The government is making data less personal
You are careful with your personal information, right? Good — then you know all your rights when it comes to those service agreements you signed for your cell phone and online services. No? Don’t be too hard on yourself. Most of us don’t. Still, our ignorance won’t protect us from the risk of personal information becoming compromised. Recent laws and a Supreme Court case currently being decided may cause our data to become even more vulnerable. So even if you decide not to read all those pesky user agreements, you should know what the fate could be for your data security.
Carpenter v. United States
Carpenter v. United States is a case that is currently undecided by the Supreme Court of the United States. In short, a prolific criminal (Carpenter) was involved in a series of armed robberies. During the investigatory stages of the case, the police found justification in the Stored Communications Act to access Carpenter’s historical cell-site records without a warrant.
GPS location services allowed the police to see which specific cell phone towers Carpenter was connected to at specific times around the times of the crimes. But they didn’t only search records near the time of the robbery: rather, Carpenter’s location was tracked for 127 days (a little more than four months), and the cell-site data linked Carpenter’s cell phone to the location of the robberies. This was then used to convict him of the crime.
The central focus of the case is to whether a warrant is needed to access historical cell phone records revealing the location and movements of a cell phone user. At the time of this writing, Carpenter is undecided, and it will have grand implications for cellular privacy rights dependent on the decision.
If the Supreme Court rules for the United States in Carpenter (holding that a warrant was not needed to access the cell phone records), it will be an enormous loss for data privacy. Service providers, not you, will own the data and will turn it over to the government without even needing a warrant.
However, if the Supreme Court rules in favor of Carpenter (holding that a warrant was needed to access the cell phone records) this would be a win for data privacy and would put more focus on the need for stronger contractual relationships protecting consumers’ data privacy. The government in this scenario would need a warrant to access cell phone records.
A sub-issue of the Carpenter case, however, is that if the Fourth Amendment protects our “persons, houses, papers, and effects, against unreasonable searches and seizure,” does that mean that our internet data qualifies as “papers” or “effects” under the Fourth Amendment?
If so, our data could be protected under the warrant requirement of the Fourth Amendment. If not, well, you can imagine the possible ramifications.
The CLOUD Act
Never heard of the CLOUD Act? Why would you — it was buried deep within the omnibus spending bill that was recently passed in Congress.
While it received little attention, the new law has big implications. It grants broad discretionary powers to the Attorney General which requires “...[disclosure] to the entity within a qualifying foreign government... the fact of the existence of legal process issued under this section seeking the contents of a wire or electronic communication of a customer or subscriber who is a national or resident of the qualifying foreign government.”
This basically means the Feds have access to Americans' data being held overseas, but it also allows other countries to gain access to their citizens' private data when it's stored here in America. No warrant is required; in fact, the term “warrant” isn’t even mentioned in the entire bill.
The CLOUD Act has sweeping privacy concerns. It reduces Congressional oversight over United States citizens’ data and allows information to be accessed by foreign governments who do not have to conform to the protection of the Fourth Amendment. Among other things, the bill requires the foreign entity to have fair trial rights, prohibit arbitrary arrests, and respect privacy rights.
This is obviously a win for technology companies as it gives them a hands-off approach to respecting the data privacy of United States citizens. Respecting privacy is surely a noble ideal, yet it is unclear as to whether it falls under tangible and objective protections afforded to United States citizens under the Fourth Amendment.
You still have some control
We’re in the cloud, we’re on Facebook, and we’re online — there is no turning back for many of us in terms of concealing our personal information.
While you might not be able to go off the grid, you can motivate and support your elected representatives to keep data privacy and security a priority. Along with questions about how they plan on keeping your taxes down, pressure them to answer how they will push for property-based privacy protections of our personal information.
That may seem like a lot of work, but of course, there is an alternative; you could always read the user agreement. It’s unclear which one would be more difficult, though!