Don't Tread on My Metadata


Do you classify Edward Snowden -- the former National Security Agency contractor contractor charged with espionage, and runner-up for Time's "Person of the Year" -- as a hero or a traitor? Your answer likely depends on your opinion of the NSA programs he helped publicize via his leaking of highly classified documents. In this week's revelations, we learn that the NSA deploys agents to infiltrate online gaming communities, and that it uses the Google tracking cookies we thought were responsible only for that eerie and annoying targeted advertising. We also learned recently that the NSA collects “nearly 5 billion records a day on the whereabouts of cellphones around the world.” Earlier this year, we learned that the NSA has been continuously collecting phone record “metadata” of all Verizon customers for the last seven years. The NSA also accessed email and other forms of Internet communication -- including Skype voice and video communications -- via a secret program called Prism. Director of National Intelligence James Clapper described these programs as “acquiring” information only about foreigners, and yet “49-plus percent of the communications [intercepted and stored under the Prism program] might be purely among Americans….”

Whatever you think of Snowden, his actions have drawn significantly more attention to the NSA’s intrusive programs. Now the question is: will anything be done about them?

Proponents of the programs have noted that, although data collection is performed without probable cause or particularized suspicion, only transactional metadata, not the content of communications, is collected. Moreover, their proponents continue, these programs make it easier for the government to identify and track suspected terrorists, and therefore strike the right “balance” between privacy and security. In addition, some argue, the programs are perfectly legal: according to the “third-party doctrine,” there is no “reasonable expectation of privacy” in metadata we share with our phone companies, Internet service providers, etc., and the collection of metadata is authorized by the Patriot Act or the FISA Amendments Act.

The applicability or purported constitutionality of these statutes is, I think, beside the point. The third-party doctrine itself is flawed and should be eliminated.

In this article, I’ll first discuss the third-party doctrine, including its history and the types of cases to which is has been applied. Then I will propose a better way of dealing with cases typically thought to fall under this doctrine. Finally, I will use the common law of contract to answer the charge that eliminating the third-party doctrine will prevent government from using secret agents in law enforcement.