Download a printable PDF of this article (membership required).
April 01, 2014
From The Bench: A Reasonable Expectation of Privacy
When it comes to privacy, lay understanding, legal authority, and technological reality are often in tension--what does the Fourth Amendment mean today?
Hon. Jeremy Fogel
In 2012, California’s Fair Political Practices Commission announced that it intended to make the annual financial disclosure statements of the state’s judges, all of whom are subject to some form of electoral process, available on its public website. Although an interested party otherwise would have to make an in-person or written request to obtain them, the statements already were public records, and the commission already had the authority to redact information that might endanger a judge’s security.
Many judges, however, were horrified. Both in comments to the media and later in testimony before the commission, they expressed deep concern about the potential misuse of their disclosures by unhappy litigants and others with an ax to grind. They argued that putting the disclosure statements on the website would make it too easy for such persons to act impulsively and that, conversely, requiring them to go to the courthouse or submit a written request might allow emotions to cool. Supporters of the commission’s proposal noted that even more sensitive personal information about judges, such as home addresses, can be found relatively easily on the Internet and that at least one organization—Judicial Watch—has been posting the annual disclosure statements of federal judges for years. After reaffirming its authority to redact sensitive information, the commission proceeded with its plan.
In August 2013, the U.S. District Court for the Northern District of California heard argument in In re Google Inc. Gmail Litigation, a multidistrict proceeding in which users of Google’s Gmail program claim that Google has violated their right to privacy by scanning their email messages to find words and other information that might be of relevance to Google’s advertisers. In response to the plaintiffs’ claims that such scanning without their prior consent violates their right to privacy, Google’s counsel contended that scanning is an “ordinary business practice” and “an unavoidable part of the email business.” He pointed out that other, desirable features of most email programs, such as spam filtering and virus protection, also involve scanning. Julia Love, “In Privacy Cases, Google Defends Email Snooping,” Recorder, Sept. 9, 2013, at 3. The court subsequently denied Google’s motion to dismiss the action, concluding that “the statutory scheme suggests that Congress did not intend to allow electronic communication service providers unlimited leeway to engage in any interception that would benefit their business models, as Google contends.” In re Google Inc. Gmail Litig., No. 5:13-md-02430-LHK, 2013 U.S. Dist. LEXIS 172784, at *9 (N.D. Cal. Sept. 26, 2013).
These stories and many others like them illustrate a phenomenon that goes far beyond the merits of the cases involved. The Fourth Amendment protects “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures,” and although, from a purely legal standpoint, its constraints apply only to actions of the government, its underlying principles and assumptions also inform our common conception of the boundary between the public and private spheres. Today, however, as a result of technological change that continues to outstrip our collective cultural comprehension, defining what constitutes a “reasonable expectation of privacy” has become enormously difficult. Lay understanding, legal authority, and technological reality often bear little resemblance to each other and frequently are in extreme tension.
Different cultures understand privacy in different ways. In societies in which large numbers of people typically live in close proximity to each other, often in very small spaces, very little truly is understood or expected to be private. There are entire languages without words for “I” or “me” or “mine.” People who live under oppressive political systems fear with good reason that what they say or even what they think will come to the attention of government agents. It is fair to say that most Americans have a much greater sense of individuality and a much broader sense of what is or ought to be private. When he famously described “the right to be let alone” as “the most comprehensive of rights and the right most valued by civilized men,” Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, J., dissenting), Justice Brandeis was channeling a sentiment that is embedded deeply in both our common law and our society.
In a sense, it was a yearning for privacy that caused so many of our early immigrants to come here in the first place. Whether they have sought a physical space of their own or simply the right to think, believe, or act differently from their neighbors, most people coming to America have been motivated more by libertarian than by communitarian impulses. While our Constitution doesn’t declare a right of privacy as such, core elements of privacy are present in the First, Fourth, and Fifth Amendments, and at least since 1965, the Supreme Court has recognized an implied right of privacy in the language of the Ninth Amendment. Griswold v. Connecticut, 381 U.S. 479, 484 (1965). Many state constitutions have enumerated an express right of privacy from their inception. Even before the American Revolution, the common law provided explicit support for this point of view. As one influential jurist of the time put it, “It is certain every man has a right to keep his own sentiments, if he pleases: he has certainly a right to judge whether he will make them public, or commit them only to the sight of his friends.” Millar v. Taylor, 4 Burr. 2303, 2379 (1769) (Yates, J.), quoted in Samuel D. Warren & Louis D. Brandeis, “The Right to Privacy,” 4 Harv. L. Rev. 193, 198 n.2 (1890).
Until the 20th century, most Americans simply took as a given that they could expect privacy within the walls of their homes and in other places where they made the effort to be out of earshot of others. This assumption was based not only on cultural norms but also on technological reality. In Justice Alito’s words, “the greatest protections of privacy were neither constitutional nor statutory, but practical.” United States v. Jones, 132 S. Ct. 945, 963 (2012) (Alito, J., concurring in the judgment). With the advent of telecommunications, that reality changed fundamentally. As another Supreme Court justice observed more than 70 years ago, “[t]he search of one’s home or office no longer requires physical entry, for science has brought forth far more effective devices for the invasion of a person’s privacy than the direct and obvious methods of oppression which were detested by our forebears and which inspired the Fourth Amendment.” Goldman v. United States, 316 U.S. 129, 139 (1942) (Murphy, J., dissenting).
The early wiretapping and eavesdropping technologies that brought about this change seem almost quaint by today’s standards. Any current-generation wireless telephone can be used to pinpoint the whereabouts of the person using it. Most modern computers contain cameras intended to enable users to engage in video conversations; what many users don’t know is that those cameras can be controlled remotely by others and used to observe the users’ movements. As the Gmail case and others like it illustrate, almost any electronic communication can be monitored, scanned, and stored indefinitely without the knowledge of the parties to the communication. Activity in virtually any public space can be watched and heard to a minute degree of resolution. Biometric technologies such as facial recognition software are being used increasingly to identify people entering or passing through public spaces. And the capacity of all of these technologies is growing exponentially.
Judges Confront Privacy Questions
It should not surprise us that these developments pose a daunting challenge for judges. The practical limits of the contemporary “reasonable expectation of privacy” analysis articulated by the Supreme Court nearly half a century ago in Katz v. United States, 389 U.S. 347 (1967), were apparent in the Court’s recent decision in United States v. Jones, which involved the surreptitious placement by law enforcement officers of a Global Positioning System (GPS) device on a suspect’s vehicle. Justice Scalia, writing for the five-member majority, concluded that because placement of the device amounted to a physical trespass, it was unnecessary for the Court to engage in a “reasonable expectation” inquiry. Jones, 132 S. Ct. at 953–54. Justice Alito, writing for himself and three other justices, argued that Katz was controlling. However, he also observed that
[the Katz test] . . . is not without its own difficulties. It involves a degree of circularity . . . and judges are apt to confuse their own expectations of privacy with those of the hypothetical reasonable person to which the Katz test looks. . . . In addition, the Katz test rests on the assumption that this hypothetical reasonable person has a well-developed and stable set of privacy expectations. But technology can change those expectations. Dramatic technological change may lead to periods in which popular expectations are in flux and may ultimately produce significant changes in popular attitudes. New technology may provide increased convenience or security at the expense of privacy, and many people may find the tradeoff worthwhile. And even if the public does not welcome the diminution of privacy that new technology entails, they may eventually reconcile themselves to this development as inevitable.
Id. at 962 (Alito, J., concurring in the judgment) (citations omitted).
The psychological dimensions of Americans’ expectations of privacy may be even more complex than those Justice Alito describes. While Jones and other cases show how difficult it has become for judges and case law to keep up with technological realities, there is considerable evidence that the sensibilities and expectations of a large portion of the lay public still are anchored firmly in our country’s libertarian past. For every inveterate user of social media who tweets random comments while standing in line at the grocery store, there is someone who bristles when asked to provide his Social Security number on a form or someone who is indignant when she learns that the cookies in her web browser permit all manner of advertisers to include her in their target audience. Indeed, the plaintiffs in one recent multidistrict class action argued unsuccessfully that the very use of their cookies without their knowledge and consent was actionable. The district court dismissed the action in part because the plaintiffs failed to allege any actual damages. In re Google Inc. Cookie Placement Consumer Privacy Litig., No. 12-2358-SLR, 2013 LEXIS 145727, at *8 (D. Del. Oct. 9, 2013).
This clash between reality and expectations is especially sharp when government is involved. In her separate concurrence in Jones, Justice Sotomayor notes that
people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the email addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers.
Jones, 132 S. Ct. at 957 (Sotomayor, J., concurring).
But she goes on say that
I for one doubt that people would accept without complaint the warrantless disclosure to the [g]overnment of a list of every Web site they had visited in the last week, or month, or year. . . . I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.
Id.
In the end, she concludes that “[r]esolution of these difficult questions in this case is unnecessary, however, because the [g]overnment’s physical intrusion on Jones’ Jeep supplies a narrower basis for decision.” Id.
How should we think about these “difficult questions”? What core cultural and constitutional values remain relevant to that inquiry notwithstanding the often bewildering pace of technological change and the continuing erosion of private space? Is there a “reasonable expectation of privacy” that is elastic enough to be adapted to unforeseen circumstances yet durable enough to have the predictability that the rule of law requires?
From a cultural standpoint, the answer at least to some extent may be generational. People who never have known a world without smartphones and social media likely have a very different sense of individuality than their ancestors who lived on the farm or frontier. On average, today’s teenagers send and receive literally thousands of text messages—many including pictures, intimate details of their private lives, or both—every month. Social media sites make that same data available instantly to however many dozens, hundreds, or thousands of people to whom one wants to allow access, and undoubtedly to many more whose access is unintended. Prospective employers, colleges, and the merely curious can learn more about someone in a few minutes than they would have learned in a lifetime not that long ago. Privacy isn’t what it used to be, nor is it likely to be ever again.
But as Justice Sotomayor suggests, it’s doubtful that even the most frequent users of these new technologies are comfortable with the idea of the government having free rein to monitor the content of their conversations or track their movements. At least implicitly, and perhaps naively, given the extensive digital footprints the technologies actually leave, the notion that one should be able to choose who sees or hears one’s personal activities still persists. It is one thing to recognize, as many do, that the very act of writing an email or engaging in a wireless conversation necessarily creates an entry in the database of an Internet service or wireless communication provider, but it is quite another to assume that such entries are shared routinely with strangers or that the government or another third party freely may listen to or observe their content.
As Justice Alito points out, the reasonableness of one’s expectation of privacy tends to be assessed through the lens of one’s own experience. The California judges who objected to their financial disclosure statements being made available online understood that the statements were public records, but for most of them, their visceral sense of privacy was developed at a time when accessing public records required physical effort. The idea that someone might read their disclosure statements with a couple of keystrokes was unsettling to them. While respecting their concerns about whether the law requires judges to disclose information that could affect their personal security, the Fair Political Practices Commission ultimately concluded that the judges’ privacy argument was unpersuasive.
Conversely, Google’s counsel in the Gmail litigation argued unsuccessfully that because customers presumably know that the content of their email messages is being scanned for spam, it is unreasonable for them to expect that the scanned data won’t be used for other business purposes as well. In Jones, the government contended that because the defendant knew that his movements were public, it was unreasonable for him to expect that they wouldn’t be observable by some form of surveillance technology; the government also contended that the GPS device attached to his vehicle simply allowed the government to know what he reasonably should have expected it to know. Although their rationales varied, all nine justices disagreed.
But these different outcomes should not necessarily be seen as evidence that the boundaries of a “reasonable expectation of privacy” are entirely subjective. Two related and arguably fundamental concepts—consent and transparency—appear to be in play in these and similar examples.
In the case of the judges, consent to public disclosure of specified financial information was implied by the judges’ voluntary status as public officials subject to the controlling statute. The discomfort some judges felt about the ease with which the public could obtain their information was understandable but legally irrelevant. But the plaintiffs’ consent in the Gmail case was much more circumscribed. As the court pointed out, Google’s terms of service allegedly permitted Google to scan users’ emails for objectionable content but not to target advertising or create profiles of users’ preferences. The court held that this distinction provided an appropriate way to draw the line between reasonable and unreasonable expectations of privacy, concluding that “[b]ecause the two processes were allegedly separate, consent to one does not equate to consent to the other.” In re Google Inc. Gmail Litig., 2013 LEXIS 17278, at *13.
The importance of consent is even more salient in the Fourth Amendment context. The Constitution prohibits warrantless searches absent exigent circumstances, but there is no constitutional violation if the person whose rights are implicated consents to the search. While the Katz test does not involve consent in the contractual sense, its underlying premise is a recognition that membership in society necessarily involves acquiescence or implied consent to certain things being public.
The majority in Jones held that attaching the GPS device to the defendant’s car was unlawful, if for no other reason, because the defendant had not consented to this intrusion on his property rights. But like the court in the Gmail litigation, the concurring justices also appeared to resist the idea that one’s reasonable expectation of privacy is bounded only by the limits of modern technology or that one’s personal use of such technology amounts to consent to its use by the government for purposes of law enforcement. After discussing a variety of technical innovations—most of which are now standard features of most wireless phones and many private automobiles—that allow one to determine the location of a person or vehicle, and noting the absence of any applicable legislation, Justice Alito observed:
The best that we can do in this case is to apply existing Fourth Amendment doctrine and to ask whether the use of GPS tracking in a particular case involved a degree of intrusion that a reasonable person would not have anticipated.
Under this approach, relatively short-term monitoring of a person’s movements on public streets accords with expectations of privacy that our society has recognized as reasonable. . . . But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.
Jones, 132 S. Ct. at 964 (Alito, J., concurring in the judgment) (citations omitted).
Transparency
Transparency—knowing the potential effects and implications of one’s conduct—also is an important principle in current legal discussions about privacy. The grievance at the root of the Gmail litigation is that the plaintiffs never were told that the content of their email messages would be scanned for commercial purposes. The fact that it could be scanned for any number of purposes beyond blocking objectionable content—or, for that matter, that today virtually any digital communication can be mined for data—ultimately didn’t help Google’s cause because, at least for pleading purposes, Google wasn’t transparent about its actions.
One can imagine many other ways in which a lack of transparency could support a claim of invasion of privacy. As Justice Sotomayor noted in Jones, “[o]wners of GPS-equipped cars and smartphones do not contemplate that these devices will be used to enable covert surveillance of their movements,” id. at 956 n.* (Sotomayor, J., concurring), even though it is obvious that the primary purpose of geolocation technology is to identify where one is. Perhaps for this reason, the federal government and many other large employers make it abundantly clear to their employees that email messages sent and Internet websites visited from their work-based computers may be monitored.
For example, the Administrative Office of the United States Courts has approved the use of the following language, which appears at login:
This is a federal computer system and is the property of the United States government. It is for authorized use only. Users (authorized or unauthorized) have no expectation of privacy in their use of the system. Any or all uses of this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized court personnel, and referred by them to law enforcement or others as appropriate. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized court personnel. Unauthorized use of this system may result in administrative disciplinary action and civil and criminal penalties. By continuing to use this system you indicate your awareness of and consent to these conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.
Guide to Judiciary Policy, Vol. 15, ch. 5, § 515.30(c)(2).
Such disclosures haven’t entirely prevented complaints about inappropriate intrusion into users’ personal communications, nor have they deterred some users from making inappropriate or even illegal use of their computers, but no one can claim that he or she wasn’t warned.
California judges are told explicitly that “[a] judge must expect to be the subject of constant public scrutiny. A judge must therefore accept restrictions on the judge’s conduct that might be viewed as burdensome by other members of the community and should do so freely and willingly.” Cal. Code Jud. Ethics Canon 2A, advisory committee cmt. (Jan. 1, 2013). Similar language is found in the ethics rules of virtually every other state and in the Code of Conduct for United States Judges. While the judges who objected to online posting of their financial disclosure forms did raise legitimate concerns about security—concerns that perhaps might be addressed by permitting filers more leeway to redact sensitive information in appropriate cases—their privacy argument was weakened considerably by the express expectations articulated in California’s Code of Judicial Ethics.
Of course, it rarely is in the government’s interest to be transparent with the target of a criminal investigation. But given the value of secrecy in the law enforcement context, transparency in obtaining and executing search warrants, wiretap authorizations, and similar court orders is particularly important. In essence, the government argued in Jones that because GPS technology is so advanced and its public use is so commonplace, the defendant could not have had a reasonable expectation that his movements would not be monitored, even for a lengthy period of time. Although they disagreed as to their reasons for reversing the defendant’s conviction, all of the justices agreed that the government had a duty to explain what it was doing to a judicial officer and to provide legal justification for doing it. And Justice Sotomayor, who concurred with the majority’s property-rights analysis, went on to say this:
Awareness that the [g]overnment may be watching chills associative and expressive freedoms. And the [g]overnment’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse. The net result is that GPS monitoring—by making available at a relatively low cost such a substantial quantum of intimate information about any person whom the [g]overnment, in its unfettered discretion, chooses to track—may alter the relationship between citizen and government in a way that is inimical to democratic society.
Jones, 132 S. Ct. at 956 (Sotomayor, J., concurring) (internal quotation marks and citation omitted).
The ongoing debate about the National Security Agency’s secret monitoring of millions of telephonic and electronic communications also is instructive. While some civil libertarians have expressed outrage that such a program could exist at all, the program’s defenders have argued that both the breadth and the secrecy of the monitoring have been essential in combating terrorism. The Foreign Intelligence Surveillance Court, sometimes called the “FISA Court,” which was established by Congress to provide judicial review of such operations, has found itself at the center of this controversy.
The FISA Court is different from any other court in the federal system, in large part because it meets in secret and the record of its proceedings rarely is made public. There has been a “debate within the debate” about whether the court in fact is protecting the rights of those under investigation or merely acting as a rubber stamp for the government. While it is beyond the scope of this article to comment on its merits, both the debate and its intensity illustrate the importance of transparency in our thinking about privacy.
Justice Alito has suggested that “[i]n circumstances involving dramatic technological change, the best solution to privacy concerns may be legislative,” reasoning that “[a] legislative body is well situated to gauge changing public attitudes, to draw detailed lines, and to balance privacy and public safety in a comprehensive way.” Id. (Alito, J., concurring in the judgment) (internal citation omitted). Indeed, many state legislatures have undertaken the efforts Justice Alito so aptly describes. See, e.g., Me. Rev. Stat. tit. 16, § 642 (effective Oct. 9, 2013) (new Maine statute requiring law enforcement and other government entities to obtain a warrant before tracking an individual through a cellular telephone or other electronic device); Tex. Code Crim. Proc. art. 18.02(13) (effective June 14, 2013) (amending Texas statute to provide for issuance of a search warrant to access emails and other forms of electronic communications). But while legislative bodies rather than courts have the primary responsibility to articulate and refine policy, it is doubtful that even the most efficient and well-informed legislature could keep up with the pace of today’s technological development. In the time it takes to formulate a new law, the technological innovation the law is intended to address may no longer represent the state of the art. For the foreseeable future and perhaps to a greater degree than ever before, common-law principles will continue to provide essential guidance to the courts.
While applying these principles has been and no doubt will continue to be difficult for judges, it is likely that there will be at least some common threads among the cases. Determining whether an expectation of privacy is reasonable will be most straightforward in cases of express consent because the focus of the inquiry will be an assessment of the voluntariness and scope of the consent. Cases of implied consent will be more difficult, and inevitably they will involve a certain degree of judicial subjectivity in evaluating what the totality of a person’s conduct says about how private the person had reason to think that conduct would be. Transparency—whether in the form of a consumer contract that tells customers what will and will not be done with their personal information, employee policies that spell out what will and will not be considered private in the workplace, or criminal investigative practices that are appropriately vetted by a judicial officer prior to implicating a target’s Fourth Amendment rights—will go a long way in helping courts to resolve these difficult questions and in providing at least some predictability in this challenging area of the law.