In his influential dissent in Olmstead v. United States, Supreme Court Justice Brandeis wrote:
[E]very unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment.
Brandeis was the first in a decades-long line of justices who rejected the idea that whether a “search” has occurred depends on whether there was a physical trespass onto something protected by the Fourth Amendment (our “persons, houses, papers, and effects”).
The trend culminated in what is now known as the “reasonable expectation of privacy” test from Katz v. United States. As of Katz, a Fourth Amendment search takes place whenever the government violates an actual expectation of privacy that society is prepared to recognize as reasonable, whether or not there is a physical trespass.
While the doctrine at first seemed to offer us more privacy protection than we had under the “trespass doctrine,” things quickly changed. Twelve years after Katz, the Supreme Court decided Smith v. Maryland, a case involving the warrantless installation of a pen register — a device that collects telephone “metadata,” such as phone numbers dialed, and perhaps time and length of phone calls. The Court held that installation of a pen register is not a search, because the data being collected by the device is data that the customer has shared with the phone company, a “third party.” Once one has shared data with a third party for any purpose, the Court held, one no longer has a “reasonable expectation of privacy” in it.
And so the “reasonable expectation of privacy” test, once believed to be privacy’s greatest ally, quickly became its nemesis. Legal protection of information we share with a third party is now given only by the grace of statute. Today, more and more of what we do involves sharing information via third parties, either online or via cellular network. In this context the third-party doctrine, combined with policies of liberal data sharing among federal agencies, has transported us into a virtual Benthamite panopticon.
Brandeis et al. wanted to free us from worrying about the means by which government invaded our privacy, and as a result we get to worry about what statutory protection our government deigns to offer our private information. As Snowden’s revelations have shown, that protection doesn’t amount to much.
Legislation requiring a stronger showing of cause and particularized suspicion for the installation of pen registers, and prohibiting the bulk collection of both communications metadata and financial transactional data, would be a great first step toward reclaiming the privacy protection we deserve. Ultimately, however, the proper legal protection of privacy will depend on the Supreme Court overturning the third-party doctrine and, even better, the “reasonable expectation of privacy” test on which it rests. (As I’ve argued elsewhere, the proper legal protection of privacy depends, ironically, on abandoning the “right” to privacy and returning to the protection of privacy via our rights to property and contract.) While Justice Sotomayor is apparently skeptical about the prospects for modifying or overturning the third-party doctrine, many of us took her concurrence in United States v. Jones as an indication that the Court might be ready to do so.
Until such time as meaningful reform can be implemented, our best hope for the legal enjoyment of privacy are technologies—some already available, some still in development—that allow us to browse the Internet anonymously or encrypt our digital communications. These technologies make privacy legal by minimizing the information we share with “third parties.” They make it so that, if government agents want information about your email or your Internet browsing habits, they will have to do the virtual equivalent of knocking on your front door (rather than, to continue the analogy, trying to get your landlord, who may have only a skeleton key, to let them in). Assuming it is technologically feasible, I see no reason why it shouldn’t be legal for us to have the equivalent of our own home, complete with a key to which only we have access, on the Internet. I think that’s how our Founding Fathers would have wanted it.