Does privacy protect “the right to fail”? — and, the vexing problem of privacy harms.

Posted on by babaksiavoshy

An interesting post on Lawfare quoting David Hoffman on the right to privacy as the “right to fail”: 

In the past, I have discussed the European Commission’s “Right to be Forgotten” proposal, and the issues with trying to provide a comprehensive right to wipe a record clean. I have argued individuals need a sphere of privacy where they know they can make mistakes, without those errors following them for the rest of their lives. Individuals will shy away from risky or provocative ideas and efforts, if they fear organizations will use those activities to discriminate against them forever. These provocative ideas challenge the status quo and are often what is needed to break away from conformity and innovate. Technology companies are familiar with this need for space to allow employees to innovate, and many structure their performance review systems to create the ability for individuals to take risks.  I call the need for this space for innovation, “The Right to Fail”.

I appreciate new and thoughtful attempts at defining the value of privacy, and Hoffman’s idea has a ring of truth to it. 

This brings me to another topic: the vexing problem of privacy harms.  The most vexing failure of privacy scholarship, in my opinion, is that “privacy advocates” have failed to articulate in simple terms (to the public or any other audience) the value of privacy and the harm from undermining it. 

I’m not suggesting there is an easy solution to this problem, but I have some thoughts about its sources.  There are several reasons privacy harms and benefits are difficult to articulate, including the following:

(1) in addition to being an individual right, privacy is (in the most important ways) a collective or system-based right, and the harm from violating privacy rights and the benefits from protecting them are only apparent in the aggregate.  That makes these harms and benefits more difficult to articulate in simple terms. 

In this sense, privacy is like voting — it may be a relatively small societal harm to prevent one person from voting, but restricting the right to vote will, in the aggregate, fundamentally change the democratic nature of the system we live in.  In the same way, taking away a bit of privacy from one person might not be a huge deal, but curtailing privacy rights across the board may fundamentally change the type of society we live in — for example, by discouraging innovation, experimentation, or dissent.  

To be sure, the concept of privacy as a collective or systemic right is hardly new.  Julie Cohen’s book Configuring the Networked Self and Dan Solove’s recent book Nothing to Hide each cover some of the theory behind this understanding of privacy. 

(2) A second possible reason privacy harms and values are hard to articulate is the boiling frog problem.  Like the frog who doesn’t know it’s boiling until it’s too late, the harm from undermining privacy might not be apparent to us until it’s too late.  This is related to (1) above — we may not take notice of incremental encroachments on privacy rights, but we may find (hopefully not too late) that the the delayed, aggregate harm to the system may be very great indeed.

(3) A third reason privacy harms and values are difficult to articulate is that technology just isn’t there yet.  Believe it or not, we’re still at the beginning of the road when it comes to effectively collecting and processing the mountains of personal and public data in the world.  Just as we may have to wait for technology to catch up before we see the full value of that collection and processing, we may also have to wait to see the full scope of possible harms that could result. 

These are just quick thoughts. 

Does privacy protect “the right to fail”? — and, the vexing problem of privacy harms.

Advertisements

Do you have a constitutional right to record the police in public spaces? The Obama Administration says yes.

Posted on by babaksiavoshy

You have a First Amendment right to record the police in public spaces, and a Fourth and Fourteenth Amendment right protecting you from having those recordings seized without probable cause or due process.

That, at least, is the Obama Administration’s position, articulated in a brief earlier this month by the Department of Justice’s Civil Rights division.  (The brief was the second one by the Obama Administration on this issue).  The case involves Mannie Garcia, a White House credentialed journalist who sued the Maryland Police department after he was arrested while photographing police officers.

The Administration’s position is a significant development in an unsettled and rapidly changing area of law.  It would arguably broaden the types of First Amendment challenges to police conduct that courts have been willing to consider.  And, as I discuss below, it is a position that is likely to have important consequences for how we conceive of government accountability in a world where technology is changing the way we enjoy—and conceive of—privacy.

The facts of the case 

The case is the latest in a growing number of incidents and legal challenges involving the right to record the police.  According to the complaint, on June 6, 2011, Mannie Garcia observed Montgomery County Police Department officers arresting two men on a public street, took out his camera, and began photographing the incident from between 30 feet and 100 feet away. Garcia never interfered with the police activity, and other than clearly and audibly identifying himself as a member of the press, he did not speak to the officers.

This, according to Garcia, is when things got out of hand.  One of the officers became visibly upset that Garcia was recording and shouted that Garcia was under arrest.  He placed Garcia in a choke-hold and dragged him to the police cruiser.  The officer placed Garcia in handcuffs, seized his camera, and threw Garcia to the ground, injuring him.  While in the police car, Mr. Garcia observed the officer remove the battery and video card from his camera. 

Adding insult to injury, Garcia was charged with disorderly conduct—a charge for which he was acquitted after a bench trial.  Although his possessions were returned to him when he was released, Garcia’s video card was never returned. 

The Obama Administration’s arguments 

The Obama Administration’s brief makes four basic arguments. 

  • First, the Administration argues that there is a First Amendment right to record the police in public spaces, so long as the recording does not interfere with the police activity.  This is both because of where the recording occurred and what it was a recording of.  The Supreme Court has long held that public streets are “held in trust for the use of the public … for purposes of assembly, communicating thoughts between citizens, and discussing public questions.”  Hague v. Committee for Industrial OrganizationAnd the recording of police activity—which courts have characterized as speech critical of the state—lies at the very center of what the First Amendment protects.  As the Supreme Court has put it, “the freedom of individuals verbally to oppose or challenge police action without thereby risking arrest is one of the principal characteristics by which we distinguish a free nation from a police state.” City of Houston v. Hill.
  • Second—bloggers rejoice—the Obama Administration argues that there is no difference, as far as the First Amendment is concerned, between so-called citizen journalists and official members of the press.  Garcia was a White-House Credentialed journalist, but his status as such has no bearing on the case—any old (or young) blogger or activist would be entitled to the same protection.  (This strikes me as the right result, and in line with Eugene Volokh’s findings on the meaning of “press” in the First Amendment). 
  • Third, the Administration argues that the Fourth and the Fourteenth Amendment provide strong protection for recordings of police activity once they are made.  In Garcia’s case, the brief argues, the police violated Garcia’s Fourth and Fourteenth Amendment rights (in addition to his First Amendment rights) when it seized his camera without a warrant or due process of law. Crucially, the Administration also argues that the reviewing court should treat the Fourth Amendment and First Amendment claims separately.
  • Finally, the Obama Administration argues that the police cannot use broad laws that such as disorderly conduct, loitering, disturbing the peace, and resisting arrest as a pretext to arrest individuals for recording the police. 

An expansion of First Amendment rights against the police

I wrote this week about the Supreme Court’s ruling in Jardines being in tension with the general rule that courts do not look into police intent in resolving Fourth Amendment issues. 

It looks like the Obama Administration’s position on police recording might also create some tension with that rule: it asks a court to treat stops and arrests differently when the purpose of the stop is to prevent someone from peacefully recording police activity.

Specifically, the Administration’s brief is in tension with longstanding Supreme Court doctrine that a police officer’s “[s]ubjective intent does not make otherwise lawful conduct illegal or unconstitutional.”  Whren v. United States. In practice, this rule means legal claims that an arrest or stop is based on an improper motive, such as race, will generally fail in court if the police can point to some valid basis for the stop—say, a broken taillight, disorderly conduct, or a loitering violation.  

Legal challenges to so-called “pretextual” police stops or arrests (where the police stops you for a traffic violation, but their real reasons were different) are therefore rarely successful.The Obama Administration’s position would seem to change this by making a certain type of police conduct—retaliation for recording the police—actionable even where the police had a valid basis for the arrest. 

In other words, the Administration’s brief appears to make an exception to the pretextual stop rule when the pretext in question appears to be quashing First Amendment speech.

Two other facts about the Administration’s brief underscore the breadth of the position.  First, the administration asks the court to treat Mr. Garcia’s First and Fourth Amendment claims separately.  This means that if Mr. Garcia does not have a Fourth Amendment claim—say, because the officers had some objective basis to arrest him—he may still have a First Amendment claim if the police’s objective basis was a pretext to stop him from recording.[1]

Second, the Administration argues that police should not be permitted to use broad laws that such as disorderly conduct, loitering, disturbing the peace, and resisting arrest as a pretext to arrest individuals for recording the police.

Put together, these arguments would arguably significantly broaden the type of retaliation claims against the police that courts will hear.  

I’m hoping to write a bit more about the legalistic aspects of this in another blog post—“when does probable cause kill your First Amendment rights?” 

The Fourth Amendment is shrinking. Long live the First Amendment?   

Fourth Amendment scholar Paul Ohm recently asked what role the Fourth Amendment will play in a world where technology has radically changed how we conceive of privacy.  One might answer with a different question—what role will the First Amendment play in a world where technology has radically changed how we conceive of speech and association?  

The First and the Fourth Amendments play different but complimentary roles when it comes to holding the government to account.  The privacy and property rights protected by the Fourth Amendment create the necessary space individuals and groups need to flourish, while the speech and associational rights protected by the First Amendment allow people to sound the alarm and mobilize democratic forces when government is out of bounds.  

As these police recording cases show, as the Fourth Amendment shrinks in the face of technology, we may see the First Amendment pick up some of the slack.  After all, in a world where nearly anyone can record and disseminate a message critical of the government to millions of others, the First Amendment is likely to play a far bigger role in ensuring government accountability than it ever has.  

—-

[1] Based on a quick look, this is not a well-established position in the case law, though I suspect it is sound.  There is some supporting case law in the Ninth Circuit—see Skoog v. County of Clackamas, 469 F.3d 1221, 1235 (9th Cir. 2006)—however, even that has been narrowed in later cases. 

The Big Data coffee table book, brought to you by FedEx, EMC, and Cisco, among others

Posted on by babaksiavoshy

From lawfare:

Big Data finally has its own coffee table book. From Day in the Life series creators Rick Smolan and Jennifer Erwitt, The Human Face of Big Data is bursting with stories of Big Data modern miracles, promising even those will soon seem quaint. It’s a visually stunning effort on behalf of Big Data public relations. As awareness of increasingly sophisticated – and potentially invasive – Big Data tools grows, some branding has to fill the alarmist media void. But is this the PR campaign Big Data needs?

In the introduction, Smolan describes himself as a “convert” to the power of Big Data and writes that he intends to start a conversation. This particular conversation happens to be sponsored by EMC, Cisco, and FedEx among others. The book begins and ends with glossy advertisements for EMC. Although this transparency is laudable, it is hardly surprising that a leading provider of data storage and cloud computing has paid for a book that thinks Big Data is pretty great.

My emphasis.  I guess a coffee table book is better than a very long excel spreadsheet.  

 

How your movements reveal your identity (CNN)

Posted on by babaksiavoshy

From CNN

Can you be identified only by where you take your phone? Yes, according to a new study, which finds it’s not very hard at all.

While most of us are free to go wherever we want, our daily and weekly movement patterns are pretty predictable. We go to work, to school, to church, to our neighborhood gym, grocery store or coffee shop, and we come home — all quietly tracked by the GPS in our phone.

And with nothing more than this anonymous location data, someone who wanted to badly enough could easily figure out who you are by tracking your smartphone. Patterns of our movements, when traced on a map, create something akin to a fingerprint that is unique to every person.

Those are the findings of a report by researchers from MIT and elsewhere, published this week in the journal Scientific Reports.

Some thoughts on Jardines and police intent

Posted on by babaksiavoshy

Yesterday the Supreme Court issued its opinion in Florida v. Jardines, its second case this term about how the police can use trained dogs to search for contraband.  I found the decision interesting for a number of reasons, not the least of which is the unconventional configuration of the majority opinion, which teams Justices Thomas and Scalia with Sotomayor, Kagan, and Ginsberg.

Below are some initial thoughts about the case, specifically, its implications for the rule against inquiring into police intent.  I’ll probably post more about the Court’s “implied license” argument—and specifically, its implications for the much maligned third party doctrine—in the coming days.

Facts and holding

The State of Florida filed charges of marijuana trafficking against Mr. Jardines after police used a drug dog to find marijuana plants inside his home.  Here are the facts as described in the syllabus:

Police took a drug-sniffing dog to Jardines’ front porch, where the dog gave a positive alert for narcotics. Based on the alert, the officers obtained a warrant for a search, which revealed marijuana plants; Jardines was charged with trafficking in cannabis.

Jardines challenged the search and the Supreme Court held in his favor, finding that the police officer’s conduct violated the Fourth Amendment.  As Kevin Russel of scotusblog eloquently explains, the Court’s rationale hinged on accepted rules governing when and why a member of the public can walk onto a homeowner’s property:  

While the public, including the police, generally have license to approach a house’s front door (for example, to leave a flier or ask the occupant to answer a question), that license does not include an invitation to bring a dog onto the porch to search for drugs.  If a member of the public did that, Justice Scalia observed, it would “inspire most of us to – well, call the police.”

While the Court’s holding seems straightforward enough, it is in tension with previous Supreme Court cases regarding the relevance of officer intent to the Fourth Amendment analysis.  

Is a police officer’s purpose or intent relevant to the Fourth Amendment analysis after Jardines?

It is black letter law that a police officer’s “[s]ubjective intent,” however improper, “does not make otherwise lawful conduct illegal or unconstitutional.”   The rule was established by the Supreme Court in Whren v. United States—and in practice, it makes it exceedingly difficult to bring a successful Fourth Amendment challenge to a stop or an arrest based on allegations of racial profiling or other improper motives.

The key language in the majority’s opinion in Jardines, which requires an inquiry into the “purpose” of an intrusion onto private property as part of the Fourth Amendment analysis, seems to be in tension with Whren’s no-purpose rule.  

Here’s a relevant passage from Jardines:

A police officer not armed with a warrant may approach a home in hopes of speaking to its occupants, because that is “no more than any private citizen might do.” Kentucky v. King, 563 U. S. ___, ___. But the scope of a license [to enter the home] is limited not only to a particular area but also to a specific purpose, and there is no customary invitation to enter the curtilage simply to conduct a search. Pp. 5–8.[1]

In other words, the officer was free to walk onto Jardines’ porch with the right purpose—say, if all he wanted was to ask Jardines a few questions—but the Fourth Amendment made it unconstitutional for the officer to walk onto Jardines’ porch with the intent to use his dog to search for drugs (without a warrant).

This holding is difficult to reconcile with the holding from Whren, that “[s]ubjective intent does not make otherwise lawful conduct illegal or unconstitutional.” The government’s brief argued as much, but the Court denied the inconsistency:

The State points to our decisions holding that the subjective intent of the officer is irrelevant. See Ashcroft v. al-Kidd, 563 U. S. ___ (2011); Whren v. United States, 517 U. S. 806 (1996). But those cases merely hold that a stop or search that is objectively reasonable is not vitiated by the fact that the officer’s real reason for making the stop or search has nothing to do with the validating reason …

Here, however, the question before the court is precisely whether the officer’s conduct was an objectively reasonable search. As we have described, that depends upon whether the officers had an implied license to enter the porch, which in turn depends upon the purpose for which they entered. Here, their behavior objectively reveals a purpose to conduct a search, which is not what anyone would think he had license to do.

The Court’s attempt at distinguishing Whren is, to me, unpersuasive.  The Court asserts that officer intent matters when intent goes to the reasonableness of a search, as in Jardines, but not when intent is not relevant to the reasonableness of the search, as in Whren. 

But that begs the question.   The very issue the Court was asked to answer in Whren—and the government argued, the Court should answer in Jardines—is whether and when intent should be relevant to the reasonableness of a search.  The Court’s determination that intent was relevant in one case (Jardines) and not in the other (Whren) seems little more than ipse dixit.

Putting aside the Court’s reasoning, the bottom line is that the police officer’s actions were unconstitutional in Jardines precisely because his purpose was to search the home, implying that those same actions may have been constitutional if the officer had a different purpose.  (To be fair, this is not completely novel in the context of searches of the home, but more on this in my next post.)

In other words, the Supreme Court—first in Jones and now in Jardines—has been willing to make police intent or purpose (at least when that purpose is undisputed) relevant to the Fourth Amendment analysis in some cases: specifically, in cases where the reasonableness of the search depends on the scope of a “license” to enter a constitutionally protected area.  

In my next post, I’d like to explore whether the court’s “implied license” argument has any implications for the much-maligned third party doctrine.  Implied and express licenses arguably govern a great swath of information that we store in “the cloud”—from email to Facebook messages to Dropbox files.  If (and this is, admittedly, a big “if”) the scope of those licenses is relevant to whether, and for what purpose, a police officer or government official can request cloud data, then we may be in for a rethinking of some of the Court’s seminal Fourth Amendment jurisprudence.  But more on that later.

[1] Note that the Court here talks about the officer’s “purpose,” while the Court in Whren was concerned with the officer’s “intent.”  While there may be a colorable distinction between “purpose” and “intent” in this context, I’m not sure the distinction is relevant or that it would survive scrutiny. 

CRS Reports on Privacy and Cloud Computing –

Posted on by babaksiavoshy

these rock.  H/T to FAS (link above) for posting


New and updated products from the Congressional Research Service that Congress has not made readily available to the public include the following.

CRS Reports on Privacy and Cloud Computing –

Supreme Court applies US v. Jones test in dog-sniff case

Posted on by babaksiavoshy

The Court applied the “a-trespass-to-collect-information-is-a-search” test from US v. Jones to hold that bringing a police canine to the door of a home is a “search” requiring a warrant.  

Initial thoughts: I worked on the Jones case when I was at O’Melveny & Myers, and my colleagues and I specifically included the trespass-as-search materials to get Scalia’s vote.  I would not have predicted that the test would one day be applied to a canine sniff case, but here we are.

There is still some tension in the Court — here between the concurring/dissenting justices and the majority—regarding when or whether to use the reasonable expectation of privacy test and when to use the trespass test.  

And among the justices who do apply the REOP test (the concurrence and the dissent), there is no agreement on whether the conduct here violated reasonable expectations of privacy.  Justice Kagan sees the dog-sniff as falling squarely under Kyllo, which involved the use of heat sensing technology to “see” into a house.  The dissenting justices disagree the intrusion was unreasonable. This disagreement, at least on administrability grouds, seems to vindicate the bright lines of Scalia’s trespass test.  

In sum, it’s another big Fourth Amendment case with a strange configuration of opinions and potentially far reaching consequences.  Welcome to privacy at the Supreme Court. 

Decision here: http://www.supremecourt.gov/opinions/12pdf/11-564_jifl.pdf

The syllabus:

Police took a drug-sniffing dog to Jardines’ front porch, where the dog gave a positive alert for narcotics. Based on the alert, the officers obtained a warrant for a search, which revealed marijuana plants; Jardines was charged with trafficking in cannabis. The Supreme Court of Florida approved the trial court’s decision to suppress the evidence, holding that the officers had engaged in a Fourth Amendment search unsupported by probable cause.

Held: The investigation of Jardines’ home was a “search” within the meaning of the Fourth Amendment. Pp. 3–10.
(a) When “the Government obtains information by physically intruding” on persons, houses, papers, or effects, “a ‘search’ within the original meaning of the Fourth Amendment” has “undoubtedly occurred.” United States v. Jones, 565 U. S. ___, ___, n. 3. Pp. 3–4.
(b) At the Fourth Amendment’s “very core” stands “the right of a man to retreat into his own home and there be free from unreasonable governmental intrusion.” Silverman v. United States, 365 U. S. 505, 511. The area “immediately surrounding and associated with the home”—the curtilage—is “part of the home itself for Fourth Amendment purposes.” Oliver v. United States, 466 U. S. 170, 180. The officers entered the curtilage here: The front porch is the classic exemplar of an area “to which the activity of home life extends.” Id., at 182, n. 12. Pp. 4–5.
(c) The officers’ entry was not explicitly or implicitly invited. Officers need not “shield their eyes” when passing by a home “on public thoroughfares,” California v. Ciraolo, 476 U. S. 207, 213, but “no man can set his foot upon his neighbour’s close without his leave,” Entick v. Carrington, 2 Wils. K. B. 275, 291, 95 Eng. Rep. 807, 817. A police officer not armed with a warrant may approach a home in hopes of speaking to its occupants, because that is “no more than any private citizen might do.” Kentucky v. King, 563 U. S. ___, ___. But the scope of a license is limited not only to a particular area but also to a specific purpose, and there is no customary invitation to enter the curtilage simply to conduct a search. Pp. 5–8.
(d) It is unnecessary to decide whether the officers violated Jardines’ expectation of privacy under Katz v. United States, 389 U. S. 347. Pp. 8–10.

73 So. 3d 34, affirmed.

SCALIA, J., delivered the opinion of the Court, in which THOMAS, GINSBURG, SOTOMAYOR, and KAGAN, JJ., joined. KAGAN, J., filed a concurring opinion, in which GINSBURG and SOTOMAYOR, JJ., joined. ALITO, J., filed a dissenting opinion, in which ROBERTS, C. J., and KENNEDY and BREYER, JJ., joined.

Supreme Court applies US v. Jones test in dog-sniff case

Big Data and a Renewed Debate Over Privacy – NYTimes.com

Posted on by babaksiavoshy

Interesting piece about the privacy challenges raised by so-called “big data” (an ill-defined term).  Confirms that while most people seem to agree there is a need for privacy safeguards, one important and unresolved tension is whether those safeguards should come in after the fact, in the form of restrictions on how data is used (and by whom) once the data is already collected and stored indefinitely; or before the fact, in the form of rules that limit collection and retention. This is anecdotal, but in my experience technologists seem more often to prefer the first type of safeguards and lawyers the second.

 

 

Big Data and a Renewed Debate Over Privacy – NYTimes.com

Security Hole Allows Apple Passwords to Be Reset With Only Email Address and Date of Birth

Posted on by babaksiavoshy

This vulnerability is similar to the one used by hackers to hijack Matt Honan’s entire digital life last year. This does not look good for Apple.  

yostivanich:

Apple yesterday rolled out two-step verification, a security measure that promises to further shield Apple ID and iCloud accounts from being hijacked. Unfortunately, today a new exploit has been discovered that affects all customers who haven’t yet enabled the new feature. It allows anyone with your email address and date of birth to reset your password — using Apple’s own tools. We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page. It’s a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand. Out of security concerns, we will not be linking to the website in question.

Security Hole Allows Apple Passwords to Be Reset With Only Email Address and Date of Birth