Ron Wyden: It's Time To Kill The Third Party Doctrine And Go Back To Respecting Privacy

from the make-it-so dept

For years, we’ve written about the third party doctrine and its troubling implications for the 4th Amendment and your privacy — especially in the digital era. If you’re unfamiliar with it, the third party doctrine is the concept used by law enforcement (and, tragically, the courts) to say that you have no expectation of privacy or 4th Amendment rights in information you’ve given to a third party. The origins of this argument are not completely crazy, because there is a legitimate claim to the idea that if I entrust you with some private information, and you decide to disclose it, that my 4th Amendment rights haven’t been violated. But that assumes a very different world. In today’s digital world — especially with cloud computing — we “entrust” all sorts of information to third parties even though we still think of and treat that information like it’s our own personal effects. These aren’t cases in which I’m handing over a collection of journals to my neighbor to hold onto. Online services are treated as our own content — which we can access, update and modify at any time from any device.

While the Supreme Court’s recent decision in the Riley/Wurie cases suggests that it is becoming increasingly uncomfortable with law enforcement twisting old concepts onto new technologies to eviscerate privacy, the third party doctrine technically still stands — and there has been little real discussion of it in Congress.

So it’s good to see that Senator Ron Wyden is actually speaking out about why the third party doctrine needs to go. The speech is a good one, talking about oppressive governments and surveillance, and the rise of technology — and how our laws have not kept pace when it comes to protecting our privacy against government intrusion. Then he digs in on the third party doctrine, noting that it was established by “judges who did not fully understand 20th Century technology, much less anticipate the technology we have today” and that it makes little sense considering the way we use technology today:

Some will still argue that by sharing data freely with Facebook, Google, Mint, Uber, Twitter, Fitbit, or Instagram, Americans are choosing to make that data public. But that is simply not the case. I might not have any expectation of privacy when I post a handsome new profile picture on Facebook, or when I send out a tweet to tell people I?ll be at the Tech Northwest conference. But when I send an email to my wife, or store a document in the cloud so I can review it later, my service provider and I have an agreement that my information will stay private. Neither of us have invited the government to have a peek. Basically, I think sharing this information with Google is like putting property in a safety deposit box, but the government thinks I?m posting it on a billboard out on I-5.

Citizens have agreed to a contract with Google or Mint that keeps their email or financial data private. In many cases these companies don?t even know what information they?re holding for you. Making information available to a service provider for a limited business purpose – so that they can give you a new app, or provide targeted ads, or do any other kind of business with you – is simply not the same as broadcasting that information to the public. In the view of the law this data should be as secure to your person as if it were sitting in a locked filing cabinet in your home office.

So how about fixing it? Well, he says, it needs to start by reforming the laws that cover the intelligence community, preventing them from bulk collection of the data you’ve handed to third parties.

I believe that any serious effort to reform this law needs to end the bulk collection of Americans? personal information, starting with their phone records. I have been challenging this program for years on the grounds that isn?t just harmless old metadata. Furthermore, I believe that Congress needs to reform the Foreign Intelligence Surveillance Court, to make it more transparent and to include an advocate for the American people. Additionally, there needs to be much greater transparency from intelligence agencies about the scale and scope of domestic surveillance activities, and private companies should be given the ability to disclose much more information about requests they receive from the government. Most of all, Congress must close the loophole that intelligence agencies are currently using to read a significant number of Americans? communications without a warrant.

But that’s just the start. He calls out Executive Order 12333, which we’ve been discussing lately. That’s the Ronald Reagan-signed executive order that lets the NSA collect whatever the hell it wants outside of the US. As was recently revealed, this program, which has no Congressional or Judicial oversight, is really the core program that the NSA uses. All the domestic spying under Section 215 and 702? That’s just to “fill in the gaps.” Wyden thinks its time that EO 12333 got reviewed and reformed:

The next step will be to seriously examine collection that is done overseas. When the Foreign Intelligence Surveillance Act was written in the late 1970s, it was written to only apply to collection done inside the United States. But that was back in an era when each country essentially had its own separate communications infrastructure.

Now those separate systems have been replaced by an integrated global communications network, in which calls and emails within one country might be routed through multiple different countries. When you combine that shift with new technology that makes it much easier to obtain large amounts of data, it no longer makes sense to assume that collection done overseas will not sweep up the communications of large numbers of law-abiding Americans.

This means that the rules that govern collection overseas will need to be substantially revised. These are governed by something called Executive Order twelve-triple-three, which is more than 30 years old and predates this sea-change in global communications. I was encouraged a few weeks ago when the Senate Intelligence Committee recognized this fact, and voted to advance a bill that would begin to establish some firmer rules in this area.

Finally, he talks about the need for ECPA reform — another thing we’ve been discussing for years. ECPA is the 1986 Electronic Communications Privacy Act which is so woefully out-of-date, it’s not even funny. It’s the one that assumes if any communication is sitting on a server for more than 180 days, then it’s “abandoned.” Go look at how many emails in your Gmail account are over 180 days old… Even though more than half of the House is co-sponsoring an ECPA reform bill, law enforcement folks are protesting it, because they like the easy access. The DOJ loves to go on fishing expeditions with ECPA, as does the SEC and the IRS. Wyden says it’s time for real reform.

There’s much more that can be done, some of which he refers to in his speech, but it would be nice if Congress finally realized just how truly dangerous the third party doctrine is to our privacy.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Ron Wyden: It's Time To Kill The Third Party Doctrine And Go Back To Respecting Privacy”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Ron Wyden is one of the few non-flip flopping politicians who still holds publicly popular positions even after elected and not just when running for campaign. So many other politicians hold positions they know are popular among their constituents and then, all of a sudden, they switch positions once elected. Then the shills around here say ‘but this is what the people want because this is who they voted for’. If that’s the case then they wouldn’t all need to switch positions once elected.

Anonymous Coward says:

i think Congress is fully aware of how dangerous 12333 is, along with the other bills that are, basically, attached. the main reason there hasn’t been ‘any real reform’ is because Congress members dont want to be inundated with lobbying from law enforcement agencies who want to keep things as they are, nice and easy. ie just go and get whatever they want, legal or not, and lie like fuck about what they got, how they got it, what it’s used for and how long it will be kept.
on top of that, whether they realise it or not, members are being spied on just as much, if not more, than other people, simply because of their position. until something is revealed about a task or a personal thing to do with one or more members, they seem to be oblivious to what’s happening. get a senator in the cross hairs, for example, then see things take a different course!!
as for Wyden, he’s just about the only person who does the job for which he was elected. every other member is there, predominantly, to get what he/she can, personally, out of the job, while cowering to the government and the security forces and lying continuously to the public!!

Anonymous Coward says:

Re: Re:

Congress members probably don’t care that much about lobbying since that has turned out to be a two-way street as in “I scratch your back and you scratch my back” – lobbying and campaign funding. Even Feinstein has argued that foreign surveillance should be reviewed by congress.

They are far more likely to be spied on than others. The best solution given that many countries are interested in their secrets, would be to prioritize further anti-surveillance measures and in particular a priority on creating a separate agency specialized in anti-surveillance.

pixelpusher220 (profile) says:

'choose to disclose' - key difference

if a 3rd party, such as you’re friend or anyone/any company who doesn’t have an agreement to ‘not disclose’, does indeed disclose, then yes you have no 4th amendment recourse.

The BIG difference here is the courts ordering the release of the 3rd party held information. That’s not ‘choosing’ to disclose and as such you should be able to fully employ your 4th amendment rights.

Anonymous Coward says:

Re: Re:

You know how representatives often start their floor statements with “I reserve the right to revise and extend my remarks.”? If I was Wyden, I would have pre-authorized my aides to add a whole lot of interesting intelligence info to the congressional record in the case of any ‘accident’ to my person or position.

Argonel (profile) says:

Can we revise the third party doctrine to “Third parties may not be compelled to provide documents or information about you without a proper warrant or subpoena just as you cannot be compelled to provide information without a warrant or subpoena. This shall not be construed as preventing a third party from volunteering information if they choose to do so.”

It shouldn’t be hard for a law enforcement agency to convince a judge to allow them to have a cell phone provider disclose if a suspects cell phone was in the vicinity of a bank at the time of a bank robbery. Even if it is more work than just calling up Verizon and saying give me a list of everyone that was within half a mile of this bank within half an hour of the robbery.

tab says:

Sorry, but this is a little bit like copyright, and also similarly unenforceable. It doesn’t matter what countrys’ laws say, the laws of physics rule. If you don’t want copies of information spread further, don’t share a copy in the first place. Simples.

You may desire to shut the barn door after the horse has bolted, whether for noble-sounding (privacy) or terrible (copyright monopoly) reasons, but the world doesn’t work that way.

John Fenderson (profile) says:

Re: Re: tab

“So, are you claiming that everyone needs to run their own email server”

This is what I’ve done for years, and I recommend it. It’s not hard. I started simply because I didn’t want to be at the mercy of a third party provider (they might go out of business, have a technical problem that causes me to lose my email or lose access to it, etc.) Now, I continue to do it to minimize being spied on both by private companies and the government.

AnonCow says:

Forget about 3rd party doctrine, I’ve never understood why it is acceptable to treat non-citizens outside of the United States by a different standard than we treat American citizens in the United States.

On what basis do we justify that they don’t qualify for the same fundamental protections as Americans? The defining sentence of our nation is “all men are created equal”, not “all citizens of the United States are created equal” and that, therefore, ALL men have inalienable rights.

Anonymous Coward says:

Yeah, right.

“…there is a legitimate claim to the idea that if I entrust you with some private information, and you decide to disclose it, that my 4th Amendment rights haven’t been violated.”

Like, if I didn’t want my doctor to disclose my private information to some government agent I wouldn’t give it to him/her in the first place, right? Yeah, I see how that works. Uh huh. Makes perfect sense.

Anonymous Coward says:

This is great, but...

While I think this is a great step in the right direction, I am still missing the part where anyone at all are saying: “we shouldn’t be doing this to our allies either. Friends don’t do that to friends”. I think it is an outrage when allies through many decades are spied upon to gain political advantage in negotiations or in meetings and then when discovered, they just shrug it off, just because they are the biggest kid in the school yard.
I know it has to begin somewhere but this is almost never mentioned.

Whatever (profile) says:

wyden does it again

Here we go again, Wyden rattling on about something but appearing to do nothing. It’s all air and grandstanding, and not much real action.

Mr Wyden, my suggestion for you: If you want to change the laws, then propose changes. Put them in front of your elected peers, and see what happens. If you want to change things, stop talking, and start doing.

Huffing and puffing doesn’t blow the house down.

Anonymous Coward says:

“but it would be nice if Congress finally realized just how truly dangerous the third party doctrine is to our privacy.”

Oh they realize it all right, and will do whatever they can to keep the doctrine intact and working exactly as planned, in order to keep those lobbied cash envelopes coming in regularly.

What you need to realize is how dangerous your privacy is to the forces of fascism, and maybe then you’ll start to understand that none of this is a coincidence.

William Merz (user link) says:

Response to the 3rd Party Doctrine/ECPA

The third party doctrine needs to define “the third party”. If the third party is a social media website such as Face Book, there should be no expectation of privacy. The old language of the Third Party Doctrine, and the Electronic Communications Privacy act allow the government to interpret these laws, and twist them in their favor. Essential these laws state, that if, I send my email through a service provider such as Yahoo! or Gmail, or even store documents in a cloud, I am delivering them to a third party, and therefore no longer protected under the fourth amendment, allowing intelligence agencies warrantless access. Communications sitting on a server after 180 days are considered “abandoned”, and in turn, personal privacy is disregarded by intelligence agencies.

While this article advocates change in favor of personal privacy, it only addresses legal issues with regards to personal privacy. It does not address employment issues. For instance, federal law allows employers to ask employees for their Facebook username and password. ( Before social websites, employers would receive and application, review it, schedule an interview, and potentially hire a new employee. If an employer is not allowed to ask any personal questions, such as, “Do you have any children?”, then how would federal law protect them from asking for a username and password? Many Face Book users only allow friends and followers to view their profiles, pictures, and posts. This also poses a security risk. If a potential employer asks for a potential new hire’s username and password, he/she is allowing a complete and total stranger to have personal access to the account, and that poses a risk for identity theft.

The solution to this issue: Create a pseudonym for any and all social media sites, and then lie when your potential new employer asks for your face book username and password.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...