Internet-Connected Devices and the Fourth Amendment
This report is part of an ongoing project by Diaz, counsel with the Liberty & National Security Program, and the Brennan Center to raise awareness about the privacy implications of internet-connected devices and their intersection with Fourth Amendment law.
The report is organized around six categories of smart devices and analyzes them from a variety of angles, such as how these devices operate, what types of data are collected and transmitted to third-parties (companies like Google), methods used by law enforcement to access these devices, whether transparency reports are published, and possible uses of this data by law enforcement.
While most Americans have grown numb to repeated warnings about their devices “spying” on them, few people bother to understand what this means in a law enforcement context and how radical this situation is in the context of American history.
The Fourth Amendment to the U.S. Constitution is generally the only safeguard against the police’s unfettered monitoring of a people’s communications and movements, as well as rummaging through their home, vehicle, or pockets. The Founders added this amendment as a check on government power in response to abuses by the British. Prior to the Revolutionary War, British officers could “inspect” a person’s home or papers at any time to look for “evidence.” Further, some crimes like treason or sedition might be supported by a person’s opinions in a letter to a friend.
In recognizing that freedom and the pursuit of happiness often require privacy and that dissent cultivated with the counsel of compatriots are necessary for the operation of a representative democracy, the Founders added the Fourth Amendment to prevent the government from freely rummaging around in our private spaces and communications. They also recognized that protecting these rights sometimes meant making law enforcement’s job more difficult.
Today, the Fourth Amendment requires police provide information regarding likely criminal activity to a magistrate judge in order to search a protected area. However, the U.S. Supreme Court has recognized certain circumstances where a warrant is not required. Two important exceptions include consent searches and the Third-Party Doctrine. Both of these take on added significance in the digital age.
With the state of current technology, it’s important, not merely to know a device is collecting data, to also ask how that data could be used in a way that effectively waives a person’s rights, especially in a criminal prosecution.
When a company such as Fitbit collects health data (heart rate, sweat productions, steps traveled) and combines it with GPS and other information voluntarily surrendered at sign-up (name, cell phone number, social media usernames), it can be relatively easy to identify patterns of activity and build a profile of a person that can reveal extremely private information such as which doctors you see and how often you see them, when and where you work, and even sleep or sexual habits.
If this isn’t invasive enough, consider how pervasive this data collection has become. Approximately 70% of all U.S. homes have at least one such device in use inside them. Many homes have a digital assistant like Alex, Siri, or Cortana which listens, and sometimes records, audio from inside your home. If you participate in a protest that gets out of hand (even if you don’t participate in any violence), would you feel comfortable if police obtain a wiretap warrant to use your Amazon Echo to listen to your conversations in advance of the next planned protest rally? How comfortable would you be if Amazon turned over records and customer details to the Department of Homeland Security every time someone said the words “Black Lives Matter” near an Echo?
While actively listening in to a device with a microphone almost always requires a warrant (except in an emergency), police do not generally need a warrant to obtain previously recorded data that are not “communication.” Because this data has been handed over to, or transmitted through, a third-party company, the law says citizens have less expectation of privacy in such data. Thus, police can obtain it from a company simply by asking.
Even where the Supreme Court has attempted to place limits on law enforcement access to our private data, police have often found loopholes. The Supreme Court’s decision in Carpenter v. United States, 138 S. Ct. 2206 (2018), requires police to obtain a warrant before accessing cell-site location information from wireless carriers. However, recent reports have revealed that DHS has purchased the same information from private companies that aggregate GPS readings collected from ads on mobile platforms and did so without a warrant.
The most seemingly innocuous data can now be used against people in a court of law. A Pennsylvania woman was charged with making false statements and tampering with evidence because her Fitbit showed she was awake and moving around at a time she swore she was sleeping, all in connection with a rape investigation. An Arkansas man’s “excessive” water usage, tracked by his Smart water meter, was used to substantiate a claim by police that he attempted to clean-up a murder scene.
We are also “voluntarily” participating in the ubiquitous surveillance of public spaces. Smart doorbells can capture video and audio and are being used as evidence in street crime prosecutions. If your neighbor installs a Smart doorbell and it can “see” your driveway, police can monitor recordings of your comings and goings by simply asking for your neighbor’s permission – not yours – to access them. Homeowner’s associations (“HOAs”) have begun purchasing and deploying automated license-plate readers (“ALPRs”) that can track all vehicle movements in an area and share this data with police. Both of these scenarios allow police to circumvent the need for a warrant by merely obtaining consent from the person or group recording the data.
You might be able to get your neighbor to adjust his or her doorbell camera to quit watching your home, but good luck convincing an HOA to quit using an ALPR they spent thousands of dollars on in the name of “safety.”
All of these implications are worrisome, especially when we consider how much of our rights we are waiving when using these devices (or merely being around them). This could get downright horrific when those same mechanisms are used in racialized over-policing of minority communities.
A person whose movements are linked to proximity of one or more gang-related incidents may find themselves placed in a gang database by police. Any subsequent interaction with police is then more likely to end in tragedy if police expect a person to be predisposed to violence.
Further, use of facial recognition software is notorious for producing false positives more often when analyzing minority faces. At least two men in Michigan were falsely arrested due to faulty facial recognition software, and several cities have banned its use for this reason.
So we have no reason to trust that law enforcement’s access to this data will be entirely positive or even benign. It also is clear that police are relying on it more and more. Amazon tracked an overall increase in law enforcement data requests, up 264% from 2015 to 2020.
It is also getting more difficult to opt-out of persistent surveillance. Soon it might be impossible to purchase a vehicle that doesn’t communicate with other vehicles and roadway infrastructure networks. And can you imagine functioning without a smartphone? It is for this reason that we must consider statutory limitations on the ability of companies to collect and retain data about our lives and further limit law enforcement’s access to only warrant-authorized searches. We cannot keep giving up our freedoms and privacy in exchange for convenience and a false sense of security while expecting to maintain or representative democracy for much longer.
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login