Why The 'Third Party Doctrine' Undermines Online Privacy Protections

from the fourth-amendment dept

There's been an interesting discussion going on between my colleague Jim Harper and legal scholar Orrin Kerr about the third party doctrine, the legal principle that, in effect, you lose your Fourth Amendment rights when you relinquish information to a third party. The doctrine has become increasingly important with the rise of modern technology because we now entrust a host of private data -- including our email, cell phone calling data, credit card transactions, and more -- to private companies, and the third party doctrine would seem to suggest that Fourth Amendment protections would not extend to such information. A couple of weeks ago, Kerr posted a draft paper defending the doctrine, arguing that it brings clarity and simplicity to privacy law and avoids the need for "a complex framework of sui generis rules." Jim strongly disagrees with Kerr, arguing that the third party doctrine was always misguided and that recent technological changes have simply made these flaws more evident.

Jim points out that when the Fourth Amendment was drafted, the vast majority of peoples' private activities occurred inside the home, and so it made sense to make the home focus of Fourth Amendment protections. But as people began conducting more and more of their lives outside of the home, with telephones, email, credit cards, and so forth, using the four walls of the home as the boundary for Fourth Amendment protection made less and less sense. And indeed, that's precisely what the Supreme Court recognized in the famous 1967 case of Katz v. United States, which held that the Fourth Amendment applied to wiretapping of public pay phones because the Fourth Amendment protects "people, not places." The same principle ought to apply to our emails, credit card transactions, and other data of a private nature: what matters is not where the data is located or who has custody over it, but whether the subject of surveillance had a reasonable expectation of privacy in his use of that data.

Kerr responded that "the real judges and Justices that make the rules" have recently shown greater sympathy for Kerr's view of the Fourth Amendment as a narrow doctrine of criminal procedure rather than a broad charter for protecting peoples' privacy. I agree with Jim that this isn't really responsive to his argument. Whether judges currently do see things Kerr's way tells us little about whether they ought to view them that way. Judges have gotten the Fourth Amendment wrong in the past. After all, Katz overruled Olmstead v. United States, a decision that had allowed warrantless wiretapping almost four decades earlier. So the fact that the courts have not yet extended Fourth Amendment protections to email or other digital records doesn't prove that a future court won't recognize that such information is as crucial to personal privacy as paper records and phone calls. Sticking with the third party doctrine would make the Fourth Amendment less and less relevant as technology changes because more and more private information to be held by third parties. If we want the Fourth Amendment to continue to be an effective protection for peoples' privacy, and I think we do, it needs to be continuously updated to reflect changing technological realities.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Mudlock, Jun 20th, 2008 @ 2:48pm

    Mail

    Before email, there was this thing called "mail". It used envelopes.

    What's the modern version of an envelope? Encryption.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      jonnyq, Jun 20th, 2008 @ 6:31pm

      Re: Mail

      That's fine and dandy, but you can't encrypt all forms of networked communication.

      Even still, we're discussing telephone conversations that may digitally pass through a third party's network, but would still be considered private. Private instant communication comes in lots of forms that are rarely encrypted.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 20th, 2008 @ 3:18pm

    But the Fourth Amendment is also about PRESUMPTION of privacy.
    It is widely known and stated that non-encrypted email is NOT private.
    If you want the presumption of privacy in your e-mails, encrypt them, THEN complain if the government circumvents your encryption to read the e-mail.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 21st, 2008 @ 11:12am

      Re:

      It is widely known and stated that non-encrypted email is NOT private.
      That's not what I've found. Indeed, the vast majority of people that I talk to about it do believe that their e-mails are private. When asked if they would permit me to post all of their e-mail messages on a public website, all of them have answered "no" due to their considering those messages to be private.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      BrotherHiram (profile), Apr 15th, 2010 @ 10:37am

      Re:

      Anonimous Coward (love the name btw)

      I would argue that the fact that in order for me to access my email server to read or write emails, I have to enter a user name and a personalized password, indicate that I should have presumption of privacy, unless you give me your information to access your email account or I unlawfully get your personal information, I cannot access your email because it is private.

      Because your home's curtains are open and your wife is taking a shower, doesn't give me the right to stand at the window checking her out. and I say at the window rather than the street, because if I can see her from a public place then it gets murky, but I don't thing that yahoo or gmail emails are readily available to be read by anyone typing a URL, you would need to hack into a system in order to have access to them.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Ronny Rant, Jun 20th, 2008 @ 5:44pm

    Point of no return

    Well, I think the horses have left the barn and the cat has escaped the bag.
    Every day you read about another massive "loss" of personal information. Information on millions which should've been encrypted at least and even better locked up somewhere, but no, it was stored on a laptop left in the back seat in plain sight for someone to take or something similar ....
    I now have no other conclusion available other than to assume that almost all data breaches are intentional and you rpersonal data is being bought and traded for the highest amount.
    Not if, but when you are faced with some entity showing up with their hand out demanding payment - what are you to do ?
    I think I'll say "piss off dirtbag" its their own fault, not mine and I'm not paying.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jun 22nd, 2008 @ 5:30am

    Responsibility

    The interesting thing about the article is that is suggests the courts need to extend the reaches of the fourth amendment and then ends with desire that the fourth amendment continues to be updated as technology is. So, whose responsibility is it? Courts or legislature. I think anytime you are looking for the courts to extend the reaches of any law, you are asking for trouble. Call upon congress to enact changes to the fourth amendment if that's what you want, but don't ask the court to continually reinterpret what is there.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      IANAL, Jun 22nd, 2008 @ 8:25am

      Re: Responsibility

      AC -> extend the reaches of the fourth amendment ... whose responsibility is it?

      Where in the 4th amendment does it limit its scope ?
      I do not assume that the latest technology needs to be included, it is included unless specificaly stated otherwise.

      "secure in their persons, houses, papers, and effects"

      I think we all know what the writers had in mind, and it is easy to conclude that both papers and effects would cover your personal email, IMs, storage, etc.

      And it is the courts, DAs, and AG who are responsible.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Nick, Jun 23rd, 2008 @ 4:10am

    Katz and the phone company

    So, wasn't the Katz decision made in a situation where Katz and whoever he spoke to on the phone were handing the electrical impulses over to the phone company for transport to each other?

    How does it make any difference that these days people are handing over digital bits for transport instead of analog electrical impulses?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    anonymous coward, Jun 23rd, 2008 @ 11:31am

    I think the problem lies with your statement about continual update: "If we want the Fourth Amendment to continue to be an effective protection for peoples' privacy, and I think we do, it needs to be continuously updated to reflect changing technological realities."

    What you want is to document the intent clearly, not examples. Clearly this whole mess got started because someone encoded an example - matters in the house - into law instead of the intent - matters between people.

    So whilst I agree with you that it needs updating, I disagree with the continual part. People should stop interpreting things literally but instead focus on the intent.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Wyatt, Jun 23rd, 2008 @ 1:34pm

    I did not know the judicial branch made laws in the US. Hmm time for civics class again I guess.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 23rd, 2008 @ 5:29pm

      Re:

      Wyatt -> I did not know the judicial branch made laws in the US. Hmm time for civics class again I guess

      It is up to the judicial branch to enforce the existing laws, but you knew that.
      I think the point is that the existing laws will do just fine. The default should be to include everything unless specifically excluded, therefore "papers, and effects" would cover email, IMs, etc.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jun 23rd, 2008 @ 10:33pm

      Re:

      I did not know the judicial branch made laws in the US. Hmm time for civics class again I guess.
      Pay attention when they mention "case law".

       

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This