George Washington University Law Professor Orin Kerr has published an article concerning privacy of computer data and the Fourth Amendment in the Yale Law Journal. Kerr details a test for determining when the copying of computer files constitutes a seizure under the Fourth Amendment. The introduction of “Fourth Amendment Seizures of Computer Data” (pdf) says:

Imagine the police take away a suspect’s computer, make a digital copy of its contents, and then give the computer back to the suspect. The police do not open the copy, but they keep it in their custody in case they need to access it later. Does the combined act of copying the files and retaining the copy trigger the Fourth Amendment?

Next imagine that FBI agents believe a particular person is using the Internet to commit a crime. Agents install a surveillance tool at the target’s Internet service provider (ISP), and the tool generates copies of all of the target’s incoming and outgoing email. The email is copied to a file, but no human being actually looks at the file. Instead, the agents keep the file in case they develop probable cause to look through it for evidence. Again, does the Fourth Amendment allow it? Read more »

The Slate Book Club is discussing a new book by Shane Harris, “The Watchers: The Rise of the American Surveillance State.” The discussion is between the author and Patrick Radden Keefe, a Fellow at The Century Foundation who focuses on national security and intelligence-gathering. In one segment, they discuss John Poindexter and the failed Total Information Awareness Program and the privacy protections that Poindexter said he tried to build into the datamining program that would have created a massive database on all Americans. Keefe writes:

To curb the dangers of privacy violations, Poindexter imagined a “privacy appliance,” which would encrypt all of the private data about individuals in the system, keeping it “in a kind of electronic safe that might only be opened upon order of a judge. The judge would have to find that the government had a reason for thinking this anonymous person might actually be a terrorist.” Poindexter called it “selective revelation,” and suggested using the system to track the activity of the very analysts who operated it, creating an immutable audit trail of every search that they conducted, to prevent against abuse.

My first reaction to this suggestion is to marvel at its novelistic perfection: For Poindexter, the tireless innovator and tech-evangelist, the conflict between security and liberty boils down to a mere software glitch, one best resolved not through debate or any form of deliberative government process but through the addition of a few new lines of code. [...] Read more »

In November, Privacy Lives joined 28 groups (including the Center for Democracy & Technology, Center for National Security Studies, and Special Libraries Association) in sending a letter (pdf) to the White House urging that the administration make the Privacy and Civil Liberties Oversight Board selection process “a priority and ensure that nominations to the Board are made to the Senate before the end of the first session of the 111th Congress, so that a Board can be seated early next year.” Several months later, the Board remains vacant and no nominations have been made. (For the history of the Board, read a previous post.)

Now, Privacy Lives joins more than 30 groups (including the ACLU, American Library Association, Defending Dissent Foundation and September 11th Families for Peaceful Tomorrows) in again urging (pdf) President Obama nominate individuals to fill the board. The groups explained that it is more critical than ever that the board convene. “As a result of the attempted Christmas Day bombing, your Administration and Congress are considering numerous policy changes that impact the privacy and freedoms of Americans, including expanding watch lists and more intrusive searches at airports. It is crucial that you nominate qualified individuals to serve on the PCLOB, so that it may begin to provide guidance as new policies and procedures are developed.” Read more »

Orin Kerr at the Volokh Conspiracy and Julian Sanchez and Jim Harper (of Cato and the Tech Liberation Front) take a look at the Fourth Amendment search-and-seizure questions behind the Pennsylvania Webcam case. Recap: In a class-action lawsuit — Robbins v. Lower Merion School District (pdf) — in Pennsylvania, the Robbins family alleged that the Lower Merion School District misused Webcam-enabled laptops it issued to students in order to remotely peep into the students’ homes, take photographs and violate their privacy. The school district has denied violating anyone’s privacy, claiming the Webcams were only turned on in case of lost or stolen computers. The FBI and local officials are investigating. The Stryde Hax blog has an excellent breakdown of the technology that the school district used to remotely control Webcams in 2,300 laptops it issued to students.

Kerr’s argument: “The schools violated the Fourth Amendment rights of students when they actually turned the cameras on when the computers were at home. On the other hand, the schools did not violate the federal statutory surveillance laws.” Read his post for details concerning the case as related to the federal and state wiretap acts, the Stored Communications Act, the Computer Fraud and Abuse Act and the Fourth Amendment.

Then, head over to the Tech Liberation Front, where Sanchez and Harper are also debating the Fourth Amendment issues in this case. Read more »

MediaPost reports on a new company, Clearsight, that links IP addresses to individual e-mail and postal addresses. (An Internet Protocol address is a unique 32-bit numeric address that identifies a computer on a network.) The company seeks to improve targeted behavioral advertising.

There has been substantial debate over whether IP addresses are personally identifiable data. I believe they are, as they identify individual computers, which are easily linked to individuals. There is also the expectation among users that personal data such as IP addresses will be kept private. In 2008, a New Jersey court unanimously ruled, “citizens have a reasonable expectation of privacy … in the subscriber information they provide to internet service providers — just as New Jersey citizens have a privacy interest in their bank records stored by banks and telephone billing records kept by phone companies.” State v. Reid, 195 N.J. 422, 949 A.2d 850 (N.J. 2008). However, last year, a decision (pdf) from a federal district court in Washington ruled that IP addresses are not considered “personally identifiable information.”

Clearsight has taken personal identification and IP addresses further. ”As of today, ClearSight Interactive believes it has collected enough data from publishers to reliably link 65 million “sticky” IP addresses — typically for people who connect to the Web using cable modems — to specific individuals,” MediaPost reports. The company gathered the data from publishers: Read more »

Newsweek is the latest to weigh in on the issue of law-enforcement tracking of individuals’ cellphones — without getting warrants to access the mobile phone info. Previously, The Legal Intelligencer previewed a case in the Third Circuit concerning the rights individuals have in the privacy of cellphone data and ACLU staff attorney Catherine Crump wrote an opinion piece about the case, privacy and cellphone use. Newsweek says:

Amid all the furor over the Bush administration’s warrantless wiretapping program a few years ago, a mini-revolt was brewing over another type of federal snooping that was getting no public attention at all. Federal prosecutors were seeking what seemed to be unusually sensitive records: internal data from telecommunications companies that showed the locations of their customers’ cell phones—sometimes in real time, sometimes after the fact. The prosecutors said they needed the records to trace the movements of suspected drug traffickers, human smugglers, even corrupt public officials. But many federal magistrates—whose job is to sign off on search warrants and handle other routine court duties—were spooked by the requests. Some in New York, Pennsylvania, and Texas balked. Prosecutors “were using the cell phone as a surreptitious tracking device,” said Stephen W. Smith, a federal magistrate in Houston. “And I started asking the U.S. Attorney’s Office, ‘What is the legal authority for this? What is the legal standard for getting this information?’ ” Read more »