Law restricting police access to personal data Tests Confidentiality limits

A first-of-its-kind law in Illinois restricting law enforcement access to data on digital home devices is at the forefront of an emerging legal debate about protecting the privacy of those recordings.

The state law, which takes effect Jan. 1, comes as law enforcement seeks to exploit consumers’ growing collection of internet-connected devices, from smart speakers to security cameras. These devices can capture conversations, movement, and other information that could be used to investigate crimes.

Known as the Household Privacy Protection Act, the law restricts the sharing of device data by requiring a search warrant or authorization from the device owner, with some exceptions in emergency scenarios.

The law aims to set limits on when manufacturers of such devices transmit data to law enforcement, rather than leaving it in the hands of tech companies like Inc. to set their own standards, according to the American Civil Liberties Union of Illinois, which lobbied for the law.

Its focus on sharing data with the police highlights legal tension over expectations that people’s homes are private space, even as they invite devices that can document their social connections and record their whereabouts.

“If I am planning a crime on a street corner and someone overhears me, I have no expectation of privacy there,” said Peter Hanna, legal counsel for American Civil Liberties Union of Illinois.

Under what is known as the Third Party Doctrine, the United States Supreme Court has ruled that people cannot expect the confidentiality of information voluntarily shared with third parties. The doctrine emerged from a 1976 decision in United States v. Miller concerning bank statements and a 1979 decision in Smith v. Maryland involving phone calls.

“Now, third parties are deeply embedded in almost every aspect of our lives,” Hanna said.

Existing protections

Despite the potentially sensitive data that home devices can collect, existing legal protections were not designed to cover that data, said Ángel Díaz, professor at the University of California, Los Angeles Law School.

The Federal Stored Communications Act governs the ability of law enforcement to search certain types of electronically stored data, including emails, from companies such as Microsoft Corp. and Alphabet’s google. The 1986 law sets out the circumstances under which police would have to obtain a subpoena or search warrant before they could access communications.

The law, which protects the privacy of data stored by service providers, was “written at a time when there were no smart devices for the home,” said Díaz, who studies the intersection of the technology and civil rights.

The way connected devices collect and store information, whether locally on the device or in what is known as the cloud, can place that data outside the scope of the stored communications law, did he declare.

The definition of home appliances in Illinois law is intentionally broad so that it can accommodate future products introduced into homes, according to the Illinois ACLU. Its text covers connected devices inside a house and its “immediate surrounding areas” that are capable of communicating electronically.

This would include Amazon’s Ring doorbell cameras or other similar home security cameras.

Ring a sworn not provide law enforcement data on its users without a legally valid subpoena or search warrant, depending on the type of information sought. For other Amazon products such as Alexa-enabled smart speakers, the company has also promised not to disclose customer information in response to government requests, except as required by law.

“Amazon consistently opposes requests that are too broad or otherwise inappropriate,” an Amazon spokesperson said in an email.

Local police and fire departments in the United States may ask Call users to get recordings from devices near an ongoing investigation by posting them to the company’s Neighbors app.

These messages may request check-ins within a limited time and area, and must include a valid case number and agency contact details, in accordance with Ring’s policies. Ring users can share recordings in response to a message, or they can choose not to see such requests on the app.

Complicated compliance

Illinois’ new law could “make compliance efforts more difficult” for businesses that are also subject to the stored communications law, according to Chloe Goodwin, a partner at Covington & Burling LLP in Washington, DC, who represents technology companies on issues such as access to law enforcement. to digital evidence.

“The Illinois requirements don’t quite fit within the framework of the stored communications law,” Goodwin said.

She said it’s because Illinois law covers data from connected devices, but not computer data, like a computer, tablet, or cell phone. State law also excludes “digital gateway” devices such as modems and Internet routers or cable set-top boxes.

Federal law applies to stored data, regardless of the device it is associated with, Goodwin said.

It remains to be seen what the permission provision of the Household Privacy Act means for people who own digital devices or others that can be unknowingly captured in a recording, such as a child. , a roommate or a passerby.

Before people agree to share their family data with the police, they need to understand what information they are sharing, said Odia Kagan, partner of Fox Rothschild LLP in Philadelphia, which focuses on data privacy and security regulations. .

Kagan urged device makers to clarify in their privacy policies what information is collected and when, whether through intentional activation or an always-on mode.

“Transparency with these devices is an issue,” she said. “Do you know what you are agreeing to?” “

Comments are closed.