This post is going to argue that we should slightly revised how we think about the legal principle that guarantees us privacy.
As I’ve explained before, the primary privacy guarantee we have is the Fourth Amendment, which protects us from “unreasonable” state-initiated searches and seizures.
The protection created by the Fourth Amendment, like the protections created by the other provisions of the Bill of Rights and other laws, are usually referred to as “rights.”
In this post, I want to argue that it the protection the Fourth Amendment gives to our privacy is more properly understood as a “privilege” than as a “right.” According to Black’s Law Dictionary, a “right” is “[s]omething that is due to a person by . . . legal guarantee”, while a privilege is an “exemption” or “immunity” granted to a person.
Rights and privileges both give us certain types of protection, but the dynamic involved differs. When I have a “right” to something, I expect the government to see that I get it. So I have a constitutional right to due process in a criminal trial or in an administrative proceeding dealing with my right to, say, unemployment benefits. Since I have a right to due process, it’s up to the government to see that I get it; if the government defaults on that obligation, I can sue to obtain redress for that default. But basically, when a right is involved my role is passive; I expect the government will give me what I am entitled to.
When I have a privilege – like the Fifth Amendment privilege against self-incrimination – I have, as Black’s Law Dictionary notes, an immunity that protects me from being compelled to do something the government wants me to do. So if a federal prosecutor subpoenas me in front of a grand jury and starts asking me about my (purely hypothetical) criminal activity, I can invoke my Fifth Amendment privilege and refuse to answer. I have to invoke the privilege, though; it’s not up to the prosecutor to take care of that for me.
Let’s get back to the Fourth Amendment as creating a privacy privilege. Why do I think it may make sense to treat that constitutional guarantee as a privilege, instead of as a right (which is the way it’s usually interpreted)? I think it makes sense because, as I wrote in a law review article, privacy is conceptually more analogous to the privilege against self-incrimination than it is to the right to have due process. Privacy is inherently an oppositional concept; it doesn’t exist in the abstract. When I’m concerned about privacy, I’m concerned about shutting other people out of certain aspects of my life . . . which is why I draw the drapes at night and shower in a room where the glass in the window is frosted.
As a matter of practice, then, we already treat privacy as a privilege, not a right, and we do that because it makes sense. It makes sense to make the state responsible for providing counsel and other procedural protections to defendants in criminal cases because the state controls the adjudicative process. It would not be “reasonable” to make the state the arbiter of privacy because privacy is not something in which the state has a vested interest; indeed, privacy is in many respects antithetical to the state’s interests since, if nothing else, the limitations imposed by privacy make it more difficult to investigate and prosecute crimes.
I think the Supreme Court has already at least implicitly recognized that the Fourth Amendment operates like a privilege, not a right. In the Katz case, which I’ve talked about in several posts, the Supreme Court implicitly recognized that Fourth Amendment privacy is a privilege and that the specific scope of that privilege must come from the people. Like evidentiary privileges, the contours of the “privacy privilege” are derived by balancing evolving societal expectations of privacy against the state’s interest in information-gathering.
The Katz Court made it clear that the “privacy privilege,” like the Fifth Amendment privilege, must be invoked to be effective when it held that “[w]hat a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection. . . . but what he seeks to preserve as private, even in an area accessible to the public, may be . . . protected.” So if you’re going to grow marijuana in your bedroom, you’d better close the blinds; if you don’t, you can’t complain that your Fourth Amendment privacy was violated because police officers saw the plants and got a warrant to come get them. By not closing the blinds or blacking out the windows, you failed to invoke your privacy privilege.
We’re pretty good at invoking the Fourth Amendment privacy privilege in the real-world. We know how to close blinds and frost windows and have conversations we don’t want the world to know about in rooms with closed doors (that have maybe been swept for bugs). Cyberspace is where the invocation of the privilege really becomes problematic.
One could argue that the privilege should not apply to cyberspace because cyberspace isn’t a “place”, and privacy has traditionally been about places (the home or office, as the Katz Court noted). Cyberspace is a persistent, synchronous and asynchronous experiential phenomenon we conceptualize as a “place” because we have no other appropriate analogy. The fact that it isn’t a physical place is, however, irrelevant when it comes to the applicability of the privacy privilege. As I explained in an earlier post, the Supreme Court recognized over a century ago that we have a Fourth Amendment expectation of privacy in sealed letters we send through the mail; and in Katz, it recognized that we have a similar expectation of privacy in the content of our telephone calls. So since the Fourth Amendment privacy privilege applies to the contents of communications, it by extrapolation also applies to cyberspace, which is a more or less transient aggregation of digital communications.
That brings me to the issue I noted above: We’re pretty clear on how to invoke the privacy privilege in the physical world, but a little shaky on how to invoke it in the cyberworld. It seems to me we tend to think of privacy in the online world as a right; we expect the government to stay out of our online activity. I suspect most of us don’t think about the need to invoke privacy when we’re online, and maybe wouldn’t know how to invoke it if we did think about it.
This is where the notion of privacy as privilege comes in: The Supreme Court should make it clear that, unlike the home, this is not a context in which the privacy privilege presumptively applies; the Court should make it clear that the Fourth Amendment does not protect computer-mediated communications unless the parties to the communications affirmatively and effectively invoke the privacy privilege. One virtue of this approach is that emphasizing invocation gives courts a standard they can use to parse the varieties of computer-mediated communication; privacy cannot encompass communications unless the parties took steps to ensure that they remained private, unless they closed the blinds. The parties might rely on encryption, on the use of private, password-protected areas or other measures; they would not, however, be able to claim the protections of the Fourth Amendment if they did nothing to preserve the privacy of the communications at issue.
A court would, therefore, reject someone’s claim that she had an expectation of privacy in messages she posted on a publicly accessible website because there was no invocation of the privilege; the messages could be read by anyone. If the messages were posted to a Facebook wall, the court would have to determine if the wall belonged to a public group, a private group or an individual; if the wall belonged to a private group or individual, the court would then have to determine whether the subscribers had taken measures sufficient to limit access to the wall and thereby invoked the “privacy privilege.”
And what about emails? As I explained in an earlier post, they can be analogized to postcards because emails can be read by employees of the system(s) though which they are transmitted. In holding that we have a Fourth Amendment expectation of privacy in letters, the Supreme Court relied on the fact that he invoke the privacy privilege by sealing the letters in an opaque envelope; it noted we have no such expectation of privacy in postcards, because they can be read by anyone involved in their delivery. Encrypting emails would therefore invoke the privacy privilege; the more difficult question is whether any thing less than encryption should serve to invoke it.
In my humble opinion, a virtue of this approach is that by putting the burden of establishing a cognizable privacy interest on the individual, it gives individuals control over the extent to which their activities are shielded by the privacy privilege. This is consistent with Katz’s risk-analysis, e.g., its premise that “what a person knowingly exposes to the public . . . is not a subject of Fourth Amendment protection.” It should also put people on notice that those who employ the communication opportunities in cyberspace without taking steps to ensure their privacy assume the risk that their communications will be read by outsiders, including law enforcement officers.
That, in turn, should encourage people to take steps to invoke the privacy privilege with regard to communication in cyberspace -- to develop technology that can be used to invoke the privacy privilege in this context. And since cyberspace is an artificial construct, it should prove easier to do this than to counter surveillance technologies in the real-world.