The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee


Leave a comment

U.S. Supreme Court Holds that Government’s Use of Trained Police Dogs to Investigate Front Porch is a “Search” within the Meaning of the Fourth Amendment

On March 26, 2013, the U.S. Supreme Court affirmed the decision by the Florida Supreme Court that suppressed evidence obtained following a trained police dog’s positive alert for narcotics from the defendant’s front porch. See Florida v. Jardines, 569 U.S. ____ (2013).   Writing for the majority in a 5-4 opinion, Justice Scalia focused on the government’s physical intrusion into the constitutionally protected area immediately surrounding the home and declined to consider whether the search violated the defendant’s reasonable expectation of privacy. 

Law enforcement had received an unverified tip that marijuana was being grown in the home of respondent/defendant Joelis Jardines.  Agents arrived at Jardines’ home with a drug-sniffing police dog and stood on the porch while the dog was given 6 feet of slack to sniff for narcotics.  The dog signaled an airborne odor that was emanating from base of the front door.  Based on the alert, the officers obtained a search warrant, found marijuana plants inside the home, and charged Jardines with trafficking in cannabis.  The trial court suppressed the evidence as the product of an unreasonable search under the Fourth Amendment, which ultimately was upheld by the Florida Supreme Court.

The majority (Justice Scalia, joined by Justices Thomas, Ginsburg, Sotomayor, and Kagan) affirmed, holding that law enforcement’s use of trained police dogs to investigate the home and its immediate surroundings constituted a “search” within the meaning of the Fourth Amendment.  The constitutional violation was based on what the Court characterized as “the traditional property-based understanding of the Fourth Amendment.”  Otherwise put, the act of “march[ing] a bloodhound” to “trawl for evidence” was a physical intrusion on constitutionally protected areas that defied the Fourth Amendment’s “very core” of “the right of a man to retreat into his home and there be free from unreasonable governmental intrusion.” 

A concurring opinion from Justice Kagan (with Justices Ginsburg and Sotomayor) went one step further, calling the police action both a constitutional trespass and an invasion of privacy, as defined in Kyllo v United States, 533 U.S. 27 (2001) (finding a constitutional privacy violation for the government’s use of a thermal imaging device that was “not in general public use”).  Justice Kagan classified drug-detection dogs as specialized law enforcement tools for discovering objects not in plain view and likened their use to “super-high-powered” binoculars.   

In a scathing dissent, Justice Alito (joined by Chief Justice Roberts and Justices Kennedy and Breyer) wrote the conduct of the police officer neither constituted a trespass nor violated Jardines’ reasonable expectation of privacy.  The officer did not exceed the scope the implied license under Fourth Amendment jurisprudence to approach the front door, the license being limited to the amount of time it would customarily take to approach the door, pause long enough to see if someone is home and (if not expressly invited to stay longer), leave.  On the contrary, the officer adhered to the customary path, did not approach in the middle of the night, and remained at the front door for less than a minute.  Justice Alito likened this action to the standard “knock and talk” that has been deemed permissible police activity under the Fourth Amendment, and stated that residents do not have a reasonable expectation of privacy in odors that emanate from the dwelling and reach spots where members of the public may lawfully stand.  Finding no difference between odors that can be smelled by humans and those that are detectible only by dogs, Justice Alito rejected the analogy of the use of a drug-sniffing dog to the use of a thermal imaging device or other forms of technology, as advanced in Justice Kagan’s concurrence.

This sharply divided opinion presages more complicated constitutional privacy cases to come.  Had the canine detected the smell from a public sidewalk and not the curtilage of private property, the case would have been outside the scope of the majority’s property-focused holding.  And if law enforcement’s use of a police dog does not qualify as a “specialized law enforcement tool” to violate reasonable expectations of privacy, as suggested by Justice Alito, the question remains how “specialized” or “high-tech” a police device must be to constitute an unreasonable search under the Fourth Amendment.  


Leave a comment

Google in the Crosshairs of the European Data Protection Authorities

The following post of the first of a series of guest posts written by students from the US and from all over the world. If you are interested to write a post on a privacy or data security issue, please contact Bridget Calhoun or Marie-Andrée Weiss. The PRIS Committee extends a special invitation to foreign students for whom English is a second language. The following post is written by Clara Steimlé, a law student in France.

On April 2nd, 6 of the 27 European data protection authorities (DPAs) started legal actions against Google. Despite several warnings, Google did not take any measures to avoid this step.

The story began in March 2012 when Google set up a new Privacy Policy, which integrated in to only one all the privacy policies of its sixty or so services, thus allowing Google to gather Google users’ personal data and to create very precise profiles.

A few months later, in October, 2012, the European DPAs, united in the Article 29 Working Party (G29), which is an independent advisory body on data protection and privacy, asked Google, after consultation of an evaluation made by the French DPA, the Commission Nationale de l’Informatique et des Libertés (CNIL), for more complete and clearer information. The G29 thought that Google’s Privacy Policy did not meet the requirements of Directive 95/46/EC, the Data Protection Directive. The G29 then gave Google 4 months to put itself in conformity.

Pursuant to the Data Privacy Directive, data controllers must inform clearly and precisely the data subjects about the purpose of the data processing and also must respect the principle of data minimization. In particular, the G29 blamed Google on three main points.

First, Google does not supply its users with enough information about how it processes data. Users are not informed about Google’s data collection practices and Google doesn’t make any difference between personal data and special categories of data.

Secondly, Google does not give its users the power to control when their personal data is combined among its numerous different services. However, the DPAs did not criticize the principle to include all privacy policies in one. Lastly, Google does not specify the retention period for the data it collects.

During the audit of October 2012, the G29 had made recommendations to Google which, however, were not followed. The CNIL considered that Google should supply control to users over their data and to simplify their right to opt-out.

In spite of these recommendations, Google did not comply.

On March 19th, 2013, a working group met with representatives of Google but no change was implemented. The French, German, Spanish, Italian, Dutch and British DPAs thus decided to each start legal actions against Google in their respective countries.

Google is moreover known to engage in a bit of arm wrestling and to give in only when it no longer has any excuses not to do so. At the moment, it considers it did not violate European laws. The penalties that Google could incur would be different in each of the European Union countries which chose to start legal actions against Google, but could amount to up to 2% of its total global sales.

Nevertheless, the process is not irreversible as no legal action has yet been started, but could happen by the end of summer and penalties pronounced by the end of 2013. However, Google may give in before, not under the threat of financial penalties, but by fear of degrading its reputation.

Clara Steimlé is a LL.M. student at the University of Strasbourg in France. She graduated in 2012 from the University of La Sorbonne in Paris, where she studied international business law. She expects to graduate with a LL.M. in e-commerce economic law in September 2013. Her studies focus on data protection law, e-commerce law, and Intellectual Property. After graduation, she plans to take the French bar exam and practice IP/IT law, with a focus on international law.


1 Comment

Less Than Satisfied with Self-Regulation? FTC Chair Renews Push for Do Not Track

Edith RamirezFTC Chair Edith Ramirez created some waves in her first speech to the advertising industry this week. Ramirez renewed the call for a universal Do Not Track mechanism—and impliedly ignored the progress of AdChoices, the Digital Advertising Alliance’s opt-out program.  The FTC’s critical stance, along with a renewed initiative in the Senate, signal that the government is unsatisfied with the industry’s progress toward enhanced consumer controls over privacy and may seek a public, rather than private, solution.

“Consumers await a functioning Do Not Track system, which is long overdue,” Ramirez said. “We advocated for a persistent Do Not Track mechanism that allows consumers to stop control of data across all sites, and not just for targeting ads.”

The comments, spoken before the American Advertising Federation at their annual advertising day on Capitol Hill, illustrated a rift between advertisers and regulators over the progress of self-regulatory programs and consumers’ perceptions of online behavioral advertising. Two years ago, the FTC called on advertisers to develop a program that would give consumers a choice to opt out of behaviorally targeted ads. Speaking to AdWeek, Stu Inglis, a partner at Venable who acts as the DAA’s attorney, said of Ramirez’s remarks:  “We have solved it. The DAA’s program covers 100 percent of the advertising ecosystem. We made our agreements.”

The DAA also recently released the results of a poll it commissioned, stating that nearly 70 per cent of consumers responding that they would like at least some ads tailored directly to their interests, and 75 per cent saying that they preferred an ad-supported internet model. (The poll comes with some caveats, described by an AdWeek piece today.)

However, in her speech Ramirez spoke of consumers’ “unease” with online tracking: “An online advertising system that breeds consumer discomfort is not a foundation for sustained growth. More likely, it is an invitation to Congress and other policymakers in the U.S. and abroad to intervene with legislation or regulation and for technical measures by browsers or others to limit tracking,” she said.

Ramirez also urged the advertising community to keep working within the multiparty process led by the W3C  (World Wide Web Consortium) to develop a browser-based Do Not Track program. However, there has been little concrete progress in the talks so far.

The online advertising industry may be running out of time. Senator Jay Rockefeller D-W.Va.), chair of the Senate Commerce Committee, announced that he would hold a hearing next week to discuss legislation that would mandate a Do Not Track standard.  The chairman, along with Sen. Richard Blumenthal (D-CT), introduced the Do Not Track Online Act in February.  The bill would direct the FTC to write regulations governing when internet firms must honor a consumer’s request that their information not be collected, and deputize the FTC and state attorneys general to enforce the rules.

“Industry made a public commitment to honor Do-Not-Track requests from consumers but has not yet followed through,” Rockefeller said of the hearing. “I plan to use this hearing to find out what is holding up the development of voluntary Do-Not-Track standards that should have been adopted at the end of last year.”

If Congress and the FTC agree that the advertising industry hasn’t honored its commitments, the chances for self-regulation without a government mandate may dwindle further.

Sources:

AdWeek:  FTC Chair Stuns Advertisers

The Hill: Sen. Rockefeller to Push for Do Not Track at Hearing


Leave a comment

California’s Proposed Right to Know Act

California state assemblymember, Bonnie Lowenthal, has introduced a bill entitled the “Right to Know Act 2013.” Were it to be enacted, Assembly Bill No. 1291, would significantly expand the consumer’s right to know what of his information a business has retained, and how the business is using it.

Altering current California law, which provides a right to know in cases where a customer has a “business relationship” with the business and the customer’s information has been shared for “direct marketing purposes,” the bill as currently proposed reads:

“This bill would instead require any business that retains a customer’s personal information, as defined, or discloses that information to a 3rd party, to provide at no charge, within 30 days of the customer’s specified request, a copy of that information to the customer as well as the names and contact information for all 3rd parties with which the business has shared the information during the previous 12 months, regardless of any business relationship with the customer.”

The right to know provided by the California bill is similar in many respects to the right to access information held by a business that is afforded under the EU’s Data Protection Directive to EU citizens.

The bill has received positive reviews from organizations such as the Electronic Frontier Foundation. We’ll need to wait to see how Silicon Valley responds.

Because California often advances the conversation in the area of consumer protection and data privacy, it will be important to monitor how, and if, this proposal develops.