LEGAL • TECHNOLOGY 01.20.19

UPDATED 01.21; 01.24

Legal gaps, emerging urban trends and big data policing are prompting cities to enact new privacy laws.

The Future of Privacy Forum will hold its 9th Annual Privacy Papers for Policymakers program, February 6th, "facilitating discussions of the year's leading privacy research and analytical work that is relevant to policymakers."

"Significant gaps" in state and federal privacy laws, and "emerging urban trends" related to counterterrorism, smart cities, open data, and a call for "reform in the wake of widely reported abusive police practices" have given rise to "privacy localism," writes Ira Rubenstein in his winning paper, Privacy Localism, NYU School of Law.

Traditionally, cities haven't been involved with privacy law, but that is changing. Cities are enacting "important new privacy laws," and adopting "broad privacy principles" for civic data, and guidelines for smart city and IoT practices.

Notably, Seattle and New York enacted laws "covering all municipal data collection and use," and have appointed Chief Privacy Officers.

American cities are "data-rich." Residents produce huge supplies of data "through daily interaction with devices and sensors as they crisscross public spaces and utilize city services." Local police departments are increasingly relying on surveillance and analytic tools, providing the "basis" for "big data policing." City municipal services "touch almost every aspect of each resident's life," and collect data from city web sites and IoT devices.

Smart cities analyze these "massive datasets," and many are beginning to make them "freely available to the wider public through open data programs that publish all sorts of government data anyone can use, analyze, or redistribute as they wish for a range of beneficial purposes."

These data-rich environments introduce many "privacy challenges" relating to police data ---including "metadata captured by surveillance technologies," and civic data --- including the "vast range of data generated and used by municipal services," reported Government Information Quarterly.

The Public Surveillance Gap and Panvasive Surveillance.

Privacy Localism "helps address" the public surveillance gap. The Fourth Amendment and related electronic surveillance laws like the 32-year-old Electronic Communications Privacy Act (ECPA) don't protect against "panvasive surveillance in public spaces," Christopher Slobogin, Georgetown Law Journal.

Although the Fourth Amendment protects against general searches or "general warrants" that don't "particularly describe the place, person or things to be searched seized," and are not "based on probable cause of wrongdoing," it is not " implicated by most types of panvasive surveillance."

Professor Christopher Slobogin coined the term "panvasive surveillance" to "capture the idea" that "routine and random" surveillance across large numbers of people, even when there is "no evidence of wrongdoing," using technologically aided mass-surveillance techniques that employ "bulk collection and analysis of phone records, transactions and urban video recordings" are "pervasive and invasive." Thus "inherently panvasive."

The Fourth doesn't require a "particularized warrant" for panvasive surveillance and is mute with regard to surveillance that occurs "in the absence of any suspicion about the people targeted."

Supreme Court suggests willingness to future-proof the Fourth and take surveillance technologies head-on.

However, recent Supreme Court cases suggest the Court is not opposed to "confront new surveillance technologies...rather than allow the Fourth Amendment atrophy in the contemporary setting."

Public surveillance received a "more protective treatment" in United States v. Jones (2012). Although the majority opinion found that warrantless, long-term GPS tracking was a legal "search" under the Fourth Amendment, five justices said it violated a "reasonable expectation of privacy under the Katz test." Referring to Katz v United States (1967). The case establishing there is no reasonable expectation of privacy in public.

In the Jones case, Justices Alito and Sotomayor concurred. Justice Alito put it "bluntly," writing,

"the majority's reasoning 'largely disregarded what is really important' the use of GPS for the purpose of long-term tacking."

Justice Sotomayor wrote,

“ 'GPS monitoring generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations,' which the government can then store and efficiently 'mine . . . for information years into the future.' '"

In Riley v. California 2014, the Court unanimously held that police need a warrant to search the information on a cell phone seized in an arrest because cell phones are "quantitatively and qualitatively different" than other articles due to their "immense storage capacity."

In Carpenter v. United States (2018), a divided the court concluded that historical cell site location monitoring by police over four months was a "new phenomenon," calling for a "higher level of protection." The court announced, a "digital-Katz test for surveillance technologies," amounting to a "multi factor analysis of data quantity and quality in a specific technology."

The digital-Katz test suggests the Court is "beginning the process of future-proofing the Fourth Amendment." It "chose to bring the Fourth Amendment into the digital future, writes Andrew Ferguson, Harvard Law Review Blog.

Together, these cases suggest that the Court "firmly believes that when surveillance is all-encompassing, it may violate society’s reasonable expectations of privacy," even when it is in public places.

The Fair Information Practices Gap.

Fair Information Practices (FIPs) are the foundation of modern privacy regulation in the U.S. and internationally, Solove and Schwartz, Information Privacy Law. They allocate the rights and responsibilities for the "transfer and use of personal information" and were incorporated into the Privacy Act in 1974 to regulate how federal agencies handled personal information. The Privacy Act doesn't apply to state or local agencies.

This leaves a "significant" fair information practices gap on "the collection, use, and disclosure of personal information by most state and city governments." Most cities and states aren't "bound by the FIP's," or by "methodologies and practices" requiring public officials "administering data-rich programs" to be "accountable" if they fail to consider "privacy protections."

The Case for Privacy Localism.

Privacy Localism "rests on the idea that local autonomy promotes laboratories for democracy." California has enacted privacy laws that have "shaped privacy and security standards on a national basis," iapp.org, including a new consumer privacy law with "national implications," Eric Goldman Law Blog; update, Santa Clara University Legal Studies Research Paper.

Seattle and New York City "seem remarkably successful in addressing the public surveillance and fair information practices gaps." They have enacted or introduced surveillance ordinances, subject to "ongoing judicial oversight" of "police practices and abuses" and imposed privacy laws "while embracing open data programs."

The main goal of those ordinances are transparency and accountability, "which are also the primary mechanism for achieving secondary goals such as adapting to changes in technology, restoring and maintaining public trust, and balancing public safety and civil liberties."

Local surveillance ordinances "close the public surveillance gap by developing transparency and accountability mechanisms free of Fourth Amendment doctrinal constraints." They apply to panvasive technologies, "irrespective of whether they monitor public or private spaces," and require that law enforcement prepare and submit "impact reports" particular to the type of technology, empowering the public and elected officials to "determine whether it is appropriate."

Adminstrative law as a new source of insight.

A "new emphasis" on "governance rules" and "agency design" as answers to Fourth Amendment "deficiencies and lack of transparency and accountability in modern policing" advances the argument for Privacy Localism.

Legal scholars have "turned" to administrative law as a "new source of insight" into these "longstanding problems." Privacy localism "perfectly exemplifies this administrative turn" because it relies on locally elected officials to construct policy and act with discretion in "applying local rules in a reasonable manner."

"Racial bias in police tactics and intelligence gathering via panvasive surveillance are not isolated issues." They are "two sides of a single phenomenon: the complete breakdown of democratic control over policing," writes Professor Barry Friedman, Unwarranted: Policing without Permission.

Friedmand "contends that what is urgently needed...is not more oversight but rather,

"rules that are written before officials act, rules that are public, rules that are written with public participation."

Consequent to the number of killings of African-Americans in cities everywhere in the country, "police chiefs have started to listen to local citizens." They are hearing from stakeholders like civil liberties groups, privacy advocates and local residents before "formulating polices on the use of surplus military equipment, drones and body-worn cameras."

Since local governments are closer to the citizenry they are "already adept at fielding" community input through school boards, zoning boards, arts commissions, or neighborhood councils.

The "time is ripe" to expand local surveillance policymaking to cities.

Privacy Localism fills gaps in privacy laws, as routine and random surveillance in public spaces proliferates in data-rich urban environments, producing and storing massive datasets available through open data programs for publication, analysis or redistribution.