When the government seeks electronic documents held in the cloud, what legal standard should apply? This simple question raises fundamental questions about the future of our civil liberties in the digital world. In a series of cases, government lawyers have argued that information shared with digital intermediaries—including emails and cloud-stored documents—can be seized without a warrant. Their argument rests upon a controversial Fourth Amendment principle known as the “Third-Party Doctrine,” which maintains that information shared even with trusted “third parties” loses a reasonable expectation of privacy under the Fourth Amendment, and with it, the protection of the warrant requirement. Criminal defendants and civil libertarians have argued the opposite, and as the issue has not reached the Supreme Court, the two sides have fought to a messy standstill. This article puts the debate over the Third-Party Doctrine in historical, jurisprudential, and technological context, and offers a normative and civil-liberties-protective way forward for Fourth Amendment law in the age of the cloud. My claim is not only that we must reconsider the way we think about the Third-Party Doctrine, but that this shift in thinking will have important ramifications for the ways in which we think about technology and law (particularly constitutional law) more generally.
This argument proceeds in three steps. Part One develops a concept I call the “the lag problem” of the Fourth Amendment. Offering a bird’s-eye historical view of the Fourth Amendment’s relationship with new technologies, I show how the Fourth Amendment has been a bulwark of civil liberties against ever-encroaching state surveillance, but that our legal understandings of Fourth Amendment privacy have always lagged somewhat behind our advancing technologies. Part Two focuses on the Third-Party Doctrine in particular, and makes two claims. The descriptive claim is that when its origins and assumptions are looked at more closely, the Third-Party Doctrine is really much smaller and more limited than most observers have assumed. The second normative claim is that the best way to understand the Third-Party Doctrine in the context of new technologies is in the limited, exceptional way in which it was adopted, rather than as a general rule that would swallow the essential principle that the Fourth Amendment guarantees a general protection of privacy for people against their government. Part Three argues that when we put the Third-Party Doctrine in its proper place as a limited exception rather than one that would swallow the rule of privacy, we need a new set of legal principles to govern Fourth Amendment privacy in the cloud.
I offer four such principles. First, I argue that the broad view of the Third-Party Doctrine is manifestly unsuited to the protection of our digital civil liberties. Second, I compare my approach to Orin Kerr’s “Equilibrium-Adjustment Theory” of the Fourth Amendment, and contend that in contrast to Kerr’s approach, when it comes to the question of closing lags in the civil liberties context, we should focus on those questions of civil liberties rather than on questions of state access to data. Third, I explain that the process of interpretation of the Fourth Amendment is inescapably normative, and I argue that principles of intellectual privacy offer a useful guide to the normative project of translating Fourth Amendment values in a way that closes the technological lag. Fourth, I explain that no matter how we interpret the Fourth Amendment, any approach to the protection of digital civil liberties will need to account for the important role that intermediaries play in the practices of data processing and protection. In a digital world, trusted intermediaries are very different from merely being “third parties,” and whichever path our law takes, it must take this fact into account.
There are, of course, multiple paths that Fourth Amendment law could take in the future to grapple with these problems. My purpose is not so much to call for a particular solution as to highlight the considerations I believe should apply as we translate the Fourth Amendment’s text into workable doctrine for the cloud age in a way that is practical but also protects the traditions and normative commitments of our hard-won civil liberties.