Mark Rasch, a former DOJ lawyer back in the early 1990s, has an essay up at SecurityFocus (reprinted in The Register) on why he thinks the recent dog sniff case at the Supreme Court will “have a profound impact on privacy rights online” and give a green light to the invasive use of Internet wiretapping devices. I think Rasch is wrong, and thought readers might be interested in why this recent decision won’t change the law of Internet surveillance in the way Rasch suggests.
In the dogsniff case, Illinois v. Caballes, the Court reaffirmed a 1983 case, United States v. Place, which had held that using a trained dog to sniff the outside of a car for the smell of narcotics doe not constitute a search. In the new case, the Court distinguished a 2001 case, Kyllo v. United States(aka the thermal imaging case), on the ground that the information disclosed by the use of the dog was only the existence of narcotics — something that is illegal to possess. In my prior post, I explained that this is a troubling rationale for the Court to use, albeit one largely driven by Kyllo itself: by focusing on what the surveillance reveals rather than how it is conducted, Caballes may permit invasive searches of personal property so long as they only reveal the presence of drugs or other contraband.
In his essay, Rasch argues that Caballes will change Internet surveillance practices and the use of packet sniffers:
The same reasoning could easily apply to an expanded use of packet sniffers for law enforcement.
Currently, responsible law enforcement agencies limit their warrantless Internet surveillance to the “wrapper” of a message, i.e., e-mail addresses or TCP/IP packet headers, unless they have a court order permitting a more intrusive search. Looking at the “outside” of the communication has been treated as similar to looking at the outside of a vehicle — and maybe peering into the window a bit. To peek inside the communication — read the content — required that you first get someone in a black robe involved.
The experiences of Mr. Caballes (the soccer mom, or me or you ) changed all that. The government is practically invited to peek inside Internet traffic and sniff out evidence of wrongdoing. As long as the technology — like a well-trained dog — only alerts when a crime is detected, it’s now legal.
As context-based search technology improves, the government may soon have the ability to take Carnivore one better and deploy “intelligent” packet search filters that will seek out only those communications that relate to criminal activity. They may already have it.
Although these packet sniffing dogs sniff the packets of sinner and saint alike, they only bark at the sinner’s e-mails. Thus, according to the new Supreme Court precedent, the sinner has no privacy rights, and the saint’s privacy has not been invaded. In fact, the saint would not even know the search had taken place — Internet surveillance is less noticeable than a dog sniff.
Rasch’s analysis is incorrect, I think. The primary reason is that the relevant law governing Internet surveillance is statutory, not constitutional. The key laws here are the Wiretap Act, 18 U.S.C. 2510-22, and the Pen Register statute, 18 U.S.C. 3121-27. These statutes were applied to the Internet in 1986 to protect Internet communications in light of substantial uncertainty as to whether the Fourth Amendment protects Internet communications at all. Caballes doesn’t change any of these statutes: it merely offers one additional argument (among several) as to why the Fourth Amendment itself may not offer robust privacy protections online. We know that already, though; that’s why Congress created the statutory regime in the first place.
Second, Rasch is incorrect that existing law treats the packet headers of Internet communications as “outside wrappers,” and analogizes accessing contents to “peering in the window” of communications. To be honest, I am not quite sure where he is getting this; I have never heard this before. In any event, the benefit of statutory protections is that it need not rely on analogies to the physical world; the law can simply protect what needs protecting. So, existing statutory law distinguishes between the “contents” of communications (like the message in an email) and “dialing, routing, addressing, and signalling information” (like an e-mail address) on the theory that addressing information is less private than substantive contents of communications. Again, this line is unchanged by Caballes.
Finally, Rasch refers to the possibility of “intelligent packet search filters that will seek out only those communications that relate to criminal activity,” and speculates that the government “may already have it.” The reasoning of Caballes doesn’t seem relevant to that kind of tool, however: its rationale seems tied to the fact that drugs are contraband (items illegal to own that can be seized by the government), not mere evidence of crime. Because a hypothetical tool that detects criminal activity would do more than simply alert to the presence of contraband, I don’t think its legality would be changed by Caballes.
Comments are closed.