The implication of your position is that we either have an electronically connected society, or we have an expectation of privacy, but not both. The nature of technology in general, and the internet in particular, involves the co-mingling of property on the site of some 3rd party for the benefit of all.
Let us just talk about the content that I write, such as anything that I've written and left in Gmail drafts. The fact that Google hosts that data does not give them ownership of that data, nor does it confer the right to access that data for any reason. The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment. The details of it's representation, even it's physical location, are unimportant.
Extending the 4th Amendment in this way is the only rational thing to do. The only reason why this is not the default is that the public is generally ignorant of both a) how these systems work and b) how they are systematically exploited by government. The reason the government wants access is because it is a convenient and cheap way to achieve some aspects of security. In the post-Bush era, exercising restraint on one's own power is no longer the "done" thing - just ask Cameron Ortiz.
>The implication of your position is that we either have an electronically connected society, or we have an expectation of privacy, but not both. The nature of technology in general, and the internet in particular, involves the co-mingling of property on the site of some 3rd party for the benefit of all.
Agreed. It's a strange position to take that because it's technically possible for the government to access the information (owed to the location of the data), then they should be allowed to do so. This could be used to rationalize virtually unlimited access to otherwise private communications in today's hyper-connected world.
But, capabilities that we have had in the past (e.g. wiretapping) have always been checked in order to preserve privacy (or, put more Constitutionally, protect us from unreasonable search and seizure). Phone calls have always involved third-party transmission by the telcos. Why is that different from data sitting on a third-party server?
In general, however, it becomes silly to argue what should be permissible based on the ancillary nuances of technical architecture. It's a bit of a red-herring. The real question is "what is the intent of the protections afforded by the Constitution and are we upholding that intent". To argue that "the government should have a particular right because there's a client-server architecture involved vs. P2P" is spurious in this context.
It's patently ridiculous to call these "ancillary nuances of technical architecture." These are stark distinctions: is the information under your personal control or did you voluntarily give access to and possession of that information to someone else? In this particular case with the NSA, it's even starker: who generated the information? The NSA is collecting information generated by AT&T about activity on AT&T's private network. It strains the imagination to try to define that as an individual's personal information.
> The real question is "what is the intent of the protections afforded by the Constitution and are we upholding that intent"
The intent of the protections was to guard against the invasive physical searches of homes and persons that had occurred under the British. A broader conception of "privacy" is absent from the document. A conception of privacy that is broad enough to encompass information generated by a third party and stored by that third party is purely wishful thinking.
>is the information under your personal control or did you voluntarily give access to and possession of that information to someone else?
You are saying that by making a phone call, you are voluntarily giving information to someone else (the carrier), and so the government should able to access that data at will. And, I'm being ridiculous?
>who generated the information? The NSA is collecting information generated by AT&T about activity on AT&T's private network
The caller generated the data. AT&T simply collected and indexed it. There would be no data or metadata without the caller. You acknowledged this yourself in the first paragraph when you asked, "is the information under your control or did you voluntarily give possession of that information to someone else?" How could I give AT&T information that it supposedly generated? Once again, you're all over the place.
And, your ridiculous argument that because AT&T offers the pipes, they should be able to do what they please with the data that is generated is tripe. You could just as well extend that to make warrantless wiretapping on all calls legal. It is all merely data on AT&T's private network, right?
>The intent of the protections was to guard against the invasive physical searches of homes and persons that had occurred under the British
Funny how you're so willing to update government powers based upon evolving technology, however, when it comes to the rights conferred by the Constitution to the people, you want to limit those to the technology of that day. In this case, you are literally limiting those protections to redcoats (or similar) showing up at your door and rifling through your papers. I can't believe you expect to be taken seriously.
> The fact that Google hosts that data does not give them ownership of that data, nor does it confer the right to access that data for any reason. The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment.
This is what I refer to as the "romanticized view" of technology. Your gmail draft is not like the paper journal you have in your house. It's Google's data on its hardware that its engineers have access to (in clear text!). You want to construct this metaphor, where the "physical location doesn't matter", but that's not the underlying nature of the system.
You say that "representation" shouldn't matter, but you're making the opposite argument. You want different rules for digital representations versus physical ones. The rule right now is that once the information, represented as molecules of ink on fibers of paper, is in someone else's possession, it's not your information anymore. Well at the physical level, your gmail drafts are little flipped magnetic domains on a hard drive platter in a Google data center. If you tried to enter that data center, you'd be thrown out for trespassing. But you think that in this case, the law should construct a metaphor: those bits are "private" even though you don't have possession of them or ownership of the medium on which they reside.
Thought experiment: if I chisel my diary into a rock slab and mail it to Google, do you agree that it's their data now? What if I write it to a magnetic hard drive and mail it to them? No difference, right? So why should it suddenly be different if I send the bits over the internet for Google to write to its own hard drive instead of mailing them a hard drive myself?
My expectation of privacy covers anything that I protect with a password. Or, to put it another way, anything that is not public is private.
It's really that simple, and that is not a romanticized view of technology. Indeed, I'd argue that this is the (reasonable) assumption that most naive internet users make about their data.
The idea that location and possession does not matter is romanticized. The idea that your gmail drafts are private even though they are easily visible in plain text to Google is perhaps not romantic, but at the very least technologically confused. By that reasoning, your Facebook profile is "private." More to the point, the 4th amendment is not a blanket protection on "anything that you think is private." It's a protection against police invading the sanctity of your home and physical person. "Privacy" as some people think of it today, the idea that information might be considered private despite its being shared with numerous people, was not a developed concept at the time the 4th amendment was written.
I personally think the easier battle is to protect access to strong encryption tools, but I wonder, do you think it would be incoherent for a 28th amendment to try to spell out some legal protection for personal thoughts that were stored remotely?
Saying it a different way, if javajosh were to concede that your definition of privacy is more useful and concede that you are making a clearer case for how such things developed historically, how does he gain some legal breathing room for his remotely stored documents?
It wouldn't be incoherent at all for a 28th amendment to address various strands of privacy concerns that have arisen over the years. But there needs to be some thought into the design of such an amendment, because it wouldn't be an easy set of analogies from existing protections.
We are having a normative discussion, not an informative one. We can differ on what should be the case; this is not a discussion about what is the case. Clearly the courts side with you on this matter - the physical location of the data is given preeminence in legal debate over privacy.
And my normative claim is that this position is totally, completely, batshit insane.
We're having an informative one, because you said:
> The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment.
The use of "is protected" versus "should be protected" seems to me to be inviting an informative discussion, not a normative one.
As an aside, I'm always surprised by how often people on HN talk about "should" versus "is." That's very weird for the engineer in me. You can never make progress in a normative discussion, at best you can boil the disagreement down to a disagreement in principle and leave it at that. E.g. I don't trust the government less than I do Google, Facebook, etc. If I'm willing to write something in my gmail, where a Googler can see it, I'm okay with the government seeing it. You almost certainly have a different perception of privacy and trust. A normative discussion on the subject is thus futile--who is "right" about what who and how much to trust private companies versus the government?
> I'm always surprised by how often people on HN talk about "should" versus "is."
Perhaps we make this distinction because it's an important one. It always surprises me when an engineer confuses the two. "But the courts say that the gov't can access your data if it's not on your property," is NOT a counter argument to the statement "The 4th amendment should extend to data." The conversation cannot move forward unless both sides understand the difference between "should" and "is".
Let us just talk about the content that I write, such as anything that I've written and left in Gmail drafts. The fact that Google hosts that data does not give them ownership of that data, nor does it confer the right to access that data for any reason. The data in my drafts folder is exactly the same as data in a paper journal that I have in my house, and is protected by exactly the same law, the 4th amendment. The details of it's representation, even it's physical location, are unimportant.
Extending the 4th Amendment in this way is the only rational thing to do. The only reason why this is not the default is that the public is generally ignorant of both a) how these systems work and b) how they are systematically exploited by government. The reason the government wants access is because it is a convenient and cheap way to achieve some aspects of security. In the post-Bush era, exercising restraint on one's own power is no longer the "done" thing - just ask Cameron Ortiz.