Modern-Day General Warrants and the Challenge of Protecting Third-Party Privacy Rights in Mass, Suspicionless Searches of Consumer Databases
A Hoover Institution Essay by Jennifer Lynch
Aegis Series Paper No. 2104
From the introduction:
Today, more than ever, law enforcement has access to massive amounts of consumer data
that allow police to essentially pluck a suspect out of thin air. Internet service providers
and third parties collect and aggregate precise location data generated by our devices and
their apps, making it possible for law enforcement to easily determine everyone who was
in a given area during a given time period. Similarly, search engines compile and store our
internet searches in a way that allows law enforcement to learn everyone who searched for
specific keywords like an address or the word “bomb.” In addition, DNA is now amassed in
consumer genetic genealogy databases that make it possible for law enforcement to identify
almost any unknown person from their DNA, even if the unknown person never chose to
add their own DNA to the database.
Modern law enforcement officials very frequently conduct “suspicionless searches”—searches
that are not based on individualized suspicion—on these computer databases. These searches
can include the private information of millions of people unconnected to a crime on the mere
possibility the police will find one person who is. Law enforcement justifies these searches
by arguing that people voluntarily provide their information to third parties and agree to
contracts that allow those third parties to share consumers’ data with others. They also
argue that the individual data points exposed through these searches are, standing alone, not
all that revealing or are de-identified. Therefore, they argue, the Fourth Amendment should
not restrict access to the data.
For the most part, courts are only addressing the privacy and civil liberties issues posed by
these searches piecemeal through the criminal justice system. But by looking only at the
data used to identify an individual defendant, society as a whole is missing a much larger
looming problem: as we and our devices generate more and more data that is shared with
third parties, law enforcement now has relatively easy and inexpensive access to data that
can identify and track all of us. Consumers would be surprised to know that their data is so
readily accessible to law enforcement. However, as discussed below, it is almost impossible to
There are currently few explicit legislative or judicial checks on these kinds of searches.
That has left it up to third-party data collectors to push back. In some cases, this happens,
to a certain extent. For example, in response to warrants for mass location data, it appears
Google has shaped search protocols to try to protect accounts.1 However, in other cases,
disclosure may be subject to the whims of the data collector. Genetic genealogy company
GEDmatch allowed law enforcement access to its clients’ DNA data for investigations that
its founder personally felt were worthy,2 while a similar company, FamilyTreeDNA, has
welcomed law enforcement with open arms.3 And location data brokers appear ready and
willing to sell aggregated data to anyone able to buy it on the open market, including the
This article describes the problem of suspicionless searches of consumer databases, explains
the threat that these searches pose to privacy interests, argues that the legal arguments put
forth by law enforcement in defense of these practices are flawed, and suggests what should
be done about the problem both in courts and in the legislature.
Read the essay on Hoover.org.
Thanks to Joe Cadillic for sending this along.