Government-Mandated Spying on Bank Customers Undermines both Privacy and Law Enforcement
I recently publicized an interesting map showing that so-called tax havens are not hotbeds of dirty money. A more fundamental question is whether anti-money laundering laws are an effective way of fighting crime — particularly since they substantially undermine privacy.
In this new six-minute video, I ask whether it’s time to radically rethink a system that costs billions of dollars each year, forces banks to snoop on their customers, and misallocates law enforcement resources.
The Government Can Monitor Your Location All Day Every Day Without Implicating Your Fourth Amendment Rights
If you have a mobile phone, that’s the upshot of an argument being put forward by the government in a case being argued before the Third Circuit Court of Appeals tomorrow. The case is called In the Matter of the Application of the United States of America For An Order Directing A Provider of Electronic Communication Service To Disclose Records to the Government.
In that case, the Obama administration has argued that Americans enjoy no “reasonable expectation of privacy” in their—or at least their cell phones’—whereabouts. U.S. Department of Justice lawyers say that “a customer’s Fourth Amendment rights are not violated when the phone company reveals to the government its own records” that show where a mobile device placed and received calls.
The government can maintain this position because of the retrograde “third party doctrine.” That doctrine arose from a pair of cases in the early 1970s in which the Supreme Court found no Fourth Amendment problems when the government required service providers to maintain records about their customers, and later required those service providers to hand the records over to the government.
I wrote about these cases, and the courts’ misunderstanding of privacy since 1967′s Katz decision, in an American University Law Review article titled “Reforming Fourth Amendment Privacy Doctrine“:
These holdings were never right, but they grow more wrong with each step forward in modern, connected living. Incredibly deep reservoirs of information are constantly collected by third-party service providers today. Cellular telephone networks pinpoint customers’ locations throughout the day through the movement of their phones. Internet service providers maintain copies of huge swaths of the information that crosses their networks, tied to customer identifiers. Search engines maintain logs of searches that can be correlated to specific computers and usually the individuals that use them. Payment systems record each instance of commerce, and the time and place it occurred. The totality of these records are very, very revealing of people’s lives. They are a window onto each individual’s spiritual nature, feelings, and intellect. They reflect each American’s beliefs, thoughts, emotions, and sensations. They ought to be protected, as they are the modern iteration of our “papers and effects.”
This is a case to watch, as it will help determine whether or not your digital life is an open book to government investigators.
The Virtual Fourth Amendment
I’ve just gotten around to reading Orin Kerr’s fine paper “Applying the Fourth Amendment to the Internet: A General Approach.” Like most everything he writes on the topic of technology and privacy, it is thoughtful and worth reading. Here, from the abstract, are the main conclusions:
First, the traditional physical distinction between inside and outside should be replaced with the online distinction between content and non-content information. Second, courts should require a search warrant that is particularized to individuals rather than Internet accounts to collect the contents of protected Internet communications. These two principles point the way to a technology-neutral translation of the Fourth Amendment from physical space to cyberspace.
I’ll let folks read the full arguments to these conclusions in Orin’s own words, but I want to suggest a clarification and a tentative objection. The clarification is that, while I think the right level of particularity is, broadly speaking, the person rather than the account, search warrants should have to specify in advance either the accounts covered (a list of e-mail addresses) or the method of determining which accounts are covered (“such accounts as the ISP identifies as belonging to the target,” for instance). Since there’s often substantial uncertainty about who is actually behind a particular online identity, the discretion of the investigator in making that link should be constrained to the maximum practicable extent.
Some Thoughts on the New Surveillance
Last night I spoke at “The Little Idea,” a mini-lecture series launched in New York by Ari Melber of The Nation and now starting up here in D.C., on the incredibly civilized premise that, instead of some interminable panel that culminates in a series of audience monologues-disguised-as-questions, it’s much more appealing to have a speaker give a ten-minute spiel, sort of as a prompt for discussion, and then chat with the crowd over drinks.
I’d sketched out a rather longer version of my remarks in advance just to make sure I had my main ideas clear, and so I’ll post them here, as a sort of preview of a rather longer and more formal paper on 21st century surveillance and privacy that I’m working on. Since ten-minute talks don’t accommodate footnotes very well, I should note that I’m drawing for a lot of these ideas on the excellent work of legal scholars Lawrence Lessig and Daniel Solove (relevant papers at the links). Anyway, the expanded version of my talk after the jump:
“VIPR” Stands for “Visible Intermodal Prevention and Response” . . .
. . . and it’s sinking its fangs into Americans’ civil liberties.
Here’s a story about a “VIPR” team performing a “sting” operation on innocent Americans at a bus terminal in Florida, searching their persons and bags and discovering their petty crimes.
It’s almost a certainty that whoever named this sub-unit of the Department of Homeland Security thought it was a clever way to convey machismo and give a sense of mission to members of VIPR teams. But it also illustrates how the 9/11 terrorist attacks have caused the United States to lose its grip and behave like a cornered snake rather than a strong, free country.
The natural illogic of VIPR stings is that terrorism can strike anywhere, so VIPR teams should search anywhere. It’s the undoing of the Fourth Amendment, and it’s unwarranted counterterrorism because it expends resources on things that won’t catch or deter terrorists. Indeed, VIPR “stings” may encourage terrorism because they show that terrorism successfully undermines the American way of life.
PATRIOT Powers: Roving Wiretaps
Last week, I wrote a piece for Reason in which I took a close look at the USA PATRIOT Act’s “lone wolf” provision—set to expire at the end of the year, though almost certain to be renewed—and argued that it should be allowed to lapse. Originally, I’d planned to survey the whole array of authorities that are either sunsetting or candidates for reform, but ultimately decided it made more sense to give a thorough treatment to one than trying to squeeze an inevitably shallow gloss on four or five complex areas of law into the same space. But the Internets are infinite, so I’ve decided I’d turn the Reason piece into Part I of a continuing series on PATRIOT powers. In this edition: Section 206, roving wiretap authority.
The idea behind a roving wiretap should be familiar if you’ve ever watched The Wire, where dealers used disposable “burner” cell phones to evade police eavesdropping. A roving wiretap is used when a target is thought to be employing such measures to frustrate investigators, and allows the eavesdropper to quickly begin listening on whatever new phone line or Internet account his quarry may be using, without having to go back to a judge for a new warrant every time. Such authority has long existed for criminal investigations—that’s “Title III” wiretaps if you want to sound clever at cocktail parties—and pretty much everyone, including the staunchest civil liberties advocates, seems to agree that it also ought to be available for terror investigations under the Foreign Intelligence Surveillance Act. So what’s the problem here?
What You Don’t Know Won’t Hurt You (Surveillance State Edition)
While there are many choice tidbits to relate from Tuesday’s hearings on PATRIOT Act reform at the House Judiciary Committee’s Subcommittee on the Constitution—not least the fellow who had to be wrestled from the room, literally kicking and screaming, after he tried to stand and interrupt with a complaint about alleged FBI violations of his civil rights—I’ll just relate a novel theory of the Fourth Amendment advanced by Rep. Steve King (R-Iowa).
The ACLU’s Mike German, a former FBI agent turned surveillance policy expert, was explaining that it’s hard to know whether expansive surveillance powers are being abused, they’re mostly used in secret and deployed via third-parties like financial institutions and telecoms, who have little incentive to raise much fuss or draw attention to their cooperation. King interrupted to suggest that if we weren’t hearing about constitutional challenges, then it was probably safe to assume there was no Fourth Amendment harm. German tried to reiterate that the people whose privacy interests were directly harmed typically would not know they had ever been targeted.
That, King declared, was precisely the point. Surveillance of which the subject never became aware, he said, could be compared to a “tree falling in the forest” when nobody’s around. In other words, if you aren’t ultimately prosecuted, and don’t even feel subjective distress as a result of the knowledge that your private records or communications have been pored over, then it’s presumably no harm, no foul. If we take this line of thinking literally, sufficiently secret surveillance can never be unconstitutional, which would seem to make King a spiritual cousin of Richard “if the president does it, that means it’s not illegal” Nixon.
Picture Don Draper Stamping on a Human Face, Forever
Last week, a coalition of 10 privacy and consumer groups sent letters to Congress advocating legislation to regulate behavioral tracking and advertising, a phrase that actually describes a broad range of practices used by online marketers to monitor and profile Web users for the purpose of delivering targeted ads. While several friends at the Tech Liberation Front have already weighed in on the proposal in broad terms — in a nutshell: they don’t like it — I think it’s worth taking a look at some of the specific concerns raised and remedies proposed. Some of the former strike me as being more serious than the TLF folks allow, but many of the latter seem conspicuously ill-tailored to their ends.
First, while it’s certainly true that there are privacy advocates who seem incapable of grasping that not all rational people place an equally high premium on anonymity, it strikes me as unduly dismissive to suggest, as Berin Szoka does, that it’s inherently elitist or condescending to question whether most users are making informed choices about their privacy. If you’re a reasonably tech-savvy reader, you probably know something about conventional browser cookies, how they can be used by advertisers to create a trail of your travels across the Internet, and how you can limit this. But how much do you know about Flash cookies? Did you know about the old CSS hack I can use to infer the contents of your browser history even without tracking cookies? And that’s without getting really tricksy. If you knew all those things, congratulations, you’re an enormous geek too — but normal people don’t. And indeed, polls suggest that people generally hold a variety of false beliefs about common online commercial privacy practices. Proof, you might say, that people just don’t care that much about privacy or they’d be attending more scrupulously to Web privacy policies — except this turns out to impose a significant economic cost in itself.
The truth is, if we were dealing with a frictionless Coaseian market of fully-informed users, regulation would not be necessary, but it would not be especially harmful either, because users who currently allow themselves to be tracked would all gladly opt in. In the real world, though, behavioral economics suggests that defaults matter quite a lot: Making informed privacy choices can be costly, and while an opt-out regime will probably yield tracking of some who would prefer not to be under conditions of full information and frictionless choice, an opt-in regime will likely prevent tracking of folks who don’t object to tracking. And preventing that tracking also has real social costs, as Berin and Adam Thierer have taken pains to point out. In particular, it merits emphasis that behavioral advertising is regarded by many as providing a viable business model for online journalism, where contextual advertising tends not to work very well: There aren’t a lot of obvious products to tie in to an important investigative story about municipal corruption. Either way, though, the outcome is shaped by the default rule about the level of monitoring users are presumed to consent to. So which set of defaults ought we to prefer?
Victory for Decency at the Supreme Court
The Supreme Court’s decision today in Safford Unified School District #1 et al. v. Redding was a victory for privacy and decency. The Court held that a middle school violated the Fourth Amendment rights of a thirteen-year-old girl by strip searching her in a failed effort to find Ibuprofen pills and an over-the-counter painkiller.
The Cato Institute filed an amicus brief, joined by the Rutherford Institute and the Goldwater Institute, opposing such abuses of school officials’ authority. The search in this case should have ended with the student’s backpack and pockets; forcing a teenage girl to pull her bra and panties away from her body for visual inspection is an invasion of privacy that must be reserved for extreme cases. School officials should be authorized to conduct such a search only when they have credible evidence that the student is in possession of objects posing a danger to the school and that the student has hidden them in a place that only a strip search will uncover.
Today’s decision should not come as a surprise. School officials were not granted unlimited police power in the seminal student search case, New Jersey v. T.L.O. Justice Stevens explored the limits of school searches in his partial concurrence and partial dissent, specifically mentioning strip searches. “To the extent that deeply intrusive searches are ever reasonable outside the custodial context, it surely must only be to prevent imminent, and serious harm.”
The Fourth Amendment exists to preserve a balance between the individual’s reasonable expectation of privacy and the state’s need for order and security. Unnecessarily traumatizing students with invasive and humiliating breaches of personal privacy upsets this balance. Today’s decision restores reasonable limits to student searches and provides valuable guidance to school officials.
Schneier and Friends on Fixing Airport Security
Security guru Bruce Schneier comes down on the strictly pragmatic side in this essay called “Fixing Airport Security.” Because of terrorism fears, he says, TSA checkpoints are “here to stay.” The rules should be made more transparent. He also argues for an amendment to some constitutional doctrines:
The Constitution provides us, both Americans and visitors to America, with strong protections against invasive police searches. Two exceptions come into play at airport security checkpoints. The first is “implied consent,” which means that you cannot refuse to be searched; your consent is implied when you purchased your ticket. And the second is “plain view,” which means that if the TSA officer happens to see something unrelated to airport security while screening you, he is allowed to act on that. Both of these principles are well established and make sense, but it’s their combination that turns airport security checkpoints into police-state-like checkpoints.
The comments turn up an important recent Fourth Amendment decision circumscribing TSA searches. In a case called United States v. Fofana, the district court for the southern district of Ohio held that a search of passenger bags going beyond what was necessary to detect articles dangerous to air transportation violated the Fourth Amendment. “[T]he need for heightened security does not render every conceivable checkpoint search procedure constitutionally reasonable,” wrote the court.
Application of this rule throughout the country would not end the “police-state-like checkpoint,” but at least rummaging of our things for non-air-travel-security would be restrained.
I prefer principle over pragmatism and would get rid of TSA.
Fourth Amendment Up for a Vote?
New Jerseyans may get a chance to vote their Fourth Amendment preferences in the upcoming gubernatorial elections. Among the candidates is Chris Christie, who as U.S. Attorney for New Jersey authorized the tracking of suspects’ cell phones without getting a warrant.
Dance Like Thomas Jefferson’s Watching
As Thomas Jefferson’s birthday (April 13) approaches — and last night being the first night of Passover, which Jews celebrate to commemorate their deliverance from slavery – I thought I’d comment on a disturbing tale that reminds us again that “the price of liberty is eternal vigilance.”
In celebration of Thomas Jefferson’s (265th) birthday last year, about 20 D.C.-area libertarians gathered at the Jefferson Memorial just before midnight. The plan was to have a music-through-headphones dance party for the father of the Declaration of Independence (i.e. each person would dance to the tune of his individual iPod). I was actually supposed to attend, but for some reason did not make it.
It was a short-lived party, however, with an ending that would almost certainly have made our nation’s third president frown in disapproval.
Shortly after the silent bopping started, U.S. Park Police officers began to disperse the partygoers. After shooing and pushing revelers (who were drunk only on liberty) off the memorial, one officer confronted the lone remaining dancer, Brooke Oberwetter, and told her to leave. Oberwetter calmly asked what law or rules she was violating. The officer provided no explanation but continued to insist that she leave. Not satisfied with the officer’s response, Oberwetter stood her ground — until the officer pushed her against a stone pillar, handcuffed her, and led her away.
Now, nearly one year later — after the citation against her (for “interfering with an agency function,” whatever that means) was neither dropped nor pursued – Oberwetter filed suit in the U.S. District Court for the District of Columbia against the arresting officer, Kenneth Hilliard, and the Secretary of the Interior, Kenneth Salazar (whose office oversees the Park Police). Oberwetter argues that Hilliard and the Park Police violated her First Amendment rights by interrupting and preventing her expressive activity and freedom of assembly. She also alleges that here Fourth Amendment rights were violated when she was arrested without probable cause and with excessive force.
The complaint, available here, is a model of legal writing. Pithy, legally sound, and eminently readable, I cannot recommend it more highly to law students and young lawyers. This is perhaps not surprising because Oberwetter’s counsel is none other than my friend Alan Gura, who last year successfully argued D.C. v. Heller before the Supreme Court.
Here’s a recent TV news story about the case and here’s Radley Balko’s (formerly of Cato, now at Reason) original post about the incident.
Full disclosure: While our tenures never crossed, Oberwetter is a former Cato employee – and a social acquaintance. I wish Brooke and Alan the best in their fight against such arbitrary use of government power to oppress basic liberty. (As Alan told me, a good rule of thumb for police: if you can’t think of any charges, even a few weeks later, it was probably a bad arrest.) And I hope the incident gets Kevin Bacon thinking sequel.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
