Databases, doctrine & constitutional criminal procedure.

• Author: Murphy, Erin E.

Introduction I. The Rise of Databases in Criminal Justice A. Proto-Databases B. Databases Today C. Databases Tomorrow II. The Database in Constitutional Criminal Procedure A. Major Database Cases B. Evans and Herring III. The Slippage Between Doctrine and Databases A. The Presumption of Ready Analogy B. The Presumption of Demonstrable Harm C. The Presumption of Regularity D. The Presumption of Individual Action E. The Presumption of Technological Neutrality IV. Toward a Constitutional Criminal Procedure of Databases A. Structural (vs. Individual) Oversight B. Suspicionless (vs. Suspicion-Based) Targeting C. Operative Opacity (vs. Transparency) D. Use (vs. Acquisition) Restrictions E. Benign Neglect (vs. Deliberate Misdeeds) Conclusion INTRODUCTION

Around 1964, military information systems employees coined the term "data base" to describe repositories of data accessible by users across time-shared computer systems. (1) Today, "database" is a word that requires no definition. In thirty short years, it progressed from two disconnected descriptive nouns to a hazy concept stitched together by a hyphen to a single word instantly understandable to every member of a modern society. Indeed, databases are such an integral component of contemporary life that it is easy to forget just how new they are. Like other currently indispensable technologies--personal computers, cell phones, e-mail--it can be hard to remember just how things worked before they came into existence.

A wide variety of government databases have flourished in the criminal justice field over the past ten to twenty years. Much legal scholarly attention, including some of my own, (2) has been devoted to the impact of these databases on individual privacy, whether as a general normative matter or in relation to specific constitutional doctrines such as the Fourth Amendment. But this Article focuses on something different than general concerns about privacy. Indeed, it takes it as a given that databases affect personal privacy, even while acknowledging that reasonable people disagree about how severe or grave the impact of databases may be.

This Article is a preliminary effort to sketch some of the challenges that large-scale databasing poses to conventional constitutional analysis. In Herring v. United States, (3) the Supreme Court engaged in its first head-on confrontation with criminal justice databases in some time. To many scholars, Herring's greatest significance is that it bolsters suspicions that a majority of the Court views the proper application of the exclusionary rule as limited to instances of deliberate malfeasance. Yet Herring is a difficult call on the question of malfeasance, given the nature of the constitutional violation claimed. Rather than involve a run of the mill bad call on probable cause or reasonable suspicion, Herring dealt with a kind of mistake that increasingly can and does occur in contemporary policing: an error in a computerized database. And, indeed, in their assessments of the nature of the constitutional error, the majority and the dissenters exposed some fundamental problems that arise when claims related to databases are at stake.

This Article takes the fault lines exposed by Herring as a point of departure for considering these issues more generally. Specifically, this Article questions whether the practice of databasing comports or conflicts with the assumptions that animate the investigative and adjudicative restraints imposed by the Constitution--generally, the Fourth, Fifth, and Sixth Amendments. Part I begins by sketching, very briefly, the evolution of databases in criminal justice by providing a sampling of databases in existence. Part II then examines the few major instances in which the Supreme Court has commented on databases or databasing in the context of criminal justice, in order to glean different themes that have emerged. Part III then identifies five presumptions that seem to attach to database-related inquiries, while Part IV sets out some thoughts about how constitutional doctrine might evolve to the particular needs of databases, in order to better regulate and safeguard their use in the criminal justice system.

1. THE RISE OF DATABASES IN CRIMINAL JUSTICE

   1. Proto-Databases

      The criminal justice system's reliance on databases is both old and new. As many know, the formal, organized, public police first emerged as a concept around 1829, when Robert Peel organized the London bobbies. (4) The first detective unit in the United States was formed shortly after in 1846 in Boston, (5) at a time when tracking down criminals largely remained a private sector gig. Dominated by companies such as the (in)famous Pinkertons, (6) the unit's work consisted largely of pounding the pavement (and suspects). Indeed, many of the modern tools of detecting--"[s]ophisticated criminal investigation techniques--well-organized crime records systems, fingerprints, crime labs--did not appear until the twentieth century." (7) Even Alphonse Bertillion's pioneer anthropometrical system of identification in the late 1800s depended largely upon manual recording and comparison of measurements. (8)

      The first primitive databases emerged around the same time, at the turn of the century. For instance, as early as 1919, the California State Bureau of Identification introduced a punch-card system for storing and retrieving modus operandi information. (9) But perhaps the watershed moment of government databasing occurred in the early 1930s, around the time that J. Edgar Hoover opened the Federal Bureau of Investigation's first criminal evidence laboratory, which included fingerprint processing capacities, hair, blood, and firearm analysis. (10) As part of the new emphasis on forensic science, FBI implemented its first fingerprint database--a card sorter that capitalized on the technology created to tabulate the census and that led to the formation of IBM. (11)

      Just a little over a decade later, the development of the mainframe computer in 1946 and the replacement of punch cards with magnetic tape significantly advanced databasing possibilities, (12) but it remained a largely primitive technology. By as late as 1984, the federal fingerprint database-the most advanced forensic database available--still depended primarily on manual recording and retrieval. At best, it served as an efficient means of organizing cards for retrieval, rather than for generating leads or links. (13) Linking two fingerprints required manual comparison of an unknown scene sample with, for instance, the 23 million criminal cards on file with the FBI. (14)

      The 1980s, however, initiated a period of rapid change. Personal computers became commonly available. Law enforcement began to recognize and harness the potential of electronic storage and retrieval. And then, remarkably, the Internet was born. Connectivity became possible in ways previously unimagined, and storage capacity reached new heights. The foundations for the modern criminal justice databases had been set.

      The first major advance occurred around 1985, when technology simplified the creation of digital images from physical fingerprint cards, enabling the National Automated Fingerprint Identification System ("AFIS"). AFIS software allowed a technician to conduct both confirmatory matches as well as automated comparisons between known and unknown prints, a landmark advance over the old manual methods of comparison. (15) In a 1987 report on the creation of AFIS, the authors noted that a San Francisco investigation had expended thousands of man-hours searching fingerprint records for the one clear print an alleged killer had left behind; when that print became the subject of San Francisco's first automated search, a match was found in six minutes. (16) But AFIS still relied upon manual scanning of a card ink stain image, and thus that slowed response time and transmission capacity. The imperfection of the images also diminished automated matching capacity.

      Also, in 1983, as a companion to AFIS, the FBI created the Interstate Identification Index ("III"), a pointer index which linked states to criminal records of both arrest and conviction that are associated with uploaded fingerprints. (17) The Index is operated through the National Criminal Information Center ("NCIC"), which has served since the late 1960s as the central federal criminal records database. (18)

      But even though the idea of the criminal justice database has existed for over a hundred years--although records and fingerprints have been created and kept for most of that time--it would be wrong to assume that contemporary databases are simply the younger siblings of the databases just described. They are not. Old databases were typically paper files or punch cards that were physically kept and stored in diffused, and at times difficult to access, locations. Even the AFIS and III systems of the 1980s relied heavily on manual inputs and outputs of records. And proactive searching was likewise all but impossible because technology could not automatically sift through huge volumes of standardized material. Thus, an act as simple as switching locations might be effective in obscuring one's identity, since accessing a record created and stored even in the next town over could be prohibitively difficult. In short, until quite recently, the database primarily served an organizational and confirmatory function--if law enforcement had a known suspect, then a database enabled easier access to confirmatory information about that person.

   2. Databases Today

      In 1999, databasing radically changed when the Integrated Automated Fingerprint Identification System ("IAFIS") became operational. (19) IAFIS is now the largest single biometric database, and it looks nothing like the fingerprint databases that preceded it. (20) IAFIS replaced the old ink-and-card system with a new, immediate digital image that could be easily stored, transmitted, and searched...