Computers, Privacy & the Constitution


Colorability of the Government’s Access to Digital Personal Data

-- By AasthaSaily - 04 Mar 2024

The regulatory and enforcement powers of governmental agencies and departments allow them to collect and store a lot of data about citizens as well as non-citizens. There are databases of tax records, legal records, licensing records, and records of government services received maintained by governments across the world. But the unwavering question about government surveillance is whether a government should be able to have access to the information that is not voluntarily disclosed by the people? By following the appropriate channels and for a particular reasonable investigation, definitely. But a government cannot have unbridled access to any or all our data, at all times and for all purposes. In the United States, this is purportedly guaranteed by the Fourth Amendment which put simply, protects people from “unreasonable” search and seizure by the government. Accordingly, the government is prohibited by law from asking such information without probable cause and a judicial order. The contours of this prohibition were redefined in Carpenter, where the Supreme Court seemingly reaffirmed privacy of American citizens in the digital age by clarifying that while the information disclosed voluntarily to others is not protected by the fourth amendment, the government needs a warrant to compel others to produce personal and sensitive data.

Not really. In Carpenter the Court specifically doesn't do all that, by making some sort of strange rule about cellphone tower location data that it declines to apply to Anything else.

But what if these others, like tech companies or cellphone companies are not compelled to share information, that is, the governmental agencies do not request them for information under their search and seizure authority, rather, the government, like a customer, buys the data from them or from data brokers – does this way around the law make it legal?

That's hardly self-evident framing. The constitutional principle is that rights against unreasonable search and seizure shall not be violated. How is it unreasonable behavior for government to buy what everyone else can also buy? Reasonable conduct is not "going around the law" against unreasonable conduct, surely?

The government believes so. Government attorneys have argued that purchasing data is a valid way of bypassing the Constitution’s restrictions. The standard argument in favor of unfettered government purchases of private data is that such data is commercially available, and so anyone should be able to purchase it, including government officers. However, while government officials can generally purchase items available to the public without constitutional restriction, sensitive private data about cell phone users isn’t actually available to the public. In the absence of public availability, there’s nothing special about a commercial transaction that allows the government to strip otherwise protected data of its constitutional protections.

Just to understand what the government is buying and what is at stake, it is imperative to understand the regime around data collection, processing, disclosure, and transfer. At present, the United States lacks an effective and comprehensive data privacy law and imposes minimal restraints on collection of consumer data.

No. It has a well-designed and well functioning system of "no-law," that is, immunity—a form of government subsidy to desired industry. Describing the presence of policy as the absence of contrary policy is not analytically helpful.

As a result, while government agencies have to navigate an array of laws that often prevent them from tracking Americans without a court order or warrant, there are few legal restrictions on private companies (popularly called, data brokers) that buy, repackage and sell personal data, which is then referred as “commercially available information” or CAI. This has allowed an entire industry of data brokers to flourish by selling very specific information about people.

I don't see how we reach that conclusion. The industry is perfectly capable of existing where there is "data protection" law, the purpose of which actually is, as described, to protect data. The "privacy shield" disputes with Europe have never been about whether trans-Atlantic brokerage of opted-in Europeans' data could be brokered. The issue concerned only the US government's ability to access that data, which all European governments had granted to themselves, since none of their domestic GDPR implementation legislation put any controls on state-controlled spook/cop access to CAI. All just shams....

While technically, the blocks of information being sold are anonymized, it is understood that it is rather easy to deanonymize such data and like it to a particular individual. There is no argument that people ignorantly disclose a huge amount of their personal information on internet. The biggest of all is our location, our movements and our streaming history which can be tracked by many platforms – the food ordering apps, cabs services, travel booking sites, and of course cookies. In the recent years, there have been unofficial reports and speculations that the various federal agencies and local police departments purchase data from a vast network of specialized data brokers to track the activities of individual over time. Last year, however, the government itself admitted to this practice in a declassified report published by Office of the Director of National Intelligence. The report reveals that the government intelligence agencies acquire a significant amount of CAI for mission-related purposes, including in some cases social media data. Some of the government buyers include the Defense Intelligence Agency; the FBI; the Department of Homeland Security.

Now, the main players seem to be the data providers (that is, data brokers and big tech) and the buyers (that is, the government). The data providers operate in a legal gray area and are not breaking any privacy rules as such since there aren’t any rules to break. The position of the government on the other hand, is the one which is argued. However, it is crucial to understand that even if legal, besides raising privacy red flags, this practice raises civil rights concerns. When government agencies don’t have to show a reasonable cause for a warrant, a probable indication of criminal activity or even provide any information at all to a judge — they’re much more likely to fall back on conscious or subconscious prejudices, targeting people of color and other marginalized communities.

This flourishing industry of trading of sensitive data, needs to be checked and nipped before the privacy and safety of individuals are further invaded and hampered. While some steps have been taken in this direction, at present these are toothless. For instance, in 2021, a bill titled “The Fourth Amendment Is Not For Sale Act” was introduced in the House of Representatives aiming to bar law enforcement and intelligence agencies from purchasing Americans’ geolocation data, the content of their communications or other sensitive information from any company that collects them — whether a cellphone company, an app developer or a data broker. While the bill seeks to address the problem and provide a solution, it only focuses on data purchases, and does not in this form apply to other type of disclosures by data brokers or app developers. And needless to say, it is quite far from being a law at the moment. Similarly, the Federal Trade Commission, earlier this year announced that Americans must be told and agree to their data being sold to “government contractors for national security purposes”. Again, how much tooth these FTC rulings have is yet to be seen.

I think the best route to improvement is more active engagement with other ways of thinking, so that the reader can understand more directly the strengths and weaknesses of your approach. I've tried above to suggest places where you could more directly meet objections.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r2 - 25 Apr 2024 - 13:30:45 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM