Fourth Amendment Codification and Professor Kerr\u27s Misguided Call for Judicial Deference

This essay critiques Professor Orin Kerr\u27s provocative article, The Fourth Amendment and New Technologies: Constitutional Myths and the Case for Caution, 102 Mich. L. Rev. 801 (2004). Increasingly, Fourth Amendment protection is receding from a litany of law enforcement activities, and it is being replaced by federal statutes. Kerr notes these developments and argues that courts should place a thumb on the scale in favor of judicial caution when technology is in flux, and should consider allowing legislatures to provide the primary rules governing law enforcement investigations involving new technologies. Kerr\u27s key contentions are that (1) legislatures create rules that are more comprehensive, balanced, clear, and flexible; (2) legislatures are better able to keep up with technological change; and (3) legislatures are more adept at understanding complex new technologies. I take issue with each of these arguments. Regarding Kerr\u27s first contention, I argue that Congress has created an uneven fabric of protections that is riddled with holes and weak safeguards. Kerr\u27s second contention - that legislatures are better able to update rules quickly as technology shifts - is belied by the historical record, which suggests Congress is actually far worse than the courts in reacting to new technologies. As for Kerr\u27s third contention, shifting to a statutory regime will not eliminate Kerr\u27s concern with judges misunderstanding technology. In fact, many judicial misunderstandings stem from courts trying to fit new technologies into an old statutory regime that is built around old technologies. Therefore, while Kerr is right that our attention must focus more on the statutes, he is wrong in urging for a deferential judicial approach to the Fourth Amendment

Rethinking Privacy and Freedom of Expression in the Digital Era: An Interview with Mark Andrejevic

Mark Andrejevic, Professor of Media Studies at the Pomona College in Claremont, California, is a distinguished critical theorist exploring issues around surveillance from pop culture to the logic of automated, predictive surveillance practices. In an interview with WPCC issue co-editor Pinelopi Troullinou, Andrejevic responds to pressing questions emanating from the surveillant society looking to shift the conversation to concepts of data holders’ accountability. He insists on the need to retain awareness of power relations in a data driven society highlighting the emerging challenge, ‘to provide ways of understanding the long and short term consequences of data driven social sorting’. Within the context of Snowden’s revelations and policy responses worldwide he recommends a shift of focus from discourses surrounding ‘pre-emption’ to those of ‘prevention’ also questioning the notion that citizens might only need to be concerned, ‘if we are doing something “wrong”’ as this is dependent on a utopian notion of the state and commercial processes, ‘that have been purged of any forms of discrimination’. He warns of multiple concerns of misuse of data in a context where ‘a total surveillance society looks all but inevitable’. However, the academy may be in a unique position to provide ways of reframing the terms of discussions over privacy and surveillance via the analysis of ‘the long and short term consequences of data driven social sorting (and its automation)’ and in particular of algorithmic accountability

A Taxonomy of Privacy

Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from an embarrassment of meanings. Privacy is far too vague a concept to guide adjudication and lawmaking, as abstract incantations of the importance of privacy do not fare well when pitted against more concretely-stated countervailing interests. In 1960, the famous torts scholar William Prosser attempted to make sense of the landscape of privacy law by identifying four different interests. But Prosser focused only on tort law, and the law of information privacy is significantly more vast and complex, extending to Fourth Amendment law, the constitutional right to information privacy, evidentiary privileges, dozens of federal privacy statutes, and hundreds of state statutes. Moreover, Prosser wrote over 40 years ago, and new technologies have given rise to a panoply of new privacy harms. A new taxonomy to understand privacy violations is thus sorely needed. This article develops a taxonomy to identify privacy problems in a comprehensive and concrete manner. It endeavors to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law

Identity Theft, Privacy, and the Architecture of Vulnerability

This Article contrasts two models for understanding and protecting against privacy violations. Traditionally, privacy violations have been understood as invasive actions by particular wrongdoers who cause direct injury to victims. Victims experience embarrassment, mental distress, or harm to their reputations. Privacy is not infringed until these mental injuries materialize. Thus, the law responds when a person\u27s deepest secrets are exposed, reputation is tarnished, or home is invaded. Under the traditional view, privacy is an individual right, remedied at the initiative of the individual. In this Article, Professor Solove contends the traditional model does not adequately account for many of the privacy problems arising today. These privacy problems do not consist merely of a series of isolated and discrete invasions or harms, but are systemic in nature. They cannot adequately be remedied by individual rights and remedies alone. In contrast, Professor Solove proposes a different model for understanding and protecting against these privacy problems. Developing the notion of architecture as used by Joel Reidenberg and Lawrence Lessig, Solove contends that many privacy problems must be understood as the product of a broader structural system which shapes the collection, dissemination, and use of personal information. Lessig and Reidenberg focus on architectures of control, structures that function to exercise greater dominion over individuals. Solove argues that in addition to architectures of control, we are seeing the development of architectures of vulnerability, which create a world where people are vulnerable to significant harm and are helpless to do anything about it. Solove argues that protecting privacy must focus not merely on remedies and penalties but on shaping architectures. Professor Solove illustrates these points with the example of identity theft, one of the most rapidly growing types of criminal activity. Identity theft is often conceptualized under the traditional model as the product of disparate thieves and crafty criminals. The problem, however, has not been adequately conceptualized, and, as a result, enforcement efforts have been misdirected. The problem, as Solove contends, is one created by an architecture, one that creates a series of vulnerabilities. This architecture is not created by identity thieves; rather, it is exploited by them. It is an architecture of vulnerability, one where personal information is not protected with adequate security. The identity thief\u27s ability to so easily access and use our personal data stems from an architecture that does not provide adequate security to our personal information and that does not afford us with a sufficient degree of participation in the collection, dissemination, and use of that information. Understanding identity theft in terms of architecture reveals that it is part of a larger problem that the law has thus far ignored. Solove then discusses solutions to the identity theft problem. He engages in an extensive critique of Lynn LoPucki\u27s solution, which involves the creation of a public identification system. After pointing out the difficulties in LoPucki\u27s proposal, Solove develops an architecture that can more appropriately curtail identity theft, an architecture based on the Fair Information Practices

HIPAA Turns 10: Analyzing the Past, Present, and Future Impact

This essay, written in a journalistic style, examines HIPAA over the past decade. The essay discusses the creation of HIPAA, the evolution of HHS enforcement, the impact of the HITECH Act, and the overall influence and effect of HIPAA on healthcare providers and organizations using medical data. Professor Solove combines analysis with interviews of key regulators and practitioners

The First Amendment as Criminal Procedure

This Article explores the relationship between the First Amendment and criminal procedure. These two domains of constitutional law have long existed as separate worlds, rarely interacting with each other despite the fact that many instances of government information gathering can implicate First Amendment freedoms of speech, association, and religion. The Fourth and Fifth Amendments used to provide considerable protection for First Amendment interests, as in the famous 1886 case Boyd v. United States, in which the Supreme Court held that the government was prohibited from seizing a person\u27s private papers. Over time, however, Fourth and Fifth Amendment protection has shifted, and countless searches and seizures involving people\u27s private papers, the books they read, the websites they surf, and the pen names they use when writing anonymously now fall completely outside the protection of constitutional criminal procedure. Professor Solove argues that the First Amendment should protect against government information gathering that implicates First Amendment interests. He contends that there are doctrinal, historical, and normative justifications for developing what he calls First Amendment criminal procedure. Solove sets forth an approach for determining when certain instances of government information gathering fall within the regulatory domain of the First Amendment and what level of protection the First Amendment should provide