Sunday, February 01, 2009

Schneier: SCOTUS missed chance to motivate police to purge harmful database errors

Eliminating the exclusionary rule has been a lifelong goal of Chief Justice John Roberts, the New York Times reported this week, and with last month's Herring decision, he came achingly close to finally achieving that goal. (See a more detailed discussion of the Times piece at Simple Justice.)

But renowned security expert Bruce Schneier (rhymes with "wire") says the exclusionary rule is a "is a security system designed to protect us all from police abuse." In particular, he disapproves of SCOTUS disallowing exclusion of evidence based on unintentional errors in security databases, a topic which happens to coincide with Schneier's cybersecurity specialty. He writes:

The Herring case is more complicated, because the police thought they did have a warrant. The error was not a police error, but a database error. And, in fact, Judge Roberts wrote for the majority: "The exclusionary rule serves to deter deliberate, reckless, or grossly negligent conduct, or in some circumstances recurring or systemic negligence. The error in this case does not rise to that level."

Unfortunately, Roberts is wrong. Government databases are filled with errors. People often can't see data about themselves, and have no way to correct the errors if they do learn of any. And more and more databases are trying to exempt themselves from the Privacy Act of 1974, and specifically the provisions that require data accuracy. The legal argument for excluding this evidence was best made by an amicus curiae brief filed by the Electronic Privacy Information Center, but in short, the court should exclude the evidence because it's the only way to ensure police database accuracy. ...

By not applying the exclusionary rule in the Herring case, the Supreme Court missed an important opportunity to motivate the police to purge errors from their databases. Constitutional lawyers have written many articles about this ruling, but the most interesting idea comes from George Washington University professor Daniel J. Solove, who proposes this compromise: "If a particular database has reasonable protections and deterrents against errors, then the Fourth Amendment exclusionary rule should not apply. If not, then the exclusionary rule should apply. Such a rule would create an incentive for law enforcement officials to maintain accurate databases, to avoid all errors, and would ensure that there would be a penalty or consequence for errors."

Increasingly, we are being judged by the trail of data we leave behind us. Increasingly, data accuracy is vital to our personal safety and security. And if errors made by police databases aren't held to the same legal standard as errors made by policemen, then more and more innocent Americans will find themselves the victims of incorrect data.

See related Grits posts:

7 comments:

Anonymous said...

I'd be interested to know just how the information is compiled.

Is there a statewide standard or database or is each county responsible for implementing there own policies and systems in this regard?

JWT (Blogger In Chief) said...

It's a hodge-podge mixture of different databases that are at best loosely connected.

Gritsforbreakfast said...

JWT's pretty much right. There is a statewide database for criminal records, etc., but there's no real data integrity monitoring and it's entirely dependent on what the locals input, which is often incomplete or wrong.

Anonymous said...

Are the court databases tied into the police databases or are they two different systems?

I'm not trying to be picky here, but it does make a difference in the way things are indexed and the compatability of the software.

It's no great trick to be able to build a database to house records, but another matter entirely to have one in which records can be retrieved in some meaningful, cohesive fashion. Also one that is sophisticated enough to alert the user of likely errors.

Gritsforbreakfast said...

Not just two different systems for courts and cops ... MANY different systems. There are a lot of different agencies out there.

Anonymous said...

Just from a technical aspect then, it would seem all but impossible to rely on the information as anything other than suspect, in terms of its accuracy.

I would think that it would be in law enforcements best interest to try to set some uniform standards for this.

Anonymous said...

Standards are like little laws. Do you really expect law enforcement to obey the laws? Why, how would they work their corrupt deals? How would a DA hide the fact that he failed to prosecute the rich?

With accurate data, we could find out what is really going on. Surely you can see that law enforcement would be opposed to that!