not every private data peddler is subject to social pressure. Google must answer to citizens who use its services; not so for those who traffic spying data and equipment directly to law enforcement. |
| |
|
< < | On one view, we might embrace public pressure as a means to enforce constitutional norms. Certainly, the Supreme Court has not commanded that bulk location data like Google’s be subject to probable cause and warrant requirements. It reserved the question in Carpenter. But Google knows that if it forks over geolocation data anytime police ask, people might stop buying so many Android phones. Perhaps that is enough. |
> > | At a deeper level, we must grapple with the consequences of privatizing Fourth Amendment values. The new innovators of spying are unconstrained by the constitution; they now decide when the state joins their pillage. But Google’s highest allegiance is to business goals . Geofence data is worth going to court over, until it isn’t. And when the most exigent cases arise, tech companies can just give police what they want, free from oversight. |
| |
|
< < | We shouldn’t be fooled. First, not every private actor with access to our personal data is subject to social pressure. Google must answer to the citizens who use its services; not so for those who traffic spying data and equipment directly to law enforcement. |
> > | To credit Google for its stance on geofence warrants is to praise a hollow, public relations constitutionalism. We all lose when decisions about constitutional boundaries are left to the whims of corporate actors. |
| |
|
< < | But we must also consider the unique stakes of our Fourth Amendment dilemma. State surveillance, the domain of Fourth Amendment law, has been outsourced to those whose conduct is not constrained by the constitution. The pioneers of new types of spying are the same actors who determine when the state join the pillage. Their ultimate allegiance is to business goals; not some commitment to deeper concepts of liberty or democratic governance. Geofence data is worth going to court over, until Google decides it doesn’t serve its bottom line. And when the really tough cases come along—when the perceived law enforcement need is at its most exigent—it always has the option to give police the data they want, free from any oversight. |
> > | Reestablishing Fourth Amendment norms via legislation |
| |
|
< < | To credit Google for its stance on geofence warrants is to praise a hollow form of public relations constitutionalism. We all lose when tough decisions about constitutional boundary-setting are left to the whims of corporate actors. |
> > | As long as a constitutional vacuum exists where third-party and state spying meet, Google and others will continue making privacy decisions formerly entrusted to courts and legislatures. The former still have a role in influencing Fourth Amendment boundaries—one district court has declared geofence warrants unconstitutional. But judges cannot squeeze a general privacy law from the constitution. Ditching the third-party doctrine doesn’t tell us what data we have a reasonable expectation of privacy over in the first place. And a coherent theory on that issue won’t address the fact that the exclusionary rule reaches only the tiniest fraction of illegal spying. |
| |
|
< < | Reestablishing Fourth Amendment norms via legislation |
> > | How else to fill constitutional void? Two legislative approaches are worth considering.
Criminal procedural limitations
First, lawmakers might set procedural limits on when and how law enforcement can access third-party data. New York, for example, has proposed banning police use of all data from geofence searches—warranted or otherwise. Similar bills aim to restrict drone surveillance and facial recognition. |
| |
|
< < | As long as a constitutional vacuum exists where third-party and state surveillance meet, it will fall to private surveillers set the bounds of Fourth Amendment rights. But how best to fill that vacuum? Courts have a limited role to play—at least one district court has declared geofence warrants unconstitutional—but they are generally ill-equipped to make forward-looking proclamations about the types of data that should be protected under the Fourth Amendment. Legislatives approaches, however, appear more promising. |
> > | At the federal level, Congress could replace the outdated Stored Communications Act (SCA), which regulates when and how the government may access electronic data on remote servers. Such a statute could, for example, stipulate which data law enforcement could only obtain via a warrant (geolocation data, for example), and under which circumstances such a warrant could issue. An SCA replacement should also limit alternative administrative processes—like National Security Letters—that allow federal agencies to access data outside the warrant-probable cause framework. |
| |
|
< < | Limiting law enforcement access |
> > | Restricting private spying |
| |
|
< < | First, lawmakers might try to set procedural limits on when and how law enforcement can access third-party data. New York state, for example, has proposed a ban on the use of geofence requests—with or without a warrant. More ambitiously, Congress might seek to revise the Stored Communications Act (SCA), the outdated statute that determines when and how the government may access electronic data stored on remote servers. Such a statute could, for example, stipulate which data the law enforcement could only obtain with a warrant (e.g., geolocation data) and which data can be obtained via subpoena. |
> > | A more aspirational approach would be to regulate third-party data collectors through a general privacy statute. Congress or state legislatures could limit private spying by banning certain types of data trafficking (of biometric information, for example), or restricting the retention of personal information. Such an approach better targets the root of our privacy crisis. Google cannot decide whether police access our data if it doesn’t have our data to begin with. |
| |
|
< < | Limiting private data collection
A more aspirational approach would be to target the third-party data collectors directly through a general privacy statute. Congress or state legislatures could place limits on private spying, either by banning certain types of data trafficking (see Illinois’ statute banning the sale of biometric data) or placing limits on how long personal information can be retained. This approach undoubtedly presents more roadblocks, and would likely face a variety of legal challenges. Its benefits, however, would extend far beyond the realm of criminal procedure. |
> > | Regulating private conduct presents more roadblocks. Companies would almost certainly argue that limiting the collection and sale of information violates the First Amendment. Such laws, therefore, must be tailored. They should articulate the specific types of data that cannot by retained or sold, and should generally allow citizens to “opt-in” to sharing information once proper disclosures have been made.
The potential benefits of general privacy laws, however, are immense. Unlike an inherently limited, procedural band-aid, they can advance us toward our ultimate goal: a restructuring of the privacy relationship between citizens, the state, and third parties. |
| Reclaiming personal control |
|
< < | Ultimately, the easiest and quickest way to begin resetting the role of third-parties in government surveillance is to stop giving our data to them in the first place. Abandoning a smartphone altogether is one way to avoid ending up in SensorVault. Alternatively, we can choose to carry handsets with alternative, open-source operating systems that don’t facilitate spying. Likewise, technologies like FreedomBox can allow us to keep under our own roofs, rather than on some third-party’s server. Technology, then, can allow us to begin immediately reclaiming Fourth Amendment rights. |
> > | Ultimately, the easiest way to dent the role of third parties in government surveillance is to stop giving them data. Technology can allow citizens to immediately reclaim Fourth Amendment rights, without relying on deliberate legislative change.
Of course, the simplest way to avoid ending up in Google’s location database is to stop carrying a smartphone. This seems unlikely in the short term—particularly if app-based COVID-19 “passports” become part of our transition to a post-pandemic world. There are intermediate alternatives, however. We could opt for smartphones with alternative, open-source operating systems that don’t facilitate spying, and use encrypted messengers that don’t leak information. Moreover, technologies like Freedom Box allow us to keep digital data in the home—where Fourth Amendment rights remain sturdy—rather than on a third-party server.
The uptake of such technologies will not happen overnight. A good first step, however, entails recognizing the extent of constitutional norm-setting that occurs outside political and legal channels. We can let Google make Fourth Amendment-style judgments. Or we can make them ourselves. |
|
An excellent draft. There are insightful points made throughout. Your last two paragraphs are noticeably lighter in substance than the preceding ones, which does a disservice to the quality of the discussion with which you set up the issues that really matter now. Some rebalancing, compressing the introductory portion and using that space for less exiguous discussion of the political and technical openings for progress, would be the best route to improvement, in my view. |