This Article examines a question that has become increasingly important in the emerging surveillance society: Should the law treat information as private even though others know about it? This is the third-party privacy problem. Part II explores two competing conceptions of privacy — the binary and contextual conceptions. Part III describes two features of the emerging surveillance society that should change the way we address the third-party privacy problem. One feature, “surveillance on demand,” results from exponential increases in data collection and aggregation. The other feature, “uploaded lives,” reflects a revolution in the type and amount of information that we share digitally. Part IV argues that the binary conception cannot protect privacy in the surveillance society because it fails to account for the new realities of surveillance on demand and uploaded lives. Finally, Part V illustrates how courts and legislators can implement the contextual conception to deal with two emerging surveillance society problems — facial recognition technology and geolocation data.
Privacy laws rely on the unexamined assumption that the collection of data is not speech. That assumption is incorrect. Privacy scholars, recognizing an imminent clash between this long-held assumption and First Amendment protections of information, argue that data is different from the sort of speech the Constitution intended to protect. But they fail to articulate a meaningful distinction between data and other more traditional forms of expression. Meanwhile, First Amendment scholars have not paid sufficient attention to new technologies that automatically capture data. These technologies reopen challenging questions about what “speech” is.
This Article makes two overdue contributions to the First Amendment literature. First, it argues that when the scope of First Amendment coverage is ambiguous, courts should analyze the government’s motive for regulating. Second, it highlights and strengthens the strands of First Amendment theory that protect the right to create knowledge. Whenever the state regulates in order to interfere with the creation of knowledge, that regulation should draw First Amendment scrutiny.
In combination, these claims show clearly why data must receive First Amendment protection. When the collection or distribution of data troubles lawmakers, it does so because data has the potential to inform and to inspire new opinions. Data privacy laws regulate minds, not technology. Thus, for all practical purposes, and in every context relevant to privacy debates, data is speech.
The police tend to think that those who evade surveillance are criminals. Yet the evasion may only be a protest against the surveillance itself. Faced with the growing surveillance capacities of the government, some people object. They buy “burners” (prepaid phones) or “freedom phones” from Asia that have had all tracking devices removed, or they hide their smartphones in ad hoc Faraday cages that block their signals. They use Tor to surf the internet. They identify tracking devices with GPS detectors. They avoid credit cards and choose cash, prepaid debit cards, or bitcoins. They burn their garbage. At the extreme end, some “live off the grid” and cut off all contact with the modern world.
These are all examples of what I call privacy protests: actions individuals take to block or to thwart government surveillance for reasons unrelated to criminal wrongdoing. Those engaged in privacy protests do so primarily because they object to the presence of perceived or potential government surveillance in their lives. How do we tell the difference between privacy protests and criminal evasions, and why does it matter? Surprisingly scant attention has been given to these questions, in part because Fourth Amendment law makes little distinction between ordinary criminal evasions and privacy protests. This Article discusses the importance of these ordinary acts of resistance, their place in constitutional criminal procedure, and their potential social value in the struggle over the meaning of privacy.
In a recent spate of highly publicized incidents, citizens have used cell phones equipped with video cameras to record violent arrests. Oftentimes they post their recordings on the Internet for public examination. As the courts have recognized, this behavior lies close to the heart of the First Amendment.
But the Constitution imperfectly protects this new form of government monitoring. Fourth Amendment doctrine generally permits the warrantless seizure of cell phones used to record violent arrests, on the theory that the recording contains evidence of a crime. The Fourth Amendment inquiry does not evaluate a seizing officer’s state of mind, permitting an official to seize a video for the very purpose of suppressing its contents. Moreover, Supreme Court precedent is typically read to ignore First Amendment interests implicated by searches and seizures.
This result is perverse. Courts evaluating these seizures should stop to recall the Fourth Amendment’s origins as a procedural safeguard for expressive interests. They should remember, too, the Supreme Court’s jurisprudence surrounding seizures of obscene materials—an area in which the Court carefully shaped Fourth Amendment doctrine to protect First Amendment values. Otherwise reasonable seizures can become unreasonable when they threaten free expression, and seizures of cell phones used to record violent arrests are of that stripe. Courts should therefore disallow this breed of seizure, trusting the political branches to craft a substitute procedure that will protect law-enforcement interests without doing violence to First Amendment freedoms.Elizabeth Friedler, Protecting the Innocent—the Need to Adapt Federal Asset Forfeiture Laws to Protect the Interests of Third Parties in Digital Asset Seizures, Cardozo Arts & Entertainment Law Journal, Volume 32, Issue 1 (2013).
Jana Sutton, Of Information, Trust, and Ice Cream: A Recipe for a Different Perspective on the Privacy of Health Information, 55 Ariz. L. Rev. 1171 (2014). Abstract:
The concept of privacy is inescapable in modern society. As technology develops rapidly and online connections become an integral part of our daily routines, the lines between what may or may not be acceptable continue to blur. Individual autonomy is important. We cannot, however, allow it to suffocate the advancement of technology in such vital areas as public health. Although this Note cannot lay out detailed instructions to balance the desire for autonomy and the benefits of free information, it attempts to provide some perspective on whether we are anywhere close to striking the right balance. When the benefits of health information technology are so glaring, and yet its progress has been so stifled, perhaps we have placed far too much value—at least in the health care context—on individual privacy.Kevin S. Bankston & Ashkan Soltani, Tiny Constables and the Cost of Surveillance: Making Cents Out of United States v. Jones, 123 YALE L.J. ONLINE 335 (2014). Abstract:
In United States v. Jones, five Supreme Court Justices wrote that government surveillance of one’s public movements for twenty-eight days using a GPS device violated a reasonable expectation of privacy and constituted a Fourth Amendment search. Unfortunately, they didn’t provide a clear and administrable rule that could be applied in other government surveillance cases. In this Essay, Kevin Bankston and Ashkan Soltani draw together threads from the Jones concurrences and existing legal scholarship and combine them with data about the costs of different location tracking techniques to articulate a cost-based conception of the expectation of privacy that both supports and is supported by the concurring opinions in Jones.Schmitt, Michael N. and Vihul, Liis, The International Law of Attribution During Proxy 'Wars' in Cyberspace (January 30, 2014). 1 Fletcher Security Review (2014 Forthcoming). Abstract:
The article examines the use of non-State actors by States to conduct cyber operations against other States. In doing so, it examines attribution of a non-State actor's cyber operations to a State pursuant to the law of State responsibility, attribution of a non-State actor's cyber armed attack to a State for the purposes of a self-defense analysis, and attribution of cyber military operations to a State in the context of determining whether an international armed conflict has been initiated. These three very different legal inquiries are often confused with each other. The article seeks to deconstruct the issue of attribution into its various normative components.Kate Crawford & Jason Schultz, Big Data and Due Process: Toward a Framework to Redress Predictive Privacy Harms, 55 B.C. L. Rev. 93 (2014). Abstract:
The rise of “Big Data” analytics in the private sector poses new challenges for privacy advocates. Through its reliance on existing data and predictive analysis to create detailed individual profiles, Big Data has exploded the scope of personally identifiable information (“PII”). It has also effectively marginalized regulatory schema by evading current privacy protections with its novel methodology. Furthermore, poor execution of Big Data methodology may create additional harms by rendering inaccurate profiles that nonetheless impact an individual’s life and livelihood. To respond to Big Data’s evolving practices, this Article examines several existing privacy regimes and explains why these approaches inadequately address current Big Data challenges. This Article then proposes a new approach to mitigating predictive privacy harms—that of a right to procedural data due process. Although current privacy regimes offer limited nominal due process-like mechanisms, a more rigorous framework is needed to address their shortcomings. By examining due process’s role in the Anglo-American legal system and building on previous scholarship about due process for public administrative computer systems, this Article argues that individuals affected by Big Data should have similar rights to those in the legal system with respect to how their personal data is used in such adjudications. Using these principles, this Article analogizes a system of regulation that would provide such rights against private Big Data actors.Larkin, Paul J., 'Revenge Porn,' State Law, and Free Speech (January 14, 2014). Abstract:
For most of our history, only celebrities — presidents, movie stars, professional athletes, and the like — were at risk of having their everyday exploits and activities photographed and shown to the world. But that day is gone. Today, we all face the risk of being made into a celebrity due to the ubiquity of camera-equipped cell phones and the ease of uploading photographs or videos onto the Internet. But a particularly troubling aspect of this phenomenon goes by the name of "revenge porn" — that is, the Internet posting of photographs of naked former wives and girlfriends, sometimes in intimate positions or activities. Revenge porn is an example of malicious conduct that injures the welfare of someone who mistakenly trusted an intimate partner. Tort law traditionally has allowed parties to recover damages for such violations of privacy, and criminal law also can prohibit such conduct, but there are several First Amendment defenses that the responsible parties can assert to fend off liability. This article argues that allowing a victim of revenge porn to recover damages for publication that breaches an implicit promise of confidentiality is faithful to tort and criminal law principles and will not punish or chill the legitimate expression of free speech.Jonathan Olivito, Beyond the Fourth Amendment: Limiting Drone Surveillance Through the Constitutional Right to Informational Privacy, 74 Ohio St. L.J. 669 (2013).
The entirety of Volume 74, Issue 6 in the Ohio State Law Journal; Symposium: The Second Wave of Global Privacy Protection (Titles Below)
Peter Swire, The Second Wave of Global Privacy Protection: Symposium Introduction, 74 Ohio St. L.J. 841 (2013).
Ann Bartow, Privacy Laws and Privacy Levers: Online Surveillance Versus Economic Development in the People’s Republic of China, 74 Ohio St. L.J. 853 (2013).
Andrew Clearwater & J. Trevor Hughes, In the Beginning . . . An Early History of the Privacy Profession, 74 Ohio St. L.J. 897 (2013).
Claudia Diaz, Omer Tene & Seda Gürses, Hero or Villain: The Data Controller in Privacy Law and Technologies, 74 Ohio St. L.J. 923 (2013).
A. Michael Froomkin, “PETs Must Be on a Leash”: How U.S. Law (and Industry Practice) Often Undermines and Even Forbids Valuable Privacy Enhancing Technology, 74 Ohio St. L.J. 965 (2013).
Woodrow Hartzog, Social Data, 74 Ohio St. L.J. 995 (2013).
Dennis D. Hirsch, In Search of the Holy Grail: Achieving Global Privacy Rules Through Sector-Based Codes of Conduct, 74 Ohio St. L.J. 1029 (2013).
Gus Hosein & Caroline Wilson Palow, Modern Safeguards for Modern Surveillance: An Analysis of Innovations in Communications Surveillance Techniques, 74 Ohio St. L.J. 1071 (2013).
Anil Kalhan, Immigration Policing and Federalism Through the Lens of Technology, Surveillance, and Privacy, 74 Ohio St. L.J. 1105 (2013).
Bartosz M. Marcinkowski, Privacy Paradox(es): In Search of a Transatlantic Data Protection Standard, 74 Ohio St. L.J. 1167 (2013).
Thomas Margoni & Mark Perry, Deep Pockets, Packets, and Harbors, 74 Ohio St. L.J. 1195 (2013).
Omer Tene, Privacy Law’s Midlife Crisis: A Critical Assessment of the Second Wave of Global Privacy Laws, 74 Ohio St. L.J. 1217 (2013).
Yofi Tirosh & Michael Birnhack, Naked in Front of the Machine: Does Airport Scanning Violate Privacy? 74 Ohio St. L.J. 1263 (2013).
Yang Wang, Pedro Giovanni Leon, Xiaoxuan Chen, Saranga Komanduri, Gregory Norcie, Kevin Scott, Alessandro Acquisti, Lorrie Faith Cranor & Norman Sadeh, From Facebook Regrets to Facebook Privacy Nudges, 74 Ohio St. L.J. 1307 (2013).
Tal Z. Zarsky & Norberto Nuno Gomes de Andrade, Regulating Electronic Identity Intermediaries: The “Soft eID” Conundrum, 74 Ohio St. L.J. 1335 (2013).The entirety of Volume 14, Issue 1 of the Journal of High Technology Law (2014) (Titles Below).
After Jones, The Deluge: The Fourth Amendment's Treatment Of Information, Big Data And The Cloud , Lon A. Berk, 14 J. High Tech L. 1 (2014).
The Legislative Response To Employers' Requests For Password Disclosure, Jordan M. Blanke, 14 J. High Tech L. 42 (2014).
A Shot In The Dark: An Analysis Of The SEC's Response To The Rise Of Dark Pools Edwin Batista, 14 J. High Tech L. 83 (2014).
Privacy Protections Left Wanting: Looking At Doctrine And Safeguards On Law Enforcements' Use Of GPS Tracking And Cell Phone Records With A Focus On Massachusetts, Lloyd Chebaclo, 14 J. High Tech L. 120 (2014).
