Sarah Parker is a first-year student at Harvard Law School. She is currently a Line Editor and a member of the Submissions Committee for JOLT. She will be serving as a clerk for the Electronic Privacy Information Center this summer.
The smart home is on the rise. The market for connected homes has seen a 31% compound annual growth rate, and the global smart home market is expected to reach over $50 billion by 2022. Unfortunately, the convenience of these devices comes at the cost of significant privacy concerns. In addition to the risk of data breaches or hacking, smart home technology puts citizens at risk of their data being exposed to law enforcement before they are even charged with a crime.
In fact, smart home data has already been used in at least two criminal cases. After being served with a warrant, Google provided surveillance footage from Nest cameras used by a group of amateur rappers and scam artists in a North Carolina criminal case. After a long legal battle, Amazon also provided recordings from an Echo device in the trial of James Andrew Bates in 2017. While Amazon presented compelling legal arguments against the provision of smart home data for criminal prosecutions, the issue was resolved without a court ruling once Bates agreed to the government’s access to his data. While the use of smart home data in criminal prosecutions is not yet common, its very existence poses significant constitutional questions.
Perhaps the most concerning of these questions is the possible legality of obtaining smart home data without a warrant supported by probable cause. While the Fourth Amendment protects individuals from unreasonable searches and seizures, the Supreme Court has held that a search warrant is not required to obtain personal information that has already been voluntarily shared with a third party (Couch v. United States, United States v. Miller, and Smith v. Maryland). The assumption underlying this “third-party doctrine” is that the individual does not have a reasonable expectation of privacy after sharing his or her information with a third party.
Does this assumption apply to smart home devices? Smart homes are constantly sharing data with device manufacturers, but consumers may not be aware of this fact given the “opt out” model typically employed for smart home permissions. We are also living in a fundamentally different world than the Justices who developed the third-party doctrine in the 1970s. Digital information storage contains far more personal information than could have been anticipated during the creation of the third-party doctrine, an observation that has provoked concern from the Supreme Court. As described by Justice Sonia Sotomayor in her concurrence about GPS monitoring in United States v. Jones, “the Government’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse.”
In addition, disclosure of personal data is increasingly necessary for citizens to participate in digital society. Smart home device usage is a good example of this paradigm shift. Once aware of the collection of their data by smart home manufacturers, consumers are faced with the choice of allowing the data collection, abstaining from using the new technology, or rendering their smart home devices less effective (for example, by disconnecting a Smart TV from the home’s WiFi network or manually deleting all voice recordings stored by an Alexa even though it may “degrade your Alexa experience”). In some cases, only the first two options may be available. According to a recent study of smart home device privacy policies, many companies do not even have an opt-out policy, often because the product can only function with certain device information.
In the current climate for smart home devices, most users are either unaware that their data is being collected or unable to opt out. If the third-party doctrine is applied to smart home devices, law enforcement will be able to obtain user data without a warrant – despite the fact that most smart home users have not opted into sharing their information with a third party and may be unaware that they are doing so. This outcome is diametrically opposed to the privacy values enshrined in the Fourth Amendment.
Fortunately, there are good indicators that the third-party doctrine might not apply to smart home devices. The Supreme Court has a long history of championing the home as a space entitled to special Fourth Amendment protections, a pattern under which smart home user data may be privileged. In addition, the Court recently declined to apply the third-party doctrine to a major form of new technology: cellphone location data.
In 2018, the Supreme Court held in Carpenter v. United States that the Fourth Amendment protects historical cellphone location data from being obtained without a warrant. Writing for the majority, Chief Justice John Roberts differentiated cell-site records from the types of personal information addressed in cases like Miller and Smith, finding that the application of the third-party doctrine to these cellphone records would be a “significant extension of [the doctrine] to a distinct category of information.” The opinion also emphasized the need to “assure preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted,” even in the face of technological innovation. Unfortunately, Chief Justice Roberts also maintained that Carpenter’s holding was narrow and contained to cell-site records, citing a desire to avoid “embarrass[ing] the future.”
Despite the court’s limitation of the Carpenter holding, there is a strong case to be made that smart homes should also be excepted from the third-party doctrine. Smart home data contains a map of its owner’s movements and activities within the home in the same way that smartphone location data provides the “detailed chronicle of a person’s physical presence compiled every day, every moment, over several years” that the Court found so deeply private in Carpenter. As previously discussed, there is also effectively “no way to avoid leaving behind a [data] trail” with smart home technology. Devices also integrate into home life in the same way that smartphones are “such a pervasive and insistent part of daily life” that owning one might become “indispensable to participation in modern society.”
Of course, a savvy prosecutor might try to differentiate location data about movement outside the home from smart home data about arguably less revealing, more mundane activities within the home such as moving from the dining room to the kitchen. However, given the Supreme Court’s long history of privileging the home, it seems unlikely that the Court would give preferential treatment to data collected outside of the home. Another point of differentiation is the near universal adoption of smartphones as compared to smart homes. However, the current trends in smart home adoption indicate that this gap may materially close before this issue reaches the Supreme Court.
Carpenter might also be distinguished on the basis that a cellphone cannot even be powered up without creating cell-site records, while smart home devices merely require the exchange of data in order to function fully. However, the combination of the opt out structure of privacy permissions and the difficulty (and sometimes impossibility) of opting out in practice leads most smart home purchasers to the same dilemma as cellphone users: a choice between using their technology and maintaining their privacy.
Forcing citizens to choose between fully participating in our increasingly digital modern life and maintaining Fourth Amendment protections is unacceptable. This makes it essential that the Carpenter doctrine is extended to smart home user data. Smart homes are increasingly extensions of the home in the same way that smartphones are “a pervasive and insistent part of daily life,” and they deserve the same legal protections as smartphones as well.