The third-party doctrine of Smith v. Maryland, 442 U.S. 735 (1979), is getting a bad rap from libertarians of the left and the right. Smith holds that the police don’t need a search warrant to get information about me from a third party. If I keep a diary in my desk drawer, the police must get a search warrant based on probable cause if they want to read it. If I leave the diary with my mother for safekeeping, though, the third party doctrine says that the police only need to serve her with a subpoena to get it. The same is true if I store the diary in the cloud with Google Drive or Dropbox. If it were on my computer, the police would need a warrant to read it; in the cloud, they don’t.
The theory of Smith is that I have a reduced privacy expectation in things I’ve shared with others. Life teaches us the same lesson. By the third grade we’ve all discovered the dangers of telling our deepest secrets to a friend. The Founders knew it too. As Ben Franklin famously said in Poor Richard’s Almanack, “Three can keep a secret, if two of them are dead.” And, less famously but even more to the point for Smith, “If you would keep your secret from an enemy, tell it not to a friend.”
Why should we rethink a doctrine so grounded in human experience? Advocates point to the mass of data that we increasingly share on the internet, especially via smart phones. If all that data can be obtained without a search warrant, they ask, what is left of the fourth amendment’s protection of our privacy? Surely there must be a limiting principle, a point where the intrusions are so great that the fourth amendment kicks in, no matter what Ben Franklin says. For example, Randy Barnett, my co-blogger, asks me whether the Smith doctrine means that the government could sweep up all the data that Americans have given to credit card companies, doctors, and accountants – without implicating the fourth amendment.
I’ll answer that by turning the question around. Smith is the law today; so when should it not apply? Randy seems to argue that Smith should recede and the fourth amendment should kick in whenever government starts gathering “too much” information. My first, quick answer to Randy pointed out that he has his own problem finding a limiting principle for that approach: We can agree that, today, a park policeman standing on the steps of the Lincoln Memorial does not need a warrant to observe the behavior of a tourist walking by. After all, the tourist knows that his appearance and actions there are available to the public, and he has no fourth amendment protection from observation. Why should the constitutional analysis change if the same policeman stands in the same spot on Inaugural Day, when he can observe half a million people? And if it should, when is he looking at “too many” people? 200? 20,000?
To be fair, Randy isn’t required to extend his “too much” argument to other fourth amendment exceptions. So let me try here to address the question whether Smith must be reconsidered if it allows the government to collect enormous amounts of information about Americans simply because the data is stored in third-party computers. Randy is sure that large-scale government scrutiny of third-party financial and medical records will be deeply shocking to American sensibilities, and the Court’s. I’m skeptical. A few simple Google searches turn up stories suggesting that the government is already scrutinizing 4.5 million medical transactions a day:
A provider-screening process is able to capture critical attributes that may help identify fraudulent health care providers. CMS is then able to use software to sift through the 4.5 million claims CMS receives a day and run them through algorithms that search for patterns of fraud.
Another search discloses that, pressed by Congress, the SEC is already using Big Data to scrutinize financial trading patterns as well as the transactions of regulated entities. Yet another shows that financial institutions already send the government 11 million reports a year about customer transactions that look suspicious. And as for phone metadata, I’ve estimated in the past that American law enforcement serves over a million metadata subpoenas a year on telephone companies, and that the practice is probably a hundred years old.
It seems a little late to decide that all this is “too much,” especially in the absence of evidence that Smith has been seriously abused. Privacy advocates are going to have trouble explaining where the “too much” line should be drawn, and exactly how many existing regulatory regimes the Supreme Court should overturn by undoing Smith.
That’s the argument against changing the Smith doctrine, and especially against the claim that “too much” use of Smith requires that the fourth amendment kick in. But I also think that there is a positive case for Smith. Since this post is already too long, I’ll cover the positive case in a second post, hopefully later today.