By Katie Gu
An April 2021 data privacy bill sponsored by Senator Ron Wyden (D-OR) has taken on new urgency in the post-Roe Digital Age.
The bipartisan bill, The Fourth Amendment Is Not For Sale Act, would close the current legal loophole through which the FBI, Department of Homeland Security, Department of Defense, Customs and Border Protection, Immigration and Customs Enforcement, and the Internal Revenue Service, have repeatedly purchased Americans’ personal and consumer information from data brokers.
In the wake of the recent Dobbs v. Jackson Women’s Health Organization decision, this bill may play an important role in protecting reproductive health data against government overreach and new forms of surveillance technologies.
Currently, law enforcement and intelligence agencies can buy sensitive personal data, including location information and search histories, from data brokers without any court oversight. This practice sharply contrasts with the strict warrant requirements imposed on law enforcement requests for personal or consumer data sought from third-party wireless providers, as established by Carpenter v. United States.
The Fourth Amendment Is Not For Sale Act, whose co-sponsors include Senators Rand Paul and Bernie Sanders, would require the government to obtain court orders before compelling data brokers to disclose personal user data. Government agencies would no longer be able to simply buy Facebook, LinkedIn, or Twitter user data from data brokers like Clearview AI. Intelligence agencies seeking an individual’s personal data would also have to conform to the framework of the Foreign Intelligence Surveillance Act.
***
The Fourth Amendment Is Not For Sale Act heralds a broader need for new legislation, especially as privacy protections formerly guaranteed under Fourth Amendment doctrine may now be imperiled by Dobbs.
Ratified in 1791, the Fourth Amendment was originally intended to protect against unreasonable searches and seizures of physical property, such as an individual’s home or personal papers. However, contemporary Fourth Amendment doctrine expanded beyond its property-based origins to include a broader, unenumerated right to privacy. These protections evolved in response to new surveillance technologies, including wiretapping and thermal imaging.
Justice Brandeis noted in his dissent in Olmstead v. United States that interpretations of the Fourth Amendment must have a “capacity of adaptation to a changing world.”
In Katz v. United States, the Supreme Court further established that the Fourth Amendment protects against government searches where an individual has a subjective expectation of privacy that is recognized as reasonable by public standards. Such protections are necessary to protect against current technologies that our Framers could never have anticipated. However, the current Court’s textual, historical interpretations of the Constitution may result in the crumbling of the Fourth Amendment’s privacy protections against modern surveillance technologies.
For example, the Stored Communications Act (SCA), 18 U.S.C. 2701, limits the government’s ability to compel internet service providers to disclose customer and subscriber data. The Act serves to create a set of “Fourth Amendment-like privacy protections by statute” to monitor the relationship between government investigators and service providers possessing users’ private information. Notably, the Act does not protect consumer data obtained by data brokers collecting information from websites or mobile applications.
In the 2010 case Crispin v. Christian Audigier, Inc., protections guaranteed by the SCA helped quash a subpoena issued to Facebook by a federal court to obtain a Facebook user’s private messages, comments, and wall postings. The Crispin court held that the subpoena issued against Facebook, an electronic communication service provider under the SCA, failed to meet SCA’s stringent standards. With respect to the private messages, the court held that these forms of electronic communication are inherently private and could not be subpoenaed.
By contrast, in June 2022, local Nebraska police successfully obtained access to private Facebook messages and extensive user data of a mother whose daughter allegedly sought and used abortion pills. The police obtained not only the private messages of the mother, but also extensive user information, profile contact information, and user IDs directly from Facebook by court order.
While Crispin and the recent Nebraska case involve government requests for personal user data issued directly against Facebook (as opposed to data brokers), their opposing outcomes signal a weakening of privacy rights in the wake of Dobbs.
***
Dobbs poses a new threat to unenumerated rights not deeply rooted in our country’s history and traditions.
Legislative reform is now needed to ensure the continuity of privacy rights in the Digital Age. Evolving technologies will require new proposals, such as the Fourth Amendment Is Not For Sale Act, to protect post-Roe American civil liberties. The prospects of this bill seem promising, as it received strong bipartisan support at the July 2022 House Judiciary Committee hearing “Digital Dragnets: Examining the Government’s Access to Your Personal Data.”
In parallel, the technology industry should take a closer look at data management, encryption, and retention policies for reproductive data. Combined legislative and industry measures will be needed to safeguard personal data against new risks and practices of unreasonable, overreaching surveillance after the fall of Roe.