Computers, Privacy & the Constitution
-- AndreasLeptos. FirstPaperDraft2? - 28 May 2024

 

Introduction:

Most people do not recognize that their choice of transport delineates the protections they are afforded through the Fourth Amendment and determines the scope and ability of police to access their data without a warrant. For-hire transportation has been a historically longstanding business, however, its modern-day alternative, ridesharing applications (e.g. Uber, Lyft, or E-scooters), introduce significant legal challenges which highlight the Fourth Amendment’s struggle to adapt to the contemporary realities. First, we will first examine how ridesharing differs from traditional for-hire transportation methods. Then we will illustrate how existing legal frameworks fail to adequately protect the data of ridesharing users.

1. Not Just Another Taxi

Ridesharing companies offer a service which is functionally identical to traditional for-hire options like taxis or busses. However, there is little awareness that these apps collect and monetize extensive forms of data, much of which is irrelevant to the services they provide . By requiring users to upload a photo ID for “security purposes” and banking information for quick-and-easy online payments (e.g. Google/Apple Pay), ridesharing apps deceive users to granting the app excessive access to their devices. This includes access to photos, videos, audio, and other personal information, such as race, sexual orientation, pregnancy and childbirth details, and even biometric data . Crucially, ridesharing apps, namely Uber, have been able to track users’ location even when the app is not actively use (1), under the pretense of improving services and retrieving consumers’ “consent”. Many companies store data indefinitely (2), effectively transforming phones into surveillance tools that monitor users’ constant whereabouts and private information, allowing cops to access such extensive data through a simple subpoena. While the traditional taxi companies have technologically evolved, their data collection practices are limited compared to the extensive data harvesting by ridesharing applications; they only track location during rides, and consumers have the easy option to remain anonymous by merely hailing a cab and paying with cash, preventing any link between the ride and their identity. This (or any) level and ease of anonymity is not available with ridesharing services, which leads to the assumption that Fourth Amendment jurisprudence would recognize the risks associated with ridesharing and evolve to adequately protect individuals’ data from unreasonable searches. Unfortunately, that is not the case.

2. (The Shortfalls of) Fourth Amendment Jurisprudence:

The “reasonable expectation of privacy” doctrine espoused by the case of Katz v. United States (1967) forms the bedrock of Fourth Amendment protections, for which the foundational question is one: whether there was a reasonable expectation of privacy. Carpenter v. United States, 585 U.S. 402 (2018) at 346. The legal framework of Fourth Amendment protections is inadequate to address the unique issue presented by ridesharing companies. “You cannot solve today’s problems with yesterday's solutions”. Foundational cases in this field focus on protecting data collected from “intrusion to the private space” (Katz), and prevent the applicability of Fourth Amendment protections from “company data” (Miller at 440). This allows police to obtain the extensive data gathered by ridesharing companies, robbing citizens of their Fourth Amendment protections while “legally justifying” their actions based on these foundational precedents: The collected data is not collected by intrusion to a “private place” (Katz) and is labelled as “company data”. Although this data is technically “company data”, per Miller, and is “voluntarily” shared with rideshare applications “in the ordinary course of business” Sanchez v. LADOT (3) , this argument fails to contextualize the data acquired with the extent of the intrusion into user’s privacy, as illustrated above. Hence, users are held to not have a reasonable expectation of privacy in the continuous stream of all the forms of data listed above, just because they use a ridesharing app for the purpose of transportation.

a. Third-party Doctrine; long live the outdated King

The third-party doctrine entails that information that is voluntarily entailed to a third party is not protected by the Fourth Amendment. Miller, 425 U.S. at 443. However, this does not extend to data forming “an all-encompassing record of the holder’s whereabouts.” Carpenter, 138 S. Ct. at 2217. Claiming that users fully comprehend the extent of data gathering and location tracking would be incredulous, particularly considering that some ridesharing companies allow users as young as 13 years old to *create their own profile* . While not all SCOTUS Justices have been oblivious to inadequacy of the third-party doctrine and this false notion of ‘consent’ in today’s era of heightened data-sharing practices (4) , the law evolves at an inadequate, glacial rate. This is exemplified most recently by Sanchez unequivocally affirming the applicability of the third-party doctrine in ridesharing cases, ruling that the Defendant affirmatively shared his data with the ride-share company by agreeing to the app conditions. Sanchez, 39 F.4th at 559. Considering the breadth and depth of data gathered by such ridesharing companies, one would expect that the Carpenter limitation to the third-party doctrine to apply. However, defying all sense and in an impressive display of naiveté, Sanchez deemed the captured data as limited and occurring “during discrete trips”, thus falling outside of the scope of the Carpenter limitation. Sanchez, 39 F.4th at 560. This decision sets a troubling precedent for future data privacy challenges against ridesharing companies, paving a dark future for the safeguarding of user privacy in this industry.

Conclusion:

The judiciary’s ancient approach to what constitutes a reasonable expectation of privacy, and their (mis)understanding of the deceptive tactics embedded in rideshare companies’ Terms of Service regarding consent, undermines US citizens’ Fourth Amendment rights, facilitating unfettered access by law enforcement, and authorizing the erosion of privacy rights as envisioned by the Framers.

Notes

1 : Uber update 3.222.4, which prompted a Federal Trade Commission claim (see https://epic.org/wp-content/uploads/privacy/internet/ftc/uber/Complaint.pdf). The settlement with the NY Attorney General left concerns mostly unaddressed, allowing Uber perpetual access to users’ whereabouts if encrypted and held under multi-factor authentication.

2 : https://www.aclunc.org/blog/electric-scooters-are-racing-collect-your-data ; Lime and Bird reserve the right to store user information indefinitely, even after an account deletion request.

3 : 39 F.4th 548, 553 at 559 (9th Cir. 2022)

4 : See United States v. Moalin, 973 F.3d 977, 990 (9th Cir. 2020)


Navigation

Webs Webs

r1 - 28 May 2024 - 03:31:17 - AndreasLeptos
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM