Articles Posted in Constitutional Law

The National Security Agency (“NSA”) along with other government agencies (e.g., FBI, CIA) have expanded their surveillance programs after several terrorist attacks took place on domestic soil. It is a known fact that the federal government is systematically tracking domestic and international calls of its citizens. The surveillance program does not end there but also expands to text messages, internet browsing, and emails.

There is information that indicates the President’s Surveillance Program (“The Program”) was designed to assess, evaluate, gather, and analyze a tremendous amount of information with or without subpoenas or warrants. The Program is intended to disrupt actual or potential terrorist attacks that could be instigated by known or unknown criminals. The government has setup a massive collaboration effort with major telecommunication companies to gather information that would usually not be subject to surveillance. The telecommunication service providers have given access to the NSA to install surveillance equipment (e.g., “fiber-optic splitter”) which makes an exact copy of the data that’s passing through their systems and sends it to the government. Also, other special equipment such as the “Narus Semantic Traffic Analyzer” has been installed on the telecommunication systems to conduct deep packet inspections. These analyzers are capable of assessing and sifting through large data segments (e.g., 10 gigabits) and internet traffic.

These pervasive surveillance programs were authorized by President Bush after September 11, 2001. There is real time access to internet traffic and telephone records that was not previously available for previous surveillance programs. Also, the electronic information is being gathered in real time and stored on secure databases.

The governments of many countries have initiated surveillance programs to protect national security. These programs were allegedly designed and instigated to fight against terrorism and other criminal activities. For example, the British Government has setup a similar program to the United States government’s PRISM  program which is called TEMPORA. The GCHQ, which stands for Government Communications Headquarters, is the British government’s spy agency that operates similar to the United States National Security Agency (“NSA”). There is information that confirms the GCHQ has placed data interceptors on fiber optic cables to analyze internet communications. There is also information that confirms approximately 10 gigabits of data per second (or 21 petabytes of data per day) is being reviewed per day by this spy agency. Its agents are charged with the task of storing all sorts of information – e.g., electronic information with correlating metadata – on computer servers for as long as thirty days. This spy agency uses a technique called Massive Volume Reduction (“MVR”) to conduct its analysis.

Government spy agencies share their intelligence with other nation’s agencies as part of a partnership program. In fact, several years ago, The Guardian publicized this massive information gathering after it was reported by Edward Snowden. It seems the GCHQ is operating under two principles: (1) Mastering the Internet; and (2) Global Telecoms Exploitation. These surveillance programs are meant to gather as much information as possible for evaluation and assessment. However, it seems these principles have not been opened up for public debate and are being carried out without warrants.

The government spy agencies are gathering phone records, email message content, social media communications, and other types of information in an effort to curtail criminal violations. Their targets may include the unsuspecting innocent and suspicious or guilty individuals. Therefore, there are two schools of thought here. First, the spy agencies should carry out their intelligence gathering to prevent another international tragedy such as 9/11. Second, the spy agencies should be subject to certain limitations and should be forced to obtain lawful warrants before conducting surveillance. On the other side, the government officials argue that this type of unprecedented wiretapping is necessary to properly safeguard the country from terrorists.

The United States government has implemented surveillance programs to promote national security. These programs are designed to gather and process electronic information that could arguably assist government agencies in their efforts to enhance national security. However, there is an argument being made that the federal government is using the resources of major communication service providers to obtain records of citizens without legal justification. In other words, the government is engaging in unlawful surveillance programs without probable cause.

What kind of programs have been implemented?

The National Security Agency (“NSA”) has been intercepting internet communications for several years without fully disclosing the nature and extent of its surveillance programs to the general public. It’s also collecting other types of communication records such as phone records and related electronic information. There is evidence that proves AT&T is cooperating with government surveillance programs. The evidence seems to indicate the telecommunication giant has installed fiberoptic splitters to copy and send information to the government. Experts have argued this kind of activity is beyond “wiretapping” since it’s surveilling the entire communication channels without a warrant. So, in essence, the government is engaging in the mass collection of telephone metadata of all domestic customers. The government officials have argued that this type of broad surveillance is justified under the USA Patriot Act which is meant to deter and punish terrorism and enhance law enforcement investigations for the following reasons:

There is a general presumption that workplace privacy does not exist under any circumstances. However, that is not always the case. The state Constitution grants privacy rights and a private right of action to file a lawsuit against employers who violate those rights. It states in relevant part that: “All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, pursuing and obtaining safety, happiness, and privacy.”

The courts have decided that the main issue is whether the employee has a “reasonable expectation of privacy.” So, for example, employers are allowed to monitor internet usage or business email communications. Nevertheless, employers are not permitted to conduct surveillance in bathrooms or locker rooms. An employer may be held liable for disclosing the employee’s termination reasons, arrests, convictions, credit reports, misconduct reports, medical information, or confidential communications.

Employers are usually interested in social media activities of their actual or potential employees. They may review their social media accounts to make hiring decisions. However, California Labor Code § 980 prohibits employers from requesting disclosure of usernames or passwords of social media accounts. It also prohibits employers to require the employees to access personal social media accounts in their presence. California Labor Code § 980 states in relevant part that an employer shall not require or request an employee or applicant for employment to do any of the following:

Workplace privacy rights and legal restrictions on workplace monitoring are important issues. Many employers monitor employee activities to increase productivity and avoid workplace violations. They may use special software to monitor the network activities which can include email, telephone, and internet activities. However, they should also consider the employee’s reasonable expectation of privacy.

An employer, that has a legitimate interest in monitoring its employees, should be allowed to monitor business-related communications without problems. A legitimate interest can be established when there is proof that surveillance was conducted to promote efficiency and productivity. Employers usually inform their employees that they are being monitored to avoid violating their privacy rights. In other words, once the employee knows that he or she is being monitored, then he or she does not have a reasonable expectation of privacy. However, any kind of workplace monitoring should be narrowly tailored in time, place, and manner.

The Electronic Communications Privacy Act (codified under 18 U.S.C. 2511, et seq.) is a federal statute that is designed to control the workplace monitoring of electronic communications. It generally prohibits employers from intercepting electronic communications of their employees. Nevertheless, there are the following exceptions: (1) business purpose exception; and (2) consent exception. The “business purpose exception” applies when the employer is able to show surveillance was being conducted for a legitimate business purpose. The “consent exception” applies when the employer is able to show surveillance was being conducted with the employee’s knowledge and consent.

Electronic data exists on multitude devices for everyone. In other words, electronic information such as letters, emails, pictures, or videos are being stored on your electronic devices on a regular basis. Now, we should be cognizant of this process and take steps to protect the electronic information and promote privacy rights.

The Fourth Amendment was enacted to promote an individual’s right to privacy and states as follows:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

We’ve discussed how the states have passed privacy laws to protect their residents. We have also referenced the state and federal rules or regulations that are designed to promote transparency, security, accuracy, proper data collection, and accountability.

The Federal Constitution has not expressly mentioned the right to privacy. However, under Article I Section 1, the California Constitution has mentioned the “inalienable right to privacy” that is applicable to the government and private individuals. The courts have confirmed this fundamental right. In White v. Davis (1975) 13 Cal.3d 757, 774, the Supreme Court analyzed the facts and confirmed the right of privacy. In Hill v. National Collegiate Athletic Association (1994) 7 Cal.4th 1, 39, the Supreme Court outlined the following framework to decide whether there is a constitutional violation: (1) there must be a legally protected privacy interest; (2) there must a reasonable expectation of privacy; and (3) there must be a serious invasion of privacy interest.

There is also a common law right of privacy. First, there is intrusion into plaintiff’s seclusion. Second, false light as a result of false and negative publicity. Third, public disclosure of private facts. Fourth, there is the commercial appropriation of plaintiff’s name or likeness without consent. The courts have also recognized negligence as a cause of action when the defendant fails or refuses to manage data in a reasonable manner. In other words, the defendant can be sued for failing to comply with the industry data management standards if it causes damages to the plaintiff.

We have briefly discussed some of the state and federal privacy laws that are applicable to consumers and commercial organizations. It is important to understand how personal information is being obtained and distributed by businesses. Personal information is also being obtained and distributed by bad actors – i.e., criminals who gain access to customer information through clandestine methods and sell the information for profit. This information can be extracted by using cookies which is a software program that records the customer’s activities when visiting the website. Yet, a computer can be configured to not automatically accept cookies. Tracking software is being used to follow and monitor the customer’s online activities. The Federal Trade Commission, which has the authority to bring legal action for unfair or deceptive trade practices affecting commerce, has prosecuted companies for their failure to properly disclose this information.

What are the federal privacy laws?

The Federal Constitution has implicitly granted privacy rights. The Fourth Amendment prohibits unreasonable searches and seizures. There has been a series of legal cases that have dealt with this provision in order to determine the definition of unreasonable searches and seizures. However, some courts have held website monitoring programs that may reveal Internet Protocol or electronic mail addresses do not implicate the Fourth Amendment. The federal privacy laws that have been promulgate by the federal government include: (1) Driver’s Privacy Protection Act; (2) Electronic Communications Privacy Act; (3) Family Educational Rights and Privacy Act; (4) Fair Credit Reporting Act; (5) Fair Debt Collection Practices Act; (6) Federal Privacy Act; (7) Financial Services Modernization Act a/k/a “Gramm-Leach Bliley Act;” and (8) Video Privacy Protection Act which grants consumers the right to opt-out from disclosure of their personal information and file a legal action if their rights are violated. Also, the Federal Identity Theft and Assumption Deterrence Act prohibits the production and possession of false or unauthorized documents or the usage of another person’s identity.

The Eliminating Abuse and Rampant Neglect of Interactive Technology (“EARN IT”) Act is a proposed bill that is designed to permit government agencies scan online messages and prevent child sexual exploitations. It is meant to force websites remove child abuse images from their platforms. The advocates argue it is necessary to allow the government evaluate online communications for potential violations. They argue that websites should be held accountable for user violations. This law seems to be against encryption which is used to obscure content from the unintended recipient. Encryption technology has been used to protect online privacy by scrambling messages through special algorithms. It can only be deciphered by the intended recipient who has access to the private key. Encryption can be used to securely communicate on the internet but it can also be used for nefarious reasons. That said, the EARN IT Act does not use the term “encryption” in its provisions. The supporting legislators have claimed the proposed statute is not designed to outlaw encryption. Also, it would require websites to adhere to certain best practices that will be implemented by the Attorney General’s Office by selecting a group of law enforcement agents who would impose them.

The EARN IT Act could reduce the protections granted under Section 230 of the Communications Decency Act (“CDA”) which provides a certain level of immunity for online service providers. Now, the immunity is not absolute but it is not very far from it. It protects online service providers (a/k/a “interactive computer service providers”) from user violations. For example, if the user engages in conduct that constitutes invasion of privacy of another person, the website would be shielded from legal liability. So, the victim could not file a lawsuit against the website for the user’s violations. However, the following three exceptions apply: (1) federal criminal activity and obscene material; (2) intellectual property violations; and (3) sex trafficking. In fact, 47 U.S.C. § 230(e)(1) prohibits obscene material and sexual exploitation of children. Moreover, 47 U.S.C. § 223 prohibits the transmission of lewd, lascivious, filthy, or indecent messages to a person under the age of eighteen. The CDA prohibits online service providers from sexual exploitation of minors, sex trafficking, or promotion of prostitution in jurisdictions where it is illegal. In other words, interactive computer service providers cannot facilitate these activities on their platforms. In Reno v. ACLU, the Supreme Court evaluated the CDA and its relevant provisions. It found that the CDA criminalized protected speech – e.g., sexually explicit speech – and unprotected obscenity.

The EARN IT Act has been compared to the Fight Online Sex Trafficking Act (“FOSTA”) and Stop Enabling Sex Trafficking Act (“SESTA”) which were passed to fight against online sex trafficking by making websites criminally liable for user content. These federal statutes caused several websites, including, but not limited to, Craigslist and Backpage to remove pages or be completely shut down. So naturally, critics have argued that they promoted online speech censorship and prevented people who engaged in consensual sex work. Yet, if the proposed bill passes legislation, it could open the floodgates for lawsuits against technology companies.

Free speech and censorship laws have clashed for a very long time in this country. On one hand, we have the constitutional right to free speech. On the other hand, there are limitations that can be applied on a case-by-case basis. In short, speech can be censored if it includes obscenity, child pornography, or the incitement of imminent lawless action. The Supreme Court has faced a multitude of cases in these contexts. For example, in Schenck v. United States, the court ruled that freedom of speech does not include the right to incite actions that would harm others. In Roth v. United States, it held that it is unlawful to make or distribute obscene materials. In United States v. O’Brien, it held that it is unlawful to burn draft cards as an anti-war protest. In Hazelwood School District v. Kuhlmeier, it ruled that it is unlawful to permit students to print articles in a school newspaper over the objections of the school administration. In Bethel School District #43 v. Fraser, the court held that it is illegal for students to make obscene speech at a school-sponsored event. Furthermore, in Morse v. Frederick, it held that students cannot advocate illegal drug use at a school-sponsored event. The point is that even though there are a vast amount of constitutionally-protected rights, yet there are certain limitations.

How does the First Amendment apply to private social media platforms?

The First Amendment is designed to limit government agencies from encroaching upon its citizen’s rights. In recent years, private social media platforms – e.g., Facebook, Twitter, Instagram – have had discretion to limit, control, or censor online speech of their users. It is certainly arguable that the state and federal constitutions should also apply to private social media platforms because truth and falsity have always clashed with each other during the course of history. There are several schools of thought that analyze free speech rights based on the freedom of expression. First, one idea is that government should not change or alter the marketplace of ideas with censorship. Second, the other idea is that people should have the liberty to express themselves in society without reservation. So, if the social media platforms are granted censorship rights, then it would prevent liberty and growth. Now, more recently, in Packingham v. North Carolina, the Supreme Court acknowledged the fact that speech is taking place on social media platforms more than anywhere else. As such, the State Action Doctrine’s application should be reevaluated by the legislators.