July 18th, 2007
Court decision poses serious privacy threat
A little Fourth Amendment law: Warrants are required when law enforcement wants to violate citizens’ reasonable expectations of privacy. The Supreme Court has held, for instance, that you have no reasonable expectation of privacy when driving a car, since you are putting yourself in public view and using public streets, but you do in a glass-enclosed phone booth on the street (at least as to your speech if not your visible activities.)
In 1986, Congress passed a law affording strict privacy protections to the contents of electronic communication but not the transactional data associated with communications. Thus, Congress felt, law enforcement should be able to get the list of phone numbers you’ve called and received without showing probable cause, but shouldn’t be able to put a wire on your calls.
But what about your Web browsing history and email headers? In contrary opinions, two federal circuit courts have come up with differing opinions about how much protections these nominally transactional records should have, Jennifer Granick of Stanford Law School notes in Wired.
In the 6th Circuit case of Warshak v. United States, federal agents obtained court approval to seize Warshak’s email but did not have probable cause to believe that Warshak was engaged in a crime. Warshak objected that he was entitled to an expectation of privacy in his email and that only a search warrant based on probable cause would suffice. The 6th Circuit agreed.
The 6th Circuit held that we do have a constitutional privacy interest in our e-mail messages, particularly in the absence of user agreements that indicate that the ISP will monitor or audit us. This expectation is reasonable even though the ISP has the technological capability of collecting the message for the government, and even though the message was sent to a third party who could have voluntarily disclosed it to officers.
The court analogized the e-mail message to a telephone call or a letter, both of which are transmitted by third parties, both of which are intended for another person and both of which are protected by the Fourth Amendment.
Oppose that with the recent ruling from the supposedly liberal 9th Circuit. In United States v. Forrester, the issue was the header information in emails - not the contents of the message - and the IP addresses of visited Web sits. The 9th Circuit said that this data was more like phone numbers than the contents of phone call and thus not protected.
Here is where the analogy to old technology breaks down, Granick says.
Yet, to/from addresses — and particularly IP addresses — are vastly more revealing than phone numbers. … An IP address tells you what content I viewed on a web page, which could include books I shopped for, information I researched, articles I read — all of which are windows into my interests, preferences, sympathies or mere curiosities.
IP addresses tell far more about what I’m thinking than telephone numbers do, and the 9th Circuit is wrong to give them cursory constitutional protection. This is especially true because there’s a seductive but mistaken temptation to think that law enforcement can predict my future behavior from what I read. A research scientist may look for bomb-making information, a news junkie may read jihadist websites. Future bad behavior cannot be inferred from nontraditional thinking.
Combine this misunderstanding of the risks of easy access to personal browsing histories and email contacts with Bush Administration proposals to require ISPs to retain data for long periods and you have, says Granick, “a digital mind reader that can trace every internet user’s thoughts and interests, and take away the security of knowing that your thoughts are your own.”
