January 19, 2010
4th Amendment Updates in the State Courts
The US Supreme Court is not the only Supreme Court to recently focus on 4th Amendment privacy issues critical to technology.
By Ethan Ackerman
This blog recently covered the US Supreme Court's decision to hear a 4th Amendment case dealing with texting privacy. While technology privacy cases are fairly rare at the US Supreme Court level, many of the 50 states' highest courts have dealt with similar issues recently. The waning months of 2009 saw three fairly important state-level 4th Amendment cases that could potentially have a big impact on electronic and online privacy.
Searching Suspects' Cellphones
In December, the Ohio Supreme Court addressed the searches of an arrestee's cell phone. In a 4-3 split, the court held that police searches of a suspect's cell phone, even though incident to the suspect's arrest, required a warrant. The court's decision grappled with the scope of 'a search incident to arrest,' which is one of the few exceptions to the warrant requirement the 4th Amendment usually imposes. Susan Brenner helpfully lays out the details surrounding the exception and its scope here. The court noted that federal courts were split on the issue; the Supreme Court hadn't addressed cell phones or anything similar. So the court proceeded to look at the underlying justification for the exception (officer safety, evidence protection). The court held that the exception wasn't necessary and ruled that a warrant was necessary to protect the private and extensively detailed personal information cell phones often hold.
It's perhaps an understatement to say that this area of the law isn't settled, and the Ohio court's focus on two federal cases is just a small chunk of the universe of cases on this issue. In-house counsel at the Federal Law Enforcement Training Center has helpfully catalogued the cases on this issue. So is the outcome sensible? Orin Kerr is a bit skeptical, but as of yet undeclared.
In a necessary reminder that the 4th Amendment matters even in non-criminal cases, the Mississippi ACLU has taken a civil case over a student's expulsion stemming from a cell phone search.
Fourth Amendment Protection for Records Held by Third Parties
The second state Supreme Court case, Colorado v. Gutierrez, doesn't occur online or even address online activities. It's about the impropriety of a (paper) search warrant for the (paper) tax records kept in the (physical) office of a tax preparer. Politicizing it just a smidge, the prosecutor in the case is running for the US Senate, and the taxpayer in the case was a Mexican immigrant. But the case's principal issue, whether information stored with a 3rd party retains 4th Amendment protections, is one of the core issues of online privacy. Facebook, Google Docs, every other "cloud" service, Skype, Hotmail, Google chat, Verizon wireless voicemail, and even Quicken all are 3rd parties holding private communications and information generated by their users. While privacy policies and state and federal statutes grant (or deny) some protections to this information, the 4th Amendment remains the cornerstone of much of the protection this information has. Several past US Supreme Court cases on the 4th Amendment have latched onto the "3rd party" present in these types of relationships to sometimes find that there was no reasonable expectation of privacy in information given to the 3rd party and thus no 4th Amendment protection. This phenomenon was common enough to get its own name as a legal doctrine - the '3rd party' doctrine. 4th Amendment scholar Orin Kerr recently published a law review article mostly praising the doctrine, and skillfully addressing its applications and shortcomings in the online world.
One of the major exceptions to the 3rd party doctrine is when a statute or protected type of relationship may still preserve a reasonable expectation of privacy despite transmission to a 3rd party. Evidentiary privileges like the attorney-client or marital privilege are examples of this. Less clear is the degree to which statutes protecting privacy may preserve the expectation. The Supreme Court has occasionally found statutes insufficient to protect the expectation (e.g. US v. Paynter, the Bank Secrecy Act was an insufficiently privacy-protecting law) but hasn't to my knowledge yet found a statute sufficient.
In Colorado v. Gutierrez, the Colorado Supreme Court found the federal and state laws protecting the privacy of tax records were sufficient to create a reasonable expectation of privacy in those records, even though they were held by the 3rd party tax preparer. Will a court hold that ECPA's protections for email, or the SCA's protections for chat logs or a Google doc, are sufficiently similar and strong to create a reasonable expectation of privacy in those records?
GPS Tracking of Vehicles
The third recent case is really a trilogy of recent state cases on GPS tracking of vehicles. Long ago in the 1990's, GPS tracking was a world of cops and scorned spouses sticking bulky devices under cars. In the past decade with the (government-mandated) addition of GPS tracking to cellphones, and their increasing ubiquity, the prospect of after-the-fact and real-time tracking of a person's every move is closer now than its ever been. How state courts handle these three car cases might give us some clues to how they'll handle the phone cases in the next few years.
New York, Wisconsin and Massachusetts went three different ways on the issue; finding, denying, and punting on 4th Amendment protections. Jeff Bone does an excellent summary of all three cases on his employers blog, so I'll just point you there. To give you a flavor of how the issue splits across the country and between different federal Circuits, read an earlier email of mine helpfully archived on the internets. Once again go-to scholar Orin Kerr also has thoughts on the general issue. Continuing its record as the best place on the internet for intelligent comment debates, Concurring Opinions is host to a 2008 comments debate between Kerr and fellow scholar Renee Hutchins on the issue.
Posted by Ethan Ackerman at January 19, 2010 09:48 AM | Privacy/Security
TrackBack URL for this entry: