INTERNET COMMUNICATION PRIVACY RIGHTS
New Jersey Law Journal
Volume 195, No. 11, Index 793
March 16, 2009
INTERNET COMMUNICATION PRIVACY RIGHTS -- EXISTING STATUTES AND CASE LAW REDUCE CONSTITUTIONAL PROTECTIONS
By Jonathan Bick Bick is of counsel to WolfBlock of Rose-land and is an adjunct professor of Internet law at Pace Law School and Rutgers Law School. He is also the author of '101 Things You Need To Know About Internet Law' [Random House 2000].
Internet communications necessitates sharing content and data with third parties. The voluntary transfer of such content and related data to third-party Internet communication facilitators reduces or eliminates First, Third, Fourth, Fifth and Fourteenth Amendment rights of Internet users. The technology and protocols use to enable Internet communications as interpreted by existing privacy statutes and case law further compromises Internet users' privacy and publicity rights. Both legal notices and technological techniques may be used to ameliorate this outcome.
While the Internet appears to be complex with a myriad of communication lines, it is not. The Internet is a relatively simple and redundant system which transmits data from one available computer to another using a procedure requiring that content and data be duplicated by third parties all along the way.
In particular, the Transmission Control Protocol (TCP) and the Internet Protocol (IP) which are required of all Internet communications and oblige all Internet messages be sent in a specific manner. All computers sending Internet messages must first enclose them in uniquely addressed digital envelopes, and send them to the gateway computer to be handed off to other networks. Each Internet computer handles each Internet message by copying and routing such encapsulated IP packets from network to network.
Historically, the American privacy doctrine is modeled upon real property concepts. Since the Fourth Amendment has been increasingly subject to codification, most modernization of privacy law is a function of legislative action. As a consequence, such changes are dependent upon politics rather than technological change. No such change has yet been implemented with respect to Internet privacy.
There is no explicit right to privacy in the United States Constitution. The Supreme Court has found several privacy interests including: the right of association contained in the First Amendment; the Third Amendment's privacy right of a home owner by its prohibition against the quartering of soldiers 'in any house' in time of peace without the consent of the owner; the Fourth Amendment explicitly affirms the privacy right of people with respect to their persons, houses, papers, and effects, against unreasonable searches and seizures; the Fifth Amendment's zone of privacy which government may not force him to surrender detrimental information; and the Fourteenth Amendment's application of privacy rights to the states. In short, the Supreme Court's findings are protections against all governmental invasions of life's privacies.
Just as there is no explicit constitutional right to privacy, there is no general privacy statute which requires electronic records held by third parties to keep such records private. Rather, the protection of such electronic records may be found due to a particular set of facts.
Two approaches to Fourth Amendment privacy protection are generally used. One approach equated unlawful requests for information with unlawful search and seizure. The other approach required physical trespass into a zone of privacy. Katz v. United States 389 U.S. 347 (1967). But the Katz court recognized that the 'Fourth Amendment protects people, not places. What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection. But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.'
In short, the Supreme Court has found that capacity to claim the protection of the Fourth Amendment depends upon whether the person who claims the protection of the amendment has a legitimate expectation of privacy in the invaded place. See Rakas v. Illinois, 439 U.S. 128, 143 (1978). However, a subjective expectation of privacy is legitimate if it is one that society is prepared to recognize as reasonable, according to Minnesota v. Olson, 495 U.S. 91 (1990).
Thus the privacy interest one retains in information transmitted to a third party is clear. Courts have found no reasonable expectation of privacy; they have highlighted factors evidencing consent. In Smith v. Maryland, 442 U.S. 735, 742 (1979), the Supreme Court found that there is no such expectation of privacy regarding the numbers dialed on a telephone because the telephone company was expected to access the information. Similarly in United States v. Simons, 206 F.3d 392 (4th Cir. 2000), the court found that an employee did not have a legitimate expectation of privacy with regard to his employer's record of his Internet usage.
Due to the Internet's system of transmitting data from one relatively available and local computer to another, using a protocol of transmission which require that content and data be duplicated by third parties all along the way, it may be argued that there is no reasonable expectation of privacy in Internet communications.
At least three courts have attempted to grant some Internet privacy on the grounds that some Internet privacy may be reasonably expected. See United States v. Maxwell, 45 M.J. 406, 417 (1996), which found that the tenor and content of the e-mail conversations between appellant and his correspondent suggested that they each had an expectation that the conversations were private. Similarly, the court in Warshak v. United States, 490 F.3d 455, (6th Cir. 2007), found a reasonable expectation of privacy in e-mail communications after narrowing the inquiry to identify the party with whom information was shared or from whom information was shielded, and the precise information actually conveyed. Also, the court in United States v. Heckenkamp, 482 F.3d 1142, 1147 (9th Cir. 2007), found that a student had a reasonable expectation of privacy in information he transmitted over the university's network insofar as there was no announced monitoring policy.
In Berger v. New York, 388 U.S. 41 (1967), the court defined the procedural safeguards necessary to protect the privacy interest. In particular, once a user establishes such a reasonable expectation of privacy, the inquiry shifts to whether the statute at issue sufficiently protects that right to privacy. To date, no such shift has occurred.
The Electronic Communications Privacy Act of 1986 (ECPA), 18 U.S.C. §§2510-2521, 2701-2711, 3121-3127 (2006), extends government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer. However, ECPA only protects wire, oral and electronic communications while in transit. Internet communication technology and protocols mandate that Internet messages stop and be stored multiple times en route, thus eliminating the application of ECPA to Internet communications.
To overcome some of the difficulties inherent in Internet communications, both technological and legal options are available. Both options attempt to either limit the amount and change the nature of content and data available to third parties or change the privacy expectation by using notice.
First an Internet user may employ legal notices to change the expectation of privacy with respect to the Internet communications. In particular, an Internet user may embed a notice in the communication putting a third-party recipient on notice that the communication is privileged, proprietary or confidential and that the third party should treat it as such. Just as it is important to place a notice on a fax cover sheet, it is important to use technology to ensure that the notice appears prior to allowing a third party access to the Internet communications data or content. The use of data formatting to prevent deep linking can be employed to force a third-party reader of an Internet communication to view the beginning of an Internet communication before being able to access any other part.
Next an Internet user may use technology to limit a third party's access to the content of the communication. For example, a privileged, proprietary or confidential Internet communication may be sent as an attachment. The disclaimer in the body of the e-mail might then read: 'The attachment to this e-mail may be privileged, proprietary or confidential. Do not open it. It is intended only for the e-mail recipient noted above. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you may not disclose, copy or distribute this transmission or take any action in reliance on it.'
Additionally, the communication may be password protected or encrypted. Rather than using exclusively random public Internet communication servers, an Internet message may be sent using some private or specified Internet communication servers.
Since technological developments outpace the rate of legal evolution, digital networks can no longer be wiretapped like analog phone systems. Future legislatures are likely to enact laws which prohibit governmental entities' access in counterintuitive ways, especially where the parties involved, the content and the nature of the communication are unknown. However, currently such is not the case.