Over the past few years, data privacy has become a growing topic in business and society at large. The legal system has had to make some difficult decisions surrounding different cases that have garnered a lot of publicity. Many of the plaintiffs have been large technology companies such as: Google, Apple, and Microsoft. Law enforcement agencies have been working to use private consumer data for evidence purposes, but have received pushback from these corporations. Consumers have taken sides as well, offering their input as to what data should and should not be turned over to law enforcement agencies.
To understand the context of the cases, one must understand how data and technology coincide with one another. After a piece of technology is purchased, the consumer has the option to back their data up to a hard drive, usually on a desktop, or on to the “cloud.” The cloud is a network of servers where personal data is kept. Each technology company has their own cloud servers where users can back up their information to the cloud if they do not want to take up memory on their devices.
Law enforcement agencies cannot simply ask for cloud data from any technology company; there must be necessary steps in which they can obtain it. One important factor that determines collecting data is the difference between content and non-content data. Non-content data consists of names, emails, IP addresses, and more basic information. This information can be attained by law enforcement agencies giving a company a subpoena. Content data goes into greater depth, and consists of email contents and similar information. In order for a law enforcement agency to obtain content data, they must provide a warrant to the company. While there have been different legislations passed in regards to data privacy, the United States Constitution best represents the individual’s rights when it comes to privacy.
The individual’s (U.S. citizen’s) right to privacy is clearly outlined in the Fourth Amendment of the United States Constitution, stating “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” This outlines that no U.S. citizen’s privacy will be searched under unreasonable circumstances. The only instance in which one’s privacy may be breached is when there is probable cause, or reason to search someone’s belongings, home, or private information. This Amendment translates into the 21st century with the introduction of personal, digital technology and private data. Private data falls under the category of “effects,” as written in the Amendment and is thus liable to search and seizure with a “Oath or Affirmation.” (Meiners, 2016)
One of the most prominently reported-on instances was in March of 2016, when Apple refused to access the encrypted iCloud (phone’s backup drive) account for terrorists’ phones. This led to an FBI case that sparked national controversy. In the “Apple vs. the FBI” case of 2016, investigators believed that the information within the terrorists’ phone accounts would help the FBI figure out contacts who were involved in the shooting, and to where the shooters had fled. Apple cited two reasons as to why they did not want to comply. The first was they did not have the capabilities to access encrypted cloud data, due to privacy agreements between the consumer and the company, and because they do not have the proper coding to enter someone’s personal iCloud account. Weeks later, the FBI claimed they had found resources that could bypass security measures which allowed access into the iCloud accounts. Apple released a statement explaining that their technological structure does not allow for the company or anyone else to have access to private content data. The second was that helping break into this phone would mean that other countries would ask to have civilian iCloud information available, and Apple would most likely have to comply since they had complied with US law enforcement agencies. (Apple, 2016) There are a number of countries that Apple does business with that do not have explicit privacy laws for the individual. Consumer relations have been noted as a concern for technology companies. As any business knows, maintaining trust and loyalty between brand and consumer is key to successful business. If that trust becomes broken because of governmental affairs, tech companies could see a significant decrease in sales. Technology companies cite that privacy breaches would open up the floodgates for governments to peruse whatever information their citizens have. There is a level of discomfort knowing that governments could have the authority that has been recognized in the United States, and around the world. The important aspect of this debate is understanding what exactly law enforcement agencies would or would not be able to view.
Fitbit has recently been recognized in a criminal case for their restrictive policies. In December of 2015, a woman was fatally shot in her Connecticut basement while her husband claimed he was tied up upstairs while attackers took his money and belongings before shooting they shot his wife. As more details surfaced, investigators looked to the wife’s Fitbit for tracking data. The timeline that the husband gave and the timeline that the Fitbit showed of the wife’s last minutes did not match up. He was charged with murder, tampering with evidence, and providing false statements based partially on the wife’s Fitbit device. Detective Christopher Jones, a law enforcement official working a case similar to the Connecticut Fitbit case, stated that “As people continue to provide more and more personal information through technology, they have to understand we are obligated to find the best evidence, and this technology has become a part of that.” While this may be true, Fitbit officials took this opportunity to talk about their willingness to comply with law enforcement agencies in these situations. Company policy states that it will only provide data with a warrant, but without a warrant nothing can be given. (Fitbit, 2016)
While companies have strict policies much like Fitbit, there is still a strong possibility that law enforcement agencies may come across illicit information. As mentioned before, the Fourth Amendment makes a clear statement about the use of warrants and unreasonable search and seizures. The Amendment also mentions the importance of probable cause, which is where the lines get blurred in this situation. Agencies are working on a specific case and looking for specific information with a proper search warrant, but probable cause could be interpreted as bringing a suspect up on charges of something completely different based on their private data. Whether or not this would hold up in a court of law is unclear at this time. There have not been any reported-on court cases in which this situation has arisen.
Microsoft has been in disputes with the United States government since 2013, when US law enforcement issued a warrant for e-mails sent between drug traffickers. The warrant was served on Microsoft’s United States headquarters of Redmond, Washington, but much of the e-mail data that law enforcement officials were seeking was located in servers in Ireland. Microsoft was willing to comply with the warrant for the US-based e-mails due to the Stored Communications Act. The Stored Communications Act (SCA) pertains to information and data held by internet service providers, and their willingness to turn over data to law enforcement agencies. (Microsoft, 2016) The warrant was upheld, but was then over turned by a U.S. Court of Appeals. The decision was then petitioned to the Supreme Court for a decision. Technology companies sided with Microsoft, citing concerns for allowing data to be breached by other countries with similar warrants. The law enforcement agencies, however, believe that they would be able to solve a plethora of cases if they could obtain the private data.
Consumers have taken sides on these cases and topics as well. For those in favor of law enforcement agencies, their argument states that law enforcement agencies should have the right to view content data of any civilian if the agency believes the information could be used in a criminal investigation. This does not mean that agencies will be able to look at anyone and everyone’s personal information. The purpose of these warrants is to protect citizens of any given country, namely the United States. Citizens should not be concerned that their accounts are being searched for anything that could get them in trouble. If anything, citizens should be willing to work with law enforcement agencies. These agencies provide protection, and work in the common interest of the people whom they protect. Any information that could lead to arrests of terrorists or prevent attacks or crimes from happening should be a priority for these investigators. In 2014, the Pew Research Center polled American adults about the government and their personal privacy. Just 6% of adults say they are “very confident” that government agencies can keep their records private and secure, while another 25% say they are “somewhat confident.” (Pew, 2015)
While many more cases pertaining to data, privacy, and law enforcement agencies are being brought to light, businesses will continue to be effected for the better and for the worse. With data becoming less private and more accessible, consumers may start to consider purchasing products from companies that are more confident in their ability to withhold information from law enforcement agencies. That being said, laws will continue to change, as our society moves into a digital era where evidence will be much more pertinent when held in clouds, networks, and servers all over the world. Updating current laws and considering stare decisis will be pivotal as we move forward and continue to see these cases occur. The judicial system must have some way to determine cases, and the aforementioned cases might be the best place to start.