pageok
pageok
pageok
Peer-to-Peer Networks and the Fourth Amendment:
Over at the CYB3RCRIM3 blog, lawprof Susan Brenner has an interesting post on law enforcement use of peer-to-peer networks. Peer-to-peer networks are sometimes used to distribute images of child porn0graphy, and law enforcement occasionally go undercover as network users and send search queries for such images. If they locate the images on the suspect's hard drive, they obtain a warrant to enter the suspect's home and seize his computer.

  Susan's post considers whether government access to private hard drives using the peer-to-peer software constitutes a Fourth Amendment "search":
The computers in [these] cases were in homes. Was it, then, a search for the law enforcement officers to access the hard drives on the computers to locate and copy a file or files (which, arguably, is a seizure)?

On the one hand, you could argue it was a search because we have an intrusion -- a virtual kind of intrusion -- by law enforcement into someone's home. On the other hand, you can argue this is not a search because [the defendants] both "opened the door" for law enforcement officers to "enter" their computers by installing and using the file-sharing software.

. . . [More broadly,] If I link my computer to a network, have I lost any Fourth Amendment expectation of privacy in the contents of my hard drive?
  I think analogies to virtual space work pretty well here. If a user installs a peer-to-peer program and voluntary opens up a portion of his hard drive to anyone who happens to do the same, then the government is free to search that portion of the hard drive just like anyone else. See Katz v. United States, 389 U.S. 347, 351 (1967) ("What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection.").

  On the other hand, merely connecting a machine to the Internet does not relinquish a reasonable expectation of privacy. Steps that make it possible for someone to break into your computer don't eliminate a reasonable expectation of privacy in your computer any more than having windows and doors eliminates a reasonable expectation of privacy in your home. See id. at 352 (noting that a person who made a phone call from a glass phone booth "did not shed his [Fourth Amendment rights] simply because he made his calls from a place where he might be seen.")

  Of course, there may a need to draw difficult lines here, as what it means to "invite" people in versus "breaking in" can be fuzzy in some cases. But that's true in physical home cases, too, as decisions involving screen doors, open parties, and the like help show.
Nate F (www):
Interesting post. I agree with your analysis pretty much wholeheartedly.
2.19.2007 3:43pm
elChato (mail):
My impression on the peer-to-peer network thing is, if you have p2p software that allows other network participants access to parts of your hard drive, law enforcement can join the network and participate on the same terms you allow others to, without violating the 4th Amdt. If their participation on these terms shows you have contraband, they are justified in using that information to get a warrant, and it should not be suppressed.

Obviously they cannot, without a warrant, rig up some kind of hijacking or virus thingee to get access you did not allow.
2.19.2007 3:52pm
Kovarsky (mail):
Orin,

I read the facts in the link, and I think you're right. I don't know the breadth of your claim - but when the P2P program actually circulates the offending material, I don't think there's any problem. But there are two other situations where the answer wasn't as clear:

(1) what if the user allowed people to see the contents of his drive, but did not make the material available for sharing. i suspect this is still enough to get around any fourth amendment problems.

(2) but what about the situation where, for example, the government knows that the offender obtained the image or file from a private vendor. that file is not made available for sharing, although that directory does have content that the user shares. the user has "opened the door" to the directory, but not to the file; in contrast with (1), the public does not know that it is there. that would be more problematic, one would think.

i also wonder wehther the network architecture makes any difference. peer to peer involves sending information in packets through the network, which is a more "public" use of the information than would be the case with, say, a hierarchical network with a central server. to the extent the theory operates by analogy to meantspace, what are the implications if the network architecture differs in ways that make sharing less "public."

i would actually really look forward to any thoughts here, as I used to do a lot of internet privacy stuff, but more opt-in opt-out majoritarian default rule stuff. i'm not great with the 4th amendment questions.
2.19.2007 3:54pm
Mark Draughn (mail) (www):
What if some part of the P2P protocol requires acceptance of a license agreement which prohibits agents of law enforcement from connecting? Would they be permitted to connect anyway under the same rules that allows an undercover cop to say "no" when you ask him if he's a cop?
2.19.2007 4:02pm
Kovarsky (mail):
Mark,

That would never happen with P2P, since the entire purpose behind it is for the network to retain as little meta-data as possible. The more biographical data the network houses, the more likely they are to get nailed on various vicarious and contributory liability theories. The network architecture is not designed to enable that sort of filtering.
2.19.2007 4:07pm
John Burgess (mail) (www):
Kovarsky: It seems to me that if the government knows the offender obtained an illicit image, that in itself would justify a search warrant. This obviates any need to worry about P2P providing a gateway for LEOs.
2.19.2007 4:13pm
New World Dan (www):

. . . [More broadly,] If I link my computer to a network, have I lost any Fourth Amendment expectation of privacy in the contents of my hard drive?

Only the portions of the hard drive made available to the public at large, and only if accessed while made available to the public at large. What a person knowingly exposes to the public ... is not a subject of Fourth Amendment protection. I think that's about as clear a precedent as you could ask for. Federal law is also pretty clear about what constitutes unlawful access to a computer as well.
2.19.2007 4:28pm
Sean O'Hara (mail) (www):
The question becomes more interesting when you consider Freenet, a variant type of file sharing system in which users don't have control, or even knowledge of what's on their hard drives.


The stored information is encrypted and replicated across participating computers around the world, which are anonymized and intended to be many and continuously-changing. It is theoretically difficult for anyone to find out which participants are hosting a given file, since the contents of each file are encrypted, and may be broken into pieces that are distributed over many different computers. Even for a participant, effort is required to learn what he/she is storing.

Which means anyone who runs Freenet could have kiddie porn on their computer without knowing it.
2.19.2007 4:29pm
Caliban Darklock (www):
I have a question.

Imagine that I am a police officer. I go home at night and I log onto a P2P network for some legitimate and legal purpose, visiting a site where I find child pornography. It is my duty as a concerned citizen to report this to a law enforcement officer, who may then act to obtain a warrant at his discretion. If I theoretically "report" it to myself, I can act to obtain a warrant at my own discretion. This seems perfectly legitimate.

Now imagine that I sit AT WORK and log onto P2P networks LOOKING for child pornography. Does that alter the nature and character of this search and seizure?

I think it does. I'm not sure whether that altered nature makes it a fourth amendment violation, but I think there's a very different character to someone searching eight hours for porn as part of his job. I think it's possible to argue that just being included in an eight-hour dedicated search for criminal behavior (of which you are legally considered innocent) is unreasonable.
2.19.2007 4:37pm
Kovarsky (mail):
John,

It seems to me that if the government knows the offender obtained an illicit image, that in itself would justify a search warrant. This obviates any need to worry about P2P providing a gateway for LEOs.

Of course if the government has another source of PC this isn't an issue - i'm sorry if I wasn't clear. I'm thinking of a situation where the information the government has from the third-party source does not itself rise to PC.
2.19.2007 4:43pm
New World Dan (www):
Freenet is an interesting scenario, I'll admit, but the structure and behavior is more like the ISP who transmits the data packets containing the contraband content. No one is suggesting any sort of liability for Sprint or Comcast, despite the fact that they obviously facilitate the transmission of kiddie porn. Unless you can show that someone is participating in Freenet with the goal of helping to distribute kiddie porn...
2.19.2007 4:46pm
Kovarsky (mail):
New World Dan,

Only the portions of the hard drive made available to the public at large, and only if accessed while made available to the public at large. What a person knowingly exposes to the public ... is not a subject of Fourth Amendment protection. I think that's about as clear a precedent as you could ask for. Federal law is also pretty clear about what constitutes unlawful access to a computer as well.

Just because things that you knowingly expose to the public moot fourth amendment protection, it does not mean that those things that you do not knowingly expose to the public always retain fourth amendment protection. Again, I am not a Fourth Amendment expert, but I imagine this has played out in a number of real-space contexts. I do know that it is not as open and shut as you are making it out to be.
2.19.2007 4:47pm
Houston Lawyer:
If the other user of the P2P is a vampire, have you invited him into your home or just into your computer?
2.19.2007 4:52pm
Kovarsky (mail):
Caliban,

If I theoretically "report" it to myself, I can act to obtain a warrant at my own discretion. This seems perfectly legitimate.

neutral magistrate.

Also, I'm not sure what you mean here:

I'm not sure whether that altered nature makes it a fourth amendment violation, but I think there's a very different character to someone searching eight hours for porn as part of his job. I think it's possible to argue that just being included in an eight-hour dedicated search for criminal behavior (of which you are legally considered innocent) is unreasonable.

Of course the two scenarios are different in some ethical sense, but is your question about whether it depends on your intent in acquiring the pornographic material (i'm assuming in both scenarios you've acquired it - once by accident and once on purpose)? i'm sure that would make a difference to substantive liability for whatever the underlying crime might be, but I can't see why it would make a difference for fourth amendment purposes.
2.19.2007 4:53pm
lucia (mail) (www):
If the other user of the P2P is a vampire, have you invited him into your home or just into your computer?

Don't worry about this. Just hang a rosary on your monitor and you'll be safe; the vampire won't be able to cross the screen.
2.19.2007 5:23pm
Kovarsky (mail):
Don't worry about this. Just hang a rosary on your monitor and you'll be safe; the vampire won't be able to cross the screen.

or you could drive a stake through your monitor.
2.19.2007 5:36pm
Opus:
I wonder to what extent an answer can be found in such cases as United States v. Shaffer, 472 F.3d 1219 (10th Cir. 2007).

In Shaffer, the Court held that, for purpoes of 18 U.S.C. § 2252A(a)(2), the defendant had “distributed” child pornography when he stored pornographic images in a shared folder on his computer accessible by other users of the peer-to-peer network since (given the nature of the P2P network) he allowed others to access the images and videos, openly invited them to take or download those items, and understood that the purpose of the shared folder was to allow others to access items he stored in it.
2.19.2007 5:46pm
Kovarsky (mail):
opus,

Shaffer doesn't seem like he litigated a fourth amendment claim - at least the court doesn't talk about it (indeed, it would seem pointless, since he confessed to all of it anyways). Also, it seems squarely within the scope of what people seem to agree is not private behavior - all the offending files were sotred in the kazaa directory available to other P2P network users.

he defended on the substance of the criminal offense, not on the basis of evidentiary admissibility (except for the argument that his 'house of incest' novella was prejudicial).
2.19.2007 5:57pm
Fub:
Kovarsky wrote:
(1) what if the user allowed people to see the contents of his drive, but did not make the material available for sharing. i suspect this is still enough to get around any fourth amendment problems.
Question for clarification:

Allowing people "to see the contents of his drive" is not clear to me. Does it mean seeing a file directory? Or allowing others to view, listen, or otherwise receive some or all of the file contents?

I think the latter case would mean the material is actually "available for sharing".

But the first case seems like a very slim reed upon which to base a search warrant. After all one can name files anything, like "This_is_illegal_material.jpeg". But the name can be entirely unrelated to the contents of the file.
2.19.2007 5:59pm
Kovarsky (mail):
Fub,

Sorry, I meant to present two other situations:

(1) where you can see that an image is available although you cannot download it (i don't think necessarily it matters whether you know the image is kiddie porn or not). is that "knowing exposure to the public" under katz?

(2) you have files in a directory, on a drive, whatever you want to call it, and other P2P nodes do not know that those files are there. they are nonetheless stored alongisde files that are available for P2P network exchange. i take it this does not fit in the Katz language, but i'm not sure that means you have a reasonable expectation of privacy for it, or that it would be inadmissible under the exclusionary remedy.

the case here, where the offending files are actually shipped out into the ether, seems like the easiest case, becauee the material is actually sent to other network nodes.

hmmm... i wonder what scrabbled content would do to this fact pattern....
2.19.2007 6:43pm
Elliot123 (mail):
There is a difference between accessing a hard drive in a computer and receiving files sent by that computer. If I enter a keyword search into a p2p I am not targeting anyone, and other computers respond to my query because they have enabled the upload feature of their p2p system. I then ask for the file, and the other computer sends it to me.

On the other hand, I may hack into another computer without using the p2p network, read the hard drive directory, and initiate a transfer of the file from the other computer to my computer. These are two very different ways of getting the file.

The first case is analogous to sending an email that says, "Please send me file XYZ." Then the owner transmits the file.

The second case is hacking into a computer without the owner's knowledge or consent, and copying what is on the hard drive to another drive on the hacker's computer.

I can easily see how an investigation may start with the first case and end with the second case.
2.19.2007 7:34pm
Kovarsky (mail):
Elliot 123,

But I guess my question is, if they have PC to search the hard drive because of, say, a copyright violation. can they search an entire directory on the hard drive without running afoul of the 4a?
2.19.2007 7:42pm
jvarisco (www):
Even if they are private, couldn't such hard drives be considered to be in open sight? The users are choosing to allow anyone with an internet connection to see their files.
2.19.2007 7:43pm
Jake (Guest):
Let's assume that freely shared files is obviously in, while files obtained through hacking are obviously out (assuming no warrant, natch). How about an intermediate case: spyware.

Suppose the government approaches Claria (or whoever) and has them package LEO 1.0 into their spyware platform. LEO 1.0 searches a user's computer for potential kiddie porn images, and emails offending images (with identifying information) to the police. This is fully disclosed in the click through license of the Claria software package. Does this work?

Courts have generally held that the contracts work at least as consent to install spyware sufficient to prevent recovery under the UCC. I'm not sure whether that's enough for the fourth amendment analysis.
2.19.2007 7:50pm
Kovarsky (mail):
jake,

waiver of a constitutional right has to be knowing and intentional - i don't think you could contract boilerplate out of it.

that being said, to the extent that the 4th amendment is a "reasonable expectations" test, i would imagine that the adhesive contract would still go to reasonability.
2.19.2007 8:26pm
Bruce Hayden (mail) (www):
The problem with the idea that you could let someone see it on your computer but not let him download it doesn't make sense unless you are talking just letting him be aware of its existance. But if he can view it, he can download it. And, indeed, under copyright law, you have made at least one copy of it on your system.

But if you can't view it, then how do you know it is kiddie porn? From the title? I am not sure that would be sufficient unless there was some evidence tying a specific file to enough of a description that it could logically be inferred to be kiddie porn. Otherwise?
2.19.2007 8:38pm
Sasha Volokh (mail) (www):
Orin: This is a symptom of why I'm partial to an approach that would allow the police to do at least whatever a private individual can do.

So if private individuals could legally overhear the guy in the phone booth in Katz, so can the police; if private individuals can fly over your land in a helicopter and see stuff that, from there, is in plain view, so can the police; if private individuals can look at your house through a heat imaging camera, so can the police; and if private individuals can come into your house with your consent over the objection of your co-occupant, so can the police.

It makes police legality under the Fourth Amendment contingent to some extent on state tort law, but otherwise, don't you have a situation where a cop couldn't do it, but a private individual (perhaps an off-duty police offer) could find everything out and then tell the police about it?
2.19.2007 8:43pm
John Burgess (mail) (www):
Re: Vampires

I'm going to set up an ISP/hosting service in Gilroy, CA for those concerned about vampires getting into their PCs.
2.19.2007 8:47pm
Kovarsky (mail):
Bruce,

Are you addressing me? I can't tell - I think you are. But before I write a long response I wanna be sure that you're not talking to someone else.
2.19.2007 9:03pm
Elliot123 (mail):
Kovarsky,

Let's inject some more tech into the picture. Suppose the computer has more than one HD? Can all be searched? Suppose it uses HDs on a server, and the server has multiple HDs? Suppose the computer has a single HD but it is partitioned into ten partitions, each acting as an independent HD? Suppose the user has files stored on the 2gig of storgage Google gives email users? Can that Google HD be searched? Suppose the users files are spread out over many HDs in the Google data farm?

I don't have the answers, but I suspect the operations of the computers and networks will have to be examined very carefully. Too much is happening and too few really know how it's happening. I suspect I could construct two networks, one very likely to be open to search, and the other much more questionable. The cases shouold be very interestng.
2.19.2007 9:03pm
Kovarsky (mail):
Elliot123,

I think we're making a similar point - the analogy to meat space works well here, but not in contexts where the offending file is circulated. to the extent that a network is interconnected (think intranet, not a P2P), i'm not so sure that any spatial metaphor works. i don't think the physical distribution of the information should matter at all, but the idea that you can "search a hard drive" and find files that are located in a different, non-shared directory, seems to be premised on the notion that the spatial elements of digitized storage DO matter.

it's tempting to start talking about "plain view" and stuff like that, but i don't see how any of the traditional warrant exceptions translate well into digital searches. i don't see why you should be more able to search "my documents" if you have PC for a file on my desktop, but you shouldn't be able to search my online storage space. i have no less an expectation of privacy in one than in the other.
2.19.2007 9:14pm
Kovarsky (mail):
sasha,

it strikes me that too much of tort obligation is dependent on the identity of the potential tortfeasor. as Person A i have obligations 1,2, and 3 to person B. Person A's obligatiosn to C are different because they're different juridical entities.

The upshot is this - i don't know how you could ever say the government should just be able to what a citizen is allowed to do, because what a citizen is allowed to do is so identity dependent.
2.19.2007 9:17pm
Loki13 (mail):
Sasha Volokh,

When doing a 4th Amendment check (subjective expectation of privacy of individual + obectively reasonable expectation of privacy), the state nature of the actor is key. Having a standard of 'if a private person can do it, so can the police!' just, well, doesn't cut it.... for the most part.

The exception, of course, is in the OREP. As society changes, our objectively reasonable expectation of privacy changes with it (hence the ubiquity of plane flights allowed the use of airplace &helicopter surveillance of homes and curtilage).

That said, the govt. (gummint) has great powers at its disposal, far greater than most private actors, and the reason behind the Bill o' Rights (not that I need to explain this to you!) is to protect us from *state* actors (and agents thereof), not private individuals.

As are most peopple, I am far less concerned with the prospect of individuals en masse hovering over my curtilage with night-scopes and thermal-imaging devices and wall-penetrating radar than I am of ontinuous police overflights with said technology in an Orwellian dystopia.

Maybe I am just being naive.
2.19.2007 9:41pm
Anon2:
One popular methodology in p2p networks is cloak the origins of files by having intermediate nodes front their existence. I.e., you request file A from computer X, this causes the p2p software on computer X to contact its pears Y,Z..W which in turn contact their peers until the content is found. That information is then transfered back over the network and finally reported to you by X.

In the process you have caused the content to be spread around to many different user's machines.

So in the case of child porn, the government's own actions will have created the crime.

It may be that interpreting the 4th amendment this way is 'right' but it seems wrong as a matter of policy without much stricter application (or introduction) of mens rea requirements.
2.19.2007 9:41pm
Dave N (mail):
I too think Katz provides the best analogy. As such, I believe the police have the right to go "undercover" just as they would in any other situation. However, it also seems obvious that those portions of the computer shielded from the peer-to-peer network would require a warrant to examine.

As a different note, the FACT of child pornography on a hard drive may not be evidence of possession. If the child pornography is located only in a "temporary" file, an argument can be made that the person did not know the pornography was there, that the person inadvertently received it and then "deleted" it, or similar arguments that would raise "reasonable doubt" as to whether the recipient knowingly "possessed" it.
2.19.2007 9:49pm
Sasha Volokh (mail) (www):
Loki13: We're on the same page in focusing on the objectively reasonable expectatin of privacy. (For the record, I think the Katz test as a whole is wrongheaded, because I don't believe the subjective expectation of privacy should enter into the test.)

Now, as part of this expectation of privacy business, we've got a plain view doctrine. If something is in plain view, you can't legitimately complain when someone sees it. (Today, doctrinally, I guess this might not even be considered a search, because, somewhat counterintuitively (see Kyllo), the Katz REP test is now used to define what's a search in the first place.)

I've always thought the plain view doctrine was correct, because surely any expectation of privacy isn't objectively reasonable if the evidence is in plain view from some place where the searcher has a right to be. And I see the rationale for this being broader than mere naked-eyes viewing: If a private individual became aware of something through legal means and then legally made someone else aware of it, it's tough for me to see your expectation of privacy in that circumstance as objectively reasonable.

Now I understand how you can say that we're more concerned with the police, as part of the government, seeing things that we might not care much if regular people saw. That's a respectable view -- but it seems to me that it's not fully consistent with the notion of "objectively reasonable expectation of privacy." Regardless of how much we fear the police, how is it reasonable to expect that they can't find out what any random member of the public is entitled to find out and entitled to tell them about?

So if you want to go with a "let's control the police more because we fear them more" theory, that's fine, but I think we'd have to jettison the "objectively reasonable expectation of privacy" idea.
2.19.2007 10:38pm
RainerK:
Sasha Volokh:

I'm not schooled in the subject, so I may well be wrong, but isn't the plain view doctrine like this: The cop pulls you over for speeding and happens to see the joint in plain view in the ashtray vs. the cop pulls anyone over for something that's usually ignored, just to see if anything might be in plain view?
I do have a bit of a problem with the idea that the State flies over my property just using 20/20 vision to see if anything illegal might be in plain view. Next it's using binoculars, next infrared devices, next some other high-tech device, you get the idea - the old slippery slope again.
2.19.2007 11:39pm
Hattio (mail):
Sasha,
It seems to me that you are ignoring a big reality here. The fact that what is open to members of the public depend on the identity of those members of the public. For example, you used the co-habitant case. But, if two room-mates typically do something illegal (possess stolen property, use drugs, use alcohol if under 21) they can both assume that the other won't let the police in. That may not apply to whoever one room-mate happens to dislike. IOW, my roomie might be free to invite in someone I think is a jerk, but we both might be in agreement that the police can't come in.
2.19.2007 11:40pm
Kovarsky (mail):
sasha,

its also worth noting that pegging 4A standards to acceptable private behavior is not as simple as you make it sound. there are 4 distinct privacy torts and there's a whole lot of statutory law about what certain entities can and cannot do (that again, depend on the identity of the entity). half the privacy torts don't even have to do with any sort of "seizure;" they're about rights to control information flows. the rights and obligations of various private actors align around an entirely different set of values.
2.19.2007 11:47pm
PatHMV (mail) (www):
Sasha, it seems to me the problem with your way of looking at the 4th comes up when you hypothesize a state (which has plenary legislative powers except as specifically limited by their own or the federal constitution) passes a statute which grants free access to any property, private or not. The 4th Amendment wouldn't prohibit such a law, because the 4th is aimed only at government access to your property.

Better yet, imagine that rather than pass laws criminalizing the interception of another person's wireless phone calls, we instead passed a law specifying that if you put your call through the ether, any person is entitled to listen to it. Going even further, we pass a law that encryption is prohibited, and that any person has a right to break any encryption and listen to or view the encrypted material.

I can't think of any constitutional prohibition against such statutes. Under your analysis, that would then allow the police to listen to my private phone calls unless I always used a corded land line. Even then, the statute could allow all people to legally tap into the phone company's lines.

I just don't think that ordinary laws can form the fundamental basis for applying the constitutional provision.
2.20.2007 1:24am
Sasha Volokh (mail) (www):
RainerK: No slippery slope here. If private people can do all that stuff -- binoculars, infrared, etc. -- then, under my scheme, the police would be allowed to do it too. (In any event, if private people can do that, nothing stops a private informant from doing all that and then telling the police about it, which gives them probable cause to get a warrant.) If you think this is too broad, the solution is to tighten privacy protections against everyone. Sure I think it's awful for the police to be able to do [fill in the blank]. But if the police can't, but any old schmoe can, I haven't gained very much.

Hattio: You're referring to a slightly different concept, on which I agree with you. Suppose my roommate and I agree that we'll never let the police in, and in fact no one can come into our apartment without our invitation. Then, under my scheme, no problem! The rule as to the world at large is: No one can come in without an invitation. Then this same rule would apply to the police. On the other hand, my roomie could let in someone I oppose, and under private law I can't stop him. On that principle, my roomie should also be able to let in the police if he wants.

(In other words, my test is whether all random private individuals, having no special status, are able to do something. If all people can do that, then, I say, so can the police. The current doctrine, in some contexts, is in some ways much more police-friendly: If there exists some private individual, possibly having a special status, who has access to your stuff (like a bank with your records), then you've forfeited your expectation of privacy even as to the police, because you've already assumed the risk that that guy would snitch on you. I oppose that test.)

Kovarsky: In many of the 4A cases, the issue is not about seizures at all, but about the searches that may have preceded some seizure. And whether a search is legal is a question about access to information flows. Can the police look at my house through a heat-sensing camera? This is a classic privacy concern that's also at the heart of the privacy torts that private individuals can commit. But if any random person (without any special status), as an informer, could get some information without committing any of the four privacy torts, and if he can also pass that information to the police without violating any rule, then it seems that you should be able to cut out the middleman and let the police play the role of a private individual.

PatHMV: If a state made all private property open to the public, then yes, I think the police should have the same rights as any other member of the public to walk around and see stuff. Similarly, if a state allowed anyone to listen in on anyone else's phone calls, then the police should have the same rights as anyone else to listen to your phone calls. The solution to this is to not give such broad rights to the general public!

To me, this seems like just an application of "plain view" principles. "Plain view," to me, means not that someone is likely to see something -- if that were the case, even bagging cocaine in front of your big house window wouldn't be plain view if you reasonably expected that no one would be walking around. Rather, "plain view" makes sense to me because it's not reasonable to expect privacy if any random person from the world at large is entitled to find out what you're doing, by doing things that he has a legal right to do.

So this includes cases where someone can see you with his naked eyes from the street, with his naked eyes from anywhere he's entitled to be (perhaps in a helicopter above your property), with technological aids that he's entitled to use (glasses, contact lenses, binoculars, infrared glasses, heat sensing cameras), etc. This can be broad, but only if state law is insufficiently protective of personal privacy.
2.20.2007 2:22am
Loki13 (mail):
Sasha,

I think we're (mostly) on the same page, with a slight disagreement.

The reason for the OREP standard is so that we can exclude evidence that could be gained by a police officer using technology available to a small subset of the public, but which is not in general use, such that society would view the expectation of privacy as objectively reasonable. I believe Kyllo (which you appear to believe is wrongly decided) is a great example of this:

The police were using a thermal imager on a house. A house (and curtilage) is the most protected area for the 4th Am. under traditional common law. While the thermal imagers in the case were available to the public (you could buy one) they were expensive and not in wide use. That is to say, it was objectively reasonable that thermal imagers were not being used to determine what was going on inside the house absent a search warrant or exigent circumstances (please note that the police could always have obtained a search warrant). Please note that without this ruling, there would be nothing to prevent the police to conduct sweeping surveillance of houses at all times with thermal imagers... absent, as you point out, new legislation. Contrast this with simple aerial surveillance of curtilage and exposed areas of the home, which is allowed, because, with the amount of air travel, it is no longer under OREP that people in the air would not be able to see what is exposed to the air in FAA-navigable airspace.

*whew* as for SEP.... I think it is necessary, but less important than OREP (some say it could be subsumed by OREP). If you do not have a SEP (plain sight), there can be 'search'.
2.20.2007 7:54am
markm (mail):
"What a person knowingly exposes to the public ... is not a subject of Fourth Amendment protection."

I suspect that in peer-peer networks, there is often a problem with "knowingly exposes". Good peer-peer software, installed properly, should give others access to a part of the hard drive, but keep the rest walled off. I would use a front porch as an analogy; it's part of your house, but it is open to the public (and therefore not subject to 4th Amendment protection, but OTOH the mere presence of an item there doesn't prove that the homeowner put it there or knew about it). Behind the porch is a closed door, and opening it without an invitation is trespassing. (The cyber equivalent to a door is when a password is required for further access. It may or may not be easily hackable, but the requirement of hacking at all is an unmistakable signal that going past that point is a trespass.)

However, from stories I've heard, either some of the peer to peer systems are poorly designed, or naive users are installing them badly, and they may expose more than they intend to or know about. I can't think of a good real world analogy - a contractor building a porch wouldn't rip your front door out without telling you, nor would you fail to notice it was gone.

Worse, it's also possible to inadvertently expose your entire system just by connecting to some high bandwidth internet providers without taking certain actions to protect your system - and most users are unaware of this.
2.20.2007 10:38am
markm (mail):
About getting a warrant based on just a filename, with out being able to download the file, I will point out that:

1) It's very easy to rename a file with an innocuous name.

2) Innocent phrases munged together into filenames can easily become subject to other interpretations. There's a humor website somewhere dedicated to URL's that suffer from inadvertent double meanings, e.g., whorepresents.com (Who Represents, a service for finding actor's agents), or penisland.com (Pen Island, sells writing instruments).

I don't even have to be looking for something dirty to misread those. A cop looking for something dirty and primed with a list of code words that he thinks pornographers use to disguise their products is going to have a lot of false alarms. Warrants shouldn't isue on such flimsy evidence - but no doubt many judges will sign them...

The warrant requirement has become an insufficient barrier to cops breaking into places based on jumping to conclusions, going on fishing expeditions, using unreliable informants (Corey Maye), and even making up informants (Kathryn Johnston). I'd swap the exclusionary rule for a strict liability rule with a statutory minimum: If cops search on a warrant and don't find what they were specifically looking for, you get to choose between a check for $5,000 on the spot, or suing for higher damages with your legal fees reimbursed if you win.
2.20.2007 10:59am
Elliot123 (mail):
I think there is an important distinction between the hard drive, folders on a hard drive, and the files in the folders. I may define a folder as a shared folder and give access to its contents to anyone on a p2p.

I then put individual files in that folder, and make them avalable to the p2p. However, all other files on the HD are not in the shared folder, and I have not given access to them.

So, there is a very clear distinction between those files which I expect to be private and those which I expect to be public.

A slight variation on the question concerns web sites. A web site is hosted on my computer. I give public access to that site. However, I expect the rest of the files on my HD to be private since I have taken no action to make them public.
2.20.2007 11:01am
Bill Sommerfeld (www):
Fub,

But the first case seems like a very slim reed upon which to base a search warrant. After all one can name files anything, like "This_is_illegal_material.jpeg". But the name can be entirely unrelated to the contents of the file.


On the other hand, a directory listing may also include other information such as file lengths; the combination of file names and lengths for a set of files may be sufficient for someone to conclude that the set is likely to contain a copy of a specific work and that a closer look may be, uh, warranted.
2.20.2007 2:01pm
Johnmc (mail):
Well, as much as it is an excellent exercise, the 4th Amend as a defense in this secnario is the weaker case. Look one of the considerations of P2P networks is their anonymous nature. And for many, the police should not be making a case for the last IP so ID'd is the Host for the file. For more likely, the last host touched prior to making it to the police computer is merely a transit point and NOT the host computer where the file originated.

The defense then? A body of case law that has developed that holds ISP's blameless for errant files that traverse their networks so long as they make reasonable attempts to remove any offending files hosted on their servers. I would make the claim as the defendant, that in so offering my computer as a P2P participtant I am functioning as an ISP and request immunity under that body of law. I produce my host file list showing a lack of offending files as further evidence in my right to be held blameless.
2.20.2007 3:17pm
Apodaca:
Johnmc says
Look one of the considerations of P2P networks is their anonymous nature. And for many, the police should not be making a case for the last IP so ID'd is the Host for the file. F[a]r more likely, the last host touched prior to making it to the police computer is merely a transit point and NOT the host computer where the file originated.
I challenge the "far more likely" assertion. The mechanism for file discovery -- that is, the dissemination of queries and responses -- need not be the same as the mechanism for file transfer. And indeed, that's the Gnutella distinction: queries are flooded out iteratively to user nodes, which respond recursively, but the transfer of the file itself occurs directly between the requesting node &the node possessing the file. ("Peer to peer," one might say.)
2.20.2007 4:38pm
mrsizer (www):
What if you don't know about it?

My web server was hacked and made part of a phishing scheme. I found out when my ISP turned me off at the request of the FBI. The Bank of Oklahoma was being phished and spent the effort to find out where the fake sites were being hosted. I was one of many.

It was a web/IRC combination (very cool, btw). The data was recorded locally from the web page and an IRC request would send out the collected info. The web page installed in a directory ".../BankOfOklahoma" so it didn't show up in an "ls".

My ISP turned me back on when I removed the web page. The FBI was very understanding (and liked me because I'm techy and could give them some logs).

Given that experience, I'd say its entirely possible that someone could be part of a P2P file-sharing network and have no idea.

Even if guilty, I'd think the ignorance argument would be pretty easy. For example, if you are a Comcast subscriber being a member of a P2P network is a violation of your service agreement. It would seem to me to be very easy to claim that you had no idea that you were hosting content because you had agreed to a contract that forbade it.

It's kind-of/sort-of the "porch" argument. Maybe the "garage" argument: Someone broke in and put it there but since I don't use the garage regularly, I didn't notice. A bit lame in the real-world, but in the virtual world (who notices a couple of GBs of hijacked storage) it seems a reasonable defense.
2.21.2007 2:00am
Apodaca:
mrsizer, it's a reasonable defense until examination of the drive shows other user activity inconsistent with ignorance -- say, a relevant document being listed in the "recent documents" list for Windows and/or the corresponding application. That goes double for the paper printout on the desk.
2.21.2007 11:13am
Johnmc (mail):
Apodaca,

If by mechanism you mean the protocol used, I beg to differ. To quote -- "If a search request turns up a result, the node that had the result needs to contact the searcher. In the classic Gnutella protocol response messages were always sent back along the route the query came in through, as the query itself did not contain identifying information of the node. This scheme was later revised, so that search results are delivered over UDP directly to the node which initiated the search, respectively a proxying peer, usually an ultrapeer of the node. The queries do therefore carry the IP address and port number of either node. This lowers the amount of traffic routed through the Gnutella network, significantly making it more scalable. ..."

Note the bold emphasis as to return routing. What is unsaid by this is that some half of the clients out there still revert to this routing method to maintain backward compatability with older clients. So it is quite likely that the last node touched is misidenfied as the host node.
2.21.2007 2:20pm
Apodaca:
johnmc, the "return routing" described above is the mechanism for returning "yes i have a matching file" responses, not for delivering the file itself.
2.22.2007 8:03am