Legislators and judges struggle every day to keep laws relevant and applicable. In fact, while technology changes at warp speed, laws and regulations enacted to protect rights are modified at a glacial pace--if at all. Such laws, drafted to protect one set of interests, often create unimaginable constitutional quandaries and challenges as technology and society evolve. Such issues are often unforeseeable at the time the laws were drafted, but become hornets' nests when circumstances force collisions either with existing laws or the U.S. Constitution itself.
Privacy, in an electronic world, is one of the most difficult of these issues, because challenges falling under this big umbrella often pit individual rights against public safety interests.
In 1986, Senator Patrick Leahy (D-VT) was a driving force behind the Electronic Communications Privacy Act (18 U.S.C. § 2510-22), a law designed to regulate the manner and methods that the government can use to manage digital communications. (A concise description of the act can be found at http://www.it.ojp.gov/default.aspx?area=privacy&page=1285#contentTop.)
In its current form, the Act applies to email, telephone conversations, and data stored electronically, and has 3 distinct sections (technically called "titles"):
* Title I prohibits the intentional, actual or attempted interception, use, disclosure, or "procure[ment] [by] any other person to intercept or endeavor to intercept any wire, oral, or electronic communication."
* Title II was designed to protect the privacy of the contents of files stored by service providers and of records held about the subscriber by service providers, such as subscriber name, billing records, or IP addresses.
* Title III applies to government entities; it requires them to obtain a court order authorizing installation and use of a pen register--defined by the Legal Information Institute as a device or process that traces outgoing signals from a specific phone or computer to its destination--and/or a trap and trace (a device that captures the originating numbers and related information for communications coming in to a subject under investigation). The authorization order can be issued on the basis of certification by the applicant that the information likely to be obtained is relevant to an ongoing criminal investigation being conducted by the applicant's agency.
Since 1986, courts have relied upon this law, which has been significantly amended by the Communications Assistance to Law Enforcement Act (CALEA) in 1994, the USA PATRIOT Act in 2001, the USA PATRIOT Reauthorization Acts in 2006, and the FISA Amendments Act of 2008 to permit warrantless wiretapping of some kinds of data created by and/or stored on wireless devices.
Despite the fact that a rework of the 1986 bill will not make it through the current lame duck Congress, official Washington is (some would argue "finally") paying attention. In late November, the Senate Judiciary Committee approved a bill to strengthen privacy protection specifically for email, by requiring law enforcement officials to obtain judge-issued warrants in most cases before gaining access to messages in electronically stored individual email accounts.
Under the current law, searches of emails that are both unopened and more than 180 days old are permitted without judicial intervention. Additionally, the current law provides a lower level of protection to messages that a recipient has read and retained in his/her account.
Under the new bill, among many other changes, police will be required to obtain a warrant to search email no matter how old it is. In addition, under the Judiciary Committee-approved version, prosecutors will be required to obtain a search warrant from a judge under a more strict "probable-cause" legal standard than is currently required.
It wasn't so long ago that phones were phones and PDAs were PDAs and, to be honest, purses were purses. This is no longer the case. A smart phone can hold a significant amount of data, including owner-created and received content, location information, and a vast array of other information that has potential value to law enforcement. In fact, it's hard to know whether a wireless device is a phone, stereo, scrapbook, or briefcase anymore, and good arguments can be made on behalf of each.
In 2011 alone, wireless providers responded to 1.3 million demands from law enforcement agencies for text messages and other information potentially stored on subscribers' devices. While privacy advocates claim that where people go is incredibly private, others argue, with equal intensity, that if this information constitutes essential evidence in the solving of crimes, it should be open to law enforcement searches.
In the absence of real direction from the federal government, and in an effort to stay on top of the "bad guys," different states have proposed and/or enacted legislation, creating a crazy quilt of regulations on these precise issues. Specifically, in Delaware, Maryland and Oklahoma, lawmakers have proposed legislation requiring police to obtain warrants before demanding location records from wireless providers. In California, similar legislation passed the legislature, only to be vetoed once it landed on the desk of Governor Jerry Brown.
Finally, until fairly recently, the U.S. Supreme Court had been largely silent on the issue. However, in January of this year, in a landmark ruling, the court held police must obtain a search warrant to install a GPS tracking device on an individual's private property (see U.S. v. Jones, No. 10–1259. Argued November 8, 2011--Decided January 23, 2012 and available at http://www.supremecourt.gov/opinions/11pdf/10-1259.pdf).
In this case, the Government's attachment of the GPS device to the vehicle constituted a[n illegal] search under the Fourth Amendment. As the Court determined in a 2001 case regarding the use of thermal energy to track movements within a subject's home, the Court must "assur[e] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted." Kyllo v. United States, 533 U. S. 27, 34. (As a point of reference, the Fourth Amendment, which is part of the Bill of Rights, was adopted in 1791).
The bottom line is that powerful individuals and interests are paying attention to the issues associated with not only smart devices, but information stored on them. It's just that there's no single answer or conclusion that can be drawn about access to this information. For now, and for a while to come, it remains a topic of conversation, legislation, and litigation. Stay tuned.
