Guest blogging at Concurring Opinions

It’s a great honor to be guest-blogging at www.concurringopinions.com for the next month or so. Catch my first two posts, on the Supreme Court’s recent decision in Maryland v. King, here:

I’m thrilled to be guest-blogging at Concurring Opinions just in time for Maryland v. King, the Supreme Court’s decision today on the constitutionality of DNA testing. The Court held (5-4) that the police’s collection (and testing) of King’s DNA after his arrest for a violent crime, and pursuant to Maryland’s public safety statute, was a reasonable search under the Fourth Amendment.

Though the case’s up/down holding is straightforward enough, the majority’s rationale is not. Read in a vacuum, the majority opinion reads as a full-throated legal and policy defense of the government’s use of DNA to verify a suspect’s identification at various stages following a lawful arrest.

But this case—and indeed, the Maryland statute at issue—was not merely about the use of DNA testing for a routine purpose ancillary to police investigations, such as verifying a suspect’s identification. It was, instead, also about the use of suspicionless DNA searches as part of the police’s quintessential activity: investigating and solving crimes.  And that is precisely the conduct which the majority’s opinion authorizes.  (Do read Justice Scalia’s dissent, which argues this point persuasively).

and here

This is a follow-up to my previous post on the Supreme Court’s recent decision in Maryland v. King, which upheld, over a scathing dissent by Justice Scalia, the constitutionality of DNA searches of arestees for “serious offenses” under Maryland’s public safety statute.  One open question after King is how the majority’s rule would apply to other states’ DNA collection statutes, which permit DNA collection for a broader range of offenses than does Maryland’s statute.

The King majority repeatedly limited its holding to DNA searches that followed arrests for a “serious offense.” But what counts as a serious offense?  This is a live question in Haskel v. Harris, the ACLU’s challenge to California’s DNA collection law (Prop. 69). According to the ACLU, California’s law would permit DNA collection for arrests on suspicion of “simple drug possession, joyriding, or intentionally bouncing a check.” An en banc panel of the Ninth Circuit is considering the case in light of Maryland v. King. If the ACLU’s characterization is correct, then California’s law may not survive intact underKing’s “serious offense” limiting principle.

Advertisements

The Fourth Amendment’s Future

Shortly after the Supreme Court issued its decision in US v. Jones, my (former) colleague Micah and I — who had written much of the brief together — reflected on the decision’s implications for Fourth Amendment law in a post on the ACS blog titled “The Fourth Amendment’s Future.”  

While a number of people in the privacy community thought Jones didn’t go far enough (I recall Tom Goldstein, a prominent Supreme Court advocate, calling the decision a potential “nothingburger”) we argued the Jones opinion was important proof that the Fourth Amendment is resilient enough to survive technological change.  

Here’s what we wrote (original here), with some thoughts in hindsight:

The Fourth Amendment’s Future

In June of last year, Chief Judge Alex Kozinski and one of his law clerks wrote a eulogy for the Fourth Amendment, in which they mournfully concluded that “[w]ith so little left private, the Fourth Amendment is all but obsolete.” With the benefit of hindsight, it seems the eulogy may have been premature. On Monday, the Supreme Court handed down its decision in United States v. Jones, and unanimously held that the government violated Antoine Jones’s Fourth Amendment rights by surreptitiously monitoring his vehicle’s movements on public roads for four weeks. The Court’s decision is a ringing endorsement of the Fourth Amendment as a bulwark of liberty — and of the Amendment’s relevance to the surveillance technologies of the twenty-first century.

As members of Antoine Jones’s legal team in the Supreme Court, we thought we’d offer a few thoughts on the case and its implications. Given the significant amount of commentary that is already available on the blogosphere, we won’t dwell too much on the details. (For readers interested in a more granular analysis, we recommend Tom Goldstein’s post atSCOTUSblog. Or Orin Kerr’s several posts atThe Volokh Conspiracy. For readers interested in a broader overview, try Adam Liptak’s article in The New York Times.)

Prior to Jones, there were good reasons to believe the Fourth Amendment was dying. Since the Court decided Katz v. United States over forty years ago, the Amendment’s protections were commonly understood to apply only when the government intruded on a person’s subjective expectation of privacy that society would deem reasonable. The Court had never explicitly overruled earlier cases that pinned the Fourth Amendment to founding-era property concepts, but any commentator familiar with LaFave’s authoritative treatises would have been tempted to conclude that those cases had lost their vitality, or were, in legal jargon, no longer “good law.”

The problem was that at the same time it took on Fourth Amendment primacy, privacy was losing some of its power. This was in part because new and fast-changing technologies — think smart phones, sophisticated data mining techniques, and Google — were at once making our lives more and more convenient and less and less private. It was also perhaps because a new generation of Americans has come of age with Twitter and Facebook and YouTube, and many of us now have a much more complicated relationship with privacy. It’s a relationship that takes for granted that privacy might flourish even in public places, and even in information that has been shared with some people but not everyone. And it’s a relationship the law has been too quick to paint as a lack of any privacy at all.

Perhaps that’s in part what motivated the Court in Jones to write an opinion that ensures the Fourth Amendment would survive the death of the traditional notion of privacy. In a legally groundbreaking majority opinion for the Court, Justice Scalia wrote that the government engaged in a “search” simply because it committed “a physical intrusion of a constitutionally protected area in order to obtain information.” Finding that this “common-law trespass test” was enough to decide the case, the majority passed on applying the alternative “reasonable expectation of privacy test”— or what many would have thought was not the alternative test, but the only one.

It was left to Justice Alito, in an opinion concurring in the judgment, to apply Katz’s privacy-based test to the government conduct. He concluded that the 28-day surveillance of Jones’s movements on public streets was enough to violate Jones’s reasonable expectation of privacy.  Justice Sotomayor embraced both Justice Scalia’s and, to some extent, Justice Alito’s opinions, and wrote a potentially pathmarking concurrence that explained how the reasonable expectation of privacy test should be applied to future technologies and cases. Notably, Justices Alito and Sotomayor recognized that privacy does not wither in public, and Justice Sotomayor went so far as to say that Fourth Amendment jurisprudence should “cease to treat secrecy as a prerequisite for privacy.”

Taken together, these three opinions create what we might call a “big tent” approach to the Fourth Amendment, which should attract both property and privacy rights enthusiasts. It effectively creates a two-step test that lower courts must apply to determine whether a particular government conduct is a Fourth Amendment “search.” First, courts should ask whether the government obtained information through an act amounting to a physical intrusion of a constitutionally protected area — an individual’s person, home, papers, or effects. Such a trespass is presumably always a search, regardless of the scope of the intrusion or the privacy interests at issue. Second, if there is no physical intrusion, court should apply the familiar reasonable expectation of privacy test from Katz, in light of the additional guidance from Justice Alito and Justice Sotomayor’s concurring opinions.

The biggest open question, of course, is how courts will apply these standards in future cases.  Only time will tell. But as several commentators have already noted, the Jones decision’s “big tent” approach leaves open many important questions about how the property- and privacy-based tests should be applied in new situations, particularly in those involving emerging surveillance technologies.

We predict that the fate of each of these tests is likely to be driven by the Justices who are perhaps least likely to be sympathetic to the interests the tests preserve.

On the one hand, Justice Alito has taken a leading role in articulating how privacy should be understood and applied in cases involving emerging technologies. It might be fair to say, however, that in comparison to the other Justices sympathetic to the privacy test — Justices Ginsburg, Breyer, Sotomayor, and Kagan — Justice Alito is the least likely to apply the test expansively in future cases. On the other hand, Justice Sotomayor has cast herself in a leading role in articulating how the Court’s new common-law trespass test should be understood and applied in future cases. As the fifth vote for the property-driven standard, she is likely to play an influential role in determining the test’s fate. And she is probably the least likely of the other Justices who have embraced the common-law trespass test — the Chief Justice and Justices Scalia, Kennedy, Thomas — to apply the property-centric test expansively.

Time holds many mysteries. The more nuanced view of privacy that Justices Alito and Sotomayor embraced might lead to a reasonable-expectation-of-privacy test that will survive technological advances. Or perhaps the common-law trespass test will serve as a critical backstop. But one thing was made clear on Monday: the Fourth Amendment is not yet ready to rest in peace.

With a couple year’s distance I think we were more or less right.  The Jones decision was not a “nothingburger.”  This is clear both from the Supreme Court’s application of Jones in subsequent cases, including Jardines, and from the continued attention the case has recieved in the legal academy.  

If the round up from this year’s PLSC papers is any indication, the Jones decision is also on the minds of academics and practitioners working at the forefront of privacy. My own paper at this year’s PLSC is no exception: it seeks to ground the Fourth Amendment’s flexibility in its text, history, and key Supreme Court precedent, including Jones.  More on that soon. 

Big Data and a Renewed Debate Over Privacy – NYTimes.com

Interesting piece about the privacy challenges raised by so-called “big data” (an ill-defined term).  Confirms that while most people seem to agree there is a need for privacy safeguards, one important and unresolved tension is whether those safeguards should come in after the fact, in the form of restrictions on how data is used (and by whom) once the data is already collected and stored indefinitely; or before the fact, in the form of rules that limit collection and retention. This is anecdotal, but in my experience technologists seem more often to prefer the first type of safeguards and lawyers the second.

 

 

Big Data and a Renewed Debate Over Privacy – NYTimes.com

Security Hole Allows Apple Passwords to Be Reset With Only Email Address and Date of Birth

This vulnerability is similar to the one used by hackers to hijack Matt Honan’s entire digital life last year. This does not look good for Apple.  

yostivanich:

Apple yesterday rolled out two-step verification, a security measure that promises to further shield Apple ID and iCloud accounts from being hijacked. Unfortunately, today a new exploit has been discovered that affects all customers who haven’t yet enabled the new feature. It allows anyone with your email address and date of birth to reset your password — using Apple’s own tools. We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page. It’s a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand. Out of security concerns, we will not be linking to the website in question.

Security Hole Allows Apple Passwords to Be Reset With Only Email Address and Date of Birth

Babak Siavoshy is a fellow and supervising attorney at the Samuelson Law, Technology & Public Policy Clinic at the UC Berkeley School of Law, where his work centers on the constitutional and legal implications of emerging technologies. He has worked on technology and privacy issues for California Attorney General Kamala Harris, and as an associate at O’Melveny & Myers LLP in Washington D.C.

Siavoshy has been a visiting scholar at Georgetown Law‘s Center on National Security and the Law, where his research focused on biometric identification technologies. He also served as a law clerk to the Honorable John T. Noonan, Jr., on the United States Court of Appeals for the Ninth Circuit in San Francisco. He is a graduate of UC Berkeley, earning bachelor’s degrees in English and in philosophy in 2004, and a law degree in 2008.