The End of Miller's Time: How Sensitivity Can Categorize Third-party Data After Carpenter

• Publication year: 2019

The End of Miller's Time: How Sensitivity Can Categorize Third-Party Data After Carpenter

Michael Gentithes
Visiting Assistant Professor Chicago-Kent College of Law

THE END OF MILLER'S TIME: HOW SENSITIVITY CAN CATEGORIZE THIRD-PARTY DATA AFTER CARPENTER

Michael Gentithes^*

[Page 1039]

For over 40 years, the Supreme Court has permitted government investigators to warrantlessly collect information that citizens disclose to third-party service providers. That third-party doctrine is under significant strain in the modern, networked world. Yet scholarly responses typically fall into unhelpfully extreme camps, either championing an absolute version of the doctrine or calling for its abolition. In Carpenter v. United States, the Court suggested a middle road, holding that some categories of data—such as digital location information collected from cell phones—do not neatly fall into the third-party doctrine's dichotomy between unprotected, disclosed information and protected, undisclosed information. But the majority elucidated little rationale upon which to draw such nuanced distinctions.
This Article provides the missing rationale for such categorization: informational sensitivity. Disclosure to a third party matters but is not a trump card. Sensitivity matters too. I thus propose a two-step test to determine if the government must obtain a warrant before collecting information from a third party. First, the Court should analyze the information's sensitivity, placing it on a sensitivity continuum rather than a disclosure dichotomy. The Court can look to related jurisprudence, and the inherent meaning such information conveys, to determine placement on that continuum. Second, if the

[Page 1040]

information is sensitive, the Court should decide whether the government has collected enough of it to create an informational mosaic of the citizen. If so, that collection is a search.
The Court has long held that some data, like medical records or phone conversations, are too sensitive to be warrantlessly collected from third parties. Intermediately sensitive data, like the financial information in United States v. Miller and the cell site location information in Carpenter, might be warrantlessly collected in small amounts, but is too sensitive for warrantless collection in bulk. The Court should adjust the third-party doctrine to account for such sensitive information and craft provisional rules to protect it. Doing so will enhance both the public's security and its regard for the Court.

[Page 1041]

Table of Contents

Introduction............................................................................1042

I. The Fourth Amendment's Path to Miller........................1048

A. DEVELOPMENT OF THE THIRD-PARTY DOCTRINE...........1053
B. LIMITS OF THE THIRD-PARTY DOCTRINE........................1055

II. The End of Miller's Time...................................................1058

A. INVOLUNTARY ASSUMPTION OF THE RISK......................1058
B. SENSITIVITY MATTERS...................................................1060
C. TWO-STEP TEST FOR INFORMATIONAL SENSITIVITY.......1068
D. SENSITIVITY IN PRACTICE..............................................1073

III. The Provisional Third-Party Doctrine.........................1080

IV. Resolving Third-Party Controversies Without Miller.............................................................................1086

Conclusion...............................................................................1091

[Page 1042]

Introduction

For over four decades, Supreme Court precedent has suggested that when citizens disclose information to any non-governmental third party, they relinquish their expectation that the information is private—and hence relinquish any Fourth Amendment rights—no matter how sensitive that information may be.¹ The most influential case creating that third-party doctrine, United States v. Miller, established that government investigators can warrantlessly gather unlimited financial data from bankers to whom citizens have disclosed it.² The doctrine has come under significant strain in today's networked world, as the recent Carpenter v. United States litigation has shown.³ Yet scholarly views on the third-party doctrine have not adequately responded, mostly falling into unhelpfully extreme camps. The doctrine's champions claim that it should mean just what it says: citizens relinquish any expectation of privacy, and hence any Fourth Amendment protection, in information they willingly disclose to third parties.⁴ Abolitionists respond that the third-party doctrine is

[Page 1043]

an aberration that should be overruled in its entirety.⁵ According to abolitionists, citizens do not voluntarily convey data to third parties nor do they assume the risk that a third party will disclose it to inquiring investigators, because citizens must use many third-party services—like banking and telecommunications—just to survive in the modern world.⁶

In the Court's most recent term, a majority of the Justices favored a categorical approach to data disclosed to third parties.⁷ The Carpenter majority suggested that some categories of data—such as digital location information collected from cell phones—do not neatly fall into the third-party doctrine's dichotomy between unprotected, disclosed information and protected, undisclosed information.⁸ But the majority elucidated little rationale, beyond

[Page 1044]

the Justices' intuitions, upon which to draw such nuanced categorical distinctions.⁹

This Article provides that missing rationale. I chart a middle course between the champions and the abolitionists of the third-party doctrine, one that helpfully supplements the Court's categorical approach.¹⁰ While disclosed information receives less Fourth Amendment protection, disclosure is not a trump card.¹¹ My

[Page 1045]

proposal builds upon earlier efforts to establish a sliding scale of Fourth Amendment protection, but deemphasizes empirically-measured views of privacy or legislative responses to government investigatory techniques.¹² Instead, I employ the concept of informational sensitivity to suggest that the third-party doctrine should allow for moderate protection for much of the information we commonly disclose to third parties. Using that approach, the Court should end Millers time as an absolutist precedent granting warrantless access to sensitive information like our financial records in any form or quantity.¹³

I propose a two-step test to determine whether the government must obtain a warrant to collect particular categories of information from a third party. In the first step, the Court should analyze that information's sensitivity, placing it on a sensitivity continuum rather than a dichotomy between disclosed and undisclosed data. The Court can look to related jurisprudence, and the inherent meaning such information conveys, to determine placement on the sensitivity continuum. For instance, Miller's financial information and Carpenter's cell site location information (CSLI) should be intermediate points on that continuum because (1) the Court has discussed how sensitive those categories of information are in related cases and (2) that information conveys significant substantive meaning on its face.¹⁴ While disclosed metadata is not

[Page 1046]

sensitive and may be subject to warrantless collection in bulk, disclosed information with an inherent magnitude of sensitivity merits further scrutiny.¹⁵

In the second step, the Court should decide whether the government has collected enough sensitive information to create an informational mosaic of the citizen, thereby conducting a search.¹⁶ A citizen has a small but cognizable expectation of privacy¹⁷ in each such sensitive datum that a third party collects. Although government collection of one or even several of those data points may not raise constitutional concerns, if the government collects enough of them, the data points create such a detailed picture of the citizen's life that the government has conducted a search for which it must usually obtain a warrant.¹⁸

[Page 1047]

My proposal accommodates the doctrine's limits that the Court has long tacitly accepted and recently aimed to formalize.¹⁹ While telephone numbers delivered to a third-party telephone company are wholly unprotected under the Fourth Amendment, other information revealed to third parties, like medical information,²⁰ the content of a conversation,²¹ or CSLI,²² are protected. Some types of data are inherently sensitive, such as internet search histories, collections of photographs, and—despite the holding in Miller—financial information.²³ Following its instincts in these cases, the Court should adjust the third-party doctrine, dissolve the false dichotomy between disclosed and undisclosed data, and offer limited protection to categories of sensitive information even if they are given to third parties.

Stare decisis does not require the Court to blindly uphold Miller. Third-party-doctrine cases examine the constitutionality of new law enforcement efforts to gather information about suspects over an extended timeline. Such cases consider technological advances that were unimaginable just years earlier.²⁴ Because of those challenges, third-party cases should be viewed as a series of provisional prescriptions to which stare decisis does not fully apply. Citizens deserve, and the Court should not hesitate to craft, a reimagined Fourth Amendment that provides some protection to the sizeable caches of sensitive information that citizens regularly convey to third-party service providers while performing mundane tasks.²⁵

In Part I below, I explain how the Court created the current third-party doctrine, with emphasis on how it later tacitly

[Page 1048]

acknowledged the doctrine's limitations.²⁶ I then argue for an end to Miller's time in Part II.²⁷ While champions correctly note that a citizen's disclosure of information to a third party is constitutionally...