Yesterday (May 13, 2020) the Senate failed–by one vote–to pass an amendment to a bill reauthorizing a portion of the Patriot Act (Section 215) which permits the government to collect “any tangible thing” without a warrant. This includes not only books and paper documents, but also any electronic data, such as information collected from cell phones and internet browser histories. The amendment would have made it illegal for the government to access such electronic data without a warrant. If Section 215 is ultimately reauthorized without any such amendment, pundits posit, the government will be able to legally collect all of this electronic data from any individual without a warrant (i.e., regardless of whether there exists probable cause for believing that the person has committed a crime).
But is this really true? Does Congress have the authority to pass such a law? Sara Morrison, in an article for Vox.com regarding the failure of the privacy amendment to pass, seems to think so:
The vote was for an amendment to the controversial Patriot Act, which would have expressly forbidden internet browsing and history from what the government is allowed to collect through the approval of a secret court. Currently, there is no such provision, which means there’s nothing stopping the government from doing so. The government has an established history of using this method to collect certain types of data about millions of Americans without their knowledge.
But the fact that there is nothing in the Patriot Act to forbid the government from collecting this data, or the fact that it has been doing it for a long time, misses the point of the question regarding the legality of this practice. The only question that really needs to be answered is whether the U.S. Constitution allows the government to engage in warrantless data collection.
Both the Patriot Act and the Foreign Intelligence Surveillance Act (FISA) provide broad powers to the government to collect information from individuals without a warrant for the purpose of gathering foreign intelligence to combat espionage or terrorism. When the government is collecting the electronic data of non-resident aliens, it seems pretty clear that no warrant is required, since such persons generally are not entitled to Fourth Amendment protections. See United States v. Verdugo-Urquidez, 494 U.S. 259, 261 (1990) (holding that Fourth Amendment protection against unreasonable searches and seizures is not extended to nonresident aliens). But when the government is searching and seizing the property of citizens and legal residents of the United States, and there is no probable cause for believing that such individuals have engaged in any sort of criminal activity, the Fourth Amendment is (and should be respected as) a firm blockade against this kind of governmental intrusion.
Although lower federal courts have struck down portions of both the FISA and The Patriot Act, the United States Supreme Court has never done so. To put a finer point on it, no Fourth Amendment challenge to these laws has ever been heard by the Supreme Court. However, in 2018 the high court answered the question pretty clearly (in my opinion) in Carpenter v. United States, 138 S. Ct. 2206 (2018), a 5-4 decision penned by Chief Justice Roberts and joined by the Court’s four liberal justices. There, the government obtained the defendant’s historical cell-site location information (CSLI) from the defendant’s wireless carriers, without a warrant (CSLI is the time-stamped record of a phone’s location created each time the phone connects to a cell site). The Court ruled that the government’s data collection violated the Fourth Amendment because the acquisition of the information from the wireless carriers constituted a search. The Court stated that the defendant had “a reasonable expectation of privacy in the whole of his physical movements,” Id. at 2219, which is important because it underscores the point that our Fourth Amendment protections are not confined to our homes or businesses. To paraphrase the immortal Ralph Waldo Emerson, they go with us wherever we go (See Self-Reliance). The Court also expressly stated that the fact that the government got the data from third-party wireless carriers made no difference. In other words, the government cannot use a conduit to shield itself from the procedural mandate of the Fourth Amendment; ie., obtaining a warrant.
It is important to note that the Court made clear that its decision was narrow, and specifically stated that it did not apply to “other collection techniques involving foreign affairs or national security.” See Carpenter at 2220. So the decision clearly does not apply to searches and data collection obtained under FISA or The Patriot Act. But that’s fine, because that’s not what we’re talking about here. The question I presented in this article is not whether the government can spy on foreign individuals or persons plotting acts of terrorism. In such cases, however, one would think that it would be pretty easy to meet the low threshold required to show probable cause.
A notable exception, as repeatedly recognized by the Supreme Court (including in Carpenter) is when there are “exigent circumstances.” This means when there is an emergency and there is no time to obtain a warrant (think every action movie or TV show you’ve ever seen about police racing against the clock to find and disarm a bomb). But this too misses the mark. The question presented here is whether the government can collect electronic data from ordinary citizens who are not under investigation for terrorism or other criminal activity (you know, “just because”). The answer, in my opinion, is a resounding NO. Neither FISA nor the Patriot Act can be used as a “phishing expedition,” to see if someone may be engaging in criminal activity. It’s not supposed to work that way in this country. We don’t go looking unless we have reason to look. And mere curiosity is not a reason.
All of this has become even more important in light of the recent events surrounding the COVID-19 pandemic, which is being exploited to deploy a new system of “contact tracing,” essentially a new means of digitally tracking individuals who have tested positive for the virus or who have been exposed to it. The fear is that it will be used for much more than to simply protect public health, and that fear, I believe, is well-founded. It has been reported that Apple/Google/Samsung etc. will be automatically installing these contact tracing apps on our smartphones, and there will be no way to opt out without rendering the phone unusable. If that is true (and I don’t have sufficient verification to prove that it is, at least in all cases), then that would be horrendous, but not unconstitutional. There is nothing in the Constitution that prohibits private corporations from collecting data, only the government. If, however, this information is provided to the government without the consent of the users, I feel quite strongly that it would constitute a Fourth Amendment violation (remember that Carpenter said that you can’t get around the Fourth Amendment by simply getting the data from a third-party carrier).
If, however, there is an “opt in” notice that is clearly communicated to the smartphone user that explicitly states that the user consents to this data being shared with governmental entities, then the Fourth Amendment’s warrant requirement probably disappears. The police don’t need a warrant if you open the door and consent to them searching your house. So the lesson here is simple: just don’t open the door. But in an increasingly data-dependent world, keeping the door closed may not be so easy.