Part I. Definitions
Standard 25-1.1. Definitions
For purposes of these standards:
(a) “Emergency aid” is government conduct intended to eliminate or mitigate what is reasonably believed to be imminent danger of death or serious physical injury.
(b) “Exigent circumstances” are circumstances in which there is probable cause to fear imminent destruction of evidence or imminent flight.
(c) The “focus of a record” is the person or persons to whom the information in a record principally relates.
(d) “Law enforcement” means any government officer, agent, or attorney seeking to acquire evidence to be used in the detection, investigation, or prevention of crime.
(e) An “institutional third party” is:
(i) any nongovernmental entity, including one that receives government funding or that acquires information from government sources; and
(ii) any government institution functioning in a comparable capacity, such as a public hospital or a public university.
(f) A “politically accountable official” is an upper-level law enforcement official or, in the case of a civil investigation, a civil equivalent, who is either elected or appointed by an elected official, or who is specifically designated for this purpose by an elected or appointed official.
(g) A “record” contains information, whether maintained in paper, electronic, or other form, that is linked, or is linkable through reasonable efforts, to an identifiable person. A “de-identified record” contains information that is not so linkable.
Part II. Scope
Standard 25-2.1. Scope
These standards relate to law enforcement investigatory access to, and storage and disclosure of, records maintained by institutional third parties. These standards do not relate to:
(a) access to records for purposes of national security;
(b) access to records after the initiation and in the course of a criminal prosecution;
(c) access to records via a grand jury subpoena, or in jurisdictions where grand juries are typically not used, a functionally equivalent prosecutorial subpoena;
(d) access to records from an individual not acting as an institutional third party;
(e) acquisition of information contemporaneous with its generation or transmission;
(f) an institutional third party:
(i) that is a victim of crime disclosing information that is evidence of that crime or that is otherwise intended to protect its rights or property; or
(ii) deciding of its own initiative and volition to provide information to law enforcement.
Standard 25-2.2. Constitutional floor
A legislature or administrative agency may not authorize a protection less than that required by the federal Constitution, nor less than that required by its respective state Constitution.
Part III. General Principles
Standard 25-3.1. Records available
Institutional third parties maintain records ranging from the most mundane to those chronicling the most personal aspects of people’s lives, and when those records are stored digitally, access and distribution costs are diminished. These records include such things as the content of communications; medical diagnoses, treatments, and conditions; Internet browsings; financial transactions; physical locations; bookstore and library purchases, loans, and browsings; other store purchases and browsings; and media viewing preferences.
Standard 25-3.2. Need for records access
Obtaining records maintained by institutional third parties can facilitate, and indeed be essential to, the detection, investigation, prevention and deterrence of crime; the safety of citizens and law enforcement officers; and the apprehension and prosecution of criminals; and can be the least confrontational means of obtaining needed evidence.
Standard 25-3.3. Implications of records access
Law enforcement acquisition of records maintained by institutional third parties can infringe the privacy of those whose information is contained in the records; chill freedoms of speech, association, and commerce; and deter individuals from seeking medical, emotional, physical or other assistance for themselves or others.
Standard 25-3.4. Need for regulation
Legislatures, courts that may act in a supervisory capacity, and administrative agencies should therefore carefully consider regulations on law enforcement access to and use of records maintained by institutional third parties. These standards provide a framework for that consideration.
Part IV. Categorization of Information and Protection
Standard 25-4.1. Categories of information
Types of information maintained by institutional third parties should be classified as highly private, moderately private, minimally private, or not private. In making that determination, a legislature, court, or administrative agency should consider present and developing technology and the extent to which:
(a) the initial transfer of such information to an institutional third party is reasonably necessary to participate meaningfully in society or in commerce, or is socially beneficial, including to freedom of speech and association;
(b) such information is personal, including the extent to which it is intimate and likely to cause embarrassment or stigma if disclosed, and whether outside of the initial transfer to an institutional third party it is typically disclosed only within one’s close social network, if at all;
(c) such information is accessible to and accessed by non-government persons outside the institutional third party; and
(d) existing law, including the law of privilege, restricts or allows access to and dissemination of such information or of comparable information.
Standard 25-4.2. Categories of protection
(a) The type of authorization required for obtaining a record should depend upon the privacy of the type of information in that record, such that: records containing highly private information should be highly protected, records containing moderately private information should be moderately protected, records containing minimally private information should be minimally protected, and records containing information that is not private should be unprotected. If a record contains different types of information, it should be afforded the level of protection appropriate for the most private type it contains.
(b) If the limitation imposed by subdivision (a) would render law enforcement unable to solve or prevent an unacceptable amount of otherwise solvable or preventable crime, such that the benefits of respecting privacy are outweighed by this social cost, a legislature may consider reducing, to the limited extent necessary to correct this imbalance, the level of protection for that type of information, so long as doing so does not violate the federal or applicable state constitution.
Part V. Access to Records
Standard 25-5.1. Consent
Law enforcement should be permitted to access by particularized request any record maintained by an institutional third party if:
(a) the focus of the record has knowingly and voluntarily consented to that specific law enforcement access;
(b) the focus of the record has knowingly and voluntarily given generalized consent to law enforcement access, and
(i) the information in the record is unprotected or minimally protected;
(ii) it was possible to decline the generalized consent and still obtain the desired service from the provider requesting consent, and the focus of the record had specifically acknowledged that it was possible; or
(iii) a legislature has decided that in a particular context, such as certain government contracting, generalized consent should suffice for the information contained in the record; or
(c) the record pertains to a joint account and any one joint account holder has given consent as provided in subdivision (a) or (b).
Standard 25-5.2. Types of authorization
When authorization for accessing a record is required pursuant to Standard 25-5.3, it should consist of one of the following, each of which must particularly describe the record to be obtained:
(a) a court order, based upon:
(i) a judicial determination that there is probable cause to believe the information in the record contains or will lead to evidence of crime;
(ii) a judicial determination that there is reasonable suspicion to believe the information in the record contains or will lead to evidence of crime;
(iii) a judicial determination that the record is relevant to an investigation; or
(iv) a prosecutorial certification that the record is relevant to an investigation.
(b) a subpoena, based upon a prosecutorial or agency determination that the record is relevant to an investigation; or
(c) an official certification, based upon a written determination by a politically accountable official that there is a reasonable possibility that the record is relevant to initiating or pursuing an investigation.
Standard 25-5.3. Requirements for access to records
(a) Absent more demanding constitutional protection, consent pursuant to Standard 25-5.1, and emergency aid and exigent circumstances pursuant to Standard 25-5.4; and consistent with the privilege requirements of Standard 5.3(c); law enforcement should be permitted to access a record maintained by an institutional third party pursuant to the following authorization:
(i) a court order under 5.2(a)(i) if the record contains highly protected information;
(ii) a court order under 5.2(a)(ii) [5.2(a)(iii) or 5.2(a)(iv)] if the record contains moderately protected information; or
(iii) a subpoena under 5.2(b) if the record contains minimally protected information.
(b) If the record contains highly protected information, a legislature, a court acting in its supervisory capacity, or an administrative agency could consider more demanding restraints for access to the record, such as additional administrative approval, additional disclosure, greater investigative need, or procedures for avoiding access to irrelevant information.
(c) The protections afforded to privileged information contained in records maintained by institutional third parties and the responsibilities of privilege holders to assert those privileges are those provided by the law applicable in the jurisdiction in which privilege is asserted. The jurisdiction in which law enforcement obtains documents may impose obligations on both institutional third parties to protect what might be privileged information and on law enforcement with respect to the access to, and storage and disclosure of, such information.
(d) Law enforcement should be permitted to access unprotected information for any legitimate law enforcement purpose.
(e) Law enforcement should be permitted to substitute a more demanding authorization for a required lesser authorization.
Standard 25-5.4. Emergency aid and exigent circumstances
Law enforcement should be permitted to access a protected record for emergency aid or in exigent circumstances pursuant to the request of a law enforcement officer or prosecutor. As soon as reasonably practical, the officer or prosecutor should notify in writing the party or entity whose authorization would otherwise have been required under Standard 25-5.3.
Standard 25-5.5. Redacted access to records
Legislatures, courts that may act in a supervisory capacity, and administrative agencies should consider how best to regulate:
(a) law enforcement access when only some information in a record is subject to disclosure; and
(b) the use and dissemination of information by law enforcement when a third party provides more information, including more protected information, than was requested.
Standard 25-5.6. De-identified records
(a) Notwithstanding any other provision of this Part, law enforcement should be permitted to access an appropriately inclusive body of de-identified records maintained by an institutional third party pursuant to an official certification.
(b) A de-identified record should be linked to an identifiable person only if law enforcement obtains the authorization required under Standard 25-5.3 for the type or types of information involved. The showing for this authorization may be based on a profile or algorithm.
Standard 25-5.7. Notice
(a) If the accessed record is unprotected or minimally protected, law enforcement should not be required to provide notice of the access.
(b) If the accessed record is highly or moderately protected, law enforcement should provide notice of the access to the focus of the record, and this notice should generally occur within thirty days after acquisition.
(c) The court that authorizes access to the record, or in the case of emergency aid or exigent circumstances the court that would otherwise have been required to authorize access to the record, may delay notice for a specified period, or for an extension thereof, upon its determination that:
(i) there is a reasonable belief that notice would endanger life or physical safety; would cause flight from prosecution, destruction of or tampering with evidence, or intimidation of potential witnesses; or would otherwise jeopardize an investigation; or
(ii) the delay is necessary to comply with other law.
(d) When a court authorizes delayed notice pursuant to Standard 5.7(c), the court may also prohibit the third party from giving notice during that specified period. If law enforcement obtains a record for emergency aid or in exigent circumstances, a law enforcement officer or prosecutor may by written demand prohibit the third party from giving notice for 48 hours.
(e) When protected de-identified records are accessed, notice should be provided to the [general public] [legislature] and should generally occur [prior to] [after] acquisition.
(f) Upon request, a court should be permitted to eliminate or limit the required notice in a particular case where it would be unduly burdensome given the number of persons who must otherwise be notified, taking into consideration, however, that the greater number of persons indicates a greater intrusion into privacy.
Part VI. Retention, Maintenance, and Disclosure of Records
Standard 25-6.1. Retention and maintenance
(a) Protected records lawfully obtained from an institutional third party in the course of law enforcement investigation should be:
(i) reasonably secure from unauthorized access; and
(ii) other than as authorized under Standard 25-6.2, accessed only by personnel who are involved in the investigation for which they were obtained and only to the extent necessary to carry out that investigation.
(b) Moderately and highly protected records should in addition be:
(i) subject to audit logs recording all attempted and successful access; and
(ii) destroyed according to an established schedule.
(c) All de-identified records in the possession of law enforcement for which the linkage described in Standard 5.5(b) is not obtained should be destroyed upon conclusion of the investigation and any prosecution and appeals.
(d) If a law enforcement agency disseminates internal regulations pursuant to this Standard, those regulations should be publicly distributed.
Standard 25-6.2. Disclosure and dissemination
Law enforcement should not disclose protected records to individuals and entities not involved in the investigation for which they were obtained except in the following circumstances:
(a) Disclosure in the case or cases investigated, pursuant to rules governing investigation, discovery and trial;
(b) Disclosure for purposes of other government investigations, including parallel civil investigations, unless prohibited by law, and except that such disclosure to another government agency should require official certification or, in the case of emergency aid or exigent circumstances, the request of a law enforcement officer or prosecutor;
(c) Disclosure with appropriate redaction for purposes of training, auditing, and other non-investigatory legitimate law enforcement purposes only upon a written determination by a politically accountable law enforcement official that the access is in furtherance of a legitimate law enforcement purpose;
(d) Disclosure of identification records of wanted or dangerous persons and stolen items upon the request of a law enforcement officer or prosecutor; and
(e) Other disclosures only if permitted by statute or upon a finding of a court that the public interest in such disclosure outweighs the privacy of the affected parties.
Part VII. Accountability
Standard 25-7.1. Appropriate sanctions
The legislature should provide accountability for the provisions governing access to and storage and disclosure of records maintained by institutional third parties via appropriate criminal, civil, and/or evidentiary sanctions, and appropriate periodic review and public reporting.
REPORT
Background
Approximately forty years ago, the American Bar Association (“ABA”) published the initial volumes of its Criminal Justice Standards.[1] One of those initial standards was that relating to Electronic Surveillance, providing detailed guidelines for the interception of the contents of private communications.[2] Now in its Third Edition,[3] those standards guide access to telephone, e-mail, and oral communications legally governed by the federal Wiretap Act,[4] the federal Stored Communications Act,[5] and related state laws. More recently, in 1999, the promulgated a “Section B” relating to Technologically-Assisted Physical Surveillance (“TAPS”).[6] Those standards guide law enforcement physical surveillance that is technologically enhanced, divided into the four categories of video surveillance, tracking devices, illumination and telescopic devices, and detection devices.
For some time, the has planned to fill a gap in these existing standards. In the words of the commentary to the Electronic Surveillance Standards,
[E]ven though the revised Standards govern the interception of the contents of private communications, they [do] not address the capture of transactional data relating to such communications. Thus, as in its previous editions, the Standards do not consider under what circumstances law enforcement should be permitted to use pen register or trap and trace devices. Similarly, they do not consider when law enforcement should have access to the routing information that directs and accompanies electronic mail as it is transmitted from the sender to the recipient. The [Standards do not address] . . . these subjects, not because they were unworthy of consideration, but rather because access to such transactional data raises issues more appropriately the subject for a separate set of standards that make comprehensive recommendations for “transactional surveillance.”[7]
Thus, in 2007, the Section created a Task Force on Transactional Surveillance.[8] One of the Task Force’s first responsibilities was to understand its commission. While some of us were accustomed to using the term “transactional information” to refer to non-content communication routing information like that described above, the commentary to the Electronic Surveillance Standards goes on to assert that
[s]uch [transactional] standards could consider not only access to transactional data relating to communications, but other types of real-time transactional surveillance as well, for example, real-time surveillance of the movement of a cell phone or of a car traveling along an electronic toll road. Because the issues are closely related, such standards could also consider the appropriate rules for access to and disclosure of historical transactional records (e.g., credit card records, frequent flier program records, or photographs of vehicles leaving airports).[9]
While it makes sense to typically equate standards governing real-time and historic access, it is less clear whether the location of a vehicle is “transactional,” and whether that inquiry is even necessary or meaningful outside of the communications context.
Moreover, the TAPS Standards not only address real-time location tracking, but they use the term “transactional surveillance” in a different sense:
Physical surveillance involves observation or detection of activities, conditions, locations, or objects. It is to be distinguished from communications surveillance, which entails interception of conversations and other communications . . . . It should also be distinguished from transactional surveillance, or the accessing of recorded transactions, a topic which may eventually be the focus of subsequent standards.[10]
After initial deliberations, the Task Force decided to work on this “recorded” sense of “transactional surveillance,” and thus renamed itself, ultimately, as the Task Force on Law Enforcement Access to Third Party Records. In other words, these standards would relate to law enforcement acquisition, use, and storage of existing records in the hands of a third party, such as a bank, hospital, or Internet service provider.
After two and a half years of work, including eight meetings, the Task Force produced a set of draft standards. However, despite considerable iterations of compromise, consensus in determining the level of privacy and the protection appropriate for particular categories of records proved impossible.[11] Nevertheless, the Criminal Justice Standards Committee decided to press forward, and after a year of work, including four meetings and further compromises that resulted in a host of substantive changes, the members of the Committee unanimously endorsed the proposed standards that were then submitted to the Criminal Justice Council. As revised by the Committee, the Standards set forth criteria for and guidance in making the necessary determinations, while leaving those determinations to the responsible decision-making bodies.
The Standards were further revised during two readings of the Criminal Justice Council, and were approved during the second reading on October 29, 2011.
Need for Standards
Government access to third party records is not a novel topic. Indeed, law enforcement seeking evidence of crime in records maintained by nongovernmental institutions is surely among the most important and common investigatory activities. The federal government and all fifty states regulate government access to and use of certain types of record information.[12] Every criminal procedure student learns the series of relevant Fourth Amendment cases from the 1960s to 1980s.[13] But because the federal constitutional regulation has been slight, and because other regulation has occurred in an ad hoc manner, there is no existing framework via which legislatures, courts acting in their supervisory capacities, and agencies can make the difficult decisions regarding what records should be protected and the scope of such protection.
Moreover, with the maturation of digital storage technologies and virtually costless distributions, we now live in a world of ubiquitous third party information. Although data can of course be scrubbed and is routinely overwritten, it is nonetheless difficult to overstate the magnitude of information that now resides with third parties, from our shopping preferences (residing with our credit and debit card providers and individual stores), to our communications (residing with our service providers and other intermediaries), to our health information (residing with doctors, pharmacies, hospitals, and insurance companies), to our viewing habits (residing with our cable and Internet providers), to our very location (residing with our mobile phone providers and toll tag operators).
Whole categories of data are stored that never were before. Not long ago, if a customer made a purchase with cash, a bookstore often would have made no individualized record of what was bought. Similarly, a library would have recorded only the materials ultimately checked out. But when we browse online, including bookstores and libraries, multiple service providers might record every article, picture, book and video that we peruse. Whereas in a store purchase in an earlier day a clerk might recognize or remember a face and some of the items purchased, today when we purchase with “discount” or “customer loyalty” cards, the store records everything purchased, no matter the location or time of sale. If we purchase online, the store might record everything we even consider purchasing.[14] Whereas one used to anonymously pick up the broadcast television signal with an antenna, today our provider often knows what we watch and when. Whereas we used to store computer files on our home computers, many now store them instead on third party servers, taking advantage of so-called “cloud computing.”
These trends have critical implications for both law enforcement and privacy. Access to such records prevents and detects crimes as diverse as kidnapping (phone records), public corruption and organized crime (bank records), and child sexual assault (Internet records). Even a seemingly “routine” street crime might depend upon records access for resolution, as when hospital admission records allow police to discover who might have been involved in a recent shooting, or when toll tag records allow police to learn the culprit in a fatal hit-and-run. Moreover, records access permits law enforcement to prevent or punish private access that is itself harmful and criminal, such as identity theft and computer hacking.
When evidence is available via third party records, records access has the additional benefit of not risking a physical confrontation with the target. When police enter a home or otherwise seek to forcibly obtain information directly from a suspect, there is always a threat of violence and therefore of harm either to the police, to bystanders, or to the suspect him- or herself. The ability to obtain evidence from a neutral third party eliminates this risk. Similarly, while a prosecutor might subpoena records from a suspect, that risks their destruction despite the threat of criminal liability for obstruction. Once again, third party records access largely eliminates that risk.
Of course, such law enforcement access implicates privacy. At information privacy’s core is an ability to control what information about you is conveyed to others, and for what purposes.[15] American norms of limited government and principles of freedom of speech and association thus require that law enforcement records access be regulated. Courts, legislatures, and administrative agencies are struggling to determine when law enforcement access to medical records, location, and other information should be permissible,[16] and the draft standards provide a framework via which they can bring greater consistency to existing law, and, where necessary, frame new law that accounts for changing technologies and social norms, the needs of law enforcement, and the interests of privacy, freedom of expression, and social participation.
Scope of the Standards
The draft standards relate to law enforcement investigatory access to, and storage and disclosure of, records maintained by institutional third parties. In other words, they address government agents seeking to acquire evidence from existing records to be used in the detection, investigation, or prevention of crime.
The standards do not address access for purposes of national security. Although access to records can be critical to keeping our country safe from foreign attack, and such access can also be abused, these standards follow the lead of previous standards in not addressing records acquisition intended to acquire information concerning a foreign power or an agent thereof.[17] This would include not only information directly relating to such a foreign agent, but information relevant to a legitimate investigation of such agent.[18] If information is lawfully gathered for a national security purpose, these standards do not imply any limitation on its use in a criminal investigation. Again, they simply do not address access for purposes of national security.
The standards also do not address records access for purposes of civil investigations, nor for criminal prosecutions. These standards regulate investigatory law enforcement access, not access following the initiation and in the course of a criminal prosecution. Once adversary judicial proceedings have commenced, there are constitutional guarantees to counsel and judicial oversight that do not exist prior to formal charge.
In order to give deference to the historically favored status of grand juries, the standards also do not address records access via a grand jury subpoena. In many jurisdictions where investigative grand juries are not typically used, there is a comparable history of using functionally equivalent prosecutorial subpoenas in their place. These too are therefore carved out of the standards.
The standards also do not address records access from an individual not acting as a business entity. Not only does such an individual have an autonomy interest in choosing to share information with law enforcement, but the motivating concern of these standards is the much more significant threat to privacy in the ever-increasing amounts of information contained within systems of records maintained by entities.
Finally, the standards do not address acquisition of information contemporaneous with its generation or transmission (e.g., a wiretap), as such real-time access is already the province of other standards.
A Comment on the Fourth Amendment
Although the Fourth Amendment “third party doctrine” is complicated and contested, in a series of cases beginning in the 1960s and continuing into the 1980s, the Supreme Court developed the doctrine that one typically retains no federal constitutional reasonable expectation of privacy in information conveyed to a third party.[19] Of course, the doctrine is not absolute, as the Court granted constitutional protection to the contents of telephone conversations conveyed to a third party provider,[20] and lower federal courts have therefore granted constitutional protection to reading preferences,[21] medical information,[22] and electronic mail.[23] Most recently, the Supreme Court urged caution:
Th[is] Court must proceed with care when considering the whole concept of privacy expectations in communications made on electronic equipment . . . . The judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear. . . . Rapid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepts as proper behavior. . . . At present, it is uncertain how workplace norms, and the law’s treatment of them, will evolve. . . . Cell phone and text message communications are so pervasive that some persons may consider them to be
essential means or necessary instruments for self-expression, even self-identification. That might strengthen the case for an expectation of privacy.[24]
Fortunately, it is not necessary for purposes of these standards to answer these constitutional questions. Although decision makers will of course be bound by constitutional decisions,[25] the standards do not purport to interpret the federal constitution nor any state equivalent, nor the many statutes and administrative regulations that regulate law enforcement access to third party records. They instead carefully consider all of these, and other sources, in providing a framework via which decision makers, including legislatures, courts acting in their supervisory capacities, and administrative agencies, can answer such questions, thereby thoughtfully and consistently regulating government access to third party records.
Organization of the Standards
Part I provides definitions used throughout the standards. The contents of Parts II and III were described above: Part II delimits the standards’ scope, and Part III articulates the general governing principles. Parts IV, V, and VI then provide the substantive recommendations, Part IV governing the categorization and protection of information, Part V the access to records, and Part VI record retention, maintenance, and disclosure following that access. Part VII then provides accountability for those substantive recommendations.
In many ways, Part IV is the heart of the standards. A decision maker, often a legislature but also potentially a court acting in its supervisory capacity or an administrative agency,[26] first determines the level of privacy for a given category of information.[27] For example, should records of banking transactions be considered highly private, moderately private, minimally private, or not private? The standards provide four important criteria that should be considered in making this determination, in addition to considering the relevance of present and developing technology.[28] The standards do not, however, suggest a particular answer, thus respecting local circumstances, changing needs, and the necessarily difficult nature of this inquiry.
Once this degree of privacy is determined, it sets a threshold level of protection: highly private records are highly protected, moderately private records are moderately protected, etc.[29] Absent consent, emergency aid, or exigent circumstances; consistent with the law of privilege;[30] and absent any greater constitutional protection; law enforcement should be permitted to access a highly protected record via a warrant or, if the legislature or other decision maker so chooses, a court order supported by reasonable suspicion.[31] For moderately protected information, access should require a court order supported by reasonable suspicion or, if the legislature or other decision maker so chooses, a judicial authorization supported by relevance or issued pursuant to a prosecutorial certification.[32] Access to minimally protected information should require a prosecutorial or agency determination of relevance.[33] And access to unprotected information is permissible for any legitimate law enforcement purpose.[34]
Although the privacy of a category of records alone sets this threshold, there may be circumstances in which that threshold makes it too difficult to solve crime. In that case, the legislature or other decision maker should reduce the level of protection accordingly.[35] The standards also provide for access to inclusive bodies of de-identified records (that is, records not linkable through reasonable efforts to an identifiable person) upon which law enforcement has reason to conduct data mining.[36] Finally, if the record is highly or moderately protected, but not if it has a lesser level of protection, law enforcement should typically ultimately provide notice to the focus of the record, but that notice can be, and often will be, delayed.[37]
In hindsight, these standards may seem merely good common sense, but it must be stressed that currently there are no standards guiding legislatures and other deliberative bodies in making these decisions, necessarily resulting in ad hoc and inconsistent determinations.
Examples
For a hypothetical, consider a local park on a summer evening. Later estimates are that approximately thirty persons were present. At 6:45 pm, the 911 dispatcher receives a cellular call from an unidentified male reporting that “a girl is shot and hurt real bad at Shadyside,” the name of the park, after which the caller hangs up. Police begin to arrive by 7:00, but most of the crowd has dispersed. A young woman in jogging clothes is found dead from what is later determined to be a single gunshot wound to the head. Forensics recover numerous rounds of ammunition from the surrounding area, representing several different caliber firearms. Those who remain are questioned by police, but all claim not to have seen anything more detailed than “a bunch of people shooting and screaming.”
One person of interest is the 911 caller: even if a mere bystander, he was close enough to know that the victim was female, and might therefore have further information of interest. It would be helpful to know not only his identity, in order to locate him, but also from where the call originated and with whom he communicated near the time of the shooting.
The 911 call center will have automatically recorded an incoming phone number. With that number, the service provider – whether it be AT&T, Sprint, Verizon, or another – will typically be able to provide the desired information.[38] What should be required of law enforcement in
order to obtain that information? According to Standard 25-4.1, the first question is how private is the desired information. In other words, is a subscriber’s identity highly private, moderately private, minimally private, or not private? What about the telephone numbers of those whom he called? And what about his geographic location, determined if nothing else by his proximity to a particular cell tower at the time of the call?
These can be difficult questions, but the standards provide four factors a decision maker should use in this determination. It should be stressed that this determination will have been made by a legislature, administrative agency, or court. It is not an officer on the beat who would be considering these factors. The factors are the extent to which:
(a) the initial transfer of such information to an institutional third party is reasonably necessary to participate meaningfully in society or in commerce, or is socially beneficial, including to freedom of speech and association;
(b) such information is personal, including the extent to which it is intimate and likely to cause embarrassment or stigma if disclosed, and whether outside of the initial transfer to an institutional third party it is typically disclosed only within one’s close social network, if at all;
(c) such information is accessible to and accessed by non-government persons outside the institutional third party; and
(d) existing law, including the law of privilege, restricts or allows access to and dissemination of the information or of comparable information.[39]
Without going into great detail – and keep in mind the standards do not purport to answer this question for legislatures or other deliberative bodies – this limited information, including location at one particular time, might be minimally private. Consider the telephone numbers of those called. On the one hand, telephone conversations have long furthered the freedoms of expression and association, and they seem necessary to participate meaningfully in society.[40] And while they are not as personal as the communications themselves, call records alone form a sort of “virtual biography” in that we are in some sense defined by the entirety of the persons to whom we communicate.[41] And federal law not only restricts law enforcement access to call records,[42] but also public provider voluntary dissemination of those rrecords,[43] and criminalizes fraudulent access by a private person.[44]
So, call records would not be considered “not private.” But neither do they seem highly private, as would be the communications contents themselves. So, call records would seem either to be moderately or minimally private, and given the substantive measure of existing protections, and the records’ intimacy, perhaps a legislature or other decision maker would consider them minimally private. The threshold would then be that call records are minimally protected, meaning they could be accessed if a prosecutor considers them relevant to the investigation, which he or she certainly would on these facts.
If the police are thereafter interested in a particular conversation that occurred immediately after the 911 call – perhaps because it would disclose further details of the incident and of the caller’s involvement therein – and if that conversation was recorded by the service provider (e.g., a voicemail), using the same criteria a legislature might deem the content of communications to be highly protected, in which case law enforcement should need either a warrant supported by probable cause or a grand jury subpoena. Although there is no such indication on these facts, if there were reason to believe that another life was in imminent peril, that content should be accessible via the request of a law enforcement officer or prosecutor.[45] Of course, if a relevant constitutional provision has been interpreted to require a certain restraint, a legislature should not purport to permit access upon a lesser restraint.[46]
Once police have the name of the caller, if they believe he is potentially involved they might want to learn more about him via any Internet postings, such as those on Facebook,[47] Twitter,[48] and Myspace.[49] So long as the desired content is publicly available on those sites, application of the four factors would almost surely render it not private and therefore unprotected. It could therefore be accessed by an officer for any legitimate law enforcement purpose.[50]
Police would also want to obtain relevant hospital admission records near the time of the shooting in case anyone else was wounded by the gunfire. Even if medical diagnosis and treatment records might generally be highly protected, such protection for hospital admissions records relating to gunshot wounds is likely to unacceptably interfere with the investigation of crime. In that case, a legislature or other decision maker should reduce the level of protection, including potentially making such information subject to a mandatory reporting law.[51]
What about providing notice to those whose records are obtained? So long as the information is minimally protected, the standards recommend that no notice be required.[52] Were notice required, Standard 25-5.7(b) would permit 30 days within which to provide that notice, and Standard 25-5.7(c) would permit delaying that notice upon reasonable belief that it would jeopardize an investigation, including causing flight from prosecution or tampering with evidence.
Looking ahead, what if another police department in a neighboring jurisdiction experiences a similar shooting, and wants to obtain the records gathered in the first investigation? Regardless of how private are the records, Standard 25-6.2(b) permits access upon official certification, or upon the request of an officer or prosecutor in an emergency or during exigent circumstances. An official certification requires that a politically accountable official put in writing that the record is considered relevant to initiating or pursuing an investigation.[53]
The operation of the standards is the same for more modern informational crimes. If a bank account holder reports to police that her account has been emptied, law enforcement will want to examine her account records. Although information provided by the victim would be sufficient to obtain whatever specific authorization is required by Standard 25-5.3 to access financial account and transaction records, the victim’s consent alone would be adequate according to Standard 25-5.1. It might prove necessary to examine computer logs of the bank, especially if the theft appears to be the work of a hacker. Here the customer could not effectively consent because the records do not belong to him or her, but as a victim the bank itself could consent according to Standard 25-2.1(f)(i).
Assuming a hacker has indeed transferred the funds, he or she will typically move them through several accounts in a series. If those accounts are located in a foreign country, then the necessarily more complicated international law will apply. But assuming they are all located in the , either those banks could give effective consent as victims under Standard 25-2.1(f)(i), or law enforcement could obtain the necessary authorizations under Standard 25-5.3. For example, if according to the four factors of Standard 25-4.1 the relevant legislature determined financial account and transactional records to be moderately private, pursuant to Standard 25-4.2 they would be moderately protected (assuming such a protection would not unduly cripple law enforcement). According to Standard 25-5.3(a)(ii), law enforcement access would then require a court order supported by either reasonable suspicion, relevance, or a prosecutorial certification of relevance, depending upon which a decision maker chooses to require. Here law enforcement could satisfy the higher threshold of probable cause.
Assuming the victim’s bank logged an Internet Protocol address for the hacker, or the victim’s personal computer logged such an address if it were hacked, and assuming basic subscriber information is found to be minimally protected, either a prosecutorial or administrative subpoena could be used to obtain that information from the relevant Internet service provider.[54] Of course, a hacker would typically have provided false information, but the same authorization would likely also permit learning with whom that person had communicated online,[55] potentially providing other leads. If the hacker remains active, either on the bank’s system or the victim’s
personal computer, then law enforcement might want to initiate real-time wiretapping, which is beyond the scope of these standards.[56]
Conclusion
The proposed standards recognize that the consensus concerning law enforcement access to records held by institutional third parties is still developing, but also recognize the critical need for striking the delicate balance between law enforcement’s legitimate need for access to such records and the privacy rights of the subjects of those records. By setting forth criteria to be considered in determining whether categories of records should be treated as highly private, moderately private, minimally private, or not private, and in establishing the appropriate level of protection for each category of records, they provide the framework for legislatures and other deliberative bodies to carry out this critical task.
Respectfully submitted,
Janet Levine, Chair
Criminal Justice Section
February 2012
[1] See Martin Marcus, The Making of the Criminal Justice Standards: Forty Years of Excellence, 23 Crim. Just. 10, 10 (2009).
[2] Standards for Criminal Justice, Electronic Surveillance (1st ed. 1971).
[3] Standards for Criminal Justice, Electronic Surveillance, Section A: Electronic Surveillance of Private Communications (3d ed. 2001).
[4] 18 U.S.C. §§ 2510-2522.
[5] 18 U.S.C. §§ 2701-2712.
[6] Standards for Criminal Justice, Electronic Surveillance, Section B: Technologically-Assisted Physical Surveillance (1999).
[7] ABA Standards for Criminal Justice, Electronic Surveillance, Section A, supra note 3, at 6.
[8] The Task Force consisted of eight members and several liaisons from interested organizations. Members were: the Honorable Michael Bender, Chair, Colorado Supreme Court, Denver, CO; Norman Frink, Office of Multnomah County District Attorney, Portland, OR; Samuel Guiberson, Guiberson Law Office, Houston, TX; Albert Krieger, Law Offices of Albert J. Krieger, Miami, FL; Gary Lacey, Lancaster County Attorney, Lincoln, NE; Professor Paul Ohm, University of Colorado Law School, Boulder, CO; Professor Christopher Slobogin, Vanderbilt University Law School, Nashville, TN; Professor Andrew Taslitz, Howard University Law School, Washington, DC. Liaisons were: Richard Downing, Assistant Deputy Chief, Computer Crime & Intellectual Property Section, Department of Justice; David Larson, Chief Privacy Officer, Federal Bureau of Investigation; Timothy O’Toole, National Legal Aid and Defender Association; Martin Pinales, National Association of Criminal Defense Lawyers.
[9] ABA Standards for Criminal Justice, Electronic Surveillance, Section A, supra note 3, at 6-7.
[10] ABA Standards for Criminal Justice, Electronic Surveillance, Section B, supra note 6, at 2 (emphasis omitted).
[11] Task Force members Norman Frink and Gary Lacey dissented, liaison David Larson endorsed that dissent on behalf of the FBI general counsel, and liaison Richard Downing expressed his unofficial support for that dissent.
[12] See, e.g., 9 C.J.S. Banks and Banking § 269 (summarizing restrictions on government access to bank records); Tracy A. Bateman, Search and Seizure of Bank Records Pertaining to Customer as Violation of Customer’s Rights Under State Law, 3 A.L.R.5th 453 (1995).
[13] See A Comment on the Fourth Amendment, infra.
[14] Such data, however, will often be retained for only a short period unless the provider deems continued storage financially or legally beneficial.
[15] Alan Westin’s seminal 1967 work stated this principle as follows: "Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." Alan F. Westin, Privacy and Freedom 7 (1967). See Shaktman v. State, 553 So.2d 148, 150 ( 1989) (adopting this definition). More recently Westin writes that “[m]ost definitions of privacy agree on a core concept: that privacy is the claim of an individual to determine what information about himself or herself should be known to others. This also involves when such information will be communicated or obtained and what uses will be made of it by others.” Alan F. Westin, Historical Perspectives on Privacy: From the Hebrews and Greeks to the American Republic __ [draft page 4] (forthcoming).
To Charles Fried, “[P]rivacy [i]s that aspect of social order by which persons control access to information about themselves.” Charles Fried, Privacy, 77 Yale L. J. 475, 493 (1968). One of the key themes in Samuel Warren and Louis Brandeis’s seminal 1890 article was each individual’s “right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others.” Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193, 198 (1890). Andrew Taslitz has similarly explained that: “[e]ach of us wears many masks wherein each mask reflects a different aspect of who we really are. . . . [W]e want to choose the masks that we show to others; any such loss of choice is painful, amounting almost to a physical violation of the self. When we are secretly watched, or when information that we choose to reveal to one audience is instead exposed to another, we lose that sense of choice.” Andrew E. Taslitz, The Fourth Amendment in the Twenty-First Century: Technology, Privacy, and Human Emotions, 65 Law & Contemp. Probs. 125, 131 (2002).
[16] See e.g. v. Maynard, 615 F.3d 544 (D.C. Cir. 2010) (requiring warrant for GPS surveillance); v. Pineda-Moreno, 591 F.3d 1212 (9th Cir. 2010) (disagreeing).
[17] See e.g. ABA Standards for Criminal Justice, Electronic Surveillance, Section A: Electronic Surveillance of Private Communications 5-6 (3d ed. 2001).
[18] Prior to passage of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 (2001) (the “Patriot Act”), the statutory national security carve-out was limited to information pertaining to a foreign power or an agent of a foreign power. See e.g. 18 U.S.C. § 2709(b)(1)(B) (effective October 21, 1986 to October 25, 2001) (permitting access to certain telephone records). Today, according to section 505 of the Patriot Act, the carve-out is more generous, in that the information must be “relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely on the basis of activities protected by the first amendment to the Constitution of the United States.” 18 U.S.C. § 2709(b)(1). In other words, the national security carve-out now includes telephone records of a person who is not an agent of a foreign power, so long as those records are relevant to a national security investigation of such an agent.
[19] These are the “false friend” cases of Hoffa v. United States, 385 U.S. 293 (1966), and United States v. White, 401 U.S. 745 (1971); the bank records case of United State v. Miller, 425 U.S. 435 (1976); the phone records case of Smith v. Maryland, 442 U.S. 735 (1979); the beeper cases of United States v. Knotts, 460 U.S. 276 (1983), and United States v. Karo, 468 U.S. 705 (1984); the flyover cases of California v. Ciraolo, 476 U.S. 207 (1986), and Florida v. Riley, 488 U.S. 455 (1989); the open fields case of United States v. Dunn, 480 U.S. 294 (1987); and the garbage case of California v. Greenwood, 486 U.S. 35 (1988). In the words of the ,
[we] ha[ve] held repeatedly that the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by [the third party] to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.
425 at 443.
[20] See Berger v. , 388 41 (1967); Katz v. , 389 347 (1967).
[21] See Amazon.com v. Lay, 758 F. Supp.2d 1154, 1167- 69 (W.D. Wash. 2010) (rejecting government subpoena of records documenting book, music, and movie purchases); In re Grand Jury Investigation of Possible Violation of 18 U.S.C. Section 1461, 706 F. Supp. 2d 11, 16–23 (D.D.C. 2009) (rejecting grand jury subpoena of records documenting movie purchases); In re Grand Jury Subpoena to Amazon.com Dated August 7, 2006, 246 F.R.D. 570, 572–74 (W.D. Wis. 2007) (rejecting grand jury subpoena of records documenting book purchases).
[22] See Doe v. Broderick, 225 F.3d 440 (4th Cir. 2000) (requiring a warrant to access medical/prescription records); State v. Skinner, 10 So. 3d 1212 ( 2009) (same); Commonwealth v. Riedel, 539 Pa. 172 (1994) (finding a reasonable expectation of privacy in medical records and requiring probable cause but no warrant). Cf. People v. Perlos, 436 Mich. 305 (1990) (finding no reasonable expectation of privacy).
[23] See v. Warshak, 631 F.3d 266 (6th Cir. 2010).
[24] City of v. Quon, 130 2619, 2629-30 (2010).
[25] See Standard 25-2.2.
[26] A legislature can use the standards in formulating legislation, a police department can use them in formulating administrative rules, and, where doing so is consistent with its supervisory role, a court can use them in determining “common law.”
[27] See Standard 25-4.1.
[28] See id.
[29] See Standard 25-4.2(a).
[30] See Standard 25-5.3(c).
[31] See Standard 25-5.3(a)(i).
[32] See Standard 25-5.3(b)(ii).
[33] See Standard 25-5.3(b)(iii).
[34] See Standard 25-5.3(d).
[35] See Standard 25-4.2(b).
[36] See Standard 25-5.6.
[37] See Standard 25-5.7.
[38] If the phone were an entirely prepaid one purchased with cash, obviously this might be a dead end. Because the purpose of this section is merely to demonstrate use of the standards rather than to exhaustively consider investigation of a particular crime, such nuances and many potential investigative leads will go unmentioned.
[39] Standard 25-4.1.
[40] In Katz v. United States, 389 347, 352 (1967), the Court recognized “the vital role that the . . . telephone has come to play in private communication,” and several courts have more recently recognized the same in the context of determining state constitutional protections. See People v. Chapman, 679 P.2d 62, 67 ( 1984) (“Doing without a telephone is not a realistic option for most people.”); People v. Sporleder, 666 P.2d 135, 141 ( 1983) (“A telephone is a necessary component of modern life. It is a personal and business necessity indispensable to one’s ability to effectively communicate in today’s complex society.”); State v. Hunt, 450 A.2d 952, 955-56 (N.J. 1982) (“The telephone has become an essential instrument in carrying on our personal affairs.”).
[41] See People v. DeLaire, 610 N.E.2d 1277, 1282 (Ill. App. Ct. 1993) (“[T]he [dialing] records revealed personal associations and dealings which create a ‘biography’ which should not be subject to an unreasonable search or seizure.”).
[42] See 18 U.S.C. § 2703(c)(1).
[43] See 18 U.S.C. §§ 2702(a)(3), 2702(c); 47 U.S.C. § 222.
[44] See 18 U.S.C. § 1039.
[45] See Standard 25-5.4.
[46] See Standard 25-2.2.
[47] http://www.facebook.com/ (last accessed June 1, 2011).
[48] http://twitter.com/ (last accessed June 1, 2011).
[49] http://www.myspace.com/ (last accessed June 1, 2011).
[50] See Standard 25-5.3(d).
[51] See Standards 25-4.2(b).
[52] See Standard 25-5.7(a).
[53] See Standard 25-5.2(c). “Politically accountable official” is defined in Standard 25-1.1(f).
[54] See Standards 25-4.2, 25-5.3(a)(iii). This is possible only if the government is technically able to track through the several proxies a hacker would typically use to mask the true origin of his or her communications. Once again, the purpose of this section is merely to demonstrate use of the standards, not to exhaustively consider any particular investigation.
[55] See id.
[56] See Standard 25-2.1(e).