My computer really knows me... actually it feels like, sometimes, it knows me a bit too well. When I go online, my news feed is tailored with partisan precision. Products I want are conspicuously advertised on the margins of the screen. Invites to career-enhancing connections ding into my email inbox. A prescribed personal fitness routine is colorfully graphed, and my new favorite song is just a click away. Is it telepathy? No, it is just the work of billion-dollar data collection systems owned by private corporations that aggregate seemingly innocuous information into what is generally referred to as "big data."
Through complex, predictive algorithms, a proverbial digital hall of mirrors is created in which each of us can play and work. Through the accumulation and automated analysis of millions of bits of information, these companies seek to predict such things as our shopping habits, associations, health needs, religious leanings, and political beliefs. All of this information creates a digital mosaic that reveals far more about who I am than any conventional search of my home.
It's a good thing that the government doesn't have access to "cyber-me"... or does it? While Big Brother may be required to get a warrant to search my actual computer, that is of little comfort if it can remotely access an intimate montage of my life with far more ease and based on far less suspicion of wrongdoing. You may assume that some evidence of lawlessness is a prerequisite for a government official getting ahold of a gift-wrapped package containing the digital "you," but the reality is that the law is not there yet.
John Adams, James Madison, and other American founders were especially concerned about Great Britain's use of general warrants, called writs of assistance, to harass colonists by arbitrarily searching their homes. Therefore, the First Congress of the United States proposed -- and the states later ratified -- the Fourth Amendment, which requires the government to have a substantial and particularized suspicion before conducting a search of the private sphere. This right has become the most formidable bulwark against the government unjustly entering into our private lives.
Despite this founding legacy, we seem blithely unaware or coldly indifferent to the reality that we are implicitly -- and repeatedly -- waiving a fundamental constitutional right dozens of times every day. Google searches, phone numbers dialed, people you text and email, websites visited, banking records, fitness tracking biometrics, and geolocation data can easily be accessed by a prosecutor without a court order as long as these materials are relevant to any legitimate criminal investigation, which is a far lower standard than the probable cause required for a search warrant.
Sure, many self-proclaimed "good" citizens will read this and take the position that they have nothing to hide and, therefore, nothing to fear from laying bare their entire digital lives. To be sure, younger generations have already mastered the art of oversharing, and there seems to be an ever-increasing priority put on unfettered communication and convenience over privacy. Certainly to have any sort of social life these days or to be in any modern labor market, you will leave a cyber-trail. Obviously, we can't put the figurative toothpaste back in the tube, so the more salient question is whether the technological advances in recent years compel us to rethink the legal principles that allow the government to bypass the warrant requirement when obtaining personal data from private technology companies.
The heart of the big data privacy void is rooted in a long-standing legal rule exempting Fourth Amendment protection of personal information that has been voluntarily conveyed to a third party. In short, the rationale behind such a precedent turns on the technicality that the government is not obtaining this evidence directly from you, but rather from a third party -- usually a private company. In the eyes of the law, you have implicitly agreed that you have no "expectation of privacy" for personal information once you click it into cyberspace. This, in turn, means that the government is not legally conducting a "search" when it seizes that information from the private companies, and only a "search" by the government requires cops to first provide probable cause of wrongdoing to a judge.
There is a rapidly growing discord between this "third party doctrine" and free participation in the burgeoning "Internet of Things." I can only hope that you are already aware that every time you write an email, make a phone call, upload your data from your fitness tracker, send a text, visit an Internet site, or make a bank deposit, you are "voluntarily" conveying information to someone else: the phone company, your Internet provider, banker, and such. So what is really voluntary about communicating by email or making a cell phone call in a world that demands broad technological engagement? Don't we have a right to convey some information to a private entity and still require the government to demonstrate probable cause to get its hands on it? The short answer is no, but in 1979, Supreme Court Justice Thurgood Marshall passionately, but ultimately unsuccessfully, argued to his colleagues that they should adopt a distinction: "Privacy is not a discrete commodity, possessed absolutely or not at all." I find it amazing that he understood this virtue so well at a time when the Sony Walkman was just coming into vogue, surfing the Internet was a decade off, and a 250-megabyte hard drive weighed 550 pounds.
In a landmark 2012 Supreme Court case analyzing the legality of police officers attaching a GPS tracking device to a suspect's vehicle for an extended period of time, Justice Sonia Sotomayor directly confronted the archaic nature of the third party doctrine:
This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks... I for one doubt that people would accept without complaint the warrantless disclosure to the government of a list of every website they had visited in the last week, or month, or year.
In June of 2014, the Supreme Court modernized its jurisprudence a tad by unanimously holding that the digital information contained on a cell phone is so extensive and intimate that police need a search warrant to access it upon a suspect's arrest. But before you take too much comfort in the Supreme Court's tepid embrace of the twenty-first century, you should know that, hidden in a footnote, the court explicitly excluded data held in the possession of a third party, thereby keeping rulings authorizing access to such data by the government without probable cause in place.
Then there is a related, but discrete issue brought to the forefront by the controversial disclosures of Edward Snowden in June of 2013 about the National Security Administration's indiscriminate bulk collection of personal data. There remains an important question about whether it is practical or prudent to limit the government's warrantless use of data to confront grave national security threats. Privacy experts are skeptical about the efficacy of this type of restriction, but note that certain European countries have successfully implemented such use restriction policies in the face of an exponentially increasing and seemingly unstoppable emanation of electronic personal information.
With the breakneck speed of technological advancement, we will continue to encounter more nuanced and more complex privacy challenges. The approach we take to emerging fads such as wearable fitness trackers that collect and upload heart rate, sleeping times, calories burned, GPS locations, and total amount of physical activity will help stake out the confines of privacy in the future.
Privacy goes to the very heart of American liberty. As a criminal prosecutor, I am confident that balance will be found between the fair use of such personal data in prosecutions and the societal benefits of the unfettered use of technology's conveniences. Supreme Court Justice Louis D. Brandeis, probably America's most eloquent and passionate proponent of privacy rights, wrote the following in a dissent in 1928:
The makers of our Constitution... sought to protect Americans in their beliefs, their thoughts, their emotions, and their sensations. They conferred, as against the government, the right to be let alone -- the most comprehensive of rights and the right most valued by civilized men.
I have little doubt that, if still alive, Brandeis would tell the courts that it is just plain foolish to compromise the principles of liberty embodied in the Fourth Amendment by continuing to apply rotary dial standards to a Facebook world.