A SOLUTION FOR THE THIRD-PARTY DOCTRINE IN A TIME OF DATA SHARING, CONTACT TRACING, AND MASS SURVEILLANCE.

• Author: Jacobi, Tonja

Introduction 824 I. Misreading Katz, The Development of the Third-Party Doctrine 829 A. Katz and the Origin of the Third-Party Doctrine 831 B. Losing Katz's First Prong: Unknmvingly Shared Is Not "Knoiuingly Expose[d]" 834 1. Jettisoning the "Knowingly" Requirement: Introducing "Voluntariness" 837 2. Redefining Anv Sharing as "Exposure" 840 C. Abandoning Katz s Second Prong: The Disappearing "Public" 842 D. Trust, Nobody: False Friends and Third Parties 844 II. When the Cure Is Worse than the Disease 851 A. Iloxo Special Is the Home? 852 B. Some People and Some Places 857 III. Solving the Third-Party Dilemma: Returning to Katz 860 A. Too Many Cooks: The Supreme Court's Solutions 861 B. The Goldilocks /.one of Privacy. Academic Solutions 866 C. The Solution: Reinvigorating Katz 's Tiuo-Part Test 873 1. Knowingly Exposes 874 2. To the Puhlic 879 1. The Fate of Miller and Smith and the Role of Contracts 881 E. The Practicality of a Katzian Solution for the Nexu Roberts Court 884 Conclusion: The Third-Party Doctrine in Shaping Responses to Pandemics and Other Crises 888 INTRODUCTION

The Supreme Court Justices seem to take a bashful pride in their struggles with technology: Justice Breyer jokes that he does not know how to open his iPhone; (1) Justice Kagan reports that most of the Justices do not understand Facebook or Twitter and do not use email; (2) and while the rest of the world was moving to videoconferencing in the face of the COVTD-19 pandemic, the Supreme Court opted for the "antiquated technology of the telephone" (3)--and still multiple Justices struggled. (4) And yet, the Supreme Court must decide issues that hinge on rapidly changing technology, including cases with great import for privacy rights. (5) The most significant of these issues is the third-party doctrine, for that doctrine has the potential to annihilate the privacy rights of individuals engaged in a variety of everyday behaviors, from checking email to browsing a website, merely because doing so involves an Internet Service Provider (ISP) or some other third party.

The third-party doctrine holds that when an individual voluntarily hands information over to a third party, that person cannot then claim to have a reasonable expectation of privacy in the information." Back in 1976, the third-party doctrine enabled the government to access a "pen register"--the list of numbers dialed from a phone. (7) But the advent of new technology has enabled the government, via the thirdparty doctrine, to engage in mass surveillance of individuals without any recourse to the Fourth Amendment. (8) Today, individuals share information constantly: every email is transmitted through a thirdparty email platform such as Google as well as an Internet provider; banking is done through a third-party bank; text messages are sent through a third-party cell phone provider; smart technology like Alexa exists throughout modern homes. Under the third-party doctrine as it is currently interpreted, all of these activities can be monitored by government agents, without themselves being monitored by a neutral judge as to whether they comply with the Fourth Amendment, because every individual has "voluntarily" conveyed this information to a third party." The potential risks this per se standard poses to individual privacy are multifarious and potentially constitutionally groundbreaking--in today's information age, we bring third parties into our homes, (10) into our cars," and even into our bodies. (12)

The Supreme Court, other courts, and scholars have all recognized that there is a serious problem with the third-party doctrine. (13) Yet, the Court has refused to provide an adequate solution. In 2018, the Court recognized that applying a doctrine built for pen registers to smart phones is inappropriately intrusive." But rather than tackling the underlying problem, the Court merely carved out a narrow exemption for cell site location information (CSLI)--and only some forms of such information at that--saying:

Cell phone location information is not truly "shared" as one normally understands the term. In the first place, cell phones and the services they provide are "such a pervasive and insistent part of daily life" that carrying one is indispensable to participation in modern society. Second, a cell phone logs a cell-site record by dint of its operation, without any affirmative act on the part of the user beyond powering up. Virtually any activity on the phone generates CSLI, including incoming calls, texts, or e-mails and countless other data connections that a phone automatically makes when checking for news, weather, or social media updates. Apart from disconnecting the phone from the network, there is no way to avoid leaving behind a trail of location data. (13)

All these points are true, but each also applies to multiple other daily activities that the third-party doctrine continues to exempt from Fourth Amendment protection. As Justice Sotomayor noted, the thirdparty doctrine leaves a similar amount of information unprotected when individuals carry out "mundane tasks," including when "disclosing] the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers." (16) Blithely ignoring the fact that these very same concerns arise with so many other technologies leaves individuals unprotected from mass surveillance, unhinges the third-party doctrine from its doctrinal moorings, and leaves unaddressed future applications, including vital information gathering measures.

In this Article, we provide a solution for the problem that the third-party doctrine categorically exempts from any expectation of privacy so many modern forms of communication and other ordinary life activities. Our solution avoids creating a patchwork of exceptions, which would undermine certainty and doctrinal coherence, but nor does it require marching boldly into the unknown future. (17) Rather, the solution lies simply in returning to the core principles upon which modern search and seizure law rests: the landmark case of Katz v. United States.

Katz established that government conduct constitutes a search when it intrudes upon a reasonable expectation of privacy; in such a case, Fourth Amendment protection applies. (19) But a person cannot shout their secrets from the rooftops and still claim an expectation of privacy, and so Katz also specified that when a person knowingly exposes information to the public, there will be no such expectation of privacy.- (0) It is from this language that the third-party doctrine is drawn. But in two cases decided within a few years of Katz--United Stales v. Milled and Smith v. Maryland (22)--the Court effectively left behind both the language and the conceptual framework underlying this qualification, by crafting the third-party doctrine as a categorical exception to the Kalzmn reasonable expectation of privacy.

Instead of inquiring, as Katz mandated, whether a person "knowingly expose[d]" information "to the public," Miller and Smith subtly changed both of these requirements. First, the two decisions changed the "knowingly" requirement to "voluntarily," and deemed actions to be voluntary even if a person had no option to avoid sharing information if they wished to use a given technology. (23) So, even though it was impossible not to share information dialed with the telephone company in order to have a home telephone, (24) or to share bank details with the bank teller in order to have a bank account, (25) these activities were still deemed voluntary. Second, the decisions interpreted information as having been exposed "to the public" any time they were shared with a third party, regardless of the circumstances. (26) So even if Mr. Miller's bank had promised to keep his information secret, by sharing it with the bank itself, the Court deemed this equivalent to sharing with the public, and thus Miller had no expectation of privacy in his banking information. (27) Miller and Smith created a categorical test by which any information shared under any circumstances with any party for any reason constituted conveying information to the public, thus losing all expectation of privacy.

This broad application of the third-party doctrine is problematic not just in terms of being faithless to foundational precedent and enabling mass surveillance, but it also has the potential to hamstring the capacity of the United Slates government to respond to the COVID-19 pandemic, as well as other likely future pandemics. (28) The most effective means of combating the spread of infectious diseases is through tracking and tracing, which itself is best operationalized through digital means. (21)' Yet, the public rightly fears making its highly personal health data, location data, and contact information available to the government or to third parties,'" (1) for the third-party doctrine renders that information, once exposed, forever subject to government scrutiny, for any purpose, including criminal investigation. As such, finding a solution to the third-party doctrine is not merely a question of jurisprudential coherence, but a matter of survival, since such a solution would enable rapid responses to major crises.

This Article proceeds in four parts. Part I details the creation and development of the third-party doctrine, the function it serves, and how it has become unmoored from its foundation in Kalz. Part II describes how dire the need is for a solution to the problem, illustrating how invasive the third-party doctrine has become to Fourth Amendment rights. Part III considers how to solve the problem: first, it critically examines the various solutions considered by the Supreme Court; then, it highlights the advantages and flaws with solutions proposed by prior scholars; and...