Fourth Amendment protects people only against unreasonable searches by government
The Federal Trade Commission is poised to ban a data broker from selling sensitive location data as the Biden administration just issued an executive order to limit sensitive data sales to certain countries of concern, reported Lawfare. Yet a major customer of these data brokers is the U.S. government itself. For years, news outlets have reported on how federal and state agencies buy Americans’ data from private companies called data brokers—in mass.
These brokers purchase and aggregate users’ location data from virtually all applications. Brokers, in turn, repackage and sell geolocation data to willing buyers, including the federal and state governments. This has led to the government purchasing data on 98 million users from a prayer app, as well as tens of millions of users’ data from dating apps, mobile games, the Weather app, Google, rideshare apps, and social media apps. This data can reveal some of the most intimate information about people, from their faith, political associations and beliefs, immigration status, pregnancy status or interest in seeking an abortion, and more. A recently declassified report from the Office of the Director of National Intelligence confirms what has been known for years: Brokers sell people’s private data to the government.
Matthew Tokson describes this practice and some of the
attendant Fourth Amendment issues in
a previous Lawfare piece. Government attorneys claim agencies can
purchase data without a warrant because the data is commercially available,
meaning there can be no reasonable expectation of privacy with respect to this
data, and because users signed a terms of service waiver, meaning they
forfeited their privacy rights in the data. Tokson ably responds to both
arguments, and suggests that a reasonable expectation of privacy persists in
the data.
But commentators miss a foundational problem that puts
this practice outside the scope of Fourth Amendment protection: a government
purchase of data is not “state action” for constitutional purposes. As I argued
in the Yale
Law & Policy Review, even if users maintain a reasonable expectation of
privacy over the data transacted by data brokers, the violation of their
privacy is not cognizable under the Fourth Amendment.
The Fourth Amendment in the Information Age
The Fourth Amendment prohibits “unreasonable searches”
of people’s “persons, houses, papers, and effects.” It is the cornerstone legal
protection against warrantless surveillance and a constitutional bulwark for
privacy. The Fourth Amendment ordinarily requires law enforcement and
intelligence agencies to obtain a warrant to conduct surveillance—for example,
tracking people’s locations and wiretapping phones. As the Supreme Court has long made clear,
a “search” occurs when the government violates your “reasonable expectation of
privacy.” Thus, when the police, FBI, or CIA invade this reasonable expectation
of privacy, they (generally) must obtain a warrant.
In the 2018 Supreme Court decision Carpenter v.
United States, law enforcement agencies forced two internet service providers
to hand over detailed cell-service location information data on a robbery
suspect. The Court held that the suspect had a reasonable expectation of
privacy in these invasive geolocation records. Thus, to obtain these records,
the government needed a warrant. It stands to reason that when the federal
government and state agencies purchase equally sensitive geolocation data from
brokers, users have an equally reasonable expectation of privacy in the data
sold by brokers as that addressed in Carpenter. (And under Kyllo, even
commercially available data can be subject to a reasonable expectation of
privacy, as both Tokson and I address
elsewhere. That users signed terms-of-service waivers does not undermine
users’ expectation of privacy, either.)
So if users have a reasonable expectation of privacy
in the data sold by brokers to the government, then why did the government need
to obtain a warrant in Carpenter but need not obtain a warrant to
purchase the data?
This is because of the “state
action problem.” Axiomatically, the Fourth Amendment protects people
only against unreasonable searches by the government, not against those
conducted by purely private parties. When the Supreme Court first
articulated the “reasonable expectation of privacy” test, it made clear that
the Fourth Amendment “protects individual privacy against certain kinds
of governmental intrusion” (emphasis added). Thus, when a private
citizen or company invades your reasonable expectation of privacy, those
“invasions ... d[o] not violate
the Fourth Amendment because of their private character.” Private
searches, then, are not governed by the Fourth Amendment. (Instead, they are
governed by common law tort and state statutes.)
For the Fourth Amendment to require a warrant to
purchase your data, then, the act of buying data itself must constitute a
“search”–otherwise, there is no state action, and all that has occurred is a
private search.
To read more CLICK HERE
No comments:
Post a Comment