Of all words, “privacy” holds the top spot for being honored in the breach more than in the observance.  Virtually every Terms of Service document published in the last five years opens with a proclamation of the vendor’s commitment to “transparency” and respect for user “privacy.”  Inevitably there follow pages of legal permissions and disclaimers by which the user acknowledges he or she has no privacy protection and absolves the Terms of Service vendor of responsibility for theft of user data.   

                When faced with this reality, our first instinct as user/citizens is to seek boundaries to protect important categories of information—health data, financial data, demographic data, and so forth.  Congress occasionally obliges.  The Health Insurance Portability and Accountability Act and the Right to Financial Privacy Act are examples.  Without defining permissible and impermissible uses of data, however, any protection of private information is a dead letter.  Since uses of information are innumerable and their purposes range along a continuum from beneficent to evil, trying to establish permissible uses of sensitive information threatens to become overwhelming.

Another hurdle arises when information that is of no particular value in one context becomes invaluable in another.  During WW II, 20 year old Freddie Heineken passed to the Allies the Wehrmacht’s beer requisitions for its troops on the Western Front.  This information gave the Allies a daily reckoning of troop locations and strength during and after the D-Day invasion. 

In the 1987 movie Wall Street, ambitious young Bud Fox motorcycles to the airport to learn a wealthy investor’s destination from airport employees who dispatched the private plane carrying the investor.  “Erie, Pennsylvania,” is all they say.  The tip enables Fox’s mentor Gordon Gecco to identify the soon-to-be-target of a corporate tender offer, accumulate the target’s stock and make a financial killing.  In real life, the target was Erie’s Hammermill Paper.  Gecco’s real life counterpart, Paul Bilzerian, was convicted of securities fraud and tax evasion on the $31 million profit he made trading Hammermill stock in 1986.

                 Until 50 years ago, legal privacy claims were mostly the subject of criminal cases, especially Fourth Amendment challenges to searches and seizures.  In Hoffa v. United States (1966), Jimmy Hoffa appealed his 1964 conviction on jury tampering charges, claiming the government’s evidence was gathered in the privacy of his hotel suite by a criminal informant whom Attorney General Robert Kennedy’s team infiltrated into Hoffa’s inner circle of aides at a 1962 trial for racketeering.  Rejecting Hoffa’s argument, Justice Stewart wrote for the Court:

“What the Fourth Amendment protects is the security a man relies upon when he places himself or his property within a constitutionally protected area, be it his home or his office, his hotel room or his automobile. There he is protected from unwarranted governmental intrusion. And when he puts something in his filing cabinet, in his desk drawer, or in his pocket, he has the right to know it will be secure from an unreasonable search or an unreasonable seizure. So it was that the Fourth Amendment could not tolerate the warrantless search of the hotel room in Jeffers, the purloining of the petitioner's private papers in Gouled, or the surreptitious electronic surveillance in Silverman. Countless other cases which have come to this Court over the years have involved a myriad of differing factual contexts in which the protections of the Fourth Amendment have been appropriately invoked. No doubt the future will bring countless others. By nothing we say here do we either foresee or foreclose factual situations to which the Fourth Amendment may be applicable.”

In United States v. Miller (1976), the Court applied those words from its Hoffa opinion to bank customer records required to be retained under the then new Bank Secrecy Act.  Defendant Miller and his friends made and sold moonshine.  The federal government subpoenaed his bank account records, but did not obtain a search warrant.  The records showed he purchased equipment and supplies useful for building and running a distillery.  At trial, the federal judge overruled Miller’s motion to exclude the bank records as evidence for lack of a search warrant.  The Fifth Circuit Court of Appeals reversed, writing, “a compulsory production of a man's private papers to establish a criminal charge against him . . . is within the scope of the Fourth Amendment [protection against warrantless searches and seizures].”  The U.S. Supreme Court reversed the Court of Appeals’ decision:

 “We think that the Court of Appeals erred in finding the subpoenaed documents to fall within a protected zone of privacy.

On their face, the documents subpoenaed here are not respondent's ‘private papers.’ Unlike the claimant in Boyd [the Supreme Court decision cited by the Court of Appeals as precedent], respondent [Miller] can assert neither ownership nor possession. Instead, these are the business records of the banks. As we said in California Bankers Assn. v. Shultz, ‘[b]anks are . . . not . . . neutrals in transactions involving negotiable instruments, but parties to the instruments with a substantial stake in their continued availability and acceptance.’

The records of respondent's accounts, like ‘all of the records [which are required to be kept pursuant to the Bank Secrecy Act,] pertain to transactions to which the bank was itself a party.’”

Three years later, in Smith v. Maryland (1979), the Court took the same approach in a case involving government access to citizens’ telephone records.  Where consumers “voluntarily” provide their personal information to third parties, the Court said, they have no constitutional entitlement to privacy.  Thus was born what came to be called the “Third Party Doctrine.”

In both Miller and Smith, the Court’s focus on banks’ or the phone companies’ role as custodians of business records gave the Court’s decisions a more neutral cast than they deserved.  For the only protectable privacy interest at stake belonged to the defendants.

In Hoffa, Chief Justice Warren dissented, arguing the government’s conviction of Hoffa was fatally tainted by the false pretenses under which the government gathered its evidence.  In Smith, Justice Brennan dissented, saying it defied common sense to suggest late 20th Century Americans have a choice whether to use banks or telephone companies.  Both dissents resonated then and now.  Nevertheless, the Third Party Doctrine became a pillar of government investigations and prosecutions, from 1980’s Mafia cases to today’s Robert Mueller-led investigation.  Then, in June of this year, the Supreme Court signaled a shift in direction.   

In Carpenter v. United States, the Court heard the appeal of Mr. Carpenter, who was convicted of being part of a seven man armed robbery team that relieved Radio Shack and T-Mobile stores of their smart phone inventories.  The government’s case against Carpenter relied on cell phone location data that placed Carpenter in proximity to the robbery sites when the robberies occurred.  Carpenter challenged use of this information on Fourth Amendment grounds.  The Court held 5-4 that the government cannot access historical records containing the physical locations of cell phones without a search warrant.  Signaling the case’s importance, Chief Justice Roberts authored the majority opinion.  Sounding like Justice Brennan dissenting in Miller, Roberts wrote:

“[S]eismic shifts in digital technology made possible the tracking of not only Carpenter’s location but also everyone else’s, not for a short period but for years and years. Sprint Corporation and its competitors are not your typical witnesses. Unlike the nosy neighbor who keeps an eye on comings and goings, they are ever alert, and their memory is nearly infallible. There is a world of difference between the limited types of personal information addressed in Smith and Miller and the exhaustive chronicle of location information casually collected by wireless carriers today.”

In our view, what the Chief Justice said is less important than what he left unsaid but clearly had in mind as the foundation for the majority’s ruling:  The wealth and power that technology and media companies have amassed is fearsome, whether in the hands of the government or industry, and constraints on its use are appropriate.  The C.J. included in his opinion the obligatory disclaimer—this opinion is to be read narrowly and limited to its facts.  He also said the decision does not change the applicability of the Third Party Rule to financial institution records.  Do not bank on that.

Also in our view, the Third Party Doctrine’s hourglass has been inverted.  The only question is how quickly the sand will flow.  Verizon bought Yahoo and AOL last year. With them, it acquired financial applications like Yahoo Finance and Tech Crunch.  If a latter day Gordon Gecco uses Yahoo Finance to trade Facebook stock based on inside information, will the SEC follow Carpenter and obtain a search warrant to probe the user’s Verizon Wireless account?  Or will the SEC adhere to Smith and the Third Party Rule, and issue a subpoena duces tecum to obtain Yahoo Finance financial records?  Is there any difference?  Not according to Verizon.  On its website, the company’s privacy policies cover both media and telecom properties as an integrated product and service package.

The boundary conflict over technology’s transformation of our world promises many legal twists and turns ahead.  Carpenter is a reminder that sometimes out of favor ideas regain favor.  Or principles liberals champion in one era conservatives may embrace in another. 

As businesses and consumers transition to electronically delivered financial services, providers will do well to monitor non-financial legal trends involving data and its use.  No matter the industry, customer loyalty depends on trust.  In the digital world, that is an asset whose acquisition can be breathtakingly rapid, as can its loss.  Just ask Facebook.