No Fourth Amendment Protection in E-Mail Addresses, IP Addresses, Ninth Circuit Holds:
Commentators and Congress have long assumed that government surveillance of non-content "header" information like e-mail addresses and IP addresses, typically done by a service provider, do not violate a Fourth Amendment "reasonable expectation of privacy." Today the Ninth Circuit became the first court to hold this directly in United States v. Forrester.

  My major concern with this opinion is that, unless I'm missing something, the opinion does not actually say how the surveillance occurred. The Court states that the government used "a pen register analogue on [the defendant]'s computer" to collect the IP address, to/from e-mail addresses, and total volume transferred. But the reader is left guessing what that means.

  Consider two possibilities. The first possibility is that the government served the order on the ISP, and that the information was collected at the ISP. If so, the analogy to Smith v. Maryland is really clear, and the result in Forrester is clearly correct. The second possibility is that the Court meant what it said literally: the government installed a pen register analogue "on [the defendant's] computer," which seems to suggest some kind of surveillance device actually inside the person's machine. If that's right, I tend to think this is a different case. At that point the facts become a lot more like United States v. Karo, the locating device case, where the use of a surveillance device inside the home was held to be a search.

  So which one of these sets of facts occurred? We don't know, as best as I can tell, and without knowing I find it hard to tell if I agree with the decision. More broadly, it will be hard for other courts to know what to make of the precedent: Is the court saying that the government can remotely install a surveillance device on your personal machine so long as the information collected doesn't implicate a reasonable expectation of privacy? Or are they only saying that the provider can collect that information from inside the provider's network on the government's behalf?

  Maybe I'm just missing the part of the opinion that explains this? If so, please let me know in the comment thread. And thanks to Terry Edwards for the link.

Related Posts (on one page):

  1. Amended Opinion in Forrester:
  2. Can the FBI Install Spyware on Your Computer Without A Warrant?:
  3. No Fourth Amendment Protection in E-Mail Addresses, IP Addresses, Ninth Circuit Holds: