conception and half the utility conception, but because every search would have involved a violation of both, all the framers could have endorsed the protections of the Fourth Amendment.
Today, however, that’s not true. Today these three conceptions could yield very different results. The utility conception could permit efficient searches that are forbidden by the dignity and substantive conceptions. The correct translation (as Brandeis employed the term in the Olmstead wiretapping case) depends on selecting the proper conception to translate.
In this sense, our original protections were the product of what Cass Sunstein calls an “incompletely theorized agreement[21]”. Given the technology of the time, there was no reason to work out which theory underlay the constitutional text; all three were consistent with existing technology. But as the technology has changed, the original context has been challenged. Now that technologies such as the worm can search without disturbing, there is a conflict about what the Fourth Amendment protects.
This conflict is the other side of Sunstein’s incompletely theorized agreement. We might say that in any incompletely theorized agreement ambiguities will be latent, and we can describe contexts where these latencies emerge. The latent ambiguities about the protection of privacy, for example, are being rendered patent by the evolution of technology. And this in turn forces us to choose.
Some will once again try to suggest that the choice has been made — by our Constitution, in our past. This is the rhetoric of much of our constitutional jurisprudence, but it is not very helpful here. I do not think the framers worked out what the amendment would protect in a world where perfectly noninvasive searches could be conducted. They did not establish a constitution to apply in all possible worlds; they established a constitution for their world. When their world differs from ours in a way that reveals a choice they did not have to make, then we need to make that choice.
Privacy in Public: Data
The story I’ve told so far is about limits on government: What power should the government have to surveil our activities, at least when those activities are in public? That’s the special question raised by cyberspace: What limits on “digital surveillance” should there be? There are, of course, many other more traditional questions that are also important. But my focus was “digital surveillance.”
In this part, I consider a third privacy question that is closely related, but very distinct. This is the question of what presumptive controls we should have over the data that we reveal to others. The issue here is not primarily the control of the government. The question is thus beyond the ordinary reach of the Fourth Amendment. Instead, the target of this control is private actors who have either gathered data about me as they’ve observed me, or collected data from me.
Again, let’s take this from the perspective of real space first. If I hire a private detective to follow you around, I’ve not violated anyone’s rights. If I compile a list of places you’ve been, there’s nothing to stop me from selling that list. You might think this intrusive. You might think it outrageous that the law would allow this to happen. But again, the law traditionally didn’t worry much about this kind of invasion because the costs of such surveillance were so high. Celebrities and the famous may wish the rules were different, but for most of us, for most of our history, there was no need for the law to intervene.
The same point could be made about the data I turned over to businesses or others in the days before the Internet. There was nothing in the law to limit what these entities did with that data. They could sell it to mailing list companies or brokers; they could use it however they wanted. Again, the practical cost of doing things with such data was high, so there wasn’t that much done with this data. And, more importantly, the invasiveness of any such use of data was relatively low. Junk mail was the main product, and junk mail in physical space is not a significant burden.
But here, as with “digital surveillance”, things have changed dramatically. Just a couple stories will give us a taste of the change:
• In the beginning of 2006, the Chicago Sun-Times reported[22] that there were websites selling the records of telephone calls made from cell phones. A blog, AmericaBlog, demonstrated the fact by purchasing the cell phone records of General Wesley Clark. For around $120, the blog was able to prove what most would have thought impossible: that anyone with a credit card could find something so personal as the list (and frequency and duration) of people someone calls on a cell phone.
This conduct was so outrageous that no one really stood up to defend it. But the defense isn’t hard to construct. Wesley Clark “voluntarily” dialed the numbers on his cell phone. He thus voluntarily turned that data over to the cell phone company. Because the cell phone company could sell data, it made it easier for the company to keep prices low(er). Clark benefited from those lower prices. So what’s his complaint?
• A number of years ago I received a letter from AT&T. It was addressed to an old girlfriend, but the letter had not been forwarded. The address was my then- current apartment. AT&T wanted to offer her a new credit card. They were a bit late: She and I had broken up eight years before. Since then, she had moved to Texas, and I had moved to Chicago, to Washington, back to Chicago, on to New Haven, back to Chicago, and finally to Boston, where I had moved twice. My peripateticism, however, did not deter AT &T. With great faith in my constancy, it believed that a woman I had not even seen in many years was living with me in this apartment.
How did AT&T maintain such a belief? Well, floating about in cyberspace is lots of data about me. It has been collected from me ever since I began using credit cards, telephones, and who knows what else. The system continuously tries to update and refine this extraordinary data set — that is, it profiles who I am and, using that profile, determines how it will interact with me.
These are just the tip of the iceberg. Everything you do on the Net produces data. That data is, in aggregate, extremely valuable, more valuable to commerce than it is to the government. The government (in normal times) really cares only that you obey some select set of laws. But commerce is keen to figure out how you want to spend your money, and data does that. With massive amounts of data about what you do and what you say, it becomes increasingly possible to market to you in a direct and effective way. Google Gmail processes the data in your e-mail to see what it should try to sell. Amazon watches what you browse to see what special “Gold Box” offers it can make. There’s an endless list of entities that want to know more about you to better serve (at least) their interests. What limits, or restrictions, ought there to be on them?
We should begin with an obvious point that might help direct an answer. There’s a big difference between (1) collecting data about X to suss out a crime or a criminal, (2) collecting data about X that will be sold to
