What You Need to Know about the Third-Party Doctrine

And what it will likely mean as the NSA lawsuits work their way through the courts.

What are your rights to the information that other companies and people have about you? (Drab Makyo/Flick)

In March 1976, a Baltimore woman reported to police that she had been robbed. She provided the police with a description of the robber as well as of a vehicle she believed to be his—a 1975 Monte Carlo. Soon afterwards, she began to receive threatening phone calls from a man identifying himself as the robber. A week and a half after the robbery, police saw a man matching the description provided by the victim driving a 1975 Monte Carlo near the scene of the crime. They noted the license plate number, and found that the car was registered to Michael Lee Smith.

Without seeking a warrant, the police then asked the phone company to install a “pen register” at its offices to create a record of all numbers dialed by Smith. After finding that Smith was indeed calling the victim, police obtained a warrant to search his home, found other evidence of phone calls to the victim, and arrested Smith.

Smith sought to exclude the evidence from the pen register, arguing to the Criminal Court of Baltimore that its use without a warrant violated his Fourth Amendment right against unreasonable searches and seizures. The court, however, found no Fourth Amendment violation. After an appeals court reached the same conclusion, the Supreme Court agreed to hear the case.

In its 1979 decision in Smith v. Maryland, the Supreme Court ruled in favor of the government, observing that “this Court consistently has held that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” The Smith ruling also made reference to another Fourth Amendment case decided three years earlier, United States v. Miller, that involved warrantless government access of a suspect’s bank records. In Miller, the Supreme Court had also found in favor of the government, writing:

The depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to the Government. This Court has held repeatedly that the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.

The Miller and Smith decisions solidified what has since become known as the third-party doctrine. Under that doctrine, if you voluntarily provide information to a third party, the Fourth Amendment does not preclude the government from accessing it without a warrant. More succinctly, as the Court wrote in Smith, you have “no legitimate expectation of privacy” from warrantless government access to that information.

Much has changed since the 1970s. Today, being engaged in the world involves using the Internet, mobile phones, apps, cloud-based services, GPS, and other technologies that leave enormous amounts of information in the hands of third parties. Even before the NSA documents leaked by Edward Snowden started appearing on the home pages of the world’s news sites, there was a robust discussion about the continued suitability of the third party doctrine.

One of the most important recent Supreme Court privacy decisions, the United States v. Jones ruling issued in 2012, involved GPS tracking performed directly by the government, without a third party intermediary. (That case, which the government lost, turned on the government’s physical intrusion onto private property, without a valid warrant, to attach a GPS tracker to a suspect’s car.) Yet Justice Sotomayor used her concurrence in Jones to examine privacy more broadly and telegraph her discomfort with the third-party doctrine:

More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks ... I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.

There are varying views in the legal community regarding the third-party doctrine. Consider this August 2012 debate between Greg Nojeim, senior counsel at the Center for Democracy and Technology and George Washington University law professor Orin Kerr.

Nojeim argued that “If strict application of the doctrine ever served us well, it no longer does, leading to absurd results. This is particularly true in an age where so much more information is communicated through intermediaries.” Kerr countered by stating that “I think that the much-maligned third-party doctrine is a critical tool for applying the Fourth Amendment to new technologies in some cases, but that it should not be extended to all cases ... Importantly, my defense of the third-party doctrine implies an important limit: The doctrine should apply when the third party is a recipient of information, but it should not apply when the third party is merely a conduit for information intended for someone else.”

Before June 2013, discussions about the third-party doctrine typically involved information relating to small numbers of people, all of whom were suspects. The thought experiment used by Nojeim and Kerr to frame their debate was: “If a suspected thief has left written records of his crime in a friend’s desk, can the police simply subpoena the friend for the records in the desk or should that be treated as a search of the suspect’s property?”

That changed with the June 2013 publication of information about the NSA’s bulk phone “metadata” collection program involving millions of phone customers, only an infinitesimal fraction of whom could reasonably be considered suspects. Metadata includes information such as the telephone numbers at both ends of a call as well as call start time and duration, but does not include the audio contents. Unsurprisingly, the news stories about the NSA metadata program led almost immediately to lawsuits challenging its constitutionality.

Faced with the task of determining whether the program is constitutional, lower court judges bound by Supreme Court precedent have a choice. They can conclude that the metadata collection is analogous—though obviously on a completely different scale—to the pen register in the 1979 Smith case, and find it to be constitutional in accordance with the third party doctrine. This is what Judge William H. Pauley III of the Southern District of New York did in his December 27 ruling dismissing the ACLU’s lawsuit in ACLU et al. v Clapper et al.

Alternatively, judges can conclude that the NSA program is probably not constitutional, but in doing so they need to explain why they believe the program falls outside the scope of the doctrine. This is what Judge Richard J. Leon of the U.S. District Court for the District of Columbia did in his December 16 ruling [PDF] granting (and immediately staying pending appeal) an injunction against the NSA in Klayman et al. v. Obama et al. What a lower court judge cannot do, however, is decide that the third party doctrine should simply no longer apply.

Thus, the courts that will hear the initial appeals of both of the above rulings are in an unenviable and all-too-common position: They will need to apply legal precedents that predate the digital era to questions that are arising in large part precisely due to the stunning advances in digital technologies in recent years. It’s a challenging exercise.

The one court that can actually change the third-party doctrine instead of just applying it is the Supreme Court. And, in the next few years, the Supreme Court will almost certainly be asked—perhaps in a petition arising from one of the NSA lawsuits, or perhaps in a different matter altogether—to hear a new, major third-party doctrine case.

It’s too early to know how the Court will respond. But it’s interesting to consider that in 1928, the Supreme Court ruled in Olmstead v. United States that warrantless wiretapping of telephone lines was not a Fourth Amendment violation. “There was no entry of the houses or offices of the defendant,” the Court reasoned, and thus no need for a warrant. Yet in 1967 the Court acknowledged in Katz v. United States that the interpretation in Olmstead had become obsolete, and that “the Fourth Amendment protects people, not places.” Warrantless wiretapping, in other words, was a Fourth Amendment violation after all, even when the government installed the wiretap without entering the suspect’s property.

Of course, it’s just a coincidence that four decades elapsed between 1928 and 1967, and that we are now in the fourth decade following the 1970s rulings that established the third-party doctrine. Or maybe it’s not. Maybe half a lifetime is what it sometimes takes for Supreme Court constitutional privacy precedents to get recalibrated. By most measures, that’s a very long time. But in the life of the Constitution, which predates and will outlast us all, it’s really not so long.