Matthew Tokson, Automation and the Fourth Amendment
Comment by: Stephen Henderson
Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1471517
Workshop draft abstract:
Most Internet users are not aware that many Internet Service Providers collect data about their customers’ online activities and sell it to third party marketers. Yet, remarkably, many users that are aware of their Providers’ invasive practices remain unconcerned, and very few users change their behavior in order to protect their privacy. This presents several problems for scholars who propose that users have a reasonable expectation of privacy in personal online data.
This article posits that Internet users are largely unconcerned that their ISPs have access to intimate forms of online communications data (from emails to web surfing data to associated subscriber information) because in virtually every case no other human being will ever use or even see such data. Instead, all of the operations involving data that can be traced to an individual user are carried out by computers performing automated tasks on databases of customer information. Because the information is never viewed by a person, the user never perceives a privacy harm or privacy risk.
However, the Supreme Court has held that voluntary disclosure of one’s personal information to either an employee or the automated equipment of a third-party corporation eliminates a reasonable expectation of privacy in that information. This article examines how this aspect of the Court’s third-party doctrine threatens to eviscerate criminal and civil privacy protections for online content. It discusses the failures of many courts and scholars to distinguish between disclosure to automated systems and disclosure to human beings when determining the legal protection that electronic data should receive. The article proposes that the automated equipment rationale can be and must be limited to the context of telephone number switching, and challenges the misconception of privacy that lies behind the Court’s over-aggressive application of the third party doctrine. It concludes by analyzing whether the reasonable expectation of privacy test as developed by Katz and its progeny is destined to be dramatically underprotective of privacy whenever it is applied to the complex and ever-changing technological framework of Internet communications and personal data.