• United States



No reasonable expectation of privacy when third parties cross the creepy line?

May 05, 20145 mins
Data and Information SecurityMicrosoftSecurity

A former DHS official suggests SCOTUS has no business expanding Fourth Amendment protections to protect our privacy from third parties who cross the creepy line.

There’s a “creepy line” when tech conveniences and capabilities seem to push too far into privacy rights; yet not everyone can be trusted to decide whether or not new technology used by the government crosses the “creepy line” and if Fourth Amendment protections should kick in. That includes SCOTUS, according to a former DHS official, who reduced the Supreme Court Justices to “nine Baby Boomers” who wouldn’t know the “creepy line” if it bit them on the butt.

Seven major players in the tech industry recently predicted “a vision of the future” for the New York Times, including tech that is “far off” now but will be “commonplace in a decade.” Sebastian Thrun, a founder of Google X, said as an example, “Implantables, like a chip under your fingernail that unlocks all your devices.”

Clara Shih, founder of Hearsay Social, expects “Implantable chips that monitor the number of steps we take, hours we sleep, all of our vital signs, blood chemistry and beyond. The chip data will be used to adjust our medications, offer suggestions to change our behavior and automatically send an ambulance — self-driving, of course.”

Despite such forecasts, some folks will be creeped out by those answers and might even wonder if 666 will be etched into those implantable chips.

In part one about “drawing a line” in the third-party doctrine of the 1979 Supreme Court case Smith v. Maryland, Stewart Baker, a former DHS official under President George W. Bush, basically argues that by using a third-party service such as Google Drive or Dropbox, American citizens willingly give up any reasonable expectation of privacy — and therefore any Fourth Amendment protections from warrantless government spying. He wrote what Ben Franklin said — and Pretty Little Liars more or less paraphrased — “Three can keep a secret, if two of them are dead.” Baker reasons that instead of using cloud services, you could have kept your “papers” private by storing them inside a locked desk drawer in your house or on your PC; the government would need a search warrant before rifling through belongings in your home.

In case you don’t know about Smith, the police had no warrant when they placed a pen register “trap and trace” device on Smith’s telephone line to record all the phone numbers he called. SCOTUS Justice Harry Blackmun said in Smith, “This Court consistently has held that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” More recently, when Verizon challenged the NSA’s data collection program, the Federal Intelligence Surveillance Court (FISC) cited Smith and this sort of “voluntary” sharing with a third party when “ruling that the government is constitutionally protected in collecting billions of Americans’ detailed phone data.”

Baker takes privacy advocates to task for suggesting that we put “our entire lives online” and need to expand Fourth Amendment protections to safeguard us from mass government surveillance and other creepy new technologies. He suggested there’s no easy way to determine when “too much” has been shared with the government or another third party, and Fourth Amendment rights protecting us from unreasonable search and seizure should kick in. Baker says privacy is dead and it’s too late to think about changing the Smith doctrine.

In part two about Smith, Baker said we stick with a third party’s service if we value it more than our privacy. “Sometimes we decide that we value our privacy more than the service, and we quit. More often, we don’t. And our ‘creepy line’ moves a bit.”

“The Supreme Court clearly thinks that routine government access to location data is kind of creepy, and it’s tempted to give location some special constitutional status, notwithstanding Smith. But if it does,” Baker predicts, it will end up looking “foolish and out of touch.”

Why? Because more and more kids are getting smart phones today, sometimes as early as elementary school, and practically every parent who buys one is installing an app that relays the kid’s location to the parents. Which means that kids are already beginning to graduate from high school without any sense that their location can or should be hidden from the ultimate authorities, their parents. They will never share the current Supreme Court’s instinct that their location is uniquely private.

This is typical Baker. Just because my kids have smartphones that I am paying for doesn’t begin to suggest that I’ve installed spyware to track their movements. Even if I had, upon turning 21 they would not automatically believe there is no right to keep their location private.

Sadly, the more we accept privacy intrusions as “reasonable,” the less likely we are to be protected by the Fourth Amendment. But just because we didn’t all pay early termination fees and stop using cell phones does not imply that we’re cool with the NSA collecting our phone data. Stop making it sound like being monitored and tracked is reasonable and that the digital age ushered in a time when people are no longer entitled to Fourth Amendment protections.

Like this? Here’s more posts:

  • Judge to Microsoft: Hand over cloud data no matter where in the world it is stored
  • Targeted ads that track how and where you drive are coming to connected cars
  • Data breach report: 9 attack patterns describe 92% of 100,000 security incidents
  • Record and rewind: Cops quietly test aerial surveillance to track crime
  • Busted and fired! Cop choked handcuffed college student to unconsciousness
  • Smart toilet spying on health is a hoax, but is there privacy in a public potty?
  • Research: Attacks on HTML5-based apps infect smartphones, spread like a ‘worm’
  • USA world rankings: #1 for sending spam, #8 for Netflix streaming speeds

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.