Data retention: privacy, anonymity, and accountability online.

AuthorCrump, Catherine

INTRODUCTION I. THE FOURTH AMENDMENT A. "Real Space" Cases 1. Root of the current doctrine: Katz v. United States 2. Communications privacy part II: pen registers, Smith v. Maryland 3. Record retention: The bank cases 4. Synthesis of the doctrine B. Application to the Internet 1. Are the records in the possession of a third party? 2. Were the records voluntarily turned over to the third party? 3. Would an inquiring user have realized that the technological context enabled third-party access? 4. Do the records capture communication "'content"? C. Lower Court Decisions D. Conclusion on the Fourth Amendment E. Reasons to Distinguish the Internet from Real Space II. THE FIRST AMENDMENT A. Anonymous Speech in Real Space 1. The right to give information anonymously 2. The right to associate anonymously 3. The right to receive information anonymously B. Data Retention and Anonymous Speech Activity 1. The value of online speech 2. Anonymity versus accountability CONCLUSION INTRODUCTION

Motivated by a strong sense of vulnerability to the threat posed by those who cheered as the World Trade Center and Pentagon burned in September 2001, governments worldwide are working to strengthen the hand of law enforcement agencies. The complexity and success of the transcontinental conspiracy to decimate the most recognizable symbols of U.S. power have fundamentally reoriented thinking on the extent to which individuals should be allowed to conduct their activities out of view of law enforcement authorities. As an instrument for clandestine communication, the Internet has been a lightning rod for criticism. What were once portrayed as the medium's virtues, particularly its empowerment of "little people" whose voices are not heard in traditional broadcast and print media, (1) are now characterized as mixed blessings. The "vast democratic forums of the Internet" (2) are also seen as "a powerful new medium for those who wish to commit criminal and terrorist acts." (3)

One method that governments use to make online activity traceable by law enforcement agencies is to institute data retention requirements. (4) Though government-mandated data retention can range in scope, at its core is the requirement that Internet service providers ("ISPs") collect and store data that track the Internet activity of their customers. (5) Several European nations have enacted data retention laws. (6) For example, Switzerland requires Swiss ISPs to record the time, date, sender, and receiver of all emails. (7) The very existence of working European examples of data retention laws and the environment of heightened sensitivity to security threats increases the probability that the United States will consider adopting a data retention law. (8)

This possibility seems all the more realistic given the current use in the United States of a related but slightly less sweeping law enforcement tool known as "data preservation." (9) The United States government has given law enforcement agencies the tool of data preservation since 1996. (10) In order to prevent ISPs from destroying data in their possession while law enforcement personnel are in the process of obtaining a warrant for that information, law enforcement agencies can compel ISPs to retain data on a specific customer for at least ninety days. (11) Though data preservation is different from data retention in that it targets the Internet traffic of a specific individual who is already under investigation, it demonstrates the utility of Internet traffic data as evidence of criminal wrongdoing. (12)

The purpose of data retention is much broader than that of data preservation. Data retention aims to change the context of Internet activity. The context change that data retention renders makes it easier to link acts to actors. (13) Data retention "rearchitects" the Internet from a context of relative obscurity to one of greater transparency. (14) This manipulation of context influences what values flourish on the Internet. Specifically, data retention, by making it easier to link acts to actors, promotes the value of accountability, while diminishing the values of privacy and anonymity. (15)

This seemingly esoteric point about the interplay of three values--accountability, privacy, and anonymity--is of practical importance to those who would require data retention. The two values that data retention would diminish--privacy and anonymity--are protected by the Constitution, (16) though the extent of this protection is an open question. (17) The Fourth Amendment's prohibition of unreasonable searches and seizures indicates some limit to the government's power to make us live transparently in order to promote accountability. (18) The First Amendment has been interpreted to protect anonymous speech and association, which cannot exist in an environment in which every action is traceable. (19) The Constitution protects some measure of contextual obscurity.

The question of how far government can go in requiring us to live transparently in order to facilitate accountability though requirements such as data retention takes on increasing urgency in the new context of cyberspace. The nature of cyberspace is highly malleable. It is determined by code, and code can be rewritten. (20) Further, since just a handful of ISPs provide Internet access to most people in the United States, (21) these gateways to the Internet are obvious targets of regulation. (22) By requiring ISPs to change their code such that the Internet traffic of their users is archived, the government could alter the mix of anonymity, privacy, and accountability that currently exists online.

Given the possibility that Congress may want to repeal current statutory limits on law enforcement agencies' access to privately maintained customer records, this Notes's aim is to probe the current constitutional limitations on government-mandated data retention. (23) Does the Constitution permit the government to require that Interact service providers archive the Internet usage of their customers, and can law enforcement officials then access these records without any judicial oversight or notice to customers? Although the primary purpose of this Note is descriptive, it uncovers tensions in the doctrine that will be addressed.

A constitutional challenge to data retention would most likely be grounded in the Fourth or First Amendment. Part I of this Note will focus on the Fourth Amendment. Because the Supreme Court has already found in other contexts that it is permissible for government to require businesses to keep copies of customer records and, further, that it is permissible for law enforcement agencies to access these records without a warrant, a Fourth Amendment barrier to government-mandated data retention by ISPs seems unlikely. (24) If the Fourth Amendment were to be read to place some limit on the ability of government to make us live transparently to facilitate law enforcement, however, those who oppose data retention could find a perverse sort of hope in the fact that the range of human activity that will be catalogued if all Internet traffic is recorded is vast compared to recordkeeping the Court has explicitly approved in the past. (25) Part II focuses on the First Amendment, specifically the right to engage in speech activity anonymously. (26) Because data retention eliminates all anonymous speech online by making all online activity traceable and because the Court applies strict scrutiny to government-mandated identification requirements, (27) data retention would probably need to be narrowly tailored to a compelling governmental need if it is to withstand scrutiny. This Note concludes that, although there is probably no Fourth Amendment bar to compulsory data retention, data retention would probably be considered unconstitutional under current First Amendment doctrine because there are other methods that could be used to monitor Interact activity that would burden speech substantially less. (28)


    The Fourth Amendment grants, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures." (29) It was handwritten at a time when tangible objects and physical spaces were all that existed. The intervening centuries have given rise to an expanding technological capacity that has deeply affected our surveillance capabilities and the means we use to communicate. (30) Law enforcement officials need no longer rely on the unaided eye for observation--technology has been used to enhance night vision and to "see through" walls. (31) In addition, a broad swath of human activity now takes place through packet-switching technologies such as the Internet, (32) a technology that is "unprecedented in the degree of detailed information that can be gathered and stored." (33)

    Each iteration of technological advancement raises anew the question of what kinds of law enforcement observation techniques amount to a Fourth Amendment search and therefore require a warrant. In defining the term "search" in a variety of technological contexts, the Court has laid out a hodgepodge of doctrines--some seemingly contradictory--that bear on our inquiry about data retention. This is an exercise in piecing together what the Court has said in disparate contexts to surmise how it might rule in the case of data retention. For our purposes, the modern doctrine begins with the seminal case of Katz v. United States, (34) which sets out the basic inquiry courts follow when determining what is a search under the Fourth Amendment. It moves on to the Court's communications-specific holding in Smith v. Maryland (35) that warrantless government collection of the telephone numbers one dials is not a search. The doctrine ends with the Court's sole word on government-mandated records retention, which the Court upheld against a Fourth Amendment challenge in the context of bank records and further held that...

To continue reading

Request your trial