A Slippery Slope Gets Slipperier
For decades, at least until a few years ago, the application of a particular search and seizure principle had been considered "hornbook law." That is until communications conveyed by technological means came into our daily existence.
That principle is often called the "third-party rule." Simply put, any communication occurring between two parties that would otherwise be protected from warrantless acquisition by law enforcement loses its privacy protection if also communicated to a third party. Put another way, constitutional protections that would normally be afforded by the Fourth Amendment disappear when oral or written communications are shared with a third party.
Two U.S. Supreme Court decisions— United States v. Miller,1 and Smith v. Maryland,2 have traditionally been cited in various factual scenarios for more than a generation for the proposition that there is no reasonable expectation of privacy in information shared with a third party.
In Miller, the court held that a bank customer's checks and deposit slips could be acquired via subpoena rather than a search warrant. The Smith decision similarly held that a telephone user had no reasonable expectation of privacy in the numbers dialed on a telephone in that such person should know that the numbers would, at a very minimum, be shared with the telephone service provider. Interestingly, in Smith, the court specifically ruled that the subjective intent of the phone's user that the identity of the dialed digits only be shared between the user and the phone company and not shared with someone else "is not one that society is prepared to recognize as reasonable."3
Turning to more recent means of communication, both decisions were cited in support of law enforcement's warrantless acquisition of subscriber information from an Internet service provider, again through the application of the third-party rule, in United States v. Hambrick.4
Sotomayor's Challenging View
A little less than two years ago, Judge Sonia Sotomayor, in her concurring opinion in United States v. Jones,5 expressed in dicta her theory that the third-party rule might require revisiting in the Internet age. She specifically delineated the ways in which continued application of the rule would negatively impact various tech activities, such as the preservation of dialouts and contents of texts sent via cell phones and stored by the user's carrier, the history of a user's websites visited and the content of emails stored by an Internet service provider, and the recording of one's shopping choices (e.g., books, groceries and medications) purchased from online retailers.6
While Sotomayor's concerns are certainly understandable and even laudable, a couple of recent court decisions demonstrate just how slippery a slope such piecemeal application of the third-party rule can be in the world of technology.
Has Google Eavesdropped?
The question of whether Google employees are guilty of eavesdropping is currently under litigation in the California federal court system. Between 2007 and 2010, Google sought to enhance its free online mapping service by sending out employees in cars specially equipped with cameras that could take 360 degree photographs from public streets for its new "Street View" service.
Certainly there is nothing illegal for anyone, even law enforcement, taking pictures from a publicly accessible vantage point, even if the cameras are aimed in the direction of private property. What escalated the activities of Google's employees to questionable conduct was what they did beyond merely taking photographs.
Google's Street View cars were also equipped with special antennae and software that could hone in on the "WiFi" radio frequency7 of home and business wireless local area networks. Most providers of such service typically permit this signal to extend far enough beyond the physical area of a home or business, to ensure access to anyone on the person's or company's property. This typically causes the WiFi signal to actually bleed into the public street outside the premises.
Such service providers also typically provide the ability for their customers to encrypt access to the network to prevent unauthorized acquisition of the part of the WiFi signal that leaks out into nearby public areas. If the customer refuses to utilize the encryption or otherwise disables it, then people attempting to do exactly what the Google drivers sought to do can log onto a wireless network without the use of the access password.
When criminals do this, such activity is commonly referred to by law enforcement as "wardriving." And why would those with criminal intent try to do this? It is because wardriving can thwart the way police attempt to determine who is committing crime via the Internet.
Most illegal activity occurring over the Internet is traceable by law enforcement through the "Internet protocol address" (IP address) assigned to the computer at the time that any connection is made to the Internet. When a criminal wardrives, the IP address for his or her connection to the Internet is not the one assigned to the mobile device being used to do the wardriving, but the IP address assigned to the unprotected wireless network because that's the system being used to log onto the Internet. So when law enforcement attempts to trace the criminal activity back to the accessing computer through the IP address, they will be directed to the one assigned to the open WiFi network unless the criminal is dumb enough to leave some other identifiable information connecting him or her to the activity.