N a t i o n a l S e c u r i t y , T e c h n o l o g y , a n d L a w
A HOOVER INSTITUTION ESSAY
Modern-Day General Warrants and the Challenge of Protecting Third-Party Privacy Rights in Mass, Suspicionless Searches of Consumer Databases
JENNIFER LYNCH
Aegis Series Paper No. 2104
Today, more than ever, law enforcement has access to massive amounts of consumer data that allow police to essentially pluck a suspect out of thin air. Internet service providers and third parties collect and aggregate precise location data generated by our devices and their apps, making it possible for law enforcement to easily determine everyone who was in a given area during a given time period. Similarly, search engines compile and store our internet searches in a way that allows law enforcement to learn everyone who searched for specific keywords like an address or the word “bomb.” In addition, DNA is now amassed in consumer genetic genealogy databases that make it possible for law enforcement to identify almost any unknown person from their DNA, even if the unknown person never chose to add their own DNA to the database.Modern law enforcement officials very frequently conduct “suspicionless searches”—searches that are not based on individualized suspicion—on these computer databases. These searches can include the private information of millions of people unconnected to a crime on the mere possibility the police will find one person who is. Law enforcement justifies these searches by arguing that people voluntarily provide their information to third parties and agree to contracts that allow those third parties to share consumers’ data with others. They also argue that the individual data points exposed through these searches are, standing alone, not all that revealing or are de-identified. Therefore, they argue, the Fourth Amendment should not restrict access to the data.For the most part, courts are only addressing the privacy and civil liberties issues posed by these searches piecemeal through the criminal justice system. But by looking only at the data used to identify an individual defendant, society as a whole is missing a much larger looming problem: as we and our devices generate more and more data that is shared with
2
Jennifer Lynch • Modern-Day General Warrants
third parties, law enforcement now has relatively easy and inexpensive access to data that can identify and track
all
of us. Consumers would be surprised to know that their data is so readily accessible to law enforcement. However, as discussed below, it is almost impossible to opt out.There are currently few explicit legislative or judicial checks on these kinds of searches. That has left it up to third-party data collectors to push back. In some cases, this happens, to a certain extent. For example, in response to warrants for mass location data, it appears Google has shaped search protocols to try to protect accounts.
1
However, in other cases, disclosure may be subject to the whims of the data collector. Genetic genealogy company GEDmatch allowed law enforcement access to its clients’ DNA data for investigations that its founder personally felt were worthy,
2
while a similar company, FamilyTreeDNA, has welcomed law enforcement with open arms.
3
And location data brokers appear ready and willing to sell aggregated data to anyone able to buy it on the open market, including the government.
4
This article describes the problem of suspicionless searches of consumer databases, explains the threat that these searches pose to privacy interests, argues that the legal arguments put forth by law enforcement in defense of these practices are flawed, and suggests what should be done about the problem both in courts and in the legislature. The article focuses on three versions of these suspicionless searches: reverse location warrants issued to specific internet service providers (also known as “geofence warrants”); searches of de-identified location data generated by applications on a user’s device and aggregated by third-party data brokers; and forensic searches of consumer genetic genealogy databases. It will discuss the privacy implications posed by a lack of restrictions on access to the data and the challenges to developing and enforcing new restrictions. The article argues that these searches should be addressed on two fronts at once. First, for reasons I explain, suspicionless searches should be challenged as unconstitutional general warrants in the courts. And second, states and the federal government should pass laws explicitly limiting or banning police from using these technologies.
The Data, the Searches, and the Accompanying Privacy Concerns
The federal government and law enforcement have a long history of unrestrained access to large collections of data about or that can be linked to individuals. Much of this data in the past came directly from databases of public records collected by the government, such as driver, vehicle, and property records, as well as from law enforcement databases like arrest records. In general, these databases were not integrated with one another, and searching for information on an individual could be time-consuming. This created resource constraints and practical limitations on how many individuals could be investigated at any one time.
3
Hoover Institution • Stanford University
Over the past few decades, however, data aggregation by private vendors such as Palantir and Thompson Reuters and direct access to private consumer data has made database searches cheaper, easier to conduct, and quicker to produce results. In addition, the search results can offer insights—such as patterns of behavior and relationships among seemingly unconnected people—that individual law enforcement officers might not be able to identify on their own. All of this has increased the privacy ramifications of law enforcement database searches.Courts are only now starting to address these privacy concerns. In 2018 the Supreme Court in
Carpenter v. United States
, for example, held that the Fourth Amendment required a warrant for access to historical cell site location information (CSLI) held by phone companies. The three types of data discussed in this article—geofence data, aggregated app-generated location data, and genetic genealogy data—implicate privacy rights in several key ways that are similar to CSLI. First, they allow police access to “a category of information otherwise [and previously] unknowable”—data from people who were not under suspicion at the time the data was collected.
5
Second, the technologies circumvent traditional constraints on police surveillance power and make searches “remarkably easy, cheap, and efficient compared to traditional investigative tools.”
6
Finally, the data searched can be highly revealing. Location “provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’ ”
7
And DNA can tell us where in the world our ancestors came from, who we are related to, our physical characteristics, and whether we are likely to get a host of genetically determined diseases. In the future, as researchers learn more about genetics, our DNA will likely reveal even more.But these three types of data are also different from the CSLI at issue in
Carpenter
in three key ways: (1) consumers have tacitly or knowingly consented to share their data with third parties to a greater extent than CSLI (which is merely collected as a by-product of using a cell phone); (2) law enforcement does not need to start with an individual suspect or device when searching through the data; and (3) as a result of that, each search reveals or can reveal significant amounts of private and sensitive information, not just about a single individual under investigation, but also about lots of people who have no connection whatsoever to the crime. As discussed further below, these differences could require courts and legislatures to take a different approach in restricting police searches through the data.
Geofence Data
Geofence or reverse location searches allow law enforcement to identify all devices that were in a given area during a given time period in the past. Of the three types of searches
Reward Your Curiosity
Everything you want to read.
Anytime. Anywhere. Any device.
No Commitment. Cancel anytime.
