Important Supreme Court privacy decisions in the United States, Riley v California, and Canada, Spencer v R & ors.

June 26, 2014 |

Yesterday the US Supreme Court in Riley v California handed down a very important decision on privacy, regarding the right of a police officer to search digital information on a cell phone who had been arrested.   Earlier this month the Canadian Supreme Court handed down a privacy related decision in Spencer v R & ors regarding accessing internet search history from an ISP without a warrant.  Both are significant and will have a along lasting impact on their own jurisdictions and beyond.  Both should be required reading by those who want a more effective privacy regime in Australia. The underpinnings of each decision, the Bill of Rights in the US and the Canadian Charter and its privacy legislation, differ to those in existence in Australia but the principles and analysis are both apposite.

While a further analysis is required the key findings in Riley, a unanimous decision, are that:

 (a) a warrantless search is reasonable only if it falls within a specific exception to the Fourth Amendment ’s warrant requirement.

(b) the Court declined to extend the exception to searches of data stored on cell phones.  The Court generally determines whether to exempt a given type of search from the warrant requirement “by assessing, on the one hand, the degree to which it intrudes upon an individual’s privacy and, on the other, the degree to which it is needed for the promotion of legitimate governmental interests.” The search of digital information on a cell phone does not further the government interests  and implicates substantially greater individual privacy interests than a brief physical search.

(c) digital data stored on a cell phone cannot itself be used as a weapon to harm an arresting officer or to effectuate the arrestee’s escape. Officers may examine the phone’s physical aspects to ensure that it will not be used as a weapon, but the data on the phone can endanger no one.

(d) the United States and California concerns about the destruction of evidence, arguing that, even if the cell phone is physically secure, information on the cell phone remains vulnerable to remote wiping and data encryption were not well founded as the the court said that there was little indication that either problem is prevalent and that law enforcement currently has some technologies of its own for combatting the loss of evidence.  Law enforcement’s other concerns in a particular case might be addressed by responding in a targeted manner to urgent threats of remote wiping or by taking action to disable a phone’s locking mechanism in order to secure the scene.

(e) inspecting the contents of an arrestee’s pockets works no substantial additional intrusion on privacy beyond the arrest itself may make sense as applied to physical items, but more substantial privacy interests are at stake when digital data is involved.

(f) cell phones differ in both a quantitative and a qualitative sense from other objects that might be carried on an arrestee’s person. Modern mobile phones have an immense storage capacity. Before cell phones, a search of a person was limited by physical realities and generally constituted only a narrow intrusion on privacy. Such phones can store millions of pages of text, thousands of pictures, or hundreds of videos which has interrelated privacy consequences. First, a cell phone collects in one place many distinct types of information that reveal much more in combination than any isolated record. Second, the phone’s capacity allows even just one type of information to convey far more than previously possible. Third, data on the phone can date back for years. An element of pervasiveness characterizes cell phones but not physical records. A decade ago officers might have occasionally stumbled across a highly personal item such as a diary, but today many of the more than 90% of American adults who own mobile phones keep on their person a digital record of nearly every aspect of their lives.

(g) The scope of the privacy interests at stake is further complicated by the fact that the data viewed on many modern mobile phones may in fact be stored on a remote server. Thus, a search may extend well beyond papers and effects in the physical proximity of an arrestee, a concern that the United States recognizes but cannot definitively foreclose.

(h) while the decision will have some impact on the ability of law enforcement to combat crime the Court found that the information on a phone is not immune from search but rather it requires a warrant before a search. The warrant requirement is an important component of the Court’s Fourth Amendment jurisprudence, and warrants may be obtained with increasing efficiency.

This is a landmark decision and one that has been in the offing for some time.  The US Supreme Court has previously raised concerns about privacy intrusion for some time, most recently in United States v Jones.  The state of privacy law has been disconnected from the developments in digital technology for some time.  Just as the Supreme Court in  Katz v United States upon appreciating the privacy issues and expectation of privacy, in 1967, relating phone conversations  and the need for a warrant to listen to and record, overturned the previous Olmstead v United States, where the court took an entirely different view as the operation of telephones and the expectation of privacy.  In Riley the Court has applied privacy principles, in the context of a requirement of a warrant, to the current technology.  I would not be at all surprised if Riley is to the 21st century that Katz was to the 20th century.  That is particularly the case given the decision is unanimous which is quite extraordinary given the ideological split of the justices in rights based decisions.  The immediate media coverage has been considerable with major stories in the Washington Post, New York Times andthe Los Angeles Times (amongst many others).  The legal commentary will be equally voluminous in time.

On a similar note the Canadian Supreme Court in Spencer v R & ors earlier this month held by a unanimous decision, that police action in obtaining the subscriber information matching the IP address without a warrant constituted a search that was not authorized by law.  The appellant had a reasonable expectation of privacy in the information.  It is a long decision which warrants further consideration but some of the key points are:

  • whether there was a reasonable expectation of privacy, the court first considered the subject matter of the search.
  • the court rejected the argument that what was sought and obtained (name, address, telephone number) was simply “generic information.” It was information that had the potential to reveal intimate details of the lifestyle and personal choices of the individual in question.
  • the court highlighted three general types of privacy interests; territorial, personal and informational but these were were analytical tools and not strict or mutually-exclusive categories.
  • informational privacy includes privacy as secrecy or confidentiality, privacy as control (over when, how and to what extent information about a person is communicated to others), and privacy as anonymity.  Interestingly the court accepted that “maintaining anonymity can be integral to ensuring privacy” and that anonymity “permits individuals to act in public places but to preserve freedom from identification and surveillance.” The court did not stopped short of recognizing a general right to anonymity.
  • a high level of informational privacy applies when the police requested subscriber information corresponding to specifically observed, anonymous Internet activity.
  • in considering whether the appellant had a reasonable expectation of privacy, the court also examined the ISP’s terms of service agreement and while they were of little assistance they did support the existence of a reasonable expectation of privacy since they narrowly circumscribed the ISP’s right to disclose subscriber information.  A simple request to ISPs to disclose subscriber information without power to compel compliance with the request is not a “lawful authority to obtain the information”, as required by legislation.

Both decisions are carefully considered decisions applying and developing the law of privacy into a digital environment.  And not before time.  The comparison with Australia is stark.  Unfortunately.  There is no common law right to privacy in Australia.  It has been 13 years since ABC v  Lenah Game Meats  Pty Ltd where the High Court opened the door for the development of a privacy right at common law or, more likely, equity.  In Giller v Procopets the Victorian Court of Appeal extended breach of confidence actions to cover misuse of private information and thereby providing privacy protections in following the UK line of authorities.  It is a limited development but one which is not well suited to properly covering privacy issues, in particular the technological developments.  In the UK the jurisprudence is moving towards a tort of privacy.  Australia is one of the few common law jurisdictions which has no statutory or common law tort of privacy.  The Australian Law Reform Commission is on the cusp of publishing its report with recommendations.  It is likely to recommend a statutory tort of privacy, as it did in 2008 and as the Victorian and New South Wales Law Reform Commissions did earlier in the century.  It is has been a failure of political will and policy that there has not been a statutory cause of action.  There is no legal impediment to it being enacted. The Privacy Act, even with its recent amendments has significant weaknesses in both coverage and operation. That can be partly obviated by assertive regulation by the Privacy Commissioner.  Only time will tell whether that happens.  What is missing under the current regulatory regime is a right of an individual to take action in his or her own right at first instance (except in very limited circumstances).

One Response to “Important Supreme Court privacy decisions in the United States, Riley v California, and Canada, Spencer v R & ors.”

  1. Important Supreme Court privacy decisions in the United States, Riley v California, and Canada, Spencer v R & ors. | Australian Law Blogs

    […] Important Supreme Court privacy decisions in the United States, Riley v California, and Canada, Spen… […]

Leave a Reply