The Content-Specific Doctrine: The Right to be Secure in Digital Effects

Xander de los Reyes

Amendment IV, US Constitution

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

INTRODUCTION

The Fourth Amendment’s original intent was to protect Americans from unreasonable searches and seizures. At the time they were drafting the Constitution, the Founding Fathers remembered these violations of privacy as physical trespasses committed by British officials against colonists. This raises the question: Were the seizures of letters from a desk drawer or the broad searches of one’s coat pockets unreasonable searches and seizures because they were physical in nature? Or were they violations of privacy because of the content searched and seized?

I argue that unreasonable searches and seizures can occur without physical intrusion. As technology becomes increasingly prevalent, violations of privacy can occur in non-physical realms (i.e., “cyberspace”). Although these violations lack the physical dimension that characterized early-American conceptions of Fourth Amendment violations, they can nonetheless rise to a level of invasiveness that can be seen as functionally equivalent and can thus fall within the scope of the Fourth Amendment’s prohibitions.

This piece proceeds in the following manner. First, I briefly outline the history of the Fourth Amendment and its original intent, which was to protect Americans’ privacy from improper searches and seizures. Next, I outline twentieth-century case law that has shaped modern understandings of the Fourth Amendment. In this section, I also introduce the third-party doctrine, a legal doctrine that is troubling given society’s contemporary dependence on technology. Then, I discuss technological consent—or the lack thereof. Finally, I introduce a new legal framework, the content-specific doctrine. Instead of focusing on the physical nature of a search or third parties involved, this doctrine considers the content of effects (personal belongings) seized to be the highest-order consideration. The content-specific doctrine can protect privacy, digital civil liberties, and Fourth Amendment rights in this technological age. 

HISTORY

Under British rule, colonists were subject to documents known as writs of assistance or general warrants. Authorized by these documents, British authorities could enter colonists’ homes without probable cause. They could search homes indiscriminately for prohibited items and seize them. Even worse for the colonists, these writs lasted throughout the ruling king’s life and six months past their death. These documents flagrantly subjected the colonists to unreasonable searches and seizures.

When King George II died in 1760, an opportunity to protest the warrants arose. An advocate General from Boston, James Otis, rose to the occasion. Otis resigned his post and opposed the writs’ renewal in court in February of 1761. He could have merely objected to renewal, but went further. He argued that the writs were incompatible with the English constitution and went on to say that the only valid writs were “special writs.” (These were analogous to today’s specific and narrow search warrants.) Otis’s argument in court was one of the first formal colonial challenges to British authority. Scholars have also cited it as one of the earliest instances of colonial inclinations toward independence.

Otis lost the case, but his passionate argument left impressions on attendees and those who later learned of the event. One of the audience members would recall Otis’s speech fifty-six years later in a letter to a friend:

Every Man of an immense crowded Audience appeared to me to go away, as I did, ready to take Arms against Writs of Assistants. Then and there was the first scene of the first Act of opposition to the Arbitrary claims of Great Britain. Then and there the Child Independence was born.

These are the words of John Adams, America’s first vice president and second president. For him, the colonial conception of privacy was not just something of value—it was the very thing that set the pursuit of independence in motion.

This incident demonstrates the tremendous extent to which the colonists and Founding Fathers valued privacy. The writers of the Constitution—as survivors of British rule and its indiscriminate supervision—knew the importance of individual privacy and sought to protect people against unreasonable searches and seizures.

Since the ratification of the Constitution, determining violations of the Fourth Amendment has been complicated. As the nation aged, new circumstances and considerations arose. The invention of new technologies like telephones and computers, in addition to the Americans’ increasing dependency on business and service providers, has complicated Fourth Amendment jurisprudence. A synopsis of how courts have responded to these changes will prove useful.

TWENTIETH-CENTURY CASE LAW

Unreasonable searches and seizures were inherently physical in nature during British colonial rule and the early generations of the United States. This remained the case until the late nineteenth century when the invention of the telephone allowed for non-physical violations of privacy. Today, with the internet and interconnected world, physicality is not a requirement for a violation of privacy. This transition has created an entirely new subset of privacy rights: digital civil liberties. Next, I briefly outline case law of the twentieth century to show how courts responded to these technological changes.

Olmstead v United States (1928)

During Prohibition, federal law enforcement was investigating Roy Olmstead, a suspected bootlegger. Agents installed wiretaps on his telephone without a warrant. The agents installed the wires in the basement of the building Olmstead resided in and dug up phone wires underneath the nearby sidewalk. Because no physical intrusions occurred against Olmstead, the government felt it did not need a warrant. Olmstead countered that the warrantless searches violated his Fourth and Fifth Amendment rights.

In a 5-4 decision, the Supreme Court ruled against Olmstead. Chief Justice William Howard Taft authored the majority opinion. In it, he stated that “unless there has been an official search and seizure of his person, or such a seizure of his papers or his tangible material effects, or an actual physical invasion of his house” then no violation of the Fourth Amendment occurred. This ruling created a precedent that reemphasized the Fourth Amendment’s focus on physical intrusions. For nearly four more decades, as technology developed and spread, this precedent would stand.

Katz v United States (1967)

Federal law enforcement was investigating Charles Katz, a man suspected of illegal gambling. Knowing Katz used public phone booths, the government, acting without a warrant, utilized devices capable of eavesdropping and added them to the exterior of a phone booth. After they collected incriminating evidence, agents charged Katz with eight counts of illegal transmission of wagering information across state lines. After being convicted, he appealed his conviction and argued that the warrantless monitoring of his phone call violated the Fourth Amendment.

Reversing course from Olmstead, the Court ruled 7-1 in favor of Katz. Delivering the opinion of the Court, Justice Potter Stewart stated that the Fourth Amendment, “protects people, not places.” The ruling also created the reasonable expectation of privacy test, which has two requirements:

  1. The person whose Fourth Amendment rights have supposedly been violated must have had a subjective expectation of privacy.
  2. That expectation must be one that society can recognize as reasonable.

An individual’s Fourth Amendment rights are thought to have been violated if both conditions are affirmatively met. Failure to satisfy either condition would result in the determination that privacy rights were not violated.

The Katz ruling overturned the decision in Olmstead. It became the first landmark Supreme Court case that extended Fourth Amendment rights beyond physical intrusions, and its reasonable expectation of privacy test is still used today.

Third-Party Doctrine

Two cases in the 1970s, United States v. Miller and Smith v. Maryland, created a legal framework known as the third-party doctrine. In both of these cases, the petitioners claimed that their Fourth Amendment rights were violated. The searches and seizures of each case lacked a physical component and involved a third-party, such as a phone company or bank. These circumstances forced the Court to confront when individuals’ expectations of privacy were reasonable.

In United States v. Miller, the government accused Mitch Miller of not paying a liquor tax on distillation equipment. To investigate, federal law enforcement subpoenaed two of Miller’s banks. Without a warrant, they obtained records of his accounts. These documents were subsequently used against Miller in court, where he was convicted. Miller appealed and argued that his Fourth Amendment rights were violated when his bank records were obtained without a warrant.

In Smith v. Maryland, Michael Lee Smith was believed to have robbed a woman. Law enforcement also suspected that he was continuously calling the victim to harass her about the robbery. To investigate, the government asked Smith’s phone company to install a “pen register,” or a device that captures numbers dialed but none of the content of a phone call. When records indicated that Smith dialed the victim’s phone number, law enforcement was able to get a search warrant to find further evidence. Smith was later identified by the victim in a line-up and then convicted of robbery. He argued that the pen register violated his Fourth Amendment rights and appealed.

The Supreme Court ruled against the petitioners in both Miller and Smith. According to the Court, both men voluntarily gave their information to third parties (Miller and his bank; Smith and his phone company). Doing so, in the Court’s view, undermines the first requirement of the reasonable expectation of privacy test. When individuals provide information to third parties, they abandon any subjective expectation of privacy. 

Taken together, the decisions in Miller and Smith created the third-party doctrine. Under it, the government’s acquisition of information from third parties does not require a warrant. The soundness of this ruling was debatable in the 1970s. Today, however, society relies deeply on many more third-party services—many of them related to technology and the internet. Therefore, the third-party doctrine exposes Americans to significant intrusions of privacy.

TECHNOLOGY & CONSENT

With each passing day, technology becomes more interwoven into life. Many Americans use some form of instant messaging like iMessage, WhatsApp, or Facebook Messenger to communicate with family, friends, and coworkers. Some utilize navigation applications like Google Maps, Apple Maps, and Waze. When the COVID-19 pandemic began to shut down daily operations in 2020, workplaces, academic institutions, and other organizations moved to video-conferencing services like Zoom, Google Meet, and Microsoft Teams. All of these aforementioned services—whether they are used to video-call with grandparents or to navigate to a political rally—require the consent of users. Recalling the third-party doctrine, the proliferation of technology seems thorny at best and dire at worst.

A concerning fact is that most individuals do not attentively read the terms of service for these services. (User agreements such as “terms and services” go by other names: terms and conditions, terms of use, end-user license agreement, service terms, etc. While some lawyers may say there are slight variations between these definitions, they all functionally refer to a contract between a user and a provider of some service. Within this legal article, all of these terms are used synonymously.) Clicking or tapping the “I agree” box or button is, in the most literal sense, a check in the box for many people. This fact is tacitly, and sometimes explicitly, recognized by service providers. Amazon Web Services (AWS), for example, has included a clause referring to a zombie apocalypse in §42.20 of its service terms. They state that a previously mentioned restriction shall not apply in the situation of:

[A] widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization.

AWS’s inclusion of zombies in a legally-binding contract implies that many people do not read these terms. It is an “Easter egg” for some vigilant users—or scholars examining contractual consent and relationships—to find.

Other services have left even more ridiculous statements in their terms of service. Purple, a wireless network company in Manchester, UK, embedded a clause within their terms of service that bound those who agreed to 10,000 hours of community service. 22,000 people consented. A European security firm, F-Secure, created a publicly available wireless hotspot for people and included in its terms of service that “the recipient agreed to assign their firstborn child to us for the duration of eternity.” GameStation, a UK video game retailer, included in their terms of service that users’ agreement gave the company ownership of each user’s “immortal soul.” In 2019, a high school teacher in Georgia won $10,000 when she read the terms of service for travel insurance from Squaremouth, which stated that the company would provide a reward to the first person who contacted the company in response to reading their terms of service. These are half-comical, half-frightening examples of the lack of awareness that most users have about the contents of terms of service.

There are strong implications when the third-party doctrine, legally-binding terms of service, and users’ failure to read those terms are considered together. Most users of a service are required to agree to terms of service—i.e., contracts—to use said service. Thus, they have consented to give information to a third party, thereby rendering that information subject to the third-party doctrine. With humanity’s increasing dependence on technology and its abundance of terms of service, there must be a new legal framework for determining privacy rights and digital civil liberties.

THE CONTENT-SPECIFIC DOCTRINE

A doctrine that best protects Americans’ privacy is one that I call the content-specific doctrine. This framework emphasizes consideration of the content being searched and seized by the government. How information is obtained—be it physically or digitally—and a third party’s role are both considerations secondary to the content of a search. The doctrine’s primary concern is the qualitative features of the effects to be searched—the pages in a journal, the audio of a phone call, or the metadata of one’s social media account.

Content as Primary Focus

First, an example may elucidate why content is more important than physical circumstances or whether information was given to a third party. Consider the example of a “peeping Tom.” John is sexually interested in his coworker, Jane. Motivated by voyeurism, he hopes to obtain nude photos of Jane by standing outside her residence and covertly taking photos. Because modern cell phones are capable of capturing high-quality images—some of which are now capable of 100x zoom—John knows that he can easily capture these photos from outside Jane’s curtilage; he need not physically intrude.

Although no physical trespass may occur, this act is clearly immoral. The reason rests solely on the content of the information acquired: Jane, in her home, nude, and with an incredibly reasonable expectation of privacy. Normative judgments are independent of whether the trespass was physical in nature. Although this example does not involve the government, it is a clear example of why the content of what is obtained is more important than the physical circumstances of the acquisition.

Doctrine Use

Consider an example of law enforcement using the third-party doctrine to surveil an individual suspected of aiding women in getting abortions in a state where they have been banned or heavily restricted.1 Sarah, a resident of Texas, has publicly posted on social media that she wholeheartedly believes in bodily autonomy and would offer to drive women in need of an abortion to a provider. County sheriff’s deputies suspect Sarah of following through on her statements and driving low-income women in Houston to and from illegal abortion providers. They are able to see through Texas Department of Transportation records that she drives a Toyota Camry. Deputies find out that Toyota’s end user license agreement and privacy notice inform users that the company’s “ConnectedServices” collects data on vehicle owners, including location and voice recordings. Whether or not Sarah knows what she gave the car manufacturer permission to collect, deputies obtain records of her location and any voice recordings without a warrant.

In ascertaining whether Sarah’s Fourth Amendment rights were violated, the content-specific doctrine first considers the qualitative nature of the effects obtained by police—driving location data and audio recordings. This information can be incredibly personal to an individual. In daily life, most people assume that their whereabouts are not being tracked by others. Similarly, the conversations had in cars are assumed to be private in nature. The primary focus of the doctrine considers these features. In this instance, both categories of information are intimate and personal.

To help understand the content searched and seized, physically analogous scenarios can be helpful. Without technology, deputies would need to do at least one of two things to track Sarah’s whereabouts to the extent that Toyota’s data is functionally capable of doing: affix a GPS device to her vehicle or physically follow her whereabouts. Likewise, to record the conversations inside her vehicle, law enforcement would need to install a microphone inside the cabin of her Camry. In the absence of a warrant, these actions violate the Fourth Amendment.

Bringing these two ideas together yields an answer. The contents of the effects that deputies seek to obtain from Toyota—location and audio—are deeply personal. In physical circumstances, the search would be unreasonable without a warrant. Because the doctrine considers content as its primary focus, an answer is revealed: the government’s warrantless acquisition of Sarah’s location and voice recordings violated her Fourth Amendment rights.

The content-specific doctrine would not, however, protect the searches of Sarah’s public social media posts. The content, publicly available speech, is not as personal of information as location or audio recordings. Just as Sarah cannot reasonably expect that the words she utters in a  grocery store aisle are private, she cannot expect posts on public social media to be free from government observation.

Carpenter v. United States (2018)

An excellent example of actual legal thinking akin to the content-specific doctrine is the majority ruling in Carpenter v. United States. Suspecting Timothy Carpenter of robbery, the government obtained information from Carpenter’s cell phone service provider. Federal agents obtained “cell site location information” (CSLI) data that spanned 127 days. Over this duration, they collected 2,898 location points on Carpenter. This is an average of 101 data points per day. It can also be thought of as, on average, having one’s location documented and retroactively collected every 14 minutes and 15 seconds from August 20 until Christmas. The matter of the case focused on whether the acquisition of CSLI, without a warrant, violated Carpenter’s Fourth Amendment rights.

Fortunately for digital civil liberties, the Court ruled in favor of Carpenter. The majority opinion, authored by Chief Justice John Roberts, focused on the character of CSLI data and its investigative potential for law enforcement. The Chief Justice noted: “Given the unique nature of cell phone location records, the fact that the information is held by a third party does not by itself overcome the user’s claim to Fourth Amendment protection.” He further states that cell phone tracking is even more invasive than GPS-tracking a vehicle because individuals often leave their vehicles but most keep their cell phones on them at all times.2 He emphasizes this habitual proximity by noting that 12% of surveyed Americans confess to using their phones in the shower. The Chief Justice also notes that previous attempts by the government to recreate suspects’ past physical movements were limited by the sheer quantity of records and its ability to collect them. With CSLI, however, the government can achieve near-perfect surveillance. The Chief Justice states that: “Only the few without cell phones could escape this tireless and absolute surveillance.”

In ruling in Carpenter’s favor, the majority opinion functionally used the content-specific doctrine. Rather than determining the warrantless acquisition of Carpenter’s CSLI to be legal based on the third-party doctrine, the majority examined the content of the government’s search and seizure. The content, Carpenter’s whereabouts over a period of 127 days, was extremely sensitive information. The Court recognized this sensitivity and duly considered it to fall under the protections of the Fourth Amendment. In Carpenter, legal thinking similar to the content-specific doctrine recognized that the essence of information collected by the government was more important than the manner in which it was obtained.

It should be noted that the Court’s ruling in Carpenter was split: it was a 5-4 decision. Authoring the dissent, Justice Anthony Kennedy argued that CSLI data is no different than other business records that a third party maintains, and as such, the third-party doctrine should apply in Carpenter. This dissent was joined by Justices Alito and Thomas. The latter Justice filed an additional dissent that emphasized focusing on the physical nature of searches. In it, Justice Thomas discusses other Fourth Amendment precedents. He references a pre-Katz case where a “spike mike” (a microphone that can be physically driven through walls and other barriers for the purpose of eavesdropping) was inserted by federal agents into an individual’s home, without a warrant, which was clearly a physical violation of privacy. Justice Thomas makes this reference to support his disagreement with the Court’s decreased emphasis on physical circumstances since Katz.

Both dissents are grounded in reasoning that the content-specific doctrine would address. It would focus on the content obtained by the government. In this case, nearly 13,000 pieces of location information spanning a period longer than four months and documenting an individual’s physical movements. The content-specific doctrine would acknowledge the intimacy of this information and recognize that its warrantless seizure functionally creates an Orwellian surveillance state. Regardless of whether Carpenter consented to give this information to a third party (Justice Kennedy’s dissent) or the physical circumstances of the search and seizure (Justice Thomas’s dissent), the content-specific doctrine would find such government actions to violate the Fourth Amendment.

Opponents of the content-specific doctrine may say that it weakens the government’s ability to investigate crime. I acknowledge the government’s need to do so in order to maintain order. However, order can be maintained, and crime investigated, through legally granted search warrants. The Fourth Amendment states that, although people are free from unreasonable searches and seizures, they are not absolutely free from reasonable searches and seizures. Presumably, what constitutes a reasonable search is described in the amendment: those conducted with a warrant based on probable cause that “particularly [describes] the place to be searched, and the persons or things to be seized.” This wording was an attempt to prevent broad searches like those conducted under general warrants and writs of assistance.

In the digital age, such a warrant could coexist with the content-specific doctrine. Investigators’ efforts to obtain very specific information—say, a suspect’s whereabouts in a two-hour window on a specific date—could be seen as narrow enough to constitute a reasonable search and seizure. Of course, some privacy rights advocates may disagree (and I myself have hesitations). However, I acknowledge that the law must always seek to prioritize individual liberties while also conceding that some circumstances exist where those liberties can be narrowly encroached upon. Therefore, the content-specific doctrine is not at odds with the government’s acquisition of narrow and specific search warrants. Rather, it seeks to prevent, minimize, and rectify broad and warrantless searches in cyberspace—in other terms: unreasonable digital searches and seizures.

CONCLUSION

This article began with a question about the Founding Fathers’ conceptions of privacy: “Were the seizures of letters from a desk drawer or the broad searches of one’s coat pockets unreasonable searches and seizures because they were physical in nature? Or were they violations of privacy because of the content searched and seized?” After examining the Founding Fathers’ proclivities for privacy, it should be clear the transgressive character of unreasonable searches and seizures rested not on their physicality but on the government’s capture of private belongings and information. Privacy, for colonists and the Founding Fathers, was revered.

Knowing that non-physical violations of privacy exist, this article then considered twentieth-century Fourth Amendment case law, the third-party doctrine, and the implications of new technology. Taken together, they showed exploitative potential. In response, I provided a new legal framework for Fourth Amendment rights in cyberspace: the content-specific doctrine. Above physical circumstances or the role of third parties, the doctrine considers the content of information obtained by the government.

This doctrine will not magically settle all debates on privacy. It does, however, provide jurists with a way to consider Fourth Amendment rights in cyberspace. As technology becomes unavoidably interwoven into society, the content-specific doctrine can help protect Americans’ digital civil liberties. The people have a right to be secure in their digital effects.

1 Given how recent the overturn of Roe v. Wade 410 US 113 (1973) is, whether abortion-restricting states will explicitly ban aiding and abetting abortions is a matter of debate. However, because states generally make aiding and abetting other crimes illegal, it is not unreasonable to think such policies will exist, be they de jure or de facto.

2 A relevant and recent case involving the warrantless GPS tracking of a vehicle is Jones v. United States, 565 US _ (2012)

BIBLIOGRAPHY

“1870s – 1940s: Telephone.” Elon University. https://www.elon.edu/u/imagining/time-capsule/150-years/back-1870-1940/

“A case for reading the small print.” Magazine Monitor.  British Broadcasting Corporation. November 18, 2013. https://www.bbc.com/news/blogs-magazine-monitor-24992518

Allen, William B., and Jonathan Gienapp. “Against Writs of Assistance (1761).” National Constitution Center. https://constitutioncenter.org/the-constitution/historic-document-library/detail/james-otis-against-writs-of-assistance-february-24-1761

“AWS Service Terms.” Amazon Web Services. https://aws.amazon.com/service-terms/

Carpenter v. United States, 585 US _ (2018).

“Constitution of the United States of America: Analysis and Interpretation.” U.S. Government Publishing Office, 112th Congress, 2nd Session. June 27 2016. https://www.govinfo.gov/content/pkg/GPO-CONAN-REV-2016/pdf/GPO-CONAN-REV-2016.pdf

Farrell, James M. “The Writs of Assistance and Public Memory: John Adams and the Legacy of James Otis.” The New England Quarterly 79, no. 4 (December 2006): 535–536, https://www.jstor.org/stable/20474493

Fox-Brewster, Tom. “Londoners give up eldest children in public Wi-Fi security horror show.” The Guardian. September 29, 2014. https://www.theguardian.com/technology/2014/sep/29/londoners-wi-fi-security-herod-clause

“From John Adams to William Tudor, Sr., 29 March 1817.” National Archives. https://founders.archives.gov/documents/Adams/99-02-02-6735

Hern, Alex. “Thousands sign up to clean sewage because they didn’t read the small print.” The Guardian (July 14, 2017). https://www.theguardian.com/technology/2017/jul/14/wifi-terms-and-conditions-thousands-sign-up-clean-sewage-did-not-read-small-print

Katz v. United States, 389 US 347 (1967).

Miller v. United States, 425 U.S. 435 (1976).

Olmstead v. United States, 277 US 438 (1928).

“Privacy and protection,” Toyota, April 11, 2022. https://www.toyota.com/privacyvts

Schwartz, Matthew S. “When Not Reading The Fine Print Can Cost Your Soul.” National Public Radio. March 18, 2019. https://www.npr.org/2019/03/08/701417140/when-not-reading-the-fine-print-can-cost-your-soul

Silverman v. United States, 365 U. S. 505 (1961).

Smith v. Maryland, 442 U.S. 735 (1979).

“Toyota Vehicle End User License Agreement.” Toyota. https://www.toyota.com/privacyvts/assets/images/doc/Vehicle%20Software%20End%20User%20License%20Agreement%20Toyota.pdfUlanoff, Lance. “We need to talk about the Samsung Galaxy S22 Ultra’s zoom photography.” TechRadar. February 17, 2022. https://www.techradar.com/news/we-need-to-talk-about-samsung-galaxy-s22- ultra-zoom

When Two Worlds Collide: Evaluating Free Speech and National Security Claims around Trump’s WeChat Ban

by Nalin Ranjan

Introduction

Immigrants have come a long way from hopelessly striving toward the 20th-century ideal of full assimilation into American society. Descendants of Jewish immigrants, whom many believed could not be trusted, can now proudly take credit for developments in the sciences, politics, medicine, and the arts; blossoming Chinatowns have replaced enclaves that once shied away from any expression of their heritage for fear of persecution; Mexicans whose ancestors worked under poor conditions and compensation in the fields founded the United Farm Workers to ensure their voices were heard. The stories of immigrants who refused to merely conform to the expectations placed upon them are endless. They have long known that the immigrant experience entails keeping close to — and not abandoning — their unique cultures and communities.

It was thus that President Trump’s August 2020 ban on Chinese messaging service WeChat was met with large-scale trepidation amongst the Chinese-American community. For the unfamiliar, WeChat is the world’s third-largest messaging service and by far the most popular means of communication amongst first-generation Chinese immigrants, with nearly three million active daily users in the US. For many, it is the primary — if not only — means of keeping in touch with fellow Chinese immigrants and families back home. However, given its Chinese ownership, the app has been subject to intense scrutiny amid escalating tensions between the two countries. 

Legal action against the ban was swiftly taken, resulting in a preliminary injunction of the original order. And before further arguments were made, the Biden administration walked back the Trump-era restrictions. However, they also made it clear that they would continue probing the issue and that a further ban was not entirely out of the question just yet. In this article, I examine relevant constitutional arguments that may have been made in favor of the ban had further litigation continued. Whether or not the ban stands to constitutional muster will ultimately determine whether it is a legal restriction with unfortunate consequences or a fundamental violation of certain Americans’ right to communicate freely.

Background

President Trump initially issued Executive Order 13943 in August 2020, prohibiting “any transaction that is related to WeChat by any person, or with respect to any property… with Tencent Holdings Ltd [the parent company of WeChat]… or any subsidiary of that entity.” The order outlined seven restrictions — each prohibiting a certain type of transaction with WeChat or its parent company —that together would have immediately rendered WeChat services both useless and illegal to use. In particular, restrictions 1-4 would have crippled WeChat’s technological infrastructure and content-distribution backbone, while restriction 6, which bars “any utilization of the WeChat mobile application’s constituent code, functions, or services,” would have been nothing short of an explicit ban on using WeChat’s services for then-users in the United States. 

Make no mistake: most of the restrictions of the order could only be reasonably challenged in court by Tencent itself.1 But restriction 6, whose target is the American populace rather than a service/network/other technology managed by Tencent, could reasonably be challenged by American WeChat users, as it places an explicit restriction on a place Americans may go to express speech. My analysis hereinafter will focus on restriction 6, because 1) resolving first amendment challenges to restriction 6 entails tackling issues that would arise in challenges to other portions of the ban, and 2) first amendment challenges to restriction 6 most closely echo the concerns of American WeChat users, who are the most important stakeholders in this issue. 

Constitutionally, time, place, or manner (TPM) restrictions are permissible, but they must 1) apply equally to all forms of speech subject to the TPM restriction (i.e. be content-neutral), and 2) pass the test of intermediate scrutiny.2 Given that the ban seeks to impose a broad and sweeping restriction on the use of WeChat, it is clear that it passes the content-neutrality criterion: no particular message substance would be favored over another since all communication on WeChat would be prohibited. Thus, the only — albeit substantial — remaining obstacle that the ban must overcome is the test of intermediate scrutiny, which requires that a TPM restriction 1) serve a significant governmental interest unrelated to speech content, 2) be narrowly tailored, and 3) leave open adequate channels for communication. 

Does there exist a significant government interest that would be served by the ban?

As stated in President Trump’s initial executive order, the central motivation for issuing the ban is to protect national security. (The executive order clarifies that other threats, such as those to foreign policy and the economy, derive from the primary threat to US national security.) The precise definition of “national security” is somewhat elusive, but most would agree with the National Law Review’s characterization, which says that it “encompasses safeguarding the nation’s borders against foreign threats and terrorism… [which, in particular, may include] cyber-crimes, cyber-attacks, and other internet-based crimes.” And like most, we will grant that national security is a significant governmental interest unrelated to the particular content of restricted speech in this case.

Would the ban — as outlined in the original executive order and implemented in the Commerce Secretary’s addendum — prevent some action that gravely endangers US national security? The executive order would answer affirmatively, holding that the relevant action it prevents is the capture of “vast swaths of information from its users, which threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information.” This conclusion, however, is based on multiple unsound foundations.

First, the characterization of the information WeChat collects as “personal and proprietary” is misleading, if not plainly incorrect. Upon registering, users must agree to a privacy policy that explicitly describes how one’s information will be shared with other subdivisions of Tencent, service providers (middlemen providing services that enable the functioning of the app), third parties with whom the user interacts, advertising partners, and notably, governments/regulatory agencies that request it.  Of course, this finding is wholly unsurprising to the average WeChat user. In addition to the common knowledge that using an online service will expose one’s information to its administrator, there is also a common cultural element at play: many WeChat users, as first-generation Chinese immigrants, are familiar with the authoritative role the CCP takes in regulating the flow of information and communication. A sentiment of an anonymous user on tech forum SlashDot sums up the typical WeChat user’s attitudes on this issue: “WeChat is a great app, and I use it all the time. But I have never considered it to be private.” Ultimately, users are knowingly consenting to share their data with WeChat and its wide range of affiliates, so the suggestion that users’ “personal and proprietary” information will land into the hands of an actor that shouldn’t have access to it — including the CCP — is both legally and empirically incorrect. 

Second, the mere collection of “vast swaths of data” on consenting American users is not in itself a threat to national security, even if this data lands into the hands of presumed US adversaries like the CCP. It is certainly true that WeChat follows the typical social media company strategy of collecting a wide range of identifying information and day-to-day activity data from users that may compromise their individual privacy, but it is difficult to see how such perfunctory data could be used to threaten US national security as a whole. Knowledge of what certain consenting individuals are doing, where they are going, and what some of their preferences are seldom, if ever, provides the edge needed to engineer large-scale attacks on US citizens or institutions. And the US government has implicitly recognized this fact: the combined revenue of the data analytics and online advertising market — both heavily reliant on collection and exchange of highly specific personalized data — totaled almost $100 billion in 2020 with no indication of slowing down. These markets, which feature thousands of companies of varying sizes, are officially sanctioned — and even participated in — by the US government. Were the possession of terabytes of perfunctory data truly a prospect with imminent national security concerns, history suggests governmental oversight would be swift and uncompromising — or at the very least, more stringent than the lax attitude currently adopted that treats personal data as little more than an arbitrary, freely exchangeable good.3 

In short, there is little evidence to suggest that a blanket ban on the use of WeChat would significantly remedy any existing national security vulnerability.

Would the WeChat ban leave open adequate channels for communication?

As established in Ward v. Rock of Racism, “the basic test for gauging the sufficiency of alternative channels is whether the speaker is afforded a forum that is accessible and where the intended audience is expected to pass.” In other words, the subject of a TPM speech restriction must be afforded another venue in which the intended audience may reasonably participate in a similar capacity. Appellate court precedent has established this requirement as one admitting a strict interpretation. For example, refusal to grant a permit to the Million Youth March sufficiently close to the movement’s desired location in Harlem was ruled in 1998 to be a First Amendment violation, because the city’s proposed relocation to Randall’s Island would have “adversely affect[ed] plaintiff’s ability to reach its target audience” by “limit[ing] [the movement’s] reach to [only] those who make an affirmative decision to travel to [Randall’s Island].” 

The alternatives afforded to WeChat users, unfortunately, are quite worse than a two-mile walk eastward to Randall’s Island. As Peng notes in her testimony, the only available alternatives to contact relatives abroad are costly and provide vastly inferior functionality:

“Without WeChat, I will have to go back to the old way of buying calling cards and making expensive international calls. I will also not be able to reach all of my family members with one click. I will not be able to look at them through video calls with my own eyes. Nor can they see that I am well with their own eyes.” 

For the unfamiliar, the reason that Peng would have to go back to calling cards is that most apps that seem like viable alternatives (WhatsApp, Snapchat, Messenger, Line, etc.) are blocked by the Great Chinese Firewall

And for those whose only proficient language is Mandarin (or another dialect spoken in China),4 the lack of other Chinese-friendly messaging apps would all but require attaining sufficient proficiency in another language. Even if we discount the many cases where this is effectively impossible (e.g., for senior citizens), such a requirement would fundamentally run contrary to the American notion of free expression. Learning a particular language should never be an explicit prerequisite to communicate, nor is the government within its right to revoke access to platforms so as to implicitly institute this as a requirement.

Conclusion

For now, Chinese-American WeChat users can breathe a sigh of relief. Yet it is clear that the issue is far from resolved, as the Biden Administration has indicated that a subsequent restriction is well within the realm of possibility. However, amid ever-changing political headwinds, American WeChat users can cling steadfastly to the legal rock that is intermediate scrutiny. Indeed, striking down the Trump-era ban would have only required that one intermediate scrutiny criterion be unmet. That the ban spectacularly fails multiple criteria is a serious indication that subsequent administrations will need to dedicate genuine, good-faith effort to crafting a more measured response that does not irreparably sever certain Americans’ access to their most significant outlet of communication.

1 Foreign entities may bring suit in US courts; see Servicios Azucareros v. John Deere.

2 First developed in Craig v. Boren.

3 See this article, for example. Most data exchanged over US networks is unregulated. That is, most companies are not under any obligation not to share your data with third parties, who can in turn do as they wish with that data (including selling it again). And none of them are obligated to tell you what they do with your data.

4 No publicly available sources have an estimate on the true number of English-deficient WeChat users in the United States. But an extremely conservative estimate would likely lie in the hundred-thousands.

It’s Not Just Me, It’s Also You: How Shared DNA Complicates Consent

by Ethan Magistro

With just a sample of your DNA, you, your immediate family members, and many other distant relatives can be identified. Your genetic information can be used to determine you and your families’ insurance policies, expose medical conditions you didn’t even know you had, and, in the worst case, be used to identify and arrest someone you may be distantly related to. The deoxyribose nucleic acid (DNA) contained within every cell of our bodies holds intimate details about each of us. Yet when users send sample DNA to direct-to-consumer (DTC) testing kit companies, only their consent is needed to share information that belongs to many of their family members. Because of this, I argue we should drastically rethink our understanding of DNA. Rather than conceptualizing DNA as analogous to other types of private property that can be traded with individual consent, DNA trade should require the shared consent of family members. The difficulty in obtaining that consent points to a colossal need for the development of genetic privacy laws.

To understand why DNA should be understood as a form of shared property, it will be helpful to outline the economic and legal landscape of consumer genetic testing. The past few years saw a spike in interest for DNA testing and an explosion in the DTC testing kit market, which is dominated by AncestryDNA and 23andMe. Although the market has died down since then, worries about political and enforcement abuses of genetic information and medical privacy concerns are still in focus. 

Concerns about enforcement abuses of genetic information usually involve the Fourth Amendment, which protects citizens from unreasonable searches and seizures. This was exemplified in Maryland v. King, a U.S. Supreme Court case which held that genetic testing is similar to fingerprinting, and is therefore a reasonable search under the Fourth Amendment, to the chagrin of privacy advocates. The latter issue of medical privacy deals with Title I and II of the Genetic Information Nondiscrimination Act Of 2008 (GINA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA), both of which are notoriously lackluster in protecting privacy, especially regarding DTC testing, which neither law protects. Beyond this, some states have genetic privacy laws with varying levels of consent required by companies. Many of them provide little extra protection. This lack of privacy protection has caused the DTC industry to mostly self-regulate, which has been spotty at best: in their privacy policies, some genetic-testing companies wrongly claim they comply with HIPAA, while some companies have no privacy policies at all.

A lack of strong DNA privacy laws presents an imminent threat to genetic privacy because of how valuable a sample of DNA can be. Genetic information’s longevity, immutability (you cannot change your DNA like you can a lost password) and predictive ability about future health make it extremely valuable. Yet DNA is unique in that it is able to identify an individual as well as their family members, since people share large portions of DNA with their relatives. This is why it has been so often used to gain leads in criminal cases

Being so valuable, it makes sense why shoddy privacy policies exploit a lack of laws to gain control of DNA. Deceptive policies mislead individuals to give away most of the control over genetic information, and, therefore, their family’s genetic information, without ever knowing it. With that control, companies can trade or exchange this data, often selling it to unknown third-party companies who can use it as they wish. Bigger companies like AncestryDNA or 23andMe are no safer. They may truthfully claim they do not sell your genetic data to third party companies, but the independent labs they send the sample to for analysis make no such guarantees

It is hard for consumers to notice that. A large company’s connection to third parties is often inconspicuously snuck into their privacy policies. Before it was shut down in late 2020, AncestryHealth, the division of AncestryDNA designed to identify genetic health risks, sent DNA samples to a third-party group called PWNHealth for analysis. A link to PWN’s privacy policy is at the very end of AncestryDNA’s terms and conditions, which itself is in small print at the bottom of the AncestryDNA webpage. PWNHealth’s privacy policy is far less robust than Ancestry’s. Two points stick out:

You have the right to request in writing that we restrict how your health information is used or disclosed. For most requests, under the law, we are not required to agree to your request.

and

“If you request that Ancestry delete your information held by Ancestry, such request will not result in the deletion of information held by PWNHealth. Such information will be retained by PWNHealth in accordance with applicable law and this Privacy Policy.”

It is clear that PWNHealth has no intention of removing or restricting its use of submitted genetic data. Even if PWNHealth claims that they will only trade “non-identifiable data,” the shocking ease with which genetic data can be re-identified makes this claim essentially worthless. So while AncestryDNA will not sell your genetic data, PWNHealth can and will.

Despite all of these concerns, PWNHealth is still acting within the law so long as a user consents to its terms of use and, therefore, how it uses your genetic data. But is an individual’s consent enough considering that their DNA sample contains information about their relatives? It should not be. DNA contains valuable, identifiable information about a user’s family and distant relatives that should not be shared without their knowledge. Instead, companies who offer DTC genetic testing should require consent from those with whom an individual shares the majority of their DNA.

Already that idea sounds burdensome. Should someone really have to call their parents, grandparents, and siblings if they want to understand more about their own medical information? What about those who are estranged from their families, or people who are adopted and do not know their biological relatives? Here, a middle path exists between individual consent and shared consent. Perhaps for medical information, relevant to an individual who may want to alter their lifestyle to decrease the risk of a condition manifesting, an individual should use a DTC without providing shared consent. A kit designed to find unknown relatives who may wish to remain private, on the other hand, should require companies to ask for consent from those relatives.

Yet this argument ignores the threat that third-party actors pose. The importance of genetic privacy is less about keeping individual issues private from the family and more about keeping familial DNA out of the hands of third parties like PWNHealth who can trade that genetic information and other groups who could de-identify it or sell it. If you must get a genetic test for medical reasons, it would be wiser to do so in a clinical setting, where HIPAA and GINA offer comprehensive privacy and protection. Without that same protection, DTC tests put many of your relatives’ information at risk.

What could a stronger form of shared consent look like in the DTC arena? One analogy that provides some insight comes from a complaint filed by the Federal Trade Commission (FTC) against Facebook in which the FTC challenged Facebook’s misleading privacy policies and deceptive practices. The complaint alleged that Facebook “told its users that they could limit those who could see their posts to just ‘Friends,’ when in reality—and without warning to the user—doing so would also allow developers of third-party applications used by their ‘Friends’ to access the post.” In other words, “third party applications” of a user’s Facebook friends could look at that user’s posts even if the user did not consent to that action.

This is not a perfect analogy. A post shared with a friend, which is then unwittingly shared with a third-party application, is not the same as DNA, which is physically shared by multiple people. Nonetheless, the FTC acted when Facebook gave third parties access to a user’s post, even when that user had no option to consent to this. In a case involving genetic data, it’s feasible that the FTC could challenge DTC companies for not adequately informing users that their familial genetic data, which they provided without their family’s consent, was now in third-party companies’ hands.

Like those users who had a reasonable expectation that only their friends would see their posts, people who have never taken a DNA test or given away a DNA sample would not expect their genetic information to be in the hands of a group such as PWNHealth. There is a reasonable expectation that genetic information is private. If someone wants to give away valuable information about you — even if it is partly their information too — they ought to seek out your consent.   

Ultimately, the easiest remedy for the lack of genetic familial privacy and the need for shared consent would be stronger genetic privacy laws. The lack of robust genetic privacy laws already leaves consumers unprotected against bad actors looking to profit from their DNA. As genetic testing technology improves and we become able to gain more information from smaller samples of someone’s genome, not having ownership over your DNA could pose a threat to your descendants in the future. Technology that fails to respect these repercussions and ignores the need for consent from multiple parties cannot continue to outpace legislation. Although the complexity of shared consent and its complication of privacy policies leave room for the FTC to police weaker terms and conditions, it would be far more beneficial for all parties if strict regulation, created through legislation, protected the blueprint of life.