Volume 55

Cybersurveillance Intrusions and an Evolving Katz Privacy Test

by Margaret Hu

Cybersurveilllance intrusions necessitate a different Fourth Amendment test than the privacy test set forth by the Supreme Court in Katz v. United States1 50 years ago. As part of the Symposium, Katz at 50: The Fourth Amendment in the Digital Age, this Article aims to illustrate why the transformation of Fourth Amendment doctrine is not only necessary with the increasing adoption of cybersurveillance technologies, but has already begun.2 Courts are increasingly confronted with the constitutional implications of mass surveillance made possible by big data governance.3 For example, suspicionless mass data collection, predictive analysis, and ex ante policing all present emerging and unresolved constitutional issues.4

To contextualize why a new approach to the Fourth Amendment is essential, this Article describes two emerging cybersurveillance tools. The first cybersurveillance tool, Geofeedia,5 has been deployed by state and local law enforcement.6 Geofeedia uses a process known as “geofencing” to draw a virtual barrier around a particular geographic region, and then identifies and tracks public social media posts within that region for predictive policing purposes.7 The second tool, Future Attribute Screening Technology (FAST), is under development by the United States Department of Homeland Security (DHS).8 FAST is another predictive policing tool that analyzes physiological and behavioral signals with the goal of identifying “malintent”: an individual’s predilection for disruptive or violent behavior.9 Both Geofeedia and FAST seem to fall outside the scope of protections afforded by existing Fourth Amendment jurisprudence.10

Under the Fourth Amendment, unreasonable searches and seizures are prohibited—but reasonable searches may be permissible. For 50 years, Katz v. United States11 has defined the federal courts’ approach to evaluating what is a “reasonable” law enforcement action under the Fourth Amendment. The Katz test assesses whether law enforcement has violated an individual’s “constitutionally protected reasonable expectation of privacy.”12 This test is traditionally used to determine whether a search has occurred within the meaning of the Fourth Amendment.13 Katz focuses on whether an individual intended to keep information private14 and whether information had been previously disclosed.15 Technological developments, however, may change which expectations of privacy are “reasonable,” calling the continued viability of the Katz “reasonable expectation of privacy” test into question.16

Thus far, the Supreme Court has begun to discern implications of big data governance structures and policies. In the 2012 case of United States v. Jones,17 the Court considered the constitutionality of warrantless GPS tracking.18 During oral argument, several Justices signaled a concern that GPS geolocational data collection could extend beyond one GPS device attached to a single vehicle in the course of a small data investigation.19 Specifically, members of the Court expressed concern that GPS devices could be attached to all vehicles,20 and speculated, for example, Departments of Motor Vehicles could include GPS devices on license plates.21 The Court discussed the potential for universal GPS tracking of every vehicle to be mandated under state or federal law22 or standardized in vehicle manufacturing.23

The government attempted to assuage the Court’s concern over the specter of mass surveillance by pointing out that “[t]his case does not involve universal surveillance of every member of this Court or every member of the society. It involves limited surveillance of somebody who was suspected of drug activity.”24 Ultimately, the Court refrained from engaging in a full analysis of whether Katz’s reasonable expectation of privacy was applicable in a warrantless GPS tracking context. Instead, it resorted to an approach to the Fourth Amendment analysis that relied on trespass theory, which, as the Court explained, is an alternative to Katz.25 Taking a narrow approach, the Court held that “the Government’s installation of a GPS device on a target’s vehicle, and its use of that device to monitor the vehicle’s movements, constitutes a [Fourth Amendment] ‘search.’”26

Similarly, in the 2014 case of Riley v. California,27 the Court considered whether a warrantless search of a cell phone incident to arrest violates the Fourth Amendment.28 During oral argument, the Court grappled with the difference between a search of a cell phone and a search of an individual’s other effects in a search incident to arrest.29 Digital data, as the Court pointed out, is different because “a person can only carry so much on their person . . . [but] with digital cameras people take endless photos and it spans their entire life.”30 The Court also noted the potential for abuse if it approved a warrantless search of a phone incident to arrest, positing that a person could be arrested for a minor traffic infraction, and then officers could search the individual’s phone to learn virtually every detail of the arrestee’s life.31 In a unanimous opinion, Chief Justice Roberts refused to extend search incident to arrest precedent to cell phones, holding that a warrant is required before a search of an arrestee’s cell phone.32 Despite being hailed as victories for privacy advocates,33 neither Jones nor Riley identify a limiting principle for government intrusion through comprehensive dataveillance and cybersurveillance means.34

The Court, however, was not blind to the need for a dramatic revision of Fourth Amendment protections. During oral argument in Jones, and in concurrences by Justices Alito and Sotomayor, the Court suggested that a nonintrusion test may be more appropriate given the scope of developing technology. A nonintrusion test is grounded in customary law, replacing an interpretation of the Fourth Amendment that is currently grounded in property and tort law, and presents a way to untether concepts of privacy from nondisclosure.35

This Article proceeds in three parts. Part I explores how precrime rationales justify preventive policing through big data cybersurveillance systems. This discussion helps to lay a foundation for why a nonintrusion test provides a method to address Fourth Amendment concerns in the context of large-scale suspicionless data surveillance and seizures. Part II discusses why suspicionless data screening programs fall outside Fourth Amendment protections against unreasonable searches and seizures under Katz. Katz’s reasonable expectation of privacy test may not protect the data relied upon by contemporary cybersurveillance programs. Nonetheless, these programs implicate Fourth Amendment concerns, as well as other constitutional rights. Part III argues that a nonintrusion test is more appropriate in these arenas than is Katz because of the nature of big data technology, cybersurveillance, and bulk data collection practices. This Article concludes by arguing that, due to rapid technological changes, the evolution of the Fourth Amendment is now necessary, and the adoption of a non-intrusion test may provide greater protections to constitutional freedoms than the Katz privacy test.

Keep Reading

Subscribe to ACLR

1. 389 U.S. 347 (1967).

2. See, e.g., Riley v. California, 134 S. Ct. 2473 (2014); United States v. Jones, 565 U.S. 400 (2012);

Susan W. Brenner, The Fourth Amendment in an Era of Ubiquitous Technology, 75 MISS. L.J. 1 (2005); Laura K. Donohue, The Original Fourth Amendment, 83 U. CHI. L. REV. 1181 (2016); Andrew Guthrie Ferguson, The Internet of Things and the Fourth Amendment of Effects, 104 CAL. L. REV. 805 (2016); Andrew Guthrie Ferguson, The “Smart” Fourth Amendment, 102 CORNELL L. REV. 547 (2017); David Gray, Dangerous Dicta, 72 WASH. & LEE L. REV. 1181 (2015); David Gray & Danielle Citron, The Right to Quantitative Privacy, 98 MINN. L. REV. 62 (2013); Adam Gershowitz, The Post-Riley Search Warrant, 69 VAND. L. REV. 585 (2016); Orin S. Kerr, The Mosaic Theory of the Fourth Amendment, 111 MICH. L. REV. 311 (2012); Orin S. Kerr, Search Warrants in an Era of Digital Evidence, 75 MISS. L.J. 85 (2005); Alex Kozinski & Eric S. Nguyen, Has Technology Killed the Fourth Amendment?, 2011–2012 CATO SUP. CT. REV. 15 (2011); Rachel Levinson-Waldman, Hiding in Plain Sight: A Fourth Amendment Framework for Analyzing Government Surveillance in Public, 66 EMORY L.J. 527 (2017); Christopher Slobogin, The World Without a Fourth Amendment, 38 UCLA L. REV. 1 (1991); Christopher Slobogin, Peeping Techno-Toms and the Fourth Amendment: Seeing Through Kyllo’s Rules Governing Technological Surveillance, 86 MINN. L. REV. 1393 (2002); Daniel J. Solove, Fourth Amendment Pragmatism, 51 B.C. L. REV. 1511 (2010); see infra Part III.

3. See, e.g., Clapper v. Amnesty Int’l USA, 568 U.S. 398 (2013); ACLU v. Clapper, 785 F.3d 787 (2d Cir. 2015); Klayman v. Obama, 957 F. Supp. 2d 1 (D.D.C. 2013), vacated, Obama v. Klayman, 800 F.3d 559 (D.C. Cir. 2015); Klayman v. Obama, 142 F. Supp. 3d 172 (D.D.C. 2015); see also Laura K. Donohue, Bulk Metadata Collection: Statutory and Constitutional Considerations, 37 HARV. J.L. & PUB. POLY 757 (2014); Laura K. Donohue, Section 702 and the Collection of International Telephone and Internet Content, 38 HARV. J.L. & PUB. POLY 117 (2015); Margaret Hu, Small Data Cybersurveillance v. Big Data Cybersurveillance, 42 PEPP. L. REV. 773 (2015); Neil M. Richards, The Dangers of Surveillance, 126 HARV. L. REV. 1934 (2013); Stephen Rushin, The Judicial Response to Mass Police Surveillance, 2011 U. ILL. J.L. TECH. & POLY 281 [hereinafter Rushin, The Judicial Response]; Christopher Slobogin, Government Data Mining and the Fourth Amendment, 75 U. CHI. L. REV. 317 (2008); Orin S. Kerr, Foreword: The Future of Internet Surveillance Law, 72 GEO. WASH. L. REV. 1139 (2004).

4. See, e.g., Jack M. Balkin, The Constitution in the National Surveillance State, 93 MINN. L. REV. 1, 10–11 (2008) (“Governance in the National Surveillance State is increasingly statistically oriented, ex ante and preventative, rather than focused on deterrence and ex post prosecution of individual wrongdoing.”); Jack M. Balkin & Sanford Levinson, The Processes of Constitutional Change: From Partisan Entrenchment to the National Surveillance State, 75 FORDHAM L. REV. 489 (2006). “Like preventive measures, policing measures can be either ex ante or ex post, according to whether they function before—or only after—the wrong occurs.” Jennifer Arlen & Reinier Kraakman, Controlling Corporate Misconduct: An Analysis of Corporate Liability Regimes, 72 N.Y.U. L. REV. 687, 706 (1997). Ex ante policing has been defined as a “form of continuous monitoring . . . [that] can deter misconduct by increasing the likelihood that it will be detected and sanctioned.” Id. Although this definition refers to the corporate context, the principles remain the same regarding criminal policing applications. See, e.g., David Cole, The Difference Prevention Makes: Regulating Preventive Justice, 9 CRIM. L. & PHIL. 501 (2015); Jennifer C. Daskal, Pre-Crime Restraints: The Explosion of Targeted, Noncustodial Prevention, 99 CORNELL L. REV. 327 (2014); see also Laura K. Donohue, Technological Leap, Statutory Gap, and Constitutional Abyss: Remote Biometric Identification Comes of Age, 97 MINN. L. REV. 407 (2012); Laura K. Donohue, The Dawn of Social Intelligence (SOCINT), 63 DRAKE L. REV. 1061 (2015); Collins T. Fitzpatrick, Protecting the Fourth Amendment So We Do Not Sacrifice Freedom for Security, 2015 WIS. L. REV. 1; David Gray, A Collective Right to Be Secure from Unreasonable Tracking, 48 TEX. TECH. L. REV. 189 (2015) [hereinafter Gray, A Collective Right]; Margaret Hu, Algorithmic Jim Crow, 86 FORDHAM L. REV. 633 (2017); Margaret Hu, Biometric Surveillance and Big Data Governance, in THE CAMBRIDGE HANDBOOK OF SURVEILLANCE LAW (David Gray & Stephen E. Henderson eds., 2017); Paul Ohm, Electronic Surveillance Law and the Intra-Agency Separation of Powers, 47 U.S.F. L. REV. 269 (2012); Christopher Slobogin, Policing as Administration, 165 U. PA. L. REV. 91 (2016); Nadine Strossen, Beyond the Fourth Amendment: Additional Constitutional Guarantees that Mass Surveillance Violates, 63 DRAKE L. REV. 1143 (2015); Russell L.Weaver, The Fourth Amendment and Technologically Based Surveillance, 48 TEX. TECH. L. REV. 231 (2015).

5. See GEOFEEDIA, https://geofeedia.com/ (last visited Nov. 6, 2017).

6. See, e.g., Jonah Engel Bromwich, Daniel Victor & Mike Isaac, Police Use Surveillance Tool to Scan Social Media, A.C.L.U. Says, N.Y. TIMES (Oct. 11, 2016), https://www.nytimes.com/2016/10/12/technology/aclu-facebooktwitter-instagram-geofeedia.html?_r=0; Craig Timberg & Elizabeth Dwoskin, Facebook, Twitter and Instagram Sent Feeds that Helped Police Track Minorities in Ferguson and Baltimore, Report Says, WASH. POST (Oct. 11, 2016), https://www.washingtonpost.com/news/the-switch/wp/2016/10/11/facebook-twitter-and-instagram-sentfeeds-that-helped-police-track-minorities-in-ferguson-and-baltimore-aclu-says/?utm_term=.c74a5bc5eb08; Matthew Cagle, Facebook, Instagram, and Twitter Provided Data Access for a Surveillance Product Marketed to Target Activists of Color, ACLU (Oct. 11, 2016, 11:15 AM), https://www.aclu.org/blog/free-future/facebookinstagram-and-twitter-provided-data-access-surveillance-product-marketed; Nicole Ozer, Police Use of Social Media Surveillance Software is Escalating, and Activists are in the Digital Crosshairs, ACLU (Sep. 22, 2016, 2:45 PM), https://www.aclu.org/blog/free-future/police-use-social-media-surveillance-software-escalating-andactivists-are-digital; infra notes 42–58.

7. See infra notes 44–45 and accompanying text.

8. See Sharon Weinberger, Intent to Deceive?, 465 NATURE 412, 414–15 (2010); infra notes 61–77 and accompanying text.

9. See infra notes 65–69 and accompanying text.

10. See U.S. CONST. amend. IV.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

11. 389 U.S. 347 (1967).

12. Id. at 360 (Harlan, J., concurring).

13. See United States v. Jones, 565 U.S. 400, 406 (2012) (“Our later cases have applied the analysis of Justice
Harlan’s concurrence in [Katz], which said that a violation occurs when government officers violate a person’s
‘reasonable expectation of privacy.’”); United States v. Jacobsen, 466 U.S. 109, 120 (1984) (explaining that law
enforcement action that does not infringe on a “legitimate expectation of privacy . . . [is] not a ‘search’ within the
meaning of the Fourth Amendment.”); see also Smith v. Maryland, 442 U.S. 735, 745–46 (1979).

14. See, e.g., Katz, 389 U.S. at 361 (“Thus a man’s home is, for most purposes, a place where he expects
privacy, but objects, activities, or statements that he exposes to the ‘plain view’ of outsiders are not ‘protected’
because no intention to keep them to himself has been exhibited.”).

15. See, e.g., Smith, 442 U.S. at 742; United States v. Miller, 425 U.S. 435, 440–41 (1976).

16. See, e.g., Jones, 565 U.S. at 427 (Alito, J., concurring); see also supra notes 2–4.

17. Jones, 565 U.S. 400.

18. Id. at 402.

19. Transcript of Oral Argument at 29–30, 36, 46, 57–58, Jones, 565 U.S. 400 (No. 10-1259).

20. Justice Kagan asked about the constitutionality of a future in which “all cars are going to have GPS tracking systems, and the police could essentially hack into such a system without committing the trespass.” Id. at 46.

21. Chief Justice Roberts noted that because license plates are state property, the possibility existed that the state could put a GPS device “the size of a credit card . . . behind the license plate” on any individual’s vehicle. Id. at 29–30.

22. Id. at 46. Stephen Leckar, the attorney for Jones, pointedly explained that if GPS systems were installed in
all vehicles, “that’s because of manufacturers doing it, or because Congress has legislated it . . . .” Id.

23. Id.

24. Id. at 58.

25. United States v. Jones, 565 U.S. 400, 411 (2012) (“For unlike the concurrence, which would make Katz the exclusive test, we do not make trespass the exclusive test. Situations involving merely the transmission of electronic signals without trespass would remain subject to Katz analysis.”).

26. Id. at 404.

27. 134 S. Ct. 2473 (2014).

28. Id. at 2480.

29. Transcript of Oral Argument at 8–11, 27–29, Riley, 134 S. Ct. 2473 (No. 13-132).

30. Id. at 28.

31. Justice Kagan stated:

And the police could take that phone and could look at every single e-mail that person has written, including work e-mails, including e-mails to family members, very intimate communications, could look at all that person’s bank records, could look at all that person’s medical data, could look at that person’s calendar, could look at that person’s GPS and find out every place that person had been recently because that person was arrested for driving without a seat belt.

Id. at 29–30.

32. Riley, 134 S. Ct. at 2485.

33. See, e.g., Andy Greenberg, Why the Supreme Court May Finally Protect Your Privacy in the Cloud, WIRED (June 26, 2014), https://www.wired.com/2014/06/why-the-supreme-court-may-finally-protect-your-privacy-in-the-cloud/; Adam Liptak, Major Ruling Shields Privacy of Cellphones, N.Y. TIMES (June 25, 2014), https://www.nytimes.com/2014/06/26/us/supreme-court-cellphones-search-privacy.html?_r=0; Ateqah Khaki, Supreme Court Rules Government Violated Privacy Rights in GPS Tracking Case, ACLU (Jan. 23, 2012, 12:29 PM), https://www.aclu.org/blog/supreme-court-rules-government-violated-privacy-rights-gps-tracking-case; US v. Jones, ELEC. FRONTIER FOUND., https://www.eff.org/cases/us-v-jones (last visited June 14, 2017).

34. See, e.g., Riley v. California, 134 S. Ct. 2473, 2493 (2014) (explaining the Court’s holding, which required a warrant before a search of a cell phone incident to arrest); United States v. Jones, 565 U.S. 400, 412 (2012) (explaining that “the present case does not require [the Court] to answer [the] question” of whether constant electronic surveillance “without an accompanying trespass” is an “unconstitutional invasion of privacy”). Multiple scholars have explored in depth the constitutional implications of mass surveillance and cybersurveillance technologies. See, e.g., SIMON CHESTERMAN, ONE NATION UNDER SURVEILLANCE (2011); DAVID COLE & JULES LOBEL, LESS SAFE, LESS FREE (2007); DAVID COLE & JAMES X. DEMPSEY, TERRORISM AND THE CONSTITUTION (2002); CONSTITUTION 3.0: FREEDOM AND TECHNOLOGICAL CHANGE (Jeffrey Rosen & Benjamin Wittes eds., 2011); JON L. MILLS, PRIVACY: THE LOST RIGHT (2008); Orin S. Kerr, An Equilibrium-Adjustment Theory of the Fourth Amendment, 125 HARV. L. REV. 476 (2011).

35. In a sister article, the discussion focuses more intensely on the origins of the Katz test and how current Fourth Amendment jurisprudence has fared in the face of Fourth Amendment challenges to modern cybersurveillance. See Margaret Hu, Orwell’s 1984 and a Fourth Amendment Cybersurveillance Nonintrusion Test, 92 WASH. L. REV. 1819 (2018). In this Article, the discussion focuses more on the cybyersurveillance techniques. The goal is to discuss how representative cybersurveillance technologies function, and why they appear to circumvent the protections offered by Katz and its progeny.