It’s an uncontroversial position that EFF has long fought for: Internet users expect their private online activities to stay that way. That’s why law enforcement should have to get a search warrant before getting records of people’s Internet activities.
But in a disappointing decision earlier this month, the Arizona Supreme Court rejected a warrant requirement for services to disclose Internet users’ activities and other information to law enforcement, a setback for people’s privacy online.
In a 4-3 opinion, the Arizona high court ruled in State v. Mixton that people do not have a reasonable expectation of privacy in information held by online services that record their online activities, such as IP address logs. According to the Court, that information is not protected by either the federal Constitution’s Fourth Amendment or the state’s constitution, because people disclose that information to third-party online services whenever they use them, a legal principle known as the third-party doctrine.
The decision is wrong. As EFF, ACLU, and the ACLU of Arizona argued in a friend-of-the-court brief, “Individuals today conduct the vast majority of their expressive lives through technology. As a result, we entrust the most sensitive information imaginable—about our politics, religion, families, finances, health, and sexual lives—to third parties.”
Given that reality, courts should not blithely apply outdated legal principles, such as the third-party doctrine, to records that Internet users consider to be private and that reflect our private lives. The dissenting justices in Mixton recognized the hazard of doing just that:
We entrust private information to third parties every day: every time we use a credit card, provide our Social Security number, use a security card reader, mail a saliva sample to a genetics lab, make a bank deposit or withdrawal, use a password to enter a website, or even send an email . . . The notion that anything one must share for purposes of voluntary transactions is thereby subject to government inspection would eviscerate any meaningful notion of privacy.
The decision is also wrong because it fails to recognize that the U.S. Supreme Court has increasingly rejected the third-party doctrine in cases involving digital technologies, such as Carpenter v. U.S.
The Mixton decision’s reliance on the third-party doctrine is also disappointing because the majority missed an opportunity to rule that the Arizona Constitution’s “private affairs” clause provided stronger privacy protections than the Fourth Amendment, particularly given that it contains different language and was drafted long after the U.S. Constitution.
As the dissent wrote, “Whatever the continuing vitality of this doctrine following Carpenter in the Fourth Amendment context, we should reject it here.”