Check out a recent GAO report titled, "Information Resellers: Consumer Privacy Framework Needs to Reflect Changes in Technology and Marketplace" (pdf). Regarding location information, which has been a focus on this blog, GAO found that apart from a law regulating information about young children, "No federal privacy laws that we evaluated ... expressly address location data, location-based technology, and consumer privacy." (Texas came close to passing a statute this year regulating location data and several other states have done so since then.) The GAO report noted in passing that "In 2010, [the federal Department of] Commerce recommended that the Administration review [the Electronic Communications Privacy Act] to address privacy protection of location-based services." (Those interested can view that report here.)
Regrettably, while the GAO report included some discussion of the privacy implications for consumer information shared with third parties, it utterly failed to address the Fourth Amendment implications of the third-party doctrine as it applies to law enforcement accessing consumer data held by vendors. Meanwhile, the Obama Administration continues to apply a sweeping interpretation of the 1979 US Supreme Court case, Smith v. Maryland, to claim that consumers have no significant privacy interests once data from their computer or smart phone is shared with a third-party vendor. For example, ACLU's Free Future blog has a post detailing the feds' arguments for allowing the Drug Enforcement Agency to access a massive database of phone calls maintained by ATT, apparently part of the "Hemisphere" program which was recently revealed in reporting at the New York Times. According to the civil liberties group:
The government relies on a 1979 case, Smith v. Maryland, to argue that people have no reasonable expectation of privacy in their phone records under the Fourth Amendment. But that case involved collection of just a few days’ worth of dialing information about a single phone. Hemisphere involves searching a database containing billions or trillions of phone records and analyzing individuals’ communications over an extended period of time. The Smith opinion simply can’t justify the kind of mass surveillance the government is engaged in now.The sweeping implications of court-created exceptions to the Fourth Amendment authored in Smith v. Maryland cannot be overstated in the wake of the technological revolution witnessed in the 21st century. Offering just a glimmer of hope on that score, computer security guru Bruce Schneier recently suggested that "the public/private surveillance partnership between the NSA and corporate data collectors is starting to fray. The reason is sunlight. The publicity resulting from the Snowden documents has made companies think twice before allowing the NSA access to their users' and customers' data."
Finally, Truthout published an interesting item by Michael Boldin, executive director of the Tenth Amendment Center, posting the question, "How can the states provide Fourth Amendment protection against the NSA?" Boldin suggests that states could rely upon a longstanding legal principle called the anticommandeering doctrine" to potentially thwart mass surveillance of Americans by the NSA. In essence, "This means the federal government cannot require a state to carry out federal acts. The federal government can pass a law and try to enforce it, but your state isn't required to help them." He thinks the doctrine "can have a significant impact on the NSA's ability to continue its mass-spying programs." Moreover, Texas and Utah, in particular, are in unique positions to influence these national programs because, in the middle of the last decade, the NSA maxxed out its growth potential in the Washington D.C. area, turning to those two states for expansion:
To get around the physical limitation of the amount of power required to monitor virtually every piece of communication around the globe, the NSA started searching for new locations with independent resources.
A location was chosen in San Antonio because of the independent power grid in Texas. The new Utah Data Center was chosen for access to cheap utilities, primarily water. The water-cooled supercomputers there require 1.7 million gallons of water per day to function.
That water is being supplied by a political subdivision of the State of Utah. Under the anticommandeering doctrine, Utah isn't required to provide that water.
No water = No NSA data center.Boldin's group has put forward model legislation (pdf) called the 4th Amendment Protection Act to forbid "material support, participation or assistance, to any federal agency which claims the power, or with any federal law, rule, regulation, or order which purports to authorize the collection of electronic data or meta data of any person(s) pursuant to any action not based on a warrant that particularly describes the person(s), place(s) and thing(s) to be searched or seized." I don't know how that suggestion would jibe with existing Texas law regarding provision of electrical power, but it's a bold and fascinating proposal. Argued Boldin:
This same process was used effectively by northern abolitionists in resistance to the Fugitive Slave Act of 1850. Today, states like Washington and Colorado are helping end the war on cannabis by refusing to comply with federal prohibition.
We should follow their courageous path against the NSA as well.