|
META TOPICPARENT | name="FirstPaper" |
|
| The Fourth Amendment vs. Third-Party Doctrine |
|
< < | Third-party doctrine applies to situations where individuals have voluntarily given information to a third party with “no reasonable expectation of privacy”. In the 1976 case _United States v. Miller_
Why not an actual link instead of an inert footnote?
the Supreme Court found specifically that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties (in this case, records at a bank), and highlights as justification that an individual’s information is “exposed to [the bank’s] employees in the ordinary course of business.” Thus, information which is stored with third parties lies outside of an individual’s Fourth Amendment rights, and as technological trends shift more to third-party cloud services, this covers an increasingly broad set of information.
Notes
:
|
> > | Third-party doctrine applies to situations where individuals have voluntarily given information to a third party with “no reasonable expectation of privacy”. In the 1976 case United States v. Miller the Supreme Court found specifically that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties (in this case, records at a bank), and highlights as justification that an individual’s information is “exposed to [the bank’s] employees in the ordinary course of business.” Thus, information which is stored with third parties lies outside of an individual’s Fourth Amendment rights, and as technological trends shift more to third-party cloud services, this covers an increasingly broad set of information.
Notes
:
|
|
Only if the employees of the cloud service in the ordinary course of business have access to the records? If so, then most of the data stored in the cloud, either encrypted at rest or processed in a virtual processor to which the provider does not ordinarily have access, might not be subject to Miller, in your view?
|
|
> > |
I hadn't considered this question in my first draft but I think that the main point here is the act of handing over your records to a third party (even if an employee would typically not view those records) puts it in their hands (and by corollary out of yours), and thus you have relinquished that protection.
|
|
Search Warrant vs. Subpoena |
| ECPA Title II |
|
< < | Congress took note of this disparity and attempted to address it with the 1986 passage of ECPA, which contained the Stored Communications Act (SCA) under Title II. The SCA sought to bring the heightened threshold of the search warrant to “stored wire and electronic communications and transactional records”. It covers two types of services: “electronic communication services” (ECS) and “remote computing services” (RCS). The line between the two can be counterintuitive: for example, a server containing email over 180 days old qualifies as “providing storage” and therefore RCS; if it has been held for 180 days or less it qualifies as ECS — unless an email has been opened, in which case it likely reverts to a classification of storage rather than communication, and therefore RCS.
Notes
:
|
> > | Congress took note of this disparity and attempted to address it with the 1986 passage of ECPA, which contained the Stored Communications Act (SCA) under Title II. The SCA sought to bring the heightened threshold of the search warrant to “stored wire and electronic communications and transactional records”. It covers two types of services: “electronic communication services” (ECS) and “remote computing services” (RCS). The line between the two can be counterintuitive: for example, a server containing email over 180 days old qualifies as “providing storage” and therefore RCS; if it has been held for 180 days or less it qualifies as ECS — unless an email has been opened, in which case it likely reverts to a classification of storage rather than communication, and therefore RCS.
Notes
:
|
| |
|
< < | Again, this distinction matters due to the retrieval mechanism: RCS-classified data production can be compelled via a subpoena combined with prior notice (and prior notice can be delayed for up to 90 days if it would jeopardize an investigation), a far lower threshold than a search warrant.
Notes
:
|
> > | Again, this distinction matters due to the retrieval mechanism: RCS-classified data production can be compelled via a subpoena combined with prior notice (and prior notice can be delayed for up to 90 days if it would jeopardize an investigation), a far lower threshold than a search warrant.
Notes
:
|
| The SCA, while a step in the right direction, is subject to two issues: (1) it can be altered by Congress at a later date through the normal course of legislation, and (2) it has large gaps which have only grown wider since 1986. |
| Amending the SCA to require search warrants for more types of electronic third-party data would be helpful, but it requires a willing Congress. Instead, we should look at taking matters into our own hands, and re-defining the location of where our data is stored to align with the location-focused language of the Fourth Amendment. |
|
< < | Here we must find a balance between the fundamental conveniences that third-party services like Google Docs or Dropbox provide and a structure which might provide an individual using the services with Fourth Amendment protections to their data contained in the service.
In the 1948 case _In re Subpoena Duces Tecum_, a subpoena of one partner to produce documents involving the other partners was successfully quashed, and this remains good law. I propose setting up these cloud services as partnerships with their users.
In this proposal, rather than using a company like Dropbox, you would instead create a service which added users on as partners when they joined to upload and share their documents (or whatever other service you are looking to provide). This partnership service would be distributed on a franchise-style model for scalability purposes - the franchisee would gain access to the source code and be able to run their own instance of the service with a different set of partners.
Notes
:
:
|
> > | My first instinct was to look to corporate structure, to find an organizational approach fostering a relationship between consumer and provider which would still fall under the Fourth Amendment’s protection. The 1948 case In re Subpoena Duces Tecum , contains a successful quashing of a subpoena of one partner to produce documents involving the other partners, and while it remains good law, the reality is that slapping the word “partnership” on an endeavor likely will not suffice. Instead, the most realistic way forward for concerned users is found in initiatives like FreedomBox which re-house someone’s online presence into, well, their own house. I would love to see a privacy-focused ISP distribute these to customers alongside other required hardware like modems and routers, and further encourage its adoption and use by disseminating bills and notices through FreedomBox? apps (with an optional opt-out to email).
Notes
:
|
|
Perhaps the other aspects of partnership, such as unlimited liability, would be relevant to consider? What does source code have to do with partnership? Why do you need franchise agreements? This proposition seems rather sweeping, and assumes that the magic lies in the word "partner," rather than the reality of the relationship. Why courts will find it impossible to go behind a supposed "partmership agreement" is not made clear. If this is really the central point of the essay, the next draft should remove other material in order to address this notion fully. If it is not the central subject, it's a massive distraction and in my view it should go.
|
|
> > |
Yes I agree - the reality of the relationship is what matters and not the magic word "partnership". It seemed appealing as I do still believe there is a massive, massive convenience and "free" factor (and on the flip side, inconvenience and "not free" factor which serves to hinder large-scale adoption of initiatives like FreedomBox? ), but I now think that the more realistic approach here is addressing those hurdles of inconvenience (perceived or real) and cost, now that FB's existence shows proof-of-concept.
|
|
|