Privacy from the Government

I'm offering this as an example of a possible threat, but which definitely has elements of "paranoia" as well. (I imagine somewhere on YouTube there's a video of someone explaining the dangers of the government eavesdropping on your conversations by beaming lasers on your windows.)

That said, the organization Naperville Smart Meter Awareness sued the city of Naperville, IL, starting in 2011. The city of Naperville is the utility for Naperville residents, and they were collecting electrical-usage data every 15 minutes. The Seventh Circuit ruled that this data collection was in fact a "search", but that in this particular case it didn't matter as the data was not being used as evidence. See reason.com/volokh/2018/08/17/public-utilitys-recording-of-home-energy. See also Jonas Diener.

Privacy

• control of information about oneself: who knows what about you?
• freedom from intrusion -- the right to be left alone in peace
• freedom from surveillance (watched, listened to, etc)

• government
• commercial interests
• workplace
• local community (ie our friends and acquaintances)

What do we have to hide

• The way to deal with the loss of privacy is "just to be good"
• "Who would care about me and my little life" [respondent age 16]

Do we now have to be good all the time?

She also quotes Facebook founder Mark Zuckerberg as saying "privacy is no longer a relevant social norm".

Turkle's own rule for healthy democracies is that the government should assume "everyone has something to hide". That way, there can be no arguing that if you're in favor of greater privacy then you have "something to hide". But what if safety is involved? Turkle's approach is especially complicated when balancing a relatively large invasion of privacy against a relatively low risk.

• Openness (to new ideas and experiences)
• Conscientiousness
• Extraversion
• Agreeableness
• Neuroticism (tendency towards anxiety and worry)
  

Personalization

• They enable complex data mining
• They allow us to find info on others via Google
• Records are kept that we never suspected (eg Google searches)
• Electronic eavesdropping

Should this extend to any online information?

Note the requirement that the person and place be specifically described. Does this rule out broad online searches? (See "geofence" warrants, below.)

• shopping data
• RFID chips in cards and merchandise
• search-engine queries
• cellphone GPS data
• event data recorders in automobiles

Caller ID

• past lives (jobs, relationships, arrests, ...)
• life setbacks
• medical histories
• mental health histories, including counseling
• support groups we attend
• organizations of which we are members
  
• finances
• legal problems (certainly criminal, and often civil too)
  
• alcohol/drug use
• tobacco or alcohol purchases
• most sexual matters, licit or not
• whether we've had an abortion
• ones Tinder history
• pornography preferences
• pregnancy-test purchases; contraceptive purchases
  
• private digressions from public facade
• different facades in different settings [friends, work, church]
• comments we make to friends in context
• what about Donald Sterling, former owner of the LA Clippers? (A partial transcript of his infamous call is here.)
• the fact that we went to the bar twice last week
• the fact that we did not go to the gym at all last week
  
• minor transgressions (tax deductions, speeding, etc)

Lack of integrity? Really? The only thing that keeps LinkedIn alive is that most people believe in keeping at least some separation between their work life and pictures of their partying. But the separation goes much deeper than that; many people maintain different images in different contexts. See also michaelzimmer.org/2010/05/14/facebooks-zuckerberg-having-two-identities-for-yourself-is-an-example-of-a-lack-of-integrity.

In Japan, there are terms for ones "true feelings" and ones "public opinions": honne and tatemae (en.wikipedia.org/wiki/Honne_and_tatemae). Divergence between the two is widely accepted, and is not regarded as "hypocrisy".

1. Have you ever felt hatred toward either of your parents?
2. Do you ever feel guilty?
3. Does every attractive person of the opposite sex turn you on?
4. Have you ever felt like you wanted to kill somebody?
5. Do you ever get angry?
6. Do you ever have thoughts that you don't want other people to know that you have?
7. Do you ever feel attracted to people of the same sex?
8. Have you ever made a fool of yourself?
9. Are there things in your life that make you feel unhappy?
10. Is it important to you that other people think highly of you?
11. Would you like to know what other people think of you?
12. Were your parents ever mean to you?
13. Do you have any bad memories?
14. Have you ever thought that your parents hated you?
15. Do you have sexual fantasies?
16. Have you ever been uncertain as to whether or not you are homosexual?
17. Have you ever doubted your sexual adequacy?
18. Have you ever enjoyed your bowel movements?
19. Have you ever wanted to rape or be raped by someone?
20. Have you ever thought of committing suicide in order to get back at someone?

• browser-search data from Google
• browser location data
• ISPs and browser-search data
  
• web cookies
• automobile event recorders  
     Event data recorders in cars: lots of cars have them.
     Starting around 2010, many such systems connect wirelessly to the manufacturer, transmitting data including location
• fresh-values / preferred card
       LOTS of people are uneasy about privacy issues here, but specific issues are hard to point to.
       Until 2010, my local Jewel never asked for Preferred cards for alcohol sales.
       Then they started again, but shortly after they discontinued the card for everything.
• street-level car cameras
• street-level pedestrian cameras
• bookstore purchases
• library records
• Tinder history
• RFID data

Privacy from the government

Nothing to Hide

What about claiming as a tax deduction a lunch with a colleague, during which you supposedly discussed business, but your pre-lunch texts to one another make it clear that you both really wanted to discuss a soccer match?

Perhaps "you should have nothing to hide" is a bit harsh. Maybe another way to phrase this is to say that, in the interests of preventing terrorism, child abuse, narcotics trafficking, organized crime and cybercrime, we should all cooperate to give law enforcement better access. What things might someone want to keep secret from the government?

• www.wired.com/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/
• www.aclu.org/blog/you-may-have-nothing-hide-you-still-have-something-fear
• mic.com/articles/119602/in-one-quote-edward-snowden-summed-up-why-our-privacy-is-worth-fighting-for
  Snowden's claim: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say"
• www.openrightsgroup.org/blog/2015/responding-to-nothing-to-hide-nothing-to-fear
• www.amnesty.org/en/latest/campaigns/2015/04/7-reasons-why-ive-got-nothing-to-hide-is-the-wrong-response-to-mass-surveillance/
  

There is also Daniel Solove's paper "'I've got nothing to hide', and other misunderstandings of privacy", papers.ssrn.com/sol3/papers.cfm?abstract_id=998565.

Do you believe these arguments?

A more specific argument is the basis of Harvey Silverglate's book "Three Felonies A Day: How the Feds Target the Innocent". Unfortunately, many of Silverglate's examples relate to disclosure or non-disclosure or corporate-malfeasance issues that are very complicated. However, back (last year) when violating any of Loyola's computer policies was a felony, I might have had that issue. (For example, Loyola's policies required that servers only be used in server rooms, accessible only to ITS employees, and also that every laptop was a server (because svchost processes are servers!).)

How about end-to-end encryption of messages? That's a very specific thing that governments would like to put a stop to. Should we help them? What are some justifications for choosing end-to-end encryption of our messages?

The post-9/11 loss of American privacy to government surveillance was often justified by "if you have nothing to hide, you have nothing to fear". Ironically, the strongest proponents of this approach were on the political right, who are -- in 2021 -- rather obsessed with "personal freedom" and the right not to wear a mask.

A much more specific version of the "nothing to hide" argument is that having the NSA collect your phone metadata is a small price to pay for greater American safety in a post-9/11 world. Does your phone metadata implicate you in any way? (It might if you are leaking government secrets, or if you are in an illicit relationship.)

"Everyone is guilty of something or has something to conceal. All one has to do is look hard enough to find what it is" -- Alexandr Solzhenitsyn (the opinion of the character Rusanov -- a records manager -- in Cancer Ward)

There is also another approach to the "what do you have to hide" question: do you trust the government? You might feel you have something to "hide" if you do not. But consider:

• Did you trust the Obama administration?
• Did you trust the Trump administration?

It is not unreasonable to suppose that only those who trusted both might be comfortable with intrusive government surveillance. 

Maybe we should trust the government more, or at least trust law enforcement. But many do not.

There is also the issue of self-censorship; see the IETF document below. When subjected to continued surveillance, even if not very intensive, people often have a tendency to speak and act with greater restraint. One might be less likely to attend a protest march, for example, or to criticize the government in emails. Messages and emails might be less likely to express sentiments that disagree with the authorities. There is an incentive to conform. For this to happen, one must, of course, be aware of the surveillance.

You can be very confident you have nothing to hide, nothing to worry about, but still be aware that getting on the No-Fly List would be personally catastrophic.

What is Privacy For?

Closely related to the "nothing to hide" approach is the question of just what privacy is for, socially. Most societies do have strong norms about privacy: some conversations are hushed, for example, when a third party approaches. What is all that about? Is privacy an important social element? Why should we be concerned about what information we share with others? One possibility is that, without privacy, we cannot define our more intimate relationships in terms of sharing additional personal information, because everyone knows everything. Or might the roots of privacy lie in keeping food resources secret?

Sometimes privacy is about, as Judge Richard Posner wrote, the right of a person "to conceal discreditable facts about himself". But privacy clearly goes beyond simply trying to conceal ones past misbehavior.

We do keep passwords private; is that a special case, or is that really a part of privacy? It is one thing to keep our bank password private to prevent others from taking our money, but should we object to others simply knowing how we spend our money?

We also live in spaces with walls, and have curtains on our windows. It is sometimes suggested that sexual privacy is related to relationships that may lack social approval -- and so must be kept private. However, even modest hints of a sexual relationship (eg public displays of affection) often make observers quite uncomfortable.

Sometimes people hold opinions that are contrary to the opinions of those in power, and so keeping those opinions private may be a matter of personal safety.

Privacy is often associated with autonomy and independence; most people value the latter two quite strongly. To lose privacy is also to lose social position; to put it another way, privacy is correlated with social rank. And in essentially all societies, people are very concerned about their social rank. In modern terms, loss of privacy due to government surveillance is indeed associated with feelings of helplessness and powerlessness (though the NSA tried to keep its phone-metadata program very secret). But it is also true that people use privacy to conceal past misbehaviors, and to that extent the purpose of privacy is to manipulate ones social rank so it is higher than it would be otherwise.

The NSA and the Snowden Leaks

1. Telephone records of essentially every call placed in the US
2. contents of emails, Facebook messages, SMS messages and other text-based communications
3. raw packet data from direct taps into central Internet routers

The NSA claimed that all this was authorized by §215 of the Patriot Act, which allows collection of a wide range of records for investigations involving international terrorism. The pre-9/11 §215 allowed for collection of "business records"; this was amended to allow collection of "any tangible thing". The NSA interpreted this to allow collection of data on US nationals as long as the investigation involved someone who was not a US national. Here is the text of the relevant portion of the act:

ACCESS TO CERTAIN BUSINESS RECORDS FOR FOREIGN INTELLIGENCE AND INTERNATIONAL TERRORISM INVESTIGATIONS.
(a)(1) The Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution. [pld: does this provision mean anything?]

(2) .. (b) Each application under this section--

 (1) shall be made to--
  (A) a judge of the court established by section 103(a); or [pld: this is the FISA court]
  (B) a United States Magistrate Judge under chapter 43 of title 28, United States Code, ...
  (2) shall specify that the records concerned are sought for an authorized investigation conducted in accordance with subsection (a)(2) to protect against international terrorism or clandestine intelligence activities.
...
  (d) No person shall disclose to any other person (other than those persons necessary to produce the tangible things under this section) that the Federal Bureau of Investigation has sought or obtained tangible things under this section.

That the FISA courts are authorized to hear these cases is explicit in (2)(1)(A). That is, the law clearly provides for the FISA courts to authorize release of records of US nationals (the original jurisdiction of the FISA courts was limited to non-US-nationals). The law also makes clear that records can be released as part of any investigation; the person whose records are released does not have to be a subject of that investigation. That is, your records can be released as part of an investigation of someone else.

The last clause quoted here, (d) mandates that communications providers can not reveal to the public or their customers anything about this surveillance activity. These "gag orders" are unpopular with providers. They undermine confidence in the US software-services industry. The reason nobody had any idea about the extent of NSA domestic surveillance before Snowden was that these gag orders prevented talking about it. See below.

• number called
• number placing the call
• subscriber information
• length of call
• location of any mobile phones involved

Supposedly no warrant is needed to monitor communications of either non-nationals or of US nationals traveling outside the US. However, the FISA court generally signed off on the subpoenas involved. Mass surveillance is impractical if "probable cause" must be established for every individual involved, eg for a warrant.

Ten years after the Snowden revelations, the IETF published an Internet Draft, www.ietf.org/id/draft-farrell-tenyearsafter-00.html, discussing the consequences of Snowden, and some subsequent developments.

One theory is that warrants are not easy to get, and the relatively lopsided success rate (over 99%) is due to careful preparations by the police for each and every one. There is in fact some evidence that FISA court warrant applications often receive a reasonable degree of care.

Still, there is never anyone involved whose role is to speak against the warrant.

In December 2019 Justice Department's Inspector General released a report about FISA warrants, in particular related to the investigation of Carter Page, a Trump associate. The New York Times published an article: nytimes.com/2019/12/11/us/politics/fisa-surveillance-fbi.html.

Generally, FBI agents did not present evidence contrary to the theory that Page was in cahoots with the Russians.

Snowden claimed he tried to bring his legal issues with mass surveillance to the attention of his superiors at the NSA. The NSA denied this. A 2016 article suggested that the NSA was not being truthful: https://news.vice.com/article/edward-snowden-leaks-tried-to-tell-nsa-about-surveillance-concerns-exclusive. However, neither did Snowden present detailed descriptions of his attempts at contacting his superiors.

Denmark

The US is not the only country to engage in broad surveillance. Denmark offers extensive social-welfare benefits, spending a remarkable 26% of budget on this. Some Danes have become very concerned that these benefits are not going to those who are not entitled to them. To this end, the Danish government has created a group within the Public Benefits Administration to root out cheaters, using surveillance techniques. See www.wired.com/story/algorithms-welfare-state-politics.

The anti-fraud group cross-checks multiple government databases, looking, for example, for benefit recipients who are employed, or who travel frequently, or who own cars. Such matching has become routine in the US as well. The group has also considered checking electric and water bills to see if recipients were actually living at the addresses they listed. The system does track relatives in other countries, both in the EU and outside.

There is particular concern that someone receiving benefits might in fact be living with a partner who does not qualify. To detect this, nearest-tower cellphone location data has been used to determine where someone is sleeping. Child registries are also used to identify the other parent of any of a recipient's children, to see if the benefit recipient is living with that other parent. Credit-card records are checked, to see, for example, if there are regular gas and food purchases near ones claimed home address. And there are in-person surprise visits, though those are expensive. There are claims that recipient's social-media histories have been searched for this purpose.

See also www.dr.dk/nyheder/indland/kommuner-vil-gaa-endnu-laengere-fange-sociale-bedragere (in Danish, but Google Translate does a fair job).

The Danish system is supposed to allow a hearing for everyone accused. Apparently these hearings impose penalties on only 8% of those flagged, suggesting that 92% had done nothing wrong.

A similar system in the Netherlands falsely flagged thousands of families for welfare fraud in 2021. It eventually turned out that the algorithm used national origin inappropriately; the people flagged were mostly recent immigrants.

Encryption

Parallel Construction

• The government will intercept all emails and phone records in order to improve national security
• Since we have all these emails, we will also use them to track down those selling illegal drugs, those engaged in bank fraud, and those claiming excess deductions on their tax returns

More disturbingly, use of personal data obtained without a warrant is often forbidden at trials. If the NSA/DEA subterfuge here acually occurred, then it intentionally bypasses that. The NSA has also shared information with other federal agencies, including the IRS.

• terrorists
• child pornographers
• narcotics traffickers

What happens when the third group above includes recreational (or medical) marijuana users? For that matter, what if the first group is taken to include anyone who expresses an interest in a "subversive" organization, such as Occupy Wall Street?

Spying and harm

Do we agree to this?

I probably shouldn't say this, but I will... Had we been transparent about this from the outset right after 9/11 -- which is the genesis of the 215 [Section of the Patriot Act -- pld] program -- and said both to the American people and to their elected representatives, we need to cover this gap, we need to make sure this never happens to us again, so here is what we are going to set up, here is how it's going to work, and why we have to do it, and here are the safeguards ... We wouldn't have had the problem we had.... If the program had been publicly introduced in the wake of the 9/11 attacks, most Americans would probably have supported it.

Never mind that in June 2013 when the phone surveillance first came to light he was quite upset that the secrecy of the program was lost. Now that our enemies knew about it, he said then, they would find other ways to communicate.

In the post-9/11 context, do you support at least the basic framework of the NSA surveillance? Do you think a majority of Americans do? There may have been some excesses (such as hacking and "parallel construction"), but ignore those for the moment.

Smart cities

Some cities are trying to become "smart cities", leveraging information technology to become better places to live. Here's an article about Toronto: www.cbc.ca/news/technology/smart-cities-privacy-data-personal-information-sidewalk-1.4488145. Sensors collect information about car usage, bike usage, pedestrian usage, and trash-can usage.

This might lead to better traffic flow, but at what privacy cost? Nobody knows.

ACLU v Clapper

On May 7, 2015, the Second Circuit released their decision in ACLU v Clapper, in which they found that Section 215 of the Patriot Act does not allow bulk phone-metadata collection. Implementation of the ruling was stayed, however, pending appeal to the Supreme Court.

Microsoft vs US

The case was the highlight of the 2017 Supreme Court season, but Congress passed the Cloud Act in March 2018. The Supreme Court dropped the case the following month, as moot.

The Cloud Act means that, in general, a US warrant for information must be honored by a US provider no matter where in the world the data is stored. However, the provider can object if the provider believes that turning over the information would violate the privacy laws of the hosting country. It also allows for the negotiation of international agreements for the fast turnover of such information; these agreements are not treaties and so are much easier to negotiate.

The Supreme Court ruled that federal agents did not need a warrant when they tapped Roy Olmstead's phone.

In 1934 Congress passed the Communications Act, which created the FCC and which also banned [in Section 605] telephone wiretaps without a warrant. Yet the law was awkwardly worded, and wiretaps by private investigators continued.

This second quote strongly suggests that your "papers" do not have to be physical, or under your direct control, to be covered by the Fourth Amendment.

Between Olmstead and Katz, there had been a gradual recognition of increasing scope of the Fourth Amendment, hence the thought on the part of the Katz defense team that this was worth pursuing.

Third-party doctrine

2001: Kyllo v United States

Jonas Diener

2012: United States v Antoine Jones

The Mosaic Theory

Melvin Skinner

A significant problem with the Skinner decision is that, while the police discovery of Skinner's location clearly depended on GPS data, most of the decision's argument makes sense only for the case of nearest-tower data. Note, for example, the quote above where it says "Skinner did not have a reasonable expectation of privacy in the data given off by his voluntarily procured pay-as-you-go cell phone"; it is nearest-tower data that is given off "volunarily". There are suggestions that the Sixth Circuit simply confused the two.

Another issue with the decision was that the Sixth Circuit declared there was no "trespass" and so the Jones precedent did not apply. But remotely accessing a phone, enabling the GPS service, and sending the GPS coordinates back is a very "active" step; such steps have been ruled as "trespass" in the past, in hacking cases. The Sixth Circuit did not consider whether this action by the provider might be a form of trespass.

Riley and Wurie

In 2014, the Supreme Court ruled in the combined cases Riley v California and US v Wurie that the police do need a search warrant to search a cellphone in the possession of someone who is arrested. This was a unanimous decision, written by Justice Roberts, with Justice Alito writing a concurring opinion. Roberts wrote

Prior to this case, state courts had struggled with this issue. See below.

Carpenter

In 2018 the Supreme Court ruled, 5-4, that the government needs a warrant to access historical cell-phone records (including nearest-tower records).

The decision was written narrowly, so as not to overturn the third-party doctrine generally. Note that cell-phone records are indeed third-party records. Other third-party records, such as those generated by automatic license-plate readers, remain available without a warrant.

It is possible to read the Carpenter decision as noting that, during the era when the Miller and Smith cases were decided, phones were all landline, and that just because we're all now using cellphones does not mean that the government automatically gets new investigative capabilities.

The decision also did not address real-time nearest-tower records.

As far as I can tell, cellular companies can still voluntarily turn over the data. Though they probably do not, so as to avoid getting in trouble for that.

Melvin Skinner was convicted on the basis of real-time GPS records.

The main workaround by the police at this point appears to be buying historical location information from third parties. Usually this information comes from gps-based or Wi-Fi-based tracking of phones (eg by Google); this tracking does not involve cell-tower records at all. It is also usually more accurate.

Customs and Border Patrol is a big buyer, see www.aclu.org/news/privacy-technology/new-records-detail-dhs-purchase-and-use-of-vast-quantities-of-cell-phone-location-data.

And Fog Data Science is a big provider to police departments (and anyone else who can print up a letterhead with the word "security" in it). The EFF did a study of them: www.eff.org/deeplinks/2022/08/inside-fog-data-science-secretive-company-selling-mass-surveillance-local-police

Apparently Google Maps does not share data with third-party brokers, but Waze does. Even though Google owns Waze.

Sometimes police use "geofence" warrants to Google, to obtain, for example, the location information on anyone (who has their location service enabled) who was within four blocks of the bank within half an hour of the robbery. See #geofence. Google usually responds initially with anonymized data tracks, and then identifies phones only after the police identify some tracks as particularly interesting. Fog's service allows police to track however they want; it also allows police to track locations of phones at, for example, protest events.

See also privacy_others.html#location2, for commercial, non-police use of location data.

Video surveillance

• charge tolls for driving into central London during rush hour
• enforce youth curfews

• report indicating cameras had little effect on crime
• (after the report) cameras helped identify subway bombers

• Cellphone nearest-tower records
• IMSI catchers ("Stingrays"), by which the police device becomes your nearest cellular tower
• Realtime cellphone GPS
• car license-plate scanners (if you are driving)
• facial recognition

Consider again the California DOT incident in which the state sent letters to everyone whose car was recorded using a certain stretch of highway. People at the time were upset. Should they have been informed that this was a public road and they simply needed to get over it? Would that be what would happen if the incident occurred today?

Benefits:

• tracking graduation records
  
• tracking how programs & funding affect student performance

Drawbacks:

• cradle-to-grave tracking of behavior issues, sometimes unsubstantiated
  
• potential availability to employers, etc
  
• identity theft
  
• errors

Is such a database a good idea?

What if in 2025 a law is passed giving prospective employers access to the data, if the job applicant signs a consent form? What do you think would happen if you refused to sign?

And here's a related issue sometimes called "database-matching": should the government be able to link databases of:

• men receiving student aid
  
• men registered with the selective service (draft)

Once upon a time, this was claimed to be an unfair "search". Is it?

Geofence warrants

In the past few years, police have increasingly been relying on the following:

• Geofence warrants (or sometimes subpoenas): requests to Google for all people who Google's records show were in a certain area at a certain time
• Keyword warrants (or, again, sometimes subpoenas): requests to Google of all people who made a specific kind of search request

Both of these represent a marked departure from traditional warrants, in that no suspect is explicitly named, and so of course there is no probable cause that the (unnamed) suspect is guilty. Perhaps the most fundamental aspect of the Fourth Amendment is that it requires that the person and place to be searched be described specifically; geofence and search-keyword warrants fail to meet this standard. While both warrants here have value in police work, making them compliant with the Fourth Amendment is not quite yet resolved.

For a summary, see www.theguardian.com/us-news/2021/sep/16/geofence-warrants-reverse-search-warrants-police-google.

For a bit more legal detail about geofence warrants see harvardlawreview.org/2021/05/geofence-warrants-and-the-fourth-amendment.

One issue with geofence warrants is that they sweep up many innocent people, with a special emphasis on joggers, bicyclists and late-night walkers. Another issue is that they only collect information on people who have Google's location-tracking service turned on.

Sometimes people are just questioned, but Jorge Molina was arrested and held for nearly a week. The HLR article states "As a result, Molina dropped out of school, lost his job, car, and reputation, ...". That is a terrible outcome. And the police should have realized immediately that Molina should not have been a suspect.

As for warrants for search history, we will visit the early, local-computer version of this at privacy_others.html#google, but since then a person's search history has moved entirely to Google, away from the local computer. But, like geofence warrants, search-history warrants sweep up everyone (perhaps everyone in the country) who searched for a specific term.

Gag orders have made keeping tabs on police use of search-history warrants difficult. But one such order was uncovered through a court mistake; see www.forbes.com/sites/thomasbrewster/2021/10/04/google-keyword-warrants-give-us-government-data-on-search-users. The police asked for information about everyone who searched for a woman who later went missing. Google has not released how many accounts were involved.

Geofence warrant requests have been getting broader; Google's ability to push back has been limited. Here is an example involving 1500 users: www.forbes.com/sites/thomasbrewster/2019/12/11/google-gives-feds-1500-leads-to-arsonist-smartphones-in-unprecedented-geofence-search.

In December 2023 Google announced it had had enough, though, and they started rolling out a switch to saving most of your location history (or your Timeline, as they call it) on your phone, rather than on their servers, so Google can no longer access it. The retention period for the location data they do keep was considerably shortened. They even provide tools for backing it up, again in a way that Google cannot access. 

Police had been having a field day with them. In a 2022 case in Layton, Utah, Police tried geofence warrants to find someone who stole $350 from parked cars in Layton Utah (here).

In July 2024, the Fourth Circuit ruled in US v Chatrie ruled that geofence searches were not searches under the Fourth Amendment, and so did not require a warrant. Chatrie's two hours of location data was not analogous to the extensive data gathered in the Carpenter case.

But we find that the government did not conduct a Fourth Amendment search when it obtained two hours' worth of Chatrie's location information, since he voluntarily exposed this information to Google.

The "voluntarily exposed" theory is the heart of the third-party doctrine: if you give up information "voluntarily", you have no right to expect the government won't receive it.

Electronic Communications Privacy Act, 1986

The difference, for government lawyers, is that email sits around after it is read. At that point it is a "stored document", and maybe even a "business record" of your ISP. It has taken a long time to achieve any form of recognition of a  "reasonable expectation of privacy" for email.

The ECPA was intended to provide protections for "electronic communications". In 1986, Congress would have been aware of email, but it has been suggested that the real target was voicemail. And faxes. Email would have been a distant third.

Part of the intent of the ECPA was to extend the existing restrictions on government telephone wiretaps to other electronic communication. However, the ECPA also applies to private organizations. It has three exceptions that serve to limit its applicability to employer monitoring (§2511(2)(a))

1. The provider exception (except  that a provider .. shall not utilize service-observing or random monitoring except for ...quality control checks)
   
2. The ordinary course of business exception
   
3. The consent exception. (c)

Generally, most employer monitoring falls under one of these. Note that the "provider" exception is a specific feature of ECPA; ownership of the hardware does not create a general right of access and in particular ownership of a telephone system does not create a right to eavesdrop.

Phone surveillance in the workplace
Keystroke monitoring
Location monitoring

Do computers empower workers, or shackle them?

While we're on the topic of ECPA, there is:

Title I, covering electronic communications in transit (USC Title18 Chapter 119)
       no interception (§2511): https://www.law.cornell.edu/uscode/text/18/2511
       evidence exclusion (§2515): https://www.law.cornell.edu/uscode/text/18/2515

The language on "interception" is below.

(1) Except as otherwise specifically provided in this chapter any person who—

(a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;

shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5).

Title II, the Stored Communications Act. (USC Title 18 Chapter 121)

    email stored 180 days or less: gov't needs a warrant
    more than 180 days: warrant, subpoena, or court order. A warrant is needed if there is no notice to the customer.
    See www.law.cornell.edu/uscode/text/18/2703
        §2703 (a): less than 180 days (b): more than 180 days

Here's that part from §2703(b) preserved for posterity:

§2703(b) (above) has much less stringent restrictions. Debate continues as to the appropriate category for email messages, but see below under Warshak.

Nobody is quite sure why Congress thought the 180 day rule was important. However, in 1986 keeping your email on your server indefinitely was generally not an option (and even less of an option for, say, voicemail).

ECPA amended the Wiretap Act of 1968.

• Age less than 180 days versus older than 180 days (SCA rule)
• Whether you have opened the email or not (some court decisions have held that email is subject to SCA protection only if it has not been opened; after that, it is a stored personal record not unlike Google Docs files).
• Whether the email is something you sent, or received: you generally have no fourth-amendment rights in email sent you by others.

US v Councilman

Bradford Councilman ran a website that listed rare books; he also gave email accounts (actually aliases) to booksellers within the domain "interloc.com" (this might be comparable to amazon.com giving email aliases to their associated private sellers, or even ebay). However, Councilman examined these dealer emails in order to develop a competitive strategy (these emails would show what rare books were in demand, for example; apparently the real target was amazon.com).

In the case US v Councilman, the government prosecuted Councilman for interception of email in violation of the ECPA/Wiretap Act. Councilman argued that he only examined the email as it was stored on servers temporarily while being routed to its final destination, and that accessing stored documents did not constitute "interception" for the purposes of the Wiretap Act.

The language on interception is quoted above, by the links to the text of the law. It says nothing about the data being "in transit". You might think this would be open-and-shut. But the District Court and a 3-judge panel of the Appellate Court agreed with Councilman's theory. In 2005, however, the First Circuit court ruled en banc that, yes, ECPA in-transit rules did apply to data stored temporarily on disks (filesystems) as well.

Note that the issue here is not government access to electronic communications.

Note also that the status of email as it sits in storage remains contentious.

Email differs technically from voice in that as email is forwarded to its destination the full message sits briefly on various intermediate servers. Phone servers store at most a few bits of a voice stream at a time. The First Circuit ruled very definitively that, despite the appearance that email was being stored, the practical understanding was that it was in transit, and as such was protected. This is a good example of the courts rejecting a "technical" argument for the "big picture"; note, however, that the first two courts to hear the case agreed with the technical argument.

The full First Circuit decision is at http://www.ca1.uscourts.gov/pdf.opinions/03-1383EB-01A.pdf

This was a case involving government compliance with ECPA. Steven Warshak ran a mail-order operation promoting "Enzyte" for "natural male enhancement." At its peak, annual sales reached $250 million, and the company employed 1500 people.

There were several allegations of fraud: that the physician testimonials for the product were entirely fictitious, that many customers were enrolled a monthly "auto-ship" program without notification, and that the merchant bank accounts were manipulated to make credit-card complaints seem to be a smaller percentage than there actually were. Eventually the government investigated and then prosecuted.

The government got a subpoena order from a US Magistrate asking for his email records. The first request came in October 2004 for Warshak's ISP, NuVox, to retain copies of Warshak's emails. The second request came 180 days later, to turn over any emails that had been archived more than 180 days. In time, all the archived emails were turned over. Warshak and his employees read their email using the POP protocol, which deletes messages from the server as soon as they are read. The feds would have had nothing to subpoena if NuVox hadn't retained copies.

In May 2006 Warshak found out about all this. As the emails were incriminating, Warshak argued that the US needed a warrant, which is much stronger than a subpoena. In 2006 he filed a claim seeking a declaratory judgment that a warrant and not a subpoena was needed. (A declaratory judgment is a court ruling on a procedural matter where there is no actual action ordered.)

• subpoena v search warrant: latter is stronger
  
• warrant for unopened email, subpoena for opened?? (stored-document doctrine)
  
• Subpoenas give you a few days to comply. Warrants do not.
  
• Subpoenas may or may not be issued by a court! But for search warrants must be court-issued
  
• Search warrants are supposed to describe precisely what is being sought.
  
• Phone calls: need warrant (supreme court Katz v US case, 1967) [Patriot Act created some new classes of search warrant, but the basic principle remained.]

Are subpoena rules for email overly broad?
US argument: users of ISPs don't have a reasonable expectation of privacy.

This is clear (post-Smyth) for employer-provided email, though there's no reason to suppose loss of privacy extends to the government.

But what about email from a commercial provider? Are these some kind of business record? Here's an imaginary Yahoo Terms-of-service by Mark Rasch, from securityfocus.com/columnists/456/3 :

Because a customer acknowledges that Yahoo! has unlimited access to her e-mail, and because she consents to Yahoo! disclosing her e-mail in response to legal process, compelled disclosure of e-mail from a Yahoo! account does not violate the Fourth Amendment.

The point here is that because Yahoo has access to your email, the government thinks that all your email should be treated just like any other commercial records. You have no "expectation of privacy".

The government argued that this case was like the 1976 US v Miller case, where bank records were found NOT to be protected. However, bank records are pretty clearly different from email. For one thing, under the "transaction" theory of privacy, bank records belong to the bank, as well as to you. Email does not belong, in any sense, to your ISP.

But there's also the issue that ISPs do not just route your email messages, they also store them. Sometimes indefinitely, even after you have read them.

Stored Communications Act, part of ECPA
    electronic communications stored 180 days or less: gov't needs a warrant
    more than 180 days: warrant, subpoena, or court order
Warshak was arguing that the government should need a warrant for ANY of his email.

Back when the ECPA was passed, email existed, but it was not common. The "electronic communications" that Congress had in mind may have been voicemail, for which the 180-day cutoff makes a lot more sense.

At the district court level, Warshak won in his declaratory-judgment quest. (Quote from full 6th circuit decision)

In June 2007 a 3-judge panel of 6th circuit appellate court [Judges Boyce Martin, Martha Daughtry, William Schwarzer (District Court judge sitting in)] again ruled for Warshak. The decision was far-reaching, not specific to the facts at hand; the court issued an injunction forbidding the US government from obtaining emails without a warrant. From the ruling (at www.ca6.uscourts.gov/opinions.pdf/07a0225p-06.pdf):

In October 2007 the 6th circuit agreed to an en banc (whole court) review of this ruling.

In January 2008, Warshak's criminal case went to trial. He was convicted the following February.

In July 2008 the full court ruled on the declaratory-judgement request. They decided that the question of whether police needed a warrant to obtain emails was not "ripe": the broad question was not ready to be addressed. The injunction was lifted.

The ripeness doctrine serves to "avoid[] . . . premature adjudication" of legal questions and to prevent courts from "entangling themselves in abstract" debates that may turn out differently in different settings.

That makes sense, but the full court also said some strange things about expectations of privacy:

Do you think your email privacy from the government should hinge on the agreement you have with your ISP?

(See Eugene Volokh, volokh.com/posts/1176832897.shtml) Traditionally, the courts consider 4th-amendment cases only in concrete contexts and not in the abstract. To be sure, the case as a whole was still at the declaratory-judgment stage; the full court may have felt that the email situation should wait to be decided at the actual trial. But the comments above about the subjective nature of expectations of privacy, and the idea that the terms of service might play a role in this expectation, are unsettling.

Warshak was sentenced in August 2008, to twenty-five years. He appealed to the 6th circuit.

In December 2010, a (different) three-judge panel of the 6th circuit ruled on Warshak's appeal of his conviction (http://www.ca6.uscourts.gov/opinions.pdf/10a0377p-06.pdf). They ruled that emails were in fact protected under the fourth amendment, and that to the extent that the SCA (above) held otherwise (for emails held longer than 180 days), the SCA was unconstitutional. This time the judges were Damon Keith, Danny Boggs, and David McKeague.

Alas for Warshak, the court also held that Warshak's emails were nonetheless admissible as evidence, because the government had acted in good faith (believing the SCA was good law). The court based its protection of email on the principle that wiretapping of telephones has long been regarded as a fourth-amendment search (that is, requiring a warrant).

As for an ISP's ability to read emails, the court wrote

The case might still be appealed to the full 6th circuit or to the Supreme Court, though it has not happened yet and it is probably too late now.

The 6th Circuit decision appears to make no distinction between emails Warshak sent and those he received. 

The court compared email to conventional postal mail:

Put another way, trusting a letter to an intermediary does not necessarily defeat a reasonable expectation that the letter will remain private. See Katz , 389 U.S. at 351 ("[W]hat [a person] seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.")

Given the fundamental similarities between email and traditional forms of communication, it would defy common sense to afford emails lesser Fourth Amendment protection.

The court also considered the Third-Party Doctrine, and rejected it:

But Miller is distinguishable. First, Miller involved simple business records, as opposed to the potentially unlimited variety of "confidential communications" at issue here. See ibid. Second, the bank depositor in Miller conveyed information to the bank so that the bank could put the information to use "in the ordinary course of business."

The second point is arguably the more significant. The bank is the other party to your banking transactions; your email provider is simply an intermediary.

The full 6th circuit did not hear Warshak's appeal en banc, despite the fact that they had earlier ruled in Warshak's favor on the issue of whether a warrant was needed for email. Why? One reason was that the 2010 decision was an actual decision in a criminal case, and not a decision about a declaratory judgement. Another was probably that the 2010 judge panel was apparently held in somewhat greater respect by the bulk of the 6th circuit.

Email has been around for ~20 years. Why has this decision taken so long?

Rep Zoe Lofgren (D-CA) has introduced a bill in Congress (HR 6529 - the ECPA 2.0- Act of 2012) to require warrants for all email searches (including things like Facebook messaging) and all uses of phone GPS location information. It remains to be seen whether this will go anywhere.

Another Take

Are the feds complying?

... since the Sixth Circuit Court of Appeals' 2010 ruling in U.S. v. Warshak, the Justice Department has generally sought court warrants for the content of e-mail messages, but is far less inclined to take that step for non-email files.

New bill proposed that would, in some cases, not require a warrant (though the Sixth Circuit has already found that unconstitutional)

Talks about the "email privacy act".

The Third-Party Doctrine and email

Gag Orders

Lavabit

The saga of Ladar Levison's Lavabit email service deserves a mention here. It was founded in 2004, and abruptly shut down on August 8, 2013. As it later turned out, Levison was served with a warrant (first a subpoena but eventually a warrant) asking him to turn over the TLS keys protecting all communication into and out of Lavabit's servers. The government eventually revealed (perhaps through error) that the target was Edward Snowden; Snowden had released his documents in June 2013. The TLS keys would give the government access to:

• Any new emails passing through the Lavabit service, and all unencrypted passwords
• Any old emails for which the government had saved the encrypted packets

Snowden and his correspondents are believed to have deleted emails promptly.

Levison fought with the government for a while, but ultimately decided to shut down the service rather than expose all his users to surveillance.

At the time of the shutdown, Levison was under a gag order forbidding him from discussing the demand for the TLS keys. The gag order was lifted October 13, 2013.

Levison was ordered to appear in court without his attorney; as a third party to the case, Levison did not have an automatic right to an attorney. He was charged with contempt of court at some point, without a hearing. He appealed; the circuit court said they could not hear the case because Levison had not filed an objection with the district court. But he could not do that because there had been no hearing.

Levison recounted his story in May 2014: www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email.

Phone Searches

Prior to the Riley decision of the Supreme Court, the situation regarding phone searches was rather unsettled.

In 2010 the US Supreme Court ruled in Ontario [California] v Quon that the City of Ontario had a right to audit pager text messages on pagers issued by the city to police officers. Many messages turned out to be personal, and the senders were disciplined. Officer Jeff Quon sued, arguing that the department had promised that personal messages were ok if officers reimbursed the city for any message-overage charges.

The decision was unanimous that this particular case amounted to a legitimate work-related search, and that Officer Quon should have realized that privacy was not guaranteed here. However, the justices explicitly refused to rule on the broader question of text-message search without a warrant. Justice Kennedy wrote,

The judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear

and alluded to the 1928 Olmstead ruling (reversed in the 1967 Katz decision) that telephone wiretapping did not require a warrant.

In January 2011 the California Supreme Court ruled, in the case of Gregory Diaz, that when someone is arrested at a traffic stop and the police search the vehicle, they may extend the search to at least the text messages on any phones they find. The police rationale here was to tie a suspect to a drug deal an hour before, through SMS messages. Note that the police need only "probable cause" to search a vehicle when they arrest someone (and also in some other situations I am not entirely clear on), though the Supreme Court did rule in Knowles v Iowa that the police may not search a vehicle or its passengers if the stop was for a routine traffic violation.

In March 2012, the Seventh Circuit ruled (in US v Flores-Lopez) that if the police find a cellphone on a person during an arrest, they may look at the phone to find out the phone's number. The police did exactly that when arresting Abel Flores-Lopez, and later subpoenaed the calling records for that number. The decision, written by Judge Richard Posner, likened the phone to a diary found on an arrested person, and established precedent does allow the police to search a diary you have on your person.

In September 2012 a state judge in Rhode Island ruled that the police should have obtained a warrant in the case of the death of six-year-old Marco Nieves. An officer responding to the initial 911 call found a phone on the kitchen counter and proceeded to read the text messages within it. Some of the messages suggested child abuse, and charges were brought against Michael Patino, boyfriend of Marco's mother.

All these cases relate to call lists or to simple SMS messages. What if you also get email on your phone, or if you have a substantial browser or search history, or if your phone has been tracking your location? This is even more unsettled, though recall the Melvin Skinner case.

The Riley Supreme Court case settled most of these phone-search cases.

Eavesdropping on SMS messages ("text messages")

1. They are often transmitted as cleartext.

2. The government is likely to argue that the 4th amendment does not apply to eavesdropping (or to physical examination of the phone, for that matter).

3. They are not 'wire communications', and thus escape the Wiretap Act rule that illegally intercepted messages cannot be used against you.

4. Your local police are not likely to be intercepting SMS messages, but it's always a risk. The ECPA does require a court order.

5. Your wireless provider probably logs and stores all your SMS messages.