What is a Reasonable Expectation of Privacy Anymore?

Any law student or attorney cannot help but remember the seminal U.S. Constitutional law case of U.S. v. Katz. In Katz, the Supreme Court of the United States famously held the FBI could not bug a telephone booth (remember those?) in order to secure evidence.  In this case, the evidence comprised an audio recording one side of a telephone call in which Katz was placing a wager.  In holding the recording evidence inadmissible, Justice Stewart said, “The Government’s activities in electronically listening to and recording the petitioner’s words violated the privacy upon which he justifiably relied while using the telephone booth and thus constituted a ‘search and seizure’ within the meaning of the Fourth Amendment.” In short, the Court established that, regardless of the location, a conversation is protected under the Fourth if the conversation is carried out with a “reasonable expectation of privacy.” To establish a reasonable expectation of privacy, an individual must establish two things:

  • That she had a subjective expectation of privacy; and
  • That the subjective expectation of privacy is one that society is prepared to recognize as reasonable.

This “reasonable expectation of privacy” has become the standard by which so many privacy cases are assessed.  To be sure, the words themselves have become part of the privacy lexicon, far beyond the legal context. U.S. v. Katz is over 40 years old (as evidenced by the phone booth).  So, what is a reasonable expectation of privacy today? What does society recognize as reasonable?  How do we as attorneys, businesses or consumers determine what is reasonable in view of so many variables in daily life?  One variable, technology, has probably impacted what one person can reasonably claim to be private more than anything else.  Electronic messaging is only one area that raises lots of questions.  When you send an e-mail or text, can you really have an expectation of privacy over it anymore? Do you expect your e-mail to be read by anyone other than the recipient?  Is that reasonable?  Let’s see.

First, we already know Google (as disclosed in its terms of use) and other free Internet e-mail providers use algorithms or other methods to study the content of your message to later send targeted advertisements to you.  Ever wonder why, after you have been e-mailing your grandmother about your new puppies, that you start getting ads for chew toys and dog food in the panels on the left and right of your inbox?  This is part of the “enhanced experience” so much technology promises.  This is part of an ongoing privacy transaction.  You give up something to get something.  For free e-mail, is it reasonable for you to think you have no expectation of privacy over the content of your messages? The overwhelming number of free e-mail users would probably say it is a reasonable trade.   Regardless of what they would say when asked, their behavior in continuing to use such free services expresses a value for the privacy of the message.

Secondly, what about the Government?  Current law, specifically the Electronic Communications Privacy Act (“ECPA”) authorizes law enforcement agencies to read your messages “held in electronic storage”, such as the servers of Internet service providers.  The “electronic communication” means any “transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce.”  So, your e-mails, text messages, and yes, even Instagrams, can be read by any law enforcement agency after those messages have been held in “electronic storage” longer than 180 days. This can take place without your knowing and even without a warrant.  This is totally legal and was in the news last fall when invoked as part of the General Petraeus matter.  To make it even more interesting, the U.S. Senate is currently is debating whether to amend the ECPA so that law enforcement agencies can have immediate access to e-mails stored on an ISP server.  There are also attempts to add a warrant requirement and notice requirement to the e-mail user, but it remains to be seen if they will survive the legislative process.

Thirdly, let’s not forget people.  Under the law, without a specific relationship with a person (your doctor, pastor  or lawyer), when you disclose information even to one other person, you no longer necessarily have an expectation of privacy.  You may send a message to one person, but the difference in e-mail and texts versus a phone call is that the private information in that message are permanently affixed in a medium—and can be forwarded, posted, or otherwise quickly retrieved and mass communicated.  Everyone knows this now, right? This is why we tell our kids (and clients) if you don’t want it out there forever for the world to see, do not send it in e-mail or text, etc., etc.  This is to say nothing of the individual value for privacy the recipient of your e-mail may have, in general and at the current time.  Teen agers might have less than grandparents. Lawyers might value it more than entertainers.  The recipient was your friend when you sent the message, and now he is not.  All of this impacts what reasonable expectation of privacy a message sender may have.

All this together can make someone throw their hands up and just agree with Scott McNealy (former Sun Microsystems CEO) and his famous comment in 1996, “You have no privacy, get over it.”  It’s a fair question.  Do cynicism and low expectations of businesses, the government and people, in general, make an expectation of privacy irrelevant anymore?  Should you just give up?  When a product like Google Glass comes out, is privacy just over?

Well, I think privacy still starts with the individual and the choice one can make to disclose or not disclose.  It really is, and always has been, the only gate left to exercising and attempting to establish one’s reasonable expectation of privacy.  And, as evident in the consumer push back on the ECPA and the numerous cyber-revolts we have seen to companies changing their privacy policies to take more of your information (Facebook, Instagram, etc.),  I think businesses and even the government understand it is in their best interest to value what their customers value.  Even Google’s CEO  has said he does not know where Google Glass will go, deferring to the developers and the customer as to where does cool technology end and a creepy invasion of privacy begin.  And that is the constant balancing act of privacy.  For me, I think the individual still holds a lot of power is establishing a reasonable expectation of privacy.  The individual just needs to continually exercise that expectation in her choice, consent and ongoing behavior.  Any business, government or person that wants to establish a relationship with the individual (selling products, getting re-elected, or having a friend, respectively) should understand that.


Posted by Scot Ganow
Data Security
June 3, 2013