(Un)Reasonable Expectation of Digital Privacy
Crowther, Brandon T., Brigham Young University Law Review
The wide availability of the Internet has put the "world at our fingertips." However, it has also put us at the world's fingertips. A skilled user might be able to locate a great deal of information about a person through Facebook, MySpace, blogs, news articles, or any resumes that exist on die Internet. Companies, the government, and others can use tracking cookies and other widely available software to observe a user's shopping habits and visited websites. These tools also permit third parties to obtain unique identifying information such as a user's IP address, which is a unique number assigned to a computer or router when it accesses the Internet. Every click of the mouse, site visited, and page read creates a trail of digital cookie crumbs that can be analyzed and exploited by merchants, webmasters, and die government. In addition, all of this information presents a potential goldmine for law enforcement agencies to use in investigating crimes.
Ever since Samuel Warren and Louis Brandeis published their famous article The Right to Privacy in 1890,1 the right to privacy has been continually discussed, debated, and modified by die courts. The common law right to privacy in the United States has few contours and protections, particularly when compared to European countries.2 However, the constitutional right to privacy, embodied in the Fourth Amendment's protection from unreasonable search and seizure, has developed into a genuine protection from government intrusion.3 The preliminary inquiry into whether a government search has occurred hinges on whether a person has a "reasonable expectation of privacy" in the object or place searched.4 To be found sufficiendy reasonable, the expectation must be bodi subjectively and objectively reasonable.5
While this test has arguably worked in the contexts in which it was originally developed,6 applying the reasonable expectation of privacy rationale in digital contexts has weakened privacy interests and will likely continue to do so. Simply put, since "die advent of the computer age, courts have struggled to balance privacy interests against law enforcement interests."7 The result of this has been diat "[a]s technology continues to advance . . . die area in which a person has a reasonable expectation of privacy [is] decreas[ing] until there is no place to go to seek a reasonable expectation of privacy."8 Because of the relatively recent nature of the Internet and die subsequent wealdi of information available for law enforcement purposes, the courts are far from conclusively defining die limits of law enforcement's ability to conduct permissible digital "searches."
This Comment argues that die current reasonable expectation of privacy test is unable to adequately ensure that digital privacy interests are protected from warrandess intrusions. Instead, a better test is needed to reclaim some of the digital privacy interests that have already been undermined. This Comment contributes to the existing body of literature by synthesizing and expanding on existing critiques of the reasonable expectation of privacy standard as applied in the digital context,9 uniquely examining how the standard has played out in specific digital contexts, and proposing a broad combination of existing and new solutions to move digital privacy law in the right direction.
Part II explores the contours of the reasonable expectation of privacy standard and its general limitations, noting in particular the inherent conflict between the objective and subjective prongs of the current test. Part III examines four factors that have led die current reasonable expectation of privacy test to undermine digital privacy. These factors are (1) the increased gap between subjective and objective expectations in digital contexts, (2) contractual arrangements with Internet service providers, (3) storage of information on third-party servers, and (4) judges' technological inexperience. …