Earlier, I promised a post that would make the positive case for the third-party doctrine and Smith v. Maryland.
The case against it seems pretty obvious. Privacy advocates are glad to tell us that the pace of technological change requires that we expand fourth amendment protections. “We're putting our entire lives on line,” they say. “The government's ability to collect and analyze data is growing. Only by expanding the fourth amendment can we even the balance that protects our privacy.”Or more colloquially, “Some new technologies are just plain creepy, especially in the hands of the government, and we want the fourth amendment to save us from them.”
The problem with that argument is that definitions of “creepy” change pretty fast.
Brandeis wrote his seminal article on privacy because he thought the Kodak camera was creepy, and he wanted the law to prevent the hoi polloi from taking his picture. In the 1970s, the FBI's ability to maintain clippings files on prominent Americans was a creepy source of power for J. Edgar Hoover. And the Attorney General actually imposed a fourth-amendment-style “predicate” requirement on future FBI clippings files about individuals. Today, though, Google has democratized the clippings file, and it's too common to be creepy.
Much as we may regret what we said to a reporter back in 1997, there's no point in feeling violated every time it shows up in search results. So we don't.
We adjust. The line between “creepy” and "not creepy" isn't fixed. It creeps.
This makes it very dangerous to build a fourth amendment doctrine on the relative creepiness of new technologies. To start, even if we thought the law should restrict creepy new technologies, why would we ask nine cloistered quasi-academics with an average age pushing 70 to tell us where the “creepy line” is today? And why would we put their answer largely beyond reconsideration – enshrined as precedent in the Constitution? There's a good chance that if we'd done that in the last century, we'd still be waiting for the Court to reconsider the rule that governments must have probable cause and a warrant before taking pictures of people or before running Google searches on them.
If you want to know what information Americans really value, and what technologies they really find creepy, Smith v. Maryland turns out to be a pretty good proxy – and certainly better than consulting a panel of nine Baby Boomers. When Americans share certain data, they are voting with their feet – giving up some privacy for the sake of something they value more. By now everyone understands the social media business model; we're getting the service because we are giving up the data. And most of us have been occasionally surprised and disconcerted by the ways in which the data has been used. Sometimes we decide that we value our privacy more than the service, and we quit. More often, we don't. And our “creepy line” moves a bit. The more often it moves, the less surprising and the less offensive we find it when the government gets access to the same data we've already given to Twitter or Google or Facebook or AT&T.
Viewed another way, the decision to share certain data with a third party is part of a predictable journey. It's a sign that we care about the privacy of the data a little less than we once did. And once shared the data slowly becomes less sensitive. It's the journey from Brandeis to Kodak to Flickr.
If I had to guess, that's the journey we're on with location data. The Supreme Court clearly thinks that routine government access to location data is kind of creepy, and it's tempted to give location some special constitutional status, notwithstanding Smith. But if it does, I predict, it's going to end up looking as foolish and out of touch as Brandeis does today. Why? Because more and more kids are getting smart phones today, sometimes as early as elementary school, and practically every parent who buys one is installing an app that relays the kid's location to the parents. Which means that kids are already beginning to graduate from high school without any sense that their location can or should be hidden from the ultimate authorities, their parents. They will never share the current Supreme Court's instinct that their location is uniquely private.
Saying that I'd rather trust the verdict of millions of Americans than the instincts of nine Supreme Court justices is not the same as saying that there should be no special privacy rules for third-party data. It just means that those rules should not be written by the Court.
In fact, the introduction of new third-party services is routinely used by privacy advocates to call for new restrictions on government access to those services' data. And the new services themselves are eager to deflect their customers' privacy concerns toward regulating the government and not their service. So there's a built-in lobby for legislation that tinkers with the default Smith rule. As a result, Congress has been active in setting special rules for government access to some third-party data.
Under Smith, for example, electronic communications can be obtained without a warrant, just like everything else we share with third parties. But Smith doesn't apply to electronic communications. Instead, government access to those records is governed by the Electronic Communications Privacy Act, enacted nearly twenty years ago and revised a dozen times since then. ECPA is remarkably fine-tuned, setting several different standards for government access to different kinds of private communications, all of them higher than the default that Smith offers. (There is an active campaign right now to further further raise those standards.)
Or take the most famous collection of third party data, the one that got this debate rolling – NSA's collection of the metadata for all calls touching the United States. Even there, actual intrusions into privacy were strictly limited. The government held a lot of data, but it conducted searches on fewer than 500 identifiers a year. All three branches of government imposed limits on NSA's actual access to the data. And Congressional reforms of the program are already being debated, with some changes nearly certain.
None of this suggests a failure of democracy that requires the Supreme Court to step in and impose its own Procrustean definition of “creepy” on the country.
It turns out that Smith v. Maryland provides a good first-order estimate of Americans' evolving expectations of privacy. And where it's wrong about those expectations, it provides a powerful incentive for Congress and the Executive to bring the law into accord with Americans' expectations.