Ron Wyden: It's Time To Kill The Third Party Doctrine And Go Back To Respecting Privacy
from the make-it-so dept
For years, we’ve written about the third party doctrine and its troubling implications for the 4th Amendment and your privacy — especially in the digital era. If you’re unfamiliar with it, the third party doctrine is the concept used by law enforcement (and, tragically, the courts) to say that you have no expectation of privacy or 4th Amendment rights in information you’ve given to a third party. The origins of this argument are not completely crazy, because there is a legitimate claim to the idea that if I entrust you with some private information, and you decide to disclose it, that my 4th Amendment rights haven’t been violated. But that assumes a very different world. In today’s digital world — especially with cloud computing — we “entrust” all sorts of information to third parties even though we still think of and treat that information like it’s our own personal effects. These aren’t cases in which I’m handing over a collection of journals to my neighbor to hold onto. Online services are treated as our own content — which we can access, update and modify at any time from any device.
While the Supreme Court’s recent decision in the Riley/Wurie cases suggests that it is becoming increasingly uncomfortable with law enforcement twisting old concepts onto new technologies to eviscerate privacy, the third party doctrine technically still stands — and there has been little real discussion of it in Congress.
So it’s good to see that Senator Ron Wyden is actually speaking out about why the third party doctrine needs to go. The speech is a good one, talking about oppressive governments and surveillance, and the rise of technology — and how our laws have not kept pace when it comes to protecting our privacy against government intrusion. Then he digs in on the third party doctrine, noting that it was established by “judges who did not fully understand 20th Century technology, much less anticipate the technology we have today” and that it makes little sense considering the way we use technology today:
Some will still argue that by sharing data freely with Facebook, Google, Mint, Uber, Twitter, Fitbit, or Instagram, Americans are choosing to make that data public. But that is simply not the case. I might not have any expectation of privacy when I post a handsome new profile picture on Facebook, or when I send out a tweet to tell people I?ll be at the Tech Northwest conference. But when I send an email to my wife, or store a document in the cloud so I can review it later, my service provider and I have an agreement that my information will stay private. Neither of us have invited the government to have a peek. Basically, I think sharing this information with Google is like putting property in a safety deposit box, but the government thinks I?m posting it on a billboard out on I-5.
Citizens have agreed to a contract with Google or Mint that keeps their email or financial data private. In many cases these companies don?t even know what information they?re holding for you. Making information available to a service provider for a limited business purpose – so that they can give you a new app, or provide targeted ads, or do any other kind of business with you – is simply not the same as broadcasting that information to the public. In the view of the law this data should be as secure to your person as if it were sitting in a locked filing cabinet in your home office.
So how about fixing it? Well, he says, it needs to start by reforming the laws that cover the intelligence community, preventing them from bulk collection of the data you’ve handed to third parties.
I believe that any serious effort to reform this law needs to end the bulk collection of Americans? personal information, starting with their phone records. I have been challenging this program for years on the grounds that isn?t just harmless old metadata. Furthermore, I believe that Congress needs to reform the Foreign Intelligence Surveillance Court, to make it more transparent and to include an advocate for the American people. Additionally, there needs to be much greater transparency from intelligence agencies about the scale and scope of domestic surveillance activities, and private companies should be given the ability to disclose much more information about requests they receive from the government. Most of all, Congress must close the loophole that intelligence agencies are currently using to read a significant number of Americans? communications without a warrant.
But that’s just the start. He calls out Executive Order 12333, which we’ve been discussing lately. That’s the Ronald Reagan-signed executive order that lets the NSA collect whatever the hell it wants outside of the US. As was recently revealed, this program, which has no Congressional or Judicial oversight, is really the core program that the NSA uses. All the domestic spying under Section 215 and 702? That’s just to “fill in the gaps.” Wyden thinks its time that EO 12333 got reviewed and reformed:
The next step will be to seriously examine collection that is done overseas. When the Foreign Intelligence Surveillance Act was written in the late 1970s, it was written to only apply to collection done inside the United States. But that was back in an era when each country essentially had its own separate communications infrastructure.
Now those separate systems have been replaced by an integrated global communications network, in which calls and emails within one country might be routed through multiple different countries. When you combine that shift with new technology that makes it much easier to obtain large amounts of data, it no longer makes sense to assume that collection done overseas will not sweep up the communications of large numbers of law-abiding Americans.
This means that the rules that govern collection overseas will need to be substantially revised. These are governed by something called Executive Order twelve-triple-three, which is more than 30 years old and predates this sea-change in global communications. I was encouraged a few weeks ago when the Senate Intelligence Committee recognized this fact, and voted to advance a bill that would begin to establish some firmer rules in this area.
Finally, he talks about the need for ECPA reform — another thing we’ve been discussing for years. ECPA is the 1986 Electronic Communications Privacy Act which is so woefully out-of-date, it’s not even funny. It’s the one that assumes if any communication is sitting on a server for more than 180 days, then it’s “abandoned.” Go look at how many emails in your Gmail account are over 180 days old… Even though more than half of the House is co-sponsoring an ECPA reform bill, law enforcement folks are protesting it, because they like the easy access. The DOJ loves to go on fishing expeditions with ECPA, as does the SEC and the IRS. Wyden says it’s time for real reform.
There’s much more that can be done, some of which he refers to in his speech, but it would be nice if Congress finally realized just how truly dangerous the third party doctrine is to our privacy.