2007 Symposium/Symposium Articles
Taking the "Long View" on the Fourth Amendment: Stored Records and the Sanctity of the Home
In the wake of the California energy crisis of 2000-2001, the California Energy Commission (CEC) and California Public Utilities Commission (CPUC) are aggressively pursuing “demand response” (DR) energy programs aimed at reducing peak energy demand. Demand response systems convey information about market conditions through pricing or reliability signals to customers, who in turn, hopefully, alter their electricity consumption choices. In particular DR programs are aimed at shifting the time at which customers use energy through the implementation of time-varying tariffs. Armed with information about the time-varying cost of electricity residential and commercial customers are expected to reduce energy usage and/or shift their usage to non-peak, less costly, hours. Such shifts, even absent reductions in overall consumption, will reduce the likelihood of energy brown and black outs and provide direct savings to consumers. Technologies to enable the demand response system, including advanced metering research and development [OpenAMI] and sensor and control technologies development [DRETD], are under development. These technologies will be coupled with a communication and network infrastructure that supports the multicast of real-time pricing information, and the aggregation of energy usage and billing information.
Demand response energy infrastructure is a policy imperative. The federal Energy Policy Act of 2005 directs the Department of Energy to identify target levels of demand response benefits that can be achieved by January of 2007. The statute directs electric utilities to begin offering time-varying energy rates, and meters capable of supporting those rates, to consumers within 18 months of August 8, 2005. The Department of Energy is charged with educating consumers about the benefits of the systems; both state and federal agencies are charged with investigating the potential of, and making plans for, demand response adoption. It is expected that various demand response programs will be adopted throughout the country. Similar infrastructures are being put in place in other countries, some more advanced than in the U.S.
A core component of the demand response system is the collection of information about energy consumption from residential and commercial buildings at frequent intervals. The analog electric meters prevalent today are unsophisticated instruments that allow a meter reader to assess electricity use during the time interval between meter readings. The meters found in basements and on exterior walls, are typically read once a month by an employee of the utility who visits on foot.
Over the next two to five years these meters will be replaced by digital meters that collect data at frequent intervals, store it for many days, and transmit it wirelessly to the utility. Meters likely to be installed during 2006 are expected to contain a data collection module that will enable hourly readings and wireless transmittal of these readings to the utilities. Advanced metering installations projected to begin in 2007 will be capable of greater internal processing and have enhanced data storage capability. These meters are expected to collect data on electricity consumption at intervals ranging from one hour down to fifteen minutes. There is little agreement on how often meter readings will be sent to the utility or the intermediate nodes (concentrators) within the neighborhood, and the period for which readings will be retained in the meter, the nodes or the utility. The meters will collect and send a data set including a unique meter identifier, timestamp, usage data and some form of time synchronization information. The data is expected to be in a proprietary format unique to the individual manufacturer or utility, although some participants are looking forward to the availability of open standards and
architecture for meters.
Current utility practices include saving many years worth of customer usage data to facilitate customer dispute resolution as well as load and other research. These data retention practices are expected to persist. If all the readings are maintained, a customer’s yearly record will shift from a record of one data point per month reflecting average daily usage to a record of 750- 3000 distinct and time-stamped data points per month that reflect actual energy use. The information itself is distinct from the averages found in today’s bills. More significantly, the information one can glean or infer from this more accurate and detailed data set is radically different. Electricity consumption patterns in the coming DR system will reveal variations in power consumption that in turn can be associated with various household activities. Over time, power consumption can reveal personal sleep and work habits, the presence of certain medical equipment and other specialized devices, and of course signal the illegal behavior which today prompts law enforcement to seek them in certain drug production cases.
The changes in the frequency, format, contents, storage and transmission of data about electricity consumption that are integral to the planned demand response infrastructure raise interesting questions about the ongoing viability of maintaining, as a technical, practical and legal matter, the privacy of activities occurring within the home. How will the system architecture and business models address the increased sensitivity of meter readings? For example, imagine a future “wardriving” incident where wardrivers detect and monitor the unencrypted traffic between household meters and neighborhood level concentrators that relay energy usage information to the utilities. Monitoring such communications could provide information about occupancy on a per house, block, or neighborhood level. Armed with such information a criminal could relatively easily assess the best time to burglarize homes or engage in other property crimes in a neighborhood. How will the business models of utilities evolve to take advantage of the more detailed information that can be gleaned from energy consumption data taken at fifteen-minute intervals? Most significantly for the purposes of this paper, how will the increased information about in-home activities generated, transmitted and stored in DR systems be dealt with under the Fourth Amendment?
Existing legal precedent addressing the privacy of in-home activities, the energy they require, and the heat signatures they emit point in different directions. On the one hand the Supreme Court relatively recently affirmed the primacy of privacy in the home by prohibiting the use of a thermal imager to gather details about the home previously inaccessible without a physical trespass—at least until such time as the technology to do so becomes widely available to the general public. On the other hand, the Court has an entrenched position that where the government obtains personal details from third-party business records the Fourth Amendment is not implicated. In the first instance the Court has resisted limitations on Fourth Amendment protections for the home premised on the quality or quantity of the data that can be known. In contrast, the quality and quantity of the data in third party records clearly animates the existing Fourth Amendment case law finding no protection for personal details found in business records and has played a strong role in State Court decisions about the privacy protections provided by Fourth Amendment corollaries in state constitutions. While eschewing an examination of the
quality and quantity of information that devices reveal about the inside of the home, the Supreme Court has allowed the location of that information—in business records—to be completely determinative of the scope of Fourth Amendment protection.
Under the Court’s jurisprudence it is quite plausible that information about energy consumption inside the home contained in the records of a public utility—regardless of how sophisticated and detailed it becomes or how much it can reveal about the residents—will be found unprotected by the Fourth Amendment while the use of a relatively unsophisticated “device” that enhances law enforcement officers’ senses, allowing them to retrieve far less detailed information about in-home energy consumption, will require a warrant. At least until these devices become widely available to the public—as we would suggest they are today.
We are interested in exploring the Court’s divergent Fourth Amendment analyses when considering technological advancements that directly enhance the ability of law enforcement to gather information, and data collection and retention advancements in the private sector that similarly enhance the ability of law enforcement to gather information. In the leading case examining the law enforcement use of a thermal imager to gather information about the heat signatures of a home the Court refused to consider the privacy issues about the “waste heat” emanating from the home as driven by the notions of voluntarily disclosure, assumption of the risk, or abandonment. These concepts are the animating force behind the business records decisions. But as a logical matter these concepts are a far better fit for the “waste heat” which is freely available for anyone with the right technology to “see” from a public vantage point then they are for the utility records that are a necessary derivative of heating a home and are provided solely to the utility for the purpose of that service.
As more and more information about individuals’ activities is collected and archived by the private sector the Court’s disparate approach to considering the Fourth Amendment implications of direct collection of information by the government versus indirect collection from private sector entities (even where the data collection may be mandated by law) forces us to confront the possibility of a world with virtually no constitutional protection constraining government prying into citizen’s private acts whenever those acts are recorded or can be inferred from data collected in the private sector. If details of individuals’ in-home activities are directly recorded in or easily inferred from business records does the Fourth Amendment simply have nothing to say about the governments access and use of this information? Given that individuals are increasingly dependent on businesses to help them continually and in real-time manage activities and events in the home including the television they view, the nanny they hired, and the energy they use, will there be any private activities that remain outside the Fourth
Amendment free-zone created by the business records case law? This article considers the Fourth Amendment issues raised by the changes in the quantity and quality of the data that soon will be routinely available in utility records in California and eventually across the nation. We begin our exploration of these questions in Part II by exploring the Court’s Fourth Amendment analysis of law enforcement use of technologies that directly enhance their senses. We compare and contrast this with the Supreme Court’s Fourth Amendment analysis and state courts’ analysis of comparable state constitutional privacy protections in the context of business records that yield information similar to that available through technological devices. We consider the Kyllo, Smith and Miller cases and state constitutional decisions considering
the privacy expectations in utility records. The comparisons highlight the inability of the Supreme Court’s current Fourth Amendment jurisprudence to provide a rational and satisfying description of the privacy interests the constitution protects in a world of networks, devices, and personal services that by design collect and retain personal information on private acts. They also illustrate the flimsy protection likely found in the Kyllo cases narrow limitation on “government-only” technology.
As the information in utility records becomes more detailed the Court’s disparate analysis of these two techniques for collecting information about activities taking place in the home leads to increasingly unsatisfying results from a normative perspective. The continued conclusion that personal information contained in third party business records is outside the Fourth Amendment is poised to obliterate the “firm line [the Fourth Amendment draws] at the entrance to the house." We provide details of the DR architecture in Section III and explore the ramifications of the business records case law in this context in Section IV.
In Part V, we conclude that the economics of information processing are changing in a manner that is shifting the scope and effect of the Court’s business records doctrine. Technology that makes it cheaper and easier to collect and maintain information about customers, aligned with a service economy aimed at assisting individuals in managing their every need, activity and interaction, are diminishing the need for law enforcement to engage in the gumshoe surveillance activities of yesteryear or even the high-tech surveillance activities of yesterday. The private sector is subsidizing, at times displacing, the activities of law enforcement (and intelligence). The ability of law enforcement to cheaply and relatively easily access detailed profiles of individual household energy consumption or individual cell phone users’ locations, or access and combine billions of records from a multitude of private sector sources containing personal information as was planned in the Total Information Assessment project will make the Fourth Amendment less and less useful as a tool for prescribing limits on what the government can know and in what circumstances about its citizens.
The evolution of the DR architecture provides a particularly stark example of the capacity of the business records case law to erode the core of Fourth Amendment protections. The cultural dependence on private sector services that generate records containing personal information about activities occurring within the home are blurring the “firm line” around the home that the founders sought to protect. But it is just one example in a growing list. The Court’s disjointed approach to dataveillance and surveillance cannot sustain the privacy of the home as the framers’ or the current court envisioned it. By placing personal information contained in business records outside the scope of Fourth Amendment protection the Supreme Court has consigned us to a future without privacy.
[NOTE: Footnotes in this abstract were omitted. The full abstract with footnotes can be found in PDF form here]
Comments
To play devil's advocate (out of initial ignorance), I am a little unsure how power consumption levels read at 15-minute intervals can reveal detailed "personal sleep and work habits, the presence of certain medical equipment and other specialized devices." In particular, power usage seems very different from, say, the heat sensors in Kyllo, which Justice Scalia observed would allow police to learn "at what hour each night the lady of the house takes her daily sauna and bath." Specifically, a spike in electricity usage over, say, a 30-minute period would probably not be enough by itself to determine what appliances or equipment were used; traditional probable cause jurisprudence should limit further police intrusion based on this information alone.
Posted by: Henry Huang | January 19, 2007 6:23 AM
This is a very interesting question. On one hand, I’m inclined to agree with Henry. I doubt that the current proposed electricity-use monitoring scheme poses a sufficient threat to privacy to force a rearticulation of the business records doctrine. To the extent that these periodic snap-shots tell an investigator (or would-be burglar) useful things like when someone is home or how many occupants might be in the house, these inferences are generally observable by unproblematic traditional surveillance methods, from somewhere the curious have a lawful right to be (i.e., a public street). These data points are also less informative than that clearly legal alternative, since any particular conclusion one might draw from the relationship between them is underdetermined.
Even to the extent that certain usage patterns are suggestive of criminal conduct, the enterprising extralegal entrepreneur should reasonably be expected to internalize some of the burdens of nondetection. Promoting criminal operational efficiencies should not be an independent good in our Fourth Amendment jurisprudence, and by utilizing a more complex and risk-aware means to accomplish his objective, our extralegal entrepreneur should be able to carry on just fine (i.e., using alternative or supplemental power sources, turning on other appliances to distort an otherwise telling usage pattern, conspiring with neighbors to bleed power from their lines, adjusting the time when criminal activity is conducted to conform to high energy demand periods, moving the production operation frequently to avoid generating a quantum of incriminating data points at any one location, or reducing product output to avoid detection).
But the legitimate motivating concern doesn’t seem to be for the interests of criminal cottage industries, rather in the intrusion into our private lives by the government – be it for detecting unlawful activity or nosiness. And we can certainly imagine more sophisticated technology that could record every instant of our electricity usage (to whatever degree of specificity would make this thought experiment compelling). If the slightest spike, drop or surge pattern were preserved, and if this maximally complete data could be parsed to identify specific uses, much the way sounds can be detangled into discreet noise patterns and interpreted, then what of this technology that would allow its reader to interpret a pulse of current and tell us what make and model of toaster oven ran for four minutes at 9:34 a.m. on January 1, 2084, and precisely which brand wireless router accessed a network drive exactly eleven minutes later, from a Lenovo ThinkPad T-Series laptop computer, and that the drive in question was a Maxtor Shared Storage 300GB, all from the pattern of the electric current delivered to the home?
I understand the authors’ concern here, since it does seem bizarre to ground access to that information in the location where it can be found rather than confronting the first-order question of whether the degree of intrusion access to the information allows is constitutionally permissible absent a showing of probable cause before a neutral magistrate. But that might not be so bizarre – although the information about the wireless router, computer and network drive might concern us most, isn’t it the toaster oven that should? If not, then it will really trouble you to know that far more invasive information is readily available to the government from your Internet service provider (ISP) and on the servers of the websites one visits by the recording of your Internet protocol (IP) address. This information, unlike the worst our electrical usage could say about us, often constitutes direct evidence of criminal activity (e.g., at this date and time, so-and-so downloaded this image of child pornography).
So why do we (or should we) really care more about the toaster oven then? Why does it seem more like an instance of Orwell’s Telescreen? Maybe it’s that everyone pretty much knows that you give up a lot of your privacy by going online, so by making the choice to virtually invite the world into your home you assume the risk associated with that choice; but nobody knows or expects that simply by using an electric current you are giving up detailed information about what appliances you use and when. Maybe it’s that you can take measures to preserve your anonymity by masking your client IP address identity online, but no one can block the utility from recording details about the service it provides to you. Maybe it’s that accessing the Internet remains a nonessential or eccentric activity which one can imagine not doing, so that when one does access the Internet, the privacy interest one cedes is clearly carved out and delimited, whereas subjecting all instances of domestic electricity use to scrutiny is impermissibly intrusive owing to its broad scope. Maybe it’s that one can choose to access the Internet from any number of places for the same criminal activity (and with the advent of wireless technology, from almost anywhere), making the reduced privacy interest activity-centered rather than tying it firmly to the place where that activity occurs (as if virtual acts occur “no place”); the activity itself is subject to greater regulation whether it be conducted in the home, in a car on a laptop computer, or in the Chestnut Tree Internet Café nibbling on Chocorat, whereas everything else for which one uses electricity in the home is distinctively domestic. Perhaps they are equally problematic, or perhaps neither are, but my sense is there is at least an apparent tension between the two intrusions.
The other party of interest worth scrutinizing in this third-party-doctrine affair is the company collecting the information the government seeks. Big Brother isn’t able to compel the collection of the type of information we’re worried about (in most cases), but is entitled to gain access to it (upon at least some minimal showing) if the third party does collect it for its own purposes (and to enjoin its routine destruction once investigators develop an interest in it). This is worth reflecting on, lest we think that Google or any other corporation decrying governmental intrusions and rallying with us for privacy is actually on our side. Rather, they are the intruders. To deflect attention from the extent of their own close watching, corporations engage in Privacyspeak, as if they were on our side rather than then the source of ungood. Granted, there are some reasons for evaluating intrusions differently when the information is used by the government rather than by corporations or credit bureaus (let’s assume), but we cannot be lulled into identifying the government as the (primary) source of evil here. Why shouldn’t a best practices approach to corporate data collection focus on whether and when it is acceptable for information to be gathered, stored and analyzed about particular consumers at all?
To the extent that we fail to object to and remedy abuses of our privacy by corporations, how do we make a compelling argument that the business records doctrine is defective? Privacy preferences can be reflected in the market, and perhaps this could be an additional argument is support of delivery-side deregulation of the California public utilities (rather than just the failed generation-side deregulation of a few years ago). An excellent example is the pre-paid cellular phone card – it allows virtually anonymous use. Admittedly, some of the best evidence I have ever used to crack several nearly unsolvable cases was cell site data, call detail records and subscriber information (and I had to write search warrants in almost all instances). But we should ask ourselves – if it is okay for that information to be collected and for it to be “out there,” why isn’t it appropriate to help solve a murder?
The last observation I’ll share (I had only intended to post a few brief reflections!) is that gaining access to these records is incredibly frustrating for investigators, and all the company has to do is say “No.” In that case, investigators on the state level have to write search warrants (an incredibly burdensome process which slows an investigation, disrupting its pace and endangering its solvability, often allowing victimizers to disappear before our paper is issued, served and returned). Compounding this is that diving into document/record-based evidence often results in the revelation of a small clue, requiring another warrant to get to the next one, and so forth; in many investigations its questionable whether you’d be able to prove up a case before the statute runs, owing completely to this iteration of “piggy back” warrants (not for want of objective solvability). Even though there is a lowered standard for subpoenas duces tecum, they are of no use on the local level (comprising the vast majority of criminal investigations) because they are not used in the investigatory (pre-charging) stage. Where they are used, there is a process for the custodian of the records to object to and quash the SDT. Although rarely successful, it does provide judicial review prior to production, and what more could we be wanting here?
Federal agents also have access to administrative subpoenas and grand jury subpoenas, in addition to the search warrant process, and these procedural safeguards remain as formidable inefficiencies when discovering the information is truly critical to an investigation and function as deterrents to unnecessary paper chases, and in no case does an investigator get to just pick up the phone and ask because he’s curious. The current system strikes me as far from the dire characterization of the authors which “forces us to confront the possibility of a world with virtually no constitutional protection constraining government prying into citizen’s private acts whenever those acts are recorded or can be inferred from data collected in the private sector.” Unless we want a system that encourages police misconduct, an adequately burdensome but not prohibitive process might be what we should aim for given that so much personal and private information is out there in the world – if the process were to become irrationally overprotective of information held by less-interested third parties, we might be incentivizing the development of confidential informants or the unlawful and undisclosed procurement of investigative leads never intended for production at trial.
Would it not be easier to design the meters so they take privacy into account? Or let new customers opt-in to a more detailed monitoring scheme, allowing for the storage and retrieval of historical data should they want the option to dispute future bills or in order to qualify for some added incentive, only after a disclosure of and consent to the possible future uses of the information?
Posted by: Luke Itano | January 20, 2007 9:16 AM
Luke makes the important point that criminals will likely adapt to any utilities-monitoring system that exists. His observations about how difficult it is for the police to obtain certain records are also interesting – I think many of us operate under the assumption that companies (especially ISPs) tend to cave in to police requests to stay on law enforcement’s good side. I also initially agree that invisible online information – cookies, web forms, IP addresses – seem more troublesome and identifying than power consumption.
As another first-impression point, though, I think the biggest fear about the government knowing our toaster usage isn’t that they’ll bust us. One of the tough points about criminal procedure cases is that the defendant is always guilty; otherwise, there wouldn’t be an evidentiary dispute. For most of us, that isn’t a problem. I suspect that it’s the uncertainty – the uncertainty about what the government could do if they knew our toaster habits. It is like the rumor that the FBI/CIA/NSA has a file on each of us. Is that true, what's in there, and what could they do to us? If there were greater transparency, either through meter design (as Luke suggests) or pamphlets from the utility company, it wouldn’t be as worrisome.
Posted by: Henry Huang | January 21, 2007 12:36 AM
I consider that energy crisis will more concern that countries, with low economic or can concern only few at a time any country with normal economic on the strength of decline rate in chain of energy. Thanks!
Posted by: buy tramadol | November 27, 2008 7:33 AM
Hi! Very interesting review - useful and helpful, also very informative. Thanks. I like articles like this. Good work webmaster!
Posted by: tramadol online | December 3, 2008 7:20 PM
tramadol cheap | discount tramadol | purchase tramadol | buy cheap tramadol | tramadol online | order tramadol | buy tramadol | buy tramadol online | cheap tramadol | buy discount tramadol
Posted by: alex | December 23, 2008 4:11 PM
Thanks!
Posted by: Nick | December 28, 2008 12:00 AM
Nice article!
Posted by: tramadol online | April 25, 2009 5:09 AM
You will be able to find great ammount of different movie categories, such as actions, adventure, animation, biography, comedy, crime, documentary, drama, family, fantasy, history, horror, music, musical, mystery, romance, sci-fi, short, sport, thriller, war and western categories; by selecting any of these categories, you will be able to look into all the different movies available. Or You can just use our search bar, to find any movie you like without getting trough all that categories.
Posted by: buy cheap viagra | September 21, 2009 12:33 PM
buy cheap lipitor
buy lipitor
Posted by: buy lipitor | October 14, 2009 9:37 AM
fghgfdh dhgdf ghd d
Posted by: buy lipitor | October 22, 2009 11:11 AM
thdf gdsf gdsf gdfg dfg
Posted by: buy actos online | October 26, 2009 4:51 AM
thnx
Posted by: download movies | October 26, 2009 4:52 AM
Viagra
Posted by: viagra | November 13, 2009 6:41 PM