Surveillance and Privacy in India – VI: The Third Party Doctrine and Untidy Endnotes

I must thank Amlan for bringing to my attention an important aspect of the Canara Bank case, that I overlooked in my discussion in the last post. I had pointed out how Canara Bank departed from the American Supreme Court case of Miller in basing privacy upon a personal, as opposed to propertarian, foundation (“privacy is of persons, not places”). Miller, however, also stood for an important proposition known as the “third party doctrine”, which has direct implications for the law of privacy in the context of the CMS. It is crucial to examine Miller in relation to Canara Bank with respect to that. Amlan rightly pointed out that if Canara Bank rejects the third-party doctrine, then this has profound implications for the constitutionality of CMS-surveillance; we must therefore pay close attention to the issue.

Before we commence, one distinction: there is a difference between telephone tapping (that Malkani held certainly violates a privacy interest), and telephone records that are held by telephone companies and are then turned over to the government (the NSA’s PRISM project, the GCHQ’s Tempora Project, and our very own CMS). The third-party doctrine isn’t applicable to the Malkani case of the government directly tapping your line, but becomes very important precisely when the information is routed to the government via a third party (in this case, the telecom companies). Since there is no settled case in India (to my knowledge) on CMS/PRISM style surveillance, we must examine the third-party doctrine as developed elsewhere.

Recall that in United States vs Miller,  the question was whether a person had a privacy interest in personal records held by a bank. The Court held he did not, since:

The depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to the Government. This Court has held repeatedly that the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.”

This is known as the third-party doctrine. Speaking for four members of the Court in dissent, Justice Brennan rejected it, reasoning that:

[A] depositor reveals many aspects of his personal affairs, opinions, habits, associations. Indeed, the totality of bank records provides a virtual current biography. . . . Development of photocopying machines, electronic computers and other sophisticated instruments have accelerated the ability of government to intrude into areas which a person normally chooses to exclude from prying eyes and inquisitive minds.”

Three years later, in Smith vs Maryland, the question arose whether a pen register (that is, an electronic device that records all numbers called from a particular telephone line), installed on the telephone’s company’s property, infringed upon a legitimate expectation of privacy. The Court held that it did not, because:

Telephone users, in sum, typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes. Although subjective expectations cannot be scientifically gauged, it is too much to believe that telephone subscribers, under these circumstances, harbor any general expectation that the numbers they dial will remain secret.

Smith vs Maryland is essentially the third-party doctrine applied to telephone records. Records in question are knowingly and voluntarily passed on to a third party (the telephone company), the customers being aware that the third party is storing and recording them. Consequently, there is no reasonable expectation of privacy. Of course, there is a gap in the logic: the fact that we have no reasonable expectation of privacy against the telephone company storing and recording our data does not mean that we have no reasonable expectation of privacy that government will not do so. Nonetheless, Smith vs Maryland was what the government has relied upon in the recent NSA litigations across American District Courts. In the oral arguments in ACLU vs Clapper, for instance, which we have discussed previously on this blog, the government’s entire privacy argument was based upon the Smith vs Maryland holding, and ACLU’s counter-arguments turned upon how, in the last thirty years, the use of the telephone had increased so much, with so many personal details now part of phone records, that Smith no longer held the field.

This week, in Klayman vs Obama, Judge Leon at the Columbia District Court accepted in substance, the ACLU argument. He observed that “the relationship between the police and phone company in Smith is nothing compared to the relationship that has apparently evolved over the last seven years between the Government and telecom companies” – that is, a formalized policy as opposed to a one-time collection. Judge Leon then went on to hold that not only was the government’s surveillance technology vastly more all-encompassing than it had been in 1979, but also that “the nature and quantity of information contained in peoples’ telephony data is much greater as well.” The “ubiquity” of phones had altered both the amount of information available, and what that information could tell government about peoples’ lives (and indeed, previously on this blog we have discussed how bulk surveillance of telephone records can enable government to construct a complete record of a person’s social, sexual, religious and political mores). Consequently, Judge Leon held that there was likely to be a reasonable expectation of privacy in telephone records.

Does Canara Bankin rejecting Miller, reject the third-party doctrine as well? I think it does so, although not unambiguously. In the Court’s mind, the third party doctrine is a corollary of the propertarian theory of privacy. Thus, in paragraph 54, the Court observes:

Once we have accepted in Govind and in latter cases that the right to privacy deals with ‘persons and not places’, the documents or copies of documents of the customer which are in Bank, must continue to remain confidential vis-a’-vis the person, even if they are no longer at the customer’s house and have been voluntarily sent to a Bank.

The Court here conflates “no longer at the customer’s house” (persons v places) and “voluntarily sent to the Bank” (third party). Because even if one holds that the right to privacy belongs to persons and not places, it is logically possible to hold that once one voluntarily turns over one’s information to someone else, one no longer has a privacy interest in it. The Court, however, expressly forecloses that option by reading the two together – because the right of privacy belongs to persons and not to places, therefore we retain our privacy interests even in those documents that we have voluntarily turned over to a third party. In other words, the Court’s logic appears to be that the nature of the documents vis-a-vis us remains unchanged despite their location shifts from beyond our control, even if this shift is knowingly and voluntarily cause by us. Thus, it would appear that Canara Bank adopts a particular conception of privacy-interests-belong-to-peoples-and-not-places, one that rejects the third party doctrine. To repeat: this is not the only way in which we can understand the people/places distinction; conceptually, people/places and third-party come apart, as they have done so in American law. What we have tried to do here is to make sense of the Canara Bank holding, and I submit that the only way to do so is to understand Canara Bank as rejecting third party through one specific conception of people/places. Thus, the Smith v Maryland argument is not open to the government if it wishes to collect data from telecom companies or, in the case of the internet, ISPs. In light of Canara Bank, the privacy interest remains.

We may now end our substantive privacy law discussion by a brief examination of two cases whose locus lies in the domain of medical tests, although in differing areas. Selvi v State, decided in 2010, involved the constitutionality of narco-analysis and polygraph tests during police investigations, and the testimonial statements obtained therefrom. The Court had no trouble in finding that, insofar as these techniques interfered with a person’s mental processes in order to elicit information from him, they infringed his right to privacy. The Court then summarily rejected the State’s argument of a compelling interest in eliciting information that could lead to the prevention of crime, holding that: “There is absolutely no ambiguity on the status of principles such as the `right against self-incrimination’ and the various dimensions of `personal liberty’. We have already pointed out that the rights guaranteed in Articles 20 and 21 of the Constitution of India have been given a non-derogable status and they are available to citizens as well as foreigners. It is not within the competence of the judiciary to create exceptions and limitations on the availability of these rights.”

This passage is curious. While a non-derogable right need not be an absolute right, our privacy jurisprudence suggests that the right to privacy is indeed derogable – when there is a compelling State interest. Insofar as Selvi goes beyond the accepted doctrine, it is probably incorrectly decided; nonetheless, it affirms – once more – even if only through contentions made by the State, that the relevant standard for infringement is the compelling interest standard. Furthermore, in subsequently investigating whether compelled undertaking of narco-analysis or polygraph tests are actually likely to reveal the results that the investigating authorities need – and finding them unconstitutional because they don’t – the Court takes a path that resembles narrow tailoring.

Lastly – and most recently – Rohit Shekhar v Sri Narayan Dutt Tiwari dealt with a Court order requiring a compulsory DNA test in a paternity dispute. After lengthy citation of foreign precedent, the Court entered into a bewildering discussion of the relationship between DNA tests and the right to privacy. It held that depending upon the circumstances of a case, mandatory testing would be governed by a number of factors such as a compelling interest, a probable cause, decreased expectations of privacy, and so on. (Para 79) It then went on to hold: “forced interventions with an individuals privacy under human rights law in certain contingencies has been found justifiable when the same is founded on a legal provision ; serves a legitimate aim ; is proportional ; fulfils a pressing social need ; and, most importantly, on the basis that there is no alternative, less intrusive, means available to get a comparable result.” This is extremely strange, because the first three conditions form part of a classic proportionality test; and the last two are – as readers will recognize – the two parts of the compelling state interest – narrow tailoring test. Indeed, the Court contradicts itself – “legitimate aim” and “pressing social need” cannot both be part of the test, since the latter makes the former redundant – a pressing social need will necessarily be a legitimate aim. Consequently, it is submitted that no clear ratio emerges out of Rohit Shekhar. It leaves the previous line of cases – that we have discussed exhaustively – untouched.


Leave a comment

Filed under Privacy, Surveillance

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s