« Is Blogging Worth It? (Jr. Law Prawfs FAQ) | Main | The Subtle But Serious Flaw in the Supreme Court's Welch Ruling »

Monday, April 18, 2016

Fitbits and the Fourth Amendment

I wanted to spend a few posts examining questions arising from my scholarship.  Prawfsblawg presents an attractive audience of educated, curious readers to try out ideas.  So here is a question that has shaped some of my recent thinking.  What is the “smart” data coming from your Fitbit, smart car, smart refrigerator, or smart bandage to the Fourth Amendment?  Should it be protected under the Fourth Amendment?  Is direct interception of this information a search of “persons, homes, papers, or effects”?  Is direct interception a violation of an “expectation of privacy?”

The question matters because if the smart data falls outside of these Fourth Amendment definitions, it can be intercepted by law enforcement without a warrant.

    

The Supreme Court has offered up some clues, but no answers.  From U.S. v. Jones we know that certain members of the Supreme Court think long-term, aggregated locational tracking of a car (an effect) via GPS is a search.  From Riley v. California, we know that the court thinks data in a smartphone deserves some Fourth Amendment protection.  But, what about the digital trails (arising from the ever growing Internet of Things) all of which reveal your patterns, habits, and intimate activities?

This subject is a legal puzzle I have been considering through a series of articles.  In one article –The Internet of Things and the Fourth Amendment of Effects – I have argued that we should redefine the term “effect” to include both the data inside the object as well as some of the communicating data emanating from the object.  After all, we have redefined other Fourth Amendment terms of art.   “Homes” now includes apartments, motels, and the curtilage area outside the home (among other things).  And, we have redefined Fourth Amendment “persons” to include excreted blood, urine, and even corporate “persons.”  So why not redefine Fourth Amendment “effects” to take into account not just the object, but the data in the object and some of that smart data coming from your new smart thing (which is after all the added value of that new smart pill bottle you just bought).

In a second (draft) article – The “Smart” Fourth Amendment – I have argued that smart data should be protected because we routinely protect the “informational security” in “persons, homes, papers, or effects.”  Protecting the data from those constitutional sources is, thus, consistent with this theme of informational security.  In the Jones GPS case, the protection did not focus merely on the physical, “thing-ness” of the car at issue, but the informational security of keeping the movements of the car secure from government tracking.  Similarly, if you trace out the reasons for protecting papers, it is not because of any reverence for parchment, but to secure the information on that paper.  The reason for protecting urine excreted from a person is not to protect the waste product (we don’t want it back), but to secure the information potentially revealed by the biological matter.  So, too, with the digital trails arising from smart devices, what should be protected is the informational security deriving from a constitutionally recognized source.

But it remains a puzzle, with these articles only two large pieces in a larger jigsaw of ideas. 

My question here is born more out of curiosity to this audience.  If you own a smart device – from a GM car (with OnStar capabilities) to a Fitbit to a smartphone – do you think the data trails should be protected by the Fourth Amendment?  Do you take steps to secure the information?  Do you expect privacy or security?

Posted by Andrew Guthrie Ferguson on April 18, 2016 at 10:06 AM | Permalink

Comments

Ah, but there is a difference between the private sector "big data" knowing my eating habits by offering me discounts to acquire it, and the government collecting the data.

Posted by: Phil | Apr 19, 2016 10:25:41 AM

Phil:

Big data knows your eating habits. That is what those coupon cards are for...

As to your Fourth Amendment analysis, that is exactly the type of questions I wrestle with in my articles.

Posted by: Andrew Guthrie Ferguson | Apr 18, 2016 9:02:50 PM

"What is this data?" likely has more than one answer.

A Word document that can be accessed through my smart phone via Dropbox is analogous to a hard copy paper in my desk drawer at home. I consider it a Fourth Amendment "paper" the state would need a warrant to obtain.

The route I ran while jogging this morning, captured on a Fitbit, seems less like a paper or effect and more like a set of digital footprints. If I was out jogging in public, I am less concerned about the data describing my route being intercepted. Information about my heart rate, however, I think is my "person" and private. Additionally, if the Fitbit captured the physical activity of lovemaking, I should think the government ought not to be intruding on that intimate activity, secure in my home. Kyllo disallowed warrantless peering through walls because the police might see the lady of the house bathing; similarly, I think they should not be allowed to intercept a signal that transmits one's private physical activity.

Just as the police cannot open a snail mail letter I send to another, but can inspect the public exterior of the envelope, I would expect they could see without a warrant whom I text or email, but not what I text or email.

Lastly, while it is not quite a Fourth Amendment issue, I'll share another digital privacy concern. I am retired from the military and when I grocery shop at the commissary, I have to show an ID to enter. Recently, they have also started scanning the ID when I check out. I am not too keen on "big brother" cataloging my eating habits.

Posted by: Phil | Apr 18, 2016 2:09:28 PM

Phil:

I think under a "reasonable expectation of privacy" framework with the current third-party doctrine, you may be correct that Smith controls. Others have argued that Smith is distinguishable from the types of devices and information available on smartphones, but that is not really my battle.

My inquiry has been a bit more narrow, looking not at the third party interception (asking Nike for information about the fitness device), but the direct interception of the data from a smart device. In that case, the third party doctrine (the third party work-around) is not at issue (it is a direct interception). But, the constitutional question remains. What is this data for Fourth Amendment purposes?

Posted by: Andrew Guthrie Ferguson | Apr 18, 2016 12:22:19 PM

How, legally, does this "smart" trail differ from the pen register in Smith v. Maryland (1979)? I don't see it. The consumer is using a device that necessarily requires the participation of a business in order to function. Where is there any expectation of privacy of the fit bit data that did not exist in the telephone pen register in Smith? I think there is less, actually. It is now common knowledge that firms like Google and Apple make their billions by collecting and exploiting those data.

Posted by: Phil | Apr 18, 2016 12:14:19 PM

I kind of expect that the company is selling as much of my data as they can to whoever will pay. So it doesn't feel particularly private, and a government acquisition of the data doesn't seem unusually invasive.

Posted by: Fitbits | Apr 18, 2016 11:23:29 AM

Post a comment