Yesterday’s ruling by the Supreme Court of the United States, requiring the police to get a warrant before accessing a suspect’s mobile phone data, was remarkable in many ways. It demonstrated two things in particular that fit within a recent pattern around the world, one which may have quite a lot to do with the revelations of Edward Snowden. The first is that the judiciary shows a willingness and strength to support privacy rights in the face of powerful forces, the second is an increasing understanding of the way that privacy, in these technologically dominated days, is not the simple thing that it was in the past.
The stand-out phrase in the ruling is remarkable in its clarity:
13-132 Riley v. California (06/25/2014)
“Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans “the privacies of life,” Boyd, supra, at 630. The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought. Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple— get a warrant.”
Privacy advocates around the world have been justifiably excited by this – not only is the judgment a clearly privacy-friendly one, but it effectively validates some of the critical ideas that many of us have been trying to get the authorities to understand for a long time. Most importantly, that the way that we communicate these days, the way that we use the internet and other forms of communication, plays a far more important part in our lives than it did in the past. The emphasis on the phrase ‘the privacies of life’ is a particularly good one. This isn’t just about communication – it’s about the whole of our lives.
The argument about cell-phones can be extended to all of our communications on the internet – and the implications are significant. As I’ve argued before, the debate needs to be reframed, to take into account the new ways that we use communications – privacy these days isn’t as easily dismissed as it was before. It’s not about tapping a few phone calls or noting the addresses on a few letters that you send – communications, and the internet in particular, pervades every aspect of our lives. The authorities in the UK still don’t seem to get this – but the Supreme Court of the US does seem to be getting there, and its not alone. The last few months have seen a series of quite remarkable cases, each of which demonstrates that judges are starting to get a real grip on the issues, and are willing to take on the powerful groups with a vested interest in downplaying the importance of privacy:
- The ECJ ruling invalidating the Data Retention Directive on 8th April 2014
- The ECJ Google Spain ruling on the ‘Right to be Forgotten’ on 13th May 2014
- The Irish High Court referring Max Schrems’ case against Facebook to the ECJ, on 19th June 2014
These three cases all show similar patterns. They all involve individuals taking on very powerful groups – in the data retention case, taking on pretty much all the security services in Europe, in the other two the internet giants Google and Facebook respectively. In all three cases – as in the Supreme Court of the US yesterday – the rulings are fundamentally about the place that privacy plays, and the priority that privacy is given. The most controversial statement in the Google Spain case makes it explicit:
“As the data subject may, in the light of his fundamental rights under Articles 7 and 8 of the Charter, request that the information in question no longer be made available to the general public on account of its inclusion in such a list of results, those rights override, as a rule, not only the economic interest of the operator of the search engine but also the interest of the general public in having access to that information upon a search relating to the data subject’s name” (emphasis added)
That has been, of course, highly controversial in relation to freedom of information and freedom of expression, but the first part, that privacy overrides the economic interest of the operator of the search engine, is far less so – and the fact that it is far less controversial does at least show that there is a movement in the privacy-friendly direction.
The invalidation of the Data Retention Directive may be even more significant – and again, it is based on the idea that privacy rights are more important than security advocates in particular have been trying to suggest. The authorities in the UK are still trying to avoid implementing this invalidation – they’re effectively trying to pretend that the ruling does not apply – but the ruling itself is direct and unequivocal.
As for the decision in the Irish High Court to refer the ‘Europe vs Facebook’ case to the ECJ, the significance of that has yet to be seen, but Facebook may very well be deeply concerned – because, as the two previous cases have shown, the ECJ has been bold and unfazed by the size and strength of those it might be challenging, and willing to make rulings that have dramatic consequences. The Irish High Court is the only one of the three courts to make explicit mention of the revelations of Edward Snowden, but I do not think that it is too great a leap to suggest that Snowden has had an influence on all the others. Not a direct one – but a raising of awareness, even at the judicial level, of the issues surrounding privacy, why they matter, and how many different things are at stake. A willingness to really examine the technology, to face up to the ways in which the ‘new’ world is different from the old – and a willingness to take on the big players.
I may well be being overly optimistic, and I don’t think too much should be read into this, but it could be critical. The law is only one small factor in the overall story – but it is a critical one, and if people are to begin to take back their privacy, they need to have the law at least partly on their side, and to have judges who are able and willing to enforce that law. With this latest ruling, and the ones that have come over the last few months, the signs are more positive than they have been for some time.
Addendum: As David Anderson has pointed out, the UK Supreme Court showed related tendencies in last week’s ruling over the disclosure of past criminal records in job applications, in R (T ) v SSHD [2014] UKSC 35 on 18th June. See the UKSC Blog post here.
Paul Bernal's Blog 
Do you think that in light of the phone hacking trail, that there may now be a push to implement something similar to this in the UK? Or do you think that this won’t be the case?
Phone hacking is already clearly illegal – but our authorities are much less restricted in what they do. I’d like to see a challenge to similar operations here, but I’m not holding my breath: the UK is pretty slow about this sort of thing in general.
To suggest that Edward Snowden had an influence on the U.S. Supreme Court’s ruling in Riley v. California is to overlook the larger context of SCOTUS Fourth Amendment cases. It is a mistake to view this week’s decision in isolation, as if the Court had never before considered privacy issues. There is a long history of such cases, including rulings during the 1960s and 1970s that led to stricter protections in law enforcement’s use of wiretaps.
More recently, in U.S. v. Antoine Jones (decided 18 months before Snowden’s leaks) the Court held that the Government’s attachment of a GPS device to a vehicle, and its use to monitor movements, constitutes a search for which a warrant is required.
Specific to electronic surveillance, the Court found in the famous case of Smith v. Maryland (decided nearly four years to the day before Edward Snowden was born) that metadata is not subject to Fourth Amendment protection because it is shared with a third party—unlike David Riley’s cell phone, which was exclusively within his control. That is why Justice Alito took pains to spell out in his Riley concurrence that searches incident to arrest “do not implicate the question whether the collection or inspection of aggregated digital information amounts to a search under other circumstances.”
Giving Snowden any credit whatsoever for the Court’s decision in Riley is utterly unfounded.
It’s interesting quite how much antagonism there is towards Snowden amongst some groups – and I do understand the context here, so I also understand the perspective. What seems to me different here – or rather, a development here, is the understanding of how technology and privacy interact, and that, I feel (though i know it is a personal opinion) can be traced back, at least in part, to the raising of awareness that resulted from the Snowden revelations. Things have changed – and it’s not exactly that I’m giving Snowden ‘credit’, but that what he revealed opened up new lines of debate. Even Supreme Court judges will have noted that debate.
I too have closely followed the Snowden debate. Prior to this week, I’ve never seen anyone—on either side of the Atlantic—conflate NSA/GCHQ mass surveillance with the rights of suspects searched incident to arrest. Have you? This is sheer opportunism on the part of those who consider Snowden a demigod and grasp at any straw to justify his perfidy.
It’s not a conflation of issues to understand that both are infringements of a basic right to privacy – and many privacy scholars would connect the two. Further, one of the objections to mass surveillance is that it conflicts with the presumption of innocence…
…and in practice, one of the tactics of those who wish to invade privacy is to use an argument along the lines of ‘my invasion of privacy is nothing like *that* invasion of privacy, so mine is OK’. It’s a dangerous argument…