This article, written by EFF staff attorney Hanni Fakhoury, was originally published June 24 on the EFF website.
The U.S. Supreme Court’s 1979 decision of Smith v. Maryland turned 35 years old last week. Since it was decided, Smith has stood for the idea that people have no expectation of privacy in information they expose to others. Labeled the third party “doctrine” (even by EFF itself), Smith has come up over and over in the debates surrounding electronic surveillance and NSA spying.
But the idea that information exposed to others is no longer private has been oversold. Millions of Americans expect all sorts of things exposed to third parties remain private under state law. And as technology advances and the information we give to ISPs and telcos becomes more and more revealing, even federal courts are beginning to rethink whether Smith is the absolute rule the government claims it should be.
On its 35th birthday, Smith’s vitality is on the decline, and that’s a good thing.
The Smith Decision
In Smith police requested a telephone company to install a pen register to monitor the phone numbers a robbery suspect dialed. Although police had no warrant or judicial order, the phone company installed the pen register and police monitored the calls for three days. Eventually, Smith was arrested and challenged the government’s use of a pen register as an unreasonable search under the Fourth Amendment.
A Fourth Amendment “search” occurs when the government intrudes on a subjective expectation of privacy that society would consider reasonable. In Smith’s case, the trial and appellate courts rejected his argument that the use of a pen register was a “search.” The Supreme Court agreed to review the case because lower courts had issued conflicting opinions about whether people expect the phone numbers they dial to remain private.
In a 6-3 decision, the Supreme Court rejected Smith’s argument and ruled the use of the pen register wasn’t a “search.”
It found Smith had no subjective expectation of privacy in the dialed phone numbers because he (and everyone else) conveyed those numbers to the phone company in order to have his calls completed. Even if Smith thought the numbers would remain private, the Supreme Court believed society would treat that expectation as unreasonable because the high court had consistently held “that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith relied on an earlier case, United States v. Miller, where the Supreme Court found a bank customer’s deposit and banking records were not private because the customer assumed the risk that someone they shared information with could reveal that same information to another person, including the government. Since Smith had no expectation of privacy in the numbers he dialed, there was no “search” and no need for police to get a warrant to install the pen register.
Three justices dissented, finding that people do have an expectation of privacy in the phone numbers they dial. In a dissent that was ahead of its time, Justice Potter Stewart wrote that phone numbers were an “integral part” of communication and a part of the “content” of the communication itself. And Justice Thurgood Marshall noted “privacy is not a discrete commodity, possessed absolutely or not at all.”
After Smith, the government continued to press the idea that people have no expectation of privacy in information exposed to others, and the Supreme Court accepted this in many contexts. In California v. Greenwood, for example, the Supreme Court ruled that people have no expectation of privacy in garbage they leave on the side of the road for pickup because animals or scavengers could access the contents. And in California v. Ciraolo, the Court ruled police could fly a plane over someone’s fenced-in backyard and look in without a warrant because homeowners expose their backyards to overhead aerial observation.
Miller, Smith and Greenwood were all decided under the Fourth Amendment, which applies to state and federal law enforcement throughout the United States. But these decisions were met with resistance by states who believed their citizens’ bank records, the phone numbers they dial and the trash they left on the side road are presumably private, even if possibly exposed to other people in limited contexts. As a result, state courts began issuing opinions disagreeing with these Supreme Court decisions and interpreting their state constitutions to provide stronger privacy protections than the Fourth Amendment. In states like Florida, Pennsylvania and Utah, customers have an expectation of privacy in their bank records. Residents of California, Colorado and Illinois have an expectation of privacy in their phone records. And in Hawaii, New Hampshire and New Mexico, people have an expectation of privacy in the garbage they leave for pickup.
Taken together, approximately 36 percent of the United States population has an expectation of privacy in either their bank records, phone records or garbage under state law. Residents of California and New Jersey—approximately 47 million people—have an expectation of privacy in all three.
Smith in the 21st Century
It’s doubtful the justices would have predicted that their narrow decision upholding the warrantless collection of the phone numbers one person dialed over three days would be stretched to justify forms of electronic surveillance that would have been the stuff of science fiction in 1979. Unfortunately, Smith has been used to justify all sorts of surveillance, from the FBI seeking Twitter account information and the police tracking a cell phone’s past locations to the NSA’s bulk collection of telephone metadata and Internet communications.
But as technology that creates and collects vast amounts of data about those who use it becomes commonplace, courts are starting to push back.
In 2007, the New Jersey Supreme Court ruled people have an expectation of privacy in Internet subscriber records. In 2010, the federal Sixth Circuit Court of Appeals—which includes Kentucky, Michigan, Ohio and Tennessee—ruled in United States v. Warshak that people have an expectation of privacy in email stored with an online service provider.
Then in 2012, Supreme Court Justice Sonia Sotomayor’s concurring opinion in United States v. Jones, which involved the constitutionality of installing a GPS device onto a car, sent a strong signal to courts that it was time to “reconsider” Smith. She found the idea that people have no expectation of privacy in information they turn over to others was “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”
After Jones, state and federal courts have increasingly rejected the government’s attempts to extend Smith to new forms of data. Just last week, the Eleventh Circuit Court of Appeals—which covers Alabama, Florida and Georgia—ruled in United States v. Davis that people have an expectation of privacy in “even one point of cell site location data.” Disagreeing within a 2013 decision from the Fifth Circuit Court of Appeals, it distinguished Smith by noting that cell phone users don’t voluntarily convey their location because they don’t realize their location will be revealed to the cell phone company when they make a call, and because users have no choice about what information they reveal when they receive a call from someone else. The state courts of Massachusetts and New Jersey reached the same result under their state constitutions. Several states have passed legislation that requires police to obtain a search warrant to track a person’s location through their cell phone. And it’s likely that in states like California, where there is an expectation of privacy in dialed phone numbers, people would also have an expectation of privacy in cell site location info too.
When it comes to using Smith to justify the NSA’s bulk collection of phone records, courts have issued conflicting opinions. A New York federal judge ruled the program was constitutional under Smith while another federal judge in DC, Judge Richard Leon, ruled the seizure of phone records was likely unconstitutional, noting it was foolish to compare the limited use of the pen register in Smith with the NSA’s enormous data collection. Most recently, a federal judge in Idaho reviewing the NSA’s phone records program believed it was bound to follow Smith but hoped that Judge Leon’s opinion would “serve as a template for a Supreme Court opinion.”
Not All or Nothing
Despite these varying standards, it’s clear that Justice Marshall was correct in his Smith dissent when he noted that privacy is not an all or nothing commodity. Most Americans expect their bank records or the phone numbers they dial are private, and many Americans live in states that provide constitutional protection to that information. An increasing number of law enforcement agencies throughout the United States must use a search warrant to get cell site records from a cell phone company under state and, increasingly, federal law.
Ultimately, as more people have a subjective expectation of privacy in information exposed to others, these expectations also become ones that society is prepared to accept as reasonable. And if that’s the case, then the Fourth Amendment should recognize that expectation of privacy as reasonable too. In other words, as more people do have an expectation of privacy in information they’ve turned over to third parties, it’s the Smith decision, and not the expectation of privacy, that becomes unreasonable.