The National Constitution Center has launched a new white paper series on a Twenty-First Century Framework for Digital Privacy, with some very interesting papers from none other than David Kris, Chris Slobogin, Jim Harper, and Neil Richards. The launch event is set for this Wednesday at 6:30 p.m. in Philadelphia, with a keynote by Jeffrey Rosen. (Full disclosure: I have written a paper as well.)
The papers are well worth a look. In his characteristically thoughtful form, Kris, in the piece “Digital Divergence,” moves us beyond the debate between those who claim we have entered a “golden age of surveillance”and those that warn of the government “going dark.” Both are true, he tells us. And he carefully categorizes the reasons why. It is a somewhat disheartening read.
Under his telling, both privacy and security are threatened by advances in technology. The biggest winners seem to be the more sophisticated cyber criminals who take advantage of things like fragmentation of communication tools, encryption, and crypto currencies to hide their activities, as well as the governments who are engaging in state-sponsored collaboration with black hatters. And while he suggests several common sense responses — including placing digital currency within the full scope of the otherwise applicable banking regulations, facilitating the lawful access to data across borders, and expanded warrant requirements for location data — he rightly notes that many of the possible responses require hard choices. The paper does not pick and choose between the possible solutions, but does an excellent job of laying out the privacy and security interests at stake, explaining how the same technology can yield divergent responses (i.e., both increasing and decreasing privacy simultaneously) and outlining possible policy choices in response. As Kris put it in a summary discussion on Lawfare, the goal is to “find the win-win solutions when we can, and otherwise strike the best balance available.
In “Administering the Fourth Amendment in the Digital Age,” Jim Harper directs us to the long-neglected reasoning of Justice Pierce Butler, who dissented alongside the more famous Justice Louis Brandeis in Olmstead v. United States. Harper argues that the “reasonable expectation of privacy” test depends too much on judges’ social pronouncements and it’s failing in the modern age. Harper says that Butler got it right when he focused on property rights in Olmstead — the fact that the “exclusive use of the wire belong[ed] to the persons served by it.” Building on Price’s analysis, Harper defines a seizure as any invasion of property rights, which he defines as encompassing the right to possess property, the right to use it, and the right exclude others. And he defines a search as exposing concealed things with the purpose of finding something—thereby bringing things like the use of drug-sniffing dogs, and the government’s movement of papers to expose a VIN, within the definition of a search. Under Harper’s analysis, Internet communications, use of facial recognition technology, and aerial surveillance are all covered by the Fourth Amendment; the question then becomes whether the relevant governmental activity is reasonable. As he puts it, the analysis shifts the focus to attention on the “reasonableness of government action rather than the reasonableness of private defendant’s privacy protections” – and in so doing “help[s] the U.S. Supreme Court preserve the degree of privacy people enjoyed at the Framing.”
Richards tackles the growing problem of secret government searches – such as when law enforcement compels production of a target’s emails from a service provider and simultaneously obtains a gag order indefinitely prohibiting the service provider from giving its customer notice of the search. (Microsoft is challenging these gag orders in a lawsuit in the Western District of Washington; although the court recently dismissed the Fourth Amendment challenge, it has permitted Microsoft’s First Amendment challenge to proceed.) Richards argues that these practices infringe upon both the Fourth and First Amendment. And he urges several changes in doctrine to first, ensure that such searches of our data are in fact defined as searches and covered by the Fourth Amendment, and second, to curtail the scope of such secrecy.
In Policing and the Cloud, Slobogin calls for a nuanced regime governing searches of the cloud – with regulations depending on the kind of collection that is taking place. He describes five different kinds of governmental collection: targeted searches for information about a known suspect; profile searches designed to identify potential suspects (i.e., predictive policing); searches that start with details about a crime and then try to find a suspect; programmatic collection of data, such as the telephony metadata program; and voluntary disclosures of data from service providers to the government. Each of these, he argues, requires its own distinct regulatory regime. And while I disagree with some of what Slobogin recommends, his categorization of the issues is both thoughtful and thought-provoking, as well as a good reminder of the need for nuanced policy solutions that account for the various forms of surveillance that are taking place.
I, too, have a paper in the series, focused on the topic of law enforcement access to data across borders. I am also testifying on the issue at a Senate Judiciary Committee hearing on Wednesday, so will have more to say on that topic then.
And for anyone in the Philly area, hope you can make it on Wednesday!