The Cyber Intelligence Sharing and Protection Act (“CISPA”) passed the House on Friday. Let’s assume that the Senate gets its act together and the President’s veto threat is as toothless as his 2011 NDAA threat. Would CISPA survive constitutional review? Specifically, would CISPA violate the Fourth Amendment?
Background of the Fourth Amendment, the Stored Communications Act, and Your Right to Do Naughty Things With Your Papers in Private
The prototypical Fourth Amendment protection is in the context of government-ordered searches and seizures. For example, when the police raid your house looking for drugs, they must have probable cause (typically expressed in a written warrant, signed by a judge).
However, the Fourth Amendment has also been held to protect other stuff than simply having your house invaded, including information (particularly communications) subject to a “reasonable expectation of privacy.”
What exactly is “reasonable”? Nobody knows, so we ask a bunch of lawyers.
In general, if you don’t want the government to get your information, it’s best to stay at home, only communicate via telephone from your home non-cellular phone, and send only letters through the Post Office (assuming the USPS still exists at the time of writing this article). If you must go outside to communicate, its best to do so in person, or in a telephone booth with the door closed.
If you want to use the internet for sensitive conversations, you should ideally own your own ISP, and communicate exclusively with yourself. If you find yourself wishing to divulge information to individuals other than your own alter-egos, it is much more difficult to keep this secret and to prevent it from being used at your trial.
This is because a bunch of lawyers (judges) have gradually come to the conclusion that, notwithstanding the Fourth Amendment, when you give your data or information to a third party, the government can sink its juicy teeth into it, because hey, if you let your buddy Big_Bank and its employees read it, why shouldn’t the government be able to get a copy too? This is called the “third-party records doctrine.”
In the case of your Google searches, for example, you have literally told Google’s servers (and the people who have access to those servers) about your desire, e.g., to purchase dungeon implements, erotic swings, and the communist manifesto. Therefore the traditional third-party doctrine might find that you simply didn’t have a reasonable expectation of privacy for these searches, and the government might be able to compel Google to turn over this data without a warrant (or they might voluntarily share it).
Now, Congress (other lawyers) has passed some laws with respect to email and certain other electronic communications.
Specifically, the Stored Communications Act (“SCA”) requires that the government have a warrant to obtain unopened emails less than 180 days old. Separately, the government is permitted to obtain opened emails and unopened emails older than 180 days with only a subpoena. The SCA also generally prohibits any disclosure of an internet subscriber’s personal information and communications to non-governmental third parties.
Complicating the matter , though, is caselaw. At least one circuit court of appeals has found that that just because a third party ISP has direct access to, or control over, your personal communications as an intermediary (AOL for example), it does not automatically mean government officials can demand such communications with only a subpoena even if authorized to do so by the Stored Communications Act. In United States v. Warshak, the Sixth Circuit found that “[g]iven the fundamental similarities between email and traditional forms of communication, it would defy common sense to afford emails lesser Fourth Amendment protection.”
Thus, in Warshak, the 6th Circuit found that a subpoena was insufficient under the 4th Amendment to overcome the internet subscriber’s Fourth Amendment reasonable expectation of privacy, even if such access was authorized under the Stored Communications Act. So Warshak says that if the government requests your emails, they need to have a warrant. However, this decision, while influential, only applied to the 6th Circuit (Lucky you Kentucky, Ohio, Michigan, and Tennessee).
Warshak does not explicitly address, though, whether Google might, totally voluntarily, search all of your email for specific threatening words, and turn over these emails to the government—just to be “helpful.” The court says only that “[t]he government may not compel a commercial ISP to turn over the contents of a subscriber’s emails without first obtaining a warrant based on probable cause.” Lucky for us, typically Google requires a warrant before it will turn over your emails.
Turn the page for CISPA!