Imagine living in a world where your personal information is no longer confidential: a society in which the United States federal government has access to almost everything about you, ranging from your healthcare information to your browsing histories and financial transactions. Your every action and step is closely scrutinized on a daily basis, and the legal protections for privacy have been deeply strained. The constitutional republic that has governed U.S. citizens for centuries is at severe risk. While this scenario may sound quite exaggerated and inflated, the truth is that this illustration is actually closer to reality than fiction.

The Trump administration has recently made large strides to gain access to encrypted communications from technology companies. In March, Trump signed an executive order demanding all departments of the federal government to share data with one another about American citizens, from unclassified agency records to unemployment data. To accomplish this task, he partnered with Palantir Technologies, a software company, to help with organizing existing government data. The administration also “wants access to citizens’ and others’ bank account numbers and medical claims.” Trump and his cabinet argue that these measures are necessary “to lead data fusion and artificial intelligence programs throughout the U.S. military,” such as detaining illegal immigrants. However, members of Palantir and policymakers alike have raised concerns over how Trump’s “mega-database” possibly “violates multiple federal laws limiting the accessing and sharing of Americans’ private information, including the Privacy Act and tax privacy laws.”

Several months later, Trump announced plans to collaborate with “Big Tech companies like Amazon” along with “major health companies like hospital system Cleveland Clinic” to curate a novel health tracking system that would provide patients with straightforward access to their health records, offering individuals a “fuller picture of your health.” While the system has the potential to improve the public’s health and well-being in various ways, there are many skeptics who are mindful of the privacy issues that may arise. Some question the legal and ethical concerns of the proposal while others worry about the means in which the private data could be used for ill intent. Indeed, Lawrence Gostin, a law professor at Georgetown University specializing in public health, expressed apprehension over the fact that patients’ “medical records are going to be used in ways that harm them and their families.”

These fears about Trump’s recent actions are certainly valid. By viewing his plans through the lens of legal precedent coupled with the Constitution, this article makes the case that requiring tech companies to provide encrypted communications to the federal government is unlawful and violates the First and the Fourth Amendment. Moreover, this commentary will also offer solutions for how the federal government can achieve a delicate balance between defending the nation’s security interests while not overstepping the rights of its citizens.

The First Amendment of the Constitution guarantees various freedoms such as the prevention of Congress from making “an establishment of religion,” “the freedom of speech,” and “the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” Although there seems to be little relevance between the freedom of speech and encrypted communications, the landmark court case Bernstein v. The United States Department of State (1996) provides strong insight on the topic. At the time, Daniel Bernstein, a student at the University of California at Berkeley, created an encryption program and inquired the State Department if a license was necessary to publish his software. The government told Bernstein that he needed export licenses for those who sought to view his code from overseas. Soon after, the professor sued on the basis that the regulations set by the Department of State “constitute an impermissible infringement on speech in violation of the First Amendment.” Ultimately, the United States District Court for the Northern District of California sided with Bernstein, holding that government regulations barring the export of encrypted software is unconstitutional and that source code can be a form of speech under the First Amendment depending on the context.

The fact that source code functions as protected free speech is extremely vital to understanding whether Trump’s plans of collecting and compiling data and information from technology companies are unlawful or not. Indeed, if source code is a form of speech, then encrypted communications pertaining to information such as one’s health or identity should fall under the same boat of free speech as well. The program developed by Bernstein back in 1990 “converted a one-way ‘hash function’” and turned that “into a private-key encryption system.” Two decades later, major tech companies such as Apple, Microsoft, and even Palantir utilize these same encryption types to securely store their data. Even though the government attempted to regulate source code in the Bernstein dispute as opposed to acquiring the encrypted communication like Trump is seeking to accomplish, the law still applies to both scenarios. By forcing companies to provide sensitive material about people, the government is disallowing these tech companies from exercising their freedom of speech, or freedom to not speak in this instance. Disclosure of third-party data requires specific data to be selected and organized through categorization or contextualization, which make this information expressive in nature. Thus, Trump’s order for tech companies to disclose encrypted communications to the government is a violation of the First Amendment and as a result, unconstitutional. 

There is also a second aspect of Trump’s recent activity that is viewed by many to be unconstitutional. The Fourth Amendment of the Constitution provides citizens with the right to “be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” This idea of privacy is pertinent to the discussion of Trump’s actions and is a right that many are concerned the president has violated and disregarded. Though there was no final ruling in Apple v. FBI (2016), the case serves as helpful context and is especially relatable in regards to Trump’s activity. The dispute stemmed from a mass shooting that occurred in San Bernardino, California in December of 2015. Unable to unlock an iPhone from one of the deceased shooters, the FBI “requested that the Court order Apple to provide assistance in decrypting the phone” by constructing “a custom operating system that would disable key security features on the iPhone.” Apple challenged that these orders were unconstitutional since it “would set a ‘dangerous precedent.’” The tech company believed the FBI’s order violated the privacy of the iPhone user. 

A more relevant court case is Carpenter v. United States (2018), where the FBI accessed Timothy Carpenter cell phone records and ultimately charged the criminal with various offenses, such as robbery. Carpenter argued that the FBI “needed a warrant based on probable cause to obtain the records.” The Supreme Court, in a split decision, sided with Carpenter and came to the conclusion that Carpenter’s “right against unreasonable searches and seizures” was violated since the government did not have a warrant for the person’s records. Moreover, an important consideration from the decision was the fact that the information obtained from the FBI, specifically data regarding “tracking person’s movements and location through extensive cell-site records,” is “far more intrusive than the precedents might have anticipated.” If medical records, bank account numbers, and other information are seen as just as intrusive, then Carpenter’s argument can point towards the idea that Trump’s executive orders are in violation of rights pertaining to privacy. 

How does a government gain access to crucial information for the purposes of national security without overexerting power and violating the rights of its citizens? The Communications Assistance for Law Enforcement Act (CALEA), a statute enacted by Congress in 1994, provides an answer to the question posed. In fact, the act “is intended to preserve the ability of law enforcement agencies to conduct electronic surveillance while protecting the privacy of information outside the scope of the investigation.” Through an extensive and detailed series of requirements and prohibitions, the CALEA prevents the government from accessing encrypted communications from tech companies, with only a few exceptions such as information services and private networks. 

However, there are instances where the government can simply avoid following this act directly. The partnership between the Trump administration and Palantir was reached to provide intel on the movement of migrants in and out of the country. The government justified the decision by citing the need for national security, allowing the administration to bypass due process rights and privacy concerns. There are certainly situations in which the government will need encrypted communications, but history proves the government can misuse this authority when the opportunity arises. Thus, the CALEA must be less abstract and directly spell out the exact instances in which the government has the right to gain such information. 

Although the Trump administration is engaging in data sharing with tech companies to make government processes—which are not problematic and can be particularly useful and productive—more efficient, there should be a focus on bolstering the laws associated with encrypted communications. Otherwise, a slippery slope could unfold where the government utilizes these unclear guidelines and rules to acquire encrypted communications whenever it desires.