FOR EDUCATIONAL USE ONLY
Michigan Telecommunications & Technology Law Review
*61 ESTABLISHING A LEGITIMATE EXPECTATION OF PRIVACY IN CLICKSTREAM DATA
Gavin Skok [FNa1]
Copyright © 2000 University of Michigan Law School; Gavin Skok
The development of the Internet presents unprecedented opportunities for global communications and commerce. However, it also poses dramatic risks to personal privacy. [FN1] The series of electronic footprints created when a Web user moves about in cyberspace, commonly called a "clickstream," can be monitored and recorded by prying eyes. This data *62 can then be "mined" for information and used to profile a Web user or to recreate her online experience.
A significant Fourth Amendment question is raised when the prying eyes monitoring a clickstream belong to law enforcement officers: does a Net user retain a legitimate expectation of privacy in his or her clickstream data? Unfortunately, traditional Fourth Amendment jurisprudence is ill-suited to answer this question. [FN2]
This Article argues that Web users should enjoy a legitimate expectation of privacy in clickstream data. Fourth Amendment jurisprudence as developed over the last half-century does not support an expectation of privacy. However, reference to the history of the Fourth Amendment and the intent of its drafters reveals that government investigation and monitoring of clickstream data is precisely the type of activity the Framers sought to limit. Courts must update outdated methods of expectation of privacy analysis to address the unique challenges posed by the Internet in order to fulfill the Amendment's purpose.
Part I provides an overview of the Internet and clickstream data collection, and explains the value of this data to law enforcement. Part II discusses general Fourth Amendment principles, then explores how these principles have been, and are likely to be, applied to the Internet. Part III explores the intent of the Fourth Amendment's drafters, analogizes clickstream searches to the general searches the Framers sought to prohibit, and argues that the values underlying the Fourth Amendment require courts to eschew the traditional two- prong expectation of privacy test in favor of a normative inquiry which recognizes a legitimate expectation of privacy in clickstream data. [FN3]
The Internet is a global electronic communications medium
comprised of innumerable computer networks which communicate by using a common
language and set of data transfer protocols. [FN4] The Internet is *63 not
a location; rather, it is the aggregate of the electronic communications
routers and devices which transmit and receive electronic information through
the global network. Originally conceived during the Cold War as a means by
which to insure continuity in military communications during wartime, the
modern Internet has brought hundreds of millions of people together online.
While the exact number of Internet users is impossible to determine, it is
estimated that nearly 300 million people worldwide are currently online. [FN5] These users can travel among the five
million active Web sites on the Net . [FN6] The growth of this medium over the
past five years has been explosive, [FN7] and promises to continue at *64
a rapid pace well into the twenty-first century. Recent estimates show the
number of people going online during the next two years approaching one
billion, and show the value of Internet commerce swelling to over $1 trillion
by 2003. [FN8]
Unfortunately, Web surfing generates a massive amount of personal information about a user each time he or she goes online. [FN9] Net users often operate under an illusion of anonymity in cyberspace. However, the reality of the Internet is much different: prying eyes can identify individual users and track online activity by monitoring and examining "clickstreams." A "clickstream" is the aggregation of the electronic information generated as a Web user communicates with other computers and networks over the Internet. [FN10] The name "clickstream" refers to the series of mouse clicks users make as they travel the Web. Each click translates into an electronic signal which is then sent by the surfer's computer to other computers on the Net telling them what information to return to the user. Since online movement requires the user to send or request certain information from other computers on the Web, every step in cyberspace inevitably becomes part of the clickstream record. [FN11] This *65 data can be shockingly revealing, providing a record of the entirety of one's online experience, including movements among Web sites, geographical location, the type of computer and Internet browser in use, and any transactions or comments made at individual Web sites. [FN12]
Clickstream data poses a dramatic risk to the personal privacy of Net users since it can be collected, stored, and reused indefinitely. [FN13] An increasing number of private companies are monitoring, recording, and analyzing clickstreams in an effort to make Internet advertising more effective. This data is typically collected by online advertisers and retailers, and by Internet service providers ("ISPs"). [FN14] Most online advertisers *66 and merchants can monitor clickstreams only while a user is at the particular Web site operated by the advertiser or retailer; however, even this data can be incredibly revealing. [FN15] Some online advertisers have developed "networks" of hundreds of unrelated Web sites which use individual identifying codes to identify and track Web users' clickstreams as they travel among the sites on the network. [FN16] The data compiled by these businesses is then "mined" for hints about consumer *67 preferences, and may be used to generate personal profiles of surfers in order to target Internet advertising. [FN17]
In contrast, ISPs can precisely monitor and record an entire clickstream since all of the user's online commands are sent through the ISP. [FN18] This data can be combined with information the user voluntarily provides to the ISP to create a massive database detailing the online use habits of individually-identifiable surfers. [FN19] Such monitoring is becoming *68 increasingly common. [FN20] Unfortunately, the massive data collection regarding a user's online behavior and habits is performed largely sub rasa, occurring without the user's knowledge or consent. [FN21]
Clickstream data gathered by ISPs and online companies could be a fertile source of information for law enforcement. Law enforcement agents could analyze clickstreamdata [FN22] for evidence of crime or digital contraband. [FN23] Such *69 searches [FN24] could be generalized, scanning all clickstreams for evidence of illegal activity, [FN25] or limited to a specific suspect at a specific time and cyber-location. [FN26] Law enforcement officers who obtain this data from an ISP or online business would have a powerful investigative tool at their disposal: a record of the entirety of a suspect's online experience. This data would dramatically promote the efficacy and efficiency of police investigation into crimes consummated in or facilitated by cyberspace. Officers could track every step a Net surfer takes from the moment she logs on until she logs off, and could note each site visited, how long she stayed there, whom she "chatted" with, and what she downloaded. [FN27] Surfers who download child pornography or recipes for methamphetamine or explosives could be easily identified, allowing officers to improve the accuracy of "real world" investigations.
*70 In addition, law enforcement agents could mine clickstream data to create psychological profiles for use at trial to establish intent or motive. Online businesses already use clickstream data to profile users in an effort to determine what types of products a particular user is likely to purchase. [FN28] Law enforcement using the same data could compile a dossier of a defendant's online behavior replete with potentially incriminating "evidence." [FN29] For example, the clickstream of a defendant on trial for possession of child pornography could be potentially damning if it showed significant amounts of time spent in cyberspace searching for or viewing pornography. Similarly, a defendant accused of murdering his wife to inherit her assets might be condemned by a clickstream that recorded recent research into "manslaughter" inheritance statutes or intestacy schemes. A third example: the clickstream of a defendant on trial for conspiracy to blow up a government building which logged an excessive amount of time spent on anti-government militia Web sites could provide strong evidence of association or intent.
Although the goals of promoting the accuracy and efficiency of criminal investigations and prosecutions are certainly laudable, courts must take caution in pursuing them in cyberspace. Police discovery of "real world" contraband would certainly be more expeditious if general suspicionless searches of residences were allowed; however, the text of the Fourth Amendment specifically prohibits such searches. [FN30] General searches of clickstream data should likewise be forbidden. The danger in Internet criminal law is that courts will rigidly adhere to outdated Fourth Amendment concepts which are ill- suited to cyberspace, leading to the conclusion that Web users lack legitimate expectations of privacy in clickstream data.
A. A Brief Overview of the Fourth Amendment's Expectation of Privacy and Reasonableness Requirements
The Fourth Amendment provides that "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable *71 searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." [FN31]
As an initial matter, a defendant raising a Fourth Amendment challenge to a government search or seizure must show that he or she is entitled to the Amendment's protections by establishing a legitimate expectation of privacy that was infringed upon by the government's actions. [FN32] The legitimate expectation of privacy test traditionally entails a two-part inquiry: (1) whether the defendant had an actual (subjective) expectation of privacy; and (2) whether society is prepared to recognize that expectation as reasonable. [FN33] In analyzing the second question, "'[t]he test of legitimacy is not whether the individual chooses to conceal assertedly "private" activity,' but instead 'whether the government's intrusion infringes upon the personal and societal values protected by the Fourth Amendment."' [FN34]
The existence of a legitimate expectation of privacy is subject to an important limitation: "[w]hat a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection. But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected." [FN35] The Supreme Court subsequently expanded upon this principle, first announced in Katz v. United States, by holding that a person lacks a legitimate expectation of privacy in information which he or she voluntarily provides to a third party, even if that information is provided in confidence or for business purposes. [FN36]
If a defendant establishes a legitimate expectation of privacy, the inquiry then becomes whether the government's intrusion upon that expectation was "reasonable." The first step in this analysis is to determine whether the intrusion was regarded as an unlawful search and *72 seizure when the Amendment was framed. [FN37] Where this inquiry yields no result, courts must evaluate the search or seizure under traditional standards of reasonableness by weighing the degree to which it intrudes upon an individual's privacy against the degree to which the search or seizure is necessary for the promotion of legitimate governmental interests. [FN38]
B. Application of the Fourth Amendment to the Internet has Thus far Been Marked by Reliance on Principles Ill-Suited to Cyberspace, Leading Courts to Conclude that Net Users Lack an Expectation of Privacy in Online Activity
Very few courts have addressed the applicability of the Fourth Amendment to the Internet. Decisions addressing this topic have focused on an expectation of privacy in two categories: (1) information knowingly passed online to other Web users, and (2) information voluntarily passed offline to ISPs when signing up for Internet service. Both lines of authority conclude that Net users lack legitimate expectations of privacy in the data at issue, either because the information was knowingly exposed to public view or because the Net user assumed the risk that the recipient would share the information with others.
Courts employing assumption of risk analysis focus on the Supreme Court's decisions in United States v. Miller [FN39] and Smith v. Maryland. [FN40] In Miller, the Court held that a bank depositor had no legitimate expectation of privacy in transactional records compiled and kept by his bank because he voluntarily conveyed the financial information to his bank, and because this information was exposed to bank employees in the ordinary course of business. [FN41] According to the Court, "[t]he depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to another . . . even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed." [FN42] The *73 Supreme Court similarly employed assumption of risk analysis in Smith in concluding that a defendant lacked a legitimate expectation of privacy in the numbers dialed on his telephone. Shortly after being robbed, the victim of a robbery started receiving harassing phone calls from a man identifying himself as the robber. [FN43] Police installed a pen register on Smith's phone after he became the subject of suspicion, and were thereby able to log him making a threatening call to the robbery victim. [FN44] Smith moved to suppress the evidence, arguing that use of the pen register violated his Fourth Amendment rights. [FN45] The Court rejected Smith's argument, explaining:
This Court consistently has held that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties. . . . In Miller, for example, the Court held that a bank depositor has no "legitimate 'expectation of privacy" ' in financial information "voluntarily conveyed to . . . banks and exposed to their employees in the ordinary course of business." This analysis dictates that petitioner can claim no legitimate expectation of privacy here. When he used his phone, petitioner voluntarily conveyed numerical information to the telephone company and 'exposed' that information to its equipment in the ordinary course of business. In so doing, petitioner assumed the risk that the company would reveal to police the numbers he dialed. [FN46]
Courts have employed the knowing exposure and the assumption of risk rationales to deny an expectation of privacy in electronic information voluntarily exposed online, such as electronic mail or Internet postings. [FN47] The few courts to have considered the issue have held that a user retains a legitimate expectation of privacy in e-mail while it is in transmission; however, this expectation evaporates once the e-mail is *74 received and read. [FN48] These courts analogize e-mail to postal mail, and hold that the sender assumes the risk that the recipient will disclose the contents of the e-mail to law enforcement. [FN49] As the court in United States v. Charbonneau [FN50] explained:
E-mail transmissions are not unlike other forms of modern communication. We can draw parallels from these other mediums. For example, if a sender of first-class mail seals an envelope and addresses it to another person, the sender can reasonably expect the contents to remain private and free from the eyes of police absent a search warrant founded upon probable cause. However, once the letter is received and opened, the destiny of the letter then lies in the control of the recipient of the letter, not the sender, absent some legal privilege. . . . Thus an e-mail message, like a letter, cannot be afforded a reasonable expectation of privacy once that message is received. Moreover, a sender of e-mail runs the risk that he is sending the message to an undercover agent. [FN51]
Courts have also declined to extend Fourth Amendment protection to electronic postings in Internet chat rooms, [FN52] since the contents of these communications are knowingly exposed to public view. [FN53]
*75 At least two other courts have concluded that Net users surrender any expectation of privacy in personal information voluntarily passed to an ISP when contracting for Internet service. [FN54] These courts analyzed the issue using the assumption of risk analysis developed in Miller and Smith, and concluded that an Internet user assumes the risk that an ISP will disclose sign-up information (including name, address, social security number, and credit card number) to authorities. [FN55] Significantly, the district court in United States v. Hambrick noted that the traditional Katz expectation of privacy framework was ill-suited for application to cyberspace; nonetheless, the court applied it to the defendant's motion to suppress sign-up information obtained by law enforcement from the defendant's ISP, and denied the motion because "employees [of the ISP] had ready access to these records in the normal course of [the ISP's] business, for example, in the keeping of its records for billing purposes, and nothing prevent[ed] [the ISP] from revealing this information to nongovernmental actors." [FN56]
C. Courts Employing Traditional Fourth Amendment Jurisprudence will Probably Conclude that Net Users Lack a Legitimate Expectation of Privacy in Clickstream Data
The two-prong Katz expectation of privacy test is ill-suited to cyberspace since it fails to take into account the unique nature of the Internet. [FN57] *76 Application of this test to clickstreams will almost certainly lead courts to conclude that Web users lack a legitimate expectation of privacy based upon two rationales: (1) users lack a subjective expectation of privacy in their clickstreams due to private monitoring, and (2) any actual expectation of privacy is objectively unreasonable since Net users assume the risk that their clickstream data will be disclosed to law enforcement. [FN58] The growing body of authority applying the Fourth Amendment to email, chat room postings, and ISP sign-up information shows courts moving in this direction. Only one court has considered the existence of an expectation of privacy in clickstream data; in a brief opinion, the Fourth Circuit concluded that an employee could not claim Fourth Amendment protection for clickstream data generated while at work because an employment policy put him on notice that his government employer was monitoring his Internet use. [FN59] Rigid adherence to the two-prong Katz expectation of privacy test requires a Net user to establish a subjective expectation of privacy in her clickstream data as a prerequisite for Fourth Amendment protection. However, it will ultimately be impossible for Net users to hold such an expectation due to the lack of privacy protection on the Net. [FN60] As the fact of clickstream *77 monitoring becomes widely known, Net users will be forced to acknowledge that their transmissions may be monitored by online businesses or ISPs. [FN61] Instead of leading courts to conclude that clickstream data should be unprotected, courts should instead conclude that the Internet presents the type of situation envisioned by the Supreme Court in Smith in which "Katz' two- pronged inquiry would provide an inadequate index of Fourth Amendment protection." [FN62]
*78 Application of the assumption of risk principle to online expectation of privacy issues is similarly flawed because the principle fails to take into account the extent of intrusion made possible by clickstream data. There is a significant qualitative difference between clickstream data and other types of transactional data routinely provided to third parties in the course of business. A police officer who learns that a suspect has called a particular phone number, as in Smith, knows only that a call was made; the number is content neutral, and does not give the officer a means to reconstruct the suspect's conversation. [FN63] Similarly, an officer who searches bank records, as in Miller, learns only that transactions were made, and by whom; he or she does not learn the underlying circumstances of the transactions. In contrast, an Internet address, while itself content neutral, allows an officer to view the same information that the suspect viewed. The clickstream, a record of a person's cyberspace activity, allows officers to entirely recreate an online experience. [FN64]
Instead, clickstream data is better analogized to library records which reveal the titles of books read by library patrons. [FN65] Using such records, officers could view the same content viewed by the suspect. Officers could potentially reconstruct the suspect's interactions in the library by interviewing other patrons or reviewing security camera tapes. However, even this analogy significantly underestimates the intrusiveness of a clickstream search. An Internet user's clickstream reveals not only what sites were visited, but also for how long each site was visited, how often each site was re-visited, and which links were followed from each site. A comparable level of knowledge in the concrete world would *79 require that the officers know not only which books the suspect borrowed, but also when she read the books, how long she spent reading each book and each page, and the sequence in which she read each book and each page. Furthermore, clickstream data, unlike the hypothetical library search, is not subject to poor witness memory.
The assumption of risk doctrine is further ill-suited to clickstream data since a Net user seldom knows the type or extent of data being collected by Web sites or ISPs. [FN66] In addition, clickstream data is often unwillingly exposed. Recent studies indicate that the majority of Net users dislike clickstream data collection by online companies. [FN67] It is logically infirm to hold that a person surrenders his or her expectation of privacy in clickstream data when he or she neither knows nor intends to expose such information to public view. As Justice Marshall explained in his dissent in Smith, "[i]mplicit in the concept of assumption of risk is some notion of choice." [FN68] Application of the assumption of risk principle to involuntary data collection is contrary to the values the Fourth Amendment was intended to protect. [FN69]
*80 Nonetheless, there are indications that courts will apply the subjective expectation of privacy and assumption of risk principles to clickstream data. As discussed above, these principles have already been applied to email, chat room postings, and sign-up information provided to ISPs. The only court to thus far address expectations of privacy in clickstream data held that a Web user lacked an expectation of privacy in clickstream data generated while at work since he had notice that his Internet usage was being monitored. In United States v. Simons, [FN70] the Fourth Circuit considered whether an employee retained a legitimate expectation of privacy in records of his Internet use from work in light of a policy implemented by his employer, the Foreign Bureau of Information Services, [FN71] which warned employees that all Internet activity in the workplace would be monitored and recorded. [FN72] Applying the traditional two-prong Katz test, the court concluded that the policy stripped the defendant of any expectation of privacy by putting him on notice that his online activity was not private:
Simons did not have a legitimate expectation of privacy with regard to the record or fruits of his Internet use in light of the FBIS Internet policy. . . . The policy placed employees on notice that they could not reasonably expect that their Internet activity would be private. Therefore, regardless of whether Simons subjectively believed that the files he transferred from the Internet were private, such a belief was not objectively reasonable after FBIS notified him that it would be overseeing his Internet use. [FN73]
Simons is frightening because it could potentially be read as eliminating an expectation of privacy in clickstream data whenever the user knows or should know that his or her clickstream is being monitored. As discussed above, the rapid development of data tracking technology and data mining practices make it virtually inevitable that the capacity will soon exist to monitor and record all online activity. As this technology becomes commonplace, so too will public knowledge of its use. In such *81 a world, Simons could be read for the proposition that a Net user enjoys no expectation of privacy in clickstream data.
Such a broad reading of Simons is improper. Importantly, a government agency was defendant Simons' employer; in light of the Internet use policy, Simons was knowingly and voluntarily exposing his clickstream data directly to the government. [FN74] Furthermore, Simons does not stand for the proposition that the government can place the clickstream data of non-government employees beyond the reach of the Fourth Amendment merely by announcing that it is subject to monitoring. As the Supreme Court explained in Smith, a nationwide announcement by the government proclaiming that all homes are henceforth subject to warrantless entry would not defeat a homeowner's legitimate expectation of privacy. [FN75] In addition, even if Simons establishes that Web users who know that their clickstreams are monitored lack a subjective expectation of privacy, this is not necessarily fatal to a legitimate expectation of privacy. [FN76]
Unfortunately, the doctrinal basis for finding an
expectation of privacy in clickstream data is far from clear. As discussed
above, application to the Internet of contemporary expectation of privacy
jurisprudence might well lead courts to conclude that Net users lack an *82
expectation of privacy in clickstream data. Such a result is clearly incorrect.
Courts foraying into cyberspace must shift their focus away from the two- prong Katz expectation of privacy test in order to preserve the values underlying the Fourth Amendment. In developing a new framework for expectation of privacy analysis in cyberspace, courts should focus on the historic context of the Fourth Amendment and the intent of its Framers. Government monitoring and analysis of clickstream data is closely analogous to the general searches which the Framers sought to curtail in enacting the Fourth Amendment. Both types of searches are indiscriminate, exposing lawful activity along with contraband or unlawful action. Both are also incredibly intrusive, exposing intimate details about the lives of citizens to government scrutiny. A new rule needs to be established which recognizes that clickstream data may be protected by the Fourth Amendment, not because that protection fits well with expectation of privacy analysis as developed by the Court in recent years, but rather because government clickstream analysis is precisely the type of search the Framers intended to be subject to the Amendment's limitations.
Courts addressing this question should apply the normative analysis set forth by the Supreme Court in Smith v. Maryland instead of the rigid two- prong Katz test. The Court in Smith recognized that the two-prong Katz expectation of privacy test will sometimes provide "an inadequate index of Fourth Amendment protection." [FN77] In such situations, the Court explained, courts must undertake a normative inquiry to determine whether Fourth Amendment protection was appropriate. [FN78] This normative inquiry asks a very simple question: should an individual in a free and open society be forced to assume the risk that the government will monitor her as she engages in the activity at issue? [FN79] Courts employing the normative inquiry "must evaluate the 'intrinsic character' of investigative practices with reference to the basic values underlying the Fourth Amendment." [FN80] Unlike the two-prong test, which assumes that society has already reached an objective conclusion about the proper amount of *83 protection a particular activity deserves, the normative test acknowledges that society has not reached a consensus about the proper level of protection a certain activity warrants. In that case, the activity can be evaluated against constitutional norms. [FN81]
Application of Smith's normative inquiry to clickstreams reveals that Net users should retain an expectation of privacy in clickstreams because this data is precisely the type of information the Framers sought to protect against arbitrary government intrusion. [FN82] The Fourth Amendment was intended to limit government searches which held the potential to intrude into the intimate details of the private lives of citizens; courts must recognize a legitimate expectation of privacy in the intimate records of our online activity in order to satisfy these constitutional norms.
The passage of the Fourth Amendment was the Framers' reaction to overly intrusive searches and seizures conducted by British and colonial authorities. Prior to the Amendment's passage, the colonists were plagued by the use of general warrants and writs of assistance which authorized law and customs enforcement officers to enter and search any building suspected of housing contraband. [FN83] The searches conducted *84 using these devices were broad and abusive, occurred without particularized suspicion and were led by executive officials with unlimited discretion. [FN84] For example, the New Hampshire Council once allowed search warrants for "all houses, warehouses, and elsewhere in this Province"; the Pennsylvania Council once required a weapons search of "every house in Philadelphia." [FN85] Far from being isolated instances, such searches were widespread. [FN86]
In response to these abuses, the Framers sought to limit the power of government actors to search or seize persons, houses, papers, and effects. [FN87] The invasion the Framers sought to prohibit was not merely the *85 physical intrusion upon a "person" or "house." Instead, "the amendment's opposition to unreasonable intrusion . . . sprang from a popular opposition to the surveillance and divulgement that intrusion made possible." [FN88] As one scholar explained, "[t]he objectionable feature of general warrants was their indiscriminate character." [FN89] In addition to any contraband or unstamped goods that the generalized searches uncovered, the entirety of a person's private life was exposed to prying government eyes. This sort of indiscriminate search stripped the colonists of privacy without adequate justification, exposing them to the arbitrary and potentially despotic acts of government officials. [FN90]
Monitoring and analysis of clickstreams by government officials is closely analogous to colonial general searches because it exposes the intimate lives of Web users, fails to discriminate between lawful and unlawful activity, and grants enormous discretion to front-line executive officials. As with general searches of colonial homes, clickstream searches will unnecessarily reveal private information to government view, even when this information pertains to lawful activity. For example, law enforcement agents monitoring clickstreams could learn that an outwardly heterosexual man spends time entertaining homosexual fantasies online in an adult chat room, or that a high-profile political leader used the Internet to reserve a spot in an addiction recovery center. [FN91] While such conduct is certainly legal, it is also intensely private. Allowing government agents to expose the conduct of the innocent in order to pursue the guilty contradicts the purpose and intent of the Fourth Amendment. [FN92]
*86 On a more general level, the broad and arbitrary intrusion occasioned by a clickstream search is contrary to "the most basic values underlying the Fourth Amendment." Although the use of general warrants and writs of assistance undoubtedly motivated the Framers in drafting the Amendment, they did not intend its protection to be limited to the narrow purpose of outlawing general searches. [FN93] Instead, the Amendment was intended to protect citizens against the type of arbitrary invasions by government into the lives of citizens which general searches typified. [FN94] As one commentator explained:
While the history of the Fourth Amendment reveals many facets, one central aspect of that history is pervasive: controlling the discretion of government officials to invade the privacy and security of citizens, whether that discretion be directed toward the homes and offices of political dissentients, illegal smugglers, or ordinary criminals. [FN95]
Similarly, the Supreme Court has repeatedly recognized that the harm the Fourth Amendment seeks to prevent is not the tangible invasion *87 of one's person, papers, effects, or home, but rather the intangible invasion upon the sanctity and privacy of those objects occasioned by an unreasonable search or seizure. [FN96]
The indiscriminate nature of clickstream searches illustrates their incompatibility with the values upon which the Fourth Amendment was based. As one scholar argued:
The first [problem with indiscriminate searches] is that they expose people and their possessions to interferences by government when there is no good reason to do so. The concern here is against unjustified searches and seizures: it rests upon the principle that every citizen is entitled to security of his person and property unless and until an adequate justification for disturbing that security is shown. The second [problem] is that indiscriminate searches and seizures are conducted at the discretion of executive officials, who may act despotically and capriciously in the exercise of the power to search and seize. This latter concern runs against arbitrary searches and seizures; it condemns the petty tyranny of unregulated rummagers. [FN97]
*88 Absent an expectation of privacy in clickstream data, law enforcement agents will be free to rummage through our online lives, revealing intensely private conduct. The Framers found the ability to conduct such arbitrary and suspicionless searches to be one of the most offensive aspects of general warrants and writs of assistance, [FN98] and clearly intended such searches to be illegal. [FN99] Allowing such intrusions into private cyberspace activity merely because an outdated expectation of privacy test would find assumption of risk or the absence of a subjective expectation of privacy in clickstream data does intense violence to the values underlying both the Fourth Amendment and a free society. [FN100] Yet this is exactly the result that will be reached if courts continue to cling to Katz's two part test.
Once an expectation of privacy is established in clickstream data, traditional Fourth Amendment principles regulating the reasonableness of searches and seizures can easily be applied. The traditional test of reasonableness, which balances the nature and quality of the intrusion upon an individual's Fourth Amendment interests against the importance of the governmental interests alleged to justify the intrusion, [FN101] is perfectly suited for cyberspace. This test allows courts to protect against overly extensive and indiscriminate intrusion into our online lives while also acknowledging that a sufficiently compelling governmental interest may justify such searches. This is the question that should be getting asked in every clickstream search; however, it will never be asked until courts loosen their vise grip on the two-prong Katz test and decide that Internet users should retain a legitimate expectation of privacy in clickstream data.
[FNa1]. Law Clerk to the Honorable Robert H. Whaley, United States District Court for the Eastern District of Washington, Gavin Skok received his Juris Doctor With Honors from the University of Washington School of Law in 1999, and his Bachelor of Arts-Honors from Gonzaga University in 1996. The views expressed in this article are those of the author, and should not be attributed to either the United States District Court for the Eastern District of Washington or the Honorable Robert H. Whaley.
[FN1]. See Paul Schwartz, Privacy and Democracy in Cyberspace, 52 Vand. L. Rev. 1609, 1610-11 (1999) ("[I]nformation technology in cyberspace also affects privacy in ways that are dramatically different from anything previously possible. By generating comprehensive records of online behavior, information technology can broadcast an individual's secrets in ways that he or she can neither anticipate nor control. Once linked to the Internet, the computer on our desk becomes a potential recorder and betrayer of our confidences.").
[FN2]. See, e.g., United States v. Hambrick, 55 F. Supp. 2d 504, 508 (W.D. Va. 1999) ("Cyberspace is a nonphysical 'place' and its very structure, a computer and telephone network that connects millions of users, defies traditional Fourth Amendment analysis.").
[FN3]. While clickstream monitoring and data mining technology are still in their infancy, courts must frequently lay the groundwork for future laws without the benefit of foresight into future technological advancement. Accordingly, this Article assumes that data storage and processing technology will in the near future allow mass processing and sorting of clickstream information.
[FN4]. The Federal Networking Council defines "Internet" as "the global information system that--(i) is logically linked together by a globally unique address space based on the Internet Protocol (IP) or its subsequent extensions/follow-ons; (ii) is able to support communications using the Transmission Control Protocol/Internet Protocol (TCP/IP) suite or its subsequent extensions/follow-ons, and/or other IP-compatible protocols; and (iii) provides, uses or makes accessible, either publicly or privately, high level services layered on the communications and related infrastructure described herein." FNC Resolution: Definition of "Internet," (last modified October 30, 1995) <http://www.fnc.gov/Internet_res.html>. See also Stephan K. Bayens, The Search and Seizure of Computers: Are We Sacrificing Personal Privacy for the Advancement of Technology?, 48 Drake L. Rev. 239, 248-49 (2000) ("'The Internet is not a physical or tangible entity, but rather a giant network which interconnects innumerable smaller groups of linked computer networks.' The Internet is an overwhelming mass of information that has no centralized administrator, storage location, or control point. 'It exists and functions as a result of the fact that hundreds of thousands of separate operators of computers and computer networks independently decided to use common data transfer protocols to exchange communications and information with other computers (which in turn exchange communications and information with still other computers)."') (footnotes omitted). For a good overview of the way the Internet works, see Schwartz, supra note 1, at 1618-21. See also Overview of the World Wide Web (visited March 2, 2000) <http:// www.cio.com/WebMaster/sem2_home.html>; The World Wide Web for the Clueless < http://www.cio.com/WebMaster/sem2_simple_pieces.html>.
[FN5]. Nua Internet Surveys: How Many Online? (visited April 21, 2000) < http://www.nua.ie/surveys/how_many_online/index.html> (estimating 304.36 million Internet users as of March 2000); Global Reach: Global Internet Statistics (last modified March 31, 2000) <http:// www.glreach.com/globstats/index.php3> (estimating 288 million Internet users worldwide).
[FN6]. Nua Internet Surveys: Netcraft: 5 Million Web Sites on the WWW (last modified April 20, 1999) <http://www.nua.ie/surveys/index.cgi?f=VS&art_ id=905354851&rel=true> ("Just two years ago the Netcraft survey counted 1 million web sites on the Web, the latest survey finds that there are now over 5 million web sites."). See also Domainstats.com (last modified April 6, 2000) < http://www.domainstats.com> (recognizing 15,719,462 registered domain names worldwide).
[FN7]. See Computer Industry Almanac Inc.: Over 150 Million Internet Users Worldwide at Year-end 1998 (last modified April 30, 1999) <http://www.c-i- a.com/199904iu.htm> ("April 30, 1999--According to the Computer Industry Almanac Inc. there were over 150 million Internet users at year-end 1998--up from 61 million Internet users at year-end 1996."); Nua Internet Surveys: Netcraft, supra note 6 ("Just two years ago the Netcraft survey counted 1 million web sites on the Web, the latest survey finds that there are now over 5 million web sites."); Headcount.com: Who's online by country: The World (visited March 19, 2000) <http://www.headcount.com/count/datafind.htm? choice=country&choicev$)=The+World&submit=Submit> ("In June 1998, Matrix Information and Directory Services (MIDS) reported that there are 102 million accessing the Internet in the world. This number is estimated as of January 1998 and has increased from the estimate of 57 million in January 1997.").
[FN8]. See Headcount.com, supra note 7 ("MIDS [Matrix Information and Directory Services] estimates that the total number of worldwide Internet users will grow to 707 million by 2001."); Internet Commerce Will Rocket to More Than $1 Trillion by 2003, According to IDC (last modified June 28, 1999) < http://www.idc.com/Data/Internet/content/NET062899PR.htm> ("In recent market research, International Data Corporation (IDC) reports the amount of commerce conducted over the World Wide Web will top a staggering $1 trillion by 2003.").
[FN9]. Federal Trade Commission Staff Report: Online Privacy: General Practices and Concerns (last modified September 15, 1997) <http:// www.ftc.gov/reports/privacy/privacy3.htm> ("The Internet is a highly decentralized, global network of electronic networks. It is unique among communications media in the variety and depth of personal information generated by its use.").
[FN10]. Eric Johnson, An Examination of the Role of Clickstream Data in Marketingthrough the Internet (last modified May 12, 1997) <http:// www.ftc.gov/bcp/privacy/wkshp97/comments2/johnson0.htm> n.1("A formal definition of 'clickstream' data, according to CASIE, the Consortium for Advertising Supported Information and Entertainment: 'The database created by the date-stamped and time-stamped, coded/interpreted, button-pushing events enacted by users of interactive media, controlling their systems via remote control channel changers, alphanumeric PC keyboards and mice, numeric keyboards of PDAs and similar devices, and voice command of screen media." '). See also Julian S. Millstein, et al., Doing Business On The Internet: Forms And Analysis §10.02(1)(a) (1999) ("As an individual user browses the Internet, a trail of electronic information is left at Web sites he or she visits. [This i] nformation about the path a user takes through the Internet, called 'clickstream' data, can be collected and sorted.").
[FN11]. Schwartz, supra note 1, at 1620 ("The Internet's technical qualities also have a negative consequence: they make possible an intense surveillance of activities in cyberspace. Digital reality is constructed through agreement about technical norms. This 'code,' to use Lawrence Lessig's term, creates cyberspace. As a result of cyberspace code, surfing and other cyberspace behavior generate finely granulated data about an individual's activities-- often without her permission or even knowledge.") (footnotes omitted).
[FN12]. See Center for Democracy & Technology: CDT's guide to online privacy (visited February 23, 2000) <http://www.cdt.org/privacy/guide/start> ("Use of the network, however, generates detailed information about the individual--revealing where they "go" on the Net (via URLs), who they associate with (via list--servs, chat rooms and news groups), and how they engage in political activities and social behavior."); Jerry Berman & Deirdre Mulligan, Privacy in the Digital Age: Work in Progress, 23 Nova. L. Rev. 551, 554 (1999) ("The data trail, known as transactional data, left behind as individuals use the Internet is a rich source of information about their habits of association, speech, and commerce. Transactional data, click stream data, or 'mouse droppings,' as it is alternatively called, can include the Internet protocol address ('IP address') of the individual's computer, the browser in use, the computer type, and what the individual did on previous visits to the Web site, or perhaps even other Web sites."); Damien Cave, Salon.com: DoThey Know Where You Live? (last modified February 28, 2000) <http:// www.salon.com/tech/feature/2000/02/28/geographic/index.html> ("Ad-serving companies like Double Click offer services that they say can target ads to users by location. And Digital Island introduced technology last year called TraceWare, which can identify the location of Web site visitors with 96 percent accuracy. TraceWare works by scanning worldwide traffic as it passes through ISPs, then matching users' IP addresses with a database of IP address locations that Digital Island has built.").
[FN13]. See Federal Trade Commission Staff Report: Online Privacy, supra note 9 ("When users browse on the World Wide Web ('the Web'), for example, they leave an electronic marker at each site (or on each page within a site) they visit. The series of electronic markers, or 'clickstream' generated by each user's browsing activities can be aggregated, stored, and re-used."); Center for Democracy & Technology: CDT's guide to online privacy, supra note 12 ("Some of the newest tracking tools can so efficiently mine and manipulate the data trail (or 'clickstream') people leave behind when they use the Internet that they build a detailed database of peronal [sic] information without any human intervention."); Jerry Berman & Deirdre Mulligan, Privacy in the Digital Age: Work in Progress, 23 Nova. L. Rev. 551, 554 (1999) (explaining that clickstream data "is captured at various points on the network and available for reuse and disclosure."); Julian S. Millstein, et al., Doing Business On The Internet: Forms And Analysis §10.02(1)(a) (1999) ("[C]lickstream data  can be collected and stored.").
[FN14]. An Internet service provider, or ISP, is the portal which provides access to the Internet for individuals, educational institutions, companies, and organizations. A Net user dials into the ISP using his or her PC and a modem; the ISP then connects the user to the Internet. See Stephen Jenkins, Glossary of PC and Internet Terminology (last modified January 9, 2000) < http://homepages.enterprise.net/jenko/Glossary/G.htm> ("Internet Service Provider or sometimes referred to as Internet Access Provider (IAP) is a company which provides access to the Internet for people like you & me. The company handles the link from your PC to the rest of the Internet. The ISP's central computer is linked to the rest of the internet so the person using this service only pays the telephone charges to connect from their home computer to the ISP's central computer."); UGeek Technical Glossary (last modified April 26, 1999) <http://www.geek.com/glossary/glossary_search.cgi?i> ("Internet Service Provider (ISP)--An ISP provides Internet access to people or corporations. ISPs generally have pools of modems awaiting dial-up connections.")
[FN16]. Hiawatha Bray, Boston Globe: Matching Ads to Eyeballs (last modified February 22, 2000) <http://www.boston.com/dailyglobe2/053/business/Matching_ ads_to&uscore;eyeballsP.shtml> (describing Engage online user tracking network which coordinates numerous Web sites in tracking user clickstreams, thereby allowing Engage to compile detailed user profile, and explaining that Engage network has already tracked over 35 million online users.).
[FN17]. Jesse Berst, ZDNet AnchorDesk: The Good, Bad, and Ugly of Personalization (last modified November 2, 1999) <http:// www.zdnet.com/anchordesk/story/story_4050.html> ("Personalization is a huge trend on the Web. Sites create user profiles by identifying you each time you come to a site, recording your preferences, and then delivering ads and content targeted to your profile.... [T]he typical profile can contain: Explicit information. This is what you voluntarily reveal when registering at a site or signing up for a service. Your name, email address, etc. Implicit information. This is data the site gathers by monitoring your click stream--what you do, where you go. From that it infers what your interests are."); John M. Broder, Making America Safe for Electronic Commerce, N.Y. Times, June 22, 1997, at 4D ("Those [clickstream] records provide invaluable information for marketers who can use them to pinpoint customers for their products. By following your Internet 'clickstream,' they can learn about your medical condition, your reading habits, your political predilections.").
[FN18]. In this way, the ISP's role can be analogized to that of an interpreter in court proceedings. Since everything passes through the interpreter en route to its intended destination, the interpreter has access to all of the party's statements.
[FN19]. Roger Taylor, FTC clicks on to fears over data on web users, Fin. Times (London), April 5, 1999, at 5 ("At present there is no privacy on the Internet. Internet service providers know an individual user's name and address and can track every single move the user makes on the web. And the information is held on record...."); Jeffrey Pollock, A Tangled Web--Thoughts for a Law Firm Using the Web, 198 AUG-N.J. Law. 18-19 (1999) ("Virtually all netizens (Internet users for the uninitiate) access the Net through an ISP. As you are searching your way merrily along the strands of the WWW, however, your friendly ISP is collecting information regarding where you've been. The information captured is called a 'click stream' and records every website you've visited."); James F. Brelsford & Nicole A. Wong, Online Liability Issues: Defamation, Privacy and Negligent Publishing, 564 PLI/Pat. 231, 244 (1999) ( "Clickstream Data. While a user 'surfs' the Internet, each web site visited and each page viewed are typically logged by the user's Internet Service Provider. The ISP may maintain a record of a user's email communications and other online activities, including Web sites visited, purchases made, and more."); Schwartz, supra note 1, at 1627 ("ISPs are in an advantageous position to tie together the information that exists about anyone who surfs the Web ... [T]he ISP has detailed information about the Internet behavior of each of its customers. Through its role as an entrance ramp to the Internet, the ISP gains access to clickstream data and other kinds of detailed information about personal online habits. It can easily take these scattered bits of cyberspace data, pieces of which at times enjoy different degrees of practical obscurity, and make them into 'personal information' by linking them to the identity of its customers."); David Whalen, The Unofficial Cookie FAQ v. 2.53, (last modified May 10, 1999) <http://www.cookiecentral.com/faq/index.shtml> ("The very nature of Web servers allows for the tracking of your surfing habits...."); Center for Democracy & Technology: CDT's guide to online privacy, supra note 12 ("Over the past two decades the Internet has grown into a semi-autonomous network where anonymity has been honored. Use of the network, however, generates detailed information about the individual--revealing where they "go" on the Net (via URLs), who they associate with (via list--servs, chat rooms and news groups), and how they engage in political activities and social behavior. Some of the newest tracking tools can so efficiently mine and manipulate the data trail (or 'clickstream') people leave behind when they use the Internet that they build a detailed database of peronal [sic] information without any human intervention.").
[FN20]. Charles Babcock, ZDNet Interactive Week: Problems Surface With Data Mining (last modified February 2, 1999) <http:// www.zdnet.com/intweek/stories/news/0,4164,388207,00.html> ("Businesses' desire to generate online customer relationships is a mighty engine in the new electronic economy. It is prompting pioneering businesses, such as Internet service providers, to engage in extensive data mining to individualize the otherwise faceless customer base.... A young and aggressive ISP will mine other forms of customer data that falls into its hands in order to buttress the customer relationship and retain customers, according to Larry Goldman, a customer relationship management expert at Braun Technology Group.").
[FN21]. Federal Trade Commission Staff Report: Online Privacy, supra note 9 ("The fact that online information-gathering is automated means that it is invisible to the user and often takes place without the user's knowledge and consent."); Center for Democracy & Technology: CDT's guide to online privacy: Terms (visited February 23, 2000) <http://www.cdt.org/privacy/guide/terms> ("The collection of personal information online occurs in two ways. First, information is collected through your active provision of information, such as when you purchase a product online or when you join as a member of a web site. Second, while you are engaged in 'passive' online activity--for example when you are lurking in chat rooms, reading bulletin boards, or browsing through online resources--your personal information is also being collected and possible stored, all under your illusion of anonymity."); Erika S. Koster, Zero Privacy: Personal Data on the Internet, 16 No. 5 Computer Law. 7, 7 (1999) ( "New technology and more powerful computers now make it possible, without the visitor's knowledge, for companies to record and track information about visitors to their Web sites...."); Schwartz, supra note 1, at 1621-22 ("Visitors to cyberspace sometimes believe that they will be fully able to choose among anonymity, semi-anonymity, and complete disclosure of identity and preferences. Yet, in each of the three areas, finely granulated personal data are created--often in unexpected ways. Moreover, most people are unable to control, and are often in ignorance of, the complex processes by which their personal data are created, combined, and sold.").
[FN22]. The fact that the data may be stored in computers owned by the ISP or another business does not prevent a Web user from retaining a legitimate expectation in the information since the "capacity to claim the protection of the [Fourth] Amendment depends not upon a property right in the invaded place but upon whether the area was one in which there was a reasonable expectation of freedom from governmental intrusion." Mancusi v. DeForte, 392 U.S. 364, 368 (1968). Accordingly, the question is whether the user has a legitimate expectation of privacy in not being tracked online, not whether he or she retains an expectation of privacy in his ISP's computers.
[FN23]. The range of crimes committed on or facilitated by the Internet is virtually limitless. See, e.g., Note, Keeping Secrets in Cyberspace: Establishing Fourth Amendment Protection for Internet Communication, 110 Harv. L. Rev. 1591, 1591 (1997) (hereinafter "Keeping Secrets") ("Some crimes actual occur in cyberspace: people can illegally download copyrighted software, gamble, or view obscene photographs. The Internet has facilitated other criminal acts, such as kidnapping, hate crimes, and illegal drug sales. Dangerous information, such as how to build bomb, infiltrate computer security systems, forge credit cards and phone cards, pick locks, or kill people with one's bare hands is readily available."); Brian Simon, Note, The Tangled Web We Weave: The Internet and Standing Under the Fourth Amendment, 21 Nova L. Rev. 941, 959 (1997) ("Aside from hacking, various forms of computer crime now exist. Criminals upload viruses in an attempt to destroy computer systems, steal copyrighted material, and engage in the exchange of child pornography amongst other thing. Private files exist which contain evidence of crime occurring outside cyberspace (the dreaded physical world).").
[FN24]. Fourth Amendment jurisprudence is somewhat inconsistent in its use of the term "search." The most widespread school of thought is that a search occurs "when an expectation of privacy that society is prepared to consider reasonable is infringed." United States v. Jacobsen, 466 U.S. 109, 113 (1984). I do not mean to put the cart before the horse by using the phrase "clickstream search" in my analysis. Instead, I use the term "search" in its plain meaning sense to describe the act of monitoring, examining, or analyzing clickstream data, regardless of whether the Web user ultimately retains a legitimate expectation of privacy.
[FN25]. Such a broad search might prove difficult in practice due to the massive amounts of clickstream data generated by Net surfers; even a short online session can generate millions of bytes of information. However, while technological barriers may currently prevent police from conducting a dragnet clickstream, the danger of such searches is becoming increasingly real as data collection and processing technology rapidly advances. Furthermore, law enforcement agencies have empirically shown themselves willing to sort through large amounts of innocuous information in order to unearth evidence of a crime. See, e.g., Eversole v. Steele, 59 F.3d 710, 713 (7th Cir. 1995) (describing efforts of regional drug task force to enforce state anti-narcotics laws by monitoring and logging all drug store sales and pharmacy records in a four- county area to determine whether any customers purchased more than four ounces of cough syrup containing codeine within any given forty-eight hour period). Importantly, the difficulty of such a search will undoubtedly be lessened as technology advances, thereby heightening the risk to Net users.
[FN26]. The scope of any actual search is irrelevant for purposes of this article. The question is whether a Web user enjoys an expectation of privacy in his or her clickstream. If he or she does not, then a generalized "dragnet" search and a specific targeted search are equally permissible. If he or she retains an expectation of privacy, then the scope of the search is relevant in determining whether the intrusion occasioned by the search is reasonable. However, that inquiry is beyond the scope of the present discussion.
[FN27]. See supra notes 12, 15, and 19, and accompanying text.
[FN28]. See supra notes 15, 17, and 19, and accompanying text.
[FN29]. See, e.g., Koster, supra note 21, at 7 ("Psychographic profiles can be made by analyzing a Web surfer's 'click stream,' or listing of sites visited."); Berman & Mulligan, supra note 12, at 554 ("The data trail, known as transactional data, left behind as individuals use the Internet is a rich source of information about their habits of association, speech, and commerce.... Along with information intentionally revealed through purchasing or registration activities, this transactional data can provide a 'profile' of an individual's activities.").
[FN30]. See infra notes 83-100, and accompanying text.
[FN31]. U.S. Const. amend. IV.
[FN32]. See Katz v. United States, 389 U.S. 347, 360 (1967) (Harlan, J., concurring); Rakas v. Illinois, 439 U.S. 128, 139-40 (1978).
[FN33]. See Smith v. Maryland, 442 U.S. 735, 740 (1979); California v. Ciraolo, 476 U.S. 207, 211 (1986); Katz, 389 U.S. at 361 (Harlan, J., concurring).
[FN34]. Ciraolo, 476 U.S. at 212 (quoting Oliver v. United States, 466 U.S. 170, 182-83 (1984)).
[FN35]. Katz, 389 U.S. at 351-52 (citations omitted).
[FN36]. See, e.g., United States v. Miller, 425 U.S. 435 (1976) (defendant lacked legitimate expectation of privacy in bank records since he exposed information in records to bank employees); Smith v. Maryland, 442 U.S. 735 (1979) (defendant lacked legitimate expectation of privacy in phone numbers dialed from phone since he voluntarily provided the numbers to the telephone company).
[FN37]. See Florida v. White, 526 U.S. 559, 562-63 (1999); Wilson v. Arkansas, 514 U.S. 927, 931 (1995); California v. Hodari D., 499 U.S. 621, 624 (1991); Tennessee v. Garner, 471 U.S. 1, 8 (1985); Carroll v. United States, 267 U.S. 132, 149 (1925).
[FN38]. See Wyoming v. Houghton, 526 U.S. 295, 299-300 (1999); Vernonia Sch. Dist. 47J v. Acton, 515 U.S. 646, 652-53 (1995). See also Carroll, 267 U.S. at 149 ("The Fourth Amendment is to be construed in light of what was deemed an unreasonable search and seizure when it was adopted, and in a manner which will conserve public interests as well as the interests and rights of individual citizens.").
[FN39]. United States v. Miller, 425 U.S. 435 (1976).
[FN40]. Smith v. Maryland, 442 U.S. 735 (1979).
[FN41]. Miller, 425 U.S. at 442.
[FN42]. Id. at 443. See also Hoffa v. United States, 385 U.S. 293, 302 (1966). Miller has been broadly read as standing for the proposition that a customer has no legitimate expectation of privacy in records of his business transactions held or created by a third party. See, e.g., United States v. Phibbs, 999 F.2d 1053 (6th Cir. 1993) (reading Miller to include credit card statements and telephone records regarding defendant kept by various businesses). Miller has been harshly criticized by commentators. See, e.g., Wayne R. LaFave, 1 Search and Seizure §2.7(c) at 631 (3d ed. 1996) ("The result reached in Miller is dead wrong, and the Court's woefully inadequate reasoning does great violence to the theory of Fourth Amendment protection which the Court had developed in Katz.'').
[FN43]. See Smith, 442 U.S. at 737.
[FN44]. See id.
[FN45]. See id.
[FN46]. Id. at 743-44 (citations omitted).
[FN47]. Katz, 389 U.S. 347, 351-52 (1967) (citations omitted).
[FN48]. See United States v. Charbonneau, 979 F. Supp. 1177, 1184 (S.D. Ohio 1997); Smyth v. Pillsbury, 914 F. Supp. 97, 101 (E.D. Pa. 1996); United States v. Maxwell, 45 M.J. 406, 417-18 (C.A.A.F. 1996).
[FN49]. See Charbonneau, 979 F. Supp. at 1184; Smyth, 914 F. Supp. at 101; Maxwell, 45 M.J. at 417-18. Commentators have made the same analogy. See, e.g., Keeping Secrets in Cyberspace, supra note 23, at 1597 ("For example, commentators discussing privacy in cyberspace often have compared e-mail to traditional postal mail. Individuals retain a reasonable expectation of privacy in sealed first-class mail sent through the postal system, but because anyone can read the contents of a postcard, an expectation of privacy in its contents would be unreasonable and a law enforcement officer's reading it is thus not a search. E-mail, which 'can be accessed or viewed on intermediate computers between the sender and recipient,' may more closely resemble a postcard than a letter in this regard.") (footnotes omitted).
[FN50]. Charbonneau, 979 F. Supp. at 1177.
[FN51]. Id. at 1184 (quoting Maxwell, 45 M.J. at 417).
[FN52]. A "chat room" is an Internet site set up to allow Web users to "talk" to each other over the Internet by typing messages on their keyboard. See Jenkins, supra note 14.
[FN53]. See Charbonneau, 979 F. Supp. at 1184. See also Raphael Winick, Searches and Seizures of Computers and Computer Data, 8 Harv. J.L. & Tech. 75, 116 (1994) ("Posting a message in the publicly accessible areas of a BBS can be viewed as either putting the message into 'plain view,' or as voluntarily disclosing the information to all other parties. One loses any expectation of privacy in an otherwise private item by placing the item into plain view. As a result, outsiders such as law enforcement officials may monitor BBS communications if those communications are stored or transmitted in a manner that is accessible to the public. Similarly, voluntary disclosure of information to another permits the other party to relay that information to law enforcement personnel without offending the Fourth Amendment."); Terri Cutrera, The Constitution in Cyberspace: The Fundamental Rights of Computer Users, 60 UMKC L. Rev. 139, 151-52 (1991) (concluding that Net users lack legitimate expectation of privacy in "computer service's bulletin board files").
[FN54]. ISPs routinely collect personal information when a customer signs up for Internet access. See Schwartz, supra note 1, at 1627 ("ISPs are in an advantageous position to tie together the information that exists about anyone who surfs the Web. First, the ISP has highly accurate data about the identity of anyone who uses its services. This information is within its grasp because the ISP generally collects the client's name, address, phone number, and credit card number at the time it assigns an account.").
[FN55]. United States v. Kennedy, 81 F. Supp. 2d 1103, 1110 (D. Kan. 2000); United States v. Hambrick, 55 F. Supp. 2d 504, 507 (W.D. Va. 1999).
[FN56]. Hambrick, 55 F. Supp. 2d at 508 ("Cyberspace is a nonphysical 'place' and its very structure, a computer and telephone network that connects millions of users, defies traditional Fourth Amendment analysis. So long as the risk-analysis approach of Katz remains valid, however, this court is compelled to apply traditional legal principles to this new and continually evolving technology.").
[FN57]. Id. Judicial notions of the parameters of Fourth Amendment protection have traditionally evolved with changing technology. Application of traditional Fourth Amendment principles to the telephone initially yielded results contrary to a modern understanding of the Amendment's protection. In Olmstead v. United States, 277 U.S. 438 (1928), the Supreme Court held that the Fourth Amendment was not violated when government agents tapped a telephone line without a warrant since the phone line was not within one of the protected zones specified in the text of the Fourth Amendment: persons, houses, papers, and effects. Forty years later, in Katz v. United States, 389 U.S. 347 (1967), the Court held that warrant-less electronic monitoring of a telephone conversation in a public phone booth constituted an unreasonable search in violation of the Fourth Amendment. The shift in the Court's analysis, from the focus on protecting a "place" in Olmstead to the protection of the "person" in Katz, was, in part, an acknowledgment that changing technology necessitated new means of constitutional analysis. The unique nature of the Internet again calls for a change in the manner in which courts evaluate the reasonableness of a search or seizure. See, e.g., Federal Trade Commission Staff Report: Online Privacy: General Practices and Concerns (September 15, 1997) (visited March 1, 2000) <http:// www.ftc.gov/reports/privacy/privacy3.htm> ("It is unique among communications media in the variety and depth of personal information generated by its use.").
[FN58]. At least one commentator has applied traditional Katz analysis and reached this conclusion. See Simon, supra note 23, at 967 ("Hypothetically, if the police used a device to track where one travels in cyberspace, there is no reason to think that the use of such technology would constitute a search under the Fourth Amendment. When one travels along the digital highway, such movements are knowingly exposed to the public and merit no Fourth Amendment protection. The digital web where a user journeys would be considered the functional equivalent of the public streets.... As long as a user travels along a public area in cyberspace, where one can legally view their movements, cyber- tracking devices would not constitute a search.").
[FN59]. United States v. Simons, 206 F.3d 392 (4th Cir. 2000).
[FN60]. Similarly, the court in Smith recognized that because the use of telephones was so commonplace, telephone users know or should know that they are disclosing information (numbers dialed) to the telephone company every time they dial, thereby preventing them from harboring any subjective expectation of privacy. See Smith v. Maryland, 442 U.S. 735, 742-43 (1979) ("First, we doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must 'convey' phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills.... Although subjective expectations cannot be scientifically gauged it is too much to believe that telephone subscribers, under these circumstances, harbor any general expectation that the numbers they dial will remain secret.").
[FN61]. In such a case, clickstream searches might be analogized to searches conducted at open and obvious fixed checkpoints, such as airport metal detectors. These searches are constitutionally permissible since their open and obvious nature eliminates any subjective expectation of privacy by giving the subject notice that a search is certain to occur when he or she enters a controlled area, and because they allow the subject to avoid the search by changing his or her behavior. See Michigan Department of State Police v. Sitz, 496 U.S. 444, 463, 473-74 & n.18 (1990) (Stevens, J., concurring) (noting "critical difference" between open and obvious checkpoint searches and other less obvious measures, and discussing permissibility of metal detector searches). See also McMorris v. Alioto, 567 F.2d 897, 901 (9th Cir. 1978) (requirement that the public pass through metal detectors before entering courthouses does not unreasonably violate privacy expectations because search is obvious and public has choice not to enter); United States v. Doran, 482 F.2d 929, 932 (9th Cir. 1973) (no expectation of privacy infringed upon by airport metal detectors). While facially appealing, this analogy fails to recognize that a clickstream search is significantly more invasive than a metal detector or magnetic strip scan. Unlike traditional fixed searches, which look only for particular contraband or criminal activity, clickstream monitoring tracks the entirety of an individual's online activity. This distinction is significant: while an individual can still choose to avoid the search by "opting out" of Internet use, the extensiveness of the potential search is much more likely to change an individual's lawful behavior than a metal detector. For example, an outwardly heterosexual man may be deterred by the prospect of a clickstream search from legally entertaining homosexual fantasies online in adult chat rooms for fear of being "outed." Fringe political groups may become wary of using the Internet to advocate lawful political change over the Internet, or use the Web to engage in legal fund-raising activity. While these concerns are better addressed under the First Amendment than the Fourth, the potential chilling effect on all types of online behavior illustrates the inadequacy of an analogy to metal detectors or fixed checkpoints since those types of searches are limited to curtailing a particular illegal activity. See also Keeping Secrets, supra note 23, at 1607-08 ("A free society demands free discourse, and free discourse requires the ability to communicate privately. If our polity is to engage in vibrant political debate, if our marketplace of ideas is to remain open to radical and innovative suggestions, we must ensure that citizens can speak both freely and privately. Some of our most cherished communications--whispers between lovers, vows between friends--would be stifled if government officials had unbounded discretion to eavesdrop. This necessarily private communication has already moved into cyberspace, and by all accounts will continue to do so in the future. Communication in cyberspace must be protected to the same extent as is more traditional communication if our advancing communication technology is to achieve its full potential without the sacrifice of any of the free speech or privacy that we enjoy today.") (footnotes omitted).
[FN62]. Smith, 442 U.S. at 740 n.5. See also, Bayens, supra note 4, at 278 ("Even relatively novice computer users understand that employers, Internet service providers, and hackers can easily monitor electronic transmissions. However, this recognition should not operate as a bar to Fourth Amendment protections. Electronic communication in its various forms is a practical necessity despite its inherent dangers. Thus, the judiciary or legislature must acknowledge this dilemma and formulate appropriate responses.").
[FN63]. As the Court noted in Smith, "a pen register differs significantly from the listening device employed in Katz, for pen registers do not acquire the contents of communications." 442 U.S. at 741.
[FN64]. The revealing nature of clickstream data has been recognized by leading online privacy advocates. See Center for Democracy & Technology: CDT's guide to online privacy: Terms, supra note 21 ("Personally identifiable transactional data is the information describing your online activities, including web sites you have visited, whom you have sent email, what files you have downloaded, and other information revealed in the normal course of using the Internet. Transactional data differs from the content of a communication in that it is not the actual substance of your communication, but the information about your communication. Traditionally, the content of your communications has received greater protections in the law that [sic] transactional data. Recent developments in the law have given greater protections to transactional data in that it is just as revealing as the content of your communications.") (emphasis added).
[FN65]. See LaFave, supra note 42, at 633 n.61 (questioning whether officers can access library records after Miller, and suggesting that disclosure of library use information might properly take place under "judicial supervision" which regulated the State's activities to eliminate content bias and required showing that suspect's reading practices were relevant to criminal act under investigation) (citation omitted).
[FN66]. See supra note 21 and accompanying text, explaining that clickstream data collection often occurs without the user's knowledge.
[FN67]. A recent study by AT&T found that an overwhelming majority of Web users particularly disliked automated data collection services which provided them with no notice that data was being collected as they surfed the Net. AT&T online press release: Survey: 'One-Size-Fits-All' Privacy Won't Work on 'Net (last modified April 14, 1999) <http:// www.research.att.com/projects/privacystudy/press.htm> ("Users dislike automatic data transfer and unsolicited communications. When asked about possible browser features that would make it easier to provide information to a Web site, 86 percent reported no interest in doing so without their taking some action."). See also Bob Tedeschi, Targeted Marketing Confronts Privacy Concerns, N.Y. Times (last modified May 10, 1999) <http:// www.nytimes.com/library/tech/99/05/cyber/commerce/10commerce.html> ("[R]ecent surveys indicat[e] that Internet users are increasingly uncomfortable with the amount of personal data gathered by online companies, and as online companies become more aggressive about collecting that information."); Federal Trade Commission Staff Report: Online Privacy: General Practices and Concerns, supra note 9 ("Survey results suggest that although many individuals are willing to strike a balance between maintaining personal privacy and obtaining the information and services that new interactive technologies provide, they are concerned about potential misuse of their personal information and want meaningful and effective protection of that information. In the 1994 Harris Survey, fifty-one percent of respondents stated they would be concerned if an interactive service to which they subscribed engaged in 'subscriber profiling,' i.e., the creation of individual profiles based upon subscribers' usage and purchase patterns, in order to advertise to subscribers.").
[FN68]. Smith, 442 U.S. at 749-50 (Marshall, J., dissenting).
[FN69]. As one commentator warns, "The Katz decision... included limiting language which specified that a person could not have a reasonable expectation of privacy in things that were 'knowingly expose[d] to the public.'... The Supreme Court has used the 'knowing exposure' rationale to transform the reasonable expectation of privacy standard into a simple assumption of risk test.... In its evolved form, the Katz privacy test has become a roadblock to fourth amendment protection instead of a roadmap for ensuring it. It strips the individual of a great measure of fourth amendment protection--the single most important characteristic which distinguishes a free society from a police state--simply as a result of living in a high-tech society. Its result is to strip the fourth amendment of its normative values which were intended to regulate and limit the powers of government." Lewis R. Katz, In Search of A Fourth Amendment for the Twenty-First Century, 65 Ind. L.J. 549, 564 (1990).
[FN70]. United States v. Simons, 206 F.3d 392 (4th Cir. 2000).
[FN71]. The FBIS is a division of the Central Intelligence Agency. Id. at 395.
[FN72]. Id. at 395-96.
[FN73]. Id. at 398 (emphasis added). See also United States v. Monroe, 52 M.J. 326 (C.A.A.F. 2000) (acknowledging that military serviceman retained legitimate expectation of privacy in email while it was in transmission, but holding that he lacked expectation of privacy in email stored in electronic mailbox on government Internet server when government computer use policy warned him that his account was subject to monitoring).
[FN74]. The fact that ISPs and online businesses are collecting clickstream data instead of the government may ultimately require a defendant to establish that these actors are government agents in order to obtain suppression. That issue is beyond the scope of this article.
[FN75]. See Smith v. Maryland, 442 U.S. 735, 740 n.5 (1979) ("Situations can be imagined, of course, in which Katz' two-pronged inquiry would provide an inadequate index of Fourth Amendment protection. For example, if the Government were suddenly to announce on nationwide television that all homes henceforth would be subject to warrantless entry, individuals thereafter might not in fact entertain any actual expectation of privacy regarding their homes, papers, and effects. Similarly, if a refugee from a totalitarian country, unaware of this Nation's traditions, erroneously assumed that police were continuously monitoring his telephone conversations, a subjective expectation of privacy regarding the contents of his calls might be lacking as well. In such circumstances, where an individual's subjective expectations had been 'conditioned' by influences alien to well-recognized Fourth Amendment freedoms, those subjective expectations obviously could play no meaningful role in ascertaining what the scope of Fourth Amendment protection was. In determining whether a 'legitimate expectation of privacy' existed in such cases, a normative inquiry would be proper.")
[FN76]. Web users can retain a legitimate expectation of privacy in some instances even in the absence of a subjective expectation of privacy. See Smith, 442 U.S. at 740 n.5. See also Hudson v. Palmer, 468 U.S. 517, 525 n. 7 (1984) (noting that Supreme Court has always emphasized objective over subjective prong of Katz test).
[FN77]. Smith, 442 U.S. at 741 n.5.
[FN79]. See Smith, 442 U.S. at 750-51 (Marshall, J., dissenting). See also California v. Ciraolo, 476 U.S. 207, 220 n.5 (1986) (Powell, J., dissenting) (stating that legitimate expectation of privacy determination "necessarily focuses on personal interests in privacy and liberty recognized by a free society"); Vega-Rodriguez v. Puerto-Rico Telephone Co., 110 F.3d 174, 180 n.4 (1st Cir. 1997) ("In cases in which notice would contradict expectations that comport with traditional Fourth Amendment freedoms, a normative inquiry is proper to determine whether the privacy expectation is nonetheless legitimate.").
[FN80]. 442 U.S. at 750-51 (Marshall, J., dissenting).
[FN81]. See also Keeping Secrets, supra note 23, at 1607 ("The truth is that the application of Katz to new technology is simultaneously normative and descriptive. Deciding which expectations of privacy are reasonable is not simply an empirical determination, but rather requires a judgment about the kind of society in which we want to live; in determining 'reasonable expectations,' we cannot divorce the level of privacy that the Constitution does protect from a judgment about how much privacy our society ought to protect. The Fourth Amendment balances the individual's claim to privacy against the societal demand for effective law enforcement.") (citations omitted).
[FN82]. Although discussion of the types of searches and seizures the Fourth Amendment is intended to cover is typically undertaken as part of the "reasonableness" inquiry, see, e.g., Wilson v. Arkansas, 514 U.S. 927, 931 (1995), it would clearly be improper to deny a defendant the opportunity to raise a Fourth Amendment defense to a search of the type the Framers intended to prohibit merely because courts have developed a Fourth Amendment jurisprudence which is ill-suited to a new communications technology.
[FN83]. General warrants allowed authorities to conduct searches and seizures without particularized suspicion as to place or contraband. See Nelson Lasson, The History and Development of the Fourth Amendment to the United States Constitution 26 (1976) (describing content and service of general warrants: "Persons and places were not necessarily specified, seizure of papers and effects was indiscriminate, everything was left to the discretion of the bearer of the warrant."). Writs of assistance, designed to help enforce customs laws, were even more intrusive than general warrants since they typically granted officers unlimited discretion in conducting searches and seizures. Leonard W. Levy, Original Intent and the Framers' Constitution 227 (1988) (detailing 'writs of assistance' which gave customs agents and law enforcement officials broad power to search for and seize any untaxed goods, and explaining that these warrants lasted for the life of the sovereign and could be used without any showing of particularized suspicion); Barbara C. Salken, The General Warrant of the Twentieth Century? A Fourth Amendment Solution to Unchecked Discretion to Arrest for Traffic Offenses, 17 Pace L. Rev. 97, 144 (1997) ("Writs of assistance were used extensively in the colonies in the 1760s and were a principal irritant to the colonists. The writs were even more offensive than the general warrants, which had at least been directed at the perpetrators of a particular offense; writs of assistance permitted unlimited discretion and... were designed to prevent the American colonies from trading outside the Empire."). One scholar has suggested that the widespread use of writs of assistance was the prime cause of the American Revolution. See Salken, supra at 144-45 ("The relationship of the revolution to the writs is clear. John Adams, who had been a young courtroom spectator during the argument in the writs-of-assistance case, later, wrote: 'Mr. Otis' oration against the Writs of Assistance breathed into this nation the breath of life. [H]e was a flame of fire. Every man of a crowded audience appeared to me to go away, as I did, ready to take arms against writs of assistance. Then and there was the first scene of opposition to the arbitrary claims of Great Britain. Then and there the child Independence was born. In 15 years, namely in 1776, he grew to manhood, and declared himself free." ') (citations omitted).
[FN84]. William J. Cuddihy & B. Carmon Hardy, A Man's House Was Not His Castle: Origins of the Fourth Amendment to the United States Constitution, 37 Wm. & Mary Q. 371, 372 (1980) (explaining that colonists were subject to forcible intrusion by British officials acting under authority of general warrants and writs of assistance); Phoebe Weaver Williams, Governmental Drug Testing: Critique and Analysis of Fourth Amendment Jurisprudence, 8 Hofstra Lab. L.J. 1, 39 (1990) ("During the period when the English were struggling to free themselves from indiscriminate searches, the American colonists were being subjected to broad and abusive searches.").
[FN85]. Tracey Maclin, Informants and The Fourth Amendment: A Reconsideration, 74 Wash. U. L.Q. 573, 583 (1996) (citation omitted).
[FN86]. Id. at 581 ("The general warrant, or something resembling it, was the usual protocol of search and arrest everywhere in colonial America, excepting Massachusetts after 1756."); Levy, supra note 83, at 224 (noting that 106 of the 108 warrants issued in period of 1700-1763 were general warrants).
[FN87]. Stanley v. Georgia, 394 U.S. 557, 569 (1969) (Stewart, J., concurring) ("The purpose of these clear and precise words [in the Fourth Amendment] was to guarantee to the people of this Nation that they should forever be secure from the general searches and unrestrained seizures that had been a hated hallmark of colonial rule under the notorious writs of assistance of the British Crown."); Stanford v. Texas, 379 U.S. 476, 481 (1965) ("These words [of the Fourth Amendment] are precise and clear. They reflect the determination of those who wrote the Bill of Rights that the people of this new Nation should forever 'be secure in their persons, houses, papers, and effects' from intrusion and seizure by officers acting under the unbridled authority of a general warrant. Vivid in the memory of the newly independent Americans were those general warrants known as writs of assistance under which officers of the Crown had so bedeviled the colonists."). See also, Cuddihy & Hardy, supra note 84, at 372 (stating that the Fourth Amendment's protections "arose from the harsh experience of householders having their doors hammered open by magistrates and writ-bearing agents of the crown. Indeed, the Fourth Amendment is explainable only by the history and memory of such abuse"); Williams, supra note 84, at 39 ("The fourth amendment was the Framers' response to broad and abusive searches conducted by the British government."); Tracey Maclin, When the Cure for the Fourth Amendment Is Worse than the Disease, 68 S. Cal. L. Rev. 1, 11-13 (1994) (arguing that the Fourth Amendment was the framers' reaction to a historical period where government actors demonstrated little respect for individual privacy).
[FN88]. William J. Cuddihy, The Fourth Amendment: Origins and Original Meaning 602, 1546 (1990) (unpublished Ph.D. dissertation, Claremont Graduate School).
[FN89]. Salken, supra note 83, at 145. See also Coolidge v. New Hampshire, 403 U.S. 443, 467 (1971) (acknowledging that colonist's chief objection to general warrants was "not that of the intrusion per se, but of a general, exploratory rummaging in a person's belongings").
[FN90]. See Anthony Amsterdam, Perspectives on the Fourth Amendment, 58 Minn. L. Rev. 349, 411 (1974).
[FN91]. The litany of potential abuses is limitless since the proliferation of Web sites and services now allows Web users to engage in virtually any activity online. The development of online voting for political office highlights the danger of an indiscriminate clickstream search: law enforcement officers analyzing a suspect's clickstream might well learn the way he or she voted in a cyber-election. See Arizona Democrats (visited May 15, 2000) < http://www.azdem.org/breakdown.html> (describing first binding Internet election in Arizona's Democratic presidential primary in which 35,765 people cast official votes online).
[FN92]. See United States v. Rabinowitz, 339 U.S. 56, 82 (1950) (Frankfurter, J., dissenting) ("By the Bill of Rights the founders of this country subordinated police action to legal restraints, not in order to convenience the guilty but to protect the innocent.").
[FN93]. Vernonia Sch. Dist. 47J v. Acton, 515 U.S. 646, 669 (1995) (O'Connor, J., dissenting) ("[W]hat the Framers of the Fourth Amendment most strongly opposed... were general searches.... [T]hese various forms of authority led in practice to 'virtually unrestrained,' and hence 'general,' searches. To be sure, the Fourth Amendment, in the Warrant Clause, prohibits by name only searches by general warrants. But that was only because the abuses of the general warrant were particularly vivid in the minds of the Framers' generation, and not because the Framers viewed other kinds of general searches as any less unreasonable.") (citations omitted); Stanford v. Texas, 379 U.S. 476, 482 (1965) ("But while the Fourth Amendment was most immediately the product of contemporary revulsion against a regime of writs of assistance, its roots go far deeper. Its adoption in the Constitution of this new Nation reflected the culmination in England a few years earlier of a struggle against oppression which had endured for centuries."). See also Maclin, supra note 85, at 582 ("The newly emerging 'Americanization' of the right against unreasonable search and seizure was not confined to rejection of the general warrant. Other types of intrusion were also deemed unreasonable. For example, nocturnal searches were universally condemned... Unannounced entries were also denounced.").
[FN94]. Numerous scholars have recognized that the Fourth Amendment was prefaced on the broad purpose of protecting citizens against arbitrary governmental intrusion on personal privacy. See, e.g., Maclin, supra note 85, at 584-85 ("Although it did not explicitly outlaw all discretionary searches and seizures, the [Fourth] Amendment initiated and symbolized an ideal that was uniquely American - discretionary invasions of privacy and personal security, whether by warrant or without, violated constitutional liberty... [W]e should remember that the Fourth Amendment was designed to check the discretionary power of government to invade individual privacy and security"); Thomas K. Clancy, The Role of Individualized Suspicion in Assessing the Reasonableness of Searches and Seizures, 25 U. Mem. L. Rev. 483, 528 (1995) ("The core complaint of the colonists was not that searches and seizures were warranted, warrantless, or unauthorized actions; it was the general, suspicionless nature of the searches and seizures.... As they sought to regulate searches and seizures, the framers held certain principles to be fundamental, of which particularized suspicion was in the first rank.").
[FN95]. Maclin, supra note 85, at 585 n.53.
[FN96]. An arbitrary or excessive intrusion upon personal sanctity and privacy by government officials was widely considered the hallmark of an unreasonable search and seizure at the time the Fourth Amendment was adopted. In Boyd v. United States, 116 U.S. 616, 630 (1885), the Court explained that the values underlying the Fourth Amendment were shaped by English common law, particularly Lord Camden's opinion in Entick v. Carrington, 19 How. St. Tr. 1029 (1765), stating:
The principles laid down in this opinion affect the very essence of constitutional liberty and security.... [T]hey apply to all invasions on the part of the government and its employees of the sanctity of a man's home and the privacies of life. It is not the breaking of his doors, and the rummaging of his drawers, that constitutes the essence of the offense; but it is the invasion of his indefeasible right of personal security, personal liberty and private property, where that right has never been forfeited by his conviction of some public offense,--it is the invasion of this sacred right which underlies and constitutes the essence of Lord Camden's judgment.
116 U.S. at 630. The Court emphasized that these principles were in the forefront of the minds of the Framers when the Fourth Amendment was drafted.
As every American statesman during out revolutionary and formative period as a nation was undoubtedly familiar with this monument of English freedom, and considered it as the true and ultimate expression of constitutional law, it may be confidently asserted that its propositions were in the minds of those who framed the Fourth Amendment to the Constitution, and were considered as sufficiently explanatory of what was meant by unreasonable searches and seizures.
Id. at 626. See also Camara v. Municipal Court, 387 U.S. 523, 528 (1967) ("The basic purpose of [the Fourth] Amendment... is to safeguard the privacy and security of individuals against arbitrary invasions by governmental officials"); Davis v. Mississippi, 394 U.S. 721, 726 (1969) ("Nothing is more clear than that the Fourth Amendment was meant to prevent wholesale intrusions upon the personal security of our citizenry.").
[FN97]. Amsterdam, supra note 90, at 411.
[FN98]. Lasson, supra note 84, at 26 (explaining that with general warrants, "everything was left to the discretion of the bearer of the warrant"); Salken, supra note 83, at 144 (explaining that writs of assistance granted their bearers "unlimited discretion" in conducting searches and seizures).
[FN99]. Maclin, supra note 85, at 579 (arguing that the framers intended "general searches and seizures [to be] illegal on their face").
[FN100]. Wolf v. Colorado, 338 U.S. 25, 27 (1949) ("[T]he security of one's privacy against arbitrary intrusion by the police--which is at the core of the Fourth Amendment--is basic to a free society.").
[FN101]. See, e.g., Tennessee v. Garner, 471 U.S. 1, 7-8 (1985); United States v. Place, 462 U.S. 696, 703 (1983).