Challenging Democracy in the Age of Information

A U.S. Perspective on Global Privacy: Fourth Amendment Protections

The Supreme Court of the United States (SCOTUS) ruling in the U.S. versus Carpenter decision in 2018 [1] had a significant impact on privacy protections on new technology for U.S. law enforcement (LE) agencies. The SCOTUS decision alters concepts of privacy related to illegal search and seizure under the U.S. Constitution’s Fourth Amendment (4A), [2] and in particular lays a groundwork limiting LE reach into digital communication, location, and history by codifying the need to seek and acquire a search warrant. [3]

The SCOTUS U.S. v Carpenter decision paves a future where privacy in the digital domain breathes new life into democracy as autocratic nations continue to weaponize unbounded and invasive practices. While Carpenter changes the outlook on privacy with respect to LE and LE-related third-party acquisition, it does not prohibit further corporate privacy encroachment. Carpenter turns a positive light on fundamental concerns for LE and may strengthen core principles usable for United Nations treaties on privacy lead by lawful nations in this new normal of ubiquitous telemetry. The rapidly increasing global landscape of data harvesting concerns global citizens vulnerable to insidious LE practices; it is a referendum on democracy in the age of information. Putting national values above LE instruments poses a complex series of political decisions — decisions only a nation committed to democratic freedom can pursue.

The Carpenter decision provides significant addition to values-based observers of privacy. While not absolute through the lens of “privacy fundamentalists,” [4] Carpenter resolves some encroaching applications of LE in the modern information era. It clarifies the extent to which LE is required to obtain a search warrant to exploit cell site location information (CSLI) records and third party LE acquisition of CSLI. Carpenter formed a five-part litmus test (Katz-Carpenter) based on a 1967 SCOTUS decision enforcing the “trespass doctrine.” [3]

Carpenter limits the use of warrantless machine-in-the-middle (MITM) methods for intercepting telephony and internet protocol-based content and associated telemetry. Digital Receiver Technology boxes and international mobile subscriber identity (IMSI or sim card) catchers do not traditionally require warrants for their use. Since Carpenter, there is an increase in federal district rulings demanding warrants for LE MITM exploitation methods. [3] This is a good step, especially in the face of a rising authoritarian tide that does little to limit similar methods. [5], [6]

SCOTUS Honorable Justice Kennedy dissented on Carpenter outlining how the ruling did not go far enough to apply the same Katz-Carpenter rules to internet browsing history. While not expressly solving the issue of warrantless browser history and cache retrieval, Justice Kennedy provides a hook for future legal debate that may better resolve the issue of 4A protections on what amounts to unmatched LE “…power in the technological history of [the U.S.] …to watch us.” Though third-party doctrine stemming from Carpenter suggests that warrants are necessary for LE to expose these deeply private facets of modern life. [3]

Carpenter supports previously established pillars of privacy under Westin’s theory of privacy such as solitude, intimacy, anonymity and reserve. [7] It builds from this foundation and adds a five-factor Katz-Carpenter test where comprehensiveness, intimacy, expense, retrospectivity, and voluntariness are weighed. While not one- for-one, the Katz-Carpenter test maintains foundational concepts of privacy [3] from as far back as 1967 and even steers clear of dubious motive from the 1890’s “The Right to Privacy.” [8] These five core tenets of privacy under 4A can illuminate how, where and under what circumstances invasive LE techniques may or may not be applied. [3] The Katz-Carpenter test criteria provide a significant measure for the future of privacy-related legal matters in the author’s opinion.

Carpenter is a tectonic shift in SCOTUS perspectives on privacy under 4A, but it is not without defects. An example of those failings is in the relationship between modern technology, design and process made when comparing the governance of social security numbers (SSNs) and automated license plate recognition (ALPR) technology. License plates, much like SSNs, were never intended as federal identifiers, yet the slope of government control tilts inward. SSN governance and ALPR regulatory lack of status under Carpenter exposes a potential vulnerability between state and federal law from a privacy perspective. License plate design and purpose may profoundly outgrow natural public-privacy balance, with LE being the obvious benefactor through ALPR technology. ALPR may expose U.S. persons Personally Identifiable Information (PII) through automobile use for what was once only a proof of registration artifact.

To illustrate: the original 1936 concept of SSNs was to track citizen earning history to calculate benefit entitlements. A 1947 Executive Order (EO 9397) changed the history of SSN utility and was later rescinded in 2008 (EO 13478). Today SSNs are almost ubiquitous with name, date of birth, and birthplace. [9] The lack of clarity between the three branches of government on this widely recognized PII identifier leaves a notable privacy concern. So how might PII apply to ALPR? License plates are managed at the state level and present a 4A-Tenth Amendment (10A) showdown left unaddressed by Carpenter. The purview of state LE does not trump federal LE, but what about privacy rights? At what point do state automobile identifiers fall within purview of the federal government, and when are those viewed as PII in a world of autonomous vehicles?

In another Carpenter artifact of imperfection, the SCOTUS decision nods at an Federal Communications Commission (FCC) mandate for precision location chips enhancing 911 services and related LE response. That does little to improve legal status under Carpenter where cell phones are described as being nearly “an important feature of human anatomy.” The FCC loophole provides no provision for citizens to opt out ensuring traceability even when cellular location services are manually disabled. Theoretically, this puts Carpenter at odds with the FCC order from a retrospectivity perspective (under Katz-Carpenter test criteria) and in desperate need of further judicial reflection. [3]

Carpenter, as an American democratic ideal, contrasts sharply with the absence of oversight in authoritarian surveillance states. With the rise of commercial surveillance, hostile foreign adversaries realized applied technology as a mechanism for state control can be highly effective (both within and beyond their boundaries). Chinese use of safe cities and smart cities (SC2) technology is a great example of use domestically, and as an extra-territorial surveillance export. [6] The Russian-made Systems for Operative Investigative Activities (SORM) is another. [5] Both SC2 and SORM are developed, operated, and exported by foreign-government-approved corporations. Both provide warrantless privacy encroachment without judiciary oversight. [5], [6] While flawed, Carpenter demonstrates intent to control state overreach on its citizens.

The U.S. is a values-based society. While the information age has presented us with new challenges, it has also enabled us to discover fresh solutions at the nexus of governance and technology. Carpenter is an enabling SCOTUS decision on our long arc pursuing privacy, liberty and “a more perfect Union.” [10] While this decision may make LE agencies’ jobs more challenging, it is ultimately a statement to the people of the U.S. (and the world) about where its values remain in the information age. Carpenter in all its imperfections is a torch which lights the way for the world to see. It is exploitable and vulnerable, but it is true. By looking to other nations’ privacy practices, the U.S. can only strengthen its position on privacy expectations and law. Through a cooperative approach, the U.S. can help outline a method for guarding privacy on the international stage.

_____________________________________________References:

[1] “16–402 Carpenter v. United States (06/22/2018).” https://webcache.googleusercontent.com/search?q=cache:OOcnf0p0nWoJ:https://www.supremecourt.gov/opinions/17pdf/16-402_h315.pdf&cd=2&hl=en&ct=clnk&gl=nl&client=firefox-b-d (accessed Nov. 07, 2022).

[2] “U.S. Constitution — Fourth Amendment | Resources | Constitution Annotated | Congress.gov | Library of Congress.” https://constitution.congress.gov/constitution/amendment-4/ (accessed Sep. 02, 2021).

[3] L. Hecht-Felella, “The Fourth Amendment in the Digital Age | Brennan Center for Justice.” https://www.brennancenter.org/our-work/policy-solutions/fourth-amendment-digital-age (accessed Nov. 07, 2022).

[4] D. J. Solove, “A Taxonomy of Privacy,” University of Pennsylvania Law Review, vol. 154, no. 3, pp. 477–564, 2006, doi: 10.2307/40041279.

[5] M. Newton, “Russia Exports Digital Surveillance, Despite Sanctions,” CEPA, Aug. 26, 2022. https://cepa.org/article/russia-exports-digital-surveillance-despite-sanctions/ (accessed Nov. 08, 2022).

[6] J. Roberts, “China’s surveillance ecosystem and the global spread of its tools,” Atlantic Council, Oct. 17, 2022. https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/chinese-surveillance-ecosystem-and-the-global-spread-of-its-tools/ (accessed Nov. 08, 2022).

[7] A. F. Westin, Privacy and freedom, [1st ed.]. New York: Atheneum, 1967.

[8] S. D. Warren and L. D. Brandeis, “The Right to Privacy,” Harvard Law Review, vol. 4, no. 5, pp. 193–220, 1890, doi: 10.2307/1321160.

[9] “Social Security History.” https://www.ssa.gov/history/reports/ssnreportc2.html (accessed Nov. 08, 2022).

[10] “U.S. Constitution — The Preamble | Resources | Constitution Annotated | Congress.gov | Library of Congress.” https://constitution.congress.gov/constitution/preamble/ (accessed Nov. 08, 2022).