Current Issue: Volume 21
At the November 2017 oral arguments in the case Carpenter v. United States, Justice Sotomayor commented that many individuals even carry their cell phones into their beds and public restrooms: “It’s an appendage now for some people." On June 22, 2018, in a 5-4 opinion written by Chief Justice Roberts and joined by Justices Ginsberg, Breyer, Sotomayor, and Kagan, the Supreme Court held that the government will generally need a warrant to access cell-site location information (CSLI). Ostensibly, Carpenter is only about CSLI, and the language of the decision carefully limits its application. However, the Court’s reasoning behind why the third-party doctrine should not apply is broadly applicable: the information was involuntarily exposed, incidental to merely having a cell phone, which is an item necessary for functioning in modern society. Indeed, technology’s constant forward march leads one to wonder, what privacy issue awaits around the next corner? What technological innovation will pose yet another Fourth Amendment challenge? Our cell phones commonly have health apps that monitor our activity, sleep, mindfulness, and nutrition. Internet of Things (IoT) devices, which have the ability to connect to and interface with a network, include “smart” light bulbs, refrigerators, and even a mattress cover that starts your Bluetooth or WiFi-enabled coffee maker when you wake up in the morning. The private genomic testing industry, too, in which intimate genealogical and genetic health information is sent to third-party laboratories, medical researchers, and even sold to pharmaceutical companies for profit, has seen tremendous growth recently. IoT devices and private DNA testing seem vastly different from each other and from cell phones, and yet both are increasingly popular consumer technologies whose functioning, by design, necessitates a third party. Like CSLI, the data sent to third parties by smart devices and genomic testing services involves no voluntary act, let alone affirmative sharing. This lack of voluntariness was a significant part of the Carpenter Court’s basis for holding—in a decision lauded by privacy advocates—that the cell phone owner has an expectation of privacy in CSLI, despite the fact that the data is owned by a third party. Thus, notwithstanding its limiting language, Carpenter opens the door to a slew of questions about consumers’ privacy expectations in multitudes of other burgeoning technologies that, like cell phones and the location data they produce, also necessitate a third party. This Article, therefore, proposes extending the third-party doctrine in Carpenter’s wake to reflect the realities of the digital age, both to protect privacy and provide some limits to the third-party doctrine. Given that a third party has control over a consumer’s personal data, a meaningful test for whether an expectation of privacy remains or has been forfeited should include two inquiries: first, whether the consumer understands that the technology’s very design necessitates a third party; and second, whether the consumer has a meaningful opportunity to opt out of sharing data with that third party. This Article begins by describing the common law background that prefaced Carpenter, explains why the Carpenter analysis is incomplete, and offers the new, extended test for the third-party doctrine as one that balances decisional analysis with technological reality and provides a principled framework to encompass technologies beyond CSLI. Next, this Article offers normative explanations for why digital data is a square peg in the round hole of the third-party doctrine but explains that privacy in the digital era should nonetheless survive the disconnect. Finally, this Article applies the newly extended third-party doctrine test to two specific examples of increasingly popular technologies in which private data is necessarily shared with third parties: IoT devices and private DNA testing. This Article illustrates the inability of smart devices and private genomic testing services to pass the two inquiries of the proposed extended test, and affirms the consumer’s expectation of privacy in the absence of any voluntary act.
Personal jurisdiction has been a time-honored judicial concept since the 1800s. The Supreme Court has considered the ramifications of personal jurisdiction and its application in various factual scenarios over the years, often leading to plurality opinions where the Justices disagreed on the reasoning behind the judgements. The confusion resulting from this lack of consensus over the doctrine’s application has been further compounded by advances in technology. Technology has enabled people to connect in new ways and the Court has struggled to reconcile this with the traditional minimum contacts analysis it first employed in International Shoe v. Washington. Virtual Private Networks and proxies facilitate internet connections to servers located outside internet users’ home states. Some internet users rely on these technologies to specifically target a geographic area to obtain access to geographically restricted content. Others do not intentionally target a location, but only have a general awareness of their connection. Still others have no knowledge of the ultimate location of their IP address. By accessing servers outside their home state, these internet users could be establishing connections that give rise to the exercise of personal jurisdiction. This Article argues that the proper way to address this challenge is to continue to adapt the traditional personal jurisdiction analysis of International Shoe, with a focus on the intentionality of the user to avail themselves of a particular forum.
A “Democracy Index” is published annually by the Economist. For 2017, it reported that half of the world’s countries scored lower than the previous year. This included the United States, which was demoted from “full democracy” to “flawed democracy.” The prin-cipal factor was “erosion of confidence in government and public institutions.” Interference by Russia and voter manipulation by Cambridge Analytica in the 2016 presidential election played a large part in that public disaffection. Threats of these kinds will continue, fueled by growing deployment of artificial intelligence (AI) tools to manipulate the preconditions and levers of democracy. Equally destructive is AI’s threat to deci-sional and informational privacy. AI is the engine behind Big Data Analytics and the Internet of Things. While conferring some con-sumer benefit, their principal function at present is to capture per-sonal information, create detailed behavioral profiles and sell us goods and agendas. Privacy, anonymity and autonomy are the main casualties of AI’s ability to manipulate choices in economic and political decisions. The way forward requires greater attention to these risks at the na-tional level, and attendant regulation. In its absence, technology gi-ants, all of whom are heavily investing in and profiting from AI, will dominate not only the public discourse, but also the future of our core values and democratic institutions.
The Supreme Court’s decision in WesternGeco LLC v. ION Geophysical Corp. had the potential to reach into a number of trans-substantive areas, including the nature of compensatory damages, proximate cause, and extraterritoriality. Instead of painting with a broad brush, however, the Supreme Court opted to take a modest, narrow approach to the issue of whether lost profits for foreign activity were available to a patent holder for infringement under 35 U.S.C. § 271(f)(2). In addressing this issue, the Court utilized its two-step framework for assessing the extraterritorial reach of U.S. law that it adopted in RJR Nabisco Inc. v. European Community. Step one under RJR Nabisco entails an assessment of whether the presumption against extraterritoriality has been rebutted. Step two requires a court to examine whether activity relevant to the focus of the statute occurred within the United States, even if other acts occurred outside. If so, then the statute still applies to the conduct. The Court skipped step one in WesternGeco, but its analysis of step two confirmed that the territorial limits of damages is tied to the corresponding liability provision. Ultimately the Court allowed the damages for the relevant foreign activity. This decision clarified a few important aspects about the extraterritorial application of U.S. law. By skipping step one of RJR Nabisco, the Court made clear that the presumption against extraterritoriality is distinct from the focus analysis of step two. The Court passed on the opportunity to further elaborate on step one and to answer definitively whether the presumption applies to remedial provisions. The Court did elaborate on step two and embraced a methodology that tied the extraterritorial reach of a general remedy provision to the corresponding liability provision. The Court’s decision also leaves a number of questions open. Specifically, it remains unclear whether the Federal Circuit’s decisions in Power Integrations, Inc. v. Fairchild Semiconductor International, Inc. and Carnegie Mellon University v. Marvell Technology Group, Ltd. survive WesternGeco, along with other decisions regarding the extraterritorial reach of U.S. patent law. I contend that the ultimate conclusions in Power Integrations and Carnegie Mellon are correct, even though the methodology used in the original decisions was wrong. I also discuss how the Court also failed to explore the important role that proximate cause may play in future patent cases, particularly those involving global theories of damages. The Federal Circuit could—and should—embrace a narrower conception of proximate cause to limit these types of global theories of patent damages.