Justice Sotomayor on Digital Surveillance, 3rd Parties, and Societal Expectations of Privacy in Public
In United States v. Jones the U.S. Supreme Court unanimously ruled that attaching a Global Positioning System (GPS) device to a vehicle for the purpose of location-tracking constitutes a search under the Fourth Amendment. More notable than the unanimity of this decision, is that the majority opinion was premised on the fact that the federal government physically trespassed on Antoine Jones’ private property (his car) in order to install the GPS — leaving open the question of whether such surveillance would have been legal had the government not physically installed a tracking device. To this end, United States v. Jones raises more questions than it answers regarding the legality (and morality) of surveillance in everyday information environments. Governments, corporations, and individuals do not need to physically enter your house, your desk, or tap your phone line, to gain access to the multitude of personal information that flows through your everyday environment, and beyond.
In separate concurring opinions, Justice Alito and Justice Sotomayor both problematize the majority opinion’s focus on “physical intrusion,” yet only Sotomayor’s concurring opinion offers a consideration of the interests and concerns of U.S. citizens who currently exist in what is, at least to them, a largely mystified and little understood information environment. As Sotomayor argues in her concurring opinion:
Awareness that the Government may be watching chills associational and expressive freedoms. And the Government’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse. The net result is that GPS monitoring—by making available at a relatively low cost such a substantial quantum of intimate information about any person whom the Government, in its unfettered discretion, chooses to track—may “alter the relationship between citizen and government in a way that is inimical to democratic society.”
I would take these attributes of GPS monitoring into account when considering the existence of a reasonable societal expectation of privacy in the sum of one’s public movements. I would ask whether people reasonably expect that their movements will be recorded and aggregated in a manner that enables the Government to ascertain, more or less at will, their political and religious beliefs, sexual habits, and so on.
Sotomayor’s focus on “a reasonable societal expectation of privacy in the sum of one’s public movements” is important as it’s quite clear that society is not aware of the extent to which they’re being tracked, nor is there a social consensus on what constitutes ‘being in public.’ In my own research I’ve consistently found that when young people learn about the most basic ways that their personal information is being aggregated, they begin to articulate more sophisticated privacy concerns alongside a general amazement that such surveillance is actually happening — legally — in what they think of as private places: their facebook profile, their email, their texts, and so on.
Sotomayor concludes this point by arguing that society expects more privacy than it currently has in the digital age, and calls for a decoupling of secrecy and privacy in order to develop more situated and accurate judicial understandings of when and where people expect privacy:
More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties … This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as Justice Alito notes, some people may find the “tradeoff” of privacy for convenience “worthwhile,” or come to accept this “diminution of privacy” as “inevitable,” and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.
Lawrence Lessig on the need to build protections for privacy and autonomy into the internet’s architecture. From CODE 2.0, p45 (emphasis mine):
[The end-to-end principle] has been a core principle of the Internet’s architecture, and, in my view, one of the most important reasons that the Internet produced the innovation and growth that it has enjoyed. But its consequences for purposes of identification and authentication make both extremely difficult with the basic protocols of the Internet alone. It is as if you were in a carnival funhouse with the lights dimmed to darkness and voices coming from around you, but from people you do not know and from places you cannot identify. The system knows that there are entities out there interacting with it, but it knows nothing about who those entities are. While in real space —and here is the important point—anonymity has to be created, in cyberspace anonymity is the given.
This difference in the architectures of real space and cyberspace makes a big difference in the regulability of behavior in each. The absence of relatively self-authenticating facts in cyberspace makes it extremely difficult to regulate behavior there … We ’re far enough into this history to see that the trend toward this authentication is unstoppable. The only question is whether we will build into this system of authentication the kinds of protections for privacy and autonomy that are needed.
Two controversial pieces of legislation that would significantly alter the architecture of the internet are currently being debated in congress: the Stop Online Privacy Act (SOPA) in the U.S. House of Representatives, and the Protect IP Act (PIPA) in the U.S. Senate. The following is a round up of some sources I’ve found helpful in trying to understand the effect that these pieces of legislation would have on the informational architecture of the internet.
The first comes from the Electronic Frontier Foundation who recently published an open letter to congress from 83 prominent internet engineers and architects. The letter is short and worth a full read, but here is the key passage (emphasis mine):
If enacted, either of these bills will create an environment of tremendous fear and uncertainty for technological innovation, and seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure. Regardless of recent amendments to SOPA, both bills will risk fragmenting the Internet’s global domain name system (DNS) and have other capricious technical consequences. In exchange for this, such legislation would engender censorship that will simultaneously be circumvented by deliberate infringers while hampering innocent parties’ right and ability to communicate and express themselves online.
The second is Ars Technica’s summary of a Consumer Electronics Show panel that debated both SOPA and the recently introduced OPEN Act, an alternative piece of legislation supported by notable critics of SOPA (emphasis mine):
[Ryan] Clough [legislative counsel for the Office of Rep. Zoe Lofgren (D-CA)] said SOPA and Protect-IP create an architecture for Internet censorship. “Once we create this system, there is no way it will be contained to copyright infringement,” he said. Further, he argued “this bill will make it easier for China to keep imposing the types of controls on the Internet that it does and to keep resisting international pressure against it.”
The third is a piece Julian Sanchez wrote for the Cato Institute. Sanchez discusses the link between information architecture and free speech in order to argue that SOPA and PIPA would constitute a new legal and technological architecture of censorship (emphasis mine):
SOPA is a 70 page statute establishing a detailed legal process by which the Justice Department can initiate blocking of supposed pirate domains by ISPs and search engines, and by which private parties can seek orders requiring payment processors and ad networks to sever tie.
… If SOPA passes, thousands of commercial ISPs, colleges, small businesses, nonprofits, and other entities that maintain domain servers are going to have to reconfigure their networks, potentially at substantial cost, in order to easily comply with the new law.
… These twin architectures will obliterate major institutional barriers to Internet censorship generally, not just censorship for antipiracy purposes.
The fourth is the Obama Administration’s response to SOPA/PIPA, written by Victoria Espinel (IP Enforcement Coordinator at Office of Management and Budget), Aneesh Chopra (U.S. Chief Technology Officer and Assistant to the President and Associate Director for Technology at the Office of Science and Technology Policy), and Howard Schmidt (Special Assistant to the President and Cybersecurity Coordinator for National Security Staff) (emphasis theirs):
We must avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet. Proposed laws must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System (DNS), a foundation of Internet security. Our analysis of the DNS filtering provisions in some proposed legislation suggests that they pose a real risk to cybersecurity and yet leave contraband goods and services accessible online. We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk.
And finally – A short video, from a group called Fight for the Future, illustrating what PIPA entails and the chilling effect it would have on the internet:
12/2/11>>9:30AM-10:45AM>>John Jay College CUNY>>MORE INFO