Few events have the capacity to challenge and change the law the way widespread technological adoption does. Inherent frictions between the two forces have played out countless times throughout American history, ultimately resulting in many of the laws and regulations citizens abide by today. Moreover, public adoption rates and impact have proven an accurate, if informal, set of yardsticks by which to measure the resultant legislative response: the more a technology changes the status quo, the greater interest a government might have in outlining its appropriate use. This basic fact is present everywhere from the nation’s roadways to broadcasts over public airwaves.
When technology brings change, in other words, the law must adapt. While this maxim seems simple enough on paper, the immense popularity of digital devices has left a litany of unanswered legal questions swirling around the gadgets that a near-plurality of US citizens have come to rely on. Given today’s techno-political climate, the relative newness of the technologies in question, and the deep knowledge required to make a consistent body of law regarding their use, it is not surprising that many such questions address the balance between individual user privacy and the government’s need to do its job effectively. It is also unsurprising that the answers are both few and far from decisive.
Thus, we come to the Fourth Amendment. Ratified in December 1791, the Amendment’s focus on search-and-seizure protocol and individual privacy are often raised when matters of criminal investigation and technology are brought before the courts. It has been the focal point of landmark cases covering commonly used digital technologies, and will undoubtedly remain a prominent factor in future cases. Legislation and key judicial interpretations related to the amendment will also need substantial review and reconsideration before the law can fully fit the nuances of technology.
Misunderstandings and “unsympathetic” criminals contribute to significant court decisions regarding technology
In late 2014, the FBI received a disturbing tip. One of the largest child pornography sites on the dark web, an unsearchable corner of the internet accessible only through specialized browser software, was apparently hosted in the United States. Federal agents seized the server hosting the site, but chose not to immediately shut the service down. Instead, they secretly operated it themselves for two weeks so they could gain intelligence on the criminals using the service. To do this, agents deployed an agency-developed tool called the “Network Investigation Technique,” or NIT: powerful software that launches from captured servers, records certain identifying information from users who connect to them, and reports it back to the FBI in Virginia.
At issue were jurisdictional specifics, the nature of the NIT, and the legal definition of terms like “search and seizure” as applied to computers in the accused’s home. Per the EFF, Rule 41 of the Federal Rules of Criminal Procedure “only [authorized] federal magistrate judges to issue warrants to conduct searches in the judicial district where the magistrate [was] located” at the time of the investigation and trial, but the FBI used their warrant to search for and seize data from home computers across the country. The rule has since been changed to allow this sort of activity, but was not in effect at the time of the trials.
Results of the criminal trial also raised significant privacy concerns. Quoting previous case law, US District Judge Henry Coke Morgan, Jr. claimed the FBI’s techniques were philosophically closer to “peering through broken blinds” than they were to a search and seizure.
Naturally, people and organizations on the personal privacy end of this debate did not agree with Judge Morgan’s analogy. The EFF in particular claimed that a combination of “unsympathetic” defendants — a group to which child pornography suspects undeniably belong — and fundamental misunderstandings about the complex, often abstracted inner workings of computer and network technology have contributed to a “dangerous decision” that could ostensibly allow government to continue accessing private computers without a warrant. Although a judge did later rule that the NIT warrant was invalid, the above-mentioned changes to Rule 41 make the finding more of a postscript than an actionable opinion.
From computers to cell phones: The challenges of applying criminal procedure to tech
If anything, the Playpen case represents a considerable point of interest because existing case law on the subject is so sparse and inconsistent. The handful of cases covering the intersection of Fourth Amendment law and technological complexity run the gamut of opinions and outcomes, making every federal court decision a potential “game-changer” in its potential to influence tech-related law.
Take Riley v. California, arguably the most important technology-focused case in recent memory. The unanimous decision handed down by the Supreme Court stipulated that police officers generally must have warrants to search a citizen’s cell phone, even during arrests, traffic stops, and other situations where those citizens enjoy fewer rights than usual.
Police — who have had to work under the tenets of the ruling since it was handed down in 2014 — already understand the workaday aspects of Riley. However, beyond the practical considerations it presents our officers are the larger ideas behind the opinion, particularly regarding the court’s definition of a cell phone. In short, the reason why they cannot be searched through when found on a suspect’s person is that they are not considered “containers” like the packs of cigarettes or pill bottles officers might pull from a suspect’s pockets, despite governmental arguments to the contrary. The decision also said phones do not pass the “warrantless search test” established in another famous case, Chimel v. California, because the data contained within them cannot be used as a weapon or a tool to “effectuate the arrestee’s escape.”
Riley is unquestionably a landmark case on its own merits, but many of its legal implications are particularly interesting because of its contrasts with the Playpen case. While the former represents a measured, realistic understanding of the functions phones provide and the private data they house, the latter effectively says the covert deployment of sophisticated remote-capture software is no different from a legal standpoint than sneaking a peek through “broken blinds.”
Further, the discrepancies between these two cases may underscore a need for more Supreme Court rulings on technology issues. An authoritative stance would cleave some of the confusion surrounding current technology-and-law matters.
Police and Private Technology May Require a Renewed Look at Third-Party Doctrine
Of course, our Constitution hardly exists in a vacuum. In many ways, judicial interpretations of and stipulations to our nation’s guiding legal document are just as important as the framework itself, considering the power those opinions can wield in shaping subsequent cases. Where certain interpretations, tests, and rules lend themselves just fine to the Fourth Amendment concerns raised by technology, others are harder to apply to a modern context. The so-called “Third-Party Doctrine” established in a 1967 Supreme Court ruling and reaffirmed in later decisions arguably belongs in the latter camp.
At high level, Third Party Doctrine explains that information willingly shared with third-party people or organizations is no longer protected by the Fourth Amendment. This is in large part why police and other governmental organizations can access a suspect’s bank records or install a pen register on certain landline facilities without violating the same privacy protections. When the bank client deposits money with the institution, they are automatically sharing certain data with an outside entity, just as another suspect does when their key presses route through a traced or registered phone company property.
The problems begin when we consider the makeup of most modern technologies. In an era where virtualization, cloud services, online shopping, and literally thousands of other services and basic technological functions use transmission of user data to third parties as a baseline technical requirement, the gadgets in tens of millions of pockets and home offices around the country have arguably become too complex for Third Party Doctrine to govern them.
Unsurprisingly, this very rationale has put the doctrine under increased public and judicial scrutiny of late. In United States v. Jones, a case stemming from agents placing a GPS unit on a suspect’s car, Justice Sonia Sotomayor called the doctrine “ill suited [sic] to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.” In the same case, Justice Samuel Alito implicitly suggested Congress should revisit the doctrine through legislation.
These and other judicial opinions on the matter could also impact the way police at the state, local, and federal levels use technology to do their jobs in a more direct sense. Cell site simulators, colloquially known as Stingrays, are a major topic of Fourth Amendment controversy, for instance. The widely used devices mimic cell towers and — depending on make, model, scope of warrant, and other factors — allow officers to carry out several useful tasks. For instance, they might allow officers to track suspect movements via their cellphones, download and listen to phone conversations, and even restrict or block phone service.
In defending use of this practice, government often appeals to Third-Party Doctrine and compares the device to a pen register. However, concerns arise when the Fourth Amendment is considered on the other half of the courtroom. Because it is not always possible to tell what an eavesdropped phone conversation will reveal, and because Stingray devices cannot “zero in” on specified phones within range, the data seized during a legal listening session may be considered a Fourth Amendment “fishing expedition.” As such, if the recorded illegal activity falls well outside the scope of the warrant, it could also violate the privacy of innocent parties who have their data captured while using their phones in range of a Stingray operation.
Concerns about so-called “parallel construction,” in which police covertly and illegally capture Stingray info on suspects performing illegal activity, then artificially construct evidence and investigation to build a lawful arrest and lessen the risk of losing the case, also run the risk of damaging police credibility.
It is worth noting that concerns regarding fishing expeditions and parallel construction related to computers and other digital devices have been raised. Stingrays and similar devices simply represent a situation in which technology the police deploy against other technologies may violate the Fourth Amendment. At least one federal case involving Stingray use has been tossed, largely because third-party doctrine and pen register comparisons do not fully mesh with the breadth and depth of cell site simulator technology. Another case, this one at the Supreme Court level, will hear arguments on Stingray use and related issues, but a date for arguments has yet to be established.
By definition, technology affords people newer ways of doing things. Hashing out the legal particulars between these new processes and their predecessors — Stingrays vs. pen registers, for instance, or files stored on a hard drive vs. papers locked in a desk drawer — is a substantial undertaking in times like these, where seemingly every new technology off the line is primed to transform some aspect of our lives.
Because of these concerns, it is a foregone conclusion that the Fourth Amendment will play an ever-growing role in our nation’s legal philosophy in coming years. Current case law shows technical understanding and aptitude may strongly influence judicial opinions on related matters, often to different ends. And with so many questions yet to be answered, it seems we are still several landmark decisions away from a comprehensive legal approach to the digital era.