Clouded computing: the foggy application of the Fourth Amendment in technology.

• Author: Giordano, Joseph A.
• Position: Introduction into II. Establishing a Framework for "Content" Information under the Fourth Amendment, p. 141-168

1. Searches, Seizures, and Digital Technology A. Origins B. Sources of Law: Federal, State, and Civil C. Dumb Networks, Smart Laws II. Establishing a Framework for "Content" Information under the Fourth Amendment A. Intentionally Provided, Unorganized "Content" B. Intentionally and Unintentionally Provided, Organized "Content" C. Intentionally Provided, Organized Information D. Expanding the Profile III. Practical Tech-Neutrality IV. Conclusion Any sufficiently advanced technology is indistinguishable from magic. (1)

   The illusion of modern technology is the ostensible simplicity by which it operates. As technology develops it becomes more complicated. As a society, however, we tend to view technological progress and its social value in terms of convenience and the facilitation of quotidian tasks. There is perhaps no better evidence of this view than in the realm of communications technology.

   As a result of new technological advances, the privacy rights of communicants could now be in jeopardy. Beyond the potential for illegal interception, whether unintentionally by law enforcement or intentionally by third parties, digital communications also run the risk of being mischaracterized by the law and therefore improperly treated during a Fourth Amendment search or seizure. The expectation of privacy that guides the law applies equally to all communications, digital and standard, but current law isolates new technologies for different treatment. The overly-specific way the law treats digital technology creates an artificial differentiation for search and seizure purposes that frustrates both the spirit and the purpose of the privacy rights guaranteed by the Fourth Amendment. For example, the moment a communication becomes wireless, the law affords it less protection, even if the technology itself is more secure than its wire counterpart. (2) This bizarre legal reality not only perplexes the mind but also frustrates the purpose of constitutional safeguards and privacy rights.

   In a 2010 article published in the Stanford Law Review, Orin Kerr laid a foundation that this article builds upon to provide a clear guide to law enforcement for understanding new technology and properly categorizing it in terms of current privacy law. (3) Kerr's approach incorporates current and future technologies, and, most importantly, ensures that privacy rights are not forsaken. (4) Kerr argues for a "technology-neutral" approach when applying Fourth Amendment searches to the Internet and digital technology. (5) He bases this approach on the assumption that courts would apply Fourth Amendment protections against searches and seizures that protect communications and information in the physical world to communications and information transmitted digitally via new technology. (6) Specifically, Kerr argues that the traditional distinction between physical locations, "inside" and "outside," in the existing privacy rights framework should be replaced by a "content" and "non-content" analysis in the technology context. (7)

   The traditional "inside" and "outside" scale of privacy that governs expectation of privacy cases in the physical world should be analogized to "content" and "non-content" information in the digital world because the expectation of privacy that attaches to "inside" objects is the same type of privacy expectation that attaches to digital content. (8) At the same time, "outside" or "plain view" objects are analogous to digital "non-content." (9) For the purposes of this article, "content information" should be understood as information that conveys the meaning of a communication or the intent or identity of the communicator. (10) Said more simply, "content" is the body or substance of an electronic communication.

   What is meant by "non-content" information is any information that is not "content," but specifically, information that is secondary to the substantive message or information being transmitted. (11) An example of this would be the address information contained in an e-mail header.

   People generally have a greater expectation of privacy in the digital "content" they create than in "non-content" information because "content" information reveals personal details about the individual concerned or the online persona they wish to project. "Non-content" information, such as e-mail routing information, fails to convey any significant details about the individual or the individual's online persona because this singular bit of information on its own, not compiled with other information, is unable to convey enough intimate detail to make the information truly unique or distinctive. For this reason, an individual's expectation of privacy in "content" information is similar to an individual's greater expectation of privacy in objects contained inside a private location or another object rather than something outside or in plain sight. (12) Privacy law already provides greater protection to "inside" objects over "outside" objects, (13) and the law should come to recognize that digital "content" information should be afforded the same heightened protection as "inside" objects.

   Another serious concern for invasion of privacy rights in the digital age is the timing for law enforcement information requests. The timing of certain requests for information can determine whether law enforcement must obtain a wiretap or a warrant to access certain information or technology. Wiretaps are generally required to receive transmissions in progress or for future transmissions not yet transpired, indicating a temporal immediacy requirement. The standard for a court to issue a wiretap generally involves a greater degree of certainty and specificity than a general search warrant. (14) Search warrants, on the other hand, are required for communications that have already been transmitted and are held in electronic storage, either on the device of the end user or on a backup owned by the service provider. (15) This means that the communication has already occurred and law enforcement is not requesting a contemporaneous interception.

   In addition to standard search warrants, which are issued directly for the person whose property is being searched, some warrants are issued to third parties, such as communication service providers, to retrieve user information. These warrants are commonly referred to as third-party warrants, (16) or sometimes, communications data warrants. (17) A third-party warrant is used to retrieve private information such as e-mails, text messages, or possibly even geolocation data. (18) Of course, in some situations a subpoena is sufficient for law enforcement to retrieve the information they require. Because a subpoena requires only a reasonable belief that it will produce material relating to an indictable offense, it is by far the least protective measure of obtaining information, and as such, significantly limits the type and scope of information that may be requested. (19)

   Beyond the timing issue and the Fourth Amendment restrictions on searches and seizures, new laws intending to spread Fourth Amendment protections to new e-communications technologies further restrict law enforcement. (20) While these laws are intended to extend privacy protections to cover new technology, not all law enforcement officials, judges, or other administrative officials understand the technology involved well enough to implement the nuances of the law in an effective or accurate manner without frustrating the efforts of law enforcement or violating the rights of the individual being investigated. (21) On the other hand, this same lack of understanding of technology prevents law enforcement and the judiciary from incorporating new technologies into pre-existing Fourth Amendment doctrines for the same reasons. This lack of understanding makes any progress in the area moot.

   The goal of this article is to address the need for a balance between law and technology to allow for more efficient law enforcement while still preserving the privacy rights of technology users. This article builds upon Kerr's technology-neutral interpretation of the Fourth Amendment and his "inside" and "outside," and "content" and "non-content" framework, but further investigates the nature of information and privacy online. Part I provides a broad overview of Fourth Amendment search and seizure requirements and newer e-communications statutes that focus on emerging technologies. The second half of the section provides a very basic...