Ron Wyden: It's Time To Kill The Third Party Doctrine And Go Back To Respecting Privacy
from the make-it-so dept
For years, we've written about the third party doctrine and its troubling implications for the 4th Amendment and your privacy -- especially in the digital era. If you're unfamiliar with it, the third party doctrine is the concept used by law enforcement (and, tragically, the courts) to say that you have no expectation of privacy or 4th Amendment rights in information you've given to a third party. The origins of this argument are not completely crazy, because there is a legitimate claim to the idea that if I entrust you with some private information, and you decide to disclose it, that my 4th Amendment rights haven't been violated. But that assumes a very different world. In today's digital world -- especially with cloud computing -- we "entrust" all sorts of information to third parties even though we still think of and treat that information like it's our own personal effects. These aren't cases in which I'm handing over a collection of journals to my neighbor to hold onto. Online services are treated as our own content -- which we can access, update and modify at any time from any device.While the Supreme Court's recent decision in the Riley/Wurie cases suggests that it is becoming increasingly uncomfortable with law enforcement twisting old concepts onto new technologies to eviscerate privacy, the third party doctrine technically still stands -- and there has been little real discussion of it in Congress.
So it's good to see that Senator Ron Wyden is actually speaking out about why the third party doctrine needs to go. The speech is a good one, talking about oppressive governments and surveillance, and the rise of technology -- and how our laws have not kept pace when it comes to protecting our privacy against government intrusion. Then he digs in on the third party doctrine, noting that it was established by "judges who did not fully understand 20th Century technology, much less anticipate the technology we have today" and that it makes little sense considering the way we use technology today:
Some will still argue that by sharing data freely with Facebook, Google, Mint, Uber, Twitter, Fitbit, or Instagram, Americans are choosing to make that data public. But that is simply not the case. I might not have any expectation of privacy when I post a handsome new profile picture on Facebook, or when I send out a tweet to tell people I’ll be at the Tech Northwest conference. But when I send an email to my wife, or store a document in the cloud so I can review it later, my service provider and I have an agreement that my information will stay private. Neither of us have invited the government to have a peek. Basically, I think sharing this information with Google is like putting property in a safety deposit box, but the government thinks I’m posting it on a billboard out on I-5.So how about fixing it? Well, he says, it needs to start by reforming the laws that cover the intelligence community, preventing them from bulk collection of the data you've handed to third parties.
Citizens have agreed to a contract with Google or Mint that keeps their email or financial data private. In many cases these companies don’t even know what information they’re holding for you. Making information available to a service provider for a limited business purpose - so that they can give you a new app, or provide targeted ads, or do any other kind of business with you - is simply not the same as broadcasting that information to the public. In the view of the law this data should be as secure to your person as if it were sitting in a locked filing cabinet in your home office.
I believe that any serious effort to reform this law needs to end the bulk collection of Americans’ personal information, starting with their phone records. I have been challenging this program for years on the grounds that isn’t just harmless old metadata. Furthermore, I believe that Congress needs to reform the Foreign Intelligence Surveillance Court, to make it more transparent and to include an advocate for the American people. Additionally, there needs to be much greater transparency from intelligence agencies about the scale and scope of domestic surveillance activities, and private companies should be given the ability to disclose much more information about requests they receive from the government. Most of all, Congress must close the loophole that intelligence agencies are currently using to read a significant number of Americans’ communications without a warrant.But that's just the start. He calls out Executive Order 12333, which we've been discussing lately. That's the Ronald Reagan-signed executive order that lets the NSA collect whatever the hell it wants outside of the US. As was recently revealed, this program, which has no Congressional or Judicial oversight, is really the core program that the NSA uses. All the domestic spying under Section 215 and 702? That's just to "fill in the gaps." Wyden thinks its time that EO 12333 got reviewed and reformed:
The next step will be to seriously examine collection that is done overseas. When the Foreign Intelligence Surveillance Act was written in the late 1970s, it was written to only apply to collection done inside the United States. But that was back in an era when each country essentially had its own separate communications infrastructure.Finally, he talks about the need for ECPA reform -- another thing we've been discussing for years. ECPA is the 1986 Electronic Communications Privacy Act which is so woefully out-of-date, it's not even funny. It's the one that assumes if any communication is sitting on a server for more than 180 days, then it's "abandoned." Go look at how many emails in your Gmail account are over 180 days old... Even though more than half of the House is co-sponsoring an ECPA reform bill, law enforcement folks are protesting it, because they like the easy access. The DOJ loves to go on fishing expeditions with ECPA, as does the SEC and the IRS. Wyden says it's time for real reform.
Now those separate systems have been replaced by an integrated global communications network, in which calls and emails within one country might be routed through multiple different countries. When you combine that shift with new technology that makes it much easier to obtain large amounts of data, it no longer makes sense to assume that collection done overseas will not sweep up the communications of large numbers of law-abiding Americans.
This means that the rules that govern collection overseas will need to be substantially revised. These are governed by something called Executive Order twelve-triple-three, which is more than 30 years old and predates this sea-change in global communications. I was encouraged a few weeks ago when the Senate Intelligence Committee recognized this fact, and voted to advance a bill that would begin to establish some firmer rules in this area.
There's much more that can be done, some of which he refers to in his speech, but it would be nice if Congress finally realized just how truly dangerous the third party doctrine is to our privacy.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ecpa, ecpa reform, metadata, nsa, privacy, ron wyden, surveillance, third party doctrine
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
Third party doctrine car analogy
Sort of defeats valet parking. Also makes it hard to get your car repaired without it ending up in a different country.
[ link to this | view in thread ]
on top of that, whether they realise it or not, members are being spied on just as much, if not more, than other people, simply because of their position. until something is revealed about a task or a personal thing to do with one or more members, they seem to be oblivious to what's happening. get a senator in the cross hairs, for example, then see things take a different course!!
as for Wyden, he's just about the only person who does the job for which he was elected. every other member is there, predominantly, to get what he/she can, personally, out of the job, while cowering to the government and the security forces and lying continuously to the public!!
[ link to this | view in thread ]
'choose to disclose' - key difference
The BIG difference here is the courts ordering the release of the 3rd party held information. That's not 'choosing' to disclose and as such you should be able to fully employ your 4th amendment rights.
[ link to this | view in thread ]
[ link to this | view in thread ]
It shouldn't be hard for a law enforcement agency to convince a judge to allow them to have a cell phone provider disclose if a suspects cell phone was in the vicinity of a bank at the time of a bank robbery. Even if it is more work than just calling up Verizon and saying give me a list of everyone that was within half a mile of this bank within half an hour of the robbery.
[ link to this | view in thread ]
You may desire to shut the barn door after the horse has bolted, whether for noble-sounding (privacy) or terrible (copyright monopoly) reasons, but the world doesn't work that way.
[ link to this | view in thread ]
Gunz
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: tab
[ link to this | view in thread ]
Re:
When you're talking about what can be done legally, then the country's laws are the only thing that matters.
[ link to this | view in thread ]
Re: Re: tab
This is what I've done for years, and I recommend it. It's not hard. I started simply because I didn't want to be at the mercy of a third party provider (they might go out of business, have a technical problem that causes me to lose my email or lose access to it, etc.) Now, I continue to do it to minimize being spied on both by private companies and the government.
[ link to this | view in thread ]
Re: Re: Re: tab
[ link to this | view in thread ]
Re: Re: Re: Re: tab
[ link to this | view in thread ]
Re: Third party doctrine car analogy
You go to bank and rent a safe deposit box ... cloud computing and storage is the same thing.
[ link to this | view in thread ]
Re:
They are far more likely to be spied on than others. The best solution given that many countries are interested in their secrets, would be to prioritize further anti-surveillance measures and in particular a priority on creating a separate agency specialized in anti-surveillance.
[ link to this | view in thread ]
On what basis do we justify that they don't qualify for the same fundamental protections as Americans? The defining sentence of our nation is "all men are created equal", not "all citizens of the United States are created equal" and that, therefore, ALL men have inalienable rights.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Yeah, right.
Like, if I didn't want my doctor to disclose my private information to some government agent I wouldn't give it to him/her in the first place, right? Yeah, I see how that works. Uh huh. Makes perfect sense.
[ link to this | view in thread ]
Re: ^^^ YES ^^^
[ link to this | view in thread ]
This is great, but...
I know it has to begin somewhere but this is almost never mentioned.
[ link to this | view in thread ]
Executive Orders
[ link to this | view in thread ]
Re: Re: Re: Re: Re: tab
[ link to this | view in thread ]
wyden does it again
Mr Wyden, my suggestion for you: If you want to change the laws, then propose changes. Put them in front of your elected peers, and see what happens. If you want to change things, stop talking, and start doing.
Huffing and puffing doesn't blow the house down.
[ link to this | view in thread ]
Re: Gunz
[ link to this | view in thread ]
Re: wyden does it again
https://www.govtrack.us/congress/bills/browse?sponsor=300100
[ link to this | view in thread ]
Re: wyden does it again
[ link to this | view in thread ]
Re: Executive Orders
[ link to this | view in thread ]
Re: wyden does it again
Spoken like somebody who has exactly no idea how Washington actually works.
[ link to this | view in thread ]
Oh they realize it all right, and will do whatever they can to keep the doctrine intact and working exactly as planned, in order to keep those lobbied cash envelopes coming in regularly.
What you need to realize is how dangerous your privacy is to the forces of fascism, and maybe then you'll start to understand that none of this is a coincidence.
[ link to this | view in thread ]
Response to the 3rd Party Doctrine/ECPA
While this article advocates change in favor of personal privacy, it only addresses legal issues with regards to personal privacy. It does not address employment issues. For instance, federal law allows employers to ask employees for their Facebook username and password. (http://www.usatoday.com/story/money/business/2014/01/10/facebook-passwords-employers/4327739/). Before social websites, employers would receive and application, review it, schedule an interview, and potentially hire a new employee. If an employer is not allowed to ask any personal questions, such as, "Do you have any children?", then how would federal law protect them from asking for a username and password? Many Face Book users only allow friends and followers to view their profiles, pictures, and posts. This also poses a security risk. If a potential employer asks for a potential new hire's username and password, he/she is allowing a complete and total stranger to have personal access to the account, and that poses a risk for identity theft.
The solution to this issue: Create a pseudonym for any and all social media sites, and then lie when your potential new employer asks for your face book username and password.
[ link to this | view in thread ]