The Fourth Amendment and Privacy Risks in the Digital Age

Columbia Undergraduate Law Review

As individuals progressively incorporate digital devices into their daily lives, many aspects of law need to be adjusted to better reflect the interests of those individuals. One particularly glaring blind spot in the law is the collection of internet users’ data. [1] Every occurrence in cyberspace is recorded, and anything recorded is accessible. Much of our data is stored in extensive databases that contain everything from online activity and search queries to personal details, like clinical information. [2] Most internet users, however, are unaware of this data collection process, in spite of the fact that these processes pose security risks and potential for data leaks. [3] Furthermore, as both government institutions and private companies become more reliant on cloud computing and remote online systems, there have been more reported cases of cybercrimes such as data breaches and espionage. [4]

It is thus critical for the Supreme Court to revise and update their interpretation of the Fourth Amendment to better address the current conditions of online privacy. If the courts do not establish clearer definitions of data privacy and protection, the current lack of clarity as to which parts of private data can be admitted in court will continue, which would potentially inhibit law enforcement’s ability to deter cybercrime. [5] In addition, without a direct understanding of their rights and protections, Internet users are exposed to increased privacy risks while navigating cyberspace.

Privacy is traditionally defined as the freedom from intrusion, the freedom from surveillance, and the right to retain control of personal information. [6] The main protection against the violation of personal privacy is located within the Fourth Amendment of the Constitution. The Fourth Amendment states that “the right of the people to be secure in their person, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” [7] In the digital age, this definition requires some reinterpretation; the majority of our private information and data is no longer kept on our persons or in our physical homes, but is instead located in cyberspace. Advanced technology now permits others to track digital activity and information from a distance, often without the individual’s knowledge. Thus, it becomes unclear what areas of information require warrants to search and how personal privacy can be maintained at all.

The Supreme Court’s previous interpretations of the Fourth Amendment in cases concerning digital privacy have been inconsistent. In 1928’s Olmstead v. United States, the Supreme Court allowed the federal government to wiretap telephone calls without a court order. Olmstead, a suspected bootlegger for illegal liquors, was convicted using evidence from wire-tapped conversations between himself and other defendants. The Court interpreted the Fourth Amendment to be solely applicable to physical intrusion and the search and seizure of material things, rather than something intangible such as a verbal exchange. Furthermore, the court decided that the action of wiretapping itself does not qualify as a search or seizure under the Fourth Amendment, and thus does not require the issue of a warrant. [8] Barely three decades later, the Supreme Court reversed this decision in Katz v. United States (1967). Federal agents accused the plaintiff Katz of transmitting gambling information via phone calls to clients and attaching a recording device to a public telephone booth that Katz used. Using the recorded phone calls as evidence, Katz was initially convicted of illegal transmission of wagering information, but the decision was overturned following appeal to the Supreme Court. The Supreme Court subsequently ruled that Katz was entitled to Fourth Amendment protection for his conversations, and the recordings of his phone calls could not be used as evidence to apprehend him. [9]

More recently, in Kyllo v. United States (2001), the Supreme Court yet again modified its interpretation of the Fourth Amendment. Kyllo, suspected of growing marijuana, was indicted on a federal drug charge after a thermal-imaging device revealed ‘hot spots’ in his apartment complex, later revealed to be high-intensity heat lamps used to grow marijuana indoors. Five of the nine justices decided that the government, by using “a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion,” had violated Kyllo’s Fourth Amendment rights and thus could not use the evidence obtained through the thermal-imaging tool. However, the remaining four justices dissented, arguing that the data obtained through the thermal imager did not invade the defendant’s personal privacy, and such information is considered part of the public domain.

While the final ruling of Kyllo found that the surveillance from the thermal-imaging device was a violation of the Fourth Amendment, this case still raises the following questions: what aspects of personal data are within the domain of warrantless surveillance, and how are said aspects determined to be so? In the future, will the Supreme Court consider massive online data collection similar to the surveillance of the thermal-imaging device? Moreover, the Supreme Court rejected the data from the thermal imager on the grounds that the device is infrequently used by the general public. [10] This suggests that once a device or form of technology becomes more widely used, evidence collection using the device would no longer require a warrant. Such a precedent could also have important legal implications affecting the collection of internet data.

What do these cases entail for the general public? The most immediate impact of these conflicting and disparate rulings is the lack of clarity regarding how the online privacy of ordinary citizens is legally protected. While the Supreme Court ruled that verbal conversations were not protected under the 4th Amendment in Olmstead v. U.S., it was quick to reverse that decision 30 years later in Katz v. U.S., interpreting the provisions of the amendment to indicate that the government was not privy to private discussions. [11] [12] Later, in Kyllo v. U.S., the Court found that the protections for the privacy of personal information depend on the method or device by which such information obtained. [13]

The questions posed by the inconsistent rulings in these cases prompts concern and uncertainty over what personal privacy actually encompasses in the digital age. Over the years, the Supreme Court has ruled on issues concerning online privacy and data protection on a case-by-case basis, and the interpretation of the Fourth Amendment has also varied widely. Such inconsistencies jeopardize law enforcement’s ability to defend against cybercrime because the information they are permitted to collect may vary between different circumstances. Although it is difficult to form a definitive or universal reinterpretation of the Fourth Amendment, it is of critical importance that the Court clarifies which specific aspects of the general public’s data are open to surveillance by government authorities. Such an explanation would allow for the more effective operation of law enforcement as well as a clearer understanding of the individual rights and protections for personal Internet usage.

It is important that the Court sets a consistent benchmark to determine who can access our information and which restrictions can be imposed on those who are legally permitted to access such information. While true online “privacy” may not exist for Internet users, it is necessary to be aware of how data is stored, who has access to it, and the laws pertaining to how this data is used. Without this understanding, individuals will continue to be unaware of how their private information can be used to incriminate them.

[1] Brooke Auxier, Lee Rainie, Monica Anderson, Andrew Perrin, Madhu Kumar, and Erica Turner, Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information, Pew Research Center (2020), online at https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/ (visited December 1, 2020).

[2] Sara Baase and Timothy Henry, A Gift of Fire: Social, Legal, and Ethical Issues for Computing Technology, 34–35 (Pearson, 2019).

[3] Jeff Peters, Data Privacy Guide: Definitions, Explanations and Legislation, Varonis (2020), online at https://www.varonis.com/blog/data-privacy/ (visited November 24, 2020).

[4] Facts & Statistics: Identity theft and cybercrime, Insurance Information Institute (2019), online at https://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime (visited December 13, 2020).

[5] Alex Ciarniello, Police Investigations and Cyber Crime: How to Find Intelligence Safely, Echosec Systems Ltd. (2019), online at https://www.echosec.net/blog/police-investigations-and-cyber-crime-how-to-find-intelligence-safely (visited December 6, 2020).

[6] What Is the Definition of Online Privacy?, Winston & Strawn Legal Glossary (2020), online at https://www.winston.com/en/legal-glossary/online-privacy.html (visited November 3, 2020).

[7] U.S. Const. amend. IV

[8] Olmstead v. United States, 277 U.S. 438 (1928), Justia (2020), online at https://supreme.justia.com/cases/federal/us/277/438/ (visited November 3, 2020).

[9] Katz v. United States, 389 U.S. 347 (1967), Justia (2020), online at https://supreme.justia.com/cases/federal/us/389/347/ (visited November 3, 2020).

[10] Kyllo v. United States, 533 U.S. 27 (2001), Justia (2020), online at https://supreme.justia.com/cases/federal/us/533/27/ (visited November 3, 2020).

[11] Olmstead v. United States, 277 U.S. 438 (1928)

[12] Katz v. United States, 389 U.S. 347 (1967)

[13] Kyllo v. United States, 533 U.S. 27 (2001)