Zittrain's paper

From Cyberlaw

Zittrain/Harvard Law Review Forum 2.0 1 January 2006

Contents 1 SEARCHES AND SEIZURES IN A NETWORKED WORLD 1.1 I. Shifts from personal to networked storage 1.2 II. Mass data mining 1.3 III. <no title?????>

SEARCHES AND SEIZURES IN A NETWORKED WORLD

by Jonathan Zittrain*

119 Harv. L. Rev. F. __ (2006)

Replying to Orin S. Kerr, Searches and Seizures in a Digital World, 119 Harv. L. Rev. 531 (2005).

Professor Kerr has published a thorough and careful article on the application of the Fourth Amendment to the searches of computers in private hands – a treatment that had previously escaped the attentions of legal academia. Such a treatment is perhaps so overdue that it has been overtaken by two phenomena: first, the emergence of an overriding concern within the United States about terrorism; and second, changes in the way people engage in and store their most private digital communications and artifacts.

The first phenomenon has caused a challenge by the Executive to the very notion that certain kinds of searches and seizures may be proscribed or regulated by Congress or the Judiciary. The second phenomenon, grounded in the mass public availability of always-on Internet broadband, is leading to the routine entrustment of most private data to the custody of third parties – something orthogonal to a doctrinal framework in which the custodian of matter searched, rather than the person who is the real target of interest of a search, is typically the only one capable of meaningfully asserting Fourth Amendment rights to prevent a search or the use of its fruits.

Together these phenomena make the application of the Fourth Amendment to the searches of home computers – searches that, to be sure, still take place regularly by national and local law enforcement – an interesting exercise that is yet overshadowed by greatly increased government hunger for private information of all sorts, both individually and in aggregate, and by rapid developments in networked technology that will be used to satisfy that hunger. Perhaps most important, these factors transform Professor Kerr’s idea that a search shall have been conducted for Fourth Amendment purposes only when its results are exposed to human eyes: such a notion goes from unremarkably unobjectionable – police are permitted to entirely mirror a suspect’s hard drive and are then cConstitutionally limited as they perform searches on the copy – to dangerous to any notion of limited government powers. If “vacuum cleaner” approaches are used to record and store potentially all Internet and telephone communications for later searching with no Fourth Amendment barrier to the gathering activity, the government will be in a position to perform comprehensive surveillance of the public, subject to unprecedented abuse. [Why will the constitutional limitations be ineffective at the point at which the "results are exposed to human eyes"?

William Stuntz has argued that the Constitutional boundaries to government investigative authority appropriately [should or do? normative or descriptive?] wax and wane in keeping with variations of the degree and nature of threat from crime over time. The advent and continuing threat of mass terrorism on American soil thus justifies [so, normative!, and just because Stuntz says so??] contemplation of fewer restrictions on government information-gathering.

[forget stuntz here, he brings you down.]

Since a heightened threat broadly appreciated after the attacks of September 11, 2001, the most important areas of expansion have included:

1. Searches outside the bounds of a criminal investigation.
2. Secret searches.
3. Searches without judicial oversight.
4. Searches without specific statutory authorization; more precisely, searches that appear to be in direct contravention of statutory restrictions.
5. So-called “vacuum cleaner” searches, undertaken upon massive amounts of data from multiple sources without probable cause, looking for patterns that might indicate threats to national security.

[who made this list? and do we just take this list without illustration or derivation?]

Professor Kerr develops the idea that “[a]ny observable retrieval of information stored on a computer hard drive, no matter how minor, should be considered a distinct Fourth Amendment search,” and then examines in detail how specific warrants ought to be in framing such searches. In light of the expansion of government surveillance since 2001, Professor Kerr’s suggestion appears both right and quaint: at exactly the time he offers a thorough framework of warrants and judicial review for searching hard drives, an increasing number of searches appears to be taking place entirely outside the well-traveled path of Fourth Amendment analysis, taking place without the knowledge of a person searched, and eschewing the use of prosecutors, judges, warrants, and particularity. [This is intro material, first paragraph stuff]

The Fourth Amendment itself may invite such a doctrinal departure, since its proscription is against “unreasonable” searches and seizures, and searches undertaken to search for a ticking time bomb, rather than to find evidence of a generic crime[?? what's this?], may be reasonable if undertaken without a warrant. Taken together, however, the current areas of expansion stand to remove the structural safeguards designed to forestall the abuse of power by a government capable of knowing our secrets.

I. Shifts from personal to networked storage

The rise of always-on broadband has led to a shift towards people’s personal computers as mere workstations, with private data stored remotely in the hands of a third party. There is little reason to think that people have – or ought to have – any less of a first-order reasonable expectation of privacy for e-mail stored on their behalf by Google and Microsoft (through Gmail and Hotmail respectively) than they would have if it were stored in the personal computers themselves after being downloaded and deleted from their e-mail service providers. Yet the placement of such data in others’ hands seems to render the Fourth Amendment’s protections largely irrelevant. In SEC v. Jerry T. O’Brien, the Supreme Court held:

It is established that, when a person communicates information to a third party even on the understanding that the communication is confidential, he cannot object if the third party conveys that information or records thereof to law enforcement authorities. ... These rulings disable respondents from arguing that notice of subpoenas issued to third parties is necessary to allow a target to prevent an unconstitutional search or seizure of his papers.

Such a transition, at the technical level, of computing habits from generating diaries at home to business records held by a .com can largely moot such debates as whether the interception of e-mail in transit (whether by government or private party) should be viewed as covered by the lesser statutory protections of the Stored Communications Act or the heightened ones of the Wiretap Act, since nearly all transient communication can now end up accessibly stored in the hands of third parties.

These third parties may typically choose to disclose any of that information upon the request of the government – at least after receiving assurances by the requesting party that the information is sought to enhance the public safety. The records might be sought under the Stored Communications Act, which Professor Kerr has rightly described as not entirely protective of privacy.

Or the holders of such records may be compelled to release them through any of a series of expanded information-gathering tools enacted by Congress in the wake of September 11. For example, a third party storing networked sensitive personal data could be sent a secretly-obtained FISA-approved PATRIOT Act Section 215 order, directing the production of “any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities.” The party upon whom the order is served appears to have no recourse through which to appeal it, and may not disclose that he or she has received such an order. A search under Section 215 is likely not to be self-executed – i.e. government agents do not themselves break into a place storing records and perform a search. However, the fact of the search is not readily known by a target of interest in the search, since the party searched – whether a library, accountant, or Internet Service Provider – is not itself the target of interest. Probable cause to believe that the target of the search has committed a crime is not required for the search to be ordered, and indeed the target of interest may be assumed to be an innocent party, if a party still generating records of interest to the government in an international terrorism or counterintelligence investigation. Roughly 1,700 FISA applications were lodged in each of 2003 and 2004. (Four were rejected.)

Any of these remote hosts might also be served a “national security letter” concerning the production of envelope information. National security letters may be used to solicit information held by particular kinds of private parties, including the records of telephone companies, financial institutions (including such entities as pawn shops and travel agencies), and Internet Service Providers. For Internet Service Providers, the sorts of information sought can be “subscriber information and toll billing records information, or electronic communication transactional records.” This “envelope information” is not thought to extend to the contents of e-mail, but includes such things as the “to” and “from” fields of e-mail – or perhaps the contents of Google or other search engine queries made by a subscriber, since such queries are usually embedded in the URLs visited by that subscriber. If the government has questions about the identity of a user of a particular Internet Protocol address – the standard way to uniquely label each computer on the Internet – a national security letter could be used to match that label to a subscriber name. Under Section 505 of the PATRIOT Act, national security letters must meet a standard short of the probable cause associated with a traditional warrant: the FBI must instead assert to the private recipients of such letters that the records sought are in connection with an investigation into international terrorism. The letters are written and executed without judicial oversight, and Internet Service Providers who receive such letters are prohibited by law from telling anyone that fact. Government officials are cited as indicating that more than 30,000 national security letters are issued per year. Even if recipients of FISA orders or national security letters successfully press challenges to be permitted to disclose to the public that they have received such mandates, there is no assurance that they will do so – indeed, many may elect to remain silent about cooperating with the government under these circumstances, maintaining each of these searches as secret from the point of view of the target.

While techniques entailing less than probable cause for obtaining private communications and data are being deployed in the context of terrorism prevention, the movement of data from the PC to the network suggests that local law enforcement will follow: warrants served upon personal computers and their hard drives will yield less and less information, driving law enforcement to the networked third parties now hosting that information.

Since the statutory schemes protecting the privacy of citizens’ digital communications are at a low ebb, it is particularly important for government searches of the sort described here to meet a basic Fourth Amendment test of reasonableness. For remotely stored data, this suggests limiting the holding of SEC v. Jerry T. O’Brien to the financial records held by a broker of the sort at stake in that case, rather than finding that all cases of third-party custody of personal information entail no Fourth Amendment protections for the person whose information is so held. This could be done by way of analogy to Chapman v. United States, where a police search of a rented house for a whisky still was found to be a violation of the Fourth Amendment rights of the tenant whose illegally unregistered still was found – despite the landlord having given permission for the search. Government intrusion into one’s personal data should face a Fourth Amendment test whatever the happenstance of where that data may be stored – PC or network. [I've been liking this until this paragraph. You have not discussed the problem deeply enough to be solving it.]

Even information stored on a personal computer may no longer require the physical access to the hard drive that Professor Kerr so meticulously documents and for which he seeks to establish boundaries. So long as the computer is networked, the government might obtain the suspect computer’s IP address using any of the lesser mechanisms described above and then attempt to insist that any provider of software for the computer in question that supports “automatic update” deliver a special update to the computer prompting it to divulge specified contents to the provider and in turn to the government.

Professor Kerr’s exposure-based approach to searches seems particularly troublesome in this context. “In the computer context,” he writes, “there is no need to focus the ‘search’ inquiry on a physical action like entry; the law can look directly to exposure.” By exposure, Professor Kerr means “when information from or about the data is exposed to possible human observation, such as when it appears on a screen, rather than when it is copied by the hard drive or processed by the computer.” Such reasoning, however, would permit the wholesale copying of users’ hard drives over the network, entailing no physical intrusion for which a warrant would be needed, and for which the copying itself would not be a search. Users’ private data – even that stored on their own PCs – could, under this theory, be surreptitiously obtained and stored by the government, to be searched later should probable cause and a warrant be obtained (in the straightforward criminal context) or one of the newer terrorism-fighting tools (such as PATRIOT Act Section 215 FISA warrants or national security letters) be used – here by the government upon its own copy of hoarded citizen data.

How likely is a world of universal data retention, with the government in a position to copy and store the hard drives of the general public, later obtaining traditional warrants – or using the lessened standards of the FISA court – to examine the contents so copied? It seems remote since it is so far removed from today’s status quo, but another recent development in the realm of anti-terrorism – warrantless data mining – suggests enough plausibility that mass data retention must be considered. [what must be considered about it? whatz the quesiton?]

II. Mass data mining

Professor Kerr’s view that a search does not take place until human eyes set upon its results may suggests that the newly-revealed NSA surveillance program, which appears to rely on mass data mining, is comparatively innocuous from a Fourth Amendment perspective.

In December 2005, the New York Times reported that the U.S. National Security Agency has monitored telephone and Internet communications within the U.S. that originate or terminate outside the U.S. According to the article, “Under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible ‘dirty numbers’ linked to Al Qaeda, the officials said.”

The Attorney General confirmed the existence of the classified program in a press conference shortly thereafter. In follow-up reporting, the Times wrote, “Officials also say that the N.S.A., beyond eavesdropping on up to 500 phone numbers and e-mail addresses at any one time, has conducted much larger data-mining operations on vast volumes of communication within the United States to identify possible terror suspects. To accomplish this, the agency has reached agreements with major American telecommunications companies to gain access to some of the country’s biggest ‘switches’ carrying phone and e-mail traffic into and out of the country.” The program was not specifically authorized by Congress – and indeed, the Attorney General explained that it appears on its face to violate the Foreign Intelligence Surveillance Act. The position of the Executive is that such surveillance is permissible alternatively through the more general Authorization for the Use of Military Force in Afghanistan legislated in the wake of the September, 2001, terrorist attacks, or through the inherent power of the President to protect the national security and to wage war.

Judge Richard Posner, writing in the Washington Post about the implications of the newly-revealed NSA surveillance program, believes that “machine collection and processing of data cannot, as such, invade privacy. Because of their volume, the data are first sifted by computers, which search for names, addresses, phone numbers, etc., that may have intelligence value. This initial sifting, far from invading privacy (a computer is not a sentient being), keeps most private data from being read by any intelligence officer.”

The parameters of the NSA surveillance program are not well understood – public knowledge is thus far built around leaks to the New York Times and limited statements by public officials in reaction to the leaks – but it appears to involve such data mining at key points of interconnection for the global Internet, with the acquiescence of the network operators. If the NSA has indeed spliced in to Internet and telephony backbones in order to perform such scanning, there would be little barrier to it saving all such data as it measures it, for later searching. This may explain why there has been little pressure to seek legislation in the United States, parallel to that just approved by the European Parliament, for data retention – at least of digital envelope information and user identity – by ISPs for up to two years. As such databases grow, the Government essentially possesses its own stockpile of the Nation’s communications on which to perform searches. For the direct purposes of the NSA program, the Executive might elect to search the database for communications that appear to begin or terminate overseas and that, through the search terms use, only appear to involve terrorism. However, it – or local governments, for that matter – might then obtain traditional warrants by which to search the database more broadly. If the original compilation of the database is of no Fourth Amendment moment, then the use of warrants, based upon probable cause, to search for information having to do with regular crimes, might also be deemed permissible. Such searches would naturally be secret since no further intrusion upon the target or a third party (such as an ISP) is needed to execute it.

This highlights the most worrisome aspects of current government surveillance of digital space: it is undertaken entirely in secret, both as a general matter and for any specific search, and it exists in the absence of any statutory framework or judicial oversight. Professor Stuntz explains the value of a renewed focus on analogous physical “data mining” via group searches – for example, the searching of all cars near the site of a terrorist threat – and points out that such searches are naturally (and healthily) limited by the fact that large swaths of the public are noticeably burdened by them, and can therefore object to them through the judicial or political processes should they become too onerous. No such check is present in the digital environment; boundless searching can be done with no noticeable burden – indeed, without notice of any kind – to the parties searched. Those who believe that no search takes place until human eyes rest upon results may not worry about data mining – indeed, they may find such searches to comprise a perfect balance of benefit for law enforcement and protection of privacy. This view relies on two misconceptions.

First, as Professor Kerr points out, there is no such thing as a “Perfect Tool” that will ferret out only evidence of, say, a terrorist plot. The existence of a trove of data – for Professor Kerr’s purposes, an entire hard drive; for ours, an entire network’s worth of interchanges – therefore inevitably calls upon human eyes to see both innocent and not-so-innocent contents. Professor Kerr’s solution to this problem is not to limit the kinds of searches that can be performed, so-called “ex ante” restrictions imposed through warrants that clearly specify what kinds of searches can be performed, but to instead consider – and not yet fully advocate – eliminating the plain view doctrine for digital searches. This would prevent more broadly conducted searches from becoming fishing expeditions for evidence of any crime once probable cause to search for a given crime had been obtained. This solution does not prevent the revelation of wholly innocent private material in searches – it merely alters what the government can successfully prosecute should incriminating evidence be found. In the context of broad-based secret searches, Professor Stuntz also turns to limits on prosecution to avoid abuse, believing that a line can be drawn between awful crimes that are serendipitously uncovered and less severe ones that would be off-limits to prosecution, even as he acknowledges that the history of criminal procedure has been “transsubstantive,” with Constitutional limits on search applying “equally to suspected drug dealers and suspected terrorists.” He also proposes limits on public disclosure of any other data retrieved through secret searches. These solutions are only effective to the extent that one believes that the principal damage from unfettered government access to private data arises from unjustified (if evidence-supported) criminal prosecutions or from embarrassing public disclosures of search results. These are evils, to be sure, but they are not the only ones. The realization that every digital movement is recorded and monitored itself will chill private behavior, and public concern about abuse can further affect behavior even if that concern is unwarranted because the public actors are good or because they are limited by law. [Why all the stuntz stuff? i feel like there is a real problem to be discussed and it's not happening.]

This reveals a second misconception: that a democratic system cannot thrive in the long term in the absence of independent oversight of government surveillance activity. [ Is this meant to be an ipse dixit, or is it intro to the next section?]

III. <no title?????>

Judge Posner believes that abuse of secret, warrantless surveillance will be readily outed by government leaks and punished by the political process – presumably either at the ballot box or through removal, impeachment, or even prosecution of implicated officials. His reasoning would appear to apply equally to wholly domestic surveillance as it does to surveillance where one party is thought to be outside the United States. This is too thin a basis on which to find the combination of new search tactics consonant with the Fourth Amendment.

The power of the Fourth Amendment interpretation intended by Professor Kerr for personal hard drives in the “standard” criminal context is that it involves disinterested parties from an entirely separate branch of government to provide at least a cursory review of the facts and to issue warrants in the first place, whether broadly or narrowly drawn. Each search has a beginning and an end – requiring another consultation with a magistrate if it is to be relaunched later. The Fourth Amendment has been rightly construed flexibly to allow the Government to conduct certain searches in exigent circumstances, without consultation with a judge, and even entirely in secret – limited exceptions to a general rule, the exceptions themselves to be monitored by judges.

A lack of oversight or adversarial process for the kinds of searches that are about to become common threatens to have the exceptions dwarf the rule. National security letters, subject to no outside oversight except the conscience of the branch issuing them, push this limit, and exceed it when the targets of such letters are said to be committing a criminal act should they consult their lawyers. When the determination of whether a given search falls within certain secret parameters is itself placed with an intelligence agency shift supervisor rather than a Federal judge, as part of a program that is itself secret from the public and most members of Congress, able to search massive amounts of private data traversing a network – the Fourth Amendment has been stretched to the point of breakage. “National security” and “terrorism” are terms that are ill-defined, and the pressures of fighting an unending war against unseen foes are too much for even the most dedicated shift supervisor or President to handle alone.

The kind of incisive analysis used to parse the right balance to apply in permitting standard police searches of hard drives must be used to determine a new balance for searching our expanding digital world. Professor Viet Dinh, a former Department of Justice official, testified that “the current threat to America’s freedom comes from Al Qaeda and others who would do harm to America and her people, and not from the men and women of law enforcement who protect us from harm.” Concern for privacy is not, however, premised on impugning any particular law enforcement officer – indeed, they are presumed innocent, just as a member of the public is entitled to be, secure with his or her digital papers and effects, until there is reason to suspect otherwise. The good work of law enforcement is honored by a process by which its work is observed and regulated, and by which its extraordinary tools of information-gathering and use of force are bounded. The beauty of our system of checks and balances is that, if deployed properly, it need not ask us to trade-off between fear of harm from outsiders and fear of intrusion from a runaway government.

`