Guest blog post written by Mark Rasch, U.S. Public Policy Council member
The Supreme Court has always had to consider the impact of new technologies on both individuals’ expectations of privacy and ultimately on their rights to be free from “unreasonable” searches and seizures under the Fourth Amendment. When the telephone was invented, the court had to consider whether listening in on a phone call was a “search” and seizure — since nothing was “seized” the court initially concluded it was not, but later reversed itself. When airplanes were used to fly over people’s houses, or cameras to take pictures of them the court had to consider peoples privacy rights in their own backyards (they have none if the plane is at a “lawful altitude.”) The court has had to consider whether the use of canine technology (a dog sniff) violates privacy rights (airports, OK, traffic stops, OK, at your doorstep, not so much). The court also considered whether the cops can peer into your home with technology (NO for infrared sensors), or follow your movements when you drive (YES with a beeper, NO with GPS installed without a warrant on your bumper, MAYBE with a cell phone).
In the waning days of its term in June, the Court considered the circumstances under which the police can search the cell phone of a person arrested. Under the doctrine of “search incident to a lawful arrest” the cops wanted the authority to conduct as invasive and detailed a search of an arrestee’s cell phone as it could conduct for example of a briefcase in the arrestee’s possession. Just because a cell phone might carry more information, well, that’s your problem for carrying all that data with you.
The Supreme Court unanimously disagreed. While the Court addressed the purposes and scope of the “search incident” doctrine (to protect the cops, and ensure that evidence is not destroyed, and possibly because people arrested have lower privacy rights) the Court found that cell phones were no ordinary container. In fact, the Court said that it wasn’t accurate to call them cell phones — they were really hand-held computers. And not all the data to be “searched” incident to an arrest would be on the phone either — the phone can act as a portal to data stored elsewhere — on a Facebook or Twitter server, a cloud device, or anywhere else. This is much more invasive that just checking out someone’s wallet for a razor blade or betting slips.
What is significant about the decision is not just that the Court recognized that technological advances can impact privacy rights, but also that quantitative changes can create a qualitative impact. There is a huge difference between being able to read a message of mine, or a Facebook posting of mine, and being able to see everything I have ever done. There’s a difference between being able to follow me in a car and know where I am going, and being able to track every place everyone has ever been — and where they are now. Privacy rights are collective, temporal, proximate, and combined. And so is erosion of them. When the Atlanta father was arrested for leaving his child in a car seat on a hot day to die, and the police indicated that his browser history indicated that he had researched leaving a child in a hot car, my question was “when?” A browser history search for a few weeks or months ago is reasonable and relevant. But data may be kept (at least by someone) for decades. The fact that the father may have looked up something of interest to the police years or decades ago is no longer relevant. In fact, after the Atlanta case, I also looked up kids in hot cars (well, actually cases in which people had been convicted or acquitted for kids in hot cars). God forbid this search history becomes relevant later on.
The Court has a long way to go. It will be forced to consider issues like privacy right with respect to drones and micro-drones, cell phone location services, third party doctrine, crowdsourcing, cloud, data aggregation, big data, and how the Internet acts and does not act as a “public space.” But the Founding Fathers never considered a pay phone either. The fact that a unanimous court accepted the fact that a phone is not just a container is heartening. The fact that they had to, not so much.
Mark Rasch is a member of the ACM U.S. Public Policy Council. He is an attorney and author, working in the areas of corporate and government cybersecurity, privacy, and incident response. He is the former Vice President, Deputy General Counsel, and Chief Privacy and Data Security Officer for SAIC.