The Fourth Amendment in A Networked World:
Jonathan Zittrain has posted a response at the Harvard Law Review Forum to my recent article on computer searches and seizures. I thought I would blog some thoughts about Zittrain's thoughtful essay, and the broader topic of computer search and seizure law.
Zittrain's response, Searches and Seizures in A Networked World, argues that the topic and approach of my article has been "overtaken" by recent events. While my article concerns the retrieval of evidence from personal computers, Zittrain contends that the real action these days is in the network context. That's true for two reasons, Zittrain suggests. First, concerns about terrorism are now of primary importance in light of the Patriot Act, the expanded use of National Security Letters, and the NSA domestic surveillance program. Second, more and more information is being stored on networks. He then argues that principles I articulate in the context of personal computers may not provide enough Fourth Amendment protection as applied to the network context, especially in light of news such as the NSA domestic surveillance program.
I very much appreciate Professor Zittrain's response, and wanted to offer two arguments in return. First, I agree with Professor Zittrain that network surveillance issues are critically important. Indeed, I wrote my article only after completing a series of articles on network surveillance law, including on the role of the Patriot Act (see here, here, here, and here). At the same time, the importance of network surveillance law — and its high profile in the news recently — shouldn't overshadow the continuing importance of the legal rules regulating retrieval of evidence from personal computers.
Personal computer searches will maintain their critical importance in computer crime cases for two very practical reasons. First, no matter how much people store information remotely as a general matter, they tend to keep evidence of crime and digital contraband close to home. Second, it is quite difficult for the government to prove a case beyond a reasonable doubt based solely on evidence obtained from a network. You never know who had acccess to the network, or when, or whether the account was hacked or stolen. As a result, nearly every computer crime case ends with a retrieval and search of the suspect's personal computer(s). Finding evidence of the crime on the suspect's personal computer is damning evidence, quite persuasive to a jury. As a result, even if lots of the action happens at the network surveillance level, most investigations still end up with a personal computer search.
Second, Professor Zittrain may be right that the approach I offer in my article may not provide a satisfactory solution to answer how the Fourth Amendment should apply to networks. But I don't think that is necessarily a flaw: Fourth Amendment rules are quite localized, and it's not clear that the same principles should apply to both contexts. More broadly, I think we need to recognize that the question of how the Fourth Amendment should apply to computer networks is remarkably difficult. Or at least it is difficult to me: I have been thinking about this question for years, and have only been able to bite off small bits of the problem so far. My first effort to write an article on how the Fourth Amendment should apply to computer networks turned into a piece on the Fourth Amendment and technological change (see here); my most recent effort has morphed into a draft about the nature of Fourth Amendment protection more generally. My uncertainty is such that when it looked like the Eighth Circuit might touch on when e-mails get Fourth Amendment protection, I wrote an amicus brief exploring the arguments on both sides without taking a position of my own.
In the end, I think Professor Zittrain and I agree on the broad point: my article is only one small piece of a broader set of important questions and issues. I think my article covers a small but important set of questions reasonably well, but it's only the beginning of lots of work ahead.
Zittrain's response, Searches and Seizures in A Networked World, argues that the topic and approach of my article has been "overtaken" by recent events. While my article concerns the retrieval of evidence from personal computers, Zittrain contends that the real action these days is in the network context. That's true for two reasons, Zittrain suggests. First, concerns about terrorism are now of primary importance in light of the Patriot Act, the expanded use of National Security Letters, and the NSA domestic surveillance program. Second, more and more information is being stored on networks. He then argues that principles I articulate in the context of personal computers may not provide enough Fourth Amendment protection as applied to the network context, especially in light of news such as the NSA domestic surveillance program.
I very much appreciate Professor Zittrain's response, and wanted to offer two arguments in return. First, I agree with Professor Zittrain that network surveillance issues are critically important. Indeed, I wrote my article only after completing a series of articles on network surveillance law, including on the role of the Patriot Act (see here, here, here, and here). At the same time, the importance of network surveillance law — and its high profile in the news recently — shouldn't overshadow the continuing importance of the legal rules regulating retrieval of evidence from personal computers.
Personal computer searches will maintain their critical importance in computer crime cases for two very practical reasons. First, no matter how much people store information remotely as a general matter, they tend to keep evidence of crime and digital contraband close to home. Second, it is quite difficult for the government to prove a case beyond a reasonable doubt based solely on evidence obtained from a network. You never know who had acccess to the network, or when, or whether the account was hacked or stolen. As a result, nearly every computer crime case ends with a retrieval and search of the suspect's personal computer(s). Finding evidence of the crime on the suspect's personal computer is damning evidence, quite persuasive to a jury. As a result, even if lots of the action happens at the network surveillance level, most investigations still end up with a personal computer search.
Second, Professor Zittrain may be right that the approach I offer in my article may not provide a satisfactory solution to answer how the Fourth Amendment should apply to networks. But I don't think that is necessarily a flaw: Fourth Amendment rules are quite localized, and it's not clear that the same principles should apply to both contexts. More broadly, I think we need to recognize that the question of how the Fourth Amendment should apply to computer networks is remarkably difficult. Or at least it is difficult to me: I have been thinking about this question for years, and have only been able to bite off small bits of the problem so far. My first effort to write an article on how the Fourth Amendment should apply to computer networks turned into a piece on the Fourth Amendment and technological change (see here); my most recent effort has morphed into a draft about the nature of Fourth Amendment protection more generally. My uncertainty is such that when it looked like the Eighth Circuit might touch on when e-mails get Fourth Amendment protection, I wrote an amicus brief exploring the arguments on both sides without taking a position of my own.
In the end, I think Professor Zittrain and I agree on the broad point: my article is only one small piece of a broader set of important questions and issues. I think my article covers a small but important set of questions reasonably well, but it's only the beginning of lots of work ahead.